PANEL SEES NEED FOR CONGRESS TO TWEAK WIRELESS PRIVACY

“The fact that technology is still evolving” creates need for caution on wide-ranging legislative fixes, said CTIA Senior Vp- Govt. Affairs Steve Berry. However, he told reporters after lunch that Dempsey’s call to address applicability of Fourth Amendment safeguards on law enforcement access to networks is important. While industry, including effort led by CTIA, is working on self- regulation measures, govt. access to information on wireless networks must be addressed by legislation, Dempsey said. “Only Congress can fix that,” he said. “The industry cannot self- regulate the question of government access,” he said. Right now threshold requirement that information collected by law enforcers from such networks be “relevant” is too low, he said. In other areas, he said 911 legislation that passed in 1999 applied customer proprietary network information (CPNI) safeguards to telecom carriers in Sec. 222 backed by Rep. Markey (D-Mass.). But larger “ecosystem” of service providers have potential access to wireless location information, he said. “We need to find a way to bring them in.” Dempsey lauded CTIA petition to FCC that proposes ways to ensure privacy principles in rulemaking that would cover notice, consent, security and integrity of consumer data. While nontelecom service providers that use wireless location information aren’t regulated by FCC, wireless industry interest would be in asking FTC to apply safe-harbor principles to these other companies, panelists said.

Several speakers said policymakers must walk tightrope between protecting consumer information used internally by service provider for purposes such as billing versus location-specific information that could be used for marketing. “I hope that mitigation measures Congress takes are related to larger Fourth Amendment privacy issues, rather than impacting a company’s ability to provide good quality of service,” Berry said. Berry said wireless carriers always had kept and protected certain user data, for example some calling traffic patterns to determine degree of use for particular cell site. In other cases, he said carrier has to hold on to billing information long enough to be able to charge subscriber for service, as opposed to outside companies who might be interested in such information for marketing purposes. “What do you do in instances where [data] storage makes sense?” he asked.

Participants generally agreed on need for some type of opt-in system that requires wireless customer’s consent before their personal information is disclosed. But with technology still evolving, they said, what that consent means can be less clear depending on circumstances. One example cited was case in which wireless subscriber has opt-in system provided by their own carrier. How such technologies work when subscriber is interacting with a 3rd party, service provider that carrier doesn’t control appears to be less clear for now. One problem with unilateral “opt-in” or consent provided by wireless subscriber concerning use of his or her location information is “granularity of what you opt in for,” said Truste Chmn. Lori Fena.

Truste, which runs global privacy seal program on wireline Internet sites, began project Tues. to expand that effort to wireless phones, personal digital assistants and other devices. Push to provide more detailed privacy symbols and labels is designed to accommodate smaller screens of these mobile devices, Fena said. She likened labels to immediate recognition created by FDA-required nutritional labels on food products. Program will develop icons that provide information about specific privacy practices, such as whether site has consent mechanism for user to decide whether to provide personal information. Label will offer “executive summary” of key privacy practices used by site, Truste said. Such information could include how information is shared, location tracking and compliance mechanisms. Fena said initial backers of expanded privacy effort include Information Technology Assn. of America, PCIA and Wireless Advertising Assn.

Several panelists stressed importance of not moving prematurely on wireless privacy legislation. Berry said most of wireless industry agreed on basic concept of FCC role. “Congress already has got this right,” Jonas Neihardt, head of Qualcomm Washington office, said. Fena said legislation shouldn’t be tied to specific technologies, which could change. She also noted that definition of educated consumer today concerning privacy issues and needed safeguards could change as technology matures. Dempsey cited need for legislation that holds federal law enforcement agencies to Fourth Amendment probable cause requirements for wireless networks. Bill sponsored last year by Sen. Kennedy (D- Mass.) and now-retired Sen. Asa Hutchison (R-Ark.) made it through Senate Judiciary Committee but not further, Dempsey noted. In this session, “We need to find some people to take on this issue,” Dempsey said. He added “Congress needs to find ways to extend technology-neutral provisions to other service providers that are going into the location information space.”

“Certainly Congress needs to proceed slowly on these issues,” said Rep. Honda (D-Cal.), caucus member. “First to market on legislative issues is not always a good thing.” He said he would be interested to see how privacy safeguards that had been put in place on wireline Internet, such as Platform For Privacy Preferences (P3P), would work in wireless Web world.