WASHINGTON — Minnesota Sen. Al Franken has one last thing on his to-do list before Congress lets out at the end of the month: get a technology privacy bill through committee.
On Thursday, he’ll try to do just that, when the Senate Judiciary Committee takes up his Location Privacy Protection Act, a bill to prevent cyber stalking and give smartphone users more control over how companies use their private information.
Franken’s bill is two-fold: the first part would prohibit so-called “stalker apps” by criminalizing applications that share the whereabouts of a cell phone without the bearer’s knowledge. The second part would require companies get users’ permission not just before collecting location data, but also before they share it with third parties.
Franken said he knows the bill won’t pass the full Senate this session — there are only a few legislative days left, and lawmakers consumed by deficit reduction talks, so ideally, he'll steer it through the new Congress sometime next year. But the bill is the first major piece of legislation to originate from Franken’s technology privacy subcommittee, a welcome first step for privacy advocates.
“We’ve advocated for a comprehensive privacy law for years,” said Justin Brookman, the director of the Project on Consumer Privacy at the Center for Democracy and Technology. “This is a subset of that, but I think it’s an important one.”
Cracking down on 'stalking apps'
Federal law allows companies that collect user data through mobile Internet browsers or apps are allowed to share it with third parties whether the user consents or not. Most companies do so in innocuous ways — like selling location data to local advertisers. But the law has also lead to an industry of so-called “stalker apps” that advertise themselves a way to stealthily track the location of a friend or acquaintance’s phone. Franken’s bill would make such apps illegal (though there are exceptions for parents to track their children, and for law enforcement).
Franken held a hearing last year focusing on the prevalence of location tracking services. It included the testimony of a northern Minnesota woman whose abusive partner harassed her while she sought help. Twice, when she walked into a county building or courthouse, her abuser texted to ask why she was there. Investigators blamed it on a location tracking application the abuser had installed on the woman’s phone.
Rebekah Moses, a project manager for the Minnesota Coalition for Battered Women, said there’s nothing legally preventing these types of technologies today. The only legal recourse is for a victim to have the person tracking their location classified as a stalker.
Moses said domestic violence groups have been looking at the issue of cyber stalking for about a decade. She became involved in the push to legislate the issue when she attended a training event on the topic in 2010.
“The monitoring of an intimate partner is often a big part of domestic violence,” she said.
It’s also unknown how many people are actually targeted in such a way each year, since the last major study on the topic came in 2006, well before the smartphone boom (26,000 people were the subject of GPS stalking that year, according to the study; Franken’s bill would authorize new research into the issue).
“The more we started getting into this and the hearings we did, the more it became clear that you can put together who somebody is by where they are after 9 p.m. every night and where they are after 9 a.m.” Franken said. “That’s where they work, that’s where they live. I think we know who that is.”
Requiring transparency
The past two years have seen an explosion of information on the extent of data tracking in the cellular industry. For example, Apple and Google said last April that they receive periodic location information whether location-based apps are in use or not, and in 2010, the Wall Street Journal found nearly half of the top smartphone apps shared user location data with third parties, without users’ consent.
“Right now, if you want to figure out who your app is selling [data] to, you can’t tell,” Brookman said.
Franken doesn’t pass judgment on companies that gather user’s information, or even the way they use it, whether it’s going to improved customer service or sent off to third parties for advertising purposes. But he said consumers have the right to know where their data is going. His bill would require companies ask for users’ consent not just to collect their location data, but also to share it with others.
Imagine, then, the notification you receive when an iPhone application wants to use your location data. Instead of simply asking to use that information, it would have to list which outside parties it intends to share the data with.
Franken said the commercial use of location data is “an unbelievable, great thing,” but said companys that transmit the data to third parties should be more transparent about where it's going.
“If you want to find the best pizza place where you’re driving, you’ve got to provide your location,” Franken said. “If the pizza app wants your location, of course you’re going to give the pizza app your location, otherwise they can’t do what they do. But if someone else wants your location and wants your location everywhere you want to go, you might not want to give them that. So what we’re trying to say is, it’s your choice to protect your own privacy.”
Working with industry
The Senate Judiciary Committee is scheduled to mark up and potentially pass Franken’s bill on Thursday, and its focus on stalking issues is likely to be met with largely bipartisan support.
But the committee’s ranking Republican, Iowa Sen. Chuck Grassley, said last week that he has concerns over the way the bill could impact how companies use the data they’ve grown accustomed to collecting.
“The issues are both substantive and technical,” a Grassley spokesperson said in an email. “For instance, some of them relate to making sure the bill doesn’t overreach and hinder technology development, others are more substantive like figuring out who the right enforcer is if a violation occurs."
In a hearing on location privacy last year, an industry advocacy group warned that any laws governing location data usage could hurt small developers who need to distribute user data to third party advertisers to boost revenue.
“Who’s most likely to be affected by a law that affects the transfer of information to third parties?” Association for Competitive Technology President Jonathan Zuck said then. “A small business that has to form partnerships in order to provide these services in an ever-changing marketplace, or a huge company that can simply buy the third party, thereby circumventing the rule?”
Franken said his bill wouldn’t affect the industry too much beyond the increased transparency it would require — most companies aren’t operating stalking apps that would be prohibited by his bill. He said he’s been working with industry for most of this Congress to craft an acceptable bill.
“My premise is, people have the right to know what information is being taken,” Franken said, “and have the right to give permission on that, and to know that it’s being given to third parties.”
Devin Henry can be reached at dhenry@minnpost.com. Follow him on Twitter: @dhenry