iPhone location-tracking incident boosts stock of 'privacy by design'
Computerworld - What does the world's most valuable company now have in common with the following initiatives?
* Online-behavioral tracking * Deep-packet inspection * Persistent cookies * Unique microchip identifiers * Single sign-on for all Web commerce * Paying by fingerprint * Street View Wi-Fi sniffing * Admiral Poindexter's Total Information Awareness program
The common denominator? Privacy quicksand. This is the sandy arena frequented by regulators and legislators and stirred up by privacy advocates. Once your project or technology walks into this particular sand trap, it's hard to pull your reputation out of the mud.
The operating dynamic of privacy quicksand is that first impressions count more than facts. This is because people instinctively are wary of large and powerful organizations and assume the worst. If your organization's new product or technology could spy on its users, they'll assume it's happening. The end result of walking into the privacy quicksand is that your project usually gets scaled back or canceled.
Apple has one foot in the sand, and tomorrow's hearing by the Senate Judiciary Subcommittee on Privacy, Technology and the Law may determine if it's able to sidestep the rest of the pit.
"Recent advances in mobile technology have allowed Americans to stay connected like never before and put an astonishing number of resources at our fingertips," Sen. Al Franken (D-Minn.) told me. "But the same technology that has given us smartphones, tablets and cell phones has also allowed these devices to gather extremely sensitive information about users, including detailed records of their daily movements and location. This hearing is the first step in making certain that federal laws protecting consumers' privacy -- particularly when it comes to mobile devices -- keep pace with advances in technology."
The maker of the world's most popular smartphone has found itself under this scrutiny because of a report two researchers issued last month that claimed that Apple was storing iPhone users' location data in an unencrypted file in their iTunes accounts. Franken sent Apple CEO Steve Jobs a letter the same day requesting an account of the situation. See the table below for a timeline of the incident.
Timeline of the Apple iPhone location-tracking controversy
|4/20||Two researchers issue a report claiming Apple is tracking iPhone user locations.|
|4/20||U.S. Sen. Al Franken sends Apple CEO Steve Jobs a letter containing nine questions about the location-tracking features of the iPhone.|
|4/25||Franken invites Apple and Google to Senate hearings on smartphone privacy.|
|4/27||Apple posts FAQs about its location-tracking feature and promises a fix.|
|5/10||First hearing of the Senate Judiciary Subcommittee on Privacy, Technology and the Law.|
I think Apple has a good chance of coming out OK. The feature in question was designed to make the iPhone work a lot faster. iPhone users who love the device are probably going to give the company a strike or two before they start questioning its motives on privacy. Plus, Apple says it's already working on fixing the privacy and security features that could have been done better in the first place.
People who do privacy for a living are saying Apple could have avoided this diversion. They're pointing to the "privacy by design" methodology as the way to make sure new products and technologies don't walk into the privacy quicksand.
What is privacy by design?
It's the notion that you should build good privacy practices -- such as storing the minimum personal data necessary -- into the design phase of new products.
"It's about baking privacy into your products and services," Ontario Privacy Commissioner Ann Cavoukian told me. Cavoukian first coined the "privacy by design" tagline and now runs a website and annual conference dedicated to the concept.
To people outside the privacy profession, making privacy protection a standard design requirement sounds like basic common sense. But the norm in both the private and public sectors is to handle privacy reactively and minimally. The norm for organizations today on every continent is to look at what the law minimally requires, and then to apply the law in the least disruptive way possible to existing products and services.
More by Jay Cline
- Jay Cline: U.S. takes the gold in doling out privacy fines
- Jay Cline: Is privacy dead?
- Jay Cline: A growing cultural divide on privacy
- Jay Cline: What will Snowden leak next?
- Global winners and losers post-Snowden
- 7 reasons the FTC could audit your privacy program
- Google and the privacy Richter scale
- Jay Cline: Are medical-data breaches overreported?
- iPhone location-tracking incident boosts stock of 'privacy by design'
- Survey: The best privacy advisers of 2010
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Workforce Mobilization for Improved Productivity A mobility research director from Aberdeen discusses reasons for extending legacy applications to mobile devices, and an integration strategist from Attachmate shows how...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Mobile/Wireless White Papers | Webcasts