Now It's Personal: Mobile Nears The Privacy Third Rail
The online behavioral advertising world may be feeling a bit like Lindsay Lohan this morning -- right after Charlie Sheen went self-destructive super-nova. Whew! Lindsay must have thought -- at least the press is onto another whack job for a while. And so, in just a matter of days, persistent and growing attention to digital privacy issues and pending regulatory proposals took a hard left into Cupertino. The revelation that iPhones maintain on-board tracking of user locations (accessible to anyone with the device and the right software tools) just succeeded in moving the digital privacy discussion closer to the third rail that has been waiting for it all along: mobile.
You don't see issues like this splashed across the Drudge Report home page. But the "Phones Secretly Tracked Users" headline this morning at Drudge links to the Wall Street Journal feature by Julia Angwin and Jennifer Valentino-Devries.
The WSJ piece adds to the growing fire over Apple by tossing Google onto the flames. In previous reports it was revealed that Apple iPhones maintain a file record kept on board that includes all of the geo-locations of the device. In fact, there is a mapping program that can track these points visually for the user. The tracking seems to have started with last year's iOS 4 operating system update, and it included latitude, longitude and time stamp data that is transferred to the user's computer when the phone is synched. In other words, anyone who has access to the phone or to the PC can find out exactly where the user was, and when, going back nearly a year. The researchers who found this file reported it first at a conference this week and also insisted they could not find a similar file on Google's Android phones.
But now WSJ chimes in with its own independent research. They found that at least an HTC Android model sent location data for the phone to Google several times an hour. Apple apparently had already admitted to lawmakers last year that they collect location data "intermittently" on the phones -- every 12 hours. But this seems to be a separate issue from the location record file kept on the device itself. It is unclear whether Apple is tapping that data.
Security expert Alex Levinson has now rebutted the claim that the iPhone tracking file is newly discovered or "secret." He says researchers like him have known about it for a while.
Whatever. None of these internecine details obscure the fact of the matter: a big, fat, beloved target just walked right into the middle of the data collection debates. And this time, it is personal. One of the truisms of mobile media is that almost any issue that bedevils online digital environments only gets amplified once the platform is on a person's body. Impatience with advertising is only heightened here. The possessiveness of a user towards the device increases. And when it comes to data tracking, issues that seemed less pressing and relevant to the everyday user on the Web suddenly feel much more urgent. This is the medium where every person feels he or she has a stake in the outcome, so it has the potential to take the entire data control issue to another level.
And the introduction of Apple into the fray makes it personal on another level -- the association of a brand with a person, Steve Jobs. Not insignificantly, Congressman Ed Markey's recent letter to Apple was a letter to Jobs himself. "Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn't become an iTrack," he wrote. Clever, and effective. By mucking about with Apple's own branding campaigns and addressing the issue specifically to the high-profile CEO, Markey has tried to elevate the issue to one of corporate responsibility and brand impact. We're not talking about data and ad firms no one but industry insiders ever heard of before.
Several years ago at an OMMA Behavioral conference, one of the panelists in a discussion on privacy ended the session by blurting a dire warning. He said in effect that whatever we were discussing here today about data collection among Web sites was nothing compared to the form this controversy will take on cell phones. This is where it will really blow up, he contended.
I would double down on that point, because I think the mobile devices changes the conversation. Many of the arguments used to assuage worries about digital privacy online are simply less effective here. When data can be tied to specific device IDs, times and location, insistence that the resulting data is "anonymized" (no matter how true it may be) is very hard for the layman to swallow. Tracking Web behaviors is a whole order of magnitude less scary than tracking physical location. And the very idea that someone could swipe or even just access my phone, and be able to get a full record of my physical movements, is a new kind of creepy.
To be sure, misinformation is all over the place already in this story. There is no direct evidence that Apple itself accesses the on board file of location data. But that is irrelevant, as we already know that location data does go back to both Apple and Google -- and countless other geo-location apps out there that don't give consumers any fair warning of what is going on. It doesn't matter. Misinformed or not, both consumers and legislators will rightfully insist that the major mobile players provide greater clarity about what they collect, how it is used and what tools users will have to opt out. Neither Apple nor Google has given any satisfying public statement about this yet.
One of the interesting differences the privacy issue on mobile has is that it may well center on two major consumer brands that are already trusted and generally liked. This could have a clarifying effect for everyone that we never got online. Apple and Google are in a position to take the lead on this issue and start a coherent, accessible dialogue on costs and benefits of mobile data tracking with consumers that no number of online associations and coalitions have managed to do. The fact that their brand reputations are at stake puts serious industry skin in the game of getting this right. Mobile forces the data issue to get personal, both for consumers and for the companies involved.