[Senate Hearing 112-289]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 112-289
 
                    CONSUMER PRIVACY AND PROTECTION 
                       IN THE MOBILE MARKETPLACE

=======================================================================

                                HEARING

                               before the

   SUBCOMMITTEE ON CONSUMER PROTECTION, PRODUCT SAFETY, AND INSURANCE

                                 of the

                         COMMITTEE ON COMMERCE,

                      SCIENCE, AND TRANSPORTATION

                          UNITED STATES SENATE

                      ONE HUNDRED TWELFTH CONGRESS

                             FIRST SESSION

                               __________

                              MAY 19, 2011

                               __________

    Printed for the use of the Committee on Commerce, Science, and 
                             Transportation




                  U.S. GOVERNMENT PRINTING OFFICE
73-133                    WASHINGTON : 2012
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001




       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                      ONE HUNDRED TWELFTH CONGRESS

                             FIRST SESSION

            JOHN D. ROCKEFELLER IV, West Virginia, Chairman
DANIEL K. INOUYE, Hawaii             KAY BAILEY HUTCHISON, Texas, 
JOHN F. KERRY, Massachusetts             Ranking
BARBARA BOXER, California            OLYMPIA J. SNOWE, Maine
BILL NELSON, Florida                 JIM DeMINT, South Carolina
MARIA CANTWELL, Washington           JOHN THUNE, South Dakota
FRANK R. LAUTENBERG, New Jersey      ROGER F. WICKER, Mississippi
MARK PRYOR, Arkansas                 JOHNNY ISAKSON, Georgia
CLAIRE McCASKILL, Missouri           ROY BLUNT, Missouri
AMY KLOBUCHAR, Minnesota             JOHN BOOZMAN, Arkansas
TOM UDALL, New Mexico                PATRICK J. TOOMEY, Pennsylvania
MARK WARNER, Virginia                MARCO RUBIO, Florida
MARK BEGICH, Alaska                  KELLY AYOTTE, New Hampshire
                                     DEAN KELLER, Nevada
                    Ellen L. Doneski, Staff Director
                   James Reid, Deputy Staff Director
                   Bruce H. Andrews, General Counsel
   Brian M. Hendricks, Republican Staff Director and General Counsel
            Todd Bertoson, Republican Deputy Staff Director
                Rebecca Seidel, Republican Chief Counsel
                                 ------                                

   SUBCOMMITTEE ON CONSUMER PROTECTION, PRODUCT SAFETY, AND INSURANCE

MARK PRYOR, Arkansas, Chairman       ROGER F. WICKER, Mississippi, 
JOHN F. KERRY, Massachusetts             Ranking
BARBARA BOXER, California            JOHN ENSIGN, Nevada
CLAIRE McCASKILL, Missouri           JOHN THUNE, South Dakota
AMY KLOBUCHAR, Minnesota             JOHN BOOZMAN, Arkansas
TOM UDALL, New Mexico                PATRICK J. TOOMEY, Pennsylvania


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on May 19, 2011.....................................     1
Statement of Senator Pryor.......................................     1
Statement of Senator Toomey......................................     3
Statement of Senator Kerry.......................................     4
Statement of Senator Rockefeller.................................     6
Statement of Senator Klobuchar...................................    24
Statement of Senator Blunt.......................................    25
Statement of Senator McCaskill...................................    27
Statement of Senator Udall.......................................    88
Statement of Senator Rubio.......................................    91
Statement of Senator Thune.......................................    93

                               Witnesses

David C. Vladeck, Director, Bureau of Consumer Protection, 
  Federal Trade Commission.......................................     8
    Prepared statement...........................................    10
Bret Taylor, Chief Technology Officer, Facebook..................    30
    Prepared statement...........................................    32
Morgan Reed, Executive Director, Association for Competitive 
  Technology.....................................................    40
    Prepared statement...........................................    42
Catherine A. Novelli, Vice President, Worldwide Government 
  Affairs, Apple, Inc............................................    52
    Prepared statement...........................................    54
Alan Davidson, Director of Public Policy, Google, Inc............    61
    Prepared statement...........................................    63
Amy Guggenheim Shenkan, President and Chief Operating Officer, 
  Common Sense Media.............................................    70
    Prepared statement...........................................    72

                                Appendix

Hon. Kay Bailey Hutchinson, U.S. Senator from Texas, prepared 
  statement......................................................    97
Response to written questions submitted by Hon. John F. Kerry to:
    David C. Vladeck.............................................    98
    Bret Taylor..................................................    98
    Morgan Reed..................................................   102
    Catherine A. Novelli.........................................   104
    Alan Davidson................................................   113
    Amy Guggenheim Shenkan.......................................   117
Fran Maier, President, TRUSTe, prepared statement................   117


                    CONSUMER PRIVACY AND PROTECTION 
                       IN THE MOBILE MARKETPLACE

                              ----------                              


                         THURSDAY, MAY 19, 2011

                               U.S. Senate,
      Subcommittee on Consumer Protection, Product 
                             Safety, and Insurance,
        Committee on Commerce, Science, and Transportation,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 10 a.m., in 
room SR-253, Russell Senate Office Building, Hon. Mark Pryor, 
Chairman of the Subcommittee, presiding.

             OPENING STATEMENT OF HON. MARK PRYOR, 
                   U.S. SENATOR FROM ARKANSAS

    Senator Pryor. I will go ahead and call our subcommittee to 
order here. I want to thank everyone for being here. We have a 
standing room only crowd.
    I want to welcome Senator Toomey, who is just sitting down 
here, as the new Ranking Member. Welcome aboard. We are excited 
about you and your leadership here. And you and I need to talk 
offline at some point about this great subcommittee, but thank 
you for being here.
    And Senator Kerry, thank you for being here.
    We have others that are on the way, but I would like to go 
ahead and start. I know that Senator Kerry only has a limited 
time here, and my understanding is Senator Rockefeller is 
trying to make it, and he has limited time. So let us get under 
way.
    I would like to welcome everyone, thank everyone for being 
here, thank all of our witnesses who are participating today. 
Certainly, this is a very important hearing on privacy in the 
mobile marketplace. As Chairman of the Consumer Protection 
Subcommittee, I appreciate all of your willingness to 
participate in this very important dialogue.
    As technology evolves, consumers continue to lose control 
of their personal information. Without question, cell phones 
have become a part of that trend, as they have become more and 
more versatile. Today, more than 234 million Americans use 
mobile devices, and 73 million Americans have smartphones or 
are expected to own smartphones by the end of 2011.
    There are hundreds of thousands of software applications, 
also known as apps, on the market today. Apps allow us to play 
games, share information with friends, read the news, find the 
cheapest gas in town. In fact, I am aware of one app that 
allows people to find the nearest kosher restaurant and nearest 
synagogue. So there seems to be an app for everything.
    And while their innovation and creativity has defined the 
mobile app space, we understand that most of the app producers 
do not have a privacy policy. And the vast majority of 
consumers who use these apps really don't have any idea about 
the ways their personal information--including their age, 
location, gender, income, and ethnicity--that is contained in 
their phones can be shared either with the company or with 
third parties.
    In other words, while smartphone users may voluntarily 
submit some information to software applications, it is not 
clear that Americans who own smartphones understand how their 
information may be used or transferred as a result of the 
download.
    In fact, last night I talked to my two teenage children. 
Both of them have apps that share information. Neither of them 
had any idea that that information was being shared, and I 
think that is the way most Americans are.
    Consequently, it is not surprising that we are facing a new 
and emerging mobile world that lacks basic parameters and best 
practices. Where are the opt-out options or where are the 
privacy policies? And that is some of the things we will talk 
about today.
    The mapping of consumers' movements without consent is 
unacceptable, and an application game that transfers a 
consumer's location data to ad networks without informing the 
user is greatly troubling. While location technology can assist 
law enforcement, and there certainly are good things about it--
it can be helpful in emergency situations--geolocation tracking 
also poses serious safety concerns.
    Therapists who work with domestic abuse victims have noted 
the increase in clients stalked via cell phones. Indeed, a Wall 
Street Journal article cited tragic instances where stalkers 
exploited the GPS system and the location data collected by 
consumers' smartphones to track their victims. The results have 
been deadly in some cases.
    Demonstrating the highly intrusive nature of some of this 
technology, one website sells something they call ``Mobile 
Spy'' software and actually markets this product as a 
completely stealth monitoring program. The website says once 
installed on a phone, Mobile Spy remains hidden, but logs calls 
and text to a Mobile Spy server. Then the snoop can log in and 
see a complete record of incoming and outgoing calls, the time 
and duration of the calls, and read text messages, both sent 
and received.
    So I would like to hear from our witnesses today about the 
risk to consumers, that consumers see when their information is 
collected and reported; the consumers' understanding of what 
information is being collected or transferred through mobile 
apps; the extent of geolocation information collection and 
related privacy concerns, particularly with an emphasis on 
children there; how companies are working to allay these 
concerns; and suggestions for enforcement of basic privacy 
rights and security policies and standards in the new app 
economy and online mobile world.
    So, with that, what I would like to do is turn it over to 
the Ranking Member and allow you to say a few words. Then we 
will call on Senator Kerry.

             STATEMENT OF HON. PATRICK J. TOOMEY, 
                 U.S. SENATOR FROM PENNSYLVANIA

    Senator Toomey. Senator Pryor, Mr. Chairman, thank you very 
much.
    First of all, thanks for welcoming me as the new Ranking 
Member on the Subcommittee. This is a new and exciting 
opportunity for me. I am looking forward to serving with you.
    And I also want to thank you for scheduling this important 
hearing. This is a very important topic, and I commend you for 
doing that.
    Unfortunately, I became Ranking Member just in the last 
couple of days and, prior to that, had a previously scheduled 
conflict. So I won't be able to stay, but I did want to make an 
opening statement, if I could, quickly and again commend you 
for doing this.
    Like most Americans, I am protective of my personal 
information, and I believe I should have control over who 
accesses that information, how it is accessed, and ultimately, 
how it is used, including by commercial entities.
    As the father of young children, I am also very concerned 
about protecting their identity and safety, especially when 
they use mobile devices and other online applications. More 
children are accessing online services through home computers 
and mobile devices than ever before, and ensuring that parents 
are well informed on how best to protect their children is a 
goal that I am sure we all share.
    Recent revelations that Apple iPhones have been tracking 
and storing user locations without consent and Facebook apps 
may have leaked profile information to advertisers are 
certainly causes for concern. These and other incidents have 
led many in Congress to question whether the Federal Government 
may have a legitimate interest in increasing its role in 
regulating this space.
    I do, however, want to commend Apple and Facebook for 
taking swift action in both cases to correct the problem. As a 
general matter, I prefer to see the industry self-regulate, and 
I am eager to learn from our witnesses on the measures that 
have been put in place to safeguard against possible future 
consumer harms.
    I think everyone here knows very well the mobile 
marketplace is growing and changing rapidly. We now have access 
to mobile devices, speeds, and applications that were 
completely unimaginable just a few short years ago. Apps for 
smartphones have quickly turned into a multibillion-dollar 
business, and consumer demand is clearly very strong.
    And in our important efforts to protect consumer privacy, I 
just hope that we won't lose sight of the many consumer 
benefits that have come from the innovative technologies that 
are brought to market by the companies that we will be hearing 
from today.
    As the Chairman indicated in his comments, location-based 
services provide conveniences that consumers wouldn't have if a 
particular app didn't have access to some level of personal 
information. So before Congress takes action, I think it is 
important to find the right balance that protects consumers' 
personal information while, at the same time, allows continuing 
constructive innovation to occur.
    At this point, I am not quite sure exactly where that line 
is to be drawn, and I would caution against passing legislation 
that would have unintended consequences. I am hopeful that the 
hearing today will shed some light on this important question.
    And again, Mr. Chairman, I thank you for scheduling the 
hearing.
    Senator Pryor. Thank you very much.
    And we also want to thank our newest member to the 
Subcommittee and to the Committee and to the Senate. Senator 
Heller, thank you for being here. Proud to have you.
    Now, I was going to call on Senator Kerry. And the Chairman 
says I should call on Senator Kerry. So go ahead.

               STATEMENT OF HON. JOHN F. KERRY, 
                U.S. SENATOR FROM MASSACHUSETTS

    Senator Kerry. Well, thank you. Thank you. Thank you, both 
chairmen.
    And welcome to our new members on the Committee.
    Mr. Chairman, thanks for holding this hearing today. It is 
obviously one that attracts a lot of interest. It is a lot of 
money on the line, a lot of business, a lot of business 
practices, but also a lot of values, personal interests of 
Americans.
    And while today's hearing is, obviously, principally about 
mobile phones and the apps that come with them, which are quite 
extraordinary and which we all use and benefit from in a lot of 
ways, it is also important, I think, to put the mobile phone 
and apps in the context of the larger discussion about privacy 
itself.
    I don't think there is anybody on the Committee or in the 
country or in the world who doesn't marvel at the power and the 
extraordinary potential that we are currently living and that 
we will live in the future with respect to the Internet. It is 
constantly innovating and moving, and I am personally--and I 
know the Chairman, Senator Rockefeller, likewise and a bunch of 
us on the Committee have worked hard and long with respect to 
the National Broadband Plan, as well as the issue of releasing 
more spectrum for broadband because we want to see this 
potential of the Internet unleashed all across the country as 
broadly as possible.
    In fact, we have, unfortunately, in the United States of 
America parenthetically, been going in the wrong direction. We 
used to be number four in the world in terms of our broadband 
reach. We are now about number 16 or 20, depending on who you 
listen to. That is an appalling comment, and one we ought to 
really take note of as we think about this.
    I also support investments in research and development and 
a bunch of other things that will contribute to the startup of 
different businesses and firms that are going to unleash our 
economic potential.
    We all in this committee understand the automatic instinct 
inside a lot of the companies that are interested in this, 
which says, ``Hey, Washington, just leave us alone. We will do 
fine. We will make this work, and the Internet will grow.''
    And over the years, I think most of us in this committee 
have been guided by the belief that in a technology market that 
is moving so rapidly, that is the right approach in most cases. 
I have certainly stood by net neutrality. I have stood by no 
taxation. I have advocated for as open an architecture as 
possible in order to unleash the full measure of creative 
energy and entrepreneurial activity that has really brought 
this wonder to all of us and continues to innovate.
    And I am convinced that we made the right decision in the 
1990s here to protect, to do things that did not allow privacy 
or other issues to somehow eclipse that move for innovation, 
and I think it might have slowed back then technological 
advances. But we are in a different place today. We just are in 
a different place today.
    And we need companies like Google and Apple and Facebook to 
join companies like Intel, eBay, Microsoft, HP, which have 
already come down on the side of common sense, very restrained, 
simple privacy protections. We need industry leaders to engage 
constructively in these legislative efforts to modernize our 
privacy laws, to come up to the year that we are and the state 
of art that we are with respect to the marketplace because we 
want the legislation to work for both the consumer and the 
entrepreneur.
    Now I have reached out to the companies that are here today 
over the last 6 or 7 months. And I appreciate the time they 
have taken to work with us so far.
    Mr. Chairman, I reject the notion--and one of our 
colleagues just sort of raised the--you know, we don't--here is 
what we want to do, but here is what we don't want to do. I 
reject the notion that privacy protection is the enemy of 
innovation. It absolutely doesn't have to be and isn't.
    In fact, a more trusted information economy, I believe, 
will encourage greater consumer participation, greater 
confidence in that marketplace, and, in turn, more and better 
services in a safer commercial environment that is more 
respectful of other people. So, in the end, though not in a 
heavy-handed, overly prescriptive approach, I believe that 
companies collecting people's information, whether you are a 
tech titan or not, ought to comply with just a basic code of 
conduct.
    We need to establish what we as a society, in a country 
that has always valued privacy, what we as a society believes 
is the sort of basic proper treatment of people's information. 
I know you can shut off your location services. But that 
doesn't do the trick because a lot of those services are 
services we want, and we want to use them.
    But we also want to know that what is happening to the 
information as the consequence of using them is properly 
protected, that we are properly protected as individuals. I 
don't think you can continue to create or leave it to firms to 
decide on an ad hoc basis what that level of protection ought 
to be.
    And I think that is particularly true in an age when the 
mini-supercomputers that are in our pockets are with us almost 
at all times, and they are almost always on. And particularly 
among young people, there will be disposition to use most of 
those apps almost all the time. But it is also true on our 
computers at home and offline when we buy groceries or when we 
travel or when we purchase or whatever.
    So, as we sit here today, Mr. Chairman, there is no privacy 
law for general commerce whatsoever. Data collectors alone are 
setting the rules. In S. 799, the Commercial Privacy Bill of 
Rights that Senator McCain and Senator Klobuchar and I have 
proposed, we propose rules based on fair information practice 
principles for all collectors of information, including mobile 
phone and mobile app companies that we will be talking about 
here today.
    And Senator Rockefeller's do-not-track, I think, you know, 
that is a very important issue, and it is one we ought to be 
deeply engaged in and, you know, the votes will decide it. But 
whichever way we go on that, we still need a privacy standard. 
We still need the basic rules of the road by which everybody 
agrees we are going to protect commerce, we are going to 
protect the creative entrepreneurial ability of the Internet, 
but we are also going to protect individuals or at least give 
them the knowledge by which they make a decision as to how 
their information is going to be treated.
    I think that those principles include the idea that, 
regardless of the technology or method used to track Americans, 
they should know when they are being tracked, why and how long 
that information is going to be used for, and in what way. And 
they ought to know with whom that information is going to be 
shared and be able to reject or accept those practices, and 
they need legal protections if that respect is not granted to 
them or the terms of that arrangement are violated.
    So I hope, Mr. Chairman, we are going to have a chance at 
the right moment to tackle this issue within this committee. I 
think it is a really vital one to Americans growing in its 
importance.
    And I look forward to hearing from the witnesses for the 
time that I can be here. I apologize I can't be here for the 
whole time. And I thank you, Mr. Chairman, for your affording 
us the time to make these statements.
    Senator Pryor. Thank you.
    Senator Rockefeller?

           STATEMENT OF HON. JOHN D. ROCKEFELLER IV, 
                U.S. SENATOR FROM WEST VIRGINIA

    Senator Rockefeller. Thank you, Mr. Chairman.
    I associate myself with every word and comma, perhaps even 
a semicolon that you have said, Senator Kerry.
    I think it is just wrong for people to be wondering about 
people--you know, we can get into the age business, and I will 
in a minute. But not knowing what is happening to them, not 
knowing that they are, in fact, being tracked.
    What you said about smartphones are, in fact, 
supercomputers, little supercomputers. They tell you where you 
are--tell other people because you make this--and some of you 
make this information available to other third parties who use 
it and sell it and make money from it, which is a violation of 
individual liberties, in my judgment.
    Look, we got 234 million mobile devices in use today. 
Seventy-five percent of teenagers own a cell phone and talk on 
them and carry them all the time. Seventy-two percent--and this 
is interesting to me--the wording, even--72 percent of parents 
say that they have slept with their cell phones.
    It is a neutral statement, but it is also----
    [Laughter.]
    Senator Kerry. In today's world, that is risky.
    Senator Rockefeller. Yes. It shows the intensity of this 
whole thing. You can't--it has got to be under your pillow. I 
mean, you just can't be without it.
    So I think the online privacy issue is not something of an 
unintended consequence. I think it is a basic American right 
and a basic American responsibility of the FTC, which I do not 
think has been very aggressive on this, and of the users, the 
big companies and all the apps folks. And not just the big 
ones, but the little ones that just may have three or four 
people, but there are hundreds of thousands of them that are 
pumping out apps that are totally unregulated.
    And so, the question is what do we do about that? Or what 
do you do about that? Or do you want us to do something about 
that? They have to be regulated because they are producing the 
same things that get people tracked.
    I think using a mobile device has an expectation of 
privacy. And in that, the American people are misled. But I 
think that is part of the compact that you make when you go 
into that business.
    The companies before us today--Apple, Google, Facebook--I 
appreciate their being here. They are major players in all of 
this. And this won't be your last visit, I hope. I hope. In 
fact, I can assure you, it won't be your last visit.
    As the online world grows and evolves, the consumer privacy 
issues grow and evolve with it. The question is, is anybody 
watching? Is anybody really paying attention? Are we just 
saying, ``Oh, it is not my responsibility.''
    If it becomes entirely the responsibility of the Federal 
Government, people won't like that. So how do you work with 
consumers so that they can understand the information that is 
being collected about them? They have that right.
    It comes along with the purchase price. That is what they 
are buying, the right to privacy. They are not getting that, 
however, and I think that is what we are talking about today.
    Smartphones applications allow consumers to access 
information from all over the world, take and share pictures 
with friends and family, buy coffee, even videoconferences on 
the go. Mobile devices are transforming the way consumers 
access the Internet, record the world around them, and share 
their lives with others. But with this new innovation comes a 
gigantic risk.
    As smartphones become more powerful, more personal 
information is being concentrated in one place. These devices 
are not really phones, as Senator Kerry said. They are 
miniature computers.
    Simple actions now do have unintended consequences. 
Unintended or intended, I am not sure. But anyway, a lot of 
people are making a lot of money off the information they 
collect, without the knowledge of those folks from that.
    A mother posting a smartphone picture of her child online 
may not realize that time and date and location information is 
also embedded in the picture and available to anyone who can 
get it, which is pretty much anybody. A teenager accessing an 
application may not realize that her address book is being 
assessed and shared with a third party.
    That is not meant to happen in this country without the 
permission of an adult. Four year olds aren't very good at 
that. Nine year olds aren't very good at that. They don't know 
how to do that. So maybe we have to do that for them.
    And these third parties use this information to target 
advertising on individuals. It is very cynical. It is very 
smart. It is very good business, but it is very cynical. It is 
an abuse of that power, passing on people's profiles.
    So everything is new, as John Kerry said. But one thing is 
clear. Consumers want to understand and have control of their 
personal information. They have that right. That expectation is 
not being met. It is not being met.
    So I look forward to what our witnesses have to say. Last 
week, I introduced the Do-Not-Track online bill of 2011. I 
think that is a terrific bill. It makes it very simple. It just 
directs the Federal Trade Commission to establish standards by 
which consumers can tell online companies, including mobile 
applications, that they do not want their information collected 
it takes to collect.
    Very simple, and it applies to everybody, works on 
everybody. Then the FTC, of course, would have to make sure 
that companies respect that choice.
    Mr. Chairman, I thank you.
    Senator Pryor. Thank you, Mr. Chairman.
    And with the Committee's permission, what I would like to 
do is go ahead and go to the first panel.
    And our first panelist today is David Vladeck. He is 
Director of the Consumer Protection Bureau of the FTC. We 
welcome you. We thank you. Glad you are here.
    Your statement will be made part of the record, your 
written statement, as well as everybody else's opening 
statements, if they would like to submit those, and the next 
panel's statements as well. So I would ask you to keep your 
opening remarks to 5 minutes, if possible.
    Thank you.

  STATEMENT OF DAVID C. VLADECK, DIRECTOR, BUREAU OF CONSUMER 
              PROTECTION, FEDERAL TRADE COMMISSION

    Mr. Vladeck. Chairman Pryor, Chairman Rockefeller, members 
of the Committee, I am David Vladeck, the Director of the 
Federal Trade Commission's Bureau of Consumer Protection.
    I appreciate the opportunity to present the Commission's 
testimony on consumer protection issues in the mobile 
marketplace. The views expressed in the written statement that 
we submitted represent the Commission's views. My oral remarks 
and any response to questions represent my own views.
    Today's hearing could not be more timely or more important. 
We are seeing explosive growth in the mobile marketplace. 
Device technology is constantly improving, robust wireless 
Internet connections are nearly ubiquitous, businesses are 
innovating, and consumers are purchasing and using smartphones 
at extraordinary rates.
    And there is no wonder why. Today's smartphones are 
incredibly powerful, multitasking devices that marry the search 
capacity of a desktop computer with the personal, always-on, 
and always-with-you nature of mobile phones. There is no 
question that these devices benefit consumers, but there is 
also no question that these devices raise serious privacy 
concerns.
    These concerns stem from exactly the always-on and always-
with-you nature of these devices--the invisible collection and 
sharing of data with multiple parties; the ability to track 
consumers, including children and teens, to their precise 
location; and the difficulty of providing meaningful 
disclosures and choices about data collection on a smartphone's 
small screen.
    For 40 years, the Federal Trade Commission has worked to 
protect consumer privacy, and we are working hard to protect 
consumer privacy in the mobile marketplace. To keep pace with 
changes in the mobile market, the Commission has hired 
technologists, created a mobile forensic lab, conducted series 
of in-house trainings, and assembled a team focused on mobile 
technology. Every consumer protection investigation now 
examines the target's use of mobile technology.
    Currently, we have a number of nonpublic investigations 
underway relating to unfair and deceptive practices in the 
mobile marketplace. The Federal Trade Commission's primary law 
enforcement tool, the FTC Act, prohibits unfair or deceptive 
practices, and it applies in all media, including mobile.
    Last August, the Commission charged a public relations 
company with deceptively endorsing mobile gaming apps in the 
iTunes store. The Commission's recent cases against two of the 
largest players in the mobile ecosystem, Google and Twitter, 
further demonstrate the application of the FTC's privacy 
framework to the mobile marketplace.
    As you know, the Commission is currently reviewing whether 
its privacy framework has kept pace with technological change. 
Last December, the Commission released a preliminary staff 
report that proposed a new privacy framework that rests on 
three recommendations to ease the burden on consumers to 
protect their own information.
    First, privacy by design, baking privacy in at the outset. 
Second, simpler and streamlined privacy choices. And third, 
transparency, so consumers know what data is being pulled down 
and who is getting it and who is using it.
    These principles are especially relevant in the mobile 
marketplace, given all of the concerns related to the invisible 
collection and sharing of personal information, like the 
precise geolocation data of children and teens, combined with 
the difficulty of providing meaningful disclosures in a small-
screen environment.
    The preliminary report also included a recommendation to 
implement a universal choice mechanism for behavioral tracking, 
including behavioral advertising, often referred to as Do-Not-
Track. A majority of the Commission has expressed support for 
such a mechanism. Although the Commission has not taken a 
position on whether to recommend legislation in this area, the 
Commission strongly supports the goals of Chairman 
Rockefeller's Do-Not-Track legislation and supports the 
approach laid out in that bill, including the scope of the Do-
Not-Track standard, the technical feasibility and cost, and how 
the collection of anonymous data would be treated under the 
statute.
    I also want to commend Senator Kerry and Senator Klobuchar 
for their work on the Commercial Privacy Bill of Rights, and 
the members of this committee, including its chair, for their 
leadership on protecting consumer privacy.
    At a time when some children learn how to play games on a 
smartphone before they learn to tie their shoes, the Commission 
is also reviewing the Children's Online Privacy Protection Act 
rule to see whether technological changes in the online 
environment warrant any changes in the rule and statute.
    While the review is still ongoing, remarks at last year's 
COPPA roundtable, along with public comments we have received, 
demonstrate widespread consensus that both the COPPA statute 
and rule were written broadly enough to encompass most forms of 
mobile communications without the need for statutory change.
    In closing, the Commission is committed to protecting 
consumers in the mobile sphere through law enforcement and by 
working with industry and consumer groups to develop workable 
solutions that protect consumers while allowing for innovation.
    I am, of course, happy to answer any questions.
    [The prepared statement of Mr. Vladeck follows:]

