Forgot your password?
typodupeerror
Android Privacy Cellphones Iphone Security The Courts Transportation Apple

California Sues Delta Air Lines Over Mobile Privacy 100

Posted by timothy
from the best-practices dept.
New submitter mrheckman writes "California is suing Delta Air Lines for violation of California's on-line privacy law. Delta failed to 'conspicuously post a privacy policy within their mobile app that informs users of what personally identifiable information is being collected and what will be done with it' after a 30-day notice. Delta's app collects 'substantial personally identifiable information such as a user's full name, telephone number, email address, frequent flyer account number and pin code, photographs, and geo-location.' Why is it we still can't control what permissions an app has on our phones? It's absurd and disturbing that an app for checking flights and baggage demands all of those permissions."
This discussion has been archived. No new comments can be posted.

California Sues Delta Air Lines Over Mobile Privacy

Comments Filter:
  • by queazocotal (915608) on Saturday December 15, 2012 @09:26AM (#42300769)

    You install or do not install.

    • by Sponge Bath (413667) on Saturday December 15, 2012 @09:46AM (#42300827)
      Yoda's wisdom that is.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Why, though? It is trivial to use (though not to install) utilities like PDroid and DroidWall to control these permissions.

      Why does a modern OS not give advanced users basic control of the sandbox settings? Is it to protect the user's interests, or is it to deliberately limit the user's control of their own device?

      • by Stalks (802193) *

        The way I understand it PDroid is only available for a select few ROMs, mostly CyanogenMod and other variants. I was looking into it last week but I couldn't find a definitive way of installing it without also installed a 3rd party ROM. I'd prefer to keep the Samsung stock ROM on my i9100.

        I ended up using LBE Privacy Guard, although not quite as good, it is doing some of the job I was looking for.

        I had never heard of Droidwall, I'm going to look that up now, thanks.

        • by Stalks (802193) *
          Droidwall is just the firewall part. Good in itself, but is there a way of putting PDroid on the Samsung ROM?
        • by Kazymyr (190114)

          Search the play store for an app called "permissions free". It can enable and disable permissions for any app on any ROM as long as you're rooted. I use it extensively.

          • It's because the 'permissions' you grant aren't the ones that a person wants to permit or deny.

            They don't want to specify if an app has access to the internet or their contacts. They want to permit sending the contact information over the internet to Google's server, but not anybody else's [as an example].

            And nobody has/supports that kind of permission set [yet].

          • Can you link to it? I find no app by that name in the Google Play store.

            I was curious if it had the same issues and Xedeous and Stericson's apps have (namely, apps not expecting to be denied a permission and thus crashing). One of the ways around this I recall them trying was to feed fake data, but im not sure how well that worked -- I haven't tried them.

    • by Mitreya (579078) <mitreya@gmail . c om> on Saturday December 15, 2012 @09:53AM (#42300861)

      You install or do not install.

      You're thinking of the jungle
      In a civilized society, there are laws that may actually protect consumers. This lawsuit is a demonstration of that
      They should at least make it easy for you to figure out what they collect and what they may do with this information - and they have not.

      • by Drathos (1092)

        Given that you have to enter all of the information that was listed (except the location) yourself, you know exactly what information it's collecting.

      • It is easy, Last time I installed an app it told me exactly what permissions I need to allow. Like "Your personal information", "Your location", "Your messages" etc...
        Each one even has a little description of what it means, like "read contact data, read user defined dictionary"

        • by gstoddart (321705)

          It's easy to know what it's asking for, it's impossible to have any idea of why a game would need access to my personal contacts, be able to change the state of my wifi, and initiate phone calls.

          The vast majority of things I've looked at to download for my Android phone leave me going "WTF do you need that for?". And so far in almost all cases, I've decided I don't need the app bad enough to grant it unlimited permissions.

          The problem is the amount of things apps ask for is bordering on the ridiculous. I n

          • I have yet to see an app which doesn't want way more permissions than it really needs to work.

            You've misunderstood the purpose of the app. It's not a fun game to play, it's an ad delivery platform. It needs network access to download ads. It needs contact data to spam your friends. It needs call control to access your IMEI number to identify your device. It needs messaging access to analyse your conversations. It needs wifi access to know when you connect to the internet, so it can upload your 'anonymous usage data'.

    • His point is valid, on my Samsung bada phone I can assign which apps have permission to get the GPS location for example. On my Android phone, I don't get that choice. I either accept it wants the location and give it all the time, or I don't install it. I can't turn off the GPS permission just for that app.

      There's some really amazing stinky apps out there too. You wouldn't give your bank account details to a stranger, yet people install messaging apps, and immediately give them the email login. No doubt f

      • I can't turn off the GPS permission just for that app.

        You can however leave GPS switched off when using that app. You should have it disabled the majority of the time anyway if you want to conserve power.

        • by jopsen (885607)
          I think GP used GPS permission as an example... Why can't I feed apps incorrect GPS data or an empty address book?
    • by tlhIngan (30335)

      You install or do not install.

      You realize that Google has been making it harder to do so, right?

      First off, the "install" button is now at the top of the screen. A nice bright blue button on a sea of dark text of the permissions. Where does the user tap? On the button immediately.

      The permission list only shows a few of them, then another "More permissions" link to see additional ones.

      Plus, you're also competing against dancing pigs [wikipedia.org]. User wants Delta app to do stuff like check in for their flight without lini

  • by Anonymous Coward

    California passed this law nine years ago. Everyone had plenty of time to comply. They got warnings. Now they get this.

  • by gelfling (6534) on Saturday December 15, 2012 @09:41AM (#42300811) Homepage Journal

    Like the law that ensures you're told not to smoke on airplanes because few people even have a living memory of that being permitted at all any more.

    Remember smoking on airplanes or throwing a virgin child into the volcano is a violation of Federal Law.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      ... or throwing a virgin child into the volcano is a violation of Federal Law.

      [citation needed]

    • by mjwx (966435)

      or throwing a virgin child into the volcano is a violation of Federal Law.

      So throwing a non-virgin child into a volcano is perfectly OK then?

  • by Cytotoxic (245301) on Saturday December 15, 2012 @09:47AM (#42300833)

    I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy? What about Los Angeles law? Are they subject to that too?

    Does Slashdot have to worry about their website complying with Fresno law?

    The whole thing just seems a little bit odd. Like when the US goes after foreign-based online gambling companies.

    • by Anonymous Coward on Saturday December 15, 2012 @10:04AM (#42300895)

      It's not strange. The law is very clear. If you place a product in the stream of commerce and it's reasonably expected that a person in Fresno or California then you must comply with the law. If you place an app on Android market you expect the app to be used by people all over the U.S. Therefore comply with California law or make sure you restrict it's use to states other than California.

      State laws can have a roll on effect. California is progressive in some environmental legislation. For example, you will find Coca-Cola making changes to it's formula to comply with California and apply it throughout the US. There is absolutely no problem with the way the law is applied in these "Extraterritorial Cases". In fact it protects you and me the customer. If you are a manufacturer in China and you do not expect your product to be sold in US. You also instruct your dealers that the product is only for sale in China with prominent ineffable labeling on your product. Some rouge dealer of yours shipped a container of your product to America. Your will not be subject to the American courts and the court will not have jurisdiction over you.

      Conflict of law is a fascinating area. Law isn't really all that bad. Sometimes the economics of delivery makes it bad. In addition, we fail to see law for what it is: a vehicle for changing society.

      • by BitterOak (537666)

        Conflict of law is a fascinating area.

        Fascinating to those who aren't victimized by such conflicts, I suppose.

      • by lgw (121541)

        So you think it's reanable that I can't develop an app myself and put it on the app store without spending hundreds of thousands in legal research on the laws of 50 states and however many cities?

        Maybe we should just outlaw all sowftware development done by other than the biggest studios and leave it at that?

    • I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy? What about Los Angeles law? Are they subject to that too?

      Does Slashdot have to worry about their website complying with Fresno law?

      The whole thing just seems a little bit odd. Like when the US goes after foreign-based online gambling companies.

      Well, yes, in short, they do. Jurisdiction is co-terminal with the threat. If you find this "odd", I recommend that you run, not walk, to the nearest legal library and read up a bit. Start with the section on international law...

    • by Anonymous Coward

      I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy?

      Delta flies in to and out of California. They have hubs and offices there. They may be based out of Georgia, but they operate in California among other jurisdictions.

