Protecting Mobile Privacy: Your Smartphones, Tablets, Cellphones And Your Privacy Opening Statement
Sen. Franken's Opening Statement
(As Prepared for Delivery)
This hearing will come to order. It's my pleasure to welcome all of you to the first hearing of the Senate Judiciary Subcommittee on Privacy, Technology and the Law. First of all, I'd like to thank Chairman Leahy for creating this subcommittee and for giving me the opportunity to lead it. The Chairman has a long track record on protecting privacy and I'm honored to join him in this effort. I am also very happy for the opportunity to work with the Subcommittee's Ranking Member, Senator Coburn, on these critical issues.
Now, before we turn to the business of today's hearing, I want to take a moment to explain what I think this subcommittee is about, and where we're headed.
To me, this subcommittee is about addressing a fundamental shift that we've seen in the past 40 or 50 years in who has our information, and what they're doing with it.
When I was growing up, when people talked about protecting their privacy, they talked about protecting it from the government. They talked about unreasonable searches and seizures, about keeping the government out of our families and our bedrooms. They talked about-"is the government trying to keep tabs on the books I read and the rallies I attend."
We still do have to protect ourselves from government abuses, and that's a big part of the digital privacy debate. But now we also have relationships with large corporations that are obtaining and storing increasingly large amounts of our information. And we've seen the growth of this whole other sphere of private entities whose entire purpose is to collect and aggregate information about each of us.
While we're familiar with some of these entities, the average person is not remotely aware of most of them. I'd bet that two months ago, if you stopped 100 people on the street and asked them, "Have you ever heard of Epsilon?" 100 of them would have said "No." I certainly hadn't. But suddenly, when people started getting emails in their inbox telling them "Your information has been compromised," you bet they wanted to know who Epsilon was.
Now, don't get me wrong, the existence of this business model is not a bad thing. In fact, I think it's usually a great thing. I love that I can use Google Maps - for free, no less, and the same for the app on my iPad that tells me the weather.
But I think there's a balance we need to strike. And this means we're beginning to change the way we think about privacy to account for this massive shift of our personal information into the hands of the private sector-because the Fourth Amendment doesn't apply to corporations; the Freedom of Information Act doesn't apply to Silicon Valley.
And while business may do a lot of things better than the government, our government is at least by definition directly accountable to the American people.
Let me put it this way. If it came out that the DMV was creating a detailed file on every single trip you'd taken in the past year-do you think they could go one whole week without answering a single question from a reporter?
Now, this isn't a new trend. And I'm hardly the first person to notice it. Twenty-five years ago, a senator named Patrick Leahy wrote and passed a law called the Electronic Communications Privacy Act, which talked a lot about government, but which also contained commercial disclosure provisions. In 1996, Congress passed a law protecting the privacy of medical records. In 1998, we passed a law protecting children's privacy. And in 1999 we passed a law protecting financial records.
So we have some protections here and there, but we're not even close to protecting all of the information that we need to. I believe that consumers have a fundamental right to know what data is being collected about them. I also believe that they have a right to decide whether they want to share that information, and with whom they want to share it and when. And I think we have those rights for all of our personal information.
My goal for this Subcommittee is to help members understand the benefits and privacy implications of new technology; to educate the public to raise awareness; and, if necessary, to legislate and make sure that our privacy protections are keeping up with our technology.
Now, today in this hearing, we're looking at a specific kind of really sensitive information that I don't think we're doing enough to protect. And that's data from mobile devices-smartphones, tablets, cell phones.
This technology gives us incredible benefits. It allows parents to see their kids and wish them goodnight-even when they are half a world apart. It allows a lost driver to get directions. And it allows emergency responders to locate a crash victim in a matter of seconds.
But the same information that allows those responders to locate us when we're in trouble is not necessarily information all of us want to share all the time with the entire world. And yet reports suggest that the information on our mobile devices is not being protected in the way it should be.
In December, an investigation by the Wall Street Journal into 101 popular apps for iPhone and Android smartphones found that 47 of those apps-47-transmitted the smartphone's location to third party companies, and that most of them did this without their users' consent.
Three weeks ago, security researchers discovered that iPhones and iPads running Apple's latest operating system were gathering information about users' location-up to 100 times a day-and storing that information on the phone or tablet and copying it to every computer that the device is synced to.
Soon after that, the American public also learned that both iPhones and Android phones were automatically collecting certain location information from users' phones and sending it back to Apple and Google-even when people weren't using location applications.
In each of these cases, most users had no idea what was happening. And in many of these cases, once users learned about it, they had no way to stop it.
These breaches of privacy can have real consequences for real people. A Justice Department report based on 2006 data shows that each year, over 26,000 adults are stalked through the use of GPS devices, including GPS devices on mobile phones. That's from 2006-when there were a third as many smartphones as there are today.
And when I sent a letter to Apple to ask the company about its logging of users' location, the first group to reach out to my office was the Minnesota Coalition for Battered Women. They asked: How can we help? Because we see case after case where a stalker or an abusive spouse has used the technology on mobile phones to stalk or harass their victims.
But it isn't just stalking. I think today's hearing will show that there is a range of harms that can come from privacy breaches. And there's also the simple fact that Americans want stronger protections for this information.
But as I've started to look into these issues in greater depth, I've realized that our federal laws do far too little to protect this information. Prosecutors bringing cases under the federal anti-hacking law often rely on breaches of privacy policies to make their case. But many mobile apps don't have privacy policies. And some policies are so long and complicated that they're almost universally dismissed without being read.
In fact, once the maker of a mobile app, a company like Apple or Google, or even your wireless company gets your location information, in many cases, under current federal law, these companies are free to disclose your location information and other sensitive information to almost anyone they please-without letting you know. And then the companies they share your information with can share and sell it to yet others-again, without letting you know.
This is a problem. It's a serious problem. And I think that's something the American people should be aware of, and I think it's a problem that we should be looking at. But before I turn it over to the distinguished Ranking Member, I just want to be clear that the answer to this problem is not ending location-based services. No one up here wants to stop Apple or Google from producing their products or doing the incredible things that you do. You guys are brilliant. When people think of the word "brilliant" they think of the people that founded and run your companies.
No. What today is about is trying to find a balance between all of those wonderful benefits and the public's right to privacy. And I for one think that's doable.