Jul 13, 2016
The runaway success of the interactive augmented reality game Pokemon GO was overshadowed this week by privacy complaints, prompting the app to issue an update to its policies--but critics, including Sen. Al Franken (D-Minn.), remained concerned that its parent company is still trying to "catch them all."
Franken wrote a letter (pdf) to Niantic Inc CEO John Hanke on Tuesday asking for information about the app and expressing concern "about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information without their appropriate consent."
"As the augmented reality market evolves, I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players," wrote Franken, who chairs the Senate Subcommittee on Privacy, Technology, and the Law.
Using players' GPS coordinates and Google map of their city, Pokemon GO superimposes characters from the games for users to catch and train for virtual battle against other players.
It was revealed earlier this week that Pokemon GO users were, in signing up, automatically granting Niantic access to their email address, IP address, browsing history, and location, among other data, unless they opted out of certain authorizations listed in a lengthy terms of service agreement.
And iPhone users who signed in with their Google accounts and did not opt out were allowing Niantic full access to their accounts, including read and write privileges to their email.
Niantic claimed that particular policy was a mistake, issuing an update that removed that access and instead only collected users' names and Gmail addresses. But Franken wrote that other privacy issues remained.
"We recognize and commend Niantic for quickly responding to these specific concerns, and ask for continued assurance that a fix will be implemented swiftly," his letter continued.
Marc Rotenberg, president of the digital rights group Electronic Privacy and Information Center (EPIC), told the Wall Street Journal on Wednesday that there were no practical reasons for the app to request personal information.
"You can build a game that superimposes graphics over the real world, that relies on maps and locations, without having to know a person's name," he said. "Niantic made the choice not to do that."
Franken issued several questions for Hanke to answer, including:
- Can you explain exactly which information collected by Pokemon GO is necessary for the provision or improvement of services? Are there any other purposes for which Pokemon GO collects all of this information?
- If, in fact, some of the information collected and/or permissions requested by Pokemon GO are unnecessary for the provision of services, would Niantic consider making this collection/access opt-in, as opposed to requiring a user to opt-out of the collection/access?
- Can you provide a list of current service providers? Does Pokemon GO also share users' information with investors in Pokemon GO?
"Pokemon GO's privacy policy specifically states that any information collected--including a child's--'is considered to be a business asset' and will thus be disclosed or transferred to a third party in the event that Niantic is party to a merger, acquisition, or other business transaction," Franken's letter continues.
He also asked for an update on Niantic's updated policy revoking its full access to Google accounts and for Hanke to "confirm that Niantic never collected or stored any information it gained access to as a result of this mistake."
Franken gave Hanke until August 12 to reply.
Rotenberg noted to the WSJ, "I think people care about their privacy but the reality is that there is very little they can do about it and they know that."
Join Us: News for people demanding a better world
Common Dreams is powered by optimists who believe in the power of informed and engaged citizens to ignite and enact change to make the world a better place. We're hundreds of thousands strong, but every single supporter makes the difference. Your contribution supports this bold media model—free, independent, and dedicated to reporting the facts every day. Stand with us in the fight for economic equality, social justice, human rights, and a more sustainable future. As a people-powered nonprofit news outlet, we cover the issues the corporate media never will. |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
The runaway success of the interactive augmented reality game Pokemon GO was overshadowed this week by privacy complaints, prompting the app to issue an update to its policies--but critics, including Sen. Al Franken (D-Minn.), remained concerned that its parent company is still trying to "catch them all."
Franken wrote a letter (pdf) to Niantic Inc CEO John Hanke on Tuesday asking for information about the app and expressing concern "about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information without their appropriate consent."
"As the augmented reality market evolves, I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players," wrote Franken, who chairs the Senate Subcommittee on Privacy, Technology, and the Law.
Using players' GPS coordinates and Google map of their city, Pokemon GO superimposes characters from the games for users to catch and train for virtual battle against other players.
It was revealed earlier this week that Pokemon GO users were, in signing up, automatically granting Niantic access to their email address, IP address, browsing history, and location, among other data, unless they opted out of certain authorizations listed in a lengthy terms of service agreement.
And iPhone users who signed in with their Google accounts and did not opt out were allowing Niantic full access to their accounts, including read and write privileges to their email.
Niantic claimed that particular policy was a mistake, issuing an update that removed that access and instead only collected users' names and Gmail addresses. But Franken wrote that other privacy issues remained.
"We recognize and commend Niantic for quickly responding to these specific concerns, and ask for continued assurance that a fix will be implemented swiftly," his letter continued.
