California Sues Delta Air Lines Over Mobile Privacy 100
New submitter mrheckman writes "California is suing Delta Air Lines for violation of California's on-line privacy law. Delta failed to 'conspicuously post a privacy policy within their mobile app that informs users of what personally identifiable information is being collected and what will be done with it' after a 30-day notice. Delta's app collects 'substantial personally identifiable information such as a user's full name, telephone number, email address, frequent flyer account number and pin code, photographs, and geo-location.' Why is it we still can't control what permissions an app has on our phones? It's absurd and disturbing that an app for checking flights and baggage demands all of those permissions."
you read the set of permissions. (Score:5, Insightful)
You install or do not install.
Re:you read the set of permissions. (Score:5, Funny)
Re: (Score:3, Insightful)
Why, though? It is trivial to use (though not to install) utilities like PDroid and DroidWall to control these permissions.
Why does a modern OS not give advanced users basic control of the sandbox settings? Is it to protect the user's interests, or is it to deliberately limit the user's control of their own device?
Re: (Score:3)
The way I understand it PDroid is only available for a select few ROMs, mostly CyanogenMod and other variants. I was looking into it last week but I couldn't find a definitive way of installing it without also installed a 3rd party ROM. I'd prefer to keep the Samsung stock ROM on my i9100.
I ended up using LBE Privacy Guard, although not quite as good, it is doing some of the job I was looking for.
I had never heard of Droidwall, I'm going to look that up now, thanks.
Re: (Score:2)
Re: (Score:2)
Search the play store for an app called "permissions free". It can enable and disable permissions for any app on any ROM as long as you're rooted. I use it extensively.
Re: (Score:1)
It's because the 'permissions' you grant aren't the ones that a person wants to permit or deny.
They don't want to specify if an app has access to the internet or their contacts. They want to permit sending the contact information over the internet to Google's server, but not anybody else's [as an example].
And nobody has/supports that kind of permission set [yet].
Re: (Score:2)
Can you link to it? I find no app by that name in the Google Play store.
I was curious if it had the same issues and Xedeous and Stericson's apps have (namely, apps not expecting to be denied a permission and thus crashing). One of the ways around this I recall them trying was to feed fake data, but im not sure how well that worked -- I haven't tried them.
Re:you read the set of permissions. (Score:5, Insightful)
You install or do not install.
You're thinking of the jungle
In a civilized society, there are laws that may actually protect consumers. This lawsuit is a demonstration of that
They should at least make it easy for you to figure out what they collect and what they may do with this information - and they have not.
Re: (Score:2)
Given that you have to enter all of the information that was listed (except the location) yourself, you know exactly what information it's collecting.
Re: (Score:2)
It is easy, Last time I installed an app it told me exactly what permissions I need to allow. Like "Your personal information", "Your location", "Your messages" etc...
Each one even has a little description of what it means, like "read contact data, read user defined dictionary"
Re: (Score:2)
It's easy to know what it's asking for, it's impossible to have any idea of why a game would need access to my personal contacts, be able to change the state of my wifi, and initiate phone calls.
The vast majority of things I've looked at to download for my Android phone leave me going "WTF do you need that for?". And so far in almost all cases, I've decided I don't need the app bad enough to grant it unlimited permissions.
The problem is the amount of things apps ask for is bordering on the ridiculous. I n
Re: (Score:2)
I have yet to see an app which doesn't want way more permissions than it really needs to work.
You've misunderstood the purpose of the app. It's not a fun game to play, it's an ad delivery platform. It needs network access to download ads. It needs contact data to spam your friends. It needs call control to access your IMEI number to identify your device. It needs messaging access to analyse your conversations. It needs wifi access to know when you connect to the internet, so it can upload your 'anonymous usage data'.
Re: (Score:2)
It also needs to find another phone to run on.
Why not give it the permissions YOU want to give? (Score:1)
His point is valid, on my Samsung bada phone I can assign which apps have permission to get the GPS location for example. On my Android phone, I don't get that choice. I either accept it wants the location and give it all the time, or I don't install it. I can't turn off the GPS permission just for that app.
There's some really amazing stinky apps out there too. You wouldn't give your bank account details to a stranger, yet people install messaging apps, and immediately give them the email login. No doubt f
Re: (Score:2)
I can't turn off the GPS permission just for that app.
You can however leave GPS switched off when using that app. You should have it disabled the majority of the time anyway if you want to conserve power.
Re: (Score:3)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
or better, feed the apps an address book from the Spamhaus Zen list...
We should make an App for that :)
Re: (Score:2)
You realize that Google has been making it harder to do so, right?
First off, the "install" button is now at the top of the screen. A nice bright blue button on a sea of dark text of the permissions. Where does the user tap? On the button immediately.
The permission list only shows a few of them, then another "More permissions" link to see additional ones.
Plus, you're also competing against dancing pigs [wikipedia.org]. User wants Delta app to do stuff like check in for their flight without lini
Nine Years (Score:1)
California passed this law nine years ago. Everyone had plenty of time to comply. They got warnings. Now they get this.
