Facebook, Mobile Providers Fail to Protect Minors, Says Rockefeller

Earlier this month Apple and Google testified before the Senate Privacy Subcommittee after researchers discovered that their devices “intentionally” record and store each user’s latitude and longitude coordinates along with a time stamp (CD May 11 p11). The companies faced a fresh round of congressional inquiries Thursday, this time from lawmakers on the Senate Consumer Protection Subcommittee, who were particularly concerned about the implications of mobile tracking on children and teens.

Rockefeller took an early potshot at Facebook CEO Mark Zuckerberg’s age and maturity. “Zuckerberg was at Harvard, he was 20, 21 years old and comes up with a big, new idea,” Rockefeller said. “It’s my general feeling that people who are 20, 21, 22 years old really don’t have any social values.” Rockefeller also targeted Google and Apple for the companies’ rampant collection of consumer data, something the senator called “an abuse of power.” He said that the congressional inquiry into mobile privacy matters was far from over and told witnesses the hearing “won’t be your last.”

Rockefeller was particularly irked by the gaps in Facebook’s oversight of malicious user content, especially when it comes to underage users, he said. “I'm worried about what can happen to children. Humiliation, bullying, predators, all the rest of it,” said Rockefeller. “Parents are terrified; they don’t know what to do and school counselors don’t know what to do, and they are very worried about this.” Rockefeller added that it is “indefensible” that Facebook only has 100 employees monitoring its 600 million users for malicious content.

Common Sense Media also hit Facebook for what it called its lack of focus on privacy provisions for teens and children. “Instead of spending money to try and hire PR firms to try to take out the other company let’s take that money and figure out technological ways to protect our kids,” said Common Sense Media President and Chief Operating Officer Amy Guggenheim Shenkan, referring to the recent controversy over Facebook’s attempt to smear Google with the assistance of a public relations agency.

The FTC is sending a “clear message to the industry” that it will target and pursue companies that violate COPPA rules, testified FTC’s Vladeck. Just last week the agency agreed to a $3 million settlement with Playdom, an online multiplayer gaming company, for alleged COPPA violations, Vladeck said. The FTC is also pursuing an undefined number of closed investigations into companies that violate COPPA rules, said Vladeck, but the agency is short staffed and could use more people, he told lawmakers.

The importance of consumer trust is paramount to the success and survival of Facebook, Google and the Association for Competitive Technology, each organization said. “We understand that trust is the foundation of the social Web,” said Facebook’s Chief Technology Officer Bret Taylor. “People will stop using [Facebook] if they don’t trust it. Getting the balance right is a matter of survival.”

Apple reiterated that it does not track users’ locations. “Apple has never done so and has no plans to ever do so,” Catherine Novelli, Apple’s vice president of worldwide government affairs, testified. Google again emphasized that it offers all Android users an “out of the box” opt-in prompt for geolocation services. Both companies continued to resist lawmakers’ request to remove “driving under the influence” enforcement evasion applications from their app stores, saying only that they were considering the matter internally.

Rockefeller’s Do Not Track bill has “started the clock” on industry-wide implementation of the FTC-approved privacy mechanism, Vladeck said. “The business community knows there will sooner or later be a Do Not Track requirement,” he said. Sen. John Kerry, D-Mass., advocated the Do Not Track provision of Rockefeller’s bill, indicating his willingness to incorporate the mechanism into his Commercial Privacy Bill of Rights legislation.

Consumer Protection Subcommittee Chairman, Sen. Mark Pryor, D-Ark., predicted that lawmakers will consolidate elements of the existing mobile privacy bills into a single piece of legislation. “I wouldn’t be surprised… if the effort is made to do that,” Pryor told reporters. “My sense is that the legislation is not ready yet. This is in the end going to be a team effort.”

Congress must implement a basic set of privacy ground rules to govern the collection and handling of consumer information, said Kerry, who is Communications Subcommittee Chair. Specifically, consumers should know when they are being tracked, how long their data is being stored and how it will be used, he said. Simply offering an opt-out option for geolocation based services “doesn’t do the trick,” Kerry said. “We can’t leave it to firms to decide on an ad hoc basis what that level of protection should be."

No one mentioned a Wall Street Journal article published Thursday that said Facebook, Twitter and Google are tracking the Web histories of visitors to pages that include the companies’ social widgets, such as the Facebook “Like” button, even when they don’t click the buttons. Users must have logged into Facebook or Twitter in the past month to be tracked, and the tracking stops only if they log out. So said the study performed at the Journal’s request by Disconnect, a software maker that blocks data collection by widgets. The companies separately said they don’t use the widget data to track users. Facebook and Google anonymize and delete data within 90 days and two weeks. Twitter deletes it “quickly,” a spokesman said.