Carriers, Public Interest Groups Clash on Need for Privacy Rules for Mobile
The FCC should not impose additional rules on wireless carriers to protect privacy and security of customer information stored on mobile communications devices, the four major carriers and CTIA said in separate reply comments filed at the FCC. But public interest groups said in joint comments that carriers want the FCC to rely on “opacity and blind faith in voluntary behavior to protect privacy.” The FCC sought comment in a May 25 public notice. FTC staff weighed in, in favor of expanding privacy rules in the initial comment round (CD July 17 p5).
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
"While carriers and trade associations claim that carriers are taking steps to protect consumer privacy, they are vague with the details of those assertions,” said seven public interest groups, led the New America Foundation’s Open Technology Institute (http://xrl.us/bnivtm). “Rather, the very emergence of [diagnostic analysis provider] Carrier IQ and the opaque ways in which it is being used make it clear that those efforts, if they are occurring, are inadequate to give consumers knowledge and control to ensure that their data is being protected.”
The public interest groups also countered carrier arguments that the FCC should defer to NTIA, which is in the initial stages of its multistakeholder process to develop “a code of conduct” on mobile privacy. “The carrier claim ignores the fact that the Commission, in this limited context, is not only the agency best suited to regulate [customer proprietary network information], but also the agency given explicit, statutory direction to do so,” the filing said. “In other words, the carriers ask the Commission to refrain from fulfilling its statutory directive to protect consumer’s privacy with respect to CPNI, based on the possibility that another agency without a specific statutory mandate may develop guidelines to address the issue.” The Benton Foundation, the Center For Media Justice, Free Press, the Institute For Local Self-Reliance, the Media Alliance, People’s Production House and Public Knowledge also signed off on the filing.
The Electronic Frontier Foundation, Common Sense Media, Consumer Watchdog, Privacy Rights Clearinghouse, and Privacy Times also called on the FCC to step in. “Accepting the limited definition of CPNI that carriers desire would have grave ramifications for consumer privacy in the mobile ecosystem,” they said (http://xrl.us/bniv72. “First ... the proffered definitions of CPNI are not based in either the statutory text or in the legislative history. Rather, the plain meaning of the term ‘CPNI’ as currently defined encompasses most, if not all, of the information stored on mobile communications devices. Second, the FCC, as a matter of policy, is not obligated to refrain from regulating in this area while carriers await the outcome of a long and arduous multi-stakeholder initiative."
The FCC should impose some requirements on carriers to protect data on their subscribers’ devices, the Consumer Bankers Association said in its comments. With increased use of mobile banking, devices can hold a “significant amount of financial information that will continue to grow as mobile banking and payment services become more prevalent in the future,” the group said (http://xrl.us/bnivqg). “It is, therefore, critical that providers assume the responsibility to erase this information and to disable the SIM card if the customer requests this be done, such as when the mobile device is lost or stolen.” Carriers should also be responsible “for ensuring that mobile applications do not contain malware or are otherwise compromised,” the group said. “We encourage the FCC to carefully review this issue to determine the extent providers should bear this responsibility."
Carriers fired back. “The record reflects broad support for a technology- and competitively-neutral privacy framework applicable to all players, and affirms that the Commission cannot achieve that objective through regulatory mandates on wireless service providers,” Verizon Wireless said (http://xrl.us/bnivts). “Parties supportive of such mandates fail to acknowledge the array of parties that can access customer data on mobile devices, service providers’ limited technical ability to prevent access to such data, and the limited scope of the Commission’s statutory authority.”
"The mobile wireless ecosystem is dynamic and complex, and any privacy-related regulation limited to carriers would be unbalanced and ineffective,” T-Mobile said (http://xrl.us/bnivq9). “Any effort to address mobile device privacy must also consider the many layers of interaction between carriers, devices, operating systems, and applications, thereby requiring a regulatory approach that is consistent and integrated.”
The Direct Marketing Association agreed that industry self-regulation and consumer education would work better than FCC rules. “Public policy should seek to address consumers’ privacy interests in a manner that preserves the benefits that consumers derive from mobile platforms,” DMA said (http://xrl.us/bnivs5). “Therefore, it is essential to avoid adopting or extending regulations that could limit the availability of mobile services or innovation in the mobile ecosystem for the millions of consumers who desire such services. Blanket limitations on mobile business models or practices could deter companies’ entry into the mobile marketplace, thwart innovation, and inhibit competition. Instead, the focus should be on encouraging companies to provide consumers with notice of their information practices and the ability to choose whether to participate in these practices.”