December 21, 2024

Slipstream: Legislation Would Regulate Tracking of Cellphone Users

THERE are three things that matter in consumer data collection: location, location, location.

E-ZPasses clock the routes we drive. Metro passes register the subway stations we enter. A.T.M.’s record where and when we get cash. Not to mention the credit and debit card transactions that map our trajectories in comprehensive detail — the stores, restaurants and gas stations we frequent; the hotels and health clubs we patronize.

Each of these represents a kind of knowing trade, a conscious consumer submission to surveillance for the sake of convenience.

But now legislators, regulators, advocacy groups and marketers are squaring off over newer technology: smartphones and mobile apps that can continuously record and share people’s precise movements. At issue is whether consumers are unwittingly acquiescing to pervasive tracking just for the sake of having mobile amenities like calendar, game or weather apps.

For Senator Al Franken, the Minnesota Democrat, the potential hazard is that by compiling location patterns over time, companies could create an intimate portrait of a person’s familial and professional associations, political and religious beliefs, even health status. To give consumers some say in the surveillance, Mr. Franken has been working on a locational privacy protection bill that would require entities like app developers to obtain explicit one-time consent from users before recording the locations of their mobile devices. It would prohibit stalking apps — programs that allow one person to track another person’s whereabouts surreptitiously.

The bill, approved last month by the Senate Judiciary Committee, would also require mobile services to disclose the names of the advertising networks or other third parties with which they share consumers’ locations.

“Someone who has this information doesn’t just know where you live,” Mr. Franken said during the Judiciary Committee meeting. “They know the roads you take to work, where you drop your kids off at school, the church you attend and the doctors that you visit.”

Yet many marketers say they need to know consumers’ precise locations so they can show relevant mobile ads or coupons at the very moment a person is in or near a store. Informing such users about each and every ad network or analytics company that tracks their locations could hinder that hyperlocal marketing, they say, because it could require a new consent notice to appear every time someone opened an app.

“Consumers would revolt if this was the case, and applications could be rendered useless,” said Senator Charles Grassley, the Iowa Republican, who promulgated industry arguments during the committee meeting. “Worse yet, free applications that rely on advertising could be pushed by the consent requirement to become fee-based.”

Mr. Franken’s bill may seem intended simply to protect consumer privacy. But the underlying issue is the future of consumer data property rights — the question of who actually owns the information generated by a person who uses a digital device and whether using that property without explicit authorization constitutes trespassing.

In common law, a property intrusion is known as “trespass to chattels.” The Supreme Court invoked the legal concept last January in United States v. Jones, in which it ruled that the government had violated the Fourth Amendment — which protects people against unreasonable search and seizure — by placing a GPS tracking device on a suspect’s car for 28 days without getting a warrant.

Some advocacy groups view location tracking by mobile apps and ad networks as a parallel, warrantless commercial intrusion. To these groups, Mr. Franken’s bill suggests that consumers may eventually gain some rights over their own digital footprints.

“People don’t think about how they broadcast their locations all the time when they carry their phones. The law is just starting to catch up and think about how to treat this,” says Marcia Hofmann, a senior staff lawyer at the Electronic Frontier Foundation, a digital rights group based in San Francisco. “In an ideal world, users would be able to share the information they want and not share the information they don’t want and have more control over how it is used.”

Even some marketers agree.

One is Scout Advertising, a location-based mobile ad service that promises to help advertisers pinpoint the whereabouts of potential customers within 100 meters. The service, previously known as ThinkNear and recently acquired by Telenav, a personalized navigation service, works by determining a person’s location; figuring out whether that place is a home or a store, a health club or a sports stadium; analyzing weather and other local conditions; and then showing a mobile ad tailored to the situation.

Eli Portnoy, general manager of Scout Advertising, calls the technique “situational targeting.” He says Crunch, the fitness center chain, used the service to show mobile ads to people within three miles of a Crunch gym on rainy mornings. The ad said: “Seven-day pass. Run on a treadmill, not in the rain.”

When a person clicks on one of these ads, Mr. Portnoy says, a browser-based map pops up with turn-by-turn directions to the nearest location. Through GPS tracking, Scout Advertising can tell when someone starts driving and whether that person arrives at the site.

