Law in the Internet Society

Cellular Invasions of Privacy

-- By AustinLeach - 01 Jan 2012 (draft is ready)

Introduction

Cell phone companies use tracking software to locate consumers and monitor their phone usage. This private information can be sold or given to third parties under the false premise that it enables “better service.” In most circumstances however, the consumer is unaware that his personal information is being tracked, recorded, and traded. Is there a way for the law to better protect these cellular invasions of privacy?

Cell Phone User Tracking and Usage Monitoring

Cell phone companies have the ability to trade a user’s location to third parties. During the 2011 Black Friday holiday shopping weekend this year, two US malls considered using FootPath? Technology to track consumers’ movements by monitoring their cell phones, according to a CNN.com Money report. The malls’ joint management company claimed it would not look at individual shoppers, that it would anonymously mine the data to better understand shopping patterns, and that the system did not take pictures or collect data on what shoppers purchased. Users could “opt-out” of the program by turning off their phones upon coming within range of the mall. Although management eventually decided not to proceed with the program, other large retail chains such as JC Penney are considering using the technology, and retail companies in Europe have already implemented similar programs.

Not only can a user’s location be traded, but cell phone service providers also use software that tracks cell usage and activities, including battery life, applications, and text messages. According to a recent Wired.com article, an independent Android developer discovered such software developed by Carrier IQ on Android phones. Carrier IQ’s marketing manager stated the software was for understanding the “mobile-user experience”—where calls are dropped, why applications crash, and how many texts fail. However, the rootkit software operates like a Trojan that keeps itself and other programs hidden from detection. Rootkits keep certain files hidden from display, can control the use of licensed or copyrighted material, and can prevent the user from removing the hidden enforcement program. Additionally, Carrier IQ’s marketing manager confessed that the software allowed the company to read user’s text messages if it wanted .

Potential Protections?

What are some protections—in the law or otherwise—for these cellular invasions of privacy?

State eavesdropping laws can be tweaked to prohibit phone companies from using rootkit software on cell phones. Under New York Penal Law §250.05, a person is guilty of eavesdropping when he unlawfully engages in mechanical overhearing of a conversation, or intercepting or accessing of an electronic communication. However, under §250.00, telephone companies are exempted from the definitions of “wiretapping” and “telephonic communication” when they engage in such activity “for a legitimate business purpose.” Legislation that did not provide exemptions for phone companies would, in theory, prohibit eavesdropping through rootkit software.

Another way to provide better privacy protections would be new legislation requiring both disclosure and an opt-in regime for cell companies that sought to monitor cell usage or provide user locations to third parties. Current cell phone agreements are lengthy boilerplate documents with terms and conditions that the general consumer agrees to without close scrutiny. These clauses, such as AT&T’s location-based services clause, state that the company reserves the right to use the consumer’s location, usage, and performance information to provide the consumer with its services, and to maintain and improve the network and the quality of the wireless experience. If not completely barred from monitoring cell usage or providing locations to third parties, companies should be forced to clearly disclose what and how such tracking information would be used. Additionally, such a law would require phone companies to obtain permission to collect and use the data. This can be accomplished with cell phone software that, upon the very first system startup after purchase, tells the user what information is collected (location, text, usage, etc.) and asks him if he wants his information sent to the phone company. While this does not prevent tracking by the phone companies as some users will certainly opt in, it at least gives users the option to reject the privacy invasion.

Two potential sources of enforcement exist for the above proposals. The first lies with the Federal Trade Commission’s Bureau of Consumer Protection. The BCP, acting in a role similar to the Securities Exchange Commission, could test and monitor the software used in cell phones and other mobile devices, and could seek settlements on behalf of consumers when the phone companies breach users’ privacy rights. The second source of enforcement could come from those whose privacy rights are being diminished—the consumer. A private right of action should exist for individuals whose information is being tracked or traded without their consent. Although the average consumer would not likely discover these breaches on his own, independent developers, like Trevor Eckhart who discovered Carrier IQ in Andriod phones, could assist the public greatly by publishing their findings.

Conclusion

Although the United States is probably far from political parties based on internet rights, it is not too early to identify privacy breaches and pressure phone companies and government officials to ensure consumer privacy rights. The legal and institutional foundations exist for prohibiting cellular invasions of privacy. Removing exemptions in eavesdropping laws for phone companies, or forcing disclosure and opt-in regimes are two ways to better protect consumer privacy. Although the proper mechanisms for initiating such a change in the law require significant political power against cell phone interest groups, 2011’s Occupy Wall Street movement has shown that some Americans are starting to notice and mobilize against economic and power inequalities. Only when consumers realize that great economic and power inequalities exist in the cell phone industry can the public begin to seek protections against the cellular invasions of privacy.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Navigation

Webs Webs

r4 - 04 Sep 2012 - 22:02:22 - IanSullivan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM