Privacy Critics Raise Alarm over Pokemon GO's Collect-It-All Power
Sen. Al Franken questioning "extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information"
The runaway success of the interactive augmented reality game Pokemon GO was overshadowed this week by privacy complaints, prompting the app to issue an update to its policies--but critics, including Sen. Al Franken (D-Minn.), remained concerned that its parent company is still trying to "catch them all."
Franken wrote a letter (pdf) to Niantic Inc CEO John Hanke on Tuesday asking for information about the app and expressing concern "about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information without their appropriate consent."
"As the augmented reality market evolves, I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players," wrote Franken, who chairs the Senate Subcommittee on Privacy, Technology, and the Law.
Using players' GPS coordinates and Google map of their city, Pokemon GO superimposes characters from the games for users to catch and train for virtual battle against other players.
It was revealed earlier this week that Pokemon GO users were, in signing up, automatically granting Niantic access to their email address, IP address, browsing history, and location, among other data, unless they opted out of certain authorizations listed in a lengthy terms of service agreement.
And iPhone users who signed in with their Google accounts and did not opt out were allowing Niantic full access to their accounts, including read and write privileges to their email.
Niantic claimed that particular policy was a mistake, issuing an update that removed that access and instead only collected users' names and Gmail addresses. But Franken wrote that other privacy issues remained.
"We recognize and commend Niantic for quickly responding to these specific concerns, and ask for continued assurance that a fix will be implemented swiftly," his letter continued.
Marc Rotenberg, president of the digital rights group Electronic Privacy and Information Center (EPIC), told the Wall Street Journal on Wednesday that there were no practical reasons for the app to request personal information.
"You can build a game that superimposes graphics over the real world, that relies on maps and locations, without having to know a person's name," he said. "Niantic made the choice not to do that."
Franken issued several questions for Hanke to answer, including:
- Can you explain exactly which information collected by Pokemon GO is necessary for the provision or improvement of services? Are there any other purposes for which Pokemon GO collects all of this information?
- If, in fact, some of the information collected and/or permissions requested by Pokemon GO are unnecessary for the provision of services, would Niantic consider making this collection/access opt-in, as opposed to requiring a user to opt-out of the collection/access?
- Can you provide a list of current service providers? Does Pokemon GO also share users' information with investors in Pokemon GO?
"Pokemon GO's privacy policy specifically states that any information collected--including a child's--'is considered to be a business asset' and will thus be disclosed or transferred to a third party in the event that Niantic is party to a merger, acquisition, or other business transaction," Franken's letter continues.
He also asked for an update on Niantic's updated policy revoking its full access to Google accounts and for Hanke to "confirm that Niantic never collected or stored any information it gained access to as a result of this mistake."
Franken gave Hanke until August 12 to reply.
Rotenberg noted to the WSJ, "I think people care about their privacy but the reality is that there is very little they can do about it and they know that."
Urgent. It's never been this bad.
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission from the outset was simple. To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It’s never been this bad out there. And it’s never been this hard to keep us going. At the very moment Common Dreams is most needed and doing some of its best and most important work, the threats we face are intensifying. Right now, with just four days to go in our Spring Campaign, we are not even halfway to our goal. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Can you make a gift right now to make sure Common Dreams not only survives but thrives? There is no backup plan or rainy day fund. There is only you. —Craig Brown, Co-founder |
The runaway success of the interactive augmented reality game Pokemon GO was overshadowed this week by privacy complaints, prompting the app to issue an update to its policies--but critics, including Sen. Al Franken (D-Minn.), remained concerned that its parent company is still trying to "catch them all."
Franken wrote a letter (pdf) to Niantic Inc CEO John Hanke on Tuesday asking for information about the app and expressing concern "about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information without their appropriate consent."
"As the augmented reality market evolves, I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players," wrote Franken, who chairs the Senate Subcommittee on Privacy, Technology, and the Law.
Using players' GPS coordinates and Google map of their city, Pokemon GO superimposes characters from the games for users to catch and train for virtual battle against other players.
It was revealed earlier this week that Pokemon GO users were, in signing up, automatically granting Niantic access to their email address, IP address, browsing history, and location, among other data, unless they opted out of certain authorizations listed in a lengthy terms of service agreement.
And iPhone users who signed in with their Google accounts and did not opt out were allowing Niantic full access to their accounts, including read and write privileges to their email.
