Rarely a day goes by without news of another online privacy breach where some lines of code buried deep within an application manage to stalk your every online move while managing to be immune to restraining orders. The most recent brouhaha centers on The London Sunday Times’ recent article revealing that a disconcerting number of apps have access to personal information stored on the smartphone, including your location data, browsing history, text messages, contact lists and online account IDs. The US government is taking action… or at least it seems like it.
Selling Data More Lucrative than Selling Apps

Many smartphone users were taken aback by the revelations that their apps can intercept their calls, dial their phone and take photos from their camera, all “behind the user’s back.” This data is not applied to diagnostic or other salubrious uses, but to be sold to the highest bidder. Daniel Rosenfield of app publisher Sun Products even acknowledged to The London Daily Mail that selling data gleaned by the app is more lucrative than the fees charged for the download. When confronted with “spying” allegations, Facebook did not deny their presence but simply pointed to its Droid app’s EULA, which states it is authorized to receive, process, write and read text messages. As the majority of app users never actually read their EULAs, they had no idea that they were carrying around a sophisticated tracking/stalking device.

You Clicked Agree!

Facebook’s EULA also has clauses to turn civil crimes into criminal ones. Therefore once you agree to the EULA and you violate their policies for using a nickname on the network, for example, you have agreed to be subject to imprisonment. A well-designed EULA has been proven to easily do an end run around any legislation, whether voluntary or not. Some of the more egregious examples:

  • Sony – You can’t sue them for any reason
  • Amazon Kindle – They can delete all your purchased books without refund
  • Apple iBooks – You owe Apple 30% for anything written on it
  • Splunk – They can show up at your door and you have to provide them access to your records & facilities.
  • Schoolcheckin.com – If you violate their demo, you owe them $2 Million

The EULA for game publisher EA enshrines the right of the company to scan your entire memory storage, store it and pass every byte of that info on to third parties. But, hey, you clicked Agree!

Voluntary Code

The Obama Administration has sent a “privacy bill of rights” to Congress to limit what data can be collected and for what purposes, similar to what the European Union has legislated. Since there is no hope that this bill will be able to be passed into law in the next year or so, the US Department of Commerce has been mandated to work with industry associations and advocacy groups to create a voluntary code of conduct that would compel companies to adhere to the terms of the proposed bill.

There is an inherent problem in this approach: A voluntary code has no effect on any company that doesn’t sign it, as there are no penalties foreseen for any non-complying firm. The entire process is a bit like laying a million dollars in cash on the sidewalk and then asking pedestrians if they would please sign a document confirming that they won’t pick up any of the currency as they walk by.

Another Great Lie

The Digital Advertising Alliance has agreed to have its members include functions in their browsers that allow users to easily block tracking. Well… not exactly… the tracking would still continue, but the data would have to be used for product development and market-research purposes. According to the statement, the data would allegedly not be sold to any third parties, and thus another great lie is added to the infamous “the check is in the mail.”