iTracked: Compromising Your Privacy for a Mobile Lifestyle

Today’s tech-savvy users are aware of their web browsers’ tracking and reporting activities, and have learned to stop it – by disabling or removing tracking cookies from their computers. Yet as technology develops, marketing researchers are adapting techniques that circumvent users’ current abilities and push the boundaries of what is considered acceptable practices. ‘Flash cookies,’ for example, were developed to replace cookies with a newer version that is nearly impossible to remove. In other examples, marketers track Internet browsing to identify potential customers’ habits, interests, and values.

An emerging privacy concern involves smartphones, iPods and other Wi-Fi or GPS-capable devices. The countless cheap or free downloadable applications - or apps - on mobile devices poses some serious questions for consumers, companies, and policy-makers alike. Users often download applications without thinking critically about what privacy compromises they are making for the games, tools and features. It can also be difficult (or impossible) to restrict tracking capabilities to some apps while blocking others, for example, GPS navigation.

Neither Apple nor Google (maker of the Android software) require apps to have privacy policies. There are some de facto guidelines in place; however, they are not always acknowledged or enforced. For example, if an app does track your location, it is ‘required’ to ask for permission first. A 2010 Wall Street Journal investigation found at least one app that has been tracking people without asking. Tracking technology is getting so sophisticated that one marketing company is developing an app that can map your location within 5 feet of the grocery store aisle you are standing in, and then send you the appropriate coupons for items within reach.

THE DEBATE

Marketing executives argue that the data they harvest is harmless because its only purposes are marketing or advertising. Others argue that just tracking someone’s purchases could have bigger consequences, especially if the information is sold to others.  As Jon Leibowitz aptly expresses in his US News article: “What if the (researcher) sells information about my shopping behavior to my health insurer, who raises my rates based on my purchase of a deep-fat fryer?”

Meanwhile, corporations stress that people are using mobile devices and downloading applications voluntarily, therefore it is the individual’s responsibility to make decisions about his or her privacy, whether that means changing phone settings, deleting application's or avoiding the use of mobile devices all together. Yet some users don’t understand what kind of data sharing they are allowing in the first place. Some don’t know how to disable features that come standard on their devices. The overall, 1984 ‘big brother’ concept of tracking unaware citizens is generally disconcerting for many users, but not enough to deter them from using the technologies entirely.

What is not up for debate is the fact that growing capabilities and widespread use of tracking with little regulation makes users more susceptible to fraud, stalking or other victimization, such as in the case of technology falling into the wrong hands. The lack of regulation does not seem to be the product of vicious intent by media corporations and market researchers. The rate of technology growth is exponential and simply outpacing efforts to create tangible guidelines and protective policies.

Even the biggest of corporations cannot claim to be in complete control of their own technology. Last year, Internet giant Google was found to have “scarfed up e-mail addresses, URLs and passwords from residential Wi-Fi networks." This occurred when Google employees roamed the world taking pictures for its location-based applications such as Google Maps. Google representatives said that they obtained the victims’ private information unintentionally and that they were ‘mortified’ when they realized what they had actually extracted.

POTENTIAL RESOLUTIONS

When privacy infringement occurs, rectifying the issue is complicated by a lack of established rules and regulations. Even when privacy policies, terms and conditions are established, businesses do not necessarily adhere to them. The Federal Trade Commission (FTC) is calling on the Mobile Marketing Association (MMA) to catch up with its own technology and make a comprehensive set of mobile privacy guidelines. The current policies are sometimes full of jargon and ambiguities, making it hard to distinguish what boundaries were violated. FTC is also pitching a ‘do not track’ list, similar to its popular ‘do not call’ list.

WHAT END-USERS CAN DO

Users can let companies like Google and Apple know that privacy rights are important. First, take the time to look for privacy policies on any browser, application or device you use. If you find one, read it. If you don’t, ask the company's customer services area where these policies can be found. Consumers should be encouraged to ask questions. These programs can be complicated, and sometimes the guides or policies aren’t written for the average end-user to understand.

Second, risk assessment is important for data privacy just as it is for physical security. Once you realize how your device and its features operate, try to eliminate areas of vulnerability by ensuring that your settings maintain your privacy. Consider removing applications that aren’t worth the risk.

Lastly, know the laws regarding privacy. Keep up on new regulations and legislation. If the FTC and/or MMA do not end up composing specific guidelines, Congress has the authority to do so and citizen participation can make that happen faster. Do what is necessary so that you are informed about the technology you are using.

Test Your Data Privacy Knowledge

Want to test your data privacy knowledge? Visit The Office of the Chief Information Officer's Data Privacy Challenge. Once you complete the quiz, you can enter a drawing for prizes such as a shredder, Zune or video game.

Note: Office of the Chief Information Officer employees and their relatives are not eligible for the prize drawing.

Tagged with: 
Posted in: