DOJ wants wireless providers to store user info
At Senate hearing where Federal Trade Commission calls on companies to store less data about their users, Justice Department wants them to be required to store more.
The U.S. Department of Justice today called for new laws requiring mobile providers to collect and store information about their customers, a proposal that pits it against privacy advocates and even other federal agencies.
Jason Weinstein, the deputy assistant attorney general for the criminal division, picked an odd place to describe the department's proposal: a U.S. Senate hearing that arose out of revelations about iPhones recording information about owners' locations, and, in some cases, transmitting those data to Apple without consent.
Nevertheless, Weinstein said, "when this information is not stored, it may be impossible for law enforcement to collect essential evidence." In January, CNET was the first to report that the Justice Department had started a new legislative push for what is generally known as mandatory data retention.
"Many wireless providers do not retain records that would enable law enforcement to identify a suspect's smartphone based on the IP addresses collected by Web sites that the suspect visited," he added.
In an exchange with Sen. Al Franken, the Minnesota Democrat who chairs the subcommittee that convened today's hearing, Weinstein did not elaborate on the proposal, including whether it would require wireless providers to record location information as well.
The Justice Department's suggestion conflicts with what the Federal Trade Commission--which also sent a representative to today's hearing--has recommended. A company should adopt a policy of "not collecting or retaining more data than they need to provide a requested service or transaction," said Jessica Rich, deputy director of the FTC's bureau of consumer protection.
Also testifying are Bud Tribble, Apple's vice president for software technology and Google's U.S. director of public policy, Alan Davidson. Microsoft is not making an appearance, even though it collects location information from Windows Mobile 7 devices with a unique ID.
"I believe that consumers have a fundamental right to know what data is being collected about them," Franken said. That can be, he said, "really sensitive information that I don't think we're doing enough to protect."
While no specific location privacy bill has appeared as a result of last month's privacy flap, there have been calls for a Federal Trade Commission investigation, and unrelated "do not track" legislation was introduced yesterday. And Sen. Ron Wyden, an Oregon Democrat, has drafted legislation that would curb warrantless access to location histories by police (see CNET Q&A with Wyden).
What began as a hearing devoted to location privacy soon spiraled into entirely unrelated issues about computer security, the recent Sony security breach, mandatory notification for similar breaches, restrictions on mobile applications, and Google Street View.
Sen. Chuck Schumer (D-N.Y.) called on Apple and Google to remove applications that alert users to the presence of police and other law enforcement checkpoints that have been set up to combat drunk driving, a controversy that became public in March. The apps are presumptively legal under the First Amendment, but Schumer said they should nevertheless be removed on public safety grounds.
"How you can justify (selling) apps that put the public at serious risk?" he asked. "Why hasn't Google removed this type of application?"
Davidson replied that while this is an "important issue," Google has "a fairly open policy in what we allow."
"In some cases the police department publishes when and where there's going to be a checkpoint," Tribble said, suggesting that if the information is public, an app that reproduces it should not necessarily be a problem.
Sen. Richard Blumenthal (D-Conn.) suggested that a January 2010 Google patent indicates that the company was planning to intercept the payloads of Wi-Fi communications as part of its Street View service to track locations--an allegation that, if done intentionally, could be a federal crime.
"Are you aware that this process may have been used?" Blumenthal said.
It turned out that Blumenthal appeared to have been confused: the patent application dealt with detecting "data rates," not intercepting the contents of Wi-Fi signals. (Ashkan Soltani, a technologist also testifying today, added that intercepting payloads wouldn't even help to identify locations.)
Disclosure: McCullagh is married to a Google employee not involved in these topics.