Copy
Cellular Data Privacy 101
A Legal Moment

Cellular Data Privacy 101

Our always-on, always-ready phones may gather as much information about us as they provide to us, creating a host of privacy issues.
 
   The advent of mobile apps has led to new forms and combinations of user- and device-related data that create systems beyond our control, posing new risks to privacy and security through out-of-your-hands data storage.

  The real danger is the gradual erosion of individual liberties through the automation, integration, and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable.
 U.S. Privacy Protection Study Commission, 1977i

 
     Can you believe the comment quoted above is almost forty years old?  Have we learned from the 1977 Commission report?  Almost all of us now carry handheld computers – our smart phones, tablets, smart watches, fitbits – that entertain us, guide us, remind us, warn us, and serve us.  They also gather information about us from our heart rates, purchases, and locations, to banking transactions, information about our family and friends, text messages, email addresses and our personal preferences.  In short, these always-on, always-ready and always-with-you devices pose privacy challenges that were not likely even pondered in 1977.
      It is safe to assume that anything you do on your mobile device, any information you store on it, any app you utilize, is being snooped even if you are taking precautions. Despite the amount we use and depend upon our mobile devices, approximately 62% of smartphone users do not password-protect their phone, and smartphone users are 33% more likely to become a victims of identity theft than non-users.
      We must remember that our new “best friends” (or as my friends refer to the smart phones “our precious”) are the “small, separate record-keeping systems” contemplated in 1977, albeit multiplied by billions.  They store our electronic lives and, to varying degrees, share our lives with the highest bidder.
 
What Data is Being Collected? 
     First, the providers of your cellular phone service (AT&T, Sprint, Verizon, and T-Mobile) collect data.  Although such providers are not very forthcoming in explaining what data they collect, or the reasons they collect it, at the very least these service providers collect the following:
  • Incoming and outgoing calls: the phone numbers you call, the numbers that call you, and the duration of those calls;
  • Incoming and outgoing text messages: the phone numbers to which you send texts, and the numbers from which you receive them;
  • How often you check your e-mail or access the Internet; and
  • Your present location.
     Second, in addition to the data collected by your smartphone service provider, other electronic data “fishers” are collecting:
  • Any photos or video you take on your phone;
  • Details about the text messages and e-mails you send and receive, including the content;
  • Who is calling you, who you are calling, and details about the phone call such as when it was placed and how long it lasted;
  • The contacts you have stored in your phone;
  • Passwords;
  • Financial data;
  • The information on your calendar; and
  • Your location, age, and gender.
 Who is Collecting the Data? 
     As mentioned above, the collectors of your data begin with the company providing your cellular service. A second collector, of course, is your “search engine” of choice:  Google, Safari, and so on.
     But still another purveyor of your personal data are the folks behind the innumerable “apps” of which we have become fond whether we use a navigation app to find our way to a new friend’s address or play Angry Birds to stave off boredom on a long trip.
     Finally, the ability to collect data on where a person has gone and what they have been doing is valuable information for law enforcement officers.  For example, if you are the subject of an investigation, or even if you have just been pulled over, police may want to see what you have been doing and where you are going – things your smartphone may be able to reveal. Thus, the data provided by your smartphone may be used against you in a court of law.
      The Fourth Amendment to the Constitution protects you from unreasonable searches and seizures by law enforcement.  However, depending on your jurisdiction, there are different requirements for when and how law enforcement may access cell phone data without a warrant. In some jurisdiction police may search the contents of a cell phone if you are pulled over in your car or arrested. 
     Law enforcement has also been known to tap into the locations of smartphones, ask wireless providers to turn over days’ worth of location data, and implant tracking devices. Also, law enforcement can request all the data your smartphone provider has collected about you.

