Legal Questions Surrounding Cell Phone Privacy


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Legal Questions Surrounding Cell Phone Privacy

  1. 1. Legal QuestionsAbout Cell Phone Privacy More Questions than Answers
  2. 2. Cell Site Location Information• Carriers are required to triangulate phone locations for e911 service• As tower density increases, location becomes more precise • 3 antennas per tower - 120º range each • Signal strength per tower triangulated• Carriers choose to store this data, some as long as 3 years
  3. 3. Who can access your Cell Site Location Info?• Not you! (Wired survey published 09.28.11)• Anyone the carrier wants to share it with? • Most are unwilling to risk selling it outright • Sold “anonymized” or aggregated.• Law Enforcement (for a fee) • Warrant, order or subpoena not necessary. (Maybe?)
  4. 4. Why Is Data Available? Why Is Data Available?• No Supreme Court decision: decided by lower courts, each differently.• Cell Site Location Data may be a business record owned by carrier. (Governed by US v. Miller (1976) RE: Taxes & Bank account) (Covered by Stored Communications Act 18 U.S.C. § 2703)• Cell Site Location Data may be covered by “Pen/Trap” statute. (18 U.S.C. § 3122)• May be covered by Telecom Act. ensuring privacy and providing customers access (47 U.S.C. § 222)• ”Color of law” (Not legal)
  5. 5. Privacy Between You and Corporations?• Generally, when you send information to someone, unless otherwise agreed, it becomes theirs, depending on expectation.• Application providers, cell phone manufacturers and cell phone providers may make requests for data.• What they may do with that data depends on expectations that are set.
  6. 6. CarrierIQ and You• BIG question: Can someone put something on your phone to collect data on you.• Short answer: If that “someone” is you.• Longer answer: Maybe if you let them. Or it was there when you bought it or... (In re IPHONE APPLICATION LITIG. (2012): CarrierIQ class action, mostly dismissed, but no final judgement or appeals)
  7. 7. Pushing Software• Only vague consent for tracking objects required. In re DoubleClick Inc. Privacy Litig. (Dist. Ct. 2001): Cookies are legal.• Can collect anything so long as the user doesn’t object• Social Engineering on a corporate scale
  8. 8. Enter the FederalCommunications Commission• FCC is an agency: “rules” instead of “statutes”. Heard by special courts.• Act of Congress for FCC to enforce: Telecommunications Act of 1996 (47 U.S.C. § 222)• “EPIC CPNI Order” requires opt-in consent for selling customer data to third parties Telecommunications Act of 1996 Implementation: Telecommunications Carriers Use of Customer Proprietary Network Info. & Other Customer Info. Ip-Enabled Services , (2007)• Challenged by carriers (!) and upheld: Natl Cable & Telecommunications Assn v. F.C.C. (D.C. Cir. 2009)
  9. 9. The FCC is Considering the Problem• Looking for input on privacy issues that Carrier IQ raises. (Comments closed July 30, 2012)• All carriers argue they need to give 3rd parties personal data on their customers to maintain good service.• Carriers may be held responsible for privacy of data stored on the phone.
  10. 10. The Federal Trade Commission Is Interested• (FTC) Deceptive Trade Practices Act: privacy policy must be accurate and understandable to average users (15 U.S.C. § 45)• “Legalese” no longer cuts it. (why it did before is a longer discussion)• “Opt out” (e.g. Facebook Consent Order): Fined• Now looking at other businesses, specifically including Carrier IQ issues• Vagueness or obfuscation in apps catches the attention of the Federal Trade Commission.
  11. 11. You Expected Privacy? You Expected Privacy?• “Computer use” policy can also apply to phones, pagers. (City of Ontario, CA v. Quon (2011): Explicit pages get exposed)• If you don’t own it, you can’t count on privacy. (From people who do.)• (Pagers? 2011? Says something about the speed of courts, doesn’t it?)
  12. 12. Conclusion• Privacy! It’s not dead yet! . . . unless we expect it to be.