EFF publishes mobile user privacy bill of rights

Speakers at privacy event warn developers that regulation will come if they don't shape up.

Elinor Mills
Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
2 min read
Kurt Opsahl of the EFF, Geoffrey Clapp of Rock Health and Kenesa Ahmad of the Future on Privacy Forum speaking at the App Privacy Summit at CNET.
Kurt Opsahl of the EFF, Geoffrey Clapp of Rock Health and Kenesa Ahmad of the Future on Privacy Forum speaking at the App Privacy Summit at CNET. James Martin/CNET

With a mobile privacy scandal coming every few weeks or so it seems, consumers are getting so they don't trust app developers to do the right thing. But what exactly is the right thing?

The Electronic Frontier Foundation has some ideas. The non-profit organization today released a Mobile User Privacy Bill of Rights that offers up suggestions for how data should be treated to protect the privacy of consumers.

"It's time to articulate what the best practices are and what people should reasonably expect," Kurt Opsahl, senior staff attorney at EFF, said in announcing the privacy guide at the Application Privacy Summit held at CNET headquarters in San Francisco.

The guide, written by EFF activist Parker Higgins, is similar to EFF's Bill of Privacy Rights for Social Network Users in listing rights of mobile users that developers should respect, such as the right to control their data, focused data collection, transparency and security. It also offers technical suggestions including using encryption, anonymization and obfuscation techniques and allowing users a way to opt out of tracking with Do Not Track features.

Such guides are needed by developers who are often rushing to get a product out to market quickly and don't realize that the way their apps work may violate user privacy. That appeared to be the case with a number of mobile apps that were recently found to be collecting user contact lists without permission, including photo sharing app Path and social media app Hipster.

"We were caught by surprise. We had no malicious intent," Hipster founder Doug Ludlow said in an interview after the Application Privacy Summit. "We were just getting the app out fast but inadvertently committed what people consider a blatant privacy violation. We didn't even know what we were doing was a problem."

After Path got pilloried for making that mistake Ludlow came up with the idea for the Application Privacy Summit to bring developers, privacy experts and others together to share ideas about how to avoid such mistakes in the future and discuss privacy in general.

If there continue to be privacy snafus in apps and developers don't educate themselves on how to protect user data they will eventually be forced to the government, the speakers warned.

"If our space, mobile and technology, doesn't get our act together, you're going to get a law like HIPAA (Health Insurance Portability and Accountability Act) and you don't want that," said Geoffrey Clapp, a "mentor" at Rock Health, which offers funding and services to online health startups. "If we don't start acting responsibly as a community it's going to be jail time and fines."

Government officials are already stepping up. The Obama administration promised privacy legislation when it unveiled a Consumer Privacy Bill of Rights a few weeks ago. And the California Attorney General got Apple, Google, Microsoft, Amazon, HP and Research In Motion to agree to require that apps have privacy policies.