GREG WALDEN, OREGON FRANK PALLUNE, JR., NEW JERSEY CHAIRMAN RANKING MEMBER ONE HUNDRED FEFTEENTH CONGRESS Congress at the ?ttm?trh gnu-ates mouse at COMMITTEE ON ENERGY AND COMMERCE 2125 RAYBUHN HOUSE BUILDING WASHINGTON, DC 20515?6115 22': 292i Minorltv :2023 Rtirll July 9, 2018 Larry Page Chief Executive Of?cer Alphabet, Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043-13514 Dear Mr. Page: The Energy and Commerce Committee is reviewing business practices that may impact the privacy expectations of Americans. We write today to learn more about the capabilities of Google?s Android devices, in particular the collection and use of consumer data and microphone functionality of Android phones. Recent reports have indicated that consumer data, including location information, recordings of users, and email contents, may be used in ways that consumers do not expect. We seek Google?s assistance in understanding the accuracy of these reports. According to media reports published in November 2017, Android phones collect information on nearby cellular towers even if location services, WiFi, and Bluetooth capabilities are disabled, no third-party apps are installed or running, and the phones lack subscriber identi?cation module (SIM) cards.1 The report explained that this information is held locally on the phone until network capabilities are reestablished, at which point the data is sent to Google.2 Additional information provided to the Committee suggests that this behavior is not limited to cellular tower data but is also gathered for nearby i hotspots and Bluetooth beacons. Other behaviors that could have an impact on consumer protection issues were also raised, such as the fact that reenabling location services for one app on an Android phone reenables location services for all apps on that phone. Keith Collins, Googie coiiccis Android users? iocarioas even when location services are disabied, QUARTZ (Nov. 21, 20W), 1 L3 IS IS 2 id. Letter to Mr. Page Page 2 Android users have a reasonable expectation of privacy when taking active steps to prevent being tracked by their device. Considering that many consumers likely believe that a phone that lacks a SIM card, or one for which they have af?rmatively disabled location services, WiFi, or Bluetooth such as through turning on ?Airplane Mode? is not actively tracking them, this alleged behavior is troubling. Recent reports have also suggested that smartphone devices can, and in some instances, do, collect ?non-triggered? audio data from users? conversations near a smartphone in order to hear a ?trigger? phrase,3 such as ?okay Goo gle?4 or ?hey Siri.?5 It has also been suggested that third party applications have access to and use this ?non-triggered? data without disclosure to users. Changes to the Google Play Store terms, including the Safe Browsing changes,6 announced in December 2017, signi?cantly increased required disclosures to users by third-party apps about data collection and use practices.l Improving disclosures for users should remain a goal for the entire ecosystem, but it is of particular note when one of the two major app platforms updates requirements for third-party app developers con?rming the control that can be exercised over which apps are available to users and their functionality. In a similar circumstance, in June 2017, Google announced changes to Gmail that would halt scanning the contents of a user?s email to personalize advertisements to ?keep privacy and security paramount.?3 Last week, reports surfaced that in spite of this policy change, Goo gle still permitted third parties to access the contents of users? emails, including message text, email signatures, and receipt data, to personalize content.9 In the context of free services offered by third parties, these practices raise questions about how representations made by a platform are carried out in practice. Therefore, pursuant to Rules and XI of the United States House of Representatives, we ask that you respond to the following questions by no later than July 23, 2018: 3 See Sam Nichols, Your Phone ls Listening raidr it?s Nor Paranoia, VICE NEWS, June 4, 2013, available at wu . viceeum-?cn an {attic in u-anil?ts?not?pa ranpia. 4 Google Search Help, Use Googie? on Android, sup port . goo we hsgarch ?answer. 60;] (last accessed June 22, 2018). 5 Apple, The Basics, (last accessed June 22, 20l3). ?5 Google, Safe Browsing, {last accessed one 22, 2013). 7 Brandon Vigliarolo, Googie ?s new app privacy standards mean big changesfor developers, TECHREPUBLIC, December 4, 2017, available at 3 Jack Nicas, Googr'e to Stop Reading Users? Emaiis to Target Aa's, THE WALL STREET JOURNAL, June 23, 2017, available at 9 Douglas Machllan, Teen ?3 ?Diriy The App Developers Sming Through Your Gmail, THE WALL STREET JOURNAL, July 2, 2013, available at through -your~gm ail-. 530544442?shareToken=stl 6ef?3 93b9 2947ec366l?7 71241344 I Lett'er to Mr. Page Page 3' DJ . When an Android'phone- lacks a phone programmed to collect and locally store information through a different data-collection capability, if "available, regarding: Nearby cellular toWers; 13.- Nsarbr'WiFi hotspots; or, c. Nearby'Blueto'oth beacons-i?I If the answers to any of the preceding questions-are ?yes,? are Android phones lacking SIM cards programmed to send -this..locally~.stored inforrnat'i'on to Goo'g'le-- when one or more networking capabilities. are established? . When the-WiFi capabilities on an Android phone- are disabled, is that phone programmed to collect and, locally Store: infonnation through a different data? .collection capability, regarding: a Nearby cellular towers;- b. Near-b3,r W?iFi ho_tspots; or. 1: Nearby Bluetooth beacons? If the answers to any of the preceding questions are are Android phones with disabled 1 programmed to send this lo?callj'nstored information to Google when one. .or more networking capabilities are established? When. the _Biuetooth capabilities on an Android phone are disabled is; that _phone programmed to collect and locaily store infonnation through. a different data- collection capability, if aVailable regarding: a. Nearby cellular towers b. Nearby WiFihotspots; or, Nearby- Blueto?oth beaconS? If the answers _to any of the preCeding questions are? ?ayes? Android phones with disabled Bluetooth programmed to send this locally-stored information to- Google when one or more networking capabilities are-- established? .. When the location services capabilities. on an Android phone are disabled is that. phone programmed to collect and locally store information through .a different data? collection capability, if a-vailable regarding: 21 Nearby cellular towers; Nearby WiFi hotspots; or c. Nearby Bluetooth beacons}?- Letter to Mr. Page Page 4 0-. ll. '12. 13. If a consumer using-an Andrdid phone has disabled 'locat'ionjservices for multiple apps, but then reje'nables. location services for one app, are Android: phones programmed to reenable location services for all apps on that phone? 21.. lives, how is this-reenabling of locations services for-a1] apps disclosed to .a uSer? b. Why has Google chosen not'to allowlocation services to beturned on individually for speci?c apps and not._others an all .or nothing approach? DoGoogleisAndroid devices have the capability to. listen to ccinsunters withouta clear, unambiguous audio. trigger? a. _If yesg'h'ow is this data used by Google. or other Alphabet companies?-Please. describeany use or storage of these data. b: If yes, what-access; to this data does Google give-to third parties, including-app developers? include screen shots-of disclosures as appropriate. '13. If YES, has Google' considered. using visual, _or other alert, to ._let consumers know-whens devicesi Iniicroph'one is recording? Please describe why, or Why not, such an alert is, or-is not? provided on Android smartphones or-other- smart device's running on an Android "operating systen?i, Do- Goo'gleis Android devices collect audio; recordings of users without consent? If no, please include screen shots and links to public disclosures made. to; users. about this collection. Please provide copies of all of Google 3 poliCies for data collection via the microphone or via the WiFi Bluetooth or cellular network capabilities on Google Andioid device's. Please provide Goo gie policies as they pertain to third party access and use, including but not limited to app deve__ opers and developer guidelines of any data collected via the microphone particularly data not decompanied by the ?trigger? phrase okay Google,? or via the WiFi Bluetooth, or cellular network capabilities on Google 5 Android devices Could Google control or limit the data collected by apps 'available-onthe GooglePlay Store? a. Please provide alist of all data elements that can be collected by a third?party appdonmloaded on an Android device about a user, including but notlimited to contact lists storeden the Android device and location information generated by the Android device. Letter to Mr. Page Page =5 14. What limits does Goo'gle place on third-party app Idevel?persi? ability to. collect inforrnation about users? or- from users" devices? Please describe in detail changes made in June 2111 from; prior policies. 15. How does Goo gle monitor and evaluate whether third- party apps are following the Google Play rules'? Have any companies ever been suspended. oribanned from Googlc' Play-for Violating the Gocgle Play rules? b. In those cas,es if any exist, 'were user's noti?ed that their. data was misused 111 violation of the Google. Play rules? If yes, please provide any screen shOts of such noti?cation and a deseription of the conditions under which such a noti?cation would be sent by Goo gle d; What. recourse does Google provide. for users when their data 1s misused in such a?case? 1.6. What data and information does-Google provide-to outsidesoftWare developer-s, or allow ontside softwaredevelopers tot-access, regarding or relating to Gmail? users? 17. How many outside software deveioperse or third parties, arepe'nnitted to access a u's?er?s email contentswith or without, consent. on Gmail? a. Please prostide a comprehensitre list of the companies with access to a useris email contents on Ginail-. Please. specify which companies obtain consent through their terms of service and those, if any, that do not obtain consent. b. Please describe the. process for reviewing and approving thiid party access to user 5 email contents on Gmail?? c. What.restrictions?, Goo gle' place on'how data from Gm'ail users may be used? d. What additional are-taken by. Gongleto verify? that the actiVity of companies granted acces?s'to user?s email contents meets Google?s terms-of service?- 1.8. Please. provide. Goo gie policies as. they pertain to third party access and nae, including but. not limited to app developers and developci guidelines, of any data or information collected from a use?r 5 email Contents on Gmail. Pleas?e- also make arrangements to provide Committee 'staff with a brie?ng- on these topics. A11 attachment torthis' letter provides additional infennation about respondingto the Committee?s request. If you have-any quest-ions, please: contact Melissa'Froelich, Robin Colwell, or Jen Barbl'an ofthe. Committee staff 'at (202-) 22-5-2927. Thank you for- ;you'r prompt attention to this. request; Letter to Mr. Page Page 6 @mA Greg @den Chairman Mchbum Chairman Subcommittee on Communications and Technology Attaclunent Sincerely, QUE-94 mm Gregg [7 Chairman Subcommittee on Oversight and Investigations Robert E. Latta Chairman Subcommittee on Digital Commerce and Consumer Protection