Critic: NTIA's mobile privacy push has failed

Privacy advocates say the agency's multistakeholder process on privacy was flawed

Lobbyists derailed an effort by U.S. President Barack Obama's administration to create mobile privacy standards, a privacy group charged on Thursday, while some participants in the process conceded it lacked focus.

The U.S. National Telecommunications and Information Administration's year-long multistakeholder process on mobile privacy, culminating in July in a proposed code of conduct for mobile app developers, also failed to fully examine mobile data collection efforts and marketing techniques, the Center for Digital Democracy said in a report released Thursday.

"While the [Obama] administration had an opportunity to advance the privacy and consumer protection interests of the American public, it failed to engage in the serious scrutiny and leadership these issues require," Jeffrey Chester, CDD's executive director, wrote in the report. "Missing almost entirely from the more than yearlong discussion was the impact that current digital marketing, mobile, and app-related business models have on the capability of a consumer to make meaningful privacy choices."

The NTIA's decision to separate out mobile privacy for discussion ignored significant cross-platform tracking of consumers, Chester said. The privacy discussions were "dominated by industry lobbyists," leading to weak consumer safeguards, he wrote. Other privacy advocates agreed, saying they were under-represented during the discussions.

The NTIA's process was "really horrible," added Susan Grant, director of consumer protection at the Consumer Federation of America. Grant called on the Obama administration to push for a baseline consumer privacy law during an NTIA meeting Thursday afternoon to discuss lessons learned in the first round of discussions. After a baseline privacy law, multistakeholder discussions could fill in some gaps, Grant said.

The NTIA's process also lacked focus and an agenda and needed more expert testimony about mobile privacy practices, other participants in the discussions said Thursday's meeting at the NTIA. The NTIA has additional privacy discussions planned. The data collection practices discussed during the NTIA meetings often didn't echo real-life practices, said Morgan Reed, executive director at the Association for Competitive Technology, a trade group representing app developers.

Other participants criticized the process for allowing contentious attacks during the discussions.

Some participants defended the NTIA and the process, however. Critics wanting more progress should realize that major change happens "incrementally" in Washington, D.C., said Stuart Ingis, counsel to the Digital Advertising Alliance, a self-regulatory advertising group.

Even though the process was flawed, the group has produced the mobile code of conduct that's now being tested, said Michelle De Mooy, senior associate for national priorities with Consumer Action. With no real deadline in the NTIA process, industry participants had little incentive to move forward with any initiatives, but the group eventually approved the code of conduct, she said.

ACT's Reed commended participants for being able to "manage the chaos" of the process to come up with a code of conduct.

CDD's report, coming from a group critical of the process from the onset, raised some legitimate issues, De Mooy said in an interview. But there was also a need for privacy advocates who "engaged in the process despite its flaws," she said.

The NTIA also defended the process, with a spokeswoman saying Thursday's meeting is an effort to improve moving forward. "The process involved true give-and-take," she said. "Stakeholders started with widely disparate views but came together and reached compromises to find common ground."

The multistakeholder discussions were a new process for the NTIA, Lawrence Strickling, the agency's administrator, said at Thursday's meeting. "We know this was different," he said. "It has been a learning experience for all of us."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags regulationLawrence StricklingStuart IngisCenter for Digital DemocracymobileBarack ObamaprivacyConsumer ActionMorgan ReedU.S. National Telecommunications and Information AdministrationSusan GrantJeffrey ChestersecurityDigital Advertising AllianceMichelle De MooygovernmentAssociation for Competitive TechnologyConsumer Federation of America

More about ACTIDGMorganTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts