The Palm Pre has made headlines this week after a mobile developer discovered that his Pre was gathering information and 'phoning home' to report details regarding his location, the applications he used, and more.
Any implication that privacy is being violated is virtually guaranteed to spark a passionate response from users, and this Palm Pre story is no exception. The thing is that this 'violation' of privacy is not unique to the Pre and is also more or less standard operating procedure for many technologies today.
Palm responded to the public furor by pointing out that users agreed to allow Palm collect the information in question as a function of accepting the Palm EULA (end-user license agreement) and accepting the terms of Palm's Privacy Policy. The policy clearly states:
When you use location based services, we will collect, transmit, maintain, process, and use your location and usage data (including both real time geographic information and information that can be used to approximate location) in order to provide location based and related services, and to enhance your device experience.
That is just one example. Throughout the Palm Privacy Policy there are other statements that clearly explain that Palm will collect information under certain circumstances. If you need to troubleshoot or run diagnostics that data will be transmitted to Palm for analysis. If you backup your data your contacts, calendar and other data will be transmitted to Palm.
So, the ominous discovery that Palm is 'spying' on its users is actually nothing more than one user finding out the hard way just what was in that Privacy Policy he agreed to without reading it. Nobody is holding a gun to anyone's head to force them to accept the terms of the Privacy Policy, and Palm has reiterated that it provides users the ability to disable or opt-out of these services as well.
There is a larger issue here as well though. The backlash implies that users were genuinely surprised and offended that Palm might be able to determine where they are at any given moment, or how they use their mobile device. Apparently users consider that to be a heinous violation of privacy. What these users fail to realize is that this type of data is gathered constantly in almost every interaction or transaction they are involved in.
The larger issue of privacy has been addressed in books such as Database Nation by Simson Garfinkel, or Beyond Fear by Bruce Schneier. When you fill your car up with gas and pay with your credit or debit card it provides information- someone can establish exactly where you were at that given time of day. If you purchase a bag of Doritos and a Coke, that information is also collected. When you place a call from your cell phone information is stored regarding which cell your phone is in at that time- more or less pinpointing your general location at that time.
With devices like the Palm Pre or the Apple iPhone and any number of other mobile devices the types and amount of data being collected can be much greater. Apps that help you find your car have to somehow pinpoint the location of your vehicle and your current location in order to connect the dots and return you to your vehicle. Apps that help you find the nearest ATM have to determine where you are and compare it against the database of known ATM's in order to direct you to the nearest one. It is not a 'violation of privacy', it is a tradeoff accepted by users in exchange for tools and utilities that help make their lives easier.
I am not trying to scare people or spread FUD (fear, uncertainty, and doubt) regarding the use of technology. Quite the opposite. I am pointing out- good, bad, or indifferent- that privacy is more or less a thing of the past. You should read the EULA and privacy policy before you agree to them, and you should be aware of how your data is being used and what your options are for controlling access to your data, but ultimately the only way to achieve complete privacy is to shun technology completely and live a Luddite existence in a cabin in the Rockies somewhere.
Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.
