Privacy groups question NTIA's focus on mobile privacy transparency

The first mobile privacy meeting hosted by the agency starts off with questions about the process

The U.S. National Telecommunications and Information Administration's first step toward developing a consensus on mobile privacy standards may be the wrong step, privacy advocates said.

The NTIA's first multistakeholder meeting on mobile privacy, Thursday in Washington, D.C., focused on ways to improve the transparency of the privacy practices of mobile apps, but several privacy advocates questioned the value of creating more transparency without rules on the way apps will use the personal data of users. Mobile privacy standards need to also address the fair collection of data, security and other issues in addition to transparency, said Susan Grant, director of consumer protection for the Consumer Federation of America.

"Transparency, in itself, has no value," added Pat Walshe, director of privacy at GSMA, a mobile carrier trade group. "People need tools, they need mechanisms, to express choice."

One mobile app asked Walshe to agree to a 21,000-word privacy policy, he said. "That was transparent, but it was useless," he added.

During much of meeting, meeting facilitator Marc Chinoy, president of the Regis Group, asked the audience of more than 200 people for ideas on how to improve mobile app transparency. Several participants offered ideas, including software that can tell mobile device users what private information they're sharing, and the use of icons to represent privacy concepts, instead of long, multipage privacy policies.

But several participants urged the NTIA to take a step back and tell participants what it hopes to accomplish or describe in the multistakeholder process going forward. The NTIA's process to develop privacy standards "is unduly amorphous at this point," said Alan Raul, a privacy lawyer with the Sidley Austin law firm.

Berin Szoka, founder of free-market think tank TechFreedom, questioned whether a room full of people with "no business experience" would be able to create workable privacy standards for the mobile industry. The NTIA process will likely fail, he said, because it's led by the government and not industry.

The NTIA participants may be able to provide feedback to mobile app developers, but business decisions on privacy practices should be made "behind closed doors" by people in the industry, he said.

Much of the discussion, however, was on whether the NTIA should focus on mobile app transparency first. The NTIA process needs to define a complete set of fair information practices for mobile apps, in addition to transparency guidelines, said Chris Calabrese, legislative counsel at the American Civil Liberties Union.

"Transparency merely describes what the system is," he said. "If the system is unfair, a description of an unfair system is relatively valueless."

Other participants disagreed, saying a transparency standard would have value on its own. "Transparency alone has significant, inherent value," said Steve DelBianco, executive director of NetChoice, an e-commerce trade group. "Transparency about the status quo ... enables consumers to be informed, make choices about the services they use, or to change the settings in the services they use."

Transparency practices have "tremendous" benefits, added Jon Potter, president of the Application Developers Alliance.

App developers are interested in transparency and mobile privacy, he said. App developers want to see a single, uniform best practice for mobile privacy, he said.

"They don't like to be sued," he said. "They don't like getting letters from Congress. They don't like bad press. More importantly, they want consumers to trust their app."

Pam Dixon, executive director of the World Privacy Forum, urged participants of the NTIA process to give it a chance. "We have an opportunity to move forward and create a dialog," she said. "We have to put the consumer first. If everyone in the room can agree to that one thing, I think it will go far."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place