Your personal data isn't safe and it's worse than we thought

In the absence of technical solutions to restrict access to private data, we're stuck relying upon the kindness of strangers. So when is the tech industry finally going to do the right thing?

Charles Cooper Former Executive Editor / News
Charles Cooper was an executive editor at CNET News. He has covered technology and business for more than 25 years, working at CBSNews.com, the Associated Press, Computer & Software News, Computer Shopper, PC Week, and ZDNet.
Charles Cooper
3 min read

The optimist in me wants to say this week will go down as a turning point in the struggle to protect the privacy of user information. The pessimist in me says wait and see--yes, there are glimmers of hope that change is afoot, but this is an industry with a spotty track record.

Last week, a firestorm hovered over Path, after it was found to be uploading and storing user data from iPhone address books without requesting permission. The company subsequently changed its policy and apologized to users. But the selective outrage irked Michael Arrington, the blogger-turned-investor whose CrunchFund has money in Path. "As a user I'm slightly annoyed by this, and I think the apps doing this should be publicly criticized. But I think all of them should, not just one of them," he wrote. (Read his full post here.)

Arrington had a point. Early testing by The Next Web, The Verge and Venture Beat on other smartphone apps suggest that several also may use personal user data in unauthorized ways.

With Foursquare, for instance, personal address book information got sent to its servers without prior user notification. Foursquare subsequently tweeted its acknowledgment and then updated the app. For the record, the company also says it never stores user data.

You can read the full list compiled by the publications mentioned above, who all deserve kudos for excellent work. The more this issue gets an airing, the faster that developers, small and large, may start to clean up their act.

So it was that this evening, Twitter acknowledged to the Los Angeles Times that it retained data on its servers for 18 months after users selected the "Find Friends" feature on its smartphone app. A clarification of Twitter's privacy policy is said to be underway. A bit after the fact given that the company doesn't reveal that it downloads and stores user address books. What it does say is that Twitter users "may customize your account with information such as a cellphone number for the delivery of SMS messages or your address book so that we can help you find Twitter users you know."

There's nothing necessarily nefarious about that, but in the absence of technical solutions to restrict access to private data, we're stuck relying upon the kindness of strangers. So here's the question: when is the tech industry going to do the right thing? Or better yet: Will it do the right thing about all this, period? This isn't 1979 when computers and technology were used by a relative handful of people. This now as American as apple pie.

The proverbial gauntlet has been tossed their way. If Silicon Valley flubs the opportunity and fails to reach out and assure consumers, I guarantee you that certain folks in Washington are going to get involved quite soon.