           Prepared Statement of the Federal Trade Commission
    Chairman Rockefeller, Ranking Member Hutchison, and members of the 
Committee, I am David C. Vladeck, Director of the Bureau of Consumer 
Protection of the Federal Trade Commission (``FTC'' or ``Commission''). 
I appreciate the opportunity to present the Commission's testimony on 
consumer protection issues in the mobile marketplace.\1\
---------------------------------------------------------------------------
    \1\ This written statement represents the views of the Federal 
Trade Commission. My oral presentation and responses are my own and do 
not necessarily reflect the views of the Commission or of any 
Commissioner.
---------------------------------------------------------------------------
    This testimony first highlights the expansive growth of the mobile 
arena and what it means for U.S. consumers. Second, it summarizes the 
Commission's response to new mobile technologies, the Commission's 
expansion of its technical expertise, recent law enforcement actions in 
the mobile arena (adding to the Commission's extensive law enforcement 
experience in areas relating to the Internet and privacy),\2\ and its 
examination of consumer privacy issues raised by mobile technologies. 
Third, it discusses the application of a Do Not Track mechanism in the 
mobile environment.\3\ And finally, the testimony discusses the special 
issues that mobile technologies raise for the privacy of children and 
teens, and provides an update of the Commission's review of the 
Children's Online Privacy Protection Rule.
---------------------------------------------------------------------------
    \2\ In the last fifteen years, the FTC has brought more than 30 
data security cases; 64 cases against companies for improperly calling 
consumers on the Do Not Call registry; 86 cases against companies for 
violating the Fair Credit Reporting Act (``FCRA''); 96 spam cases; 15 
spyware cases; and 16 cases against companies for violating the 
Children's Online Privacy Protection Act.
    \3\ Commissioner William E. Kovacic dissents from this testimony to 
the extent that it endorses a Do Not Track mechanism. He believes that 
the endorsement of a Do Not Track mechanism is premature.
---------------------------------------------------------------------------
I. The Mobile Marketplace
    Mobile technology is exploding with a range of new products and 
services, and consumers across the country are rapidly responding to 
the industry's creation of smarter devices. According to the wireless 
telecommunications trade association, CTIA, the wireless penetration 
rate reached 96 percent in the United States by the end of last 
year.\4\ Also by that same time, 27 percent of U.S. mobile subscribers 
owned a smartphone,\5\ which is a wireless phone with more powerful 
computing abilities and connectivity than a simple cell phone. Such 
mobile devices are essentially handheld computers that offer Web 
browsing, e-mail, and a broad range of data services. These new mobile 
devices allow consumers to handle a multitude of tasks in the palms of 
their hands and offer Internet access virtually anywhere.
---------------------------------------------------------------------------
    \4\ CTIA, Wireless Quick Facts, available at www.ctia.org/advocacy/
research/index.cfm/aid/10323.
    \5\ ComScore, The 2010 Mobile Year in Review Report (Feb. 14. 
2011), at 5, available at www.comscore.com/Press_Events/
Presentations_Whitepapers/2011/2010_Mobile_Year_in_Review.
---------------------------------------------------------------------------
    Companies are increasingly using this new mobile medium to provide 
enhanced benefits to consumers, whether to provide online services or 
content, or to market other goods or services.\6\ For example, 
consumers can search websites to get detailed information about 
products, or compare prices on products they are about to purchase 
while standing in the check-out line. They can join texting programs 
that provide instantaneous product information and mobile coupons at 
the point of purchase or download mobile software applications 
(``apps'') that can perform a range of consumer services such as 
locating the nearest retail stores, managing shopping lists, tracking 
family budgets, transferring money between accounts, or calculating 
tips or debts.\7\ Apps also allow consumers to read news articles, play 
interactive games, and connect with family and friends via social 
networks. Any of these services can contain advertising, including 
targeted advertising.
---------------------------------------------------------------------------
    \6\ Indeed, a recent industry survey found that 62 percent of 
marketers used some form of mobile marketing for their brands in 2010 
and an additional 26 percent reported their intention to begin doing so 
in 2011. See Association of National Advertisers, Press Release, Vast 
Majority of Marketers Will Utilize Mobile Marketing and Increase 
Spending on Mobile Platforms in 2011, (Jan. 31, 2011) (describing the 
results of a survey conducted by the Association of National 
Advertisers and the Mobile Marketing Association), available at 
www.ana.net/content/show/id/20953.
    \7\ Although Apple's App Store and Google's Android Market are less 
than 3 years old, they collectively contain more than 600,000 apps. In 
January 2011, Apple reported that ten billion apps had been downloaded 
from the App Store. In May 2011, Google announced that 4.5 billion apps 
had been downloaded from the Android Market. See www.apple.com/itunes/
10-billion-app-countdown/; googleblog.blogspot.com/2011/05/android-
momentum-mobile-and-more-at.html.
---------------------------------------------------------------------------
II. FTC's Response to Consumer Protection Issues Involving Mobile 
        Technology
    New technology can bring tremendous benefits to consumers, but it 
also can present new concerns and provide a platform for old frauds to 
resurface. Mobile technology is no different, and the Commission is 
making a concerted effort to ensure that it has the necessary technical 
expertise, understanding of the marketplace, and tools needed to 
monitor, investigate, and prosecute deceptive and unfair practices in 
the mobile arena.
A. Developing an Understanding of Mobile Issues Through Workshops and 
        Town Halls
    For more than a decade, the Commission has explored mobile and 
wireless issues, starting in 2000 when the agency hosted a two-day 
workshop studying emerging wireless Internet and data technologies and 
the privacy, security, and consumer protection issues they raise.\8\ In 
2006, the Commission held a three-day technology forum that prominently 
featured mobile issues.\9\ Shortly thereafter, the Commission hosted 
two Town Hall meetings to explore the use of radio frequency 
identification (RFID) technology, and its integration into mobile 
devices as a contactless payment system.\10\ And in 2008, the 
Commission held a two-day forum examining consumer protection issues in 
the mobile sphere, including issues relating to ringtones, games, chat 
services, mobile coupons, and location-based services.\11\ Most 
recently, as discussed below, the Commission examined the privacy 
issues raised by mobile technologies as part of a series of roundtables 
on consumer privacy in late 2009 and early 2010.
---------------------------------------------------------------------------
    \8\ FTC Workshop, The Mobile Wireless Web, Data Services and 
Beyond: Emerging Technologies and Consumer Issues, available at 
www.ftc.gov/bcp/workshops/wireless/index.shtml.
    \9\ FTC Workshop, Protecting Consumers in the Next Tech-ade, 
available at www.ftc.gov/bcp/workshops/techade. The Staff Report is 
available at www.ftc.gov/os/2008/03/P064101tech.pdf.
    \10\ FTC Workshop, Pay on the Go: Consumers and Contactless 
Payment, available at www.ftc.gov/bcp/workshops/payonthego/index.shtml; 
FTC Workshop, Transatlantic RFID Workshop on Consumer Privacy and Data 
Security, available at www.ftc.gov/bcp/workshops/transatlantic/
index.shtml.
    \11\ FTC Workshop, Beyond Voice: Mapping the Mobile Marketplace, 
available at www.ftc.gov/bcp/workshops/mobilemarket/index.shtml.
---------------------------------------------------------------------------
B. Developing a Mobile Lab and Creating a Mobile Team
    The FTC has hired technologists (including its first Chief 
Technologist) and invested in new technologies to enable its 
investigators and attorneys to respond to the growth of mobile commerce 
and to conduct mobile-related investigations.\12\ For many years, FTC 
Bureau of Consumer Protection staff have investigated online fraud 
using the agency's Internet Lab, a facility that contains computers 
with IP addresses not assigned to the government, as well as evidence-
capturing software. The agency has expanded the Internet lab to include 
mobile devices spanning various platforms and carriers, along with the 
software and other equipment needed to collect and preserve evidence.
---------------------------------------------------------------------------
    \12\ See, e.g., Press Release, FTC Adds Edward W. Felten as its 
Chief Technologist (Nov. 4, 2010), available at www.ftc.gov/opa/2010/
11/cted.shtm.
---------------------------------------------------------------------------
    Additionally, the FTC's Bureau of Consumer Protection assembled a 
team focusing on mobile technology. This group is conducting research, 
monitoring the various platforms, app stores, and applications, and 
training other FTC staff on mobile issues. In addition, in all of the 
FTC's consumer protection investigations, staff is examining whether 
the targets of investigations are using mobile technology in their 
operations.
C. Applying the FTC Act to the Mobile Arena
    Although the FTC does not enforce any special laws applicable to 
mobile marketing, the FTC's core consumer protection law--Section 5 of 
the FTC Act--prohibits unfair or deceptive practices in the mobile 
arena.\13\ This law applies to commerce in all media, whether 
traditional print, telephone, television, desktop computer, or mobile 
device. The Commission has several recent law enforcement and policy 
initiatives in the mobile arena, which build on the Commission's 
extensive law enforcement experience in the Internet and privacy areas.
---------------------------------------------------------------------------
    \13\ 15 U.S.C.  45(a).
---------------------------------------------------------------------------
1. Endorsement Law and Advertising Substantiation
    The FTC brought a case last August applying FTC advertising law 
principles to the mobile apps marketplace. The Commission charged 
Reverb Communications, Inc., a public relations agency hired to promote 
video games, with deceptively endorsing mobile gaming applications in 
the iTunes store.\14\ The company allegedly posted positive reviews of 
gaming apps using account names that gave the impression the reviews 
had been submitted by disinterested consumers when they were, in 
actuality, posted by Reverb employees. In addition, the Commission 
charged that Reverb failed to disclose that it often received a 
percentage of the sales of each game. The Commission charged that the 
disguised reviews were deceptive under Section 5, because knowing the 
connections between the reviewers and the game developers would have 
been material to consumers reviewing the iTunes posts in deciding 
whether or not to purchase the games. In settling the allegations, the 
company agreed to an order prohibiting it from publishing reviews of 
any products or services unless it discloses a material connection, 
when one exists, between the company and the product.
---------------------------------------------------------------------------
    \14\ Reverb Commc'ns, Inc., FTC Docket No. C-4310 (Nov. 22, 2010) 
(consent order), available at www.ftc.gov/opa/2010/08/reverb.shtm.
---------------------------------------------------------------------------
    The Reverb settlement demonstrates that the FTC's well-settled 
truth-in-advertising principles apply to new forms of mobile marketing. 
The mobile marketplace may offer advertisers new opportunities, but as 
in the offline world, companies must be able to substantiate claims 
made about their products. Developers may not make misrepresentations 
or unsubstantiated claims about their mobile apps, whether those claims 
are in banner ads, on a mobile website, in an app, or in app store 
descriptions. FTC staff is working to identify other violations of 
these well-established principles in the mobile context.
2. Unauthorized Charges and Other Deceptive Conduct
    FTC staff has active investigations into other unfair or deceptive 
conduct in the mobile arena. For example, staff is examining both the 
cramming of charges on consumers wireless phone bills and alleged 
inadequate disclosures of charges for in-app purchases.
    Cramming is the practice of placing unauthorized charges on 
consumers' telephone bills. The FTC has aggressively prosecuted 
cramming violations in connection with landline telephone bills for 
many years.\15\ Mobile telephone accounts can also be used as a billing 
mechanism. On May 11, the FTC hosted a workshop on Phone Bill Cramming. 
The workshop examined how the mobile and landline billing platforms 
work, best practices for industry, and the development of cramming 
prevention mechanisms.\16\
---------------------------------------------------------------------------
    \15\ See, e.g., FTC v. INC21.com, No. C 10-00022 WHA (N.D. Cal.) 
(summary judgment entered Sept. 21, 2010), available at www.ftc.gov/
opa/2010/09/inc21.shtm; FTC v. Nationwide Connections, Inc., No. Cv 06-
80180 (S.D. Fla.) (final stipulated orders entered Apr. 11, 2008), 
available at www.ftc.gov/opa/2008/04/cram.shtm.
    \16\ See FTC Workshop, Phone Bill Cramming, available at 
www.ftc.gov/bcp/workshops/cramming/.
---------------------------------------------------------------------------
    Concerns about charges for in-app purchases in games and other apps 
that initially appear to be free is another issue of concern. Several 
Members of Congress and others have raised concerns about purportedly 
free mobile apps directed to children that subsequently result in 
charges for products and services found within the applications, 
without adequate disclosures.\17\ FTC staff is examining industry 
practices related to this issue.
---------------------------------------------------------------------------
    \17\ Cecelia Kang, Lawmakers Urge FTC to Investigate Free Kids 
Games on iPhone, Washington Post (Feb. 8, 2011), available at 
www.washingtonpost.com/wp-dyn/content/article/2011/02/08/
AR2011020805721.html.
---------------------------------------------------------------------------
3. Unsolicited Commercial Text Messages
    Through enforcement of the CAN-SPAM Act,\18\ the Commission has 
long sought to protect consumers from unsolicited commercial e-mail. 
Indeed, CAN-SPAM applies to e-mail regardless of what type of computer 
or device is used to view and send the commercial e-mail messages. 
Unsolicited text messages present problems similar to those addressed 
by CAN-SPAM, but unsolicited text messages present additional problems 
for mobile phone users.
---------------------------------------------------------------------------
    \18\ Controlling the Assault of Non-Solicited Pornography and 
Marketing Act of 2003, 15 U.S.C.  7701-7713.
---------------------------------------------------------------------------
    In February, the Commission filed its first law enforcement action 
against a sender of unsolicited text messages and obtained a temporary 
restraining order suspending the defendant's challenged operations. The 
FTC alleged that Philip Flora sent more than 5 million unsolicited text 
messages--almost a million a week--to the mobile phones of U.S. 
consumers and that this was an unfair practice under Section 5 of the 
FTC Act.\19\ Many consumers who received Flora's text messages--which 
typically advertised questionable mortgage loan modification or debt 
relief services--had to pay a fee each time they received a message. 
Many others found that Flora's text messages caused them to exceed the 
number of messages included in their mobile service plans, thereby 
causing some consumers to incur additional charges on their monthly 
bill.\20\
---------------------------------------------------------------------------
    \19\ FTC v. Flora, CV11-00299 (C.D. Cal.) (Compl. filed Feb. 22, 
2011), available at www.ftc.gov/opa/2011/02/loan.shtm. The complaint 
also alleges that Flora sent over the Internet unsolicited commercial 
e-mail messages advertising his texting services. The e-mails did not 
include a valid opt-out mechanism and failed to include a physical 
postal address, in violation of the CAN-SPAM Act. In these e-mails, 
Flora offered to send 100,000 text messages for only $300. Further, the 
complaint charged that Flora deceptively claimed an affiliation with 
the Federal Government in connection with the loan modification service 
advertised in the text messages.
    \20\ While the financial injury suffered by any consumer may have 
been small, the aggregate injury was likely quite large. And, even for 
those consumers with unlimited messaging plans, Flora's unsolicited 
messages were harassing and annoying, coming at all hours of the day.
---------------------------------------------------------------------------
4. Debt Collection Technology
    The impact of mobile technology is also evident in the debt 
collection industry. On April 28, the Commission hosted a forum that 
examined the impact of new technologies on debt collection practices, 
including the technologies used to locate, identify, and contact 
debtors.\21\ Panelists discussed the consumer concerns that arise when 
collectors contact debtors on their mobile phones, and whether some 
appropriate consumer consent should be required before a collector 
calls or sends text messages to a consumer's mobile phone. Commission 
staff is considering and analyzing the information received from the 
workshop and is preparing a summary report.
---------------------------------------------------------------------------
    \21\ FTC Workshop, Debt Collection 2.0: Protecting Consumers as 
Technologies Change, available at www.ftc.gov/bcp/workshops/
debtcollectiontech/index.shtml.
---------------------------------------------------------------------------
5. Mobile Payments
    The use of mobile phones as a payment device also presents 
potential consumer protection issues.\22\ As mentioned above, consumers 
can already charge goods and services, real or virtual, to their mobile 
telephone bills and app store accounts. Many other payment mechanisms 
and models are still developing, such as contactless payments systems 
that allow consumers to pay for products and services with the swipe of 
their smart phone.\23\ Many, but not all, mobile payment systems are 
tied to traditional payment mechanisms such as credit cards. Staff is 
monitoring this emerging area for potential unfair or deceptive 
practices.
---------------------------------------------------------------------------
    \22\ See Elizabeth Eraker, Colin Hector & Chris Hoofnagle, Mobile 
Payment: The Challenge of Protecting Consumers and Innovation, BNA, 10 
Privacy & Security Law Report 212 (Feb. 7, 2011).
    \23\ See Darin Contini, Marianne Crowe, Cynthia Merritt, Richard 
Oliver & Steve Mott, Retail Payments Risk Forum, Mobile Payments in the 
United States: Mapping Out the Road Ahead, (Mar. 25, 2011), available 
at www.frbatlanta.org/documents/rprf/rprf_pubs/110325_wp.pdf; Smart 
Card Alliance, Contactless Payment Growth and Evolution to Mobile NFC 
Payment are Highlights as Smart Card Alliance/CTST Conference Opens 
(May 14, 2008), available at www.smartcardalliance.org/articles/2008/
05/14/contactless-payment-growth-and-evolution-to-mobile-nfc-payment-
are-highlights-as-smart-card-alliance-ctst-conference-opens.
---------------------------------------------------------------------------
III. Privacy Issues in the Mobile Arena
    The rapid growth of new mobile services has provided enormous 
benefits to both businesses and consumers. At the same time, it has 
facilitated unprecedented levels of data collection, which are often 
invisible to consumers.
    The Commission recognizes that mobile technology presents unique 
and heightened privacy and security concerns. In the complicated mobile 
ecosystem, a single mobile device can facilitate data collection and 
sharing among any entities, including wireless providers, mobile 
operating system providers, handset manufacturers, app developers, 
analytics companies, and advertisers. And, unlike other types of 
technology, mobile devices are typically personal to the user, almost 
always carried by the user and switched-on.\24\ From capturing 
consumers' precise location to their interactions with e-mail, social 
networks, and apps, companies can use a mobile device to collect data 
over time and ``reveal[ ] the habits and patterns that mark the 
distinction between a day in the life and a way of life.'' \25\ 
Further, the rush of on-the-go use, coupled with the small screens of 
most mobile devices, makes it especially unlikely that consumers will 
read detailed privacy disclosures.
---------------------------------------------------------------------------
    \24\ See, e.g., Amanda Lenhart, Pew Internet & American Life 
Project, Adults, Cell Phones and Texting (Sept. 2, 2010), at 10, 
available at www.pewinternet.org/Reports/2010/Cell-Phones-and-American-
Adults/Overview.aspx (``65 percent of adults with cell phones say they 
have ever slept with their cell phone on or right next to their bed''); 
Amanda Lenhart, Rich Ling, Scott Campbell, Kristen Purcell, Pew 
Internet & American Life Project, Teens and Mobile Phones (Apr. 20, 
2010), at 73, available at www.pewinternet.org/Reports/2010/Teens-and-
Mobile-Phones/Chapter-3/Sleeping-with-the-phone-on-or-near-the-bed.aspx 
(86 percent of cell-owning teens ages 14 and older have slept with 
their phones next to them).
    \25\ United States v. Maynard, 615 F.3d 544, 562 (D.C. Cir. 2010).
---------------------------------------------------------------------------
    In recent months, news reports have highlighted the virtually 
ubiquitous data collection by smartphones and their apps. Researchers 
have reported that both major smartphone platform providers collect 
precise location information from phones running their operating 
systems to support their device location services.\26\ The Wall Street 
Journal has documented numerous companies gaining access to detailed 
information--such as age, gender, precise location, and the unique 
identifiers associated with a particular mobile device--that can be 
used to track and predict consumers' every move.\27\ Not surprising, 
recent surveys indicate that consumers are concerned. For example, a 
recent Nielsen study found that a majority of smartphone app users 
worry about their privacy when it comes to sharing their location 
through a mobile device.\28\ The Commission has addressed these issues 
through a combination of law enforcement and policy initiatives, as 
discussed below.
---------------------------------------------------------------------------
    \26\ See Julia Angwin & Jennifer Valentino-Devries, Apple, Google 
Collect User Data, Wall St. J. (Apr. 22, 2011), available at 
online.wsj.com/article/SB100014240527487039837045762771
01723453610.html
    \27\ See, e.g., Robert Lee Hotz, The Really Smart Phone, Wall St. 
J. (Apr. 23, 2011), available at online.wsj.com/article/
SB10001424052748704547604576263_261679848814.html (describing how 
researchers are using mobile data to predict consumers' actions); Scott 
Thurm & Yukari Iwatane Kane, Your Apps are Watching You, Wall St. J. 
(Dec. 18, 2010), available at online.wsj.com/article/
SB1000142405_2748704368004576027751867039730.html (documenting the data 
collection that occurs through many popular smartphone apps).
    \28\ NielsenWire, Privacy Please! U.S. Smartphone App Users 
Concerned with Privacy When it Comes to Location (Apr. 21, 2011), 
available at blog.nielsen.com/nielsenwire/online_mobile/privacy-please-
u-s-smartphone-app-users-concerned-with-privacy-when-it-comes-to-
location; see also Ponemon Institute, Smartphone Security: Survey of 
U.S. Consumers (Mar. 2011), at 7, available at aa-download.avg.com/
filedir/other/ _Smartphone.pdf (64 percent of consumers worry about 
being tracked when using their smartphones).
---------------------------------------------------------------------------
A. Mobile Privacy: Enforcement Actions
    The FTC's privacy cases have challenged companies that fail to 
protect the privacy and security of consumer information, including 
information obtained through mobile communications. Two recent cases 
highlight the application of the FTC's privacy enforcement to the 
mobile marketplace.
    First, the Commission's recent case against Google alleges that the 
company deceived consumers by using information collected from Gmail 
users to generate and populate a new social network, Google Buzz.\29\ 
The Commission charged that Gmail users' associations with their 
frequent e-mail contacts became public without the users' consent. As 
part of the Commission's proposed settlement order, Google must protect 
the privacy of all of its customers--including mobile users. For 
example, the order requires Google to implement a comprehensive privacy 
program and conduct independent audits every other year for the next 20 
years.
---------------------------------------------------------------------------
    \29\ Google, Inc., FTC File No. 102 3136 (Mar. 30, 2011) (consent 
order accepted for public comment), available at www.ftc.gov/opa/2011/
03/google.shtm.
---------------------------------------------------------------------------
    Second, in the Commission's case against social networking service 
Twitter, the FTC alleged that serious lapses in the company's data 
security allowed hackers to obtain unauthorized administrative control 
of Twitter.\30\ As a result, hackers had access to private ``tweets'' 
and non-public user information--including users' mobile phone 
numbers--and took over user accounts, among them, those of then-
President-elect Obama and Rupert Murdoch. The Commission's order, which 
applies to Twitter's collection and use of consumer data, including 
through mobile devices or apps, prohibits future misrepresentations and 
requires Twitter to maintain reasonable security and obtain independent 
audits of its security practices.
---------------------------------------------------------------------------
    \30\ Twitter, Inc., FTC Docket No. C-4316 (Mar. 2, 2011) (consent 
order), available at www.ftc.gov/opa/2011/03/twitter.shtm.
---------------------------------------------------------------------------
    FTC staff has a number of additional active investigations 
regarding privacy issues associated with mobile devices, including 
children's privacy.
B. Mobile Privacy: Policy Initiatives
    In late 2009 and early 2010, the Commission held three roundtables 
to examine how changes in the marketplace have affected consumer 
privacy and whether current privacy laws and frameworks have kept pace 
with these changes.\31\ At one roundtable, a panel focused on the 
privacy implications of mobile technology. Participants addressed the 
complexity of data collection through mobile devices; the extent and 
nature of the data collection, particularly with respect to location 
data; and the adequacy of privacy disclosures on mobile devices.\32\ 
Based on the information received through the roundtables, FTC staff 
drafted a preliminary report (``Staff Report'') proposing a new privacy 
framework consisting of three main recommendations, each of which 
applies to mobile technology.\33\
---------------------------------------------------------------------------
    \31\ See FTC, Exploring Privacy: A Roundtable Series, available at 
http://www.ftc.gov/bcp/workshops/privacyroundtables/index.shtml.
    \32\ Transcript of Roundtable Record, Exploring Privacy: A 
Roundtable Series (Jan. 28, 2010) (Panel 4, ``Privacy Implication of 
Mobile Computing''), at 238, available at http://www.ftc.gov/bcp/
workshops/privacyroundtables/PrivacyRoundtable_Jan2010_Transcript.pdf.
    \33\ See FTC Preliminary Staff Report, Protecting Consumer Privacy 
in an Era of Rapid Change: A Proposed Framework for Businesses and 
Policymakers (Dec. 1, 2010), available at http://ftc.gov/os/2010/12/
101201privacyreport.pdf. Commissioners William E. Kovacic and J. Thomas 
Rosch issued concurring statements available at http://ftc.gov/os/2010/
12/101201privacy
report.pdf at Appendix D and Appendix E, respectively.
---------------------------------------------------------------------------
    First, FTC staff recommended that companies adopt a ``privacy by 
design'' approach by building privacy protections into their everyday 
business practices, such as not collecting or retaining more data than 
they need to provide a requested service or transaction. Thus, for 
example, if an app provides only traffic and weather information to a 
consumer, it does not need to collect call logs or contact lists from 
the consumer's device.
    Second, staff recommended that companies provide simpler and more 
streamlined privacy choices to consumers. This means that all companies 
involved in data collection and sharing through mobile devices--
carriers, handset manufacturers, operating system providers, app 
developers, and advertisers--should work together to provide such 
choices and to ensure that they are understandable and accessible on 
the small screen. The Staff Report also stated that companies should 
obtain affirmative express consent before collecting or sharing 
sensitive information, such as precise location data.
    Third, the Staff Report proposed a number of measures that 
companies should take to make their data practices more transparent to 
consumers, including streamlining their privacy disclosures to 
consumers.
    After releasing the Staff Report, staff received 452 public 
comments on its proposed framework, a number of which implicate mobile 
privacy issues specifically. FTC staff is analyzing the comments and 
will take them into consideration in preparing a final report for 
release later this year.
C. Web Browsing and Do Not Track on Mobile Devices
    The Staff Report included a recommendation to implement a universal 
choice mechanism for online tracking, including for purposes of 
delivering behavioral advertising, often referred to as ``Do Not 
Track,'' and a majority of the Commission has expressed support for 
such a mechanism.\34\ Behavioral advertising helps support online 
content and services, and many consumers may value the personalization 
that it offers. However, the third-party tracking that underlies much 
of this advertising is largely invisible to consumers, some of whom may 
prefer not to have their personal browsing and searching information 
collected by companies with which they do not have a relationship.
---------------------------------------------------------------------------
    \34\ See FTC Staff Report, supra note 33; see also Do Not Track: 
Hearing Before the Subcomm. on Commerce, Trade and Consumer Prot. of 
the H. Comm. on Energy and Commerce, 111th Cong. (Dec. 2, 2010), 
available at www.ftc.gov/os/testimony/101202donottrack.pdf (statement 
of the FTC, Commissioner Kovacic dissenting). Commissioner Kovacic 
believes that the endorsement of a Do Not Track mechanism by staff (in 
the report) and the Commission (in this testimony) is premature. See 
FTC Staff Report, App. D. Commissioner Rosch supported a Do Not Track 
mechanism only if it were ``technically feasible'' and implemented in a 
fashion that provides informed consumer choice regarding all the 
attributes of such a mechanism. See id., App. E. To clarify, 
Commissioner Rosch continues to believe that a variety of questions 
need to be answered prior to the endorsement of any particular Do Not 
Track mechanism, including the consequences of the mechanism for 
consumers and competition.
---------------------------------------------------------------------------
    The FTC repeatedly has called on stakeholders to develop and 
implement better tools to allow consumers to control the collection and 
use of their online browsing data,\35\ and industry and other 
stakeholders have responded. In recent months a number of browser 
vendors--including Microsoft, Mozilla, and Apple--have announced that 
the latest versions of their browsers include, or will include, the 
ability for consumers to tell websites not to track their online 
activities.\36\ Additionally, last month the World Wide Web Consortium 
\37\ held a two-day workshop at which participants including academics, 
industry representatives, and privacy advocates discussed how to 
develop standards for incorporating ``Do Not Track'' preferences into 
Internet browsing.\38\ The online advertising industry has also made 
important progress in this area. For example, the Digital Advertising 
Alliance, an industry coalition of media and marketing associations, is 
launching an enhanced notice program that includes an icon embedded in 
behaviorally targeted ads.\39\ When consumers click on the icon, they 
can see more information about how the ad was targeted and delivered to 
them and are given the opportunity to opt out of receiving such ads, 
although collection of browsing information could continue.
---------------------------------------------------------------------------
    \35\ See, e.g., The State of Online Consumer Privacy, Hearing 
Before the S. Comm. on Commerce, Science & Transportation, 112th Cong. 
(Mar. 16, 2011), available at www.ftc.gov/os/testimony/
110316consumerprivacysenate.pdf (statement of the FTC, Commissioner 
Kovacic dissenting); Do Not Track: Hearing Before the Subcomm. on 
Commerce, Trade and Consumer Prot. of the H. Comm. on Energy and 
Commerce, 111th Cong. (Dec. 2, 2010), available at www.ftc.gov/os/
testimony/101202donottrack.pdf (statement of the FTC, Commissioner 
Kovacic dissenting); see also FTC Staff Report: Self-Regulatory 
Principles for Online Behavioral Advertising (Feb. 2009), available at 
www.ftc.gov/os/2009/02/P085400behavadreport.pdf.
    \36\ See Press Release, Microsoft, Providing Windows Customers with 
More Choice and Control of Their Privacy Online with Internet Explorer 
9 (Dec. 7, 2010), available at www.microsoft.com/presspass/features/
2010/dec10/12-07ie9privacyqa.mspx; Mozilla Blog, Mozilla Firefox 4 
Beta, Now Including ``Do Not Track'' Capabilities, blog.mozilla.com/
blog/2011/02/08/mozilla-firefox-4-beta-now-including-do-not-track-
capabilities/ (Feb. 8, 2011); Nick Wingfield, Apple Adds Do-Not-Track 
Tool to New Browser, Wall St. J. (Apr. 14, 2011), available at 
online.wsj.com/article/
SB10001424052748703551304576261272308358858.html.
    \37\ The World Wide Web Consortium (W3C) is an international 
community whose ``mission is to lead the World Wide Web to its full 
potential by developing protocols and guidelines that ensure the long-
term growth of the Web.'' See www.w3.org/Consortium/mission.html.
    \38\ See www.w3.org/2011/track-privacy/. This event followed a 
joint proposal by Stanford Law School's Center for Internet and Society 
and Mozilla for a header-based Do Not Track mechanism submitted to the 
Internet Engineering Task Force. See Do Not Track: A Universal Third-
Party Web Tracking Opt Out (Mar. 7, 2011), available at tools.ietf.org/
html/draft-mayer-do-not-track-00; see also Mozilla Makes Joint 
Submission to IETF on DNT, available at firstperson
cookie.wordpress.com/2011/03/09/mozilla-makes-joint-submission-to-ietf-
on-dnt/.
    \39\ See Interactive Advertising Bureau Press Release, Major 
Marketing Media Trade Groups Launch Program to Give Consumers Enhanced 
Control over Collection and Use of Web Viewing Data for Online 
Behavioral Advertising (Oct. 4, 2010), available at www.iab.net/about_
the_iab/recent_press_releases/press_release_archive/press_release/pr-
100410.
---------------------------------------------------------------------------
    These recent industry efforts to improve consumer control are 
promising, but they are still in the early stage and their 
effectiveness remains to be seen. As industry continues to explore 
technical options and implement self-regulatory programs and Congress 
continues to examine Do Not Track, five critical principles should be 
considered to make any Do Not Track mechanism robust and effective. Do 
Not Track should (1) be universal; (2) be easy to find and use; (3) be 
enforceable; (4) ensure that consumer choices are persistent; and (5) 
not only allow consumers to opt out of receiving targeted advertising, 
but also allow them to opt out of collection of behavioral data for all 
purposes that are not commonly accepted.\40\
---------------------------------------------------------------------------
    \40\ For more detail concerning these five principles, see The 
State of Online Consumer Privacy, Hearing Before the S. Comm. on 
Commerce, Science & Transportation, supra note 35, at 16-17.
---------------------------------------------------------------------------
    The Staff Report asked whether Do Not Track should apply in the 
mobile context. At least for purposes of Web browsing, the issues 
surrounding implementation of Do Not Track are the same on mobile 
devices and desktop computers. On both types of devices, the user could 
assert a Do Not Track choice, the browser would remember this choice, 
and the browser would send the Do Not Track request to other websites 
visited. The technology underlying mobile apps, however, differs in 
some respects from Web browsing (apps run outside of the browser, 
unlike websites), and thus the Staff Report has asked for comment about 
the application of Do Not Track to mobile apps, and FTC staff is 
currently examining the technology involved in a Do Not Track mechanism 
for mobile apps.
    Chairman Rockefeller has introduced Do Not Track legislation that 
would address desktop and mobile services.\41\ The Commission supports 
the fundamental goals of this legislation--to provide transparency and 
consumer choice regarding tracking. Although the Commission has not 
taken a position on whether there should be legislation in this area, 
the Commission supports the approach in the proposed legislation, which 
would consider a variety of factors in implementing a Do Not Track 
mechanism, including the scope of the Do Not Track standard, the 
technical feasibility and costs, and how the collection of anonymous 
data would be treated under the standard. Indeed, the Commission agrees 
that any legislative mandate must give careful consideration to these 
issues, along with any competitive implications, as part of the Do Not 
Track rulemaking process. We would be pleased to work with Chairman 
Rockefeller, the Committee and Committee staff as they consider these 
important issues.
---------------------------------------------------------------------------
    \41\ Do Not Track Online Act of 2011, S. 913, 112th Cong. (2011)
---------------------------------------------------------------------------
D. Children's and Teens' Mobile Privacy
    The Commission has a long history of working to protect the privacy 
of young people in the online environment. In recent years, the advent 
of new technologies and new ways to collect data, including through 
mobile devices, has heightened concerns about the protection of young 
people when online.
1. Children's and Teen's Use of Mobile Technology
    Children's and teens' use of mobile devices is increasing rapidly--
in 2004, 45 percent of 12 to 17 year-olds had a cell phone; by 2009, 
that figure jumped to 75 percent.\42\ Many young people are using their 
phones not just for calling or sending text messages, but increasingly 
for sending e-mails, Web browsing, and using a host of apps that enable 
them to access social networks and make online purchases.\43\ They are 
also using relatively new mobile apps that raise privacy concerns such 
as location-based tracking.\44\ Even very young children have embraced 
these new technologies. In one study, two-thirds of the children ages 
4-7 stated they had used an iPhone, often one owned by a family member 
and handed back to them while riding in an automobile.\45\
---------------------------------------------------------------------------
    \42\ Amanda Lenhart, Rich Ling, Scott Campbell, Kristen Purcell, 
Pew Internet & American Life Project, Teens and Mobile Phones (Apr. 20, 
2010), at 2, available at www.pewinternet.org//media//Files/Reports/
2010/PIP-Teens-and-Mobile-2010.pdf.
    \43\ Id.
    \44\ Nielsen, How Teens Use Media (June 2009), available at 
blog.nielsen.com/nielsenwire/reports/
nielsen_howteensusemedia_june09.pdf.
    \45\ Cynthia Chiong & Carly Shuler, Joan Ganz Cooney Center, 
Learning: Is there an App for that? (Nov. 2010), at 15, available at 
www.joanganzcooneycenter.org/upload_kits/learning
apps_final_110410.pdf.
---------------------------------------------------------------------------
2. Enforcement of the Children's Online Privacy Protection Rule
    The Commission actively engages in law enforcement, consumer and 
business education, and rulemaking initiatives to ensure knowledge of, 
and adherence to, the Children's Online Privacy Protection Rule 
(``COPPA Rule''), issued pursuant to the Children's Online Privacy 
Protection Act of 1998.\46\ The COPPA Rule requires operators of 
interactive websites and online services directed to children under the 
age of 13, as well as operators of general audience sites and services 
having knowledge that they have collected information from children, to 
provide certain protections. In the past 10 years, the Commission has 
brought 16 law enforcement actions alleging COPPA violations and has 
collected more than $6.2 million in civil penalties.
---------------------------------------------------------------------------
    \46\ The Commission's COPPA Rule is found at 16 C.F.R. Part 312. 
The COPPA statute is found at 15 U.S.C.  6501 et seq.
---------------------------------------------------------------------------
    Just last week, the Commission announced its largest civil penalty 
in a COPPA action, a $3 million settlement against Playdom, Inc. The 
Commission alleged that the company, a leading developer of online 
multi-player games, as well as one of its executives, violated COPPA by 
illegally collecting and disclosing personal information from hundreds 
of thousands of children under age 13 without their parents' prior 
consent.\47\ While the allegations against Playdom do not specifically 
include the collection of information via mobile communications, the 
order, like all previous COPPA orders, applies to future information 
collected from children, whether it is collected via a desktop computer 
or a mobile computing device.
---------------------------------------------------------------------------
    \47\ United States v. Playdom, Inc., No. SACV11-00724 (C.D. Cal.) 
(final stipulated order filed May 11, 2011), available at www.ftc.gov/
opa/2011/05/playdom.shtm.
---------------------------------------------------------------------------
3. Review of the COPPA Rule
    In April 2010, the Commission accelerated its review of the COPPA 
Rule, asking for comment on whether technological changes in the online 
environment warrant any changes to the Rule or to the statute.\48\ In 
June 2010, the Commission also held a public roundtable to discuss the 
implications for COPPA enforcement raised by new technologies, 
including the rapid expansion of mobile communications.\49\
---------------------------------------------------------------------------
    \48\ See 75 Fed. Reg. 17,089 (Apr. 5, 2010). Although, of course, 
the Commission does not have the authority to amend the statute, it 
could recommend changes to Congress if warranted. Commission staff 
anticipates that proposed changes to the COPPA Rule, if any, will be 
announced in the next few months.
    \49\ Information about the June 2, 2010 COPPA Roundtable is located 
at http://www.ftc.gov/bcp/workshops/coppa/index.shtml. The public 
comments submitted in connection with the COPPA Rule review are 
available at http://www.ftc.gov/os/comments/copparulerev2010/
index.shtm.
---------------------------------------------------------------------------
    While the Rule review is ongoing, public comments and roundtable 
remarks reveal widespread consensus that the COPPA statute and the Rule 
were written broadly enough to encompass most forms of mobile 
communications without the need for statutory change.\50\ For example, 
current technologies such as mobile applications, interactive games, 
voice-over-Internet services, and social networking services that 
access the Internet or a wide-area network are ``online services'' 
covered by COPPA.\51\ There was less consensus as to whether certain 
mobile communications such as text messages are ``online services'' 
covered by COPPA. Certain commenters indicated that, depending on the 
details of the texting program--and provided that personal information 
is collected--COPPA could cover such programs.\52\ Other commenters 
maintained that text messages cross wireless service providers' 
networks and short message service centers, not the public Internet, 
and that therefore such services are not Internet-based and are not 
``online services.\53\ Commission staff is assessing new technologies 
to determine whether they are encompassed by, and conducted in 
accordance with, COPPA's parameters.
---------------------------------------------------------------------------
    \50\ See, e.g., Comment of Center for Democracy and Technology 
(July 1, 2010), at 2, available at http://www.ftc.gov/os/comments/
copparulerev2010/547597-00049-54858.pdf; Transcript of Roundtable 
Record, COPPA Rule Review Roundtables (June 2, 2010), at 14, (remarks 
of Ed Felten, Center for Information Technology Policy), available at 
http://www.ftc.gov/bcp/workshops/coppa/_COPPARuleReview_Transcript.pdf 
(hereinafter ``COPPA Transcript'').
    \51\ The statute's definition of ``Internet,'' covering the 
``myriad of computer and telecommunications facilities, including 
equipment and operating software, which comprise the interconnected 
world-wide network of networks that employ the Transmission Control 
Protocol/Internet Protocol,'' is plainly device neutral. 15 U.S.C.  
6502(6). In addition, the statutory use of the terms ``website located 
on the Internet'' and ``online service,'' although undefined, is 
broadly understood to cover content that users can access through a 
browser on an ordinary computer or a mobile device, and services 
available over the Internet or that connect to the Internet or a wide-
area network. See Comment of AT&T, Inc. (July 12, 2010), at 5, 
available at www.ftc.gov/os/comments/copparulerev2010/547597-00074-
54989.pdf; Comment of Spratt (Apr. 18, 2010), available at www.ftc.gov/
os/comments/copparulerev2010/_547597-00004.html; COPPA Transcript, 
supra note 50, at 15 (remarks of Ed Felten).
    \52\ See COPPA Transcript, supra note 50, at 27-28 (remarks of Ed 
Felten).
    \53\ See Comment of CTIA (June 30, 2010), at 2-5, available at 
www.ftc.gov/os/comments/copparulerev2010/547597-00039-54849.pdf (citing 
the Federal Communications Commission's rules and regulations 
implementing the CAN-SPAM Act of 2003 and the Telephone Consumer 
Protection Act of 1991, finding that phone-to-phone SMS is not captured 
by Section 14 of CAN-SPAM because such messages do not have references 
to Internet domains).
---------------------------------------------------------------------------
4. Consumer Education Initiatives for Children and Teens
    The FTC has launched a number of education initiatives designed to 
encourage consumers of all ages to use technology safely and 
responsibly. In particular, the Commission's educational booklet, Net 
Cetera: Chatting with Kids About Being Online,\54\ provides practical 
tips on how parents, teachers, and other trusted adults can help 
children of all ages, including teens and pre-teens, reduce the risks 
of inappropriate conduct, contact, and content that come with living 
life online. Net Cetera focuses on the importance of communicating with 
children about issues ranging from cyber bullying to sexting, social 
networking, mobile phone use, and online privacy. The Commission has 
partnered with schools, community groups, and local law enforcement to 
publicize Net Cetera, and the agency has distributed more than 7.8 
million print copies of the guide since it was introduced in October 
2009. FTC staff are currently developing additional consumer education 
materials focused on mobile issues.
---------------------------------------------------------------------------
    \54\ Net Cetera is available online at www.onguardonline.gov/pdf/
tec04.pdf.
---------------------------------------------------------------------------
IV. Conclusion
    The Commission is committed to protecting consumers, including 
children and teens, from unfair and deceptive acts in the burgeoning 
mobile marketplace. This dedication is reflected in the Commission's 
recent law enforcement actions and ongoing investigations, policy 
initiatives, and investment of resources to augment its mobile 
technical expertise and investigative tools. Protecting the privacy and 
security of consumer information is a critical component of the 
Commission's focus on mobile technologies and services. We will 
continue to bring law enforcement actions where appropriate and work 
with industry and consumer groups to develop workable solutions that 
allow companies to continue to innovate and give consumers the new 
products and services they desire.

    Senator Pryor. Thank you very much.
    And because we have a full committee here, almost a full 
subcommittee, I am going to just ask a couple of questions, 
then I will turn it over to my colleagues.
    Thank you very much, Mr. Vladeck, for being here. You 
mentioned that this is a small-screen world. And even when you 
have a large screen and you get all these privacy notices and 
agreements that are online, et cetera, there is a lot of 
verbiage there you have to go through. So it seems to me that 
we have a particular challenge in the small-screen world to 
have meaningful disclosure.
    Have you given that much thought, and do you have a 
solution on that?
    Mr. Vladeck. Well, we have addressed this issue in our 
privacy report, and one of the reasons why we did this privacy 
rethink at the outset was because even on big screens, privacy 
policies are often indecipherable to consumers. And simply 
translating that to the smartphone world, where a consumer 
might have to click through a dozen, two or three dozen screens 
to read a privacy policy, doesn't make sense.
    We have called for simple, clear, and concise disclosures 
that can tell consumers--that tell consumers the fundamental 
information they need to know--what data is being taken, for 
what purpose, and by whom. Those are the three essential 
questions, and we think--I am sorry?
    Senator Pryor. So bottom-line disclosure is what you mean?
    Mr. Vladeck. Bottom-line disclosure just in time.
    Senator Pryor. Mm-hmm. OK. And let me ask about the geo-
tracking capability? Is there a purpose for that? I mean, is 
there a legitimate business reason why geo-tracking would be 
available in some apps?
    Mr. Vladeck. Well, in some apps, if you are using a map 
function, geolocation tracking will enhance functionality. That 
doesn't explain why other apps that do not need geolocation 
data for functionality are, nonetheless, pulling down 
geolocation data.
    And that is part of the problem. You are given a prompt on 
some phones, do you want to share your geolocation data? If you 
say no, you can't use the app.
    And that gets back to Senator Kerry's point. You want 
functionality, but you also want to know who else may be 
getting access to that data. Is that access just being used to 
enhance the functionality, or is it then being sent to 
analytics companies and ad networks and advertisers and so 
forth? That information is currently not available to 
consumers.
    Senator Pryor. And my experience has been when I talk to 
people about this, they have no clue that this data is being 
transmitted or shared with anyone. They have no idea. Do you 
have any statistics on what people know now? I mean, is there 
any way to know exactly what people understand about this data 
right now?
    Mr. Vladeck. There have been surveys, and the surveys 
confirm your impression, which is most people don't know. And 
there is a reason for that. People are not told with whom the 
data is going to be shared. And so, it is hard to point the 
finger at the consumer. The consumer just has no way of knowing 
that on most apps.
    Senator Pryor. Thank you.
    Now the order that I was going to call on folks, Chairman 
Rockefeller, and then we will do the early bird rule. Senator 
Kerry--no, you are not at the end. You should be at the end, 
but you are not at the end. Senator Kerry, Senator Klobuchar, 
and I know Senator Heller just stepped out, and Senator Blunt.
    So, Mr. Chairman?
    Senator Rockefeller. OK. Since 2000, COPPA has been in 
effect. It prohibits companies from targeting children 12 years 
old or younger. It is widely disregarded. Do you agree?
    Mr. Vladeck. I don't know whether I would agree with that. 
We do fairly aggressive enforcement under COPPA. Last week, we 
announced a settlement against Playdom, one of the largest 
children's gaming companies, for a civil penalty of $3 million, 
the largest civil penalty by three times----
    Senator Rockefeller. Well, they were disregarding it at 
least?
    Mr. Vladeck. They were disregarding it, and the order 
applies not simply to the Internet, but for T-Mobile----
    Senator Rockefeller. The idea would be that this would not 
be available without parents' consent. Is that correct?
    Mr. Vladeck. It shouldn't have been available. That is 
correct. The violation there was not--was retaining information 
without parental consent.
    Senator Rockefeller. OK. So if you get a lot of software 
applications available for popular mobile devices, such as 
iPhone or Android phone, they qualify, in my mind, as an online 
service. I am not sure they qualify in their mind as an online 
service. Could you talk about that?
    Mr. Vladeck. Well, we held a workshop in June of last year 
to discuss exactly these issues. And I think there was 
widespread consensus that, for example, to use your 
illustration, that mobile apps would be an online service and, 
therefore, would be covered by COPPA. And we have reinforced 
that with our order in Playdom, which makes it quite clear that 
mobile delivery of these apps is covered by our order and is 
subject to COPPA.
    Senator Rockefeller. And that act requires--you have to 
provide conspicuous notice on what personal information is 
being collected and how it is being used.
    Mr. Vladeck. That is what the statute says.
    Senator Rockefeller. That is under the law--receive 
parental consent and provide parents with access to all 
information being collected about their kids.
    Now, any of these provisions, a violation of any of them, 
constitutes a very bad thing under the Federal Trade 
Commission's act. So the question is such violations are 
subject to civil penalties. How much do you go after these 
folks?
    Mr. Vladeck. Well, as I said, we have done quite a number 
of COPPA cases lately, and we have a number of investigations 
ongoing into the mobile space, including apps directed at 
children.
    Senator Rockefeller. All right. I presume you believe that 
apps directed at kids under 13 are covered by COPPA?
    Mr. Vladeck. That is correct.
    Senator Rockefeller. According to news reports, apps 
designed to appeal to kids, one with cartoon characters and 
games, are collecting information at times without adequate 
disclosure. Would you agree?
    Mr. Vladeck. I believe that is correct.
    Senator Rockefeller. Now, COPPA has been a very effective 
tool to protect children's privacy online. Mr. Vladeck, given 
the growth in mobile applications, the increasing use of mobile 
devices by children even to the age of 4, what is the FTC doing 
to make sure that apps are compliant with COPPA?
    Mr. Vladeck. Well, we are doing two things. One is, as I 
mentioned before, we are looking for good enforcement targets 
in this space. And we will be bringing other enforcement cases.
    Senator Rockefeller. What do you mean by ``looking for good 
enforcement?''
    Mr. Vladeck. Cases like Playdom, which involved substantial 
violations of the act. In Playdom, literally hundreds of 
thousands of kids were playing these online games. And part of 
what we do in our enforcement is try to send a clear message to 
industry.
    Playdom was a very big player in this field. It was owned--
recently acquired by the Disney Corporation, so----
    Senator Rockefeller. OK. So the FTC testified before this 
committee last year on your plans to review COPPA rules. One of 
the issues discussed at that hearing was the rules' 
applicability to the mobile apps. The comment period closed in 
last July.
    Mr. Vladeck. That is correct.
    Senator Rockefeller. And so, that is, I think, about a year 
later. So I am kind of curious as to what you are doing to make 
up for this lost 10\1/2\ months.
    Mr. Vladeck. With all respect, the time has not been lost. 
These raise very difficult public policy issues, and we want to 
get this right. And so, you can expect something--you know, we 
hope to get something out in the next couple of months.
    Senator Rockefeller. I hear that so often in government. 
People have to put out rules. They have to put out regulations. 
We hope to get that out in several months, but in the meantime, 
everything is OK. I am a bit skeptical.
    Mr. Vladeck. I am not saying everything is OK, Mr. 
Chairman. Please understand that----
    Senator Rockefeller. But you implied that you are being 
active in the meantime, and all I am saying is get the rules 
out.
    Mr. Vladeck. We hear you loud and clear.
    Senator Rockefeller. Thank you.
    Senator Pryor. Thank you.
    Senator Kerry?
    Senator Kerry. Thank you very much, Mr. Chairman.
    Mr. Vladeck, thanks for being here.
    To what degree is it true that right now, absent some kind 
of promise to the contrary, any kind of company or a mobile 
phone or an app operator, hotel, website, whatever it is, that 
they can do whatever they want with the personal information 
that they have collected, and the individual would have no 
right whatsoever to tell them to stop or to control what they 
are doing with the information?
    Mr. Vladeck. Well, if you are asking what the individual 
could do, that may be a question of State law and Federal law. 
If you are asking what the Federal Trade Commission can do, our 
principal tools are deception and unfairness.
    In the absence of a privacy policy, it makes things more 
difficult for us because our jurisdictional hook would be the 
unfairness prong--generally--would be the unfairness prong of 
our authority. And while I wouldn't rule out our ability to 
take enforcement actions in the absence of any commitment 
through a private policy or any other statement, it would make 
things more difficult for us.
    Senator Kerry. Do you know of a law or do you know of a 
standard in some state that has been applied----
    Mr. Vladeck. I don't know. I have never taken a 
comprehensive look at that question.
    Senator Kerry. You guys have not actually surveyed that to 
determine what kind of rights people may have?
    Mr. Vladeck. When I say ``me,'' I was speaking just for 
myself. It may well be that our staff has done that. And if so, 
we would be glad to provide----
    Senator Kerry. Could you find out and let us know?
    Mr. Vladeck. Yes. I will be glad to provide that to you. 
Yes, sir.
    Senator Kerry. Whether or not you have.
    You raised this question of where the FTC can go with 
respect to an unfair trade practice, which is essentially 
saying that if somebody makes a promise to the consumer, but 
they do something other than the promise, you have a right to 
come in and do something. Absent that, do you have any capacity 
to assure compliance across the hundreds of thousands of 
different companies in the country with respect to privacy for 
consumers?
    Mr. Vladeck. We do if the practice is an unfair one under 
our statute. And----
    Senator Kerry. What is the definition of that? What would 
the standard be that would be applied to that?
    Mr. Vladeck. Well, it would have to cause or threaten to 
cause injury to consumers that the consumers themselves could 
not avoid and that the cost to consumers would outweigh 
whatever benefits that might accrue to the----
    Senator Kerry. Well, have you made any judgment as to 
broadly whether or not, in fact, it is unfair, per se, for this 
information to be given to a third party, for instance?
    Mr. Vladeck. We have not made that----
    Senator Kerry. Why would that not be something you would 
want to think about?
    Mr. Vladeck. Well, let me digress. We have made that 
argument, for example, in the data security area. For example, 
if there is a data security breach and your personal 
information is shared as a result of the breach, we apply our 
unfairness standard in those kinds of cases because you have 
been injured, you could not reasonably avoid it, and the 
benefits to the company certainly don't outweigh the cost to 
you.
    And that--I am sorry.
    Senator Kerry. No, that is all right. I just--
unfortunately, time is short. But I want to just try to hone in 
on some of the things that are sort of out there.
    Supposing you have a Government entity and Government 
information would be a separate committee and a separate set of 
concerns, but in a private company and a private individual in 
some kind of right of action, what kind of rights might people 
have here?
    For instance, in a divorce proceeding, could one spouse or 
the other use information from a third party, or would they 
have rights to that in some way? Do we know the answer to that?
    What about a company against an employee, and the employee 
has been fired for certain practices in the company and you 
want a trace on the company's phone? Do they have any--or their 
phone, either way?
    Mr. Vladeck. You have just sort of chronicled all of the 
reasons why we think geolocation data is so special and so 
important. Because under State law, those kinds of things may 
be available, or there may be no inhibition to sharing them.
    And largely because of the examples that you have given, we 
think geolocation data ought to be treated as special data, 
just as data about children, health, finances, data that 
deserves special protection.
    Senator Kerry. And with respect to Do-Not-Track, Do-Not-
Track applies to third party. Is that correct?
    Mr. Vladeck. The way we have defined it in our proposal, 
yes. When you move across websites and you are tracked, that is 
what we consider to be third-party tracking.
    Senator Kerry. So are apps that are operating on iPhones or 
on Android phones first parties or third parties?
    Mr. Vladeck. Well, I think it, again, depends on how the 
app functions. If you pick up the New York Times app on your 
phone and you are reading the New York Times, if you then--you 
know, if you then click on the Facebook Like button, then it 
raises difficult questions.
    Senator Kerry. But the bottom line is if they are treated 
as a first party, then Do-Not-Track would not apply any new 
standard whatsoever with respect to privacy protection for that 
particular app. Correct?
    Mr. Vladeck. That is correct. Right. If you are not moving 
across websites. But on some apps you can do that, and that is 
why the implementation of Do-Not-Track for apps, not for mobile 
browsers, but for apps, raises different implementation 
questions.
    Senator Kerry. That is why, Mr. Chairman, I just wanted to 
underscore the need for the sort of broader--there are any 
numbers of reasons, but I think this helps to underscore why 
you need that basic standard and code of privacy.
    And, well, I will come back to that another time, but I 
thank you for the time.
    Senator Pryor. Thank you, Senator Kerry.
    Senator Klobuchar?

               STATEMENT OF HON. AMY KLOBUCHAR, 
                  U.S. SENATOR FROM MINNESOTA

    Senator Klobuchar. Thank you very much, Mr. Chairman.
    I have a statistic. It is not nearly as sexy as Chairman 
Rockefeller's statistic that 72 percent of people sleep with 
their cell phones, something I just can't get over.
    But this statistic shows that nearly three-quarters of 
consumers are uncomfortable with advertising tracking, and 77 
percent don't want to share their location data with app owners 
and developers. And that is why I believe we need some rules of 
the road. Senator Kerry mentioned the bill that we have been 
working on.
    I also believe that we need to make sure that we are going 
after bad actors and people who hack in. I am working on a bill 
with Senator Hatch on cloud computing that we are going to put 
out shortly.
    And the third is that personal choice also plays a role 
here. Some consumers may be more comfortable with more data 
sharing than others, but we have to make sure that they are the 
ones that are able to make that choice. And that gets to my 
first question here about privacy choices to consumers.
    Currently, how simple and clear is the typical privacy 
policy to the average consumer, Mr. Vladeck?
    Mr. Vladeck. Not much, not very.
    Senator Klobuchar. OK. And how valuable do you believe a 
streamlined privacy policy agreement would be when--moving 
forward, if we try to set some best practices?
    Mr. Vladeck. Well, we discuss this in great detail in our 
privacy report. But to distill it down to its essence, we think 
that privacy policy, at least those particularly on 
smartphones, need to be short, clear, and concise. And they 
ought to be delivered just when the decision about using the 
app or sharing information is made.
    Senator Klobuchar. And that isn't the truth right now?
    Mr. Vladeck. That is not generally the way they are 
delivered at the moment.
    Senator Klobuchar. OK. And second, and Senator Kerry was 
touching on this, but I know one of the most popular things in 
our household that Congress did was the ``do not call'' 
registry many years ago. And now we are looking with Senator 
Rockefeller at this idea of Do-Not-Track for mobile phones. 
What kind of feedback have you received from consumers on the 
Do-Not-Track?
    Mr. Vladeck. We have gotten positive response not just from 
consumers, who overwhelming support a Do-Not-Track feature, but 
as you may know, both the browser manufacturers and the 
advertisers are also gravitating to Do-Not-Track.
    I think no one--it is hard to argue in favor of a business 
model that depends on deceiving consumers. And so, I think 
there is a great deal of movement toward giving consumers easy-
to-use, easy-to-find controls over their own data.
    Senator Klobuchar. And what do you see as the challenges in 
implementing Do-Not-Track on mobile devices?
    Mr. Vladeck. Well, I think the only challenge, as you put 
it, is implementation of Do-Not-Track on the apps. On browsers, 
the technology would be the same. And one of the reasons why we 
brought on technologists like Ed Felten, who is a Princeton 
computer science professor, is to help us work through the 
implementation issues.
    Senator Klobuchar. And how does the FTC's proposal differ 
from what Apple and Google are currently doing with their 
smartphone operating system?
    Mr. Vladeck. On Do-Not-Track? I am sorry.
    Senator Klobuchar. On Do-Not-Track.
    Mr. Vladeck. Well, they would differ significantly. I mean, 
the problem that we face now is that there are browsers that 
are being adapted to essentially try to clear cookies and send 
out signals to advertisers basically saying, ``Don't track 
us.'' But until the advertisers agree to be bound by this and 
sign up in significant numbers, you know, if that doesn't 
happen, Senator Rockefeller's bill has started the clock.
    I think that the business community knows that, at some 
point, sooner or later there will be a Do-Not-Track 
requirement. And so, I think they are trying to figure out how 
to do this.
    Senator Klobuchar. OK. And last question, does the FTC 
currently have the authority that you believe that you need to 
promulgate regulations in this ever-changing and ever more 
sophisticated world? And do we need to do anything more here? I 
mentioned a lot of things that we are looking at with bills, 
but in terms of just giving you authority.
    Mr. Vladeck. Well, let me answer the question in two ways. 
First is we do not currently have normal APA rulemaking 
authority. So we do not really have the capacity today to 
promulgate regulations in this area.
    Second, though, I would say our commission has not sought 
that specific authority from Congress. I can't speak for the 
commission on that issue.
    Senator Klobuchar. All right.
    Mr. Vladeck. Thank you.
    Senator Klobuchar. Thank you very much.
    Senator Pryor. Thank you.
    Senator Blunt?

                 STATEMENT OF HON. ROY BLUNT, 
                   U.S. SENATOR FROM MISSOURI

    Senator Blunt. Thank you, Chairman.
    Just two or three questions. One, with Do-Not-Track, how 
would apps work? For an app to work, don't you have to track?
    Mr. Vladeck. There are apps that--when we say track in the 
mobile----
    Senator Blunt. Maybe apps is too broad a term. But for a 
lot of apps to work, don't you have to track?
    Mr. Vladeck. Well, again, there is a confusion about 
tracking in the mobile because it takes on two meanings. One is 
being followed you as go from one website to another. That is 
tracking on the Internet.
    Senator Blunt. Right.
    Mr. Vladeck. Of course, in the mobile, there is an 
additional complexity because you can be physically tracked.
    Senator Blunt. I guess that is what I am asking.
    Mr. Vladeck. And that is why--I am sorry, that is why I 
digressed.
    Senator Blunt. But thank you. That helps me to----
    Mr. Vladeck. Senator, yes. For many apps that use 
geolocation data for functionality purposes, you need to enable 
the geolocation figures on your phone to use that.
    Our concern is not with respect to the app developer 
pulling down geolocation data, for example, to make sure the 
map function on your phone worked. It is that there are other 
apps that are pulling down geolocation data which has no 
relation at all to functionality.
    And oftentimes, the consumer is unaware that the 
geolocation data is being pulled down, or that once it is being 
pulled down, it is being shared with ad networks, analytic 
companies, and this ecosystem behind the screen the consumers 
are unaware of.
    Senator Blunt. In rulemaking, how hard would it be, do you 
think, to define, to reach that definition to where you are not 
allowing tracking for some things, but you understand it has to 
happen for others?
    Mr. Vladeck. Well, I think that the litmus test would be 
functionality. As I just explained, we don't have rulemaking 
authority in this area. So to the extent there are definitional 
questions that need to be resolved across the board, industry 
is going to have to do that, or this body will have to do that.
    Senator Blunt. These questions about employees and divorce 
cases and things like that, how is this geolocating data 
retained? Is it retained in a way that you really could go back 
and sort out with the individual involved not being--agreeing 
to that, where they had been for some significant period of 
time or not?
    Mr. Vladeck. Well, I mean, there are State law cases 
involving divorce and other issues in which geolocation data 
has been subpoenaed from not just the wireless companies, but 
from other companies and been used in court proceedings. So, 
yes. The analytic data----
    Senator Blunt. Has been done and can be done is what----
    Mr. Vladeck. I believe that is the case, sir.
    Senator Blunt. What about data security breach, something 
else you mentioned. Is that more likely within the current 
environment than if you had a lot of privacy signoffs and opt 
out and all of that sort of thing?
    Mr. Vladeck. Well, the Commission has long called for 
legislation to enhance both the privacy protections, the 
safeguards companies are required to use when they store 
sensitive information, such as geolocation data, and to give 
public notice of breaches.
    Now the concern we have is that the more data of this kind, 
data that is really special because the consequence of 
disclosure can be serious, the more companies need to protect 
that data and to safeguard it and make sure that they are not 
subject to breach. And so, these two issues are related. The 
more sensitive data companies collect, the more we ought to 
require them to put protections in place to safeguard that 
data.
    Senator Blunt. I guess I will ask the companies this later. 
But I am wondering how actually individual-specific those are 
in terms of any collection matrix that the company does, or do 
they just have a big universe of people that have contact--that 
have gone to a certain location or something that they then 
contact that universe?
    Mr. Vladeck. Well, I mean, the Wall Street Journal did an 
article on this precise issue a couple of months ago. And the 
data is so robust that there are now predictive algorithms that 
you can use to sort of guess where you are going to be next.
    So if--and this, of course, is a hypothetical. But suppose 
you played golf every Wednesday afternoon, you know, and called 
in sick. It is not inconceivable that, somehow or another, your 
employer could get that data and decide maybe you shouldn't be 
golfing every Wednesday.
    Senator Blunt. You know, maybe I need that because I have 
so far not been able to guess where the Senate is going to be 
next.
    [Laughter.]
    Senator Blunt. So maybe I need to figure out that algorithm 
that lets me know what we are doing tomorrow.
    Thank you, Chairman.
    Mr. Vladeck. Thank you so much.
    Senator Pryor. Thank you.
    Senator McCaskill?

