challenge, to develop ways to put in front of consumers at the right time information that is actionable. two years before you worked on that, people would not have been able to have the unsubscribe button. when we working on credit card information 20 years ago, with a lot of time thinking about if there is a box, how do we get it in front of consumers in a way that informs their decision? the same technology provides ways to solve it. one of the things that we have both tried to is spur the industry to use the technology expertise to help develop answers that empower consumers in a meaningful way. it is an important challenge and -- >> in order that i do not miss this vote, let me ask that the committee stand in recess for

five minutes. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2010] >> jennifer martinez covers washington for the "l.a. times," looking at privacy. looking at google and apple, what was the committee trying to find out? >> they wanted to know what privacy mechanisms they have in place to protect users' personal information, and also whether or not they believe legislation was needed to improve privacy policies. >> are they hearing in

particular from constituents that this has been an issue that my constituents are writing about, very concerned about what sort of data that on-line companies get from them? >> yes, definitely. they are saying that constituents had mentioned targeted advertising was something that had spilled to them, that advertising was being served up on the web that reflected what they had been searching for. >> for these companies, online advertising is critical. how did they defend the practice of online -- personal data from users in developing their advertising strategy? >> us. >> thank you. >> people are obviously on their

way back and i apologize for interrupting the secret protocol of the senate commerce committee, because -- but there is a interesting witness in front of us. we run into this in so many areas, mortgage fraud, people call up and the company does not, and they go on paying. it is just everywhere. it is always allowed in given freedom by something called small print. i want to know from your point of view if you think it is a deceptive think inherently or in cases of specific uses and how on earth can you or the user tell the difference? >> i believe the commission has

had small print issues going back to even before the internet. it in the small print you have material terms, important terms to the consumers, or they are clicks away with the consumer cannot possibly find them, or a reasonable consumer cannot find them, they are inherently deceptive and unfair and we're going to go after people for doing that. and then thinking through the architecture of where we would like to see companies go, in our report we are thinking about a small box. we're not quite there yet, but the idea of a small box with the material terms in there that the consumers have to say is that it cannot get away with burying things in the fine print. >> how should be formatted?

>> in a way that are reasonable consumer, someone on the internet, a coal miner for west virginia who goes on the internet from time to time understands the meaning of that. >> isn't there. whenn't there a point people fail to physically read small print? >> there is a reason why in contracts, some contracts -- some clauses are buried in the fine print. this is not the practice of the best companies. we had one case involving a company that had acknowledged in its pleadings that it was responsible for 6 billion pop-up ads to consumers, 6 billion pop- up ads. and there was some sort of warning multiple clicks away, but i don't think a single

consumer consented to downloading software that downloaded pop-up ads until we shut the company down. even senator dorgan could see, he made this sort of. about the unsubscribe notice at the bottom of the mess. one of the things we want to do is have this baked into the interactions that companies have with consumers and though what -- in a way that consumers can clearly understand it, and we hope the companies do it themselves. if they do not, we will work with you to craft legislation. >> when you ask large and successful companies who were riding the waves of success and popular demand to do something on a voluntary basis which they do not want to do, do they generally not do it? >> i think it is different

critic different responses by different companies. a lot of companies recognize that their brand is enhanced if they are not doing things that are not in a gray area. some companies, and you have to push and prod to get them to do the right thing, and then some companies just do not. we brought a major case against sears for data mining without giving consumers notice. they just didn't know -- they were taking it without the permission of consumers. it include a prescription drug information and other personal information. it depends, but having these hearings is enormously important in moving companies board into doing the right things. >> you referred to the humification/opt-out question and you seem to come out in favor of opt in.

>> the most important thing is clear notice to consumers. not everyone on the commission chairs where i am, it is probably a majority. i think ought to in a generally protect consumers -- often in generally protect consumers better than opt out in those circumstances. i do not think it undermines a company's ability to get information that it needs to advertise back to consumers. and the entire commission believes that if you're dealing with sensitive information, for changing the privacy policy that has to be off in -- opt in.

>> if you wait for the opt out, then they have already been had. >> speaking hypothetically, but if you -- if the company says i'm going to not share your information with any other companies or any of our up delays, and then they decide to change their policy, most consumers will not read that policy. why would they? you have to give them a clear way to opt into your new policy. with respect to sensitive information like medical records and banking records, the privacy level is so important because this is the kind of information you do not want circulating around on the internet. i think the whole commission agrees. that they should be a hot tin -- i think the whole commission agrees that they should be a opt in approach.

