[Senate Hearing 112-289] [From the U.S. Government Publishing Office] S. Hrg. 112-289 CONSUMER PRIVACY AND PROTECTION IN THE MOBILE MARKETPLACE ======================================================================= HEARING before the SUBCOMMITTEE ON CONSUMER PROTECTION, PRODUCT SAFETY, AND INSURANCE of the COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION UNITED STATES SENATE ONE HUNDRED TWELFTH CONGRESS FIRST SESSION __________ MAY 19, 2011 __________ Printed for the use of the Committee on Commerce, Science, and Transportation U.S. GOVERNMENT PRINTING OFFICE 73-133 WASHINGTON : 2012 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION ONE HUNDRED TWELFTH CONGRESS FIRST SESSION JOHN D. ROCKEFELLER IV, West Virginia, Chairman DANIEL K. INOUYE, Hawaii KAY BAILEY HUTCHISON, Texas, JOHN F. KERRY, Massachusetts Ranking BARBARA BOXER, California OLYMPIA J. SNOWE, Maine BILL NELSON, Florida JIM DeMINT, South Carolina MARIA CANTWELL, Washington JOHN THUNE, South Dakota FRANK R. LAUTENBERG, New Jersey ROGER F. WICKER, Mississippi MARK PRYOR, Arkansas JOHNNY ISAKSON, Georgia CLAIRE McCASKILL, Missouri ROY BLUNT, Missouri AMY KLOBUCHAR, Minnesota JOHN BOOZMAN, Arkansas TOM UDALL, New Mexico PATRICK J. TOOMEY, Pennsylvania MARK WARNER, Virginia MARCO RUBIO, Florida MARK BEGICH, Alaska KELLY AYOTTE, New Hampshire DEAN KELLER, Nevada Ellen L. Doneski, Staff Director James Reid, Deputy Staff Director Bruce H. Andrews, General Counsel Brian M. Hendricks, Republican Staff Director and General Counsel Todd Bertoson, Republican Deputy Staff Director Rebecca Seidel, Republican Chief Counsel ------ SUBCOMMITTEE ON CONSUMER PROTECTION, PRODUCT SAFETY, AND INSURANCE MARK PRYOR, Arkansas, Chairman ROGER F. WICKER, Mississippi, JOHN F. KERRY, Massachusetts Ranking BARBARA BOXER, California JOHN ENSIGN, Nevada CLAIRE McCASKILL, Missouri JOHN THUNE, South Dakota AMY KLOBUCHAR, Minnesota JOHN BOOZMAN, Arkansas TOM UDALL, New Mexico PATRICK J. TOOMEY, Pennsylvania C O N T E N T S ---------- Page Hearing held on May 19, 2011..................................... 1 Statement of Senator Pryor....................................... 1 Statement of Senator Toomey...................................... 3 Statement of Senator Kerry....................................... 4 Statement of Senator Rockefeller................................. 6 Statement of Senator Klobuchar................................... 24 Statement of Senator Blunt....................................... 25 Statement of Senator McCaskill................................... 27 Statement of Senator Udall....................................... 88 Statement of Senator Rubio....................................... 91 Statement of Senator Thune....................................... 93 Witnesses David C. Vladeck, Director, Bureau of Consumer Protection, Federal Trade Commission....................................... 8 Prepared statement........................................... 10 Bret Taylor, Chief Technology Officer, Facebook.................. 30 Prepared statement........................................... 32 Morgan Reed, Executive Director, Association for Competitive Technology..................................................... 40 Prepared statement........................................... 42 Catherine A. Novelli, Vice President, Worldwide Government Affairs, Apple, Inc............................................ 52 Prepared statement........................................... 54 Alan Davidson, Director of Public Policy, Google, Inc............ 61 Prepared statement........................................... 63 Amy Guggenheim Shenkan, President and Chief Operating Officer, Common Sense Media............................................. 70 Prepared statement........................................... 72 Appendix Hon. Kay Bailey Hutchinson, U.S. Senator from Texas, prepared statement...................................................... 97 Response to written questions submitted by Hon. John F. Kerry to: David C. Vladeck............................................. 98 Bret Taylor.................................................. 98 Morgan Reed.................................................. 102 Catherine A. Novelli......................................... 104 Alan Davidson................................................ 113 Amy Guggenheim Shenkan....................................... 117 Fran Maier, President, TRUSTe, prepared statement................ 117 CONSUMER PRIVACY AND PROTECTION IN THE MOBILE MARKETPLACE ---------- THURSDAY, MAY 19, 2011 U.S. Senate, Subcommittee on Consumer Protection, Product Safety, and Insurance, Committee on Commerce, Science, and Transportation, Washington, DC. The Subcommittee met, pursuant to notice, at 10 a.m., in room SR-253, Russell Senate Office Building, Hon. Mark Pryor, Chairman of the Subcommittee, presiding. OPENING STATEMENT OF HON. MARK PRYOR, U.S. SENATOR FROM ARKANSAS Senator Pryor. I will go ahead and call our subcommittee to order here. I want to thank everyone for being here. We have a standing room only crowd. I want to welcome Senator Toomey, who is just sitting down here, as the new Ranking Member. Welcome aboard. We are excited about you and your leadership here. And you and I need to talk offline at some point about this great subcommittee, but thank you for being here. And Senator Kerry, thank you for being here. We have others that are on the way, but I would like to go ahead and start. I know that Senator Kerry only has a limited time here, and my understanding is Senator Rockefeller is trying to make it, and he has limited time. So let us get under way. I would like to welcome everyone, thank everyone for being here, thank all of our witnesses who are participating today. Certainly, this is a very important hearing on privacy in the mobile marketplace. As Chairman of the Consumer Protection Subcommittee, I appreciate all of your willingness to participate in this very important dialogue. As technology evolves, consumers continue to lose control of their personal information. Without question, cell phones have become a part of that trend, as they have become more and more versatile. Today, more than 234 million Americans use mobile devices, and 73 million Americans have smartphones or are expected to own smartphones by the end of 2011. There are hundreds of thousands of software applications, also known as apps, on the market today. Apps allow us to play games, share information with friends, read the news, find the cheapest gas in town. In fact, I am aware of one app that allows people to find the nearest kosher restaurant and nearest synagogue. So there seems to be an app for everything. And while their innovation and creativity has defined the mobile app space, we understand that most of the app producers do not have a privacy policy. And the vast majority of consumers who use these apps really don't have any idea about the ways their personal information--including their age, location, gender, income, and ethnicity--that is contained in their phones can be shared either with the company or with third parties. In other words, while smartphone users may voluntarily submit some information to software applications, it is not clear that Americans who own smartphones understand how their information may be used or transferred as a result of the download. In fact, last night I talked to my two teenage children. Both of them have apps that share information. Neither of them had any idea that that information was being shared, and I think that is the way most Americans are. Consequently, it is not surprising that we are facing a new and emerging mobile world that lacks basic parameters and best practices. Where are the opt-out options or where are the privacy policies? And that is some of the things we will talk about today. The mapping of consumers' movements without consent is unacceptable, and an application game that transfers a consumer's location data to ad networks without informing the user is greatly troubling. While location technology can assist law enforcement, and there certainly are good things about it-- it can be helpful in emergency situations--geolocation tracking also poses serious safety concerns. Therapists who work with domestic abuse victims have noted the increase in clients stalked via cell phones. Indeed, a Wall Street Journal article cited tragic instances where stalkers exploited the GPS system and the location data collected by consumers' smartphones to track their victims. The results have been deadly in some cases. Demonstrating the highly intrusive nature of some of this technology, one website sells something they call ``Mobile Spy'' software and actually markets this product as a completely stealth monitoring program. The website says once installed on a phone, Mobile Spy remains hidden, but logs calls and text to a Mobile Spy server. Then the snoop can log in and see a complete record of incoming and outgoing calls, the time and duration of the calls, and read text messages, both sent and received. So I would like to hear from our witnesses today about the risk to consumers, that consumers see when their information is collected and reported; the consumers' understanding of what information is being collected or transferred through mobile apps; the extent of geolocation information collection and related privacy concerns, particularly with an emphasis on children there; how companies are working to allay these concerns; and suggestions for enforcement of basic privacy rights and security policies and standards in the new app economy and online mobile world. So, with that, what I would like to do is turn it over to the Ranking Member and allow you to say a few words. Then we will call on Senator Kerry. STATEMENT OF HON. PATRICK J. TOOMEY, U.S. SENATOR FROM PENNSYLVANIA Senator Toomey. Senator Pryor, Mr. Chairman, thank you very much. First of all, thanks for welcoming me as the new Ranking Member on the Subcommittee. This is a new and exciting opportunity for me. I am looking forward to serving with you. And I also want to thank you for scheduling this important hearing. This is a very important topic, and I commend you for doing that. Unfortunately, I became Ranking Member just in the last couple of days and, prior to that, had a previously scheduled conflict. So I won't be able to stay, but I did want to make an opening statement, if I could, quickly and again commend you for doing this. Like most Americans, I am protective of my personal information, and I believe I should have control over who accesses that information, how it is accessed, and ultimately, how it is used, including by commercial entities. As the father of young children, I am also very concerned about protecting their identity and safety, especially when they use mobile devices and other online applications. More children are accessing online services through home computers and mobile devices than ever before, and ensuring that parents are well informed on how best to protect their children is a goal that I am sure we all share. Recent revelations that Apple iPhones have been tracking and storing user locations without consent and Facebook apps may have leaked profile information to advertisers are certainly causes for concern. These and other incidents have led many in Congress to question whether the Federal Government may have a legitimate interest in increasing its role in regulating this space. I do, however, want to commend Apple and Facebook for taking swift action in both cases to correct the problem. As a general matter, I prefer to see the industry self-regulate, and I am eager to learn from our witnesses on the measures that have been put in place to safeguard against possible future consumer harms. I think everyone here knows very well the mobile marketplace is growing and changing rapidly. We now have access to mobile devices, speeds, and applications that were completely unimaginable just a few short years ago. Apps for smartphones have quickly turned into a multibillion-dollar business, and consumer demand is clearly very strong. And in our important efforts to protect consumer privacy, I just hope that we won't lose sight of the many consumer benefits that have come from the innovative technologies that are brought to market by the companies that we will be hearing from today. As the Chairman indicated in his comments, location-based services provide conveniences that consumers wouldn't have if a particular app didn't have access to some level of personal information. So before Congress takes action, I think it is important to find the right balance that protects consumers' personal information while, at the same time, allows continuing constructive innovation to occur. At this point, I am not quite sure exactly where that line is to be drawn, and I would caution against passing legislation that would have unintended consequences. I am hopeful that the hearing today will shed some light on this important question. And again, Mr. Chairman, I thank you for scheduling the hearing. Senator Pryor. Thank you very much. And we also want to thank our newest member to the Subcommittee and to the Committee and to the Senate. Senator Heller, thank you for being here. Proud to have you. Now, I was going to call on Senator Kerry. And the Chairman says I should call on Senator Kerry. So go ahead. STATEMENT OF HON. JOHN F. KERRY, U.S. SENATOR FROM MASSACHUSETTS Senator Kerry. Well, thank you. Thank you. Thank you, both chairmen. And welcome to our new members on the Committee. Mr. Chairman, thanks for holding this hearing today. It is obviously one that attracts a lot of interest. It is a lot of money on the line, a lot of business, a lot of business practices, but also a lot of values, personal interests of Americans. And while today's hearing is, obviously, principally about mobile phones and the apps that come with them, which are quite extraordinary and which we all use and benefit from in a lot of ways, it is also important, I think, to put the mobile phone and apps in the context of the larger discussion about privacy itself. I don't think there is anybody on the Committee or in the country or in the world who doesn't marvel at the power and the extraordinary potential that we are currently living and that we will live in the future with respect to the Internet. It is constantly innovating and moving, and I am personally--and I know the Chairman, Senator Rockefeller, likewise and a bunch of us on the Committee have worked hard and long with respect to the National Broadband Plan, as well as the issue of releasing more spectrum for broadband because we want to see this potential of the Internet unleashed all across the country as broadly as possible. In fact, we have, unfortunately, in the United States of America parenthetically, been going in the wrong direction. We used to be number four in the world in terms of our broadband reach. We are now about number 16 or 20, depending on who you listen to. That is an appalling comment, and one we ought to really take note of as we think about this. I also support investments in research and development and a bunch of other things that will contribute to the startup of different businesses and firms that are going to unleash our economic potential. We all in this committee understand the automatic instinct inside a lot of the companies that are interested in this, which says, ``Hey, Washington, just leave us alone. We will do fine. We will make this work, and the Internet will grow.'' And over the years, I think most of us in this committee have been guided by the belief that in a technology market that is moving so rapidly, that is the right approach in most cases. I have certainly stood by net neutrality. I have stood by no taxation. I have advocated for as open an architecture as possible in order to unleash the full measure of creative energy and entrepreneurial activity that has really brought this wonder to all of us and continues to innovate. And I am convinced that we made the right decision in the 1990s here to protect, to do things that did not allow privacy or other issues to somehow eclipse that move for innovation, and I think it might have slowed back then technological advances. But we are in a different place today. We just are in a different place today. And we need companies like Google and Apple and Facebook to join companies like Intel, eBay, Microsoft, HP, which have already come down on the side of common sense, very restrained, simple privacy protections. We need industry leaders to engage constructively in these legislative efforts to modernize our privacy laws, to come up to the year that we are and the state of art that we are with respect to the marketplace because we want the legislation to work for both the consumer and the entrepreneur. Now I have reached out to the companies that are here today over the last 6 or 7 months. And I appreciate the time they have taken to work with us so far. Mr. Chairman, I reject the notion--and one of our colleagues just sort of raised the--you know, we don't--here is what we want to do, but here is what we don't want to do. I reject the notion that privacy protection is the enemy of innovation. It absolutely doesn't have to be and isn't. In fact, a more trusted information economy, I believe, will encourage greater consumer participation, greater confidence in that marketplace, and, in turn, more and better services in a safer commercial environment that is more respectful of other people. So, in the end, though not in a heavy-handed, overly prescriptive approach, I believe that companies collecting people's information, whether you are a tech titan or not, ought to comply with just a basic code of conduct. We need to establish what we as a society, in a country that has always valued privacy, what we as a society believes is the sort of basic proper treatment of people's information. I know you can shut off your location services. But that doesn't do the trick because a lot of those services are services we want, and we want to use them. But we also want to know that what is happening to the information as the consequence of using them is properly protected, that we are properly protected as individuals. I don't think you can continue to create or leave it to firms to decide on an ad hoc basis what that level of protection ought to be. And I think that is particularly true in an age when the mini-supercomputers that are in our pockets are with us almost at all times, and they are almost always on. And particularly among young people, there will be disposition to use most of those apps almost all the time. But it is also true on our computers at home and offline when we buy groceries or when we travel or when we purchase or whatever. So, as we sit here today, Mr. Chairman, there is no privacy law for general commerce whatsoever. Data collectors alone are setting the rules. In S. 799, the Commercial Privacy Bill of Rights that Senator McCain and Senator Klobuchar and I have proposed, we propose rules based on fair information practice principles for all collectors of information, including mobile phone and mobile app companies that we will be talking about here today. And Senator Rockefeller's do-not-track, I think, you know, that is a very important issue, and it is one we ought to be deeply engaged in and, you know, the votes will decide it. But whichever way we go on that, we still need a privacy standard. We still need the basic rules of the road by which everybody agrees we are going to protect commerce, we are going to protect the creative entrepreneurial ability of the Internet, but we are also going to protect individuals or at least give them the knowledge by which they make a decision as to how their information is going to be treated. I think that those principles include the idea that, regardless of the technology or method used to track Americans, they should know when they are being tracked, why and how long that information is going to be used for, and in what way. And they ought to know with whom that information is going to be shared and be able to reject or accept those practices, and they need legal protections if that respect is not granted to them or the terms of that arrangement are violated. So I hope, Mr. Chairman, we are going to have a chance at the right moment to tackle this issue within this committee. I think it is a really vital one to Americans growing in its importance. And I look forward to hearing from the witnesses for the time that I can be here. I apologize I can't be here for the whole time. And I thank you, Mr. Chairman, for your affording us the time to make these statements. Senator Pryor. Thank you. Senator Rockefeller? STATEMENT OF HON. JOHN D. ROCKEFELLER IV, U.S. SENATOR FROM WEST VIRGINIA Senator Rockefeller. Thank you, Mr. Chairman. I associate myself with every word and comma, perhaps even a semicolon that you have said, Senator Kerry. I think it is just wrong for people to be wondering about people--you know, we can get into the age business, and I will in a minute. But not knowing what is happening to them, not knowing that they are, in fact, being tracked. What you said about smartphones are, in fact, supercomputers, little supercomputers. They tell you where you are--tell other people because you make this--and some of you make this information available to other third parties who use it and sell it and make money from it, which is a violation of individual liberties, in my judgment. Look, we got 234 million mobile devices in use today. Seventy-five percent of teenagers own a cell phone and talk on them and carry them all the time. Seventy-two percent--and this is interesting to me--the wording, even--72 percent of parents say that they have slept with their cell phones. It is a neutral statement, but it is also---- [Laughter.] Senator Kerry. In today's world, that is risky. Senator Rockefeller. Yes. It shows the intensity of this whole thing. You can't--it has got to be under your pillow. I mean, you just can't be without it. So I think the online privacy issue is not something of an unintended consequence. I think it is a basic American right and a basic American responsibility of the FTC, which I do not think has been very aggressive on this, and of the users, the big companies and all the apps folks. And not just the big ones, but the little ones that just may have three or four people, but there are hundreds of thousands of them that are pumping out apps that are totally unregulated. And so, the question is what do we do about that? Or what do you do about that? Or do you want us to do something about that? They have to be regulated because they are producing the same things that get people tracked. I think using a mobile device has an expectation of privacy. And in that, the American people are misled. But I think that is part of the compact that you make when you go into that business. The companies before us today--Apple, Google, Facebook--I appreciate their being here. They are major players in all of this. And this won't be your last visit, I hope. I hope. In fact, I can assure you, it won't be your last visit. As the online world grows and evolves, the consumer privacy issues grow and evolve with it. The question is, is anybody watching? Is anybody really paying attention? Are we just saying, ``Oh, it is not my responsibility.'' If it becomes entirely the responsibility of the Federal Government, people won't like that. So how do you work with consumers so that they can understand the information that is being collected about them? They have that right. It comes along with the purchase price. That is what they are buying, the right to privacy. They are not getting that, however, and I think that is what we are talking about today. Smartphones applications allow consumers to access information from all over the world, take and share pictures with friends and family, buy coffee, even videoconferences on the go. Mobile devices are transforming the way consumers access the Internet, record the world around them, and share their lives with others. But with this new innovation comes a gigantic risk. As smartphones become more powerful, more personal information is being concentrated in one place. These devices are not really phones, as Senator Kerry said. They are miniature computers. Simple actions now do have unintended consequences. Unintended or intended, I am not sure. But anyway, a lot of people are making a lot of money off the information they collect, without the knowledge of those folks from that. A mother posting a smartphone picture of her child online may not realize that time and date and location information is also embedded in the picture and available to anyone who can get it, which is pretty much anybody. A teenager accessing an application may not realize that her address book is being assessed and shared with a third party. That is not meant to happen in this country without the permission of an adult. Four year olds aren't very good at that. Nine year olds aren't very good at that. They don't know how to do that. So maybe we have to do that for them. And these third parties use this information to target advertising on individuals. It is very cynical. It is very smart. It is very good business, but it is very cynical. It is an abuse of that power, passing on people's profiles. So everything is new, as John Kerry said. But one thing is clear. Consumers want to understand and have control of their personal information. They have that right. That expectation is not being met. It is not being met. So I look forward to what our witnesses have to say. Last week, I introduced the Do-Not-Track online bill of 2011. I think that is a terrific bill. It makes it very simple. It just directs the Federal Trade Commission to establish standards by which consumers can tell online companies, including mobile applications, that they do not want their information collected it takes to collect. Very simple, and it applies to everybody, works on everybody. Then the FTC, of course, would have to make sure that companies respect that choice. Mr. Chairman, I thank you. Senator Pryor. Thank you, Mr. Chairman. And with the Committee's permission, what I would like to do is go ahead and go to the first panel. And our first panelist today is David Vladeck. He is Director of the Consumer Protection Bureau of the FTC. We welcome you. We thank you. Glad you are here. Your statement will be made part of the record, your written statement, as well as everybody else's opening statements, if they would like to submit those, and the next panel's statements as well. So I would ask you to keep your opening remarks to 5 minutes, if possible. Thank you. STATEMENT OF DAVID C. VLADECK, DIRECTOR, BUREAU OF CONSUMER PROTECTION, FEDERAL TRADE COMMISSION Mr. Vladeck. Chairman Pryor, Chairman Rockefeller, members of the Committee, I am David Vladeck, the Director of the Federal Trade Commission's Bureau of Consumer Protection. I appreciate the opportunity to present the Commission's testimony on consumer protection issues in the mobile marketplace. The views expressed in the written statement that we submitted represent the Commission's views. My oral remarks and any response to questions represent my own views. Today's hearing could not be more timely or more important. We are seeing explosive growth in the mobile marketplace. Device technology is constantly improving, robust wireless Internet connections are nearly ubiquitous, businesses are innovating, and consumers are purchasing and using smartphones at extraordinary rates. And there is no wonder why. Today's smartphones are incredibly powerful, multitasking devices that marry the search capacity of a desktop computer with the personal, always-on, and always-with-you nature of mobile phones. There is no question that these devices benefit consumers, but there is also no question that these devices raise serious privacy concerns. These concerns stem from exactly the always-on and always- with-you nature of these devices--the invisible collection and sharing of data with multiple parties; the ability to track consumers, including children and teens, to their precise location; and the difficulty of providing meaningful disclosures and choices about data collection on a smartphone's small screen. For 40 years, the Federal Trade Commission has worked to protect consumer privacy, and we are working hard to protect consumer privacy in the mobile marketplace. To keep pace with changes in the mobile market, the Commission has hired technologists, created a mobile forensic lab, conducted series of in-house trainings, and assembled a team focused on mobile technology. Every consumer protection investigation now examines the target's use of mobile technology. Currently, we have a number of nonpublic investigations underway relating to unfair and deceptive practices in the mobile marketplace. The Federal Trade Commission's primary law enforcement tool, the FTC Act, prohibits unfair or deceptive practices, and it applies in all media, including mobile. Last August, the Commission charged a public relations company with deceptively endorsing mobile gaming apps in the iTunes store. The Commission's recent cases against two of the largest players in the mobile ecosystem, Google and Twitter, further demonstrate the application of the FTC's privacy framework to the mobile marketplace. As you know, the Commission is currently reviewing whether its privacy framework has kept pace with technological change. Last December, the Commission released a preliminary staff report that proposed a new privacy framework that rests on three recommendations to ease the burden on consumers to protect their own information. First, privacy by design, baking privacy in at the outset. Second, simpler and streamlined privacy choices. And third, transparency, so consumers know what data is being pulled down and who is getting it and who is using it. These principles are especially relevant in the mobile marketplace, given all of the concerns related to the invisible collection and sharing of personal information, like the precise geolocation data of children and teens, combined with the difficulty of providing meaningful disclosures in a small- screen environment. The preliminary report also included a recommendation to implement a universal choice mechanism for behavioral tracking, including behavioral advertising, often referred to as Do-Not- Track. A majority of the Commission has expressed support for such a mechanism. Although the Commission has not taken a position on whether to recommend legislation in this area, the Commission strongly supports the goals of Chairman Rockefeller's Do-Not-Track legislation and supports the approach laid out in that bill, including the scope of the Do- Not-Track standard, the technical feasibility and cost, and how the collection of anonymous data would be treated under the statute. I also want to commend Senator Kerry and Senator Klobuchar for their work on the Commercial Privacy Bill of Rights, and the members of this committee, including its chair, for their leadership on protecting consumer privacy. At a time when some children learn how to play games on a smartphone before they learn to tie their shoes, the Commission is also reviewing the Children's Online Privacy Protection Act rule to see whether technological changes in the online environment warrant any changes in the rule and statute. While the review is still ongoing, remarks at last year's COPPA roundtable, along with public comments we have received, demonstrate widespread consensus that both the COPPA statute and rule were written broadly enough to encompass most forms of mobile communications without the need for statutory change. In closing, the Commission is committed to protecting consumers in the mobile sphere through law enforcement and by working with industry and consumer groups to develop workable solutions that protect consumers while allowing for innovation. I am, of course, happy to answer any questions. [The prepared statement of Mr. Vladeck follows:] Prepared Statement of the Federal Trade Commission Chairman Rockefeller, Ranking Member Hutchison, and members of the Committee, I am David C. Vladeck, Director of the Bureau of Consumer Protection of the Federal Trade Commission (``FTC'' or ``Commission''). I appreciate the opportunity to present the Commission's testimony on consumer protection issues in the mobile marketplace.\1\ --------------------------------------------------------------------------- \1\ This written statement represents the views of the Federal Trade Commission. My oral presentation and responses are my own and do not necessarily reflect the views of the Commission or of any Commissioner. --------------------------------------------------------------------------- This testimony first highlights the expansive growth of the mobile arena and what it means for U.S. consumers. Second, it summarizes the Commission's response to new mobile technologies, the Commission's expansion of its technical expertise, recent law enforcement actions in the mobile arena (adding to the Commission's extensive law enforcement experience in areas relating to the Internet and privacy),\2\ and its examination of consumer privacy issues raised by mobile technologies. Third, it discusses the application of a Do Not Track mechanism in the mobile environment.\3\ And finally, the testimony discusses the special issues that mobile technologies raise for the privacy of children and teens, and provides an update of the Commission's review of the Children's Online Privacy Protection Rule. --------------------------------------------------------------------------- \2\ In the last fifteen years, the FTC has brought more than 30 data security cases; 64 cases against companies for improperly calling consumers on the Do Not Call registry; 86 cases against companies for violating the Fair Credit Reporting Act (``FCRA''); 96 spam cases; 15 spyware cases; and 16 cases against companies for violating the Children's Online Privacy Protection Act. \3\ Commissioner William E. Kovacic dissents from this testimony to the extent that it endorses a Do Not Track mechanism. He believes that the endorsement of a Do Not Track mechanism is premature. --------------------------------------------------------------------------- I. The Mobile Marketplace Mobile technology is exploding with a range of new products and services, and consumers across the country are rapidly responding to the industry's creation of smarter devices. According to the wireless telecommunications trade association, CTIA, the wireless penetration rate reached 96 percent in the United States by the end of last year.\4\ Also by that same time, 27 percent of U.S. mobile subscribers owned a smartphone,\5\ which is a wireless phone with more powerful computing abilities and connectivity than a simple cell phone. Such mobile devices are essentially handheld computers that offer Web browsing, e-mail, and a broad range of data services. These new mobile devices allow consumers to handle a multitude of tasks in the palms of their hands and offer Internet access virtually anywhere. --------------------------------------------------------------------------- \4\ CTIA, Wireless Quick Facts, available at www.ctia.org/advocacy/ research/index.cfm/aid/10323. \5\ ComScore, The 2010 Mobile Year in Review Report (Feb. 14. 2011), at 5, available at www.comscore.com/Press_Events/ Presentations_Whitepapers/2011/2010_Mobile_Year_in_Review. --------------------------------------------------------------------------- Companies are increasingly using this new mobile medium to provide enhanced benefits to consumers, whether to provide online services or content, or to market other goods or services.\6\ For example, consumers can search websites to get detailed information about products, or compare prices on products they are about to purchase while standing in the check-out line. They can join texting programs that provide instantaneous product information and mobile coupons at the point of purchase or download mobile software applications (``apps'') that can perform a range of consumer services such as locating the nearest retail stores, managing shopping lists, tracking family budgets, transferring money between accounts, or calculating tips or debts.\7\ Apps also allow consumers to read news articles, play interactive games, and connect with family and friends via social networks. Any of these services can contain advertising, including targeted advertising. --------------------------------------------------------------------------- \6\ Indeed, a recent industry survey found that 62 percent of marketers used some form of mobile marketing for their brands in 2010 and an additional 26 percent reported their intention to begin doing so in 2011. See Association of National Advertisers, Press Release, Vast Majority of Marketers Will Utilize Mobile Marketing and Increase Spending on Mobile Platforms in 2011, (Jan. 31, 2011) (describing the results of a survey conducted by the Association of National Advertisers and the Mobile Marketing Association), available at www.ana.net/content/show/id/20953. \7\ Although Apple's App Store and Google's Android Market are less than 3 years old, they collectively contain more than 600,000 apps. In January 2011, Apple reported that ten billion apps had been downloaded from the App Store. In May 2011, Google announced that 4.5 billion apps had been downloaded from the Android Market. See www.apple.com/itunes/ 10-billion-app-countdown/; googleblog.blogspot.com/2011/05/android- momentum-mobile-and-more-at.html. --------------------------------------------------------------------------- II. FTC's Response to Consumer Protection Issues Involving Mobile Technology New technology can bring tremendous benefits to consumers, but it also can present new concerns and provide a platform for old frauds to resurface. Mobile technology is no different, and the Commission is making a concerted effort to ensure that it has the necessary technical expertise, understanding of the marketplace, and tools needed to monitor, investigate, and prosecute deceptive and unfair practices in the mobile arena. A. Developing an Understanding of Mobile Issues Through Workshops and Town Halls For more than a decade, the Commission has explored mobile and wireless issues, starting in 2000 when the agency hosted a two-day workshop studying emerging wireless Internet and data technologies and the privacy, security, and consumer protection issues they raise.\8\ In 2006, the Commission held a three-day technology forum that prominently featured mobile issues.\9\ Shortly thereafter, the Commission hosted two Town Hall meetings to explore the use of radio frequency identification (RFID) technology, and its integration into mobile devices as a contactless payment system.\10\ And in 2008, the Commission held a two-day forum examining consumer protection issues in the mobile sphere, including issues relating to ringtones, games, chat services, mobile coupons, and location-based services.\11\ Most recently, as discussed below, the Commission examined the privacy issues raised by mobile technologies as part of a series of roundtables on consumer privacy in late 2009 and early 2010. --------------------------------------------------------------------------- \8\ FTC Workshop, The Mobile Wireless Web, Data Services and Beyond: Emerging Technologies and Consumer Issues, available at www.ftc.gov/bcp/workshops/wireless/index.shtml. \9\ FTC Workshop, Protecting Consumers in the Next Tech-ade, available at www.ftc.gov/bcp/workshops/techade. The Staff Report is available at www.ftc.gov/os/2008/03/P064101tech.pdf. \10\ FTC Workshop, Pay on the Go: Consumers and Contactless Payment, available at www.ftc.gov/bcp/workshops/payonthego/index.shtml; FTC Workshop, Transatlantic RFID Workshop on Consumer Privacy and Data Security, available at www.ftc.gov/bcp/workshops/transatlantic/ index.shtml. \11\ FTC Workshop, Beyond Voice: Mapping the Mobile Marketplace, available at www.ftc.gov/bcp/workshops/mobilemarket/index.shtml. --------------------------------------------------------------------------- B. Developing a Mobile Lab and Creating a Mobile Team The FTC has hired technologists (including its first Chief Technologist) and invested in new technologies to enable its investigators and attorneys to respond to the growth of mobile commerce and to conduct mobile-related investigations.\12\ For many years, FTC Bureau of Consumer Protection staff have investigated online fraud using the agency's Internet Lab, a facility that contains computers with IP addresses not assigned to the government, as well as evidence- capturing software. The agency has expanded the Internet lab to include mobile devices spanning various platforms and carriers, along with the software and other equipment needed to collect and preserve evidence. --------------------------------------------------------------------------- \12\ See, e.g., Press Release, FTC Adds Edward W. Felten as its Chief Technologist (Nov. 4, 2010), available at www.ftc.gov/opa/2010/ 11/cted.shtm. --------------------------------------------------------------------------- Additionally, the FTC's Bureau of Consumer Protection assembled a team focusing on mobile technology. This group is conducting research, monitoring the various platforms, app stores, and applications, and training other FTC staff on mobile issues. In addition, in all of the FTC's consumer protection investigations, staff is examining whether the targets of investigations are using mobile technology in their operations. C. Applying the FTC Act to the Mobile Arena Although the FTC does not enforce any special laws applicable to mobile marketing, the FTC's core consumer protection law--Section 5 of the FTC Act--prohibits unfair or deceptive practices in the mobile arena.\13\ This law applies to commerce in all media, whether traditional print, telephone, television, desktop computer, or mobile device. The Commission has several recent law enforcement and policy initiatives in the mobile arena, which build on the Commission's extensive law enforcement experience in the Internet and privacy areas. --------------------------------------------------------------------------- \13\ 15 U.S.C. 45(a). --------------------------------------------------------------------------- 1. Endorsement Law and Advertising Substantiation The FTC brought a case last August applying FTC advertising law principles to the mobile apps marketplace. The Commission charged Reverb Communications, Inc., a public relations agency hired to promote video games, with deceptively endorsing mobile gaming applications in the iTunes store.\14\ The company allegedly posted positive reviews of gaming apps using account names that gave the impression the reviews had been submitted by disinterested consumers when they were, in actuality, posted by Reverb employees. In addition, the Commission charged that Reverb failed to disclose that it often received a percentage of the sales of each game. The Commission charged that the disguised reviews were deceptive under Section 5, because knowing the connections between the reviewers and the game developers would have been material to consumers reviewing the iTunes posts in deciding whether or not to purchase the games. In settling the allegations, the company agreed to an order prohibiting it from publishing reviews of any products or services unless it discloses a material connection, when one exists, between the company and the product. --------------------------------------------------------------------------- \14\ Reverb Commc'ns, Inc., FTC Docket No. C-4310 (Nov. 22, 2010) (consent order), available at www.ftc.gov/opa/2010/08/reverb.shtm. --------------------------------------------------------------------------- The Reverb settlement demonstrates that the FTC's well-settled truth-in-advertising principles apply to new forms of mobile marketing. The mobile marketplace may offer advertisers new opportunities, but as in the offline world, companies must be able to substantiate claims made about their products. Developers may not make misrepresentations or unsubstantiated claims about their mobile apps, whether those claims are in banner ads, on a mobile website, in an app, or in app store descriptions. FTC staff is working to identify other violations of these well-established principles in the mobile context. 2. Unauthorized Charges and Other Deceptive Conduct FTC staff has active investigations into other unfair or deceptive conduct in the mobile arena. For example, staff is examining both the cramming of charges on consumers wireless phone bills and alleged inadequate disclosures of charges for in-app purchases. Cramming is the practice of placing unauthorized charges on consumers' telephone bills. The FTC has aggressively prosecuted cramming violations in connection with landline telephone bills for many years.\15\ Mobile telephone accounts can also be used as a billing mechanism. On May 11, the FTC hosted a workshop on Phone Bill Cramming. The workshop examined how the mobile and landline billing platforms work, best practices for industry, and the development of cramming prevention mechanisms.\16\ --------------------------------------------------------------------------- \15\ See, e.g., FTC v. INC21.com, No. C 10-00022 WHA (N.D. Cal.) (summary judgment entered Sept. 21, 2010), available at www.ftc.gov/ opa/2010/09/inc21.shtm; FTC v. Nationwide Connections, Inc., No. Cv 06- 80180 (S.D. Fla.) (final stipulated orders entered Apr. 11, 2008), available at www.ftc.gov/opa/2008/04/cram.shtm. \16\ See FTC Workshop, Phone Bill Cramming, available at www.ftc.gov/bcp/workshops/cramming/. --------------------------------------------------------------------------- Concerns about charges for in-app purchases in games and other apps that initially appear to be free is another issue of concern. Several Members of Congress and others have raised concerns about purportedly free mobile apps directed to children that subsequently result in charges for products and services found within the applications, without adequate disclosures.\17\ FTC staff is examining industry practices related to this issue. --------------------------------------------------------------------------- \17\ Cecelia Kang, Lawmakers Urge FTC to Investigate Free Kids Games on iPhone, Washington Post (Feb. 8, 2011), available at www.washingtonpost.com/wp-dyn/content/article/2011/02/08/ AR2011020805721.html. --------------------------------------------------------------------------- 3. Unsolicited Commercial Text Messages Through enforcement of the CAN-SPAM Act,\18\ the Commission has long sought to protect consumers from unsolicited commercial e-mail. Indeed, CAN-SPAM applies to e-mail regardless of what type of computer or device is used to view and send the commercial e-mail messages. Unsolicited text messages present problems similar to those addressed by CAN-SPAM, but unsolicited text messages present additional problems for mobile phone users. --------------------------------------------------------------------------- \18\ Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, 15 U.S.C. 7701-7713. --------------------------------------------------------------------------- In February, the Commission filed its first law enforcement action against a sender of unsolicited text messages and obtained a temporary restraining order suspending the defendant's challenged operations. The FTC alleged that Philip Flora sent more than 5 million unsolicited text messages--almost a million a week--to the mobile phones of U.S. consumers and that this was an unfair practice under Section 5 of the FTC Act.\19\ Many consumers who received Flora's text messages--which typically advertised questionable mortgage loan modification or debt relief services--had to pay a fee each time they received a message. Many others found that Flora's text messages caused them to exceed the number of messages included in their mobile service plans, thereby causing some consumers to incur additional charges on their monthly bill.\20\ --------------------------------------------------------------------------- \19\ FTC v. Flora, CV11-00299 (C.D. Cal.) (Compl. filed Feb. 22, 2011), available at www.ftc.gov/opa/2011/02/loan.shtm. The complaint also alleges that Flora sent over the Internet unsolicited commercial e-mail messages advertising his texting services. The e-mails did not include a valid opt-out mechanism and failed to include a physical postal address, in violation of the CAN-SPAM Act. In these e-mails, Flora offered to send 100,000 text messages for only $300. Further, the complaint charged that Flora deceptively claimed an affiliation with the Federal Government in connection with the loan modification service advertised in the text messages. \20\ While the financial injury suffered by any consumer may have been small, the aggregate injury was likely quite large. And, even for those consumers with unlimited messaging plans, Flora's unsolicited messages were harassing and annoying, coming at all hours of the day. --------------------------------------------------------------------------- 4. Debt Collection Technology The impact of mobile technology is also evident in the debt collection industry. On April 28, the Commission hosted a forum that examined the impact of new technologies on debt collection practices, including the technologies used to locate, identify, and contact debtors.\21\ Panelists discussed the consumer concerns that arise when collectors contact debtors on their mobile phones, and whether some appropriate consumer consent should be required before a collector calls or sends text messages to a consumer's mobile phone. Commission staff is considering and analyzing the information received from the workshop and is preparing a summary report. --------------------------------------------------------------------------- \21\ FTC Workshop, Debt Collection 2.0: Protecting Consumers as Technologies Change, available at www.ftc.gov/bcp/workshops/ debtcollectiontech/index.shtml. --------------------------------------------------------------------------- 5. Mobile Payments The use of mobile phones as a payment device also presents potential consumer protection issues.\22\ As mentioned above, consumers can already charge goods and services, real or virtual, to their mobile telephone bills and app store accounts. Many other payment mechanisms and models are still developing, such as contactless payments systems that allow consumers to pay for products and services with the swipe of their smart phone.\23\ Many, but not all, mobile payment systems are tied to traditional payment mechanisms such as credit cards. Staff is monitoring this emerging area for potential unfair or deceptive practices. --------------------------------------------------------------------------- \22\ See Elizabeth Eraker, Colin Hector & Chris Hoofnagle, Mobile Payment: The Challenge of Protecting Consumers and Innovation, BNA, 10 Privacy & Security Law Report 212 (Feb. 7, 2011). \23\ See Darin Contini, Marianne Crowe, Cynthia Merritt, Richard Oliver & Steve Mott, Retail Payments Risk Forum, Mobile Payments in the United States: Mapping Out the Road Ahead, (Mar. 25, 2011), available at www.frbatlanta.org/documents/rprf/rprf_pubs/110325_wp.pdf; Smart Card Alliance, Contactless Payment Growth and Evolution to Mobile NFC Payment are Highlights as Smart Card Alliance/CTST Conference Opens (May 14, 2008), available at www.smartcardalliance.org/articles/2008/ 05/14/contactless-payment-growth-and-evolution-to-mobile-nfc-payment- are-highlights-as-smart-card-alliance-ctst-conference-opens. --------------------------------------------------------------------------- III. Privacy Issues in the Mobile Arena The rapid growth of new mobile services has provided enormous benefits to both businesses and consumers. At the same time, it has facilitated unprecedented levels of data collection, which are often invisible to consumers. The Commission recognizes that mobile technology presents unique and heightened privacy and security concerns. In the complicated mobile ecosystem, a single mobile device can facilitate data collection and sharing among any entities, including wireless providers, mobile operating system providers, handset manufacturers, app developers, analytics companies, and advertisers. And, unlike other types of technology, mobile devices are typically personal to the user, almost always carried by the user and switched-on.\24\ From capturing consumers' precise location to their interactions with e-mail, social networks, and apps, companies can use a mobile device to collect data over time and ``reveal[ ] the habits and patterns that mark the distinction between a day in the life and a way of life.'' \25\ Further, the rush of on-the-go use, coupled with the small screens of most mobile devices, makes it especially unlikely that consumers will read detailed privacy disclosures. --------------------------------------------------------------------------- \24\ See, e.g., Amanda Lenhart, Pew Internet & American Life Project, Adults, Cell Phones and Texting (Sept. 2, 2010), at 10, available at www.pewinternet.org/Reports/2010/Cell-Phones-and-American- Adults/Overview.aspx (``65 percent of adults with cell phones say they have ever slept with their cell phone on or right next to their bed''); Amanda Lenhart, Rich Ling, Scott Campbell, Kristen Purcell, Pew Internet & American Life Project, Teens and Mobile Phones (Apr. 20, 2010), at 73, available at www.pewinternet.org/Reports/2010/Teens-and- Mobile-Phones/Chapter-3/Sleeping-with-the-phone-on-or-near-the-bed.aspx (86 percent of cell-owning teens ages 14 and older have slept with their phones next to them). \25\ United States v. Maynard, 615 F.3d 544, 562 (D.C. Cir. 2010). --------------------------------------------------------------------------- In recent months, news reports have highlighted the virtually ubiquitous data collection by smartphones and their apps. Researchers have reported that both major smartphone platform providers collect precise location information from phones running their operating systems to support their device location services.\26\ The Wall Street Journal has documented numerous companies gaining access to detailed information--such as age, gender, precise location, and the unique identifiers associated with a particular mobile device--that can be used to track and predict consumers' every move.\27\ Not surprising, recent surveys indicate that consumers are concerned. For example, a recent Nielsen study found that a majority of smartphone app users worry about their privacy when it comes to sharing their location through a mobile device.\28\ The Commission has addressed these issues through a combination of law enforcement and policy initiatives, as discussed below. --------------------------------------------------------------------------- \26\ See Julia Angwin & Jennifer Valentino-Devries, Apple, Google Collect User Data, Wall St. J. (Apr. 22, 2011), available at online.wsj.com/article/SB100014240527487039837045762771 01723453610.html \27\ See, e.g., Robert Lee Hotz, The Really Smart Phone, Wall St. J. (Apr. 23, 2011), available at online.wsj.com/article/ SB10001424052748704547604576263_261679848814.html (describing how researchers are using mobile data to predict consumers' actions); Scott Thurm & Yukari Iwatane Kane, Your Apps are Watching You, Wall St. J. (Dec. 18, 2010), available at online.wsj.com/article/ SB1000142405_2748704368004576027751867039730.html (documenting the data collection that occurs through many popular smartphone apps). \28\ NielsenWire, Privacy Please! U.S. Smartphone App Users Concerned with Privacy When it Comes to Location (Apr. 21, 2011), available at blog.nielsen.com/nielsenwire/online_mobile/privacy-please- u-s-smartphone-app-users-concerned-with-privacy-when-it-comes-to- location; see also Ponemon Institute, Smartphone Security: Survey of U.S. Consumers (Mar. 2011), at 7, available at aa-download.avg.com/ filedir/other/ _Smartphone.pdf (64 percent of consumers worry about being tracked when using their smartphones). --------------------------------------------------------------------------- A. Mobile Privacy: Enforcement Actions The FTC's privacy cases have challenged companies that fail to protect the privacy and security of consumer information, including information obtained through mobile communications. Two recent cases highlight the application of the FTC's privacy enforcement to the mobile marketplace. First, the Commission's recent case against Google alleges that the company deceived consumers by using information collected from Gmail users to generate and populate a new social network, Google Buzz.