Whom Do We Blame? →

This story by Nick Bilton in the New York Times, which John Brownlee first wrote about in Cult of Mac, discusses an iOS app called Girls Around Me. Creepy doesn’t begin to describe it:

Girls Around Me uses Foursquare, the location-based mobile service, to determine your location. It then scans for women in the area who have recently checked-in on the service. Once you identify a woman you’d like to talk to, one that inevitably has no idea you’re snooping on her, you can connect to her through Facebook, see her full name, profile photos and send her a message.

Foursquare shut them down after learning about it, but it’s clear from Bilton’s article that he has questions for others, namely Facebook and Apple. As Bilton writes:

The application is still available for download in the Apple iTunes Store.

Facebook and Apple did not respond to my questions of whether the app is granted too much permission and if it goes too far in its data collection.

Am I reading an accusatory tone in the piece that isn’t there? Perhaps. But as I wrote earlier today, it’s clear that many will blame the gatekeepers to our data:

What if unscrupulous developers used the background data for a more nefarious purpose? It’s not hard to imagine the New York Times coverage or the questioning letters from government officials.

I wrote this in regards to apps that transmit constant location data in the background, but the situation here is a close cousin. Even though Apple did nothing but allow an app into the App Store and allow that app to issue a geolocation call — something they allow for every app with your permission, as does Android and every major smartphone — they’re still somehow to blame, as is Facebook or Foursquare.

The implicit blame in these conversations is confusing. What, exactly, is Foursquare et al. expected to do? Comb through each and every request to their API? As of last year there were 10,000 developers using the Foursquare API. There are 146,000 publishers in iOS and likely a similar number to be found on Facebook. Collectively there are well over a million apps between all three platforms, with far fewer employees available to review these apps. What are the solutions? Hire more employees? There will never be enough. Do more in-depth testing of apps? That will merely slow down the already frustrating-to-many approval process and likely threaten the ecosystem that we have come to depend upon. And still creepiness will get through. It’s inevitable.

The silence of reasonable suggestions on how we should be handling these situations is not entirely surprising, largely because we have not yet established as a culture what the threshold is for “creepy”, let alone online privacy or if anyone has actually broken any laws. But due to the behavioral tendency of humans to drastically overweight the likelihood of negative outcomes, the eyes read, “Unknowing young women can be stalked using the iPhone” which gets translated in our brains back down to the lips which ask, “Apple, why aren’t you stopping our unknowing young women from being assaulted?”

Number of unknowing young women reported assaulted in situations where Girls Around Me was a factor: 0

We need only to look to the past to see how the hands have been similarly wrung: answering machines, cookies, and GPS devices are just a few examples, and each time we’ve weighed the relative dangers and decided we can live with the risk. But there’s another thing coming around the corner — there always is — and we decide again that this time, this is it. This technological advance is going to be the one to really screw things up. It’s the lizard brain, convinced that the apocalypse has arrived.

Oh, and we’ve forgotten to talk about the delightfully monikered SMS Services O.o.o., the creators of Girls Around Me, which makes sense as it was almost an afterthought in the story. If we do have to blame someone, aren’t they the most likely culprit? Aren’t they the ones cleverly putting together the innocent pieces and assembling something far more nefarious?

And haven’t they been neutralized?

What does anyone who has concerns about this want that doesn’t result in security theater? Governmental regulations? A code of conduct? It seems clear that the current process of finding a privacy violation, reporting it to the appropriate organizations and letting them act on it worked pretty well in this situation. The story broke earlier today and within a few hours Foursquare had responded. If they hadn’t? It would have likely damaged them by signaling to users that this is an organization you can’t trust.

But the concerned parties can’t accept that, because it is a system in which things slip through. And because this is related to technology, said parties imagine that designing a perfect system to block out unwanted threats is easy. It does sound easy, at least compared to designing a 4.5”x2.31”x0.37” perfectly-sculpted hunk of metal, glass and magic but of course it’s not. The problem isn’t a technological one, it is one of flesh and blood and brain.

What we should worry about was another issue raised today that affected far more Americans than Girls Around Me did: the tremendous breach by hackers of a third-party credit card processing system.

This sort of event happens far more regularly than we’d like. Here, only the scope — hundreds of thousands at risk — is what made it newsworthy. Personally, three of my cards in the last year have been compromised and revoked suddenly because of breaches at online services. Friends have suffered identity theft. Ask your bank what happened, and you’re answered with a shrug. You’ll get a notice about it, they say, but none ever comes.

Where are the questions about data security and storage here? Where are the Senators’ letters? This is because we conflate privacy and security, but the two are not quite as close as many imagine them to be. Our credit card information is private, but as has been shown time and time again it is decidedly not secure. Likewise our emails, our personal notes, our browsing history. Private, but how secure? How much do we know about how our financial or personal information is being stored on servers around the world? Far less than our privacy settings, and yet so much more is actually at risk. Privacy policies abound, but companies tell us little of how they treat our precious data. That is an issue worth raising.