on everybody, and meanwhile, the administration is also telling us to get masking tape and plastic and protect ourselves against these possibilities. guest: with respect to the last comment, the tape and plastic was in the context of a much larger conference eight or 10 years ago. i believe the issue was how does one insulate a house from chemical attacks? the answer was obvious. you enslaved the house from chemical attacks -- you insulate the house from chemical attacks. the issue of getting sick on a plane and so forth, those are real concerns, but let's not forget what al-qaeda's intent is. it is not to effect a plane.

it is to kill millions of americans. under an order that was supposedly issued by one of the ahmans loyal to osama bin laden. we can't waste a lot of energy, frankly, from homeland security aspect talking about frankly -- sounds very crude and cruel by 50 or 100 lives. we need to plan for the things that can cause mass disruption and kill millions of people. those are nation-changing events. our country is very resilient. we will pick up and go when we lose people. we still lose hundreds of people on the roads of our country every day. and that's a disaster. it's a w.m.d. every day but we are focused on the large-scale events. host: dr. jeffrey runge, former assistant homeland security

secretary, 2005-2008. thanks for your time today. guest: thank you very much. host: that's it for our program today. if you want to know about our programming this week, especially with presidential races and things look that nature, i invite you to go to our c-span.org website and you can see what we are tea tracking. and also "book tv" on the weekend. we'll see you tomorrow at 7:00. have a good day. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2011]

>> here's a look at live programming on c-span today. earlier this afternoon afl soy president richard trumka is at the national press club. that's live at 1:00 p.m. eastern here on c-span. and later president obama is in langley, virginia. he will be speaking to c.i.a. employees at the headquarters. that gets under way at 3:10 p.m. eastern. also live here on c-span. >> no one suck seeds in life by themselves. you must be willing to lean on each other, to listen to others and, yes, love others. >> watch 2011 commencement speeches on c-span memorial day weekend and search more than 800 past commencement addresses from politicians, world leaders online at the c-span video library where you can search, watch, clip and share every

event we covered from 1987 through today. it's washington your way. you're watching c-span, bringing you politics and public affairs every morning, it's "washington journal," our live call-in program about the news of the day, connecting you with elected officials, policymakers and journalists. weekend, watch live coverage of the u.s. house. and night forums. also, supreme court oral arguments. on the weekends you can see our signature interview programs. on saturdays "the communicators," and on sunday, "newsmakers," q&a" and also the british house of commons. you can watch our programming anytime on c-span.org and it's all searchable at our c-span video library. c-span, washington your way. created by america's cable companies. >> officials from apple, facebook and google testified thursday on consumer privacy issues with the use of mobile technology devices.

it was reported last month that apple's i phone collected location data and stored it up to a year even when the location software was turned off. a problem apple says has since fixed. google has faced scrutiny that android-based phones track the location of users. and also the consumer protection bureau. the hearing's 2 1/2 hours. >> call our subcommittee to order here. want to thank everyone for being here. we have a standing-room only crowd. i want to welcome senator tuney who is sitting down here as the new ranking member. welcome aboard. we're excited about your leadership here. you and i need to talk offloan at some point about this great subcommittee. thank you for being here and, senator kerry, thank you for being here. we have others that are on the way. but i'd like to go ahead and start. i know that senator kerry only has a limited time here and my understanding is senator

rockefeller is trying to make it and he has limited time. let's get under way. i want to thank everyone for being here, thank all our witnesses who are participating today. certainly this is a very important hearing on privacy in the mobile marketplace. chairman of the subcommittee, thank you for participating in this very important dialogue. aztec nothing evolves, consumers continue to lose control of their personal information. without question, cell phones have become part of that trend as they become more and more versatile. more than 240 million use mobile dedevices and more have smartphones or are expected to own smartphones by the end of 2011. there are hundreds of thousands of software applications, also known as apps, on the market

today. it allows us to play games, read the news, find the cheapest gas in town. in fact, i am aware of one app that allows people to find the nearest kosher restaurant and nearest synagogue. so there seems to be an app for everything. and while their innovation and creativity has defined the mobile app space, we understand that most of the app producers do not have a privacy policy. and the vast majority of consumers who use these apps really don't have any idea about the way their personal information, including their age, location, gender, income and ethnicity that is contained in their phones can be shared either with the company or with third parties. it's not clear that americans

who own smart phones understand how their information can be used or transferred as a result of the download. in fact, last night i talked to my two teenage children. both of them have apps that share information. neither of them had any idea that that information was being shared. i think that's the way most americans are. consequently, it's not surprising that we're facing a new and emerging mobile world that lacks basic parameters and bast practices. where are the opt out options or where are the privacy policies? the mapping of consumers' movements without consent is unacceptable and application game that transfers a consumer's location data to add networks without informing the user is greatly troubling. while location technology can assist law enforcement, and there are certainly good things about it. it can be helpful in emergency situations.

geolocation tracking poses safety concerns. therapists who work with domestic abuse victims have noticed the increase in clients fault via cell phones. stalkers exploited the g.p.s. system and location collected by consumer smart phones. the results have been deadly in some cases. demonstrating the highly intrusive nature of some of the technology, one website sells something they call mobile spy software and actually markets this product as completely stealth monitoring program. the website says once installed on a phone, mobile spy remains hidden but logs calls and texts to mobile spy's server. then the snoop can log in and see a complete record of incoming and outgoing calls, the time and duration of the calls and read text messages both sent and received.

so i'd like to hear from our witnesses today about the risk to consumers that consumers see when their information is collected and reported, that consumers understand what information is being collected and transferred through mobile apps, the extent of geolocation collection and privacy concerns, particularly with an emphasis on children there, how companies are working to relay these concerns and suggestions for enforcement of basic privacy rights and security policies and standards in the new app economy and online mobile world. so with that, what i'd like to do is turn it over to the ranking member and allow you to say a few words and then we'll call on senator kerry. >> senator pryor, thank you very much. first, thanks for welcoming me as the new ranking member of the subcommittee. this is a new and exciting

opportunity for me. i'm looking forward to serving with you and i also want to thank you for scheduling this important hearing. this is a very important topic. and i commend you for that. unfortunately, i just became ranking member a couple days ago and prior to that had a previously scheduled conflict. i can't stay but i want to make an opening statement quickly and, again, commend you for doing this. like most americans i'm protective of my personal information and i believe i should have control over who accesses that information, how it is accessed and ultimately how it is used, including by commercial entities. as the father of young children i'm concerned about protecting their identity and safety, especially when they use mobile devices and other online applications. more children are accessing online services through computers and mobile devices more than ever before.

how parents are able to best protect their children is a goal we all share. apple i phones have been tracking and storing user locations without consent and facebook apps may have leaked profile information to advertisers is a cause for concern. these and other incidents have led many in congress to question whether the federal government may have a legitimate interest in increasing its role and regulating this space. i do, however, want to commend apple and facebook for taking swift action in both cases to correct the problem. as a general matter, i prefer to see the industry self-regulate, and i'm eager to learn from our witnesses on the measures that have been put in place to safeguard against possible future consumer harms. i think everyone here knows very well that mobile marketplace is growinging and changing dramatically. we have speed and applications that were completely unimaginable just a few short years ago. apps for smart phones have quickly turned into a multibillion dollar business and consumer demand is clearly

very strong. and in our important efforts to protect consumer privacy, i just hope that we won't lose sight of the many consumer benefits that have come from the innovative technologies that are brought to market from the companies we'll be hearing from today. as the chairman indicated in his comments, location-based services provide conveniences that consumers wouldn't have. if a particular app didn't have access to some level of personal information. so before congress takes action, i think it's important to find the right balance that protect consumers' personal information while at the same time allows continuing constructive innovation to occur. at this point i'm not quite sure exactly where that line is to be drawn, and i would caution against passing legislation that would have unintended consequences. i'm hopeful that the hearing today will shed some light on this important question. again, mr. chairman, i thank you for scheduling the hearing. >> thank you very much. we also want to thank our newest member to the

subcommittee and to the senate, senator heller. now, i was going to call on senator kerry and the chairman says i should call on senator kerry. so go ahead. >> well, thank you. thank you, both chairmen. and welcome to our new members on the committee. mr. chairman, thanks for holding this hearing today. it's one that attracts a lot of interest. it's a lot of money on the line, a lot of business, a lot of business practices but also a lot of values, personal interests of the americans. and while today's hearings is obviously principally about mobile phones and the apps that come with them which are quite extraordinary and which we all use and benefit from in a lot of ways, it's also important, i think, to put the mobile phone and apps in the context of the larger discussion about privacy

itself. i don't think there's anybody on the committee or in the country or in the world who doesn't marvel at the power and the extraordinary potential that we are currently living and are living in terms of the internet. it's constantly innovating and moving. i know personally and i know the chairman, senator rockefeller, likewise, and a bunch of us in the committee have worked hard and long with respect to the national broadband plan as well as releasing more spectrum for broadband because we want to see this potential of the internet unleashed all across the country as broadly as possible. we unfortunately in the united states of america pair theyically going in the wrong direction. we have been number four in terms of broadband reach. we are now number 20. that's an appalling comment and one we need to take note as we

think about this. i also support investments in research and development and a bunch of other things that will contribute to the startup of different businesses and firms that are going to unleash our economic potential. we all in this committee understand the automatic instinct inside a lot of the companies that are interested in this which says, hey, washington, just leave us alone. we'll do fine. we'll make this work and the internet will grow. and over the years i think most of us in this committee have been guided by the belief that in a technology market that's been moving so rapidly, that's the right approach in most cases. i certainly stood by net neutrality. i've stood by no taxation. i have advocated for as open an architecture as possible in order to unleash the full

measure of creative energy and entrepreneurial activity that has brought this wonder to awful us and continues to innovate. i'm convinced that we made the right decision in the 1990's here to protect -- to do things that did not allow privacy or other issues to somehow eclipse that move for innovation and i think it might have slowed back then technological advances. but we're in a different place today. we just are in a different place today. and we need companies like google and apple and facebook to join companies like intel, ebay, microsoft, h.p. which have already come down on the side of common sense. very restrained, simple privacy

protections. we need industry leaders to engage constructively in these legislative efforts to modernize our privacy laws, to come up to the year where we are and the state of art that we are with respect to the marketplace because we want the legislation to work for both the consumer and the entrepreneur. now, i've reached out to the companies that are here today over the last six or seven months, and i appreciate the time they've taken to work with us so far. mr. chairman, i reject the notion, and one of our colleagues just sort of raised the -- you know, here's what we want to do but here's what we don't want to do -- i reject the notion that privacy protection is the enemy of innovation. it absolutely doesn't have to be and isn't. in fact, a more trusted information economy, i believe, will encourage greater consumer participation, greater confidence in that marketplace,

and in turn more and better services in a safer commercial environment that is more respectful of other people. so in the end, though not in a heavy-handed, overly printive approach, i believe that companies -- prescriptive approach, i believe that companies getting people's information, whether you are a tech titan or not, ought to comply with just a basic code of conduct. we need to establish what we as a society, in a country that has always valued privacy, what we as a society believes is the sort of basic proper treatment of people's information. i know you can shut off your location services, but that doesn't do the trick. because a lot of those services are services we want and we want to use them but we also want to know that what's

happening to the information is the consequence of using them is properly protected, that we are properly protected as individuals. i don't think we can continue to create or leave it to firms to decide on an ad hoc basis what that level of protection ought to be. and i think that's particularly true in an age when the mini supercomputers that are in our pockets are with us almost at all times and they're almost always on. and particularly among young people, there will be disposition to use most of those apps almost all the time. but it's also true in our computers at home and off-line when we buy groceries or when we travel or when we purchase or whatever. so as we sit here today, mr. chairman, there's no privacy law for general commerce whatsoever. data collectors alone are setting the rules. in f-799, the commercial bill

of rights that senator mccain and senator klobucar and i have proposed, we proposed rules based on fair information practice principles for all collectors of information, including mobile phone and mobile app companies that we'll be talking about here today. and nor rockefeller's do not track, i think that's a very important issue and it's one we ought to be deeply engaged in and the votes will decide it but which ever way we go on it we still need a privacy standard. we still need the basic rules of the road which everyone agrees we need to protect commerce, we'll protect the creative entrepreneurial ability of the internet, but we are also going to protect individuals or at least give them the knowledge by which they make a decision as to how their information is going to be treated. i think that those principles include the idea that regardless of the technology or