              STATEMENT OF HON. CLAIRE McCASKILL, 
                   U.S. SENATOR FROM MISSOURI

    Senator McCaskill. Yes. One of the things that seems to be 
missing from this discussion is that the value that a lot of 
this activity provides to the consumer. And let me give you one 
example. The value of being able to locate where this is, is 
very important to my privacy because they now have the 
technology that if this gets stolen from me or if it gets left 
somewhere, I can remotely go and wipe it clean.
    That protects my privacy. That is incredibly important to 
me because, frankly, I don't want people in here.
    And so, have you all looked at the value that has come to 
the consumer both from the robust technology that has been 
developed and the incredible ability we have to do so many 
things? The fact that it is free or almost free. I mean, you 
pay for some apps, and some of those have geolocations. Most of 
them don't. And what it provides is an amazing Internet 
experience primarily funded by behavioral marketing, anonymous 
behavioral marketing.
    So what studies have been done to show the benefits? 
Because I think most consumers--frankly, asking somebody if 
they want privacy is asking me whether I love my country. Of 
course, I want privacy.
    But we did HIPAA, and I don't think HIPAA has been anything 
to write home about. I think all of us sign that stupid piece 
of paper at the doctor's office and don't get much out of it.
    So I am trying to make sure that as we go down this road 
that we are informing the consumer of, yes, there are some 
things we need to do on privacy, and I am all for some things. 
But I am not sure the consumer understands now the value they 
are getting. Have you all talked about that?
    Mr. Vladeck. We have. And this was part of the data 
collection effort we did as part of our privacy review. And I 
think that, you know, I think there is no disagreement that 
consumers value tremendously the flexibility and the capacity, 
the almost unimaginable capacity these phones bring or these 
tablets bring to our lives. Nobody is suggesting that we turn 
the clock back.
    The question really is, is do we have a system that is more 
transparent, that helps consumers understand that there are 
costs as well as benefits? And one of those costs is, you know, 
you are absolutely correct. The sort of contextual and 
behavioral advertising is a source of revenue that funds--many 
apps are free. They are free, but they are supported by the 
advertising revenue.
    Senator McCaskill. It is what has made the whole Internet 
free is behavioral marketing. And that is why I am anxious to 
know what do you think the new business model will be?
    Mr. Vladeck. Well, I think most consumers--and when we talk 
about Do-Not-Track, we are not talking about an all-or-nothing 
choice. One of the reasons why the advertisers are so engaged 
is they have acknowledged for years that they should not be 
targeting consumers who do not want to see targeted ads. So 
they are comfortable with the business model in which consumers 
have choice.
    The question is how many consumers are likely to opt out 
completely? And I think if the choice is rightly explained to 
consumers, their choice is to get ads that they may be 
interested in versus ads that are delivered to them at random. 
I think most consumers would opt for targeted ads, provided 
that they know that the ads--that the information collected for 
those ads will not be used--for purposes other than delivering 
targeted ads.
    The whole secondary use issue is an important one, and they 
will have some control over those ads. So I, for example, don't 
have to get those pesky Rogaine ads anymore.
    [Laughter.]
    Mr. Vladeck. And I think that is the kind of choice and 
control consumers are really looking for.
    Senator McCaskill. I just want to make sure that we have 
looked carefully at what the costs are and carefully at what 
impact it is going to have on the most successful part of our 
economy in this country.
    And I think for us to go down this road and not really be 
sure that we are going to inform the consumer that some of the 
benefits that they take for granted right now could very easily 
go away if we are not very careful and cautious about what we 
do here.
    Let me ask this final question because my time is almost 
out. Let us assume, for purposes of this discussion, you get 
all the authority that you may think you need, and you do a lot 
of rules and regs, and we will fast forward 2 or 3 years 
because that is how long it will take.
    You think that you are going to have the staff to go after 
the bad guys on this? Do you have currently enough staff to go 
after the bad guys?
    Mr. Vladeck. We currently are very short-staffed. But 
having said that, we have a very vigorous enforcement agenda in 
this area.
    In the last couple of months, we have brought enormous 
cases against Playdom, against Google, against Twitter. So, you 
know, our staff works very hard and are very capable. But we 
believe that we have the authority----
    Senator McCaskill. You don't think you need more people 
to----
    Mr. Vladeck. Oh, I need more people.
    [Laughter.]
    Senator McCaskill. Thank you, Mr. Chairman.
    Senator Pryor. Thank you.
    Now when I asked my rounds, I still had 2 minutes left on 
my questions. And what I would like to do is go ahead and 
finish my questions and then move to the next panel because we 
have several witnesses who are here and want to speak.
    But let me just ask a couple of follow-ups with you, Mr. 
Vladeck, before I let you go.
    One is more of just an open-ended question that I don't 
even need an answer to today, but it is something we need to 
think about. And that is when it comes to children, should 
there be special privacy protections for children?
    And I think that is a hard one to practically put that into 
effect. But it is just something we need to think about, and we 
would love to have your help on that as we think through it.
    Second, this is something I am going to ask the next panel. 
But if a person removes an app, does any of the software stay 
on their phone?
    Mr. Vladeck. I don't know that answer, and I will have to 
get back to you.
    Senator Pryor. And I will ask the second panel as well. I 
just didn't know if you were aware.
    And the third thing I had, before I let you go, is I am 
concerned about in-app purchases. And I know that I have 
written a letter to the Commission on that. Do you mind just 
giving us 1 minute on in-app purchases and where you are and 
where you think the industry is on that?
    Mr. Vladeck. Well, we are engaged in a number of nonpublic 
investigations. I think the simplest way to put it is no parent 
hands a child a phone with a game expecting to run up a bill of 
more than a penny or two. And we have, of course, seen parents 
be presented with bills in the hundreds of dollars. We are 
quite concerned about that.
    We have registered our concerns with both the app 
manufacturers and everyone else involved in this ecosystem, and 
that is an issue that we are pursuing.
    Senator Pryor. Great.
    I want to thank you for your attendance today and your 
testimony, and I am certain that some of my colleagues will 
have more questions for the record. So we would love for you to 
work with our staff on getting those back to us, when you can.
    Mr. Vladeck. It is our pleasure. Thank you so much.
    Senator Pryor. Thank you.
    And what I would like to do now is go ahead and excuse this 
panel, this witness, and bring up the second panel. And in 
order to save time, I would like to go ahead and do their very 
brief introductions as they are getting situated. We have five 
witnesses on this panel.
    We have Bret Taylor, Chief Technology Officer of Facebook. 
We have Morgan Reed, Executive Director, Association of 
Competitive Technology. We have Catherine Novelli, the Vice 
President, Worldwide Government Affairs of Apple Inc. And we 
also have Alan Davidson--yes, come on up and grab a seat--Alan 
Davidson, Director of Public Policy for the Americas, Google 
Inc. And we have Amy Shenkan, President and Chief Operating 
Officer of Common Sense Media.
    So, as the staff is getting them set up, we appreciate you 
all being here, and we appreciate your testimony. And as I said 
with the previous panel, your written statements will be made 
part of the record. So if you want to sort of streamline that 
and do it in under 5 minutes, I think the Committee would 
appreciate that.
    But why don't we go ahead and start with you, Mr. Taylor? 
And if you could give us your statement--again, if everyone can 
keep it to 5 minutes or less, that would be great.
    Mr. Taylor?

                   STATEMENT OF BRET TAYLOR, 
               CHIEF TECHNOLOGY OFFICER, FACEBOOK

    Mr. Taylor. Thank you, Chairman.
    Chairman Rockefeller, Chairman Pryor, Ranking Member 
Toomey, and members of the Committee, thank you for inviting me 
to testify today.
    Mobile phones and the Internet bring tremendous social and 
economic benefits. Just a decade ago, most online content was 
static and accessed through desktops. Today, the Internet is an 
interactive social experience, defined by a person's 
connections, interests, and communities.
    And thanks to the explosive growth of smartphones and 
mobile applications, people can access a personalized social 
Web wherever and whenever they want. With that growth of 
innovations comes legitimate questions about protecting 
personal privacy on the web, and we are grateful to have the 
opportunity to discuss those issues with other stakeholders 
today.
    Everyone has a key role to play in keeping people safe and 
secure online. Facebook works hard to protect individuals' 
privacy by giving them control over the information they share 
and the connections they make.
    As Facebook's chief technology officer, these issues are of 
particular concern to me. We understand that trust is the 
foundation of the social web. People will stop using Facebook 
if they lose trust in our services. At the same time, overly 
restrictive policies can interfere with the public's demand for 
new and innovative ways to interact.
    For Facebook, getting this balance right is a matter of 
survival. This is why we work to develop privacy safeguards 
without interfering in people's freedom to share and connect.
    I want to address five main points, which are covered in 
more detail in my written testimony. First, the openness of the 
Internet is a catalyst for innovation. This openness is what 
enabled Mark Zuckerberg to launch Facebook from his college 
dorm room in 2004, and it now allows more than a million third-
party developers to offer a nearly infinite variety of services 
through the Facebook platform.
    In addition, the social Web is an engine for jobs, 
innovation, investment, and economic growth. Big companies and 
small businesses are hiring individuals to manage their social 
media outreach strategies. Entrepreneurs are building new 
business models based on the social web.
    But the Internet's open architecture also creates technical 
challenges for the transfer of data. Facebook is leading the 
way in developing new technologies to make the social 
experience more secure.
    Second, mobile technology plays an increasingly important 
role in how people use Facebook and the social web. Facebook 
has worked to ensure a seamless experience across our Web and 
mobile services, and over 250 million people access Facebook on 
their mobile devices every month.
    We are one of the few Internet companies to extend our 
privacy controls to our mobile interfaces, providing the same 
privacy controls on our mobile applications as we have on our 
website. If an individual changes his or her privacy settings 
on their phone, those changes will change their settings on 
facebook.com and every other device that the user may use to 
access Facebook.
    Third, we have built robust privacy protections into 
facebook.com and our mobile offerings. Because each 
individual's privacy preferences are different, we cannot 
satisfy people's expectations by adopting a one-size-fits-all 
approach.
    Instead, we strive to create tools and controls that enable 
individuals to understand how sharing works on Facebook and to 
choose how broadly or how narrowly they wish to share 
information at the time they are sharing it. In particular, we 
use privacy by design practices to ensure that privacy is 
considered throughout our company and our products.
    We are currently testing a new, more transparent privacy 
policy that communicates privacy in a simple, interactive way. 
Our contextual controls allow people to easily decide how 
broadly they want to share a particular piece of information.
    Our sophisticated security protections--including one-time 
passwords, remote logout, and login notifications--are state-
of-the-art. And we continually engage with the Facebook 
community in order to evaluate and improve our services and the 
privacy safeguards we offer.
    Fourth, we work to build trust on the Facebook platform, 
which enables independent developers to build social 
experiences on Facebook, as well as other locations around the 
Internet. We believe that individuals should be empowered to 
decide whether they want to engage with some, many, or none of 
these third-party services.
    For this reason, we have created industry-leading tools for 
transparency and control so that people can understand what 
data they are sharing and make informed decisions about the 
applications and websites they decide to use. We also encourage 
community policing so that individuals, employees, and 
developers can help us identify possible issues. These features 
are available across the entire Facebook experience and our 
mobile applications and on facebook.com.
    For the independent developers who use the Facebook 
platform, we expect and we require them to be responsible 
stewards of the information they obtain. We have robust 
policies and technology tools to help them embrace this 
responsibility, and we are always doing more.
    Last year, we worked with other industry leaders to build 
an open standard for authentication that improves security on 
the Internet. Now that this standard is mature and has broad 
participation around the industry, we are requiring developers 
on the Facebook platform to migrate to it. This transition will 
result in better and more secure relationships between 
developers and the individuals who use the applications and the 
websites they build.
    Finally, we use our position in the industry to encourage 
others to play their part in safeguarding the public's trust, 
whether it is developers, users, browsers, or operating system 
designers. We also support government efforts to take action 
against bad actors and highlight important issues like today's 
hearing.
    Everyone has a role to play in building and securing the 
mobile and online environments that are enriching people's 
lives each day.
    Thank you for the opportunity to testify, and I look 
forward to answering your questions.
    [The prepared statement of Mr. Taylor follows:]

 Prepared Statement of Bret Taylor, Chief Technology Officer, Facebook
    Chairman Rockefeller, Chairman Pryor, Ranking Member Toomey, and 
members of the Committee, my name is Bret Taylor, and I am the Chief 
Technology Officer at Facebook. Thank you for inviting me to testify 
today on privacy issues in the mobile environment. Facebook is 
committed to providing innovative privacy tools that enable people to 
control the information they share and the connections they make 
through our mobile applications, as well as on facebook.com. We 
appreciate the Committee's initiative in holding this hearing today and 
providing us the opportunity to discuss our efforts to enable people to 
connect and share in a safe and secure environment.
    The explosive growth of smartphones and mobile applications, along 
with innovations in the way individuals interact and share information, 
has brought tremendous social and economic benefits. Just a decade ago, 
few individuals had Internet-enabled mobile phones. Online content was 
largely static and consumed through desktops. When people interacted, 
they did so using very limited forms of communication like e-mail and 
instant messaging. Today, smartphones have become indispensable devices 
for many people, and the technology that many of us carry in our 
pockets enables access to a far more personalized and interactive 
``social web'' through which people can choose to share their 
experiences with friends and receive content that is tailored to them 
individually.
    Facebook develops innovative products and services that facilitate 
sharing, self-expression, and connectivity. We work hard to protect 
individuals' privacy by giving them control over the information they 
share and the connections they make. For Facebook--like other providers 
of social technologies--getting this balance right is not only the 
right thing to do, but a matter of survival. Trust is the foundation of 
the social web, and people will go elsewhere if they lose confidence in 
our services. At the same time, Facebook is fundamentally about 
sharing, and adopting overly restrictive policies will prevent our 
social features from functioning in the way that individuals expect and 
demand. Thus, to satisfy people's expectations, we not only need to 
innovate to create new protections for individuals' information; we 
also need to innovate to ensure that new protections do not interfere 
with people's freedom to share and connect. We need to continually 
evolve our services and the privacy safeguards included in them to 
respond to the feedback that we receive from the community and as 
required by law.
    In my testimony today, I will address five topics. First, I will 
describe how the open architecture of the Internet has empowered the 
innovations of the social Web and is fueling the growth of the economy. 
I will also explain how this open architecture presents security and 
privacy challenges to Internet users and the steps we and other 
companies have taken to address these challenges. Second, I will 
discuss the growing importance of mobile services at Facebook and how 
these innovations are driving the social web. Third, I will address the 
robust privacy protections that we build into facebook.com and our 
mobile offerings. Fourth, I will discuss the infrastructure tools that 
we provide in order to encourage responsible privacy practices among 
the independent developers who use our platform. Finally, I will 
explain how our efforts in advancing security and privacy online must 
be matched by those of other actors who likewise have an important role 
in safeguarding the public.
I. The Importance of the Internet's Open Architecture in Fostering 
        Innovation
    Facebook provides people with exciting, innovative and free tools 
for communication and sharing. In addition, through Facebook Platform, 
Facebook provides a set of tools that enable independent third-party 
developers to build applications and websites that are more social and 
people-centered than traditional Web experiences. In both respects, 
Facebook seeks to build upon the openness of the Internet. The Internet 
has flourished as a robust zone for innovation and expression because 
it is an open marketplace in which ideas succeed or fail based on 
merit. The Department of Commerce recently noted that, ``in contrast to 
the relatively high barriers to entry in traditional media 
marketplaces, the Internet offers commercial opportunities to an 
unusually large number of innovators, and the rate of new service 
offerings and novel business models is quite high.'' \1\ This 
environment is what enabled Mark Zuckerberg to launch Facebook from his 
college dorm room in 2004. That same innovative spirit is flourishing 
on Facebook Platform, which is now used by more than a million third-
party developers to offer a nearly infinite variety of tools that 
enhance individuals' experience both on and off Facebook.
---------------------------------------------------------------------------
    \1\ Dep't of Commerce, Commercial Data Privacy and Innovation in 
the Internet Economy: A Dynamic Policy Framework 19 (Dec. 16, 2010).
---------------------------------------------------------------------------
    The Internet as it existed at the turn of the millennium was a 
relatively isolated, passive, and anonymous experience, and few 
individuals had the ability to access online services through their 
mobile phones. All visitors to a news site, for example, had the same, 
one-size-fits-all experience--as if each of them had purchased the same 
edition of the same newspaper. Thanks to the transformative effects of 
social technology, people today can enjoy constant connectivity, 
personalized content, and interactive social experiences across a range 
of devices. On Facebook, for example, each of the more than 500 million 
people who visit the site each month has a highly personalized, unique 
experience--one that provides updates and other content based on the 
information and activities that the user's own unique circle of friends 
have shared. The social Web also creates enormous opportunities for 
anyone with an Internet connection to connect and share with their 
family, friends, and the world around them. I am proud to say that 
almost every United States Senator and more than 400 members of the 
House of Representatives, have Facebook pages that they use to reach 
their constituents and engage with them on matters of policy and public 
concern. I am equally proud to highlight that, after the recent 
tornadoes in the Southeast scattered irreplaceable photographs and 
other documents far from their owners' homes, one individual created a 
Facebook page that more than 100,000 people eventually connected with 
in order to identify and return thousands of items that might otherwise 
never have been recovered. Further from home, Facebook's photo and 
video-sharing features enable members of the military to stay connected 
with their friends and families--to watch their children grow--despite 
serving thousands of miles away. And, as recent news reports reveal, 
people around the world have embraced Facebook and other social media 
as key tools for social engagement.
    The social Web is also an engine for jobs, innovation, investment, 
and economic growth. One job-listing site alone includes 31,000 
Facebook-related jobs.\2\ Small businesses are increasingly relying on 
social media to generate exposure for their companies, increase sales, 
and obtain new business partnerships--in a recent survey, two-thirds of 
small business owners ``strongly agreed'' that social media was 
important for their company.\3\ The social Web also creates new 
opportunities for businesses to inform people about their products and 
services, which is why many companies are now hiring individuals to 
strategize around social media outreach.\4\ At least as important, 
hundreds of thousands of developers have built businesses by creating 
applications for the social web. To take just one example, game 
developer Zynga, creator of the popular Farmville game, plans to hire 
an additional 700 employees this year and has been valued at $7 
billion.\5\ And entrepreneurs have only begun to tap into the 
advancements in productivity and collaboration that social media makes 
possible, which means that the social Web will continue to transform 
the economy for years to come.
---------------------------------------------------------------------------
    \2\ Shareen Pathak, The Facebook Job Engine, FINS (May 16, 2011), 
http://it-jobs.fins.com/Articles/SB130514803310615197/The-Facebook-Job-
Engine?link=FINS_hp.
    \3\ Michael A. Stelzner, 2011 Social Media Marketing Industry 
Report 11, 17-18 (Apr. 2011), http://www.socialmediaexaminer.com/
SocialMediaMarketingReport2011.pdf.
    \4\ See, e.g., Social Media Growth Creates New Job Opportunities, 
Herald & Review, Jan. 4, 2011, http://www.herald-review.com/news/
national/article_5a1ffb20-1811-11e0-95b5-001cc4c0
02e0.html.
    \5\ Pathak, supra note 3.
---------------------------------------------------------------------------
    The open architecture of the Internet makes it a phenomenal 
catalyst for connectivity, sharing, and economic growth. But that same 
openness creates technical challenges: what was secure enough for the 
anonymous Web is not secure enough for the social web. Facebook will 
continue to develop new technologies that protect individuals' security 
and privacy on the social web, and time and again we have demonstrated 
our ability to move quickly to address the challenges associated with 
harnessing the innovation of the Internet while advancing technology in 
a way that makes the social experience more secure. I discuss these 
efforts in more detail below in Sections III and IV.
II. The Role of Mobile Services at Facebook
    Over 500 million people now use Facebook's free services to connect 
and share their information, and more than 250 million of them do so 
through mobile devices. The proliferation of technology platforms means 
that individuals are accessing Facebook on multiple devices and in a 
variety of circumstances--at work, at home, at school, and on the go. 
Ensuring a seamless experience across all of our web and mobile 
presences is a tremendous engineering challenge. Whenever we roll out 
new features, we must consider how they will be implemented on multiple 
versions of our product: facebook.com, our various mobile sites, the 
iPhone application, the Android application, Facebook for Blackberry, 
and custom integrations of Facebook on other mobile devices.
    Facebook has taken the lead in developing innovative privacy tools 
to enable individuals using Facebook through mobile devices to share 
and connect with the people they care about, whenever and wherever best 
suits them. For example, we recently launched a new version of our 
mobile website, m.facebook.com, that is simpler and works with the 
capabilities of thousands of different phones. We also introduced 
0.facebook.com as a faster and free way for people to access Facebook 
around the world, including in locations where connectivity is 
especially costly and slow. Individuals who access 0.facebook.com on 
the networks of our partner mobile service operators can update their 
status, view their News Feed, comment on posts, send and reply to 
messages, or write on their friends' Wall--without any data charges. 
Individuals only pay for data charges when they view photos or when 
they leave to browse other mobile sites.
    Another innovation we rolled out last year was Facebook Places, a 
feature that allows people to share where they are and the friends they 
are with in real time from their mobile devices. For example, 
individuals attending a concert have the option of sharing their 
location by ``checking in'' to that place, which lets their friends 
know where they are. Individuals can also easily see if any of their 
friends have chosen to check in nearby. Facebook Places supplements 
existing sharing tools by enabling individuals to connect with each 
other in real time and in the real world.
    A recent report by the Pew Internet & American Life Project found 
that two-thirds of American mobile phone users take advantage of 
advanced data features, such as mobile applications, e-mail and Web 
access, and text messages.\6\ The ubiquity of mobile technology makes 
it easier than ever for people to tap into the social web, especially 
for people who may not have access to broadband but do have a mobile 
phone. Our own internal research shows that people who access Facebook 
through mobile devices are typically twice as active as other 
individuals. This increased attention, together with the technological 
ability to introduce innovative features that utilize mobile 
capabilities, means that mobile will play an increasingly important 
role in how people use Facebook and the social Web more generally.
---------------------------------------------------------------------------
    \6\ Kristin Purcell et al., How Mobile Devices Are Changing 
Community Information Environments, Pew Internet & Am. Life Project, 2 
(Mar. 14, 2011), http://www.pewinternet.org//media/Files/Reports/2011/
PIP-Local mobile survey.pdf.
---------------------------------------------------------------------------
III. Facebook's Commitment to Privacy in Our Product Offerings
    As we continue to develop rich services on Facebook, we are guided 
by our recognition that trust is the foundation of the social web. As 
the Commerce Department has noted, ``[C]onsumer trust--the expectation 
that personal information that is collected will be used consistently 
with clearly stated purposes and protected from misuse is fundamental 
to commercial activities on the Internet.'' \7\
---------------------------------------------------------------------------
    \7\ Commerce Report 15.
---------------------------------------------------------------------------
    Facebook builds trust, first and foremost, through the products and 
services we make available on facebook.com. We understand that 
individuals have widely varying attitudes regarding the sharing of 
information on Facebook: some people want to share everything with 
everyone, some want to share far less and with a small audience, and 
most fall somewhere in between. Because each individual's privacy 
preferences are different, we cannot satisfy people's expectations by 
adopting a one-size-fits-all approach.\8\ Instead, we strive to create 
tools and controls that enable individuals to understand how sharing 
works on Facebook, and to choose how broadly or narrowly they wish to 
share information. Our commitment to these basic concepts--
understanding and control--is evidenced in five specific areas, each of 
which is a key focus of our business.
---------------------------------------------------------------------------
    \8\ See, e.g., Mary Madden & Aaron Smith, Reputation Management and 
Social Media, Pew Internet & Am. Life Project, 29 (May 26, 2010), 
http://www.pewinternet.org/Reports/2010/Reputation-Management.aspx 
(noting that 65 percent of adult individuals of social networking 
services have customized the privacy settings on their profile to 
restrict what they share).
---------------------------------------------------------------------------
    Privacy by Design. We have taken several steps to ensure that 
privacy is being considered throughout our company and products. For 
example, we have a Chief Privacy Counsel and other dedicated privacy 
professionals who are involved in and review new services and features 
from design through launch to ensure that privacy by design practices 
are incorporated into our product offerings. We also provide privacy 
and security training to our employees, engage in ongoing review and 
monitoring of the way data is handled by existing features and 
applications, and implement rigorous data security practices. Of 
course, ``privacy by design'' does not mean ``privacy by default''; as 
services evolve, so do people's expectations of privacy. At Facebook, 
we believe that providing substantive privacy protections means 
building a service that allows individuals to control their own social 
experiences and to decide whether and how they want to share 
information.
    Transparent Policies. Many websites' privacy policies are 
challenging for people to understand because they are often written for 
regulators and privacy advocates, not the majority of people who 
actually use those websites. We believe that privacy policies can and 
should be more easily understood, which is why we are currently testing 
a new policy that communicates about privacy in a simpler, more 
interactive way. We call this ``Privacy Policy 2.0.'' It uses easy-to-
understand language, presents information in a layered format so that 
individuals can quickly zero in on what they want, and incorporates 
explanatory screenshots, examples, interactive graphics, and videos 
throughout.
    Contextual Control. In its December 2010 Preliminary FTC Staff 
Report on Protecting Consumer Privacy in an Era of Rapid Change: A 
Proposed Framework for Businesses and Policymakers, the FTC emphasized 
that consumers should be ``presented with choice about collection and 
sharing of their data at the time and in the context in which they are 
making decisions.'' Facebook agrees. We introduced innovative per-
object sharing controls in July 2009 to give people an easy way to 
indicate how broadly they want to share particular pieces of 
information. Using the per-object sharing controls, people can 
designate a unique set of sharing preferences for a particular type of 
content (such as photos and videos posted by that individual). They can 
also click on a simple lock icon that appears at the time of 
publication if they want to customize the audience for a particular 
photo or video that the individual wishes to share more or less 
broadly.
    Sophisticated Security Protections. We recently launched a variety 
of features that enhance people's ability to make decisions about the 
security of the information they provide. We are the first major site 
to offer individuals one-time passwords to make it safer to use public 
computers in places such as hotels, cafes, or airports. If people have 
concerns about the security of the computer they are using to access 
Facebook, they can request that a one-time password be texted to their 
mobile phones. We also enable individuals to see all of their active 
sessions on the site and to log out of Facebook remotely, which they 
may want to do if, for example, they access Facebook from a friend's 
computer and forget to log out. In addition, we encourage people to 
provide information about the devices that they commonly use to log in 
to Facebook, which allows them to be notified by e-mail or text message 
if their account is accessed from an unapproved device so that they can 
quickly secure their account. Finally, we have long used the secure 
HTTPS protocol whenever an individual's password or credit card 
information is being sent to us, and earlier this year we offered 
individuals the ability to experience Facebook entirely over HTTPS.
    Community Engagement. We work hard to obtain feedback from the 
people who use Facebook, and we consider this input seriously in 
evaluating and improving our products and services. Indeed, Facebook's 
efforts to publicly engage on changes to its privacy policy or 
information sharing practices are virtually unparalleled in the 
industry. For example, when we propose changes to our privacy policy, 
we announce them broadly and give individuals the ability to comment on 
the proposed changes (unless the changes are administrative or required 
by law). We are the only major online service provider that allows for 
a vote on the changes if comments reach a pre-set threshold. Time and 
again, Facebook has shown itself capable of correcting course in 
response to individual suggestions and we will continue to be 
responsive to that feedback.
    Taken together, these privacy practices help us build and maintain 
people's trust as we continue to pioneer the new social and 
connectivity features that people who use Facebook expect and demand. 
And, because mobile features are increasingly important to the Facebook 
community, we are leading the industry in innovating around privacy 
tools available through mobile devices. For example, most of the 
privacy settings available on the facebook.com site are also available 
to individuals who connect to Facebook through mobile devices. 
Moreover, these privacy settings are persistent regardless of how the 
individual chooses to share information. Changes to privacy settings 
made on our mobile site will remain effective when that individual 
accesses Facebook through the facebook.com website. This enables people 
to make consistent, real-time decisions about the data they share--no 
matter where they are or what devices they prefer to use when 
connecting with their friends and communities.
IV. Promoting Privacy on Facebook Platform
    At Facebook, we recognize that we have a responsibility to promote 
people's privacy interests whenever and however they are accessing 
Facebook's services. We also understand that Facebook has an important 
role to play when independent developers build applications and 
websites that rely on Facebook Platform to create social, personalized 
experiences. We believe that the best way to build trust while 
enhancing the openness and connectivity of the social Web is for all 
members of the Platform ecosystem to embrace their responsibility to be 
accountable to individuals for protecting privacy.
A. Overview of Facebook Platform
    Although we are proud of the pathbreaking features being developed 
every day at Facebook, we understand that Internet innovation depends 
on an open architecture in which a multitude of independent developers 
can develop new services and expand upon existing ones. That 
understanding is what motivated our decision to launch Facebook 
Platform in 2007. The Platform functionality allows third-party 
developers of applications and websites to offer innovative social 
experiences to individuals on Facebook as well as on other locations 
around the Internet.
    To date, developers have built more than 800,000 games, mobile 
applications, utilities, and other applications that integrate with the 
Facebook Platform. To pick just a couple of examples, the Birthday 
Calendar application allows individuals to track birthdays, 
anniversaries, and other important dates. The We Read application 
enables people to share book titles and book reviews with their 
friends. And on the charitable front, the Causes application provides 
an online platform for individuals and organizations to raise funds for 
charitable causes.
    The innovation enabled by the Facebook Platform extends to the 
mobile web. As discussed above, people who use Facebook have the option 
of sharing location data so that they can tell their friends where they 
are, see where their friends have checked in, and discover interesting 
places nearby. With an individual's express permission, third-party 
developers can access location data to create a variety of additional 
social experiences, such as a travel application that gives people the 
ability to see which of their friends have already been to the place 
they are visiting, or a conference application that makes it easy for 
attendees to find colleagues and connect with them.
    We are proud of the fact that, in just four short years, Facebook 
Platform has evolved into a flourishing, open ecosystem where everybody 
has the opportunity to innovate in a social way. The multitude of 
applications and websites enabled by Facebook and available through 
mobile devices is a good example of our commitment to an open 
architecture for Facebook Platform and the benefits this brings to 
individuals. The features that we offer on facebook.com compete 
directly with third-party applications and websites that integrate with 
the Facebook Platform. To pick just one example, Foursquare and Gowalla 
are popular mobile check-in services that are similar in many respects 
to Facebook's own Places offering. Subjecting our products to the 
competitive pressures of the open marketplace helps ensure that we have 
strong incentives to remain on the cutting edge of innovation, which 
ultimately benefits the public and the economy as a whole.
B. Tools to Help People Manage Their Relationships with Developers of 
        Applications and Websites
    We recognize that the vibrant nature of Facebook Platform creates 
significant benefits for the public, and we also know that Facebook 
Platform will only continue to thrive if individuals can build safe and 
trusted relationships with the applications and websites that they use. 
Because individuals should be empowered to decide whether they want to 
engage with some, many, or none of these third-party developers, we 
have created industry-leading tools for transparency and control so 
that people can understand what data they are sharing and make informed 
decisions about the third-party applications and websites that they 
decide to use. We also make it easy for the Facebook community to 
identify and report potential areas of concern.
    Control. From the time of Facebook Platform's initial launch in 
2007, we have made clear to individuals that if they choose to 
authorize a third-party application or website, the developer will 
receive information about them, and we have long required developers to 
obtain only the data they need to operate their application or website. 
In June 2010, technological innovations allowed us to offer people even 
more insight into and control over the actions of developers on 
Facebook Platform: we became the first provider to require developers 
to obtain ``granular data permissions'' before accessing individuals' 
information. Developers using Platform must specifically identify the 
information they wish to use and request permission from the 
individual--who retains the ultimate simple choice of whether to share 
his or her information with that outside developer--and Facebook has 
deployed technical means to ensure that developers obtain only the 
information the user has agreed to share. In addition, we make it easy 
for individuals to revisit their decisions about the applications and 
websites they have authorized in the past. Users can block applications 
and websites they no longer want to access their information, and they 
can also remove certain permissions they have previously granted. 
Finally, we offer a simple, global opt-out tool. With just one click in 
the Facebook privacy settings, individuals can opt out of Platform 
entirely and thereby prevent their information from being shared with 
any applications or websites.
    Transparency. We encourage people to examine the privacy practices 
of the applications and websites that they use, and we offer tools so 
that they can easily do so. For example, developers using Platform are 
required to provide a link to their privacy policy when seeking 
individuals' permission to access information. In addition, last 
October, we rolled out an application dashboard to increase visibility 
into applications' and websites' data handling practices. This audit 
tool allows individuals to quickly see which applications and websites 
they have authorized, the permissions they have given to each 
application or website, and the last time that each application or 
website accessed their information.
    Community Policing. We make it easy for individuals, employees, and 
developers to communicate with us if they identify a problem with a 
developer's privacy practices. There is a ``Report Application'' link 
on the bottom of each application page so that people can easily convey 
their concerns about that particular application. Developers, who are 
often keenly aware of other developers' data handling practices, can 
and do flag potential issues as well. Our dedicated Platform Operations 
team, which monitors and enforces Facebook's policies with third-party 
developers, then follows up on the leads we receive by employing a 
variety of monitoring, testing, and auditing processes.
    Consistent with our commitment to providing a seamless experience 
across all devices, we have applied these transparency and control 
principles to the mobile space, despite the engineering challenges 
associated with communicating on a smaller mobile screen. Individuals 
who access third-party applications through our mobile offerings are 
also provided with granular information about what information the 
application or website seeks to access and asked to specifically 
authorize the developer's use of that data. In addition, just 2 months 
after introducing the application dashboard on the facebook.com site, 
we launched a similar mobile application dashboard that allows people 
to see a detailed view of the information they are sharing with various 
applications and websites and adjust their settings while on the go.
C. Promoting Best Privacy Practices Among Independent Developers of 
        Applications and Websites
    The goal of Facebook Platform is not only to enable developers to 
build social applications and websites, but also to facilitate direct 
relationships between people and the social applications and websites 
they use. At the same time, we expect and require application 
developers who use Facebook Platform to be responsible stewards of the 
information they obtain. To this end, we provide clear guidance to 
developers about how they should protect and secure information 
obtained from people who use Facebook, and we also build tools to help 
them fulfill this responsibility.
    Policies and Practices. Developers are required to abide by our 
Statement of Rights and Responsibilities and Platform Policies, which 
detail developers' responsibilities with respect to the data they 
obtain. For example, developers may only request the data they need to 
operate, must honor individuals' requests to delete information, must 
provide and adhere to a privacy policy that informs individuals about 
how the application or website handles individual data, and must 
refrain from selling individuals' data or transferring it to ad 
networks, data brokers, and other specified entities. In addition, ad 
networks that developers use to serve ads on applications that run on 
the Facebook Platform are required to agree to our Platform Terms for 
Advertising Providers. Among other things, these terms require the ad 
networks to certify that they do not possess (and will not obtain) any 
user data received directly or indirectly from Facebook.
    Technology Tools for Monitoring and Review. In addition to manual 
review of specific applications or websites, we also have a series of 
automated reporting and enforcement tools to quickly identify and 
respond to potential violations of our policies. Our platform 
enforcement tool aggregates and displays several metrics concerning the 
activities of applications and websites on Platform, including how many 
data requests they are sending, what types of data they are requesting, 
and whether there have been any complaints or spam reports. We have a 
separate data access tool that tracks real-time data pulls and rates 
and provides historical and trend information, giving us insight into 
applications' or websites' patterns of data access. We also monitor 
enforcement activity through a dashboard system, which provides a real-
time view of identified issues, outstanding enforcement actions, and 
activity by applications and websites that are under review. These 
tools enable us to zero in on particular applications and websites that 
may not be fulfilling their responsibilities, and to work with their 
developers to ensure that they are taking appropriate measures to 
protect the information that they obtain.
    Continuous Improvement. As innovation fuels further advancements in 
technology, we implement new tools to help make Facebook Platform a 
more secure and trusted environment. For example, last year we worked 
with Yahoo!, Twitter, Google, and others to build OAuth 2.0, an open 
standard for authentication that improves security on the Internet. Now 
that OAuth 2.0 is a mature standard with broad participation across the 
industry, we are requiring developers on Facebook Platform to migrate 
to the more secure authentication standard. Although the transition 
presents significant engineering challenges, we believe that this 
migration is important because it will ultimately result in better and 
more secure relationships between developers and the individuals who 
use the applications or websites that they build.
    We provide the infrastructure tools described above in order to 
empower developers to act responsibly when handling individual 
information, and the vast majority of the applications and websites 
available on Facebook Platform do so. When we become aware of 
applications or websites that knowingly break the rules, we take 
aggressive action to address the policy violation. In appropriate 
cases, Facebook has required companies to delete data acquired via 
Platform or banned developers from participating on Platform 
altogether.
    We also have procedures in place to address the possibility of 
inadvertent data transfers. As I noted above, the open architecture of 
the Internet is intended to facilitate connectivity and sharing, but 
that same openness makes it impossible to guarantee the security of 
every data transfer. We interact regularly with service providers, 
security experts, application developers, and other participants in the 
Internet ecosystem, and when we are alerted to the possibility of a 
security issue, we act promptly to resolve the problem. For instance, 
we recently responded quickly after receiving a report from Symantec 
that so-called ``access tokens,'' which are provided to developers to 
enable them to obtain the information users have authorized them to 
obtain, could be inadvertently passed to third parties when developers 
using a legacy authentication system did not take the necessary 
technical step to prevent this from occurring. We immediately 
investigated and, although our investigation found no evidence that 
this issue resulted in any individual's private information being 
shared, we took steps--including accelerating the transition to a more 
secure authentication system--to address the vulnerability Symantec 
identified before the news became public. As this example highlights, 
forward-thinking solutions can be achieved when all participants in the 
digital ecosystem embrace their responsibility to protect individual 
privacy.
    Like all developers who use Facebook Platform, independent 
developers who work to make the mobile experience more social through 
integration with the Facebook Platform are required to adhere to our 
Statement of Rights and Responsibilities and Platform Policies. In 
addition, we make available software development kits to developers who 
want to build mobile applications and websites that integrate with the 
Facebook Platform. Those kits provide tools that help developers build 
more secure experiences, by incorporating the most advanced and secure 
technologies available.
V. Numerous Stakeholders Have a Role to Play in Advancing Online 
        Privacy, Safety, and Security
    We recognize that Facebook has important responsibilities in 
advancing people's privacy, safety, and security across the site, our 
Platform, and the social web. At the same time, others in the ecosystem 
likewise play an important role in protecting individuals online and in 
the mobile environment. These include developers, who must establish 
their own relationships with individuals and live up to the 
expectations and trust users place in them; browser and operating 
systems providers, who develop the tools that people use to access the 
Web and run software and who are perhaps best situated to combat many 
of the technical challenges associated with the transition from the 
anonymous Web to the social web; and individuals, who can take security 
into their own hands through steps such as strong passwords and 
educating themselves about the practices of the developers with whom 
they interact.
    In fact, the history of advancements in the security of the 
Internet itself is filled with successes achieved through all affected 
parties working on tough problems. One example is the development and 
use of secure socket layers (``SSL'') to allow for secure, encrypted 
Internet communications and data exchanges. SSL was developed by 
browser vendors largely in response to public demand for a more 
trustworthy online experience. To realize the full potential of the 
Internet as a medium for sharing information, developers needed to 
assure people that their online communications would be secure. The 
development of secure technologies has led not only to the greater 
connectivity that characterizes the social Web but also to the 
explosion of e-commerce and online banking, both of which are crucial 
drivers of economic growth.
    Another advancement that was achieved through the collective 
efforts of interested parties is the taming of spam e-mail. The late 
1990s and early 2000s saw e-mail inboxes and ISP servers overrun by 
spam, a phenomenon that was not only annoying but also costly to 
service providers and the public. Although spam remains a serious 
problem, its worst effects largely have been mitigated through the 
combined efforts of technology companies' development of sophisticated 
filtering mechanisms; legislative and regulatory measures such as the 
Federal CAN-SPAM Act; and the public's continuing demands for action 
against bad actors. Both of these examples demonstrate how concerted 
action by various stakeholders in the Internet ecosystem--from site 
designers and browser vendors to government actors and the public--can 
contribute to an increasingly secure online environment.
    As I explained above, we at Facebook work very hard to build user 
trust by ensuring transparency and enhancing user control, and by 
creating a platform that developers can use to build social 
applications in a safe and secure manner. We also use our position in 
the industry to encourage others to play their part in building and 
securing the digital ecosystem. Operating systems and browsers should 
remain vigilant in identifying and fixing vulnerabilities that could 
expose data and resolve longstanding design problems inherent in the 
architecture of the Internet itself. Social sharing networks, including 
Facebook, should continuously innovate on privacy, educate their users 
about new privacy features, and enforce their privacy policies with 
respect to developers who build on social networks' platforms. 
Developers, in turn, should adhere to our privacy guidelines, publish 
information about their own data handling practices, and control third-
party access to individual information on their own sites or 
applications. People who use social sharing services like Facebook 
should update their passwords, take advantage of safety and security 
tools and resources, and educate themselves about the policies of 
websites and social networks they use. And government, too, should play 
a role, by taking action against bad actors who threaten the trust on 
which the social Web relies, and, through proceedings such as this 
hearing, by highlighting the importance of online safety, security, and 
privacy.
VI. Conclusion
    As a facilitator of the social web, we constantly strive to develop 
better tools that will build trust when individuals access our services 
through any device. We believe that it is important to enable 
individuals to make the privacy decisions that are right for them, and 
to provide infrastructure tools that facilitate trusted relationships 
between individuals and third-party application developers. By doing 
so, we are helping to promote the trust that powers the social Web 
while offering individuals a robust forum to communicate and share 
information in new and dynamic ways. And we also encourage and support 
the efforts of other stakeholders in building and securing the mobile 
and online environments that are enriching people's lives every day.
    Thank you for the opportunity to testify today. I look forward to 
answering any questions you may have.

    Senator Pryor. Thank you.
    Mr. Reed?

 STATEMENT OF MORGAN REED, EXECUTIVE DIRECTOR, ASSOCIATION FOR 
                     COMPETITIVE TECHNOLOGY

    Mr. Reed. Thank you, Chairman Pryor, Ranking Member Toomey, 
and distinguished members of the Committee for the opportunity 
to speak with you today.
    As ACT's Executive Director, I represent over 3,000 
developers and small business entrepreneurs, many of whom write 
apps for smartphones and tablets.
    Often when we consider the issues in this grand setting, we 
do it to look at the impact that it will have on the country at 
large, and we talk in broad themes and big ideas. But today, I 
would like to start off a little differently, breaking it down 
to the smallest of the small, specifically, my pint-sized 5-
year-old.
    My daughter is learning to speak Chinese. Granted, she is 
doing it because Dad wants her to. But I let her use an old 
smartphone. I have loaded on Chinese language learning apps, 
and she now has games that test her ear, games that help her 
recognition, and even one that lets her take pictures of a 
character and gives her a translation.
    I have recently seen a demo of an application that will 
allow her to take a picture of an object and also give her a 
translation audibly. These are apps that won't make the cut on 
the desktop computer, if, for no other reason, at least for my 
5-year-old will never sit still. Many of the apps were 99 
cents. None of them were more than $5.
    When she gets a little older, she and I will use Star Walk 
app, which uses location information to show a real-time 
movable map of the night sky. Mobile apps like these open up 
worlds of learning for kids and adults in ways that were 
unimaginable 5 years ago. And there are thousands of similar 
stories to mine.
    Over 500,000 apps are available on mobile platforms today. 
Originating less than 4 years ago, the apps economy will grow 
to $5.8 billion this year. In the next 4 years, that total is 
expected to reach $37 billion. And if you include services, we 
expect to hit $50 billion.
    This is a remarkable American success story in a time of 
economic uncertainty. U.S. developers account for the vast 
majority of apps available in the market today, creating 
opportunity throughout the country, while also exporting 
popular programs abroad. Eighty-eight percent of the top 500 
apps were written by small businesses, and the vast majority of 
these, micro-businesses with less than 10 employees.
    More importantly, this is not a Silicon Valley phenomenon. 
In fact, Scott Bedwell developed his series of DJ apps in 
Bentonville, Arkansas. We have got Marble Burst from ZTak from 
Thomas, West Virginia. We have got Quick Bins from Moorhead, 
Minnesota, and we have got Critical Thought from St. Louis, 
Missouri.
    This is the true geographically diverse nature of this new 
apps economy. And while Apple stores and app stores are helping 
small businesses grow, the devices and various applications 
provide the user with tools to protect their personal 
information.
    For the smartphone my daughter uses, I have enabled most of 
the privacy settings on the device. I have turned off location 
services. I have restricted her in-app purchases, and I have 
disabled her ability to add or delete applications. And as she 
gets older, the features I enable will grow with her maturity.
    While the privacy protection in the handset is the place to 
start, we in the apps community know and are doing more to 
inform and educate consumers about how we handle their data. 
Accordingly, ACT has a working group to develop a set of 
guidelines for mobile application developers to enable them to 
do a better job in creating privacy policies and also helping 
them to understand the complexity of privacy regulation.
    Most mobile apps collect no information and, therefore, 
aren't technically required to have a policy, but we feel they 
should. Not because of regulation, but because the most 
valuable asset they have is their trust from their customers. A 
quick peek at the comment section on any mobile app site will 
show you how quickly an app can lose favor because it failed to 
meet customer expectations.
    Now we don't want anyone to lose sight of the fact that 
these are hard-working, innovative entrepreneurs who create 
exciting new products. And ACT is committed to ensuring that 
they have the tools needed to avoid the pitfalls of data 
mismanagement. But for those few fraudulent app makers who 
misuse consumers' personal information, we say throw the book 
at them.
    The FTC's $3 million COPPA fine against Playdom underscored 
the considerable enforcement measures available. Section V of 
the FTC Act offers government broad authority to go after bad 
actors and effectively oversee the marketplace.
    While recent events in the media have give a high profile 
to bad actors in this area, I would urge the Committee to 
evaluate the considerable enforcement options currently 
available before creating additional regulatory mechanisms. Too 
often government intervention in an emerging technology 
marketplace has unintended consequences that can stunt 
development.
    The last thing we want to do is constrain an industry with 
tremendous growth, where our country has such a clear 
competitive advantage. Let us address bad behavior without 
threatening this uniquely American apps economy.
    Thank you very much.
    [The prepared statement of Mr. Reed follows:]

        Prepared Statement of Morgan Reed, Executive Director, 
                 Association for Competitive Technology
    Chairman Pryor, Ranking Member Wicker, and distinguished members of 
the Committee: My name is Morgan Reed, and I would like to thank you 
for holding this important hearing on privacy and the growing mobile 
devices marketplace.
    I am the Executive Director of the Association for Competitive 
Technology (ACT). ACT is an international advocacy and education 
organization for people who write software programs--referred to as 
application developers--and providers of information technology (IT) 
services. We represent over 3,000 small and mid-size IT firms 
throughout the world and advocate for public policies that help our 
members leverage their intellectual assets to raise capital, create 
jobs, and innovate.
    The new mobile apps world has sparked a renaissance in the software 
industry; small software companies are able to create innovative 
products and sell them directly to consumers. This is a radical 
departure from the era of up-front marketing costs, publisher delays, 
and piracy problems. The emergence of the mobile app market has 
eliminated the longstanding barriers to entry that our industry battled 
for the past two decades.
    My goal today is to help explain how small business is building 
this exciting new industry, how what we are doing is helping consumers, 
and how the very real concerns about privacy must be dealt with 
holistically, rather than from a technology-specific perspective.
The Smartphone Ecosystem is Creating Jobs and Opportunities in a Tough 
        Economy
    The state of the world economy is profoundly unsettled. Questions 
about job security, healthcare, and foreclosure have become dinner 
table conversation throughout this country.
    In the face of all of this turmoil, there has been a bright spot in 
economic growth: Sales of smartphones and tablets, such as the iPhone, 
the HTC Thunderbolt (running Google Android) the Samsung Focus (running 
Microsoft WP7), the iPad, Xoom and now RIM's Playbook continue to 
outpace all predictions and are providing a huge growth market in a 
slumping economy. In fact, nearly one hundred million smartphones were 
shipped in the first quarter of 2011 \1\ marking a 79 percent increase 
in an already fast growing market.\2\
---------------------------------------------------------------------------
    \1\ Mark Kurlyandchik, IDC: Nokia Remains Top Smartphone Vendor 
Worldwide, DailyTech, May 6, 2011.
    \2\ Id.
    
    
    In 2008 Apple launched its App Store to provide a place for 
developers to sell independently developed applications for the iPhone. 
Since then, over 300,000 new applications have gone on sale, with 
billions of applications sold or downloaded. The Android platform has 
recently exceeded the growth rate seen in the iPhone, totaling more 
than 200,000 applications, with 10,000 new programs available each 
month. In 2010 we saw the release of Windows Phone 7, with its own 
applications store and an entirely unique user interface. Total unique 
apps across all platforms are expected to exceed 500,000 by the end of 
2011.\3\
---------------------------------------------------------------------------
    \3\ http://d2omthbq56rzfx.cloudfront.net/wp-content/uploads/2011/
04/Distimo-survey-201103-app-stores-count.png.


    Possibly the most important thing we have noticed about the new 
apps world is how it has revolutionized the software development 
industry. It is nothing less than a rebirth. Startup costs of the 
modern app developer are a fraction of what they were just 10 years 
ago. With mobile and Xbox 360 apps, we have seen the return of the 
small, independent ``garage'' developer focused on products that can be 
created and shipped in a matter of months. This new apps-driven model 
creates a direct bridge between the customer and the developer. Our 
members tell us that being a developer has not been this exciting since 
the origins of the personal computer and software industry in the 1970s 
and 1980s.
The Mobile App Developer--An Analysis
    Apps are overwhelmingly created by small businesses. Of 500 best-
selling mobile apps, 88 percent are written by small businesses \4\; 
and in a majority of cases micro businesses with less than 10 
employees.
---------------------------------------------------------------------------
    \4\ ACT analysis of top 500 selling apps, some discrepancies exist 
due to lack of verifiable employment data and apps created by a 
developer who has significant investment from a larger company. Some 
apps branded for a larger company are in fact developed by small firms 
subcontracted to build the application. Sample size of 408 
applications, from ``top apps'' on March 25, 2011.