Niantic claimed that particular policy was a mistake, issuing an update that removed that access and instead only collected users' names and Gmail addresses. But Franken wrote that other privacy issues remained.
"We recognize and commend Niantic for quickly responding to these specific concerns, and ask for continued assurance that a fix will be implemented swiftly," his letter continued.
Marc Rotenberg, president of the digital rights group Electronic Privacy and Information Center (EPIC), told the Wall Street Journal on Wednesday that there were no practical reasons for the app to request personal information.
"You can build a game that superimposes graphics over the real world, that relies on maps and locations, without having to know a person's name," he said. "Niantic made the choice not to do that."
Franken issued several questions for Hanke to answer, including:
- Can you explain exactly which information collected by Pokemon GO is necessary for the provision or improvement of services? Are there any other purposes for which Pokemon GO collects all of this information?
- If, in fact, some of the information collected and/or permissions requested by Pokemon GO are unnecessary for the provision of services, would Niantic consider making this collection/access opt-in, as opposed to requiring a user to opt-out of the collection/access?
- Can you provide a list of current service providers? Does Pokemon GO also share users' information with investors in Pokemon GO?
"Pokemon GO's privacy policy specifically states that any information collected--including a child's--'is considered to be a business asset' and will thus be disclosed or transferred to a third party in the event that Niantic is party to a merger, acquisition, or other business transaction," Franken's letter continues.
He also asked for an update on Niantic's updated policy revoking its full access to Google accounts and for Hanke to "confirm that Niantic never collected or stored any information it gained access to as a result of this mistake."
Franken gave Hanke until August 12 to reply.
Rotenberg noted to the WSJ, "I think people care about their privacy but the reality is that there is very little they can do about it and they know that."
The runaway success of the interactive augmented reality game Pokemon GO was overshadowed this week by privacy complaints, prompting the app to issue an update to its policies--but critics, including Sen. Al Franken (D-Minn.), remained concerned that its parent company is still trying to "catch them all."
Franken wrote a letter (pdf) to Niantic Inc CEO John Hanke on Tuesday asking for information about the app and expressing concern "about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information without their appropriate consent."
"As the augmented reality market evolves, I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players," wrote Franken, who chairs the Senate Subcommittee on Privacy, Technology, and the Law.
Using players' GPS coordinates and Google map of their city, Pokemon GO superimposes characters from the games for users to catch and train for virtual battle against other players.
It was revealed earlier this week that Pokemon GO users were, in signing up, automatically granting Niantic access to their email address, IP address, browsing history, and location, among other data, unless they opted out of certain authorizations listed in a lengthy terms of service agreement.
And iPhone users who signed in with their Google accounts and did not opt out were allowing Niantic full access to their accounts, including read and write privileges to their email.
Niantic claimed that particular policy was a mistake, issuing an update that removed that access and instead only collected users' names and Gmail addresses. But Franken wrote that other privacy issues remained.
"We recognize and commend Niantic for quickly responding to these specific concerns, and ask for continued assurance that a fix will be implemented swiftly," his letter continued.
Marc Rotenberg, president of the digital rights group Electronic Privacy and Information Center (EPIC), told the Wall Street Journal on Wednesday that there were no practical reasons for the app to request personal information.
"You can build a game that superimposes graphics over the real world, that relies on maps and locations, without having to know a person's name," he said. "Niantic made the choice not to do that."
Franken issued several questions for Hanke to answer, including:
- Can you explain exactly which information collected by Pokemon GO is necessary for the provision or improvement of services? Are there any other purposes for which Pokemon GO collects all of this information?
- If, in fact, some of the information collected and/or permissions requested by Pokemon GO are unnecessary for the provision of services, would Niantic consider making this collection/access opt-in, as opposed to requiring a user to opt-out of the collection/access?
- Can you provide a list of current service providers? Does Pokemon GO also share users' information with investors in Pokemon GO?
"Pokemon GO's privacy policy specifically states that any information collected--including a child's--'is considered to be a business asset' and will thus be disclosed or transferred to a third party in the event that Niantic is party to a merger, acquisition, or other business transaction," Franken's letter continues.
He also asked for an update on Niantic's updated policy revoking its full access to Google accounts and for Hanke to "confirm that Niantic never collected or stored any information it gained access to as a result of this mistake."
Franken gave Hanke until August 12 to reply.
Rotenberg noted to the WSJ, "I think people care about their privacy but the reality is that there is very little they can do about it and they know that."