In response to the controversy over Carrier IQ and its eponymous tracking software, Rep. Ed Markey (D-Mass.) released a discussion draft Monday that would require companies to disclose when they’ve installed monitoring software on a mobile phone, what that software collects and who can read that data.
According to a draft of the Mobile Device Privacy Act, the legislation would also require that companies obtain customer consent before the software can begin collecting or transmitting data. Carriers, manufacturers and operating system makers such as Apple and Google will be required to disclose this software when the customer buys the phone, when software is pushed to the phone, or if a customer downloads an app that contains monitoring software. Any third-party companies that gather the information must also have policies in place to protect the data.
“Consumers have the right to know and to say no to the presence of software on their mobile devices that can collect and transmit their personal and sensitive information,” Markey said in a statement. “Today I am releasing draft legislation to provide greater transparency into the transmission of consumers’ personal information and empower consumers to say no to such transmission.”
The push for legislation comes after it was found that a piece of software called Carrier IQ was installed in about 150 cellphones from AT&T, Sprint and T-Mobile. The software recorded data such as carrier networks, data transmission speeds, phone numbers called, Web sites visited and battery life. The software was designed to tell mobile carriers about the status of their networks, but the company admitted in December that its software might have captured keystrokes or the content of messages by accident. Security researcher Trevor Eckhart was the first to post findings about the software and the security concerns he believed it posed.
Markey asked the Federal Trade Commission investigate whether Carrier IQ was being unfair or deceptive toward consumers, saying that the software raised serious privacy concerns. In December, government officials confirmed to The Washington Post that federal investigators were investigating those allegations.
Joshua Topolsky: Dear Carrier IQ: If you want to track me, you need to ask me first