Posts Tagged ‘Location Privacy’
National Telecommunications and Information Administration (NTIA) Holds Public Meeting on Mobile PrivacyFriday, July 13th, 2012
The NTIA’s first multistakeholder meeting on mobile privacy focused on ways to improve the transparency of the privacy practices of mobile apps.
By Alice Cheng
On Thursday, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) held a public meeting in Washington, D.C., to discuss mobile privacy. After taking public comment in March on consumer data privacy, the NTIA decided to address mobile app transparency in its first privacy multistakeholder process. The discussion is part of the Obama administration’s push for companies to abide by a consumer privacy “bill of rights,” and is an issue that has been recently tackled by the Federal Communications Commission as well.
As smartphone use continues to grow rapidly, concerns about mobile app access to consumer data have also grown. Through the devices, mobile apps may be able to access sensitive personal information regarding users, such as geographic location. Additionally, privacy advocates have pushed fervently for regulation on digital advertising. The prevalence of digital advertising on apps is not only a nuisance, but can at times be downright aggressive (i.e., ads pushed onto notification bars and phone desktops).
During the meeting, audience members were asked how greater mobile app transparency could be achieved. Suggestions ranged from software that notified users of what information was shared, to the use of icons indicating privacy concepts in lieu of lengthy privacy policies. Others proposed that broader fair information practices should be addressed, as transparency itself would not be helpful without regulations.
While the NTIA’s next steps are unclear, keep in mind that privacy policies should still be as clear as possible. Effective privacy policies let users know how and for what purpose information is collected and used. Privacy lawyers and advocates generally recommend an opt-in approach is where possible, as it allows users to choose what information they would like to share.
The Federal Communications Commission (FCC) is seeking for public comment on the privacy and security of personal information on mobile devices.
By Alice Cheng
The Federal Communications Commission (FCC) recently released a request for public comment on the privacy and security of personal information on mobile devices. The Commission, which regulates interstate and international radio, television, wire, satellite, and cable communications, had solicited public input on this subject five years ago, but acknowledges the vast changes in technologies and business practices since then.
Section 222 of the Communications Act of 1934 addresses customer privacy, and establishes that all telecommunications carriers have the duty, with limited exceptions, to protect the confidentiality of proprietary information of and relating to customers. All carriers must also protect “customer proprietary network information” (CPNI), such as time, date, and duration of a call, which the carrier receives and obtains. They may use, disclose, and allow access of such information only in limited circumstances.
The FCC enforces these obligations, and is seeking comments to better understand the practices of mobile wireless service providers, and the types of customer information that is stored on mobile devices.
This request for public comment appears to come in light of the Carrier IQ controversy of late 2011. The Federal Trade Commission (FTC) brought legal action against analytics company Carrier IQ after it was discovered that the software, installed on over 140 million mobile devices, was capable of detailed logging of user keystrokes, recording of calls, storing text messages, tracking location, and more. The detailed tracking was intended to provide phone usage information that would be helpful to improve device performance. However, the widespread collection and difficulty in opting out attracted nationwide attention and a slew of lawsuits.
In addition to the request for public comments, the FCC has also recently released a report on location-based services (LBS), focusing on “mobile services that combine information about a user’s physical location with online connectivity.” While the report acknowledges the benefits of these services (ease of transacting business, for social networking purposes, etc.), they also address concerns of creating highly accurate and personal user profiles through LBS data—specifically, “how, when and by whom this information can and should be used.”
Congress has displayed a growing interest in privacy as well—several privacy and information security-related bills have been introduced and hearings on the issues have been held.
Five years after their initial inquiry into the matter, the FCC hopes to obtain an updated understanding of these mobile information security and privacy issues. Comments are due by July 13, and reply comments are due by July 30.
OlenderFeldman LLP’s Aaron Messing was interviewed by Jennifer Banzaca of the Hedge Fund Law Report for a three part series entitled, “What Concerns Do Mobile Devices Present for Hedge Fund Managers, and How Should Those Concerns Be Addressed?” (Subscription required; Free two week subscription available.) Some excerpts of the topics Jennifer and Aaron discussed follow. You can read the first entry here.
[A]s observed by Aaron Messing, a Corporate & Information Privacy Lawyer at OlenderFeldman LLP, “Phones have cameras and video cameras, and therefore, the phone can be used as a bugging device.”
[M]any mobile devices or apps can broadcast the location of the user. Messing explained that these can be some of the most problematic apps for hedge fund managers because they can communicate information about a firm’s activities through tracking of a firm employee. For instance, a person tracking a mobile device user may be able to glean information about a firm’s contemplated investments if the mobile device user visits the target portfolio company. Messing explained, “It is really amazing the amount of information you can glean just from someone’s location. It can present some actionable intelligence. General e-mails can have a lot more meaning if you know someone’s location. Some people think this concern is overblown, but whenever you can collect disparate pieces of information, aggregating all those seemingly innocuous pieces of information can put together a very compelling picture of what is going on.”
Additionally, as Messing explained, “Some hedge fund managers are concerned with location-based social networks and apps, like Foursquare, which advertises that users are at certain places. You should worry whether that tips someone off as to whom you were meeting with or companies you are potentially investing in. These things are seemingly harmless in someone’s personal life, but this information could wind up in the wrong hands. People can potentially piece together all of these data points and perhaps figure out what an employee is up to or what the employee is working on. For a hedge fund manager, this tracking can have serious consequences. It is hard to rely on technology to block all of those apps and functions because the minute you address something like Foursquare, a dozen new things just like it pop up. To some degree you have to rely on education, training and responsible use by your employees.”
Books and Records Retention
Messing explained that while e-mails are generally simple to save and archive, text messages and other messaging types present new challenges for hedge fund managers. Nonetheless, as Marsh cautioned, “Regardless of the type of messaging system that is used, all types of business-related electronic communications must be captured and archived. There is no exception to those rules. There is no exception for people using cell phones. If I send a text message or if I post something to my Twitter account or Facebook account and it is related to business, it has to be captured.”
Advertising and Communications Concerns
OlenderFeldman’s Messing further explained on this topic, “Social media tends to blur these lines between personal and professional communications because many social media sites do not delineate between personal use and business use. While there is not any clear guidance on whether using social networking and ‘liking’ various pages constitutes advertising, it is still a concern for hedge fund managers. You can have your employees include disclaimers that their views are not reflective of the views of the company or that comments, likes or re-Tweets do not constitute an endorsement. However, you still should have proper policies and procedures in place to address the use of social media, and you have to educate your employees about acceptable usage.”