[Senate Hearing 113-781]
[From the U.S. Government Publishing Office]




                                                        S. Hrg. 113-781
 
                    THE LOCATION PRIVACY PROTECTION
                              ACT OF 2014

=======================================================================

                                HEARING

                               before the

                  SUBCOMMITTEE ON PRIVACY, TECHNOLOGY
                              AND THE LAW

                                 of the

                       COMMITTEE ON THE JUDICIARY
                          UNITED STATES SENATE

                    ONE HUNDRED THIRTEENTH CONGRESS

                             SECOND SESSION

                               __________

                              JUNE 4, 2014

                               __________

                          Serial No. J-113-63

                               __________

         Printed for the use of the Committee on the Judiciary
         
         
         
         
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]       
         
         
         
         
                       U.S. GOVERNMENT PUBLISHING OFFICE
  97-739 PDF                   WASHINGTON : 2016       
_________________________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Publishing Office,
      Internet:bookstore.gpo.gov. Phone:toll free (866)512-1800;DC area (202)512-1800
     Fax:(202) 512-2104 Mail:Stop IDCC,Washington,DC 20402-001        

                       COMMITTEE ON THE JUDICIARY

                  PATRICK J. LEAHY, Vermont, Chairman
DIANNE FEINSTEIN, California         CHUCK GRASSLEY, Iowa, Ranking 
CHUCK SCHUMER, New York                  Member
DICK DURBIN, Illinois                ORRIN G. HATCH, Utah
SHELDON WHITEHOUSE, Rhode Island     JEFF SESSIONS, Alabama
AMY KLOBUCHAR, Minnesota             LINDSEY GRAHAM, South Carolina
AL FRANKEN, Minnesota                JOHN CORNYN, Texas
CHRISTOPHER A. COONS, Delaware       MICHAEL S. LEE, Utah
RICHARD BLUMENTHAL, Connecticut      TED CRUZ, Texas
MAZIE HIRONO, Hawaii                 JEFF FLAKE, Arizona
           Kristine Lucius, Chief Counsel and Staff Director
        Kolan Davis, Republican Chief Counsel and Staff Director
                                 ------                                

            Subcommittee on Privacy, Technology and the Law

                    AL FRANKEN, Minnesota, Chairman
DIANNE FEINSTEIN, California         JEFF FLAKE, Arizona, Ranking 
CHUCK SCHUMER, New York                  Member
SHELDON WHITEHOUSE, Rhode Island     ORRIN G. HATCH, Utah
CHRISTOPHER A. COONS, Delaware       MICHAEL S. LEE, Utah
MAZIE HIRONO, Hawaii                 JOHN CORNYN, Texas
                                     LINDSEY GRAHAM, South Carolina
                Alvaro Bedoya, Democratic Chief Counsel
               Elizabeth Taylor, Republican Chief Counsel
               
               
               
                                 (II)
               
               
               
               
                            C O N T E N T S

                              ----------                              

                        JUNE 4, 2014, 2:35 P.M.

                    STATEMENTS OF COMMITTEE MEMBERS

                                                                   Page

Flake, Hon. Jeff, a U.S. Senator from the State of Arizona.......     4
Franken, Hon. Al, a U.S. Senator from the State of Minnesota.....     1
    prepared statement...........................................   142
Leahy, Hon. Patrick J., a U.S. Senator from the State of Vermont,
    prepared statement...........................................   141

                               WITNESSES

Witness List.....................................................    37
Atkinson, Robert D., Ph.D., President, The Information Technology 
  and
  Innovation Foundation, Washington, D.C.........................    22
    prepared statement...........................................   115
Goldstein, Mark L., Director, Physical Infrastructure Issues, 
  U.S. Government Accountability Office, Washington, D.C.........     8
    prepared statement...........................................    60
Greenberg, Sally, Executive Director, National Consumers League,
  Washington, D.C................................................    21
    prepared statement...........................................    99
Hanson, Bea, Principal Deputy Director, Office on Violence 
  Against Women, U.S. Department of Justice, Washington, D.C.....     5
    prepared statement...........................................    39
Hill, Brian, Detective, Criminal Investigations Division, Anoka 
  County
  Sheriff's Office, Andover, Minnesota...........................    16
    prepared statement...........................................    79
Mastria, Luigi, Executive Director, Digital Advertising Alliance,
  Washington, D.C................................................    19
    prepared statement...........................................    84
Rich, Jessica, Director, Bureau of Consumer Protection, Federal 
  Trade
  Commission, Washington, D.C....................................     7
    prepared statement...........................................    46
Southworth, Cindy, Vice President, Development and Innovation, 
  and
  Founder, Safety Net Technology Project, National Network to End 
  Domestic Violence, Washington, D.C.............................    24
    prepared statement...........................................   122

                               QUESTIONS

Questions submitted to Robert D. Atkinson by Senator Flake.......   145
Questions submitted to Mark L. Goldstein by Senator Franken......   147
Questions submitted to Luigi Mastria by Senator Flake............   146
Questions submitted to Jessica Rich by Senator Franken...........   148

                                ANSWERS

Responses of Robert D. Atkinson to questions submitted by Senator 
  Flake..........................................................   149
Responses of Mark L. Goldstein to questions submitted by Senator 
  Franken........................................................   157
Responses of Luigi Mastria to questions submitted by Senator 
  Flake..........................................................   151
Responses of Jessica Rich to questions submitted by Senator 
  Franken........................................................   155

                MISCELLANEOUS SUBMISSIONS FOR THE RECORD

Chamber of Commerce of the United States of America, R. Bruce 
  Josten, Executive Vice President, Government Affairs, June 11, 
  2014, letter...................................................   160
Consumers Union, George Slover, Senior Policy Counsel, June 3, 
  2014, letter...................................................   162
IAB, Mike Zaneis, EVP and General Counsel, June 4, 2014, letter..   163
MAPPS, John M. Palatiello, Executive Director, June 4, 2014, 
  letter.........................................................   165
MCBW, Liz Richards, Executive Director, May 28, 2014, letter.....   169
National Center for Victims of Crime, Mai Fernandez, Executive 
  Director, June 2, 2014, letter.................................   172
NRF, David French, Senior Vice President, Government Relations, 
  June 4, 2014, letter...........................................   174
NWLC, Fatima Goss Graves, Vice President for Education and 
  Employment, and Lara S. Kaufmann, Senior Counsel and Director 
  of Education Policy for At-Risk Students, June 3, 2014, letter.   158
OTA, Craig Spiezle, Executive Director, June 2, 2014, letter.....   176
Stalking Case: Harry Hitzeman, Daily Herald, ``Kansas Man 
  Convicted of Stalking, Choking Woman in Elgin,'' October 31, 
  2012, article..................................................   177
Stalking Case: Justin Scheck, Wall Street Journal, ``Stalkers 
  Exploit Cellphone GPS,'' August 3, 2010, article...............   178
Stalking Case: Dan Rozek, Sun-Times, ``Accused GPS-Stalker Tells 
  Judge He Wants To Plead Guilty to Murder,'' July 18, 2011, 
  article........................................................   183
Stalking Case: Francie Grace, CBS News, ``Stalker Victims Should 
  Check for GPS,'' February 6, 2003, news story..................   184


                    THE LOCATION PRIVACY PROTECTION
                              ACT OF 2014

                              ----------                              


                        WEDNESDAY, JUNE 4, 2014

                      United States Senate,
   Subcommittee on Privacy, Technology and the Law,
                                Committee on the Judiciary,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 2:35 p.m., in 
room SD-226, Dirksen Senate Office Building, Hon. Al Franken, 
Chairman of the Subcommittee, presiding.
    Present: Senators Franken, Blumenthal, and Flake.

             OPENING STATEMENT OF HON. AL FRANKEN,
           A U.S. SENATOR FROM THE STATE OF MINNESOTA

    Chairman Franken. This hearing will be called to order. 
Welcome to the Senate Judiciary Subcommittee on Privacy, 
Technology, and the Law. This is a hearing on my bill to 
protect sensitive location information, the Location Privacy 
Protection Act of 2014.
    Three years ago, I held a hearing to look at how our laws 
were protecting the location information generated by 
smartphones, cell phones, and tablets. The first group that I 
heard from was the Minnesota Coalition for Battered Women. They 
told me that across Minnesota victims were being followed 
through so-called stalking apps specifically designed to help 
stalkers secretly track their victims.
    I started investigating these stalking apps. Let me read 
you some of their websites.
    Here is one called SPYERA. It says: ``Most of the time if 
you think your spouse is being unfaithful, you are right.'' 
``[SPYERA] will be your spy in their pocket.'' ``[Y]ou will 
need to sneak your spouse's phone and download it to their 
phone.'' ``After the software is downloaded, you will be able 
to see where they are geographically. If your husband is in two 
counties over from where you live, SPYERA will tell you that.'' 
And, of course, ``husband'' can mean ``wife'' or ``ex'' or 
whatever you want to put in there.
    Here is another. This is from FlexiSPY. ``FlexiSPY gives 
you total control of your partner's phone without them knowing 
it--See exactly where they are, or were, at any given date and 
time.''
    Here is another quote that has since been taken down: 
``Worried about your spouse cheating? Track EVERY text, EVERY 
call and EVERY move they make using our EASY Cell Phone Spy 
Software.''
    These apps can be found online in minutes. And abusers find 
them and use them to stalk thousands of women around the 
country.
    The Minnesota Coalition for Battered Women submitted 
testimony about a northern Minnesota woman who was the victim 
of domestic violence--and the victim of one of these stalking 
apps. This victim had decided to get help. And so she went to a 
domestic violence program located in a county building. She got 
to the building, and within 5 minutes, she got a text from her 
abuser asking her why she was in the county building. The woman 
was terrified. And so an advocate took her to the courthouse to 
get a restraining order. As soon as she filed for the order, 
she got a second text from her abuser asking her why she was at 
the county courthouse and whether she was getting a restraining 
order against him. They later figured out that she was being 
tracked through a stalking app installed in her phone.
    This does not just happen in Minnesota. A national study 
conducted by the National Network to End Domestic Violence 
found that 72 percent of victim services programs across the 
country had seen victims who were tracked through a stalking 
app or a stand-alone GPS device. Without objection, I will add 
to the record the accounts of a few other victims.
    Here is one from a victim in Illinois. She was living in 
Kansas with her abuser. She fled to Elgin, Illinois, a town 
three States away. She did not know that the whole time her 
cell phone was transmitting her precise location to her abuser. 
He drove the 700 miles to Elgin. He tracked her to a shelter 
and then to the home of her friend, where he assaulted her and 
tried to strangle her.
    Here is one from a victim in Scottsdale, Arizona. Her 
husband and she were going through a divorce. Her husband 
tracked her for over a month through her cell phone. 
Eventually, he murdered their two children in a rage.
    In most of these cases, the perpetrator was arrested 
because it is illegal to stalk someone. But it is not clearly 
illegal to make and to market and to sell a stalking app. And 
so nothing happened to the companies making money off of the 
stalking. Nothing happened to the stalking apps.
    My bill would shut down these apps once and for all. It 
would clearly prohibit making, running, and selling apps and 
other devices that are designed to help stalkers track their 
victims. It would let police seize the money that these 
companies make and use that money to actually prevent stalking. 
My bill will prioritize grants to the organizations that train 
and raise awareness around GPS stalking. And it would make the 
Department of Justice get up-to-date statistics on GPS 
stalking. That is a big deal, because the latest statistics we 
have from DOJ are from 2006, and at that point they estimated 
over 25,000 people were being GPS-stalked annually, back in 
2006, and we know what smartphone technology has done since 
then.
    But my bill does not protect just victims of stalking. It 
protects everyone who uses a smartphone, an in-car navigation 
device, or any mobile device connected to the Internet. My bill 
makes sure that if a company wants to get your location or give 
it out to others, they need to get your permission first.
    I think that we all have a fundamental right to privacy: a 
right to control who gets your sensitive information and with 
whom they share it. Someone who has a record of your location 
does not just know where you live. They know where you work and 
where you drop your kids off at school. They know the church 
you attend and the doctors that you visit.
    Location information is extremely sensitive. But it is not 
being protected in the way it should be. In 2010, the Wall 
Street Journal found that half of the most popular apps were 
collecting their users' location information and then sending 
it to third parties, usually without permission.
    Since then, some of the most popular apps in the country 
have been found disclosing their users' precise location to 
third parties without their permission. And it is not just 
apps. The Nissan Leaf's on-board computer was found sending 
drivers' locations to third-party websites. OnStar threatened 
to track its users even after they canceled their service; they 
only stopped when I and other Senators called them out on this. 
And a whole new industry has grown up around tracking the 
movements of people going shopping--without their permission, 
and sometimes when they do not even enter a store.
    The fact is, that most of this is totally legal. With only 
a few exceptions, if a company gets your location information 
over the Internet, they are free to give it to almost anyone 
they want.
    My bill closes these loopholes. If a company wants to 
collect or share your information, it has to get your 
permission first and put up a post online saying what the 
company is doing with your data. Once a company is tracking 
you, it has to be transparent, or else it has to send you a 
reminder that you are being tracked.
    Those requirements apply only to the first company getting 
location information from your device. For any other company 
getting large amounts of location data, all they have to do is 
put up a post online explaining what they are doing with that 
data.
    That is it. These rules are built on existing industry best 
practices, and they have exceptions for emergencies, theft 
prevention, and parents tracking their kids. The bill is backed 
by the leading anti-domestic violence and consumer groups. 
Without objection, I will add letters to the record from the 
Minnesota Coalition for Battered Women, the National Center for 
Victims of Crime, the National Women's Law Center, the Online 
Trust Alliance, and Consumers Union--all in support of my bill. 
This bill is just common sense.
    [The letters and stalking cases appear as submissions for 
the record.]
    Chairman Franken. Before I turn it over to my friend the 
Ranking Member, I want to make one thing clear. Location-based 
services are terrific. I use them all the time when I drive 
across Minnesota. They save time and money, and they save 
lives. Ninety-nine percent of companies that get your location 
information are good, legitimate companies.
    And so I have already taken into account many of the 
industry concerns that I heard when we debated this bill last 
Congress: I have capped liability, I have made compliance 
easier. And if folks still have issues with the bill, I want to 
address them.
    So, with that, I will turn it over to Senator Flake.