method used to track americans they should know when they're being tracked, why and how long that information is going to be used for and in what way and they ought to know with whom that information is going to be shared and be able to reject or accept those practices. and they need legal protections if that respect is not granted to them or the terms of that arrangement are violated. so i hope, mr. chairman, we're going to have a chance at the right moment to tackle this issue within this committee. i think it's a really vital one to americans growing in its importance. and i look forward to hearing from the witnesses for the time i can be here. i apologize i can't here for the whole time. i thank you, mr. chairman, for your affording us the time to make these statements. >> thank you. senator rockefeller. >> thank you, mr. chairman. i associate myself with every word and comment, perhaps even

a semicolon, that you said, senator kerry. i think it's just wrong for people to be wandering about people, you know, we get not age business, i will in a minute, but not knowing what's happening to them, not knowing that they are in fact being tracked. what you said about smart phones are in fact supercomputers, little supercomputers. they tell you where -- tell other people because you make this -- some of you make this information available to other third parties who use it and sell it, make money from it which is a violation of individual liberties in my judgment. we have 234 million mobile devices used today. 75% are teenagers own a cell phone. and talk on them and carry them all the time. 72% -- this is interesting to me -- the wording even. 72% of parents say that they have slept with their cell

phones. it's a neutral statement but it's a -- [laughter] >> that's risky. >> but it also -- it shows the intensity of this whole thing. you can't -- it's got to be under your pillow. you just can't be without it. so i think the online privacy issue is not something of an unintended consequence. i think it's a basic american right and a basic american responsibility of the f.t.c. which i do not think has been very aggressive on this. i think the users -- you know, the big companies and all the app folks, not just the big ones but the little ones who may have three or four people but there are hundreds of thousands of them pumping out apps that are totally unregulated. and so the question is, what do we do about that? or what do you do about that? or do you want us to do something about that? they have to be regulated because they're producing the same things that get people

tracked. i think using a mobile device has an expectation of privacy, and in that the american people are misled but i think that's part of the compact that you make when you go into that business. the companies before us apple, google, facebook, i appreciate their being here. they're major players in all of this. and this won't be your last visit i hope. i hope. in fact, i can assure you it won't be your last visit. as the online world grows and evolves, the privacy grows with it. the question is, is anybody watching? is anybody really paying attention? are we saying, oh, it's not my responsibility? if it becomes entirely the responsibility of the federal government, people won't like that. so how do you work with consumers so that they can understand the information that's being collected about them?

they have that right. comes along with the purchase price. that's what they're buying. the right to privacy. they're not getting that, however, and i think that's what we're talking about today. smart phones applications allow consumers to access information from all over the world. take and share pictures with friends and family by coffee or even video conferences on the go. mobile devices are transforming the way people access the internet, record the world around them and share their lives with each other. with this new innovation comes a gigantic risk. as smart phones become more powerful, more personal information is being concentrated in one place. these devices are not really phones. they are miniature computers. simple actions now do have unintended consequences. unintended or intended, i'm not sure. anyway, a lot of people are making a lot of money off the information they collect. without the knowledge of those folks from that.

a smart phone picture of her child online may not realize the time and date and location information is also embedded in the picture. and available to anyone who can get it. which is pretty much anybody. a teenager accessing an application may not realize that her address book is being assessed and shared with a third party. that is not meant to happen in this country without the permission of an adult. 4-year-olds aren't very good at that. 9-year-olds aren't very good at that. they don't know how to do that. so maybe we need to do that for them. and these third parties view this information to target advertising on individuals. it's very cynical. it's very smart. it's very god business. but it's very cynical. it's an abuse of that power.

passing on people's profiles. so everything is new, as john kerry said, but one thing is clear. consumers want to understand and have control of their personal information. they have that right. that expectation is not being met. it's not being met. so i look forward to what our witnesses have to say. last week i introduced the do not track online bill. i think it's a terrific bill. it's very simple. it directs the federal trade commission to establish standards to which consumers can tell online companies they do not want their information collected. very simple. and applies to everybody. works on everybody. then the f.t.c. will have to make sure the companies respect that choice. mr. chairman, i thank you. >> thank you, mr. chairman. with the committee's

permission, what i'd like to do is go to the first panel and our first panelists today is david vladek. director of consumer protection bureau at the f.t.c. we welcome you. we welcome you. glad you're here. your statement will be made part of the statement. your written statement as well as everybody's opening statement if you'd like to submit them as well and also the other panel's statements. i ask you to keep your opening remarks to five minutes. thank you. >> chairman pryor, chairman rockefeller, members of the committee, i'm david vladek. i appreciate the opportunity to present the commission's testimony on consumer protection issues in the mobile marketplace. the views expressed in the written statement that we submitted represent the commission's views. my oral remarks and any response to questions represent my own views. today's hearings could not be more timely or more important.

we are seeing explosive growth in the mobile marketplace. device technology is constantly improving. robust wireless internet connections are nearly ue big tuss. businesses are innovating and consumers are purchasing and using smart phones at extraordinary rates. and there's no wonder why. today's smart phones are incredibly powerful, multitasking devices that marriage the search capacity of a desk top computer with the personal, always on and always with you nature of mobile phones. there is no question that these devices benefit consumers. but there's also no question that these devices raise serious privacy concerns. these concerns stem from exactly the always on and always with you nature of these devices. the invisible collection and sharing of data with multiple parties, the ability to track consumers, including children

and teens to their precise location, and the difficulty of providing meaningful disclosures and choices about data collection on a smart phone small screen. for 40 years the federal trade commission has worked to protect consumer privacy and we are working hard to protect consumer privacy in the mobile marketplace. to keep pace with changes in the mobile market, the commission has hired technologists, created a mobile forensic lab, conducted series of in-house training and assembled a team focused on mobile technology. every consumer protection investigation now examines the targets used of mobile technology. currently we have a number of nonpublic investigations under way relating to unfair and deceptive practices in the mobile marketplace. the federal trade commission's primary law enforcement tool, the f.t.c. act, prohict unfair

or deceptive practices and applies in all media, including mobile. last august, the commission charged the public relations company with deceptively endorsing mobile gaming apps in the itunes store. the commission's recent cases against two of the largest players in the mobile ecosystem, google and twitter, further demonstrate the application of the f.t.c.'s privacy framework to the mobile marketplace. as you know the commission is currently reviewing whether its privacy framework has kept pace with technological change. last december, the commission released the preliminary staff report that proposed a new privacy framework that rests on three recommendations to ease the burden on consumers to protect their own information. first, privacy by design. private is he at the outset. second, simpler and streamline privacy choices.

and third, transparency. so consumers know what data is being pulled down and who is getting it and who's using it. these principleses are especially relevant in the marketplace, related to the concern of invisible collection and sharing of personal information. like a precise geolocation of data of children and teens, combined with the difficulty of providing meaningful disclosures in a small screen environment. the preliminary report also included a recommendation to implement universal choice mechanism for behavioral tracking including behavioral advertising often referred to as do-not-track. a majority of the commission has expressed support for such a mechanism. although the commission has not taken a position to recommend legislation in this area, the commission strongly supports the goal of chairman rockefeller's do-not-track legislation and supports the approach laid out in that bill.

including the scope of the do-not-track standard, the technical feasibility and cost and how the collection of anonymous data would be treated under the statute. i want to commend senator kerry and senator klobucar on the privacy bill of rights and the members of the committee, including its chair, for their leadership on protecting consumer privacy. at a time when some children learn how to play games on a smart phone before they learn to tie their shoes, their commission is also reviewing the children's online privacy protection act rule to see whether technological changes in the online environment warrant any changes in the rule and statute. while the review is still ongoing, remarks at last year's copper roundtable, along with public comments we've received, demonstrate widespread

consensus that both the statute and rule were written broadly enough to encompass most forms of mobile communications without the need for statutory change. in closing, the commission is committed to protecting consumers in the mobile sphere through law enforcement and by working with industry and consumer groups to develop workable solutions that protect consumers while allowing for innovation. i'm of course happy to answer any questions. >> thank you very much. and because we have a full committee here, almost a full subcommittee, i'm going to ask a couple of questions and then i'll turn it over to my colleagues. thank you very much, mr. vladek, for being here. you mentioned that this is a small screen world. even when you have a large screen and you get all these privacy notices and agreements that are online, etc., there's a lot of verbage there that you have to go through. so it seems to me we have a particular challenge in the small screen world to have

meaningful disclosure. have you given that much thought and do you have a solution on that? >> well, we have addressed this issue in the privacy support. one of the reasons why we did this privacy rethink at the outset is because even on big screens privacy policies are often endecipherable to consumers. and simply translating that to the smart phone world where a consumer might have to click through a dozen two or three to read a privacy policy doesn't make sense. we've called for simple, clear and concise disclosures that tell consumers the fundamental information they need to know. what data is being taken and for what purpose and by whom? those are the essential questions. >> bottom line disclosure is what you mean? >> bottom line disclosure just in time.

let me ask you about the geotracking capability. is there a purpose for that? is there a legitimate business reason why geotracking might be available in some apps? >> if you're using a map function, geolocation tracking will enhance functionality. that doesn't explain why other apps that do not need geolocation data for functionality are nonetheless pulling down geolocation data and that's part of the problem. you know, you're given a prompt on some phones, do you want to share your geolocation data? if you say no, you can't use the app. that gets back to senator kerry's point. you want to -- functionality, but you also want to know who else may be getting access to that data. is that access just being used to enhance the functionality or is it then being sent to, you know, an lytics companies and ad networks and advertisers? that information is currently

not available to consumers. >> my experience has been when i talk to people about this they have no clue that the data is being transmitted or shared with anyone. they have no idea. do you have any statistics on what people know now? is there any reason to know what people understand about this data right now? >> there have been surveys and the surveys confirm -- confirm your impression which is most people don't know and there's a reason for that. people are not told with whom the data is going to be shared. and so it's hard to point the finger at the consumer. the consumer just has no way of knowing that on most apps. >> thank you. now, the order that i was going to call on folks, chairman rockefeller and then we'll do the early bird rule, senator kerry. no, you're not at the end. senator kerry, senator klobucar and i know senator heller just stepped out.

senator blunt. mr. chairman. >> ok. >> since 2000 the company has been in effect. it prohibits companies targeting children 12 years old or younger. it is widely disagreed, do you agree? >> we enforce under copa last week we had one of the largest children gaming companies for civil penalty of $3 million, the largest civil penalty by three times -- >> they were disregarded, the least? >> they were disregarding it in the order -- and the order applies not simply to the internefment >> this would not be available without parents consent, is that correct?

>> it shouldn't have been available, that's correct. the violation there was not -- was retaining information without -- >> ok. so you got a lot of software applications available for popular mobile devices such as iphone or android phone. they qualify in my mind as an online service. i'm not sure they qualify in their mind as an online service. could you talk about that? >> well, we held a workshop in june of last year to discuss exactly these issues. i think there was widespread consensus that, for example, to use your illustration that mobile apps would be an online service, and therefore will be covered -- would be covered by it and we would reinforce that. it makes clear that mobile delivery of these apps is covered by our order and is subject to compa. >> and that act requires -- it

have to have conspicuous notice of how that information is being used? >> that's in the statute. >> receive parental consent. and provide parents with access to all information being collected about their kids. now, any of these provisions, a violation of any of them, constitutes a very bad thing under the federal trade commission's act. so the question is such violations are subject to civil penalties, how much do you go after these folks? >> well, as i said, we have done quite a number of cases lately and we have a number of investigations ongoing into the mobile space including apps directed at children.

>> presumably that kids are covered by copa? >> that is correct. >> according to news reports, apps designed to appeal to kids, one with cartoon characters and games are collecting information at times without adequate disclosure. would you agree? >> i believe that is correct. >> copa has been a very effective tool to protect children job. given the growth in mobile applications, the increasing use of global devices by children, even to the age of 4, what is the f.t.c. doing to make sure that apps are compliant with copa? >> well, we're doing two things. one is, as i mentioned before, we are looking for good enforcement targets in this space and we will be bringing other enforcement cases. >> what do you mean by looking for good enforcement? >> cases like playdom which is

violations to the act. literally hundreds of thousands of kids were playing these online games. and part of what we do in our enforcement is try to send a clear message to industry. playdom was a very big player in this field. recently acquired by the disney corporation. so -- >> ok. so the f.t.c. -- you all testified before this committee last year on your plans for review copa rules. the comment period closed last july. >> that is correct. >> and so that's, i think, about a year later. so i'm kind of curious about what you're doing to make up for this lost 2 1/2 months? >> with all due respect the time has not been lost. these raised very difficult

public policy issues and we want to get this right. so you can expect something, you know, we hope to get something out in the next couple of months. >> i hear that so often. in government. people have to put out rules, they have to put out regulations, we'll get it out in the new few months, everything is ok. >> i'm not saying that everything is ok. >> you're been active in the meantime. i'm just saying, get the rules out. >> we hear you loud and clear. >> thank you. >> thank you. senator kerry. >> thank you very much, mr. chairman. mr. vladeck, thanks very much for being here. to what degree is it true that right now apps and some kind of promise to the contrary, any kind of company or a mobile phone or an app operator, hotel, website, whatever it is,

that they can do whatever they want with the personal information that they have collected and they have the individual would have no right whatsoever to tell them to stop or to control what they're doing with the information? >> well, if you're asking what the individual could do, that may be a question of state law and federal law. if you're asking what the federal trade commission can do, our principle tools are deception and unfairness. in the absence of a privacy policy, it makes things more difficult for us because our jurisdictional hook would be the unfairness prong generally would be the unfairness prong of our authority. and while i wouldn't rule out our ability to take enforcement actions in the absence of any commitment through a privacy policy or any other statement it would make things more difficult for us. >> do you know of a law or do you know a standard in some state that's been applied? >> i don't know.

i've never taken a comprehensive look at that question. >> you guys have not surveyed that to determine what kind of rights people may have? >> i -- when i say me i am speaking just for myself. it may that our staff has done that and if so -- >> could you find that out and let us know? >> i'll be glad to provide that to you, yes. >> whether or not you have. you raised this question so -- the f.t.c. can go with respect to an unfair trade practice which is essentially saying if somebody makes a promise to a consumer but they do something other than the promise you have a right to come in and do something. absent that, do you have any capacity to assure compliance across the hundreds of thousands of different companies in the country with respect to privacy for consumers? >> we do, yes. the practices of unfair is under our statute.

>> what is the definition of that? >> would have to cause or threaten to cause injury to consumers, that the consumers themselves could not avoid and that the cost to consumers would outweigh whatever benefits that might accrue to the -- >> well, have you made any judgment as to broadly whether or not in fact it is unfair, per se, for this information to be given to a third party, for instance? >> we have not made that. >> why would that not be something you want to think about? >> let me digress. we have made that example in the data security area. for example, if there is a data security breach and your perm information is applied, we apply the unfairness standard in those kinds of cases because you've been injured, you could not have -- and the costs do not outweigh the -- >> time is short. i just want to try to hone in on some of the things that is out there.

supposing you have government entity and government information would be a separate committee and a separate set of concerns but in a private company, in a private individual, in some kind of rite of action, what kind of rights do people have? for instance, in a divorce proceeding, could one spouse or the other use information from the third party or would they have rights to that in some way? do we know the answer to that sm what about a company against an employee and the employee's been tired for certain practices within the company and you want to trace on the company's phone, do they have -- or their phone? >> you just sort of chronicled all of the reasons why we think geolocation data is so special and so important because under state law those kinds of things may be available or there may be sharing them. and largely because of the examples you've given we think

geolocation data ought to be treated as special data, just as data -- children, health, finances, data that deserves special protection. >> and with respect to do-not-track, do-not-track applies to third party, is that correct in >> the way we've defined it in our proposal, yes, it would -- when you move across websites and you are tracked, that's what we consider to be third-party tracking. >> so our apps that are operating on iphones or on android phones, first parties or third parties? >> well, i think, again, depends on how the app functions. if you pick up "the new york times" app on your phone and you're reading "the new york times," if you then, you know, if you then click on the facebook light button, then it

-- >> if they are treated as a first party, then do-not-track would not apply any new standard whatsoever with respect to privacy protection for that particular app, correct? >> if you're not moving across websites, you can do that. that is why some implementation of -- not for mobile browsers but for apps raises implications. >> i want to underscore the need for broader -- there are a any number of reasons, but it underscores why you need that basic standard in code of privacy and i'll welcome that at another time. thank you for the time. >> senator klobuchar. >> thank you very much, mr. chairman. i have a statistic. it's not nearly as sexy as the chairman rockefeller's statistic that 72% of people

sleep with their cell phones. i just can't get over. this statistic shows that nearly 3/4 of consumers are uncomfortable with advertising, tracking and 77% do not want to share their location data with app owners and developers and that's why i believe we need some rules of the road. i believe we need to make sure that we're going after bad actors and people who hack in. i'm working on a bill with senator hatch with cloud computing. and the third is that personal choice also plays a role here. some consumers may be more comfortable with more data sharing than others, but we have to make sure that they are the ones that are able to make that choice. and that gets to my first question here about privacy choices to consumers. currently how simple and clear is the typical privacy policy to the average consumers, mr. vladeck? >> not much. not very. >> ok.

and how valuable do you believe a streamline privacy policy agreement would be when moving forward if we try to set some best practices? >> well, we discuss this in great detail in our privacy report, but with you think privacy policy is at least -- those particularly on smart phones need to be short, clear and concise and they ought to be delivered just when the decision about using the app or sharing information is made. >> and that isn't the truth right now? >> that is not generally the way they're delivered at the moment. >> ok. secondly, and senator kerry was touching on this. i know one of the most popular things in our household is the do-not-call registry a few years ago and now we're looking with senator rockefeller of this idea of do-not-track for mobile phones. what kind of feedback have you received from consumers on the do-not-track? >> we've gotten positive response, not just from

consumers who overwhelmingly support a do-not-track feature, but as you may know, both the browser manufacturers and the advertisers are also gravitating to do-not-track. i think no one -- it's hard to argue in favor of a business model that depends on deceiving consumers. and so i think -- i think there's a great deal of movement towards giving consumers easy to use, easy to find controls over their own data. >> and what do you see is the challenges in implementing do-not-track on mobile devices? >> well, i think the only challenge, as you put it, is implementation of do-not-track on the apps. on browsers, the technology would be the same. and one of the reasons why we brought our technologist, like ed felton, who is a princeton computer science professors, is to help us work through the implementation issues. >> how does the f.t.c.'s proposal differ from what apple and google are currently doing with their smart phone

operating systems? >> i do-not-track, i'm sorry? >> on do-not-track? >> well, they would differ significantly. i mean, the problem that we face now is that there are browsers that are being adapted to essentially try to clear cookies and send out significant false to advertisers basically saying don't track us. but until the advertisers agree to be bound by this and sign up in significant numbers, you know, if that doesn't happen senator rockefeller's bill has started the clock. i think the business community knows that at some point sooner or later there will be a do-not-track requirement. and so i think they're trying to figure out how to do this. >> ok. and last question, does the f.t.c. currently have the authority that you believe you need to promulgate regulations

in this ever-changing and ever-more sophisticated world, and do we need to do anything more here? i mention a lot of things we're doing in terms of bills, but in terms of giving you authority. >> first is we do not currently have normal rulemaking authority so we do not really have the capacity today to promulgate regulations in this area. second, though, i would say our commission has not sought that specific authority from congress. i can't spoke for the commission on that issue. >> all right. >> thank you. >> thank you very much. >> thank you. senator blunt. >> thank you, chairman. just two or three questions. one with do-not-track, how would apps work? for an app to work, don't you have to track? >> there are apps that -- when we say track in the -- >> maybe apps is too broad a term. for a lot of apps, don't you have to track?

>> there is confusion about tracking in the mobile because it takes on two meanings. one is being followed as you go from one website to another. that's tracking on the internet. >> right frlt >> of course in the mobile there's an additional complexity because you can be physically tracked. >> sorry. >> that's why i wanted to digress. >> that helps me. >> senator, yes. for many apps that use geolocation data for functionality purposes you need to enable the geolocation configuration on your phone to use that. our concern is not with respect to the app developer pulling down geolocation data to -- for example, to make sure the map function on your phone works. >> right. >> it's that there are other apps that are pulling down geolocation data which has no relation at all to tucksality. -- functionality. and oftentimes consumers are unaware that the geolocation data is being pulled down.

or that once it's being pulled down it's being shared by ad networks, analytic companies. and behind the scene that consumers are unaware of. >> how hard do you think it would be to define, to reach that point where you're not -- you're not allowing tracking for some things but you understand it has to happen for others? >> well, i think the litmus test would be functionality as i just explained. we don't have rulemaking authority in this area. so to the extent there's definitional questions that need to be resolved across the board, industry is going to have to do that or this body will have to. >> and these questions about employees and divorce cases and things like that, how is this geolocating data retained? is it retained in a way that you really could go back and sort out with the individual involved not being agreement to

that? >> there are state law cases involving divorce and other issues in which geolocation data has been subpoenaed from not just the wireless companies but from other companies and have been used in court proceedings so, yes -- the analytic -- >> has been done and can be done? >> i believe that's the case. >> what about data security breach, something you mentioned, is it more likely within the current environment than if you had a lot of privacy signoffs and opt out and all of that sort of thing sm >> well, the commission has called for legislation to enhance both the privacy protections, the safeguards companies are required to use when they store sensitive information such as geolocation data and to give public notice of breaches. now, the concern we have is that the more data of this

kind, data that's really special because the consequences of disclosure can be serious, the more companies need to protect that data and to safeguard it and to make sure they are -- they are not subject to breach. and so these two -- these two issues are related. the more sensitive data companies collect the more we ought to require them to put protections in place to safeguard that data. >> i guess i'll ask the companies this later, but i'm wondering how actually individuals specific those are in terms of any collection matrix that the company does or do they have a big universe of people that have con-- that have gone to a certain location or something that they then -- they then contact that universe? >> well, "the wall street journal" did an article on this precise issue a couple months ago, and the data is so robust there are now predictive algorithms to suggest where

you're going to be next. this is, of course a hypothetical. let's say you play golf every wednesday afternoon and called in sick, it's not conceivable that your employer can get that data and decide maybe you shouldn't be golfing every wednesday. >> maybe i need that because i so far have not been able to guess where the senate will be next. maybe i need to figure out that algorithm that tells us what -- where we're going to be tomorrow. " senator mccaskill. >> one of the things that things be missing is the by you provided to the consumer. the value of being able to locate where this is is very important to my privacy because we now have the technology that if this gets stolen from me, or if it gets left somewhere i can remotely go and wipe it clean.

that protect my privacy. that is incredibly important to me because, frankly, i do not want people in here. have you all looked at the value that has come to the consumer, both from the robust technology that has been developed, and the incredible ability that we have to do so many things? the fact that it is free, or almost free. you pay for some apps, most of them you do not. the water provides is an amazing experience primarily funded by the market. what studies have been shown -- done to show the benefits that because i think asking me if i want privacy is like asking me if i love my country. of course i want privacy.

i am trying to make sure that as we go down this road that we are informing the consumer, i guess, there are some things that we need to do on privacy, and i am all for some things. but i'm not sure that the consumer understands the value they are getting. have you all talked about that? >> we have, and this is part of the data collection effort that we did as part of our privacy review. there is no disagreement that consumers value the almost unimaginable capacity that these things bring to our lives. there's no question about turning the clock back. the problem is, do we have a system that is more transparent that helps consumers understand there are crossed as well as benefits? one of those costs is -- you know, you are absolutely

correct, this contextual behavioral advertising is a source of revenue that many apps are freed. they are afforded by the advertising revenue. the i am anxious to know ifu know what the new business model will be. >> i think most consumers, we are not talking about an all or nothing choice. one of the reasons the advertisers are so engaged is that they have acknowledged for years that they should not be caught -- should not be targeting consumers that do not want to see targeted ads. they are comfortable with a business model within which consumers have a choice. the problem is, how many consumers are going to opt out completely? if the choice is rightly concerned -- right the explain to consumers, your choice is to get targeted ads verses ads

delivered at random. i think most consumers would opt for targeted ads, provided that they know the information collected for those ads will not be used for purposes other than delivering targeted at. -- targeted advertising. i, for example, do not have to get those pesky rogaine ads anymore. [laughter] that is the kind of choice and control consumers are looking for. imports i want to be sure that we have looked carefully at what the cost -- >> i want to be sure that we have looked carefully of what the costs are and that we have looked carefully at the most successful part of our economy in this country. for us to go down this road and not be sure that we are going to inform the consumer that some of the benefits that they take for granted right now could easily go away if we are not careful and cautious about what we do here -- let me ask a final question because my time is

almost out. and let's assume for the purposes of discussion you get the authority that you think you need and you do a lot of rules and regulations and it takes two or three years, do you think that you have the staff to go after the bad guys? do you currently? >> we currently are short staffed, but having said that, we have a vigorous enforcement agenda in this area. in the last couple of months we have brought enormous cases against googled, twitter, and others. our staff works very hard and are very capable. we believe we have the authority -- >> you do not think you need more people? >> no, i need more people. [laughter] >> thank you. >> when i did my rounds, i still had two minutes left on my questions. i would like to finish my questions and then move to the next panel because we have several witnesses who are here

and want to speak. let me ask a couple of follow- before i let you go. one is an open-ended question that i do not even need an answer to today, but it is something that we need to think about. that is, when it comes to children, should there be special privacy protections for children? and i think that is a hard-won to put into effect park -- a hard one to put into affect practically. but it is something that i want us to think about. and this is something i will ask the next panel, if a person removes an apt, does the software stay on their phone -- and eight pp -- if a person removes an app, does the software remain on their phone? >> i do not know. i can try to find up for you.

>> ok, and lastly, i am concerned about internet purchases. can you tell me where you are and where you think the industry is on that? >> we are engaged in a number of publicly -- public investigations. no parent hands a java phone with a game expecting to run up a bill of more than a penny -- hands a child a phone with a gain expected to run above bill more than a penny or two. and we have had parents with bills in the hundreds of dollars. we are quite concerned about that. we have registered our concerns. p manufacturersp and everyone involved. it is an issue that we are pursuing. >> thank you for your testimony. we would love for you to work with our staff on getting those questions back to us when you can. >> it is our pleasure.

>> i would like to go ahead and excuse this panel and bring up the second panel. in order to save time, i would like to go ahead and do their very brief introductions as they are getting situated. we have five witnesses on this panel. we have brought taylor, chief technology officer of facebook. we have morgan reed, executive director of the association of competitive technology, catherine no valley -- catherine novelli, vice president of foreign affairs apple inc., david paulison, from google, and amy shenkan, chief operating officer of commons and media. -- common sense media. we appreciate you being here and we appreciate your testimony.

as i said with the previous panel, your written statements will be made part of the record. if you want to streamline that and do it in under five minutes, i think the committee would appreciate that. why don't we go ahead and start with you, mr. taylor. if everyone can keep it to five minutes or less, that would be great. >> thank you, chairman. chairman rockefeller, chairman pryor, ranking member to me, and members of the comomomee, ttank you for inviting me to testify today. i just a decade ago, most online content was dedic and accessed through desktops. today -- was static and accessed through desktops. today, the online community is very mobile. and thanks to the applications of smart phones, kibo can access the web whenever and wherever they want -- people can access

the web whenever and wherever they want. we are grateful for the opportunity to discuss these issues with other stakeholders today. everyone has a key role to play in keeping things saben secure online. facebook works hard to -- safe and secure online. facebook works hard to make sure that people are securing the connections that they make. we understand that trust is the foundation of the social web. people will stop using facebook if they lose trust in our services. at the same time, overly restrictive policies can interfere with the policies toward the public to a direct. getting this bounce right is important for survival. this is why we work to provide safeguards without interfering with people's freedom to share and connect. the openness of the internet is a catalyst for innovation. this openness is what allowed

mark zuckerberg to launch it from his college dorm room in 2004 and has provided many developers with an infinite platform. in addition, it is a platform for jobs, and economic growth. big companies and small businesses are hiring individuals to manage their social outreach strategy. on the burners are building new business models based on social web. but the internet architecture also creates technical challenges for the transfer of data. facebook is leading the way in developing new technologies to make the social experience more secure. second, mobile technology plays an increasing role -- increasingly important role in how people interact with the web. and over 250 million people access facebook on their mobile devices every month. we are preventing the same

privacy controls on our mobile applications as our website. if a person changes his or her privacy settings on their phones, it will change at facebook dot, and every other device that they use -- at facebook.com and every other device they used to access our web site. we cannot satisfy people's expectations by adopting a one- size-fits-all approach. instead, we encourage individuals to understand her sharing -- power-sharing happens on facebook -- how sharing happens on facebook. in particular, we use practices to ensure privacy is maintained throughout our products. our contextual controls allow people to easily decide how broadly they want to share it to the piece of information.

our security protections, including one time password, remote lovette, and login notifications are state of the art. and we continually engaged with the committee to improve the safeguards we offer. the fourth, we work to build trust on the facebook platform, which enables an abandoned developers to build socialism experiences on facebook and other locations around the internet. we believe individuals should be empowered to decide whether they want to engage with some, many, or none of these services. we have created industry leading tools so that people can understand what data they are sharing and make informed decisions about the applications and web sites they decide to use. we also encourage community policing, so individuals and employers and developers can help us identify possible issues. these issues -- these features are available across the entire

facebook experience. for those who use the platform, we expect them and require them to be responsible stewards of the information they maintained. we have robust tool to help them embrace this responsibility and we are always doing more. last year, we work with other industry leaders to build improved security on the internet. now that the standard is mature and has brought -- has broad participation around the industry, we have encouraged developers to migrate to it. finally, we use our position in the industry to encourage others to play their part in safeguarding the public's trust, whether developers, users, browsers, or operating system designers. everyone has a role to play in building in securing the mobile

an online environment federer -- that are enriching people's lives each day. thank you for the opportunity to justify and of afford to answer your and your questions. -- to answering your questions. >> thank you. mr. reed. >> thank you for the opportunity to speak with you today. i represent over 30000% small business entrepreneurs, many 1/2 home -- over 3000 developers and small business entrepreneurs, many of whom developed applications. we look at broad themes and big ideas. but today, i would like to start differently, breaking it down to the smallest of the small, specifically my pint sized 5- year-old. my daughter is learning to speak chinese. granted, because dad wants her to, but i have a letter use an old smart phone and i have loaded on chinese apps. she uses games that the short

pictures and habré translation. i have recently upload a demo that will give her an object. these are apps that will not make the cut on the desktop computer. if for no other reason, my 5- year-old will never sit still . the when she gets a little bit older, we will use the application to see the night sky stars. these are applications that were unimaginable five years ago. over 500,000 applications are available on mobile platforms today, originating less than four years ago. the apps economy will grow $4 billion this year. in the next four years, that is expected to reach $37 billion. this is a remarkable american success story in a time of economic uncertainty.

u.s. developers account for a vast majority of apps available on the market today. 88% of the top 508 pps or written by small businesses -- of the top 500 apps written by small businesses. more importantly, this is not a silicon valley phenomenon. a series of dj apps were developed in arkansas. we have others from west virginia. another from minnesota and still another from missouri. this is a truly a geographic reverse nature of the new apps economy. and while app stores are helping small businesses grow, we are providing the tools to protect their information. i have enabled most of the privacy settings on the phone my daughter uses.

i have restricted her purchases, and i have disabled her ability to add or delete applications. and-she gets older, the features i have a book or with her maternal -- and as she gets older, the features i had will grow with her maturity. we have a working group to develop a set of guidelines for developers to enable them to do a better job in setting part of the policies and to help them understand the complexity of privacy regulation. most mobile apps collect no information, and therefore are not required to have a policy, but we feel they should. now because of regulation, but because the most valuable asset -- not because of regulation, but because the most valuable asset they have is the trust of the customer. we can show you how quickly an app can lose favor because of

customer expectations. act is committed to ensure that they are the tools they needed to avoid the pitfalls. but for those who fraudulently misuse consumer information, throw the book at them. the sec $3 million fine recently underscores the measures available. there is broad authority to go after bad actors and to effectively regulate the marketplace. too often, government intervention in an emerging technology marketplace has unintended consequences that can stunt the development. the last thing we want to do is to constrain an industry with tremendous growth where our country has such a clear, competitive advantage. let's address bad behavior without threatening this

uniquely american apps economy. thank you. >> thank you for the opportunity to further explain abel's approach to addressing consumer privacy and protection in the mobile market place, an issue we take very seriously, especially as it applies to children. i would like to use my limited pot -- limited time to emphasize a few key point. first, apple is committed to protecting the privacy of all our customers. we have adopted a single, comprehensive privacy policy for all of our products. this policy is available from a link on every page of apple's's web site. we do not share personally identifiable information with third parties for marketing i purposes without express

consent. in my detailed testimony, we require restrictions protecting our customers' privacy. second, apple has built in the innovative controls to help parents protect their children while using their products on and off line. these controls are easy to use, password protected, and can be in -- and can be administered on all of our products and devices. including the iphone, ipad, and ipod touch. they can be enabled quite easily at the itunes store. these parental controls are simple and intuitive. they provide parents with the tools they need to flexibly manage their children's activities at various stages of maturity and development in the way that parents seem most appropriate. i have provide detailed descriptions and examples in my written testimony. third, apple does not knowing the collect any personal

information from children under 13. we did is prominently in our privacy policy. if we have been inversely received the personal information of a child under -- inadvertently received a personal information of a child under 13, we immediately take steps to believe that information. apple posing network is not providing apps started to children. and we reject any developer app that target minors for data collection. apple has never tracked communications and has no plans to do so. in recent weeks, there's been considerable attention given to the manner in which our devices store and use a subset of apple's and itemized location database of cellphone towers and hotspots for wifi. the purpose is to allow the device more quickly and reliably determining user's

location. these concerns are addressed in detail in my written testimony. i want to reassure you that apple was never tracking an individual's actual location from information residing in the cache file on their iphone. a couple did not have access to the cash pile on an individual's own at any time -- apple did not have access to the cache file on individuals phone at any time. apple has built a master location services switch into the ois mobile operating system that makes it extremely easy to opt out entirely of location- based services. the user simply switches them off in the settings screen. when the switches are turned off, the device will not collect or transmit location information. equally important, apple does not allow any application to receive device location information without first receiving the users explicit consent of three simple pop-up

dialog box. -- through a simple pop-up dialog box. this pop-up box is mandatory and cannot be overridden. customers may change their mind and of data services at any time by using a simple "on/off" switch. parents can track children's activity through our services. in closing, let me state apple's unwavering commitment to giving our customers clear and transparent control over their information. we believe our products do this in a simple and elegant way. while apple has not taken a public position on any clause of a piece of legislation currently before congress, we do strongly -- on any particular piece of legislation currently before congress, we do strongly agree that customers should have clear and transparent choices and

control over their information. we share the committee's concerns over the collection and misuse of customer data and we are committed to continue working with you to address these important issues. i will be happy to answer any questions you have. >> thank you. mr. davis. >> my name is alan davidsen and i am the director of public policy for google in north and south america. thank you for test of what -- for inviting me to testify and for your leadership in helping customers trouble with the emerging issues. as we have heard from a mobile services grade an enormous social and economic benefits, but they will not be used and cannot succeed without consumer trust. that trust must be based on a sustained effort across our industry to protect your privacy and security. we're committed to building up trust. first, a word about technology.

