Tim Cook renews call to Congress for federal data privacy law reforms, suggests creation o...

Posted:
in General Discussion edited January 2019
The U.S. Congress should implement comprehensive federal privacy legislation to protect and empower customers against "data brokers," Apple CEO Tim Cook has declared, calling for lawmakers to introduce landmark reforms that fundamentally change the rules by which companies should abide regarding the collection and storage of user data.

Apple CEO Tim Cook
Apple CEO Tim Cook


Continuing his calls for greater oversight regarding the handling of consumer data, Cook has written an essay to push for changes to privacy legislation in the United States. Cook starts with a call to action by telling the reader, "In 2019, it's time to stand up for the right to privacy -- yours, mine, all of ours."

The major data collection efforts of companies like Google and Facebook are highlighted as a continuing issue, with the amassing of "huge user profiles," data breaches, and "the vanishing ability to control our own digital lives" said to be a solvable problem. The essay, published by Time, suggests "realizing technology's potential depends" on fixing the problem.

"That's why I and others are calling on the U.S. Congress to pass comprehensive federal privacy legislation - a landmark package of reforms that protect and empower the consumer," writes the CEO.

Cook references four principles he laid out to a global body of privacy regulators in 2018 that should guide legislation. The principles included the right to have personal data minimized with companies stripping identifying information or avoiding its collection, the right for consumers to know what is being collected and why, the right to see and make changes to personal data, and the right to security.

"But laws alone aren't enough to ensure that individuals can make use of their privacy rights," Cook asserts. "We also need to give people tools that they can use to take action."

Cook goes on to discuss the concept of a "data broker," a company that collects data from a retailer or other firms providing products and services, which are then compiled and sent to another buyer for other uses, usually without the customer's knowledge. For example, this data could be used to further advertising campaigns, or in the more extreme case of Cambridge Analytica, be allegedly used to influence elections by targeting individual voters.

The amount of data compiled by such firms is immense. A 2014 report by the Federal Trade Commission found one broker's database had "information on 1.4 billion consumer transactions and over 700 billion aggregated data elements," while another covered over one trillion dollars in consumer transactions and a third added three billion new records to its databases each month. Considering the age of the report, it is almost certain the level of data acquisition has increased considerably in the interim.

"The trail disappears before you even know there is a trail," suggests Cook. "Right now, all of these secondary markets for your information exist in a shadow economy that's largely unchecked -- out of sight of consumers, regulators, and lawmakers."

Comprehensive federal privacy legislation should "shine a light on actors trafficking in your data behind the scenes," and not just to put consumers in control of their data. While some state laws are moving in that direction, Cook notes there is no federal standard version that protects U.S. citizens in the same way.

It is suggested the FTC should "establish a data-broker clearinghouse, requiring all data brokers to register, enabling consumers to track the transactions that have bundled and sold their data from place to place, and giving users the power to delete their data on demand."

"We cannot lose sight of the most important constituency: individuals trying to win back their right to privacy," urges Cook. "Technology has the potential to keep changing the world for the better, but it will never achieve that potential without the full faith and confidence of the people who use it."

The issue of data collection is being looked at by Congress in a number of different ways. In November, a pair of senators on a subcommittee of the Senate Commerce, Science, and Transportation Committee are working on a draft bipartisan bill that could arrive sometime in 2019.

On Wednesday, Senator Marco Rubio announced he was putting forward a bill that would task the FTC with suggesting new rules that Congress could implement, with the potential of the FTC being granted powers to make up and enforce its own rules.

The full essay follows:
In 2019, it's time to stand up for the right to privacy-- yours, mine, all of ours. Consumers shouldn't have to tolerate another year of companies irresponsibly amassing huge user profiles, data breaches that seem out of control and the vanishing ability to control our own digital lives.

This problem is solvable-- it isn't too big, too challenging or too late. Innovation, breakthrough ideas and great features can go hand in hand with user privacy-- and they must. Realizing technology's potential depends on it.

