FCC’s Mobile Measurement Group Backs Away From Collecting Unique Handset Identifiers
The risks of collecting unique handset identifiers outweigh the potential benefits, FCC officials told members of its mobile broadband measurement group Friday. In December the commission considered collecting more detailed data from users who were “more comfortable” sharing stats that identify their phone at specific coordinates at a particular time (CD Dec 13 p14). But after talking with policymakers, researchers and stakeholders, agency staff have decided that “the risks outweigh the benefits of having a unique identifier."
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
"There certainly are very valuable research benefits from having the ability to identify what data was produced by what particular handset,” said FCC attorney James Miller, who’s leading development of the mobile project’s privacy policies. But “including that element -- both in our internal databases, as well as in any products that we might consider making available to third parties -- tees up a lot of concerns,” he said. Based on the relative benefits and risks, “the balance would weigh in favor of not collecting any client ID, application identifier, or software ID."
Various stakeholders told the FCC that refraining from collecting unique handset identifiers “reduces and ameliorates a lot of privacy concerns that we would otherwise have to deal with in a very introspective manner,” Miller said. Some considerations include the commission’s capacity to “absorb different aspects of managing data” and ensure the compliance and enforcement measures were addressed; how to process and hold the data internally; and how that relates to third-party access. There will be “no unique tagging of any data” in either the commission’s internal data set or a third-party shared data set, he said.
That stance precludes the analysis of personally identifiable information (PII). Measurement Lab’s Meredith Whittaker, of Google, suggested separating the collection of PII from non-PII data, possibly providing an identifier for “synthetic performance data” while treating location data differently. Miller responded that the staff had discussed that possibility, and while “there may be benefits” to such an approach, staff have decided that the risks outweigh the benefits of “identifying or collecting that data directly."
Not collecting unique handset IDs “greatly lessens everybody’s sensitivity to privacy issues,” said Walter Johnston, chief of the Electromagnetic Compatibility Division in the Office of Engineering and Technology. The FCC intends to release three sorts of data products: A database of the latitude and longitude positions of U.S. cell towers could provide “real value” to stakeholders and the FCC while implicating “very low privacy concerns,” Miller said. Another database could indicate where measurements weren’t possible due to dead zones, or lack of connectivity, Miller said. Then there will be a database aggregating average statistics of upload and download speeds, latency and packet loss.
Unlike the FCC’s fixed broadband measurement program, the ability to collect information on how much data a particular subscriber uses varies by handset. “It looks more problematic on the mobile platform in comparison to the fixed,” Miller said. Not collecting unique identifiers doesn’t necessarily preclude generating a byte count per handset, Johnston said, although they might not be able to link the data to a particular handset.
The FCC has backed off from its earlier plan to offer users a choice of different privacy policies to users who were okay with divulging more data. “We might review more differentiated approaches in the future, but currently we would adopt something more monolithic,” Miller said. The other issue, said Johnston, was that a differentiated approach “complicates how we'd have to manage and process and protect data. From a getting-started proposition, it didn’t look all that attractive.”