Despite the tracking, Mr. Portnoy describes his company’s mobile ads as protective of privacy because the service works only with sites or apps that obtain consent to use people’s locations. Scout Advertising, he adds, does not compile data on individuals’ whereabouts over time.

Still, he says, if Congress were to enact Mr. Franken’s location privacy bill as written, it “would be a little challenging” for the industry to carry out, because of the number and variety of companies involved in mobile marketing.

“We are in favor of more privacy,” Mr. Portnoy says, “but it has to be done within the nuances of how mobile advertising works so it can scale.”

A SPOKESMAN for Mr. Franken said the senator planned to reintroduce the bill in the new Congress. It is one of several continuing government efforts to develop some baseline consumer data rights.

“New technology may provide increased convenience or security at the expense of privacy and many people may find the trade-off worthwhile,” Justice Samuel Alito wrote last year in his opinion in the Jones case. “On the other hand,” he added, “concern about new intrusions on privacy may spur the enactment of legislation to protect against these intrusions.”

E-mail: slipstream@nytimes.com.

Article source: http://www.nytimes.com/2013/01/06/technology/legislation-would-regulate-tracking-of-cellphone-users.html?partner=rss&emc=rss

Senate Committee Approves Stricter Privacy for E-Mail

WASHINGTON – The Senate Judiciary Committee on Thursday approved a bill that would strengthen privacy protection for e-mails by requiring law enforcement officials to obtain a warrant from a judge in most cases before gaining access to messages in individual accounts stored electronically.

The bill is not expected to make it through Congress this year and will be the subject of negotiations next year with the Republican-led House. But the Senate panel’s approval was a first step toward an overhaul of a 1986 law that governs e-mail access that is widely seen as outdated.

Senator Patrick Leahy, the Vermont Democrat who is chairman of the committee, was an architect of the 1986 law and is leading the effort to remake it. He said at the meeting Thursday that e-mails stored by third parties should receive the same protection as papers stored in a filing cabinet in an individual’s house.

“Like many Americans, I am concerned about the growing and unwelcome intrusions into our private lives in cyberspace,” Mr. Leahy said. “I also understand that we must update our digital privacy laws to keep pace with the rapid advances in technology.”

Mr. Leahy held a hearing about two years ago on whether and how to update the 1986 law, called the Electronic Communications Privacy Act. But the effort has moved slowly, in part because some law enforcement officials have opposed restricting an investigative tool that has become increasingly used.

Under the law, authorities need to obtain a search warrant from a judge – requiring them to meet the high standard of showing that there is probable cause to believe that a subject is engaged in wrongdoing – only when they want to read e-mails that have not yet been opened by their recipient and that are fewer than 180 days old.

But the law gives less protection to messages that a recipient has read and left in his or her account. In some cases, officials may obtain a court order for such material merely by telling a judge facts suggesting that there is reason to believe they are “relevant” to an investigation, and in other cases prosecutors can issue a subpoena demanding the materials without any court involvement.

Senator Leahy’s bill would generally require prosecutors to obtain a search warrant from a judge, under the stricter probable-cause standard, to compel a provider to turn over e-mails and other private documents.

The Center for Democracy and Technology, a nonprofit that advocates for electronic privacy rights, hailed the committee vote as “historic.” In a statement, Gregory T. Nojeim said it “sets the stage for updating the law to reflect the reality of how people use technology in their daily lives. It keeps the government from turning cloud providers into a one-stop convenience store for government investigators and requires government investigators to do for online communications what they already do in the offline world: get a warrant before reading postal letters or searching our homes.”

Still, the ranking Republican on the committee, Senator Charles Grassley of Iowa, argued that the bill does not strike the proper balance between privacy and public safety. He expressed concerns that changing the standard of proof for obtaining e-mails would inhibit certain investigations, such as child pornography or child abduction cases.

Mr. Leahy argued that the bill does not alter criminal and antiterrorism laws related to search warrants, including exceptions in emergencies where time is of the essence. But he also said the bill was a starting point and he was open to further negotiations. The panel approved it by a voice vote.

Article source: http://www.nytimes.com/2012/11/30/technology/senate-committee-approves-stricter-privacy-for-e-mail.html?partner=rss&emc=rss