\29\ The Commission charged that Gmail users' associations with their frequent e-mail contacts became public without the users' consent. As part of the Commission's proposed settlement order, Google must protect the privacy of all of its customers--including mobile users. For example, the order requires Google to implement a comprehensive privacy program and conduct independent audits every other year for the next 20 years. --------------------------------------------------------------------------- \29\ Google, Inc., FTC File No. 102 3136 (Mar. 30, 2011) (consent order accepted for public comment), available at www.ftc.gov/opa/2011/ 03/google.shtm. --------------------------------------------------------------------------- Second, in the Commission's case against social networking service Twitter, the FTC alleged that serious lapses in the company's data security allowed hackers to obtain unauthorized administrative control of Twitter.\30\ As a result, hackers had access to private ``tweets'' and non-public user information--including users' mobile phone numbers--and took over user accounts, among them, those of then- President-elect Obama and Rupert Murdoch. The Commission's order, which applies to Twitter's collection and use of consumer data, including through mobile devices or apps, prohibits future misrepresentations and requires Twitter to maintain reasonable security and obtain independent audits of its security practices. --------------------------------------------------------------------------- \30\ Twitter, Inc., FTC Docket No. C-4316 (Mar. 2, 2011) (consent order), available at www.ftc.gov/opa/2011/03/twitter.shtm. --------------------------------------------------------------------------- FTC staff has a number of additional active investigations regarding privacy issues associated with mobile devices, including children's privacy. B. Mobile Privacy: Policy Initiatives In late 2009 and early 2010, the Commission held three roundtables to examine how changes in the marketplace have affected consumer privacy and whether current privacy laws and frameworks have kept pace with these changes.\31\ At one roundtable, a panel focused on the privacy implications of mobile technology. Participants addressed the complexity of data collection through mobile devices; the extent and nature of the data collection, particularly with respect to location data; and the adequacy of privacy disclosures on mobile devices.\32\ Based on the information received through the roundtables, FTC staff drafted a preliminary report (``Staff Report'') proposing a new privacy framework consisting of three main recommendations, each of which applies to mobile technology.\33\ --------------------------------------------------------------------------- \31\ See FTC, Exploring Privacy: A Roundtable Series, available at http://www.ftc.gov/bcp/workshops/privacyroundtables/index.shtml. \32\ Transcript of Roundtable Record, Exploring Privacy: A Roundtable Series (Jan. 28, 2010) (Panel 4, ``Privacy Implication of Mobile Computing''), at 238, available at http://www.ftc.gov/bcp/ workshops/privacyroundtables/PrivacyRoundtable_Jan2010_Transcript.pdf. \33\ See FTC Preliminary Staff Report, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (Dec. 1, 2010), available at http://ftc.gov/os/2010/12/ 101201privacyreport.pdf. Commissioners William E. Kovacic and J. Thomas Rosch issued concurring statements available at http://ftc.gov/os/2010/ 12/101201privacy report.pdf at Appendix D and Appendix E, respectively. --------------------------------------------------------------------------- First, FTC staff recommended that companies adopt a ``privacy by design'' approach by building privacy protections into their everyday business practices, such as not collecting or retaining more data than they need to provide a requested service or transaction. Thus, for example, if an app provides only traffic and weather information to a consumer, it does not need to collect call logs or contact lists from the consumer's device. Second, staff recommended that companies provide simpler and more streamlined privacy choices to consumers. This means that all companies involved in data collection and sharing through mobile devices-- carriers, handset manufacturers, operating system providers, app developers, and advertisers--should work together to provide such choices and to ensure that they are understandable and accessible on the small screen. The Staff Report also stated that companies should obtain affirmative express consent before collecting or sharing sensitive information, such as precise location data. Third, the Staff Report proposed a number of measures that companies should take to make their data practices more transparent to consumers, including streamlining their privacy disclosures to consumers. After releasing the Staff Report, staff received 452 public comments on its proposed framework, a number of which implicate mobile privacy issues specifically. FTC staff is analyzing the comments and will take them into consideration in preparing a final report for release later this year. C. Web Browsing and Do Not Track on Mobile Devices The Staff Report included a recommendation to implement a universal choice mechanism for online tracking, including for purposes of delivering behavioral advertising, often referred to as ``Do Not Track,'' and a majority of the Commission has expressed support for such a mechanism.\34\ Behavioral advertising helps support online content and services, and many consumers may value the personalization that it offers. However, the third-party tracking that underlies much of this advertising is largely invisible to consumers, some of whom may prefer not to have their personal browsing and searching information collected by companies with which they do not have a relationship. --------------------------------------------------------------------------- \34\ See FTC Staff Report, supra note 33; see also Do Not Track: Hearing Before the Subcomm. on Commerce, Trade and Consumer Prot. of the H. Comm. on Energy and Commerce, 111th Cong. (Dec. 2, 2010), available at www.ftc.gov/os/testimony/101202donottrack.pdf (statement of the FTC, Commissioner Kovacic dissenting). Commissioner Kovacic believes that the endorsement of a Do Not Track mechanism by staff (in the report) and the Commission (in this testimony) is premature. See FTC Staff Report, App. D. Commissioner Rosch supported a Do Not Track mechanism only if it were ``technically feasible'' and implemented in a fashion that provides informed consumer choice regarding all the attributes of such a mechanism. See id., App. E. To clarify, Commissioner Rosch continues to believe that a variety of questions need to be answered prior to the endorsement of any particular Do Not Track mechanism, including the consequences of the mechanism for consumers and competition. --------------------------------------------------------------------------- The FTC repeatedly has called on stakeholders to develop and implement better tools to allow consumers to control the collection and use of their online browsing data,\35\ and industry and other stakeholders have responded. In recent months a number of browser vendors--including Microsoft, Mozilla, and Apple--have announced that the latest versions of their browsers include, or will include, the ability for consumers to tell websites not to track their online activities.\36\ Additionally, last month the World Wide Web Consortium \37\ held a two-day workshop at which participants including academics, industry representatives, and privacy advocates discussed how to develop standards for incorporating ``Do Not Track'' preferences into Internet browsing.\38\ The online advertising industry has also made important progress in this area. For example, the Digital Advertising Alliance, an industry coalition of media and marketing associations, is launching an enhanced notice program that includes an icon embedded in behaviorally targeted ads.\39\ When consumers click on the icon, they can see more information about how the ad was targeted and delivered to them and are given the opportunity to opt out of receiving such ads, although collection of browsing information could continue. --------------------------------------------------------------------------- \35\ See, e.g., The State of Online Consumer Privacy, Hearing Before the S. Comm. on Commerce, Science & Transportation, 112th Cong. (Mar. 16, 2011), available at www.ftc.gov/os/testimony/ 110316consumerprivacysenate.pdf (statement of the FTC, Commissioner Kovacic dissenting); Do Not Track: Hearing Before the Subcomm. on Commerce, Trade and Consumer Prot. of the H. Comm. on Energy and Commerce, 111th Cong. (Dec. 2, 2010), available at www.ftc.gov/os/ testimony/101202donottrack.pdf (statement of the FTC, Commissioner Kovacic dissenting); see also FTC Staff Report: Self-Regulatory Principles for Online Behavioral Advertising (Feb. 2009), available at www.ftc.gov/os/2009/02/P085400behavadreport.pdf. \36\ See Press Release, Microsoft, Providing Windows Customers with More Choice and Control of Their Privacy Online with Internet Explorer 9 (Dec. 7, 2010), available at www.microsoft.com/presspass/features/ 2010/dec10/12-07ie9privacyqa.mspx; Mozilla Blog, Mozilla Firefox 4 Beta, Now Including ``Do Not Track'' Capabilities, blog.mozilla.com/ blog/2011/02/08/mozilla-firefox-4-beta-now-including-do-not-track- capabilities/ (Feb. 8, 2011); Nick Wingfield, Apple Adds Do-Not-Track Tool to New Browser, Wall St. J. (Apr. 14, 2011), available at online.wsj.com/article/ SB10001424052748703551304576261272308358858.html. \37\ The World Wide Web Consortium (W3C) is an international community whose ``mission is to lead the World Wide Web to its full potential by developing protocols and guidelines that ensure the long- term growth of the Web.'' See www.w3.org/Consortium/mission.html. \38\ See www.w3.org/2011/track-privacy/. This event followed a joint proposal by Stanford Law School's Center for Internet and Society and Mozilla for a header-based Do Not Track mechanism submitted to the Internet Engineering Task Force. See Do Not Track: A Universal Third- Party Web Tracking Opt Out (Mar. 7, 2011), available at tools.ietf.org/ html/draft-mayer-do-not-track-00; see also Mozilla Makes Joint Submission to IETF on DNT, available at firstperson cookie.wordpress.com/2011/03/09/mozilla-makes-joint-submission-to-ietf- on-dnt/. \39\ See Interactive Advertising Bureau Press Release, Major Marketing Media Trade Groups Launch Program to Give Consumers Enhanced Control over Collection and Use of Web Viewing Data for Online Behavioral Advertising (Oct. 4, 2010), available at www.iab.net/about_ the_iab/recent_press_releases/press_release_archive/press_release/pr- 100410. --------------------------------------------------------------------------- These recent industry efforts to improve consumer control are promising, but they are still in the early stage and their effectiveness remains to be seen. As industry continues to explore technical options and implement self-regulatory programs and Congress continues to examine Do Not Track, five critical principles should be considered to make any Do Not Track mechanism robust and effective. Do Not Track should (1) be universal; (2) be easy to find and use; (3) be enforceable; (4) ensure that consumer choices are persistent; and (5) not only allow consumers to opt out of receiving targeted advertising, but also allow them to opt out of collection of behavioral data for all purposes that are not commonly accepted.\40\ --------------------------------------------------------------------------- \40\ For more detail concerning these five principles, see The State of Online Consumer Privacy, Hearing Before the S. Comm. on Commerce, Science & Transportation, supra note 35, at 16-17. --------------------------------------------------------------------------- The Staff Report asked whether Do Not Track should apply in the mobile context. At least for purposes of Web browsing, the issues surrounding implementation of Do Not Track are the same on mobile devices and desktop computers. On both types of devices, the user could assert a Do Not Track choice, the browser would remember this choice, and the browser would send the Do Not Track request to other websites visited. The technology underlying mobile apps, however, differs in some respects from Web browsing (apps run outside of the browser, unlike websites), and thus the Staff Report has asked for comment about the application of Do Not Track to mobile apps, and FTC staff is currently examining the technology involved in a Do Not Track mechanism for mobile apps. Chairman Rockefeller has introduced Do Not Track legislation that would address desktop and mobile services.\41\ The Commission supports the fundamental goals of this legislation--to provide transparency and consumer choice regarding tracking. Although the Commission has not taken a position on whether there should be legislation in this area, the Commission supports the approach in the proposed legislation, which would consider a variety of factors in implementing a Do Not Track mechanism, including the scope of the Do Not Track standard, the technical feasibility and costs, and how the collection of anonymous data would be treated under the standard. Indeed, the Commission agrees that any legislative mandate must give careful consideration to these issues, along with any competitive implications, as part of the Do Not Track rulemaking process. We would be pleased to work with Chairman Rockefeller, the Committee and Committee staff as they consider these important issues. --------------------------------------------------------------------------- \41\ Do Not Track Online Act of 2011, S. 913, 112th Cong. (2011) --------------------------------------------------------------------------- D. Children's and Teens' Mobile Privacy The Commission has a long history of working to protect the privacy of young people in the online environment. In recent years, the advent of new technologies and new ways to collect data, including through mobile devices, has heightened concerns about the protection of young people when online. 1. Children's and Teen's Use of Mobile Technology Children's and teens' use of mobile devices is increasing rapidly-- in 2004, 45 percent of 12 to 17 year-olds had a cell phone; by 2009, that figure jumped to 75 percent.\42\ Many young people are using their phones not just for calling or sending text messages, but increasingly for sending e-mails, Web browsing, and using a host of apps that enable them to access social networks and make online purchases.\43\ They are also using relatively new mobile apps that raise privacy concerns such as location-based tracking.\44\ Even very young children have embraced these new technologies. In one study, two-thirds of the children ages 4-7 stated they had used an iPhone, often one owned by a family member and handed back to them while riding in an automobile.\45\ --------------------------------------------------------------------------- \42\ Amanda Lenhart, Rich Ling, Scott Campbell, Kristen Purcell, Pew Internet & American Life Project, Teens and Mobile Phones (Apr. 20, 2010), at 2, available at www.pewinternet.org//media//Files/Reports/ 2010/PIP-Teens-and-Mobile-2010.pdf. \43\ Id. \44\ Nielsen, How Teens Use Media (June 2009), available at blog.nielsen.com/nielsenwire/reports/ nielsen_howteensusemedia_june09.pdf. \45\ Cynthia Chiong & Carly Shuler, Joan Ganz Cooney Center, Learning: Is there an App for that? (Nov. 2010), at 15, available at www.joanganzcooneycenter.org/upload_kits/learning apps_final_110410.pdf. --------------------------------------------------------------------------- 2. Enforcement of the Children's Online Privacy Protection Rule The Commission actively engages in law enforcement, consumer and business education, and rulemaking initiatives to ensure knowledge of, and adherence to, the Children's Online Privacy Protection Rule (``COPPA Rule''), issued pursuant to the Children's Online Privacy Protection Act of 1998.\46\ The COPPA Rule requires operators of interactive websites and online services directed to children under the age of 13, as well as operators of general audience sites and services having knowledge that they have collected information from children, to provide certain protections. In the past 10 years, the Commission has brought 16 law enforcement actions alleging COPPA violations and has collected more than $6.2 million in civil penalties. --------------------------------------------------------------------------- \46\ The Commission's COPPA Rule is found at 16 C.F.R. Part 312. The COPPA statute is found at 15 U.S.C. 6501 et seq. --------------------------------------------------------------------------- Just last week, the Commission announced its largest civil penalty in a COPPA action, a $3 million settlement against Playdom, Inc. The Commission alleged that the company, a leading developer of online multi-player games, as well as one of its executives, violated COPPA by illegally collecting and disclosing personal information from hundreds of thousands of children under age 13 without their parents' prior consent.\47\ While the allegations against Playdom do not specifically include the collection of information via mobile communications, the order, like all previous COPPA orders, applies to future information collected from children, whether it is collected via a desktop computer or a mobile computing device. --------------------------------------------------------------------------- \47\ United States v. Playdom, Inc., No. SACV11-00724 (C.D. Cal.) (final stipulated order filed May 11, 2011), available at www.ftc.gov/ opa/2011/05/playdom.shtm. --------------------------------------------------------------------------- 3. Review of the COPPA Rule In April 2010, the Commission accelerated its review of the COPPA Rule, asking for comment on whether technological changes in the online environment warrant any changes to the Rule or to the statute.\48\ In June 2010, the Commission also held a public roundtable to discuss the implications for COPPA enforcement raised by new technologies, including the rapid expansion of mobile communications.\49\ --------------------------------------------------------------------------- \48\ See 75 Fed. Reg. 17,089 (Apr. 5, 2010). Although, of course, the Commission does not have the authority to amend the statute, it could recommend changes to Congress if warranted. Commission staff anticipates that proposed changes to the COPPA Rule, if any, will be announced in the next few months. \49\ Information about the June 2, 2010 COPPA Roundtable is located at http://www.ftc.gov/bcp/workshops/coppa/index.shtml. The public comments submitted in connection with the COPPA Rule review are available at http://www.ftc.gov/os/comments/copparulerev2010/ index.shtm. --------------------------------------------------------------------------- While the Rule review is ongoing, public comments and roundtable remarks reveal widespread consensus that the COPPA statute and the Rule were written broadly enough to encompass most forms of mobile communications without the need for statutory change.\50\ For example, current technologies such as mobile applications, interactive games, voice-over-Internet services, and social networking services that access the Internet or a wide-area network are ``online services'' covered by COPPA.\51\ There was less consensus as to whether certain mobile communications such as text messages are ``online services'' covered by COPPA. Certain commenters indicated that, depending on the details of the texting program--and provided that personal information is collected--COPPA could cover such programs.\52\ Other commenters maintained that text messages cross wireless service providers' networks and short message service centers, not the public Internet, and that therefore such services are not Internet-based and are not ``online services.\53\ Commission staff is assessing new technologies to determine whether they are encompassed by, and conducted in accordance with, COPPA's parameters. --------------------------------------------------------------------------- \50\ See, e.g., Comment of Center for Democracy and Technology (July 1, 2010), at 2, available at http://www.ftc.gov/os/comments/ copparulerev2010/547597-00049-54858.pdf; Transcript of Roundtable Record, COPPA Rule Review Roundtables (June 2, 2010), at 14, (remarks of Ed Felten, Center for Information Technology Policy), available at http://www.ftc.gov/bcp/workshops/coppa/_COPPARuleReview_Transcript.pdf (hereinafter ``COPPA Transcript''). \51\ The statute's definition of ``Internet,'' covering the ``myriad of computer and telecommunications facilities, including equipment and operating software, which comprise the interconnected world-wide network of networks that employ the Transmission Control Protocol/Internet Protocol,'' is plainly device neutral. 15 U.S.C. 6502(6). In addition, the statutory use of the terms ``website located on the Internet'' and ``online service,'' although undefined, is broadly understood to cover content that users can access through a browser on an ordinary computer or a mobile device, and services available over the Internet or that connect to the Internet or a wide- area network. See Comment of AT&T, Inc. (July 12, 2010), at 5, available at www.ftc.gov/os/comments/copparulerev2010/547597-00074- 54989.pdf; Comment of Spratt (Apr. 18, 2010), available at www.ftc.gov/ os/comments/copparulerev2010/_547597-00004.html; COPPA Transcript, supra note 50, at 15 (remarks of Ed Felten). \52\ See COPPA Transcript, supra note 50, at 27-28 (remarks of Ed Felten). \53\ See Comment of CTIA (June 30, 2010), at 2-5, available at www.ftc.gov/os/comments/copparulerev2010/547597-00039-54849.pdf (citing the Federal Communications Commission's rules and regulations implementing the CAN-SPAM Act of 2003 and the Telephone Consumer Protection Act of 1991, finding that phone-to-phone SMS is not captured by Section 14 of CAN-SPAM because such messages do not have references to Internet domains). --------------------------------------------------------------------------- 4. Consumer Education Initiatives for Children and Teens The FTC has launched a number of education initiatives designed to encourage consumers of all ages to use technology safely and responsibly. In particular, the Commission's educational booklet, Net Cetera: Chatting with Kids About Being Online,\54\ provides practical tips on how parents, teachers, and other trusted adults can help children of all ages, including teens and pre-teens, reduce the risks of inappropriate conduct, contact, and content that come with living life online. Net Cetera focuses on the importance of communicating with children about issues ranging from cyber bullying to sexting, social networking, mobile phone use, and online privacy. The Commission has partnered with schools, community groups, and local law enforcement to publicize Net Cetera, and the agency has distributed more than 7.8 million print copies of the guide since it was introduced in October 2009. FTC staff are currently developing additional consumer education materials focused on mobile issues. --------------------------------------------------------------------------- \54\ Net Cetera is available online at www.onguardonline.gov/pdf/ tec04.pdf. --------------------------------------------------------------------------- IV. Conclusion The Commission is committed to protecting consumers, including children and teens, from unfair and deceptive acts in the burgeoning mobile marketplace. This dedication is reflected in the Commission's recent law enforcement actions and ongoing investigations, policy initiatives, and investment of resources to augment its mobile technical expertise and investigative tools. Protecting the privacy and security of consumer information is a critical component of the Commission's focus on mobile technologies and services. We will continue to bring law enforcement actions where appropriate and work with industry and consumer groups to develop workable solutions that allow companies to continue to innovate and give consumers the new products and services they desire. Senator Pryor. Thank you very much. And because we have a full committee here, almost a full subcommittee, I am going to just ask a couple of questions, then I will turn it over to my colleagues. Thank you very much, Mr. Vladeck, for being here. You mentioned that this is a small-screen world. And even when you have a large screen and you get all these privacy notices and agreements that are online, et cetera, there is a lot of verbiage there you have to go through. So it seems to me that we have a particular challenge in the small-screen world to have meaningful disclosure. Have you given that much thought, and do you have a solution on that? Mr. Vladeck. Well, we have addressed this issue in our privacy report, and one of the reasons why we did this privacy rethink at the outset was because even on big screens, privacy policies are often indecipherable to consumers. And simply translating that to the smartphone world, where a consumer might have to click through a dozen, two or three dozen screens to read a privacy policy, doesn't make sense. We have called for simple, clear, and concise disclosures that can tell consumers--that tell consumers the fundamental information they need to know--what data is being taken, for what purpose, and by whom. Those are the three essential questions, and we think--I am sorry? Senator Pryor. So bottom-line disclosure is what you mean? Mr. Vladeck. Bottom-line disclosure just in time. Senator Pryor. Mm-hmm. OK. And let me ask about the geo- tracking capability? Is there a purpose for that? I mean, is there a legitimate business reason why geo-tracking would be available in some apps? Mr. Vladeck. Well, in some apps, if you are using a map function, geolocation tracking will enhance functionality. That doesn't explain why other apps that do not need geolocation data for functionality are, nonetheless, pulling down geolocation data. And that is part of the problem. You are given a prompt on some phones, do you want to share your geolocation data? If you say no, you can't use the app. And that gets back to Senator Kerry's point. You want functionality, but you also want to know who else may be getting access to that data. Is that access just being used to enhance the functionality, or is it then being sent to analytics companies and ad networks and advertisers and so forth? That information is currently not available to consumers. Senator Pryor. And my experience has been when I talk to people about this, they have no clue that this data is being transmitted or shared with anyone. They have no idea. Do you have any statistics on what people know now? I mean, is there any way to know exactly what people understand about this data right now? Mr. Vladeck. There have been surveys, and the surveys confirm your impression, which is most people don't know. And there is a reason for that. People are not told with whom the data is going to be shared. And so, it is hard to point the finger at the consumer. The consumer just has no way of knowing that on most apps. Senator Pryor. Thank you. Now the order that I was going to call on folks, Chairman Rockefeller, and then we will do the early bird rule. Senator Kerry--no, you are not at the end. You should be at the end, but you are not at the end. Senator Kerry, Senator Klobuchar, and I know Senator Heller just stepped out, and Senator Blunt. So, Mr. Chairman? Senator Rockefeller. OK. Since 2000, COPPA has been in effect. It prohibits companies from targeting children 12 years old or younger. It is widely disregarded. Do you agree? Mr. Vladeck. I don't know whether I would agree with that. We do fairly aggressive enforcement under COPPA. Last week, we announced a settlement against Playdom, one of the largest children's gaming companies, for a civil penalty of $3 million, the largest civil penalty by three times---- Senator Rockefeller. Well, they were disregarding it at least? Mr. Vladeck. They were disregarding it, and the order applies not simply to the Internet, but for T-Mobile---- Senator Rockefeller. The idea would be that this would not be available without parents' consent. Is that correct? Mr. Vladeck. It shouldn't have been available. That is correct. The violation there was not--was retaining information without parental consent. Senator Rockefeller. OK. So if you get a lot of software applications available for popular mobile devices, such as iPhone or Android phone, they qualify, in my mind, as an online service. I am not sure they qualify in their mind as an online service. Could you talk about that? Mr. Vladeck. Well, we held a workshop in June of last year to discuss exactly these issues. And I think there was widespread consensus that, for example, to use your illustration, that mobile apps would be an online service and, therefore, would be covered by COPPA. And we have reinforced that with our order in Playdom, which makes it quite clear that mobile delivery of these apps is covered by our order and is subject to COPPA. Senator Rockefeller. And that act requires--you have to provide conspicuous notice on what personal information is being collected and how it is being used. Mr. Vladeck. That is what the statute says. Senator Rockefeller. That is under the law--receive parental consent and provide parents with access to all information being collected about their kids. Now, any of these provisions, a violation of any of them, constitutes a very bad thing under the Federal Trade Commission's act. So the question is such violations are subject to civil penalties. How much do you go after these folks? Mr. Vladeck. Well, as I said, we have done quite a number of COPPA cases lately, and we have a number of investigations ongoing into the mobile space, including apps directed at children. Senator Rockefeller. All right. I presume you believe that apps directed at kids under 13 are covered by COPPA? Mr. Vladeck. That is correct. Senator Rockefeller. According to news reports, apps designed to appeal to kids, one with cartoon characters and games, are collecting information at times without adequate disclosure. Would you agree? Mr. Vladeck. I believe that is correct. Senator Rockefeller. Now, COPPA has been a very effective tool to protect children's privacy online. Mr. Vladeck, given the growth in mobile applications, the increasing use of mobile devices by children even to the age of 4, what is the FTC doing to make sure that apps are compliant with COPPA? Mr. Vladeck. Well, we are doing two things. One is, as I mentioned before, we are looking for good enforcement targets in this space. And we will be bringing other enforcement cases. Senator Rockefeller. What do you mean by ``looking for good enforcement?'' Mr. Vladeck. Cases like Playdom, which involved substantial violations of the act. In Playdom, literally hundreds of thousands of kids were playing these online games. And part of what we do in our enforcement is try to send a clear message to industry. Playdom was a very big player in this field. It was owned-- recently acquired by the Disney Corporation, so---- Senator Rockefeller. OK. So the FTC testified before this committee last year on your plans to review COPPA rules. One of the issues discussed at that hearing was the rules' applicability to the mobile apps. The comment period closed in last July. Mr. Vladeck. That is correct. Senator Rockefeller. And so, that is, I think, about a year later. So I am kind of curious as to what you are doing to make up for this lost 10\1/2\ months. Mr. Vladeck. With all respect, the time has not been lost. These raise very difficult public policy issues, and we want to get this right. And so, you can expect something--you know, we hope to get something out in the next couple of months. Senator Rockefeller. I hear that so often in government. People have to put out rules. They have to put out regulations. We hope to get that out in several months, but in the meantime, everything is OK. I am a bit skeptical. Mr. Vladeck. I am not saying everything is OK, Mr. Chairman. Please understand that---- Senator Rockefeller. But you implied that you are being active in the meantime, and all I am saying is get the rules out. Mr. Vladeck. We hear you loud and clear. Senator Rockefeller. Thank you. Senator Pryor. Thank you. Senator Kerry? Senator Kerry. Thank you very much, Mr. Chairman. Mr. Vladeck, thanks for being here. To what degree is it true that right now, absent some kind of promise to the contrary, any kind of company or a mobile phone or an app operator, hotel, website, whatever it is, that they can do whatever they want with the personal information that they have collected, and the individual would have no right whatsoever to tell them to stop or to control what they are doing with the information? Mr. Vladeck. Well, if you are asking what the individual could do, that may be a question of State law and Federal law. If you are asking what the Federal Trade Commission can do, our principal tools are deception and unfairness. In the absence of a privacy policy, it makes things more difficult for us because our jurisdictional hook would be the unfairness prong--generally--would be the unfairness prong of our authority. And while I wouldn't rule out our ability to take enforcement actions in the absence of any commitment through a private policy or any other statement, it would make things more difficult for us. Senator Kerry. Do you know of a law or do you know of a standard in some state that has been applied---- Mr. Vladeck. I don't know. I have never taken a comprehensive look at that question. Senator Kerry. You guys have not actually surveyed that to determine what kind of rights people may have? Mr. Vladeck. When I say ``me,'' I was speaking just for myself. It may well be that our staff has done that. And if so, we would be glad to provide---- Senator Kerry. Could you find out and let us know? Mr. Vladeck. Yes. I will be glad to provide that to you. Yes, sir. Senator Kerry. Whether or not you have. You raised this question of where the FTC can go with respect to an unfair trade practice, which is essentially saying that if somebody makes a promise to the consumer, but they do something other than the promise, you have a right to come in and do something. Absent that, do you have any capacity to assure compliance across the hundreds of thousands of different companies in the country with respect to privacy for consumers? Mr. Vladeck. We do if the practice is an unfair one under our statute. And---- Senator Kerry. What is the definition of that? What would the standard be that would be applied to that? Mr. Vladeck. Well, it would have to cause or threaten to cause injury to consumers that the consumers themselves could not avoid and that the cost to consumers would outweigh whatever benefits that might accrue to the---- Senator Kerry. Well, have you made any judgment as to broadly whether or not, in fact, it is unfair, per se, for this information to be given to a third party, for instance? Mr. Vladeck. We have not made that---- Senator Kerry. Why would that not be something you would want to think about? Mr. Vladeck. Well, let me digress. We have made that argument, for example, in the data security area. For example, if there is a data security breach and your personal information is shared as a result of the breach, we apply our unfairness standard in those kinds of cases because you have been injured, you could not reasonably avoid it, and the benefits to the company certainly don't outweigh the cost to you. And that--I am sorry. Senator Kerry. No, that is all right. I just-- unfortunately, time is short. But I want to just try to hone in on some of the things that are sort of out there. Supposing you have a Government entity and Government information would be a separate committee and a separate set of concerns, but in a private company and a private individual in some kind of right of action, what kind of rights might people have here? For instance, in a divorce proceeding, could one spouse or the other use information from a third party, or would they have rights to that in some way? Do we know the answer to that? What about a company against an employee, and the employee has been fired for certain practices in the company and you want a trace on the company's phone? Do they have any--or their phone, either way? Mr. Vladeck. You have just sort of chronicled all of the reasons why we think geolocation data is so special and so important. Because under State law, those kinds of things may be available, or there may be no inhibition to sharing them. And largely because of the examples that you have given, we think geolocation data ought to be treated as special data, just as data about children, health, finances, data that deserves special protection. Senator Kerry. And with respect to Do-Not-Track, Do-Not- Track applies to third party. Is that correct? Mr. Vladeck. The way we have defined it in our proposal, yes. When you move across websites and you are tracked, that is what we consider to be third-party tracking. Senator Kerry. So are apps that are operating on iPhones or on Android phones first parties or third parties? Mr. Vladeck. Well, I think it, again, depends on how the app functions. If you pick up the New York Times app on your phone and you are reading the New York Times, if you then--you know, if you then click on the Facebook Like button, then it raises difficult questions. Senator Kerry. But the bottom line is if they are treated as a first party, then Do-Not-Track would not apply any new standard whatsoever with respect to privacy protection for that particular app. Correct? Mr. Vladeck. That is correct. Right. If you are not moving across websites. But on some apps you can do that, and that is why the implementation of Do-Not-Track for apps, not for mobile browsers, but for apps, raises different implementation questions. Senator Kerry. That is why, Mr. Chairman, I just wanted to underscore the need for the sort of broader--there are any numbers of reasons, but I think this helps to underscore why you need that basic standard and code of privacy. And, well, I will come back to that another time, but I thank you for the time. Senator Pryor. Thank you, Senator Kerry. Senator Klobuchar? STATEMENT OF HON. AMY KLOBUCHAR, U.S. SENATOR FROM MINNESOTA Senator Klobuchar. Thank you very much, Mr. Chairman. I have a statistic. It is not nearly as sexy as Chairman Rockefeller's statistic that 72 percent of people sleep with their cell phones, something I just can't get over. But this statistic shows that nearly three-quarters of consumers are uncomfortable with advertising tracking, and 77 percent don't want to share their location data with app owners and developers. And that is why I believe we need some rules of the road. Senator Kerry mentioned the bill that we have been working on. I also believe that we need to make sure that we are going after bad actors and people who hack in. I am working on a bill with Senator Hatch on cloud computing that we are going to put out shortly. And the third is that personal choice also plays a role here. Some consumers may be more comfortable with more data sharing than others, but we have to make sure that they are the ones that are able to make that choice. And that gets to my first question here about privacy choices to consumers. Currently, how simple and clear is the typical privacy policy to the average consumer, Mr. Vladeck? Mr. Vladeck. Not much, not very. Senator Klobuchar. OK. And how valuable do you believe a streamlined privacy policy agreement would be when--moving forward, if we try to set some best practices? Mr. Vladeck. Well, we discuss this in great detail in our privacy report. But to distill it down to its essence, we think that privacy policy, at least those particularly on smartphones, need to be short, clear, and concise. And they ought to be delivered just when the decision about using the app or sharing information is made. Senator Klobuchar. And that isn't the truth right now? Mr. Vladeck. That is not generally the way they are delivered at the moment. Senator Klobuchar. OK. And second, and Senator Kerry was touching on this, but I know one of the most popular things in our household that Congress did was the ``do not call'' registry many years ago. And now we are looking with Senator Rockefeller at this idea of Do-Not-Track for mobile phones. What kind of feedback have you received from consumers on the Do-Not-Track? Mr. Vladeck. We have gotten positive response not just from consumers, who overwhelming support a Do-Not-Track feature, but as you may know, both the browser manufacturers and the advertisers are also gravitating to Do-Not-Track. I think no one--it is hard to argue in favor of a business model that depends on deceiving consumers. And so, I think there is a great deal of movement toward giving consumers easy- to-use, easy-to-find controls over their own data. Senator Klobuchar. And what do you see as the challenges in implementing Do-Not-Track on mobile devices? Mr. Vladeck. Well, I think the only challenge, as you put it, is implementation of Do-Not-Track on the apps. On browsers, the technology would be the same. And one of the reasons why we brought on technologists like Ed Felten, who is a Princeton computer science professor, is to help us work through the implementation issues. Senator Klobuchar. And how does the FTC's proposal differ from what Apple and Google are currently doing with their smartphone operating system? Mr. Vladeck. On Do-Not-Track? I am sorry. Senator Klobuchar. On Do-Not-Track. Mr. Vladeck. Well, they would differ significantly. I mean, the problem that we face now is that there are browsers that are being adapted to essentially try to clear cookies and send out signals to advertisers basically saying, ``Don't track us.'' But until the advertisers agree to be bound by this and sign up in significant numbers, you know, if that doesn't happen, Senator Rockefeller's bill has started the clock. I think that the business community knows that, at some point, sooner or later there will be a Do-Not-Track requirement. And so, I think they are trying to figure out how to do this. Senator Klobuchar. OK. And last question, does the FTC currently have the authority that you believe that you need to promulgate regulations in this ever-changing and ever more sophisticated world? And do we need to do anything more here? I mentioned a lot of things that we are looking at with bills, but in terms of just giving you authority. Mr. Vladeck. Well, let me answer the question in two ways. First is we do not currently have normal APA rulemaking authority. So we do not really have the capacity today to promulgate regulations in this area. Second, though, I would say our commission has not sought that specific authority from Congress. I can't speak for the commission on that issue. Senator Klobuchar. All right. Mr. Vladeck. Thank you. Senator Klobuchar. Thank you very much. Senator Pryor. Thank you. Senator Blunt? STATEMENT OF HON. ROY BLUNT, U.S. SENATOR FROM MISSOURI Senator Blunt. Thank you, Chairman. Just two or three questions. One, with Do-Not-Track, how would apps work? For an app to work, don't you have to track? Mr. Vladeck. There are apps that--when we say track in the mobile---- Senator Blunt. Maybe apps is too broad a term. But for a lot of apps to work, don't you have to track? Mr. Vladeck. Well, again, there is a confusion about tracking in the mobile because it takes on two meanings. One is being followed you as go from one website to another. That is tracking on the Internet. Senator Blunt. Right. Mr. Vladeck. Of course, in the mobile, there is an additional complexity because you can be physically tracked. Senator Blunt. I guess that is what I am asking. Mr. Vladeck. And that is why--I am sorry, that is why I digressed. Senator Blunt. But thank you. That helps me to---- Mr. Vladeck. Senator, yes. For many apps that use geolocation data for functionality purposes, you need to enable the geolocation figures on your phone to use that. Our concern is not with respect to the app developer pulling down geolocation data, for example, to make sure the map function on your phone worked. It is that there are other apps that are pulling down geolocation data which has no relation at all to functionality. And oftentimes, the consumer is unaware that the geolocation data is being pulled down, or that once it is being pulled down, it is being shared with ad networks, analytic companies, and this ecosystem behind the screen the consumers are unaware of. Senator Blunt. In rulemaking, how hard would it be, do you think, to define, to reach that definition to where you are not allowing tracking for some things, but you understand it has to happen for others? Mr. Vladeck. Well, I think that the litmus test would be functionality. As I just explained, we don't have rulemaking authority in this area. So to the extent there are definitional questions that need to be resolved across the board, industry is going to have to do that, or this body will have to do that. Senator Blunt. These questions about employees and divorce cases and things like that, how is this geolocating data retained? Is it retained in a way that you really could go back and sort out with the individual involved not being--agreeing to that, where they had been for some significant period of time or not? Mr. Vladeck. Well, I mean, there are State law cases involving divorce and other issues in which geolocation data has been subpoenaed from not just the wireless companies, but from other companies and been used in court proceedings. So, yes. The analytic data---- Senator Blunt. Has been done and can be done is what---- Mr. Vladeck. I believe that is the case, sir. Senator Blunt. What about data security breach, something else you mentioned. Is that more likely within the current environment than if you had a lot of privacy signoffs and opt out and all of that sort of thing? Mr. Vladeck. Well, the Commission has long called for legislation to enhance both the privacy protections, the safeguards companies are required to use when they store sensitive information, such as geolocation data, and to give public notice of breaches. Now the concern we have is that the more data of this kind, data that is really special because the consequence of disclosure can be serious, the more companies need to protect that data and to safeguard it and make sure that they are not subject to breach. And so, these two issues are related. The more sensitive data companies collect, the more we ought to require them to put protections in place to safeguard that data. Senator Blunt. I guess I will ask the companies this later. But I am wondering how actually individual-specific those are in terms of any collection matrix that the company does, or do they just have a big universe of people that have contact--that have gone to a certain location or something that they then contact that universe? Mr. Vladeck. Well, I mean, the Wall Street Journal did an article on this precise issue a couple of months ago. And the data is so robust that there are now predictive algorithms that you can use to sort of guess where you are going to be next. So if--and this, of course, is a hypothetical. But suppose you played golf every Wednesday afternoon, you know, and called in sick. It is not inconceivable that, somehow or another, your employer could get that data and decide maybe you shouldn't be golfing every Wednesday. Senator Blunt. You know, maybe I need that because I have so far not been able to guess where the Senate is going to be next. [Laughter.] Senator Blunt. So maybe I need to figure out that algorithm that lets me know what we are doing tomorrow. Thank you, Chairman. Mr. Vladeck. Thank you so much. Senator Pryor. Thank you. Senator McCaskill? STATEMENT OF HON. CLAIRE McCASKILL, U.S. SENATOR FROM MISSOURI Senator McCaskill. Yes. One of the things that seems to be missing from this discussion is that the value that a lot of this activity provides to the consumer. And let me give you one example. The value of being able to locate where this is, is very important to my privacy because they now have the technology that if this gets stolen from me or if it gets left somewhere, I can remotely go and wipe it clean. That protects my privacy. That is incredibly important to me because, frankly, I don't want people in here. And so, have you all looked at the value that has come to the consumer both from the robust technology that has been developed and the incredible ability we have to do so many things? The fact that it is free or almost free. I mean, you pay for some apps, and some of those have geolocations. Most of them don't. And what it provides is an amazing Internet experience primarily funded by behavioral marketing, anonymous behavioral marketing. So what studies have been done to show the benefits? Because I think most consumers--frankly, asking somebody if they want privacy is asking me whether I love my country. Of course, I want privacy. But we did HIPAA, and I don't think HIPAA has been anything to write home about. I think all of us sign that stupid piece of paper at the doctor's office and don't get much out of it. So I am trying to make sure that as we go down this road that we are informing the consumer of, yes, there are some things we need to do on privacy, and I am all for some things. But I am not sure the consumer understands now the value they are getting. Have you all talked about that? Mr. Vladeck. We have. And this was part of the data collection effort we did as part of our privacy review. And I think that, you know, I think there is no disagreement that consumers value tremendously the flexibility and the capacity, the almost unimaginable capacity these phones bring or these tablets bring to our lives. Nobody is suggesting that we turn the clock back. The question really is, is do we have a system that is more transparent, that helps consumers understand that there are costs as well as benefits? And one of those costs is, you know, you are absolutely correct. The sort of contextual and behavioral advertising is a source of revenue that funds--many apps are free. They are free, but they are supported by the advertising revenue. Senator McCaskill. It is what has made the whole Internet free is behavioral marketing. And that is why I am anxious to know what do you think the new business model will be? Mr. Vladeck. Well, I think most consumers--and when we talk about Do-Not-Track, we are not talking about an all-or-nothing choice. One of the reasons why the advertisers are so engaged is they have acknowledged for years that they should not be targeting consumers who do not want to see targeted ads. So they are comfortable with the business model in which consumers have choice. The question is how many consumers are likely to opt out completely? And I think if the choice is rightly explained to consumers, their choice is to get ads that they may be interested in versus ads that are delivered to them at random. I think most consumers would opt for targeted ads, provided that they know that the ads--that the information collected for those ads will not be used--for purposes other than delivering targeted ads. The whole secondary use issue is an important one, and they will have some control over those ads. So I, for example, don't have to get those pesky Rogaine ads anymore. [Laughter.] Mr. Vladeck. And I think that is the kind of choice and control consumers are really looking for. Senator McCaskill. I just want to make sure that we have looked carefully at what the costs are and carefully at what impact it is going to have on the most successful part of our economy in this country. And I think for us to go down this road and not really be sure that we are going to inform the consumer that some of the benefits that they take for granted right now could very easily go away if we are not very careful and cautious about what we do here. Let me ask this final question because my time is almost out. Let us assume, for purposes of this discussion, you get all the authority that you may think you need, and you do a lot of rules and regs, and we will fast forward 2 or 3 years because that is how long it will take. You think that you are going to have the staff to go after the bad guys on this? Do you have currently enough staff to go after the bad guys? Mr. Vladeck. We currently are very short-staffed. But having said that, we have a very vigorous enforcement agenda in this area. In the last couple of months, we have brought enormous cases against Playdom, against Google, against Twitter. So, you know, our staff works very hard and are very capable. But we believe that we have the authority---- Senator McCaskill. You don't think you need more people to---- Mr. Vladeck. Oh, I need more people. [Laughter.] Senator McCaskill. Thank you, Mr. Chairman. Senator Pryor. Thank you. Now when I asked my rounds, I still had 2 minutes left on my questions. And what I would like to do is go ahead and finish my questions and then move to the next panel because we have several witnesses who are here and want to speak. But let me just ask a couple of follow-ups with you, Mr. Vladeck, before I let you go. One is more of just an open-ended question that I don't even need an answer to today, but it is something we need to think about. And that is when it comes to children, should there be special privacy protections for children? And I think that is a hard one to practically put that into effect. But it is just something we need to think about, and we would love to have your help on that as we think through it. Second, this is something I am going to ask the next panel. But if a person removes an app, does any of the software stay on their phone? Mr. Vladeck. I don't know that answer, and I will have to get back to you. Senator Pryor. And I will ask the second panel as well. I just didn't know if you were aware. And the third thing I had, before I let you go, is I am concerned about in-app purchases. And I know that I have written a letter to the Commission on that. Do you mind just giving us 1 minute on in-app purchases and where you are and where you think the industry is on that? Mr. Vladeck. Well, we are engaged in a number of nonpublic investigations. I think the simplest way to put it is no parent hands a child a phone with a game expecting to run up a bill of more than a penny or two. And we have, of course, seen parents be presented with bills in the hundreds of dollars. We are quite concerned about that. We have registered our concerns with both the app manufacturers and everyone else involved in this ecosystem, and that is an issue that we are pursuing. Senator Pryor. Great. I want to thank you for your attendance today and your testimony, and I am certain that some of my