That's why I and others are calling on the U.S. Congress to pass comprehensive federal privacy legislation-- a landmark package of reforms that protect and empower the consumer. Last year, before a global body of privacy regulators, I laid out four principles that I believe should guide legislation:

First, the right to have personal data minimized. Companies should challenge themselves to strip identifying information from customer data or avoid collecting it in the first place. Second, the right to knowledge-- to know what data is being collected and why. Third, the right to access. Companies should make it easy for you to access, correct and delete your personal data. And fourth, the right to data security, without which trust is impossible.

But laws alone aren't enough to ensure that individuals can make use of their privacy rights. We also need to give people tools that they can use to take action. To that end, here's an idea that could make a real difference.

One of the biggest challenges in protecting privacy is that many of the violations are invisible. For example, you might have bought a product from an online retailer-- something most of us have done. But what the retailer doesn't tell you is that it then turned around and sold or transferred information about your purchase to a "data broker"-- a company that exists purely to collect your information, package it and sell it to yet another buyer.

The trail disappears before you even know there is a trail. Right now, all of these secondary markets for your information exist in a shadow economy that's largely unchecked-- out of sight of consumers, regulators and lawmakers.

Let's be clear: you never signed up for that. We think every user should have the chance to say, "Wait a minute. That's my information that you're selling, and I didn't consent."

Meaningful, comprehensive federal privacy legislation should not only aim to put consumers in control of their data, it should also shine a light on actors trafficking in your data behind the scenes. Some state laws are looking to accomplish just that, but right now there is no federal standard protecting Americans from these practices. That's why we believe the Federal Trade Commission should establish a data-broker clearinghouse, requiring all data brokers to register, enabling consumers to track the transactions that have bundled and sold their data from place to place, and giving users the power to delete their data on demand, freely, easily and online, once and for all.

As this debate kicks off, there will be plenty of proposals and competing interests for policymakers to consider. We cannot lose sight of the most important constituency: individuals trying to win back their right to privacy. Technology has the potential to keep changing the world for the better, but it will never achieve that potential without the full faith and confidence of the people who use it.
«1

Comments

  • Reply 1 of 26
    I get the sentiment but regulations like this only make barrier to entry that much higher and Google and Facebook that much more powerful. Which is probably why Zuckerberg supports federal regulations. And of course Apple makes the majority of its revenue and profits from selling hardware so it’s easy for Cook to take this stance. But honestly the reason all this data collection exists is mostly because people don’t want to pay money for software/services. If they did, Facebook would be charging users a monthly fee vs being an ad business.
    entropysmuthuk_vanalingambala1234
  • Reply 2 of 26
    Be careful what you ask for.

    Call me cynical, but I have faith that any such legislation will have clauses requiring data collectors to collect even more data and provide it to the government at any time.

    That's just the way these politicians work.
    entropysmuthuk_vanalingamcornchipPaymon
  • Reply 3 of 26
    There were suggestions in Brussels during the years leading up to it that Apple was against GDPR.  Funny how these things move on isnt it.
  • Reply 4 of 26
    entropysentropys Posts: 4,152member
    Meanwhile, how are those new iMacs, Mr Cook?
  • Reply 5 of 26
    There’s a big difference between selling ads, and selling your data.

    It’s the difference between me using Google, and me never using Facebook. (I do have a VPN, but I shouldn’t need one)

    I have my doubts about Google keeping it clean, so I welcome legislation to enforce it. HUGE penalties please for violations.

    I think Facebook is rotten to the core.
    olsmacseekermuthuk_vanalingammwhitePaymon
  • Reply 6 of 26
    Be careful what you ask for.

    Call me cynical, but I have faith that any such legislation will have clauses requiring data collectors to collect even more data and provide it to the government at any time.

    That's just the way these politicians work.
    Data slurp is the governments middle name, but if companies don’t have the monitory incentive it helps...
  • Reply 7 of 26
    hexclockhexclock Posts: 1,243member
    Even the government gets in on the data sales act. The New York State Department of motor vehicles sells customer information to third parties, and I doubt they are the only state to do so. 
    It’s like asking a thief to guard the bank vault. 
    beowulfschmidtmuthuk_vanalingamPaymon
  • Reply 8 of 26
    ivanhivanh Posts: 597member
    The first thing Apple can do internally and immediately is to disclose the country of origin of each app developer. 
  • Reply 9 of 26
    I would pay $1 / month for a Facebook that captured zero of my personal data and eliminated ads. With 2.2 billion active users, it seems they could make a go at it. (Of course the user base would be smaller, so - hmm...)
  • Reply 10 of 26
    Has Tim Cook ever looked at the top charts in the AppStore?


    muthuk_vanalingam
  • Reply 11 of 26
    Oh Please..... Tim could you please focus the company's work on being the company Steve Jobs wanted it to be??? Remember? making products that were innovative...

    Rather than jet setting around the country rubbing elbows with the regime that is currently running Washington; call out that clown Jony Ive from whatever deep burrow inside the spaceship he is hiding in and show him the new Turing phones, the Vivo Water Drop phone, and whatever folding device Samsung is going to come out with and point blank tell him "This is why Apple is a follower, not a leader. This is why Apple is going to get their ass kicked. This is why our stock option won't be worth a poop in 5 years."

    Tim, this argument for government intervention does not make Apple a better company.
  • Reply 12 of 26
    slurpyslurpy Posts: 5,382member
    entropys said:
    Meanwhile, how are those new iMacs, Mr Cook?

    What the fuck does that have to do with the topic of this thread?
    And do you expect him to reply to you?
    The iMacs will be released when Apple deems them ready from every angle. You think Cook is hiding them in his basement or vetoing their release or something?

    These drive-by "where is product X" posts in unrelated threads are so idiotic and useless. 
    mwhitebonobobfastasleep
  • Reply 13 of 26
    slurpyslurpy Posts: 5,382member
    bobroo said:
    Oh Please..... Tim could you please focus the company's work on being the company Steve Jobs wanted it to be??? Remember? making products that were innovative...

    Rather than jet setting around the country rubbing elbows with the regime that is currently running Washington; call out that clown Jony Ive from whatever deep burrow inside the spaceship he is hiding in and show him the new Turing phones, the Vivo Water Drop phone, and whatever folding device Samsung is going to come out with and point blank tell him "This is why Apple is a follower, not a leader. This is why Apple is going to get their ass kicked. This is why our stock option won't be worth a poop in 5 years."

    Tim, this argument for government intervention does not make Apple a better company.
    One of the stupidest fucking posts I've seen in my life. Congratulations.

    Vivo water drop phone? Nobody knows ANYTHING about that besides a promotional render tweeted out that shows nothing.
    Turing phone? Something that looks like vaporware concept that will probably never ship? You know they announced a previous phone years ago that never saw the light of day, right? You're shitting on Apple because of an imaginary render? And some hypothetical "folding" Samsung phone that could very well be horrible, gimmicky, or just utterly impractical? This is what Apple should be terrified of, and why Jony Ive is a clown? The guy that designed the smartphone that became a template for every other smartphone, and which has been the best selling smart phone in the world for EVERY SINGLE generation? How many times have we seen conceptual "iPhone killers" that went absolutely nowhere, fizzling and dying after months and months of hype from people like you? Because Steve Jobs was all about gimmicks, right? 

    You're so clueless, it's painful. You think Apple has absolutely nothing in development? You have no idea what innovation ACTUALLY means, besides masterbating to concept renderings and fictional products. Here are the juicy details:

    "The HubblePhone will have not one, not two, but three operating systems. There’s a custom OS called Keplerian OS (based on FreeBSD) on both decks. Android 9.0 is also on both. The main deck also has Sailfish 3 for “console mode.” Yeah, that seems reasonable."

    Even the basic elements of this phone seem made up. The spec table claims this phone will run a Snapdragon 855 in each of the phone’s two sections. That chip hasn’t been announced and will probably never exist. The Turing Phone Cadenza was supposed to have a Snapdragon 830, which is a model number Qualcomm never used. Not enough? The HubblePhone will be 5G with support for every band imaginable, ignoring the lack of any 5G radios that could do that.

    TRI says the HubblePhone will launch in the first quarter of 2020. Don’t let the long development time fool you — this phone will never exist. Its only value is in the amusement you’ll get from looking at the unrealistic renders and specs. TRI plans to “sell” the phone for $2,749, but it could price the phone at a million dollars and it wouldn’t matter. "

    A phone with 3 operating systems and a $3K price tag! We have a winner! Jony Ive should be fired! What a smart guy you are!


    edited January 2019 cornchipmwhitepacificfilmfastasleepneil anderson
  • Reply 14 of 26
    gatorguygatorguy Posts: 24,176member
    Good on Mr Cook for raising the issue of data aggregators for a change. IMO they are far more intrusive and dangerous than the Facebook's and Google's of the internet. While everyone was transfixed on Facebook and Cambridge Analytica here's what you probably missed, leaking like a sieve from data aggregators among others in just the last year:

    Exactis: In June 2018, the marketing firm Exactis inadvertently publicly leaked 340 million records of personal data. Security researcher Vinny Troia of Night Lion Security discovered the leak contained multiple terabytes of personal information spread across hundreds of separate fields including addresses, phone numbers, family structures and extensive profiling data. The data was collected as part of Exactis' service as a "compiler and aggregator of premium business & consumer data" which they then sell for profiling and marketing purposes. A small subset of the exposed fields were provided to Have I Been Pwned and contained 132 million unique email addresses.

    Compromised data: Credit status information, Dates of birth, Education levels, Email addresses, Ethnicities, Family structure, Financial investments, Genders, Home ownership statuses, Income levels, IP addresses, Marital statuses, Names, Net worths, Occupations, Personal interests, Phone numbers, Physical addresses, Religions, Spoken languages

    You've Been Scraped: In October and November 2018, security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a data aggregator. Containing a total of over 66M records, the owner of the data couldn't be identified but it is believed to have been scraped from LinkedIn hence the title "You've Been Scraped". The exposed records included names, both work and personal email addresses, job titles and links to the individuals' LinkedIn profiles.

    Compromised data: Email addresses, Employers, Geographic locations, Job titles, Names, Social media profiles

    Onliner Spambot (spam list): In August 2017, a spambot by the name of Onliner Spambot was identified by security researcher Benkow moʞuƎq. The malicious software contained a server-based component located on an IP address in the Netherlands which exposed a large number of files containing personal information. In total, there were 711 million unique email addresses, many of which were also accompanied by corresponding passwords. A full write-up on what data was found is in the blog post titled Inside the Massive 711 Million Record Onliner Spambot Dump.

    Compromised data: Email addresses, Passwords

    GoldSilver: In October 2018, the bullion education and dealer services site GoldSilver suffered a data breach that exposed 243k unique email addresses spanning customers and mailing list subscribers. An extensive amount of personal information on customers was obtained including names, addresses, phone numbers, purchases and passwords and answers to security questions stored as MD5 hashes. In a small number of cases, passport, social security numbers and partial credit card data was also exposed. The data breach and source code belonging to GoldSilver was publicly posted on a dark web service where it remained months later. When notified about the incident, GoldSilver advised that "all affected customers have been directly notified".

    And this real biggie: In January 2019, a large collection of credential stuffing lists (combinations of email addresses and passwords used to hijack accounts on other services) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billionrecords including 773 million unique email addresses alongside passwords those addresses had used on other breached services. Full details on the incident and how to search the breached passwords are provided in the blog post The 773 Million Record "Collection #1" Data Breach.

    You mean you didn't hear about any of those? Well perhaps you should be asking why.

    edited January 2019 muthuk_vanalingamcornchip
  • Reply 15 of 26
    lennlenn Posts: 36member
    Just more marketing by Cook and Apple to get more people to buy iPhones.
  • Reply 16 of 26
    gatorguygatorguy Posts: 24,176member
    lenn said:
    Just more marketing by Cook and Apple to get more people to buy iPhones.
    Making vague claims about the evils of ads might be as much marketing and taking a competitive advantage than honest worries, but I do believe Mr Cook is sincere on this one. Something really does need to be done to rein in the data aggregators who buy and sell your personal information. Nearly every big data breach can be tagged on one of 'em. 

    So I disagree, this time it isn't really about selling more phones IMO. 
    edited January 2019 muthuk_vanalingammwhitePaymon
  • Reply 17 of 26
    k2kwk2kw Posts: 2,075member
    I get the sentiment but regulations like this only make barrier to entry that much higher and Google and Facebook that much more powerful. Which is probably why Zuckerberg supports federal regulations. And of course Apple makes the majority of its revenue and profits from selling hardware so it’s easy for Cook to take this stance. But honestly the reason all this data collection exists is mostly because people don’t want to pay money for software/services. If they did, Facebook would be charging users a monthly fee vs being an ad business.
    Cooks protests are a NothingBurger intended to distract from all the problems he created.
  • Reply 18 of 26
    k2kwk2kw Posts: 2,075member
    bobroo said:
    Oh Please..... Tim could you please focus the company's work on being the company Steve Jobs wanted it to be??? Remember? making products that were innovative...

    Rather than jet setting around the country rubbing elbows with the regime that is currently running Washington; call out that clown Jony Ive from whatever deep burrow inside the spaceship he is hiding in and show him the new Turing phones, the Vivo Water Drop phone, and whatever folding device Samsung is going to come out with and point blank tell him "This is why Apple is a follower, not a leader. This is why Apple is going to get their ass kicked. This is why our stock option won't be worth a poop in 5 years."

    Tim, this argument for government intervention does not make Apple a better company.
    Cooks very short sighted once they get into the legislative process any bills to protect privacy will require phone manufacturers to add back doors for the government/CIA/FBI/NSA.
    then a major advantage of the iPhone will be gone.
  • Reply 19 of 26
    I get the sentiment but regulations like this only make barrier to entry that much higher and Google and Facebook that much more powerful. Which is probably why Zuckerberg supports federal regulations. And of course Apple makes the majority of its revenue and profits from selling hardware so it’s easy for Cook to take this stance. But honestly the reason all this data collection exists is mostly because people don’t want to pay money for software/services. If they did, Facebook would be charging users a monthly fee vs being an ad business.
    How would this increase the entry barrier?  Just don't sell the data you collect, and delete the data you do collect that you don't need.  It actually takes more effort to sell the data, not less.
  • Reply 20 of 26
    gatorguygatorguy Posts: 24,176member
    bonobob said:
    I get the sentiment but regulations like this only make barrier to entry that much higher and Google and Facebook that much more powerful. Which is probably why Zuckerberg supports federal regulations. And of course Apple makes the majority of its revenue and profits from selling hardware so it’s easy for Cook to take this stance. But honestly the reason all this data collection exists is mostly because people don’t want to pay money for software/services. If they did, Facebook would be charging users a monthly fee vs being an ad business.
    How would this increase the entry barrier?  Just don't sell the data you collect, and delete the data you do collect that you don't need.  It actually takes more effort to sell the data, not less.
    This time around Mr. Cook isn't talking about Facebook and such as much as he is data aggregators. Acxiom, Exactis, the big three credit bureaus, BlueKai and thousands of smaller companies. Their whole business revolves around buying and selling data. They aren't deleting anything, instead gobbling up as much as they can. Look waaaay past Facebook, They aren't even in the same league when it comes to trading of your very personal and very detailed personal information to whoever has the money and reason to buy it.  
    edited January 2019 muthuk_vanalingam
Sign In or Register to comment.