legal questions surrounding cell phone privacy
Post on 14-Dec-2014
534 Views
Preview:
DESCRIPTION
TRANSCRIPT
Legal Questions About Cell Phone
Privacy
Legal Questions About Cell Phone
PrivacyMore Questions than AnswersMore Questions than Answers
Cell Site Location Information
• Carriers are required to triangulate phone locations for e911 service
• As tower density increases, location becomes more precise
• 3 antennas per tower - 120º range each
• Signal strength per tower triangulated
• Carriers choose to store this data, some as long as 3 years
Who can access your Cell Site Location Info?
• Not you! (Wired survey published 09.28.11)
• Anyone the carrier wants to share it with?
• Most are unwilling to risk selling it outright
• Sold “anonymized” or aggregated.
• Law Enforcement (for a fee)
• Warrant, order or subpoena not necessary. (Maybe?)
Law EnforcementWhy Is Data Available?
• No Supreme Court decision: decided by lower courts, each differently.
• Cell Site Location Data may be a business record owned by carrier. (Governed by US v. Miller (1976) RE: Taxes & Bank account)(Covered by Stored Communications Act 18 U.S.C. § 2703)
• Cell Site Location Data may be covered by “Pen/Trap” statute. (18 U.S.C. § 3122)
• May be covered by Telecom Act. ensuring privacy and providing customers access (47 U.S.C. § 222)
• ”Color of law” (Not legal)
Privacy Between You and Corporations?
• Generally, when you send information to someone, unless otherwise agreed, it becomes theirs, depending on expectation.
• Application providers, cell phone manufacturers and cell phone providers may make requests for data.
• What they may do with that data depends on expectations that are set.
CarrierIQ and You
• BIG question: Can someone put something on your phone to collect data on you.
• Short answer: If that “someone” is you.
• Longer answer: Maybe if you let them. Or it was there when you bought it or...(In re IPHONE APPLICATION LITIG. (2012): CarrierIQ class action, mostly dismissed, but no final judgement or appeals)
Pushing Software
• Only vague consent for tracking objects required. In re DoubleClick Inc. Privacy Litig. (Dist. Ct. 2001): Cookies are legal.
• Can collect anything so long as the user doesn’t object
• Social Engineering on a corporate scale
Enter the Federal Communications
Commission
• FCC is an agency: “rules” instead of “statutes”. Heard by special courts.
• Act of Congress for FCC to enforce: Telecommunications Act of 1996 (47 U.S.C. § 222)
• “EPIC CPNI Order” requires opt-in consent for selling customer data to third parties Telecommunications Act of 1996 Implementation: Telecommunications Carriers Use of Customer Proprietary Network Info. & Other Customer Info. Ip-Enabled Services , (2007)
• Challenged by carriers (!) and upheld: Nat'l Cable & Telecommunications Ass'n v. F.C.C. (D.C. Cir. 2009)
The FCC is Considering the Problem
• Looking for input on privacy issues that Carrier IQ raises. (Comments closed July 30, 2012)
• All carriers argue they need to give 3rd parties personal data on their customers to maintain good service.
• Carriers may be held responsible for privacy of data stored on the phone.
The Federal Trade Commission Is Interested
• (FTC) Deceptive Trade Practices Act: privacy policy must be accurate and understandable to average users (15 U.S.C. § 45)
• “Legalese” no longer cuts it. (why it did before is a longer discussion)
• “Opt out” (e.g. Facebook Consent Order): Fined
• Now looking at other businesses, specifically including Carrier IQ issues
• Vagueness or obfuscation in apps catches the attention of the Federal Trade Commission.
Work Phone? You Expected Privacy?
• “Computer use” policy can also apply to phones, pagers.(City of Ontario, CA v. Quon (2011): Explicit pages get exposed)
• If you don’t own it, you can’t count on privacy. (From people who do.)
• (Pagers? 2011? Says something about the speed of courts, doesn’t it?)
Conclusion
• Privacy! It’s not dead yet!. . . unless we expect it to be.
top related