>> selling information to third parties it can use that information to create profiles for potential employers, is that fair? >> it would be something we would want to take a close look at. if your staff has any instances of policies like that, please send our way. >> people often say that parents should do it this and set their remote so that kids can now watch such and such on television, and all kinds of things. but secondly, the responsibility of the consumer -- that is the argument i heard last night at the dinner table. and i did not like it. people have the responsibility. they are entering into a situation. they note that it is a complex world. therefore they should take all of that very seriously. i think that is asking the

impossible of the average user. >> i agree with that. i will say this, most of the cases that we abroad, they had not given clear -- we are not at the level of get where every company even gives consumers clear notice that they can make clear choices. most of the cases we have broad involved instances where the disclosures or the use of the information was in the fine print that was designed to ensure that consumers would not find it. the best companies want to make these things clear. i think that we need to ensure that other companies moved to that level. >> cake, chairman leibovitz. >> thank you, chairman rockefeller. >> our second panel is the vice-

president of software technology at apple. the chief technology officer of facebook. the privacy engineering lead at google. the director of information policy studies at the cato institute. the senior vice president of public policy, and privacy officer of at&t. and a professor from the annenberg school of communication who has been before us many times. if you confine your seats. and sure that they have plenty of water.

let me go in the order of the way it of the -- of the way that appears before me. ipple of apple. >> good afternoon, members of the committee. i am vice-president for software technology at apple. thank you for asking me to testify about our approach to a consumer privacy. apple shares are concerned about privacy and we are deeply committed to protecting the privacy of our customers. we're committed to providing our customers with clear choice over

their information. for instance, as part of our service, we provide our customer with easy to use tools to let them control the collection and use of location data on all devices. i would also point out that apple does not share our customers' private debt or selling customers' private data to third parties for their marketing purposes. we have provided an explanation of our privacy practices in the written testimony. let me emphasize that you points about letting consumers control hot applications using collected data. in addition to a published privacy policy, it is very helpful to have privacy features actually built and designed into the devices and we would like to describe some of

our innovative practices in this area. apple does not allow any application to receive device location information without the user's permission. if an application was to use a device application, it must get the consumer's explicit -- explicit consent. the dialog box is mandatory and no one is permitted to override it. only after the user has app bezed it will be athe allowed to use location information. let's say that you're looking for restaurant. you load and happen but it needs to know where you are in order to help. before it receives any device location information, the

software promise you that they would like to use your current location. it presents two options. do not allow or ok. it will send an encrypted location data to apple to determine which restaurants are nearby. in this example, information about the devices actual location is only transmitted to the third-party application after the consumer expressly consents. apple has built of master location service switched into r i o s global operating system which makes it extremely easy to opt-out in tally of location- based. our latest devices are not this

playing an icon at the top of the screen near the battery indicator. it reminds to the user that look passion -- location data is being shown to their application. they are also able to see a list of every project every application they are authorized to locate -- access their location information. you can see which have used your location information within the last 24 hours, and turn it off individually for each application. i should point out as well that not using these location services does not impact the use of the devices. with more than 3 billion applications down loaded, many people have experienced this process. we believe it is a simple and direct way to keep customers in control of their data.

in closing, let me say again that apple is strongly committed to giving our customers clear notice, a choice, and control over their information. we believe that our products do this in simple and elegant ways. we share the committee's concerns about the collection and misuse of all customer data, particularly location data, and appreciate the approach -- being able to talk about that this afternoon. >> excuse me, please. when you say they go up to a certain place and click and they are out, where is that place on their computer? is it at the top or the side? >> we have a setting menu where you set everything about your phone from how bright it is to including the location settings. if you tap on location settings on that page, it immediately tasty to a page with a switch

that says location services, on, off. >> where do they have to go to tap said that they can get that choice? >> yes, on your home page, there is an app called settings. >> it is at the bottom right? >> it is on your home page. their various -- there are various apps, one is called settings. that takes you to the place where location services can be turned on or off. it is possible, if you could send me a picture. >> i would be happy to show you. >> said it and i will pay the mail. >> i would be happy to do that.

>> brett taylor, chief technology officer. >> thank you very much. thank you other members of the committee. i am the chief technology officer of facebook. thank you for the opportunity to testify today before the committee. facebook is a service that gives people the power to connect and share with one another. it establishes and strengthens relationships that strengthen our lives. we're proud to announce that more than 500 million people around the world are actively using facebook. we also remind ourselves that the people who use face back lie at what the heart -- why part of what we did. first, facebook and other social networking technologies are sharing information and building communities. in just a few years, the internet has been transformed

from a useful -- into a powerful means of connecting with others in creating communities that better the lives of others. since the creation and a college dorm room, facebook has contributed to this transformation