             OPENING STATEMENT OF HON. JEFF FLAKE,
            A U.S. SENATOR FROM THE STATE OF ARIZONA

    Senator Flake. Thank you, Mr. Chairman. Thank you again to 
the witnesses for being here. I know you have busy schedules, 
and I really appreciate you doing this.
    I think we can all agree that stalking and domestic 
violence are serious concerns. That is why I was pleased to 
support the reauthorization of the Violence Against Women Act. 
I agree with those who will testify today, like Ms. Southworth 
of the National Network to End Domestic Violence and Detective 
Hill on the second panel, that domestic violence and stalking 
are serious problems that need to be addressed. I am not aware 
of any concerns that have been expressed about some of the 
sections of this bill, those that address the stalking apps and 
directing the Government to study GSP stalking and prioritize 
grants to educate law enforcement about this problem.
    Having said that, there are sections of the bill that I 
think are still a bit concerning. The bill before us regulates 
the commercial collection of geolocation information. Some 
concerns have been raised about its effect on businesses and 
applications that use geolocation information to provide 
consumers with services that they now rely on.
    I would like to enter into the record letters from the 
National Retail Federation and the Interactive Advertisement 
Bureau if that is okay.
    Chairman Franken. Without objection.
    Senator Flake. Thanks.
    [The letters appear as submissions for the record.]
    Senator Flake. In our efforts to protect the privacy of 
Americans, which is extremely important, we have got to be 
careful not to stifle innovation in dynamic sectors of the 
economy. A lot of the concerns that have been expressed are 
about static regulations that deal with a dynamic sector of the 
economy, and we want to make sure that we do not hamper 
development of new products and technologies.
    With that, I look forward to the witnesses. Thanks.
    Chairman Franken. Thank you, Senator Flake.
    The first panel of witnesses has seated themselves. Thank 
you.
    Bea Hanson is the Principal Deputy Director of the United 
States Department of Justice Office on Violence Against Women. 
Before joining the OVW, Ms. Hanson was director for emergency 
services and the chief program officer for Safe Horizon, a 
crime victims service organization in New York City. Ms. Hanson 
is a Minnesotan by birth and was raised in St. Paul.
    Jessica Rich is the Director of the FTC's Bureau of 
Consumer Protection. During her time at the FTC, Ms. Rich has 
led major policy initiatives related to privacy, data security, 
and emerging technologies; overseen enforcement actions; and 
developed significant FTC rules. She also received the 
Chairman's Award in 2011 for her contributions to the FTC's 
mission.
    Mark Goldstein is the Director of Physical Infrastructure 
Issues for the U.S. Government Accountability Office. He is a 
frequent witness before Congress and served as senior staff 
member of the Senate Committee on Homeland Security and 
Governmental Affairs. He will testify about the two different 
studies that GAO conducted at my request on the subject of 
location privacy.
    I would like to welcome you all. Thank you for appearing. 
Your written testimony will be made part of the record. You 
each have about 5 minutes for any opening remarks that you 
would like to make. We will start with Ms. Hanson.

 STATEMENT OF BEA HANSON, PRINCIPAL DEPUTY DIRECTOR, OFFICE ON 
VIOLENCE AGAINST WOMEN, U.S. DEPARTMENT OF JUSTICE, WASHINGTON, 
                              D.C.

    Ms. Hanson. Thank you so much. Good afternoon, Chairman 
Franken, Ranking Member Flake, and members of the Committee. 
Thank you for the opportunity to testify on behalf of the 
Department of Justice regarding stalking, mobile devices, and 
location privacy.
    My name is Bea Hanson, and I am the Principal Deputy 
Director of the United States Department of Justice Office on 
Violence Against Women, or OVW. One key way that the Department 
of Justice has focused on strengthening the criminal justice 
response to stalking is through the implementation of the 
Violence Against Women Act, or VAWA.
    Since the passage of VAWA in 1994, we have made significant 
strides in enhancing the criminal justice system's response to 
stalking, and Congress has been a strong partner in our 
national efforts to address this issue.
    Since 1994, Congress has amended VAWA to address our 
growing understanding of this crime, adding stalking to the 
purpose areas of grant programs, broadening the Federal 
interstate stalking statute to protect victims of cyber 
stalking, and enhancing penalties for repeat stalking 
offenders. Just last year, in the most recent VAWA 
reauthorization, Congress closed a loophole in the Federal 
cyber stalking statute to permit Federal prosecutors to pursue 
cases where the offender and the victim both lived in the same 
State. Congress also amended the Jeanne Clery Campus Security 
Act to require that universities report crime statistics on 
incidents of stalking.
    As you both know, stalking is a complex crime, and it 
continues to be missed, misunderstood, and very much 
underestimated. Incidents of stalking behavior, when considered 
separately, may seem relatively innocuous. However, stalking 
behavior tends to escalate over time, and it is often paired 
with or followed by sexual assault, physical abuse, or 
homicide, as Chairman Franken has pointed out. Its victims feel 
isolated, vulnerable, and frightened, and tend to suffer from 
anxiety, from depression, and from insomnia.
    Results of the 2010 National Intimate Partner and Sexual 
Violence Survey, or NISVS, which was released by the Centers 
for Disease Control in late 2011, demonstrate the grave scope 
of this crime. Using a conservative definition of stalking, the 
survey found that 6.6 million people were stalked in the 
previous 12-month period and that 1 in 6 women and 1 in 19 men 
were stalked at some point in their lifetimes.
    The survey report noted that, although anyone can be a 
victim of stalking, females were more than three times more 
likely to be stalked than males, and that young adults had the 
highest rates of stalking victimization.
    The report also showed the too frequent nexus between 
stalking and intimate partner abuse. For the overwhelming 
majority of victims, the stalker is someone who is known to 
them--an acquaintance, a family member, or, most often, a 
current or former intimate partner. And the NISVS report 
confirmed that most stalking cases involve some form of 
technology. More than three-quarters of the victims reported 
having received unwanted phone calls, voice messages, and text 
messages; and roughly one-third of the victims were watched, 
followed, or tracked with a listening or other kind of device.
    The report authors noted that their findings showed a 
higher percentage of stalking than previous national studies 
and hypothesized that this increase could be due to new 
technologies that make stalking behavior easier.
    Technology has provided new tools for stalkers. For 
example, the rapid increased use of cellular phones in recent 
years has created a new market in malicious software that, when 
installed on mobile devices, allows perpetrators to intercept 
victims' communications without their knowledge or consent. 
Through the use of this software, perpetrators can read 
victims' e-mail and text messages, listen to their telephone 
calls, trace their movements, and turn on the microphone in 
their phone to record conversations occurring in the immediate 
surrounding area. And all this can be done remotely and 
surreptitiously.
    A recent study conducted by the National Network to End 
Domestic Violence, supported by the Department of Justice 
Office for Victims of Crime, further suggests that technology-
enhanced stalking, including the use of mobile devices, is 
neither novel nor rare. Of the more than 750 victims service 
agencies that responded, 72 percent reported helping victims 
who had been tracked by GPS either through a cell phone or a 
GPS device.
    The findings from NISVS and other surveys underscore how 
critical it is that professionals who work with stalking 
victims understand the dynamics of stalking, particularly how 
stalkers use technology. We know that stalking is often a 
precursor to other forms of violence. Because stalking can be 
challenging to recognize, OVW grant programs support 
specialized training for police, prosecutors, and others to 
ensure that comprehensive services are available to victims.
    We also fund a number of training and technical assistance 
projects that target the intersection of technology and the 
crimes of stalking, sexual assault, domestic violence, dating 
violence, and there is more information on that in my written 
testimony. And we have some of our grantees who are going to be 
talking here later on the second panel.
    I appreciate the opportunity to testify today, and I look 
forward to continuing to working with Congress, working with 
you all, as it considers these important issues. Thank you.
    [The prepared statement of Ms. Hanson appears as a 
submission for the record.]
    Chairman Franken. Thank you, Ms. Hanson.
    Ms. Rich?

         STATEMENT OF JESSICA RICH, DIRECTOR, BUREAU OF
CONSUMER PROTECTION, FEDERAL TRADE COMMISSION, WASHINGTON, D.C.

    Ms. Rich. Good afternoon, Chairman Franken and Ranking 
Member Flake. My name is Jessica Rich, and I am the Director of 
the Bureau of Consumer Protection at the Federal Trade 
Commission. I very much appreciate this opportunity to present 
the Commission's testimony on consumer protection issues 
involving geolocation information and to offer some initial 
views on the draft Location Privacy Protection Act.
    Protecting consumers' privacy is a key focus of the 
Commission's efforts, and we commend the Committee for its 
continued attention to this really important issue.
    Products and services that use geolocation data make 
consumers' lives easier and more efficient, as you have noted, 
Chairman Franken. Consumers can get turn-by-turn directions to 
their destinations, find the closest bank, and check the 
weather when they are traveling, among many other examples.
    At the same time, the increasing collection, use, and 
disclosure of this data presents serious privacy concerns. For 
this reason, the Commission considers precise geolocation data 
to be sensitive, warranting opt-in consent prior to collection 
from a consumer's mobile device.
    Why is this data so sensitive? A device's geolocation can 
reveal consumers' movements in real time and over time and, 
thus, divulge intimate personal details about them, such as the 
doctor's office they visit, how often they go, their place of 
worship, and when and what route their kids walk to school in 
the morning and return home in the afternoon.
    This data can be accessed and used in many ways consumers 
do not expect, for example, collected through stalking apps, 
sold to third parties for unspecified uses, paired with other 
data to build detailed profiles of consumers' activities, or 
stolen by hackers. The risks to consumer range from unwanted 
tracking to threats to personal safety.
    The Commission has taken action to protect this data 
through law enforcement and outreach efforts. Using its 
authority under the FTC Act, the Commission has brought cases 
against companies engaged in unfair and deceptive practices 
involving geolocation data. One example is our recent 
settlement with Snapchat, the developer of a popular mobile 
messaging app. In that case, the FTC alleged that, in addition 
to misrepresenting that photo and video messages sent through 
the service would disappear, which was what was publicized most 
about that case, Snapchat also collected and transmitted 
geolocation data from its app, even though its privacy policy 
claimed it did not track users or access such information at 
all.
    In another case, this one involving the developer of a 
popular flashlight app, the FTC alleged that the developer told 
users that it would collect diagnostic and technical 
information simply to assist with product support, but failed 
to disclose that the app transmitted the device's precise 
geolocation and unique device ID to ad networks.
    Finally, in a series of settlements with rent-to-own 
retailer Aaron's and its affiliates, the FTC alleged that the 
companies' installation and use of software on rental computers 
that secretly monitored and tracked consumers violated the FTC 
Act. The software could log keystrokes, capture screen shots, 
and take photo using the computer's webcam, all unbeknownst to 
users. Notably, the FTC alleged that installing location-
tracking software on the rented computers without the renter's 
consent and disclosing this geolocation to rent-to-own stores 
was an unfair and illegal practice.
    In addition to enforcement, the Commission also has 
conducted studies, held workshops, and issued reports in this 
area. For example, in 2012, FTC staff issued two reports about 
the disclosures provided in mobile apps for kids. The report 
showed that the apps collected data from the kids' devices, 
including unique device ID and geolocation data, and shared it 
with third parties, often without notice to parents.
    And in February of last year, FTC staff issued a report 
providing specific recommendations about how all players in the 
mobile ecosystem--platforms, app developers, ad networks, 
analytics companies, and trade associations--can and must 
ensure that consumers have timely, easy-to-understand 
disclosures and choices about what data companies collect and 
use, including geolocation data.
    Now, turning to a discussion of the Location Privacy 
Protection Act, the Commission very much supports the goals of 
this bill, which seeks to improve the transparency and consumer 
control over the collection and use of sensitive geolocation 
data. The bill really represents an important step forward, 
notably by requiring clear and accurate disclosures and opt-in 
consent from consumers before this sensitive data can be 
collected.
    The bill contains both civil and criminal provisions and 
gives the Department of Justice sole authority to enforce both. 
We very much support strong remedies for violations. However, 
as the Federal Government's leading privacy enforcement agency, 
we do recommend that the Commission be given responsibility for 
enforcing the civil provisions of the bill.
    Thank you very much for this opportunity to provide the 
Commission's views. The FTC is very committed to protecting the 
privacy of consumers' geolocation information, and we look 
forward to continuing to work with the Committee and Congress 
on this issue.
    [The prepared statement of Ms. Rich appears as a submission 
for the record.]
    Chairman Franken. Thank you, Ms. Rich. I noted your 
recommendation in your written testimony and again just now.
    Ms. Rich. Okay. Thanks.
    Chairman Franken. Mr. Goldstein?

