Privacy Practices

Do we protect users from surreptitious monitoring?

If your company's products utilize Radio Frequency Identification (RFID) tags, sensors (including microphones or cameras), and/or location-aware devices, or if your business plans rely on knowing who somebody is or where they are going, that information may also be very desirable for others, such as law enforcement agencies that want to track individuals surreptitiously. You can take some important steps so that customers are not being forced to choose between your product and their privacy.

• Inform users about tags, sensors, or location tracking and
  obtain opt-in consent. Inform users about the information that your product or service generates or demands, and allow them to choose whether and when to share this information. Allow users to convey partial information, such as a city or zip code, in lieu of complete information, such as a street address or precise longitude and latitude.
• Notify users whenever a device is active. Users should be aware when a device or product is actively recording or transmitting information or tracking their location and using or sharing that information. If your product collects or transmits information surreptitiously and that fact is revealed, user trust will be severely affected.

In-Car Assistance Systems: Users who purchased in-car assistance systems thinking that they would be used to help them find their stolen cars and get help in an emergency were not happy to learn that these systems could be used to spy on them. Because some of these systems can be remotely activated without alerting the occupants of the vehicle, they have been secretly used by law enforcement to track individuals and silently snoop on their conversations. The press widely reported this undisclosed "feature" of such systems.

• Protect users' personal information. Prevent hackers, identity thieves, stalkers, and others from accessing data by ensuring that data transmissions are protected through means such as encryption, authentication, and shielding.
• Educate users. Let users know about any privacy or security mechanisms and help them understand when and how to employ them. Users of RFID-enabled toll systems in San Francisco are issued a Mylar bag to block RFID transmissions when they are not passing through a toll booth—but the shield bags are not labeled, so many users throw them away. Invest in both technology and communication to protect your users.
• Minimize data that you collect and store. Sensor and location information is particularly attractive to law enforcement. Unless you want to become a target for expensive and time-consuming demands for information, do not store sensitive information—or delete the information after the shortest period of time possible. If your company does retain sensor or location information, follow the steps discussed earlier and develop a robust policy to ensure that user information is not disclosed unless truly necessary.

HID Corporation: This large manufacturer of Radio Frequency Identification (RFID) technology received a mountain of bad press for trying to silence information
bout security and privacy vulnerabilities. Researchers built a device for a mere $25 that revealed that many of the company’s RFID tags used for building access cards could be read, copied, and cloned from a distance without anyone ever knowing.

Loopt: The company uses location information to enable mobile device users to find nearby friends, places, or events. But it minimizes the storage of location data tied to personally-identifiable information. Unless a user specifically geo-tags a location, Loopt only maintains the most recent location associated with that user.