US Congress Probes iOS App Developers On Privacy

hypnosec writes with the arguably welcome news that "[The U.S.] Congress is gathering further information on iOS developers and how they deal with and implement privacy policies. The Next Web got hold of a letter from Congress which had been sent out to Tapbots, along with some 32 other iOS developers, including both Twitter and Facebook, and the devs of Path, SoundCloud, Foodspotting and Turntable.fm. The apps were picked because they come under the social networking umbrella in the 'essentials' area of the App Store. The letter begins: 'We are writing to you because we want to better understand the information collection and use policies and practices of apps for Apple's mobile devices with a social element.' What follows is a series of eight questions designed to gather more details regarding the popularity of the app in question, and the privacy policy to which it holds (and how it's made known to users)."

If I got a letter

[alvinrod]

If I got a letter like that, I'd tell the government that as long as they support the actions of groups like the TSA, they have no business at all asking anyone else about their privacy policies or trying legislate privacy rights. They probably won't like being told to pound sand, or having the truth thrown in their faces, but those assholes deserve it.

Re:If I got a letter

[mlow82]

Just because the government may have questionable privacy policies, doesn't mean that app developers shouldn't be held to the same standards. I want BOTH developers and the TSA to respect my privacy.

Re:If I got a letter

[kthreadd]

Since no one has flown a plane into a building under their watch it's hard to say that they are ineffective, for all we know it's possible that they have stopped several such attempts. There are other reasons why TSA is a bit suboptimal. We can't prove that they make us safer, we can only disprove it once they don't.

Re:If I got a letter

[GmExtremacy]

Since no one has flown a plane into a building under their watch it's hard to say that they are ineffective

Correlation does not equal causation. For instance, do you know what else we've improved since then? Cockpit security. And we have increased civilian awareness about the dangers of successful plane hijackings.

Besides, none of this is an excuse to violate people's privacy.

Re:If I got a letter

[MysteriousPreacher]

Correlation does not equal causation. For instance, do you know what else we've improved since then? Cockpit security. And we have increased civilian awareness about the dangers of successful plane hijackings.

This! It's why we've not seen a repeat of planes being used as missiles. Prior to 9/11, in America when hijacked it seemed best to simply behave and hope to be released when the plane lands wherever it'll end up. On realising that terrorists are on suicide runs, passengers have become far more likely to risk tackling them, and the security of cockpit doors makes it far more difficult anyway to grab the controls. We need a proper and impartial study of TSA policy to separate the useful from the pointless. We need to examine everything they do, and ask the following questions.

1) Is doing x effective in either interrupting attacks or by deterring them? If having me take off my shoes actually has some use outside of absolutely fringe cases, then do it. Does intelligence suggest that restricting liquids and having us remove our shoes has had an appreciable impact on terrorists? Economically, does this security theatre make passengers feel safer, thus making them more likely to travel?

2) Is it worth the inconvenience and intrusions in to privacy? We can never have 100% security, even if all passengers were strip searched and background checked before being allowed to board. Everything done is about trade-offs and level of risk aversion. How far are we willing to go, and how many rights being taken away, before we say "fuck it" and just go with something workable but not as secure? Acceptance of the DHS seems akin to appointing a Caesar to ensure that we all sleep safely at night, the price be damned. I'm particularly skeptical when I see the DHS sprawling over in to areas that have fuck all to do with the original reason the agency was created. It's as if the National Guard were to be given jurisdiction over parking violations, tackling the problem with the tools originally provided for tackling military attacks. In the UK we've actually seen something similar in how anti-terror legislation has been used by local councils for pursuing people for leaving their bins out on the wrong days. The extradition treaty too is a nice example of something put in to place ostensibly to tackle serious crimes, such as terrorism, being used for white collar stuff that should have either been brought as charges in the UK, or America being politely told to take a hike. If it's not a crime in the UK, or the DPP decides it has insufficient evidence to prosecute in British courts, then don't extradite.

Look as well at the situation at UC Davis where rentacops used pepper spray to discomfit peaceful protestors. Pepper spray and similar are used to tackled people where there's a serious risk of violence - not as a convenient way to shift a bunch of people seated peacefully in protest.

Re:If I got a letter

[Dhalka226]

Yeah, I definitely think the best course of action is to refuse to help somebody who is going to pass laws of importance to you, all but guaranteeing a suboptimal-at-best law. "YOU'RE NOT PERFECT, STOP TRYING TO BE BETTER!" is a fantastic rallying cry.

Talk about cutting off your nose to spite your face.

Man that sounds like fun

[Osgeld]

Nothing like a government probe in your i

Government regulated apps.

[SpaceCadetTrav]

What could go wrong?

Re:Government regulated apps.

[artor3]

Nothing, if the regulation is simply making sure that they have reasonable, human-readable privacy policies.

Stop drinking the all-regulation-is-evil koolaid. Haven't you ever noticed that the same people pushing it are the ones who make billions by abusing unregulated markets?

Re:Government regulated apps.

[NotQuiteReal]

Stop drinking the all-regulation-is-good koolaid. Haven't you ever noticed that the same people pushing it are the ones who make billions by abusing "regulated" markets?

If Iphone users cared about their privacy

[MadMaverick9]

this comment says it all ....

http://yro.slashdot.org/comments.pl?sid=2743843&cid=39459975

Arkell v. Pressdram

[Fnord666]

To what degree do developers of iOS applications have any obligation whatsoever to fill this form out and return it? What happens if you simply give them the same response given in Arkell v. Pressdram?

Where gonna go? Android?

[SuperKendall]

If Iphone users cared about their privacy

Any MOBILE user who cared about privacy would buy an iPhone

Because then the Apple sandbox mostly protects you (fully after the next iOS update which adds permission around the address book).

With Android any old thing that comes down the pike can rape you, privacy wise, and drain your battery for extra good measure to send off your treasured data.

Re:Where gonna go? Android?

[Kalriath]

The Apple sandbox that can be defeated by a fucking web page rooting the device.

No thanks. (And I do in fact own an iPhone by the way, and I do happen to like it. I'm simply not deluded into thinking it magically protects me from those "evil nasties" that Android has).