      STATEMENT OF MARK L. GOLDSTEIN, DIRECTOR, PHYSICAL 
 INFRASTRUCTURE ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE, 
                        WASHINGTON, D.C.

    Mr. Goldstein. Thank you. Good afternoon, Mr. Chairman, 
Ranking Member Flake, and members of the Subcommittee. Thank 
you for the opportunity to be here this afternoon and provide 
testimony on consumers' location data.
    Smartphones and in-car navigation systems give consumers 
access to useful location-based services.
    However, questions about privacy can arise if companies use 
or share consumers' location data without their knowledge.
    Several agencies have responsibility to address consumers' 
privacy issues, including the FTC, which has authority to take 
enforcement actions against unfair or deceptive acts, and the 
NTIA, which advises the President on telecommunications and 
information policy issues.
    My testimony addresses: one, companies' use and sharing of 
consumers' location data; two, consumers' location privacy 
risks; and, three, actions taken by selected companies and 
Federal agencies to protect consumers' location privacy.
    Our findings were as follows in the two reports we released 
over the last couple of years.
    First, that 14 mobile industry companies and 10 in-car 
navigation providers that GAO examined in its 2012 and 2013 
reports, including mobile carriers and auto manufacturers, 
collect location data and use or share them to provide 
consumers with location-based services and improve consumer 
services. For example, mobile carriers and application 
developers use location data to provide social networking 
services that are linked to consumers' locations. In-car 
navigation services use location data to provide services such 
as turn-by-turn directions and roadside assistance. Location 
data can also be used and shared to enhance the functionality 
of services such as search engines to make search results more 
relevant, for example, returning results of the nearby 
businesses.
    Second, while consumers can benefit from location-based 
services, their privacy may be at risk when companies collect 
and share location data. For example, in both our reports, we 
found that when consumers are unaware that their location data 
are shared and for what purpose that data might be shared, they 
may be unable to judge whether location data are shared with 
trustworthy third parties. Furthermore, when location data are 
amassed over time, they can create detailed profiles of 
individual behavior, including habits, preferences, and roads 
traveled--private information that could be exploited. 
Additionally, consumers could be at higher risk of identity 
theft or threats to personal safety when companies retain 
location data for long periods of time or in ways that link the 
data to individual consumers. Companies can anonymize location 
data that they use or share in part by removing personally 
identifying information. However, in our 2013 report, we found 
that in-car navigation providers that GAO examined used 
different de-identification methods that may lead to varying 
levels of protection for consumers.
    Third, companies GAO examined in both reports have not 
consistently implemented practices to protect consumers' 
location privacy. The companies have taken some steps that 
align with recommended practices for better protecting 
consumers' privacy. For example, all the companies we examined 
in both reports used privacy policies or other disclosures to 
inform consumers about the collection of location data and 
other information. However, companies did not consistently or 
clearly disclose to consumers what the companies do with these 
data or third parties with which they might share that data, 
leaving consumers unable to effectively judge whether such uses 
of their location data might violate their privacy.
    In our 2012 report, we found that Federal agencies have 
taken steps to address location privacy data through 
educational outreach events, reports with recommendations to 
protect consumer privacy, and guidance for industry. For 
example, the Department of Commerce's NTIA has brought 
stakeholders together to develop codes of conduct for industry. 
But GAO found that this effort lacks specific goals, 
milestones, and performance measures, making it unclear whether 
the effort would actually even address location privacy. 
Additionally, in response to a recommendation in GAO's 2012 
report, the FTC issued guidance in 2013 to inform companies of 
the Commission's views on the appropriate actions mobile 
industry companies should take to disclose their privacy 
practices and obtain consumers' consent. GAO made 
recommendations to enhance consumer protections in 2012. GAO 
recommended, for example, that NTIA develop goals and 
milestones and measures for its stakeholder initiative. GAO 
will continue to monitor this effort in the future.
    Mr. Chairman, this concludes my oral statement. I would be 
happy to respond to any comments. Thank you.
    [The prepared statement of Mr. Goldstein appears as a 
submission for the record.]
    Chairman Franken. Thank you, Mr. Goldstein. Thank you all 
for your testimony.
    Ms. Hanson and Ms. Rich, your agencies have already done 
important work to combat cyber stalking and GPS stalking, but I 
want to challenge you to do more. I want to press you to 
investigate and shut down these smartphone stalking apps. They 
hurt tens of thousands of people every year. They market 
themselves directly and brazenly to stalkers, and they are 
easily available on the Internet.
    My bill will give you even more tools to go after these 
apps, but will you pledge to me today that you will use all of 
your existing tools to investigate and shut down these apps?
    Ms. Rich. Yes, I will, within my powers. We do have a 
Commission that needs to approve things, but I run the Bureau 
of Consumer Protection. I will note that we did bring a case 
against a similar service called Remote Spy. We litigated a 
case against them that was providing this very same type of 
service to spy on people, and we obtained a strong order 
against the company, and we can use similar tools to pursue 
these types of stalking apps.
    Chairman Franken. Thank you.
    Ms. Hanson. From my role at the Office on Violence Against 
Women, we are a grant-funded organization, and we really want 
to work with you and work together to address these issues 
around stalking applications. This has been a huge, a big 
priority for the Department. I would like to bring back to 
those folks who actually do the prosecution and want to share 
your concerns with the Criminal Division, specifically the 
computer crime and intellectual property section, as well as 
the U.S. Attorney's Office, Executive Office of the U.S. 
Attorney who handles the criminal prosecutions, and I will 
bring that back to them.
    Chairman Franken. Well, thank you. And there is bipartisan 
agreement on this. In 2011, I sent a letter joined by Senators 
Grassley, Klobuchar, Cornyn, Blumenthal, Graham, Whitehouse, 
Schumer, and Feinstein asking your agencies to crack down on 
these apps. So I want to ask each of you to do everything you 
can to shut them down.
    Mr. Goldstein, some of the witnesses on our second panel 
urge us to be cautious about legislating. They favor self-
regulation. As part of your investigation, you looked at 
industry best practices for the collection and sharing of 
location data. In an interview after the report, you said that 
there were not very many rules in place and that in many ways 
this was still ``the Wild West of the Electronic Era.''
    Did you find that industry best practices were being 
implemented consistently? And did you find that consumers were 
being given the information they needed to make choices about 
their privacy?
    Mr. Goldstein. Thank you, Mr. Chairman. Our reports clearly 
indicate that there is no comprehensive approach; that some 
companies do pay attention very consistently to the rules, the 
self-regulating rules that are out there, and some do not; and 
that there is a great variety and not a lot of transparency. 
Those seem to be the two principal problems, a lot of variety 
and that some pay attention to some rules and not others, and 
the lack of transparency and that consumers do not always have 
enough information to make choices about what kind of 
information is being retained, how long it is being retained, 
by whom it is being retained and used, things like that.
    So there are quite a lot of problems still out there with 
the application of the rules.
    Chairman Franken. And I see you are nodding, Ms. Rich.
    Ms. Rich. Yes. Many industry groups and individual 
companies say they implement opt-in or have opt-in as a best 
practice. But our enforcement more broadly, even outside of 
stalking apps, but related to the collection of geolocation 
information, including the Snapchat case, the Goldenshores 
case, which was the flashlight case, our case against Aaron's, 
and also our survey of kids' apps shows that this opt-in 
standard is not being complied with on a regular basis.
    Chairman Franken. Yes, I found the Snapchat case 
particularly ironic because their whole selling point was that 
once you post a video or a photo, it would disappear.
    Ms. Rich. And we allege that was not true, among other 
things.
    Chairman Franken. But it did not. Other than that, it was 
exactly what it said.
    Okay. I am running out of my time. I will ask one more 
question, and we want to get to our other panel, so I will give 
it to Senator Flake, and I will ask one more question of Ms. 
Hanson.
    Senator Flake. Thank you.
    Mr. Goldstein, in your testimony you outline a series of 
``what if's,'' asserting that location data could be used to 
track consumers, and I think we all understand the potential of 
this. You say that these--which can be used to steal identity, 
stalk them, monitor them without their knowledge. You also say 
that collection of data, location data, poses a threat. We all 
understand that. You have explained that very well. But in your 
study or in your investigation, did you uncover examples of 
companies stealing customers' identities or stalking them or 
criminals' obtaining location data? We know the potential 
exists. Did you actually turn up any nefarious activity?
    Mr. Goldstein. No, Senator, we did not. It was really a 
look at the kinds of issues that were out there. It was not 
really within the scope. But we also did not find any.
    Senator Flake. Ms. Rich, you mentioned a few of them and 
cases that have been brought. What has been out there in 
popular media that has caught your attention? Is that usually 
how you find these cases? Or how do you come on to these cases 
where you decide to bring action against them?
    Ms. Rich. We find cases in a variety of ways. We may be 
tipped off by an insider. We may get referrals from businesses 
or consumer groups or tech people. But responding to the 
question you just asked my colleague, one thing that our cases 
do show is that companies, even flashlights, are collecting 
this data, contrary to the claims they are making, and then 
they are sharing it. So it is being collected and used, and 
given what it can show in terms of consumers' private 
activities, that raises concerns.
    Senator Flake. Yes, certainly I think we all recognize that 
people use it for advertising and some of the disclosing--or 
giving the opportunity to opt out. My question to Mr. Goldstein 
was do we see criminals using it for purposes that are--the 
potential certainly exists, but if there are examples of that 
in a criminal way. We have seen some of the stalking, and 
obviously we want to make sure that we crack down on that. But 
I know that the potential exists. I was just wondering, in the 
studies have we seen that actually occurring? We see some of it 
on the commercial side, but not so much on the criminal side 
yet. Is that an accurate statement?
    Ms. Rich. I think that the stalking apps are the clearest 
example of the harm that it can do. I agree.
    Senator Flake. I mentioned in my opening statement that we 
want to make sure that we do not stifle any development of new 
technologies and new positive uses of this geolocation 
information. Ms. Hanson, the Department of Justice, as you 
know, works with law enforcement agencies across the country 
and broadcasters, transportation agencies, and the wireless 
industry to issue Amber Alerts. The National Center for Missing 
and Exploited Children manages a secondary distribution of 
these Amber Alerts. These are obviously only sent when a child 
is at risk of serious injury or death.
    Would Amber Alerts fall within one of the exceptions to the 