Marc Rotenberg, president of the digital rights group Electronic Privacy and Information Center (EPIC), told the Wall Street Journal on Wednesday that there were no practical reasons for the app to request personal information.
"You can build a game that superimposes graphics over the real world, that relies on maps and locations, without having to know a person's name," he said. "Niantic made the choice not to do that."
Franken issued several questions for Hanke to answer, including:
- Can you explain exactly which information collected by Pokemon GO is necessary for the provision or improvement of services? Are there any other purposes for which Pokemon GO collects all of this information?
- If, in fact, some of the information collected and/or permissions requested by Pokemon GO are unnecessary for the provision of services, would Niantic consider making this collection/access opt-in, as opposed to requiring a user to opt-out of the collection/access?
- Can you provide a list of current service providers? Does Pokemon GO also share users' information with investors in Pokemon GO?
"Pokemon GO's privacy policy specifically states that any information collected--including a child's--'is considered to be a business asset' and will thus be disclosed or transferred to a third party in the event that Niantic is party to a merger, acquisition, or other business transaction," Franken's letter continues.
He also asked for an update on Niantic's updated policy revoking its full access to Google accounts and for Hanke to "confirm that Niantic never collected or stored any information it gained access to as a result of this mistake."
Franken gave Hanke until August 12 to reply.
Rotenberg noted to the WSJ, "I think people care about their privacy but the reality is that there is very little they can do about it and they know that."
Nadia Prupis
Nadia Prupis is a former Common Dreams staff writer. She wrote on media policy for Truthout.org and has been published in New America Media and AlterNet. She graduated from UC Santa Barbara with a BA in English in 2008.
The runaway success of the interactive augmented reality game Pokemon GO was overshadowed this week by privacy complaints, prompting the app to issue an update to its policies--but critics, including Sen. Al Franken (D-Minn.), remained concerned that its parent company is still trying to "catch them all."
Franken wrote a letter (pdf) to Niantic Inc CEO John Hanke on Tuesday asking for information about the app and expressing concern "about the extent to which Niantic may be unnecessarily collecting, using, and sharing a wide range of users' personal information without their appropriate consent."
"As the augmented reality market evolves, I ask that you provide greater clarity on how Niantic is addressing issues of user privacy and security, particularly that of its younger players," wrote Franken, who chairs the Senate Subcommittee on Privacy, Technology, and the Law.
Using players' GPS coordinates and Google map of their city, Pokemon GO superimposes characters from the games for users to catch and train for virtual battle against other players.
It was revealed earlier this week that Pokemon GO users were, in signing up, automatically granting Niantic access to their email address, IP address, browsing history, and location, among other data, unless they opted out of certain authorizations listed in a lengthy terms of service agreement.
And iPhone users who signed in with their Google accounts and did not opt out were allowing Niantic full access to their accounts, including read and write privileges to their email.
Niantic claimed that particular policy was a mistake, issuing an update that removed that access and instead only collected users' names and Gmail addresses. But Franken wrote that other privacy issues remained.
"We recognize and commend Niantic for quickly responding to these specific concerns, and ask for continued assurance that a fix will be implemented swiftly," his letter continued.
Marc Rotenberg, president of the digital rights group Electronic Privacy and Information Center (EPIC), told the Wall Street Journal on Wednesday that there were no practical reasons for the app to request personal information.
"You can build a game that superimposes graphics over the real world, that relies on maps and locations, without having to know a person's name," he said. "Niantic made the choice not to do that."
Franken issued several questions for Hanke to answer, including:
- Can you explain exactly which information collected by Pokemon GO is necessary for the provision or improvement of services? Are there any other purposes for which Pokemon GO collects all of this information?
- If, in fact, some of the information collected and/or permissions requested by Pokemon GO are unnecessary for the provision of services, would Niantic consider making this collection/access opt-in, as opposed to requiring a user to opt-out of the collection/access?
- Can you provide a list of current service providers? Does Pokemon GO also share users' information with investors in Pokemon GO?
"Pokemon GO's privacy policy specifically states that any information collected--including a child's--'is considered to be a business asset' and will thus be disclosed or transferred to a third party in the event that Niantic is party to a merger, acquisition, or other business transaction," Franken's letter continues.
He also asked for an update on Niantic's updated policy revoking its full access to Google accounts and for Hanke to "confirm that Niantic never collected or stored any information it gained access to as a result of this mistake."
Franken gave Hanke until August 12 to reply.
Rotenberg noted to the WSJ, "I think people care about their privacy but the reality is that there is very little they can do about it and they know that."
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.