Marc Rotenberg, executive director of the Electronic Privacy Information Center
Technology giants Sony, Apple and Google have all faced major scandals in recent weeks that raise a host of questions about privacy in the digital age. Apple’s popular iPhone was designed to secretly track a user’s location without the user’s knowledge, and so was Google’s Android system for smartphones. Sony’s PlayStation Network has exposed the personal records of more than 100 million of its customers. We speak to Mark Rotenberg, executive director of the Electronic Privacy Information Center, who notes that in addition to privacy breaches, these private companies are essentially doing a better job with popular surveillance than the government, creating a detailed personal record that then can be released by a subpoena. [includes rush transcript]
This is a rush transcript. Copy may not be in its final form.
JUAN GONZALEZ: Technology giants Sony, Apple and Google have all faced major scandals in recent weeks that raise a host of questions about privacy in the digital age. On Thursday, Sony CEO, chair, Howard Stringer, apologized for the first time over the PlayStation Network security breach that exposed the personal records of more than 100 million of its customers.
Meanwhile, Apple is still responding to the fallout from the discovery that its popular iPhone had been designed to secretly track a user’s location and store information on the device for a year, without the user’s knowledge. Earlier this week, Apple released new software which reduces the amount of time devices store location information.
AMY GOODMAN: Google is also coming under scrutiny over a number of its products, including its Android system that tracks the location of smartphone users.
Joining us now in Washington, D.C., Marc Rotenberg, executive director of the Electronic Privacy Information Center.
The revelations in the last few weeks — let’s start with iPhone — are quite remarkable.
MARC ROTENBERG: Yes, it is incredible, Amy. What we’re learning is that the companies, which have been collecting this very sensitive personal information, have not been doing a particularly good job safeguarding it. And in some instances, the breaches are just without precedent. Sony’s breach, for example, involves 100 million users of their network services.
AMY GOODMAN: Can you explain exactly what it was that Apple was doing? Explain the program. Explain the information that iPhones have about where we go.
MARC ROTENBERG: Well, it gets complicated quickly. But in most simple terms, in the last couple of years, many people have recognized the value of locational data. And that includes, of course, users of these devices. You like to know where you are. Phones typically have now a GPS service, or at least smartphones do, that let you pinpoint your location. Now, that also has value to advertisers, because people like to make restaurant recommendations for you based on your location.
And about a year ago, when Apple was working on the development of its new software version that would enable these location-based applications, they gave some serious thought to the privacy implications. I think they did a partially good job. They wanted users to know that their data was going to be collected, the location data, and it was going to be transferred to these other companies that could use it for the apps. They put on some new switches on the device. They talked about the importance of protecting privacy.
What they overlooked, however, was that the device itself was storing all of the information associated with the user’s location. It was in fact building this gigantic table based on the Wi-Fi hotspots and the location of cell towers, on which Apple is able to determine where in fact the phone is. Now, that information really should have never been collected.
The story gets a bit worse, though, because the way it was designed, it was also getting backed up to the user’s computer when he or she synced the device. It was being stored in an unencrypted form, which meant that anyone could pull it down. And when a couple of researchers, just a few weeks ago, realized this and also did a very clever data visualization, basically allowing people to see on a screen all the information that Apple had about them visually so that they could track the location of their device over the past year, you know, the alarm bells went off. And I think it really was a moment, a defining moment, for the industry on these privacy issues.
JUAN GONZALEZ: And were these being stored only on the actual phones and the computers, or were they also being transmitted in one way or another and stored by Apple itself?
MARC ROTENBERG: Right. Well, that’s also actually a very important part of the story. One of the things that Apple and Google and others are doing is trying to build an enormous map of the location of Wi-Fi hotspots and cell towers in the United States, around the world. They do this because actually it makes the services a bit more efficient. It also relieves them of the cost of having to pay other companies for that information. So they are simultaneously taking from the user the location data that the user’s device is able to acquire, putting it in their own database, so that they have a better picture of where all these hotspot devices are that allow their users to connect.
Now, I think there’s another privacy issue there that hasn’t been talked about much but also probably requires some attention. Some of those Wi-Fi hotspots can be, you know, commercial. They can be coffee shops and others that are offering to the public the opportunity to get online. Those are obviously public. I don’t think there’s a problem with collecting that data. But some of those Wi-Fi hotspots are actually the private residential routers that people set up in their home, basically, a wireless network to connect an office, a kitchen and a bedroom. I don’t think most people would anticipate that that sort of information would be collected by these companies, but in fact that’s also been going on now for the last couple of years. And I think that deserves some attention, as well.
JUAN GONZALEZ: And so, obviously, there’s the potential for the government then to obtain this information if it wants to investigate —
MARC ROTENBERG: Yes.
JUAN GONZALEZ: — the potential comings and goings of anybody who’s using an iPhone or an Android phone, as well, right?
MARC ROTENBERG: Yes. Well, and I think this is another critical point, of course, because a lot of people who talk about privacy on the internet and new technologies tend to draw a pretty sharp line between the activities of government and the activities of the private sector, and they simply assume that what the private sector does doesn’t have much of an impact on government surveillance. But I think what we’ve seen over the last couple of years is almost the exact opposite. In other words, the private sector, through the design of these devices, can do much of government’s surveillance work for it. It would have been impossible, for example, I think, for the government to build the kinds of databases that are being built today in the private sector on locational data. And of course, once those databases are built, you know, then you have a subpoena, you have a warrant, you have a national security letter maybe. But there are various techniques that the government uses to get access to that data, which is part of the reason that we actually feel so strongly that these companies really need to minimize the collection of this personal data. They simply should be keeping less information about how people are using these new devices.
AMY GOODMAN: Marc Rotenberg, a hearing is coming up on Capitol Hill. We only have 10 seconds, but what about PlayStation — Sony not revealing that 100 million of its users had their privacy, their credit card information, out, and they didn’t reveal it for more than a week? You have about 10 seconds to respond.
MARC ROTENBERG: Another extraordinary story. I think the bottom line here is that there really has to be more done to put the responsibility on the companies offering these services to protect privacy. It really is not something today that the consumer, that the internet user, will be able to do for himself or herself.
AMY GOODMAN: Marc Rotenberg, we want to thank you for being with us, of the Electronic Privacy Information Center.
MARC ROTENBERG: Sure.
Recent Shows More
The original content of this program is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License. Please attribute legal copies of this work to
democracynow.org. Some of the work(s) that this program incorporates, however, may be separately licensed. For further information or additional permissions,