many of us are already experiencing the benefits of mobile services. things such as finding the best commute or the closest gas station pier -- gas station. the u.s. postal service has an app to help consumers find the nearest postal service. you can find in years cheeseburger or find your nearby friends on four square. -- you can find your nearest cheeseburger or find your nearby friends on four square. mobile location services can help you find the nearest hospital or a police station, or let you know where you can fill a prescription at 1:00 a.m. for a sick child. that is just the start. we are partnering with partners like the national center for missing and exploited children to explore how to deliver amber alert to about missing children within seconds to users nearby. and global services may soon be able to deliver information

about a tsunami or tornado, or evacuation routes in the event of a hurricane. the rapid adoption of these services has been remarkable. the for example, on the popular will maps service, in the past year, 40% of our usage has shifted to mobile devices. 150 million people monthly regularly turn to google. mobile devices are growing in importance in our economy. according to recent market reports, their potential and economic impact is staggering. they are creating jobs and businesses and increasing jobs and businesses. to succeed in the long run, mobile services require consumer trust that is based on strong privacy and concerns -- and security protections. at google, we focus on consumer protection throughout the life of our products starting with

the initial design. we subscribe to the view that by focusing on the user, all else will follow. we implement strong controls for information sharing, applying the principles of transparency, choice, and security. when it comes to mobile services, for example, we are extremely sensitive with location information. we have made our mobile location services up and only, treating it with -- opt in only and treating it with the highest degree of care. here is our work on andreyna. one of the first screen is i saw when i opened the box asked about location services with google. if a user does not choose to opt in at set up, or does not go into their settings later to turn it on, the phone will not send any location information

back to the goule servers. if a user does opt in, all of the information sent back is an itemized and not traceable to a specific user -- is anonymous and not trees will to a specific user. -- traceable to a specific user. the user will have the opportunity to cancel the installation if they do not want information collected. we believe this approach is essential for location services and it is a good example of how to handle this kind of sensitive information. highly transparent information for users about what is being collected, opt in choice before location information is collected, and high security standards to keep it anonymous and protect the information. i hope this becomes the standard for the broader industry. the strong security practices i have described are a start. there is more to do. we salute the active role that

this committee has taken to inform consumers. the issues raised are clearly challenging, but finding the answer is critical to maintaining consumer trust, protecting innovation, and supporting the rapid economic growth generated by the services. with forward to continued conversations with the committee. -- we look forward to continue conversations with the committee. >> thank you for the opportunity to discuss the crucial issue of protecting consumer privacy in this marketplace. the hearing is timely and the stakes are high, especially for our nation's kids. i want to talk about two things today, why is privacy such an important issue, and what is the common sense media position on what we must do about it. why is this so important? let me start by saying that common sense media embraces -- common sense embraces media and

technology. the millions of parents who use these resources are increasingly worried about threats to children's privacy in the rapidly changing and digital world. 85% of parents that we polled say they are more concerned about privacy than five years ago. common sense media understands and appreciates the internet economy and the sheer brilliance of what these companies have invented. we live and work in silicon valley. that is why it is so jarring to hear their cannot do attitude when it comes to technological solutions to protect kids. they have only offered partial solutions. they can do better, and we know it. they know it. parents are rightly concerned. why do we worry? two reasons. , first to my kids live their lives on line. they do not just access content any more. they created. -- create it.

many people in this room can attest to how hard it will -- it is to be a public figure. imagine if you were only 13 and had an unflattering picture of you spread across the web, as has happened to hundreds across the country. 7.5 million kids under age 13 are on facebook and millions more teenagers. second, we are also seen examples of our privacy is not protected in this world. a security breach just recently exposed more than 100 million of online video game users personal data. the list goes on and on. the mobile world puts the privacy issues that we have talked about for years on steroids. why? here are a couple of reasons. mobile phones are tied to it prettier person. most computers are not. because there are -- to a particular person.

most computers are not. because the tracking devices are always with you, and we have found out that it is always with you during the night as well. the average, smart phone owner spends more time on apps then talking or on the web. nearly three-quarters do not even have a basic privacy policy. and mobile browsers do not have as many privacy controls as web browsers to. in the end, we are all involved in protecting kids privacy in the on-line and mobile world. but we cannot protect our kids' privacy of companies and operators are not providing real opportunities. what are we at common-sense media proposing? we urge protection of privacy for our nation's children and teenagers. the five principles that should be essential elements of any new legislation from congress -- first, the industry standard for

all privacy should be off in, especially for kids and teenagers. private by default and public by effort. today, is the other way around. no. 2, privacy policies should be clear and transparent. you should not need a degree from the ghosh from harvard law school to figure out to decode -- a degree from harvard law school to figure out how to decode a privacy policy. number three, kids are not little consumers. their children. let's not invade their privacy and pummel them with advertisements. no. 4, paris to be able to easily delete on-line information. -- parents should be able to easily delete on-line information. too often, we hear about posted information that is later regretted and they cannot remove id. we have to protect these kids from permanent damage. and number five, we must vastly

increase information about online privacy. kids and parents must do their part to protect privacy, and the privacy of their friends. a large scale campaign would help them to do so effectively. industry leaders could play an important role and an effort should be required to finance it. -- a fund should be required to finance it. les considerations should be baked into the design phase of a product or service. a founder of a popular social networking company commented last week in a "washington post" interview, "we will figure things out as we go along." when asked about privacy considerations for our use. -- our children. we have got to do better than that.

we have got to work harder at this shared goal of protecting our nation's kids. thank you. >> thank you. we will do five-minute rounds on the questions. i would like to start with you, mr. reed. and i want to walk -- to ask about the of an " wall street journal" article. i think someone mentioned about transferring smart phone information. they listed something like the top 12 in the article. mr. reed, how you propose to notify consumers in a better, more meaningful way so that they are not surprised to learn their information is being sent to folks, or that it is being tracked? >> first, i think it is a great

thing to look at in terms of informing the consumer. one of the best things about the "wall street journal" article is that they help to inform the industry. we have had a hard time doing it ourselves. we benefited from that of the front end. if we were able to tell consumers, hey, this is part of what we are doing and privacy policies we have in place are there. we face two problems -- problems in the industry that have been talked about a lot. .he two-inch screen problem how do i write something that a simple thatan easy to understand and fits in a two-inch screen? my users want a clear privacy policy. but when they go to a lawyer to have it checked, they say, well, you need this proviso. and the other thing we face is

constantly changing business models. we started out in this apps world just three years ago. we did not have advertising at all. we recently added app purchasing. having a business model that reflects the business model today, but encompasses the business model tomorrow, the changes that apple can make to their privacy policy, or that facebook or global can make, are all part of the problems that we are having in trying to address it. we have been focusing on developers to actually do multiple business models. -- who actually do multiple business models. we have brought in some that can help us address the record -- the questions raised earlier about children. >> great. i think we need to follow-up on that more, but first, mr. davidson, when you talk about your android phone and that

screen came out and if you wanted to you could check for the deal location of -- you could check "no" for the gao location, what happens? >> you get a notice before the application is installed that says, your application wants to use your location information. it is that ok? and you actually have to accept that before installing the application. and we get notice about other kinds of applications. it is not a maltese green thing. and we have worked hard to make it very simple.

and the key is timely notice, and a choice for consumers. >> and miss shenkan, you mentioned your 5 principles. i also want to know about parents tracking their children. would your five principles allow parents to thdo that? >> we have not contemplated it. i guess the best answer would be that we should get back to you on that. it would depend on the age of the child. >> well, parents with teenagers. let me say, there is a parental interest in that. [laughter] it could be a good thing, depending on the family. but anyway, i hope you will go through that.

when you laid your principles out they seemed kind of ironclad and i'm not sure that you have enough leeway to look at that. >> thank you let me ask -- >> thank you. >> let me ask before i turn it over to my colleagues, you talk about your privacy policy at apple and that is great. but can apple tell how many people actually read it? >> well, they have to say that they agreed. we cannot know for sure if they have read it. we try to make it very plain language, but we cannot tell if they are reading it. >> do you have any way of knowing how long they are on the screen? >> i do not know whether we can or cannot, so i will have to get back to you on that. >> my guess is that for a lot of folks it is too much information and they agree without understanding what they are agreeing to. but that is another matter that

we can discuss. senator? >> brett taylor, this would be to you. under facebook's terms and conditions, a user must be 13 or older to have an account on your web site. despite a recent study, 7.5 million users were discovered to be younger than 13. the apple app store is rated for age four and above. i understand a policy not to allow children under 13 to have an account, but the description of the facebook app at the apple store is for age four and older.

how was that consistent with your policies? and who determines the rating for the facebook app? >> thank you. that is a very good question and it is actually news to me. first, we do not allow people to have accounts under the age of 13. if i had to guess, i would guess that because the facebook application does not in and of itself contain richer content. but we can follow up with our office about -- contain much surer content. but we can follow-up with our office about that. -- contain mature content. but we can follow up with our office about that. >> i appreciate that, but it does not appear to be the truth. you have 7.5 million under. this takes me back -- and i will not harp on it, but facebook grew so fast. zuckerberg get out of harvard

and he is 20, 21 years old. he comes up with a new idea. it is my general feeling that people who are 20 to 22 years old do not have any social values at this point. [laughter] i am serious. i think he was focused on how the business model would work. i think he wanted to make it bigger and faster than anyone else ever had. nothing i know suggest otherwise. you cannot just dismiss the 7.5 million users better under 13 and say that you have a policy that does not allow that to happen. auberg, because i'm very worried about suicide, people stalking, youngsters innocently put themselves on a blog and think it is just going

to one person and it goes to indonesia and everywhere else. and you have 600 million people , and i astor, how many employees does facebook itself have -- i asked her, how many employees does facebook itself have, and she said 1600 worldwide. she is no. 2 in the company, so i assume she is right. and i said, how many people do you have monitoring to see what is being said, because i am worried, as are you, about what can happen to children -- bullying, creditors, all the rest of it. i think is a -- bullying, predators, all of the rest of it.

school counselors do not know how to handle it. you have a whole group that is very worried about this. and she said, well, we have 100 people who monitor these 600 million people, who i assume are doing a lot of blogging every day. and my reaction is, that is indefensible absolutely. it is unbelievable that you would say that. and she said, we will do better in the future. i want you to defend your company here because i cannot. >> senator, i want to say that we emphatically agree with your point. i want to clarify a couple of issues. first, whenever we find out that someone has misrepresented their age on facebook, we shut down their account. i'm not sure of the methodology that you referred to, but i can tell you that we do not allow people to misrepresent their age.

>> when you say you do not allow people to misrepresent their age, how do you do that? how can you do that? >> we have found a scalable way, both in terms of age enforcement, but also with bullying and other protections of miners on the side. they are baked into a system of enabling people to report problems. i will talk about bullying first and then age protection. with almost every piece of content on the side, we have a link where an individual can report inappropriate content and report killeen. originally, that will go into a special queue that our user support department will look at the content almost immediately. we have also expanded that with what is called social reporting, that enable people to report did not only to was, but also parents and teachers.

