Google Android & Sensorvault: Consumer Privacy Concerns Mount
Google’s Sensorvault, its internal digital locker that pinpoints and stores the geo-location of hundreds of millions of devices, has drawn the concern, if not the ire, of Congressional lawmakers on the House Energy and Commerce Committee.
Consumer privacy is again the issue: What does Google know about people it tracks, how long has it known it, is the information being used by third-parties, is it stored in multiple databases, how timely is the data, can users choose not to be tracked, and so forth. On that last question, geo-location tracking is not active by default on Android devices but a number of apps require it. We can expect the morality and legality of privacy issues to confront us for many years, but hopefully not decades to come until a satisfactory answer surfaces. While not yet exhibit A, this episode is at the very least another mile marker.
Google Android Device Privacy Concerns
Committee members, led by Chairman Frank Pallone (D-NJ) want Google to pull back the sheet on information it’s been compiling on Android device owners, ostensibly for at least a decade, and how it’s being used. Federal law enforcement, according to an earlier New York Times report, has accessed Google’s geo-location database dating to 2016 to locate crime suspects and find possible witnesses. According to the Times, the FBI and police departments in Arizona, North Carolina, California, Florida, Minnesota, Maine, and Washington are currently using Google-collected location data. The company is said to be getting up to 180 requests a week for data, the report said.
Once geo-location is turned on, the Times reported, Google can track details from “GPS signals, cellphone towers, nearby Wi-Fi devices and Bluetooth Beacons.” Sensorvault, the Times said, turns the “business of tracking cellphone users’ locations into a digital dragnet for law enforcement. In an era of ubiquitous data gathering by tech companies, it is just the latest example of how personal information — where you go, who your friends are, what you read, eat and watch, and when you do it — is being used for purposes many people never expected.”
It’s one thing to recognize that turning on geo-location services makes your whereabouts known to Google, it’s quite another not to know how and what the data is being used by the search giant. That, in effect, is the context behind a bi-partisan open letter signed by Pallone and sent to Google chief executive Sundar Pichai, in which the panel, including co-signees Greg Walden (R-OR), Rep. Jan Schakowsky (D-Il) and Cathy McMorris Rodgers (R-WA), questioned Google’s actions, motivation and judgement.
“The potential ramifications for consumer privacy are far reaching and concerning when examining the purposes for the Sensorvault database and how precise location information could be shared with third parties,” the legislators wrote. “We would like to know the purposes for which Google maintains the Sensorvault database and the extent to which Google shares precise location information from this database with third parties.”
Privacy Concerns From Electronic Frontier Foundation
To privacy advocates, it’s yet another chapter of questionable below-the-radar data gathering by an IT giant (Facebook is the other prominent offender) that has brought the IT industry under increasing scrutiny. “Unlike other methods of investigation used by the police, the police don’t start with an actual suspect or even a target device—they work backward from a location and time to identify a suspect. This makes it a fishing expedition—the very kind of search that the Fourth Amendment was intended to prevent,” wrote the Electronic Frontier Foundation, in a blog post.
The lawmakers want Google to bring them up to speed by May 10 and asked for written responses to their questions by May 7.
Here are the panel’s questions:
- What information does Google store in the Sensorvault database and for what purposes does Google use this information?
- Which Alphabet subsidiaries have access to the information?
- Does Google maintain other databases of precise location information?
- Who is able to access the information in the Sensorvault database?
- What are Google’s sources for the data?
- If a user opts out, do Android phones continue to collect information?
- How accurate is the precise location information stored in the Sensorvault database?
- What controls, if any, does Google provide to consumers to limit or revoke Google’s access to the information stored in the Sensorvault database?
- What is Google’s retention policy with respect to precise location information stored in the Sensorvault database?
- Does Google share, sell, license or otherwise disclose precise location information from the Sensorvault database with any third parties other than law enforcement?