    Second, app developers are not just in California. During the dot-
com boom of the 1990s, the majority of growth occurred in Silicon 
Valley while the rest of the country was not able to reap the direct 
benefits of the economic boom. The growth of the mobile apps industry 
has led to job creation all across the United States. While California 
continues to have a large representation of app developers, nearly 70 
percent of the businesses are located outside of the state of 
California. This new burgeoning industry allows developers to live 
almost anywhere, including Little Rock, Arkansas and Tupelo, 
Mississippi.


    Third, app development companies have low initial costs but also 
have the ability to become a highly successful and sustainable 
business. ACT's members reported development costs ranging from $1,000 
to upwards of $1,000,000. Given the wide range of our findings and 
those of other reports,\5\ it is useful to view the cost of mobile app 
development in tiers.
---------------------------------------------------------------------------
    \5\ http://appmuse.com/appmusing/how-much-does-it-cost-to-develop-
a-mobile-app/.

        Tier one represents a simple apps with no real back-end server-
        based functionality, and can run in the low thousands; this 
        category makes up a significant percentage of all the apps in 
        various mobile stores. They may be single feature programs, 
---------------------------------------------------------------------------
        vanity apps, or just irreverent apps like iBeer.

        Tier two are the apps that provide multiple levels of 
        functionality, often working with data stored in a remote 
        server to provide information/ user generated content, or 
        advanced capabilities like writing and saving specialized 
        documents. This tier runs from $30,000 to $100,000.

        Tier three runs from $100,000 on up. This category is for apps 
        that may need to tie into sophisticated inventory management 
        systems, require specialized licenses for content, interface 
        with business critical data bases not just to read, but also 
        write information, and finally, games with immersive 
        environments where art and music costs can be significant.
Understanding the Real Opportunity for Small Business
    Mobile App Stores--In a store environment, app developers charge 
their customers to download applications and/or charge them for 
purchases they make inside the app. For example, photography app 
Hipstamatic costs $1.99 to download. If users want additional camera 
effects (Kodachrome or Holga for instance) they can buy the add-ons in 
the application.
    The exponential growth in app stores during the past few years is 
unprecedented. Apple was first, launching the iTunes App Store less 
than 4 years ago, and was soon followed by Nokia, Google, Microsoft, 
Amazon and others. According to IHS, in 2010 the worldwide market 
revenue of these app stores in 2010 was $2.15 billion, a 160 percent 
increase over 2009, and is expected to reach nearly $4 billion this 
year. Forrester Research estimates that the revenue created from 
customers buying and downloading apps to smartphones and tablets will 
reach $38 billion by 2015.
    A growing percentage of revenues for app markets are coming from 
``in-app purchases.'' According to Xyologic, a company that indexes and 
analyzes app store data, 40 percent of game downloads are now free 
titles with in-app purchases. In March, it found there were nearly 100 
million downloads of free iPhone games from the App Store.
    Yet revenues from app purchases and in-app purchases only represent 
a part of the overall opportunity for app developers. According to 
Xyologic, 80.8 percent of all app downloads in the month of March were 
free. While some of those apps relied on in-app purchasing for revenue, 
many others were supported by advertising or developed to support other 
brands and services.
    Custom Mobile Development--Additionally, many applications are made 
available for free by larger companies in order to extend services to 
mobile devices or as marketing tools. From Citibank's online banking 
app to Pepsi's ``Refresh Project'' and Conde Nast's magazine apps, 
Fortune 1000 companies are increasingly offering mobile apps to their 
customers and potential customers. While large companies brand these 
apps, smaller companies with the expertise necessary to build world-
class applications under tight deadlines usually build them. These apps 
represent the majority of the more than 600,000 free apps available 
across all app markets. This translates into a tremendous number of 
job-creating opportunities for smaller app development shops. Forrester 
Research predicts this market to reach $17 billion by 2015.
    Mobile Advertising Revenues--Finally, some apps are supported 
either entirely or partly by advertising revenue. This is an 
increasingly important model especially as the Android platform grows 
in marketshare. Some applications charge for downloads and run 
advertisements inside the app itself. In-app mobile advertising is 
growing more slowly than revenues from app downloads and in-app 
purchases, but it is a particularly important revenue model for apps 
with enormous scale, or ``eyeballs.'' In the games category, which 
represents around half the app market, the total revenue from in-app 
advertising was $87 million according to Juniper Research. Juniper 
expects that to grow to around $900 million by 2015.
    The business model of the platform makes a difference in how 
developers pursue revenue. As shown in an earlier chart, the iOS store 
has more than 333,000 applications, and nearly 70 percent of those are 
paid for up front. Google/Android, a company whose entire revenue 
stream and dominant market position is dependent on advertising, tends 
to push developers toward the advertising model, with only 30 percent 
of the 206,000 apps relying on direct payment to the developer.
    The Future for Mobile App Developers--Even more important are the 
opportunities that lay farther ahead. According to a recent Morgan 
Stanley report,\6\ most people haven't yet invested in such technology. 
True ``smartphones'' have around 25 percent penetration in the U.S.; in 
Asia, it may be as low as 6 percent. This represents a pathway for 
growth leading far into the future.
---------------------------------------------------------------------------
    \6\ http://www.morganstanley.com/institutional/techresearch/pdfs/
2SETUP_12142009_RI.
pdf.
---------------------------------------------------------------------------
    To understand just how important international sales are to the 
mobile apps market, one only needs to look at a comparison between the 
total number of users possessed by a combined AT&T/T-mobile (130 
million wireless subscribers) \7\ and China's number one wireless 
carrier, China mobile (584 million subscribers).\8\ Even if only 6 
percent of China mobile's subscribers become smartphone users--and app 
purchasers--the market opportunity for U.S. software developers is 
huge.
---------------------------------------------------------------------------
    \7\ http://www.siouxcityjournal.com/business/local/
article_f24b5818-ea11-5f04-b0b0-d7bbd02
055b0.html.
    \8\ http://www.wirelessweek.com/News/2011/01/Carriers-Subs-Reach-
842M-China-Mobile/.
---------------------------------------------------------------------------
Taking Privacy Seriously: ACT Developing Mobile App Privacy Guidelines
    This nearly $60 billion opportunity is predicated on an ongoing 
trust relationship between app developers and consumers, and that is 
why we take privacy so seriously. Accordingly, ACT has convened a 
working group of app developers representing the entire swath of the 
apps ecosystem. Additionally, our working group includes privacy 
experts and representatives from Privo, one of the four FTC-recognized 
COPPA Safe Harbors.
    The goal of this working group is to provide developers with 
guidelines that help them to create a privacy policy that is clear, 
transparent, and enables them to fully utilize the various device 
platforms that are being created today. We expect our initial 
guidelines to be available within 30 days and will update them 
regularly. Additionally, we are working with other groups to build a 
privacy policy generator for app developers. Such a tool would allow 
developers to create custom privacy policies that fit the specific 
requirements of their application. This can remove hurdles for these 
micro firms, and help them to create simple, easy-to-understand privacy 
policies that comply with existing law and provide useful guidance to 
consumers.
    Finally, our working group is taking a proactive view of the FTC's 
Section 5 provisions under COPPA. Although we expect the FTC to come 
out with rules addressing mobile apps and COPPA very soon, we've chosen 
not to wait. Instead we are creating our guidelines and advising our 
members that mobile apps fall under COPPA, and apps developers should 
make sure that their apps comply with COPPA here in the U.S. and any 
similar privacy provisions in other countries or jurisdictions. When 
the FTC's rules are promulgated, we will adjust accordingly, but we 
always stress that members should err on the side of privacy 
protection.
Enabling Features While Protecting Privacy
    Importance of Location Information for Efficiency--In the lead up 
to today's hearing, considerable critical attention has been directed 
at the type of information stored on smartphones. A misunderstood 
element in the public debate on this data collection is the valuable 
role location information plays in the underlying functionality of the 
device--beyond just mapping.
    When a smartphone tracks the location of its user, it is making a 
note to remind itself which access point or cell tower was used there 
to connect to the Internet. When a user returns to that area, the phone 
remembers this information. Each day most phone users travel the same 
route to work or to attend school and then return home to the same 
place. Keeping this data enables the smartphone to easily find an 
Internet connection providing efficient, constant online access. This 
is important for two reasons.
    First is battery life. A phone uses a lot of power to search for a 
cell tower or wireless router. If it constantly needs to search for an 
Internet connection, it will deplete its battery many times more 
quickly than if it maintained a constant connection. Customers rate the 
importance of battery life very highly as a feature in the customer 
experience, so keeping a charge is an important requirement of the 
phone. By maintaining a list of frequently visited locations, a 
smartphone avoids draining its battery in search of data connection 
points.


    The other reason efficient connectivity matters is spectrum 
scarcity. The proliferation of smartphones has led to a crowded 
wireless spectrum, leading to potentially diminishing service quality. 
Wherever possible, wireless carriers are eager to connect users to wi-
fi for faster connection speed and to lessen the burden on wireless 
networks. Carriers even provide their own wi-fi service for free to 
customers in densely populated areas to help alleviate the demand for 
wireless spectrum. By keeping track of the wi-fi and cell tower 
locations at frequently visited areas, the smartphone can allow users 
to automatically switch to wi-fi networks to provide constant, high 
quality Internet connectivity while diminishing the pressures on a 
crowded spectrum.
    Location Information for Consumers--While location data is 
essential for phones to operate efficiently, consumers also love the 
smartphone services made possible using location-based technology. Many 
of the most successful apps or smartphone features have become popular 
based on knowing exactly where users are at any given time. And that's 
exactly how customers want it.
    Anyone who has owned a smartphone has probably charted their 
location as a blue dot on their map app. Many also use those same 
programs to see where the traffic bottlenecks are before starting their 
evening commute. Some apps use location to help users find the nearest 
gas station, post office, parking garage, or coffee shop.
    The OpenTable app adds location technology to its existing services 
to allow diners to find open tables at nearby restaurants, read 
reviews, and make reservations with a simple tap of the button. Using 
location information, the app can also provide step-by-step directions 
to the establishment.


    Location services on smartphones have also changed the way we 
interact socially, creating a market for check-in features to tell your 
friends and family where you are. Facebook has an app with this feature 
and, within the last decade, has achieved a market valuation 
approaching $100 billion. Foursquare, an app which exclusively provides 
check-in services, has been valued at nearly half a billion dollars.
    There is clearly big business opportunity in this marketplace. But 
location-based services and advertising offer a unique opportunity for 
Main Street businesses as well. Some apps, like RedLaser, allow users 
to scan the UPC code of a product and, using the smartphone's location 
data, find several local retailers nearby where it can be purchased.


    Meanwhile, a user searching for a particular product or service on 
their smartphone can receive an ad from a local store based on their 
current location data. These ads have the benefit of reaching potential 
customers at the exact time of a purchasing decision and cost far less 
than the newspaper circulars or the TV ads that big box stores are able 
to afford.
    Similarly, local small businesses can also level the playing field 
with the national chain stores and Internet retailers through shopping 
apps like Groupon. This app has 38 million North American subscribers 
who receive daily discounts at local establishments based on their 
location data.
    While improving the core performance of smartphones, location data 
is also the building block for apps that users find useful and provide 
small businesses with opportunities to reach new customers. This data 
also contains information about the user which they may want to keep 
private so appropriate safeguards must be in place to ensure it is used 
in a manner with which consumers are comfortable.
The Smartphone ID Conundrum
    Recent news stories have focused on the existence of unique 
identifiers attached to each smartphone. Known as a UDID number for 
iPhone and Android ID for Android-based products, this is a number that 
serves as a unique token for each device. The Wall Street Journal 
article ``What They Know--Mobile'' \9\ made special effort to note the 
transmission of this number by nearly every single application in the 
market. While highlighting the transmission of a ``unique identifier'' 
may make for good newsprint, the article unfortunately did not properly 
explain why developers transmit this number.
---------------------------------------------------------------------------
    \9\ http://blogs.wsj.com/wtk-mobile/.
---------------------------------------------------------------------------
    In order to help better explain the role this Smart Phone ID (SPID) 
number plays in the development and maintenance of mobile applications, 
ACT surveyed developers \10\ to find out how they currently used the 
SPID number. Respondents highlighted three key uses:
---------------------------------------------------------------------------
    \10\ ACT April 28 questionnaire to members working on at least one 
mobile platform. Question: How do you currently use UDID/Android ID in 
your development process?

   Allows developers to control access to parts of the program 
        without locking the user out completely (i.e., locking 
---------------------------------------------------------------------------
        achievement levels in games, viewing paid subscriber content);

   Prevents piracy of applications, allows verification of 
        ownership for updates to apps; and

   Allows management of access control for software testing and 
        customer service.

    Additionally, developers reported on several benefits to their 
customers in specific and consumers in general. Most often cited were:

   Working in concert with other stored data, the SPID makes it 
        possible to have applications remember your favorites even when 
        you buy a new phone;

   Helps content providers know when your device is on a wi-fi 
        network instead of 3G, thus allowing them to send you HD or 
        other high bitrate content; and

   Makes it easier to receive updates without verification 
        procedures that annoy customers.

    Finally, developers use SPID numbers to interact with third party 
ad networks; SPIDs are required by many ad networks as part of the 
terms of service.
    At first glance, it would seem to make perfect sense to only allow 
the SPID to be shared with the app maker itself, but not with third 
parties. However, in today's world, many different companies work 
together to provide services to customers. For instance, when shipping 
a product via FedEx, the sender shares considerable personal 
information about the recipient with the (third party) shipper 
including contact information and purchased items. Similarly, small 
businesses rely on cloud computing to give customers a complete service 
offering in a cost-effective way. For game developers, a company like 
OpenFeint offers an easy way to keep track of scores and allows game 
users to interact with each other, saving app makers thousands of 
dollars in development time and ongoing infrastructure cost. This 
service needs to be able to tell devices apart.
    Finally, developers felt that the usage restrictions and best 
practices for SPIDs were well documented, especially on Apple's iOS 
giving us plenty of advice to app makers on how to properly handle this 
information.\11\
---------------------------------------------------------------------------
    \11\ http://developer.apple.com/library/ios/#documentation/uikit/
reference/UIDevice_Class/Reference/UIDevice.html.
---------------------------------------------------------------------------
    The key takeaway from this survey is that it is important, and 
often necessary, to keep devices separate and uniquely identified. 
Users may own many devices, multiple people may share devices (for 
example, family members), and others switch devices. Developers have 
different technical reasons to identify devices, but all come down to 
the same thing: enhancing the user experience. The developer's focus is 
in making the user's phone more convenient and useful.
Understanding the Existing Laws and Regulations
    Regardless of how data protection is approached, it's critical to 
note the protections offered under existing Federal and state laws and 
regulations. In particular, consumer-protection laws currently provide 
technology-neutral legal standards to address data-privacy and data-
security concerns regardless of whether they arise from undisclosed 
hacking, phishing, inadvertent peer-to-peer ``sharing'' of sensitive 
personal files, unauthorized wifi-snooping and art contests seemingly 
designed to enable the reverse-engineering of children's Social 
Security numbers.
    Currently, the FTC Act gives the FTC broad authority to act against 
those who misuse data, regardless of the technology used. Specifically, 
Section 5 of the FTC Act directs the FTC to take action against any 
business engaging in ``deceptive'' or ``unfair'' trade practices.\12\
---------------------------------------------------------------------------
    \12\ 15 U.S.C.  45.
---------------------------------------------------------------------------
    The FTC's duty to halt deceptive trade practices authorizes the FTC 
to take law enforcement action not only when a business violates 
explicit promises to consumers,\13\ such as violations of stated 
privacy policies or terms of use, but also even when a business makes 
material omissions to consumers,\14\ such as not telling consumers 
about the sharing of their collected information with third parties.
---------------------------------------------------------------------------
    \13\ Id.
    \14\ FTC, Policy Statement on Deception (Oct. 14, 1983) available 
at http://www.ftc.gov/bcp/policystmt/ad-decept.htm.
---------------------------------------------------------------------------
    Similarly, the FTC's duty to halt unfair trade practices authorizes 
the FTC to take law-enforcement action when business practices cause 
injuries to consumers that are: substantial; not outweighed by 
countervailing benefits to consumers and competition; and could not 
have been reasonably avoided by consumers themselves.\15\ For example, 
the FTC can take action against a business's failure to report a data 
breach.
---------------------------------------------------------------------------
    \15\ 15 U.S.C.  45(n); see also FTC, Policy Statement on 
Unfairness (Dec. 17, 1980) available at http://www.ftc.gov/bcp/
policystmt/ad-unfair.htm.
---------------------------------------------------------------------------
    Finally, it is critical to understand two points about consumer-
protection laws. First, the FTC has real teeth if it finds that a 
company engaged in ``unfair or deceptive practices,'' including 
assessing injunctive and civil penalties. Second, state consumer-
protection acts grant state Attorneys General even broader substantive 
and remedial powers than those that Federal law grants to the FTC. As a 
result, even were resource constraints or agency capture to preclude 
FTC action in a particular case, 50+ law enforcement agencies would 
still have broad, technology-neutral authority to protect the privacy 
and security of consumers' data.
    Consequently, the consumer-protection authority of the FTC and 
state Attorneys General already authorizes and requires these law 
enforcement agencies to patrol the Internet for companies that might 
violate their promises to consumers or cause them substantial harm. The 
FTC recently used such authority to protect consumer privacy by taking 
action against Google \16\ and Chitika \17\ for failing to properly 
handle consumers' information. Both companies now face twenty years of 
oversight and damage to their brands.
---------------------------------------------------------------------------
    \16\ In the Matter of Google Inc., a corporation, FTC File No. 102 
3136.
    \17\ In the Matter of Chitika, Inc., a corporation, FTC File No. 
1023087.
---------------------------------------------------------------------------
    Existing consumer-protection laws thus already authorize both the 
FTC and state law enforcement agencies to police the entire range of 
products that connect to the Internet, including mobile devices, and to 
take action against the bad actors that ignore existing laws and will 
continue to ignore any future laws. This existing authority also 
ensures that good actors already have every incentive to behave 
reasonably and that bad actors have good reason to fear the existing 
legal consequences of their wrongdoing.
    Given the existing authority of the FTC and State Attorneys 
General, do we need additional regulation? ACT believes this is an open 
question, but one where consumer privacy protection should not be 
viewed through a limited, technology-specific lens. Instead, 
thoughtful, arduous, and considered discussion must take place on the 
role of personal data in the economy, the true interests of consumers, 
and the best interaction between citizens and the providers of products 
and services that use their data.
Avoiding the Patchwork Problem; Dealing with Data Holistically
    In periods of great technological change, both new opportunities 
and new challenges are created. More often than not, however, the 
seemingly new challenges are merely old issues illuminated under a new 
light.
    Like the dot-com boom before it, the emergence of smartphones and 
mobile apps have renewed interest in the way corporations and 
governments collect and share data, most importantly, personal data. 
Yet, in both cases, these new technologies are simply bringing new 
light to issues surrounding the collection of personal data that has 
existed for decades.
    There are genuine questions to be asked and considered with respect 
to the collection and use of personal data. How and when should people 
be told the data is being collected or when it is being shared? How 
should they be told? Should people be able to modify data that is 
collected about themselves? Should people be able to delete data about 
themselves or otherwise control how it is used? Asking these questions 
only in the context of smartphones and mobile apps ignores the larger 
picture. The technology used to collect the data is much less 
significant than the important questions about the process and behavior 
of those collecting it.
    First, the data collected by apps developers is an almost 
infinitesimal piece of the global collection of personal data. From 
credit card companies, to warranty cards, to loyalty programs, 
companies have been collecting data on their customers long before the 
Internet or smartphones came around. Not only do other companies 
collect the same data as smartphone apps, but they have exponentially 
larger collections of personal data already at their disposal. 
Information brokers like Epsilon and Google collect, retain, and share 
far more information than all mobile apps combined.
    Even the collection of location data that has been singled out in 
recent press reports is not unique to smartphones and mobile apps. 
Standalone commercial GPS providers like TomTom or GPS-based safety 
services like OnStar collect this information on their users. Your EZ 
Pass technology for wireless payment of highway tolls also collects and 
stores location data. More recently, Google has been driving the 
world's streets eavesdropping on home and business wireless networks to 
gain the ability to find you even on your home computer or laptop. In 
nearly every instance, these companies may share that data with third 
parties.
    Isolating and regulating one specific technology is not the answer 
to the broader questions surrounding the collection and sharing of 
personal data. Given the enormity of existing data collections and the 
number of ways it is amassed, focusing exclusively on one technology--
particularly the newest and least established--is a symbolic gesture 
that does not solve the underlying problem, but creates the false sense 
that the problem has been solved and the need for thoughtful debate and 
policy consideration is over. Regulatory attention should be focused 
broadly on behavior and data usage, applying to everyone, regardless of 
means of collection and sharing.
    Finally, regulation that focuses solely on new technology 
discriminates against small businesses. Whenever we are talking about 
new, disruptive technologies, we are most often talking about small 
businesses. Revenue models, customer expectations, and efficiency 
opportunities are all still emerging, and small businesses are the 
driving force. Lots of businesses start, a very small number survive, 
but in the end, we learn what works, and then the large businesses get 
involved. To stunt the growth of a new, experimental market is to 
discriminate against the very small businesses on which we rely to lead 
innovation and growth in the American economy.
Conclusion
    The future of the digital marketplace looks bright for small 
business, so long as the marketplace remains dynamic and competitive. 
This is a more than $10 billion opportunity for small business across 
the United States. Barriers to entry in the marketplace are currently 
low, and our members are very excited about the future--according to 
ACT's board president, Mike Sax, ``Programming is fun again!''
    While there are important questions that need to be discussed on 
personal data collection, retention, and sharing, limiting this 
question solely to smartphones and mobile apps would be ineffectual and 
counterproductive.
    The use of location information and smartphone IDs are providing 
immense value to consumers. Whether it's the ability to make dinner 
reservations or find directions to the nearest hardware store, our 
members put a value on creating a product that improves the lives of 
their customers.
    Banning the collection of location data would essentially outlaw 
these beloved consumer apps while doing nothing to address the big 
questions about data collection and how that data is used. That is why 
ACT believes that Congress must take a holistic approach to privacy 
that does not single out any one technology, especially nascent ones. 
We need to outlaw bad behavior, not good technology. I hope that the 
committee will continue to focus the spotlight on the contribution 
small business makes to the future of the digital economy and the way 
government can do a better job to encourage that productive future. 
Thank you for your time and consideration on this important topic.

    Senator Pryor. Thank you.
    Ms. Novelli?

 STATEMENT OF CATHERINE A. NOVELLI, VICE PRESIDENT, WORLDWIDE 
                GOVERNMENT AFFAIRS, APPLE, INC.

    Ms. Novelli. Good morning, Chairman Pryor, Chairman 
Rockefeller, and members of the Subcommittee.
    My name is Catherine Novelli. I am Vice President for 
Worldwide Government Affairs for Apple. Thank you for the 
opportunity to further explain Apple's approach to addressing 
consumer privacy and protection in the mobile marketplace, an 
issue we take very seriously, especially as it applies to 
children.
    I would like to use my limited time to emphasize a few key 
points. First, Apple is deeply committed to protecting the 
privacy of all our customers. We have adopted a single, 
comprehensive customer privacy policy for all of our products. 
This policy is available from a link on every page of Apple's 
website.
    We do not share personally identifiable information with 
third parties for their marketing purposes without our 
customers' explicit consent. As explained in more detail in my 
written testimony, we require all third-party application 
developers to adhere to specific restrictions protecting our 
customers' privacy.
    Second, Apple has built-in innovative settings and controls 
to help parents protect their children while using Apple 
products, both on and offline. These controls are easy to use, 
password protected, and can be administered on all Mac 
products, as well as on all of our IOS mobile devices, 
including the iPhone, iPad, and iPod Touch. These controls can 
also be enabled quite easily on the iTunes store.
    We believe these parental controls are simple and 
intuitive. They provide parents with the tools they need to 
flexibly manage their children's activities at various stages 
of maturity and development in ways parents deem most 
appropriate. I have provided detailed descriptions and examples 
in my written testimony.
    Third, Apple does not knowingly collect any personal 
information from children under 13. We state this prominently 
in our privacy policy. If we learn that we have inadvertently 
received the personal information of a child under 13, we take 
immediate steps to delete that information.
    We only allow iTunes store accounts for individuals 13 or 
over. Apple's iAd Network is not providing ads to apps targeted 
to children, and we reject any developer app that targets 
minors for data collection.
    Fourth, Apple does not track users' locations. Apple has 
never done so and has no plans to ever do so. In recent weeks, 
there has been considerable attention given to the manner in 
which our devices store and use a subset of Apple's anonymized 
location database of cell towers and Wi-Fi hotspots. The 
purpose of the database is to allow the device to more quickly 
and reliably determine a user's location. These concerns are 
addressed in detail in my written testimony.
    I want to reassure you that Apple was never tracking an 
individual's actual location from the information residing in 
this cached file on their iPhone. Apple did not have access to 
the cache on any individual user's iPhone at any time.
    Fifth, Apple gives customers of control over collection and 
use of the location data on all of our devices. Apple has built 
a master location services switch into our IOS mobile operating 
system that makes it extremely easy to opt out entirely of 
location-based services. The user simply switches the location 
services off in the Setting screen. When the switch is turned 
off, the device will not collect or transmit location 
information.
    Equally important, Apple does not allow any application to 
receive device location information without first receiving the 
user's explicit consent through a simple popup dialogue box. 
This dialogue box is mandatory and cannot be overridden. 
Customers may change their mind and opt out of location 
services for individual applications at any time by using 
simple on-off switches. Again, parents can also use controls to 
password-protect and prevent access by their children to 
location services.
    In closing, let me restate Apple's unwavering commitment to 
giving our customers clear and transparent notice, choice, and 
control over their personal information. We believe our 
products do this in a simple and elegant way.
    While Apple has not taken a public position on any specific 
privacy legislation currently before the Congress, we do 
strongly agree that any company or organization with access to 
customers' personal information should give its customers clear 
and transparent notice, choice, and control over their 
information. We share the Committee's concerns about the 
collection and misuse of any customer data, and we are 
committed to continuing to work with you to address these 
important issues.
    I will be happy to answer any questions that you may have.
    [The prepared statement of Ms. Novelli follows:]

      Prepared Statement of Catherine A. Novelli, Vice President 
              for Worldwide Government Affairs, Apple Inc.
    Good morning Chairman Pryor, Ranking Member Wicker, and members of 
the Subcommittee. My name is Catherine Novelli, and I am Vice President 
for Worldwide Government Affairs for Apple Inc. On behalf of Apple, I 
thank you for the opportunity to address this important subject.
Apple's Commitment To Protecting Our Customers' Privacy
    As we stated in testimony provided before this Committee last 
summer, Apple is deeply committed to protecting the privacy of our 
customers who use Apple mobile devices, including iPhone, iPad and iPod 
touch.\1\ Apple has adopted a single comprehensive privacy policy for 
all its businesses and products, including the iTunes Store and the App 
Store. Apple's Privacy Policy, written in easy-to-read language, 
details what information Apple collects and how Apple and its partners 
and licensees may use the information. The Policy is available from a 
link on every page of Apple's website.\2\
---------------------------------------------------------------------------
    \1\ Testimony of Dr. Guy ``Bud'' Tribble of Apple Inc., on Consumer 
Online Privacy before the U.S. Senate Committee on Commerce, Science, 
and Transportation, July 27, 2010.
    \2\ The links take customers to http://www.apple.com/privacy, which 
customers may also access directly.
---------------------------------------------------------------------------
    Apple takes security precautions--including administrative, 
technical, and physical measures--to safeguard our customers' personal 
information against loss, theft, and misuse, as well as against 
unauthorized access, disclosure, alteration, and destruction. To make 
sure personal information remains secure, we communicate our privacy 
policy and security guidelines to Apple employees and strictly enforce 
privacy safeguards within the company.
    We do not share personally identifiable information with third 
parties for their marketing purposes without consent. We require third-
party application developers to agree to specific restrictions 
protecting our customers' privacy. Moreover, Apple's Safari browser is 
still the only browser to block cookies from third parties and 
advertisers by default.
    As I will explain in more detail below, Apple is constantly 
innovating new technology, features and designs to provide our 
customers with greater privacy protection and the best possible user 
experience.
    We are also deeply committed to meeting our customers' demands for 
prompt and accurate location-based services. These services offer many 
benefits to our customers by enhancing convenience and safety for 
shopping, travel and other activities. To meet these goals, Apple 
provides easy-to-use tools that allow our consumers to control the 
collection and use of location data on all our mobile devices. Apple 
does not track users' locations--Apple has never done so and has no 
plans to ever do so.
    In my testimony today, I would like to reaffirm and amplify Apple's 
previous privacy testimony before this Committee, while focusing on the 
following topics of particular interest for this hearing: (1) Apple's 
Parental Controls and Restrictions settings; (2) Apple's collection, 
storage and use of location information on Apple mobile devices; and 
(3) the use of customer information by third-party applications and the 
iAd Advertising Network.
I. Apple's Parental Controls and Restrictions Settings
    Apple has implemented industry-leading innovative settings and 
controls to enable parents to protect their children while using Apple 
products both on and off-line. These controls are easy to use, password 
protected, and can be administered on all Mac OS X products as well as 
on all of our iOS mobile devices, including iPhone, iPad and iPod 
Touch. These controls can also be enabled quite easily on the iTunes 
store.
    On any Mac, parents can control which Apps their child can run as 
well as set age appropriate restrictions for the App Store. Parents 
also can control with whom their children can exchange e-mails or chat, 
where they can go online if at all, as well as set time limits as to 
how long they can be on their computer. There are even settings that 
enable a parent to prevent their children from using their Mac at all 
during specific hours, such as during bedtime on school nights. 
Moreover, these settings provide parents with logs of what their 
children were doing while using their Macs. These controls are account 
based, providing a parent with two children, for example, the 
flexibility to apply different levels of parental controls necessary to 
manage activities appropriate for their 8 year old versus those 
appropriate for their 14-year-old teenager--levels which are unlikely 
to be the same.
    On Apple's iOS mobile devices, parents can use the Restrictions 
settings to prevent their children from accessing specific device 
features, including Location Services (discussed in detail below), as 
well as restricting by age level Music, Movies, TV Shows, or Apps, and 
also prohibiting In-App purchases. When a parent enables these 
controls, the parent must enter a password (this password is separate 
from the device password that the Parent may set for their child). Once 
enabled, a parent can simply tap to switch-on and off access to various 
features, functions and Apps, even restricting access only to age 
appropriate content.


    EXAMPLE: Above are example screenshots from the iPhone that show 
restrictions settings that a mother might have set for her young 
teenage son on his own iPhone. As you can see in this example, this 
teenager is not permitted to surf the Internet or watch YouTube videos. 
However, he is permitted to use the iPhone camera and can participate 
in FaceTime chats with family and friends. His mother also has given 
him permission to use the iTunes store on his iPhone, but restricted 
downloads only to age-appropriate music and podcasts, movies, and TV 
shows. While this sample teenager also is able to install and delete 
age-appropriate Apps, his mother has prohibited him from making any In-
App Purchases.
    We believe these innovative easy-to-use parental controls are 
simple and intuitive. They provide parents with the tools they need to 
manage their children's activities at various stages of maturity and 
development based on the settings they deem appropriate.
    Finally, I want to make it clear to the committee that Apple does 
not knowingly collect any personal information from children under 13. 
We state this prominently in our Privacy Policy. If we learn that we 
have inadvertently received the personal information of a child under 
13, we take immediate steps to delete that information. Since we don't 
collect personal information from children under 13, we only allow 
iTunes store accounts for individuals 13 or over. With respect to our 
iAd network, our policy is that we don't serve iAds into apps for 
children. Further, we make it very clear in our App Store Review 
Guidelines that any App that targets minors for data collection will be 
rejected.
II. Location Information and Location-Based Services for Mobile Devices
    As we stated in our testimony last summer, Apple began providing 
location-based services in January 2008. These services enable 
applications that allow customers to perform a wide variety of useful 
tasks such as getting directions to a particular address from their 
current location or finding nearby restaurants or stores.
    Apple offers location-based services on a variety of mobile 
devices, including the iPhone 3G, iPhone 3GS, iPhone 4 CDMA and GSM 
models, iPad Wi-Fi + 3G, iPad 2 Wi-Fi and 3G and, to a more limited 
extent, older models of the iPhone, the iPad Wi-Fi, and iPod touch.
    All of Apple's mobile devices run on Apple's proprietary mobile 
operating system, iOS. Apple released iOS 4.1 on September 8, 2010. 
Apple released the current versions, iOS 4.3.3 and 4.2.8 (for the 
iPhone 4 CDMA model), on May 4, 2011. Currently, iOS 4.3.3 may be run 
on iPhone 3GS, iPhone 4 GSM model, iPod touch 3rd and 4th generations, 
iPad, and iPad 2. My testimony focuses on iOS 4.1 and later versions, 
including the free iOS update Apple released on May 4, 2011.
A. Location-Based Privacy Features
    Apple has designed features that enable customers to exercise 
control over the use of location-based services.


    First, as you can see in the iPhone screenshots above, Apple 
provides its customers with the ability to turn ``Off'' all location-
based service capabilities with a single ``On/Off'' toggle switch. For 
mobile devices, the toggle switch is in the ``Location Services'' menu 
under ``Settings.'' As described more fully below, when this toggle is 
switched ``Off,'' (1) iOS will not provide any location information to 
any applications, including applications that may have previously 
received consent to use location information; (2) iOS will not collect 
or geo-tag information about nearby Wi-Fi hotspots or cell towers; and 
(3) iOS will not upload any location information to Apple from the 
device.
    Second, Apple requires express customer consent when any 
application requests location-based information for the first time. 
When an application requests the information, a dialog box appears 
stating: ``[Application] would like to use your current location.'' The 
customer is asked: ``Don't Allow'' or ``OK.'' If the customer clicks on 
``Don't Allow,'' iOS will not provide any location-based information to 
the application. This dialog box is mandatory--neither Apple's 
applications nor those of third parties are permitted to override the 
notification.
    Third, iOS 4 permits customers to identify individual applications 
that may not access location-based information, even if Location 
Services is ``On.'' The Location Services settings menu provides an 
``On/Off'' toggle switch for each application that has requested 
location-based information. When the switch for a particular 
application is ``Off,'' no location-based information will be provided 
to that application.
    Fourth, Customers can change their individual application settings 
at any time. An arrow icon (d) alerts iOS 4 users that an application 
is using or has recently used location-based information. This icon 
will appear real-time for currently running applications and next to 
the ``On/Off'' switch for any application that has used location-based 
information in the past twenty-four hours.
    Finally, customers can use Restrictions, also known as Parental 
Controls, on a mobile device to prevent access to specific features, 
including Location Services. When a customer enables Restrictions, the 
customer must enter a passcode (this passcode is separate from the 
device passcode that the customer may set). If the customer turns 
Location Services off and selects ``Don't Allow Changes,'' the user of 
the device cannot turn on Location Services without that passcode.
B. Location Information
1. Crowd-Sourced Data base of Cell Tower Location and Wi-Fi Hotspot 
        Information
    Customers want and expect their mobile devices to be able to 
quickly and reliably determine their current locations in order to 
provide accurate location-based services. If the device contains a GPS 
chip, the device can determine its current location using GPS satellite 
data. But this process can take up to several minutes. Obviously, if 
the device does not have a GPS chip, no GPS location data will be 
available.
    To provide the high quality products and services that its 
customers demand, Apple must have access to comprehensive location-
based information. To enable Apple mobile devices to respond quickly 
(or at all, in the case of non-GPS equipped devices or when GPS is not 
available, such as indoors or in basements) to a customer's request for 
current location information, Apple maintains a secure database 
containing information regarding known locations of cell towers and Wi-
Fi access points--also referred to as Wi-Fi hotspots. As described in 
greater detail below, Apple collects from millions of Apple devices 
anonymous location information for cell towers and Wi-Fi hotspots.\3\ 
From this anonymous information, Apple has been able, over time, to 
calculate the known locations of many millions of Wi-Fi hot spots and 
cell towers. Because the basis for this location information is the 
``crowd'' of Apple devices, Apple refers to this as its ``crowd-
sourced'' database.
---------------------------------------------------------------------------
    \3\ During this collection process, iOS does not transmit to Apple 
any data that is uniquely associated with the device or the customer.
---------------------------------------------------------------------------
    The crowd-sourced database contains the following information:

        Cell Tower Information: Apple collects information about nearby 
        cell towers, such as the location of the tower(s), Cell IDs, 
        and data about the strength of the signal transmitted from the 
        towers. A Cell ID refers to the unique number assigned by a 
        cellular provider to a cell, a defined geographic area covered 
        by a cell tower in a mobile network. Cell IDs do not provide 
        any personal information about mobile phone users located in 
        the cell. Location, Cell ID, and signal strength information is 
        available to anyone with certain commercially available 
        software.

        Wi-Fi Access Point Information: Apple collects information 
        about nearby Wi-Fi access points, such as the location of the 
        access point(s), Media Access Control (MAC) addresses, and data 
        about the strength and speed of the signal transmitted by the 
        access point(s). A MAC address (a term that does not refer to 
        Apple products) is a unique number assigned by a manufacturer 
        to a network adapter or network interface card (``NIC''). MAC 
        addresses do not provide any personal information about the 
        owner of the network adapter or NIC. Anyone with a wireless 
        network adapter or NIC can identify the MAC address of a Wi-Fi 
        access point. Apple does not collect the user-assigned name of 
        the Wi-Fi access point (known as the ``SSID,'' or service set 
        identifier) or data being transmitted over the Wi-Fi network 
        (known as ``payload data'').

    The crowd-sourced database does not reveal personal information 
about any customer. An Apple mobile device running Apple's mobile 
device operating system, iOS, can use the crowd-sourced database to: 
(1) provide the customer with an approximate location while waiting for 
the more precise GPS location, (2) find GPS satellites much more 
quickly, significantly reducing the wait time for the GPS location, and 
(3) triangulate the device location when GPS is not available (such as 
indoors or in basements). The device performs all of these calculations 
in response to a request for location information from an application 
on the customer's device that has been explicitly approved by the user 
to obtain the current location, and the device requests from Apple the 
crowd-sourced database information needed for these calculations.\4\
---------------------------------------------------------------------------
    \4\ For devices running the iPhone OS versions 1.1.3 to 3.1, Apple 
relied on (and still relies on) data bases maintained by Google and 
Skyhook Wireless (``Skyhook'') to provide location-based services. 
Beginning with the iPhone OS version 3.2 released in April 2010, Apple 
relies on its own data bases to provide location-based services and for 
diagnostic purposes.
---------------------------------------------------------------------------
    The crowd-sourced database must be updated continuously to account 
for, among other things, the ever-changing physical landscape, more 
innovative uses of mobile technology, and the increasing number of 
Apple's customers. In collecting and maintaining its crowd-sourced data 
base, Apple always has taken great care to protect its customers' 
privacy.
2. Downloading Crowd-Sourced Data To A Mobile Device
    To further improve the speed with which the device can calculate 
location, Apple downloads a subset of the crowd-sourced database 
content to a local cache on the device. This content describes the 
known locations of Wi-Fi hotspots \5\ and cell towers that the device 
can ``see'' and/or that are nearby, as well as nearby cell location 
area codes,\6\ some of which may be more than one hundred miles away. 
The presence of the local cache on the device enables the device to 
calculate an initial approximate location before Apple's servers can 
respond to a request for information from the crowd-sourced database.
---------------------------------------------------------------------------
    \5\ For each Wi-Fi hotspot, the location information includes that 
hotspot's MAC address, latitude/longitude coordinates, and associated 
horizontal accuracy number. For each cell tower, the location 
information includes the cell tower ID, latitude/longitude coordinates, 
and associated horizontal accuracy number.
    \6\ Cell base stations are grouped into ``location areas'' for 
network planning purposes, and each location area is assigned a unique 
``location area code.'' This ``location area code'' is broadcast by the 
cell base stations.
---------------------------------------------------------------------------
    One useful way to think of our cell tower and Wi-Fi hotspot 
database is to compare it to a world map, like the Rand McNally World 
Atlas, for example. Like a world map, our database of cell towers and 
Wi-Fi hotspots contains the specific locations of cell towers and Wi-Fi 
hotspots we have gathered. It doesn't have any information about where 
any individual person or iPhone is located on that map at any time. The 
cache on your iPhone is like a series of localized city street maps. 
When you enter a new area that you haven't been to or haven't been for 
awhile, we download a subset of the World Atlas--a more localized map 
of cell towers and Wi-Fi hotspots to your iPhone for the iPhone itself 
to better assist you. Just as a street map of a city includes all the 
streets and intersections for many miles around you, it also has the 
street you are on in addition to all the streets around you, but it 
doesn't know where you are at any time nor where you go or how often 
you go there. You use a street map to determine your precise location, 
relative to fixed points that are identified on the map. Similarly, 
your iPhone uses the fixed locations of the cell towers and WiFi 
hotspots to determine its own location relative to those points. Your 
iPhone, not Apple, determines its actual location without any further 
contact with Apple once it receives the city maps. Apple has no 
knowledge of your precise location.
    The local cache does not include a log of each time the device was 
near a particular hotspot or cell tower, and the local cache has never 
included such a log. For each Wi-Fi hotspot and cell tower, the local 
cache stores only that hotspot's/cell tower's most recent location 
information, downloaded from Apple's constantly updated crowd-sourced 
data base. After a customer installs the free iOS software update (iOS 
4.3.3) Apple released on May 4, 2011, iOS will purge records that are 
older than 7 days, and the cache will be deleted entirely when Location 
Services is turned off.
    The local cache is protected with iOS security features, but it is 
not encrypted. Beginning with the next major release of iOS, the 
operating system will encrypt any local cache of the hotspot and cell 
tower location information.
    Apple issued a free iOS software update on May 4, 2011. Prior to 
the update, iTunes backed up the local cache (stored in 
consolidated.db) as part of the normal device backup if there was a 
syncing relationship between the device and a computer. The iTunes 
backup, including consolidated.db, may or may not have been encrypted, 
depending on the customer's settings in iTunes. After the software 
update, iTunes does not back up the local cache (now stored in 
cache.db).
    When a customer runs certain applications, those applications 
request location information from iOS. Because of a bug that existed 
prior to the update, even when Location Services was off, the device 
would anonymously send the IDs of visible Wi-Fi hotspots and cell 
towers, without any GPS information, to Apple's servers, Apple's 
servers would send back the known, crowd-sourced location information 
for those hotspots and cell towers (and nearby hotspots and cell 
towers), and the device would cache that information in the 
consolidated.db file. None of this downloaded crowd-sourced location 
information or any other location information was provided to or 
disclosed to the application.
    The iOS software update fixed the bug that caused crowd-sourced 
location information to be downloaded to the device while Location 
Services was off. iOS will now delete any existing local cache from 
consolidated.db and, if Location Services is off, (1) Apple will not 
download any crowd-sourced location information to the device, 
regardless of whether a specific application requests that information, 
and (2) iOS will delete any cache of this information stored in 
cache.db.
3. Collections and Transmissions from Apple Mobile Devices
    Apple collects anonymous location information about Wi-Fi hotspots 
and cell towers from millions of devices to develop and refine Apple's 
database of crowd-sourced location information. The mobile devices 
intermittently collect information about Wi-Fi hotspots and cell towers 
they can ``see'' and tag that information with the device's current GPS 
coordinates, i.e., the devices ``geo-tag'' hotspots and towers.
    This collected Wi-Fi hotspot and cell tower information is 
temporarily saved in a separate table in the local cache; thereafter, 
that data is extracted from the data base, encrypted, and transmitted--
anonymously--to Apple over a Wi-Fi connection every twelve hours (or 
later if the device does not have Wi-Fi access at that time). Apple's 
servers use this information to re-calculate and update the known 
locations of Wi-Fi hotspots and cell towers stored in its crowd-sourced 
data base. Apple cannot identify the source of this information, and 
Apple collects and uses this information only to develop and improve 
the Wi-Fi hotspot and cell tower location information in Apple's crowd-
sourced data base. After the device attempts to upload this information 
to Apple, even if the attempt fails, the information is deleted from 
the local cache database on the device. In versions of iOS 4.1 or 
later, moreover, the device will not attempt to collect or upload this 
anonymous information to Apple unless Location Services is on and the 
customer has explicitly consented to at least one application's request 
to use location information.
4. Additional Location Information Collections
    If Location Services is on, Apple collects location information 
from mobile devices under the following four additional circumstances.
    First, Apple is collecting anonymous traffic data to build a crowd-
sourced automobile traffic database with the goal of providing iPhone 
users an improved traffic service in the next couple of years. This 
information is temporarily stored in the local cache on the device, 
anonymously uploaded to Apple, and then deleted from the device.
    Second, Apple collects anonymous diagnostic information from 
randomly-selected devices to evaluate and improve the performance of 
its mobile hardware and operating system. For example, Apple may 
collect information about a dropped cell phone call, including the 
calculated location of the device when a call was dropped, to help 
identify and address any cell connection issues. Before any diagnostic 
information is collected, the customer must provide express consent to 
Apple. Apple cannot associate this information with a particular 
customer.
    Third, Apple obtains information about the device's location (the 
latitude/longitude coordinates) when an ad request is made. The device 
securely transmits this information to the Apple iAd servers, the iAd 
servers immediately convert the latitude/longitude coordinates to a 
five-digit zip code, and the iAd servers then discard the coordinates. 
Apple does not record or store the latitude/longitude coordinates--
Apple stores only the zip code. Apple then uses the zip code to select 
a relevant ad for the customer.
    Finally, if a customer has consented to an application's collection 
and/or use of location information, iOS will provide current location 
information in response to a request from that application. iOS will 
provide that customer-approved application with the location of the 
device only; iOS does not provide applications with direct access to 
the local cache.
III. Third-Party Applications And The iAd Network
A. Third Party Applications
    In July 2008, Apple launched the App Store where customers may shop 
for and acquire applications offered by third-party developers for the 
iPhone, iPad and iPod touch. Currently the App Store includes more than 
350,000 third-party applications covering a wide variety of areas 
including news, games, music, travel, health, fitness, education, 
business, sports, navigation and social networking. Each application 
includes a description prepared by the developer regarding, among other 
things, what the application does, when it was posted, and, if 
applicable, what information the application may collect from the 
customer.
    Any customer with an iTunes account may purchase and download 
applications from the App Store. Developers do not receive any personal 
information about customers from Apple when applications are purchased. 
Only Apple has access to that information.
    Third-party application developers must register with Apple, pay a 
fee, and sign a licensing agreement before getting an app on the App 
Store. The current licensing agreement contains numerous provisions 
governing the collection and use of user data, device data, and 
location-based information, including the following:

   Developers and their Applications may not collect user or 
        device data without prior user consent, and then only to 
        provide a service or function that is directly relevant to the 
        use of the Application, or to serve advertising;

   Applications must notify and obtain consent from each 
        customer before location data is collected, transmitted, or 
        otherwise used by developers;

   Developers may not use analytics software in their 
        Applications to collect and send device data to a third party;

   Developers must provide clear and complete information to 
        users regarding their collection, use and disclosure of user or 
        device data (e.g., a description on the App Store or adding a 
        link to the applicable privacy policy).

   Developers must take appropriate steps to protect customers' 
        data from unauthorized use, disclosure or access by third 
        parties.