colleagues will have more questions for the record. So we would love for you to work with our staff on getting those back to us, when you can. Mr. Vladeck. It is our pleasure. Thank you so much. Senator Pryor. Thank you. And what I would like to do now is go ahead and excuse this panel, this witness, and bring up the second panel. And in order to save time, I would like to go ahead and do their very brief introductions as they are getting situated. We have five witnesses on this panel. We have Bret Taylor, Chief Technology Officer of Facebook. We have Morgan Reed, Executive Director, Association of Competitive Technology. We have Catherine Novelli, the Vice President, Worldwide Government Affairs of Apple Inc. And we also have Alan Davidson--yes, come on up and grab a seat--Alan Davidson, Director of Public Policy for the Americas, Google Inc. And we have Amy Shenkan, President and Chief Operating Officer of Common Sense Media. So, as the staff is getting them set up, we appreciate you all being here, and we appreciate your testimony. And as I said with the previous panel, your written statements will be made part of the record. So if you want to sort of streamline that and do it in under 5 minutes, I think the Committee would appreciate that. But why don't we go ahead and start with you, Mr. Taylor? And if you could give us your statement--again, if everyone can keep it to 5 minutes or less, that would be great. Mr. Taylor? STATEMENT OF BRET TAYLOR, CHIEF TECHNOLOGY OFFICER, FACEBOOK Mr. Taylor. Thank you, Chairman. Chairman Rockefeller, Chairman Pryor, Ranking Member Toomey, and members of the Committee, thank you for inviting me to testify today. Mobile phones and the Internet bring tremendous social and economic benefits. Just a decade ago, most online content was static and accessed through desktops. Today, the Internet is an interactive social experience, defined by a person's connections, interests, and communities. And thanks to the explosive growth of smartphones and mobile applications, people can access a personalized social Web wherever and whenever they want. With that growth of innovations comes legitimate questions about protecting personal privacy on the web, and we are grateful to have the opportunity to discuss those issues with other stakeholders today. Everyone has a key role to play in keeping people safe and secure online. Facebook works hard to protect individuals' privacy by giving them control over the information they share and the connections they make. As Facebook's chief technology officer, these issues are of particular concern to me. We understand that trust is the foundation of the social web. People will stop using Facebook if they lose trust in our services. At the same time, overly restrictive policies can interfere with the public's demand for new and innovative ways to interact. For Facebook, getting this balance right is a matter of survival. This is why we work to develop privacy safeguards without interfering in people's freedom to share and connect. I want to address five main points, which are covered in more detail in my written testimony. First, the openness of the Internet is a catalyst for innovation. This openness is what enabled Mark Zuckerberg to launch Facebook from his college dorm room in 2004, and it now allows more than a million third- party developers to offer a nearly infinite variety of services through the Facebook platform. In addition, the social Web is an engine for jobs, innovation, investment, and economic growth. Big companies and small businesses are hiring individuals to manage their social media outreach strategies. Entrepreneurs are building new business models based on the social web. But the Internet's open architecture also creates technical challenges for the transfer of data. Facebook is leading the way in developing new technologies to make the social experience more secure. Second, mobile technology plays an increasingly important role in how people use Facebook and the social web. Facebook has worked to ensure a seamless experience across our Web and mobile services, and over 250 million people access Facebook on their mobile devices every month. We are one of the few Internet companies to extend our privacy controls to our mobile interfaces, providing the same privacy controls on our mobile applications as we have on our website. If an individual changes his or her privacy settings on their phone, those changes will change their settings on facebook.com and every other device that the user may use to access Facebook. Third, we have built robust privacy protections into facebook.com and our mobile offerings. Because each individual's privacy preferences are different, we cannot satisfy people's expectations by adopting a one-size-fits-all approach. Instead, we strive to create tools and controls that enable individuals to understand how sharing works on Facebook and to choose how broadly or how narrowly they wish to share information at the time they are sharing it. In particular, we use privacy by design practices to ensure that privacy is considered throughout our company and our products. We are currently testing a new, more transparent privacy policy that communicates privacy in a simple, interactive way. Our contextual controls allow people to easily decide how broadly they want to share a particular piece of information. Our sophisticated security protections--including one-time passwords, remote logout, and login notifications--are state- of-the-art. And we continually engage with the Facebook community in order to evaluate and improve our services and the privacy safeguards we offer. Fourth, we work to build trust on the Facebook platform, which enables independent developers to build social experiences on Facebook, as well as other locations around the Internet. We believe that individuals should be empowered to decide whether they want to engage with some, many, or none of these third-party services. For this reason, we have created industry-leading tools for transparency and control so that people can understand what data they are sharing and make informed decisions about the applications and websites they decide to use. We also encourage community policing so that individuals, employees, and developers can help us identify possible issues. These features are available across the entire Facebook experience and our mobile applications and on facebook.com. For the independent developers who use the Facebook platform, we expect and we require them to be responsible stewards of the information they obtain. We have robust policies and technology tools to help them embrace this responsibility, and we are always doing more. Last year, we worked with other industry leaders to build an open standard for authentication that improves security on the Internet. Now that this standard is mature and has broad participation around the industry, we are requiring developers on the Facebook platform to migrate to it. This transition will result in better and more secure relationships between developers and the individuals who use the applications and the websites they build. Finally, we use our position in the industry to encourage others to play their part in safeguarding the public's trust, whether it is developers, users, browsers, or operating system designers. We also support government efforts to take action against bad actors and highlight important issues like today's hearing. Everyone has a role to play in building and securing the mobile and online environments that are enriching people's lives each day. Thank you for the opportunity to testify, and I look forward to answering your questions. [The prepared statement of Mr. Taylor follows:] Prepared Statement of Bret Taylor, Chief Technology Officer, Facebook Chairman Rockefeller, Chairman Pryor, Ranking Member Toomey, and members of the Committee, my name is Bret Taylor, and I am the Chief Technology Officer at Facebook. Thank you for inviting me to testify today on privacy issues in the mobile environment. Facebook is committed to providing innovative privacy tools that enable people to control the information they share and the connections they make through our mobile applications, as well as on facebook.com. We appreciate the Committee's initiative in holding this hearing today and providing us the opportunity to discuss our efforts to enable people to connect and share in a safe and secure environment. The explosive growth of smartphones and mobile applications, along with innovations in the way individuals interact and share information, has brought tremendous social and economic benefits. Just a decade ago, few individuals had Internet-enabled mobile phones. Online content was largely static and consumed through desktops. When people interacted, they did so using very limited forms of communication like e-mail and instant messaging. Today, smartphones have become indispensable devices for many people, and the technology that many of us carry in our pockets enables access to a far more personalized and interactive ``social web'' through which people can choose to share their experiences with friends and receive content that is tailored to them individually. Facebook develops innovative products and services that facilitate sharing, self-expression, and connectivity. We work hard to protect individuals' privacy by giving them control over the information they share and the connections they make. For Facebook--like other providers of social technologies--getting this balance right is not only the right thing to do, but a matter of survival. Trust is the foundation of the social web, and people will go elsewhere if they lose confidence in our services. At the same time, Facebook is fundamentally about sharing, and adopting overly restrictive policies will prevent our social features from functioning in the way that individuals expect and demand. Thus, to satisfy people's expectations, we not only need to innovate to create new protections for individuals' information; we also need to innovate to ensure that new protections do not interfere with people's freedom to share and connect. We need to continually evolve our services and the privacy safeguards included in them to respond to the feedback that we receive from the community and as required by law. In my testimony today, I will address five topics. First, I will describe how the open architecture of the Internet has empowered the innovations of the social Web and is fueling the growth of the economy. I will also explain how this open architecture presents security and privacy challenges to Internet users and the steps we and other companies have taken to address these challenges. Second, I will discuss the growing importance of mobile services at Facebook and how these innovations are driving the social web. Third, I will address the robust privacy protections that we build into facebook.com and our mobile offerings. Fourth, I will discuss the infrastructure tools that we provide in order to encourage responsible privacy practices among the independent developers who use our platform. Finally, I will explain how our efforts in advancing security and privacy online must be matched by those of other actors who likewise have an important role in safeguarding the public. I. The Importance of the Internet's Open Architecture in Fostering Innovation Facebook provides people with exciting, innovative and free tools for communication and sharing. In addition, through Facebook Platform, Facebook provides a set of tools that enable independent third-party developers to build applications and websites that are more social and people-centered than traditional Web experiences. In both respects, Facebook seeks to build upon the openness of the Internet. The Internet has flourished as a robust zone for innovation and expression because it is an open marketplace in which ideas succeed or fail based on merit. The Department of Commerce recently noted that, ``in contrast to the relatively high barriers to entry in traditional media marketplaces, the Internet offers commercial opportunities to an unusually large number of innovators, and the rate of new service offerings and novel business models is quite high.'' \1\ This environment is what enabled Mark Zuckerberg to launch Facebook from his college dorm room in 2004. That same innovative spirit is flourishing on Facebook Platform, which is now used by more than a million third- party developers to offer a nearly infinite variety of tools that enhance individuals' experience both on and off Facebook. --------------------------------------------------------------------------- \1\ Dep't of Commerce, Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework 19 (Dec. 16, 2010). --------------------------------------------------------------------------- The Internet as it existed at the turn of the millennium was a relatively isolated, passive, and anonymous experience, and few individuals had the ability to access online services through their mobile phones. All visitors to a news site, for example, had the same, one-size-fits-all experience--as if each of them had purchased the same edition of the same newspaper. Thanks to the transformative effects of social technology, people today can enjoy constant connectivity, personalized content, and interactive social experiences across a range of devices. On Facebook, for example, each of the more than 500 million people who visit the site each month has a highly personalized, unique experience--one that provides updates and other content based on the information and activities that the user's own unique circle of friends have shared. The social Web also creates enormous opportunities for anyone with an Internet connection to connect and share with their family, friends, and the world around them. I am proud to say that almost every United States Senator and more than 400 members of the House of Representatives, have Facebook pages that they use to reach their constituents and engage with them on matters of policy and public concern. I am equally proud to highlight that, after the recent tornadoes in the Southeast scattered irreplaceable photographs and other documents far from their owners' homes, one individual created a Facebook page that more than 100,000 people eventually connected with in order to identify and return thousands of items that might otherwise never have been recovered. Further from home, Facebook's photo and video-sharing features enable members of the military to stay connected with their friends and families--to watch their children grow--despite serving thousands of miles away. And, as recent news reports reveal, people around the world have embraced Facebook and other social media as key tools for social engagement. The social Web is also an engine for jobs, innovation, investment, and economic growth. One job-listing site alone includes 31,000 Facebook-related jobs.\2\ Small businesses are increasingly relying on social media to generate exposure for their companies, increase sales, and obtain new business partnerships--in a recent survey, two-thirds of small business owners ``strongly agreed'' that social media was important for their company.\3\ The social Web also creates new opportunities for businesses to inform people about their products and services, which is why many companies are now hiring individuals to strategize around social media outreach.\4\ At least as important, hundreds of thousands of developers have built businesses by creating applications for the social web. To take just one example, game developer Zynga, creator of the popular Farmville game, plans to hire an additional 700 employees this year and has been valued at $7 billion.\5\ And entrepreneurs have only begun to tap into the advancements in productivity and collaboration that social media makes possible, which means that the social Web will continue to transform the economy for years to come. --------------------------------------------------------------------------- \2\ Shareen Pathak, The Facebook Job Engine, FINS (May 16, 2011), http://it-jobs.fins.com/Articles/SB130514803310615197/The-Facebook-Job- Engine?link=FINS_hp. \3\ Michael A. Stelzner, 2011 Social Media Marketing Industry Report 11, 17-18 (Apr. 2011), http://www.socialmediaexaminer.com/ SocialMediaMarketingReport2011.pdf. \4\ See, e.g., Social Media Growth Creates New Job Opportunities, Herald & Review, Jan. 4, 2011, http://www.herald-review.com/news/ national/article_5a1ffb20-1811-11e0-95b5-001cc4c0 02e0.html. \5\ Pathak, supra note 3. --------------------------------------------------------------------------- The open architecture of the Internet makes it a phenomenal catalyst for connectivity, sharing, and economic growth. But that same openness creates technical challenges: what was secure enough for the anonymous Web is not secure enough for the social web. Facebook will continue to develop new technologies that protect individuals' security and privacy on the social web, and time and again we have demonstrated our ability to move quickly to address the challenges associated with harnessing the innovation of the Internet while advancing technology in a way that makes the social experience more secure. I discuss these efforts in more detail below in Sections III and IV. II. The Role of Mobile Services at Facebook Over 500 million people now use Facebook's free services to connect and share their information, and more than 250 million of them do so through mobile devices. The proliferation of technology platforms means that individuals are accessing Facebook on multiple devices and in a variety of circumstances--at work, at home, at school, and on the go. Ensuring a seamless experience across all of our web and mobile presences is a tremendous engineering challenge. Whenever we roll out new features, we must consider how they will be implemented on multiple versions of our product: facebook.com, our various mobile sites, the iPhone application, the Android application, Facebook for Blackberry, and custom integrations of Facebook on other mobile devices. Facebook has taken the lead in developing innovative privacy tools to enable individuals using Facebook through mobile devices to share and connect with the people they care about, whenever and wherever best suits them. For example, we recently launched a new version of our mobile website, m.facebook.com, that is simpler and works with the capabilities of thousands of different phones. We also introduced 0.facebook.com as a faster and free way for people to access Facebook around the world, including in locations where connectivity is especially costly and slow. Individuals who access 0.facebook.com on the networks of our partner mobile service operators can update their status, view their News Feed, comment on posts, send and reply to messages, or write on their friends' Wall--without any data charges. Individuals only pay for data charges when they view photos or when they leave to browse other mobile sites. Another innovation we rolled out last year was Facebook Places, a feature that allows people to share where they are and the friends they are with in real time from their mobile devices. For example, individuals attending a concert have the option of sharing their location by ``checking in'' to that place, which lets their friends know where they are. Individuals can also easily see if any of their friends have chosen to check in nearby. Facebook Places supplements existing sharing tools by enabling individuals to connect with each other in real time and in the real world. A recent report by the Pew Internet & American Life Project found that two-thirds of American mobile phone users take advantage of advanced data features, such as mobile applications, e-mail and Web access, and text messages.\6\ The ubiquity of mobile technology makes it easier than ever for people to tap into the social web, especially for people who may not have access to broadband but do have a mobile phone. Our own internal research shows that people who access Facebook through mobile devices are typically twice as active as other individuals. This increased attention, together with the technological ability to introduce innovative features that utilize mobile capabilities, means that mobile will play an increasingly important role in how people use Facebook and the social Web more generally. --------------------------------------------------------------------------- \6\ Kristin Purcell et al., How Mobile Devices Are Changing Community Information Environments, Pew Internet & Am. Life Project, 2 (Mar. 14, 2011), http://www.pewinternet.org//media/Files/Reports/2011/ PIP-Local mobile survey.pdf. --------------------------------------------------------------------------- III. Facebook's Commitment to Privacy in Our Product Offerings As we continue to develop rich services on Facebook, we are guided by our recognition that trust is the foundation of the social web. As the Commerce Department has noted, ``[C]onsumer trust--the expectation that personal information that is collected will be used consistently with clearly stated purposes and protected from misuse is fundamental to commercial activities on the Internet.'' \7\ --------------------------------------------------------------------------- \7\ Commerce Report 15. --------------------------------------------------------------------------- Facebook builds trust, first and foremost, through the products and services we make available on facebook.com. We understand that individuals have widely varying attitudes regarding the sharing of information on Facebook: some people want to share everything with everyone, some want to share far less and with a small audience, and most fall somewhere in between. Because each individual's privacy preferences are different, we cannot satisfy people's expectations by adopting a one-size-fits-all approach.\8\ Instead, we strive to create tools and controls that enable individuals to understand how sharing works on Facebook, and to choose how broadly or narrowly they wish to share information. Our commitment to these basic concepts-- understanding and control--is evidenced in five specific areas, each of which is a key focus of our business. --------------------------------------------------------------------------- \8\ See, e.g., Mary Madden & Aaron Smith, Reputation Management and Social Media, Pew Internet & Am. Life Project, 29 (May 26, 2010), http://www.pewinternet.org/Reports/2010/Reputation-Management.aspx (noting that 65 percent of adult individuals of social networking services have customized the privacy settings on their profile to restrict what they share). --------------------------------------------------------------------------- Privacy by Design. We have taken several steps to ensure that privacy is being considered throughout our company and products. For example, we have a Chief Privacy Counsel and other dedicated privacy professionals who are involved in and review new services and features from design through launch to ensure that privacy by design practices are incorporated into our product offerings. We also provide privacy and security training to our employees, engage in ongoing review and monitoring of the way data is handled by existing features and applications, and implement rigorous data security practices. Of course, ``privacy by design'' does not mean ``privacy by default''; as services evolve, so do people's expectations of privacy. At Facebook, we believe that providing substantive privacy protections means building a service that allows individuals to control their own social experiences and to decide whether and how they want to share information. Transparent Policies. Many websites' privacy policies are challenging for people to understand because they are often written for regulators and privacy advocates, not the majority of people who actually use those websites. We believe that privacy policies can and should be more easily understood, which is why we are currently testing a new policy that communicates about privacy in a simpler, more interactive way. We call this ``Privacy Policy 2.0.'' It uses easy-to- understand language, presents information in a layered format so that individuals can quickly zero in on what they want, and incorporates explanatory screenshots, examples, interactive graphics, and videos throughout. Contextual Control. In its December 2010 Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers, the FTC emphasized that consumers should be ``presented with choice about collection and sharing of their data at the time and in the context in which they are making decisions.'' Facebook agrees. We introduced innovative per- object sharing controls in July 2009 to give people an easy way to indicate how broadly they want to share particular pieces of information. Using the per-object sharing controls, people can designate a unique set of sharing preferences for a particular type of content (such as photos and videos posted by that individual). They can also click on a simple lock icon that appears at the time of publication if they want to customize the audience for a particular photo or video that the individual wishes to share more or less broadly. Sophisticated Security Protections. We recently launched a variety of features that enhance people's ability to make decisions about the security of the information they provide. We are the first major site to offer individuals one-time passwords to make it safer to use public computers in places such as hotels, cafes, or airports. If people have concerns about the security of the computer they are using to access Facebook, they can request that a one-time password be texted to their mobile phones. We also enable individuals to see all of their active sessions on the site and to log out of Facebook remotely, which they may want to do if, for example, they access Facebook from a friend's computer and forget to log out. In addition, we encourage people to provide information about the devices that they commonly use to log in to Facebook, which allows them to be notified by e-mail or text message if their account is accessed from an unapproved device so that they can quickly secure their account. Finally, we have long used the secure HTTPS protocol whenever an individual's password or credit card information is being sent to us, and earlier this year we offered individuals the ability to experience Facebook entirely over HTTPS. Community Engagement. We work hard to obtain feedback from the people who use Facebook, and we consider this input seriously in evaluating and improving our products and services. Indeed, Facebook's efforts to publicly engage on changes to its privacy policy or information sharing practices are virtually unparalleled in the industry. For example, when we propose changes to our privacy policy, we announce them broadly and give individuals the ability to comment on the proposed changes (unless the changes are administrative or required by law). We are the only major online service provider that allows for a vote on the changes if comments reach a pre-set threshold. Time and again, Facebook has shown itself capable of correcting course in response to individual suggestions and we will continue to be responsive to that feedback. Taken together, these privacy practices help us build and maintain people's trust as we continue to pioneer the new social and connectivity features that people who use Facebook expect and demand. And, because mobile features are increasingly important to the Facebook community, we are leading the industry in innovating around privacy tools available through mobile devices. For example, most of the privacy settings available on the facebook.com site are also available to individuals who connect to Facebook through mobile devices. Moreover, these privacy settings are persistent regardless of how the individual chooses to share information. Changes to privacy settings made on our mobile site will remain effective when that individual accesses Facebook through the facebook.com website. This enables people to make consistent, real-time decisions about the data they share--no matter where they are or what devices they prefer to use when connecting with their friends and communities. IV. Promoting Privacy on Facebook Platform At Facebook, we recognize that we have a responsibility to promote people's privacy interests whenever and however they are accessing Facebook's services. We also understand that Facebook has an important role to play when independent developers build applications and websites that rely on Facebook Platform to create social, personalized experiences. We believe that the best way to build trust while enhancing the openness and connectivity of the social Web is for all members of the Platform ecosystem to embrace their responsibility to be accountable to individuals for protecting privacy. A. Overview of Facebook Platform Although we are proud of the pathbreaking features being developed every day at Facebook, we understand that Internet innovation depends on an open architecture in which a multitude of independent developers can develop new services and expand upon existing ones. That understanding is what motivated our decision to launch Facebook Platform in 2007. The Platform functionality allows third-party developers of applications and websites to offer innovative social experiences to individuals on Facebook as well as on other locations around the Internet. To date, developers have built more than 800,000 games, mobile applications, utilities, and other applications that integrate with the Facebook Platform. To pick just a couple of examples, the Birthday Calendar application allows individuals to track birthdays, anniversaries, and other important dates. The We Read application enables people to share book titles and book reviews with their friends. And on the charitable front, the Causes application provides an online platform for individuals and organizations to raise funds for charitable causes. The innovation enabled by the Facebook Platform extends to the mobile web. As discussed above, people who use Facebook have the option of sharing location data so that they can tell their friends where they are, see where their friends have checked in, and discover interesting places nearby. With an individual's express permission, third-party developers can access location data to create a variety of additional social experiences, such as a travel application that gives people the ability to see which of their friends have already been to the place they are visiting, or a conference application that makes it easy for attendees to find colleagues and connect with them. We are proud of the fact that, in just four short years, Facebook Platform has evolved into a flourishing, open ecosystem where everybody has the opportunity to innovate in a social way. The multitude of applications and websites enabled by Facebook and available through mobile devices is a good example of our commitment to an open architecture for Facebook Platform and the benefits this brings to individuals. The features that we offer on facebook.com compete directly with third-party applications and websites that integrate with the Facebook Platform. To pick just one example, Foursquare and Gowalla are popular mobile check-in services that are similar in many respects to Facebook's own Places offering. Subjecting our products to the competitive pressures of the open marketplace helps ensure that we have strong incentives to remain on the cutting edge of innovation, which ultimately benefits the public and the economy as a whole. B. Tools to Help People Manage Their Relationships with Developers of Applications and Websites We recognize that the vibrant nature of Facebook Platform creates significant benefits for the public, and we also know that Facebook Platform will only continue to thrive if individuals can build safe and trusted relationships with the applications and websites that they use. Because individuals should be empowered to decide whether they want to engage with some, many, or none of these third-party developers, we have created industry-leading tools for transparency and control so that people can understand what data they are sharing and make informed decisions about the third-party applications and websites that they decide to use. We also make it easy for the Facebook community to identify and report potential areas of concern. Control. From the time of Facebook Platform's initial launch in 2007, we have made clear to individuals that if they choose to authorize a third-party application or website, the developer will receive information about them, and we have long required developers to obtain only the data they need to operate their application or website. In June 2010, technological innovations allowed us to offer people even more insight into and control over the actions of developers on Facebook Platform: we became the first provider to require developers to obtain ``granular data permissions'' before accessing individuals' information. Developers using Platform must specifically identify the information they wish to use and request permission from the individual--who retains the ultimate simple choice of whether to share his or her information with that outside developer--and Facebook has deployed technical means to ensure that developers obtain only the information the user has agreed to share. In addition, we make it easy for individuals to revisit their decisions about the applications and websites they have authorized in the past. Users can block applications and websites they no longer want to access their information, and they can also remove certain permissions they have previously granted. Finally, we offer a simple, global opt-out tool. With just one click in the Facebook privacy settings, individuals can opt out of Platform entirely and thereby prevent their information from being shared with any applications or websites. Transparency. We encourage people to examine the privacy practices of the applications and websites that they use, and we offer tools so that they can easily do so. For example, developers using Platform are required to provide a link to their privacy policy when seeking individuals' permission to access information. In addition, last October, we rolled out an application dashboard to increase visibility into applications' and websites' data handling practices. This audit tool allows individuals to quickly see which applications and websites they have authorized, the permissions they have given to each application or website, and the last time that each application or website accessed their information. Community Policing. We make it easy for individuals, employees, and developers to communicate with us if they identify a problem with a developer's privacy practices. There is a ``Report Application'' link on the bottom of each application page so that people can easily convey their concerns about that particular application. Developers, who are often keenly aware of other developers' data handling practices, can and do flag potential issues as well. Our dedicated Platform Operations team, which monitors and enforces Facebook's policies with third-party developers, then follows up on the leads we receive by employing a variety of monitoring, testing, and auditing processes. Consistent with our commitment to providing a seamless experience across all devices, we have applied these transparency and control principles to the mobile space, despite the engineering challenges associated with communicating on a smaller mobile screen. Individuals who access third-party applications through our mobile offerings are also provided with granular information about what information the application or website seeks to access and asked to specifically authorize the developer's use of that data. In addition, just 2 months after introducing the application dashboard on the facebook.com site, we launched a similar mobile application dashboard that allows people to see a detailed view of the information they are sharing with various applications and websites and adjust their settings while on the go. C. Promoting Best Privacy Practices Among Independent Developers of Applications and Websites The goal of Facebook Platform is not only to enable developers to build social applications and websites, but also to facilitate direct relationships between people and the social applications and websites they use. At the same time, we expect and require application developers who use Facebook Platform to be responsible stewards of the information they obtain. To this end, we provide clear guidance to developers about how they should protect and secure information obtained from people who use Facebook, and we also build tools to help them fulfill this responsibility. Policies and Practices. Developers are required to abide by our Statement of Rights and Responsibilities and Platform Policies, which detail developers' responsibilities with respect to the data they obtain. For example, developers may only request the data they need to operate, must honor individuals' requests to delete information, must provide and adhere to a privacy policy that informs individuals about how the application or website handles individual data, and must refrain from selling individuals' data or transferring it to ad networks, data brokers, and other specified entities. In addition, ad networks that developers use to serve ads on applications that run on the Facebook Platform are required to agree to our Platform Terms for Advertising Providers. Among other things, these terms require the ad networks to certify that they do not possess (and will not obtain) any user data received directly or indirectly from Facebook. Technology Tools for Monitoring and Review. In addition to manual review of specific applications or websites, we also have a series of automated reporting and enforcement tools to quickly identify and respond to potential violations of our policies. Our platform enforcement tool aggregates and displays several metrics concerning the activities of applications and websites on Platform, including how many data requests they are sending, what types of data they are requesting, and whether there have been any complaints or spam reports. We have a separate data access tool that tracks real-time data pulls and rates and provides historical and trend information, giving us insight into applications' or websites' patterns of data access. We also monitor enforcement activity through a dashboard system, which provides a real- time view of identified issues, outstanding enforcement actions, and activity by applications and websites that are under review. These tools enable us to zero in on particular applications and websites that may not be fulfilling their responsibilities, and to work with their developers to ensure that they are taking appropriate measures to protect the information that they obtain. Continuous Improvement. As innovation fuels further advancements in technology, we implement new tools to help make Facebook Platform a more secure and trusted environment. For example, last year we worked with Yahoo!, Twitter, Google, and others to build OAuth 2.0, an open standard for authentication that improves security on the Internet. Now that OAuth 2.0 is a mature standard with broad participation across the industry, we are requiring developers on Facebook Platform to migrate to the more secure authentication standard. Although the transition presents significant engineering challenges, we believe that this migration is important because it will ultimately result in better and more secure relationships between developers and the individuals who use the applications or websites that they build. We provide the infrastructure tools described above in order to empower developers to act responsibly when handling individual information, and the vast majority of the applications and websites available on Facebook Platform do so. When we become aware of applications or websites that knowingly break the rules, we take aggressive action to address the policy violation. In appropriate cases, Facebook has required companies to delete data acquired via Platform or banned developers from participating on Platform altogether. We also have procedures in place to address the possibility of inadvertent data transfers. As I noted above, the open architecture of the Internet is intended to facilitate connectivity and sharing, but that same openness makes it impossible to guarantee the security of every data transfer. We interact regularly with service providers, security experts, application developers, and other participants in the Internet ecosystem, and when we are alerted to the possibility of a security issue, we act promptly to resolve the problem. For instance, we recently responded quickly after receiving a report from Symantec that so-called ``access tokens,'' which are provided to developers to enable them to obtain the information users have authorized them to obtain, could be inadvertently passed to third parties when developers using a legacy authentication system did not take the necessary technical step to prevent this from occurring. We immediately investigated and, although our investigation found no evidence that this issue resulted in any individual's private information being shared, we took steps--including accelerating the transition to a more secure authentication system--to address the vulnerability Symantec identified before the news became public. As this example highlights, forward-thinking solutions can be achieved when all participants in the digital ecosystem embrace their responsibility to protect individual privacy. Like all developers who use Facebook Platform, independent developers who work to make the mobile experience more social through integration with the Facebook Platform are required to adhere to our Statement of Rights and Responsibilities and Platform Policies. In addition, we make available software development kits to developers who want to build mobile applications and websites that integrate with the Facebook Platform. Those kits provide tools that help developers build more secure experiences, by incorporating the most advanced and secure technologies available. V. Numerous Stakeholders Have a Role to Play in Advancing Online Privacy, Safety, and Security We recognize that Facebook has important responsibilities in advancing people's privacy, safety, and security across the site, our Platform, and the social web. At the same time, others in the ecosystem likewise play an important role in protecting individuals online and in the mobile environment. These include developers, who must establish their own relationships with individuals and live up to the expectations and trust users place in them; browser and operating systems providers, who develop the tools that people use to access the Web and run software and who are perhaps best situated to combat many of the technical challenges associated with the transition from the anonymous Web to the social web; and individuals, who can take security into their own hands through steps such as strong passwords and educating themselves about the practices of the developers with whom they interact. In fact, the history of advancements in the security of the Internet itself is filled with successes achieved through all affected parties working on tough problems. One example is the development and use of secure socket layers (``SSL'') to allow for secure, encrypted Internet communications and data exchanges. SSL was developed by browser vendors largely in response to public demand for a more trustworthy online experience. To realize the full potential of the Internet as a medium for sharing information, developers needed to assure people that their online communications would be secure. The development of secure technologies has led not only to the greater connectivity that characterizes the social Web but also to the explosion of e-commerce and online banking, both of which are crucial drivers of economic growth. Another advancement that was achieved through the collective efforts of interested parties is the taming of spam e-mail. The late 1990s and early 2000s saw e-mail inboxes and ISP servers overrun by spam, a phenomenon that was not only annoying but also costly to service providers and the public. Although spam remains a serious problem, its worst effects largely have been mitigated through the combined efforts of technology companies' development of sophisticated filtering mechanisms; legislative and regulatory measures such as the Federal CAN-SPAM Act; and the public's continuing demands for action against bad actors. Both of these examples demonstrate how concerted action by various stakeholders in the Internet ecosystem--from site designers and browser vendors to government actors and the public--can contribute to an increasingly secure online environment. As I explained above, we at Facebook work very hard to build user trust by ensuring transparency and enhancing user control, and by creating a platform that developers can use to build social applications in a safe and secure manner. We also use our position in the industry to encourage others to play their part in building and securing the digital ecosystem. Operating systems and browsers should remain vigilant in identifying and fixing vulnerabilities that could expose data and resolve longstanding design problems inherent in the architecture of the Internet itself. Social sharing networks, including Facebook, should continuously innovate on privacy, educate their users about new privacy features, and enforce their privacy policies with respect to developers who build on social networks' platforms. Developers, in turn, should adhere to our privacy guidelines, publish information about their own data handling practices, and control third- party access to individual information on their own sites or applications. People who use social sharing services like Facebook should update their passwords, take advantage of safety and security tools and resources, and educate themselves about the policies of websites and social networks they use. And government, too, should play a role, by taking action against bad actors who threaten the trust on which the social Web relies, and, through proceedings such as this hearing, by highlighting the importance of online safety, security, and privacy. VI. Conclusion As a facilitator of the social web, we constantly strive to develop better tools that will build trust when individuals access our services through any device. We believe that it is important to enable individuals to make the privacy decisions that are right for them, and to provide infrastructure tools that facilitate trusted relationships between individuals and third-party application developers. By doing so, we are helping to promote the trust that powers the social Web while offering individuals a robust forum to communicate and share information in new and dynamic ways. And we also encourage and support the efforts of other stakeholders in building and securing the mobile and online environments that are enriching people's lives every day. Thank you for the opportunity to testify today. I look forward to answering any questions you may have. Senator Pryor. Thank you. Mr. Reed? STATEMENT OF MORGAN REED, EXECUTIVE DIRECTOR, ASSOCIATION FOR COMPETITIVE TECHNOLOGY Mr. Reed. Thank you, Chairman Pryor, Ranking Member Toomey, and distinguished members of the Committee for the opportunity to speak with you today. As ACT's Executive Director, I represent over 3,000 developers and small business entrepreneurs, many of whom write apps for smartphones and tablets. Often when we consider the issues in this grand setting, we do it to look at the impact that it will have on the country at large, and we talk in broad themes and big ideas. But today, I would like to start off a little differently, breaking it down to the smallest of the small, specifically, my pint-sized 5- year-old. My daughter is learning to speak Chinese. Granted, she is doing it because Dad wants her to. But I let her use an old smartphone. I have loaded on Chinese language learning apps, and she now has games that test her ear, games that help her recognition, and even one that lets her take pictures of a character and gives her a translation. I have recently seen a demo of an application that will allow her to take a picture of an object and also give her a translation audibly. These are apps that won't make the cut on the desktop computer, if, for no other reason, at least for my 5-year-old will never sit still. Many of the apps were 99 cents. None of them were more than $5. When she gets a little older, she and I will use Star Walk app, which uses location information to show a real-time movable map of the night sky. Mobile apps like these open up worlds of learning for kids and adults in ways that were unimaginable 5 years ago. And there are thousands of similar stories to mine. Over 500,000 apps are available on mobile platforms today. Originating less than 4 years ago, the apps economy will grow to $5.8 billion this year. In the next 4 years, that total is expected to reach $37 billion. And if you include services, we expect to hit $50 billion. This is a remarkable American success story in a time of economic uncertainty. U.S. developers account for the vast majority of apps available in the market today, creating opportunity throughout the country, while also exporting popular programs abroad. Eighty-eight percent of the top 500 apps were written by small businesses, and the vast majority of these, micro-businesses with less than 10 employees. More importantly, this is not a Silicon Valley phenomenon. In fact, Scott Bedwell developed his series of DJ apps in Bentonville, Arkansas. We have got Marble Burst from ZTak from Thomas, West Virginia. We have got Quick Bins from Moorhead, Minnesota, and we have got Critical Thought from St. Louis, Missouri. This is the true geographically diverse nature of this new apps economy. And while Apple stores and app stores are helping small businesses grow, the devices and various applications provide the user with tools to protect their personal information. For the smartphone my daughter uses, I have enabled most of the privacy settings on the device. I have turned off location services. I have restricted her in-app purchases, and I have disabled her ability to add or delete applications. And as she gets older, the features I enable will grow with her maturity. While the privacy protection in the handset is the place to start, we in the apps community know and are doing more to inform and educate consumers about how we handle their data. Accordingly, ACT has a working group to develop a set of guidelines for mobile application developers to enable them to do a better job in creating privacy policies and also helping them to understand the complexity of privacy regulation. Most mobile apps collect no information and, therefore, aren't technically required to have a policy, but we feel they should. Not because of regulation, but because the most valuable asset they have is their trust from their customers. A quick peek at the comment section on any mobile app site will show you how quickly an app can lose favor because it failed to meet customer expectations. Now we don't want anyone to lose sight of the fact that these are hard-working, innovative entrepreneurs who create exciting new products. And ACT is committed to ensuring that they have the tools needed to avoid the pitfalls of data mismanagement. But for those few fraudulent app makers who misuse consumers' personal information, we say throw the book at them. The FTC's $3 million COPPA fine against Playdom underscored the considerable enforcement measures available. Section V of the FTC Act offers government broad authority to go after bad actors and effectively oversee the marketplace. While recent events in the media have give a high profile to bad actors in this area, I would urge the Committee to evaluate the considerable enforcement options currently available before creating additional regulatory mechanisms. Too often government intervention in an emerging technology marketplace has unintended consequences that can stunt development. The last thing we want to do is constrain an industry with tremendous growth, where our country has such a clear competitive advantage. Let us address bad behavior without threatening this uniquely American apps economy. Thank you very much. [The prepared statement of Mr. Reed follows:] Prepared Statement of Morgan Reed, Executive Director, Association for Competitive Technology Chairman Pryor, Ranking Member Wicker, and distinguished members of the Committee: My name is Morgan Reed, and I would like to thank you for holding this important hearing on privacy and the growing mobile devices marketplace. I am the Executive Director of the Association for Competitive Technology (ACT). ACT is an international advocacy and education organization for people who write software programs--referred to as application developers--and providers of information technology (IT) services. We represent over 3,000 small and mid-size IT firms throughout the world and advocate for public policies that help our members leverage their intellectual assets to raise capital, create jobs, and innovate. The new mobile apps world has sparked a renaissance in the software industry; small software companies are able to create innovative products and sell them directly to consumers. This is a radical departure from the era of up-front marketing costs, publisher delays, and piracy problems. The emergence of the mobile app market has eliminated the longstanding barriers to entry that our industry battled for the past two decades. My goal today is to help explain how small business is building this exciting new industry, how what we are doing is helping consumers, and how the very real concerns about privacy must be dealt with holistically, rather than from a technology-specific perspective. The Smartphone Ecosystem is Creating Jobs and Opportunities in a Tough Economy The state of the world economy is profoundly unsettled. Questions about job security, healthcare, and foreclosure have become dinner table conversation throughout this country. In the face of all of this turmoil, there has been a bright spot in economic growth: Sales of smartphones and tablets, such as the iPhone, the HTC Thunderbolt (running Google Android) the Samsung Focus (running Microsoft WP7), the iPad, Xoom and now RIM's Playbook continue to outpace all predictions and are providing a huge growth market in a slumping economy. In fact, nearly one hundred million smartphones were shipped in the first quarter of 2011 \1\ marking a 79 percent increase in an already fast growing market.\2\ --------------------------------------------------------------------------- \1\ Mark Kurlyandchik, IDC: Nokia Remains Top Smartphone Vendor Worldwide, DailyTech, May 6, 2011. \2\ Id.In 2008 Apple launched its App Store to provide a place for developers to sell independently developed applications for the iPhone. Since then, over 300,000 new applications have gone on sale, with billions of applications sold or downloaded. The Android platform has recently exceeded the growth rate seen in the iPhone, totaling more than 200,000 applications, with 10,000 new programs available each month. In 2010 we saw the release of Windows Phone 7, with its own applications store and an entirely unique user interface. Total unique apps across all platforms are expected to exceed 500,000 by the end of 2011.\3\ --------------------------------------------------------------------------- \3\ http://d2omthbq56rzfx.cloudfront.net/wp-content/uploads/2011/ 04/Distimo-survey-201103-app-stores-count.png.
Possibly the most important thing we have noticed about the new apps world is how it has revolutionized the software development industry. It is nothing less than a rebirth. Startup costs of the modern app developer are a fraction of what they were just 10 years ago. With mobile and Xbox 360 apps, we have seen the return of the small, independent ``garage'' developer focused on products that can be created and shipped in a matter of months. This new apps-driven model creates a direct bridge between the customer and the developer. Our members tell us that being a developer has not been this exciting since the origins of the personal computer and software industry in the 1970s and 1980s. The Mobile App Developer--An Analysis Apps are overwhelmingly created by small businesses. Of 500 best- selling mobile apps, 88 percent are written by small businesses \4\; and in a majority of cases micro businesses with less than 10 employees. --------------------------------------------------------------------------- \4\ ACT analysis of top 500 selling apps, some discrepancies exist due to lack of verifiable employment data and apps created by a developer who has significant investment from a larger company. Some apps branded for a larger company are in fact developed by small firms subcontracted to build the application. Sample size of 408 applications, from ``top apps'' on March 25, 2011.
Second, app developers are not just in California. During the dot- com boom of the 1990s, the majority of growth occurred in Silicon Valley while the rest of the country was not able to reap the direct benefits of the economic boom. The growth of the mobile apps industry has led to job creation all across the United States. While California continues to have a large representation of app developers, nearly 70 percent of the businesses are located outside of the state of California. This new burgeoning industry allows developers to live almost anywhere, including Little Rock, Arkansas and Tupelo, Mississippi.
Third, app development companies have low initial costs but also have the ability to become a highly successful and sustainable business. ACT's members reported development costs ranging from $1,000 to upwards of $1,000,000. Given the wide range of our findings and those of other reports,\5\ it is useful to view the cost of mobile app development in tiers. --------------------------------------------------------------------------- \5\ http://appmuse.com/appmusing/how-much-does-it-cost-to-develop- a-mobile-app/. Tier one represents a simple apps with no real back-end server- based functionality, and can run in the low thousands; this category makes up a significant percentage of all the apps in various mobile stores. They may be single feature programs, --------------------------------------------------------------------------- vanity apps, or just irreverent apps like iBeer. Tier two are the apps that provide multiple levels of functionality, often working with data stored in a remote server to provide information/ user generated content, or advanced capabilities like writing and saving specialized documents. This tier runs from $30,000 to $100,000. Tier three runs from $100,000 on up. This category is for apps that may need to tie into sophisticated inventory management systems, require specialized licenses for content, interface with business critical data bases not just to read, but also write information, and finally, games with immersive environments where art and music costs can be significant. Understanding the Real Opportunity for Small Business Mobile App Stores--In a store environment, app developers charge their customers to download applications and/or charge them for purchases they make inside the app. For example, photography app Hipstamatic costs $1.99 to download. If users want additional camera effects (Kodachrome or Holga for instance) they can buy the add-ons in the application. The exponential growth in app stores during the past few years is unprecedented. Apple was first, launching the iTunes App Store less than 4 years ago, and was soon followed by Nokia, Google, Microsoft, Amazon and others. According to IHS, in 2010 the worldwide market revenue of these app stores in 2010 was $2.15 billion, a 160 percent increase over 2009, and is expected to reach nearly $4 billion this year. Forrester Research estimates that the revenue created from customers buying and downloading apps to smartphones and tablets will reach $38 billion by 2015. A growing percentage of revenues for app markets are coming from ``in-app purchases.'' According to Xyologic, a company that indexes and analyzes app store data, 40 percent of game downloads are now free titles with in-app purchases. In March, it found there were nearly 100 million downloads of free iPhone games from the App Store. Yet revenues from app purchases and in-app purchases only represent a part of the overall opportunity for app developers. According to Xyologic, 80.8 percent of all app downloads in the month of March were free. While some of those apps relied on in-app purchasing for revenue, many others were supported by advertising or developed to support other brands and services. Custom Mobile Development--Additionally, many applications are made available for free by larger companies in order to extend services to mobile devices or as marketing tools. From Citibank's online banking app to Pepsi's ``Refresh Project'' and Conde Nast's magazine apps, Fortune 1000 companies are increasingly offering mobile apps to their customers and potential customers. While large companies brand these apps, smaller companies with the expertise necessary to build world- class applications under tight deadlines usually build them. These apps represent the majority of the more than 600,000 free apps available across all app markets. This translates into a tremendous number of job-creating opportunities for smaller app development shops. Forrester Research predicts this market to reach $17 billion by 2015. Mobile Advertising Revenues--Finally, some apps are supported either entirely or partly by advertising revenue. This is an increasingly important model especially as the Android platform grows in marketshare. Some applications charge for downloads and run advertisements inside the app itself. In-app mobile advertising is growing more slowly than revenues from app downloads and in-app purchases, but it is a particularly important revenue model for apps with enormous scale, or ``eyeballs.'' In the games category, which represents around half the app market, the total revenue from in-app advertising was $87 million according to Juniper Research. Juniper expects that to grow to around $900 million by 2015. The business model of the platform makes a difference in how developers pursue revenue. As shown in an earlier chart, the iOS store has more than 333,000 applications, and nearly 70 percent of those are paid for up front. Google/Android, a company whose entire revenue stream and dominant market position is dependent on advertising, tends to push developers toward the advertising model, with only 30 percent of the 206,000 apps relying on direct payment to the developer. The Future for Mobile App Developers--Even more important are the opportunities that lay farther ahead. According to a recent Morgan Stanley report,\6\ most people haven't yet invested in such technology. True ``smartphones'' have around 25 percent penetration in the U.S.; in Asia, it may be as low as 6 percent. This represents a pathway for growth leading far into the future. --------------------------------------------------------------------------- \6\ http://www.morganstanley.com/institutional/techresearch/pdfs/ 2SETUP_12142009_RI. pdf. --------------------------------------------------------------------------- To understand just how important international sales are to the mobile apps market, one only needs to look at a comparison between the total number of users possessed by a combined AT&T/T-mobile (130 million wireless subscribers) \7\ and China's number one wireless carrier, China mobile (584 million subscribers).\8\ Even if only 6 percent of China mobile's subscribers become smartphone users--and app purchasers--the market opportunity for U.S. software developers is huge. --------------------------------------------------------------------------- \7\ http://www.siouxcityjournal.com/business/local/ article_f24b5818-ea11-5f04-b0b0-d7bbd02 055b0.html. \8\ http://www.wirelessweek.com/News/2011/01/Carriers-Subs-Reach- 842M-China-Mobile/. --------------------------------------------------------------------------- Taking Privacy Seriously: ACT Developing Mobile App Privacy Guidelines This nearly $60 billion opportunity is predicated on an ongoing trust relationship between app developers and consumers, and that is why we take privacy so seriously. Accordingly, ACT has convened a working group of app developers representing the entire swath of the apps ecosystem. Additionally, our working group includes privacy experts and representatives from Privo, one of the four FTC-recognized COPPA Safe Harbors. The goal of this working group is to provide developers with guidelines that help them to create a privacy policy that is clear, transparent, and enables them to fully utilize the various device platforms that are being created today. We expect our initial guidelines to be available within 30 days and will update them regularly. Additionally, we are working with other groups to build a privacy policy generator for app developers. Such a tool would allow developers to create custom privacy policies that fit the specific requirements of their application. This can remove hurdles for these micro firms, and help them to create simple, easy-to-understand privacy policies that comply with existing law and provide useful guidance to consumers. Finally, our working group is taking a proactive view of the FTC's Section 5 provisions under COPPA. Although we expect the FTC to come out with rules addressing mobile apps and COPPA very soon, we've chosen not to wait. Instead we are creating our guidelines and advising our members that mobile apps fall under COPPA, and apps developers should make sure that their apps comply with COPPA here in the U.S. and any similar privacy provisions in other countries or jurisdictions. When the FTC's rules are promulgated, we will adjust accordingly, but we always stress that members should err on the side of privacy protection. Enabling Features While Protecting Privacy Importance of Location Information for Efficiency--In the lead up to today's hearing, considerable critical attention has been directed at the type of information stored on smartphones. A misunderstood element in the public debate on this data collection is the valuable role location information plays in the underlying functionality of the device--beyond just mapping. When a smartphone tracks the location of its user, it is making a note to remind itself which access point or cell tower was used there to connect to the Internet. When a user returns to that area, the phone remembers this information. Each day most phone users travel the same route to work or to attend school and then return home to the same place. Keeping this data enables the smartphone to easily find an Internet connection providing efficient, constant online access. This is important for two reasons. First is battery life. A phone uses a lot of power to search for a cell tower or wireless router. If it constantly needs to search for an Internet connection, it will deplete its battery many times more quickly than if it maintained a constant connection. Customers rate the importance of battery life very highly as a feature in the customer experience, so keeping a charge is an important requirement of the phone. By maintaining a list of frequently visited locations, a smartphone avoids draining its battery in search of data connection points.
The other reason efficient connectivity matters is spectrum scarcity. The proliferation of smartphones has led to a crowded wireless spectrum, leading to potentially diminishing service quality. Wherever possible, wireless carriers are eager to connect users to wi- fi for faster connection speed and to lessen the burden on wireless networks. Carriers even provide their own wi-fi service for free to customers in densely populated areas to help alleviate the demand for wireless spectrum. By keeping track of the wi-fi and cell tower locations at frequently visited areas, the smartphone can allow users to automatically switch to wi-fi networks to provide constant, high quality Internet connectivity while diminishing the pressures on a crowded spectrum. Location Information for Consumers--While location data is essential for phones to operate efficiently, consumers also love the smartphone services made possible using location-based technology. Many of the most successful apps or smartphone features have become popular based on knowing exactly where users are at any given time. And that's exactly how customers want it. Anyone who has owned a smartphone has probably charted their location as a blue dot on their map app. Many also use those same programs to see where the traffic bottlenecks are before starting their evening commute. Some apps use location to help users find the nearest gas station, post office, parking garage, or coffee shop. The OpenTable app adds location technology to its existing services to allow diners to find open tables at nearby restaurants, read reviews, and make reservations with a simple tap of the button. Using location information, the app can also provide step-by-step directions to the establishment.
Location services on smartphones have also changed the way we interact socially, creating a market for check-in features to tell your friends and family where you are. Facebook has an app with this feature and, within the last decade, has achieved a market valuation approaching $100 billion. Foursquare, an app which exclusively provides check-in services, has been valued at nearly half a billion dollars. There is clearly big business opportunity in this marketplace. But location-based services and advertising offer a unique opportunity for Main Street businesses as well. Some apps, like RedLaser, allow users to scan the UPC code of a product and, using the smartphone's location data, find several local retailers nearby where it can be purchased.
Meanwhile, a user searching for a particular product or service on their smartphone can receive an ad from a local store based on their current location data. These ads have the benefit of reaching potential customers at the exact time of a purchasing decision and cost far less than the newspaper circulars or the TV ads that big box stores are able to afford. Similarly, local small businesses can also level the playing field with the national chain stores and Internet retailers through shopping apps like Groupon. This app has 38 million North American subscribers who receive daily discounts at local establishments based on their location data. While improving the core performance of smartphones, location data is also the building block for apps that users find useful and provide small businesses with opportunities to reach new customers. This data also contains information about the user which they may want to keep private so appropriate safeguards must be in place to ensure it is used in a manner with which consumers are comfortable. The Smartphone ID Conundrum Recent news stories have focused on the existence of unique identifiers attached to each smartphone. Known as a UDID number for iPhone and Android ID for Android-based products, this is a number that serves as a unique token for each device. The Wall Street Journal article ``What They Know--Mobile'' \9\ made special effort to note the transmission of this number by nearly every single application in the market. While highlighting the transmission of a ``unique identifier'' may make for good newsprint, the article unfortunately did not properly explain why developers transmit this number. --------------------------------------------------------------------------- \9\ http://blogs.wsj.com/wtk-mobile/. --------------------------------------------------------------------------- In order to help better explain the role this Smart Phone ID (SPID) number plays in the development and maintenance of mobile applications, ACT surveyed developers \10\ to find out how they currently used the SPID number. Respondents highlighted three key uses: --------------------------------------------------------------------------- \10\ ACT April 28 questionnaire to members working on at least one mobile platform. Question: How do you currently use UDID/Android ID in your development process?
Allows developers to control access to parts of the program without locking the user out completely (i.e., locking --------------------------------------------------------------------------- achievement levels in games, viewing paid subscriber content); Prevents piracy of applications, allows verification of ownership for updates to apps; and Allows management of access control for software testing and customer service. Additionally, developers reported on several benefits to their customers in specific and consumers in general. Most often cited were: Working in concert with other stored data, the SPID makes it possible to have applications remember your favorites even when you buy a new phone; Helps content providers know when your device is on a wi-fi network instead of 3G, thus allowing them to send you HD or other high bitrate content; and Makes it easier to receive updates without verification procedures that annoy customers. Finally, developers use SPID numbers to interact with third party ad networks; SPIDs are required by many ad networks as part of the terms of service. At first glance, it would seem to make perfect sense to only allow the SPID to be shared with the app maker itself, but not with third parties. However, in today's world, many different companies work together to provide services to customers. For instance, when shipping a product via FedEx, the sender shares considerable personal information about the recipient with the (third party) shipper including contact information and purchased items. Similarly, small businesses rely on cloud computing to give customers a complete service offering in a cost-effective way. For game developers, a company like OpenFeint offers an easy way to keep track of scores and allows game users to interact with each other, saving app makers thousands of dollars in development time and ongoing infrastructure cost. This service needs to be able to tell devices apart. Finally, developers felt that the usage restrictions and best practices for SPIDs were well documented, especially on Apple's iOS giving us plenty of advice to app makers on how to properly handle this information.\11\ --------------------------------------------------------------------------- \11\ http://developer.apple.com/library/ios/#documentation/uikit/ reference/UIDevice_Class/Reference/UIDevice.html. --------------------------------------------------------------------------- The key takeaway from this survey is that it is important, and often necessary, to keep devices separate and uniquely identified. Users may own many devices, multiple people may share devices (for example, family members), and others switch devices. Developers have different technical reasons to identify devices, but all come down to the same thing: enhancing the user experience. The developer's focus is in making the user's phone more convenient and useful. Understanding the Existing Laws and Regulations Regardless of how data protection is approached, it's critical to note the protections offered under existing Federal and state laws and regulations. In particular, consumer-protection laws currently provide technology-neutral legal standards to address data-privacy and data- security concerns regardless of whether they arise from undisclosed hacking, phishing, inadvertent peer-to-peer ``sharing'' of sensitive personal files, unauthorized wifi-snooping and art contests seemingly designed to enable the reverse-engineering of children's Social Security numbers. Currently, the FTC Act gives the FTC broad authority to act against those who misuse data, regardless of the technology used. Specifically, Section 5 of the FTC Act directs the FTC to take action against any business engaging in ``deceptive'' or ``unfair'' trade practices.\12\ --------------------------------------------------------------------------- \12\ 15 U.S.C. 45. --------------------------------------------------------------------------- The FTC's duty to halt deceptive trade practices authorizes the FTC to take law enforcement action not only when a business violates explicit promises to consumers,\13\ such as violations of stated privacy policies or terms of use, but also even when a business makes material omissions to consumers,\14\ such as not telling consumers about the sharing of their collected information with third parties. --------------------------------------------------------------------------- \13\ Id. \14\ FTC, Policy Statement on Deception (Oct. 14, 1983) available at http://www.ftc.gov/bcp/policystmt/ad-decept.htm. --------------------------------------------------------------------------- Similarly, the FTC's duty to halt unfair trade practices authorizes the FTC to take law-enforcement action when business practices cause injuries to consumers that are: substantial; not outweighed by countervailing benefits to consumers and competition; and could not have been reasonably avoided by consumers themselves.\15\ For example, the FTC can take action against a business's failure to report a data breach. --------------------------------------------------------------------------- \15\ 15 U.S.C. 45(n); see also FTC, Policy Statement on Unfairness (Dec. 17, 1980) available at http://www.ftc.gov/bcp/ policystmt/ad-unfair.htm. --------------------------------------------------------------------------- Finally, it is critical to understand two points about consumer- protection laws. First, the FTC has real teeth if it finds that a company engaged in ``unfair or deceptive practices,'' including assessing injunctive and civil penalties. Second, state consumer- protection acts grant state Attorneys General even broader substantive and remedial powers than those that Federal law grants to the FTC. As a result, even were resource constraints or agency capture to preclude FTC action in a particular case, 50+ law enforcement agencies would still have broad, technology-neutral authority to protect the privacy and security of consumers' data. Consequently, the consumer-protection authority of the FTC and state Attorneys General already authorizes and requires these law enforcement agencies to patrol the Internet for companies that might violate their promises to consumers or cause them substantial harm. The FTC recently used such authority to protect consumer privacy by taking action against Google \16\ and Chitika \17\ for failing to properly handle consumers' information. Both companies now face twenty years of oversight and damage to their brands. --------------------------------------------------------------------------- \16\ In the Matter of Google Inc., a corporation, FTC File No. 102 3136. \17\ In the Matter of Chitika, Inc., a corporation, FTC File No. 1023087. --------------------------------------------------------------------------- Existing consumer-protection laws thus already authorize both the FTC and state law enforcement agencies to police the entire range of products that connect to the Internet, including mobile devices, and to take action against the bad actors that ignore existing laws and will continue to ignore any future laws. This existing authority also ensures that good actors already have every incentive to behave reasonably and that bad actors have good reason to fear the existing legal consequences of their wrongdoing. Given the existing authority of the FTC and State Attorneys General, do we need additional regulation? ACT believes this is an open question, but one where consumer privacy protection should not be viewed through a limited, technology-specific lens. Instead, thoughtful, arduous, and considered discussion must take place on the role of personal data in the economy, the true interests of consumers, and the best interaction between citizens and the providers of products and services that use their data. Avoiding the Patchwork Problem; Dealing with Data Holistically In periods of great technological change, both new opportunities and new challenges are created. More often than not, however, the seemingly new challenges are merely old issues illuminated under a new light. Like the dot-com boom before it, the emergence of smartphones and mobile apps have renewed interest in the way corporations and governments collect and share data, most importantly, personal data. Yet, in both cases, these new technologies are simply bringing new light to issues surrounding the collection of personal data that has existed for decades. There are genuine questions to be asked and considered with respect to the collection and use of personal data. How and when should people be told the data is being collected or when it is being shared? How should they be told? Should people be able to modify data that is collected about themselves? Should people be able to delete data about themselves or otherwise control how it is used? Asking these questions only in the context of smartphones and mobile apps ignores the larger picture. The technology used to collect the data is much less significant than the important questions about the process and behavior of those collecting it. First, the data collected by apps developers is an almost infinitesimal piece of the global collection of personal data. From credit card companies, to warranty cards, to loyalty programs, companies have been collecting data on their customers long before the Internet or smartphones came around. Not only do other companies collect the same data as smartphone apps, but they have exponentially larger collections of personal data already at their disposal. Information brokers like Epsilon and Google collect, retain, and share far more information than all mobile apps combined. Even the collection of location data that has been singled out in recent press reports is not unique to smartphones and mobile apps. Standalone commercial GPS providers like TomTom or GPS-based safety services like OnStar collect this information on their users. Your EZ Pass technology for wireless payment of highway tolls also collects and stores location data. More recently, Google has been driving the world's streets eavesdropping on home and business wireless networks to gain the ability to find you even on your home computer or laptop. In nearly every instance, these companies may share that data with third parties. Isolating and regulating one specific technology is not the answer to the broader questions surrounding the collection and sharing of personal data. Given the enormity of existing data collections and the number of ways it is amassed, focusing exclusively on one technology-- particularly the newest and least established--is a symbolic gesture that does not solve the underlying problem, but creates the false sense that the problem has been solved and the need for thoughtful debate and policy consideration is over. Regulatory attention should be focused broadly on behavior and data usage, applying to everyone, regardless of means of collection and sharing. Finally, regulation that focuses solely on new technology discriminates against small businesses. Whenever we are talking about new, disruptive technologies, we are most often talking about small businesses. Revenue models, customer expectations, and efficiency opportunities are all still emerging, and small businesses are the driving force. Lots of businesses start, a very small number survive, but in the end, we learn what works, and then the large businesses get involved. To stunt the growth of a new, experimental market is to discriminate against the very small businesses on which we rely to lead innovation and growth in the American economy. Conclusion The future of the digital marketplace looks bright for small business, so long as the marketplace remains dynamic and competitive. This is a more than $10 billion opportunity for small business across the United States. Barriers to entry in the marketplace are currently low, and our members are very excited about the future--according to ACT's board president, Mike Sax, ``Programming is fun again!'' While there are important questions that need to be discussed on personal data collection, retention, and sharing, limiting this question solely to smartphones and mobile apps would be ineffectual and counterproductive. The use of location information and smartphone IDs are providing immense value to consumers. Whether it's the ability to make dinner reservations or find directions to the nearest hardware store, our members put a value on creating a product that improves the lives of their customers. Banning the collection of location data would essentially outlaw these beloved consumer apps while doing nothing to address the big questions about data collection and how that data is used. That is why ACT believes that Congress must take a holistic approach to privacy that does not single out any one technology, especially nascent ones. We need to outlaw bad behavior, not good technology. I hope that the committee will continue to focus the spotlight on the contribution small business makes to the future of the digital economy and the way government can do a better job to encourage that productive future. Thank you for your time and consideration on this important topic. Senator Pryor. Thank you. Ms. Novelli? STATEMENT OF CATHERINE A. NOVELLI, VICE PRESIDENT, WORLDWIDE GOVERNMENT AFFAIRS, APPLE, INC. Ms. Novelli. Good morning, Chairman Pryor, Chairman Rockefeller, and members of the Subcommittee. My name is Catherine Novelli. I am Vice President for Worldwide Government Affairs for Apple. Thank you for the opportunity to further explain Apple's approach to addressing consumer privacy and protection in the mobile marketplace, an issue we take very seriously, especially as it applies to children. I would like to use my limited time to emphasize a few key points. First, Apple is deeply committed to protecting the privacy of all our customers. We have adopted a single, comprehensive customer privacy policy for all of our products. This policy is available from a link on every page of Apple's website. We do not share personally identifiable information with third parties for their marketing purposes without our customers' explicit consent. As explained in more detail in my written testimony, we require all third-party application developers to adhere to specific restrictions protecting our customers' privacy. Second, Apple has built-in innovative settings and controls to help parents protect their children while using Apple products, both on and offline. These controls are easy to use, password protected, and can be administered on all Mac products, as well as on all of our IOS mobile devices, including the iPhone, iPad, and iPod Touch. These controls can also be enabled quite easily on the iTunes store. We believe these parental controls are simple and intuitive. They provide parents with the tools they need to flexibly manage their children's activities at various stages of maturity and development in ways parents deem most appropriate. I have provided detailed descriptions and examples in my written testimony. Third, Apple does not knowingly collect any personal information from children under 13. We state this prominently in our privacy policy. If we learn that we have inadvertently received the personal information of a child under 13, we take immediate steps to delete that information. We only allow iTunes store accounts for individuals 13 or over. Apple's iAd Network is not providing ads to apps targeted to children, and we reject any developer app that targets minors for data collection. Fourth, Apple does not track users' locations. Apple has never done so and has no plans to ever do so. In recent weeks, there has been considerable attention given to the manner in which our devices store and use a subset of Apple's anonymized location database of cell towers and Wi-Fi hotspots. The purpose of the database is to allow the device to more quickly and reliably determine a user's location. These concerns are addressed in detail in my written testimony. I want to reassure you that Apple was never tracking an individual's actual location from the information residing in this cached file on their iPhone. Apple did not have access to the cache on any individual user's iPhone at any time. Fifth, Apple gives customers of control over collection and use of the location data on all of our devices. Apple has built a master location services switch into our IOS mobile operating system that makes it extremely easy to opt out entirely of location-based services. The user simply switches the location services off in the Setting screen. When the switch is turned off, the device will not collect or transmit location information. Equally important, Apple does not allow any application to receive device location information without first receiving the user's explicit consent through a simple popup dialogue box. This dialogue box is mandatory and cannot be overridden. Customers may change their mind and opt out of location services for individual applications at any time by using simple on-off switches. Again, parents can also use controls to password-protect and prevent access by their children to location services. In closing, let me restate Apple's unwavering commitment to giving our customers clear and transparent notice, choice, and control over their personal information. We believe our products do this in a simple and elegant way. While Apple has not taken a public position on any specific privacy legislation currently before the Congress, we do strongly agree that any company or organization with access to customers' personal information should give its customers clear and transparent notice, choice, and control over their information. We share the Committee's concerns about the collection and misuse of any customer data, and we are committed to continuing to work with you to address these important issues. I will be happy to answer any questions that you may have. [The prepared statement of Ms. Novelli follows:] Prepared Statement of Catherine A. Novelli, Vice President for Worldwide Government Affairs, Apple Inc. Good morning Chairman Pryor, Ranking Member Wicker, and members of the Subcommittee. My name is Catherine Novelli, and I am Vice President for Worldwide Government Affairs for Apple Inc. On behalf of Apple, I thank you for the opportunity to address this important subject. Apple's Commitment To Protecting Our Customers' Privacy As we stated in testimony provided before this Committee last summer, Apple is deeply committed to protecting the privacy of our customers who use Apple mobile devices, including iPhone, iPad and iPod touch.\1\ Apple has adopted a single comprehensive privacy policy for all its businesses and products, including the iTunes Store and the App Store. Apple's Privacy Policy, written in easy-to-read language, details what information Apple collects and how Apple and its partners and licensees may use the information. The Policy is available from a link on every page of Apple's website.\2\ --------------------------------------------------------------------------- \1\ Testimony of Dr. Guy ``Bud'' Tribble of Apple Inc., on Consumer Online Privacy before the U.S. Senate Committee on Commerce, Science, and Transportation, July 27, 2010. \2\ The links take customers to http://www.apple.com/privacy, which customers may also access directly. --------------------------------------------------------------------------- Apple takes security precautions--including administrative, technical, and physical measures--to safeguard our customers' personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction. To make sure personal information remains secure, we communicate our privacy policy and security guidelines to Apple employees and strictly enforce privacy safeguards within the company. We do not share personally identifiable information with third parties for their marketing purposes without consent. We require third- party application developers to agree to specific restrictions protecting our customers' privacy. Moreover, Apple's Safari browser is still the only browser to block cookies from third parties and advertisers by default. As I will explain in more detail below, Apple is constantly innovating new technology, features and designs to provide our customers with greater privacy protection and the best possible user experience. We are also deeply committed to meeting our customers' demands for prompt and accurate location-based services. These services offer many benefits to our customers by enhancing convenience and safety for shopping, travel and other activities. To meet these goals, Apple provides easy-to-use tools that allow our consumers to control the collection and use of location data on all our mobile devices. Apple does not track users' locations--Apple has never done so and has no plans to ever do so. In my testimony today, I would like to reaffirm and amplify Apple's previous privacy testimony before this Committee, while focusing on the following topics of particular interest for this hearing: (1) Apple's Parental Controls and Restrictions settings; (2) Apple's collection, storage and use of location information on Apple mobile devices; and (3) the use of customer information by third-party applications and the iAd Advertising Network. I. Apple's Parental Controls and Restrictions Settings Apple has implemented industry-leading innovative settings and controls to enable parents to protect their children while using Apple products both on and off-line. These controls are easy to use, password protected, and can be administered on all Mac OS X products as well as on all of our iOS mobile devices, including iPhone, iPad and iPod Touch. These controls can also be enabled quite easily on the iTunes store. On any Mac, parents can control which Apps their child can run as well as set age appropriate restrictions for the App Store. Parents also can control with whom their children can exchange e-mails or chat, where they can go online if at all, as well as set time limits as to how long they can be on their computer. There are even settings that enable a parent to prevent their children from using their Mac at all during specific hours, such as during bedtime on school nights. Moreover, these settings provide parents with logs of what their children were doing while using their Macs. These controls are account based, providing a parent with two children, for example, the flexibility to apply different levels of parental controls necessary to manage activities appropriate for their 8 year old versus those appropriate for their 14-year-old teenager--levels which are unlikely to be the same. On Apple's iOS mobile devices, parents can use the Restrictions settings to prevent their children from accessing specific device features, including Location Services (discussed in detail below), as well as restricting by age level Music, Movies, TV Shows, or Apps, and also prohibiting In-App purchases. When a parent enables these controls, the parent must enter a password (this password is separate from the device password that the Parent may set for their child). Once enabled, a parent can simply tap to switch-on and off access to various features, functions and Apps, even restricting access only to age appropriate content. EXAMPLE: Above are example screenshots from the iPhone that show restrictions settings that a mother might have set for her young teenage son on his own iPhone. As you can see in this example, this teenager is not permitted to surf the Internet or watch YouTube videos. However, he is permitted to use the iPhone camera and can participate in FaceTime chats with family and friends. His mother also has given him permission to use the iTunes store on his iPhone, but restricted downloads only to age-appropriate music and podcasts, movies, and TV shows. While this sample teenager also is able to install and delete age-appropriate Apps, his mother has prohibited him from making any In- App Purchases. We believe these innovative easy-to-use parental controls are simple and intuitive. They provide parents with the tools they need to manage their children's activities at various stages of maturity and development based on the settings they deem appropriate. Finally, I want to make it clear to the committee that Apple does not knowingly collect any personal information from children under 13. We state this prominently in our Privacy Policy. If we learn that we have inadvertently received the personal information of a child under 13, we take immediate steps to delete that information. Since we don't collect personal information from children under 13, we only allow iTunes store accounts for individuals 13 or over. With respect to our iAd network, our policy is that we don't serve iAds into apps for children. Further, we make it very clear in our App Store Review Guidelines that any App that targets minors for data collection will be rejected. II. Location Information and Location-Based Services for Mobile Devices As we stated in our testimony last summer, Apple began providing location-based services in January 2008. These services enable applications that allow customers to perform a wide variety of useful tasks such as getting directions to a particular address from their current location or finding nearby restaurants or stores. Apple offers location-based services on a variety of mobile devices, including the iPhone 3G, iPhone 3GS, iPhone 4 CDMA and GSM models, iPad Wi-Fi + 3G, iPad 2 Wi-Fi and 3G and, to a more limited extent, older models of the iPhone, the iPad Wi-Fi, and iPod touch. All of Apple's mobile devices run on Apple's proprietary mobile operating system, iOS. Apple released iOS 4.1 on September 8, 2010. Apple released the current versions, iOS 4.3.3 and 4.2.8 (for the iPhone 4 CDMA model), on May 4, 2011. Currently, iOS 4.3.3 may be run on iPhone 3GS, iPhone 4 GSM model, iPod touch 3rd and 4th generations, iPad, and iPad 2. My testimony focuses on iOS 4.1 and later versions, including the free iOS update Apple released on May 4, 2011. A. Location-Based Privacy Features Apple has designed features that enable customers to exercise control over the use of location-based services.
