A newly drafted bill, floated by Rep. Ed Markey (D-MA), would require mobile carriers, cell phone manufacturers, operating system makers, and third-party app creators to disclose to customers when their devices or software includes the ability to track user activity, and obtain explicit consent from customers to do so. The creation of the bill follows last year’s controversy surrounding mobile monitoring software, Carrier IQ.
The Mobile Device Privacy Act would also require companies to inform customers about what types of data are being collected, how the data is being used, and which parties would have access to the data. Any company that wishes to supply third-parties with the data must first receive permission from the Federal Trade Commission and the Federal Communications Commission. Third-party companies that gather user data must also prove they have the capabilities to keep the data secure.
“Consumers have the right to know and to say no to the presence of software on their mobile devices that can collect and transmit their personal and sensitive information,” said Rep. Markey in a statement.
The kerfuffle surrounding Carrier IQ, which records data such as phone numbers called, websites visited, all keystrokes, and a variety of diagnostic data, first surfaced in November, after security researcher Trevor Eckhart publicly uncovered the presence of the monitoring software in a series of videos he posted to YouTube. After Carrier IQ threatened Eckhart with legal action, controversy around the software erupted, soon resulting in AT&T, Sprint, and T-Mobile admitting that they had together installed Carrier IQ on about 150 different smartphone models, which equals out to millions of individual devices.
In a 19-page explanation of its software, Carrier IQ reiterated that it had done nothing wrong, that the data it collected was simply used to improve network and device performance.
Amidst the Carrier IQ controversy, Rep. Markey asked the Federal Trade Commission to investigate the legality of the company’s data collection, which they later did. The Mobile Device Privacy Act, which has not yet been formally introduced to the House of Representatives, is an extension of Rep. Markey’s efforts to better protect mobile customers.
Read the full text of the Mobile Device Privacy Act here: pdf.