FCC: Protecting call, location data is carriers' responsibility

Tools

If wireless carriers choose to collect call and location data from mobile devices, it's their responsibility to keep it confidential, the Federal Communications Commission ruled June 27.

"Consumers rightfully expect that private information--for example, numbers called, the times of those calls, and the locations from which a customer makes those calls--will be safeguarded," FCC Acting Chairwoman Mignon Clyburn wrote in her statement accompanying the ruling (.pdf).

The ruling cites the revelation in November 2011 that, due to a security vulnerability, third parties could access mobile device information collected by Carrier IQ, software that helps carriers track how their networks are functioning. The security flaw could've allowed access to consumer location data.

Carriers can still collect consumer data--"we acknowledge that there may well be good reasons for carriers" to do so, the ruling says.

Third-party applications are not affected by the ruling. There also is no prescribed way for carriers to protect the information, so they can choose how to go about it.

In her statement, Commissioner Jessica Rosenworcel described the ruling as overdue. "It has been over six years since the Commission last updated its customer proprietary network information (CPNI) rules. Think about that. Our last major decision was released before the introduction of the iPhone," she wrote.

The New America Foundation's Open Technology Institute released a statement that called on the FCC to not wait so long before it next updates the rules, adding that disclosure and consent around CPNI should be strengthened.

For more:
- download the ruling, FCC-13-89 (.pdf)

Related Articles:
Researchers propose mobile trust solution for medical data
COPPA rule for apps goes into effect
Backgrounder: Mobile app code of conduct