Slashdot Mirror

← Back to Stories (view on slashdot.org)

California Sues Delta Air Lines Over Mobile Privacy

Posted by timothy on from the best-practices dept.

New submitter mrheckman writes "California is suing Delta Air Lines for violation of California's on-line privacy law. Delta failed to 'conspicuously post a privacy policy within their mobile app that informs users of what personally identifiable information is being collected and what will be done with it' after a 30-day notice. Delta's app collects 'substantial personally identifiable information such as a user's full name, telephone number, email address, frequent flyer account number and pin code, photographs, and geo-location.' Why is it we still can't control what permissions an app has on our phones? It's absurd and disturbing that an app for checking flights and baggage demands all of those permissions."

18 of 100 comments (clear)

  1. you read the set of permissions. by queazocotal · · Score: 4, Insightful

    You install or do not install.

    1. Re:you read the set of permissions. by Sponge+Bath · · Score: 4, Funny

      Yoda's wisdom that is.

    2. Re:you read the set of permissions. by Anonymous Coward · · Score: 3, Insightful

      Why, though? It is trivial to use (though not to install) utilities like PDroid and DroidWall to control these permissions.

      Why does a modern OS not give advanced users basic control of the sandbox settings? Is it to protect the user's interests, or is it to deliberately limit the user's control of their own device?

    3. Re:you read the set of permissions. by Mitreya · · Score: 5, Insightful

      You install or do not install.

      You're thinking of the jungle
      In a civilized society, there are laws that may actually protect consumers. This lawsuit is a demonstration of that
      They should at least make it easy for you to figure out what they collect and what they may do with this information - and they have not.

    4. Re:you read the set of permissions. by Stalks · · Score: 2

      The way I understand it PDroid is only available for a select few ROMs, mostly CyanogenMod and other variants. I was looking into it last week but I couldn't find a definitive way of installing it without also installed a 3rd party ROM. I'd prefer to keep the Samsung stock ROM on my i9100.

      I ended up using LBE Privacy Guard, although not quite as good, it is doing some of the job I was looking for.

      I had never heard of Droidwall, I'm going to look that up now, thanks.

  2. Because people are stupid by gelfling · · Score: 2

    Like the law that ensures you're told not to smoke on airplanes because few people even have a living memory of that being permitted at all any more.

    Remember smoking on airplanes or throwing a virgin child into the volcano is a violation of Federal Law.

    1. Re:Because people are stupid by Anonymous Coward · · Score: 3, Funny

      ... or throwing a virgin child into the volcano is a violation of Federal Law.

      [citation needed]

  3. Extraterritoriality in law is strange by Cytotoxic · · Score: 3, Interesting

    I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy? What about Los Angeles law? Are they subject to that too?

    Does Slashdot have to worry about their website complying with Fresno law?

    The whole thing just seems a little bit odd. Like when the US goes after foreign-based online gambling companies.

    1. Re:Extraterritoriality in law is strange by Anonymous Coward · · Score: 4, Interesting

      It's not strange. The law is very clear. If you place a product in the stream of commerce and it's reasonably expected that a person in Fresno or California then you must comply with the law. If you place an app on Android market you expect the app to be used by people all over the U.S. Therefore comply with California law or make sure you restrict it's use to states other than California.

      State laws can have a roll on effect. California is progressive in some environmental legislation. For example, you will find Coca-Cola making changes to it's formula to comply with California and apply it throughout the US. There is absolutely no problem with the way the law is applied in these "Extraterritorial Cases". In fact it protects you and me the customer. If you are a manufacturer in China and you do not expect your product to be sold in US. You also instruct your dealers that the product is only for sale in China with prominent ineffable labeling on your product. Some rouge dealer of yours shipped a container of your product to America. Your will not be subject to the American courts and the court will not have jurisdiction over you.

      Conflict of law is a fascinating area. Law isn't really all that bad. Sometimes the economics of delivery makes it bad. In addition, we fail to see law for what it is: a vehicle for changing society.

