Lewis Carrol once famously said, "If you don't know where you are going, any road will do." But today, with the ascent of smartphones and other mobile devices, there are likely to be quite a few people who know exactly where you are going and where you have been. And they have pretty good idea of the road you took to get there. Our indispensable mobile devices come with an asterisk: the collection, use and sharing of our detailed location information. In most cases, that information is unprotected by our outdated privacy laws. Today, this issue is the subject of the first congressional hearing called by Sen. Al Franken as chairman of the new Privacy, Technology and the Law Subcommittee.
To be sure, mobile platform and service providers -- like Apple, Google, Verizon and AT&T -- have to know your location in order to provide phone service. But this location data reveals extremely detailed information about consumer activity, considerably more so than traditional computer operating systems. Although these companies assert that data they receive from consumers is anonymized and used merely to build out their databases of access points, these limitations are self-imposed, not required by law.
Along with location, smartphones store and transmit a wide range of personal data which third parties are given access to -- including contact lists, pictures, browsing history, certain identifying information and stored location data. Location information can disclose visits to sensitive destinations, like medical clinics, courts and political rallies. Access to location can also be used in stalking and domestic violence. Owing to the increasing number of minors carrying location-capable cell phones and devices, location privacy may become a child safety matter as well. However, mobile privacy is not just about location information.
Existing law aimed at protecting electronic communications, including location information, doesn't help. Technology has far outpaced the legal protections in both the commercial and government contexts. A consumer using a mobile phone today can be protected by the rules one moment and unprotected the next. For example, current "CPNI" regulations prohibit telecommunications carriers from marketing -- without opt-in consent -- information about a consumer's telephone calls, such as date, time, duration, and destination number. Yet when a consumer uses an Internet-based app or location service that uses location data rendered apart from the telecommunications carrier, there are no clear rules for the disclosure of this data and often no way for consumers to control data they reveal. The standards for government access are even murkier, governed by laws that did not anticipate today's technology and a mishmash of contradictory court decisions as judges struggle to find and apply a legal standard.
Mobile devices are becoming a critical tool in the way we conduct our day-to-day lives, though we also don't know what will be the critical tool of a decade from now. Regardless, using these tools should not mean that consumers are forced to relinquish control of data about them to a weak and unclear legal environment. It is imperative that Congress establish baseline legislation that protects users' privacy and trust, not only for location and other highly sensitive information but also for all collection of consumer data.