   If the customer denies or withdraws consent, applications 
        may not collect, transmit, process or utilize the customer's 
        user or device data, including location data;

   Developers must take appropriate steps to protect customers' 
        location-based information from unauthorized use or access;

   Developers must comply with all applicable privacy and data 
        collection laws and regulations regarding the use or 
        transmission of user and device data, including location-based 
        information;

   Applications must not disable, override, or otherwise 
        interfere with Apple-implemented system alerts, display panels, 
        consent panels and the like, including those intended to notify 
        the customer that location-based information is being 
        collected, transmitted, maintained, processed, or used, or 
        intended to obtain consent for such use.

    Developers that do not agree to these provisions may not offer 
applications on the App Store. Apple has the right to terminate our 
licensing agreement with any developer that fails to comply with any of 
these provisions. Apple reviews all applications before adding them to 
the App Store to ensure, for example, that they run properly and do not 
contain malicious code.
B. The iAd Network
    On July 1, 2010, Apple launched the iAd mobile advertising network. 
The network can serve ads to iPhone, iPod touch, and iPad devices 
running iOS 4, and the network offers a dynamic way to incorporate and 
access advertising within applications. Customers can receive 
advertising that relates to their interests (``interest-based 
advertising'') and/or their location (``location-based advertising''). 
For example, a customer who purchased an action movie on iTunes may 
receive advertising regarding a new action movie being released in the 
theaters or on DVD. A customer searching for nearby restaurants may 
receive advertising for stores in the area.
    As specified clearly in Apple's privacy policy as well as in all 
relevant Apple device software licensing agreements, customers may opt 
out of interest-based advertising by visiting the following site from 
their mobile device: https://oo.apple.com. Customers also may opt out 
of location-based advertising by toggling the device's location-based 
service capabilities to ``Off.''
    For customers who do not toggle location-based service capabilities 
to ``Off,'' Apple collects information about the device's location 
(latitude/longitude coordinates) when an ad request is made. This 
information is transmitted securely to the Apple iAd server via a 
cellular network connection or Wi-Fi Internet connection. The latitude/
longitude coordinates are converted immediately by the server to a 
five-digit zip code. Apple does not record or store the latitude/
longitude coordinates--Apple stores only the zip code. Apple then uses 
the zip code to select a relevant ad for the customer.
    Apple does not share any interest-based or location-based 
information about individual customers, including the zip code 
calculated by the iAd server, with advertisers. Apple retains a record 
of each ad sent to a particular device in a separate iAd data base, 
accessible only by Apple, to ensure that customers do not receive 
overly repetitive and/or duplicative ads and for administrative 
purposes.
    In some cases, an advertiser may want to provide more specific 
information based on a device's actual location. For example, a 
retailer may want its ad to include the approximate distance to nearby 
stores. A dialog box will appear stating: ```Advertiser' would like to 
use your current location.'' The customer is presented with two 
options: ``Don't Allow'' or ``OK.'' If a customer clicks ``Don't 
Allow,'' no additional location information is transmitted. If the 
customer clicks ``OK,'' Apple uses the latitude/longitude coordinates 
to provide the ad application with more specific location information--
the information is not provided to the advertiser.
    In closing, let me again affirm that Apple is strongly committed to 
protecting our customers' privacy. We give our customers clear notice 
of our privacy policies, and our mobile products enable our customers 
to exercise control over their personal information in a simple and 
elegant way. We share the Committee's concerns about the collection and 
potential misuse of all customer data, particularly personal 
information, and we appreciate this opportunity to explain our policies 
and procedures.
    I will be happy to answer any questions you may have.

    Senator Pryor. Thank you.
    Mr. Davidson?

                  STATEMENT OF ALAN DAVIDSON, 
            DIRECTOR OF PUBLIC POLICY, GOOGLE, INC.

    Mr. Davidson. Chairman Pryor, Chairman Rockefeller, members 
of the Subcommittee, my name is Alan Davidson, and I am the 
Director of Public Policy for Google in North and South 
America.
    Thank you for the opportunity to testify at this important 
hearing and for the Committee's leadership in helping companies 
and consumers grapple with these emerging privacy issues.
    My message today is simple. As we have heard, mobile 
services create enormous social and economic benefits, but they 
will not be used and they cannot succeed without consumer 
trust. That trust must be based on a sustained effort across 
our industry to protect user privacy and security, and we are 
committed to building that trust.
    First, a word about technology. Many of us are already 
experiencing the benefits of mobile and location-based 
services. Things as simple as getting real-time traffic maps 
that help aid your commute or finding the closest gas station 
on your car's GPS.
    Thousands of applications use location-based services to 
help connect consumers and businesses. The U.S. Postal Service 
offers an app to help users find post offices and mailboxes 
based on their location. You can find the closest cheeseburger 
using the Five Guys app, or find your nearby friends on 
Foursquare.
    And the value of location-based services extends far beyond 
convenience. These services can be lifesavers. Mobile location 
services can help you find the nearest hospital or police 
station, or let you know where you can fill a prescription at 
1:00 in the morning for a sick child. And that is just the 
start.
    We are now working with partners like the National Center 
for Missing and Exploited Children to explore how to deliver 
AMBER Alerts about missing children within seconds to users 
nearby. And mobile services may soon be able to alert people in 
the path of a tornado or a tsunami, or guide them to a 
evacuation route in the event of a hurricane, as I believe, 
Chairman Pryor, you heard in your hearing in the Homeland 
Security Committee.
    The rapid adoption of these services has been remarkable. 
For example, on our popular Google Map service, in the past 
year, 40 percent of our usage has shifted to mobile devices. 
Every month, over 150 million people now regularly turn to 
Google Maps on their Android, iPhone, BlackBerry, or other 
mobile phone.
    So mobile services are having growing importance in our 
economy. According to recent market reports, their potential 
economic impact is staggering. These services are creating jobs 
and new businesses, and they are increasing jobs in existing 
businesses.
    But here is the thing. To succeed in the long run, mobile 
services require consumer trust that is based on strong privacy 
and security protections. At Google, we focus on privacy 
protection throughout the life of our products, starting with 
the initial design. We subscribe to the view that by focusing 
on the user, all else will follow. So we use information where 
it provides value to consumers, and we implement strong 
controls for information sharing, applying the principles of 
transparency, choice, and security.
    When it comes to mobile services, for example, we are 
extremely sensitive with location information. We have made our 
mobile location services opt-in only, treating this information 
with the highest degree of care.
    So here is how the opt-in works on Android. When I took my 
Android phone--actually, this Android phone--out of its box, 
one of the first screens I saw asked me, in plain language, to 
affirmatively choose whether or not to share location 
information with Google. A screen shot of this process is 
included in our testimony, and it is on the board at the end of 
the row here.
    If a user doesn't choose to opt-in at setup or doesn't go 
into their settings later to turn it on, the phone will not 
send any location information back to Google's location 
servers. If a user does opt-in, all the location data that is 
sent back to Google's location servers is anonymized, and it is 
not traceable to a specific user or device. And users can later 
change their minds and turn it off.
    Beyond this, the Android operating system notifies users 
whenever a third-party application will be given permission to 
access location information before the user installs the app. 
That way, the user has the opportunity to cancel the 
installation if they don't want information collected.
    We believe this approach is essential for location services 
and is a good example of how to handle this kind of sensitive 
information--highly transparent information for users about 
what is being collected, opt-in choice before location 
information is collected, and high security standards to 
anonymize and protect information. Our hope is that this 
becomes a standard for the broader industry.
    The strong privacy and security practices I have described 
are a start. There is more to do. We salute the active role 
this committee has taken to educate consumers, and we commend 
what you are doing to bring stakeholders together to develop a 
comprehensive approach to privacy.
    The issues raised are clearly challenging, but finding 
answers is critical to maintaining consumer trust, protecting 
innovation, and supporting the rapid economic growth generated 
by these services. We look forward to continued conversations 
with the Committee.
    Thank you.
    [The prepared statement of Mr. Davidson follows:]

    Prepared Statement of Alan Davidson, Director of Public Policy, 
                              Google Inc.
    Chairman Pryor, Ranking Member, and members of the Committee:
    I am pleased to appear before you this morning to discuss mobile 
services, online privacy, and the ways that Google protects our users' 
personal information. My name is Alan Davidson, and I am Google's 
Director of Public Policy for the Americas. In that capacity, I oversee 
our public policy operations in the United States, and work closely 
with our legal, product, and engineering teams to develop and 
communicate our approach to privacy and security, as well as other 
issues important to Google and our users.
    Google is most well known for our search engine, which is available 
to Internet users throughout the world. We also make Android, an open 
operating system for mobile devices that in a few short years has grown 
from powering one device (introduced in the fall of 2008) to more than 
170 devices today, created by 27 manufacturers. We also offer dozens of 
other popular services, from YouTube to Gmail to Google Earth.
    Our business depends on protecting the privacy and security of our 
users. Without the trust of our users, they will simply switch to 
competing services, which are always just one click away. For this 
reason, location sharing on Android devices is strictly opt-in for our 
users, with clear notice and control. This is the way these services 
should work--with opt-in consent and clear, transparent practices, so 
consumers can make informed decisions about the location-based services 
that are so popular.
    This is also why we are educating parents and children about online 
safety, and working with groups like ConnectSafely and Common Sense 
Media to address the important issues of digital literacy and 
citizenship, including how to use Google's privacy, security, and 
family safety tools.
   In my testimony today, I'll focus on three main points:

   Location-based services provide tremendous consumer benefit;

   Google is committed to the highest standards of privacy 
        protection in our services, as demonstrated in our approach to 
        mobile services, content controls, consumer education, 
        advertising, and security; and

   Congress has an important role in helping companies build 
        trust and create appropriate baseline standards for online 
        privacy and security.
I. Location-based services provide tremendous value to consumers
    Mobile services are creating enormous economic benefits for our 
society. A recent market report predicts that the mobile applications 
market will be worth $25 billion by 2015. McKinsey estimates that 
personal location applications will generate as much as $700 billion in 
consumer value in the next 8 years.
    People can use mobile services to get driving directions from their 
current location, identify a traffic jam and find an alternate route, 
and look up the next movie time at a nearby theater. Location can even 
make search results more relevant: If a user searches for ``coffee'' 
from a mobile phone, she is more likely to be looking for a nearby cafe 
than the Wikipedia entry describing coffee's history. In the last year, 
a full 40 percent of Google Maps usage was from mobile devices. There 
are now 150 million active monthly Google Maps for Mobile users on 
Android, iPhone, BlackBerry, and other mobile platforms in more than 
100 countries.
    Thousands of other organizations and entrepreneurs offer 
applications that use location services to provide helpful products. 
For example, the U.S. Postal Service offers an application to help 
users find nearby post offices and collection boxes, based on their 
location. If you want a Five Guys burger, their application will find a 
location for you, and even lets you order in advance. Services such as 
Yelp and Urbanspoon use location to provide local search results, while 
applications like Foursquare let users find nearby friends who have 
chosen to share their location.


    Source: McKinsey Global Institute analysis.
    Mobile location data can even save lives. In crisis situations, 
people now turn to the Internet to find information. Within a few hours 
of the Japan earthquake, for example, Google saw a massive spike in 
search queries originating from Hawaii related to ``tsunami.'' We 
placed a location-based alert on the Google homepage for tsunami alerts 
in the Pacific and ran similar announcements across Google News, Maps, 
and other services. In cases like the Japanese tsunami or the recent 
tornadoes in the U.S., a targeted mobile alert from a provider like 
Google, or from a public enhanced 911 service, may help increase 
citizens' chances of getting out of harm's way.
    Other emergency notifications like AMBER alerts can be improved 
using location data, too. In the past, a parent's best hope of finding 
a missing child might have been a picture on a milk carton. Google 
works with the National Center for Missing and Exploited Children 
(NCMEC) in an ongoing partnership to develop technology solutions that 
help them achieve their mission. Today, modern tools and information 
can make NCMEC's AMBER alerts more effective and efficient through 
location-based targeting--within seconds of the first report, an AMBER 
alert could be distributed to all users within one-mile of the 
incident. As Ernie Allen, NCMEC's President and CEO, wrote last week:

        Google's contributions to our Missing Child Division have also 
        been significant. Your tools and specialized engineering 
        solutions assist our case managers in the search for missing 
        children. . . . We eagerly await the completed development of 
        the AMBER Alert tool, which will expand the reach and 
        distribution of AMBER alerts to Google users and will surely 
        have enormous potential for widespread dissemination of news 
        about serious child abduction cases. Thank you for your 
        continued efforts to give children the safer lives that they 
        deserve.

    None of these services or public safety tools would be possible 
without the location information that our users share with us and other 
providers, and without the mobile platforms that help businesses and 
governments effectively reach their audiences.
II. Google is committed to the highest standards of privacy protection 
        in our services
    Google would not be able to offer these services--or help create 
the economic and social value generated from location data--if we lost 
the trust of our users. At Google, privacy is something we think about 
every day across every level of our company. It is both good for our 
users and critical for our business.
Our privacy principles
    Privacy at Google begins with five core principles, which are 
located and available to the public at www.google.com/corporate/
privacy_principles.html:

   Use information to provide our users with valuable products 
        and services.

   Develop products that reflect strong privacy standards and 
        practices.

   Make the collection and use of personal information 
        transparent.

   Give users meaningful choices to protect their privacy.

   Be a responsible steward of the information we hold.

    First, as with every aspect of our products, we follow the axiom of 
``focus on the user and all else will follow.'' We are committed to 
using information only where we can provide value to our users. We 
never sell our users' personally identifiable information. This is 
simply not our business model.
    Second, we aim to build privacy and security into our products and 
practices from the ground up. From the design phase through launch, we 
consider a product's impact on our users' privacy. And we don't stop at 
launch; we continue to innovate and iterate as we learn more from 
users.
    Our last three principles lay out our substantive approach to 
privacy: We are committed to transparency, user control, and security.
Internal process and controls
    Google also reflects these principles in our development process 
and employee training. As we recently explained, we have begun to 
implement even stronger internal privacy controls with a focus on 
people, training, and compliance.
    All this process is aimed at ensuring that products match our 
philosophy and avoid mistakes that jeopardize user trust--like the 
launch of Google Buzz, which fell short of our standards for 
transparency and user control. To help make sure we live up to this 
promise, we entered into a consent decree with the Federal Trade 
Commission this year, under which we'll receive an independent review 
of our privacy procedures every 2 years. In addition, we'll ask users 
to give us affirmative consent before we change how we share their 
personal information.
Products reflecting principles: Opt-in location controls on Android
    We understand location information is sensitive. So our approach to 
location data is simple: Opt-in consent and clear notice are required 
for collection and use of location information on Android.
    We don't collect any location information--any at all--through our 
location services on Android devices unless the user specifically 
chooses to share this information with Google. We also give users clear 
notice and control; the set-up process explicitly asks users to ``allow 
Google's location service to collect anonymous location data.'' And 
even after the set-up process, users can easily turn off location 
sharing with Google at any time they wish.
    The location services in our Android operating system embody the 
transparency and control principles that we use to guide our privacy 
process. We hope that this will be a standard for the industry.
    Google is also very careful about how we use and store the data 
that is generated by these services. The location information sent to 
Google servers when users opt in to location services on Android is 
anonymized and stored in the aggregate. It's not tied or traceable to a 
specific user. The collected information is stored with a hashed 
version of an anonymous token, and that hashed token is deleted after 
approximately one week. A small amount of location information 
regarding nearby Wi-Fi access points and cell towers is kept on the 
Android device to help the user continue to enjoy the service when no 
server connection is available and to improve speed and battery life.
    In order to provide these location services, many companies detect 
nearby, publicly available signals from Wi-Fi access points and cell 
towers and use this data to quickly approximate a rough position, even 
while they may be working on a more precise GPS-based location. This 
can be done by using information that is publicly broadcast (for 
example, that list of Wi-Fi access points you see when you use the 
``join network'' option on your computer). Companies like Skyhook 
Wireless and Navizon compile such information and license the data to 
many industry leaders.
    Google has a similar location service called the Google Location 
Server--an Internet database that uses Wi-Fi access points and cell 
towers to determine an estimated location and that uses GPS information 
to estimate road traffic. Device manufacturers can license the Network 
Location Provider application for Android from Google. This Network 
Location Provider is turned off by default. It can be turned on by the 
user during the phone's initial setup or in the device settings.


    The Network Location Provider is off by default. The user can opt-
in and turn on location services during the initial setup flow.


    The user can opt-in to turn on the Network Location Provider on 
their Android phone from within the device settings.
    The Android operating system is built on openness, with the goal of 
encouraging developers to innovate. With this principle in mind, Google 
does not decide which applications can access location or other user 
information from the device. Instead, the Android operating system uses 
a permissions model in which the user is automatically informed of 
certain types of information an application will be able to access. The 
user may choose to trust the application by completing the installation 
or the user may choose to cancel the installation. An application can 
only access the device's GPS location or the device's network location 
if it displays a notice for this permission to the user at time of 
installation.
    When Google creates an Android application, like Google Maps for 
mobile devices, Google is responsible for how the application collects 
and handles data and for the privacy disclosures made to users, and 
generally applies the Google Mobile Terms of Service and the Google 
Mobile Privacy Policy. These privacy policies are also clearly 
displayed to the user when the user first signs into the Android 
device.
    When an Android application is not developed by Google, the 
application developer bears the responsibility for its design and its 
use of data. Google does not and cannot control the behavior of third 
party applications, or how they handle location information and other 
user information that the third party application obtains from the 
device. Google does strongly encourage application developers to use 
best practices as described in this Google blog post.
How our products reflect our principles: Parental controls and family 
        safety
    While Google does not offer services directed at children, we try 
to provide families with the tools and education to ensure a positive 
and safe experience on our services. In addition to our work with NCMEC 
and others to protect children, our major consumer education 
initiatives include:

   Android Market content ratings. The content rating system is 
        a new feature of Android Market that requires developers to 
        rate their apps in one of four categories, in accordance with 
        our guidelines: Everyone, Low-, Medium-, or High-Maturity. 
        Developers are responsible for rating the apps, and if users 
        come across incorrectly rated apps, they can flag them for 
        review.

   SafeSearch on Mobile. Just as with Google Web Search on 
        desktop, Google's SafeSearch filter is accessible on mobile for 
        users who search on a mobile browser. SafeSearch uses advanced 
        technology to block sexually explicit images and text from 
        search results. Users can customize and lock their SafeSearch 
        settings to ``Strict'' or ``Moderate'' by clicking on the 
        ``Settings'' link to the top right corner of the homepage on 
        Google.com.

   Digital Literacy initiative. To help educate families about 
        responsible Internet use, we developed a curriculum with 
        iKeepSafe that teaches teens to recognize online risks, 
        investigate and determine the reliability of websites, and 
        avoid scams. We've sponsored a tour that iKeepSafe is taking 
        across the country to bring the curriculum into local 
        communities and classrooms.

   Family Safety Center. In cooperation with the Federal Trade 
        Commission's OnGuardOnline initiative and other child safety 
        advocates and experts, we built a one-stop shop for families, 
        available at www.google.com/familysafety, to provide step-by-
        step instructions for using safety tools built into Google 
        products and other best practices for families to consider. In 
        response to popular requests, we've added a section about 
        managing geolocation features on mobile phones.

   Net Safety Tips on the Go app. The Internet Education 
        Foundation, in partnership with Google and others, created an 
        app to help users keep up with online privacy, safety, and 
        security issues on your Android phone. It provides quick, 
        practical, friendly advice for you and your family. The tips, 
        developed by leading online safety organizations, cover 
        important issues like mobile privacy and safety, sexting and 
        cyberbullying, social networking safety, and avoiding identity 
        theft.
How our products reflect our principles: Advertising and privacy
    John Wanamaker, considered by some to be the father of modern 
advertising, once remarked that ``half the money I spend on advertising 
is wasted; the trouble is I don't know which half.'' Google's 
advertising products are aimed at eliminating that wasted half, 
bringing data-driven efficiency to advertising. But as we work to bring 
more relevant and useful ads to our users, we continually seek to 
preserve transparency and user control over the information used in our 
ad system.
    Google was not the first to offer interest-based advertising (known 
as IBA) online, but when we launched IBA, in March 2009, we included a 
number of groundbreaking privacy features. Google's interest-based ads 
contain notice in the actual advertisement indicating that it is a 
Google ad. The in-ad notice is linked to information about IBA, 
including our Ads Preferences Manager, which allows users to change the 
interest categories used to target ads, or to opt-out of interest-based 
advertising altogether. Note that we do not serve interest-based ads 
based on sensitive interest categories such as health status or 
categories relating to kids. We are also participating in the industry-
wide ad targeting notice and opt-out program.
    We have seen that for every visitor that opts out of IBA on this 
page, seven users view or edit their settings and choose to remain 
opted in. We take from this that online users appreciate transparency 
and control, and become more comfortable with data collection and use 
when we offer it on their terms and in full view.
    Recently, discussions about online ad targeting have centered on 
the ability of users to indicate a desire to opt out of this profiling 
and targeting by all online providers--sometimes called Do Not Track. 
In January, Google sought to further encourage consistency and ease of 
control over online targeting by launching the Keep My Opt-Outs Chrome 
extension, which enables all providers participating in ever-expanding 
industry self-regulatory programs to make their IBA opt outs permanent 
via a simple browser-based mechanism. As new opt outs come online, we 
will automatically update this extension to keep users up to date. In 
the first few months, more than 100,000 users have already installed 
and are using the extension. We even released this tool on an open-
source basis so that other developers can examine, assess, enhance, or 
even extend the code's capabilities. Additionally, we are developing 
versions of Keep My Opt Outs that work on other major browsers.
    Just last month, we extended our advertising privacy approach to 
our mobile application ad networks. These networks help mobile app 
developers make money from their products. For these ad systems, we 
have created a user-friendly solution involving anonymization, user 
control, and user notice. First, Google performs a one-way, non-
reversible hashing of a device identifier to create an anonymous ID 
specifically for ad serving. Second, for both Android and iPhone users 
we give consumers an easy way to opt out the use of their device 
identifier by Google's advertising services altogether. Third, we are 
notifying all users of how we customize ads and their opt-out controls 
with clear notice as you see here.


    Because the mobile application interfaces are more limited, we 
chose to rotate full-size privacy notices in with other advertisements, 
rather than use an icon, which is hard to see or click on the smaller 
mobile screen.
How our products reflect our principles: Security through encryption 
        and two-step verification
    Along with transparency and user control, strong security for users 
of Google's services to protect against hackers and data breach is 
vital.
    For example, Google was the first (and still only) major webmail 
provider to offer session-wide secure socket layer (SSL) encryption by 
default. Usually recognized by a Web address starting with ``https'' or 
by a ``lock'' icon, SSL encryption is used for online banking and other 
secure transactions. Users can also encrypt search. Just type ``https:/
/encrypted.google.com'' into your browser to encrypt your search 
queries and results. We hope other companies will soon join our lead.
    In March of last year Google introduced a system to notify users 
about suspicious activities associated with their accounts. By 
automatically matching a user's IP address to broad geographical 
locations, Google can help detect anomalous behavior, such as a log-in 
appearing to come from one continent only a few hours after the same 
account holder logged in from a different continent. Thus, someone 
whose Gmail account may have been compromised will be notified and 
given the opportunity to change her password, protecting herself and 
her contacts.


    Finally, we recently released 2-step verification for consumer 
Gmail accounts, which allows users who are concerned about the security 
of their account to use a password plus a unique code generated by a 
mobile phone to sign in. It's an extra step, but it's one that 
significantly improves the security of a Google Account. Now, if 
someone steals or guesses a Gmail user's password, the potential 
hijacker still cannot sign in to the user's account because the 
hijacker does not have the user's phone. We are already hearing stories 
from our users about how this extra layer of security has protected 
them from phishing attacks or unauthorized access.
III. Congress should act to build trust and create appropriate baseline 
        standards
    Congress has a vital role to play in encouraging responsible 
privacy and security practices, both by bringing attention to these 
issues and through legislation where appropriate.
    The first step Congress can take, and one on which we can all find 
common ground, is the need for basic ``digital citizenship'' education 
for parents, children, teens, and all consumers. Digital skills are 
essential life skills in a 21st century economy, including 
understanding basic technical concepts like how to create a safe 
password and avoid online scams, to critical thinking such as 
evaluating whether information on a blog is reliable or not. It is 
crucial that Congress and providers work together to create resources 
for programs that address these issues and promote them to all 
consumers, particularly parents and educators.
    A second area for careful consideration is legislation. Google 
supports the development of comprehensive, baseline privacy framework 
that can ensure broad-based user trust and that will support continued 
innovation. We salute the work of Senators Kerry and McCain to develop 
a comprehensive approach to this issue, based on the same principles of 
transparency, control, and security we apply to our own services. We 
look forward to continued conversations about this bill as it evolves.
    Key considerations for any comprehensive approach to privacy 
include:

   Even-handed application. A pro-innovation privacy framework 
        must apply even-handedly to all personal data regardless of 
        source or means of collection. Thus, offline and online data 
        collection and processing should, where reasonable, involve 
        similar data protection obligations.

   Recognition of benefits and costs. As with any regulatory 
        policy, it is appropriate to examine the benefits and costs of 
        legislating in this area, including explicit attention to 
        actual harm to users and compliance costs.

   Consistency across jurisdictions. Generally, Internet users 
        neither expect nor want different baseline privacy rules based 
        on the local jurisdiction in which they or the provider reside. 
        Moreover, in many instances, strict compliance with differing 
        privacy protocols would actually diminish consumer privacy, 
        since it would require Internet companies to know where 
        consumers are located at any given time.

    By the same token, in general we do not support a continued 
``siloed'' approach to privacy law. While much of today's debate 
centers on location information and ``Do Not Track'' advertising 
privacy proposals, providers and consumers need a comprehensive 
approach that will set consistent, baseline principles for these issues 
and those to come in the future. Otherwise, this Committee and others 
will be returning term after term to address the latest new technology 
fad.
    Moreover, industry response to the advertising privacy issue has 
been encouraging. In a few short months, all major browser companies 
have introduced new controls, and the advertising and online publishing 
industries have come together to announce uniform standards for notice 
and control over targeted ads.
    We can, however, suggest two concrete areas where Congress can act 
immediately to strengthen Americans' privacy protections and provide 
consistency for providers.
    Congress should promote uniform, reasonable security principles, 
including data breach notification procedures. We pride ourselves at 
Google for industry-leading security features, including the use of 
encryption for our search and Gmail services. But we need help from the 
government to ensure that the bad acts of criminal hackers or 
inadequate security on the part of other companies does not undermine 
consumer trust for all services. Moreover, the patchwork of state law 
in this area leads to confusion and unnecessary cost.
    In addition, the Electronic Communications Privacy Act, the U.S. 
law governing government access to stored communications, is outdated 
and out of step with what is reasonably expected by those who use cloud 
computing services. ECPA worked well for many years, and much of it 
remains vibrant and relevant. In significant places, however, a large 
gap has grown between the technological assumptions made in ECPA and 
the reality of how the Internet works today, leaving us in some 
circumstances with complex and baffling rules that are both difficult 
to explain to users and difficult to apply.
    As part of the Digital Due Process coalition, we are working to 
address this issue. The Digital Due Process coalition includes members 
ranging from AT&T to Google to Americans for Tax Reform to the ACLU. It 
has put forward common sense principles that are designed to update 
ECPA, while ensuring that government has the legal tools needed to 
enforce the laws.
    Particularly relevant to today's hearing, the coalition seeks to:

   Create a consistent process for compelled access to data 
        stored online. Treat private communications and documents 
        stored online the same as if they were stored at home and 
        require a uniform process before compelling a service provider 
        to access and disclose the information.

   Create a stronger process for compelled access to location 
        information. Create a clear, strong process with heightened 
        standards for government access to information regarding the 
        location of an individual's mobile device.

    Advances in technology rely not just on the smart engineers who 
create the new services, but also on smart laws that provide the 
critical legal underpinning for continued innovation and adoption of 
the technology. We hope to work with this Committee and with Congress 
as a whole to strengthen these legal protections for individuals and 
businesses.
          * * *
    Google appreciates the efforts of this subcommittee to address the 
critical privacy and security issues facing consumers. We look forward 
to working with you, and to answering any questions you might have 
about our efforts.
    Thank you.

    Senator Pryor. Thank you.
    Ms. Shenkan?

   STATEMENT OF AMY GUGGENHEIM SHENKAN, PRESIDENT AND CHIEF 
             OPERATING OFFICER, COMMON SENSE MEDIA

    Ms. Shenkan. Good morning, Mr. Chairman, members of the 
Committee, and thank you for this opportunity to discuss the 
crucial issue of protecting consumer privacy in this 
marketplace.
    The hearing is timely, and the stakes are high, especially 
for our nation's kids. I want to talk about two things today. 
Why is privacy such an important issue? And what is the Common 
Sense Media position on what we must do about it?
    So why is this so important? Let me start by saying that 
Common Sense Media embraces media and technology. One of our 
founding beliefs is that we love media, but we and the millions 
of parents who use our resources are increasingly worried about 
threats to children's privacy in a rapidly changing mobile and 
digital world.
    Eighty-five percent of parents we polled said they are more 
concerned about privacy than they were 5 years ago. Let me also 
preface by saying that Common Sense Media understands and 
appreciates the Internet economy and the sheer brilliance of 
what these companies have invented.
    We live and work in Silicon Valley. That is why it is so 
jarring to hear their ``can't do'' attitude when it comes to 
inventing technological solutions to protect kids. We get half 
measures after the fact, and then they only offer partial 
solutions. They can do better. We know it. And we believe they 
know it.
    Parents and kids are rightly concerned. So why do we worry? 
Two reasons. First, kids live their lives online. Kids don't 
just access content anymore. They create it. Our kids are 
growing up in public.
    Many of the people in this room can attest to how hard it 
is to be a public figure. Imagine if you are only 13 and had an 
unflattering picture of you spread across the web, as has 
happened to hundreds of kids in high schools across the 
country. Seven and a half million kids under 13 are on 
Facebook, and millions more teens.
    Second, we are also seeing too many examples of how our 
privacy is not protected in this world. We all know that Sony 
just experienced a security breach, which exposed personal data 
of more than 100 million--100 million--of its online video game 
users. And the list goes on.
    This hearing is specifically around mobile, and for good 
reason. The mobile world puts all the privacy issues that we 
have talked about for years on steroids. Why? I will list a 
couple of reasons.
    Mobile phones are tied to a specific person. Most computers 
aren't. Because there are more opportunities for tracking, with 
a mobile device you have someone's location, and it is always 
with you. And we found out that it is always busy during the 
night as well for many people today.
    The average smartphone owner spends more time on apps than 
they do talking on it or browsing the web. This is an issue 
because mobile apps are far less transparent about how they use 
your data than most websites. Nearly three-quarters don't even 
have a basic privacy policy, and mobile browsers don't have 
nearly as many privacy controls as Web browsers do.
    In the end, we are all involved in protecting kids' privacy 
in the online and mobile world. But we can also protect our--
but we can't protect our kids' privacy if companies and 
operators aren't providing real opportunities to do so.
    So what do we at Common Sense Media propose? We urge 
Congress to bolster laws protecting essential privacy for our 
Nation's children and teens. There are five principles which 
should be essential elements of any new legislation from 
Congress.
    First of all, number one, the industry standard for all 
privacy should be opt-in, especially for kids and teens, 
private by default and public by effort. And today, it is the 
other way around.
    Number two, privacy policies should be clear and 
transparent. You shouldn't need to hold a degree from Harvard 
Law School to figure out how to decode a privacy policy.
    Three, no behavioral tracking of kids. There are limits on 
advertising to kids on TV and cable, not on the web. Kids are 
not little consumers. They are children. Let us not invade 
their privacy and then pummel them with ads.
    Number four, parents and kids should be able to easily 
delete online information. Too often we hear about young people 
who post information they later regret and find that they can 
never fully delete it from the online world. We have to protect 
these kids from permanent damage.
    And finally, number five, we must vastly increase education 
and information about online privacy. Kids and parents need to 
do their part to protect privacy and the privacy of their 
friends. A large-scale, multi-year education campaign would 
help them learn how to do so effectively. Industry leaders 
could play an important role in this and should be required to 
finance it.
    Honestly, we wonder why leading tech companies seem to 
consider privacy implications for children and teens only after 
the fact. These considerations should be baked into the design 
phase of a product or service. Companies now successfully do 
this for disability access. Why can't we do it for kids' 
privacy?
    A founder of a popular social networking company commented 
last week in a Washington Post interview that, and I quote, 
``We will figure things out as we go along,'' when asked about 
special privacy considerations for youth. Come on, we have got 
to do better than that.
    We all need to work together to find solutions in this 
space, and we need the tech companies to bring their innovation 
skills to this crucial and shared goal of protecting our 
Nation's kids.
    Thank you.
    [The prepared statement of Ms. Shenkan follows:]

        Prepared Statement of Amy Guggenheim Shenkan, President 
            and Chief Operating Officer, Common Sense Media
``Protecting Privacy--Especially for Kids--in a Mobile and Digital 
        World''
    Good morning, Mr. Chairman, and members of the Committee, and thank 
you for this opportunity to discuss the crucial issue of protecting 
consumer privacy in the mobile marketplace.
    Common Sense Media is a non-profit, non-partisan organization 
dedicated to improving the lives of kids and families by providing the 
trustworthy information, education, and independent voice they need to 
thrive in a world of media and technology.
    Nearly two million people visit the Common Sense website every 
month for reviews and parent tips about media content and the digital 
media world. Tens of millions more access our advice and information 
through our distribution partnerships with leading companies like 
Comcast, DIRECTV, Time Warner Cable, Cox Communications, Facebook, 
Yahoo!, Google, Apple, Disney, Netflix, Best Buy, and more.
    Common Sense Media commends the Chairman and the Committee for this 
timely hearing on consumer privacy. The stakes couldn't be higher for 
all of us, and especially for our nation's kids.
    Today, millions of kids don't just go online, they seem to live 
their lives online. Children and teens today are growing up in a media 
environment that provides an ever-present and ever-changing experience 
in a new digital landscape--an environment that is changing childhood. 
A recent study by Consumer Reports estimated that 7.5 million kids 
under age 13 are lying about their age to be on Facebook--and that 5 
million of those kids are age 10 and under. There are tens of millions 
more who are 13 through 17.
    And kids don't just access content online, they create it. They 
don't simply interact with their peers online, but with adults and 
companies too.
    And in contrast to the childhoods we all had, today's children are 
growing up in public. They post, search, copy, ``friend,'' ``un-
friend,'' tweet, create, distribute, and connect through social 
networks, apps, and other digital services in ways that can be seen by 
millions around the world and gleaned by companies as well, including--
but not limited to--the companies represented here today.
    The Internet is a worldwide platform for accessing information and 
realizing new educational opportunities, possessing resources for both 
entertainment and learning. Yet, with all of the wondrous things that 
the Internet brings to children and teens, the interaction that such 
kids have with digital technology, apps, and services raises 
significant concerns about kids' privacy.
    Overall concern about consumer privacy is clearly growing. In a 
Common Sense Media/Zogby International poll last fall, 85 percent of 
parents said they are more concerned about online privacy than they 
were 5 years ago.
    Moreover, privacy is a concern expressed not only by parents--but 
by kids too. The same poll found that 91 percent of parents (and 81 
percent of teens) say search engines and social networking sites should 
not share their physical location with other companies without their 
specific authorization.
    Yet, lest you think that Common Sense Media is a Luddite 
organization, let me emphasize that we embrace technological change and 
innovation and the manifold benefits the Internet and digital media 
bring to children and teens. One of our founding beliefs is that ``we 
love media.'' Like the millions of parents and teachers who come to 
Common Sense for information, we want to find the best things that the 
digital media world offers for kids--and there are many great things--
but also want to avoid the things that may not be appropriate for them, 
especially at younger ages.
    We simply believe that a far better balance can and must be struck. 
A balance that makes available the rich resources of the Internet--but 
that also protects children and teens from privacy invasions and 
inappropriate targeted marketing and behavioral advertising. There is 
no such balance today, and the basic well-being of our children and 
teens is at risk as a result.
    We believe that balance is being struck in a bipartisan way on the 
House side by legislation introduced by Rep. Ed Markey (D-MA) and Rep. 
Joe Barton (R-TX), the first major kids' privacy legislation introduced 
since 13 years ago--when the founder of Facebook was in grade school.
    And as much as we embrace overarching, comprehensive privacy 
protections for consumers--and especially kids--for all Internet 
technologies and services, it is clear that the ability to track the 
mobile whereabouts and habits of an individual as she or he moves 
throughout our society raises hyper-sensitive privacy issues. Privacy 
is an issue everywhere in the online world, but in the mobile world, 
privacy is an issue on steroids. And this Nation must address the issue 
of mobile privacy now. We cannot overstate the urgency of this moment.
    For kids, this is absolutely critical--knowing what a child or teen 
does online at home is one thing. Knowing where they go after school, 
with whom they visit, what they search for, and what hours they spend 
where around town is not only incredibly invasive, it is potentially 
very dangerous and a fundamental violation of their personal privacy 
and self-interest. Mobile companies and app developers that have a 
cavalier attitude about this topic need a very clear wake-up call. 
While all adults should have ``opt-in'' protections for location 
information for all mobile services and apps, it is vitally important 
to move immediately to protect children and teens in the mobile 
environment.
    Concerns about mobile technology and geolocation have been 
reinforced in several recent surveys and studies. For example:

   In a survey by TRUSTe, an industry-based organization, 77 
        percent of smartphone users said that they don't want to share 
        their location with app owners and developers.

   In a recent Nielsen survey of mobile subscribers who 
        downloaded an application within the previous 30 days, more 
        than half (59 percent of women and 52 percent of men) said they 
        are concerned about their privacy when using geolocation 
        services and check-in apps.

   A new study by the Future of Privacy Forum analyzed the top 
        30 paid mobile apps across the leading operating systems (iOS, 
        Android, & Blackberry) and found that 22 of them -nearly three-
        quarters--lacked even a basic privacy policy. This is 
        outrageous, especially because kids are such huge users!

    It is obvious to most of us and clearly to most parents that our 
existing protections for privacy and personal information online are 
grossly inadequate and in no way keeping pace with the rapid changes of 
our digital and mobile media world.
    Congress must address this critical issue for kids and families 
now. Congress enacted legislation in the late 1990s addressing wireless 
location information from wireless carriers requiring such companies to 
obtain the ``prior express authorization'' of the subscriber for using 
location information for commercial purposes. But this outdated law did 
not cover 3rd party services and apps--only wireless companies--and did 
not contain specific protections for children and teens. That should be 
changed now.
    Moreover, in the case of children, as you know, the Children's 
Online Privacy Protection Act (COPPA) is the landmark legislation in 
this area, but the technological advances that have occurred since 1998 
make COPPA woefully out of date for keeping children safe from these 
vast new threats to their privacy. 1998 is like the medieval ages of 
digital tech development, but that is when the last privacy law 
protecting kids was written.
    Common Sense Media believes it is way past time to update that Act 
and to provide major new privacy protections for children and teens, on 
mobile platforms and elsewhere.
    If we want to strike the proper balance, and ensure that America's 
kids and adults can realize the benefits, and avoid the potential 
pitfalls, of the digital world, all of us--parents, educators, 
policymakers, and industry leaders--can and must take steps to improve 
protections for our privacy and personal information online, and 
especially for kids. But Congress must lead now.
    For kids, Common Sense Media believes those steps should build on a 
few basic principles. The first is Do Not Track Kids. Period. Full 
Stop.
    Children and teens should not have their online behavior tracked or 
any other personal information about them collected, profiled, or 
transferred to other parties. The 1998 COPPA categories of ``personally 
identifiable'' information (e.g., name and address) must be updated to 
include other ``persistent identifiers'' and to encompass all 
activities in the online and mobile world. What children and teens do 
online should remain private.
    Companies--whether Internet service providers, social networking 
sites, third party application (``app'') providers, data-mining 
companies, or advertising networks--should not be permitted to collect, 
store, use, sell, or transfer that information at all. And Congress 
must pass a law with teeth in order to enforce this prohibition.
    Today many companies troll the Internet to collect our kids' 
detailed information in order to target them with ``behavioral 
marketing''--advertising that is specifically tailored to their age, 
gender, interests, and activities. Behavioral marketing to kids is 
unfair and deceptive, and it should stop.
    Without parents or kids knowing it, companies collect, store, and 
sell information about what kids do online and on mobile phones. 
Companies can install ``cookies'' or other devices that track which 
websites kids visit, including which pages they look at; what searches 
they make; which videos they download; who they ``friend'' on social 
networking sites; what they write in e-mails, comments, or instant 
messages; and more.
    And thanks to geolocation services, companies can now also track 
where kids go in the physical world as well as the virtual one.
    Obviously, some online tracking is a helpful aspect of Web 2.0 
technology, and parents or teens over the age of 16 should be able to 
``opt in'' to limited use of tracking devices, as long as they are not 
used for behavioral marketing and are not transferred to third parties. 
This is the second major element of a legislative effort to protect the 
privacy interests of kids.
    Because of the dramatic growth of mobile technology and geolocation 
services, it is absolutely essential that privacy protections apply 
across all online and mobile platforms. And this Committee and the 
Senate should pass laws to that effect in this Congress.
    Many kids today don't merely go online--they always are online, 
whether from their home computer or from a cell phone, iPod, or Web-
connected video game console. To reflect today's mobile and digital 
world, privacy regulations need to be vastly expanded and applied to 
all online and mobile services and platforms. Social networking sites 
shouldn't be able to collect or sell kids' private information, and 
neither should third-party apps on those sites. Geolocation services 
shouldn't be allowed without clear prior consent--a formal opt in by a 
parent--regardless of what type or company or operator provides the 
service.
    It's important to note that just as we say, ``we love media,'' 
Common Sense also loves mobile technology, including for kids, but we 
are highly cognizant of the downsides as well, especially where the 
fundamental privacy rights of children and teens are involved.
    In April 2010, we published a white paper ``Do Smart Phones = Smart 
Kids? The Impact of the Mobile Explosion on America's Kids, Families, 
and Schools.''
    That paper highlighted the vast expansion of mobile technology 
usage by kids, and also the ways that smart phones and devices can help 
kids learn, explore, and engage. But we also highlighted some of the 
extraordinary potential downsides of mobile media, including ways that 
these devices may make it easier for kids to engage in inappropriate--
and even dangerous--activities. These include cyberbullying, sexting, 
and distracted driving. Most importantly, Common Sense raised a number 
of critical questions about the potential downsides of mobile phones 
and geolocation technology:

        Mobile phones with GPS capabilities can expose a kid's exact 
        location. Many new programs and apps have been developed that 
        allow kids to announce their physical whereabouts. This creates 
        physical safety concerns. If a kid shares location info to 
        ``friends,'' that information can be passed along to unintended 
        audiences. Privacy concerns are also a huge issue. Marketers 
        use geo-location technology to target kids with promotions. A 
        child's purchasing habits will be registered and personal data 
        collected. Location-based technology raises several critical 
        questions and concerns:

     Should mobile geolocation data, persistent IP addresses 
            and other identifying information be protected for children 
            under age 13--in the same way that name, age, gender, and 
            address information are protected today?

    (Clearly. And there should be protections for 13 to 17 year olds as 
well.)

     Do teens understand how their personally identifying 
            information will be used, and do they need additional 
            protections?

    (Obviously not, so the privacy of teens must be protected by clear 
legislation.)

     Will this identifying information be used to target kids 
            and teens with new behavioral advertising and marketing 
            campaigns?

    (Sure, unless Congress forbids this practice, as it should.)
    There are several additional key principles I'd like to highlight 
briefly from our recent policy brief, ``Protecting Our Kids' Privacy in 
a Digital World''--which should be essential elements of new privacy 
legislation from Congress this year.
1. The Industry Standard for All Privacy Should Be Opt In--Especially 
        for Kids and Teens
    Companies and operators must make significant changes in the ways 
that they collect and use personal information. The industry standard 
should always be ``opt in''--companies and operators should not collect 
or use personal information unless users give explicit prior approval.
    The opt-in standard is fundamental to our ability to control our 
personal information. If online companies, services, and applications 
want to collect and use personal information, they should get 
permission beforehand by asking people to opt in to the service. And 
for kids and teens under 16, this means getting their parental 
permission up front.
    Far too many online and mobile companies launch new services--
including geolocation-based applications--and enroll users 
automatically, giving them the opportunity to opt out afterward. This 
can mean that kids' personal information is collected and used before 
the kids or their parents even understand how the service works. All 
online companies, services, and third-party application providers 
should follow an industry standard of obtaining a clear opt in, 
especially for kids.
2. Privacy Policies Should Be Clear and Transparent
    Privacy policies must be easy for all users to find and understand 
and should be carefully monitored and enforced. Instead of lengthy 
legal documents, companies should use icons and symbols that would 
clearly and simply convey how--and why--users' personal information 
will be used. We need clear, succinct language for privacy policies, 
especially for kids.
3. The Eraser Button--Parents and Kids Should Be Able to Easily Delete 
        Online 
        Information
    Children and teenagers should have the opportunity to delete any 
and all information they have provided about themselves. Too often we 
hear about young people who post information they later regret and find 
they can never fully delete from the online world. Children and teens 
post personal information on websites, virtual worlds, social 
networking sites, and many other platforms. Children also make many 
mistakes when it comes to their privacy. They should be protected from 
permanent damage.
    Online and mobile companies should be required to develop tools 
that make it easier for young people--or their parents--to completely 
opt out and delete this information. Technological innovation in the 
online industry over the past decade has been truly amazing; the 
industry should apply that same spirit of innovation to creating tools 
like ``eraser buttons'' so that no 15-year-old has to live the rest of 
his or her life with the consequences of a poor decision about what to 
post online. Congress should require this, and my talented colleagues 
on this panel should spend some of their companies' profits to make 
this a reality.
4. We Must Vastly Increase Education and Information About Online 
        Privacy
    Kids and parents need to do their part to protect their online 
privacy--and the privacy of their friends. A large-scale, multi-year 
public education campaign will help them learn how to do so 
effectively. Industry leaders could play a significant role in that 
campaign, and should be required to finance it.
    The online and mobile world is changing so rapidly that children, 
teachers, and parents all need to be educated about their online 
privacy rights and needs. Every school in the country should offer a 
digital literacy and citizenship curriculum, with privacy as an 
essential component, and this should be funded by industry profits.
    Educating and informing consumers is a core element of Common Sense 
Media's work. We provide parents and families with reviews of media 
content, so that they can make informed choices and find media that is 
appropriate for their children. Recognizing the growing use of mobile 
devices and mobile apps by kids, Common Sense began reviewing mobile 
apps last year, and our site now features more than 1,000 reviews of 
apps for kids. In many cases, our editors and reviewers recommend these 
apps for kids--but when the apps use geolocation technology to 
broadcast the user's physical location, like ``Loopt Mix--Chat!'', our 
reviews make clear that we don't recommend them for kids, or at least 
not until they are older teens. But today, there are no required app 
ratings, and not a single mobile company has taken this issue 
seriously. Congress should require them to change that reality today.
Balancing Opportunities and Potential Pitfalls
    At Common Sense, we recognize that mobile devices and geolocation 
services can create new opportunities--for learning, exploration, 
communication, and commerce--for kids and adults. Yet they can also 
bring enormous threats to our privacy and personal well-being. But 
whether their impact is positive or negative, mobile phones and devices 
are not going away. As parents, teachers, industry leaders, and 
policymakers, we must all take steps to ensure that kids can access the 
benefits of mobile technology and digital media, while protecting them 
from potential negative consequences.
    Whether our first concern is protecting the best interests of kids 
and teens, or preserving and expanding a marketplace for all consumers 
so that tech companies can make profits and innovate, we all have a 
role in building a mobile environment that is trustworthy and safe. The 
extraordinary technological changes and new mobile and social media 
platforms that have developed in recent years have created entirely new 
environments for children and teens, with unprecedented and 
extraordinary implications for their privacy. It is time to update our 
Nation's privacy policies for the 21st century. They are terribly out 
of date. Everyone needs to be a part of this new effort: industry, 
families, schools, policymakers, and young people themselves. But most 
of all, this Senate and this Congress need to pass fundamental privacy 
protections for kids and teens--and their families--now.
    Thank you very much.