First, as you can see in the iPhone screenshots above, Apple provides its customers with the ability to turn ``Off'' all location- based service capabilities with a single ``On/Off'' toggle switch. For mobile devices, the toggle switch is in the ``Location Services'' menu under ``Settings.'' As described more fully below, when this toggle is switched ``Off,'' (1) iOS will not provide any location information to any applications, including applications that may have previously received consent to use location information; (2) iOS will not collect or geo-tag information about nearby Wi-Fi hotspots or cell towers; and (3) iOS will not upload any location information to Apple from the device. Second, Apple requires express customer consent when any application requests location-based information for the first time. When an application requests the information, a dialog box appears stating: ``[Application] would like to use your current location.'' The customer is asked: ``Don't Allow'' or ``OK.'' If the customer clicks on ``Don't Allow,'' iOS will not provide any location-based information to the application. This dialog box is mandatory--neither Apple's applications nor those of third parties are permitted to override the notification. Third, iOS 4 permits customers to identify individual applications that may not access location-based information, even if Location Services is ``On.'' The Location Services settings menu provides an ``On/Off'' toggle switch for each application that has requested location-based information. When the switch for a particular application is ``Off,'' no location-based information will be provided to that application. Fourth, Customers can change their individual application settings at any time. An arrow icon (d) alerts iOS 4 users that an application is using or has recently used location-based information. This icon will appear real-time for currently running applications and next to the ``On/Off'' switch for any application that has used location-based information in the past twenty-four hours. Finally, customers can use Restrictions, also known as Parental Controls, on a mobile device to prevent access to specific features, including Location Services. When a customer enables Restrictions, the customer must enter a passcode (this passcode is separate from the device passcode that the customer may set). If the customer turns Location Services off and selects ``Don't Allow Changes,'' the user of the device cannot turn on Location Services without that passcode. B. Location Information 1. Crowd-Sourced Data base of Cell Tower Location and Wi-Fi Hotspot Information Customers want and expect their mobile devices to be able to quickly and reliably determine their current locations in order to provide accurate location-based services. If the device contains a GPS chip, the device can determine its current location using GPS satellite data. But this process can take up to several minutes. Obviously, if the device does not have a GPS chip, no GPS location data will be available. To provide the high quality products and services that its customers demand, Apple must have access to comprehensive location- based information. To enable Apple mobile devices to respond quickly (or at all, in the case of non-GPS equipped devices or when GPS is not available, such as indoors or in basements) to a customer's request for current location information, Apple maintains a secure database containing information regarding known locations of cell towers and Wi- Fi access points--also referred to as Wi-Fi hotspots. As described in greater detail below, Apple collects from millions of Apple devices anonymous location information for cell towers and Wi-Fi hotspots.\3\ From this anonymous information, Apple has been able, over time, to calculate the known locations of many millions of Wi-Fi hot spots and cell towers. Because the basis for this location information is the ``crowd'' of Apple devices, Apple refers to this as its ``crowd- sourced'' database. --------------------------------------------------------------------------- \3\ During this collection process, iOS does not transmit to Apple any data that is uniquely associated with the device or the customer. --------------------------------------------------------------------------- The crowd-sourced database contains the following information: Cell Tower Information: Apple collects information about nearby cell towers, such as the location of the tower(s), Cell IDs, and data about the strength of the signal transmitted from the towers. A Cell ID refers to the unique number assigned by a cellular provider to a cell, a defined geographic area covered by a cell tower in a mobile network. Cell IDs do not provide any personal information about mobile phone users located in the cell. Location, Cell ID, and signal strength information is available to anyone with certain commercially available software. Wi-Fi Access Point Information: Apple collects information about nearby Wi-Fi access points, such as the location of the access point(s), Media Access Control (MAC) addresses, and data about the strength and speed of the signal transmitted by the access point(s). A MAC address (a term that does not refer to Apple products) is a unique number assigned by a manufacturer to a network adapter or network interface card (``NIC''). MAC addresses do not provide any personal information about the owner of the network adapter or NIC. Anyone with a wireless network adapter or NIC can identify the MAC address of a Wi-Fi access point. Apple does not collect the user-assigned name of the Wi-Fi access point (known as the ``SSID,'' or service set identifier) or data being transmitted over the Wi-Fi network (known as ``payload data''). The crowd-sourced database does not reveal personal information about any customer. An Apple mobile device running Apple's mobile device operating system, iOS, can use the crowd-sourced database to: (1) provide the customer with an approximate location while waiting for the more precise GPS location, (2) find GPS satellites much more quickly, significantly reducing the wait time for the GPS location, and (3) triangulate the device location when GPS is not available (such as indoors or in basements). The device performs all of these calculations in response to a request for location information from an application on the customer's device that has been explicitly approved by the user to obtain the current location, and the device requests from Apple the crowd-sourced database information needed for these calculations.\4\ --------------------------------------------------------------------------- \4\ For devices running the iPhone OS versions 1.1.3 to 3.1, Apple relied on (and still relies on) data bases maintained by Google and Skyhook Wireless (``Skyhook'') to provide location-based services. Beginning with the iPhone OS version 3.2 released in April 2010, Apple relies on its own data bases to provide location-based services and for diagnostic purposes. --------------------------------------------------------------------------- The crowd-sourced database must be updated continuously to account for, among other things, the ever-changing physical landscape, more innovative uses of mobile technology, and the increasing number of Apple's customers. In collecting and maintaining its crowd-sourced data base, Apple always has taken great care to protect its customers' privacy. 2. Downloading Crowd-Sourced Data To A Mobile Device To further improve the speed with which the device can calculate location, Apple downloads a subset of the crowd-sourced database content to a local cache on the device. This content describes the known locations of Wi-Fi hotspots \5\ and cell towers that the device can ``see'' and/or that are nearby, as well as nearby cell location area codes,\6\ some of which may be more than one hundred miles away. The presence of the local cache on the device enables the device to calculate an initial approximate location before Apple's servers can respond to a request for information from the crowd-sourced database. --------------------------------------------------------------------------- \5\ For each Wi-Fi hotspot, the location information includes that hotspot's MAC address, latitude/longitude coordinates, and associated horizontal accuracy number. For each cell tower, the location information includes the cell tower ID, latitude/longitude coordinates, and associated horizontal accuracy number. \6\ Cell base stations are grouped into ``location areas'' for network planning purposes, and each location area is assigned a unique ``location area code.'' This ``location area code'' is broadcast by the cell base stations. --------------------------------------------------------------------------- One useful way to think of our cell tower and Wi-Fi hotspot database is to compare it to a world map, like the Rand McNally World Atlas, for example. Like a world map, our database of cell towers and Wi-Fi hotspots contains the specific locations of cell towers and Wi-Fi hotspots we have gathered. It doesn't have any information about where any individual person or iPhone is located on that map at any time. The cache on your iPhone is like a series of localized city street maps. When you enter a new area that you haven't been to or haven't been for awhile, we download a subset of the World Atlas--a more localized map of cell towers and Wi-Fi hotspots to your iPhone for the iPhone itself to better assist you. Just as a street map of a city includes all the streets and intersections for many miles around you, it also has the street you are on in addition to all the streets around you, but it doesn't know where you are at any time nor where you go or how often you go there. You use a street map to determine your precise location, relative to fixed points that are identified on the map. Similarly, your iPhone uses the fixed locations of the cell towers and WiFi hotspots to determine its own location relative to those points. Your iPhone, not Apple, determines its actual location without any further contact with Apple once it receives the city maps. Apple has no knowledge of your precise location. The local cache does not include a log of each time the device was near a particular hotspot or cell tower, and the local cache has never included such a log. For each Wi-Fi hotspot and cell tower, the local cache stores only that hotspot's/cell tower's most recent location information, downloaded from Apple's constantly updated crowd-sourced data base. After a customer installs the free iOS software update (iOS 4.3.3) Apple released on May 4, 2011, iOS will purge records that are older than 7 days, and the cache will be deleted entirely when Location Services is turned off. The local cache is protected with iOS security features, but it is not encrypted. Beginning with the next major release of iOS, the operating system will encrypt any local cache of the hotspot and cell tower location information. Apple issued a free iOS software update on May 4, 2011. Prior to the update, iTunes backed up the local cache (stored in consolidated.db) as part of the normal device backup if there was a syncing relationship between the device and a computer. The iTunes backup, including consolidated.db, may or may not have been encrypted, depending on the customer's settings in iTunes. After the software update, iTunes does not back up the local cache (now stored in cache.db). When a customer runs certain applications, those applications request location information from iOS. Because of a bug that existed prior to the update, even when Location Services was off, the device would anonymously send the IDs of visible Wi-Fi hotspots and cell towers, without any GPS information, to Apple's servers, Apple's servers would send back the known, crowd-sourced location information for those hotspots and cell towers (and nearby hotspots and cell towers), and the device would cache that information in the consolidated.db file. None of this downloaded crowd-sourced location information or any other location information was provided to or disclosed to the application. The iOS software update fixed the bug that caused crowd-sourced location information to be downloaded to the device while Location Services was off. iOS will now delete any existing local cache from consolidated.db and, if Location Services is off, (1) Apple will not download any crowd-sourced location information to the device, regardless of whether a specific application requests that information, and (2) iOS will delete any cache of this information stored in cache.db. 3. Collections and Transmissions from Apple Mobile Devices Apple collects anonymous location information about Wi-Fi hotspots and cell towers from millions of devices to develop and refine Apple's database of crowd-sourced location information. The mobile devices intermittently collect information about Wi-Fi hotspots and cell towers they can ``see'' and tag that information with the device's current GPS coordinates, i.e., the devices ``geo-tag'' hotspots and towers. This collected Wi-Fi hotspot and cell tower information is temporarily saved in a separate table in the local cache; thereafter, that data is extracted from the data base, encrypted, and transmitted-- anonymously--to Apple over a Wi-Fi connection every twelve hours (or later if the device does not have Wi-Fi access at that time). Apple's servers use this information to re-calculate and update the known locations of Wi-Fi hotspots and cell towers stored in its crowd-sourced data base. Apple cannot identify the source of this information, and Apple collects and uses this information only to develop and improve the Wi-Fi hotspot and cell tower location information in Apple's crowd- sourced data base. After the device attempts to upload this information to Apple, even if the attempt fails, the information is deleted from the local cache database on the device. In versions of iOS 4.1 or later, moreover, the device will not attempt to collect or upload this anonymous information to Apple unless Location Services is on and the customer has explicitly consented to at least one application's request to use location information. 4. Additional Location Information Collections If Location Services is on, Apple collects location information from mobile devices under the following four additional circumstances. First, Apple is collecting anonymous traffic data to build a crowd- sourced automobile traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years. This information is temporarily stored in the local cache on the device, anonymously uploaded to Apple, and then deleted from the device. Second, Apple collects anonymous diagnostic information from randomly-selected devices to evaluate and improve the performance of its mobile hardware and operating system. For example, Apple may collect information about a dropped cell phone call, including the calculated location of the device when a call was dropped, to help identify and address any cell connection issues. Before any diagnostic information is collected, the customer must provide express consent to Apple. Apple cannot associate this information with a particular customer. Third, Apple obtains information about the device's location (the latitude/longitude coordinates) when an ad request is made. The device securely transmits this information to the Apple iAd servers, the iAd servers immediately convert the latitude/longitude coordinates to a five-digit zip code, and the iAd servers then discard the coordinates. Apple does not record or store the latitude/longitude coordinates-- Apple stores only the zip code. Apple then uses the zip code to select a relevant ad for the customer. Finally, if a customer has consented to an application's collection and/or use of location information, iOS will provide current location information in response to a request from that application. iOS will provide that customer-approved application with the location of the device only; iOS does not provide applications with direct access to the local cache. III. Third-Party Applications And The iAd Network A. Third Party Applications In July 2008, Apple launched the App Store where customers may shop for and acquire applications offered by third-party developers for the iPhone, iPad and iPod touch. Currently the App Store includes more than 350,000 third-party applications covering a wide variety of areas including news, games, music, travel, health, fitness, education, business, sports, navigation and social networking. Each application includes a description prepared by the developer regarding, among other things, what the application does, when it was posted, and, if applicable, what information the application may collect from the customer. Any customer with an iTunes account may purchase and download applications from the App Store. Developers do not receive any personal information about customers from Apple when applications are purchased. Only Apple has access to that information. Third-party application developers must register with Apple, pay a fee, and sign a licensing agreement before getting an app on the App Store. The current licensing agreement contains numerous provisions governing the collection and use of user data, device data, and location-based information, including the following:
Developers and their Applications may not collect user or device data without prior user consent, and then only to provide a service or function that is directly relevant to the use of the Application, or to serve advertising; Applications must notify and obtain consent from each customer before location data is collected, transmitted, or otherwise used by developers; Developers may not use analytics software in their Applications to collect and send device data to a third party; Developers must provide clear and complete information to users regarding their collection, use and disclosure of user or device data (e.g., a description on the App Store or adding a link to the applicable privacy policy). Developers must take appropriate steps to protect customers' data from unauthorized use, disclosure or access by third parties. If the customer denies or withdraws consent, applications may not collect, transmit, process or utilize the customer's user or device data, including location data; Developers must take appropriate steps to protect customers' location-based information from unauthorized use or access; Developers must comply with all applicable privacy and data collection laws and regulations regarding the use or transmission of user and device data, including location-based information; Applications must not disable, override, or otherwise interfere with Apple-implemented system alerts, display panels, consent panels and the like, including those intended to notify the customer that location-based information is being collected, transmitted, maintained, processed, or used, or intended to obtain consent for such use. Developers that do not agree to these provisions may not offer applications on the App Store. Apple has the right to terminate our licensing agreement with any developer that fails to comply with any of these provisions. Apple reviews all applications before adding them to the App Store to ensure, for example, that they run properly and do not contain malicious code. B. The iAd Network On July 1, 2010, Apple launched the iAd mobile advertising network. The network can serve ads to iPhone, iPod touch, and iPad devices running iOS 4, and the network offers a dynamic way to incorporate and access advertising within applications. Customers can receive advertising that relates to their interests (``interest-based advertising'') and/or their location (``location-based advertising''). For example, a customer who purchased an action movie on iTunes may receive advertising regarding a new action movie being released in the theaters or on DVD. A customer searching for nearby restaurants may receive advertising for stores in the area. As specified clearly in Apple's privacy policy as well as in all relevant Apple device software licensing agreements, customers may opt out of interest-based advertising by visiting the following site from their mobile device: https://oo.apple.com. Customers also may opt out of location-based advertising by toggling the device's location-based service capabilities to ``Off.'' For customers who do not toggle location-based service capabilities to ``Off,'' Apple collects information about the device's location (latitude/longitude coordinates) when an ad request is made. This information is transmitted securely to the Apple iAd server via a cellular network connection or Wi-Fi Internet connection. The latitude/ longitude coordinates are converted immediately by the server to a five-digit zip code. Apple does not record or store the latitude/ longitude coordinates--Apple stores only the zip code. Apple then uses the zip code to select a relevant ad for the customer. Apple does not share any interest-based or location-based information about individual customers, including the zip code calculated by the iAd server, with advertisers. Apple retains a record of each ad sent to a particular device in a separate iAd data base, accessible only by Apple, to ensure that customers do not receive overly repetitive and/or duplicative ads and for administrative purposes. In some cases, an advertiser may want to provide more specific information based on a device's actual location. For example, a retailer may want its ad to include the approximate distance to nearby stores. A dialog box will appear stating: ```Advertiser' would like to use your current location.'' The customer is presented with two options: ``Don't Allow'' or ``OK.'' If a customer clicks ``Don't Allow,'' no additional location information is transmitted. If the customer clicks ``OK,'' Apple uses the latitude/longitude coordinates to provide the ad application with more specific location information-- the information is not provided to the advertiser. In closing, let me again affirm that Apple is strongly committed to protecting our customers' privacy. We give our customers clear notice of our privacy policies, and our mobile products enable our customers to exercise control over their personal information in a simple and elegant way. We share the Committee's concerns about the collection and potential misuse of all customer data, particularly personal information, and we appreciate this opportunity to explain our policies and procedures. I will be happy to answer any questions you may have. Senator Pryor. Thank you. Mr. Davidson? STATEMENT OF ALAN DAVIDSON, DIRECTOR OF PUBLIC POLICY, GOOGLE, INC. Mr. Davidson. Chairman Pryor, Chairman Rockefeller, members of the Subcommittee, my name is Alan Davidson, and I am the Director of Public Policy for Google in North and South America. Thank you for the opportunity to testify at this important hearing and for the Committee's leadership in helping companies and consumers grapple with these emerging privacy issues. My message today is simple. As we have heard, mobile services create enormous social and economic benefits, but they will not be used and they cannot succeed without consumer trust. That trust must be based on a sustained effort across our industry to protect user privacy and security, and we are committed to building that trust. First, a word about technology. Many of us are already experiencing the benefits of mobile and location-based services. Things as simple as getting real-time traffic maps that help aid your commute or finding the closest gas station on your car's GPS. Thousands of applications use location-based services to help connect consumers and businesses. The U.S. Postal Service offers an app to help users find post offices and mailboxes based on their location. You can find the closest cheeseburger using the Five Guys app, or find your nearby friends on Foursquare. And the value of location-based services extends far beyond convenience. These services can be lifesavers. Mobile location services can help you find the nearest hospital or police station, or let you know where you can fill a prescription at 1:00 in the morning for a sick child. And that is just the start. We are now working with partners like the National Center for Missing and Exploited Children to explore how to deliver AMBER Alerts about missing children within seconds to users nearby. And mobile services may soon be able to alert people in the path of a tornado or a tsunami, or guide them to a evacuation route in the event of a hurricane, as I believe, Chairman Pryor, you heard in your hearing in the Homeland Security Committee. The rapid adoption of these services has been remarkable. For example, on our popular Google Map service, in the past year, 40 percent of our usage has shifted to mobile devices. Every month, over 150 million people now regularly turn to Google Maps on their Android, iPhone, BlackBerry, or other mobile phone. So mobile services are having growing importance in our economy. According to recent market reports, their potential economic impact is staggering. These services are creating jobs and new businesses, and they are increasing jobs in existing businesses. But here is the thing. To succeed in the long run, mobile services require consumer trust that is based on strong privacy and security protections. At Google, we focus on privacy protection throughout the life of our products, starting with the initial design. We subscribe to the view that by focusing on the user, all else will follow. So we use information where it provides value to consumers, and we implement strong controls for information sharing, applying the principles of transparency, choice, and security. When it comes to mobile services, for example, we are extremely sensitive with location information. We have made our mobile location services opt-in only, treating this information with the highest degree of care. So here is how the opt-in works on Android. When I took my Android phone--actually, this Android phone--out of its box, one of the first screens I saw asked me, in plain language, to affirmatively choose whether or not to share location information with Google. A screen shot of this process is included in our testimony, and it is on the board at the end of the row here. If a user doesn't choose to opt-in at setup or doesn't go into their settings later to turn it on, the phone will not send any location information back to Google's location servers. If a user does opt-in, all the location data that is sent back to Google's location servers is anonymized, and it is not traceable to a specific user or device. And users can later change their minds and turn it off. Beyond this, the Android operating system notifies users whenever a third-party application will be given permission to access location information before the user installs the app. That way, the user has the opportunity to cancel the installation if they don't want information collected. We believe this approach is essential for location services and is a good example of how to handle this kind of sensitive information--highly transparent information for users about what is being collected, opt-in choice before location information is collected, and high security standards to anonymize and protect information. Our hope is that this becomes a standard for the broader industry. The strong privacy and security practices I have described are a start. There is more to do. We salute the active role this committee has taken to educate consumers, and we commend what you are doing to bring stakeholders together to develop a comprehensive approach to privacy. The issues raised are clearly challenging, but finding answers is critical to maintaining consumer trust, protecting innovation, and supporting the rapid economic growth generated by these services. We look forward to continued conversations with the Committee. Thank you. [The prepared statement of Mr. Davidson follows:] Prepared Statement of Alan Davidson, Director of Public Policy, Google Inc. Chairman Pryor, Ranking Member, and members of the Committee: I am pleased to appear before you this morning to discuss mobile services, online privacy, and the ways that Google protects our users' personal information. My name is Alan Davidson, and I am Google's Director of Public Policy for the Americas. In that capacity, I oversee our public policy operations in the United States, and work closely with our legal, product, and engineering teams to develop and communicate our approach to privacy and security, as well as other issues important to Google and our users. Google is most well known for our search engine, which is available to Internet users throughout the world. We also make Android, an open operating system for mobile devices that in a few short years has grown from powering one device (introduced in the fall of 2008) to more than 170 devices today, created by 27 manufacturers. We also offer dozens of other popular services, from YouTube to Gmail to Google Earth. Our business depends on protecting the privacy and security of our users. Without the trust of our users, they will simply switch to competing services, which are always just one click away. For this reason, location sharing on Android devices is strictly opt-in for our users, with clear notice and control. This is the way these services should work--with opt-in consent and clear, transparent practices, so consumers can make informed decisions about the location-based services that are so popular. This is also why we are educating parents and children about online safety, and working with groups like ConnectSafely and Common Sense Media to address the important issues of digital literacy and citizenship, including how to use Google's privacy, security, and family safety tools. In my testimony today, I'll focus on three main points: Location-based services provide tremendous consumer benefit; Google is committed to the highest standards of privacy protection in our services, as demonstrated in our approach to mobile services, content controls, consumer education, advertising, and security; and Congress has an important role in helping companies build trust and create appropriate baseline standards for online privacy and security. I. Location-based services provide tremendous value to consumers Mobile services are creating enormous economic benefits for our society. A recent market report predicts that the mobile applications market will be worth $25 billion by 2015. McKinsey estimates that personal location applications will generate as much as $700 billion in consumer value in the next 8 years. People can use mobile services to get driving directions from their current location, identify a traffic jam and find an alternate route, and look up the next movie time at a nearby theater. Location can even make search results more relevant: If a user searches for ``coffee'' from a mobile phone, she is more likely to be looking for a nearby cafe than the Wikipedia entry describing coffee's history. In the last year, a full 40 percent of Google Maps usage was from mobile devices. There are now 150 million active monthly Google Maps for Mobile users on Android, iPhone, BlackBerry, and other mobile platforms in more than 100 countries. Thousands of other organizations and entrepreneurs offer applications that use location services to provide helpful products. For example, the U.S. Postal Service offers an application to help users find nearby post offices and collection boxes, based on their location. If you want a Five Guys burger, their application will find a location for you, and even lets you order in advance. Services such as Yelp and Urbanspoon use location to provide local search results, while applications like Foursquare let users find nearby friends who have chosen to share their location. Source: McKinsey Global Institute analysis. Mobile location data can even save lives. In crisis situations, people now turn to the Internet to find information. Within a few hours of the Japan earthquake, for example, Google saw a massive spike in search queries originating from Hawaii related to ``tsunami.'' We placed a location-based alert on the Google homepage for tsunami alerts in the Pacific and ran similar announcements across Google News, Maps, and other services. In cases like the Japanese tsunami or the recent tornadoes in the U.S., a targeted mobile alert from a provider like Google, or from a public enhanced 911 service, may help increase citizens' chances of getting out of harm's way. Other emergency notifications like AMBER alerts can be improved using location data, too. In the past, a parent's best hope of finding a missing child might have been a picture on a milk carton. Google works with the National Center for Missing and Exploited Children (NCMEC) in an ongoing partnership to develop technology solutions that help them achieve their mission. Today, modern tools and information can make NCMEC's AMBER alerts more effective and efficient through location-based targeting--within seconds of the first report, an AMBER alert could be distributed to all users within one-mile of the incident. As Ernie Allen, NCMEC's President and CEO, wrote last week: Google's contributions to our Missing Child Division have also been significant. Your tools and specialized engineering solutions assist our case managers in the search for missing children. . . . We eagerly await the completed development of the AMBER Alert tool, which will expand the reach and distribution of AMBER alerts to Google users and will surely have enormous potential for widespread dissemination of news about serious child abduction cases. Thank you for your continued efforts to give children the safer lives that they deserve. None of these services or public safety tools would be possible without the location information that our users share with us and other providers, and without the mobile platforms that help businesses and governments effectively reach their audiences. II. Google is committed to the highest standards of privacy protection in our services Google would not be able to offer these services--or help create the economic and social value generated from location data--if we lost the trust of our users. At Google, privacy is something we think about every day across every level of our company. It is both good for our users and critical for our business. Our privacy principles Privacy at Google begins with five core principles, which are located and available to the public at www.google.com/corporate/ privacy_principles.html:
Use information to provide our users with valuable products and services. Develop products that reflect strong privacy standards and practices. Make the collection and use of personal information transparent. Give users meaningful choices to protect their privacy. Be a responsible steward of the information we hold. First, as with every aspect of our products, we follow the axiom of ``focus on the user and all else will follow.'' We are committed to using information only where we can provide value to our users. We never sell our users' personally identifiable information. This is simply not our business model. Second, we aim to build privacy and security into our products and practices from the ground up. From the design phase through launch, we consider a product's impact on our users' privacy. And we don't stop at launch; we continue to innovate and iterate as we learn more from users. Our last three principles lay out our substantive approach to privacy: We are committed to transparency, user control, and security. Internal process and controls Google also reflects these principles in our development process and employee training. As we recently explained, we have begun to implement even stronger internal privacy controls with a focus on people, training, and compliance. All this process is aimed at ensuring that products match our philosophy and avoid mistakes that jeopardize user trust--like the launch of Google Buzz, which fell short of our standards for transparency and user control. To help make sure we live up to this promise, we entered into a consent decree with the Federal Trade Commission this year, under which we'll receive an independent review of our privacy procedures every 2 years. In addition, we'll ask users to give us affirmative consent before we change how we share their personal information. Products reflecting principles: Opt-in location controls on Android We understand location information is sensitive. So our approach to location data is simple: Opt-in consent and clear notice are required for collection and use of location information on Android. We don't collect any location information--any at all--through our location services on Android devices unless the user specifically chooses to share this information with Google. We also give users clear notice and control; the set-up process explicitly asks users to ``allow Google's location service to collect anonymous location data.'' And even after the set-up process, users can easily turn off location sharing with Google at any time they wish. The location services in our Android operating system embody the transparency and control principles that we use to guide our privacy process. We hope that this will be a standard for the industry. Google is also very careful about how we use and store the data that is generated by these services. The location information sent to Google servers when users opt in to location services on Android is anonymized and stored in the aggregate. It's not tied or traceable to a specific user. The collected information is stored with a hashed version of an anonymous token, and that hashed token is deleted after approximately one week. A small amount of location information regarding nearby Wi-Fi access points and cell towers is kept on the Android device to help the user continue to enjoy the service when no server connection is available and to improve speed and battery life. In order to provide these location services, many companies detect nearby, publicly available signals from Wi-Fi access points and cell towers and use this data to quickly approximate a rough position, even while they may be working on a more precise GPS-based location. This can be done by using information that is publicly broadcast (for example, that list of Wi-Fi access points you see when you use the ``join network'' option on your computer). Companies like Skyhook Wireless and Navizon compile such information and license the data to many industry leaders. Google has a similar location service called the Google Location Server--an Internet database that uses Wi-Fi access points and cell towers to determine an estimated location and that uses GPS information to estimate road traffic. Device manufacturers can license the Network Location Provider application for Android from Google. This Network Location Provider is turned off by default. It can be turned on by the user during the phone's initial setup or in the device settings. The Network Location Provider is off by default. The user can opt- in and turn on location services during the initial setup flow.
The user can opt-in to turn on the Network Location Provider on their Android phone from within the device settings. The Android operating system is built on openness, with the goal of encouraging developers to innovate. With this principle in mind, Google does not decide which applications can access location or other user information from the device. Instead, the Android operating system uses a permissions model in which the user is automatically informed of certain types of information an application will be able to access. The user may choose to trust the application by completing the installation or the user may choose to cancel the installation. An application can only access the device's GPS location or the device's network location if it displays a notice for this permission to the user at time of installation. When Google creates an Android application, like Google Maps for mobile devices, Google is responsible for how the application collects and handles data and for the privacy disclosures made to users, and generally applies the Google Mobile Terms of Service and the Google Mobile Privacy Policy. These privacy policies are also clearly displayed to the user when the user first signs into the Android device. When an Android application is not developed by Google, the application developer bears the responsibility for its design and its use of data. Google does not and cannot control the behavior of third party applications, or how they handle location information and other user information that the third party application obtains from the device. Google does strongly encourage application developers to use best practices as described in this Google blog post. How our products reflect our principles: Parental controls and family safety While Google does not offer services directed at children, we try to provide families with the tools and education to ensure a positive and safe experience on our services. In addition to our work with NCMEC and others to protect children, our major consumer education initiatives include:
Android Market content ratings. The content rating system is a new feature of Android Market that requires developers to rate their apps in one of four categories, in accordance with our guidelines: Everyone, Low-, Medium-, or High-Maturity. Developers are responsible for rating the apps, and if users come across incorrectly rated apps, they can flag them for review. SafeSearch on Mobile. Just as with Google Web Search on desktop, Google's SafeSearch filter is accessible on mobile for users who search on a mobile browser. SafeSearch uses advanced technology to block sexually explicit images and text from search results. Users can customize and lock their SafeSearch settings to ``Strict'' or ``Moderate'' by clicking on the ``Settings'' link to the top right corner of the homepage on Google.com. Digital Literacy initiative. To help educate families about responsible Internet use, we developed a curriculum with iKeepSafe that teaches teens to recognize online risks, investigate and determine the reliability of websites, and avoid scams. We've sponsored a tour that iKeepSafe is taking across the country to bring the curriculum into local communities and classrooms. Family Safety Center. In cooperation with the Federal Trade Commission's OnGuardOnline initiative and other child safety advocates and experts, we built a one-stop shop for families, available at www.google.com/familysafety, to provide step-by- step instructions for using safety tools built into Google products and other best practices for families to consider. In response to popular requests, we've added a section about managing geolocation features on mobile phones. Net Safety Tips on the Go app. The Internet Education Foundation, in partnership with Google and others, created an app to help users keep up with online privacy, safety, and security issues on your Android phone. It provides quick, practical, friendly advice for you and your family. The tips, developed by leading online safety organizations, cover important issues like mobile privacy and safety, sexting and cyberbullying, social networking safety, and avoiding identity theft. How our products reflect our principles: Advertising and privacy John Wanamaker, considered by some to be the father of modern advertising, once remarked that ``half the money I spend on advertising is wasted; the trouble is I don't know which half.'' Google's advertising products are aimed at eliminating that wasted half, bringing data-driven efficiency to advertising. But as we work to bring more relevant and useful ads to our users, we continually seek to preserve transparency and user control over the information used in our ad system. Google was not the first to offer interest-based advertising (known as IBA) online, but when we launched IBA, in March 2009, we included a number of groundbreaking privacy features. Google's interest-based ads contain notice in the actual advertisement indicating that it is a Google ad. The in-ad notice is linked to information about IBA, including our Ads Preferences Manager, which allows users to change the interest categories used to target ads, or to opt-out of interest-based advertising altogether. Note that we do not serve interest-based ads based on sensitive interest categories such as health status or categories relating to kids. We are also participating in the industry- wide ad targeting notice and opt-out program. We have seen that for every visitor that opts out of IBA on this page, seven users view or edit their settings and choose to remain opted in. We take from this that online users appreciate transparency and control, and become more comfortable with data collection and use when we offer it on their terms and in full view. Recently, discussions about online ad targeting have centered on the ability of users to indicate a desire to opt out of this profiling and targeting by all online providers--sometimes called Do Not Track. In January, Google sought to further encourage consistency and ease of control over online targeting by launching the Keep My Opt-Outs Chrome extension, which enables all providers participating in ever-expanding industry self-regulatory programs to make their IBA opt outs permanent via a simple browser-based mechanism. As new opt outs come online, we will automatically update this extension to keep users up to date. In the first few months, more than 100,000 users have already installed and are using the extension. We even released this tool on an open- source basis so that other developers can examine, assess, enhance, or even extend the code's capabilities. Additionally, we are developing versions of Keep My Opt Outs that work on other major browsers. Just last month, we extended our advertising privacy approach to our mobile application ad networks. These networks help mobile app developers make money from their products. For these ad systems, we have created a user-friendly solution involving anonymization, user control, and user notice. First, Google performs a one-way, non- reversible hashing of a device identifier to create an anonymous ID specifically for ad serving. Second, for both Android and iPhone users we give consumers an easy way to opt out the use of their device identifier by Google's advertising services altogether. Third, we are notifying all users of how we customize ads and their opt-out controls with clear notice as you see here. Because the mobile application interfaces are more limited, we chose to rotate full-size privacy notices in with other advertisements, rather than use an icon, which is hard to see or click on the smaller mobile screen. How our products reflect our principles: Security through encryption and two-step verification Along with transparency and user control, strong security for users of Google's services to protect against hackers and data breach is vital. For example, Google was the first (and still only) major webmail provider to offer session-wide secure socket layer (SSL) encryption by default. Usually recognized by a Web address starting with ``https'' or by a ``lock'' icon, SSL encryption is used for online banking and other secure transactions. Users can also encrypt search. Just type ``https:/ /encrypted.google.com'' into your browser to encrypt your search queries and results. We hope other companies will soon join our lead. In March of last year Google introduced a system to notify users about suspicious activities associated with their accounts. By automatically matching a user's IP address to broad geographical locations, Google can help detect anomalous behavior, such as a log-in appearing to come from one continent only a few hours after the same account holder logged in from a different continent. Thus, someone whose Gmail account may have been compromised will be notified and given the opportunity to change her password, protecting herself and her contacts.
Finally, we recently released 2-step verification for consumer Gmail accounts, which allows users who are concerned about the security of their account to use a password plus a unique code generated by a mobile phone to sign in. It's an extra step, but it's one that significantly improves the security of a Google Account. Now, if someone steals or guesses a Gmail user's password, the potential hijacker still cannot sign in to the user's account because the hijacker does not have the user's phone. We are already hearing stories from our users about how this extra layer of security has protected them from phishing attacks or unauthorized access. III. Congress should act to build trust and create appropriate baseline standards Congress has a vital role to play in encouraging responsible privacy and security practices, both by bringing attention to these issues and through legislation where appropriate. The first step Congress can take, and one on which we can all find common ground, is the need for basic ``digital citizenship'' education for parents, children, teens, and all consumers. Digital skills are essential life skills in a 21st century economy, including understanding basic technical concepts like how to create a safe password and avoid online scams, to critical thinking such as evaluating whether information on a blog is reliable or not. It is crucial that Congress and providers work together to create resources for programs that address these issues and promote them to all consumers, particularly parents and educators. A second area for careful consideration is legislation. Google supports the development of comprehensive, baseline privacy framework that can ensure broad-based user trust and that will support continued innovation. We salute the work of Senators Kerry and McCain to develop a comprehensive approach to this issue, based on the same principles of transparency, control, and security we apply to our own services. We look forward to continued conversations about this bill as it evolves. Key considerations for any comprehensive approach to privacy include:
Even-handed application. A pro-innovation privacy framework must apply even-handedly to all personal data regardless of source or means of collection. Thus, offline and online data collection and processing should, where reasonable, involve similar data protection obligations. Recognition of benefits and costs. As with any regulatory policy, it is appropriate to examine the benefits and costs of legislating in this area, including explicit attention to actual harm to users and compliance costs. Consistency across jurisdictions. Generally, Internet users neither expect nor want different baseline privacy rules based on the local jurisdiction in which they or the provider reside. Moreover, in many instances, strict compliance with differing privacy protocols would actually diminish consumer privacy, since it would require Internet companies to know where consumers are located at any given time. By the same token, in general we do not support a continued ``siloed'' approach to privacy law. While much of today's debate centers on location information and ``Do Not Track'' advertising privacy proposals, providers and consumers need a comprehensive approach that will set consistent, baseline principles for these issues and those to come in the future. Otherwise, this Committee and others will be returning term after term to address the latest new technology fad. Moreover, industry response to the advertising privacy issue has been encouraging. In a few short months, all major browser companies have introduced new controls, and the advertising and online publishing industries have come together to announce uniform standards for notice and control over targeted ads. We can, however, suggest two concrete areas where Congress can act immediately to strengthen Americans' privacy protections and provide consistency for providers. Congress should promote uniform, reasonable security principles, including data breach notification procedures. We pride ourselves at Google for industry-leading security features, including the use of encryption for our search and Gmail services. But we need help from the government to ensure that the bad acts of criminal hackers or inadequate security on the part of other companies does not undermine consumer trust for all services. Moreover, the patchwork of state law in this area leads to confusion and unnecessary cost. In addition, the Electronic Communications Privacy Act, the U.S. law governing government access to stored communications, is outdated and out of step with what is reasonably expected by those who use cloud computing services. ECPA worked well for many years, and much of it remains vibrant and relevant. In significant places, however, a large gap has grown between the technological assumptions made in ECPA and the reality of how the Internet works today, leaving us in some circumstances with complex and baffling rules that are both difficult to explain to users and difficult to apply. As part of the Digital Due Process coalition, we are working to address this issue. The Digital Due Process coalition includes members ranging from AT&T to Google to Americans for Tax Reform to the ACLU. It has put forward common sense principles that are designed to update ECPA, while ensuring that government has the legal tools needed to enforce the laws. Particularly relevant to today's hearing, the coalition seeks to: Create a consistent process for compelled access to data stored online. Treat private communications and documents stored online the same as if they were stored at home and require a uniform process before compelling a service provider to access and disclose the information. Create a stronger process for compelled access to location information. Create a clear, strong process with heightened standards for government access to information regarding the location of an individual's mobile device. Advances in technology rely not just on the smart engineers who create the new services, but also on smart laws that provide the critical legal underpinning for continued innovation and adoption of the technology. We hope to work with this Committee and with Congress as a whole to strengthen these legal protections for individuals and businesses. * * * Google appreciates the efforts of this subcommittee to address the critical privacy and security issues facing consumers. We look forward to working with you, and to answering any questions you might have about our efforts. Thank you. Senator Pryor. Thank you. Ms. Shenkan? STATEMENT OF AMY GUGGENHEIM SHENKAN, PRESIDENT AND CHIEF OPERATING OFFICER, COMMON SENSE MEDIA Ms. Shenkan. Good morning, Mr. Chairman, members of the Committee, and thank you for this opportunity to discuss the crucial issue of protecting consumer privacy in this marketplace. The hearing is timely, and the stakes are high, especially for our nation's kids. I want to talk about two things today. Why is privacy such an important issue? And what is the Common Sense Media position on what we must do about it? So why is this so important? Let me start by saying that Common Sense Media embraces media and technology. One of our founding beliefs is that we love media, but we and the millions of parents who use our resources are increasingly worried about threats to children's privacy in a rapidly changing mobile and digital world. Eighty-five percent of parents we polled said they are more concerned about privacy than they were 5 years ago. Let me also preface by saying that Common Sense Media understands and appreciates the Internet economy and the sheer brilliance of what these companies have invented. We live and work in Silicon Valley. That is why it is so jarring to hear their ``can't do'' attitude when it comes to inventing technological solutions to protect kids. We get half measures after the fact, and then they only offer partial solutions. They can do better. We know it. And we believe they know it. Parents and kids are rightly concerned. So why do we worry? Two reasons. First, kids live their lives online. Kids don't just access content anymore. They create it. Our kids are growing up in public. Many of the people in this room can attest to how hard it is to be a public figure. Imagine if you are only 13 and had an unflattering picture of you spread across the web, as has happened to hundreds of kids in high schools across the country. Seven and a half million kids under 13 are on Facebook, and millions more teens. Second, we are also seeing too many examples of how our privacy is not protected in this world. We all know that Sony just experienced a security breach, which exposed personal data of more than 100 million--100 million--of its online video game users. And the list goes on. This hearing is specifically around mobile, and for good reason. The mobile world puts all the privacy issues that we have talked about for years on steroids. Why? I will list a couple of reasons. Mobile phones are tied to a specific person. Most computers aren't. Because there are more opportunities for tracking, with a mobile device you have someone's location, and it is always with you. And we found out that it is always busy during the night as well for many people today. The average smartphone owner spends more time on apps than they do talking on it or browsing the web. This is an issue because mobile apps are far less transparent about how they use your data than most websites. Nearly three-quarters don't even have a basic privacy policy, and mobile browsers don't have nearly as many privacy controls as Web browsers do. In the end, we are all involved in protecting kids' privacy in the online and mobile world. But we can also protect our-- but we can't protect our kids' privacy if companies and operators aren't providing real opportunities to do so. So what do we at Common Sense Media propose? We urge Congress to bolster laws protecting essential privacy for our Nation's children and teens. There are five principles which should be essential elements of any new legislation from Congress. First of all, number one, the industry standard for all privacy should be opt-in, especially for kids and teens, private by default and public by effort. And today, it is the other way around. Number two, privacy policies should be clear and transparent. You shouldn't need to hold a degree from Harvard Law School to figure out how to decode a privacy policy. Three, no behavioral tracking of kids. There are limits on advertising to kids on TV and cable, not on the web. Kids are not little consumers. They are children. Let us not invade their privacy and then pummel them with ads. Number four, parents and kids should be able to easily delete online information. Too often we hear about young people who post information they later regret and find that they can never fully delete it from the online world. We have to protect these kids from permanent damage. And finally, number five, we must vastly increase education and information about online privacy. Kids and parents need to do their part to protect privacy and the privacy of their friends. A large-scale, multi-year education campaign would help them learn how to do so effectively. Industry leaders could play an important role in this and should be required to finance it. Honestly, we wonder why leading tech companies seem to consider privacy implications for children and teens only after the fact. These considerations should be baked into the design phase of a product or service. Companies now successfully do this for disability access. Why can't we do it for kids' privacy? A founder of a popular social networking company commented last week in a Washington Post interview that, and I quote, ``We will figure things out as we go along,'' when asked about special privacy considerations for youth. Come on, we have got to do better than that. We all need to work together to find solutions in this space, and we need the tech companies to bring their innovation skills to this crucial and shared goal of protecting our Nation's kids. Thank you. [The prepared statement of Ms. Shenkan follows:] Prepared Statement of Amy Guggenheim Shenkan, President and Chief Operating Officer, Common Sense Media ``Protecting Privacy--Especially for Kids--in a Mobile and Digital World'' Good morning, Mr. Chairman, and members of the Committee, and thank you for this opportunity to discuss the crucial issue of protecting consumer privacy in the mobile marketplace. Common Sense Media is a non-profit, non-partisan organization dedicated to improving the lives of kids and families by providing the trustworthy information, education, and independent voice they need to thrive in a world of media and technology. Nearly two million people visit the Common Sense website every month for reviews and parent tips about media content and the digital media world. Tens of millions more access our advice and information through our distribution partnerships with leading companies like Comcast, DIRECTV, Time Warner Cable, Cox Communications, Facebook, Yahoo!, Google, Apple, Disney, Netflix, Best Buy, and more. Common Sense Media commends the Chairman and the Committee for this timely hearing on consumer privacy. The stakes couldn't be higher for all of us, and especially for our nation's kids. Today, millions of kids don't just go online, they seem to live their lives online. Children and teens today are growing up in a media environment that provides an ever-present and ever-changing experience in a new digital landscape--an environment that is changing childhood. A recent study by Consumer Reports estimated that 7.5 million kids under age 13 are lying about their age to be on Facebook--and that 5 million of those kids are age 10 and under. There are tens of millions more who are 13 through 17. And kids don't just access content online, they create it. They don't simply interact with their peers online, but with adults and companies too. And in contrast to the childhoods we all had, today's children are growing up in public. They post, search, copy, ``friend,'' ``un- friend,'' tweet, create, distribute, and connect through social networks, apps, and other digital services in ways that can be seen by millions around the world and gleaned by companies as well, including-- but not limited to--the companies represented here today. The Internet is a worldwide platform for accessing information and realizing new educational opportunities, possessing resources for both entertainment and learning. Yet, with all of the wondrous things that the Internet brings to children and teens, the interaction that such kids have with digital technology, apps, and services raises significant concerns about kids' privacy. Overall concern about consumer privacy is clearly growing. In a Common Sense Media/Zogby International poll last fall, 85 percent of parents said they are more concerned about online privacy than they were 5 years ago. Moreover, privacy is a concern expressed not only by parents--but by kids too. The same poll found that 91 percent of parents (and 81 percent of teens) say search engines and social networking sites should not share their physical location with other companies without their specific authorization. Yet, lest you think that Common Sense Media is a Luddite organization, let me emphasize that we embrace technological change and innovation and the manifold benefits the Internet and digital media bring to children and teens. One of our founding beliefs is that ``we love media.'' Like the millions of parents and teachers who come to Common Sense for information, we want to find the best things that the digital media world offers for kids--and there are many great things-- but also want to avoid the things that may not be appropriate for them, especially at younger ages. We simply believe that a far better balance can and must be struck. A balance that makes available the rich resources of the Internet--but that also protects children and teens from privacy invasions and inappropriate targeted marketing and behavioral advertising. There is no such balance today, and the basic well-being of our children and teens is at risk as a result. We believe that balance is being struck in a bipartisan way on the House side by legislation introduced by Rep. Ed Markey (D-MA) and Rep. Joe Barton (R-TX), the first major kids' privacy legislation introduced since 13 years ago--when the founder of Facebook was in grade school. And as much as we embrace overarching, comprehensive privacy protections for consumers--and especially kids--for all Internet technologies and services, it is clear that the ability to track the mobile whereabouts and habits of an individual as she or he moves throughout our society raises hyper-sensitive privacy issues. Privacy is an issue everywhere in the online world, but in the mobile world, privacy is an issue on steroids. And this Nation must address the issue of mobile privacy now. We cannot overstate the urgency of this moment. For kids, this is absolutely critical--knowing what a child or teen does online at home is one thing. Knowing where they go after school, with whom they visit, what they search for, and what hours they spend where around town is not only incredibly invasive, it is potentially very dangerous and a fundamental violation of their personal privacy and self-interest. Mobile companies and app developers that have a cavalier attitude about this topic need a very clear wake-up call. While all adults should have ``opt-in'' protections for location information for all mobile services and apps, it is vitally important to move immediately to protect children and teens in the mobile environment. Concerns about mobile technology and geolocation have been reinforced in several recent surveys and studies. For example: In a survey by TRUSTe, an industry-based organization, 77 percent of smartphone users said that they don't want to share their location with app owners and developers. In a recent Nielsen survey of mobile subscribers who downloaded an application within the previous 30 days, more than half (59 percent of women and 52 percent of men) said they are concerned about their privacy when using geolocation services and check-in apps. A new study by the Future of Privacy Forum analyzed the top 30 paid mobile apps across the leading operating systems (iOS, Android, & Blackberry) and found that 22 of them -nearly three- quarters--lacked even a basic privacy policy. This is outrageous, especially because kids are such huge users! It is obvious to most of us and clearly to most parents that our existing protections for privacy and personal information online are grossly inadequate and in no way keeping pace with the rapid changes of our digital and mobile media world. Congress must address this critical issue for kids and families now. Congress enacted legislation in the late 1990s addressing wireless location information from wireless carriers requiring such companies to obtain the ``prior express authorization'' of the subscriber for using location information for commercial purposes. But this outdated law did not cover 3rd party services and apps--only wireless companies--and did not contain specific protections for children and teens. That should be changed now. Moreover, in the case of children, as you know, the Children's Online Privacy Protection Act (COPPA) is the landmark legislation in this area, but the technological advances that have occurred since 1998 make COPPA woefully out of date for keeping children safe from these vast new threats to their privacy. 