Legal QuestionsAbout Cell Phone Privacy More Questions than Answers
Cell Site Location Information• Carriers are required to triangulate phone locations for e911 service• As tower density increases, location becomes more precise • 3 antennas per tower - 120º range each • Signal strength per tower triangulated• Carriers choose to store this data, some as long as 3 years
Who can access your Cell Site Location Info?• Not you! (Wired survey published 09.28.11)• Anyone the carrier wants to share it with? • Most are unwilling to risk selling it outright • Sold “anonymized” or aggregated.• Law Enforcement (for a fee) • Warrant, order or subpoena not necessary. (Maybe?)
Why Is Data Available? Why Is Data Available?• No Supreme Court decision: decided by lower courts, each differently.• Cell Site Location Data may be a business record owned by carrier. (Governed by US v. Miller (1976) RE: Taxes & Bank account) (Covered by Stored Communications Act 18 U.S.C. § 2703)• Cell Site Location Data may be covered by “Pen/Trap” statute. (18 U.S.C. § 3122)• May be covered by Telecom Act. ensuring privacy and providing customers access (47 U.S.C. § 222)• ”Color of law” (Not legal)
Privacy Between You and Corporations?• Generally, when you send information to someone, unless otherwise agreed, it becomes theirs, depending on expectation.• Application providers, cell phone manufacturers and cell phone providers may make requests for data.• What they may do with that data depends on expectations that are set.
CarrierIQ and You• BIG question: Can someone put something on your phone to collect data on you.• Short answer: If that “someone” is you.• Longer answer: Maybe if you let them. Or it was there when you bought it or... (In re IPHONE APPLICATION LITIG. (2012): CarrierIQ class action, mostly dismissed, but no final judgement or appeals)
Pushing Software• Only vague consent for tracking objects required. In re DoubleClick Inc. Privacy Litig. (Dist. Ct. 2001): Cookies are legal.• Can collect anything so long as the user doesn’t object• Social Engineering on a corporate scale
Enter the FederalCommunications Commission• FCC is an agency: “rules” instead of “statutes”. Heard by special courts.• Act of Congress for FCC to enforce: Telecommunications Act of 1996 (47 U.S.C. § 222)• “EPIC CPNI Order” requires opt-in consent for selling customer data to third parties Telecommunications Act of 1996 Implementation: Telecommunications Carriers Use of Customer Proprietary Network Info. & Other Customer Info. Ip-Enabled Services , (2007)• Challenged by carriers (!) and upheld: Natl Cable & Telecommunications Assn v. F.C.C. (D.C. Cir. 2009)
The FCC is Considering the Problem• Looking for input on privacy issues that Carrier IQ raises. (Comments closed July 30, 2012)• All carriers argue they need to give 3rd parties personal data on their customers to maintain good service.• Carriers may be held responsible for privacy of data stored on the phone.
You Expected Privacy? You Expected Privacy?• “Computer use” policy can also apply to phones, pagers. (City of Ontario, CA v. Quon (2011): Explicit pages get exposed)• If you don’t own it, you can’t count on privacy. (From people who do.)• (Pagers? 2011? Says something about the speed of courts, doesn’t it?)
Conclusion• Privacy! It’s not dead yet! . . . unless we expect it to be.