If you’re online in any way, someone somewhere is probably tracking what you’re doing right now. Snipping pieces of data. Logging your travels.
You shouldn’t be startled by this because this has been going on for a long time. Now, however — in the age of the do-anything-anywhere device — it’s becoming increasingly important to know just how, why, where and when you’re being watched. To know what’s being collected, who is collecting it and who can view that collection.
Last week, a bit of an uproar began online when a clever Android developer named Trevor Eckhart discovered something shocking on his phone. While watching the data logs on his handset, he discovered that a piece of software was keeping track of nearly every move he made on the HTC smartphone (an EVO 3D, in case you’re sweating right now). The software, created by a company called Carrier IQ, was able to see who he had called and when, to whom he had sent text messages, Web sites he’d visited and more.
Needless to say, the public reaction to the revelation was intense.
Here was a device that you likely use intimately. Your phone is always with you. Some of us even sleep with the things underneath our pillows. The smartphone is not just an accessory — it’s a lifeline.
Now, it’s not so much the tracking that’s the problem. Google does it. Facebook does it. Microsoft and Apple do it, too. Every Web site you visit is keeping tabs on you in some way.
The real problem is that it’s been kept secret. Carrier IQ has partnerships with carriers or device makers, so you never give your consent to this third-party service to allow tracking. Instead, your carrier or phone maker simply covers this data collection in one of its big, confusing privacy-disclosure documents you get when you buy into the service or hardware.
Second, and more important, you don’t have any oversight in regard to who can see the data. The way I see it, that’s the real question we have to begin asking about the data that’s collected.
It’s not about who grabs it, or where it lives. It’s simply about access.
Let’s be honest: We all allow — whether consciously or unconsciously — our personal information to be collected, sorted and stored somewhere beyond our physical control. Maybe there are a few Luddites out there still keeping everything locked tightly on a hard drive in their office, but most of us are now living and working on the Internet.
That means we’re making agreements — both literally and philosophically — about what happens to our sometimes very personal data. I agree with Google that I will store my e-mail, my calendars, my documents, personal photos and more on their servers. I will allow some of the most important parts of my life to literally be in the hands of other people.
I do this because I trust — yes, trust — Google to be responsible about my data. I know its business is advertising, and I know it will anonymously collect data and use that data to tailor surface advertisements to me. But I am willing to grant that concession because I believe it is reasonable, and reasonably unintrusive. I trust that its employees can’t access my data. That they won’t read my documents. And that they won’t share my content with third parties.
The moment they violate that trust, I won’t be a Google customer anymore.
Anyone with a Google, Hotmail, iTunes or Amazon account has made the same kind of bargain.
What made the unmasking of Carrier IQ (and its attendant relationships) so upsetting is that it was a hidden concession. One made through layers, unexposed. As users of technology, in a world where that technology is increasingly a part of our lives and livelihoods, we deserve better than secret collection. We deserve better than jargon-filled agreements that don’t state clearly just what we are — and are not — buying into.
Congress has spent much of this year debating an online privacy bill that would strengthen consumer rights when it comes to data collection — including the possibility of making it illegal in some cases to collect information without your direct consent — but it will probably still be years before the legal framework is in place. Until then, the companies that we buy our technology from need to do all they can to ensure they don’t lose our trust.
If Sprint needs to collect my call data to make its network stronger, I’m all for it, but I demand to be given a choice. If Samsung wants to know how often I’m sending text messages, I’ll consider it, but I need to be asked.
If these monolithic companies expect our trust along with our money, the first thing they need to do is stop assuming we’re giving both out freely.
Ask politely first. Then we can talk.