The Federal Communications Commission said Wednesday that it will consider new rules to protect information stored on mobile devices, extending the reach of the nation’s telecom and cable cop to include some oversight of smartphones and tablets.
The FCC’s proposal would require carriers to safeguard calling information on mobile devices and prevent that data from being shared without a consumer’s permission. The data include phone numbers from calls placed or received on a device, the duration of calls and the geographical location where calls were placed.
Carriers are already subject to privacy rules on their networks, and some carriers use encryption technology that keeps user information from being stored on mobile phone software. But they have criticized the proposal as heavy-handed regulation. The FCC, they said, shouldn’t extend its reach to mobile devices.
The agency’s three sitting members are scheduled to vote on the proposal at a June 27 meeting.
“Millions of wireless consumers must have confidence that personal information about calls will remain secure even if that information is stored on a mobile device,” said the acting FCC chairwoman, Mignon Clyburn.
“This ruling makes clear that wireless carriers who direct or cause information to be stored in this way have a responsibility to provide safeguards, and I hope my colleagues will join me in supporting this effort.”
The FCC began to explore rules on smartphone privacy after December 2011, when a security analyst discovered that software from the firm Carrier IQ was collecting data on millions of smartphones. AT&T, Sprint and others said they used the software to measure network performance. So, for example, if the monitoring showed that calls were often dropped in a certain location, technicians would know to look there for a problem.
But Carrier IQ also collected other information from call logs, users’ keystrokes and Global Positioning System devices without disclosing that to consumers.
The software company’s activities aren’t regulated by the FCC. But the agency had privacy rules in place for carriers, and consumer groups wanted federal officials to clarify that those rules extended to phone data on devices.
“The carriers don’t have control of everything on a device, but if they deliberately add some functionality like Carrier IQ to help with their own diagnostics, imposing reasonable security obligations on them seems appropriate,” said Justin Brookman, a director of consumer privacy at the Center for Democracy and Technology.
Carriers have warned that the phone privacy rules should not extend to Internet data collected over smartphones.
Federal law doesn’t “provide the FCC with general authority to regulate privacy practices; it only governs defined information that is acquired in a specific manner by telecommunications carriers,” CTIA — the Wireless Association, an industry trade group, said in comments filed in June 2012.
Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.