    2. Re:Extraterritoriality in law is strange by maro6613 · · Score: 2
      Delta does business in California.

      The reason is (more or less) personal jurisdiction. If a company does substantial business in a state, people from that state can sue the company in that state under the laws of that state - no matter where they are based. This is a Good Thing - for example, say hypothetically that a Japanese automanufacturer makes all of their cars in Japan, and simply ships them to the US and sells them. If you a car from them and it explodes, injuring you, you shouldn't have to sue under in Japan under Japanese law.

      See also: Article on conflict of laws for a primer on which jurisdictions laws apply when.

  4. Absurd? No, not really. by Anonymous+Psychopath · · Score: 5, Interesting

    Aside from the photos, I can think of a logical reason for each of the other permissions listed.

    Name is needed for check-in and boarding pass creation.
    Delta will send flight updates via text message, for which a phone number is required. Ditto for email.
    Frequent flyer number and PIN code are used to access your Delta account.
    Geolocation so it knows which airport you're in.

    They should disclose what information they collect as required by law, but the assertion that these permissions are "absurd and disturbing" is ludicrous and obviously the opinion of someone who does not travel often, or is uninterested in utilizing technology tools when they do.

    --

    Eagles may soar, but weasels don't get sucked into jet engines.

    1. Re:Absurd? No, not really. by dochin · · Score: 3, Insightful

      You're right on the money. There used to be a feature of the app that allowed you to take a geotagged picture of your car in the parking lot so you could find it later. It's not unreasonable to think that permission was left in after the feature was removed either by mistake or some technical issue with the App Store/iOS apps in general. At least it doesn't spy on my contacts and text messages like many other free apps. I do wish iOS App Store had a feature similar to the google store for android that shows exactly what permissions an app wants when I install it. Even better would be to allow user control over individual permissions.

  5. Kind of silly by Emperor+Shaddam+IV · · Score: 4, Insightful

    I have this app on my iPhone. You can use it as a guest, but really its for frequent flyers that already have Delta sky miles accounts. The majority of people using this app have already provided most of the mentioned personal information, if not more because they have a SkyMiles Account and they have bought plane tickets. So this lawsuit is kind of silly in my opinion.

    1. Re:Kind of silly by wickerprints · · Score: 2

      Silly? I don't think it's silly at all. It's a perfectly reasonable lawsuit, one that is likely to succeed.

      Something that needs to be pointed out here is that the CA online privacy law is really NOT that onerous. It's not setting some insanely high bar for developers and companies to pass--as it applies to this case, it is simply requiring that users be notified upon installation of what information may be collected through the app and how it might be used. It's not as if that law even has any real teeth with respect to getting developers to protect the data they collect, as far too many people ignore privacy policies and just automatically click "Accept," because as sites like Facebook prove, most users are willing to sacrifice their privacy to a significant degree in order to obtain some entertainment or convenience.

      So again, it's not that big a hurdle to simply ask for a privacy policy. The fact that Delta didn't even bother to do that makes me think twice about how conscientious they may be about protecting all that data they DO collect, and that is a much more serious concern.

  6. Why is this news? by drjoeward · · Score: 2

    I agree you read the permissions and decide to install or not. putting a sandbox around the app? sure, but then more people will complain about broken apps and support will be even more difficult. i could list lots of examples where people set a control and forget they did, and then complain that something is broken, when it is in fact their fault its broken.

    now what i want to know is why this is news on /. Calif. did this on Dec 6, and delta updated their app on Dec 7 (http://www.androidcentral.com/delta-updates-their-app-privacy-policy-california-safe-again) so why is this a current news item for us?

  7. Re:Why not give it the permissions YOU want to giv by jopsen · · Score: 2

    I think GP used GPS permission as an example... Why can't I feed apps incorrect GPS data or an empty address book?

  8. There is one smartphone that lets you do this... by i68040 · · Score: 5, Informative

    That is one advantage to using a BlackBerry: you can pick which permissions you want an app to have.

  9. Re:There is one smartphone that lets you do this.. by avm · · Score: 3, Insightful

    This is one area where the Blackberry OS has very soundly beaten every other mobile OS I'm aware of. Any OS even remotely considering corporate/enterprise usage really ought to have this sort of ACL for apps.

    But, they don't.