Credits: The Register
Analysis America’s comms regulator has finally pinky-promised to at least consider people’s privacy when it looks into how cellphone location data can be made more accurate.
On Friday, during a monthly meeting of commissioners, the FCC belatedly confirmed it would weigh up privacy alongside phone tracking, in a “notice of proposed rulemaking.”
The critical topic was added following an intervention from new commissioner Geoffrey Sparks, after a campaign by privacy advocates who were stunned to find not a single mention of the word “privacy” in a 32-page outline document.
The omission is particularly galling given a series of high-profile cases this past year where mobile network operators were found to be providing location data on individuals to unknown third parties for a fee, despite repeatedly promising not to and despite it being against the rules.
Bounty hunters, private dicks, and similar bods were using a loophole in the system to pay a few hundred dollars, or even posing as cops to skip any charges, to get timely location data on specific cellphone numbers – typically people who had skipped bail, but it could be anyone – despite the fact that such data is supposed to strongly protected given its enormous potential for abuse.
That system was able to flourish thanks to the FCC failing in both its rulemaking and subsequent enforcement. But rather than address the scandal, all five FCC commissioners continue to ignore the topic, making only broad references to privacy and claiming to have no knowledge of the underlying issues beyond “press reports” that they have seen.
What makes the omission of privacy concerns all the more egregious is the fact that last time the FCC strengthened location data requirements, the exact same concerns were raised and resulted in rules that are currently in place – which mobile companies and/or third-parties are skirting for profit.
It would be relatively easy for the FCC to closely define what is allowed to be done with the more accurate location data it is arguing for: it can specifically designate that data and put rules around it that would, for example, require mobile operators to only grant access to approved providers. It could build stronger enforcement mechanisms to check on, audit, and punish any third parties that break the rules.
It could prevent third parties from reselling that data onto others – the loophole that allowed complete strangers to gain access to another stranger’s precise location for cash. But until this morning, the FCC had consciously excluded the issue of privacy in developing the rules.
Even now, the FCC has made no official mention of the topic. The wording surrounding the topic has not been released and in the official announcement of the notice of proposed rulemaking, the word “privacy” does not appear. Nevertheless, privacy advocates cautiously welcomed the addition of the topic.
At the heart of the issue is so-called “Enhanced 911” or E911 location data; geolocation data that is supposed to be used only for emergencies such as when someone calls the emergency services and the police/firemen/paramedics need to know where the caller is located. Accurate location can mean the difference between life and death.
Currently, mobile operators are required to provide location data accurate to within a few feet but that does not include “z-axis” data i.e. how high up someone is. That can be critical in tall buildings to ascertain on which floor someone is. The new proposal will consider improving the precision of that location data to within a few feet on the z-axis.