1998 is like the medieval ages of digital tech development, but that is when the last privacy law protecting kids was written. Common Sense Media believes it is way past time to update that Act and to provide major new privacy protections for children and teens, on mobile platforms and elsewhere. If we want to strike the proper balance, and ensure that America's kids and adults can realize the benefits, and avoid the potential pitfalls, of the digital world, all of us--parents, educators, policymakers, and industry leaders--can and must take steps to improve protections for our privacy and personal information online, and especially for kids. But Congress must lead now. For kids, Common Sense Media believes those steps should build on a few basic principles. The first is Do Not Track Kids. Period. Full Stop. Children and teens should not have their online behavior tracked or any other personal information about them collected, profiled, or transferred to other parties. The 1998 COPPA categories of ``personally identifiable'' information (e.g., name and address) must be updated to include other ``persistent identifiers'' and to encompass all activities in the online and mobile world. What children and teens do online should remain private. Companies--whether Internet service providers, social networking sites, third party application (``app'') providers, data-mining companies, or advertising networks--should not be permitted to collect, store, use, sell, or transfer that information at all. And Congress must pass a law with teeth in order to enforce this prohibition. Today many companies troll the Internet to collect our kids' detailed information in order to target them with ``behavioral marketing''--advertising that is specifically tailored to their age, gender, interests, and activities. Behavioral marketing to kids is unfair and deceptive, and it should stop. Without parents or kids knowing it, companies collect, store, and sell information about what kids do online and on mobile phones. Companies can install ``cookies'' or other devices that track which websites kids visit, including which pages they look at; what searches they make; which videos they download; who they ``friend'' on social networking sites; what they write in e-mails, comments, or instant messages; and more. And thanks to geolocation services, companies can now also track where kids go in the physical world as well as the virtual one. Obviously, some online tracking is a helpful aspect of Web 2.0 technology, and parents or teens over the age of 16 should be able to ``opt in'' to limited use of tracking devices, as long as they are not used for behavioral marketing and are not transferred to third parties. This is the second major element of a legislative effort to protect the privacy interests of kids. Because of the dramatic growth of mobile technology and geolocation services, it is absolutely essential that privacy protections apply across all online and mobile platforms. And this Committee and the Senate should pass laws to that effect in this Congress. Many kids today don't merely go online--they always are online, whether from their home computer or from a cell phone, iPod, or Web- connected video game console. To reflect today's mobile and digital world, privacy regulations need to be vastly expanded and applied to all online and mobile services and platforms. Social networking sites shouldn't be able to collect or sell kids' private information, and neither should third-party apps on those sites. Geolocation services shouldn't be allowed without clear prior consent--a formal opt in by a parent--regardless of what type or company or operator provides the service. It's important to note that just as we say, ``we love media,'' Common Sense also loves mobile technology, including for kids, but we are highly cognizant of the downsides as well, especially where the fundamental privacy rights of children and teens are involved. In April 2010, we published a white paper ``Do Smart Phones = Smart Kids? The Impact of the Mobile Explosion on America's Kids, Families, and Schools.'' That paper highlighted the vast expansion of mobile technology usage by kids, and also the ways that smart phones and devices can help kids learn, explore, and engage. But we also highlighted some of the extraordinary potential downsides of mobile media, including ways that these devices may make it easier for kids to engage in inappropriate-- and even dangerous--activities. These include cyberbullying, sexting, and distracted driving. Most importantly, Common Sense raised a number of critical questions about the potential downsides of mobile phones and geolocation technology: Mobile phones with GPS capabilities can expose a kid's exact location. Many new programs and apps have been developed that allow kids to announce their physical whereabouts. This creates physical safety concerns. If a kid shares location info to ``friends,'' that information can be passed along to unintended audiences. Privacy concerns are also a huge issue. Marketers use geo-location technology to target kids with promotions. A child's purchasing habits will be registered and personal data collected. Location-based technology raises several critical questions and concerns: Should mobile geolocation data, persistent IP addresses and other identifying information be protected for children under age 13--in the same way that name, age, gender, and address information are protected today? (Clearly. And there should be protections for 13 to 17 year olds as well.) Do teens understand how their personally identifying information will be used, and do they need additional protections? (Obviously not, so the privacy of teens must be protected by clear legislation.) Will this identifying information be used to target kids and teens with new behavioral advertising and marketing campaigns? (Sure, unless Congress forbids this practice, as it should.) There are several additional key principles I'd like to highlight briefly from our recent policy brief, ``Protecting Our Kids' Privacy in a Digital World''--which should be essential elements of new privacy legislation from Congress this year. 1. The Industry Standard for All Privacy Should Be Opt In--Especially for Kids and Teens Companies and operators must make significant changes in the ways that they collect and use personal information. The industry standard should always be ``opt in''--companies and operators should not collect or use personal information unless users give explicit prior approval. The opt-in standard is fundamental to our ability to control our personal information. If online companies, services, and applications want to collect and use personal information, they should get permission beforehand by asking people to opt in to the service. And for kids and teens under 16, this means getting their parental permission up front. Far too many online and mobile companies launch new services-- including geolocation-based applications--and enroll users automatically, giving them the opportunity to opt out afterward. This can mean that kids' personal information is collected and used before the kids or their parents even understand how the service works. All online companies, services, and third-party application providers should follow an industry standard of obtaining a clear opt in, especially for kids. 2. Privacy Policies Should Be Clear and Transparent Privacy policies must be easy for all users to find and understand and should be carefully monitored and enforced. Instead of lengthy legal documents, companies should use icons and symbols that would clearly and simply convey how--and why--users' personal information will be used. We need clear, succinct language for privacy policies, especially for kids. 3. The Eraser Button--Parents and Kids Should Be Able to Easily Delete Online Information Children and teenagers should have the opportunity to delete any and all information they have provided about themselves. Too often we hear about young people who post information they later regret and find they can never fully delete from the online world. Children and teens post personal information on websites, virtual worlds, social networking sites, and many other platforms. Children also make many mistakes when it comes to their privacy. They should be protected from permanent damage. Online and mobile companies should be required to develop tools that make it easier for young people--or their parents--to completely opt out and delete this information. Technological innovation in the online industry over the past decade has been truly amazing; the industry should apply that same spirit of innovation to creating tools like ``eraser buttons'' so that no 15-year-old has to live the rest of his or her life with the consequences of a poor decision about what to post online. Congress should require this, and my talented colleagues on this panel should spend some of their companies' profits to make this a reality. 4. We Must Vastly Increase Education and Information About Online Privacy Kids and parents need to do their part to protect their online privacy--and the privacy of their friends. A large-scale, multi-year public education campaign will help them learn how to do so effectively. Industry leaders could play a significant role in that campaign, and should be required to finance it. The online and mobile world is changing so rapidly that children, teachers, and parents all need to be educated about their online privacy rights and needs. Every school in the country should offer a digital literacy and citizenship curriculum, with privacy as an essential component, and this should be funded by industry profits. Educating and informing consumers is a core element of Common Sense Media's work. We provide parents and families with reviews of media content, so that they can make informed choices and find media that is appropriate for their children. Recognizing the growing use of mobile devices and mobile apps by kids, Common Sense began reviewing mobile apps last year, and our site now features more than 1,000 reviews of apps for kids. In many cases, our editors and reviewers recommend these apps for kids--but when the apps use geolocation technology to broadcast the user's physical location, like ``Loopt Mix--Chat!'', our reviews make clear that we don't recommend them for kids, or at least not until they are older teens. But today, there are no required app ratings, and not a single mobile company has taken this issue seriously. Congress should require them to change that reality today. Balancing Opportunities and Potential Pitfalls At Common Sense, we recognize that mobile devices and geolocation services can create new opportunities--for learning, exploration, communication, and commerce--for kids and adults. Yet they can also bring enormous threats to our privacy and personal well-being. But whether their impact is positive or negative, mobile phones and devices are not going away. As parents, teachers, industry leaders, and policymakers, we must all take steps to ensure that kids can access the benefits of mobile technology and digital media, while protecting them from potential negative consequences. Whether our first concern is protecting the best interests of kids and teens, or preserving and expanding a marketplace for all consumers so that tech companies can make profits and innovate, we all have a role in building a mobile environment that is trustworthy and safe. The extraordinary technological changes and new mobile and social media platforms that have developed in recent years have created entirely new environments for children and teens, with unprecedented and extraordinary implications for their privacy. It is time to update our Nation's privacy policies for the 21st century. They are terribly out of date. Everyone needs to be a part of this new effort: industry, families, schools, policymakers, and young people themselves. But most of all, this Senate and this Congress need to pass fundamental privacy protections for kids and teens--and their families--now. Thank you very much. Senator Pryor. Thank you very much. And again, we are going to do 5-minute rounds here on the questions. I would like to start with you, if I can, Mr. Reed? And I want to ask about the Wall Street Journal article. I think you referred to it, or someone did, a few moments ago about the smartphone apps transmitting information. And we have a little chart that shows some of the companies. I think maybe it is the--if I am not mistaken, it is their top 12 or something like that, that they listed in the article. And Mr. Reed, how do you propose notifying consumers in a better, more meaningful way so that they are not surprised to learn that their information is being sent to folks or that they are being tracked? Mr. Reed. Well--oh, sorry--first of all, I think it is a great thing to look at in terms of informing the consumer. One of the best things about the Wall Street Journal articles is that they help do an education job that we in the industry-- remember, most of my members are 3, 10 people--have had a hard time doing it ourselves. So we benefited from that right off the front end. We were able to tell consumers, ``Hey, this is part of what we are doing, and the privacy policies that we have in place are there.'' Now we face two problems as an industry that have been talked about a lot. The 2-inch screen problem--how do I write a privacy policy that holds up to fine lawyers, like yourselves and others, that is simple and easy to understand and can be displayed in a 2-inch screen? So that is one hurdle that we as an industry are facing. My members want to deliver the clearest, simplest privacy policy. But when they go to a lawyer to have it checked, many come back and say, ``Well, you need this proviso.'' The second part of this has to do with the constantly changing world that we face in terms of business models. We started out this whole apps world only 3 years ago. At the time, we had an app store at Apple, which you sold directly, you got paid for. We didn't have advertising at all. Recently, we added in-app purchasing. So having a private policy that not only reflects the business model today, but encompasses the business model tomorrow, the changes that Apple can make at any time to their privacy policy--or that Facebook can make or that Google can make--are all part of the problems we are having in trying to address it. So what we have done with our working group is we have not only brought in regular developers who use ads, but we have been focusing on developers who actually do multiple business models. And we have brought in ACT member Privo, which is one of the four recognized FTC safe harbors for COPPA, to help us create guidelines that can actually address the important questions that were raised earlier about children. Senator Pryor. OK, great. I think that we need to follow up on that a little bit more. But first, Mr. Davidson, let me ask you. You talked about when you opened your Android phone and that screen came up, and if you wanted to, you could check ``no'' for the tracking for the--what do you call it--geolocation? Mr. Davidson. Right. Our location services, yes. Senator Pryor. And that's great. But what happens if then you start using the phone and you start adding apps that do require that geolocation? What happens then? Mr. Davidson. It is a great question, and I think it is a very important question. So the way we have addressed that is when you try to install an application that wants to use location services--Foursquare or something, you know--you get a notice before the application is installed that says, ``This application wants to use your location information. Is that OK?'' And you actually have to accept that before installing the application, so--and we give notice about other kinds of information that the application might want. We do it very simply. It is usually not more than a screen. Maybe sometimes you have to scroll down a little bit, but it is not a multi- screen thing. We have worked very hard to make it very simple. And the key is--this is, I think, what we were talking about at the last panel--timely notice and a choice for consumers. Senator Pryor. OK. Ms. Shenkan, let me ask you--you mentioned your five principles that you like. When I hear Mr. Davidson talk and others talk, I also know that there are, you know, very legitimate reasons why parents may want to track their own children. You know, they may want to know where they are. Would your five principles allow parents to do that? Ms. Shenkan. That is a good question. We haven't contemplated it. I guess the best answer probably is we should get back to you on that. Of course, it would depend on the age of the child. Senator Pryor. Right. Well, as a parent of two teenagers-- -- [Laughter.] Senator Pryor.--let me say that there is a parental interest in this. [Laughter.] Senator Pryor. You know, it just--it could be a good thing, depending on the family. But anyway, yes, I hope you will think about that as you go through. Because when I heard your five that you laid out, they seem kind of ironclad, and I am not sure you had enough leeway in what you were doing to think about that. But anyway, if you could consider that, I would appreciate it. Ms. Shenkan. Yes. Yes, thank you. Senator Pryor. And let me ask you, Ms. Novelli, before I turn it over to other colleagues on the Committee here, you talk about your privacy policy. All that sounds great. But can you tell--can Apple tell how many people actually read it? Ms. Novelli. Well, they have to say that they agree. Senator Pryor. Right. Ms. Novelli. We can't know for sure if they have read it. We try to make it in plain English and very short, but we can't tell if you have--we can't watch someone reading it. Senator Pryor. Well, but can you tell how long they are on those screens? Do you have any way of knowing that? Ms. Novelli. I don't know whether we can or can't, sir, so I will have to get back to you on that. Senator Pryor. Just my guess is, for a lot of folks, it is just too much information, and they just kind of agree without really understanding what they are agreeing to. But that is another matter that we can discuss. Senator Rockefeller? Senator Rockefeller. Thank you, Mr. Chairman. Bret Taylor, this would be to you. Under Facebook's terms and conditions, a user must be 13 or older to have an account on your website. Despite this, according to a recent Consumer's Report study, an estimated 7.5 million users were younger than 13. Moreover, the Facebook app in the Apple App Store is rated for age 4 and above. Now my question to you is, I understand it is Facebook's policy not to allow children under 13 to have an account. But the description of the Facebook app and the Apple store rates the app as appropriate for age 4 and older. How is that consistent with your policies, and who determines the rating for Facebook's app? Mr. Taylor. Senator, thank you. That is a very good question and actually news to me. So my--first of all, we don't allow people to have accounts under the age of 13. If I had to guess, my guess is that because the Facebook application doesn't, in and of itself, contain mature content, that is what the rating reflects. But I think we can follow up with your office about why that rating exists. And certainly, our iPhone application has the same rules and conditions governing it as our website, which means that no one under the age of 13 can create an account. Senator Rockefeller. And I appreciate that. But it doesn't appear to be the truth. You have 7.5 million under 13. This takes me back--and I won't harp on it. But Facebook grew so fast. Zuckerberg gets that in Harvard. He is 20, 21 years old. He comes up with a big new idea. It is my general feeling that people who are 20, 21, 22 years old really don't have any social values at this point. In his case, I think he was probably---- [Laughter.] Senator Rockefeller. No, I am serious. I think he was focused on how the business model would work. He wanted to make it bigger and faster and better than anybody else ever had. And nothing I know suggests otherwise. So that you can't just dismiss that 7.5 million users are younger than 13 and say that you have a policy that doesn't allow that to happen. I asked Sheryl Sandberg. I am very worried about suicides, people stalking youngsters. They innocently put themselves on a blog and think it is just going to one person, and it goes to Indonesia and everywhere else, and you have 600 million people. And I asked her who signed up. And I asked her, well, how many employees does Facebook itself have? Now this was 2 or 3 months ago. She said 1,600 worldwide. I assume she is right. She is number two in the company. So I assume she was right. And then I said, well, how many people do you have monitoring the box to see what is being said because I am, as are you, worried about what can happen to children-- humiliation, bullying, predators, all the rest of it. I think it is a huge subject. And I have town meetings all over West Virginia on this subject, not necessarily on Facebook, but just in general. Parents are terrified. They are terrified. And they don't know what to do. School counselors don't know how to handle it. You get a whole group in, and they are very worried about this. And she said we have 100 people who monitor these 600 million people, who, I assume, are doing a whole lot of blogging every day. And my reaction to that is that is just absolutely indefensible. It is unbelievable that you would say that. And she said, ``we are going to do better in the future.'' And I want you to defend your company here because I don't know how you can. Mr. Taylor. Well, Senator, I just want to say we really emphatically agree with your points. And I just want to clarify a couple of issues. First, whenever we find out that someone has misrepresented their age on Facebook, we shut down their account. I am not sure of the methodology of the study you refer to, but I can tell you emphatically that we don't allow people to misrepresent their age. And there is a couple of interesting points here. Senator Rockefeller. But when you say we don't allow people to misrepresent their age---- Mr. Taylor. Yes. Senator Rockefeller.--you don't, and you can't. How can you do that? Mr. Taylor. Well, Senator, it is a very good question and something we have thought a lot about. What we have found is the most scalable way, both in terms of age enforcement, but also the other issues you brought up around bullying and other protections of minors on the site are baked into a system of enabling people to report problems on the site. I will talk about bullying first, because I think it is an important issue you brought up, and then talk about age protection. We have--under almost every single piece of content on the site, we have a link where individual users of the site can report inappropriate content and report bullying. And originally, that would go into a special queue that our user support department would take and bring down the content almost immediately. We have also expanded that, though, with a program we call Social Reporting that enable people not only to report it to us, but actually report it to parental and teacher authority figures who are also on Facebook. So if you are a minor on the site in high school, and you see an inappropriate picture, as I think was brought up in one of the open meeting testimonies, you can not only report to Facebook and have it removed, you can report it to a parent or a teacher who can actually deal with the underlying cause of why someone would post a picture like that and actually deal with it offline and deal with the underlying issues. We obviously--we actually have about 250 people working across safety, privacy, and security at Facebook. But in addition to that, we have mixed those with these self-reporting mechanisms because we find they are very accurate. Regarding age, that is---- Senator Rockefeller. You know what? My time is up, and I want to get a comment from Ms. Shenkan. Mr. Taylor. Thank you, Senator. Senator Rockefeller. Thank you. I apologize to you. Mr. Taylor. No problem. Ms. Shenkan. On the same question? Senator Rockefeller. Correct. Ms. Shenkan. You know, our view is, again, that not enough is being done. If we took a small amount of the time that any of these companies spend innovating products and started to think about how we protect our kids--and frankly, adults, but we are focused on kids--we think that would go a long way. I mean, these are the organizations that have created a platform which 600 million people across the globe use, companies that have mapped every street in America so that we can all--across the world so that we can all use. And instead of spending money to try and hire PR firms to try and take down the other company, let us take that money and spend it on figuring out technological ways that will protect our kids. It can't be a hundred people sitting in a Facebook office, trying to monitor 600 million conversations. Senator Rockefeller. Thank you. And thank you, Mr. Chairman. Senator Pryor. Thank you. Senator Klobuchar? Senator Klobuchar. Thank you very much, Mr. Chairman. We have been talking some about how we get privacy policies that are understandable and readable and yet a lawyer will draft. And I know that, Mr. Davidson, when you were asked at the Judiciary Committee about this, you were asked whether you would commit to requiring apps in your store have a clear, understandable privacy policy. And you said you would take the question back to your leadership. Have you heard anything back on that, and will Google commit to requiring apps in your app store to have a clear, understandable privacy policy? Mr. Davidson. We think that apps should have a clear, understandable privacy policy. I do not have an answer for you today about whether we will make it a requirement in our app store. We try to make our app store as open as possible for all the small businesses who use it. I think those apps should have a privacy policy, and we are going to work to try to figure out how to enforce it. We do enforce things like COPPA on our app store. Senator Klobuchar. OK, thank you. And then, Ms. Novelli, you were asked by Senator Coburn--I am on Judiciary as well, so I was looking back at the transcripts--in a judiciary hearing, the one you had last week, that you were asked about testing apps. And you were saying how Apple tested an app and did random spot checks. So, presumably, you might spot any problems. And yet, The Wall Street Journal found that there were problems with some of the apps in terms of sharing location data without informing the user. How do those two things mesh? Ms. Novelli. Well, we do our best to check for all of our requirements that are in our developer agreement. We do randomly audit. One of the requirements that we have is that you must get permission from the--to share information. With respect to location, there is a requirement that if you want to use the location data of a consumer, you have to pop up a dialogue box that is linked into our API that we designed that says we would like to use your location, allow or don't allow. And I can't comment on specific apps, but I believe that was not the particular question that was referred to. But when we find a problem or someone alerts us to it, we immediately investigate and work with the developer. They have 24 hours to fix the problem or be removed from the store. What we have found is that developers have a great incentive to fix the problem. Senator Klobuchar. OK. And Mr. Reed, you have been working in the area of trying to put together a comprehensive set of guidelines for app developers that will follow clear policies, and I support that effort. I think it is good. But I look back and think that considering anyone with skills and a computer can build an app, do you believe that a self-regulatory approach to privacy will be enough to keep the bad actors out of the market? Mr. Reed. Well, I think there are two parts. I think that the self-regulatory approach is the way we have to start, but I don't think it is truly self-regulatory. We heard earlier from the FTC. We think the FTC has and should strongly enforce Section V. And in fact, I know that--in this case, I won't speak from the legal side of it, but we see deceptive and unfair should include or conceptually should include someone who misuses your data and just doesn't have a privacy policy. I know that we heard earlier that the FTC is unsure about that. But I see no reason why if someone is misusing your data that doesn't fall into the realm of an unfair and deceptive trade practice. So I would say we want to start with self-regulatory. We want to bolster our industry's effort on that. And the second side of the--the stick side of that would be the FTC coming after folks who misuse data and don't have a privacy policy. Senator Klobuchar. OK. And then, Mr. Taylor, I know Senator Rockefeller was asking you about the number of kids who might be claiming they are 13. For kids, I don't know, under 18, do you see a different way of trying to reach out to them to talk about the privacy policies? And are you thinking about that in terms of making sure that they understand it that you might use a different approach than with an adult? Mr. Taylor. Yes, it is a really good question and something we have thought a lot about. Fundamentally, we agree. I think most people in this room agree that minors, people under the age of 18, should have a different experience on Facebook because of the unique needs and privacy protections and security protections that a minor needs, and that makes its way into all aspects of our product, not just a legal privacy policy. So on Facebook, if you are a minor, you actually have a different experience. Your privacy setting defaults are different. When you share things, it goes to a more restricted audience. When you report problems on the site, our user operations respond differently if it is a minor. And it really makes its way throughout our product. And that applies especially to privacy and security issues. Senator Klobuchar. OK. Thank you. And then, Ms. Shenkan, last follow up with some of Senator McCaskill's point, not all data sharing is bad. And in fact, much of it can be beneficial to both the consumer and third parties. So the question is where you draw that line. And more targeted advertisements can be more relevant and helpful to the users. However, as you know, there is this line between sharing data and tracking. And where do you see the line, and what common practices do you think cross it? Ms. Shenkan. Thank you for the question, Senator. If behavioral targeting or advertising is so useful to consumers, they have should have the ability to say ``opt-in.'' So if I happen to be on Facebook and I am writing to a friend or posting on my wall about wanting to go see Elvis Costello, and I say, you know, that it is fine to track and monitor my conversations and advertise to me on that, and I get an ad, then that was my choice. And I obviously saw the value of providing my information to get something back. Also I think that--just if I can--I thought that Senator Kerry made a really fundamental point in his statement when he said that he rejected the notion that there is a choice, fundamental choice that needs to be made between innovation and protecting privacy. We couldn't agree more. That is a false choice. The entire--the Internet economy in the U.S. alone will be close to $200 billion in e-commerce. Most of that was not created by harvesting private data and using it to behavioral target people. In fact, one of the beautiful things about search engine advertising is that customers are opting in every time they go onto a search engine. They are putting up their hand, and they are saying, ``I am in market for a new car or truck, so please advertise to me.'' And that is OK, and it can work that way. And $15 billion a year are spent by advertisers in that part of the economy, and that is fantastic. And that is an example of where privacy is protected and innovation has happened. Senator Klobuchar. OK. Well, if any of you all want to respond, I think I am out of time, but we can talk about it later. Ms. Shenkan. Thank you. Senator Klobuchar. OK. Thank you. Senator Pryor. Thank you. Senator Blunt? Senator Blunt. Thank you, Chairman. Mr. Taylor and Mr. Davidson, I am going to ask you in a minute if there is any example you have of a problem that the company self-corrected. You know, one of the things I hear is when there are problems that usually the company moves forward and self-corrects them before anybody else even knows they are a problem. And a couple of examples of that would be helpful, if you have them. Ms. Novelli, do you--does Apple track the location of my iPhone? Ms. Novelli. No, sir. We do not track the location of your iPhone---- Senator Blunt. Don't track the location? Ms. Novelli. We do not, sir. Senator Blunt. And is it--are you--is it logging in right now? It is on. Is it logging in, or are you--is there some log- in system that you look at for my iPhone? Ms. Novelli. No, sir. Apple does not look at a log-in system for your iPhone. Senator Blunt. So what do you do? How does it work that I might get some advertisement for something? Ms. Novelli. An advertisement on an app? Senator Blunt. I will be solicited on an--well, on an app or through my mail account or whatever. Ms. Novelli. Well, sir, there are no advertisements on the mail account that is on your iPhone. You could get an advertisement. There is a Web browser on your iPhone that is just like if you used your computer, our Safari Web browser. And that works the same as it would as if you were working from a computer. So that if you are logged onto a website---- Senator Blunt. But I would have to be doing--on something for that happen you are telling me? Ms. Novelli. Correct. That is correct, sir. Senator Blunt. What is crowd-sourced--what is a crowd- sourced database? Ms. Novelli. That is a--essentially what it is, sir, is a map of the locations, the geolocations of cell towers and Wi-Fi hotspots that we derive from information that is anonymously sent to us from people's phones, from iPhones. So the phone, when it goes by a location, will send saying, ``There is a Wi- Fi hotspot here. There is a cell tower there.'' There is nothing that connects it to an individual or the individual's phone. And we are using that map to help people later on when they want to know where they are. And it is a simple process of being able to know where you are relative to fixed points, just like a regular map works. Senator Blunt. OK. Mr. Davidson, back to my other question. Did you think of an example of something that could have been a problem that you all just went in and self-corrected? Mr. Davidson. I think we are constantly innovating. I don't know if it is always about fixing problems. But I will give you a couple of examples. We take the comments from Ms. Shenkan very much to heart about trying to do more to protect children. So, for example, relative recently, we just launched a PIN lock-out feature on Android so that parents could control-- could make sure that--or anybody could make sure that their phone isn't downloading apps without a PIN. We have expanded our Safe Search program, which is a project to enable people to set controls on search results to make sure that they are child friendly. We have just added a flagging mechanism in Android so people can flag bad apps. This is similar to what Mr. Taylor was talking about. These are all things we have done. I think they have all been improved in the last 6 months. Now I would say, you know, some of them are really about trying to make sure that we are doing more and always doing better to protect children. There have probably been other things that we have done that we are constantly trying to correct. Senator Blunt. Mr. Taylor? Mr. Taylor. Yes. It is a very good question, and I think, to Mr. Davidson's point, in the industry we are constantly working to improve the security and safety of our products because it is the basis by which people choose to use them. And if they lose trust in a service like Facebook, they will stop using it. I think a very timely example is actually this Friday, we will be announcing, in partnership with Microsoft and the National Center for Missing & Exploited Children, we are going to be deploying a photo technology that Microsoft Research developed to identify, using relatively sophisticated fingerprinting technology, pictures of missing and exploited children, both to prevent child exploitation on Facebook and help people find missing children. And that is something we did proactively and in partnership with these two organizations because we care deeply about all these problems, just as all of you do. Senator Blunt. Ms. Shenkan, you mentioned something. I just want a little clarification. We need to protect kids from permanent damage. I assume that meant if they had put something out there for people to see. How do you do that if people have already seen it and somebody has already captured that? Assuming that kids have access to this way to communicate, how do you protect them from permanent damage if they have made a decision to put something out there that is damaging? Ms. Shenkan. The issue--thank you for the question. The issue is that the information is not only public when somebody puts it up, which is hard to control, but it is that it is persistent. It is very hard to take the information down. We have talked about in one of our privacy briefings the concept of an eraser button, where it would be very easy for somebody who realized that they put up something that they didn't want up there, that they could then take it down. Senator Blunt. But once you put it up there, can't somebody else capture it, and then they have it? Ms. Shenkan. Yes, and that is the problem. I mean, again, you know---- Senator Blunt. But I mean, that is the problem of putting it up there is somebody else can capture it. And then they have it, and they can share it. Is that--am I wrong on this? Ms. Shenkan. Yes--no, that is the problem. Senator Blunt. Yes. I don't know how you--how you stop permanent damage if somebody does something that is damaging, unless it just happens that nobody sees it and nobody else decides they want to use it. The problem here is access. It is very scary. Any of us who have children or grandchildren, it is very scary to think of what somebody might do. But I am not sure we can actually ever come up with a fence that is high enough or big enough to stop that from happening. And you know, it does have that terrifying long-term problem. But if people have access and they put information out there, it is out there. Ms. Shenkan. Yes. Well, and there is an industry blossoming that you can pay companies to go spend time every month taking down information that is posted about you online. So people are figuring out ways to do it. What we would like to see happen is the companies in this room and elsewhere figure out how to make that much, much easier. Senator Blunt. Mr. Davidson? Then my time is up. Mr. Davidson. I would just add, and I know this isn't the most attractive solution, but a huge part of this is about education. And I have young children. I would just say I think--you know, there is a recent report from the National Academy talked about some of these problems and said, you know, you could try to build a fence around every swimming pool, or you can teach children how to swim. And I think what we really need to work on is how to teach children how to be literate in this new world. And that is a very, very big project. Senator Blunt. Thank you, Chairman. I am sorry I went over. Senator Pryor. Thank you. Senator McCaskill? Senator McCaskill. Thank you. I got a Tweet from my last round of questions I want to address. I didn't mean to sound flippant about HIPAA. I don't know if ``AM Privacy'' is in the room. But if you are, what I was trying to say about HIPAA was that the bottom line is that we had some unintended consequences and some costs that came with HIPAA. That 2-inch screen you talked about? We clearly didn't get that down on HIPAA because most people who are going to the doctor's office are not reading the long thing that they have to read, and they sign. And I bet most people in this room would admit if they go to the doctor, they are not reading the whole long thing they sign on HIPAA, and you have to sign one or two or three of them every time you go, which adds administrative costs in. And there were some unintended consequences in terms of finding people that might have similar very--some of the diseases that are very unique and rare, trying to find people for research purposes. HIPAA has stood in the way of some things that were a problem. That doesn't mean we shouldn't work on privacy. I am just being cautionary that we want to be very careful as we move forward on privacy because so much of the success we have had in this space in our country in the Internet and in the advance of technology has been remarkable. And I want to make sure that we don't have unintended consequences. So whoever ``AM Privacy'' is, I am glad that I could clear that up before I ask my questions. I want to make sure that everybody understands how easy this is in terms of turning off things. I mean, not only do I have the ability to make sure that I don't have any location services on here. I can even go down, and you tell me every single app that is using location services, and I can individually go to each one and turn each one off. The other thing that you do is that you tell me if anybody has used my location in the last 24 hours. There is a little logo that pops up, and so I tried it while the others were questioning. I went on Kayak, checked out a flight, and now there is a little arrow there that tells me Kayak used my current location as I was looking for flight. Now all I have got to do is just flip that switch, and Kayak--I am telling Kayak it is none of their business where I am. Very simple, very easy to find, right on the page. So now, here is the thing I wanted to ask Ms. Novelli and Mr. Reed. I am a little confused why ``Cut the Rope'' is on that list. I am a little confused why ``Paper Toss'' is on the list. And it seems to me if we are talking about just games--I mean, ``Paper Toss'' is a game where you try to get a--it was one of the ones listed in the Wall Street Journal article. All you do--there is nothing in that app that has anything to do with location, other than the fact that you are trying to get a piece of paper into a trash can. And it is just a game. Same thing with ``Cut the Rope.'' So it seems to me if it is very obvious by the app that there is no need for any location, that that could be where the industry could focus on making sure that people understood the consequences. Clearly, the only reason ``Cut the Rope'' or ``Toss the Paper'' is tracking my location is to try to sell to other people where I am going and what I am doing because there is no applicability to the game that is involved. So it seems to me if you could focus there first, in terms of making sure privacy is very obvious. And when I go on ``Cut the Rope'' site, which I just tried, and ``Toss the Paper,'' I don't see anything on there that tells me anything about what they are doing as it related to tracking me. So could Ms. Novelli and Mr. Reed respond to that? Mr. Reed. Well, first things first. You raised a good question, and I would say that I often on games like that, I say ``no.'' When it asks me, ``Can I share your location?'' I just turn it off. The reality is, is that for some of us who are building applications that are ad-driven, the third-party ad networks will ask us for information so that they can provide a higher- quality ad. One of the things--and then that location information is part of it. It is interesting to see that there are actually some interesting kind of small-town benefits that we have seen. I will use ``Red Laser'' because it is a slightly different one. I can hit a--I can hit a SKU. It will tell me the product. It will show me the Amazon price. But right below that, it will tell me Tom's hardware store has that same product. It is $3 more, but guess what? It is right across the street. Now Tom didn't have to buy an ad from a major supplier. He could actually target it just to that zip code. So there are some benefits to that kind of ad marketing. But I would also say that you illustrated the first point most readily, which is you want to use ``Paper Toss,'' and you don't want to use the--and you don't want to see the ads that are targeted, turn off location-based services. And I think that is something that we, as an industry, understand and expect some consumers to do. We have to figure out how we still make money--make money from the ad networks because they control our--they control our income from that. And so, we have to find an agreement with them, rather than us as the tail wagging the dog, where they agree to the terms that you have suggested. Senator McCaskill. Couldn't--Ms. Novelli, couldn't you all--and I know Apple is loathe to do anything to stop the amazing flow of applications that are making your products so desirable, and I get that. But it seems to me on some of these apps that if I had a choice, you can either get it for free and see some ads, or you can pay $2.99 and be ad free and track free. I mean, it seems to me that is a simple consumer choice that could get--that the industry could do, both Google and Apple, if the two of you did it, and Facebook, to the extent that it would apply to you. But I think that would go a long way toward consumers beginning to understand, first of all, that when they are being tracked, it helps pay for things, and that is why they get so much free. And it would begin to drive home, there is nothing better than driving home the point of what they are getting for free and how than to give them that simple choice. Has there been discussion about that? And why haven't you moved toward that kind of model? Ms. Novelli. Well, first of all, Senator McCaskill, there are apps on the App Store--and my husband, in fact, has downloaded a couple of them--where you have that choice. Either it is free and you have to submit to advertising, or you have to pay. And so, there are apps on the App Store like that now. In terms of the pricing, though, we have the developers set the pricing. We have not really gotten into trying to set prices of apps. Senator McCaskill. No, I don't want you to. I just want you to maybe say---- Ms. Novelli. Right. Senator McCaskill.--that people should have the choice as to whether or not they want to pay or whether they want to-- they want the ads. Ms. Novelli. And developers have been making that choice, and there are those choices on the App Store now. And I don't know if Mr. Reed wants to comment? Mr. Reed. If I could indulge for 1 second, what you described is exactly what we are doing. And we appreciate that Apple and now Amazon and Google and others are doing in-app purchasing. But remember that that is exactly the model we are using. We are saying on the store right now I have an app in the ``Paid For'', and then I have one that says ``Free'' next to it or ``Lite.'' You make a choice which one you want. Here is an interesting number, though. And we may even subdivide it and say we will do in-app purchases, so you can turn off ads after you have bought the free version. Senator McCaskill. I know, I know. Mr. Reed. Yes, so---- Senator McCaskill. And I get--and I don't want to cut you off, but my time is over. Mr. Reed. Sorry. Senator McCaskill. But the bottom line is it is not clear. I get ``Lite,'' I get ``Free,'' and I get ``Paid,'' but I don't really understand when I am making that decision that it also might involve tracking. And that is what I am saying. I think that might be something you all could do as an industry that might forestall some unintended consequences by aggressive government regulations. Mr. Reed. Thank you. Senator McCaskill [presiding]. Thank you all very much. And the next questioner would be--it says Senator Udall. STATEMENT OF HON. TOM UDALL, U.S. SENATOR FROM NEW MEXICO Senator Udall. Thank you, Claire. Senator McCaskill. I am following the list I was given by the Chairman. Senator Udall. No, no, no, that is great. Thank you very much. And I know the Chairman isn't here, but I really appreciate him holding this hearing and all of you responding to the questions of the panel. As you can see by the questions, there is no doubt that there is a lot of concern in terms of privacy, in terms of protecting minors and those kinds of things. And I really look forward to your supplemental answers that some of you are going to give because I think those are some of the key questions that are out there. And I think from this subcommittee's perspective, we are going to continue to ask these questions and continue to do oversight. And so, I think you should expect that. Recently, I joined Senators Reid and Schumer and Lautenberg in asking Research in Motion, RIMM; Google; and Apple to stop selling dangerous apps that enable drunk drivers to evade law enforcement. In 2009, drunk drivers killed nearly 10,000 people nationwide, including 141 in New Mexico. Apps like DUI Dodger, Buzzed, Checkpointer, and Phantom Alert provide drunk drivers with the precise location of DWI checkpoints as they drive. This is in while they are driving around. Some apps even offer audio alerts warning drunk drivers as they approach police checkpoints. While I agree that public notification of checkpoints on the news or in the paper can serve as a deterrent to prevent individuals from making the decision to drive drunk, providing real-time accessibility tailored to a driver's location only serves to provide drunk drivers with the tools to more effectively break the law and endanger others at a time when their decisionmaking capabilities are already impaired. And I am very pleased that RIMM did the right thing and immediately pulled these apps from the BlackBerry app store. Why are Apple and Google still selling DWI apps that encourage breaking the law? And that question, I think, would be directed most to Ms. Novelli and Mr. Davidson. Ms. Novelli. Well, Senator, when we received your letter, the first thing we did is start to look into this and tried to research the whole situation because Apple abhors drunk driving and doesn't want to, in any way, be encouraging it. What we found when we looked into it is that there were some differences of opinion among reasonable people about whether publicizing, as you note, checkpoints deters or helps drunk driving and that, in fact, some of the information is actually made public by the police forces themselves and is on the Internet. We are continuing to look at this issue. We will continue to talk with you and your staff as we continue to evaluate it. We do not want to be enabling or supporting drunk driving in any way. Mr. Davidson. I guess I would echo that sentiment. We certainly appreciate the seriousness of the issue that has been raised. We do remove applications from the Android marketplace that violate our content policies. But apps that--after an initial review, apps--we determined that apps that merely share information of this sort don't violate those policies at this time. And so, we are evaluating this. We have been talking to your staff. We have appreciated the chance to continue to do that, and we are taking a very serious look at it. Senator Udall. Now, as far as Apple's stated policy, you don't--you have a policy that you don't encourage with your apps people to break the law. Is that correct? Ms. Novelli. Yes, sir. Senator Udall. And isn't exactly what is happening here is--I mean, you can imagine. You have had our letter now for 2 months. And you can imagine a person that is drunk--DUI, DWI-- driving down the road and they have this--one of these apps turned on, and it issues an alert, tells them there is a checkpoint ahead. Then they can use their device to then find a way around the checkpoint. It seems to me that kind of application is encouraging breaking the law. Ms. Novelli. Well, we are reviewing, as I said, sir------ Senator Udall: Well, you have had 2 months. How long are you going to review it? Ms. Novelli. Well, we will be working with you on this. We are reviewing it. There are some of the apps, for example, that have--a cab number for you to call a cab, alert you that there are, you know, there are checkpoints, and here is a phone number for you to call a taxi. So I think they are not ubiquitous, all of these apps. And as I said, some of the information is made public by the police themselves. So I think reasonable people have different points of view about how to go about this, and we are trying to do this in the most thoughtful and responsible manner. Senator Udall. No, and I understand that. But I hope that you all understand the difference between the police department, the state police, county police, sheriffs, whatever, issuing a broad, general thing that, on Friday night, we are--or Saturday night, we are going to have a checkpoint out there at various points in town. That serves a deterrent, I think, for people to know. Even though, you know, there is a 2 percent chance of catching drunk drivers. So all of us that are out on the highways, 2 percent chance of catching, you utilizing--somebody utilizing these apps, it makes it even less likely. You know, may drop to 1 percent or half a percent or whatever it is. But the important point is, is that here you have law enforcement issuing generalized bulletins. But what people do with your apps, and what they are able to do is specifically, in real time, determine there is a checkpoint and evade the checkpoint and possibly afterwards get in an accident and have somebody killed. So I understand that you all are looking at it closely. But I think this is a crucial question for law enforcement. I mean, I have heard from local police department in Las Cruces. The attorneys general of New Mexico, Delaware, and Maryland have also signed onto this issue and are asking the same questions. And I think the more that this is out there, you are going to be getting these kind of questions. I am sorry, Mr. Chairman, for running over. But I very much appreciate--I said earlier, your effort at consumer protection and what you are doing in this area is greatly appreciated. Thank you. Thank you, and thanks to the witnesses being here today. Senator Pryor [presiding]. Senator Udall, you are asking important questions. Thank you. Senator Rubio? STATEMENT OF HON. MARCO RUBIO, U.S. SENATOR FROM FLORIDA Senator Rubio. Thank you, Mr. Chairman. Thank you guys for being a part of this. This is very timely and interesting. Just to close the loop on the Apple portion of it, as an Apple user with a lot of Apple users in our family, I think one of the things that created all this frenzy--and I know the answers to this, but I wanted other people to hear it as well-- is the two researchers that found that file on the iPhone and the iPad that appeared to contain the time-stamped record, and then they were able to go out and create an app that basically created that map, the whole thing that flared up in late April. And the company, I think, acknowledged that that was a glitch and has offered some updates to fix that. Are those updates available already? Ms. Novelli. Yes, sir. Those updates have already been implemented for most of all of the questions. There was one question about encryption that is going to be implemented shortly. But I would say that, again, that there was no actual information on your phone about your actual location at any time. What was on your phone was essentially like a city map of Wi-Fi hotspots and data bases, not where you were on that map. Senator Rubio. Right. But the key to it was that the company's position was that it wasn't intentional. It wasn't our design. It is a glitch that exists. For example, even if you had--even if the toggle switch had said no, it still was feeding the information, and it was storing it for longer periods of time. Ms. Novelli. Correct. Senator Rubio. So the company is now providing a single update, or is it multiple updates? Ms. Novelli. That update went out a couple of weeks ago, and it--there is no more---- Senator Rubio. Well, but---- Ms. Novelli. Which is working perfectly now, and it is not backed up. Your information is not backed up to a computer, and the encryption question is being addressed in our next update. Senator Rubio. So someone who has an iPhone or an iPad, that update is available. They still have to pull the update into their device? Ms. Novelli. Yes. It is a free update. Senator Rubio. And what would they--just for people watching this--need to functionally do? Ms. Novelli. When they synch their phone, they will get a notice saying there is an update available. Do you want to install it? You say yes, and it just installs on your phone. Senator Rubio. So, basically, anyone out there who hasn't updated their phone in the last---- Ms. Novelli. In the last 2 weeks. Senator Rubio.