Imagine being a victim of cardiac arrest with about ten minutes to live, and first responders more than ten minutes away. A CPR-trained passerby gets a mobile ping from the fire department that someone nearby needs help; the good Samaritan then rushes to your side, administers CPR, and keeps you alive long enough to get professional help.
This was the scenario illustrated by Fire Chief Richard Price of San Ramon, Calif. at a public forum on location-based services (LBS) this week convened by the Federal Communications Commission and the Federal Trade Commission. Price was presenting a program with life-saving potential that he rolled out in his community, demonstrating that sharing location data is about more than just finding the best nearby pizza joint. Earlier in the day, industry reps on the program's first panel had touted the various uses of LBS from reviewing the places you checked into on Foursquare a year ago to the "less playful but also helpful" uses like finding your nearest post office. Carter Griffin from Updata Partners liked the possibility that his wife would no longer have to call to find out when he'd be home from work. On the other hand, the industry participants by and large thought privacy concerns about location services were overblown. Consultant Brandt Squires went so far as to say, "I'd like to think privacy is a thing of the past, but it's not necessarily so."
Panelists on the day's second panel drilled down more on the privacy issues implicated by LBSs and how they should be addressed. There was broad agreement on three basic principles for protecting location privacy, which were repeated many times during the panel (and the rest of the forum): transparency, choice, and user education. The speakers pointed out that while it is important that mobile application developers understand privacy concerns and build notice and consent mechanisms into the apps' design, the "guys in the garage" are not the only ones who handle users' information, and each party in the wireless ecosystem has a responsibility to protect consumers' privacy.
Justin Brookman, CDT's Director of Consumer Privacy, and Scott Taylor of Hewlett-Packard, repeatedly advocated for a legal framework that would provide meaningful, but flexible protections over consumer data, including location data. Brookman explained that even though some apps do ask for users' permission before grabbing their latitude and longitude, that information is then often passed on to third parties, many consumers have no idea what else is happening with that information behind the scenes.
Brookman went on to describe the "chilling effect" that this lack of transparency can have on users, remarking that "until there's more trust in the ecosystem, there will be a leeriness about downloading apps." And in a world where sharing location information has the potential to save lives, the chilling effect could translate to lives lost. Other speakers on the panel, however, focused more on a renewed commitment for self-regulatory efforts in the mobile space, and debated the best way to engage with those same "guys in the garage" (a common term throughout the day).
The third panel of the day focused on existing controls and kids' privacy issues implicated by LBSs. Stephen Balkam, Founder and CEO of the Family Online Safety Institute, blamed sensationalism in the media for spreading the idea that "we need to protect kids from a 'tsunami of predators,' and instead argued that the most important issues are a lack of overall awareness of how kids use mobile devices, and the practice of marketing to kids based on their location, which does not tend to sit well with parents. Most panelists seemed to concur that the most important privacy "control" is ongoing communication between parents and kids about their use of such services."Kids really do understand privacy," said Michael Altschul, Senior Vice President and General Counsel of CTIA. "They just have a different set of values." And parents need to understand the technology and the issues in order to have effective conversations with their children. Dr. Edward G. Amoroso, Senior Vice President and Chief Security Officer for AT&T, noted that there is plenty of room for children to educate their parents: "Ask them to help you," he advised.
While the FTC has obviously been very engaged on privacy issues in recent years, it is the FCC that has traditionally had legal jurisdiction over many of the players in the LBS space. This forum may well set the groundwork for important policy guidance around location services from either or both regulatory bodies. The FCC has encouraged interested parties to submit formal comments before July 8 to inform a staff report on the issue.