    Senator Pryor. Thank you very much.
    And again, we are going to do 5-minute rounds here on the 
questions.
    I would like to start with you, if I can, Mr. Reed? And I 
want to ask about the Wall Street Journal article. I think you 
referred to it, or someone did, a few moments ago about the 
smartphone apps transmitting information.
    And we have a little chart that shows some of the 
companies. I think maybe it is the--if I am not mistaken, it is 
their top 12 or something like that, that they listed in the 
article.
    And Mr. Reed, how do you propose notifying consumers in a 
better, more meaningful way so that they are not surprised to 
learn that their information is being sent to folks or that 
they are being tracked?
    Mr. Reed. Well--oh, sorry--first of all, I think it is a 
great thing to look at in terms of informing the consumer. One 
of the best things about the Wall Street Journal articles is 
that they help do an education job that we in the industry--
remember, most of my members are 3, 10 people--have had a hard 
time doing it ourselves.
    So we benefited from that right off the front end. We were 
able to tell consumers, ``Hey, this is part of what we are 
doing, and the privacy policies that we have in place are 
there.''
    Now we face two problems as an industry that have been 
talked about a lot. The 2-inch screen problem--how do I write a 
privacy policy that holds up to fine lawyers, like yourselves 
and others, that is simple and easy to understand and can be 
displayed in a 2-inch screen? So that is one hurdle that we as 
an industry are facing.
    My members want to deliver the clearest, simplest privacy 
policy. But when they go to a lawyer to have it checked, many 
come back and say, ``Well, you need this proviso.''
    The second part of this has to do with the constantly 
changing world that we face in terms of business models. We 
started out this whole apps world only 3 years ago. At the 
time, we had an app store at Apple, which you sold directly, 
you got paid for. We didn't have advertising at all. Recently, 
we added in-app purchasing.
    So having a private policy that not only reflects the 
business model today, but encompasses the business model 
tomorrow, the changes that Apple can make at any time to their 
privacy policy--or that Facebook can make or that Google can 
make--are all part of the problems we are having in trying to 
address it.
    So what we have done with our working group is we have not 
only brought in regular developers who use ads, but we have 
been focusing on developers who actually do multiple business 
models. And we have brought in ACT member Privo, which is one 
of the four recognized FTC safe harbors for COPPA, to help us 
create guidelines that can actually address the important 
questions that were raised earlier about children.
    Senator Pryor. OK, great. I think that we need to follow up 
on that a little bit more.
    But first, Mr. Davidson, let me ask you. You talked about 
when you opened your Android phone and that screen came up, and 
if you wanted to, you could check ``no'' for the tracking for 
the--what do you call it--geolocation?
    Mr. Davidson. Right. Our location services, yes.
    Senator Pryor. And that's great. But what happens if then 
you start using the phone and you start adding apps that do 
require that geolocation? What happens then?
    Mr. Davidson. It is a great question, and I think it is a 
very important question. So the way we have addressed that is 
when you try to install an application that wants to use 
location services--Foursquare or something, you know--you get a 
notice before the application is installed that says, ``This 
application wants to use your location information. Is that 
OK?''
    And you actually have to accept that before installing the 
application, so--and we give notice about other kinds of 
information that the application might want. We do it very 
simply. It is usually not more than a screen. Maybe sometimes 
you have to scroll down a little bit, but it is not a multi-
screen thing. We have worked very hard to make it very simple. 
And the key is--this is, I think, what we were talking about at 
the last panel--timely notice and a choice for consumers.
    Senator Pryor. OK.
    Ms. Shenkan, let me ask you--you mentioned your five 
principles that you like. When I hear Mr. Davidson talk and 
others talk, I also know that there are, you know, very 
legitimate reasons why parents may want to track their own 
children. You know, they may want to know where they are. Would 
your five principles allow parents to do that?
    Ms. Shenkan. That is a good question. We haven't 
contemplated it. I guess the best answer probably is we should 
get back to you on that. Of course, it would depend on the age 
of the child.
    Senator Pryor. Right. Well, as a parent of two teenagers--
--
    [Laughter.]
    Senator Pryor.--let me say that there is a parental 
interest in this.
    [Laughter.]
    Senator Pryor. You know, it just--it could be a good thing, 
depending on the family. But anyway, yes, I hope you will think 
about that as you go through. Because when I heard your five 
that you laid out, they seem kind of ironclad, and I am not 
sure you had enough leeway in what you were doing to think 
about that. But anyway, if you could consider that, I would 
appreciate it.
    Ms. Shenkan. Yes. Yes, thank you.
    Senator Pryor. And let me ask you, Ms. Novelli, before I 
turn it over to other colleagues on the Committee here, you 
talk about your privacy policy. All that sounds great. But can 
you tell--can Apple tell how many people actually read it?
    Ms. Novelli. Well, they have to say that they agree.
    Senator Pryor. Right.
    Ms. Novelli. We can't know for sure if they have read it. 
We try to make it in plain English and very short, but we can't 
tell if you have--we can't watch someone reading it.
    Senator Pryor. Well, but can you tell how long they are on 
those screens? Do you have any way of knowing that?
    Ms. Novelli. I don't know whether we can or can't, sir, so 
I will have to get back to you on that.
    Senator Pryor. Just my guess is, for a lot of folks, it is 
just too much information, and they just kind of agree without 
really understanding what they are agreeing to. But that is 
another matter that we can discuss.
    Senator Rockefeller?
    Senator Rockefeller. Thank you, Mr. Chairman.
    Bret Taylor, this would be to you. Under Facebook's terms 
and conditions, a user must be 13 or older to have an account 
on your website. Despite this, according to a recent Consumer's 
Report study, an estimated 7.5 million users were younger than 
13. Moreover, the Facebook app in the Apple App Store is rated 
for age 4 and above.
    Now my question to you is, I understand it is Facebook's 
policy not to allow children under 13 to have an account. But 
the description of the Facebook app and the Apple store rates 
the app as appropriate for age 4 and older. How is that 
consistent with your policies, and who determines the rating 
for Facebook's app?
    Mr. Taylor. Senator, thank you.
    That is a very good question and actually news to me. So 
my--first of all, we don't allow people to have accounts under 
the age of 13. If I had to guess, my guess is that because the 
Facebook application doesn't, in and of itself, contain mature 
content, that is what the rating reflects. But I think we can 
follow up with your office about why that rating exists.
    And certainly, our iPhone application has the same rules 
and conditions governing it as our website, which means that no 
one under the age of 13 can create an account.
    Senator Rockefeller. And I appreciate that. But it doesn't 
appear to be the truth. You have 7.5 million under 13. This 
takes me back--and I won't harp on it. But Facebook grew so 
fast. Zuckerberg gets that in Harvard. He is 20, 21 years old. 
He comes up with a big new idea.
    It is my general feeling that people who are 20, 21, 22 
years old really don't have any social values at this point. In 
his case, I think he was probably----
    [Laughter.]
    Senator Rockefeller. No, I am serious. I think he was 
focused on how the business model would work. He wanted to make 
it bigger and faster and better than anybody else ever had. And 
nothing I know suggests otherwise.
    So that you can't just dismiss that 7.5 million users are 
younger than 13 and say that you have a policy that doesn't 
allow that to happen. I asked Sheryl Sandberg. I am very 
worried about suicides, people stalking youngsters. They 
innocently put themselves on a blog and think it is just going 
to one person, and it goes to Indonesia and everywhere else, 
and you have 600 million people.
    And I asked her who signed up. And I asked her, well, how 
many employees does Facebook itself have? Now this was 2 or 3 
months ago. She said 1,600 worldwide. I assume she is right. 
She is number two in the company. So I assume she was right.
    And then I said, well, how many people do you have 
monitoring the box to see what is being said because I am, as 
are you, worried about what can happen to children--
humiliation, bullying, predators, all the rest of it. I think 
it is a huge subject.
    And I have town meetings all over West Virginia on this 
subject, not necessarily on Facebook, but just in general. 
Parents are terrified. They are terrified. And they don't know 
what to do. School counselors don't know how to handle it. You 
get a whole group in, and they are very worried about this.
    And she said we have 100 people who monitor these 600 
million people, who, I assume, are doing a whole lot of 
blogging every day. And my reaction to that is that is just 
absolutely indefensible. It is unbelievable that you would say 
that.
    And she said, ``we are going to do better in the future.'' 
And I want you to defend your company here because I don't know 
how you can.
    Mr. Taylor. Well, Senator, I just want to say we really 
emphatically agree with your points. And I just want to clarify 
a couple of issues.
    First, whenever we find out that someone has misrepresented 
their age on Facebook, we shut down their account. I am not 
sure of the methodology of the study you refer to, but I can 
tell you emphatically that we don't allow people to 
misrepresent their age. And there is a couple of interesting 
points here.
    Senator Rockefeller. But when you say we don't allow people 
to misrepresent their age----
    Mr. Taylor. Yes.
    Senator Rockefeller.--you don't, and you can't. How can you 
do that?
    Mr. Taylor. Well, Senator, it is a very good question and 
something we have thought a lot about. What we have found is 
the most scalable way, both in terms of age enforcement, but 
also the other issues you brought up around bullying and other 
protections of minors on the site are baked into a system of 
enabling people to report problems on the site.
    I will talk about bullying first, because I think it is an 
important issue you brought up, and then talk about age 
protection. We have--under almost every single piece of content 
on the site, we have a link where individual users of the site 
can report inappropriate content and report bullying. And 
originally, that would go into a special queue that our user 
support department would take and bring down the content almost 
immediately.
    We have also expanded that, though, with a program we call 
Social Reporting that enable people not only to report it to 
us, but actually report it to parental and teacher authority 
figures who are also on Facebook. So if you are a minor on the 
site in high school, and you see an inappropriate picture, as I 
think was brought up in one of the open meeting testimonies, 
you can not only report to Facebook and have it removed, you 
can report it to a parent or a teacher who can actually deal 
with the underlying cause of why someone would post a picture 
like that and actually deal with it offline and deal with the 
underlying issues.
    We obviously--we actually have about 250 people working 
across safety, privacy, and security at Facebook. But in 
addition to that, we have mixed those with these self-reporting 
mechanisms because we find they are very accurate.
    Regarding age, that is----
    Senator Rockefeller. You know what? My time is up, and I 
want to get a comment from Ms. Shenkan.
    Mr. Taylor. Thank you, Senator.
    Senator Rockefeller. Thank you. I apologize to you.
    Mr. Taylor. No problem.
    Ms. Shenkan. On the same question?
    Senator Rockefeller. Correct.
    Ms. Shenkan. You know, our view is, again, that not enough 
is being done. If we took a small amount of the time that any 
of these companies spend innovating products and started to 
think about how we protect our kids--and frankly, adults, but 
we are focused on kids--we think that would go a long way.
    I mean, these are the organizations that have created a 
platform which 600 million people across the globe use, 
companies that have mapped every street in America so that we 
can all--across the world so that we can all use. And instead 
of spending money to try and hire PR firms to try and take down 
the other company, let us take that money and spend it on 
figuring out technological ways that will protect our kids. It 
can't be a hundred people sitting in a Facebook office, trying 
to monitor 600 million conversations.
    Senator Rockefeller. Thank you.
    And thank you, Mr. Chairman.
    Senator Pryor. Thank you.
    Senator Klobuchar?
    Senator Klobuchar. Thank you very much, Mr. Chairman.
    We have been talking some about how we get privacy policies 
that are understandable and readable and yet a lawyer will 
draft. And I know that, Mr. Davidson, when you were asked at 
the Judiciary Committee about this, you were asked whether you 
would commit to requiring apps in your store have a clear, 
understandable privacy policy. And you said you would take the 
question back to your leadership.
    Have you heard anything back on that, and will Google 
commit to requiring apps in your app store to have a clear, 
understandable privacy policy?
    Mr. Davidson. We think that apps should have a clear, 
understandable privacy policy. I do not have an answer for you 
today about whether we will make it a requirement in our app 
store. We try to make our app store as open as possible for all 
the small businesses who use it.
    I think those apps should have a privacy policy, and we are 
going to work to try to figure out how to enforce it. We do 
enforce things like COPPA on our app store.
    Senator Klobuchar. OK, thank you.
    And then, Ms. Novelli, you were asked by Senator Coburn--I 
am on Judiciary as well, so I was looking back at the 
transcripts--in a judiciary hearing, the one you had last week, 
that you were asked about testing apps. And you were saying how 
Apple tested an app and did random spot checks. So, presumably, 
you might spot any problems.
    And yet, The Wall Street Journal found that there were 
problems with some of the apps in terms of sharing location 
data without informing the user. How do those two things mesh?
    Ms. Novelli. Well, we do our best to check for all of our 
requirements that are in our developer agreement. We do 
randomly audit. One of the requirements that we have is that 
you must get permission from the--to share information.
    With respect to location, there is a requirement that if 
you want to use the location data of a consumer, you have to 
pop up a dialogue box that is linked into our API that we 
designed that says we would like to use your location, allow or 
don't allow. And I can't comment on specific apps, but I 
believe that was not the particular question that was referred 
to.
    But when we find a problem or someone alerts us to it, we 
immediately investigate and work with the developer. They have 
24 hours to fix the problem or be removed from the store. What 
we have found is that developers have a great incentive to fix 
the problem.
    Senator Klobuchar. OK.
    And Mr. Reed, you have been working in the area of trying 
to put together a comprehensive set of guidelines for app 
developers that will follow clear policies, and I support that 
effort. I think it is good.
    But I look back and think that considering anyone with 
skills and a computer can build an app, do you believe that a 
self-regulatory approach to privacy will be enough to keep the 
bad actors out of the market?
    Mr. Reed. Well, I think there are two parts. I think that 
the self-regulatory approach is the way we have to start, but I 
don't think it is truly self-regulatory. We heard earlier from 
the FTC. We think the FTC has and should strongly enforce 
Section V.
    And in fact, I know that--in this case, I won't speak from 
the legal side of it, but we see deceptive and unfair should 
include or conceptually should include someone who misuses your 
data and just doesn't have a privacy policy. I know that we 
heard earlier that the FTC is unsure about that. But I see no 
reason why if someone is misusing your data that doesn't fall 
into the realm of an unfair and deceptive trade practice.
    So I would say we want to start with self-regulatory. We 
want to bolster our industry's effort on that. And the second 
side of the--the stick side of that would be the FTC coming 
after folks who misuse data and don't have a privacy policy.
    Senator Klobuchar. OK. And then, Mr. Taylor, I know Senator 
Rockefeller was asking you about the number of kids who might 
be claiming they are 13. For kids, I don't know, under 18, do 
you see a different way of trying to reach out to them to talk 
about the privacy policies? And are you thinking about that in 
terms of making sure that they understand it that you might use 
a different approach than with an adult?
    Mr. Taylor. Yes, it is a really good question and something 
we have thought a lot about. Fundamentally, we agree. I think 
most people in this room agree that minors, people under the 
age of 18, should have a different experience on Facebook 
because of the unique needs and privacy protections and 
security protections that a minor needs, and that makes its way 
into all aspects of our product, not just a legal privacy 
policy.
    So on Facebook, if you are a minor, you actually have a 
different experience. Your privacy setting defaults are 
different. When you share things, it goes to a more restricted 
audience.
    When you report problems on the site, our user operations 
respond differently if it is a minor. And it really makes its 
way throughout our product. And that applies especially to 
privacy and security issues.
    Senator Klobuchar. OK. Thank you.
    And then, Ms. Shenkan, last follow up with some of Senator 
McCaskill's point, not all data sharing is bad. And in fact, 
much of it can be beneficial to both the consumer and third 
parties.
    So the question is where you draw that line. And more 
targeted advertisements can be more relevant and helpful to the 
users. However, as you know, there is this line between sharing 
data and tracking. And where do you see the line, and what 
common practices do you think cross it?
    Ms. Shenkan. Thank you for the question, Senator.
    If behavioral targeting or advertising is so useful to 
consumers, they have should have the ability to say ``opt-in.'' 
So if I happen to be on Facebook and I am writing to a friend 
or posting on my wall about wanting to go see Elvis Costello, 
and I say, you know, that it is fine to track and monitor my 
conversations and advertise to me on that, and I get an ad, 
then that was my choice. And I obviously saw the value of 
providing my information to get something back.
    Also I think that--just if I can--I thought that Senator 
Kerry made a really fundamental point in his statement when he 
said that he rejected the notion that there is a choice, 
fundamental choice that needs to be made between innovation and 
protecting privacy. We couldn't agree more. That is a false 
choice.
    The entire--the Internet economy in the U.S. alone will be 
close to $200 billion in e-commerce. Most of that was not 
created by harvesting private data and using it to behavioral 
target people.
    In fact, one of the beautiful things about search engine 
advertising is that customers are opting in every time they go 
onto a search engine. They are putting up their hand, and they 
are saying, ``I am in market for a new car or truck, so please 
advertise to me.''
    And that is OK, and it can work that way. And $15 billion a 
year are spent by advertisers in that part of the economy, and 
that is fantastic. And that is an example of where privacy is 
protected and innovation has happened.
    Senator Klobuchar. OK. Well, if any of you all want to 
respond, I think I am out of time, but we can talk about it 
later.
    Ms. Shenkan. Thank you.
    Senator Klobuchar. OK. Thank you.
    Senator Pryor. Thank you.
    Senator Blunt?
    Senator Blunt. Thank you, Chairman.
    Mr. Taylor and Mr. Davidson, I am going to ask you in a 
minute if there is any example you have of a problem that the 
company self-corrected. You know, one of the things I hear is 
when there are problems that usually the company moves forward 
and self-corrects them before anybody else even knows they are 
a problem. And a couple of examples of that would be helpful, 
if you have them.
    Ms. Novelli, do you--does Apple track the location of my 
iPhone?
    Ms. Novelli. No, sir. We do not track the location of your 
iPhone----
    Senator Blunt. Don't track the location?
    Ms. Novelli. We do not, sir.
    Senator Blunt. And is it--are you--is it logging in right 
now? It is on. Is it logging in, or are you--is there some log-
in system that you look at for my iPhone?
    Ms. Novelli. No, sir. Apple does not look at a log-in 
system for your iPhone.
    Senator Blunt. So what do you do? How does it work that I 
might get some advertisement for something?
    Ms. Novelli. An advertisement on an app?
    Senator Blunt. I will be solicited on an--well, on an app 
or through my mail account or whatever.
    Ms. Novelli. Well, sir, there are no advertisements on the 
mail account that is on your iPhone. You could get an 
advertisement. There is a Web browser on your iPhone that is 
just like if you used your computer, our Safari Web browser. 
And that works the same as it would as if you were working from 
a computer. So that if you are logged onto a website----
    Senator Blunt. But I would have to be doing--on something 
for that happen you are telling me?
    Ms. Novelli. Correct. That is correct, sir.
    Senator Blunt. What is crowd-sourced--what is a crowd-
sourced database?
    Ms. Novelli. That is a--essentially what it is, sir, is a 
map of the locations, the geolocations of cell towers and Wi-Fi 
hotspots that we derive from information that is anonymously 
sent to us from people's phones, from iPhones. So the phone, 
when it goes by a location, will send saying, ``There is a Wi-
Fi hotspot here. There is a cell tower there.'' There is 
nothing that connects it to an individual or the individual's 
phone.
    And we are using that map to help people later on when they 
want to know where they are. And it is a simple process of 
being able to know where you are relative to fixed points, just 
like a regular map works.
    Senator Blunt. OK. Mr. Davidson, back to my other question. 
Did you think of an example of something that could have been a 
problem that you all just went in and self-corrected?
    Mr. Davidson. I think we are constantly innovating. I don't 
know if it is always about fixing problems. But I will give you 
a couple of examples. We take the comments from Ms. Shenkan 
very much to heart about trying to do more to protect children.
    So, for example, relative recently, we just launched a PIN 
lock-out feature on Android so that parents could control--
could make sure that--or anybody could make sure that their 
phone isn't downloading apps without a PIN. We have expanded 
our Safe Search program, which is a project to enable people to 
set controls on search results to make sure that they are child 
friendly.
    We have just added a flagging mechanism in Android so 
people can flag bad apps. This is similar to what Mr. Taylor 
was talking about. These are all things we have done. I think 
they have all been improved in the last 6 months.
    Now I would say, you know, some of them are really about 
trying to make sure that we are doing more and always doing 
better to protect children. There have probably been other 
things that we have done that we are constantly trying to 
correct.
    Senator Blunt. Mr. Taylor?
    Mr. Taylor. Yes. It is a very good question, and I think, 
to Mr. Davidson's point, in the industry we are constantly 
working to improve the security and safety of our products 
because it is the basis by which people choose to use them. And 
if they lose trust in a service like Facebook, they will stop 
using it.
    I think a very timely example is actually this Friday, we 
will be announcing, in partnership with Microsoft and the 
National Center for Missing & Exploited Children, we are going 
to be deploying a photo technology that Microsoft Research 
developed to identify, using relatively sophisticated 
fingerprinting technology, pictures of missing and exploited 
children, both to prevent child exploitation on Facebook and 
help people find missing children.
    And that is something we did proactively and in partnership 
with these two organizations because we care deeply about all 
these problems, just as all of you do.
    Senator Blunt. Ms. Shenkan, you mentioned something. I just 
want a little clarification. We need to protect kids from 
permanent damage. I assume that meant if they had put something 
out there for people to see.
    How do you do that if people have already seen it and 
somebody has already captured that? Assuming that kids have 
access to this way to communicate, how do you protect them from 
permanent damage if they have made a decision to put something 
out there that is damaging?
    Ms. Shenkan. The issue--thank you for the question.
    The issue is that the information is not only public when 
somebody puts it up, which is hard to control, but it is that 
it is persistent. It is very hard to take the information down. 
We have talked about in one of our privacy briefings the 
concept of an eraser button, where it would be very easy for 
somebody who realized that they put up something that they 
didn't want up there, that they could then take it down.
    Senator Blunt. But once you put it up there, can't somebody 
else capture it, and then they have it?
    Ms. Shenkan. Yes, and that is the problem. I mean, again, 
you know----
    Senator Blunt. But I mean, that is the problem of putting 
it up there is somebody else can capture it. And then they have 
it, and they can share it. Is that--am I wrong on this?
    Ms. Shenkan. Yes--no, that is the problem.
    Senator Blunt. Yes. I don't know how you--how you stop 
permanent damage if somebody does something that is damaging, 
unless it just happens that nobody sees it and nobody else 
decides they want to use it. The problem here is access.
    It is very scary. Any of us who have children or 
grandchildren, it is very scary to think of what somebody might 
do. But I am not sure we can actually ever come up with a fence 
that is high enough or big enough to stop that from happening. 
And you know, it does have that terrifying long-term problem. 
But if people have access and they put information out there, 
it is out there.
    Ms. Shenkan. Yes. Well, and there is an industry blossoming 
that you can pay companies to go spend time every month taking 
down information that is posted about you online. So people are 
figuring out ways to do it.
    What we would like to see happen is the companies in this 
room and elsewhere figure out how to make that much, much 
easier.
    Senator Blunt. Mr. Davidson? Then my time is up.
    Mr. Davidson. I would just add, and I know this isn't the 
most attractive solution, but a huge part of this is about 
education. And I have young children. I would just say I 
think--you know, there is a recent report from the National 
Academy talked about some of these problems and said, you know, 
you could try to build a fence around every swimming pool, or 
you can teach children how to swim.
    And I think what we really need to work on is how to teach 
children how to be literate in this new world. And that is a 
very, very big project.
    Senator Blunt. Thank you, Chairman. I am sorry I went over.
    Senator Pryor. Thank you.
    Senator McCaskill?
    Senator McCaskill. Thank you.
    I got a Tweet from my last round of questions I want to 
address. I didn't mean to sound flippant about HIPAA. I don't 
know if ``AM Privacy'' is in the room. But if you are, what I 
was trying to say about HIPAA was that the bottom line is that 
we had some unintended consequences and some costs that came 
with HIPAA.
    That 2-inch screen you talked about? We clearly didn't get 
that down on HIPAA because most people who are going to the 
doctor's office are not reading the long thing that they have 
to read, and they sign. And I bet most people in this room 
would admit if they go to the doctor, they are not reading the 
whole long thing they sign on HIPAA, and you have to sign one 
or two or three of them every time you go, which adds 
administrative costs in.
    And there were some unintended consequences in terms of 
finding people that might have similar very--some of the 
diseases that are very unique and rare, trying to find people 
for research purposes. HIPAA has stood in the way of some 
things that were a problem.
    That doesn't mean we shouldn't work on privacy. I am just 
being cautionary that we want to be very careful as we move 
forward on privacy because so much of the success we have had 
in this space in our country in the Internet and in the advance 
of technology has been remarkable. And I want to make sure that 
we don't have unintended consequences. So whoever ``AM 
Privacy'' is, I am glad that I could clear that up before I ask 
my questions.
    I want to make sure that everybody understands how easy 
this is in terms of turning off things. I mean, not only do I 
have the ability to make sure that I don't have any location 
services on here. I can even go down, and you tell me every 
single app that is using location services, and I can 
individually go to each one and turn each one off.
    The other thing that you do is that you tell me if anybody 
has used my location in the last 24 hours. There is a little 
logo that pops up, and so I tried it while the others were 
questioning. I went on Kayak, checked out a flight, and now 
there is a little arrow there that tells me Kayak used my 
current location as I was looking for flight.
    Now all I have got to do is just flip that switch, and 
Kayak--I am telling Kayak it is none of their business where I 
am. Very simple, very easy to find, right on the page.
    So now, here is the thing I wanted to ask Ms. Novelli and 
Mr. Reed. I am a little confused why ``Cut the Rope'' is on 
that list. I am a little confused why ``Paper Toss'' is on the 
list.
    And it seems to me if we are talking about just games--I 
mean, ``Paper Toss'' is a game where you try to get a--it was 
one of the ones listed in the Wall Street Journal article. All 
you do--there is nothing in that app that has anything to do 
with location, other than the fact that you are trying to get a 
piece of paper into a trash can. And it is just a game. Same 
thing with ``Cut the Rope.''
    So it seems to me if it is very obvious by the app that 
there is no need for any location, that that could be where the 
industry could focus on making sure that people understood the 
consequences. Clearly, the only reason ``Cut the Rope'' or 
``Toss the Paper'' is tracking my location is to try to sell to 
other people where I am going and what I am doing because there 
is no applicability to the game that is involved.
    So it seems to me if you could focus there first, in terms 
of making sure privacy is very obvious. And when I go on ``Cut 
the Rope'' site, which I just tried, and ``Toss the Paper,'' I 
don't see anything on there that tells me anything about what 
they are doing as it related to tracking me. So could Ms. 
Novelli and Mr. Reed respond to that?
    Mr. Reed. Well, first things first. You raised a good 
question, and I would say that I often on games like that, I 
say ``no.'' When it asks me, ``Can I share your location?'' I 
just turn it off.
    The reality is, is that for some of us who are building 
applications that are ad-driven, the third-party ad networks 
will ask us for information so that they can provide a higher-
quality ad. One of the things--and then that location 
information is part of it.
    It is interesting to see that there are actually some 
interesting kind of small-town benefits that we have seen. I 
will use ``Red Laser'' because it is a slightly different one. 
I can hit a--I can hit a SKU. It will tell me the product. It 
will show me the Amazon price. But right below that, it will 
tell me Tom's hardware store has that same product. It is $3 
more, but guess what? It is right across the street.
    Now Tom didn't have to buy an ad from a major supplier. He 
could actually target it just to that zip code. So there are 
some benefits to that kind of ad marketing.
    But I would also say that you illustrated the first point 
most readily, which is you want to use ``Paper Toss,'' and you 
don't want to use the--and you don't want to see the ads that 
are targeted, turn off location-based services. And I think 
that is something that we, as an industry, understand and 
expect some consumers to do.
    We have to figure out how we still make money--make money 
from the ad networks because they control our--they control our 
income from that. And so, we have to find an agreement with 
them, rather than us as the tail wagging the dog, where they 
agree to the terms that you have suggested.
    Senator McCaskill. Couldn't--Ms. Novelli, couldn't you 
all--and I know Apple is loathe to do anything to stop the 
amazing flow of applications that are making your products so 
desirable, and I get that. But it seems to me on some of these 
apps that if I had a choice, you can either get it for free and 
see some ads, or you can pay $2.99 and be ad free and track 
free.
    I mean, it seems to me that is a simple consumer choice 
that could get--that the industry could do, both Google and 
Apple, if the two of you did it, and Facebook, to the extent 
that it would apply to you.
    But I think that would go a long way toward consumers 
beginning to understand, first of all, that when they are being 
tracked, it helps pay for things, and that is why they get so 
much free. And it would begin to drive home, there is nothing 
better than driving home the point of what they are getting for 
free and how than to give them that simple choice.
    Has there been discussion about that? And why haven't you 
moved toward that kind of model?
    Ms. Novelli. Well, first of all, Senator McCaskill, there 
are apps on the App Store--and my husband, in fact, has 
downloaded a couple of them--where you have that choice. Either 
it is free and you have to submit to advertising, or you have 
to pay. And so, there are apps on the App Store like that now.
    In terms of the pricing, though, we have the developers set 
the pricing. We have not really gotten into trying to set 
prices of apps.
    Senator McCaskill. No, I don't want you to. I just want you 
to maybe say----
    Ms. Novelli. Right.
    Senator McCaskill.--that people should have the choice as 
to whether or not they want to pay or whether they want to--
they want the ads.
    Ms. Novelli. And developers have been making that choice, 
and there are those choices on the App Store now. And I don't 
know if Mr. Reed wants to comment?
    Mr. Reed. If I could indulge for 1 second, what you 
described is exactly what we are doing. And we appreciate that 
Apple and now Amazon and Google and others are doing in-app 
purchasing. But remember that that is exactly the model we are 
using. We are saying on the store right now I have an app in 
the ``Paid For'', and then I have one that says ``Free'' next 
to it or ``Lite.'' You make a choice which one you want.
    Here is an interesting number, though. And we may even 
subdivide it and say we will do in-app purchases, so you can 
turn off ads after you have bought the free version.
    Senator McCaskill. I know, I know.
    Mr. Reed. Yes, so----
    Senator McCaskill. And I get--and I don't want to cut you 
off, but my time is over.
    Mr. Reed. Sorry.
    Senator McCaskill. But the bottom line is it is not clear. 
I get ``Lite,'' I get ``Free,'' and I get ``Paid,'' but I don't 
really understand when I am making that decision that it also 
might involve tracking. And that is what I am saying.
    I think that might be something you all could do as an 
industry that might forestall some unintended consequences by 
aggressive government regulations.
    Mr. Reed. Thank you.
    Senator McCaskill [presiding]. Thank you all very much.
    And the next questioner would be--it says Senator Udall.

                 STATEMENT OF HON. TOM UDALL, 
                  U.S. SENATOR FROM NEW MEXICO

    Senator Udall. Thank you, Claire.
    Senator McCaskill. I am following the list I was given by 
the Chairman.
    Senator Udall. No, no, no, that is great. Thank you very 
much.
    And I know the Chairman isn't here, but I really appreciate 
him holding this hearing and all of you responding to the 
questions of the panel.
    As you can see by the questions, there is no doubt that 
there is a lot of concern in terms of privacy, in terms of 
protecting minors and those kinds of things. And I really look 
forward to your supplemental answers that some of you are going 
to give because I think those are some of the key questions 
that are out there.
    And I think from this subcommittee's perspective, we are 
going to continue to ask these questions and continue to do 
oversight. And so, I think you should expect that.
    Recently, I joined Senators Reid and Schumer and Lautenberg 
in asking Research in Motion, RIMM; Google; and Apple to stop 
selling dangerous apps that enable drunk drivers to evade law 
enforcement. In 2009, drunk drivers killed nearly 10,000 people 
nationwide, including 141 in New Mexico.
    Apps like DUI Dodger, Buzzed, Checkpointer, and Phantom 
Alert provide drunk drivers with the precise location of DWI 
checkpoints as they drive. This is in while they are driving 
around. Some apps even offer audio alerts warning drunk drivers 
as they approach police checkpoints.
    While I agree that public notification of checkpoints on 
the news or in the paper can serve as a deterrent to prevent 
individuals from making the decision to drive drunk, providing 
real-time accessibility tailored to a driver's location only 
serves to provide drunk drivers with the tools to more 
effectively break the law and endanger others at a time when 
their decisionmaking capabilities are already impaired.
    And I am very pleased that RIMM did the right thing and 
immediately pulled these apps from the BlackBerry app store. 
Why are Apple and Google still selling DWI apps that encourage 
breaking the law?
    And that question, I think, would be directed most to Ms. 
Novelli and Mr. Davidson.
    Ms. Novelli. Well, Senator, when we received your letter, 
the first thing we did is start to look into this and tried to 
research the whole situation because Apple abhors drunk driving 
and doesn't want to, in any way, be encouraging it.
    What we found when we looked into it is that there were 
some differences of opinion among reasonable people about 
whether publicizing, as you note, checkpoints deters or helps 
drunk driving and that, in fact, some of the information is 
actually made public by the police forces themselves and is on 
the Internet.
    We are continuing to look at this issue. We will continue 
to talk with you and your staff as we continue to evaluate it. 
We do not want to be enabling or supporting drunk driving in 
any way.
    Mr. Davidson. I guess I would echo that sentiment. We 
certainly appreciate the seriousness of the issue that has been 
raised. We do remove applications from the Android marketplace 
that violate our content policies.
    But apps that--after an initial review, apps--we determined 
that apps that merely share information of this sort don't 
violate those policies at this time. And so, we are evaluating 
this. We have been talking to your staff. We have appreciated 
the chance to continue to do that, and we are taking a very 
serious look at it.
    Senator Udall. Now, as far as Apple's stated policy, you 
don't--you have a policy that you don't encourage with your 
apps people to break the law. Is that correct?
    Ms. Novelli. Yes, sir.
    Senator Udall. And isn't exactly what is happening here 
is--I mean, you can imagine. You have had our letter now for 2 
months.
    And you can imagine a person that is drunk--DUI, DWI--
driving down the road and they have this--one of these apps 
turned on, and it issues an alert, tells them there is a 
checkpoint ahead. Then they can use their device to then find a 
way around the checkpoint. It seems to me that kind of 
application is encouraging breaking the law.
    Ms. Novelli. Well, we are reviewing, as I said, sir------
    Senator Udall: Well, you have had 2 months. How long are 
you going to review it?
    Ms. Novelli. Well, we will be working with you on this. We 
are reviewing it. There are some of the apps, for example, that 
have--a cab number for you to call a cab, alert you that there 
are, you know, there are checkpoints, and here is a phone 
number for you to call a taxi.
    So I think they are not ubiquitous, all of these apps. And 
as I said, some of the information is made public by the police 
themselves. So I think reasonable people have different points 
of view about how to go about this, and we are trying to do 
this in the most thoughtful and responsible manner.
    Senator Udall. No, and I understand that. But I hope that 
you all understand the difference between the police 
department, the state police, county police, sheriffs, 
whatever, issuing a broad, general thing that, on Friday night, 
we are--or Saturday night, we are going to have a checkpoint 
out there at various points in town.
    That serves a deterrent, I think, for people to know. Even 
though, you know, there is a 2 percent chance of catching drunk 
drivers. So all of us that are out on the highways, 2 percent 
chance of catching, you utilizing--somebody utilizing these 
apps, it makes it even less likely. You know, may drop to 1 
percent or half a percent or whatever it is.
    But the important point is, is that here you have law 
enforcement issuing generalized bulletins. But what people do 
with your apps, and what they are able to do is specifically, 
in real time, determine there is a checkpoint and evade the 
checkpoint and possibly afterwards get in an accident and have 
somebody killed.
    So I understand that you all are looking at it closely. But 
I think this is a crucial question for law enforcement. I mean, 
I have heard from local police department in Las Cruces. The 
attorneys general of New Mexico, Delaware, and Maryland have 
also signed onto this issue and are asking the same questions. 
And I think the more that this is out there, you are going to 
be getting these kind of questions.
    I am sorry, Mr. Chairman, for running over. But I very much 
appreciate--I said earlier, your effort at consumer protection 
and what you are doing in this area is greatly appreciated.
    Thank you. Thank you, and thanks to the witnesses being 
here today.
    Senator Pryor [presiding]. Senator Udall, you are asking 
important questions. Thank you.
    Senator Rubio?

                STATEMENT OF HON. MARCO RUBIO, 
                   U.S. SENATOR FROM FLORIDA

    Senator Rubio. Thank you, Mr. Chairman.
    Thank you guys for being a part of this. This is very 
timely and interesting.
    Just to close the loop on the Apple portion of it, as an 
Apple user with a lot of Apple users in our family, I think one 
of the things that created all this frenzy--and I know the 
answers to this, but I wanted other people to hear it as well--
is the two researchers that found that file on the iPhone and 
the iPad that appeared to contain the time-stamped record, and 
then they were able to go out and create an app that basically 
created that map, the whole thing that flared up in late April.
    And the company, I think, acknowledged that that was a 
glitch and has offered some updates to fix that. Are those 
updates available already?
    Ms. Novelli. Yes, sir. Those updates have already been 
implemented for most of all of the questions. There was one 
question about encryption that is going to be implemented 
shortly.
    But I would say that, again, that there was no actual 
information on your phone about your actual location at any 
time. What was on your phone was essentially like a city map of 
Wi-Fi hotspots and data bases, not where you were on that map.
    Senator Rubio. Right. But the key to it was that the 
company's position was that it wasn't intentional. It wasn't 
our design. It is a glitch that exists.
    For example, even if you had--even if the toggle switch had 
said no, it still was feeding the information, and it was 
storing it for longer periods of time.
    Ms. Novelli. Correct.
    Senator Rubio. So the company is now providing a single 
update, or is it multiple updates?
    Ms. Novelli. That update went out a couple of weeks ago, 
and it--there is no more----
    Senator Rubio. Well, but----
    Ms. Novelli. Which is working perfectly now, and it is not 
backed up. Your information is not backed up to a computer, and 
the encryption question is being addressed in our next update.
    Senator Rubio. So someone who has an iPhone or an iPad, 
that update is available. They still have to pull the update 
into their device?
    Ms. Novelli. Yes. It is a free update.
    Senator Rubio. And what would they--just for people 
watching this--need to functionally do?
    Ms. Novelli. When they synch their phone, they will get a 
notice saying there is an update available. Do you want to 
install it? You say yes, and it just installs on your phone.
    Senator Rubio. So, basically, anyone out there who hasn't 
updated their phone in the last----
    Ms. Novelli. In the last 2 weeks.
    Senator Rubio.--should go and update their phones so that 
this information is all available for them.
    Ms. Novelli. Yes.
    Senator Rubio. OK. The second question has to do with the 
relationship with third parties. There is some confusion about 
that because people go to the Apple App Store or the Android 
market or Facebook, wherever. When someone buys an application 
from an online store like that, both from the reality and from 
the legality perspective, who do they have that--who is their 
relationship with, their business relationship when they do 
that?
    Like if I go on and I get an application for my phone--and 
I think this question is for all of you, because I think 
Facebook does that as well--who do I, at that point, have the 
relationship with? Is it with you, the marketplace? Or is it 
the actual app vendor?
    Ms. Novelli. Well, just from our perspective, once you buy 
the app and you use it, your relationship is with the app 
developer at that point. The first-party relationship is with 
the app developer.
    Mr. Davidson. We would agree with that, and usually, for 
example, a lot of applications, there will be a terms of 
service you have to agree to when you first install it or 
something like that. And there is an agreement there.
    I think it is why users need to be careful about what 
applications they use and be thinking about that. It is also 
why we have tried to give people in our Android marketplace at 
least as much information as we can before you install the app 
because that is sort of when we lose the relationship.
    Senator Rubio. I think that point is critically important 
because a lot of people aren't clear about that. And I know 
that anyone who sells an app goes through a general screening 
process. But ultimately, your business relationship is only as 
good as the company or whoever it is you are interacting that 
app with. And so, that is important.
    Here is my secondary question. If I have a problem with an 
app--let's say I pull an app into my device, and then, all of a 
sudden, I start having problems with them, any of these other 
issues that we are talking about. Let's say I am able to deduce 
that there is a problem or I get suspicious. Is there a process 
in place where I can report them to you? What is that process?
    Mr. Davidson. So, in our case, we have installed a flagging 
mechanism so that users can flag applications for a variety of 
different reasons. And there, you get a check--once you do it, 
you get a whole set of reasons why you might want to be 
flagging it, and that is going to a place for review. And that 
is the starting point for us.
    Senator Rubio. Is that the same for Apple?
    Ms. Novelli. We have an ability on our app store to contact 
us. And you can flag any concerns you have, and we investigate 
immediately.
    Senator Rubio. OK. My last question is for Facebook. It is 
about the geolocation data that is collected when people check 
in on the Places feature. Is this only collected at the time 
they check in?
    Mr. Taylor. Right now, the Places feature is designed so 
you can explicitly share your location with people that you 
choose at the time of sharing. And so, Places is not a feature 
about passively sharing your location. It is about actively 
sharing your location.
    Senator Rubio. But that happens when you--at that moment, 
when you check in, basically. It is an active--it is an act of 
the----
    Mr. Taylor. Yes, you actually click a button that says 
``check in,'' and that information goes on your profile.
    Senator Rubio. And then how long do you guys keep that 
information?
    Mr. Taylor. That information that you shared, like ``I am 
at this restaurant with some friends,'' that is on your profile 
as long as you want it to be. And you can remove it from your 
profile at any time.
    Senator Rubio. But if the individual doesn't remove it, it 
stays on there indefinitely?
    Mr. Taylor. Yes. It is because we consider it just like if 
you published a status update on Facebook. It is you made the 
decision to share where you were, and it is up to you who you 
want to share it with and if you want to delete it. And you can 
actually change both of those after the fact.
    Senator Rubio. Right. By the way, you are probably not 
shocked that some people lie about where they are on their 
updates.
    [Laughter.]
    Senator Rubio. I have seen that a few times. But, so people 
understand, when they go on there and they log on, they say, 
``I am here,''--that is going to stay on there forever unless 
you actively go back and delete it yourself?
    Mr. Taylor. That is correct, and it is because, 
fundamentally, it is just like if you decide to share a status 
update or a photo, we consider that your information, not ours. 
And we consider it actually sort of an imperative to actually 
keep that information because you have entrusted us to keep it 
on behalf of, you know, sharing it with your friends.
    Senator Rubio. Thank you, guys. I appreciate it. Thank you.
    Mr. Taylor. Thank you.
    Senator Pryor. Thank you.
    Senator Thune?

