30
Jan
Im-just-a-bill

Congress is a lot like a slot machine - once in a while, something good comes out. A new bill introduced by Representative Ed Markey of Massachusetts would require cellular carriers in the US to disclose to end users upon purchase of a mobile device any tracking software present on said device, or any such software that might be installed at a later date by the carrier, manufacturer, or OS provider (that would be Google for Android).

After the Carrier IQ debacle, the public has taken a heightened interest in the privacy of the information on their smartphone devices, and rightfully so. Carrier-installed tracking software collects a surprising amount of data about use habits, and that data is used in ways which could, at best, be described as ambiguous.

The Mobile Device Privacy Act would require the consent of users in order for this data to be collected. However, the Act says nothing about opting out of data collection. This means, essentially, that the act does not actually seek to change the behavior of carriers or give consumers more options about the data that is collected by operators when they use a smartphone, but merely to let them know that the data is being collected in the first place. Mandating that carriers provide opt-out provisions would present a serious obstacle given the extensive lobbying power of the wireless industry in the US.

In short, the bill would mean another page of agreements in the documents you sign when buying a phone or service on a particular carrier.

Still, it's a start, and it's a bill we'd like to see get passed.

AllThingsD

David Ruddock
David's phone is an HTC One. He is an avid writer, and enjoys playing devil's advocate in editorials, imparting a legal perspective on tech news, and reviewing the latest phones and gadgets. He also doesn't usually write such boring sentences.

  • Gravy

    here is a novel idea what about not having it at all. the hell with "notifying us" in small print that is buried in the middle of the page of your contract.

  • Rance

    And yet they're slipping ACTA in through the back door. The Government will always make you look at one hand while they do something shady with the other...

  • http://info-safety.com Craig Herberg

    Amen. Indeed, this is a small step in the right direction. Craig Herberg

  • sriracha

    "Congress is a lot like a slot machine - once in a while, something good comes out."

    ..and the other 99% of the time, it just takes your money, leaving you broke and angry.

    sorry, i have nothing constructive to add. moving along..

  • cosmic

    As usual it isn't so much the intent of the act that is problematic, as much as it is wording and things that end up added on. Things look ok so far but who knows by the time it is re-written and random(often unrelated) amendments are made.

  • Dan

    "what about not having it at all"

    That's a completely pointless and ignorant position. If you want to complain about a poor implementation that slows down the phone, that's fine. If you want to point out that a particular implementation is ridiculously insecure, that's fine too. However, you look like an fool when you complain that the software exists at all unless you're in one of these three categories:
    1) you only use your device on wifi
    2) you run a VPN full time and never use SMS
    3) you're using an encrypted email client, an encrypted SMS client, and only visit secure (https://) web links.

    Unless one at least of those things is true, then the carrier has complete, unrestricted access to every SMS you send or receive, every email you send or receive, every web site you view, blah, blah, blah. EVERYTHING. It all goes through THEIR servers first.

    If the big, bad carrier gave a crap about snooping in your data, why in the hell would they bother with capturing the data on your phone when 99.99% of all users are just going to send that unencrypted data to them anyway?

    This is just as stupid as people complaining about the carrier "tracking them" because somebody found a log on their phone showing which cellular towers they had connected to. Guess what? Every carrier has a log on their servers that tells them which tower(s) were receiving signals from your phone and at what strength for every minute of every day and they can maintain that log for days, months, or years without asking your permission because it's directly related to billing you for service.

    Again, if you want to complain that the various logs are insecure or not secure enough, that could be a valid complaint. Other than that, you're just a kid whining about you bedtime being too early.

    To get my rant back on topic, David is 100% correct that this bill will have absolutely no effect on the carriers other than forcing them to pay a lawyer to write a bit more boilerplate to be added to every contract. Wait, what? Did I just uncover the real conspiracy? David is a law student... this bill means nothing other than more work for lawyers... hey!

    ;) kidding