April 29, 2011

Lawmakers To Review Privacy Concerns For Wireless Devices

After reviewing the practices of four major U.S. wireless carriers, two lawmakers are looking to extend privacy codes to third-party application developers.

Currently, the Associated Press (AP) reports that the nation's four largest carriers say that permission is obtained from their customers before it is used to physically locate the subscriber so that they can provide services such as driving directions, family-finder applications and other location-based services. Permission is also obtained before the companies share it with outside mobile apps that provide such services.

Letters by Verizon Wireless, AT&T Inc., Sprint Nextel Corp. and T-Mobile were sent to Representatives Edward Markey and Joe Barton, who are co-chairs of the House Bi-Partisan Privacy Caucus, in response to their inquires about collection, use and storage of location data.

The letters revealed that although wireless carriers generally ask their customers before accessing any location data, developers of mobile phone application were less likely to do so.

"While new third-party applications bring many consumer benefits, there are risks too," Kent Nakamura, vice president for policy and privacy for Sprint, wrote in the letter. "And because mobile devices are now an open platform, consumers can no longer look to their trusted carrier ... to answer all of their questions."

Concern about location tracking were brought to the attention of Markey and Barton after the media reported that Deutsche Telekom AG was tracking the exact coordinates of a German politician who was using its services over a six-month period, reports Reuters.

In addition, Apple Inc.'s iPhone stores data used to help the device locate itself for up to one year. The company has since promised to adjust the mobile software to store less location data and for no more than seven days.

Apple's rival Google Inc. has also been sharply criticized over reports that the Android-based phones track locations of its users.

Third-party developers can access the location of customers any time they want," Barton says. "They shouldn't have free reign over your location data and personally identifiable information."

Markey also agrees with Barton, and says that consumer privacy protections must apply "across the entire wireless ecosystem -- from wireless carriers, to mobile handset makers, to application developers," reports Reuters.

To further discuss consumer protection and privacy in the mobile marketplace, Senate Commerce Committee Chairman Jay Rockefeller will hold a hearing in May. This is in addition to the Senate Judiciary Subcommittee's hearing on privacy, technology and the law next month, where both Google and Apple representatives are expected to testify, Senator Al Franken says.

The matter is still unclear on whether this legislative inquiry will lead to stricter new privacy laws that will encompass app developers.

Wireless carriers are in compliance with federal rules that prohibit them from using customer data that includes location information for purposes other than providing service, or from sharing that information with any outside parties without first obtaining permission from the user.

Since many apps rely on cell tower triangulation that is provided by these wireless carriers to determine a person's location, they may be indirectly bound by federal rules. However, other apps rely on technologies such as GPS, Wi-Fi hot spot databases and even Internet Protocol addresses to find the user's location; and very few government privacy rules apply in situations like these, reports the AP.

"You'll see Congress give it a lot of attention, but it's still going to be difficult to get comprehensive privacy legislation out of this Congress," Medley Global Advisors analyst Jeffrey Silva says.

To help users understand that their locations are being tracked, companies have been experimenting with different approaches.

For example, AP reports that FourSquare requests that users actively "check-in" to the places they visit. Other companies notify their users to let them know that they collect location data, and require users to agree before an app can be downloaded. iPhone apps are required by Apple to obtain user permission before gathering location information.

In addition, CTIA -The Wireless Association, the wireless industry's top trade group, has developed a voluntary set of industry guidelines that "ensure that location-based services adequately notify consumers about location tracking and obtain consent," says the AP.

Regardless, the issue is on the radar of several government agencies, including the Federal Communications Commission, the Federal Trade Commission, as well as Congress, reports the AP.

"After thoroughly reviewing the responses from the wireless carriers, I am left with a feeling of uneasiness and uncertainty," Barton says in a statement.

"The companies informed us that customer consent before access of location data is a common practice, but the disconnect is when third-party applications come in to play ... It is time we hold third-party developers accountable, and I am determined to work with other members of Congress to get this done."


On the Net: