WASHINGTON — Executives from Apple Inc. and Google Inc. struggled Tuesday to allay the fears of federal lawmakers that location data collected through cellphones and other mobile devices are anonymous and not a threat to personal privacy.
Members of a Senate privacy subcommittee remained uneasy during a hearing as Apple and Google executives defended their companies’ practices while privacy and law enforcement experts warned that identity thieves, stalkers and other criminals still could obtain information about where people are and at what time.
The federal government is doing “far too little” to protect privacy, said Sen. Al Franken, D-Minn., who chairs the new subcommittee. He noted that many mobile applications have no privacy policies and no limits on sharing location data once the user gives approval for programs to access the information.
“In fact, once the maker of a mobile app, a company like Apple or Google, or even your wireless company, gets your location information, in many cases,” he said, “these companies are free to disclose your location information and other sensitive information to almost anyone they please — without letting you know. … It’s a serious problem.”
Apple and Google have been under fire for high-profile data collection controversies, helping fuel efforts by lawmakers and regulators in Washington, California and elsewhere to give people more control over their personal electronic information.
Some bills, for instance, contain do-not-track provisions that would ban browsers from tracking the pages that users visit.
But even if companies are forced to better advise their customers about how they collect, store and profit from the explosion of consumer data, privacy advocates worry that government efforts might be outpaced by the speed of innovation in the private sector, where customer data has become a valuable commodity.
Last month, security researchers found that an obscure file in the operating software on Apple iPhones and iPads could store thousands of time-stamped records of a user’s location. Google also said it collects location data from mobile devices running its Android software.
Executives from Apple and Google told senators that they collect the location data anonymously and that the information improves the performance of their devices. They said the companies were committed to protecting privacy and only shared location data with third-party applications if the user agreed to it.
“We are particularly sensitive when it comes to location information,” said Alan Davidson, Google’s director of public policy for the Americas. He said the data aren’t tied to a specific user and are deleted after about a week.
In a rare congressional appearance by an Apple executive, Guy “Bud” Tribble, the company’s vice president for software technology, said its devices track nearby Wi-Fi hot spots and cellphone towers to create a database that is much quicker to access than GPS signals.
“That data doesn’t have any customer information. It’s totally anonymous,” he said. “Apple does not track users’ locations.”
A software bug caused the location data to be updated even when the user of the device had chosen to turn off such transmissions, he said. The bug was fixed in the latest software release, and the data will be encrypted in the next update, he said.
But Ashkan Soltani, a privacy and security consultant, told the subcommittee that the Apple data were not anonymous. Despite Apple’s statement last month that it is difficult to use the data to pinpoint a user’s exact location, Soltani said he tested it in a nearby Senate office building and found that his location was only 20 feet off.
Deputy Assistant Attorney General Jason Weinstein told lawmakers that mobile devices are increasingly targeted by criminals and that there are no legal requirements for companies to secure the data.
And Jessica Rich of the Federal Trade Commission said location data deserves “special protection.” The agency has not recommended specific legislation, but it wants companies to do a better job protecting the data.
Privacy has become a hot topic in Washington this year, and several privacy bills have been introduced in Congress.
Sens. John F. Kerry, D-Mass., and John McCain, R-Ariz., introduced legislation that would give consumers new rights over their electronic data, requiring companies to protect it and get permission before sharing it.
Their broad bill, which does not include the do-not-track requirement advocated by many privacy advocates, aims to improve data protection without squelching innovation.
Franken said that also is his goal as he considers whether legislation covering location data is needed.
“I just want to be clear that the answer to this problem is not ending location-based services,” he said, noting he loves using services such as Google Maps.
“No one up here wants to stop Apple or Google from producing their products or doing the incredible things that you do,” Franken said. “What today is about is trying to find a balance between all of those wonderful benefits and the public’s right to privacy.”