    • by maro6613 (1104525)
      Delta does business in California.

      The reason is (more or less) personal jurisdiction [wikipedia.org]. If a company does substantial business in a state, people from that state can sue the company in that state under the laws of that state - no matter where they are based. This is a Good Thing - for example, say hypothetically that a Japanese automanufacturer makes all of their cars in Japan, and simply ships them to the US and sells them. If you a car from them and it explodes, injuring you, you shouldn't have to sue un

    • by BitZtream (692029)

      When you do business in a state you are also bound by the laws of that state.

      If Delta had no business activities themselves in California, they wouldn't have an issue. Every Delta ticket counter that exists in California makes them subject to the laws of California.

    • Despite what the Anonymous Coward said, it is not because they can reasonably expect a person in California to use it. The reason is that Delta does business in California. They have employees who work there. As a result, they need to comply with California law in any way that their business takes place in California. If they were, for example, to make the app not allow you to book a flight out of California they might be able to avoid complying with this law. I am pretty sure that if this app could not be
    • I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy?

      Delta has considerable physical business presence in California. Why wouldn't they be subject to California law?

    • I wonder how Delta, a Georgia based company can be subject to California law with respect to online privacy?

      Delta has hubs and employees in California. It does plenty of business in California, probably far more than they do in Georgia. The location of an HQ means less and less these days.

      Thought, I do agree with your main point. Airline travel is so obviously an interstate issue, it should be regulated by the Federal government, not the State.

  • by Anonymous Psychopath (18031) on Saturday December 15, 2012 @09:55AM (#42300877) Homepage

    Aside from the photos, I can think of a logical reason for each of the other permissions listed.

    Name is needed for check-in and boarding pass creation.
    Delta will send flight updates via text message, for which a phone number is required. Ditto for email.
    Frequent flyer number and PIN code are used to access your Delta account.
    Geolocation so it knows which airport you're in.

    They should disclose what information they collect as required by law, but the assertion that these permissions are "absurd and disturbing" is ludicrous and obviously the opinion of someone who does not travel often, or is uninterested in utilizing technology tools when they do.

    • Re: (Score:3, Insightful)

      by dochin (1044440)
      You're right on the money. There used to be a feature of the app that allowed you to take a geotagged picture of your car in the parking lot so you could find it later. It's not unreasonable to think that permission was left in after the feature was removed either by mistake or some technical issue with the App Store/iOS apps in general. At least it doesn't spy on my contacts and text messages like many other free apps. I do wish iOS App Store had a feature similar to the google store for android that show
    • Aside from the photos...

      Looking at the screenshots of their app on the Google Play Store. It looks like they might be doing something with QR codes. Most likely, scanning QR codes requires access to the camera, hence the "Hardware Controls: take pictures and videos" permission.

      It also does require "Storage: modify or delete the contents of your USB storage modify or delete the contents of your SD card" permission, which I'm less sure about. May be that one is a frivolous permission. In any case, I doubt very much that Delta is per

      • by Neelix21 (143043)

        Aside from the photos...

        Looking at the screenshots of their app on the Google Play Store. It looks like they might be doing something with QR codes. Most likely, scanning QR codes requires access to the camera, hence the "Hardware Controls: take pictures and videos" permission.

        They have a feature to take a picture of your luggage tag so that you can track it while travelling. Not quite QR codes, but similar.

    • The photo is used so you can take a picture of the parking lot where you left your vehicle, or of your luggage tag barcode.

  • Kind of silly (Score:5, Insightful)

    by Emperor Shaddam IV (199709) on Saturday December 15, 2012 @10:29AM (#42301019) Journal

    I have this app on my iPhone. You can use it as a guest, but really its for frequent flyers that already have Delta sky miles accounts. The majority of people using this app have already provided most of the mentioned personal information, if not more because they have a SkyMiles Account and they have bought plane tickets. So this lawsuit is kind of silly in my opinion.

    • One other point. Cities are going bankrupt in California and they just had to raise taxes to help met a budget shortfall. Shouldn't the State of California focus on solving its internal problems managing money, instead of going after airlines because they write apps that ask for your personal information to HELP you keep track of the flights you are on? What a mis-directed use of state government time and resources this is.

      • by Thiez (1281866)

        > going after airlines because they write apps that ask for your personal information to HELP you keep track of the flights you are on?

