The US Federal Trade Commission says mobile app developers are doing far too little to help parents protect the privacy of children who use phones and tablets. And, according to a story in the Wall Street Journal, the head of an app developers trade group agrees; he's quoted as saying:
"Parents should have clear, simple, easy-to-use tools to protect their children's privacy."
I have an even better idea for the mobile industry, and the tech industry in general: how about providing clear, simple, easy-to-use tools to protect every person's privacy? And for the regulators: is there a way to require the industry to do this, in a way that won't cause more problems than it solves?
In recent days, one mini-debacle after another has demonstrated the tech industry's true nature. This is an industry that considers the idea of providing serious privacy choices for its product users an unacceptable deterrent to one of its key business models.
The latest round of surprise disclosures began when Path, a social networking company, was discovered to be surreptitiously uploading iPhone users' entire address books to its corporate servers. The CEO apologized –but in the typically unconvincingly manner of tech CEOs (Mark Zuckerberg being the best-known practitioner), whose companies constantly push the boundaries, taking two steps ahead into privacy invasions and then backing up one step.
Then, we learned that Twitter – among a host of other companies including Foursquare – was also storing users' contacts without explicitly explaining what it was doing. Oops, said Twitter, we'll explain it better in the future.
In many cases, the initial reason for the activity is benign. Applications that have a social component work better if they can mine your address book in order to help you connect with people you know. What they emphatically do not need is to store that information after they're finished with that task.
Apple's iOS ecosystem has been chiefly implicated in this behavior, and Apple has said it'll work harder to enforce privacy guidelines. But Android users are just as vulnerable in their own way, because Android apps demand all kinds of permissions they don't really need, and which unsuspecting users allow in order to install the apps in the first place.
I've "rooted" my Android phone – that is, I've unlocked low-level access that lets me do things the phone-maker would rather I leave alone – and have turned off some of these permissions in apps that clearly do not need them to function. For example, many of these apps say they need access to my phone information, possibly including the numbers I call.
I have some sympathy for the app developers. They're working in an ecosystem where they have an incentive to collect as much data as possible from users, because they'd prefer to make money from advertising than by trying to charge end users for what they provide. But they don't usually give us a choice of paying in return for non-invasive data capture; I would gladly pay at least some amount of money, in many cases, if I had that option.
I'm looking for third-party products, as well, that let me lock down functions of my devices and software that transmit information to third parties. We need more countermeasures, and I am glad to pay for them if they work.
The idea of government intervention in this arena worries me, because bureaucrats tend not to consider unintended consequences. This is especially problematic in a field that moves as fast as technology.
But if it's possible to do what the app-developers association spokesman claimed – give parents a way to create granular privacy settings for their kids – then it's equally possible to give the rest of us the same tools. And I'd support government mandates to that effect, though not a blunderbuss approach that did more harm than good.
I'm happy to let some web/mobile services track what I do in certain ways. What worries – and angers – me is their assumption that they have all the rights and that I have so few. We need the ability to choose, and to do so in more nuanced ways.