bill?
    Ms. Hanson. I would have to bring this back to the 
Department about how this would be an exception or not. I know 
that Amber Alerts have been important in identifying missing 
children. I think we need to look at this issue more broadly, 
and I can bring that back to the Department to take a look at 
it.
    Through our office, the Office on Violence Against Women, I 
think, you know, we have seen and you will hear testimony from 
folks on the second panel. If you look at the cases of cyber 
stalking that we actually look at--when you look at it from the 
perspective of victims of domestic violence, in actuality we do 
have a large number of victims who have said that they have 
been tracked. My testimony talked about 72 percent of those 
reported, looking at victims service agencies, had been tracked 
by GPS, through cell phone or GPS. So, you know, I think those 
are important issues we need to look at, but I can bring back 
this issue, the question about the Amber Alert.
    Senator Flake. A hypothetical, and some people have talked 
about and some are actually working on programs, I think, that 
would send an Amber Alert to a specific location if a child was 
lost in a mall and you do not need the Amber Alert at that 
point because there are certain standards and thresholds at 
which those are issued. But you might be able to send it at a 
lower threshold if it could be confined to a specific location, 
say a mall. But obviously, if the geolocation information of 
individuals who were in that mall, they would not have 
consented to receive that Amber Alert, they would not have 
opted in, but could--would this be an exception? And how do we 
work with the exceptions like that where useful information 
could go out but not for regulations that could come? Does that 
make sense? I am sorry.
    Ms. Hanson. It makes sense. It is not the area that I work 
in, so what I would like to do is bring that back to other 
folks in the Department and get back to you on that.
    Senator Flake. Okay.
    [The information referred to appears as a submission for 
the record.]
    Senator Flake. You had a----
    Chairman Franken. Well, I just wanted to clarify that an 
Amber Alert would be--in Section 3 of the bill, we put in 
exceptions, and any emergency, allowing a parent or legal 
guardian to locate an emancipated minor child, and also it is 
for fire, medical, public safety, or other emergency services. 
So this is specifically in the bill. It would be exempted.
    Senator Flake. Okay. There are some that are a little less 
clear. I think Mr. Atkinson in the second panel will note that 
there are certain programs like Circle of 6, Siren, these apps 
allow women to share their precise geolocation information with 
friends who are in an unsafe situation. These, I think we all 
agree, can be used to help women who are in an unsafe 
situation. We just want to make sure that we do not do 
something that would prohibit those kind of uses, and that is a 
little tougher or a little fuzzier than an Amber Alert. And so 
I hope as we move through this process--and maybe the second 
panel can shed some light on that as well.
    Thank you, Mr. Chairman.
    Chairman Franken. Thank you.
    Senator Blumenthal has joined us.
    Senator Blumenthal. Thank you, Mr. Chairman. Thank you to 
you for having this hearing and for your really instrumental 
work on a lot of this legislation. Thanks to this excellent 
panel, and I want to thank particularly Bea Hanson for your 
work on sexual assault on campuses and your help to me in the 
roundtables that we organized around Connecticut and the 
proposals that we formulated as a result, and the President's 
great work on this issue, thanks to the wonderful staff that he 
has working on this issue.
    To that point, I wonder if you could talk a little bit 
about what additional steps colleges and universities ought to 
be taking with respect to cyber stalking and the relationship 
or the intersection of cyber stalking with campus sexual 
assault. You know, in Connecticut, more than 50,000 individuals 
are stalked every year. A lot of it occurs on campuses because 
college students tend to be more attuned to this technology. 
And yet I found, as I went around the State of Connecticut, 
that college administrators and officials there often were not 
as focused as perhaps they should be on this issue of cyber 
stalking and the technology that is available to enable it. So 
perhaps if you could talk a little bit about that issue.
    Ms. Hanson. Thank you, Senator Blumenthal. And thank you 
for your work on addressing campus sexual assault and the 
report that you put together as a result of all of the hearings 
you did in Connecticut.
    I think that nexus between campus sexual assault and cyber 
stalking is important, especially when we look at the use of 
cell phones and smartphones, especially among the college 
campus students.
    There is work that is being done, there is more work that 
we need to do, in terms of looking at prevention messages and 
incorporating issues of stalking and cyber stalking, 
particularly into messages around sexual assault because we 
know often that stalking is not something that occurs by 
itself, but that it often escalates over time and can often be 
a precursor to crimes like sexual assault or even homicide.
    I agree with you on your point about the need to train and 
talk to administrators about it. I think that there is a lot 
more knowledge among the students than there is among the 
administrators about the training that is needed to look at 
cyber stalking and those connections. So we are more than happy 
to work with you and the rest of the Committee if there are 
ways that we can make those efforts even stronger.
    Senator Blumenthal. I thank you. This technology has huge 
promise, but also tremendous peril, and the awareness of the 
peril is sometimes difficult among young people who think of 
themselves as invincible. And yet because of that delusion, 
they may be the most vulnerable, and the most vulnerable often 
to their friends who seemingly want to befriend or support 
them, and yet use this technology really to put them in great 
peril. So I thank you for your focus on that.
    I would like to ask, Ms. Rich, whether you believe under 
your current authority you can take action against some of the 
makers, the manufacturers who may be, knowingly or unknowingly, 
promoting misuse or abuse of this technology.
    Ms. Rich. To date, we have taken action--we did take action 
and litigated a case against a promoter, a seller of spyware 
that specifically sold it so that you could capture the 
movements of somebody secretly. And we did that under our 
existing authority. We also--I mentioned before you came in, we 
brought several cases against companies that either under our 
deception or unfairness authority shared geolocation without 
consent or notice to consumers. So we do have authority, but we 
do need to prove deception or unfairness. And the across-the-
board notice and consent requirements with exceptions for 
legitimate use that are in the proposed--the law which make it 
easier for us to enforce.
    Senator Blumenthal. So you would welcome this additional 
measure?
    Ms. Rich. We very much support the goals and the basic 
provisions of the bill, yes.
    Senator Blumenthal. Do you plan to have roundtables or 
workshops or other means of increasing awareness among students 
and others?
    Ms. Rich. We recently had a seminar on mall tracking, which 
is not about stalking but it is about the use of GPS to track 
consumers' movements in stores, and I think that raised 
awareness about the use of geolocation, and we will be issuing 
a report on that. And we will be--we continue to have workshops 
and seminars on consumer protection issues like these.
    Senator Blumenthal. Thank you.
    Thank you, Mr. Chairman.
    Chairman Franken. Thank you, Senator.
    I am going to ask just one real short question of Ms. 
Hanson, and it is mainly a short answer, I think, that will be 
required. The latest statistics we have on the prevalence of 
GPS stalking are from a 2006 study conducted by the Department. 
Back then, an estimated 25,000 people a year were victims of 
GPS stalking. That was, again, in 2006, before the explosion of 
smartphones.
    Today the vast majority of adults own a cell phone, and 
most of them a smartphone. So we just intuitively know that 
rates of GPS stalking must have increased since then.
    Ms. Hanson, my bill will institute regular reporting on GPS 
stalking, but in the meantime, will DOJ update its statistics 
on GPS stalking as soon as possible? And if there are barriers 
in doing that, would you tell me what they are?
    Ms. Hanson. Yes, thank you. Thank you for that question. 
This is a one-time supplement that we had put out in 2006 that 
was funded by the Office on Violence Against Women. Since then, 
as I said in my testimony, the National Intimate Partner and 
Sexual Violence Survey came out in 2011, and the National 
Institute of Justice as part of the Department of Justice has 
been working with the CDC on that.
    There are questions about stalking, and what I would like 
to do is go back and talk to folks at BJS and talk to those 
folks at NISVS to make sure that--to identify if there is any 
additional stalking questions that would be helpful for us to 
ask through the Department, just so that we are not duplicating 
anything that would be in the NISVS report. But I would be 
happy to go and look into that and get back to you on that, so 
thank you.
    Chairman Franken. Well, thank you very much. I have some 
questions that I will submit to you for the written record, but 
I would like to thank all three of you for your testimony and 
invite up our second panel.
    [The questions of Chairman Franken appear as submissions 
for the record.]
    Chairman Franken. All right. I would like to start by 
introducing our panel.
    Detective Brian Hill of Elk River, Minnesota, has served in 
the Anoka County Sheriff's Office since 2000 and has been a 
detective with the Criminal Investigation Division since 2008. 
Detective Hill is an expert in digital forensics and has 
trained over 3,000 law enforcement officers, prosecutors, 
judges, advocates, and others across Minnesota on the use of 
technology to facilitate stalking. He himself was trained by 
the Minnesota Bureau of Criminal Apprehension, the FBI, and the 
Secret Service. He also served our country as a member of the 
Air Force Reserves and was deployed for 2 years for the wars in 
Iraq and Afghanistan. We are very grateful for your service at 
home and abroad, Detective Hill, and proud to have you here. 
Thank you.
    Mr. Lou Mastria is the executive director of the Digital 
Advertising Alliance. He leads the DAA's effort on self-
regulation, consumer transparency, and consumer choice. Mr. 
Mastria is a certified information privacy professional and has 
served as the chief privacy officer for a range of 
organizations. Thank you for being here.
    Ms. Sally Greenberg is the executive director of the 
National Consumers League, NCL. She has testified before 
Congress on a variety of consumer protection issues, including 
on fraud and excessive fees on car rentals. Previously, she 
worked at the U.S. Department of Justice and the Anti-
Defamation League. Ms. Greenberg was also born and raised in 
Minnesota and is a graduate of Southwest High School, close to 
where I grew up in St. Louis Park.
    Dr. Robert Atkinson is the founder and president of the 
Information Technology Innovation Foundation. He holds a Ph.D. 
in city and regional planning from UNC-Chapel Hill and is a 
published author on economics and technology policy. Before 
founding ITIF, he was vice president of the Progressive Policy 
Institute and director of their new technology project.
    Ms. Cindy Southworth is the vice president of development 
and innovation at the National Network to End Domestic Violence 
and founder of NNEDV's Safety Net Project. She is one of the 
Nation's leading experts on stalking apps and has trained 
thousands of people across the country on stalking apps and the 
use of technology to facilitate stalking.
    Thank you and thanks to all of you again for joining us. 
Your complete written testimony will be made part of the 
record. I will note for the record that Ms. Southworth's 
written testimony on behalf of the National Network to End 
Domestic Violence is also being submitted on behalf of the 
Minnesota Coalition for Battered Women.
    So why don't we start with Detective Hill. You each have 5 
minutes for any opening remarks you would like to make. 
Detective Hill, please go ahead.