        Won't somebody think of the poor airlines that require access to your pictures to keep track of your flights? They're just trying to HELP you! Why is California being such a meany! :'(

        • They never required a picture from me to board a plane or nor have I ever had to use this app if I didn't want to. And I have flown delta more than 100 times in the last 10 years. The app isn't a requirement to board a flight or purchase a ticket. Much ado about nothing.

      • by pete6677 (681676)
        California officials have no desire to confront their fiscal problems. They would rather add to them by doing things such as building high-speed rail to nowhere and a football stadium in LA for a team they don't have using money they don't have. But it keeps the unions happy, which keeps Democrat politicians elected. That is how California (and Illinois) work in a nutshell.
        • California officials have no desire to confront their fiscal problems.

          Uh, well, except that they just presented a plan to voters that pretty much completely solves the fiscal problems for the foreseeable future, and the voters passed it.

          They would rather add to them by doing things such as building high-speed rail to nowhere

          The termini of the proposed high speed rail systems are the most populous areas of the state (and the project also includes upgrades for existing conventional intercity and commuter

      • I think it's called "fiddling while rome burns"

      • Cities are going bankrupt in California and they just had to raise taxes to help met a budget shortfall. Shouldn't the State of California focus on solving its internal problems managing money

        Cities are separate governments from the State, and, as you note, the State already largely addressed its budget shortfall, because in a surprising outbreak of common sense, voters voted to raise taxes to pay for the services they've demanded. There's still a small projected deficit under current policy for the next

    • Silly? I don't think it's silly at all. It's a perfectly reasonable lawsuit, one that is likely to succeed.

      Something that needs to be pointed out here is that the CA online privacy law is really NOT that onerous. It's not setting some insanely high bar for developers and companies to pass--as it applies to this case, it is simply requiring that users be notified upon installation of what information may be collected through the app and how it might be used. It's not as if that law even has any real teet

      • Like I said in my original post most if not all of the people using this app have already provided a lot of personal information to Delta. Seriously, you need a sky miles ID to log in and do most things, so most users of this app are just tying back to a Sky miles account with information that has already been provided. So they aren't really "collecting" any data that they don't already have.

        • You're typing and typing but you're not actually listening--typical behavior for someone doesn't want to actually think about the issue.

          The whole point of having a privacy policy is that people can see that Delta is at least meeting their obligations to inform its customers. It's not about what Delta already has on them. It's about showing some basic, minimum level of responsibility--and they apparently can't even do that. It's NOT hard for them to do, and it IS the law.

          And if you haven't noticed, the la

          • By the way, there is a link to the privacy policy on the first page of the app.

          • by chrylis (262281)

            The whole point of having a privacy policy is that people can see that Delta is at least meeting their obligations to inform its customers. It's not about what Delta already has on them. It's about showing some basic, minimum level of responsibility--and they apparently can't even do that. It's NOT hard for them to do, and it IS the law.

            And if you haven't noticed, the lack of a privacy policy does mean that Delta could technically store all your photos taken with your phone through their app, and potentiall

  • I agree you read the permissions and decide to install or not. putting a sandbox around the app? sure, but then more people will complain about broken apps and support will be even more difficult. i could list lots of examples where people set a control and forget they did, and then complain that something is broken, when it is in fact their fault its broken.

    now what i want to know is why this is news on /. Calif. did this on Dec 6, and delta updated their app on Dec 7 (http://www.androidcentral.com/de

  • by i68040 (2795827) on Saturday December 15, 2012 @11:39AM (#42301349) Homepage
    That is one advantage to using a BlackBerry: you can pick which permissions you want an app to have.
  • It's because the apps are paid for with marketing money instead of operations money. Businesses don't feel the need to offer you better service unless you pay them for it. Here you are selling your PPI in return for the ability to see when you flight is arriving. A little off base in my book.

  • The photos on your phone aren't personal information but they are copyrighted material. Are they copying the photos are the metadata?
  • Why is it we still can't control what permissions an app has on our phones? It's absurd and disturbing that an app for checking flights and baggage demands all of those permissions.

    If you are not running CyanogenMOD then it is your own fault for installing 3rd party apps that cannot be trusted.

All warranty and guarantee clauses become null and void upon payment of invoice.

Working...