Because people are stupid (Score:3)
Like the law that ensures you're told not to smoke on airplanes because few people even have a living memory of that being permitted at all any more.
Remember smoking on airplanes or throwing a virgin child into the volcano is a violation of Federal Law.
Re: (Score:3, Funny)
... or throwing a virgin child into the volcano is a violation of Federal Law.
[citation needed]
Re: (Score:2)
Under any reasonable standard "to throw the child into a volcano" is an immoral purpose. So, while I think you are correct about the limitation, I don't think it makes the Mann Act inapplicable.
"Active" volcano has a lot of different defin
Re: (Score:2)
or throwing a virgin child into the volcano is a violation of Federal Law.
So throwing a non-virgin child into a volcano is perfectly OK then?
Extraterritoriality in law is strange (Score:4, Interesting)
I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy? What about Los Angeles law? Are they subject to that too?
Does Slashdot have to worry about their website complying with Fresno law?
The whole thing just seems a little bit odd. Like when the US goes after foreign-based online gambling companies.
Re:Extraterritoriality in law is strange (Score:4, Interesting)
It's not strange. The law is very clear. If you place a product in the stream of commerce and it's reasonably expected that a person in Fresno or California then you must comply with the law. If you place an app on Android market you expect the app to be used by people all over the U.S. Therefore comply with California law or make sure you restrict it's use to states other than California.
State laws can have a roll on effect. California is progressive in some environmental legislation. For example, you will find Coca-Cola making changes to it's formula to comply with California and apply it throughout the US. There is absolutely no problem with the way the law is applied in these "Extraterritorial Cases". In fact it protects you and me the customer. If you are a manufacturer in China and you do not expect your product to be sold in US. You also instruct your dealers that the product is only for sale in China with prominent ineffable labeling on your product. Some rouge dealer of yours shipped a container of your product to America. Your will not be subject to the American courts and the court will not have jurisdiction over you.
Conflict of law is a fascinating area. Law isn't really all that bad. Sometimes the economics of delivery makes it bad. In addition, we fail to see law for what it is: a vehicle for changing society.
Re: (Score:2)
Conflict of law is a fascinating area.
Fascinating to those who aren't victimized by such conflicts, I suppose.
Re: (Score:2)
So you think it's reanable that I can't develop an app myself and put it on the app store without spending hundreds of thousands in legal research on the laws of 50 states and however many cities?
Maybe we should just outlaw all sowftware development done by other than the biggest studios and leave it at that?
Re: (Score:2)
I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy? What about Los Angeles law? Are they subject to that too?
Does Slashdot have to worry about their website complying with Fresno law?
The whole thing just seems a little bit odd. Like when the US goes after foreign-based online gambling companies.
Well, yes, in short, they do. Jurisdiction is co-terminal with the threat. If you find this "odd", I recommend that you run, not walk, to the nearest legal library and read up a bit. Start with the section on international law...
Re: (Score:1)
I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy?
Delta flies in to and out of California. They have hubs and offices there. They may be based out of Georgia, but they operate in California among other jurisdictions.
Re: (Score:2)
The reason is (more or less) personal jurisdiction [wikipedia.org]. If a company does substantial business in a state, people from that state can sue the company in that state under the laws of that state - no matter where they are based. This is a Good Thing - for example, say hypothetically that a Japanese automanufacturer makes all of their cars in Japan, and simply ships them to the US and sells them. If you a car from them and it explodes, injuring you, you shouldn't have to sue un
Re: (Score:2)
Re: (Score:2)
When you do business in a state you are also bound by the laws of that state.
If Delta had no business activities themselves in California, they wouldn't have an issue. Every Delta ticket counter that exists in California makes them subject to the laws of California.
Re: (Score:2)
Re: (Score:2)
Delta has considerable physical business presence in California. Why wouldn't they be subject to California law?
Re: (Score:2)
I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy?
Delta has hubs and employees in California. It does plenty of business in California, probably far more than they do in Georgia. The location of an HQ means less and less these days.
Thought, I do agree with your main point. Airline travel is so obviously an interstate issue, it should be regulated by the Federal government, not the State.
Absurd? No, not really. (Score:5, Interesting)
Aside from the photos, I can think of a logical reason for each of the other permissions listed.
Name is needed for check-in and boarding pass creation.
Delta will send flight updates via text message, for which a phone number is required. Ditto for email.
Frequent flyer number and PIN code are used to access your Delta account.
Geolocation so it knows which airport you're in.
They should disclose what information they collect as required by law, but the assertion that these permissions are "absurd and disturbing" is ludicrous and obviously the opinion of someone who does not travel often, or is uninterested in utilizing technology tools when they do.
Re: (Score:2)
It's not data mining the phone. All of that info (except the geolocation) is input by the user.
Re: (Score:3, Insightful)
Re: (Score:2)
Aside from the photos...
Looking at the screenshots of their app on the Google Play Store. It looks like they might be doing something with QR codes. Most likely, scanning QR codes requires access to the camera, hence the "Hardware Controls: take pictures and videos" permission.