  STATEMENT OF BRIAN HILL, DETECTIVE, CRIMINAL INVESTIGATIONS 
  DIVISION, ANOKA COUNTY SHERIFF'S OFFICE, ANDOVER, MINNESOTA

    Mr. Hill. Chairman Franken, Ranking Member Flake, and 
distinguished members of the Subcommittee, my name is Brian 
Hill, and I thank you for the opportunity to appear before the 
Subcommittee to testify about law enforcement's support of the 
Location Privacy Protection Act of 2014.
    Since 2008, I have been a detective with the Criminal 
Investigations Division of the Anoka County Sheriff's Office in 
Minnesota. I investigate felony domestic and sexual violence 
cases with access to Anoka County's state-of-the-art digital 
forensics lab. I am a computer/mobile device forensic examiner/
investigator. The written testimony I submitted details my 
trainings, certifications, and professional association 
memberships.
    Why is this legislation important? Imagine the trauma of 
surviving domestic and sexual violence. Now add cyber stalking 
to that trauma. Stealth stalking apps endanger domestic 
violence victims' safety, financial stability, and social well-
being. As we all increasingly use our cell phones to work, 
bank, text, access the Internet, e-mail, and pay bills, 
stalking apps are a tool to isolate victims from the functions 
and social connections their phones provide, including 
isolating them from contacting domestic violence advocates or 
law enforcement.
    To be rid of a stealth stalking app, victims must buy new 
phones, create new e-mail accounts, and change all passwords 
and security questions. Although there are never any 
guarantees, victims live with the frightening uncertainty of 
whether the stealth stalking apps are really gone or if they 
will reappear after removal. Victims' privacy and peace of mind 
continue to be violated by this uncertainty, often long after 
they have bought new phones or changed their passwords.
    For instance, I have worked with a victim who suspected 
that her estranged boyfriend put spyware on her phone. She 
stated he knew about private phone conversations and text 
messages. Also, he would show up randomly where she was. I 
examined her phone and could not get a full data extraction to 
determine if there was any spyware. Later, she brought in her 
computer, and I had found her computer has accessed a stalking 
program called FlexiSPY. There was then proof that the program 
was installed on her phone. I worked with her on the expensive 
and complicated tasks of getting a new phone and e-mail account 
on a safe computer.
    Proliferation of cheaper stalking apps has made these 
harrowing experiences more and more common. In the last 3 
years, our mobile forensic exams in our office have increased 
exponentially by 220 percent in 3 years, averaging 30 exams per 
month. After 7 years of experience, I continue to discover new 
apps. For instance, our office is currently investigating an 
attempted murder in the context of domestic violence. We 
discovered Ti-spy, running in stealth mode on the victim's 
mobile device. Ti-Spy advertises itself as a $7 parental 
monitoring software which can be installed on smartphones to 
track text messages, calls, GPS location, and basically any 
phone data.
    As in the case of discovering Ti-Spy, I typically become 
engaged in a forensic investigation after victims or domestic 
violence advocates detect the unsettling signs of digital 
wrongdoing. They notice patterns of the abuser's knowledge 
about the victim's life and whereabouts when the abuser has no 
way of knowing.
    While my department deals with only felony cases, stalking 
apps are frequently used in misdemeanor domestic violence 
cases. Investigating cyber stalking is labor intensive and 
requires expensive, specialized equipment. Most law enforcement 
agencies, however, do not have the resources, equipment, 
staffing, or training to examine mobile devices for stalking 
apps, which can limit data recovery of potential evidence.
    Anoka County is fortunate to have eight different tools and 
dedicated staff for mobile examinations. Because of our 
county's resources, other counties and Federal agencies request 
our assistance.
    In a survey by the Minnesota Coalition for Battered Women 
in conjunction with the courts, advocates indicated that cyber 
stalking was the number one priority for law enforcement 
training in the protective order context because technology is 
frequently used to stalk victims and violate protective orders.
    To address the need for training on cyber stalking, I have 
worked closely with the Minnesota Coalition for Battered Women, 
and its 80-plus member programs, to train over 3,000 domestic 
and sexual assault advocates, law enforcement, prosecutors, and 
judges since 2009. Our efforts have borne fruit, but strained 
resources and the lack of awareness undercut law enforcement's 
ability to recognize and respond to domestic violence victims' 
increasing reports of cyber stalking. This erodes victim trust 
in the criminal justice system. A common abuser tactic in 
domestic violence is to convince the victim she is crazy. 
Victims then feel more crazy when they report the abuser has 
installed stealth stalking apps, only to be told, "We do not 
believe you," or "We do not have the resources to examine your 
phone." When law enforcement cannot effectively identify and 
respond to cyber stalking reports, victims stop reporting 
crimes and abusers win.
    This Act is a major step in addressing the stalking app 
problem. The most important part is that apps will be required 
to notify the user a second time, 24 hours to 7 days after 
initial installation, about the tracking implications. Victims 
will then be notified when the perpetrator does not have access 
to their phone. If this notice only applied to stalking apps, 
they would simply change the name of the app or market it in a 
different way. Just like in human trafficking, when Craigslist 
no longer allowed certain ads, the company backpages.com 
emerged and began to offer those ads. This Act would address 
such evasion of the law. And it also comes down to economics. 
By banning stealth GPS stalking apps, we make it unprofitable 
for the companies to make these programs, which decreases 
abusers' access to them.
    Additionally, the Act brings national public awareness to 
this issue by requiring information gathering, reporting, and 
training grants for law enforcement.
    Finally, the Act supports victim safety by requiring that 
all apps get permission to collect or share location 
information, making sure that a stalking app cannot disguise 
itself as an employee or family tracking app--or simply as a 
flashlight app.
    I urge you to support the Location Privacy Protection Act 
of 2014.
    Thank you again to the Committee for reviewing my testimony 
and for your support of law enforcement's efforts to keep 
domestic violence victims and our communities safe.
    [The prepared statement of Mr. Hill appears as a submission 
for the record.]
    Chairman Franken. Thank you, Detective Hill.
    Mr. Mastria?

STATEMENT OF LUIGI ``LOU'' MASTRIA, EXECUTIVE DIRECTOR, DIGITAL 
             ADVERTISING ALLIANCE, WASHINGTON, D.C.

    Mr. Mastria. Chairman Franken, Ranking Member Flake, 
members of the Subcommittee, good afternoon and thank you for 
the opportunity to speak at this important hearing.
    My name is Lou Mastria. I am the executive director of the 
Digital Advertising Alliance, and I am pleased to report to the 
Committee on how industry has extended its successful online 
program to mobile to ensure consumers have access to the same 
transparency control in mobile as they do on desktop.
    Of particular interest to this Committee today, our mobile 
principles require consent for collection of location data and 
an easy-to-use tool to withdraw such consent, leaving the 
consumer ultimately in charge.
    Last year, the DAA released its Mobile Guidance, providing 
consumer-friendly privacy controls in this still very fast 
growing medium. This important, self-initiated update to our 
principles reflects the market reality that brands and 
customers increasingly engage with each other on a variety of 
screens.
    The DAA is a cross-industry nonprofit organization founded 
by the leading advertising and marketing trade associations--
the ANA, the 4As, DMA, IAB, AAF, and NAI. These organizations 
originally came together in 2008 to develop the self-regulatory 
principles to cover the collection and use of web-viewing data. 
In 2012, the Obama administration publicly praised the DAA 
program as a model of success, and more recently, Federal Trade 
Commission Commissioner Ohlhausen was quoted as calling the DAA 
``one of the great success stories in the [privacy] space.''
    The Internet is a tremendous engine of economic growth, 
supporting the employment of more than 5 million Americans. 
Mobile advertising by itself in the U.S. totaled more than $7 
billion last year, and that is more than a 100-percent increase 
from the year prior. Revenue from online and mobile advertising 
subsidizes the content and services we all enjoy.
    Research shows that advertisers pay several times more for 
relevant ads, and as a result, this generates greater revenue 
to support free content. Consumers also engage more actively 
with relevant ads. Simply stated, companies have a very vested 
interest in getting this right.
    Self-regulation like the DAA is the ideal way to address 
the interplay of privacy and online and mobile advertising 
while preserving innovation. It provides industry, as 
demonstrated by the multiple updates to our program, with a 
nimble way of responding to new market challenges presented by 
a still evolving mobile ecosystem.
    The DAA mobile program applies broadly to the diverse set 
of actors that work together to deliver relevant advertising. 
The DAA principles call for enhanced notice outside of the 
privacy policy, consent for location data, and strong, 
independent enforcement mechanisms.
    Together these principles are intended to increase 
consumers' trust and confidence in how information is gathered 
in mobile by increasing transparency and control.
    The mobile program leverages an already successful 
universal icon to give consumers transparency and control about 
data collection and use. In April of this year, DAA issued 
specific guidance on how to provide this transparency tool in 
mobile. This will provide companies and consumers a consistent, 
reliable user experience in the multiple screens on which they 
interact. This will also provide companies a consumer-friendly 
way to provide notice and choice outside of the privacy policy. 
This advancement builds on the unprecedented level of industry 
cooperation which has led the DAA icon to being served globally 
more than a trillion times each month.
    In the coming months, DAA will also release a new mobile 
choice app which will empower consumers to make choices about 
data collected through mobile devices, including applications.
    Of particular relevance to this hearing and today, cyber 
stalking is a serious issue, as was detailed earlier. But 
criminal activity is separate and apart from the legitimate 
commercial uses covered by DAA. I want to note DAA's stringent 
requirements for the collection and use of precise location 
data for commercial purposes. The DAA program requires consent 
prior to collection and the provision of an easy-to-use tool to 
withdraw such consent.
    We have required privacy-friendly tools, including notice 
in the download process, notice at first install, or other 
similar measures to ensure that companies are transparent in a 
consistent manner about data collection and that consumers can 
make informed choices.
    To help ensure that both the mechanisms we require are used 
and that consumer choices are honored, we rely on our 
accountability programs. Accountability is a key feature of the 
DAA program. All of our principles are backed by the robust 
enforcement programs administered by the Better Business Bureau 
and the Direct Marketing Association. There have been more than 
three dozen publicly announced enforcement programs under this 
program to date.
    In summary, I would submit that the DAA is a story of 
empowering consumers through transparency and control. It has 
nimbly adapted consumer controls to meet quickly evolving 
market changes and consumer preferences. And it has done so 
while responsibly supporting the investment necessary to fund 
free or lower-cost products and services desired by consumers.
    I am pleased to answer any questions you might have.
    [The prepared statement of Mr. Mastria appears as a 
submission for the record.]
    Chairman Franken. Thank you, Mr. Mastria.
    Ms. Greenberg?

  STATEMENT OF SALLY GREENBERG, EXECUTIVE DIRECTOR, NATIONAL 
               CONSUMERS LEAGUE, WASHINGTON, D.C.

    Ms. Greenberg. Good afternoon, Chairman Franken, Ranking 
Member Flake, and members of the subcommittee. My name is Sally 
Greenberg, and I am the executive director of the National 
Consumers League. The league was founded in 1899 and is the 
Nation's pioneering consumer organization. Our nonprofit 
mission is to advocate on behalf of consumers and workers in 
the United States and abroad.
    Supreme Court Justice Louis Brandeis, who served as NCL's 
general counsel, noted in a landmark 1928 decision that the 
right to privacy is ``the most comprehensive of rights, and the 
right most valued by civilized men.'' We could not agree more. 
Privacy is a cornerstone of consumer protection and a 
fundamental human right.
    The ubiquity of smartphones, tablets, and other mobile 
devices has dramatically changed the way consumers interact 
with the digital world. Thanks to the widespread use of 
location data, consumers can now navigate to their favorite 
coffee shops, discover the closest sushi restaurant, and be 
more easily located by emergency response providers. This 
technology has clearly provided immense consumer benefits.
    However, as the collection and use of location data has 
become an integral part of the mobile ecosystem, so, too, has 
consumer concern over the use and misuse of these data. 
According to a Consumer Reports poll from 2012, 65 percent of 
consumers were very concerned that smartphone apps could access 
their personal contacts, photos, location, and other data 
without their permission.
    A similar Los Angeles poll showed that 82 percent of those 
surveyed were either very or somewhat concerned about the 
Internet and smartphone firms collecting their information. 
This should not be surprising. Unlike location data gained from 
a non-mobile device, such as a desktop computer, data from 
mobile phones is inherently personal and can be used to learn 
and possibly disclose information that in many cases consumers 
would rather be kept private. Justice Sotomayor summed this 
concern up perfectly in her concurring opinion in U.S. v. 
Jones. She noted that, ``Disclosed in [GPS] data . . . will be 
trips . . . to the psychiatrist, the plastic surgeon, the 
abortion clinic, the AIDS treatment center, the strip club, the 
criminal defense attorney, the by-the-hour motel, the union 
meeting, the mosque, synagogue or church, the gay bar and on 
and on.''
    The consensus among consumer privacy advocates and 
government agencies such as the GAO and FTC that we have just 
heard from a moment ago is that there is no adequate legal 
framework protecting consumers' location data in the current 
and ever-evolving mobile ecosystem. Absent such a framework, 
consumers must rely on business to adhere to a variety of often 
voluntary and inconsistently applied company policies and 
industry best practices. That is why we believe so strongly 
that this bill is absolutely necessary and will help to protect 
especially sensitive types of information that consumers use, 
such as location data.
    S. 2171 would do just that. This bill would establish a 
level playing field for businesses that seek to collect and 
share location data. It would help to restore consumer trust 
and location-based services and ensure that the many benefits 
of this technology continue to flow to consumers and the 
economy while adhering to uniform rules of the road for 
protecting location privacy.
    In particular, we believe that the bill's opt-in provisions 
will allow consumers to take control over their private 
location information, giving them the right to choose to share 
that information, or not, and be informed how their location 
data will be used and by whom. And by prohibiting so-called 
stalking apps that we have heard so much about, the law will 
appropriately outlaw a class of inherently deceptive and 
predatory applications that compromise the personal safety of 
domestic violence victims. No Federal law currently prohibits 
the operation of these apps, which are designed to run secretly 
without the user's knowledge. In addition, we strongly believe 
that the section providing for private rights of action are 
critical.
    Given the limited resources of Federal enforcement 
agencies, a narrowly defined private right of action with caps 
on available damages gives an extra layer of protection to 
consumers while addressing industry concerns about abuses of 
that private right of action.
    In closing, I would like to reiterate NCL's strong support 
for S. 2171. In today's ever-changing digital economy, 
consumers expect and deserve that the privacy of their location 
information will be protected. Absent such protections, 
consumers may indeed become less trusting in location-based 
services, which would be harmful to innovation and the economy 
as a whole.
    Thank you, Mr. Chairman, Mr. Ranking Member, and members of 
the Subcommittee, on behalf of the National Consumers League 
and America's consumers, for your leadership in convening this 
hearing and your invitation to testify on this important issue. 
I look forward to answering any questions you may have.
    [The prepared statement of Ms. Greenberg appears as a 
submission for the record.]
    Chairman Franken. Thank you, Ms. Greenberg.
    Dr. Atkinson?

