Should the FTC Investigate Google's Location Data Collection?

An anonymous reader quotes a report from Engadget: In December of 2017, the office of U.S. Senator Richard Blumenthal sent Google's CEO a letter asking for a detailed explanation of the company's privacy practices around location services. Based on a report at Quartz, the senator's letter had 12 specific questions about how Google deals with location data. In January, Google responded to all of the issues in a lengthy letter signed by Google's VP of public policy, Susan Molinari. Now, apparently unsatisfied with the response, Senators Blumenthal and Edward J. Markey have sent a written request to the FTC to investigate Google's location services, along with "any deceptive acts and practices associated with the product."

While Google's initial response refuted many of the claims made by Quartz, and explained again and again how Google and Android handles sensitive location data, the letter to the FTC again uses the report as its main basis. The crux of the new letter appears to be this: "Google has an intimate understanding or personal lives as they watch their users seek the support of reproductive health services, engage in civic activities or attend places of religious worship," wrote the senators. All it takes to expose users to data collection, say the letter's authors, is to allow an "ambiguously described feature" once and then it is silently enabled across all signed-in devices without an expiration date.

This needs to happen NOW

[SkyLeach]

As a long-time supporter of FOSS, EFF, Copyleft and essentially open access this has gone beyond mere 'best practices' and humanitarianism

Nobody, not a government or a private enterprise, can be trusted with private proprietorship of this much data at this level of detail.

The problem is neural networks, turning subjectivity into objectivity, and the unreliability of the source data. Whoever controls the data can use it for any purpose, and there is such a massive capability and potential for misuse, especially of human trust networks, that there simply is no acceptable level of trust.

All human governments and economic systems rely on trust. Before social media, social trust networks were the foundation of all government. Who do you know? Who knows you? When the answer is whoever has the data plus a few (maybe a couple of dozen) close family and associates, then the system is broken.

Most people can't possibly cover anywhere near the number of social connections that a single-process home computer can cover. My lab can millions of processes with petabytes of data and more than a TB of network pipe. That's a fairly good lab, but there are far better out there. With the right kinds of data, I can manipulate society like it's my own personal sandbox.

Without protections on the data, there is no way to detect, verify or validate who is doing what with it. One good person might be fine, but what happens when they die and someone else gets it? There just isn't any reliable assurance that it won't be misused, while history teaches us that it invariably will be misused by someone given opportunity.

Some kind of national infrastructure and protection must be placed around this level of power. It's not like nukes, you can't guarantee it won't fall into the wrong hands with traditional protection measures. Security has limitations... There is no other choice.

Absolutely

[kelemvor4]

Investgate != regulate. An investigation will allow the FTC to determine if there is a problem and if so then they can regulate. If there is no problem then no harm was done. Other than the cost of the investigation, it seems like a no brainier. Investigate away and make a decision. Maybe investigate again later if something changes. It's simple, and should be common enough that it doesn't register as news.