if you are a minor on the site in high school and you see an inappropriate picture, you can not only reported to facebook and have it removed, you can report it to a parent or teacher and deal with the underlying cause with why someone would post a picture like and then deal with that offline and the underlying issues. we actually have about 250 people working across privacy and security on facebook, but in addition, we have makes these with self reporting because we find that they are very accurate. >> my time is up, and i want to get a comment from ms. shenkan. >> on the same question? >> correct. appl>> our view is that not enoh is being done. if we took a small amount of time that companies spent

innovating products and thought about how we could protect our kids, we think that could go a long way. these are the organizations that have created a platform in which 600 million people across the globe use. companies have mapped every street in america so that we can all use these, and instead of spending more money to hire p.r. firms to take down the other company, let's protect our kids. it cannot be 100 people sitting in a facebook office trying to monitor 600 million conversations. >> we have been talking about how we get privacy policies that are understandable and readable, and that our lawyer

will draft. i know mr. davidsen, you ask the judiciary committee about this. you ask whether you would commit to supplying apps in your store that have an understandable privacy policy. you said you would take that back to your store. have you gotten any word on that? >> we think that apps should have a clear and understandable privacy policy. i do not have an answer for you about whether we will make a requirement in our app store. i think those apps sure have a privacy policy and we will work to -- should have a privacy policy and will work to make that happen. >> and ms. novelli, you were asked by senator coburn in the judiciary hearing last week

about testing apps and you were saying how awful tested an app ended random spot checks to presumably spot any problems. and yet the "wall street journal" found problems in and sharing the location data without informing the user. how did those match of the experts we do our best to check -- how did those matched up? >> uighur best to check. one of the audits -- we do our best to check. one of the audits showed that we have to get permission to share location. with respect to a location, if you want to use the location of a consumer, you have to prop up a dialogue box that is linked into our app , that we have

designed that requires the user to allow or disallow. on that specific app, i cannot comment, but i believe that with the particular question referred to. when a problem arises, we immediately investigate and work with a developer within 24 hours to fix the problem or be removed from the store. we have found that developers have a great incentive to fix the problem. >> mr. reed, you have been working to put together a comprehensive set of guidelines for developers that will follow a clear policy. and i support that effort. i think is good. think that back and instea anyone with the skills and a computer can build an app. you think the regulatory approach will be enough to keep the bad actors out of the

market? >> i think there are two parts. the self-regulatory approach is the way we have to start. i do not think it is really self-regulatory. we have heard from the ftc -- we think the ftc has and should strongly enforce section five. in this case, i will not speak from the legal side of it, but we think it should conceptually include someone who commits uses your data and just does not have a privacy policy. -- who misuses your data and just does not have a privacy policy. i would say, we want to start with self-regulatory. we want to bolster the industry effort on that. and the stick side of that would be ftc coming after folks who do not have a privacy policy and misuse of data. >> and as far as the kids who might be claiming they are 13,

for kids under 18, do you see a different way to reach out to them to talk about privacy policy? are you thinking about it way to make sure that they understand it and that you might use a different approach than an adult? >> fundamentally, i think most people in this room agree that people under the age of 18 should have a different experience on facebook because of the unique needs and privacy and security protections that a minor needs. that makes its way into all product, not justivac the privacy policy. the privacy settings are different. when you share things, it goes to a more restricted audience. when you report problems on the side, our user operations respond differently if it is a minor. and that is reflected throughout

our product, especially with privacy and security issues. >> and ms. shenkan, to senator allskill's point about not sharing is bad. the question is, where do you draw that line? more targeted advertisements can be more relevant and useful to the users. the problem and the drop -- the line is drawn with privacy. >> if behavioral advertising is so useful to consumers, they should have the ability to opt in. if i happen to be on facebook and i am posting on my wall about wanting to go see elvis costello and i say this find to track my comment -- is trying to track my conversations on that

and i get an advertisement, then i am fine with getting information back. he rejected the notion that there is a fundamental choice that needs to be made between innovation and protecting privacy. we could not agree more. that is a false choice. the entire internet will be close to $200 billion in e- commerce. most of that was not in the bureau of targeting to people. one of the things about -- behavioral targeting two people. but what of the things about the search engines is that people are saying, in the market for a new car or truck. please advertise to me. that is okay.

that is an example of where privacy is protected and innovation has happened. >> if any of you want to respond, i think i am out of time. but we can talk about it later. >> ms. taylor -- mr. taylor and mr. davidson, i will ask you in a minute, if any of you have a problem where a company has self corrected. one thing i hear that if there are problems, the company usually moves forward and self corrects before anyone knows there is a problem. miss novelli, does apple track the location of my iphone? >> no, sir, we do not. >> you do not? >> we do not, sir. >> it is on.

it is id logging in? is there some log in system and that you look out for my iphone? >> no, sir. apple does not look at a login system for your iphone. >> what do you do? how does it work that i might get some advertisement for something a, or be solicited on an app or through my e-mail account or whatever? >> sir, there are not advertisements on the mail account that is on your iphone. you could get an advertisement. there is a web browser on your iphone that is just like if you use your computer, our safari web browser, and that works the same as if you are working from a computer. if you are logged on to a website -- >> but i would have to be on something for that to happen. >> correct.

>> was a crowd-source -- what is a crowd-source database? >> that is essentially a map of the gao-locations -- geo- locations of cellphone towers derived from hot spots that is directly from people's iphones. the phone, when it goes by a location, will say there is a wifi spot here, a cellphone tower there. there is nothing that connects it to an individual or individuals phone. we are using dalmath to help people later on when they wanted -- using that map to help people later on when they want to know where they are.

>> mr. davidson, wilcan you thik of an example of a problem that you all went in and self corrected? but i think we are constantly innovating. -- >> i think we are constantly innovating. i take the comments very much too hard about trying torelativt launched a pin lockout feature on android so anyone could make sure their phone is not downloading apps without a pin. we expanded the state's search program, to enable people to set controls -- search controls to make sure they are child friendly. we added a flagging mechanism so people can flag bad apps. i think they have all been improved in the last six months. some of them are really about

trying to make sure we are doing better to protect children. there are probably the other things we have done that we are constantly trying to protect. >> mr. taylor? >> a very good question. to mr. davidson's point, in the industry we are constantly working to improve the security and safety of our products because it is the basis people choose to use them and if they lose trust they will stop using it. a timely example is this friday we will be announcing in partnership with microsoft and national center for missing and exploited children, we are going to be deploying infotechnology that microsoft research developed to identify using relatively sophistic in the print technology pictures of missing and exploited children to prevent child exploitation on facebook and help people find missing children. this is something we did proactively and in partnership with these organizations because we care deeply about this problems as you all did do the

you all do. >> new mentioned the need to protect kids from permanent damage -- i assume that meant if they put something out there for people to see. how do you do that if people have already seen it and somebody has already captured that? assuming kids have access to this way to communicate, how do you protect them from permanent damage if they made the decision to put something outset -- out there damaging? >> the issue is the information is not only public when somebody puts it up, which it is hard to control, but it is persistent. it is very hard to take the information down. we talked in one of the privacy briefings, the concept of and a razor but in where it would be very easy for somebody who realized they put up something that they did not want there, that they could take it down. >> once you put it up there, can

somebody capture it and they have it? >> that is the problem. >> that is the problem of putting it up there, is somebody else can capture it and they can have it and they can share. >> that is the problem. >> i don't know how you stop permanent damage if somebody does something that is damaging, unless it just happens nobody sees it and nobody else decides they want to use it. the problem is access. very scary. anybody with children and grandchildren, it is scary to think about what somebody might do but i am not sure we could come up with a fence that is high enough or big enough to stop that from happening. it does have that terrifying long term problem, but if people have access and they put information out there -- >> there is an industry blossoming, where you can pay companies to go spend time every month taking down information that is posted about you on

line. people are figuring out ways to do it. we would like to see happen is companies in this room and elsewhere figure out how to make it much, much easier. >> ms. davidson, and my time is up. >> i know this is not the most attractive solution but a huge part of this is about education. i have young children. a recent report from the national academy talk about some of these problems and said, you could try to build a fence around of a swimming pool or teach children how to swim. what we really need to work on is teach shows and how to be literate in this new world. that is a very big project. >> thank you. >> senator mccaskill? >> thank you. i got a tweet from my last round of questions. i did not mean to sound flippant about hipaa. what i was trying to say about

hipaa is that the bottom line is we had unintended consequences and costs. what you talked about -- we clearly did not get that down because most people who go to the doctor's office are not reading the long thing they have to read, and they signed. i bet most people in this room would admit it that those of the doctor they are not reading the whole thing they signed. you have to sign one or two or three every time ago which adds administrative cost. and there were unintended consequences in terms of finding people who might have been -- diseases who are very unique and rare, trying to find people for research purposes. hipaa has stood in the way of some things. does not mean we should not work on privacy but i just want to be cautionary that we are careful as we move forward on privacy because so much of the success we have had in this space in our

country in the internet and advance in technology has been remarkable. i want to make sure we don't have unintended consequences. i am glad i could clear that up. i want to make sure everyone understands how easy it is in terms of turning off things. not only do i have the ability to make sure i don't have any location services on here, i can even go down and you tell me every single app that is using location services and i can individually turn each one off. the other thing that you do is you tell me if anybody has use my location in the last 24 hours. there is a little logo. i tried it while the others -- i went on kayak, and now there is an arrow same kayak is my current location as i was looking for a flight. all i have to do is flip the switch and i am telling kayak it

is none of my business -- their business where i am very very easy to find. here is the thing i wanted to ask ms. novelli. i am a little confused why cut the rope is on the list. little confused white paper tosses on the list. it seems to me if we are talking about games -- paper tosses a game -- one of the ones listed in "the wall street journal" article." there is nothing in that app that has anything to do with a location other than the fact you are trying to get a piece of paper in a trash can. same thing with cut the rope. it seems to me if it is very obvious by the app there is no need for any location, that could be with industry could focus, and making sure people understood the consequences. clearly the only reason cut the rope or toss the paper is tracking my location is to try to sell to other people where i

am going and what i am doing. there is no applicability to the game. it seems if you could focus their first in terms of making sure privacy is very obvious -- and when i go on "cut the rope" site and "toss the paper close " i don't see anything on there that tells me anything about what they are doing relating to tracking me. could ms. lowe valley and mr. reed talk about that? -- ms. novelli. >> i often on games like that, i say, no, if s me if big in german location. the reality is for some of us building applications that are ad driven, third-party networks will ask for informations and they can provide a higher quality ad, and that location of the mission as part. interesting to see there are

some interesting small town benefits i have seen. red laser, is slightly different one. i can hit a skew and it will tell the the product and show me the amazon price but right below that it would say time harbors board has the same product, $3 more but it is right across the street -- tom's hardware store. so there are some benefits to that kind of add marketing. it illustrated the first point most readily which is, you want to use paper towels and you don't want to see the ads targeted, turn off location- based services and it is something we as an industry understand it and expect some consumers to do. we have to figure out how we still make money from the ad networks because they control our income on that. we have to find an agreement with them -- rather than the tail wagging the dog. >> ms. novelli, i know apple is

loath to do anything to stop the amazing flow of applications making a product so desirable. i get that. it seems on some of these apps, if i had a choice -- if you could even get -- either get for free and see some ads or paid $2.99 and the ad free and track free. it seems like it could be a simple choice the industry could do -- both global and apple, two of you did it, or facebook, to the extent it applies to you -- both google and facebook. to understand, first of all, when they are being tracked, it helps pay for things, and that is why they get so much free. and it would begin to drive home their nothing better than driving home the point what they are getting for free and how and to giving them the simple choice but have been discussion of that and why have the -- haven't

been moved to that model? >> there are apps on the store, and my husband download a couple of them, we have the choice. either you are free and you submit to advertising or you have to pay. there are apps in the store like that now. in terms of the pricing, though, we have the developer said the pricing. we have not really gotten into trying to set prices -- >> i do not want you to. but that people should have the choice as to whether or not they want to pay or they want the app. >> developers have been in a choice and their choices in the store now. i do not know if mr. reed wants to comment. >> would you describe is exactly what we're doing and we appreciate apple announced amazon and zero others. but it is exactly what we are now using. in a store i have an ap thatp

is paid, and the other that is free. we may even sub divided -- so you can turn off the >> i know. i don't want to cut you off. but the bottom line is, it is not clear. i did not really understand when i am making that decision that it also might involve tracking. that is what i am saying. that might be something you could do as an industry that might forestall some consequences from aggressive government regulation. thank you very much. the next questioner would be -- it says senator udall. following the list by the chairman. >> thank you very much. i know chairman is not here, but i really appreciate him holding this hearing and all of the responding to the questions of the panel. as you conceive of the questions there is no doubt there is a lot

of concern in terms of privacy in the privacy, protecting minors. and i look forward to your supplemental answers that some of the are going to give, because i think those are some of the key questions that are out there. i think from this subcommittee'' perspective, we are going to continue to ask these questions, continue to do oversight, so i think you should expect that. recently i joined the senator reid and schumer and lautenberg asking research in motion, google, an apple, to stop selling dangerous apps that enable drunk drivers to evade law enforcement. in 2009, junk drivers killed nearly tend thousand people nationwide, including 141 in new mexico. apps like dui dodger, buzz, a

checkpoint, provide drunk drivers with the precise location of dwi checkpoints as they drive. this is while they're driving around. some even offer audio alerts a learning drunk drivers as they approach checkpoints. while i agree public notification of check points in the news or in the paper and serve as a deterrent to prevent individuals from making the decision to drive drunk, providing real-time accessibility tailored to a driver's location only serve to provide young strivers with the tools to more effectively break the law and endanger others at a time when their decision making capabilities are already impaired. i am very pleased that rim did the right thing and immediately pulled these apps from the blackberry app store. white is apple and the google still selling the apps?

i think this would be directed most to ms. novelli and mr. davidson >> senator, when we received your letter, the first thing we did is started to look into this and tried to research the whole situation because apple at war's drunk driving and does not in any way once to uncover -- apple abhors drunk driving. there were some differences of opinion among reasonable people as to whether publicizing checkpoints deters or helps drunk driving. and that, in fact, some of the information is actually made public by the police forces themselves and is on the internet. we are continuing to look at this issue. we will continue to talk to you and your staff as we continue to

evaluate it. we do not want to be enabling or supporting john driving in any way. -- drunk driving in any way. >> i would echo that sentiment. we certainly appreciate the seriousness of the issue that has been raised but we do remove applications, enjoyed marketplace that violates our content policies but apps that -- after initial review, apps that nearly share information of the sort do not violate those policies at this time. we are evaluating this, talking to your staff and we appreciate the chance to continue to do that and we are taking it very seriously. >> as far as apple's stated policy, you have a policy that you don't -- do not and courage with your apps people to break the law.

>> yes, sir. >> isn't exactly what is happening here? you can imagine -- you have had our letter for two months. you can imagine a person that is drunk, dwi, driving down the road, and they have one of these apps turned on and it issues an alert and tells them there is a checkpoint that -- ahead, they can use the device to find their way around the checkpoint. it seems to me that kind of application is encouraging breaking the law. >> we are reviewing -- as i said. >> you had two months. how long? >> we will be working with you on this. we are reviewing its. there are some of the apps, for example -- here is a cap number for you to call a cab, alert new

that there are checkpoints and here is the phone number to call a taxi. i think they are not ubiquitous, all of these apps, and like i said, some of the intermission is made public by the police themselves. i think reasonable be bought different points of view about to go about this and we are trying to do this and the most thoughtful and respond to the manner. >> no, and i understand that. but i hope you all understand the difference between the did -- the police department, stung -- state police, county police, sheriffs, issuing a broad general thing that on friday night on saturday night we are going to live a check point out there. various points in town. that serves a deterrent, i think, for people to know. there is a 2% chance of passing truckdrivers.

-- catching drunk drivers. somebody utilizing the apps, and makes it less likely. in may dropped to 1% or half a percent sign, whether it is. the important point is here you have law enforcement issuing generalize bulletin's but what people do with your apps and what they are able to do is specifically in real time determine there is a checkpoint and evade the checkpoint. and possibly afterwards get in an accident and have somebody killed. so, i understand you all are looking at it closely but i think this is a crucial question for law enforcement. i have heard from police department in las cruces, and attorneys general for mexico, delaware, maryland, they also

signed on to this issue and are asking the same questions. i think the more this is out there, you are going to get these kinds of questions. i am sorry for running over by very much appreciated. i said earlier, your effort for consumer protection and what you're doing in this area is greatly appreciated. >> thank you to the witnesses here today. senator rubio? >> thank you for being a part of this, this a timely and interesting. disclosed a look on a app portion of it -- a lot of apple users and our family. one of the things that crated a frenzy. i want to -- know the answer but i know -- one of this to here as well. the two research is that found a file on the iphone and ipad that appeared to have that stamp record -- and they created a

map. the company acknowledged there was a glitch and offered some -- >> yes, those of states have already been implemented for most of all of the questions. there was one question about encryption that it was going to be implemented recently. i would say again there is no actual information on the phone about your actual location any time. what was on your phone was a city map of wi-fi hot spots and databases, but not where you were on the map. >> but the key to it was -- it was not intentional >> even if the toggle switch had said, no, it was still beating the information and storing it for a longer period. it is a single update or is a mobile updates? >> that update went out a couple of weeks ago.

there is no war -- this which is working perfectly now, and it is not backed up. your information is not backed up to a computer. and the encryption question is being addressed in our next agreement in -- >> someone with the iphone and ipad, they still have to pull the update in. >> wednesday sync nephron, you'll get a notice there is an update available to you want to install it, and you say yes. >> anybody out there who has not updated their phone in the last -- >> two weeks. >> should have deck -- should update their phone. the second question has to do with the relationship to third parties. some confusion because people go to the app store or the enjoyed market or facebook. when somebody buys an application from an online store like that, both from the

reality and legality perspective, who is their relationship to the business relationship? but i go on and get an application for my home -- phone. i think this book does as well. who do i at that point do i have the relationship with? is it with you, the marketplace, or the actual app vendor? >> from our perspective, once you buy the app and you use it, your relationship is with the app developer. at that point, the first party relationship is with the app developer. >> we would agree. for example, in the applications there could be terms of service agreement. i think it is why the users need to be careful about what applications they use and be thinking about that and why we tried to give people in our end of the marketplace as much information as they can before

installing it because that is where we lose relationships. >> a lot of people are not clear about that. i know anyone who sells an app goes through a general screening process but your business village is only as good as the company or whoever you are interacting it with. >if i have a problem with an app, i pull one up and all of a sudden i have problems with them, or i get suspicious, is there a process where i can report them to use so that you can -- what is that process? >> in our case we installed a flagging mechanisms so users can flag applicants for a variety of different reasons. a whole set of reasons -- that would be a place for review. that would be the starting point for us.

>> we have an ability on our app stored to contact us and you can flag any concerns you have and will investigate immediately. >> my last question is for baseball, the giglio location data collected -- geo location feature when they check into the places feature? >> right now places feature is designed so you can ask explicitly share your location to the people you choose at the time of sharing. places is not a feature about passably sharing location, it is about actively sharing. >> it happens at that moment when you check in. >> you click a button that says check-in and that information goes on your profile. >> how long do you guys keep the information? >> that information that you share, like i am at the restaurant with your friends, that is on your profile for as long as you wanted to be and you

can remove it at any time did >> if the individual does not remove it, it stays indefinitely? >> we considered just as you publish a status update, if you made the decision to share where you were and it is up to you who you want to share it with and if you want to delete it and you can change both of those after the fact. >> probably not shocked about some people lying about where they are. [laughter] basically so people understand, when they go on and log on and say i am here, that will stay on forever unless he actively go back and lead it yourselves. >> that is correct. fundamentally just like if you decided to share a status update or a photo, we consider that your information, not ours, so we considered an imperative to keep that information because you interested as to keep it on behalf of sharing with your friends. >> thank you. appreciate it. >> thank you, mr. chairman.

i want to thank all the panelists. we are all encouraged by the substantial growth and wonderful technology in the mobile market place but it does obviously raised questions and concerns about how the development is investing consumer protection and privacy. so, having access to all of these things in the palm of your hand is a wonderful tool. and there is a lot of competition to create the new, best of the greatest thing which is part of the entrepreneurial spirit in america about what to make sure we do it we do it anyway that appropriately protect consumers online without stifling innovation and growth. i want to direct a question for mr. davidson. it has to do with this ftc recently alleging google violated in the ftc act by inappropriately bygmail for mission to populate the google but social network.

it led to email users receiving contact with individuals they have serious concerns about. could you talk a little bit about how google responded? >> absolutely. as i said in my testimony, we hold ourselves to high standards on writing transparency and choice, control, to our users. and the situation you alluded to, where the launch of our buzz product not meet the standards. it was very confusing to our users. we think it is -- fixed at relatively quickly, in a matter of days. but we have been and a lark -- longer conversation about the ftc and recently entered into a consent agreement with them. we agreed for the next 20 years to put our money where our mouth is. we have signed up for two major things -- one is really instilling privacy by design, a

process in our company for making sure we are thinking about privacy from the earliest moment and that would be audited and assessed by an outsider and reported every two years for the next 20 years. and we agreed we would get affirmative consent from users for any new sharing of information. those are two powerful things and those are the kinds of things we said we would do -- now we have a consent decree from the ftc to show we will do what the next 20 years. >> do you think some of those particular you talked about might be considered at best practice for other companies to consider? >> i think it is something probably better addressed to other companies. i know there are a lot of different models. we think it was the right thing for google and our users so we adopted this agreement with the ftc and then leave it for others to decide what is right for other companies. >> i am concerned that if

companies agreed to implement more restrictive privacy controls, that there are still individuals who will try to hack into mobile devices and apps to collect affirmation for third- party it uses. it seems mobile devices and apps are much more susceptible to those types of hackers and activities. is a big question for any of you. has the industry considered how they can make mobile devices more secure, similar to to how we protect home computers with anti virus software, fire walls? are we seeing any companies that specialize in security for mobile devices and apps? them on the first part of it, yes, as a matter of fact there is a company called look out building a product for the enjoyed platform that provides security and malware protection get in -- protection.

apple gives us as developers the relevant access to information on the devices themselves. they are very restrictive what we in the development community can ask for in terms of informations. it is where you see a lot more and enjoy space where it is the wild west and more tendency for people to do the kinds of malfeasance you are talking about. look out is it an example of a company that has come to afford to address the problem. -- come to the fore. >> there is a huge amount of energy -- a great question. the not be surprised i would not characterize it as the wild west. our view is actually the openness of the platform and the fact that code is open source is a major security feature. people around the world are able to look and assess the code and the system and the security architecture and test all the time.

you don't get security with secret anymore. you get it with openness. the other thing is there are a huge number of features -- and we are among those rolling it out, on a mobile platform -- making sure there is https and corson by default on major products like google, gmail and on search as well. two factor often vacation, another system to gmail -- a password is not enough. in a half to have a device and a password. for people concerned about their products, really important. and other companies rolling these things out as well. a very important area and a huge amount of resources. >> is there anything congress can do to help encourage greater protection when it comes to mobile devices and apps would you rather we stay out of it? >> it is a rapidly evolving area, for sure. a discussion about data breach

legislation. a lot of people would say that is an area for consideration. because there is such a patchwork of state law. i would just recognize there is a huge amounts -- a very dynamic environment right now. >> all right. thank you, mr. chairman. >> thank you, senator thune. i want to thank all of the panelists for being here today. i know when you look at the unpleasantness scale, sometimes, before the senate is way down here. but thank you for being here and thank you for testifying. and as much as we talked about today -- we covered a lot of issues, i feel like we are still at the tip of the iceberg. there is a lot more to know and to learn and forced to wade through and we appreciate your input and help as we go through this. we are going to leave the record open for two weeks.

i am certain several will have additional questions and 1 follow-ups. i know i have a few. we will leave it open for two weeks and we really appreciate you all working with a stab at getting back to us in a timely manner. thank you for being here and we will adjourn the meeting.

