iPhone location-tracking incident boosts stock of 'privacy by design'
Computerworld - What does the world's most valuable company now have in common with the following initiatives?
* Online-behavioral tracking * Deep-packet inspection * Persistent cookies * Unique microchip identifiers * Single sign-on for all Web commerce * Paying by fingerprint * Street View Wi-Fi sniffing * Admiral Poindexter's Total Information Awareness program
The common denominator? Privacy quicksand. This is the sandy arena frequented by regulators and legislators and stirred up by privacy advocates. Once your project or technology walks into this particular sand trap, it's hard to pull your reputation out of the mud.
The operating dynamic of privacy quicksand is that first impressions count more than facts. This is because people instinctively are wary of large and powerful organizations and assume the worst. If your organization's new product or technology could spy on its users, they'll assume it's happening. The end result of walking into the privacy quicksand is that your project usually gets scaled back or canceled.
Apple has one foot in the sand, and tomorrow's hearing by the Senate Judiciary Subcommittee on Privacy, Technology and the Law may determine if it's able to sidestep the rest of the pit.
"Recent advances in mobile technology have allowed Americans to stay connected like never before and put an astonishing number of resources at our fingertips," Sen. Al Franken (D-Minn.) told me. "But the same technology that has given us smartphones, tablets and cell phones has also allowed these devices to gather extremely sensitive information about users, including detailed records of their daily movements and location. This hearing is the first step in making certain that federal laws protecting consumers' privacy -- particularly when it comes to mobile devices -- keep pace with advances in technology."
The maker of the world's most popular smartphone has found itself under this scrutiny because of a report two researchers issued last month that claimed that Apple was storing iPhone users' location data in an unencrypted file in their iTunes accounts. Franken sent Apple CEO Steve Jobs a letter the same day requesting an account of the situation. See the table below for a timeline of the incident.
Timeline of the Apple iPhone location-tracking controversy
|4/20||Two researchers issue a report claiming Apple is tracking iPhone user locations.|
|4/20||U.S. Sen. Al Franken sends Apple CEO Steve Jobs a letter containing nine questions about the location-tracking features of the iPhone.|
|4/25||Franken invites Apple and Google to Senate hearings on smartphone privacy.|
|4/27||Apple posts FAQs about its location-tracking feature and promises a fix.|
|5/10||First hearing of the Senate Judiciary Subcommittee on Privacy, Technology and the Law.|
I think Apple has a good chance of coming out OK. The feature in question was designed to make the iPhone work a lot faster. iPhone users who love the device are probably going to give the company a strike or two before they start questioning its motives on privacy. Plus, Apple says it's already working on fixing the privacy and security features that could have been done better in the first place.
People who do privacy for a living are saying Apple could have avoided this diversion. They're pointing to the "privacy by design" methodology as the way to make sure new products and technologies don't walk into the privacy quicksand.
What is privacy by design?
It's the notion that you should build good privacy practices -- such as storing the minimum personal data necessary -- into the design phase of new products.
"It's about baking privacy into your products and services," Ontario Privacy Commissioner Ann Cavoukian told me. Cavoukian first coined the "privacy by design" tagline and now runs a website and annual conference dedicated to the concept.
To people outside the privacy profession, making privacy protection a standard design requirement sounds like basic common sense. But the norm in both the private and public sectors is to handle privacy reactively and minimally. The norm for organizations today on every continent is to look at what the law minimally requires, and then to apply the law in the least disruptive way possible to existing products and services.
More by Jay Cline
- Jay Cline: U.S. takes the gold in doling out privacy fines
- Jay Cline: Is privacy dead?
- Jay Cline: A growing cultural divide on privacy
- Jay Cline: What will Snowden leak next?
- Global winners and losers post-Snowden
- 7 reasons the FTC could audit your privacy program
- Google and the privacy Richter scale
- Jay Cline: Are medical-data breaches overreported?
- iPhone location-tracking incident boosts stock of 'privacy by design'
- Survey: The best privacy advisers of 2010
- What is this "File Sync" Thing and Why Should I Care About It? All of a sudden, getting a file from your work laptop to your iPad became as simple as clicking "Save." So it's no...
- Software Asset Management: Ensuring Today's Assets Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- AIIM Trendscape: The New Mobile Reality This AIIM Trendscape report shares data, expert opinions, and a unique perspective on the impact of cloud and mobility in the enterprise, surfacing...
- Why do you need an enterprise mobile platform? Today companies must offer great apps that run on a range of devices, and connect to an exploding set of backend data. Appcelerator...
- Technology for Everyone A Kansas school district modernizes teaching and learning and paves the way to a one-to-one program with a comprehensive upgrade of its wireless... All Mobile/Wireless White Papers | Webcasts