--should go and update their phones so that this information is all available for them. Ms. Novelli. Yes. Senator Rubio. OK. The second question has to do with the relationship with third parties. There is some confusion about that because people go to the Apple App Store or the Android market or Facebook, wherever. When someone buys an application from an online store like that, both from the reality and from the legality perspective, who do they have that--who is their relationship with, their business relationship when they do that? Like if I go on and I get an application for my phone--and I think this question is for all of you, because I think Facebook does that as well--who do I, at that point, have the relationship with? Is it with you, the marketplace? Or is it the actual app vendor? Ms. Novelli. Well, just from our perspective, once you buy the app and you use it, your relationship is with the app developer at that point. The first-party relationship is with the app developer. Mr. Davidson. We would agree with that, and usually, for example, a lot of applications, there will be a terms of service you have to agree to when you first install it or something like that. And there is an agreement there. I think it is why users need to be careful about what applications they use and be thinking about that. It is also why we have tried to give people in our Android marketplace at least as much information as we can before you install the app because that is sort of when we lose the relationship. Senator Rubio. I think that point is critically important because a lot of people aren't clear about that. And I know that anyone who sells an app goes through a general screening process. But ultimately, your business relationship is only as good as the company or whoever it is you are interacting that app with. And so, that is important. Here is my secondary question. If I have a problem with an app--let's say I pull an app into my device, and then, all of a sudden, I start having problems with them, any of these other issues that we are talking about. Let's say I am able to deduce that there is a problem or I get suspicious. Is there a process in place where I can report them to you? What is that process? Mr. Davidson. So, in our case, we have installed a flagging mechanism so that users can flag applications for a variety of different reasons. And there, you get a check--once you do it, you get a whole set of reasons why you might want to be flagging it, and that is going to a place for review. And that is the starting point for us. Senator Rubio. Is that the same for Apple? Ms. Novelli. We have an ability on our app store to contact us. And you can flag any concerns you have, and we investigate immediately. Senator Rubio. OK. My last question is for Facebook. It is about the geolocation data that is collected when people check in on the Places feature. Is this only collected at the time they check in? Mr. Taylor. Right now, the Places feature is designed so you can explicitly share your location with people that you choose at the time of sharing. And so, Places is not a feature about passively sharing your location. It is about actively sharing your location. Senator Rubio. But that happens when you--at that moment, when you check in, basically. It is an active--it is an act of the---- Mr. Taylor. Yes, you actually click a button that says ``check in,'' and that information goes on your profile. Senator Rubio. And then how long do you guys keep that information? Mr. Taylor. That information that you shared, like ``I am at this restaurant with some friends,'' that is on your profile as long as you want it to be. And you can remove it from your profile at any time. Senator Rubio. But if the individual doesn't remove it, it stays on there indefinitely? Mr. Taylor. Yes. It is because we consider it just like if you published a status update on Facebook. It is you made the decision to share where you were, and it is up to you who you want to share it with and if you want to delete it. And you can actually change both of those after the fact. Senator Rubio. Right. By the way, you are probably not shocked that some people lie about where they are on their updates. [Laughter.] Senator Rubio. I have seen that a few times. But, so people understand, when they go on there and they log on, they say, ``I am here,''--that is going to stay on there forever unless you actively go back and delete it yourself? Mr. Taylor. That is correct, and it is because, fundamentally, it is just like if you decide to share a status update or a photo, we consider that your information, not ours. And we consider it actually sort of an imperative to actually keep that information because you have entrusted us to keep it on behalf of, you know, sharing it with your friends. Senator Rubio. Thank you, guys. I appreciate it. Thank you. Mr. Taylor. Thank you. Senator Pryor. Thank you. Senator Thune? STATEMENT OF HON. JOHN THUNE, U.S. SENATOR FROM SOUTH DAKOTA Senator Thune. Thank you, Mr. Chairman, and I want to thank all the panelists. We are all encouraged by the substantial growth and the wonderful technology we have today in the mobile marketplace. But it does, you know, obviously raise questions and concerns about how the developing industry is impacting consumer protection and privacy. And so, having all these--access to all these things in the palm of your hand is a wonderful tool. And then there is a lot of competition to create the new, best, greatest thing, which is part of our entrepreneurial spirit in America. But we want to make sure that when we do it, we do it in a way that does appropriately protect consumers online without stifling that innovation and growth. So I want to direct a question, if I might, to Mr. Davidson, and it has to do with this FTC recently alleged that Google had violated the FTC Act inappropriately--by inappropriately collecting Gmail user information to populate Google's Buzz social network. According to the FTC, Google's action led to its Gmail users receiving contact with individuals whom they had serious concerns about. Could you talk a little bit about how Google has responded to the FTC on that matter? Mr. Davidson. Absolutely. You know, as I said in my testimony, we hold ourselves to high standards on providing transparency and choice control to our users. And the situation that you allude to, where the launch of our Buzz product didn't meet those standards was very confusing for our users. We think we have fixed it relatively quickly. In a matter of days, we had changed the product. But we had been in a longer conversation with the FTC about it afterwards and then, relatively recently, entered into a consent decree with them. We have agreed to, for the next 20 years, put our money where our mouth is, and we have signed up for two major things here. One is really installing--instilling privacy by design, a process in our company for making sure that we are thinking about privacy from the earliest moments. And that is going to be something that is audited and assessed by an outside auditor and reported to the FTC every 2 years for the next 20 years. The second thing is that we have agreed that we are going to get affirmative consent from users for any new sharing of information. And those are two very powerful things, and I think those are the kinds of things we said we would do and had agreed to do, but now we have got a consent decree with the FTC to show our users that we are going to do it for the next 20 years. Senator Thune. Do you think that some of those particulars that you talked about might be considered a best practice for other companies to consider? Mr. Davidson. You know, I think that is something probably better addressed to other companies. I know that there are a lot of different models out there. We think that this was the right thing for Google and for our users, and so we have adopted this agreement with the FTC. And I leave it to others to decide what is right for other companies. Senator Thune. OK. I am concerned that if companies agree to implement more restrictive privacy controls, that there are still individuals who are going to try and hack into mobile devices and apps to collect user information for third-party users. It just seems that mobile devices and apps are far more susceptible to hackers and to those types of deceptive activities. And this is a question that any of you feel free to answer. Has the industry considered how they can make mobile devices and apps more secure, similar to how we, you know, protect our home computers with anti-virus software and firewalls, those sorts of things? And are we seeing any companies that specialize in security for mobile devices and apps? Mr. Reed? Mr. Reed. On the first part of the question, yes. As a matter fact, there is a company called Lookout that is building a product for the Android platform that provides security and malware detection for the Android platform. I mentioned the Android because it is a little different than Apple. Apple gives us as developers very little access to information of the device itself. They are very restrictive in what we in the developer community can ask for in terms of information. So we--it is a little--it is where you see a lot more in the space, in the Android space, where it is more of the wild, wild West, and where there is more of a tendency for people to do the kinds of malfeasance that you are talking about. So Lookout is an example of a company that has come to the fore to address the problem that you have stated. Mr. Davidson. Yes, we would--so, first of all, I think there is a huge amount of energy being put into security. It is a great question. You won't be surprised that I wouldn't characterize it as the wild, wild West. [Laughter.] Mr. Davidson. I think, actually, our view is actually the openness of the platform and the fact that the code is open source is actually a major security feature because people around the world are able to look and assess the code and assess the system and the security architecture and test it all the time. And that means that we believe in--you don't get security with secrets anymore. You get security with openness. The other thing is that there are a huge number of features, and we are among the people who are rolling these out, and they are being rolled out for the mobile platform, things like making sure that there is https encryption by default on major products like Google, like Gmail, and it is available on Search as well. We have added a two-factor authentication on another system to Gmail. That means that a password is not enough. You might actually to have a device and a password, which I think for people who are really concerned about their mail products, this is really important. And there are a lot of other companies who are rolling these kinds of things out as well. So it is a very important area, and there is a huge amount of research going into it and work going into it. Senator Thune. Is there anything that Congress can do to help encourage greater protection when it comes to mobile devices and apps, or would you rather we stay out of it? [Laughter.] Mr. Davidson. Well, it is a rapidly evolving area, for sure. I think there has been discussion about data breach legislation. I think a lot of us, for example, would say that that is an area for consideration because there is such a patchwork of state laws. But I would just recognize there is a huge amount of------ Senator Thune: It is already happening. Mr. Davidson. It is a very dynamic environment right now. Senator Thune. OK. All right. Thank you, Mr. Chairman. Thank you all very much. Senator Pryor. Thank you. Thank you, Senator Thune, for being here and asking those great questions. I want to thank all of the panelists for being here today. I know that when you look at the pleasantness scale, sometimes coming before the Senate is way down here. But thank you for being here and thank you for testifying. And as much as we talked about today, we covered a lot of issues. I feel like we still are just kind of at the tip of the iceberg here. There is just a lot more to know and to learn and for us to weigh through, and we certainly appreciate your all's input and your help as we go through this. We are going to leave the record open for 2 weeks, and I am certain that several will have additional questions and want to do some follow-ups. I know I have a few. But we will leave that open for 2 weeks, and we would really appreciate you all working with the staff and getting that back to us in a timely manner. Thank you for being here, and we will adjourn the hearing. Thank you. [Whereupon, at 12:29 p.m., the hearing was adjourned.] A P P E N D I X Prepared Statement of Hon. Kay Bailey Hutchinson, U.S. Senator from Texas Thank you, Mr. Chairman, for calling this hearing. Privacy is a very complex issue, and today's witnesses will help the Committee continue its education on this important subject. This hearing will strengthen our understanding of the relationship between consumers and the many players that make up the mobile communications marketplace, including how personal information is collected and used by mobile devices and services. It is important to ensure that we fully understand what the impact is on consumers who take advantage of mobile communications, and the relationship between the utilization of consumer data and the provision of advanced, often free services. Mobile communication is a rapidly changing marketplace, where new technology is constantly advancing and overtaking previously groundbreaking technology. This is even truer in the mobile marketplace, where the last few years have seen an explosion of highly evolved and increasingly capable products. For example, mobile apps really just surfaced in 2008, but as we will hear on our second panel, the number of available mobile apps will likely exceed 500,000 by the end of this year. Each of these apps had to be developed, and that development brings economic benefits to our economy and the creation of jobs. Now more than ever, we should be encouraging sectors of our economy that show this kind of promise for continued job creation. With these new technologies have come new and increased recognition of privacy concerns for consumers who use online products and services. Consumers are understandably wary of products that they may not fully understand, and of what companies do with the information about consumers that they gather. This concern has come to the forefront with several high-profile incidents involving collection of consumer information. The attention those incidents received has served to raise public awareness that their information may be collected and used. This increased attention has also made many consumers more conscious about privacy policies and practices when utilizing new products and services. The marketplace appears to be responding to those concerns. Some companies have already started taking steps to improve privacy policies so they will no longer be merely screens of complicated information that a consumer quickly clicks through to get to the next screen, or to the desired application. Many consumers are more aware of data collection activities and are looking for how a company treats their data. As a result, privacy policies and robust protection policies have become a selling point for many new technologies. It is a positive development that several industries are working to create self-regulatory guidelines and best practices related to consumer privacy. In response to the FTC's call in 2009, the Digital Advertising Alliance created self-regulatory principles governing the collection and use of information online. Also, a majority of Web browsers are implementing various methods to allow consumers to prevent their online activity from being tracked. In the mobile space, there are already privacy safeguard certifications available for mobile apps, and the app community is coming together to create its own set of privacy guidelines. This is how the market is supposed to work--a consumer concern was identified and industry is working to address that concern. While it is probably to early to determine if these market developments will work to fully meet consumer privacy needs, it is also too soon to assume that they won't. Another area of concern has been the impact that these new technologies have on children. As technology users become increasingly younger, we must be mindful of the special needs those users have and work to ensure their privacy is protected. I am interested to hear from the FTC today about its ongoing review of the Children's Online Privacy Protection Act, and how that applies in the mobile space. It will also be helpful to hear from the companies on our second panel how they handle young customers, and what they do to ensure their privacy is protected. One of the most effective means of protecting children is ensuring parents are educated about what their kids are doing. That can be a challenge in the technology space, as many of todays' kids know much more about mobile communications than their parents ever will. There is a real need to provide parents with information that they can trust, that is easy to understand, and that is easy to apply in monitoring their children's activity. I am interested to hear from all of our witnesses what they are each doing to promote consumer education, specifically for parents. As legislators, we have an important role in shining light on and investigating important issues to consumers. I believe we are appropriately filling that role in relations to privacy, and commend the Chairman for his continued commitment to ensuring our Committee is educated about these issues. It will be important going forward that we continue to learn about this complicated topic so we can better understand how this complex system works, and what the potential ramifications of any new regulatory action would be. I want to thank all of our witnesses for being here today, and I look forward to a productive hearing. ______ Response to Written Questions Submitted by Hon. John F. Kerry to David C. Vladeck Question 1. What is your general impression of the legislation on privacy that has been introduced in Congress thus far? Answer. Although the Commission has not taken a position on general privacy or Do Not Track legislation, legislation introduced to date, including the Commercial Privacy Bill of Rights, the Do Not Track Act of 2011, and the Do Not Track Kids Act of 2011, all represent significant progress in addressing important privacy concerns while ensuring continued robust development and growth of new services. I support the fundamental goals of each of these pieces of legislation, respectively, to improve transparency and consumer choice over information collection, use, and sharing practices, to provide transparency and consumer choice regarding tracking, and to provide privacy protections for children and teens. Question 2. Your answer to this question is important for helping us frame the debate and how you view it. For the record, when a company or organization collects someone's information, do you believe that the information is at that point the collector's or is the collector simply a steward of people's information and that the people on whom information is collected should retain some rights and authority over that information? Answer. The courts have not spoken on the issue of who owns this data. But regardless of who legally owns the data, we believe it is in both consumers' and business's interest for companies to maintain privacy-protective practices. Maintaining privacy protection can help build consumer trust in the marketplace. To achieve this goal, companies should not collect data unless they have a legitimate business need to do so; safeguard the data they maintain, in order to keep it from falling into the wrong hands; and dispose of it once they no longer have a legitimate business need to keep up. In addition, they should provide consumers with simple ways to exercise choices about privacy and make sure that their information collection and use practices are transparent. ______ Response to Written Questions Submitted by Hon. John F. Kerry to Bret Taylor Question 1. What is your general impression of the legislation on privacy that has been introduced in Congress thus far? Answer. At Facebook, we are constantly innovating to give people clear control over what they share and with whom. We believe that any legislative or regulatory proposal should protect both consumer privacy and the innovation of new products and services, which is essential to economic growth and job creation. We are pleased, for example, that the Kerry-McCain legislation acknowledges that there is a difference between entities that have an established relationship with their users--a relationship that enables users to understand how their data is used and hold companies accountable for misuse--and those that may be gathering data without a consumer's knowledge or consent. We do, however, have some remaining concerns--for instance, how the bill defines ``sensitive information'' in a social media context where people are proactively sharing information about themselves; how limitations on ``third parties'' could restrict innovation and growth in our vibrant developer community; and how various provisions could impact important business partner relationships. We look forward to working with your office on these and other concerns to ensure that the bill encourages companies to advance users' understanding and control over their information while maintaining providers' and developers' ability to innovate. There have also been a number of proposals in Congress that advocate a ``do not track'' feature. We have concerns about those proposals that focus on data collection limitations without regard to the nature of the business relationship and the intended uses of data. A properly crafted do-not-track proposal would focus on the data practices of entities that do not directly engage with users, and that thus are not accountable to them. In addition, it is essential that any do-not-track implementation specifically define what kind of ``tracking'' is prohibited. Some collection of information might be defined as ``tracking'' under a legislative proposal, but might not be a practice that users would intend to block by expressing a do-not-track preference. For example, a website may use historical login data that it has collected for account security purposes: if our systems detect login attempts from Belarus for a Facebook account that is usually accessed from an IP address in Washington, D.C., the ``tracking'' that alerts us to that situation allows us to activate safeguards intended to ensure that the individual accessing the account is in fact the account owner. That ``tracking'' isn't problematic and shouldn't be blocked by a user's do-not-track preference; to the contrary, it's necessary to our efforts to provide a safe and secure service. Question 2. Your answer to this question is important for helping us frame the debate and how you view it. For the record, when a company or organization collects someone's information, do you believe that the information is at that point the collector's or is the collector simply a steward of people's information and that the people on whom information is collected should retain some rights and authority over that information? Answer. User privacy, safety, and control are at the center of every product decision at Facebook. People control when, how and with what friends, websites and applications they want to connect to share their data, and at any time, they can remove that data or break those connections. Users own the information they share on Facebook and they can download or delete their data, modify and review their privacy and sharing settings at any time, or delete their accounts. Question 3. How would you compare what Senator McCain and I are proposing to the regime you operate under in Europe or other parts of the world? Answer. We are pleased that your proposal attempts to strike a balance between user control and economic growth and innovation, both of which are essential. Although many privacy laws and regulations in Europe and elsewhere also seek this balance, we think the critical step made by your legislation is the recognition that context matters: a company that has established, direct relationships with its users should not be regulated in the same way as entities that collect data as third parties to a user-website relationship--entities without a direct relationship to the user who may be gathering data without the knowledge or consent of the user and without any user control over the data collected. As I noted above, we look forward to working with you and Senator McCain to ensure that your bill strikes the critical balance between encouraging innovation and ensuring people have control over the information they share online. Question 4. Mr. Taylor, in your testimony, you state that before you institute proposed changes to your privacy policy you put them for comment for your users and if a threshold of comments is reached, you put the changes out for a vote. And you state, ``Time and again, Facebook has shown itself capable of correcting course in response to individual suggestions and we will continue to be receptive to that feedback.'' When you change your privacy policy, does it change how you use or how people can access information you have previously collected and if so, shouldn't that require an opt-in choice if there is any question that the change would have affected whether or not that person would have given you their information in the first instance? Answer. At Facebook, we're continually creating innovative tools and experiences that deliver new and unique value and benefits. We bring this same spirit of innovation to communicating with users about our services and giving them tools to understand exactly how our service works; we want people on Facebook to be able make informed decisions about whether to use Facebook and what to share with their friends and the world around them. As you noted in your question, before we institute changes to our privacy policy, we present the proposed changes to our users and offer them an opportunity to comment on them. If there is significant engagement on the proposal, we put it to a vote of all Facebook users; even if a vote isn't triggered by the comment process, we review and are receptive to the feedback we receive. We believe that this notice and comment process--which notifies people about proposed changes and gives them an opportunity to comment on them before they take effect-- is unique in the industry. We also recently announced--and invited feedback on--a new format for our privacy policy that we think can serve as a model for the industry. This new format involves interactive features, tips, and educational materials, all of which are designed to make our privacy policy not only informative and accurate, but easily understandable as well. So far, the feedback on this ``privacy policy 2.0'' has been overwhelmingly positive, and we expect to formally adopt that new format in the near future. Right now, these initiatives stand alone in the industry, but we hope that our efforts in this area--both our notice-and-comment process and our reformatted privacy policy--can serve as a model for other companies that, like us, want to go the extra mile in communicating with users about how they use information. Most revisions to our privacy policy attempt to better explain our practices to users: as our products and services evolve, so do our notices. It is rarely the case that we would revise our privacy policy in a manner that would enable us to retroactively change the audience that can view information that has already been shared on Facebook. With that said, should a change materially alter something fundamental about how we access, collect, or use information that has previously been shared on Facebook, we would consider additional notice and consent mechanisms. This is a fact specific analysis, based on the practices and the services offered. It is also important to note that outside the confines of our privacy policy, we routinely communicate how products work through ``roosters'' that update users about new or enhanced features either when the users arrive on Facebook or when they use a particular product. How these special messages are distributed--appearing on the top right corner of the homepage, through Facebook messages, through blog posts, or other communication channels--is a highly contextual, fact-specific question. But be assured that we don't hesitate to use those options when we determine that changes should be explained so that people understand the products we provide and any information sharing or use associated with those products. Question 5. When a Facebook user visits one of your partner sites, say the New York Times, are they ever tracked on that website in a way that is not visible and known to them? Answer. Privacy is a responsibility we share with our global community of users, advertisers, and the developers of applications and websites that connect to our Platform. As part of this shared responsibility, we believe that everyone who participates on the Facebook Platform should commit to the same robust standards of transparency and user control. Your question specifically relates to websites that connect with the Facebook Platform. When a third party deploys a Facebook social plugin on its website, it does so to enable its viewers to link their on-site experience with their Facebook experience. These features allow users to interact and share in ways never before possible through Facebook technology that allows logged-in Facebook users to interact directly with Facebook while on the third party site. For direct interactions (e.g., by clicking a like or recommend button), the user is interacting with Facebook the same way she would if she was on facebook.com. In cases where someone visits a third party site and does not ``interact'' with the social plugin, Facebook only uses collected information to generate anonymous or aggregate reports, which are used to learn more about the Internet and make our products and services better. Facebook's terms prohibit website or application developers who integrate with the Facebook Platform from directly or indirectly transferring any Facebook user data to third parties such as ad networks, data brokers, and the like. Except for limited basic account information, which along with all data is subject to the developer's privacy policy, the data accessed through Facebook when a Facebook user connects to an application may only be used within the application unless the user provides express consent to the application. Questions about any data collection or tracking that websites other than Facebook might engage in are, of course, best directed to those websites. The New York Times, for example, has a lengthy privacy policy that includes a comprehensive discussion entitled ``What Information Do We Gather About You?'' \1\ When Facebook users visit the New York Times website, non-Facebook actions taken on the site--clicking ads or filling out forms, for example--are governed by the New York Times' privacy policies, not Facebook's. However, for our part, we require that developers that integrate with the Facebook Platform post and adhere to their own privacy policy that tells users what user data they are going to collect and how they will use, display, share, or transfer that data. --------------------------------------------------------------------------- \1\ http://www.nytimes.com/content/help/rights/privacy/policy/ privacy-policy.html. Question 6. Mr. Taylor, Facebook has grown to more than 600 million users. I don't think that there is another social network that comes close in terms of size and scope. Doesn't that mean that if you want to access this world of people with all the benefits you list, then you don't really have a choice just to switch to another social network if Facebook privacy practices cause you concern right? Answer. People unquestionably have choice when it comes to connecting with others and expressing themselves online. Hundreds of millions of people use services other than Facebook to connect, to micro-blog, to share photos and other details of their lives, and to identify and consume content online and off. In the U.S., these services include Twitter, LinkedIn, MySpace, Diaspora, Picasa, Tumblr, Blogger, Wordpress, Path, Ping, Foursquare, Gowalla, and many others. Internationally, Orkut, Tuente, Studi VZ, V Kontakte, Ren Ren and a host of others are popular and growing quickly. As recently as two years ago, MySpace was perceived to be the nation's leading social network and Facebook was the upstart. Virtually every day, the media reports news of another social media initiative-- either from established technology companies such as Google or Apple, or from new, aggressive, and often well-funded competitors. Facebook, in short, operates in a robustly competitive environment that keeps us highly motivated to innovate and to continue providing people with services they find meaningful. We have developed the Facebook Platform in a manner that enhances competition and fosters that motivation. As I explained in my testimony, the Facebook Platform is, at a conceptual level, modeled on the open architecture of the Internet. We permit--indeed, encourage-- developers to launch applications that provide users with new and innovative social experiences, even where those experiences are similar to features we provide on facebook.com. To pick just one example, numerous location-sharing services--Foursquare and Gowalla, to name some--have integrated with the Facebook Platform, which has helped them grow. Those services directly compete with our own location-sharing service, and their presence on the Facebook Platform provides additional assurance that we will remain highly competitive and innovative. If we don't--not just in location sharing, but also in photos, messaging, micro-blogging, and other services--users will go elsewhere. The same is true with respect to the privacy controls we provide to users. Facebook's mission is to make the world more open and connected. The explosive growth of Facebook and the many sharing sites listed above shows that people around the world believe in that goal as well: people want to share, they want to stay connected with their friends and families, and they want to feel connected to the world around them. We think that the best way to encourage that sharing is by giving users control over what and how they share, and with whom. We care deeply about privacy, and we are continually innovating to make controls clearer, more direct, and easier to find and use. We think that's the right thing to do, and, at least as important, staying competitive demands it. If we stumble--either because our service is not engaging or because people believe they lack control--they will turn elsewhere. Although there are many other websites that offer social networking services, we are committed to leading the charge in the industry in how people control their information, and we think the user trust that results from that leadership is one of the key reasons we have been successful to date. People tacitly acknowledge these efforts with continued use of our product, and they explicitly acknowledge it too: an October 2010 study by TRUSTe indicated that the vast majority of parents and teens understand how privacy works on Facebook. But as your question acknowledges, we can't please everyone. Although we think there are enormous benefits to being a part of our open and connected global network, those benefits are predicated on a willingness to share some basic information and connect with others. Some people are resistant to sharing and connecting online, and they may be uncomfortable with even the very limited mandatory information that is displayed on every account. We feel that it isn't a lack of competition that prevents those individuals from enjoying the benefits of Facebook and other social media. That said, as I mentioned before, we are always working to make our privacy controls more powerful and easier to use and understand, so that even people who may have reservations about sharing at the outset--or those with less sophisticated Internet and computer skills-- feel comfortable on Facebook. That continuous improvement and user education are essential for our business in a competitive and rapidly changing market, and they are a critical part of our mission to make the world more open and connected. ______ Responses to Written Questions Submitted by Hon. John F. Kerry to Morgan Reed Question 1. What is your general impression of the legislation on privacy that has been introduced in Congress thus far? Answer. Currently, Congress is considering at least 7 different privacy related bills, ranging from narrow bills dealing with just geolocation, to more comprehensive privacy efforts. Given the broad scope, it seems best to talk about the characteristics found in the legislation that are beneficial to our technology ecosystem, and those that may hinder us: Most of the bills in Congress today take a technology focused, rather than data focused, approach. With the exception of the Kerry- McCain bill, nearly all other privacy legislation in the 112th Congress begins from the premise that new technology somehow requires new or different law. he fact remains that your location is tracked by the swipecard at the grocery store even though a smartphone with GPS was never used--and I am not required to ``opt-in'' anew every time use my customer card even though it is collecting my location data. Likewise, mail-order catalogs are often tailored to each recipient, despite any ``opt-in'' preferences or requests from the resident. We believe the holistic approach represented in Kerry-McCain is more effective, and does not disadvantage new technologies. Many of the bills in Congress do not adequately address the need for FTC resources to enforce new provisions, at the same time the FTC is not even beginning to fully enforce existing privacy laws like COPPA. Since passage of COPPA in 2000, the FTC has brought roughly a dozen actions against high profile sites, barely more than one a year. Yet FTC's inaction has not been because the Web has become a perfectly compliant environment. Every child advocacy group could provide Congress a list of dozens of non-COPPA compliant sites run by legitimate organizations--the FTC simply lacks the resources to build a case and prosecute the violators. Finally, some of the legislation, specifically bills addressing ``Do Not Track'' create technologically unworkable, and potentially deceptive problems. This is because a Do Not Track list is very different from the highly successful Do Not Call list. Since consumers have few phone numbers, and such numbers are static, it was easily implemented. On the other hand, a Do Not Track list requires the collection of information about every Web browser, mobile device, and application a consumer uses. This can be dozens if not hundreds of different identifiers. Furthermore, these are not static values in the same way a phone number is; consumers and developers can change and delete software cache and preferences. Also, FTC Commissioners have raised concerns that use of ``Do Not Track'' may be deceptive \1\ since under a Do Not Call, the consumer receives no advertisements. However, under a Do Not Track, the consumer still sees ads, perhaps more ads, just not ones that are based on their interests. --------------------------------------------------------------------------- \1\ See FTC Staff Report, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers, Concurring Statement of Commissioner J. Thomas Rosch, page E-1. --------------------------------------------------------------------------- We ask that when deciding how to proceed, you remember that the provision of many of the $1 or free applications available to users is predicated on the collection, use, and sharing of non-sensitive information by the default. We support a customers' right to opt-out of such collection, but many of the bills allow the FTC to determine the default for consent to the sharing of non-sensitive information with third parties. Since the FTC is on record as expressing that the default should be an ``opt-in'' to consent,\2\ this would force apps developers to charge higher prices, provide less content, or even stop developing. Furthermore, the default opt-in requirement locks in existing businesses' control of the market while inhibiting new entrants. Under an opt-in regime, established businesses can more easily completely consumers to opt-in to data sharing. And other large businesses like Google, can simply purchase third parties, making them first parties, completely circumventing any laws preventing third-party sharing. --------------------------------------------------------------------------- \2\ See Comments of Jessica Rich, Deputy Director of the FTC's Bureau of Consumer Protection on Google-Buzz Settlement. Question 2. Your answer to this question is important for helping us frame the debate and how you view it. For the record, when a company or organization collects someone's information, do you believe that the information is at that point the collector's or is the collector simply a steward of people's information and that the people on whom information is collected should retain some rights and authority over that information? Answer. The question of information ownership vs. information stewardship depends in large part on the type of information held. It is important to note that even within the context of information regarding an individual's use of a product, sensitive data (financial or health) is already governed by separate laws (GLB and HIPPA respectively). Ownership confers a property right that often cannot truly be executed on information that may be in the public domain. It's like the old riddle, ``What is very personal that you share with everyone and everyone else uses more than you? Your name.'' I can't ban its use by others, I can't stop people from calling it to me in public, yet I think most of us feel some level of possession over our name. Therefore information about a person is hard to structure in the same way we would ``ownership'' of the shovel that sits in my garage. The courts, however, have determined that certain intellectual property rights do accrue to information about something or someone that has been merged with other data to create a new information product. Analysts can look at public business records and then combine that information with independent research to create a copyrightable product. Other court cases have addressed the ownership of customer lists, and the treatment of such data as an asset. Finally, FASB has rules governing the treatment of customer lists as an asset.\3\ Therefore, we see information pertaining to how a consumer uses my product as the property of the business. --------------------------------------------------------------------------- \3\ FASB 141 (ASC 805) --------------------------------------------------------------------------- The product's creator is allowed to know and keep the information that you used the product, and what specifically you did while you were using the product. For example if it's a Web page, the developer of the page should be allowed to know what pages have been visited by what IP addresses, or for a mobile game developer to know what level you've finished. If the site or game provides for registering, then it is reasonable and fair for the product's creator to keep the information that ``[email protected] has made it to level 12''. The next category of information is ``reference data.'' Information that might not be about the use of my product, but which companies are allowed to collect and maintain control. For example, you cannot be allowed to own information to the degree that you could remove just the problem areas in a credit report, or to submit a false address into the DMV. However, there is a need for the organizations and companies that collect ``reference data'' to keep the information accurate, and have reasonable procedures to correct data that is wrong. Companies in this regard may still own the data, but have greater responsibility to allow me to see the data they possess. For that reason, Congress has passed FCRA, GLB, HIPPA and other legislation that grants the person whose data is in question to play a part in ensuring accuracy. One of the more interesting questions regarding ``ownership'' deals with location information. The news reports regarding the collection of GPS information on mobile devices is a bit unnerving, but do I ``own'' my location? If I am standing in front of the grocery store and a friend sees me, do I ``own'' that bit of information? When I use my grocery store swipecard inside the store, which stores the time of my purchase as well as the location of the store (and even the specific register I passed though), do I own that? In both cases the answer is no. When standing outside on the street, I have no expectation of privacy; I expect that others can see me. And when I sign up for a swipecard, I expect that the grocery store is going to collect, and even sell, the information. This example holds true for mobile devices. Apps that broadcast my location as part of their key functionality is the same as standing on the street--I expect that I will be seen, and even desire it. An app that uses advertising as the funding mechanism, and alerts me to the collection of location information, is like a swipecard that gives me discounted prices in exchange for my information. Note that this information in question is often given to the recipient from the user in return for services from the recipient. For example, the a user will give the Washington Post their e-mail address, zip code, gender, birth year, job industry, title, and responsibility in exchange for access to the Washington Post's content. In essence, the Washington Post is buying the rights to this content from the user for the price of the newspaper's content. Likewise, using a ``Savings Card'' at Safeway enables the store to collect information about users' buying habits and then resell that information. Safeway then gives some of the earned money back to consumers through discounted products. By allowing this transaction, we allow users to monetize their personal information and trade it for goods and services. Question 3. Mr. Reed, in your testimony you question the need for new legislation given the FTC's current authority and you argue against a new law that only targets app providers. I agree that our work should be comprehensive but have some questions for you about the adequacy of the FTC's current authority. Is it your opinion that app providers today are complying with fair information practice principles absent any new law? Answer. Most apps developers are making best efforts to ensure the proper collection, use, and protection of consumers' data. They are undertaking this not primarily because of the legal ramifications, but more significantly the business implications that come with a breach of customer trust. Apps developers know that the trust of the their customers is paramount, especially with so many competitors in the market. The focus of The United States Federal Trade Commission's Fair Information Practice Principles (FIPs) has always been on those who actually collect data, and independent research shows that the vast majority of mobile apps do not collect any personal data; thereby complying with FIPs. That said, some areas of data collection are unclear, and we all await the upcoming FTC rulemaking to help developers understand how best to follow the FIPs, for those apps developers who still need to improve their compliance, ACT is developing methods to assist them. ACT is releasing this upcoming week its Privacy Policy Guidelines for Apps Developers. ACT will follow up with model privacy policies. Finally, ACT is creating a custom privacy policy generator for apps developers. Question 3a. Does the FTC have the authority to mandate that app providers secure the information they collect or provide consumers with specific information about why that information is collected and how it will be used and distributed? Answer. First, the information we are talking about here is non- financial, non-health information (that is already covered under GLB and HIPPA). So really, the question is, does the FTC have authority over non-sensitive information that apps developers collect. I believe the FTC already has the requisite authority to ensure that apps developers properly treat the non-sensitive information they collect under section 5 of the FTC Act. This is supported by the FTC Staff Report--Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers--Concurring Statement of Commissioner J. Thomas Rosch: Moreover, Section 5 liability could not be avoided by eschewing a privacy notice altogether both because that would generally be competitive suicide and because that course would be deceptive in that it would entail a failure to disclose material facts. A privacy notice that is opaque or fails to disclose material facts (such as the fact that consumer information may be shared with third parties) is deceptive under Section 5. That is particularly true if the sharing of the information may cause tangible harm. Moreover, Section 5 liability could not be avoided by eschewing a privacy notice altogether both because that would generally be competitive suicide and because that course would be deceptive in that it would entail a failure to disclose material facts. Therefore the FTC can and does already have the authority to ensure that data is properly protected, even when collected by apps developers. ______ Response to Written Questions Submitted by Hon. John F. Kerry to Catherine A. Novelli Question 1. What is your general impression of the legislation on privacy that has been introduced in Congress thus far? Answer. As we outlined in detail in our May 19, 2011 testimony, Apple has demonstrated an unwavering commitment to giving our own customers clear and transparent notice, choice and control over their personal information. Apple has adopted a single comprehensive privacy policy for all its businesses and products, including the iTunes Store and the App Store. Apple's Privacy Policy, written in easy-to-read language, details what information Apple collects and how Apple and its partners and licensees may use the information. The Policy is available from a link on every page of Apple's website. While Apple does not have a public position on any specific privacy legislation currently before the Congress, we do strongly agree that any company or organization with access to customers' personal information should give its customers clear and transparent notice, choice and control over their information. We have made this a strict licensing requirement for all of our app developers. We also share your concerns about the potential misuse of all customer data, and we believe that we have instituted policies and procedures that encourage third-party app developers to go well beyond disclosures written in an online privacy policy. Apple remains committed to working with the Congress, as well as with our technology industry colleagues and our trade associations in the private sector, to continue to identify the very best approaches for addressing consumer online privacy protections. Question 2. Your answer to this question is important for helping us frame the debate and how you view it. For the record, when a company or organization collects someone's information, do you believe that the information is at that point the collector's or is the collector simply a steward of people's information and that the people on whom information is collected should retain some rights and authority over that information? Answer. As stated in Apple's response to ``Witnesses Question 1'' above, Apple is committed to giving our customers clear and transparent notice, choice and control over their personal information. Apple agrees further that any company or organization with access to customers' personal information should give its customers clear and transparent notice, choice and control over their information. We have made this a strict licensing requirement for all of our app developers. Apple has taken steps to help customers understand where their information is going and to provide customers with greater control over it. As stated clearly in our Privacy Policy, Apple makes it quite easy for our customers to access their own personal information provided to Apple. We provide our customers with secure access to their Apple account information to help ensure that the information is accurate, complete and up to date. We state clearly that we only retain information for the period of time necessary to fulfill the purposes outlined in our Privacy Policy unless a longer retention period is required or permitted by law. Equally important, Apple takes precautions--including administrative, technical and physical measures--to safeguard our customers' personal information against loss, theft, and misuse, as well as against unauthorized access, disclosure, alteration, and destruction. To make sure personal information remains secure, we communicate our privacy policy and security guidelines to Apple employees and strictly enforce privacy safeguards within the company. Apple is always investigating new ways to improve our customers' experiences, including helping customers learn more about Apple's privacy policy and the privacy protections available on Apple mobile devices. Question 3. Ms. Novelli, Apple has a good story to tell about the privacy protections it applies for its direct customers. In your testimony, you list 9 bullet points of privacy requirements that you impose on third party application developers for them operate on your platform. Is it your position that consumers do not have to worry about their information being distributed without their knowledge or consent by app providers because of the licensing agreement that those developers sign with you? Answer. As we detailed in our May 19, 2011 testimony, Apple believes strongly that all third-party app developers with apps that collect information from users must provide clear and complete information to customers regarding the collection, use and disclosure of any user or device data. We not only make this mandatory in our licensing agreements, we also have documented in the App Store Review Guidelines a set of technical, content, and design criteria that every app must satisfy before Apple will accept the app for inclusion in the App Store. A copy of the Guidelines is attached to these responses. Under these Guidelines, apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used. Further, we strictly prohibit the use of any analytics software in an application that collects and sends device data to a third party. Apps submitted to Apple for inclusion in the App Store that fail to meet these requirements are returned to the developer and are not offered in the App Store until the deficiencies are corrected. Once an app is downloaded, the user's exchange of personal information within that app is between the user and the app developer. We make this clear in our privacy policy that once an app has been downloaded from the App Store, the information exchanged between the user and the app is governed by the privacy practices of the app's developer. At the same time, Apple employees from several internal groups, or teams, are responsible for addressing issues that arise with apps that are available in the App Store. In addition to our own internal scrutiny, Apple relies heavily on communications from other App Store users, competitors, and industry observers to alert Apple of an app that is operating outside of Apple's Guidelines. Whenever such a case is brought to Apple's attention, either through internal vigilance or by an external party, Apple investigates and provides the developer with an opportunity to remediate. If no correction is made, Apple removes the app from the App Store. Question 4. You state that as part of the licensing agreement, app developers have to explain their privacy practices to users yet both the WSJ and the Future of Privacy Forum have found that a significant percentage of app providers have no privacy policy at all. How do you reconcile those two facts? Answer. As we stated in our May 19, 2011 testimony, Apple launched the App Store in July 2008 where customers may shop and acquire applications offered by third-party developers for the iPhone, iPad and iPod touch. As of June 6, 2011, the App Store includes more than 425,000 third-party applications covering a wide variety of areas including news, games, music, travel, health, fitness, education, business, sports, navigation and social networking. Because the overwhelming majority of these apps do not collect any information whatsoever from any user at any time, Apple has not mandated that its third-party developers incur both the legal expense and the burdensome administrative costs associated with issuing and maintaining a privacy policy unnecessarily--an expense that could well be prohibitive for a small struggling software developer or a teenager in his bedroom with only a MacBook and an idea. For those apps that do collect information, however, our licensing agreement with developers prohibits any application from collecting user or device data without prior user consent. We also make it abundantly clear in our licensing agreement that developers, irrespective of size of business or age, must provide clear and complete information to users regarding their apps' collection, use and disclosure of user or device data. While many developers comply simply by adding a link to their online privacy policy, others have chosen to disclose this information by adding a pop-up dialogue box for the user to see when launching the app for the first time. We strictly prohibit the use of any analytics software in an application that collects and sends device data to a third party. Our licensing agreement also requires that apps comply with all applicable privacy and data collection laws and regulations regarding the use or transmission of user and device data, including location-based information. Apple's requirements are intended to provide the user with the most useful information that meets our strict transparency and disclosure requirements, but we also have chosen not to dictate the means by which that information is delivered to the user. Because location information can be particularly sensitive, in addition to all the developer privacy and collection disclosure requirements described above, Apple has built a feature directly into the iOS that requires explicit customer consent when any application requests location-based information for the first time. When an application requests the information, a dialog box appears stating: ``[Application] would like to use your current location.'' The customer is asked: ``Don't Allow'' or ``OK.'' If the customer clicks on ``Don't Allow,'' no location-based information will be provided to the application. This iOS dialogue box is mandatory--neither Apple's applications nor those of third parties are permitted to override it. For those customers that consent to allow an app to use their location information, an arrow glyph alerts them in real-time that an application is using or has recently used location-based information. Again, as we explained in more detail in our May 19, 2011 testimony, this consent for location services by an app can be given and rescinded on an app-by-app basis quite easily, and very transparently. Question 5. Shouldn't all collectors of people's information be bound by fair information practice principles as a matter of law and if not, why not? Answer. Once again, as we outlined in detail in our May 19, 2011 testimony and in response to Question 1 above, Apple clearly has demonstrated an unwavering commitment to giving our own customers clear and transparent notice, choice and control over their personal information. We believe our products do this in a simple and elegant way. While Apple does not have a public position on any specific privacy legislation currently before the Congress, we do strongly agree that any company or organization with access to customers' personal information should give its customers clear and transparent notice, choice and control over their information. We have made this a strict licensing requirement for all of our app developers. We also share the Committee's concerns about the potential misuse of all customer data, and we believe that we have instituted policies and procedures that encourage third-party app developers to go well beyond disclosures written in an online privacy policy. Apple remains committed to working with the Congress, as well as with our technology industry colleagues and our trade associations in the private sector, to continue to identify the very best approaches for addressing consumer online privacy protections. Question 6. In your testimony you state that Apple reviews all applications prior to adding them to the App store to ensure that they run properly and do not contain malicious code. Could you not also check whether they have a privacy policy with stated practices that comply with your licensing agreement? Answer. Apple does check whether apps submitted for approval comply with the terms of our licensing agreement. For the reasons outlined in detail in our response to Question 4 above, Apple does not require a written privacy policy from developers when an app does not collect information from users. Again, for those apps that do collect information, Apple's app developer privacy requirements are intended to provide the user with the most useful information that meets our strict transparency and disclosure requirements, but we also have chosen not to dictate the means by which that information is delivered to the user. Apple performs a rigorous review of every app submitted based on a set of technical, content and design criteria. The review criteria are documented in Apple's App Store Review Guidelines for iOS apps, which is made available to every app developer. The Guidelines include myriad requirements, including requirements about an app's functionality, and use of location or personal information. For example, the Guidelines state that: 4. Location 4.1 Apps that do not notify and obtain user consent before collecting, transmitting, or using location data will be rejected . . . 4.4 Location data can only be used when directly relevant to the features and services provided by the app to the user or to support approved advertising uses . . . 16. Objectionable content 16.1 Apps that present excessively objectionably or crude content will be rejected 16.2 Apps that are primarily designed to upset or disgust users will be rejected . . . 17. Privacy 17.1 Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used 17.2 Apps that require users to share personal information, such as e-mail address and data of birth, in order to function will be rejected 17.3 Apps that target minors for data collection will be rejected . . . 