    STATEMENT OF ROBERT D. ATKINSON, PH.D., PRESIDENT, THE 
 INFORMATION TECHNOLOGY AND INNOVATION FOUNDATION, WASHINGTON, 
                              D.C.

    Mr. Atkinson. Thank you. My clock is not working, so I will 
look over here for it. I assume that means I get some time, not 
zero.
    Chairman Franken. I will account for the looking over.
    [Laughter.]
    Chairman Franken. Ten percent.
    Mr. Atkinson. Thank you. Thank you, Chairman Franken, 
Ranking Member Flake, and members of the Committee. I 
appreciate the opportunity to submit testimony today. I am Rob 
Atkinson, president of the Information Technology and 
Innovation Foundation, which is a think tank focusing on 
policies to support technological innovation.
    This proposed legislation addresses two very distinct and 
unrelated issues: One is commercial use of geolocation 
information by third parties; the second is the use of that 
information by individuals, particular around stalking. Since 
these issues are separate and unrelated, I will address them 
separately.
    The issue of limiting the collection of geolocation data by 
third parties, in our view would stifle innovation in an area 
that is rapidly evolving. We have seen in the last few years 
tremendous growth in innovation around location-based services, 
and, importantly, the U.S. has led in this space. Of the top 
ten Internet companies in the world, eight of them are 
American. This is in part because our approach to regulation in 
this fast-moving digital age has really been to not regulate 
ahead of time. Unlike Europe, which is home to none of those 
ten Internet firms, they have embraced the precautionary 
principle to regulate well in advance of any real harms.
    This principle I believe is important for location-based 
services, especially in part because there is tremendous 
innovation happening in this space, and innovation that will 
continue to happen. In fact, we will probably see more 
innovation in the next 5 years than in the last. Things like 
in-car navigation and infotainment systems, connected devices 
making up the Internet of things, facial recognition--these are 
all interesting and important technologies that, unfortunately, 
do not lend themselves to a slower-moving regulatory process.
    I would support what Mr. Mastria said about industry-led 
self-regulation being a better approach, at least in this 
initial stage of technological change and innovation. Clearly, 
as we heard from Director Rich, the FTC has already taken 
actions and, in my view, has significant ability to take 
continued actions.
    We already see self-regulation working, for example, the 
Digital Advertising Initiative, but also on the two major 
platforms--iOS and Android--consumers have the ability to 
notice when location is on, to accept it, to not, to turn it 
off, turn it on.
    Second--and I think this is an important point--there is 
basically at this point no evidence or very little evidence of 
actual harms arising from commercial use. I will get to the 
stalking. There are clearly harms there. But in commercial use, 
I do not believe there is really any evidence of harms. 
Virtually all of the concern expressed to date by privacy 
advocates stems from speculative harms that could happen, but 
not actually ones that have happened.
    Third, our view is that some of the provisions in the bill, 
particularly the private right of action, could be stifling of 
innovation, particularly in the app space where for the top 800 
apps for Android and iOS (Apple), the average company size is 
25 employees. A lot of these companies, if they were faced with 
the potential of a $1 million fine for making a small coding 
mistake or putting something inaccurate on a website, I believe 
would think twice about developing a mobile app.
    Another component that I think is important is there are 
many apps that run in the background without the user's 
knowledge that are actually very, very important. Carrier IQ is 
an example of that. It is a diagnostic app that many of the 
mobile carriers use, and it enables the cell system to work 
effectively so carriers know when calls are dropped, where they 
are dropped, where they might add cellular capacity. These are 
apps we want to have running on the phone because they are 
acting in the public good.
    Finally, I would argue that some of the sections dealing 
with notice can be problematic. For companies to have to list 
every single company that they deal with from a business 
perspective could compromise some of their commercial 
information.
    Moving on to the domestic violence issue, I commend you on 
your efforts there, and I think this is really the most 
important part of the bill. We certainly fully agree with the 
outline in Section 4, Criminal Penalties, and Sections 5 
through 10. But there are a couple of components that we would 
want to provide some suggestions on.
    The 24-hour to 7-day notice provision as it is written in 
the bill now, it currently applies to all apps, including 
applications like, for example, the Weather Channel or Google 
Maps or Yelp. These are apps where an individual who might put 
those apps on the phone, they simply cannot get access to the 
geolocation data. That is third-party geolocation that stays 
there. That is very different than one of these stalking apps. 
It is very different than an app like Amber Alert GPS Teen, 
which is for parents to put something on their kids' cell 
phone. So I would urge you to think about confining that 24/7 
rule only to apps where the individual can get access to the 
GPS stream and not to have all apps, since the stalker cannot 
use the Weather Channel, for example, to stalk his or her 
victim.
    I do not think that really mattered, the point that 
Detective Hill made. The issue here is regulating the behavior 
of the app. The app could call itself anything, and it would 
still be under--it would still be subject to this rule if it is 
allowing the data stream to go to an individual.
    Another component I would urge you to think about, and that 
is international access. One of the concerns we have is even if 
we can shut down these abysmal stalking apps, stalkers may be 
able to get access overseas, on overseas websites, and I think 
thinking about that question, could there be blocking of 
certain--if we know there is, you know, the same sort of I-Spy 
site here and it just relocates to the Cayman Islands--could we 
block access to those?
    So, in summary, I will just say that geolocation offers 
many opportunities for innovation, and regulation at this point 
is premature. But, again, I commend you, Senator, for your 
leadership on the criminalization of the stalking apps, in 
particular, which I think are a serious problem and will help 
with that.
    Thank you.
    [The prepared statement of Mr. Atkinson appears as a 
submission for the record.]
    Chairman Franken. Thank you, Dr. Atkinson.
    Ms. Southworth?

         STATEMENT OF CINDY SOUTHWORTH, VICE PRESIDENT,
DEVELOPMENT AND INNOVATION, AND FOUNDER, SAFETY NET TECHNOLOGY 
PROJECT, NATIONAL NETWORK TO END DOMESTIC VIOLENCE, WASHINGTON, 
                              D.C.