                 STATEMENT OF HON. JOHN THUNE, 
                 U.S. SENATOR FROM SOUTH DAKOTA

    Senator Thune. Thank you, Mr. Chairman, and I want to thank 
all the panelists.
    We are all encouraged by the substantial growth and the 
wonderful technology we have today in the mobile marketplace. 
But it does, you know, obviously raise questions and concerns 
about how the developing industry is impacting consumer 
protection and privacy. And so, having all these--access to all 
these things in the palm of your hand is a wonderful tool.
    And then there is a lot of competition to create the new, 
best, greatest thing, which is part of our entrepreneurial 
spirit in America. But we want to make sure that when we do it, 
we do it in a way that does appropriately protect consumers 
online without stifling that innovation and growth.
    So I want to direct a question, if I might, to Mr. 
Davidson, and it has to do with this FTC recently alleged that 
Google had violated the FTC Act inappropriately--by 
inappropriately collecting Gmail user information to populate 
Google's Buzz social network. According to the FTC, Google's 
action led to its Gmail users receiving contact with 
individuals whom they had serious concerns about.
    Could you talk a little bit about how Google has responded 
to the FTC on that matter?
    Mr. Davidson. Absolutely. You know, as I said in my 
testimony, we hold ourselves to high standards on providing 
transparency and choice control to our users. And the situation 
that you allude to, where the launch of our Buzz product didn't 
meet those standards was very confusing for our users.
    We think we have fixed it relatively quickly. In a matter 
of days, we had changed the product. But we had been in a 
longer conversation with the FTC about it afterwards and then, 
relatively recently, entered into a consent decree with them.
    We have agreed to, for the next 20 years, put our money 
where our mouth is, and we have signed up for two major things 
here. One is really installing--instilling privacy by design, a 
process in our company for making sure that we are thinking 
about privacy from the earliest moments. And that is going to 
be something that is audited and assessed by an outside auditor 
and reported to the FTC every 2 years for the next 20 years.
    The second thing is that we have agreed that we are going 
to get affirmative consent from users for any new sharing of 
information. And those are two very powerful things, and I 
think those are the kinds of things we said we would do and had 
agreed to do, but now we have got a consent decree with the FTC 
to show our users that we are going to do it for the next 20 
years.
    Senator Thune. Do you think that some of those particulars 
that you talked about might be considered a best practice for 
other companies to consider?
    Mr. Davidson. You know, I think that is something probably 
better addressed to other companies. I know that there are a 
lot of different models out there. We think that this was the 
right thing for Google and for our users, and so we have 
adopted this agreement with the FTC. And I leave it to others 
to decide what is right for other companies.
    Senator Thune. OK. I am concerned that if companies agree 
to implement more restrictive privacy controls, that there are 
still individuals who are going to try and hack into mobile 
devices and apps to collect user information for third-party 
users. It just seems that mobile devices and apps are far more 
susceptible to hackers and to those types of deceptive 
activities.
    And this is a question that any of you feel free to answer. 
Has the industry considered how they can make mobile devices 
and apps more secure, similar to how we, you know, protect our 
home computers with anti-virus software and firewalls, those 
sorts of things? And are we seeing any companies that 
specialize in security for mobile devices and apps?
    Mr. Reed?
    Mr. Reed. On the first part of the question, yes. As a 
matter fact, there is a company called Lookout that is building 
a product for the Android platform that provides security and 
malware detection for the Android platform.
    I mentioned the Android because it is a little different 
than Apple. Apple gives us as developers very little access to 
information of the device itself. They are very restrictive in 
what we in the developer community can ask for in terms of 
information.
    So we--it is a little--it is where you see a lot more in 
the space, in the Android space, where it is more of the wild, 
wild West, and where there is more of a tendency for people to 
do the kinds of malfeasance that you are talking about. So 
Lookout is an example of a company that has come to the fore to 
address the problem that you have stated.
    Mr. Davidson. Yes, we would--so, first of all, I think 
there is a huge amount of energy being put into security. It is 
a great question.
    You won't be surprised that I wouldn't characterize it as 
the wild, wild West.
    [Laughter.]
    Mr. Davidson. I think, actually, our view is actually the 
openness of the platform and the fact that the code is open 
source is actually a major security feature because people 
around the world are able to look and assess the code and 
assess the system and the security architecture and test it all 
the time. And that means that we believe in--you don't get 
security with secrets anymore. You get security with openness.
    The other thing is that there are a huge number of 
features, and we are among the people who are rolling these 
out, and they are being rolled out for the mobile platform, 
things like making sure that there is https encryption by 
default on major products like Google, like Gmail, and it is 
available on Search as well.
    We have added a two-factor authentication on another system 
to Gmail. That means that a password is not enough. You might 
actually to have a device and a password, which I think for 
people who are really concerned about their mail products, this 
is really important.
    And there are a lot of other companies who are rolling 
these kinds of things out as well. So it is a very important 
area, and there is a huge amount of research going into it and 
work going into it.
    Senator Thune. Is there anything that Congress can do to 
help encourage greater protection when it comes to mobile 
devices and apps, or would you rather we stay out of it?
    [Laughter.]
    Mr. Davidson. Well, it is a rapidly evolving area, for 
sure. I think there has been discussion about data breach 
legislation. I think a lot of us, for example, would say that 
that is an area for consideration because there is such a 
patchwork of state laws.
    But I would just recognize there is a huge amount of------
    Senator Thune: It is already happening.
    Mr. Davidson. It is a very dynamic environment right now.
    Senator Thune. OK. All right. Thank you, Mr. Chairman.
    Thank you all very much.
    Senator Pryor. Thank you. Thank you, Senator Thune, for 
being here and asking those great questions.
    I want to thank all of the panelists for being here today. 
I know that when you look at the pleasantness scale, sometimes 
coming before the Senate is way down here. But thank you for 
being here and thank you for testifying.
    And as much as we talked about today, we covered a lot of 
issues. I feel like we still are just kind of at the tip of the 
iceberg here. There is just a lot more to know and to learn and 
for us to weigh through, and we certainly appreciate your all's 
input and your help as we go through this.
    We are going to leave the record open for 2 weeks, and I am 
certain that several will have additional questions and want to 
do some follow-ups. I know I have a few. But we will leave that 
open for 2 weeks, and we would really appreciate you all 
working with the staff and getting that back to us in a timely 
manner.
    Thank you for being here, and we will adjourn the hearing.
    Thank you.
    [Whereupon, at 12:29 p.m., the hearing was adjourned.]
                            A P P E N D I X

           Prepared Statement of Hon. Kay Bailey Hutchinson, 
                        U.S. Senator from Texas
    Thank you, Mr. Chairman, for calling this hearing. Privacy is a 
very complex issue, and today's witnesses will help the Committee 
continue its education on this important subject.
    This hearing will strengthen our understanding of the relationship 
between consumers and the many players that make up the mobile 
communications marketplace, including how personal information is 
collected and used by mobile devices and services.
    It is important to ensure that we fully understand what the impact 
is on consumers who take advantage of mobile communications, and the 
relationship between the utilization of consumer data and the provision 
of advanced, often free services.
    Mobile communication is a rapidly changing marketplace, where new 
technology is constantly advancing and overtaking previously 
groundbreaking technology. This is even truer in the mobile 
marketplace, where the last few years have seen an explosion of highly 
evolved and increasingly capable products.
    For example, mobile apps really just surfaced in 2008, but as we 
will hear on our second panel, the number of available mobile apps will 
likely exceed 500,000 by the end of this year.
    Each of these apps had to be developed, and that development brings 
economic benefits to our economy and the creation of jobs. Now more 
than ever, we should be encouraging sectors of our economy that show 
this kind of promise for continued job creation.
    With these new technologies have come new and increased recognition 
of privacy concerns for consumers who use online products and services.
    Consumers are understandably wary of products that they may not 
fully understand, and of what companies do with the information about 
consumers that they gather.
    This concern has come to the forefront with several high-profile 
incidents involving collection of consumer information. The attention 
those incidents received has served to raise public awareness that 
their information may be collected and used.
    This increased attention has also made many consumers more 
conscious about privacy policies and practices when utilizing new 
products and services.
    The marketplace appears to be responding to those concerns. Some 
companies have already started taking steps to improve privacy policies 
so they will no longer be merely screens of complicated information 
that a consumer quickly clicks through to get to the next screen, or to 
the desired application.
    Many consumers are more aware of data collection activities and are 
looking for how a company treats their data. As a result, privacy 
policies and robust protection policies have become a selling point for 
many new technologies.
    It is a positive development that several industries are working to 
create self-regulatory guidelines and best practices related to 
consumer privacy.
    In response to the FTC's call in 2009, the Digital Advertising 
Alliance created self-regulatory principles governing the collection 
and use of information online.
    Also, a majority of Web browsers are implementing various methods 
to allow consumers to prevent their online activity from being tracked.
    In the mobile space, there are already privacy safeguard 
certifications available for mobile apps, and the app community is 
coming together to create its own set of privacy guidelines.
    This is how the market is supposed to work--a consumer concern was 
identified and industry is working to address that concern.
    While it is probably to early to determine if these market 
developments will work to fully meet consumer privacy needs, it is also 
too soon to assume that they won't.
    Another area of concern has been the impact that these new 
technologies have on children. As technology users become increasingly 
younger, we must be mindful of the special needs those users have and 
work to ensure their privacy is protected.
    I am interested to hear from the FTC today about its ongoing review 
of the Children's Online Privacy Protection Act, and how that applies 
in the mobile space. It will also be helpful to hear from the companies 
on our second panel how they handle young customers, and what they do 
to ensure their privacy is protected.
    One of the most effective means of protecting children is ensuring 
parents are educated about what their kids are doing. That can be a 
challenge in the technology space, as many of todays' kids know much 
more about mobile communications than their parents ever will.
    There is a real need to provide parents with information that they 
can trust, that is easy to understand, and that is easy to apply in 
monitoring their children's activity.
    I am interested to hear from all of our witnesses what they are 
each doing to promote consumer education, specifically for parents.
    As legislators, we have an important role in shining light on and 
investigating important issues to consumers. I believe we are 
appropriately filling that role in relations to privacy, and commend 
the Chairman for his continued commitment to ensuring our Committee is 
educated about these issues.
    It will be important going forward that we continue to learn about 
this complicated topic so we can better understand how this complex 
system works, and what the potential ramifications of any new 
regulatory action would be.
    I want to thank all of our witnesses for being here today, and I 
look forward to a productive hearing.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. John F. Kerry to 
                            David C. Vladeck
    Question 1. What is your general impression of the legislation on 
privacy that has been introduced in Congress thus far?
    Answer. Although the Commission has not taken a position on general 
privacy or Do Not Track legislation, legislation introduced to date, 
including the Commercial Privacy Bill of Rights, the Do Not Track Act 
of 2011, and the Do Not Track Kids Act of 2011, all represent 
significant progress in addressing important privacy concerns while 
ensuring continued robust development and growth of new services. I 
support the fundamental goals of each of these pieces of legislation, 
respectively, to improve transparency and consumer choice over 
information collection, use, and sharing practices, to provide 
transparency and consumer choice regarding tracking, and to provide 
privacy protections for children and teens.

    Question 2. Your answer to this question is important for helping 
us frame the debate and how you view it. For the record, when a company 
or organization collects someone's information, do you believe that the 
information is at that point the collector's or is the collector simply 
a steward of people's information and that the people on whom 
information is collected should retain some rights and authority over 
that information?
    Answer. The courts have not spoken on the issue of who owns this 
data. But regardless of who legally owns the data, we believe it is in 
both consumers' and business's interest for companies to maintain 
privacy-protective practices. Maintaining privacy protection can help 
build consumer trust in the marketplace. To achieve this goal, 
companies should not collect data unless they have a legitimate 
business need to do so; safeguard the data they maintain, in order to 
keep it from falling into the wrong hands; and dispose of it once they 
no longer have a legitimate business need to keep up. In addition, they 
should provide consumers with simple ways to exercise choices about 
privacy and make sure that their information collection and use 
practices are transparent.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. John F. Kerry to 
                              Bret Taylor
    Question 1. What is your general impression of the legislation on 
privacy that has been introduced in Congress thus far?
    Answer. At Facebook, we are constantly innovating to give people 
clear control over what they share and with whom. We believe that any 
legislative or regulatory proposal should protect both consumer privacy 
and the innovation of new products and services, which is essential to 
economic growth and job creation.
    We are pleased, for example, that the Kerry-McCain legislation 
acknowledges that there is a difference between entities that have an 
established relationship with their users--a relationship that enables 
users to understand how their data is used and hold companies 
accountable for misuse--and those that may be gathering data without a 
consumer's knowledge or consent. We do, however, have some remaining 
concerns--for instance, how the bill defines ``sensitive information'' 
in a social media context where people are proactively sharing 
information about themselves; how limitations on ``third parties'' 
could restrict innovation and growth in our vibrant developer 
community; and how various provisions could impact important business 
partner relationships. We look forward to working with your office on 
these and other concerns to ensure that the bill encourages companies 
to advance users' understanding and control over their information 
while maintaining providers' and developers' ability to innovate.
    There have also been a number of proposals in Congress that 
advocate a ``do not track'' feature. We have concerns about those 
proposals that focus on data collection limitations without regard to 
the nature of the business relationship and the intended uses of data. 
A properly crafted do-not-track proposal would focus on the data 
practices of entities that do not directly engage with users, and that 
thus are not accountable to them.
    In addition, it is essential that any do-not-track implementation 
specifically define what kind of ``tracking'' is prohibited. Some 
collection of information might be defined as ``tracking'' under a 
legislative proposal, but might not be a practice that users would 
intend to block by expressing a do-not-track preference. For example, a 
website may use historical login data that it has collected for account 
security purposes: if our systems detect login attempts from Belarus 
for a Facebook account that is usually accessed from an IP address in 
Washington, D.C., the ``tracking'' that alerts us to that situation 
allows us to activate safeguards intended to ensure that the individual 
accessing the account is in fact the account owner. That ``tracking'' 
isn't problematic and shouldn't be blocked by a user's do-not-track 
preference; to the contrary, it's necessary to our efforts to provide a 
safe and secure service.

    Question 2. Your answer to this question is important for helping 
us frame the debate and how you view it. For the record, when a company 
or organization collects someone's information, do you believe that the 
information is at that point the collector's or is the collector simply 
a steward of people's information and that the people on whom 
information is collected should retain some rights and authority over 
that information?
    Answer. User privacy, safety, and control are at the center of 
every product decision at Facebook. People control when, how and with 
what friends, websites and applications they want to connect to share 
their data, and at any time, they can remove that data or break those 
connections. Users own the information they share on Facebook and they 
can download or delete their data, modify and review their privacy and 
sharing settings at any time, or delete their accounts.

    Question 3. How would you compare what Senator McCain and I are 
proposing to the regime you operate under in Europe or other parts of 
the world?
    Answer. We are pleased that your proposal attempts to strike a 
balance between user control and economic growth and innovation, both 
of which are essential. Although many privacy laws and regulations in 
Europe and elsewhere also seek this balance, we think the critical step 
made by your legislation is the recognition that context matters: a 
company that has established, direct relationships with its users 
should not be regulated in the same way as entities that collect data 
as third parties to a user-website relationship--entities without a 
direct relationship to the user who may be gathering data without the 
knowledge or consent of the user and without any user control over the 
data collected.
    As I noted above, we look forward to working with you and Senator 
McCain to ensure that your bill strikes the critical balance between 
encouraging innovation and ensuring people have control over the 
information they share online.

    Question 4. Mr. Taylor, in your testimony, you state that before 
you institute proposed changes to your privacy policy you put them for 
comment for your users and if a threshold of comments is reached, you 
put the changes out for a vote. And you state, ``Time and again, 
Facebook has shown itself capable of correcting course in response to 
individual suggestions and we will continue to be receptive to that 
feedback.'' When you change your privacy policy, does it change how you 
use or how people can access information you have previously collected 
and if so, shouldn't that require an opt-in choice if there is any 
question that the change would have affected whether or not that person 
would have given you their information in the first instance?
    Answer. At Facebook, we're continually creating innovative tools 
and experiences that deliver new and unique value and benefits. We 
bring this same spirit of innovation to communicating with users about 
our services and giving them tools to understand exactly how our 
service works; we want people on Facebook to be able make informed 
decisions about whether to use Facebook and what to share with their 
friends and the world around them.
    As you noted in your question, before we institute changes to our 
privacy policy, we present the proposed changes to our users and offer 
them an opportunity to comment on them. If there is significant 
engagement on the proposal, we put it to a vote of all Facebook users; 
even if a vote isn't triggered by the comment process, we review and 
are receptive to the feedback we receive. We believe that this notice 
and comment process--which notifies people about proposed changes and 
gives them an opportunity to comment on them before they take effect--
is unique in the industry.
    We also recently announced--and invited feedback on--a new format 
for our privacy policy that we think can serve as a model for the 
industry. This new format involves interactive features, tips, and 
educational materials, all of which are designed to make our privacy 
policy not only informative and accurate, but easily understandable as 
well. So far, the feedback on this ``privacy policy 2.0'' has been 
overwhelmingly positive, and we expect to formally adopt that new 
format in the near future. Right now, these initiatives stand alone in 
the industry, but we hope that our efforts in this area--both our 
notice-and-comment process and our reformatted privacy policy--can 
serve as a model for other companies that, like us, want to go the 
extra mile in communicating with users about how they use information.
    Most revisions to our privacy policy attempt to better explain our 
practices to users: as our products and services evolve, so do our 
notices. It is rarely the case that we would revise our privacy policy 
in a manner that would enable us to retroactively change the audience 
that can view information that has already been shared on Facebook. 
With that said, should a change materially alter something fundamental 
about how we access, collect, or use information that has previously 
been shared on Facebook, we would consider additional notice and 
consent mechanisms. This is a fact specific analysis, based on the 
practices and the services offered.
    It is also important to note that outside the confines of our 
privacy policy, we routinely communicate how products work through 
``roosters'' that update users about new or enhanced features either 
when the users arrive on Facebook or when they use a particular 
product. How these special messages are distributed--appearing on the 
top right corner of the homepage, through Facebook messages, through 
blog posts, or other communication channels--is a highly contextual, 
fact-specific question. But be assured that we don't hesitate to use 
those options when we determine that changes should be explained so 
that people understand the products we provide and any information 
sharing or use associated with those products.

    Question 5. When a Facebook user visits one of your partner sites, 
say the New York Times, are they ever tracked on that website in a way 
that is not visible and known to them?
    Answer. Privacy is a responsibility we share with our global 
community of users, advertisers, and the developers of applications and 
websites that connect to our Platform. As part of this shared 
responsibility, we believe that everyone who participates on the 
Facebook Platform should commit to the same robust standards of 
transparency and user control.
    Your question specifically relates to websites that connect with 
the Facebook Platform. When a third party deploys a Facebook social 
plugin on its website, it does so to enable its viewers to link their 
on-site experience with their Facebook experience. These features allow 
users to interact and share in ways never before possible through 
Facebook technology that allows logged-in Facebook users to interact 
directly with Facebook while on the third party site. For direct 
interactions (e.g., by clicking a like or recommend button), the user 
is interacting with Facebook the same way she would if she was on 
facebook.com. In cases where someone visits a third party site and does 
not ``interact'' with the social plugin, Facebook only uses collected 
information to generate anonymous or aggregate reports, which are used 
to learn more about the Internet and make our products and services 
better.
    Facebook's terms prohibit website or application developers who 
integrate with the Facebook Platform from directly or indirectly 
transferring any Facebook user data to third parties such as ad 
networks, data brokers, and the like. Except for limited basic account 
information, which along with all data is subject to the developer's 
privacy policy, the data accessed through Facebook when a Facebook user 
connects to an application may only be used within the application 
unless the user provides express consent to the application.
    Questions about any data collection or tracking that websites other 
than Facebook might engage in are, of course, best directed to those 
websites. The New York Times, for example, has a lengthy privacy policy 
that includes a comprehensive discussion entitled ``What Information Do 
We Gather About You?'' \1\ When Facebook users visit the New York Times 
website, non-Facebook actions taken on the site--clicking ads or 
filling out forms, for example--are governed by the New York Times' 
privacy policies, not Facebook's. However, for our part, we require 
that developers that integrate with the Facebook Platform post and 
adhere to their own privacy policy that tells users what user data they 
are going to collect and how they will use, display, share, or transfer 
that data.
---------------------------------------------------------------------------
    \1\  http://www.nytimes.com/content/help/rights/privacy/policy/
privacy-policy.html.

    Question 6. Mr. Taylor, Facebook has grown to more than 600 million 
users. I don't think that there is another social network that comes 
close in terms of size and scope. Doesn't that mean that if you want to 
access this world of people with all the benefits you list, then you 
don't really have a choice just to switch to another social network if 
Facebook privacy practices cause you concern right?
    Answer. People unquestionably have choice when it comes to 
connecting with others and expressing themselves online. Hundreds of 
millions of people use services other than Facebook to connect, to 
micro-blog, to share photos and other details of their lives, and to 
identify and consume content online and off. In the U.S., these 
services include Twitter, LinkedIn, MySpace, Diaspora, Picasa, Tumblr, 
Blogger, Wordpress, Path, Ping, Foursquare, Gowalla, and many others. 
Internationally, Orkut, Tuente, Studi VZ, V Kontakte, Ren Ren and a 
host of others are popular and growing quickly.
    As recently as two years ago, MySpace was perceived to be the 
nation's leading social network and Facebook was the upstart. Virtually 
every day, the media reports news of another social media initiative--
either from established technology companies such as Google or Apple, 
or from new, aggressive, and often well-funded competitors. Facebook, 
in short, operates in a robustly competitive environment that keeps us 
highly motivated to innovate and to continue providing people with 
services they find meaningful.
    We have developed the Facebook Platform in a manner that enhances 
competition and fosters that motivation. As I explained in my 
testimony, the Facebook Platform is, at a conceptual level, modeled on 
the open architecture of the Internet. We permit--indeed, encourage--
developers to launch applications that provide users with new and 
innovative social experiences, even where those experiences are similar 
to features we provide on facebook.com. To pick just one example, 
numerous location-sharing services--Foursquare and Gowalla, to name 
some--have integrated with the Facebook Platform, which has helped them 
grow. Those services directly compete with our own location-sharing 
service, and their presence on the Facebook Platform provides 
additional assurance that we will remain highly competitive and 
innovative. If we don't--not just in location sharing, but also in 
photos, messaging, micro-blogging, and other services--users will go 
elsewhere.
    The same is true with respect to the privacy controls we provide to 
users. Facebook's mission is to make the world more open and connected. 
The explosive growth of Facebook and the many sharing sites listed 
above shows that people around the world believe in that goal as well: 
people want to share, they want to stay connected with their friends 
and families, and they want to feel connected to the world around them. 
We think that the best way to encourage that sharing is by giving users 
control over what and how they share, and with whom.
    We care deeply about privacy, and we are continually innovating to 
make controls clearer, more direct, and easier to find and use. We 
think that's the right thing to do, and, at least as important, staying 
competitive demands it. If we stumble--either because our service is 
not engaging or because people believe they lack control--they will 
turn elsewhere. Although there are many other websites that offer 
social networking services, we are committed to leading the charge in 
the industry in how people control their information, and we think the 
user trust that results from that leadership is one of the key reasons 
we have been successful to date. People tacitly acknowledge these 
efforts with continued use of our product, and they explicitly 
acknowledge it too: an October 2010 study by TRUSTe indicated that the 
vast majority of parents and teens understand how privacy works on 
Facebook.
    But as your question acknowledges, we can't please everyone. 
Although we think there are enormous benefits to being a part of our 
open and connected global network, those benefits are predicated on a 
willingness to share some basic information and connect with others. 
Some people are resistant to sharing and connecting online, and they 
may be uncomfortable with even the very limited mandatory information 
that is displayed on every account. We feel that it isn't a lack of 
competition that prevents those individuals from enjoying the benefits 
of Facebook and other social media.
    That said, as I mentioned before, we are always working to make our 
privacy controls more powerful and easier to use and understand, so 
that even people who may have reservations about sharing at the 
outset--or those with less sophisticated Internet and computer skills--
feel comfortable on Facebook. That continuous improvement and user 
education are essential for our business in a competitive and rapidly 
changing market, and they are a critical part of our mission to make 
the world more open and connected.
                                 ______
                                 
   Responses to Written Questions Submitted by Hon. John F. Kerry to 
                              Morgan Reed
    Question 1. What is your general impression of the legislation on 
privacy that has been introduced in Congress thus far?
    Answer. Currently, Congress is considering at least 7 different 
privacy related bills, ranging from narrow bills dealing with just 
geolocation, to more comprehensive privacy efforts. Given the broad 
scope, it seems best to talk about the characteristics found in the 
legislation that are beneficial to our technology ecosystem, and those 
that may hinder us:
    Most of the bills in Congress today take a technology focused, 
rather than data focused, approach. With the exception of the Kerry-
McCain bill, nearly all other privacy legislation in the 112th Congress 
begins from the premise that new technology somehow requires new or 
different law. he fact remains that your location is tracked by the 
swipecard at the grocery store even though a smartphone with GPS was 
never used--and I am not required to ``opt-in'' anew every time use my 
customer card even though it is collecting my location data. Likewise, 
mail-order catalogs are often tailored to each recipient, despite any 
``opt-in'' preferences or requests from the resident. We believe the 
holistic approach represented in Kerry-McCain is more effective, and 
does not disadvantage new technologies.
    Many of the bills in Congress do not adequately address the need 
for FTC resources to enforce new provisions, at the same time the FTC 
is not even beginning to fully enforce existing privacy laws like 
COPPA. Since passage of COPPA in 2000, the FTC has brought roughly a 
dozen actions against high profile sites, barely more than one a year. 
Yet FTC's inaction has not been because the Web has become a perfectly 
compliant environment. Every child advocacy group could provide 
Congress a list of dozens of non-COPPA compliant sites run by 
legitimate organizations--the FTC simply lacks the resources to build a 
case and prosecute the violators.
    Finally, some of the legislation, specifically bills addressing 
``Do Not Track'' create technologically unworkable, and potentially 
deceptive problems. This is because a Do Not Track list is very 
different from the highly successful Do Not Call list. Since consumers 
have few phone numbers, and such numbers are static, it was easily 
implemented. On the other hand, a Do Not Track list requires the 
collection of information about every Web browser, mobile device, and 
application a consumer uses. This can be dozens if not hundreds of 
different identifiers. Furthermore, these are not static values in the 
same way a phone number is; consumers and developers can change and 
delete software cache and preferences. Also, FTC Commissioners have 
raised concerns that use of ``Do Not Track'' may be deceptive \1\ since 
under a Do Not Call, the consumer receives no advertisements. However, 
under a Do Not Track, the consumer still sees ads, perhaps more ads, 
just not ones that are based on their interests.
---------------------------------------------------------------------------
    \1\ See FTC Staff Report, Protecting Consumer Privacy in an Era of 
Rapid Change: A Proposed Framework for Business and Policymakers, 
Concurring Statement of Commissioner J. Thomas Rosch, page E-1.
---------------------------------------------------------------------------
    We ask that when deciding how to proceed, you remember that the 
provision of many of the $1 or free applications available to users is 
predicated on the collection, use, and sharing of non-sensitive 
information by the default. We support a customers' right to opt-out of 
such collection, but many of the bills allow the FTC to determine the 
default for consent to the sharing of non-sensitive information with 
third parties. Since the FTC is on record as expressing that the 
default should be an ``opt-in'' to consent,\2\ this would force apps 
developers to charge higher prices, provide less content, or even stop 
developing. Furthermore, the default opt-in requirement locks in 
existing businesses' control of the market while inhibiting new 
entrants. Under an opt-in regime, established businesses can more 
easily completely consumers to opt-in to data sharing. And other large 
businesses like Google, can simply purchase third parties, making them 
first parties, completely circumventing any laws preventing third-party 
sharing.
---------------------------------------------------------------------------
    \2\ See Comments of Jessica Rich, Deputy Director of the FTC's 
Bureau of Consumer Protection on Google-Buzz Settlement.

    Question 2. Your answer to this question is important for helping 
us frame the debate and how you view it. For the record, when a company 
or organization collects someone's information, do you believe that the 
information is at that point the collector's or is the collector simply 
a steward of people's information and that the people on whom 
information is collected should retain some rights and authority over 
that information?
    Answer. The question of information ownership vs. information 
stewardship depends in large part on the type of information held. It 
is important to note that even within the context of information 
regarding an individual's use of a product, sensitive data (financial 
or health) is already governed by separate laws (GLB and HIPPA 
respectively).
    Ownership confers a property right that often cannot truly be 
executed on information that may be in the public domain. It's like the 
old riddle, ``What is very personal that you share with everyone and 
everyone else uses more than you? Your name.'' I can't ban its use by 
others, I can't stop people from calling it to me in public, yet I 
think most of us feel some level of possession over our name. Therefore 
information about a person is hard to structure in the same way we 
would ``ownership'' of the shovel that sits in my garage.
    The courts, however, have determined that certain intellectual 
property rights do accrue to information about something or someone 
that has been merged with other data to create a new information 
product. Analysts can look at public business records and then combine 
that information with independent research to create a copyrightable 
product. Other court cases have addressed the ownership of customer 
lists, and the treatment of such data as an asset. Finally, FASB has 
rules governing the treatment of customer lists as an asset.\3\ 
Therefore, we see information pertaining to how a consumer uses my 
product as the property of the business.
---------------------------------------------------------------------------
    \3\ FASB 141 (ASC 805)
---------------------------------------------------------------------------
    The product's creator is allowed to know and keep the information 
that you used the product, and what specifically you did while you were 
using the product. For example if it's a Web page, the developer of the 
page should be allowed to know what pages have been visited by what IP 
addresses, or for a mobile game developer to know what level you've 
finished. If the site or game provides for registering, then it is 
reasonable and fair for the product's creator to keep the information 
that ``[email protected] has made it to level 12''.
    The next category of information is ``reference data.'' Information 
that might not be about the use of my product, but which companies are 
allowed to collect and maintain control. For example, you cannot be 
allowed to own information to the degree that you could remove just the 
problem areas in a credit report, or to submit a false address into the 
DMV. However, there is a need for the organizations and companies that 
collect ``reference data'' to keep the information accurate, and have 
reasonable procedures to correct data that is wrong. Companies in this 
regard may still own the data, but have greater responsibility to allow 
me to see the data they possess. For that reason, Congress has passed 
FCRA, GLB, HIPPA and other legislation that grants the person whose 
data is in question to play a part in ensuring accuracy.
    One of the more interesting questions regarding ``ownership'' deals 
with location information. The news reports regarding the collection of 
GPS information on mobile devices is a bit unnerving, but do I ``own'' 
my location? If I am standing in front of the grocery store and a 
friend sees me, do I ``own'' that bit of information? When I use my 
grocery store swipecard inside the store, which stores the time of my 
purchase as well as the location of the store (and even the specific 
register I passed though), do I own that? In both cases the answer is 
no. When standing outside on the street, I have no expectation of 
privacy; I expect that others can see me. And when I sign up for a 
swipecard, I expect that the grocery store is going to collect, and 
even sell, the information. This example holds true for mobile devices. 
Apps that broadcast my location as part of their key functionality is 
the same as standing on the street--I expect that I will be seen, and 
even desire it. An app that uses advertising as the funding mechanism, 
and alerts me to the collection of location information, is like a 
swipecard that gives me discounted prices in exchange for my 
information.
    Note that this information in question is often given to the 
recipient from the user in return for services from the recipient. For 
example, the a user will give the Washington Post their e-mail address, 
zip code, gender, birth year, job industry, title, and responsibility 
in exchange for access to the Washington Post's content. In essence, 
the Washington Post is buying the rights to this content from the user 
for the price of the newspaper's content. Likewise, using a ``Savings 
Card'' at Safeway enables the store to collect information about users' 
buying habits and then resell that information. Safeway then gives some 
of the earned money back to consumers through discounted products.
    By allowing this transaction, we allow users to monetize their 
personal information and trade it for goods and services.

    Question 3. Mr. Reed, in your testimony you question the need for 
new legislation given the FTC's current authority and you argue against 
a new law that only targets app providers. I agree that our work should 
be comprehensive but have some questions for you about the adequacy of 
the FTC's current authority. Is it your opinion that app providers 
today are complying with fair information practice principles absent 
any new law?
    Answer. Most apps developers are making best efforts to ensure the 
proper collection, use, and protection of consumers' data. They are 
undertaking this not primarily because of the legal ramifications, but 
more significantly the business implications that come with a breach of 
customer trust. Apps developers know that the trust of the their 
customers is paramount, especially with so many competitors in the 
market.
    The focus of The United States Federal Trade Commission's Fair 
Information Practice Principles (FIPs) has always been on those who 
actually collect data, and independent research shows that the vast 
majority of mobile apps do not collect any personal data; thereby 
complying with FIPs. That said, some areas of data collection are 
unclear, and we all await the upcoming FTC rulemaking to help 
developers understand how best to follow the FIPs, for those apps 
developers who still need to improve their compliance, ACT is 
developing methods to assist them.
    ACT is releasing this upcoming week its Privacy Policy Guidelines 
for Apps Developers. ACT will follow up with model privacy policies. 
Finally, ACT is creating a custom privacy policy generator for apps 
developers.

    Question 3a. Does the FTC have the authority to mandate that app 
providers secure the information they collect or provide consumers with 
specific information about why that information is collected and how it 
will be used and distributed?
    Answer. First, the information we are talking about here is non-
financial, non-health information (that is already covered under GLB 
and HIPPA). So really, the question is, does the FTC have authority 
over non-sensitive information that apps developers collect.
    I believe the FTC already has the requisite authority to ensure 
that apps developers properly treat the non-sensitive information they 
collect under section 5 of the FTC Act. This is supported by the FTC 
Staff Report--Protecting Consumer Privacy in an Era of Rapid Change: A 
Proposed Framework for Business and Policymakers--Concurring Statement 
of Commissioner J. Thomas Rosch:

        Moreover, Section 5 liability could not be avoided by eschewing 
        a privacy notice altogether both because that would generally 
        be competitive suicide and because that course would be 
        deceptive in that it would entail a failure to disclose 
        material facts.

        A privacy notice that is opaque or fails to disclose material 
        facts (such as the fact that consumer information may be shared 
        with third parties) is deceptive under Section 5. That is 
        particularly true if the sharing of the information may cause 
        tangible harm. Moreover, Section 5 liability could not be 
        avoided by eschewing a privacy notice altogether both because 
        that would generally be competitive suicide and because that 
        course would be deceptive in that it would entail a failure to 
        disclose material facts.

    Therefore the FTC can and does already have the authority to ensure 
that data is properly protected, even when collected by apps 
developers.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. John F. Kerry to 
                          Catherine A. Novelli
    Question 1. What is your general impression of the legislation on 
privacy that has been introduced in Congress thus far?
    Answer. As we outlined in detail in our May 19, 2011 testimony, 
Apple has demonstrated an unwavering commitment to giving our own 
customers clear and transparent notice, choice and control over their 
personal information. Apple has adopted a single comprehensive privacy 
policy for all its businesses and products, including the iTunes Store 
and the App Store. Apple's Privacy Policy, written in easy-to-read 
language, details what information Apple collects and how Apple and its 
partners and licensees may use the information. The Policy is available 
from a link on every page of Apple's website.
    While Apple does not have a public position on any specific privacy 
legislation currently before the Congress, we do strongly agree that 
any company or organization with access to customers' personal 
information should give its customers clear and transparent notice, 
choice and control over their information. We have made this a strict 
licensing requirement for all of our app developers. We also share your 
concerns about the potential misuse of all customer data, and we 
believe that we have instituted policies and procedures that encourage 
third-party app developers to go well beyond disclosures written in an 
online privacy policy. Apple remains committed to working with the 
Congress, as well as with our technology industry colleagues and our 
trade associations in the private sector, to continue to identify the 
very best approaches for addressing consumer online privacy 
protections.

    Question 2. Your answer to this question is important for helping 
us frame the debate and how you view it. For the record, when a company 
or organization collects someone's information, do you believe that the 
information is at that point the collector's or is the collector simply 
a steward of people's information and that the people on whom 
information is collected should retain some rights and authority over 
that information?
    Answer. As stated in Apple's response to ``Witnesses Question 1'' 
above, Apple is committed to giving our customers clear and transparent 
notice, choice and control over their personal information. Apple 
agrees further that any company or organization with access to 
customers' personal information should give its customers clear and 
transparent notice, choice and control over their information. We have 
made this a strict licensing requirement for all of our app developers.
    Apple has taken steps to help customers understand where their 
information is going and to provide customers with greater control over 
it. As stated clearly in our Privacy Policy, Apple makes it quite easy 
for our customers to access their own personal information provided to 
Apple. We provide our customers with secure access to their Apple 
account information to help ensure that the information is accurate, 
complete and up to date. We state clearly that we only retain 
information for the period of time necessary to fulfill the purposes 
outlined in our Privacy Policy unless a longer retention period is 
required or permitted by law.
    Equally important, Apple takes precautions--including 
administrative, technical and physical measures--to safeguard our 
customers' personal information against loss, theft, and misuse, as 
well as against unauthorized access, disclosure, alteration, and 
destruction. To make sure personal information remains secure, we 
communicate our privacy policy and security guidelines to Apple 
employees and strictly enforce privacy safeguards within the company.
    Apple is always investigating new ways to improve our customers' 
experiences, including helping customers learn more about Apple's 
privacy policy and the privacy protections available on Apple mobile 
devices.

    Question 3. Ms. Novelli, Apple has a good story to tell about the 
privacy protections it applies for its direct customers. In your 
testimony, you list 9 bullet points of privacy requirements that you 
impose on third party application developers for them operate on your 
platform. Is it your position that consumers do not have to worry about 
their information being distributed without their knowledge or consent 
by app providers because of the licensing agreement that those 
developers sign with you?
    Answer. As we detailed in our May 19, 2011 testimony, Apple 
believes strongly that all third-party app developers with apps that 
collect information from users must provide clear and complete 
information to customers regarding the collection, use and disclosure 
of any user or device data. We not only make this mandatory in our 
licensing agreements, we also have documented in the App Store Review 
Guidelines a set of technical, content, and design criteria that every 
app must satisfy before Apple will accept the app for inclusion in the 
App Store. A copy of the Guidelines is attached to these responses.
    Under these Guidelines, apps cannot transmit data about a user 
without obtaining the user's prior permission and providing the user 
with access to information about how and where the data will be used. 
Further, we strictly prohibit the use of any analytics software in an 
application that collects and sends device data to a third party. Apps 
submitted to Apple for inclusion in the App Store that fail to meet 
these requirements are returned to the developer and are not offered in 
the App Store until the deficiencies are corrected.
    Once an app is downloaded, the user's exchange of personal 
information within that app is between the user and the app developer. 
We make this clear in our privacy policy that once an app has been 
downloaded from the App Store, the information exchanged between the 
user and the app is governed by the privacy practices of the app's 
developer.
    At the same time, Apple employees from several internal groups, or 
teams, are responsible for addressing issues that arise with apps that 
are available in the App Store. In addition to our own internal 
scrutiny, Apple relies heavily on communications from other App Store 
users, competitors, and industry observers to alert Apple of an app 
that is operating outside of Apple's Guidelines. Whenever such a case 
is brought to Apple's attention, either through internal vigilance or 
by an external party, Apple investigates and provides the developer 
with an opportunity to remediate. If no correction is made, Apple 
removes the app from the App Store.

    Question 4. You state that as part of the licensing agreement, app 
developers have to explain their privacy practices to users yet both 
the WSJ and the Future of Privacy Forum have found that a significant 
percentage of app providers have no privacy policy at all. How do you 
reconcile those two facts?
    Answer. As we stated in our May 19, 2011 testimony, Apple launched 
the App Store in July 2008 where customers may shop and acquire 
applications offered by third-party developers for the iPhone, iPad and 
iPod touch. As of June 6, 2011, the App Store includes more than 
425,000 third-party applications covering a wide variety of areas 
including news, games, music, travel, health, fitness, education, 
business, sports, navigation and social networking. Because the 
overwhelming majority of these apps do not collect any information 
whatsoever from any user at any time, Apple has not mandated that its 
third-party developers incur both the legal expense and the burdensome 
administrative costs associated with issuing and maintaining a privacy 
policy unnecessarily--an expense that could well be prohibitive for a 
small struggling software developer or a teenager in his bedroom with 
only a MacBook and an idea.
    For those apps that do collect information, however, our licensing 
agreement with developers prohibits any application from collecting 
user or device data without prior user consent. We also make it 
abundantly clear in our licensing agreement that developers, 
irrespective of size of business or age, must provide clear and 
complete information to users regarding their apps' collection, use and 
disclosure of user or device data. While many developers comply simply 
by adding a link to their online privacy policy, others have chosen to 
disclose this information by adding a pop-up dialogue box for the user 
to see when launching the app for the first time. We strictly prohibit 
the use of any analytics software in an application that collects and 
sends device data to a third party. Our licensing agreement also 
requires that apps comply with all applicable privacy and data 
collection laws and regulations regarding the use or transmission of 
user and device data, including location-based information. Apple's 
requirements are intended to provide the user with the most useful 
information that meets our strict transparency and disclosure 
requirements, but we also have chosen not to dictate the means by which 
that information is delivered to the user.
    Because location information can be particularly sensitive, in 
addition to all the developer privacy and collection disclosure 
requirements described above, Apple has built a feature directly into 
the iOS that requires explicit customer consent when any application 
requests location-based information for the first time. When an 
application requests the information, a dialog box appears stating: 
``[Application] would like to use your current location.'' The customer 
is asked: ``Don't Allow'' or ``OK.'' If the customer clicks on ``Don't 
Allow,'' no location-based information will be provided to the 
application. This iOS dialogue box is mandatory--neither Apple's 
applications nor those of third parties are permitted to override it. 
For those customers that consent to allow an app to use their location 
information, an arrow glyph alerts them in real-time that an 
application is using or has recently used location-based information. 
Again, as we explained in more detail in our May 19, 2011 testimony, 
this consent for location services by an app can be given and rescinded 
on an app-by-app basis quite easily, and very transparently.

    Question 5. Shouldn't all collectors of people's information be 
bound by fair information practice principles as a matter of law and if 
not, why not?
    Answer. Once again, as we outlined in detail in our May 19, 2011 
testimony and in response to Question 1 above, Apple clearly has 
demonstrated an unwavering commitment to giving our own customers clear 
and transparent notice, choice and control over their personal 
information. We believe our products do this in a simple and elegant 
way. While Apple does not have a public position on any specific 
privacy legislation currently before the Congress, we do strongly agree 
that any company or organization with access to customers' personal 
information should give its customers clear and transparent notice, 
choice and control over their information. We have made this a strict 
licensing requirement for all of our app developers. We also share the 
Committee's concerns about the potential misuse of all customer data, 
and we believe that we have instituted policies and procedures that 
encourage third-party app developers to go well beyond disclosures 
written in an online privacy policy. Apple remains committed to working 
with the Congress, as well as with our technology industry colleagues 
and our trade associations in the private sector, to continue to 
identify the very best approaches for addressing consumer online 
privacy protections.

    Question 6. In your testimony you state that Apple reviews all 
applications prior to adding them to the App store to ensure that they 
run properly and do not contain malicious code. Could you not also 
check whether they have a privacy policy with stated practices that 
comply with your licensing agreement?
    Answer. Apple does check whether apps submitted for approval comply 
with the terms of our licensing agreement. For the reasons outlined in 
detail in our response to Question 4 above, Apple does not require a 
written privacy policy from developers when an app does not collect 
information from users. Again, for those apps that do collect 
information, Apple's app developer privacy requirements are intended to 
provide the user with the most useful information that meets our strict 
transparency and disclosure requirements, but we also have chosen not 
to dictate the means by which that information is delivered to the 
user.
    Apple performs a rigorous review of every app submitted based on a 
set of technical, content and design criteria. The review criteria are 
documented in Apple's App Store Review Guidelines for iOS apps, which 
is made available to every app developer. The Guidelines include myriad 
requirements, including requirements about an app's functionality, and 
use of location or personal information. For example, the Guidelines 
state that:
4. Location
    4.1 Apps that do not notify and obtain user consent before 
collecting, transmitting, or using location data will be rejected
    . . .
    4.4 Location data can only be used when directly relevant to the 
features and services provided by the app to the user or to support 
approved advertising uses
    . . .
16. Objectionable content
    16.1 Apps that present excessively objectionably or crude content 
will be rejected
    16.2 Apps that are primarily designed to upset or disgust users 
will be rejected
    . . .
17. Privacy
    17.1 Apps cannot transmit data about a user without obtaining the 
user's prior permission and providing the user with access to 
information about how and where the data will be used
    17.2 Apps that require users to share personal information, such as 
e-mail address and data of birth, in order to function will be rejected
    17.3 Apps that target minors for data collection will be rejected
    . . .
18 Pornography
    18.1 Apps containing pornographic material, defined by Webster's 
Dictionary as ``explicit descriptions or displays of sexual organs or 
activities intended to stimulate erotic rather than aesthetic or 
emotional feelings,'' will be rejected
    18.2 Apps that contain user generated content that is frequently 
pornographic (ex ``Chat Roulette'' alls) will be rejected
    On average, Apple rejects approximately 30 percent of the apps 
initially submitted for consideration. The most common reasons for 
rejection relate to functionality issues, such as the app crashing, 
exhibiting bugs, or not performing as advertised by the developer. But 
Apple will reject an app for violating any of the criteria set forth in 
the Guidelines and/or any of the provisions of the developer's 
agreements with Apple.
    When Apple rejects an app, most developers respond by correcting 
the issue or issues that led to Apple rejection so that the app may 
ultimately be accepted. Apple will not, however, accept any app in the 
App Store unless and until the developer and app are in full compliance 
with Apple's criteria and the developer agreements.
    Similarly, Apple will remove from the App Store any app that is 
determined to be in violation of any of these requirements. Some of the 
most common reasons for removal of an app from the App Store relate to 
an app's violation of some other party's intellectual property rights, 
violation of some law, or use of objectionable content.
    [Apple's App Store Review Guidelines are offered below.]
App Store Review Guidelines
Introduction
    We're pleased that you want to invest your talents and time to 
develop applications for iOS. It has been a rewarding experience--both 
professionally and financially--for tens of thousands of developers and 
we want to help you join this successful group. We have published our 
App Store Review Guidelines in the hope that they will help you steer 
clear of issues as you develop your app and speed you through the 
approval process when you submit it.
    We view Apps different than books or songs, which we do not curate. 
If you want to criticize a religion, write a book. If you want to 
describe sex, write a book or a song, or create a medical app. It can 
get complicated, but we have decided to not allow certain kinds of 
content in the App Store. It may help to keep some of our broader 
themes in mind:

   We have lots of kids downloading lots of apps, and parental 
        controls don't work unless the parents set them up (many 
        don't). So know that we're keeping an eye out for the kids.

   We have over 350,000 apps in the App Store. We don't need 
        any more Fart apps. If your app doesn't do something useful or 
        provide some form of lasting entertainment, it may not be 
        accepted.

   If your App looks like it was cobbled together in a few 
        days, or you're trying to get your first practice App into the 
        store to impress your friends, please brace yourself for 
        rejection. We have lots of serious developers who don't want 
        their quality Apps to be surrounded by amateur hour.

   We will reject Apps for any content or behavior that we 
        believe is over the line. What line, you ask? Well, as a 
        Supreme Court Justice once said, ``I'll know it when I see 
        it''. And we think that you will also know it when you cross 
        it.

   If your app is rejected, we have a Review Board that you can 
        appeal to. If you run to the press and trash us, it never 
        helps.

   If you attempt to cheat the system (for example, by trying 
        to trick the review process, steal data from users, copy 
        another developer's work, or manipulate the ratings) your apps 
        will be removed from the store and you will be expelled from 
        the developer program.

   This is a living document, and new apps presenting new 
        questions may result in new rules at any time. Perhaps your app 
        will trigger this.

    Lastly, we love this stuff too, and honor what you do. We're really 
trying our best to create the best platform in the world for you to 
express your talents and make a living too. If it sounds like we're 
control freaks, well, maybe it's because we're so committed to our 
users and making sure they have a quality experience with our products. 
Just like almost all of you are too.
Table of Contents




1.                    Terms and conditions
2.                    Functionality
3.                    Metadata, ratings and rankings
4.                    Location
5.                    Push notifications
6.                    Game Center
7.                    iAds
8.                    Trademarks and trade dress
9.                    Media content
10.                   User interface
11.                   Purchasing and currencies
12.                   Scraping and aggregation
13.                   Damage to device
14.                   Personal attacks
15.                   Violence
16.                   Objectionable content
17.                   Privacy
18.                   Pornography
19.                   Religion, culture, and ethnicity
20.                   Contests, sweepstakes, lotteries, and raffles
21.                   Charities and contributions
22.                   Legal requirements


1. Terms and conditions




1.1                   As a developer of applications for the App Store
                       you are bound by the terms of the Program License
                       Agreement (PLA), Human Interface Guidelines
                       (HIG), and any other licenses or contracts
                       between you and Apple. The following rules and
                       examples are intended to assist you in gaining
                       acceptance for your app in the App Store, not to
                       amend or remove provisions from any other
                       agreement.