18 Pornography 18.1 Apps containing pornographic material, defined by Webster's Dictionary as ``explicit descriptions or displays of sexual organs or activities intended to stimulate erotic rather than aesthetic or emotional feelings,'' will be rejected 18.2 Apps that contain user generated content that is frequently pornographic (ex ``Chat Roulette'' alls) will be rejected On average, Apple rejects approximately 30 percent of the apps initially submitted for consideration. The most common reasons for rejection relate to functionality issues, such as the app crashing, exhibiting bugs, or not performing as advertised by the developer. But Apple will reject an app for violating any of the criteria set forth in the Guidelines and/or any of the provisions of the developer's agreements with Apple. When Apple rejects an app, most developers respond by correcting the issue or issues that led to Apple rejection so that the app may ultimately be accepted. Apple will not, however, accept any app in the App Store unless and until the developer and app are in full compliance with Apple's criteria and the developer agreements. Similarly, Apple will remove from the App Store any app that is determined to be in violation of any of these requirements. Some of the most common reasons for removal of an app from the App Store relate to an app's violation of some other party's intellectual property rights, violation of some law, or use of objectionable content. [Apple's App Store Review Guidelines are offered below.] App Store Review Guidelines Introduction We're pleased that you want to invest your talents and time to develop applications for iOS. It has been a rewarding experience--both professionally and financially--for tens of thousands of developers and we want to help you join this successful group. We have published our App Store Review Guidelines in the hope that they will help you steer clear of issues as you develop your app and speed you through the approval process when you submit it. We view Apps different than books or songs, which we do not curate. If you want to criticize a religion, write a book. If you want to describe sex, write a book or a song, or create a medical app. It can get complicated, but we have decided to not allow certain kinds of content in the App Store. It may help to keep some of our broader themes in mind: We have lots of kids downloading lots of apps, and parental controls don't work unless the parents set them up (many don't). So know that we're keeping an eye out for the kids. We have over 350,000 apps in the App Store. We don't need any more Fart apps. If your app doesn't do something useful or provide some form of lasting entertainment, it may not be accepted. If your App looks like it was cobbled together in a few days, or you're trying to get your first practice App into the store to impress your friends, please brace yourself for rejection. We have lots of serious developers who don't want their quality Apps to be surrounded by amateur hour. We will reject Apps for any content or behavior that we believe is over the line. What line, you ask? Well, as a Supreme Court Justice once said, ``I'll know it when I see it''. And we think that you will also know it when you cross it. If your app is rejected, we have a Review Board that you can appeal to. If you run to the press and trash us, it never helps. If you attempt to cheat the system (for example, by trying to trick the review process, steal data from users, copy another developer's work, or manipulate the ratings) your apps will be removed from the store and you will be expelled from the developer program. This is a living document, and new apps presenting new questions may result in new rules at any time. Perhaps your app will trigger this. Lastly, we love this stuff too, and honor what you do. We're really trying our best to create the best platform in the world for you to express your talents and make a living too. If it sounds like we're control freaks, well, maybe it's because we're so committed to our users and making sure they have a quality experience with our products. Just like almost all of you are too. Table of Contents 1. Terms and conditions 2. Functionality 3. Metadata, ratings and rankings 4. Location 5. Push notifications 6. Game Center 7. iAds 8. Trademarks and trade dress 9. Media content 10. User interface 11. Purchasing and currencies 12. Scraping and aggregation 13. Damage to device 14. Personal attacks 15. Violence 16. Objectionable content 17. Privacy 18. Pornography 19. Religion, culture, and ethnicity 20. Contests, sweepstakes, lotteries, and raffles 21. Charities and contributions 22. Legal requirements 1. Terms and conditions 1.1 As a developer of applications for the App Store you are bound by the terms of the Program License Agreement (PLA), Human Interface Guidelines (HIG), and any other licenses or contracts between you and Apple. The following rules and examples are intended to assist you in gaining acceptance for your app in the App Store, not to amend or remove provisions from any other agreement. 2. Functionality 2.1 Apps that crash will be rejected 2.2 Apps that exhibit bugs will be rejected 2.3 Apps that do not perform as advertised by the developer will be rejected 2.4 Apps that include undocumented or hidden features inconsistent with the description of the app will be rejected 2.5 Apps that use non-public APIs will be rejected 2.6 Apps that read or write data outside its designated container area will be rejected 2.7 Apps that download code in any way or form will be rejected 2.8 Apps that install or launch other executable code will be rejected 2.9 Apps that are ``beta'', ``demo'', ``trial'', or ``test'' versions will be rejected 2.10 iPhone apps must also run on iPad without modification, at iPhone resolution, and at 2X iPhone 3GS resolution 2.11 Apps that duplicate apps already in the App Store may be rejected, particularly if there are many of them, such as fart, burp, flashlight, and Kama Sutra apps. 2.12 Apps that are not very useful, are simply websites bundled as apps, or do not provide any lasting entertainment value may be rejected 2.13 Apps that are primarily marketing materials or advertisements will be rejected 2.14 Apps that are intended to provide trick or fake functionality that are not clearly marked as such will be rejected 2.15 Apps larger than 20MB in size will not download over cellular networks (this is automatically prohibited by the App Store) 2.16 Multitasking apps may only use background services for their intended purposes: VoIP, audio playback, location, task completion, local notifications, etc. 2.17 Apps that browse the web must use the iOS WebKit framework and WebKit Javascript 2.18 Apps that encourage excessive consumption of alcohol or illegal substances, or encourage minors to consume alcohol or smoke cigarettes, will be rejected 2.19 Apps that provide incorrect diagnostic or other inaccurate device data will be rejected 2.20 Developers ``spamming'' the App Store with many versions of similar apps will be removed from the iOS Developer Program 2.21 Apps that are simply a song or movie should be submitted to the iTunes store. Apps that are simply a book should be submitted to the iBookstore. 2.22 Apps that arbitrarily restrict which users may use the app, such as by location or carrier, may be rejected 3. Metadata (name, descriptions, ratings, rankings, etc.) 3.1 Apps or metadata that mentions the name of any other mobile platform will be rejected 3.2 Apps with placeholder text will be rejected 3.3 Apps with descriptions not relevant to the application content and functionality will be rejected 3.4 App names in iTunes Connect and as displayed on a device should be similar, so as not to cause confusion 3.5 Small and large app icons should be similar, so as to not to cause confusion 3.6 Apps with app icons and screenshots that do not adhere to the 4+ age rating will be rejected 3.7 Apps with Category and Genre selections that are not appropriate for the app content will be rejected 3.8 Developers are responsible for assigning appropriate ratings to their apps. Inappropriate ratings may be changed/deleted by Apple 3.9 Developers are responsible for assigning appropriate keywords for their apps. Inappropriate keywords may be changed/deleted by Apple 3.10 Developers who attempt to manipulate or cheat the user reviews or chart ranking in the App Store with fake or paid reviews, or any other inappropriate methods will be removed from the iOS Developer Program 3.11 Apps which recommend that users restart their iOS device prior to installation or launch may be rejected 3.12 Apps should have all included URLs fully functional when you submit it for review, such as support and privacy policy URLs 4. Location 4.1 Apps that do not notify and obtain user consent before collecting, transmitting, or using location data will be rejected 4.2 Apps that use location-based APIs for automatic or autonomous control of vehicles, aircraft, or other devices will be rejected 4.3 Apps that use location-based APIs for dispatch, fleet management, or emergency services will be rejected 4.4 Location data can only be used when directly relevant to the features and services provided by the app to the user or to support approved advertising uses 5. Push notifications 5.1 Apps that provide Push Notifications without using the Apple Push Notification (APN) API will be rejected 5.2 Apps that use the APN service without obtaining a Push Application ID from Apple will be rejected 5.3 Apps that send Push Notifications without first obtaining user consent will be rejected 5.4 Apps that send sensitive personal or confidential information using Push Notifications will be rejected 5.5 Apps that use Push Notifications to send unsolicited messages, or for the purpose of phishing or spamming will be rejected 5.6 Apps cannot use Push Notifications to send advertising, promotions, or direct marketing of any kind 5.7 Apps cannot charge users for use of Push Notification 5.8 Apps that excessively use the network capacity or bandwidth of the APN service or unduly burden a device with Push Notifications will be rejected 5.9 Apps that transmit viruses, files, computer code, or programs that may harm or disrupt the normal operation of the APN service will be rejected 6. Game Center 6.1 Apps that display any Player ID to end users or any third party will be rejected 6.2 Apps that use Player IDs for any use other than as approved by the Game Center terms will be rejected 6.3 Developers that attempt to reverse lookup, trace, relate, associate, mine, harvest, or otherwise exploit Player IDs, alias, or other information obtained through the Game Center will be removed from the iOS Developer Program 6.4 Game Center information, such as Leaderboard scores, may only be used in apps approved for use with the Game Center 6.5 Apps that use Game Center service to send unsolicited messages, or for the purpose of phishing or spamming will be rejected 6.6 Apps that excessively use the network capacity or bandwidth of the Game Center will be rejected 6.7 Apps that transmit viruses, files, computer code, or programs that may harm or disrupt the normal operation of the Game Center service will be rejected 7. iAds 7.1 Apps that artificially increase the number of impressions or click-throughs of ads will be rejected 7.2 Apps that contain empty iAd banners will be rejected 7.3 Apps that are designed predominantly for the display of ads will be rejected 8. Trademarks and trade dress 8.1 Apps must comply with all terms and conditions explained in the Guidelines for Using Apple 8.2 Trademarks and Copyrights and the Apple Trademark List 8.3 Apps that suggest or infer that Apple is a source or supplier of the app, or that Apple endorses any particular representation regarding quality or functionality will be rejected 8.4 Apps which appear confusingly similar to an existing Apple product or advertising theme will be rejected 8.5 Apps that misspell Apple product names in their app name (i.e., GPS for Iphone, iTunz) will be rejected 8.6 Use of protected 3rd party material (trademarks, copyrights, trade secrets, otherwise proprietary content) requires a documented rights check which must be provided upon request 8.6 Google Maps and Google Earth images obtained via the Google Maps API can be used within an application if all brand features of the original content remain unaltered and fully visible. Apps that cover up or modify the Google logo or copyright holders identification will be rejected 9. Media content 9.1 Apps that do not use the MediaPlayer framework to access media in the Music Library will be rejected 9.2 App user interfaces that mimic any iPod interface will be rejected 9.3 Audio streaming content over a cellular network may not use more than 5MB over 5 minutes 9.4 Video streaming content over a cellular network longer than 10 minutes must use HTTP Live Streaming and include a baseline 64 kbps audio- only HTTP Live stream 10. User interface 10.1 Apps must comply with all terms and conditions explained in the Apple iOS Human Interface Guidelines 10.2 Apps that look similar to apps bundled on the iPhone, including the App Store, iTunes Store, and iBookstore, will be rejected 10.3 Apps that do not use system provided items, such as buttons and icons, correctly and as described in the Apple iOS Human Interface Guidelines may be rejected 10.4 Apps that create alternate desktop/home screen environments or simulate multi-app widget experiences will be rejected 10.5 Apps that alter the functions of standard switches, such as the Volume Up/Down and Ring/ Silent switches, will be rejected 10.6 Apple and our customers place a high value on simple, refined, creative, well thought through interfaces. They take more work but are worth it. Apple sets a high bar. If your user interface is complex or less than very good, it may be rejected 11. Purchasing and currencies 11.1 Apps that unlock or enable additional features or functionality with mechanisms other than the App Store will be rejected 11.2 Apps utilizing a system other than the In App Purchase API (IAP) to purchase content, functionality, or services in an app will be rejected 11.3 Apps using IAP to purchase physical goods or goods and services used outside of the application will be rejected 11.4 Apps that use IAP to purchase credits or other currencies must consume those credits within the application 11.5 Apps that use IAP to purchase credits or other currencies that expire will be rejected 11.6 Content subscriptions using IAP must last a minimum of 7 days and be available to the user from all of their iOS devices 11.7 Apps that use IAP to purchase items must assign the correct Purchasability type 11.8 Apps that use IAP to purchase access to built-in capabilities provided by iOS, such as the camera or the gyroscope, will be rejected 11.9 Apps containing ``rental'' content or services that expire after a limited time will be rejected 11.10 Insurance applications must be free, in legal- compliance in the regions distributed, and cannot use IAP 11.11 In general, the more expensive your app, the more thoroughly we will review it 11.12 Apps offering subscriptions must do so using IAP, Apple will share the same 70/30 revenue split with developers for these purchases, as set forth in the Developer Program License Agreement. 11.13 Apps that link to external mechanisms for purchases or subscriptions to be used in the app, such as a ``buy'' button that goes to a website to purchase a digital book, will be rejected 11.14 Apps can read or play approved content (specifically magazines, newspapers, books, audio, music, and video) that is subscribed to or purchased outside of the app, as long as there is no button or external link in the app to purchase the approved content. Apple will not receive any portion of the revenues for approved content that is subscribed to or purchased outside of the app 12. Scraping and aggregation 12.1 Applications that scrape any information from Apple sites (for example from apple.com, iTunes Store, App Store, iTunes Connect, Apple Developer Programs, etc) or create rankings using content from Apple sites and services will be rejected 12.2 Applications may use approved Apple RSS feeds such as the iTunes Store RSS feed 12.3 Apps that are simply web clippings, content aggregators, or a collection of links, may be rejected 13. Damage to device 13.1 Apps that encourage users to use an Apple Device in a way that may cause damage to the device will be rejected 13.2 Apps that rapidly drain the device's battery or generate excessive heat will be rejected 14. Personal attacks 14.1 Any app that is defamatory, offensive, mean- spirited, or likely to place the targeted individual or group in harms way will be rejected 14.2 Professional political satirists and humorists are exempt from the ban on offensive or mean-spirited commentary 15. Violence 15.1 Apps portraying realistic images of people or animals being killed or maimed, shot, stabbed, tortured or injured will be rejected 15.2 Apps that depict violence or abuse of children will be rejected 15.3 ``Enemies'' within the context of a game cannot solely target a specific race, culture, a real government or corporation, or any other real entity 15.4 Apps involving realistic depictions of weapons in such a way as to encourage illegal or reckless use ofsuch weapons will be rejected 15.5 Apps that include games of Russian roulette will be rejected 16. Objectionable content 16.1 Apps that present excessively objectionable or crude content will be rejected 16.2 Apps that are primarily designed to upset or disgust users will be rejected 17. Privacy 17.1 Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used 17.2 Apps that require users to share personal information, such as e-mail address and date of birth, in order to function will be rejected 17.3 Apps that target minors for data collection will be rejected 18. Pornography 18.1 Apps containing pornographic material, defined by Webster's Dictionary as ``explicit descriptions or displays of sexual organs or activities intended to stimulate erotic rather than aesthetic or emotional feelings'', will be rejected 18.2 Apps that contain user generated content that is frequently pornographic (ex ``Chat Roulette'' apps) will be rejected 19. Religion, culture, and ethnicity 19.1 Apps containing references or commentary about a religious, cultural or ethnic group that are defamatory, offensive, mean-spirited or likely to expose the targeted group to harm or violence will be rejected 19.2 Apps may contain or quote religious text provided the quotes or translations are accurate and not misleading. Commentary should be educational or informative rather than inflammatory 20. Contests, sweepstakes, lotteries, and raffles 20.1 Sweepstakes and contests must be sponsored by the developer/company of the app 20.2 Official rules for sweepstakes and contests, must be presented in the app and make it clear that Apple is not a sponsor or involved in the activity in any manner 20.3 It must be permissible by law for the developer to run a lottery app, and a lottery app must have all of the following characteristics: consideration, chance, and a prize 20.4 Apps that allow a user to directly purchase a lottery or raffle ticket in the app will be rejected 21. Charities and contributions 21.1 Apps that include the ability to make donations to recognized charitable organizations must be free 21.2 The collection of donations must be done via a website in Safari or an SMS 22. Legal requirements 22.1 Apps must comply with all legal requirements in any location where they are made available to users. It is the developer's obligation to understand and conform to all local laws 22.2 Apps that contain false, fraudulent or misleading representations will be rejected 22.3 Apps that solicit, promote, or encourage criminal or clearly reckless behavior will be rejected 22.4 Apps that enable illegal file sharing will be rejected 22.5 Apps that are designed for use as illegal gambling aids, including card counters, will be rejected 22.6 Apps that enable anonymous or prank phone calls or SMS/MMS messaging will be rejected 22.7 Developers who create apps that surreptitiously attempt to discover user passwords or other private user data will be removed from the iOS Developer Program 22.8 Apps which contain DUI checkpoints that are not published by law enforcement agencies, or encourage and enable drunk driving, will be rejected Living document This document represents our best efforts to share how we review apps submitted to the App Store, and we hope it is a helpful guide as you develop and submit your apps. It is a living document that will evolve as we are presented with new apps and situations, and we'll update it periodically to reflect these changes. Thank you for developing for iOS. Even though this document is a formidable list of what not to do, please also keep in mind the much shorter list of what you must do. Above all else, join us in trying to surprise and delight users. Show them their world in innovative ways, and let them interact with it like never before. In our experience, users really respond to polish, both in functionality and user interface. Go the extra mile. Give them more than they expect. And take them places where they have never been before. We are ready to help. Apple, 2011 ______ Response to Written Questions Submitted by Hon. John F. Kerry to Alan Davidson Question 1. What is your general impression of the legislation on privacy that has been introduced in Congress thus far? Answer. With respect to specific legislation, we salute the work of Senators Kerry and McCain to develop a comprehensive approach to privacy based on the same principles of transparency, control, and security we apply to our own services. We look forward to continued conversations about all of the privacy bills that have been introduced by members of the Committee as these bills evolve. Google also supports ongoing Congressional work in two other areas which will strengthen Americans' privacy protections and provide consistency for providers. First, we applaud Congress' efforts to promote uniform, reasonable security principles, including data breach notification procedures, to ensure that the bad acts of criminal hackers or inadequate security on the part of companies do not undermine consumer trust for all services. Second, we support the efforts underway to update the Electronic Communications Privacy Act, the U.S. law governing government access to stored communications, to accord with the reasonable expectations of users of cloud computing services. In general, Google supports the development of a comprehensive, baseline privacy framework that can ensure broad-based user trust and will support continued innovation. Key considerations for any such approach include even-handed application to all personal data regardless of source or means of collection, recognition of both the benefits and costs of legislating, particularly actual harm to users and compliance costs, and consistency of privacy rules across jurisdictions. In general, Google does not favor a siloed approach to privacy law that focuses singularly on current technology or specific business models, such as location information or ``Do Not Track'' advertising privacy proposals. Instead, providers and consumers need consistent, baseline principles that will apply both to these issues and those to come in the future. Question 2. Your answer to this question is important for helping us frame the debate and how you view it. For the record, when a company or organization collects someone's information, do you believe that the information is at that point the collector's or is the collector simply a steward of people's information and that the people on whom information is collected should retain some rights and authority over that information? Answer. When you store your personal information online, we believe you should retain control of that data. This is why, for instance, we offer the Google Dashboard, (www.google.com/dashboard), to provide users with a one-stop, easy-to-use control panel to manage the use and storage of personal information associated with their Google accounts. In the Dashboard, a user can see, edit and delete the personally identifiable data stored with her individual Google account. Providing our users with control over their personal information must also mean giving them the ability to take data with them if they decide to leave. In 2007 an engineering team at Google started the Data Liberation Front (http://www.dataliberation.org) to ensure that users are able to easily move their data in and out of Google products. The critical insight of the Data Liberation Front engineers was a recognition that users should never have to use a service unless they are able to easily retrieve the content they created with that service at no additional cost beyond what they're already paying for it. Starting with our Gmail service and now covering more than 25 Google products where users create and store personal information, these engineers have built tools to allow our users to ``liberate'' data if they choose to switch providers or to stop using one of our services. Data portability has benefits for our users and for Google. First, our product teams know just how easy it is for their users to move to a competitor's product, and understand that their success depends upon continuing to be responsive to privacy and product concerns and acting quickly to address them. Second, allowing our users the freedom to leave honors our commitment to put users in control. We believe that this kind of ``user empowerment by design'' is an effective means of ensuring respect for user privacy without chilling innovation. Question 3. In your testimony, you state that location sharing on Android devices is strictly opt-in for your users, with clear notice and control. You go on to state that is how location services should work. Do the application providers using the Android platform share that belief and why can't you require them to comply with that principle? Answer. While we cannot speak on behalf of application developers, Google indeed requires every Android application to obtain the consent of the user prior to enabling access to location data via the device. The Android operating system uses a permissions model in which the user is automatically informed of certain types of information an application will be able to access (see the figure of the permissions screen below). An application can only access the device's GPS location or the device's network location if it displays a notice for this permission to the user at time of installation. The user may choose to trust the application by completing the installation or the user may choose to cancel the installation. However, the Android platform does not have the ability to control the behavior of third party developers or how they handle location information and other user information that the third party application obtains from the device. In addition to the permissions structure of Android, developers that upload applications to the Android Market must agree to the Android Market developer agreement (http://www.android.com/us/ developer-distribution-agreement.html), pursuant to which developers agree to comply with applicable laws and to protect the privacy rights of users. The specific relevant language is as follows: 4.2 You agree to use the Market only for purposes that are permitted by (a) this Agreement and (b) any applicable law, regulation or generally accepted practices or guidelines in the relevant jurisdictions (including any laws regarding the export of data or software to and from the United States or other relevant countries). 4.3 You agree that if you use the Market to distribute Products, you will protect the privacy and legal rights of users. If the users provide you with, or your Product accesses or uses, user names, passwords, or other login information or personal information, you must make the users aware that the information will be available to your Product, and you must provide legally adequate privacy notice and protection for those users. Further, your Product may only use that information for the limited purposes for which the user has given you permission to do so. If your Product stores personal or sensitive information provided by users, it must do so securely and only for as long as it is needed. But if the user has opted into a separate agreement with you that allows you or your Product to store or use personal or sensitive information directly related to your Product (not including other products or applications) then the terms of that separate agreement will govern your use of such information. If the user provides your Product with Google Account information, your Product may only use that information to access the user's Google Account when, and for the limited purposes for which, the user has given you permission to do so. Android Market is built on the principle of openness, with the goal of encouraging innovation and user choice. With this principle in mind, Google does not pre-screen applications before they are made available by developers to users of Android Market. But we will remove applications when we are notified about, or otherwise discover, applications that violate our developer agreement or policies. As of May 31, 2011, Google is removing an average of 250-300 applications per day from Android Market due to violations of our developer agreement or policies. Google also strongly encourages application developers to use best practices for handling user data (http://android- developers.blogspot.com/2010/08/best-practices-for-handling- android.html), including recommendations that developers publish privacy policies and give users choice regarding data collection. Many Android applications, however, are offered via other application stores or directly from the developers' websites. Since these applications are not offered through the Android Market, their developers are not subject to the Android Market developer agreement. But the permissions model described above and in our testimony would still apply (as this is a technical function of the Android operating system). Note that because of the open source nature of the Android operating system, a device manufacturer can modify the Android operating system and can build an Android device without any involvement by Google. The response to this question and the questions below only relate to unmodified versions of the Android operating system as released by Google. Question 4. In your testimony, you state that all applications using the Android operating system are prohibited from collecting user location information without the user's consent and without the user being informed of the types of information an application will be able to access. But then you go on to say that Google ``does not and cannot control the behavior of third party applications.'' If you can control that they get consent and inform users on what is being collected, why can't you require them commit to not transferring that information to third parties without consent or require them to place reasonable retention limits on the information they collect or apply any of the other fair information practice principles? Answer. As we discussed in the previous answer, the Android operating system uses a permissions model in which the user is automatically informed of certain types of information an application will be able to access. Once that permission is granted however, the operating system does not have the ability to control the behavior of third party developers or how they handle location information and other user information that the third party application obtains from the device. While there is no technical means of limiting the use of data collected by application developers, as discussed above, developers that upload applications to the Android Market must agree to the Android Market developer agreement, pursuant to which developers agree to comply with applicable laws and to protect the privacy rights of users. Question 4a. If you are not going to take responsibility for non- Google owned and operated application providers, shouldn't they as well as you, be subject to some legal code of conduct to ensure fair information practice principles are respected? Answer. As discussed above, Google supports the development of a comprehensive privacy framework that applies baseline principles uniformly across entities that collect personal data and across jurisdictions. We look forward to working with the Committee and others in Congress on this issue. In the meantime, Google strongly supports the development of codes of conduct and other mechanisms to push application developers to adopt practices that preserve user privacy and engage in responsible data collection and use. The mobile application industry can and should model the self-regulatory effort in the online advertising and publishing industries, which brought together hundreds of stakeholders to create uniform, enforceable standards for notice and control over targeted ads. Google has been deeply involved in that effort, and similarly hopes to work with other platform companies, app developers, and mobile carriers to better ensure transparency, user control, and security in this nascent industry. ______ Response to Written Questions Submitted by Hon. John F. Kerry to Amy Guggenheim Shenkan Question 1. What is your general impression of the legislation on privacy that has been introduced in Congress thus far? Answer. Common Sense Media is gratified to see the growing amount of focus that legislators in both chambers and on both sides of the aisle are bringing to this crucial issue. Privacy is important to all Americans, but we believe it is especially important for kids and teens. So while we appreciate the focus on overall privacy rights, we would also like to see more emphasis on parents' rights to protect the privacy of their children, and on better tools and information that will help parents exercise those rights. Question 2. Your answer to this question is important for helping us frame the debate and how you view it. For the record, when a company or organization collects someone's information, do you believe that the information is at that point the collector's or is the collector simply a steward of people's information and that the people on whom information is collected should retain some rights and authority over that information? Answer. Our personal information belongs to each of us. We may authorize a company or organization to use our personal information, but it remains ours, and those companies or organizations have an obligation to be careful stewards of our information. Unfortunately, too many companies have demonstrated lately that they are not careful stewards, and that needs to change. ______ Prepared Statement of Fran Maier, President, TRUSTe Chairman Pryor, Ranking Member Toomey, and distinguished members of the Subcommittee--my name is Fran Maier, and I am President of TRUSTe, the world's leading provider of online privacy solutions. On behalf of TRUSTe, I applaud the Subcommittee's efforts and inquiries around protecting consumer privacy in today's mobile marketplace, as this is a topic that continues to present challenges for American consumers and companies providing products and services in the mobile ecosystem. We appreciate the opportunity to provide testimony on the issues, as well as results from two research studies that TRUSTe recently conducted, and that may be of interest:
TRUSTe's survey of 1,000 smartphone users, conducted together with Harris Interactive, that focuses on user attitudes toward smartphone privacy.\1\ --------------------------------------------------------------------------- \1\ TRUSTe recently released the results of a nationwide Harris Interactive survey of one thousand smart phone users, concerning privacy and use of mobile applications and mobile websites. More details at: http://www.truste.com/why_TRUSTe_privacy_services/harris- mobile-survey/. TRUSTe's analysis of data collection from a sample of the 300 most popular apps on the Android, Apple and Blackberry --------------------------------------------------------------------------- mobile platforms (copy attached) At TRUSTe, our focus is providing clients with a self-regulatory framework that both enhances incentives and encourages innovation around the commercial collection and use of consumer data. Based in San Francisco, California, we were founded as a non-profit, industry association in 1997. In 2008, we converted to for-profit status, with venture investment. Today, we certify the online privacy practices of over 4,000 web properties across a variety of platforms and services-- including mobile. We provide privacy solutions to companies of all sizes--from smaller websites to larger companies with multiple brands and online properties. TRUSTe supports the recommendations of the FTC and the U.S. Department of Commerce around the importance of developing a self- regulatory framework for online privacy. We believe that a self- regulatory model, if articulated correctly, is best equipped to deal with the privacy challenges posed by the complexity of business models in the online and mobile ecosystems. Self-regulation works because it is agile enough to address the complexity of business practices in dynamic industries--like technology--while also preserving incentives for competition and innovation in a diverse ecosystem. TRUSTe, like other self-regulatory organizations, can detect lapses in the system, when they occur, and work directly with a company to resolve them. We also guide companies toward more sustainable and consumer-friendly business practices helping them re-evaluate and, in some cases, alter their current product strategies and implementations. At the end of the day however, we also believe that a successful self-regulatory program should work in tandem with government regulation. TRUSTe works closely with the FTC and other government agencies; proactively, around the launch of new products and services and in certain rare cases, enforcement referrals.\2\ We also think it is important to have strong regulatory enforcement, especially in cases where companies willfully disobey self-regulatory requirements to the detriment of consumers. --------------------------------------------------------------------------- \2\ For instance, in 2008, we referred the case of Classic Closeouts to the FTC. --------------------------------------------------------------------------- TRUSTe's approach to self-regulation starts with our Program Requirements, which form the basis of our privacy seal program. Only sealholders and clients who are successfully certified under these requirements get to display the TRUSTe seal on their e-mails, downloads, mobile applications, and websites (we have provided some details about our certification process later in this testimony). In addition, we continue to evolve our Program Requirements in response to regulatory changes, as well as best practices and technological advancements on the desktop and mobile web. Earlier this year, we announced major updates to our Program Requirements that better address the innovative changes and newer business practices we've seen in media and web technologies over the past few years: online behavioral advertising, mobile apps and marketing and social networking.\3\ We worked closely with our clients, including several launching new products and services, to incorporate these updated privacy requirements into their existing privacy compliance. These updates to TRUSTe's Program Requirements exemplify why self-regulation works; at a time when privacy compliance standards remain in flux, it's important to have a framework that is both agile and relevant enough to provide a company the guidance (and confidence) it needs to engage customers and expand business opportunities. --------------------------------------------------------------------------- \3\ Updates to TRUSTe's Privacy Seal Program, available at: http:// www.truste.com/privacy-program-requirements/. --------------------------------------------------------------------------- TRUSTe has also observed robust growth in the market for self- regulation during the past year, and believe there are significant opportunities for self-regulatory compliance- on both the mobile and desktop web. During the past year, TRUSTe has launched three new privacy solutions--addressing Online Behavioral Advertising notice and choice to consumers,cloud applications and, most relevantly, mobile certification. TRUSTe is now the largest provider of the DAA's Self- Regulatory Program for Online Advertising through its TRUSTed Ads \4\ program, which was just launched earlier this year. TRUSTed ads now serves more than 10 billion advertising choice icon impressions per month, and delivers online behavioral advertising notice and choice to consumers. --------------------------------------------------------------------------- \4\ TRUSTe is now the largest provider of the Digital Advertising Association's Self-Regulatory Program for Online Advertising, serving over 100 billion impressions per month. For more details, visit: http:/ /www.truste.com/privacy_seals_and_services/enterprise_privacy/trusted- ads.html. --------------------------------------------------------------------------- In the following sections, I provide some more details about TRUSTe--our guiding philosophy, as well as more details about our web seal and mobile certification processes. Truth in Privacy Essentially, the TRUSTe philosophy is ``Truth in Privacy''--a concept that incorporates transparency, choice and accountability, and which aims to bring confidence to all stakeholders--businesses, consumers and governments--who view the TRUSTe seal. For consumers, Truth in Privacy means: Accurate and comprehensive disclosures about personal information collection and/or use, that are readily accessible and in an easy to understand format Accessible choices and tools to help users proactively set personal information boundaries Direct, meaningful contact between the consumer and either the client/seal holder or TRUSTe, to resolve privacy concerns. A recent TRUSTe/TNS brand survey shows that the TRUSTe seal gives consumers confidence--a site that displays the TRUSTe seal will follow its stated privacy practices.\5\ In some cases, the presence of a TRUSTe seal was a deciding factor in whether the user wanted to share personal information with a site (or not). And, over 92 percent of consumers that used TRUSTe's Watchdog resolution mechanism stated that they would recommend the service to a friend.\6\ --------------------------------------------------------------------------- \5\ TRUSTe--2009 TNS brand survey. \6\ TRUSTe monitors compliance by clients and sealholders through its consumer complaint mechanism known as Watchdog. The Watchdog Dispute resolution mechanism is extremely successful; in a 2010 TRUSTe survey, 92.3 percent of consumers that used Watchdog stated that they would recommend the service to a friend. --------------------------------------------------------------------------- Truth in Privacy also has significance for our clients and sealholders. Displaying the TRUSTe seal means that the client or seal holder is: Developing privacy practices that align with leading industry standards and governing laws Providing & honoring consumer choices on personal information collection & use Innovating around privacy--developing ``best of breed'' privacy notices, etc. Being accountable for stated privacy promises (privacy policy, notice, etc.). Governments also recognize the TRUSTe seal as a symbol of consumer safety and regulatory compliance, both here in the U.S. and internationally. In 2000, TRUSTe became a provider of the EU Safe Harbor Privacy services as outlined by the U.S. Department of Commerce and the European Union, and we are now the largest provider of EU Safe Harbor dispute resolution services. In 2001, the Federal Trade Commission approved TRUSTe's COPPA \7\ Kid's Seal Program as an authorized safe harbor under the Children's Online Privacy Protection Act; today, we are the largest COPPA provider. --------------------------------------------------------------------------- \7\ ``COPPA'' refers to the Children's Online Privacy Protection Act of 1998, specifically the provisions around safe harbor. --------------------------------------------------------------------------- TRUSTe Core Program Requirements & Web Seal Certification TRUSTe's web seal certification program is a voluntary, self- regulatory program. Clients and sealholders are first certified against a core set of Program Requirements, and then have the option to get additional certification in other areas, including mobile privacy. TRUSTe charges companies for web privacy certification based on a number of factors, including the size of the organization (either measured by revenue or pages served), the complexity of their web property and privacy practices (we charge more, for example, if there are a number of different brands with different websites under one company), the volume of data collected and the number of TRUSTe certification programs they use (Mobile certification, EU Safe Harbor certification, COPPA certification, etc). Thanks in part to technology such as our ``automatic privacy policy generator,'' TRUSTe is able to deliver cost-effective services to small companies. In our experience, however, risk does not always correlate to size; a very small business can have incredibly complex data collection and management practices, while very large companies can sometimes have very simple data practices that may not even entail the collection or use of sensitive information. TRUSTe certification begins with a direct evaluation of the website or application being certified, as well as the attestations and representations made by the company seeking certification. To supplement our direct evaluation and client attestations, TRUSTe employs monitoring technologies that verify compliance e.g., scanners that confirm whether cookies are being dropped, whether age information is being collected, and whether changes are being made to privacy policies. We also employ e-mail seeding and https-encryption of sensitive information during transmission, traffic analysis, etc. While our focus is privacy compliance, our certification process has also helped certain clients and sealholders become aware of important security vulnerabilities in their data collection and use systems. TRUSTe generally looks at the context of a practice--what type of data is being collected and with whom is it being shared--before determining the privacy obligations for that practice. For consent, the requirements for our website and mobile seal are the same, and differ whether the use is by first or third parties. Our Program Requirements include specific requirements around notice and choice: express or opt- in consent is required for all collection of ``sensitive'' data (we classify financial, medical and geo-location data as sensitive). We also require express consent for third party sharing, when the sharing is for the third party's secondary use. Finally, our Program Requirements acknowledge the growing reality that companies need to be transparent about all data collection, not just personal data collection, because discrete data elements (while lacking identifying characteristics on their own) can be used in combination to personally identify consumers.\8\ --------------------------------------------------------------------------- \8\ This is a forward thinking perspective that was advanced by FTC staff in their recent report. Specifically, staff noted the ``the blurring of the distinction between personally identifiable information and supposedly anonymous or de-identified information. FTC Staff Report, Protecting Consumer Privacy in an Era of Rapid Change (2010), available at: http://www.ftc.gov/os/2010/12/101201privacyreport.pdf. --------------------------------------------------------------------------- TRUSTe knows that for the most part, our clients and sealholders want to elevate trust in their brand through exemplary privacy practices. In the dynamically changing world of the desktop and mobile web, this is always an evolving process. Nearly all of our clients and seal holder applicants will make changes to their existing practices to qualify for TRUSTe certification. In some cases, making these changes isn't enough for certification; in 2010, over 7 percent of applicants for our enterprise certification (those that are not using our more automated privacy policy and certification program aimed at smaller businesses) did not qualify for TRUSTe certification because they did not meet our rigorous certification standards.\9\ TRUSTe also retains the option to decline certification or terminate certification in situations where we cannot certify an applicant's business model or where the applicant's business model is otherwise sufficiently problematic to warrant denial. e.g., an application or website involving online gambling. --------------------------------------------------------------------------- \9\ The exact figure is 7.4 percent--out of a total of 2611 TRUSTe clients and sealholders, 193 did not complete certification in 2010. --------------------------------------------------------------------------- TRUSTe closely reviews and monitors all business practices prior to certification, and checks them again annually upon renewal by the client or seal holder. In addition, clients and sealholders are required to contact TRUSTe in advance of making material changes to their privacy policies or business practices. We initiate compliance investigations based on certain events, such as: monitoring events resulting from TRUSTe's scanning technology or our independent e-mail seeding of a client or sealholders' e-mail lists receiving a Watchdog dispute resolution complaint from a consumer press, news reports, regulatory hearings and reports. At TRUSTe, we generally reach out to the client and seal holder when we first learn of an issue. In some cases, we may precede this initial contact with an own independent investigation to determine if the issue can be reproduced. In our experience, TRUSTe clients and sealholders generally acknowledge and fix issues promptly. In some cases, we find that issues are addressed prior to TRUSTe's learning of it. Depending on the nature of the issue, the client or seal holder's good faith and timely responsiveness, and the timing of expected resolution for an issue, TRUSTe may choose not to resort to a formal enforcement process e.g., if the issue is fixed before the cure period completed. As TRUSTe's privacy solutions are voluntary programs, clients and sealholders may choose to terminate certification at any time--unless TRUSTe has initiated a formal enforcement proceeding against the client and that proceeding remains unresolved. To preserve incentives for privacy certification, TRUSTe believes that appropriate confidentiality and due process (including the opportunity to cure) must be an integral part of any self-regulatory framework. Our formal enforcement process consists of three stages: 1. TRUSTe investigation--including outreach to the client or seal holder in question 2. Suspension with opportunity to cure--Depending on the results of the TRUSTe investigation, the client or seal holder will be given suspended from the certification program, with the opportunity to cure within an allotted time 2. Termination--If the client or seal holder does not cure the issue within the allotted time, TRUSTe will issue a Termination for Cause, and end its certification of the client or seal holder in question. Depending on the nature of the violation, TRUSTe may take additional steps such as publishing the termination and/or referring the issue to the attention of a regulatory or other governmental agency, including the FTC. Our of our prior FTC referrals was ClassicCloseouts in 2008; we assisted the FTC with the investigation, and they brought action for permanent injunction and relief against the site, ultimately obtaining a $2.08 million settlement to provide redress for consumers. TRUSTe Mobile Certification TRUSTe's mobile privacy certification program helps companies successfully use technologies such as geo-location, advertising, and social networking to improve consumer adoption of their platforms and mobile apps.\10\ Clients or sealholders seeking mobile certification will first need to comply with our core Program Requirements. The specifics of our projected mobile privacy certification platform are illustrated in Figure 1, below. We hope to deploy all of these certification services within the next few months. --------------------------------------------------------------------------- \10\ More details about TRUSTe mobile privacy certification are available at: http://www.truste.com/privacy_seals_and_services/ enterprise_privacy/mobile_certification.html. --------------------------------------------------------------------------- Figure 1--TRUSTe's Mobile Privacy Platform Under the TRUSTe mobile certification process (and similar to our process for web seal certification), we first review all business practices of a mobile web or applicationsite to determine eligibility for certification. Once certification is granted, TRUSTe verifies compliance with our program requirements through a combination of scanning and seeding technology that looks for specific privacy ``markers'' e.g., are cookies, beacons, scripts or other types of targeting or tracking technology being used, what kind of information is being collected and is sensitive information being protected. We also perform a thorough review of the mobile app or website's privacy policy, if available and will require that companies modify their privacy statement to reflect current data management practices. For mobile apps specifically, we perform a data packet analysis; we analyze data transfers to/from the app (and where needed, test for secure transfers), confirm data collection practices and identify third party data-sharing and transfers. Similar to our web seal certification process, TRUSTe generally looks to the context of a practice--what type of data is being collected by the mobile app or website, is it for first party or third party use, etc.--before determining the privacy obligations for that practice. Sensitive data that is collected for first-party use requires a consumer's express consent before it is shared with third parties.\11\ Under TRUSTe's web seal and mobile certification programs, we classify geo-location data as sensitive data. This means that TRUSTe clients and sealholders must get a user's express or opt-in consent before sharing that data with third parties, including third party application developers. --------------------------------------------------------------------------- \11\ In contrast, we require non-express or ``opt-out'' consent for first party collection of non-sensitive data for the first party's use. --------------------------------------------------------------------------- TRUSTe also requires notice for all third party data collection and use on a mobile device. For collection and use of sensitive data by third parties, the consumer's express consent must be obtained. For non-sensitive data that will be shared with third parties, a consumer must be given notice that the data is going to be shared--either through a link to a privacy policy at the point of collection, or a check box at the point of collection. If a TRUSTe client or seal holder plans to share a consumer's personal information with third parties for unexpected purposes, they are also required to provide a Just-in-Time notice and opt-out mechanism. TRUSTe has also been at the forefront of creating innovative solutions that help our clients and sealholders address the challenge of presenting a comprehensive privacy notice on the small screen. For instance, our mobile short notice format uses a mix of icons and text to address key privacy concerns such as the collection and use of geo- location information on a mobile device. We have provided two examples of our mobile short notice, in Figures 2 and 3 below. Figure 2--TRUSTe Mobile Short Notice for Location Services using Geo- location data
Figure 3--TRUSTe Mobile Short Notice Showing Purposes for Data Collection
Currently, examples of TRUSTe certified mobile applications include: Breastcancer.org (iPhone) Callvine (iPhone) Lookout (Android) Worldmate (Blackberry, mobile web) TRUSTe--Harris Interactive Mobile Privacy Survey As the Subcommittee knows, TRUSTe and Harris Interactive recently conducted a nationwide survey of 1,000 smartphone users that focused on mobile privacy.\12\ The survey provides important data about consumers' mobile privacy attitudes and concerns, while also identifying areas where mobile app and operating system developers could do more to provide increased privacy protections for consumers. Given the lack of relevant research on consumer mobile privacy, TRUSTe had a particular interest in conducting the survey: we serve consumers and we wanted to know their concerns, so that we could inform our clients and sealholders accordingly, while also making necessary revisions to our recently launched mobile privacy certification program. --------------------------------------------------------------------------- \12\ See TRUSTe: Mobile Privacy User Results, available at: http:// www.truste.com/why_TRUSTe_privacy_services/harris-mobile-survey/. --------------------------------------------------------------------------- The key findings of the TRUSTe-Harris survey are illuminating. The vast majority of respondents (98 percent) believed that privacy is important when using smart phones--in fact, more than 1 in 3 of the respondents (38 percent) identified privacy as their number one concern when using mobile applications, followed by security (26 percent) and identity tracking (19 percent). Most respondents remain concerned about targeting and tracking technologies on smart phone devices-- particularly those that collect geo-location data. And, despite increased adoption of smart phones in recently years, 1 in 3 respondents felt that they were in less in control of their personal information with a smart phone device. Most significantly, the TRUSTe--Harris survey demonstrates the extent to which privacy concerns continues to hamper consumer engagement on the mobile platform:
85 percent of the respondents restrict at least some type of information sharing on mobile applications; 40 percent of the respondents do not use sites that request personal information 38 percent of the respondents do not access their accounts via a mobile device 52 percent of the respondents are uncomfortable with the idea of signing in to other apps on their mobile device with another account ID (FB, Twitter), despite convenience 45 percent of the respondents would not share information about themselves with any company--even for a free or lower cost app More than 50 percent of the respondents would not be willing to share their location, address, date of birth on a smartphone; that number jumps to 92 percent when it comes to sharing a contacts list. TRUSTe Analysis of Mobile Data Collection TRUSTe also recently concluded an independent analysis of mobile data collection from the top 300 ``free'' apps on the Android, Apple and Blackberry mobile platforms. The goal of the analysis was to understand the type of data flows on the three most popular mobile platforms using a specific methodology that is part of our mobile certification process (Figure 4 below). Figure 4. TRUSTe Mobile Labs--Mobile Privacy Certification Process Our analysis yielded some interesting findings about mobile data collection practices. Analyzing the types of data collected by sample of the 300 most popular apps \13\ on Android, Apple and Blackberry, we found that: --------------------------------------------------------------------------- \13\ TRUSTe used the following sources to compile its list of the 300 most popular apps-- Apple: www.148apps.com, Android: 101bestandroidapps.com and Androlib.com, Blackberry: Mobile.Blorge and HoneyTechBlog.com. ---------------------------------------------------------------------------
Most apps (39 percent) collect geo-location data Most apps (39 percent) also collect data that allows the user to connect through their mobile device to Facebook, Amazon, Twitter, and other platforms. Only 23 percent of the apps had a privacy policy. Conclusion I want to reiterate TRUSTe's belief in self-regulation as the most effective way to address the privacy challenges posed by the mobile ecosystem. The mobile ecosystem is still in its very early stages; legislation or policy that is enacted in haste, or without careful thought, could easily freeze the robust innovation we currently see on the mobile web. Self-regulation also provides us with the information needed to adapt a framework to evolving technologies. This is evidenced by our recent analysis and research on mobile privacy, conducted as part of our certification process. This research has given TRUSTe, our clients and sealholders, and our partners, important guidance for further product and market development. In closing, I'd like to share some of these thoughts--specifically, what we think are the five essential requirements for a self-regulatory framework to be successful at protecting consumer privacy on the mobile web: First, TRUSTe believes that mobile apps and websites should have some form of privacy policy that informs the consumer about any collection and use of personal data. Our mobile privacy survey shows that a majority of consumers (74 percent) think it's important to know what type of data is being by their mobile apps. And, based on our sample of the top 300 most popular free apps, only 23 percent of apps have a privacy policy. Second, we think that consumers of mobile apps and websites should provide choice for third party sharing. This is especially true for geo-location and other types of sensitive data--consumers should give their express or opt-in consent for these types of data collection. Our survey showed for instance, that only 32 percent of smart phone users felt that they had a choice when it came to geo-location data collection. Third, opt-outs should be provided for mobile advertising-- our survey showed that 85 percent of consumers want to be able to opt-in or out of targeted mobile ads. However, any choice mechanisms for online behavioral advertising and targeting should work across app directories and mobile platforms-- otherwise, they won't be effective. We recognize that this is already a challenge due to the complex structure of the emerging mobile advertising industry and recommend that industry groups work together to develop consistent and workable approaches. Fourth, companies participating in a self-regulatory framework should abide by its requirements, and also extend those requirements to relevant third parties, such as application developers on their platform or service. Fifth, if legislation is contemplated, it should include a safe harbor provision and provide incentives for companies to join self-regulatory programs. Safe harbor provisions help foster the growth and promotion of best practices, which in turn is critical to the overall success of a self-regulatory framework. I trust that the Subcommittee will find this testimony useful as it considers the important question of protecting consumer privacy in the mobile age. Thank you for your consideration. Attachment ![]()
![]()
![]()