    Ms. Southworth. Good afternoon, Chairman Franken, Ranking 
Member Flake, and distinguished members of the Committee. My 
name is Cindy Southworth, and I am the vice president of 
development and innovation at the National Network to End 
Domestic Violence. I am also representing our member, the 
Minnesota Coalition for Battered Women, and I work closely with 
the Arizona Coalition Against Domestic Violence and the 
Connecticut Coalition Against Domestic Violence--in fact, all 
56 coalitions.
    I founded the Safety Net Technology Project in 2002 to 
support survivors, help victim advocates, train police, and 
work with technologists and policymakers on thoughtful 
innovation. We work closely with many technology companies, 
including Verizon and Google. We serve on the Facebook Safety 
Advisory Board, and we work with the Application Developers 
Alliance.
    Since 2002, we have presented over 900 trainings to more 
than 65,000 practitioners. My esteemed and brilliant colleagues 
are with me today, and I want to say for the record that we 
love technology. We affectionately think of ourselves as the 
``geeks of the domestic violence movement.''
    The previous panel covered the statistics at length, so I 
will skip that. But I want to say that stalkers use location 
tracking services, freestanding GPS devices, and smartphone 
applications.
    Phone spyware is one of the most problematic. It allows 
abusers to monitor much more than location, but location is 
indeed one of the most dangerous, and it is currently the 
loophole. This phone spyware does not notify the victim that it 
has been installed, so an abuser can install it without her 
knowledge, consent, through any consents, and then it is done.
    A standard feature that spy developers go to great lengths 
to hide is that it is even installed. It does not show up in 
most phones as an installed app, which seems to be going to 
great length to hide it. These apps are often brazenly marketed 
to stalkers, sometimes briefly mentioning employee monitoring 
and child safety--almost as an afterthought or cover story--and 
heavily focusing on the features that will help you ``spy on 
your spouse.''
    One of the most disturbing apps that I have seen recently 
is called ``HelloSpy,'' and it has a long list of stalking 
features and has a continuous animated image on their main web 
page showing a scene from a movie where a man roughly shoves a 
woman off the bed, backward, head first. It loops over and over 
and over. And just in the time that I was taking those screen 
shots, I had to witness that about 100 times to create that 
poster.
    On another HelloSpy web page, there is a photo of a man 
grabbing a woman's arm, and the woman has visible abrasions on 
her face. Next to this photo is a list of the features of 
HelloSpy, including track phone location and many more.
    Many of the apps on the next poster that you will see are 
developed and advertised directly to stalkers to facilitate 
crimes. In some tragic cases, GPS devices and apps may have 
actually aided an offender in locating the victim to commit 
murder. Or in other cases, location tracking was just one piece 
of an overwhelming list of controlling tactics that preceded a 
victim's death. For example, in 2009, in Seattle, a man used 
the location service on his wife's phone to track her to a 
local store. After finding her speaking to a man there, he shot 
and killed their five children and then himself.
    In Philadelphia, a man installed a tracking device on his 
ex's new partner's car. Overnight he checked that GPS device 
147 times in one night, hunted him down using the GPS, and 
stabbed him to death 70 times.
    The Electronic Communications Privacy Act, ECPA, prohibits 
the manufacture, distribution, possession, and advertising of 
communication intercepting devices; however, it does not cover 
devices that surreptitiously track location information. Many 
apps on the poster very likely violate ECPA, and I would be 
happy to send this poster back with Director Hanson to give to 
her prosecutor friends at DOJ. It is important to note, 
however, that there are apps that track only GPS location and 
do not offer eavesdropping capabilities--and, hence, are not 
clearly prohibited under Federal law.
    Unfortunately, I am aware of only one instance where the 
Department of Justice has indicted a creator of spyware, and it 
was the creator of Loverspy, and he promptly fled the country 
and is now on the FBI's Cyber Most Wanted List. I would be 
delighted if the developer of HelloSpy would join this creator 
and be indicted shortly.
    So the solution. Number one, we need to require consent 
prior to tracking or sharing information. Survivors of abuse 
must be informed about how their location information will be 
used, disclosed, and shared. This consent process should be 
prominent, transparent, and easy to understand.
    Two, location tracking must be transparent and visible to 
users. Consent is critical, but consent alone is insufficient. 
Abusers often install these tracking apps without the knowledge 
of the victim. Relatively simple safeguards can be added. In 
fact, some of those safeguards already exist on the Apple 
technology and even in the Droid technology, letting people 
know that your location is being tracked.
    If GPS technology is being used legitimately to monitor 
children or employees, there is no need for a stealth mode. In 
fact, the reputable family safety products are visible.
    In 2005, the AntiSpyware Coalition created a consensus 
definition of spyware, which stated that ``tracking software 
done covertly is spying.'' And that was developed by technology 
companies.
    This provision, the transparent--the reminder provision is 
probably the most important element of the bill behind the 
criminalization. So number three, criminalize the operation, 
sale, and marketing of technologies whose primary purpose is to 
surreptitiously track someone's location and facilitate a 
crime. It is past time to also criminalize intercepting 
tracking location in addition to intercepting electronic 
communication.
    Four, allow law enforcement to seize the proceeds of those 
sales. No one should profit from encouraging or enabling 
criminal acts, and stalking app and device developers are 
creating and selling crime-facilitating products with abandon.
    Five, allow individuals an enforcement option through a 
very modest private right of action. The proposed protections 
for victims will be of little use without effective enforcement 
mechanisms, and the threshold I think is quite low. In fact, 
our organization has insurance that would cover the accidental 
oversight, not the punitive but obviously it should not cover 
that if you are doing it willfully with malintent.
    Six, enact parallel State laws. Since the overwhelming 
majority of stalking and domestic violence investigations are 
completed at the local level, we are hoping that your bill will 
become a model for State statutes.
    In conclusion, NNEDV supports innovation and has seen 
countless positive ways that technology can increase the safety 
and support for survivors of abuse and stalking. We are proud 
of the close working relationship that we have with 
technologists, and we thank Verizon, Facebook, Google, Apple, 
the Application Developers Alliance, and so many more for 
working with us to increase victim safety. The Location Privacy 
Protection Act of 2014 will narrowly impact a handful of bad 
actors that design or operate products created and sold to 
facilitate terrifying crimes.
    Senator Franken, thank you for your tireless and ongoing 
efforts to end violence against women. Thank you, Ranking 
Member Flake, and the entire committee for your long support of 
Violence Against Women Act and these important location 
protections for survivors.
    [The prepared statement of Ms. Southworth appears as a 
submission for the record.]
    Chairman Franken. Thank you, Ms. Southworth. Thank you all.
    We are going to have 7-minute rounds for questioning. I 
will start.
    Detective Hill, your testimony mentioned that you are 
investigating an attempted murder where the victim was being 
tracked by a stalking app that advertised itself as a parental 
monitoring software. I actually saw something like that myself. 
When we had a public hearing to debate this bill 2 years ago, I 
read from the website of a stalking app named ``ePhone 
Tracker.'' It looked like this: ``Suspect your spouse is 
cheating? Track every text, every call, and every move they 
make using our easy cell phone spy software.'' And there was a 
lot of press about that after that hearing.
    Later the same day, we checked the website again. This is 
what it looked like: ``Is your child exposed to sexting?'' And 
all the stuff about your spouse was gone.
    Is it common for stalking apps to disguise themselves like 
this, Detective Hill?
    Mr. Hill. Absolutely. They typically will advertise 
themselves as being a family tracker or track your employees 
because they seem more friendly that way.
    Chairman Franken. Well, because a lot of people say, well, 
why don't you just go after stalking apps? Why don't you leave 
legitimate apps alone? These are really two separate issues. 
Your answer tells me that if we want to stop stalking apps, we 
cannot target just apps that label themselves as stalking apps. 
We also have to lay down a few basic rules of the road for any 
app that is collecting your basic--your location information.
    Mr. Hill. Oh, absolutely, because they will just change the 
title of their app to something else that stalkers will 
eventually figure out.
    Chairman Franken. Ms. Southworth, we sort of have a needle 
and thread, I guess. We do not want to interfere with the 
legitimate parental monitoring apps, but we do want to block 
stalking apps that are pretending to be something that they are 
not. How do you do that?
    Ms. Southworth. Legitimate parental monitoring apps, if 
they follow along with the best practice of the computer-based 
monitoring apps, are visible. With the Microsoft Family Safety 
product, the child knows they are being monitored and their 
parents have control functions. From the moment they turn the 
computer on, they can see that there is monitoring occurring. 
The same with employee monitoring products. There is absolutely 
no problem with knowing that your device or your computer is 
being monitored. So it is--in fact, the spyware industry 
definition says if it is a monitoring product, it is spying if 
is not visible to the user, and there is no exception for child 
or employee. I understand that a child would not need to 
consent in the U.S. under our law, but they would still need 
notice.
    Chairman Franken. Well, thank you, and I agree with you 
that the reminder provision is absolutely critical here. Dr. 
Atkinson has actually raised a couple of concerns about the 
reminder provision, so I want to turn to those. Dr. Atkinson, 
in your testimony, you say that reminders might make it harder 
for parents to keep track of their kids because the kids will 
know they are being tracked. As you just heard, though, we 
cannot limit reminders only to apps that call themselves 
stalking apps. A lot of stalking apps pretend to be parental 
tracking apps and things like that.
    More importantly, though, I disagree with you that the 
reminder provision ``would be applied too broadly to all apps 
using geolocation data,'' from your testimony. My bill requires 
reminders only if an app is running in a way that is 
imperceptible. I am not sure--you seem to miss that because in 
your testimony you cite the Passbook app, in your written 
testimony, for the iPhone as a legitimate app that ``is 
arguably `imperceptible to the user.' ''
    Well, I took a look at my home screen on my iPhone, and 
there it was. This was not my iPhone, but it is second from the 
left on the top there, and it shows up on your home screen by 
default. In fact, you cannot delete it. It is impossible to 
delete, and every time it gets your location, a little arrow 
pops up. Show the arrow next to the 92 percent. I do not know 
if you can see this. It is also in your privacy settings under 
location services.
    So the Passbook app that your testimony says is 
imperceptible is really easy to perceive, at least to me. Any 
app like the Passbook app would not have to remind their users 
of anything under my bill. My point, though, is that it is not 
a fluke that Passbook app is running transparently. That is 
just the industry best practice. So right there, any app that 
follows best practices will not have to send any extra 
reminders.
    So, Dr. Atkinson, isn't it already industry best practice 
that location apps run in a way that are transparent to the 
user?
    Mr. Atkinson. So my point with that was twofold. One was--
and I may have made--should have made that clear. 
``Imperceptible'' is perhaps a vague standard and perhaps you 
might look at what would be a better definition in the bill of 
what is actually imperceptible. Is imperceptible related to the 
size of the icon? Is it related to being able to see in the 
list? That was one point I was trying to make there.
    I fully agree with you that--there are tracking apps, if 
you will, are apps that report location that do run in the 
background, like Carrier IQ. And those are used--those, again, 
are not applications that an individual can access. I cannot go 
to the Carrier IQ website and find out where my phone was. So 
that was really the point I was making, is make sure that--I 
would encourage you to make sure that the definition of any of 
these applications is only for those apps where an individual 
could put something on the phone and then the individual could 
get access to that geo data stream. Otherwise, there are other 
apps that are sometimes used for system performance where you 
would not want that to be the case.
    Chairman Franken. Well, I really do not think Carrier IQ 
should be a model here. In 2011, in fact, we had--people were 
outraged when they found out that the software was running in 
secret, and so outraged that Sprint, the single biggest user of 
Carrier IQ, removed the software from tens of millions--26 
million devices. And I am sure that there are isolated cases 
where the reminder provision might be superfluous and where it 
might be difficult. But, I mean, imperceivable, when it is on 
the home page, is--I do not know exactly--this just seems 
very--by and large, very straightforward to me.
    But I have run out of time, and I will go to the Ranking 
Member.
    Senator Flake. Well, thank you.
    Mr. Atkinson, in your testimony, you note in the written 
testimony there are number of innovative new products that 
would be considered mobile devices under the legislation, but 
they are not smartphones. These are like smart shoe apps or 
watches or other help devices that use location data to tell 
you how many steps you have walked that day. But these do not 
allow notification. There is no interaction with the user. 
Would that stifle innovation in these areas if you have issues 
or regulations that cover that?
    Mr. Atkinson. I think it could. Ms. Southworth mentioned an 
app which is just simply a GPS device. And, in fact, the 
company I mentioned, the Amber Alert company, they actually 
sell just a pure GPS device you could put in your child's 
backpack so you can follow them around and make sure you know 
where they are.
    There is no real way to do notification on that device, so 
a stalker, for example, could, as she said, put one of those 
devices in someone's trunk of their car. While I support the 
notion that we should have notice on those for stalking apps, 
there are certainly other technologies where you could not do 
that. And then obviously on some of the new things that we are 
going to get, how would you do a notice, for example, on a shoe 
or a shirt or other things like that? It could be hard to do 
notice. Notice is easier when you are dealing with an actual 
computer-like device.
    Senator Flake. Right. Mr. Atkinson, following up on that, 
Ms. Southworth at the end of her testimony said that the 
Location Privacy Protection Act will ``narrowly impact a 
handful of bad actors that design or operate products created 
and sold to facilitate terrifying crimes.'' Is that an accurate 
description of the legislation, that it would simply impact a 
handful of bad actors?
    Mr. Atkinson. Certainly the component--some of the 
components, particularly toward the end of the bill, would 
certainly do that and are needed. But half of the bill or some 
share like that is really focused on just broad generalized 
commercial use of geolocation data, which has, frankly, nothing 
to do with stalking, has no relationship to stalking or 
identity theft or other problems. And the bill would address 
those issues, and I think in a way that perhaps could limit 
innovation.
    Senator Flake. I certainly agree on the point, and like I 
said, there is a big part of the bill that I support, the 
stalking legislation part of it. But I remain concerned about 
some of it stifling innovation you were talking about.
    Mr. Mastria, do you want to address that as well?
    Mr. Mastria. Senator Flake, thank you. We see that self-
regulation has been both effective and up to the task to give 
consumers transparency and control around the--certainly on the 
desktop environment, and will bring that to the mobile 
environment. The desktop environment we have been in for over 3 
years. Later on this year we will be releasing our mobile 
choice app, which has been a work in progress now for about a 
year. We released our Mobile Guidance last year. We released an 
industry code for how to display notice earlier this year. The 
mobile app will be the third step in a four-step process that 
will actually make the guidance enforceable.
    Senator Flake. Do you share Mr. Atkinson's concerns that 
some of these new devices are not interactive and there is no 
way for even best practices or businesses to band together for 
notification if there is no interaction with the user? Does 
that, in your view, stifle innovation?
    Mr. Mastria. So one of the reasons that we think that self-
regulation works--and I just want to limit my answer to the 
scope of the program that I run. One of the reasons that we 
think that innovation is better served by self-regulation is 
that we can quickly adapt and quickly move to new business 
models. Not that many folks were simply thinking about apps and 
cross-app data, precise location data many years ago, but we 
have not only a set of principles in place and guidance for 
companies to follow, but we are also putting out tools for 
consumers to be able to make choices.
    So that has happened in a fairly quick amount of time. I 
think if there are challenges in the future around that, self-
