WASHINGTON -- It's an experience every computer or smart phone user has had. After downloading new software or an app, a window pops up with a legal agreement. At the bottom is an "I agree" button. One click, and it's gone.
Most users have no clue what they've agreed to.
That single action can empower software developers to extract reams of personal information -- such as contacts, location and other private data -- from the devices. They can then market the information.
Even as privacy erodes in the digital era, little outcry arises over the digital tracking and profiling of consumers. Only slight murmurs are heard on Capitol Hill.
But a handful of security researchers, lawyers and privacy watchdogs voice increasing concern that consumers might one day wake up in anger at the collection of data by software companies winning rights to do so through "end user license agreements," also known as EULAs. One researcher says the data collection potentially poses a national security threat.
For now, news about how companies collect data emerges in bite-sized stories. In late July, articles brought to light that certain models of the Roomba robotic vacuum not only collect dust as they whir across the floor, they also map the homes of users and send the data back to headquarters. The Massachusetts manufacturer, iRobot Corp., may share the data to enable the smart home and the devices within it to work better. It says it will do so only with customer consent.
iRobot chief executive Colin Angle said, "iRobot will never sell your data." He added that such information "needs to be controlled by the customer and not as a data asset of a corporation to exploit."
Other companies, empowered by the click-through habits of consumers that allow them to gather and sort through data, exploit the information by selling it to data brokers.
"We need legislation that basically forces these companies to be very, very clear on what information they are taking from us when we install these apps," said Michael Patterson, chief executive of Plixer International, a Kennebunk, Maine, cybersecurity firm.
"If they change the EULAs, they have to tell us, and they also have to make what they've taken from us available at any time," Patterson said.