Franken's proposal to protect privacy passed Senate milestone.
WASHINGTON - Scarcely five minutes after a woman from northern Minnesota walked into a domestic violence center, a text message from her alleged abuser popped up on her smartphone asking why she was there.
Moments later, when she sought a protection order, she got another text asking why she had gone to a St. Louis County courthouse. Some tech-savvy advocates quickly determined that the man was monitoring her via a location-tracking application on her phone.
The case, one of tens of thousands nationwide, is helping to spark U.S. Sen. Al Franken's legislative effort to curb the dark side of Internet location services that are integral to popular smartphone apps such as Twitter, Google Maps and Yelp.
The Minnesota Democrat's cyber-stalking bill is the most ambitious regulatory effort of its kind in more than a decade. It reached a significant milestone Thursday, when the Senate Judiciary Committee advanced a set of regulations he's been fine-tuning during the past 20 months as chairman of a privacy and technology subcommittee.
Among the top targets: operators of so-called spy apps like ePhoneTracker, which markets to suspicious spouses, parents, employers and lovers. Passages from the company's website, which Franken read aloud in a Senate hearing, promise to "silently monitor all mobile activities," provide the purchaser with logs of all text messages, calls, websites and photos, and even activate a "SpyCall" microphone to hear the user's surroundings.
"Worried that your spouse might be cheating?" the ad says. "ePhoneTracker is software that will allow you to see and hear the truth!"
One senator, Democrat Chris Coons of Delaware, called the idea "shocking."
Rebekah Moses of the Minnesota Coalition for Battered Women had another word: "Spooky."
Advocates for battered women, who were the first to rally around Franken's bill, say the location data technology contained in popular iPhone and Android devices make it all too easy to track people without their knowledge.
Retina Software, the India-based maker of ePhoneTracker, did not respond to multiple e-mails to its press office seeking comment. But in previous public statements, the company has said its product is intended for the legal monitoring of devices that software purchasers own.
A Justice Department report documented 26,000 cases in which people were victims of Global Positioning System (GPS) stalking in 2006, either on cellphones or other mobile devices. Since then, the number of apps has more than quadrupled. Half of the top smartphone apps on the market now disclose a user's location to third parties -- many without consent.
In the past, Moses said, electronic surveillance required a certain degree of technological sophistication. Now, all it takes is a $50 download and access to somebody's phone. "It's really changed with the proliferation of smartphones and apps," she said. "It's become easy for anybody to engage in stalking behavior."
Devil is in the details
There is little disagreement about the evils of online stalking. But Franken's bill would do far more than clamp down on so-called spy apps. It also would mandate greater transparency in the murky world of advertising on mobile devices over the Internet, where consumer information is easily collected and shared with a host of delivery services, marketers and analytics companies over an array of platforms and networks.
That is where the plot thickens. The mobile apps industry says it supports Franken's attempt to target the use of stalking apps, as well as his efforts to foster more transparency and consumer control. But software developers worry about the technical details involved in obtaining consent every time someone opens an application that relies on different vendors and automated exchanges, which can change from place to place, and second to second.
"There's more than one entity functioning behind the scenes to make that app function," said Sarah Hudgins, director of public policy for the Interactive Advertising Bureau, a leading industry group. "There's no way to know who these partners are every time you open the application."
Franken argues that technical objections are overblown, saying the average app shares data with only one or two entities. He wants full disclosure.
"Every smartphone out there is a personal tracking device that transmits our location," Franken said. "What most people don't realize is that the law allows companies to collect and disclose our location information without our knowledge or consent, and a lot of companies are doing just that."
Franken's Location Privacy Protection Act would close loopholes that allow smartphone, app and wireless companies offering Internet service to sell customer location information or give it to third parties without their consent.
The restrictions already apply to phone companies, thanks to a 1999 law. But in an age when the telephone has morphed into an Internet browser, GPS and e-mail device, the more than 100 million Americans with smartphones now carry the digital equivalent of human telemetry collars.
Lawmakers agree that many of the most popular apps are benign. Such apps can help point the way to stores, friends and restaurants. But the same metadata technology that helped locate fugitive software tycoon John McAfee in Guatemala last week can also track countless other less savvy phone users in the United States.
Hudgins said that her group supports Franken's efforts to target those who intentionally operate apps that facilitate stalking. At the same time, the industry is trying to work with Franken to ensure that those measures do not interfere with software applications in a way that would require a continuous stream of warning screens and pop-up notices.
Senators in both parties have expressed similar objections, even as a bipartisan panel of the Judiciary Committee voted to advance the bill to the full Senate earlier this week. Iowa Sen. Chuck Grassley, the committee's ranking Republican, called the bill "well intentioned" but worries about hampering the economy's fast-evolving tech sector.
The industry now relies largely on voluntary notifications that allow users to opt in or out of location services when they download apps. Franken wants to require companies to get customers' permission before sharing their data with non-government third parties.
The Federal Trade Commission (FTC) announced last week that it is investigating whether some smartphone apps for children are collecting personal information and advertising to them in ways parents would find objectionable.
An FTC report concluded that some mobile apps are information conduits to "invisible and unknown" third parties that can profile children without their parents' knowledge.
Part of the regulatory challenge is the rapid proliferation of software available through industry giants Google and Apple, which together offer up more than 1.4 million apps on online stores, according to the FTC. Both companies say they inform users when apps can collect their location data, and require their approval upon download.
Kevin Diaz is a correspondent in the Star Tribune Washington Bureau.