regulation seems to be a quick way to adapt to those changes.
    Senator Flake. In your view that could be far more nimble 
than perhaps Government regulation in this regard?
    Mr. Mastria. I think that is more eloquently put than I 
did. Yes, thank you.
    Senator Flake. Ms. Greenberg, you state in your testimony, 
``. . . if companies affirmatively state in their privacy 
policies that they will collect and share their users' location 
data without consent with any third party they wish, they are 
free to do so and the FTC has little power to stop them.'' But 
in that scenario, doesn't the consumer have the ability not to 
use the company's service or the app?
    Ms. Greenberg. Well, certainly that is true, but there are 
many, many apps that consumers find very useful. I do not think 
that should mean that they sacrifice their privacy or their 
ability to say, ``What are you using this data for? Don't I 
have the right to say you need to let me know that this 
information is being shared and with whom it is being shared?'' 
So I think we can bridge that gap without interfering with 
companies' ability to innovate.
    Senator Flake. Mr. Atkinson, again, you noted in your 
testimony there were many beneficial uses of tracking apps. You 
mentioned examples of the loved one locator, Project Life 
Saver; if someone has autism or dementia or Alzheimer's, family 
members are able to track and make sure that there is a safe 
zone that they stay within.
    There are exceptions in the bill, exemptions in the bill 
for that, but some concerns have been raised where there are 
situations where a sibling or a close family friend or others 
who are not a parent or legal guardian might want to be 
involved in that. Do you want to address that again or in more 
detail?
    Mr. Atkinson. Sure. I think it is important to understand 
that ``stalking'' is not a technological term. It is a 
behavioral term. ``Tracking'' is the technological term. And I 
do not believe--nor does the bill do this--that we should ban 
tracking applications. There are enormous benefits for 
families, for other people to want to know where their device 
is, where their family members are. And we need to make sure 
that we can go forward with those.
    What I am somewhat concerned about--I do not believe we 
will end up with a situation where we can--I think companies 
will change their names. They will just be Family Trackers, or 
stalkers will just use Family Trackers. But fundamentally I do 
not know how we can solve the problem, because, for example, on 
the notification, any person who installs an app on a phone, on 
the iOS or Android, you can turn off notification.
    Now, you can hope that the person whose phone it is 
understands that and looks at it, and I think that would be 
part of the education effort we need to do. But how do you 
monitor your phone? How do you look at the apps running list, 
all those things? But there is simply--in both of those 
operating systems right now you can just say, ``Turn off 
notification.''
    So I think it is a little more complicated, I think, than 
just simply taking a set of apps that are bad actors who have 
used them for bad purposes.
    Senator Flake. Thank you.
    Thank you, Mr. Chairman.
    Chairman Franken. Thank you. The emergency exception and 
public safety exception are not limited to parents. I just 
wanted you to know that.
    Let us talk about a couple things. Mr. Mastria, both you 
and Dr. Atkinson have referred to Digital Advertising 
Alliance's self-regulatory program for mobile marketing as a 
model program. But just so I am clear, you issued this code in 
July 2013, but you are not enforcing it. Is that correct?
    Mr. Mastria. The code was issued in July 2013. There had to 
be several operational steps that have to be put into place 
before it can become operational. One of them is that there had 
to be a standardized way for companies to display the notice to 
consumers. That happened in April. And the next step is to have 
an app so that consumers can express their choices. The next 
step after the app would be that enforcement would come. Once a 
consumer makes a choice, we want to make sure that that choice 
is honored and that companies are held to honoring that choice.
    Chairman Franken. So it is a model program in theory.
    Mr. Mastria. No. The desktop program version of this has 
been around for almost 3\1/2\ years.
    Chairman Franken. Okay.
    Mr. Mastria. So we have a great pedigree to show that, in 
fact, we do put the tools in market that we say we will.
    Chairman Franken. Okay. Well, can I ask, Ms. Greenberg, 
about what your opinion is of--you know, what the reality you 
see is in best practices?
    Ms. Greenberg. Well, it seems that DAA's code is coming 
late in the game--other industry players like CTIA and the 
Direct Marketing Association put codes in place years ago. And 
so with all due respect to Mr. Mastria--and we have looked at 
his code, it is full of holes. We would argue that it feels 
like a PR gesture and may be driven, in fact, by the 
introduction of this legislation.
    And I would also take issue with the idea that self-
regulation is working. There is monumental evidence that self-
regulation is not working. We have heard witnesses from GAO and 
the FTC say as much. The Wall Street Journal did an article 
that you mentioned with 101 apps being tested, and 47 of those 
disclosed users' location to a third party without user 
consent.
    So I would say we very much need this bill because self-
regulation is not protecting consumers.
    Chairman Franken. You know, there is the point that the 
Ranking Member made: Has there been any evidence of harm? I 
think that most Americans believe in that they have some right 
to privacy. Do you think that there is harm that individuals 
can feel if their privacy is not being protected?
    Ms. Greenberg. Yes, the notion that there is no real harm 
from the tracking and using of location data for consumers 
really strikes at the heart of our notions of consumer 
protection and the idea that privacy is a bedrock American 
principle. We know that Justices of the Supreme Court whom I 
mentioned, Brandeis and Sotomayor, have articulated that that 
is a bedrock right. And we see from the Consumer Reports 
surveys, from the L.A. Times survey, the vast majority of 
consumers do care about their location data not being shared 
without their consent and do want to know where that location 
data is being sent and that it is being shared and for what 
purpose.
    So I think that flies in the face of what we know about how 
consumers feel about their privacy.
    Chairman Franken. Dr. Atkinson, last year your organization 
published a blog post about my location bill, and in it said 
that, ``The evidence for the use of stalking apps by stalkers 
and harassers is somewhat thin.''
    Dr. Atkinson, I can understand how an economics think tank 
might think that, but I am curious what folks in the field have 
actually seen.
    Detective Hill, are stalking apps common or is the evidence 
of their prevalence somewhat thin?
    Mr. Hill. They are very common, and the more exams we have 
done--like I said, you know, our exams have increased 220 
percent. The more exams we do, we are finding more and more 
that these apps do exist and are on phones.
    Chairman Franken. Ms. Southworth?
    Ms. Southworth. A week does not go by where our national 
office--we are not even set up to do direct services, but we 
get calls every single week from survivors who are really 
trying to figure out is the GPS device on my car, is it on the 
phone, is it an app, is it a setting. And we have a lot of work 
to do to help them try to figure it out, and we just do not 
have enough Detective Hills out there to send them to have 
those phones examined.
    Chairman Franken. Right, and that is why we are hoping--and 
I think Dr. Atkinson has stated his general approval of the 
stalking apps piece of this, so I do not want to send that 
wrong message. Just in the execution of it, in terms of 
giving--how important is it--and I will go to you again, Ms. 
Southworth--that people have a reminder that this is happening? 
And how realistic is that? Because Dr. Atkinson talked about 
your being able to suppress that.
    Ms. Southworth. It is vital, and the behavior is not new. 
As all the witnesses have said, you know, there is general 
support around helping victims. The challenge is offenders will 
do anything they can to control and monitor their victims, and 
back in the day they would look at the odometer when a victim 
went to the grocery store and see if she perhaps stopped to 
pick up a prescription because that is outside of the bounds of 
what she was allowed to do that day, that just phenomenal, 
crazy, and out of control that offenders do.
    What happens with some offenders is they will actually tell 
the victim, ``I am putting this stalking app on your phone, and 
I am going to be tracking you.'' If she knows it is there, when 
she comes to meet with Detective Hill to file a report, or she 
goes to the local advocate to meet and talk about a protection 
order, she can accidentally let the battery run dead. She can 
leave the phone behind. But if she does not know it is on the 
phone because either the offender did not tell her or she does 
not see it, there is no little arrow on the top, she cannot do 
anything to stay safe.
    Chairman Franken. Before I run out of time, I mean, this 
goes to the resources, because someone who feels like they are 
being tracked, saying it must be in this thing, what happens 
when they go to a police station routinely?
    Mr. Hill. Routinely what happens is the agencies do not 
have the tools to look at it, so they say they cannot, or they 
may only have one tool to look at it, and they quick take a 
look at it and do not see anything, and then send the victim on 
their way, which can be very frustrating.
    Chairman Franken. This is why we need and the bill does get 
resources for being able to do exactly what victims need.
    Mr. Hill. Absolutely.
    Chairman Franken. Okay. I am out of time, and we will go 
back to the Ranking Member, if you have any more questions.
    Senator Flake. Well, I appreciate that. Let me just say, 
like I said, the portions of the bill that deal with stalking, 
I applaud the Chairman for his dedication on this, and those 
who have testified, and groups and organizations that have 
worked on this for a long time. And I do think we definitely 
need action in those areas. My concern is just we in other 
areas, the other part of the bill, that we do not unnecessary 
stifle innovation that could help with some of these same areas 
we are talking about.
    But, Mr. Mastria, I think concerns have been raised about 
this legislation, that it might require notice to be provided 
and consent be obtained for individuals using a device. But 
some devices are used not just by one individual, a family 
table or a GPS in a car. Is there a concern among some members 
in your organization that notification may be given to an 
individual but not others who use the same device? Is that a 
concern?
    Mr. Mastria. Senator, I can speak to what the program code 
is, and the program says that if you are transferring location 
information, you have to get consent, and you have to get it 
either at the download or on install, at some point that is 
obvious. It has to be clear, meaningful, and prominent.
    I would like to take a step back and just answer a point 
that Ms. Greenberg made. Thank you for mentioning CTIA and DMA. 
They were both participants in the development of our code, and 
our code will be enforceable later on this year.
    In terms of the PR piece, our program has announced more 
than 30 public actions against both participants of the DAA and 
non-participants alike. That is not PR. It is not an easy 
conversation to have with a company that they are somehow 
noncompliant with our program. But the reality is that that is 
the mission that we have set out to do. The FTC had asked us to 
mount a program, challenged industry to mount a program to 
deliver transparency, control, and accountability, and we do 
that every single day. And that is the program that we have, 
and we think that it serves both industry and consumers well.
    Senator Flake. Thank you. That was my next question, 
actually, to describe the program you have with companies to, 
you know, give some discipline to what you are talking about. 
And you have actually referred companies for investigation. How 
many did you say?
    Mr. Mastria. There have been 33 public compliance actions. 
That number, I think it is in the 60 or 70 individual companies 
that are named in there, and of those, we get compliance from 
most of them eventually. But one of them did get referred to a 
Federal authority.
    Senator Flake. Well, thank you. That does it for me, and I 
really appreciate this hearing, and thank you for your 
testimony, everyone.
    Thank you, Mr. Chairman.
    Chairman Franken. Well, I would like to thank all the 
witnesses. Very, very quickly, because I do not want to have a 
long back-and-forth, but would you like to respond to that, Ms. 
Greenberg. But, again----
    Ms. Greenberg. Yes, if I could just take a----
    Chairman Franken. If you take a lot of time, I am going to 
go back to Mr. Mastria.
    Ms. Greenberg. I will just take a moment to say it is not 
that we are arguing with the idea that they may have pursued 
investigations. It is the code itself that is weak. The way we 
read the code, an app does not need to get permission if they 
do not share the data and they keep it to themselves under the 
code. And if the app does share precise location with a totally 
different company, they still do not need to get permission to 
share it if they are doing so for a variety of purposes, like 
market research or product hits.
    So, in other words, it is the code itself that is weak, and 
when I described it as full of holes, that is what I was 
referring to.
    Chairman Franken. I will go back to Mr. Mastria, just in 
fairness.
    Mr. Mastria. The code does call for consent when there is a 
transfer of location information, and the reason we do that is 
that we focus on when information is being transferred to 
unrelated apps or unrelated sites. And so that is the code, and 
that is part of the transparent----
    Chairman Franken. Well, was her characterization of the 
code not accurate?
    Mr. Mastria. Yes; not accurate. I think that we focus on 
transfer of information to unrelated apps, unrelated sites, and 
we want to make consumers aware of that. We want to give them 
control over that. That is the part of the code that is really 
kind of the most--the essential piece of the DAA program.
    Chairman Franken. Okay. We may follow up.
    Mr. Mastria. Yes.
    Chairman Franken. I do not want to--okay. I do not want to 
do whatever I would be doing if I did it.
    So, in closing, I want to thank obviously the Ranking 
Member, Senator Flake, thank you, and I want to thank each of 
the witnesses, and every one of you who appeared today, and 
particular Detective Hill, who took time out of his job to 
travel here and to testify to us. We heard a lot of valuable 
testimony today. I think that my bill is going to protect our 
privacy without--I think it would not create difficulties for 
industry, and I am going to think about today's testimony, 
though, and other feedback that we get, and we will work to 
address that feedback to make any needed improvements in the 
bill between now and the time it gets a vote.
    So I thank all of you, and I mean that sincerely, I thank 
all of you for being here. But I think there is one thing that 
there is absolutely no question about. Stalking apps must be 
shut down. It is unacceptable that in this day and age 
companies are making money off of stalking and brazenly 
marketing themselves to stalkers. It is equally unacceptable 
that our laws have loopholes that let them do this. No matter 
what we do, no matter what form this bill takes, we have to 
stop these apps. I think there is agreement here.
    So we will hold the record open for 1 week for submission 
of questions for the witnesses and other materials. Thank you, 
thank you, thank you again. This hearing is adjourned.
    [Whereupon, at 4:32 p.m., the Subcommittee was adjourned.]

                            A P P E N D I X

              Additional Material Submitted for the Record
              
              
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                    Prepared Statement of Bea Hanson

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                   Prepared Statement of Jessica Rich

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                Prepared Statement of Mark L. Goldstein

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                    Prepared Statement of Brian Hill

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                  Prepared Statement of Luigi Mastria

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
                 Prepared Statement of Sally Greenberg

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
                Prepared Statement of Robert D. Atkinson

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                 Prepared Statement of Cindy Southworth

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                  Prepared Statement of Chairman Leahy

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                 Prepared Statement of Chairman Franken

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

       Questions Submitted to Robert D. Atkinson by Senator Flake

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
         Questions Submitted to Luigi Mastria by Senator Flake

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

      Questions Submitted to Mark L. Goldstein by Senator Franken

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

         Questions Submitted to Jessica Rich by Senator Franken

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

Responses of Robert D. Atkinson to Questions Submitted by Senator Flake

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
   Responses of Luigi Mastria to Questions Submitted by Senator Flake

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

  Responses of Jessica Rich to Questions Submitted by Senator Franken

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

   Responses of Mark L. Goldstein to Questions Submitted by Senator 
                                Franken

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record
                       
 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
                       Submission for the Record

 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


                                   