EFF to FCC: Consumers Face Uphill Battle in Fight for Mobile Device Privacy
In Wake of Carrier IQ Scandal, Berkeley Study Shows Americans Have Serious Qualms About Mobile Industry Practices
On Friday, EFF filed comments with the Federal Communications Commission about the privacy and data security practices of mobile wireless service providers. Mobile privacy is an issue we've been increasingly concerned about in the wake of the Carrier IQ privacy scandal, which was part of the inspiration for our Mobile User Privacy Bill of Rights. Citing recent academic research as well as troubling industry practices, EFF called the FCC's attention to some of the major pitfalls in modern mobile privacy norms. We urged the FCC to consider consumer rights in evaluating carrier obligations to protect user privacy and called for more transparency about carrier data collection and retention policies.
Modern cell phones raise grave and well-known privacy and security issues. A recent UC Berkeley study of Americans' use of mobile phones and privacy
found widespread understanding that sensitive personal information such as text messages, contact lists, and voicemail is stored on phones, and that substantial percentages of respondents with smartphones used them to engage in activities that might generate sensitive information, including visiting websites, using social networks, and using location services.... These activities can reveal communications with circles of contacts, health-related or other personal research queries, and a wide variety of intellectual and political interests, to name just a few revealing types of information.
The UC Berkeley study also found that Americans generally dislike the idea that carriers retain location data: 46% responded that carriers should not retain such data at all, while 28% answered that location data should be kept for less than a year. Obviously, Americans believe that this data should be private, and thus carrier retention policies do not meet the ordinary consumer's needs.
Current industry practices also raise concerns about the security of data on the device itself, which can be compromised by current carrier practices of delaying or even blocking security updates. EFF reported on this problem in 2011, noting that "[a]lthough Apple, Google, and Microsoft should develop security fixes faster, they are fundamentally limited by carrier intransigence."
These factors and others contribute to the perfect storm that allows companies to disregard the privacy of their users and gives users meager meaningful choice when it comes to safeguarding their data on mobile devices.
The FCC solicited feedback on mobile device privacy, and this is our first submission in the current round of filings. We expect to file reply comments at the end of the month. Read more about the FCC process or submit reply comments yourself.