Discussions of the privacy of mobile data were shoved into the spotlight following the revelation that many consumers' devices came with embedded tracking software developed by Carrier IQ. Now, the issue will get even more attention on Capitol Hill as U.S. Representative Edward Markey is set to introduce the Mobile Device Privacy Act.
Markey, a Democrat, recently released a discussion draft of the proposed legislation that spells out the extent to which carriers would be able to track the activities and locations of their customers.
"While consumers rely on their phones, their phones relay all sorts of information about them, often without their knowledge or consent," the lawmaker said in a statement released on his website. "I am concerned about the threat to consumers’ privacy posed by electronic monitoring software on mobile phones, such as the software developed by Carrier IQ."
Information security researcher Trevor Eckhart set off a firestorm of debate when he went public after discovering the Carrier IQ software comes embedded in many mobile devices. According to Carrier IQ itself, the software was running on as many of 141 million devices. And major services carriers Sprint and AT&T were among those who admitted to using the information the software collected.
Carrier IQ tracked everything from data usage and location to recording text messages, phone calls and voicemails. The company claims such activity is benign and meant to help service providers improve their offerings, but data privacy advocates say it's a serious infringement on the rights of mobile device users.
It's now apparent that Markey shares such views.
“Consumers have the right to know and to say no to the presence of software on their mobile devices that can collect and transmit their personal and sensitive information,” said Markey, who serves a senior member of the House Energy and Commerce Committee and is also the former chairman of the Subcommittee on Telecommunications and the Internet.
As part of the proposed Mobile Device Privacy Act, Markey outlined numerous requirements that are aimed at restricting the tracking capabilities of software similar to that developed by Carrier IQ, as well as mobile service providers.
For one, according to the draft, the disclosure of tracking software would be required at the time a device is purchased, or if the carrier installs such software remotely at a later date. Among the most serious violations of the Carrier IQ incident was the fact that nearly all of the users affected had no idea their activities were being tracked.
The proposed law would also mandate that carriers tell mobile users what types of information are being tracked and collected.
Also, consumer consent would be required before an organization could begin tracking and collecting mobile data. That also means consumers would have the option to opt out of similar programs.
Other provisions of the bill are centered on the relationship between the carrier and the third-party software vendor, according to Markey's draft. Parties receiving collected information would be required to have policies for data security in place to protect the information, while the Federal Trade Commission and the Federal Communications Commission would both have to approve the transmission of the information.
This certainly isn't the first time that mobile data tracking has been an issue. In April of last year, Apple came under fire for tracking the location of its popular iPhones. The news sparked backlash among the company's otherwise loyal customer base, prompting Apple to release a frequently asked questions section on its website.
Data Security News from SimplySecurity.com by Trend Micro