memo coming up in about 25 minutes, afl-cio president richard trumka speech at the national press club. expected to discuss the 2012 election as well as recent labor issues in the midwest. live at 1:00 p.m. eastern here on c-span. president obama today has been meeting with israeli prime minister netanyahu. later president obama will travel to langley, virginia, where he will speak to cia employees at that agency's headquarters and thinking them for their role and the osama bin laden mission. comets set to get underway at 3:00 p.m. eastern also live here on c-span. >> history, as you know, is much more than just politics and soldiers. social issues. it is also medicine, science,

and art, and music, and theater and poetry, and ideas. and we shouldn't learn things into categories. it is all part of the same thing. >> samuel morris, james and a more cooper, harriet beecher stowe, thomas edison -- sunday night, part one of two weeks with david mccullough on american to make the greatest journey to 197 -- 19th century paris. 8:00 on c-span. >> no one succeed in life by themselves. you must be willing to lean on others, to listen to others, and, yes, love others. >> watch 2011 commencement speeches on c-span memorial weekend and search all over 800 past addresses from politicians from activists, authors, president, other world leaders, and more. at the peabody award winning c-

span video library where you can search, watch, click and share every event recovered from 1987 through today. it is washington your way. [applause] >> federal reserve chairman ben bernanke said this week that government funding and research and development and help those the economy and that the investment should be more consistent. the fed chair also said u.s. immigration and education policies should be revisited to increase the number of high skilled workers. he was the keynote speaker at a conference hosted by the organization for economic cooperation and development. it is just over 20 minutes. the nobel prize-winning economist once wrote that once one starts thinking about long

one growth -- long run growth and economic development "it is hard to think about anything else. i do not know if i will go quite that far but it is true that relatively small differences in the rates of economic growth maintained over a sustained period could have enormous the implications for material living standards. the growth rate output per person of 2.5% a year doubles' average living standards in 28 years. output per person growing at a modest list lower rate of 1.5% a year id leads to a doubling of average living standards and about 47 years or two generations. compound interest is in the powerful. in output per person increases more rapidly, prospects are

greater more broadbased prosperity are in hansard over long spans of time economic growth and associated improvements in living standards affect at a number of determinants -- working skills, rates of savings in capital accumulation, and institutional factors ranging from the flexibility of markets to the quality of the legal and regulatory framework. the weather, innovation and technological change are undoubtably central to the growth projects -- prospects. over the past 200 years or so, innovation, technical and vance and investment and capital goods and by the new technologies transform economies around the world. in recent decades, as this audience well knows, advances in semiconductor technology have radically changed many aspects of our lives from communication to health care. i noted at the tweeter remarks at the beginning. that is how people will learn what is happening at the

conference. technical developments -- like electrification or internal combustion engine work equally revolutionary if not more so. in addition, recent research i lighted the important role played by intangible capital such as the knowledge embodied in the work force, business plans and practices, and brand names. this research suggests technological progress and the accumulation of intangible capital of together accounted for well over a half of the increase in output per hour in the united states during the past several decades. innovation has not only lead to new products and more efficient production methods but also in this dramatic changes in how businesses are organized and managed, highlighting the connections between new ideas and methods and the organizational structures needed to implement them. for example, in the 19th century the development of the railroad and telegraph along with a host of other technologies, were

associated with the rise of large businesses with a national reach. as transportation and communication technologies developed further in the 20 centric, multinational corporations became feasible and more prevalent. economic policy affects innovation and long run economic growth in many ways. stable macroeconomic environment, sound public finances, and well functioning financial, legal, the labor, and product markets of support innovation, and to punish it, and growth, as do effective tax, trade, and regulatory policies. policies directed at objectives such as international from rights and research development and are in the promote innovation and technological change more directly. in the remainder of my remarks i will focus on one important component which is government support for r&d. as i already suggested,

suggested commercial application of new ideas and balls much more than pure research. many other factors are relevant -- extent of market competition, intellectual property regime and availability of financing. that said, the tendency of the markets, too little of certain types of r&d provide a rationale for government action and a matter how good the policy environment, big new ideas are often rooted in well executed are indeed. let me talk about the rationale for government role in r&d process. governments in many countries directly supports scientific and technical research through grant providing that agencies like national science foundation or through tax incentives like the r&d tax credit. in addition the government of the and i did states and other countries run their own research facilities including facilities focused on non-military

applications. the primary economic rationale for a government role in r&d is absent such intervention the private market will not adequately supply certain types of research. the argument, which applies particularly strongly to basic or fundamental research, is that the full economic value of a scientific advance is unlikely to accrue to the discover, especially if the new knowledge can be disseminated at low cost. for example, james watson and francis crick received minor infraction of economic benefits flowed from their discovery of the structure of dna. it meant people are able to exploit or otherwise benefit from research done by others. the total and social return to research may be higher on average than the private return of those who bear the cost and the risks of innovation. market forces will lead to an under-investment in r&d from

society's point of view which in turn provides a rationale for government intervention. one possible policy response to market under provision problem would be to substantially strengthen the international property rights regime. for example, when developers of new ideas strong and long- lasting claims to the economic benefits of their discoveries, perhaps by extending and expanding patent rights. this approach has significant drawbacks of the tone, and that strict limitations on the free use of new ideas would inhibit both further research and development and valuable commercial applications. thus, although patent protection for some of the rules remains and pour in part to policy, government has also turned to direct support of r&d activities. of course the rationale for government support of r&d would be weakened if governments performed consistently poorly in this sphere.

certainly there have been disappointments. the surge in federal investment in energy technology in the 1970's, response of energy prices -- achieve less the initiators have hoped. in the 90 states, however, i see many examples in some cases extending back to the late 19th and early 20th centuries, but research -- a initiatives and support enabling emergence of new technologies in areas that include agriculture, chemicals, health care, and information technology. a pace that has been particularly well documented and closely studied is the development of hybrid seed corn in the united states during the first half of the 20th century. two other examples of an ever -- innovations that receive critical support our gene splicing, federal r&d techniques that open up the field of genetic engineering and lithium ion battery developed by federally sponsored materials research and 1980's.

recent research in the so-called war on cancer initiated by president nixon in 1971 finds the effort produced a very high social rate of return, notwithstanding its failure to achieve its original ambitious goal of eradicating the disease. what about the present? as government support of our nd today at the right level? the question is not in easily answered. it involves not only difficult technical assessments but also a number of value judgments about public priorities. as background, however, consideration of recent trends in expenditures in r&d in the united states and others a world should be instructive. in the united states, total r&d spending, both public and private, has been relatively stable over the past three decades at roughly 2.5% of gross domestic product. however, this apparent stability masks some important underlying trends.

it first, since the 1970's, r&d spending by the federal government has trended down as a share of gdp while the share of are indeed done by the private sector has correspondingly increased. second, the share of r&d spending targeted to basic research as opposed to more applied activities has also been trending down. these two trends -- the declines in the share of basic research and in the federal share of r&d spending are related, as government r&d spending tenpenny more heavily weighted toward basic research and science. the declining emphasis on basic research is somewhat concerned because fundamental research is ultimately the source of most innovation, albeit often with long lags. indeed, some economists argued that because of the potentially high social return to basic research, expand government support for r&d could come over time, significantly boost economic growth. that said, and a time of fiscal

stringency, the congress and the administration will clearly need to carefully weigh competing priorities as they make their budgetary decisions. another argument sometimes made for expanding government support for r&d is the need to keep pace with technological advances and other countries. r&d has become increasingly international, thanks to improved communication and dissemination of research results from the spread of scientific and engineering talent around the world, and the transfer of technology is through trade, foreign direct investment, and activities of multinational corporations. to be sure, r&d spending remains concentrated in the most well developed countries with the united states still the leader in overall spending. tell whether, in recent years, spending on r&d increased sharply in many emerging markets most notably china and india. a meticulous, spending for r&d by china has increased rapidly

in absolute terms of a recent estimate still show its spending to be smaller militant to gdp than in the united states. reflecting the increased research activity in emerging market economies, the share of world r&d expenditures by member nations of the oecd, which mostly comprises advanced economies, has fallen relative to nonmember nations, which tended less-developed. a similar trend is evident, by the way, with respect to science and engineering work forces. how should policymakers think about this increasing globalization of r&d spending? , one hand, the diffusion of scientific and technological research throughout the world potentially benefits everyone by increasing the pace of innovation and globally. for example, the development of the polio vaccine in the united states in the 1950's provided enormous benefits to people globally, not just to americans. moreover, in a globalized economy, product and process innovations in one country can

lead to employment opportunities and improved goods and services around the world. on the other hand, in some circumstances, the location of r&d activity can matter. for example, technological prowess may help the country and reap the financial and employment benefits of leadership in a strategic in the street. the cutting edge scientific or technological center can create variety of spillovers that promote innovation, quality, skills acquisition, and productivity in industries that are located nearby. such as the lovers are the reason high-tech firms often locate and clusters or near leading universities. to the extent countries gain from leadership in technologically vibrant industries or from spillovers arising from local activities, the case for government support of r&d with any country is that much stronger. the economic arguments for government support of it innovation generally imply that

government to focus particularly on fostering basic or foundation research. the most commercially more elegant research is likely to be done in any case by the private sector as private serbs have -- firms a strong incentive to determine what the market demands and meet those needs. if the government decides to foster basic r&d, what policy instruments should use? the number of tools exist including direct funding, grants to universities and private sector, contracts for specific projects and tax incentives. many choices have to be made when struck trees specific programs. economists no less than what we like and how best to channel public support to research and development. good news that considerable new work is done on this topic, including commissions is on

science policy of the national science foundation. certainly, the characteristics of the research to be supported are important for the choice of a policy tool. direct government support or conduct of the research may make the most sense if the project is highly focused and large-scale. possibly involving the need for coordination of the work of many researchers and subject to a relatively tight time frame spirit examples of large-scale government funded research including the space program and the construction and operation of so-called atom smashing facilities for experiments in high energy physics. outside of such cases, though, often linked to national defense, a more the centralized model that relies on the ideas and initiatives of individual researchers or small research groups may be most effective. grants to or contracts with the researchers are the typical vehicle for such an approach. of course, the success of decentralized models for government support depends, as

always, on the quality of execution. some critics believe that funding agencies have been too cautious, focusing on a limited number of low risk projects and targeting funding to more established scientists at the expense of researchers who are less establish or less conventional in their approaches. supporting multiple approaches to a given problem at the same time increases the chance of finding a solution. it also increases the opportunities for cooperation were construction -- constructive competition. it the challenge to policymakers is to encourage experimentation and a greater diversity approaches while simultaneously insuring that an effective peer review process is in place to guide funding toward high- quality science. in -- however it is channels, government support for innovation and r&d will be more effective if it is thought of as a long run investment. yes station lags from basic research to commercial

application to the ultimate economic benefits can be very long. the internet revolution of the 1990's was based on scientific investments made in the 1970's and 1980's. and today's widespread commercialization of biotechnology was based in part on key research findings developed in the 1950's. thus, governments that choose to rights of for r&d are likely to get better results if that support is stable, of what -- and long-term oriented, avoiding a pattern of feast and famine. government support for r&d presumes sufficient national capacity to engage in effect of research at the desired skill. that capacity, in turn, depend importantly on the supply of qualified scientists, engineers, and other technical workers. although the system of higher education in the united states remains among the finest in the world, numerous concerns have been raised about this countries ability to ensure adequate supplies of highly skilled

workers. for example, some observers have suggested that bottlenecks in the system limit the number of students receiving undergraduate degrees in science and engineering. surveys of students intentions in the united states consistently show that the number of students who seek to major in science and engineering exceeds the number accommodated by a wide margin and waitlists to enroll and technical courses have trended up bolted to those in other fields, as has the time required to graduate with a science and engineering degree. moreover, although the relative wages of science and engineering graduates have increased significantly over the past few decades, the share of undergraduate degrees awarded in science and engineering have been roughly stable. at the same time, critics of k- 12 education in the united states have long argued that not enough is being done to encourage and support student interests in science and mathematics. taken together, these trends

suggest more could be done to increase the number of u.s. students entering scientific and engineering professions. at least one viewed from the perspective of a single nation, immigration is another path for increasing the supply of highly skilled scientists and researchers. the technological leadership of the united states was and continues to be built on -- in substantial part of the contributions of foreign-born scientists and engineers, both permanent immigrants and those staying in the country only for a time. and, contrary to the notion that highly trained and talented immigrants displays native-born workers and new labor market, scientists and other highly trained professionals who come to the united states tend to enhance the productivity and employment opportunities of those already here, reflecting gains -- gains from interaction and cooperation of from the development of critical mass of the researchers in specific technical areas. more generally, technological progress and innovation are around the world would be

enhanced by lowering national barriers to international scientific cooperation and collaboration. in abstracts, economists have identified some persuasive justification for government policies to promote -- promote r&d activities, especially those related to basic research. in practice, we know less than we would like about what policies work best. the reasonable strategy for now may be to continue to use a mix of policies to support r&d while taking pains to uncover as diverse and even competing approaches by the scientists and engineers receiving support we should also keep in mind that funding r&d -- are in the activity is only part of what the government can do to foster innovation. as i noted, and sharing a sufficient supply of individuals with science and engineering skills is important for promoting innovation, and this need raises questions about education policy as well as immigration policy. other key policy issues include

the definition and enforcement of intellectual property rights and the setting of technical standards. finally, as somebody who spends a lot of time monitoring the economy, then the also put a plug for more work on finding better ways to measure innovation, r&d activity, and intangible capital. we will be more likely to promote innovative activity if we are able to measure it more effectively and document it's very important role in economic growth. thank you. i wish you the best in this conference on this very important topic. [applause] >> chairman, thank you very much. as you leave, i think we can all say we are deeply plunged into the topic and we are ready to go.