It also does require "Storage: modify or delete the contents of your USB storage modify or delete the contents of your SD card" permission, which I'm less sure about. May be that one is a frivolous permission. In any case, I doubt very much that Delta is per
Re: (Score:1)
Aside from the photos...
Looking at the screenshots of their app on the Google Play Store. It looks like they might be doing something with QR codes. Most likely, scanning QR codes requires access to the camera, hence the "Hardware Controls: take pictures and videos" permission.
They have a feature to take a picture of your luggage tag so that you can track it while travelling. Not quite QR codes, but similar.
Re: (Score:1)
The photo is used so you can take a picture of the parking lot where you left your vehicle, or of your luggage tag barcode.
Kind of silly (Score:5, Insightful)
I have this app on my iPhone. You can use it as a guest, but really its for frequent flyers that already have Delta sky miles accounts. The majority of people using this app have already provided most of the mentioned personal information, if not more because they have a SkyMiles Account and they have bought plane tickets. So this lawsuit is kind of silly in my opinion.
Re: (Score:2)
One other point. Cities are going bankrupt in California and they just had to raise taxes to help met a budget shortfall. Shouldn't the State of California focus on solving its internal problems managing money, instead of going after airlines because they write apps that ask for your personal information to HELP you keep track of the flights you are on? What a mis-directed use of state government time and resources this is.
Re: (Score:2)
> going after airlines because they write apps that ask for your personal information to HELP you keep track of the flights you are on?
Won't somebody think of the poor airlines that require access to your pictures to keep track of your flights? They're just trying to HELP you! Why is California being such a meany! :'(
Re: (Score:2)
They never required a picture from me to board a plane or nor have I ever had to use this app if I didn't want to. And I have flown delta more than 100 times in the last 10 years. The app isn't a requirement to board a flight or purchase a ticket. Much ado about nothing.
Re: (Score:2)
Re: (Score:2)
Uh, well, except that they just presented a plan to voters that pretty much completely solves the fiscal problems for the foreseeable future, and the voters passed it.
The termini of the proposed high speed rail systems are the most populous areas of the state (and the project also includes upgrades for existing conventional intercity and commuter
Re: (Score:1)
I think it's called "fiddling while rome burns"
Re: (Score:2)
Cities are separate governments from the State, and, as you note, the State already largely addressed its budget shortfall, because in a surprising outbreak of common sense, voters voted to raise taxes to pay for the services they've demanded. There's still a small projected deficit under current policy for the next
Re: (Score:3)
Silly? I don't think it's silly at all. It's a perfectly reasonable lawsuit, one that is likely to succeed.
Something that needs to be pointed out here is that the CA online privacy law is really NOT that onerous. It's not setting some insanely high bar for developers and companies to pass--as it applies to this case, it is simply requiring that users be notified upon installation of what information may be collected through the app and how it might be used. It's not as if that law even has any real teet
Re: (Score:2)
Like I said in my original post most if not all of the people using this app have already provided a lot of personal information to Delta. Seriously, you need a sky miles ID to log in and do most things, so most users of this app are just tying back to a Sky miles account with information that has already been provided. So they aren't really "collecting" any data that they don't already have.
Re: (Score:2)
You're typing and typing but you're not actually listening--typical behavior for someone doesn't want to actually think about the issue.
The whole point of having a privacy policy is that people can see that Delta is at least meeting their obligations to inform its customers. It's not about what Delta already has on them. It's about showing some basic, minimum level of responsibility--and they apparently can't even do that. It's NOT hard for them to do, and it IS the law.
And if you haven't noticed, the la
Re: (Score:2)
By the way, there is a link to the privacy policy on the first page of the app.
Re: (Score:2)
Why is this news? (Score:2)
I agree you read the permissions and decide to install or not. putting a sandbox around the app? sure, but then more people will complain about broken apps and support will be even more difficult. i could list lots of examples where people set a control and forget they did, and then complain that something is broken, when it is in fact their fault its broken.
now what i want to know is why this is news on /. Calif. did this on Dec 6, and delta updated their app on Dec 7 (http://www.androidcentral.com/de
There is one smartphone that lets you do this... (Score:5, Informative)
Re:There is one smartphone that lets you do this.. (Score:4, Insightful)
This is one area where the Blackberry OS has very soundly beaten every other mobile OS I'm aware of. Any OS even remotely considering corporate/enterprise usage really ought to have this sort of ACL for apps.
But, they don't.
Marketing! (Score:1)
It's because the apps are paid for with marketing money instead of operations money. Businesses don't feel the need to offer you better service unless you pay them for it. Here you are selling your PPI in return for the ability to see when you flight is arriving. A little off base in my book.
Re: (Score:2)
Run a good ROM (Score:2)
Why is it we still can't control what permissions an app has on our phones? It's absurd and disturbing that an app for checking flights and baggage demands all of those permissions.
If you are not running CyanogenMOD then it is your own fault for installing 3rd party apps that cannot be trusted.