2. Functionality




2.1                   Apps that crash will be rejected
2.2                   Apps that exhibit bugs will be rejected
2.3                   Apps that do not perform as advertised by the
                       developer will be rejected
2.4                   Apps that include undocumented or hidden features
                       inconsistent with the description of the app will
                       be rejected
2.5                   Apps that use non-public APIs will be rejected
2.6                   Apps that read or write data outside its
                       designated container area will be rejected
2.7                   Apps that download code in any way or form will be
                       rejected
2.8                   Apps that install or launch other executable code
                       will be rejected
2.9                   Apps that are ``beta'', ``demo'', ``trial'', or
                       ``test'' versions will be rejected
2.10                  iPhone apps must also run on iPad without
                       modification, at iPhone resolution, and at 2X
                       iPhone 3GS resolution
2.11                  Apps that duplicate apps already in the App Store
                       may be rejected, particularly if there are many
                       of them, such as fart, burp, flashlight, and Kama
                       Sutra apps.
2.12                  Apps that are not very useful, are simply websites
                       bundled as apps, or do not provide any lasting
                       entertainment value may be rejected
2.13                  Apps that are primarily marketing materials or
                       advertisements will be rejected
2.14                  Apps that are intended to provide trick or fake
                       functionality that are not clearly marked as such
                       will be rejected
2.15                  Apps larger than 20MB in size will not download
                       over cellular networks (this is automatically
                       prohibited by the App Store)
2.16                  Multitasking apps may only use background services
                       for their intended purposes: VoIP, audio
                       playback, location, task completion, local
                       notifications, etc.
2.17                  Apps that browse the web must use the iOS WebKit
                       framework and WebKit Javascript
2.18                  Apps that encourage excessive consumption of
                       alcohol or illegal substances, or encourage
                       minors to consume alcohol or smoke cigarettes,
                       will be rejected
2.19                  Apps that provide incorrect diagnostic or other
                       inaccurate device data will be rejected
2.20                  Developers ``spamming'' the App Store with many
                       versions of similar apps will be removed from the
                       iOS Developer Program
2.21                  Apps that are simply a song or movie should be
                       submitted to the iTunes store. Apps that are
                       simply a book should be submitted to the
                       iBookstore.
2.22                  Apps that arbitrarily restrict which users may use
                       the app, such as by location or carrier, may be
                       rejected
 


3. Metadata (name, descriptions, ratings, rankings, etc.)


 

3.1                   Apps or metadata that mentions the name of any
                       other mobile platform will be rejected
3.2                   Apps with placeholder text will be rejected
3.3                   Apps with descriptions not relevant to the
                       application content and functionality will be
                       rejected
3.4                   App names in iTunes Connect and as displayed on a
                       device should be similar, so as not to cause
                       confusion
3.5                   Small and large app icons should be similar, so as
                       to not to cause confusion
3.6                   Apps with app icons and screenshots that do not
                       adhere to the 4+ age rating will be rejected
3.7                   Apps with Category and Genre selections that are
                       not appropriate for the app content will be
                       rejected
3.8                   Developers are responsible for assigning
                       appropriate ratings to their apps. Inappropriate
                       ratings may be changed/deleted by Apple
3.9                   Developers are responsible for assigning
                       appropriate keywords for their apps.
                       Inappropriate keywords may be changed/deleted by
                       Apple
3.10                  Developers who attempt to manipulate or cheat the
                       user reviews or chart ranking in the App Store
                       with fake or paid reviews, or any other
                       inappropriate methods will be removed from the
                       iOS Developer Program
3.11                  Apps which recommend that users restart their iOS
                       device prior to installation or launch may be
                       rejected
3.12                  Apps should have all included URLs fully
                       functional when you submit it for review, such as
                       support and privacy policy URLs


4. Location


 

4.1                   Apps that do not notify and obtain user consent
                       before collecting, transmitting, or using
                       location data will be rejected
4.2                   Apps that use location-based APIs for automatic or
                       autonomous control of vehicles, aircraft, or
                       other devices will be rejected
4.3                   Apps that use location-based APIs for dispatch,
                       fleet management, or emergency services will be
                       rejected
4.4                   Location data can only be used when directly
                       relevant to the features and services provided by
                       the app to the user or to support approved
                       advertising uses


5. Push notifications


 

5.1                   Apps that provide Push Notifications without using
                       the Apple Push Notification (APN) API will be
                       rejected
5.2                   Apps that use the APN service without obtaining a
                       Push Application ID from Apple will be rejected
5.3                   Apps that send Push Notifications without first
                       obtaining user consent will be rejected
5.4                   Apps that send sensitive personal or confidential
                       information using Push Notifications will be
                       rejected
5.5                   Apps that use Push Notifications to send
                       unsolicited messages, or for the purpose of
                       phishing or spamming will be rejected
5.6                   Apps cannot use Push Notifications to send
                       advertising, promotions, or direct marketing of
                       any kind
5.7                   Apps cannot charge users for use of Push
                       Notification
5.8                   Apps that excessively use the network capacity or
                       bandwidth of the APN service or unduly burden a
                       device with Push Notifications will be rejected
5.9                   Apps that transmit viruses, files, computer code,
                       or programs that may harm or disrupt the normal
                       operation of the APN service will be rejected


6. Game Center


 

6.1                   Apps that display any Player ID to end users or
                       any third party will be rejected
6.2                   Apps that use Player IDs for any use other than as
                       approved by the Game Center terms will be
                       rejected
6.3                   Developers that attempt to reverse lookup, trace,
                       relate, associate, mine, harvest, or otherwise
                       exploit Player IDs, alias, or other information
                       obtained through the Game Center will be removed
                       from the iOS Developer Program
6.4                   Game Center information, such as Leaderboard
                       scores, may only be used in apps approved for use
                       with the Game Center
6.5                   Apps that use Game Center service to send
                       unsolicited messages, or for the purpose of
                       phishing or spamming will be rejected
6.6                   Apps that excessively use the network capacity or
                       bandwidth of the Game Center will be rejected
6.7                   Apps that transmit viruses, files, computer code,
                       or programs that may harm or disrupt the normal
                       operation of the Game Center service will be
                       rejected


7. iAds


 

7.1                   Apps that artificially increase the number of
                       impressions or click-throughs of ads will be
                       rejected
7.2                   Apps that contain empty iAd banners will be
                       rejected
7.3                   Apps that are designed predominantly for the
                       display of ads will be rejected


8. Trademarks and trade dress


 

8.1                   Apps must comply with all terms and conditions
                       explained in the Guidelines for Using Apple
8.2                   Trademarks and Copyrights and the Apple Trademark
                       List
8.3                   Apps that suggest or infer that Apple is a source
                       or supplier of the app, or that Apple endorses
                       any particular representation regarding quality
                       or functionality will be rejected
8.4                   Apps which appear confusingly similar to an
                       existing Apple product or advertising theme will
                       be rejected
8.5                   Apps that misspell Apple product names in their
                       app name (i.e., GPS for Iphone, iTunz) will be
                       rejected
8.6                   Use of protected 3rd party material (trademarks,
                       copyrights, trade secrets, otherwise proprietary
                       content) requires a documented rights check which
                       must be provided upon request
8.6                   Google Maps and Google Earth images obtained via
                       the Google Maps API can be used within an
                       application if all brand features of the original
                       content remain unaltered and fully visible. Apps
                       that cover up or modify the Google logo or
                       copyright holders identification will be rejected


9. Media content


 

9.1                   Apps that do not use the MediaPlayer framework to
                       access media in the Music Library will be
                       rejected
9.2                   App user interfaces that mimic any iPod interface
                       will be rejected
9.3                   Audio streaming content over a cellular network
                       may not use more than 5MB over 5 minutes
9.4                   Video streaming content over a cellular network
                       longer than 10 minutes must use HTTP Live
                       Streaming and include a baseline 64 kbps audio-
                       only HTTP Live stream


10. User interface


 

10.1                  Apps must comply with all terms and conditions
                       explained in the Apple iOS Human Interface
                       Guidelines
10.2                  Apps that look similar to apps bundled on the
                       iPhone, including the App Store, iTunes Store,
                       and iBookstore, will be rejected
10.3                  Apps that do not use system provided items, such
                       as buttons and icons, correctly and as described
                       in the Apple iOS Human Interface Guidelines may
                       be rejected
10.4                  Apps that create alternate desktop/home screen
                       environments or simulate multi-app widget
                       experiences will be rejected
10.5                  Apps that alter the functions of standard
                       switches, such as the Volume Up/Down and Ring/
                       Silent switches, will be rejected
10.6                  Apple and our customers place a high value on
                       simple, refined, creative, well thought through
                       interfaces. They take more work but are worth it.
                       Apple sets a high bar. If your user interface is
                       complex or less than very good, it may be
                       rejected


11. Purchasing and currencies


 

11.1                  Apps that unlock or enable additional features or
                       functionality with mechanisms other than the App
                       Store will be rejected
11.2                  Apps utilizing a system other than the In App
                       Purchase API (IAP) to purchase content,
                       functionality, or services in an app will be
                       rejected
11.3                  Apps using IAP to purchase physical goods or goods
                       and services used outside of the application will
                       be rejected
11.4                  Apps that use IAP to purchase credits or other
                       currencies must consume those credits within the
                       application
11.5                  Apps that use IAP to purchase credits or other
                       currencies that expire will be rejected
11.6                  Content subscriptions using IAP must last a
                       minimum of 7 days and be available to the user
                       from all of their iOS devices
11.7                  Apps that use IAP to purchase items must assign
                       the correct Purchasability type
11.8                  Apps that use IAP to purchase access to built-in
                       capabilities provided by iOS, such as the camera
                       or the gyroscope, will be rejected
11.9                  Apps containing ``rental'' content or services
                       that expire after a limited time will be rejected
11.10                 Insurance applications must be free, in legal-
                       compliance in the regions distributed, and cannot
                       use IAP
11.11                 In general, the more expensive your app, the more
                       thoroughly we will review it
11.12                 Apps offering subscriptions must do so using IAP,
                       Apple will share the same 70/30 revenue split
                       with developers for these purchases, as set forth
                       in the Developer Program License Agreement.
11.13                 Apps that link to external mechanisms for
                       purchases or subscriptions to be used in the app,
                       such as a ``buy'' button that goes to a website
                       to purchase a digital book, will be rejected
11.14                 Apps can read or play approved content
                       (specifically magazines, newspapers, books,
                       audio, music, and video) that is subscribed to or
                       purchased outside of the app, as long as there is
                       no button or external link in the app to purchase
                       the approved content. Apple will not receive any
                       portion of the revenues for approved content that
                       is subscribed to or purchased outside of the app


12. Scraping and aggregation


 

12.1                  Applications that scrape any information from
                       Apple sites (for example from apple.com, iTunes
                       Store, App Store, iTunes Connect, Apple Developer
                       Programs, etc) or create rankings using content
                       from Apple sites and services will be rejected
12.2                  Applications may use approved Apple RSS feeds such
                       as the iTunes Store RSS feed
12.3                  Apps that are simply web clippings, content
                       aggregators, or a collection of links, may be
                       rejected


13. Damage to device


 

13.1                  Apps that encourage users to use an Apple Device
                       in a way that may cause damage to the device will
                       be rejected
13.2                  Apps that rapidly drain the device's battery or
                       generate excessive heat will be rejected


14. Personal attacks


 

14.1                  Any app that is defamatory, offensive, mean-
                       spirited, or likely to place the targeted
                       individual or group in harms way will be rejected
14.2                  Professional political satirists and humorists are
                       exempt from the ban on offensive or mean-spirited
                       commentary


15. Violence


 

15.1                  Apps portraying realistic images of people or
                       animals being killed or maimed, shot, stabbed,
                       tortured or injured will be rejected
15.2                  Apps that depict violence or abuse of children
                       will be rejected
15.3                  ``Enemies'' within the context of a game cannot
                       solely target a specific race, culture, a real
                       government or corporation, or any other real
                       entity
15.4                  Apps involving realistic depictions of weapons in
                       such a way as to encourage illegal or reckless
                       use ofsuch weapons will be rejected
15.5                  Apps that include games of Russian roulette will
                       be rejected


16. Objectionable content


 

16.1                  Apps that present excessively objectionable or
                       crude content will be rejected
16.2                  Apps that are primarily designed to upset or
                       disgust users will be rejected


17. Privacy


 

17.1                  Apps cannot transmit data about a user without
                       obtaining the user's prior permission and
                       providing the user with access to information
                       about how and where the data will be used
17.2                  Apps that require users to share personal
                       information, such as e-mail address and date of
                       birth, in order to function will be rejected
17.3                  Apps that target minors for data collection will
                       be rejected


18. Pornography


 

18.1                  Apps containing pornographic material, defined by
                       Webster's Dictionary as ``explicit descriptions
                       or displays of sexual organs or activities
                       intended to stimulate erotic rather than
                       aesthetic or emotional feelings'', will be
                       rejected
18.2                  Apps that contain user generated content that is
                       frequently pornographic (ex ``Chat Roulette''
                       apps) will be rejected


19. Religion, culture, and ethnicity


 

19.1                  Apps containing references or commentary about a
                       religious, cultural or ethnic group that are
                       defamatory, offensive, mean-spirited or likely to
                       expose the targeted group to harm or violence
                       will be rejected
19.2                  Apps may contain or quote religious text provided
                       the quotes or translations are accurate and not
                       misleading. Commentary should be educational or
                       informative rather than inflammatory


20. Contests, sweepstakes, lotteries, and raffles


 

20.1                  Sweepstakes and contests must be sponsored by the
                       developer/company of the app
20.2                  Official rules for sweepstakes and contests, must
                       be presented in the app and make it clear that
                       Apple is not a sponsor or involved in the
                       activity in any manner
20.3                  It must be permissible by law for the developer to
                       run a lottery app, and a lottery app must have
                       all of the following characteristics:
                       consideration, chance, and a prize
20.4                  Apps that allow a user to directly purchase a
                       lottery or raffle ticket in the app will be
                       rejected


21. Charities and contributions


 

21.1                  Apps that include the ability to make donations to
                       recognized charitable organizations must be free
21.2                  The collection of donations must be done via a
                       website in Safari or an SMS


22. Legal requirements


 

22.1                  Apps must comply with all legal requirements in
                       any location where they are made available to
                       users. It is the developer's obligation to
                       understand and conform to all local laws
22.2                  Apps that contain false, fraudulent or misleading
                       representations will be rejected
22.3                  Apps that solicit, promote, or encourage criminal
                       or clearly reckless behavior will be rejected
22.4                  Apps that enable illegal file sharing will be
                       rejected
22.5                  Apps that are designed for use as illegal gambling
                       aids, including card counters, will be rejected
22.6                  Apps that enable anonymous or prank phone calls or
                       SMS/MMS messaging will be rejected
22.7                  Developers who create apps that surreptitiously
                       attempt to discover user passwords or other
                       private user data will be removed from the iOS
                       Developer Program
22.8                  Apps which contain DUI checkpoints that are not
                       published by law enforcement agencies, or
                       encourage and enable drunk driving, will be
                       rejected


Living document
    This document represents our best efforts to share how we review 
apps submitted to the App Store, and we hope it is a helpful guide as 
you develop and submit your apps. It is a living document that will 
evolve as we are presented with new apps and situations, and we'll 
update it periodically to reflect these changes.
    Thank you for developing for iOS. Even though this document is a 
formidable list of what not to do, please also keep in mind the much 
shorter list of what you must do. Above all else, join us in trying to 
surprise and delight users. Show them their world in innovative ways, 
and let them interact with it like never before. In our experience, 
users really respond to polish, both in functionality and user 
interface. Go the extra mile. Give them more than they expect. And take 
them places where they have never been before. We are ready to help.
     Apple, 2011
                                 ______
                                 
   Response to Written Questions Submitted by Hon. John F. Kerry to 
                             Alan Davidson
    Question 1. What is your general impression of the legislation on 
privacy that has been introduced in Congress thus far?
    Answer. With respect to specific legislation, we salute the work of 
Senators Kerry and McCain to develop a comprehensive approach to 
privacy based on the same principles of transparency, control, and 
security we apply to our own services. We look forward to continued 
conversations about all of the privacy bills that have been introduced 
by members of the Committee as these bills evolve.
    Google also supports ongoing Congressional work in two other areas 
which will strengthen Americans' privacy protections and provide 
consistency for providers. First, we applaud Congress' efforts to 
promote uniform, reasonable security principles, including data breach 
notification procedures, to ensure that the bad acts of criminal 
hackers or inadequate security on the part of companies do not 
undermine consumer trust for all services. Second, we support the 
efforts underway to update the Electronic Communications Privacy Act, 
the U.S. law governing government access to stored communications, to 
accord with the reasonable expectations of users of cloud computing 
services.
    In general, Google supports the development of a comprehensive, 
baseline privacy framework that can ensure broad-based user trust and 
will support continued innovation. Key considerations for any such 
approach include even-handed application to all personal data 
regardless of source or means of collection, recognition of both the 
benefits and costs of legislating, particularly actual harm to users 
and compliance costs, and consistency of privacy rules across 
jurisdictions. In general, Google does not favor a siloed approach to 
privacy law that focuses singularly on current technology or specific 
business models, such as location information or ``Do Not Track'' 
advertising privacy proposals. Instead, providers and consumers need 
consistent, baseline principles that will apply both to these issues 
and those to come in the future.

    Question 2. Your answer to this question is important for helping 
us frame the debate and how you view it. For the record, when a company 
or organization collects someone's information, do you believe that the 
information is at that point the collector's or is the collector simply 
a steward of people's information and that the people on whom 
information is collected should retain some rights and authority over 
that information?
    Answer. When you store your personal information online, we believe 
you should retain control of that data. This is why, for instance, we 
offer the Google Dashboard, (www.google.com/dashboard), to provide 
users with a one-stop, easy-to-use control panel to manage the use and 
storage of personal information associated with their Google accounts. 
In the Dashboard, a user can see, edit and delete the personally 
identifiable data stored with her individual Google account.
    Providing our users with control over their personal information 
must also mean giving them the ability to take data with them if they 
decide to leave. In 2007 an engineering team at Google started the Data 
Liberation Front (http://www.dataliberation.org) to ensure that users 
are able to easily move their data in and out of Google products. The 
critical insight of the Data Liberation Front engineers was a 
recognition that users should never have to use a service unless they 
are able to easily retrieve the content they created with that service 
at no additional cost beyond what they're already paying for it. 
Starting with our Gmail service and now covering more than 25 Google 
products where users create and store personal information, these 
engineers have built tools to allow our users to ``liberate'' data if 
they choose to switch providers or to stop using one of our services.
    Data portability has benefits for our users and for Google. First, 
our product teams know just how easy it is for their users to move to a 
competitor's product, and understand that their success depends upon 
continuing to be responsive to privacy and product concerns and acting 
quickly to address them. Second, allowing our users the freedom to 
leave honors our commitment to put users in control. We believe that 
this kind of ``user empowerment by design'' is an effective means of 
ensuring respect for user privacy without chilling innovation.

    Question 3. In your testimony, you state that location sharing on 
Android devices is strictly opt-in for your users, with clear notice 
and control. You go on to state that is how location services should 
work. Do the application providers using the Android platform share 
that belief and why can't you require them to comply with that 
principle?
    Answer. While we cannot speak on behalf of application developers, 
Google indeed requires every Android application to obtain the consent 
of the user prior to enabling access to location data via the device. 
The Android operating system uses a permissions model in which the user 
is automatically informed of certain types of information an 
application will be able to access (see the figure of the permissions 
screen below). An application can only access the device's GPS location 
or the device's network location if it displays a notice for this 
permission to the user at time of installation. The user may choose to 
trust the application by completing the installation or the user may 
choose to cancel the installation. However, the Android platform does 
not have the ability to control the behavior of third party developers 
or how they handle location information and other user information that 
the third party application obtains from the device.


    In addition to the permissions structure of Android, developers 
that upload applications to the Android Market must agree to the 
Android Market developer agreement (http://www.android.com/us/
developer-distribution-agreement.html), pursuant to which developers 
agree to comply with applicable laws and to protect the privacy rights 
of users. The specific relevant language is as follows:

        4.2 You agree to use the Market only for purposes that are 
        permitted by (a) this Agreement and (b) any applicable law, 
        regulation or generally accepted practices or guidelines in the 
        relevant jurisdictions (including any laws regarding the export 
        of data or software to and from the United States or other 
        relevant countries).

        4.3 You agree that if you use the Market to distribute 
        Products, you will protect the privacy and legal rights of 
        users. If the users provide you with, or your Product accesses 
        or uses, user names, passwords, or other login information or 
        personal information, you must make the users aware that the 
        information will be available to your Product, and you must 
        provide legally adequate privacy notice and protection for 
        those users. Further, your Product may only use that 
        information for the limited purposes for which the user has 
        given you permission to do so. If your Product stores personal 
        or sensitive information provided by users, it must do so 
        securely and only for as long as it is needed. But if the user 
        has opted into a separate agreement with you that allows you or 
        your Product to store or use personal or sensitive information 
        directly related to your Product (not including other products 
        or applications) then the terms of that separate agreement will 
        govern your use of such information. If the user provides your 
        Product with Google Account information, your Product may only 
        use that information to access the user's Google Account when, 
        and for the limited purposes for which, the user has given you 
        permission to do so.

    Android Market is built on the principle of openness, with the goal 
of encouraging innovation and user choice. With this principle in mind, 
Google does not pre-screen applications before they are made available 
by developers to users of Android Market. But we will remove 
applications when we are notified about, or otherwise discover, 
applications that violate our developer agreement or policies. As of 
May 31, 2011, Google is removing an average of 250-300 applications per 
day from Android Market due to violations of our developer agreement or 
policies.
    Google also strongly encourages application developers to use best 
practices for handling user data (http://android-
developers.blogspot.com/2010/08/best-practices-for-handling-
android.html), including recommendations that developers publish 
privacy policies and give users choice regarding data collection.
    Many Android applications, however, are offered via other 
application stores or directly from the developers' websites. Since 
these applications are not offered through the Android Market, their 
developers are not subject to the Android Market developer agreement. 
But the permissions model described above and in our testimony would 
still apply (as this is a technical function of the Android operating 
system).
    Note that because of the open source nature of the Android 
operating system, a device manufacturer can modify the Android 
operating system and can build an Android device without any 
involvement by Google. The response to this question and the questions 
below only relate to unmodified versions of the Android operating 
system as released by Google.

    Question 4. In your testimony, you state that all applications 
using the Android operating system are prohibited from collecting user 
location information without the user's consent and without the user 
being informed of the types of information an application will be able 
to access. But then you go on to say that Google ``does not and cannot 
control the behavior of third party applications.'' If you can control 
that they get consent and inform users on what is being collected, why 
can't you require them commit to not transferring that information to 
third parties without consent or require them to place reasonable 
retention limits on the information they collect or apply any of the 
other fair information practice principles?
    Answer. As we discussed in the previous answer, the Android 
operating system uses a permissions model in which the user is 
automatically informed of certain types of information an application 
will be able to access. Once that permission is granted however, the 
operating system does not have the ability to control the behavior of 
third party developers or how they handle location information and 
other user information that the third party application obtains from 
the device.
    While there is no technical means of limiting the use of data 
collected by application developers, as discussed above, developers 
that upload applications to the Android Market must agree to the 
Android Market developer agreement, pursuant to which developers agree 
to comply with applicable laws and to protect the privacy rights of 
users.

    Question 4a. If you are not going to take responsibility for non-
Google owned and operated application providers, shouldn't they as well 
as you, be subject to some legal code of conduct to ensure fair 
information practice principles are respected?
    Answer. As discussed above, Google supports the development of a 
comprehensive privacy framework that applies baseline principles 
uniformly across entities that collect personal data and across 
jurisdictions. We look forward to working with the Committee and others 
in Congress on this issue.
    In the meantime, Google strongly supports the development of codes 
of conduct and other mechanisms to push application developers to adopt 
practices that preserve user privacy and engage in responsible data 
collection and use. The mobile application industry can and should 
model the self-regulatory effort in the online advertising and 
publishing industries, which brought together hundreds of stakeholders 
to create uniform, enforceable standards for notice and control over 
targeted ads. Google has been deeply involved in that effort, and 
similarly hopes to work with other platform companies, app developers, 
and mobile carriers to better ensure transparency, user control, and 
security in this nascent industry.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. John F. Kerry to 
                         Amy Guggenheim Shenkan
    Question 1. What is your general impression of the legislation on 
privacy that has been introduced in Congress thus far?
    Answer. Common Sense Media is gratified to see the growing amount 
of focus that legislators in both chambers and on both sides of the 
aisle are bringing to this crucial issue.
    Privacy is important to all Americans, but we believe it is 
especially important for kids and teens. So while we appreciate the 
focus on overall privacy rights, we would also like to see more 
emphasis on parents' rights to protect the privacy of their children, 
and on better tools and information that will help parents exercise 
those rights.

    Question 2. Your answer to this question is important for helping 
us frame the debate and how you view it. For the record, when a company 
or organization collects someone's information, do you believe that the 
information is at that point the collector's or is the collector simply 
a steward of people's information and that the people on whom 
information is collected should retain some rights and authority over 
that information?
    Answer. Our personal information belongs to each of us. We may 
authorize a company or organization to use our personal information, 
but it remains ours, and those companies or organizations have an 
obligation to be careful stewards of our information. Unfortunately, 
too many companies have demonstrated lately that they are not careful 
stewards, and that needs to change.
                                 ______
                                 
          Prepared Statement of Fran Maier, President, TRUSTe
    Chairman Pryor, Ranking Member Toomey, and distinguished members of 
the Subcommittee--my name is Fran Maier, and I am President of TRUSTe, 
the world's leading provider of online privacy solutions. On behalf of 
TRUSTe, I applaud the Subcommittee's efforts and inquiries around 
protecting consumer privacy in today's mobile marketplace, as this is a 
topic that continues to present challenges for American consumers and 
companies providing products and services in the mobile ecosystem. We 
appreciate the opportunity to provide testimony on the issues, as well 
as results from two research studies that TRUSTe recently conducted, 
and that may be of interest:

   TRUSTe's survey of 1,000 smartphone users, conducted 
        together with Harris Interactive, that focuses on user 
        attitudes toward smartphone privacy.\1\
---------------------------------------------------------------------------
    \1\ TRUSTe recently released the results of a nationwide Harris 
Interactive survey of one thousand smart phone users, concerning 
privacy and use of mobile applications and mobile websites. More 
details at: http://www.truste.com/why_TRUSTe_privacy_services/harris-
mobile-survey/.

   TRUSTe's analysis of data collection from a sample of the 
        300 most popular apps on the Android, Apple and Blackberry 
---------------------------------------------------------------------------
        mobile platforms (copy attached)

    At TRUSTe, our focus is providing clients with a self-regulatory 
framework that both enhances incentives and encourages innovation 
around the commercial collection and use of consumer data. Based in San 
Francisco, California, we were founded as a non-profit, industry 
association in 1997. In 2008, we converted to for-profit status, with 
venture investment. Today, we certify the online privacy practices of 
over 4,000 web properties across a variety of platforms and services--
including mobile. We provide privacy solutions to companies of all 
sizes--from smaller websites to larger companies with multiple brands 
and online properties.
    TRUSTe supports the recommendations of the FTC and the U.S. 
Department of Commerce around the importance of developing a self-
regulatory framework for online privacy. We believe that a self-
regulatory model, if articulated correctly, is best equipped to deal 
with the privacy challenges posed by the complexity of business models 
in the online and mobile ecosystems.
    Self-regulation works because it is agile enough to address the 
complexity of business practices in dynamic industries--like 
technology--while also preserving incentives for competition and 
innovation in a diverse ecosystem. TRUSTe, like other self-regulatory 
organizations, can detect lapses in the system, when they occur, and 
work directly with a company to resolve them. We also guide companies 
toward more sustainable and consumer-friendly business practices 
helping them re-evaluate and, in some cases, alter their current 
product strategies and implementations.
    At the end of the day however, we also believe that a successful 
self-regulatory program should work in tandem with government 
regulation. TRUSTe works closely with the FTC and other government 
agencies; proactively, around the launch of new products and services 
and in certain rare cases, enforcement referrals.\2\ We also think it 
is important to have strong regulatory enforcement, especially in cases 
where companies willfully disobey self-regulatory requirements to the 
detriment of consumers.
---------------------------------------------------------------------------
    \2\ For instance, in 2008, we referred the case of Classic 
Closeouts to the FTC.
---------------------------------------------------------------------------
    TRUSTe's approach to self-regulation starts with our Program 
Requirements, which form the basis of our privacy seal program. Only 
sealholders and clients who are successfully certified under these 
requirements get to display the TRUSTe seal on their e-mails, 
downloads, mobile applications, and websites (we have provided some 
details about our certification process later in this testimony). In 
addition, we continue to evolve our Program Requirements in response to 
regulatory changes, as well as best practices and technological 
advancements on the desktop and mobile web.
    Earlier this year, we announced major updates to our Program 
Requirements that better address the innovative changes and newer 
business practices we've seen in media and web technologies over the 
past few years: online behavioral advertising, mobile apps and 
marketing and social networking.\3\ We worked closely with our clients, 
including several launching new products and services, to incorporate 
these updated privacy requirements into their existing privacy 
compliance. These updates to TRUSTe's Program Requirements exemplify 
why self-regulation works; at a time when privacy compliance standards 
remain in flux, it's important to have a framework that is both agile 
and relevant enough to provide a company the guidance (and confidence) 
it needs to engage customers and expand business opportunities.
---------------------------------------------------------------------------
    \3\ Updates to TRUSTe's Privacy Seal Program, available at: http://
www.truste.com/privacy-program-requirements/.
---------------------------------------------------------------------------
    TRUSTe has also observed robust growth in the market for self-
regulation during the past year, and believe there are significant 
opportunities for self-regulatory compliance- on both the mobile and 
desktop web. During the past year, TRUSTe has launched three new 
privacy solutions--addressing Online Behavioral Advertising notice and 
choice to consumers,cloud applications and, most relevantly, mobile 
certification. TRUSTe is now the largest provider of the DAA's Self-
Regulatory Program for Online Advertising through its TRUSTed Ads \4\ 
program, which was just launched earlier this year. TRUSTed ads now 
serves more than 10 billion advertising choice icon impressions per 
month, and delivers online behavioral advertising notice and choice to 
consumers.
---------------------------------------------------------------------------
    \4\ TRUSTe is now the largest provider of the Digital Advertising 
Association's Self-Regulatory Program for Online Advertising, serving 
over 100 billion impressions per month. For more details, visit: http:/
/www.truste.com/privacy_seals_and_services/enterprise_privacy/trusted-
ads.html.
---------------------------------------------------------------------------
    In the following sections, I provide some more details about 
TRUSTe--our guiding philosophy, as well as more details about our web 
seal and mobile certification processes.
Truth in Privacy
    Essentially, the TRUSTe philosophy is ``Truth in Privacy''--a 
concept that incorporates transparency, choice and accountability, and 
which aims to bring confidence to all stakeholders--businesses, 
consumers and governments--who view the TRUSTe seal.
    For consumers, Truth in Privacy means:

   Accurate and comprehensive disclosures about personal 
        information collection and/or use, that are readily accessible 
        and in an easy to understand format

   Accessible choices and tools to help users proactively set 
        personal information boundaries

   Direct, meaningful contact between the consumer and either 
        the client/seal holder or TRUSTe, to resolve privacy concerns.

    A recent TRUSTe/TNS brand survey shows that the TRUSTe seal gives 
consumers confidence--a site that displays the TRUSTe seal will follow 
its stated privacy practices.\5\ In some cases, the presence of a 
TRUSTe seal was a deciding factor in whether the user wanted to share 
personal information with a site (or not). And, over 92 percent of 
consumers that used TRUSTe's Watchdog resolution mechanism stated that 
they would recommend the service to a friend.\6\
---------------------------------------------------------------------------
    \5\ TRUSTe--2009 TNS brand survey.
    \6\ TRUSTe monitors compliance by clients and sealholders through 
its consumer complaint mechanism known as Watchdog. The Watchdog 
Dispute resolution mechanism is extremely successful; in a 2010 TRUSTe 
survey, 92.3 percent of consumers that used Watchdog stated that they 
would recommend the service to a friend.
---------------------------------------------------------------------------
    Truth in Privacy also has significance for our clients and 
sealholders. Displaying the TRUSTe seal means that the client or seal 
holder is:

   Developing privacy practices that align with leading 
        industry standards and governing laws

   Providing & honoring consumer choices on personal 
        information collection & use

   Innovating around privacy--developing ``best of breed'' 
        privacy notices, etc.

   Being accountable for stated privacy promises (privacy 
        policy, notice, etc.).

    Governments also recognize the TRUSTe seal as a symbol of consumer 
safety and regulatory compliance, both here in the U.S. and 
internationally. In 2000, TRUSTe became a provider of the EU Safe 
Harbor Privacy services as outlined by the U.S. Department of Commerce 
and the European Union, and we are now the largest provider of EU Safe 
Harbor dispute resolution services. In 2001, the Federal Trade 
Commission approved TRUSTe's COPPA \7\ Kid's Seal Program as an 
authorized safe harbor under the Children's Online Privacy Protection 
Act; today, we are the largest COPPA provider.
---------------------------------------------------------------------------
    \7\ ``COPPA'' refers to the Children's Online Privacy Protection 
Act of 1998, specifically the provisions around safe harbor.
---------------------------------------------------------------------------
TRUSTe Core Program Requirements & Web Seal Certification
    TRUSTe's web seal certification program is a voluntary, self-
regulatory program. Clients and sealholders are first certified against 
a core set of Program Requirements, and then have the option to get 
additional certification in other areas, including mobile privacy.
    TRUSTe charges companies for web privacy certification based on a 
number of factors, including the size of the organization (either 
measured by revenue or pages served), the complexity of their web 
property and privacy practices (we charge more, for example, if there 
are a number of different brands with different websites under one 
company), the volume of data collected and the number of TRUSTe 
certification programs they use (Mobile certification, EU Safe Harbor 
certification, COPPA certification, etc). Thanks in part to technology 
such as our ``automatic privacy policy generator,'' TRUSTe is able to 
deliver cost-effective services to small companies. In our experience, 
however, risk does not always correlate to size; a very small business 
can have incredibly complex data collection and management practices, 
while very large companies can sometimes have very simple data 
practices that may not even entail the collection or use of sensitive 
information.
    TRUSTe certification begins with a direct evaluation of the website 
or application being certified, as well as the attestations and 
representations made by the company seeking certification. To 
supplement our direct evaluation and client attestations, TRUSTe 
employs monitoring technologies that verify compliance e.g., scanners 
that confirm whether cookies are being dropped, whether age information 
is being collected, and whether changes are being made to privacy 
policies. We also employ e-mail seeding and https-encryption of 
sensitive information during transmission, traffic analysis, etc. While 
our focus is privacy compliance, our certification process has also 
helped certain clients and sealholders become aware of important 
security vulnerabilities in their data collection and use systems.
    TRUSTe generally looks at the context of a practice--what type of 
data is being collected and with whom is it being shared--before 
determining the privacy obligations for that practice. For consent, the 
requirements for our website and mobile seal are the same, and differ 
whether the use is by first or third parties. Our Program Requirements 
include specific requirements around notice and choice: express or opt-
in consent is required for all collection of ``sensitive'' data (we 
classify financial, medical and geo-location data as sensitive). We 
also require express consent for third party sharing, when the sharing 
is for the third party's secondary use. Finally, our Program 
Requirements acknowledge the growing reality that companies need to be 
transparent about all data collection, not just personal data 
collection, because discrete data elements (while lacking identifying 
characteristics on their own) can be used in combination to personally 
identify consumers.\8\
---------------------------------------------------------------------------
    \8\ This is a forward thinking perspective that was advanced by FTC 
staff in their recent report. Specifically, staff noted the ``the 
blurring of the distinction between personally identifiable information 
and supposedly anonymous or de-identified information. FTC Staff 
Report, Protecting Consumer Privacy in an Era of Rapid Change (2010), 
available at: http://www.ftc.gov/os/2010/12/101201privacyreport.pdf.
---------------------------------------------------------------------------
    TRUSTe knows that for the most part, our clients and sealholders 
want to elevate trust in their brand through exemplary privacy 
practices. In the dynamically changing world of the desktop and mobile 
web, this is always an evolving process. Nearly all of our clients and 
seal holder applicants will make changes to their existing practices to 
qualify for TRUSTe certification. In some cases, making these changes 
isn't enough for certification; in 2010, over 7 percent of applicants 
for our enterprise certification (those that are not using our more 
automated privacy policy and certification program aimed at smaller 
businesses) did not qualify for TRUSTe certification because they did 
not meet our rigorous certification standards.\9\ TRUSTe also retains 
the option to decline certification or terminate certification in 
situations where we cannot certify an applicant's business model or 
where the applicant's business model is otherwise sufficiently 
problematic to warrant denial. e.g., an application or website 
involving online gambling.
---------------------------------------------------------------------------
    \9\ The exact figure is 7.4 percent--out of a total of 2611 TRUSTe 
clients and sealholders, 193 did not complete certification in 2010.
---------------------------------------------------------------------------
    TRUSTe closely reviews and monitors all business practices prior to 
certification, and checks them again annually upon renewal by the 
client or seal holder. In addition, clients and sealholders are 
required to contact TRUSTe in advance of making material changes to 
their privacy policies or business practices. We initiate compliance 
investigations based on certain events, such as:

   monitoring events resulting from TRUSTe's scanning 
        technology or our independent e-mail seeding of a client or 
        sealholders' e-mail lists

   receiving a Watchdog dispute resolution complaint from a 
        consumer

   press, news reports, regulatory hearings and reports.

    At TRUSTe, we generally reach out to the client and seal holder 
when we first learn of an issue. In some cases, we may precede this 
initial contact with an own independent investigation to determine if 
the issue can be reproduced. In our experience, TRUSTe clients and 
sealholders generally acknowledge and fix issues promptly. In some 
cases, we find that issues are addressed prior to TRUSTe's learning of 
it. Depending on the nature of the issue, the client or seal holder's 
good faith and timely responsiveness, and the timing of expected 
resolution for an issue, TRUSTe may choose not to resort to a formal 
enforcement process e.g., if the issue is fixed before the cure period 
completed. As TRUSTe's privacy solutions are voluntary programs, 
clients and sealholders may choose to terminate certification at any 
time--unless TRUSTe has initiated a formal enforcement proceeding 
against the client and that proceeding remains unresolved.
    To preserve incentives for privacy certification, TRUSTe believes 
that appropriate confidentiality and due process (including the 
opportunity to cure) must be an integral part of any self-regulatory 
framework. Our formal enforcement process consists of three stages:

        1. TRUSTe investigation--including outreach to the client or 
        seal holder in question

        2. Suspension with opportunity to cure--Depending on the 
        results of the TRUSTe investigation, the client or seal holder 
        will be given suspended from the certification program, with 
        the opportunity to cure within an allotted time

        2. Termination--If the client or seal holder does not cure the 
        issue within the allotted time, TRUSTe will issue a Termination 
        for Cause, and end its certification of the client or seal 
        holder in question.

    Depending on the nature of the violation, TRUSTe may take 
additional steps such as publishing the termination and/or referring 
the issue to the attention of a regulatory or other governmental 
agency, including the FTC. Our of our prior FTC referrals was 
ClassicCloseouts in 2008; we assisted the FTC with the investigation, 
and they brought action for permanent injunction and relief against the 
site, ultimately obtaining a $2.08 million settlement to provide 
redress for consumers.
TRUSTe Mobile Certification
    TRUSTe's mobile privacy certification program helps companies 
successfully use technologies such as geo-location, advertising, and 
social networking to improve consumer adoption of their platforms and 
mobile apps.\10\ Clients or sealholders seeking mobile certification 
will first need to comply with our core Program Requirements. The 
specifics of our projected mobile privacy certification platform are 
illustrated in Figure 1, below. We hope to deploy all of these 
certification services within the next few months.
---------------------------------------------------------------------------
    \10\ More details about TRUSTe mobile privacy certification are 
available at: http://www.truste.com/privacy_seals_and_services/
enterprise_privacy/mobile_certification.html.
---------------------------------------------------------------------------
Figure 1--TRUSTe's Mobile Privacy Platform


    Under the TRUSTe mobile certification process (and similar to our 
process for web seal certification), we first review all business 
practices of a mobile web or applicationsite to determine eligibility 
for certification. Once certification is granted, TRUSTe verifies 
compliance with our program requirements through a combination of 
scanning and seeding technology that looks for specific privacy 
``markers'' e.g., are cookies, beacons, scripts or other types of 
targeting or tracking technology being used, what kind of information 
is being collected and is sensitive information being protected. We 
also perform a thorough review of the mobile app or website's privacy 
policy, if available and will require that companies modify their 
privacy statement to reflect current data management practices. For 
mobile apps specifically, we perform a data packet analysis; we analyze 
data transfers to/from the app (and where needed, test for secure 
transfers), confirm data collection practices and identify third party 
data-sharing and transfers.
    Similar to our web seal certification process, TRUSTe generally 
looks to the context of a practice--what type of data is being 
collected by the mobile app or website, is it for first party or third 
party use, etc.--before determining the privacy obligations for that 
practice. Sensitive data that is collected for first-party use requires 
a consumer's express consent before it is shared with third 
parties.\11\ Under TRUSTe's web seal and mobile certification programs, 
we classify geo-location data as sensitive data. This means that TRUSTe 
clients and sealholders must get a user's express or opt-in consent 
before sharing that data with third parties, including third party 
application developers.
---------------------------------------------------------------------------
    \11\ In contrast, we require non-express or ``opt-out'' consent for 
first party collection of non-sensitive data for the first party's use.
---------------------------------------------------------------------------
    TRUSTe also requires notice for all third party data collection and 
use on a mobile device. For collection and use of sensitive data by 
third parties, the consumer's express consent must be obtained. For 
non-sensitive data that will be shared with third parties, a consumer 
must be given notice that the data is going to be shared--either 
through a link to a privacy policy at the point of collection, or a 
check box at the point of collection. If a TRUSTe client or seal holder 
plans to share a consumer's personal information with third parties for 
unexpected purposes, they are also required to provide a Just-in-Time 
notice and opt-out mechanism.
    TRUSTe has also been at the forefront of creating innovative 
solutions that help our clients and sealholders address the challenge 
of presenting a comprehensive privacy notice on the small screen. For 
instance, our mobile short notice format uses a mix of icons and text 
to address key privacy concerns such as the collection and use of geo-
location information on a mobile device. We have provided two examples 
of our mobile short notice, in Figures 2 and 3 below.
Figure 2--TRUSTe Mobile Short Notice for Location Services using Geo-
        location data
        
        
Figure 3--TRUSTe Mobile Short Notice Showing Purposes for Data 
        Collection
        
        
    Currently, examples of TRUSTe certified mobile applications 
include:

        Breastcancer.org (iPhone)

        Callvine (iPhone)

        Lookout (Android)

        Worldmate (Blackberry, mobile web)
TRUSTe--Harris Interactive Mobile Privacy Survey
    As the Subcommittee knows, TRUSTe and Harris Interactive recently 
conducted a nationwide survey of 1,000 smartphone users that focused on 
mobile privacy.\12\ The survey provides important data about consumers' 
mobile privacy attitudes and concerns, while also identifying areas 
where mobile app and operating system developers could do more to 
provide increased privacy protections for consumers. Given the lack of 
relevant research on consumer mobile privacy, TRUSTe had a particular 
interest in conducting the survey: we serve consumers and we wanted to 
know their concerns, so that we could inform our clients and 
sealholders accordingly, while also making necessary revisions to our 
recently launched mobile privacy certification program.
---------------------------------------------------------------------------
    \12\ See TRUSTe: Mobile Privacy User Results, available at: http://
www.truste.com/why_TRUSTe_privacy_services/harris-mobile-survey/.
---------------------------------------------------------------------------
    The key findings of the TRUSTe-Harris survey are illuminating. The 
vast majority of respondents (98 percent) believed that privacy is 
important when using smart phones--in fact, more than 1 in 3 of the 
respondents (38 percent) identified privacy as their number one concern 
when using mobile applications, followed by security (26 percent) and 
identity tracking (19 percent). Most respondents remain concerned about 
targeting and tracking technologies on smart phone devices--
particularly those that collect geo-location data. And, despite 
increased adoption of smart phones in recently years, 1 in 3 
respondents felt that they were in less in control of their personal 
information with a smart phone device.
    Most significantly, the TRUSTe--Harris survey demonstrates the 
extent to which privacy concerns continues to hamper consumer 
engagement on the mobile platform:

   85 percent of the respondents restrict at least some type of 
        information sharing on mobile applications;

   40 percent of the respondents do not use sites that request 
        personal information

   38 percent of the respondents do not access their accounts 
        via a mobile device

   52 percent of the respondents are uncomfortable with the 
        idea of signing in to other apps on their mobile device with 
        another account ID (FB, Twitter), despite convenience

   45 percent of the respondents would not share information 
        about themselves with any company--even for a free or lower 
        cost app

   More than 50 percent of the respondents would not be willing 
        to share their location, address, date of birth on a 
        smartphone; that number jumps to 92 percent when it comes to 
        sharing a contacts list.
TRUSTe Analysis of Mobile Data Collection
    TRUSTe also recently concluded an independent analysis of mobile 
data collection from the top 300 ``free'' apps on the Android, Apple 
and Blackberry mobile platforms. The goal of the analysis was to 
understand the type of data flows on the three most popular mobile 
platforms using a specific methodology that is part of our mobile 
certification process (Figure 4 below).
Figure 4. TRUSTe Mobile Labs--Mobile Privacy Certification Process


    Our analysis yielded some interesting findings about mobile data 
collection practices. Analyzing the types of data collected by sample 
of the 300 most popular apps \13\ on Android, Apple and Blackberry, we 
found that:
---------------------------------------------------------------------------
    \13\ TRUSTe used the following sources to compile its list of the 
300 most popular apps--
Apple: www.148apps.com, Android: 101bestandroidapps.com and 
Androlib.com, Blackberry: Mobile.Blorge and HoneyTechBlog.com.

---------------------------------------------------------------------------
   Most apps (39 percent) collect geo-location data

   Most apps (39 percent) also collect data that allows the 
        user to connect through their mobile device to Facebook, 
        Amazon, Twitter, and other platforms.

   Only 23 percent of the apps had a privacy policy.
Conclusion
    I want to reiterate TRUSTe's belief in self-regulation as the most 
effective way to address the privacy challenges posed by the mobile 
ecosystem. The mobile ecosystem is still in its very early stages; 
legislation or policy that is enacted in haste, or without careful 
thought, could easily freeze the robust innovation we currently see on 
the mobile web.
    Self-regulation also provides us with the information needed to 
adapt a framework to evolving technologies. This is evidenced by our 
recent analysis and research on mobile privacy, conducted as part of 
our certification process. This research has given TRUSTe, our clients 
and sealholders, and our partners, important guidance for further 
product and market development.
    In closing, I'd like to share some of these thoughts--specifically, 
what we think are the five essential requirements for a self-regulatory 
framework to be successful at protecting consumer privacy on the mobile 
web:

   First, TRUSTe believes that mobile apps and websites should 
        have some form of privacy policy that informs the consumer 
        about any collection and use of personal data. Our mobile 
        privacy survey shows that a majority of consumers (74 percent) 
        think it's important to know what type of data is being by 
        their mobile apps. And, based on our sample of the top 300 most 
        popular free apps, only 23 percent of apps have a privacy 
        policy.

   Second, we think that consumers of mobile apps and websites 
        should provide choice for third party sharing. This is 
        especially true for geo-location and other types of sensitive 
        data--consumers should give their express or opt-in consent for 
        these types of data collection. Our survey showed for instance, 
        that only 32 percent of smart phone users felt that they had a 
        choice when it came to geo-location data collection.

   Third, opt-outs should be provided for mobile advertising--
        our survey showed that 85 percent of consumers want to be able 
        to opt-in or out of targeted mobile ads. However, any choice 
        mechanisms for online behavioral advertising and targeting 
        should work across app directories and mobile platforms--
        otherwise, they won't be effective. We recognize that this is 
        already a challenge due to the complex structure of the 
        emerging mobile advertising industry and recommend that 
        industry groups work together to develop consistent and 
        workable approaches.

   Fourth, companies participating in a self-regulatory 
        framework should abide by its requirements, and also extend 
        those requirements to relevant third parties, such as 
        application developers on their platform or service.

   Fifth, if legislation is contemplated, it should include a 
        safe harbor provision and provide incentives for companies to 
        join self-regulatory programs. Safe harbor provisions help 
        foster the growth and promotion of best practices, which in 
        turn is critical to the overall success of a self-regulatory 
        framework.

    I trust that the Subcommittee will find this testimony useful as it 
considers the important question of protecting consumer privacy in the 
mobile age. Thank you for your consideration.
                               Attachment






                                  