Advertisers Love Data – and Apps
     Aside from law enforcement, the foregoing collectors are interested in collecting your personal data so that they can package and sell it to advertisers.  Advertisers want to market to the people most likely to buy their products. “Behavioral marketing” is the practice of collecting and compiling a record of individuals' activities, interests, preferences, and/or location over time. This data may be compiled, analyzed, and combined with information from offline sources to create even more detailed profiles.
     Apps and other services provide this data to marketers who can then use this information to transmit advertisements or other content to a phone user based on his or her behavioral record.  This behavioral record includes not only your consumption choices, but your political leanings, family background, friend data, aspirations, goals . . . anything that you have texted, typed, researched, traveled to or photographed.
     The more information advertisers collect about you, the better they know the types of products and services you purchase and those in which you might be interested.
      Advertisers pay app developers to get access to you.  In fact, advertisers even supply code to the app developers to build into the app. The code not only makes an ad appear when you use the app, but also collects data from your phone and transmits it back to the advertiser. It is also possible that the app itself collects data that is shared with ad networks.  The data collected and shared builds a detailed profile about you and is re-packaged and sold to the highest bidder.
    The privacy concern here is that information could be shared with third parties and compiled with other data to create a detailed profile about you without your knowledge or consent.  It is no small concern given the fact that there are more than a billion apps available for your smartphone! 
      Anyone can create an app. Apps collect all sorts of data and transmit it to the app-maker and/or third-party advertisers. An app as seemingly harmless as a flashlight, game or radio might collect such information as your device ID, your contacts and/or your location.
     For example, in December 2010, the Wall Street Journal investigated 101 apps to see what data the apps were sharing with advertisers. It found that 56 apps shared the phone’s unique ID number, 47 transmitted the phone’s location and 5 shared the user’s age and gender and other personal details (like phone number or contacts list). That study was six years ago. During the 2012 presidential campaign, apps created by both major candidates to promote their election campaigns gathered (or sought permission to gather) large amounts of personal information including GPS location data.
 
Privacy and Other Laws
     Federal privacy laws have not kept up with the pace of technology and courts are unclear on the issue as to how easy it should be for law enforcement to gain access to your smartphone and its data.
     The Electronic Communications Privacy Act (ECPA)(18 U.S.C. §§ 2510-3127): Enacted in 1986, ECPA includes the Wiretap Act, Stored Communications Act, and the Pen Register Act. It can apply to both law enforcement agencies and companies. ECPA makes it unlawful under certain circumstances for someone to read or disclose the contents of an electronic communication. However, there are exceptions to ECPA, and the definition of what constitutes an electronic communication is unclear given the extensive advances in technology since its enactment 30 years ago. 
     The Computer Fraud and Abuse Act (18 U.S.C. § 1030): The 1984 Computer Fraud and Abuse Act was enacted to prevent unauthorized access to computers.  Among other things, it is used in prosecuting hackers, and covers information stored on computers. It is possible that a court of law would consider a smartphone to be a type of computer. To learn more, read Wall Street Journal: Mobile-App Makers Face U.S. Privacy Investigation
    Children’s Online Privacy Protection Act (COPPA)(15 U.S.C. §§ 6501-08): COPPA, enacted in 1998, protects the privacy of children under the age of 13 by prohibiting the online collection of a child’s personal information without providing notice and obtaining parental consent.  COPPA also prohibits requiring that a child disclose more information than is reasonably necessary to participate in an activity online.  If your child has a smartphone or uses yours to go online or install and use apps, you may want to learn more about COPPA.  

Mobile Device Privacy Tips:
     Before clicking “download” on an App, you should be asking the following questions: Who makes it, what data does the App collect, how is your data being stored, and to whom or what is your data being sent?
     You may be able to find the answers in the app’s privacy policy. The Mobile Marketing Association offers resources for mobile app developers interested in creating a privacy policy. Despite their efforts, mobile app privacy is far from standardized and is a developing area in both the policy and legal realms. Research any app before you download it.  Read what has been said about the app and who created it. Look up the app’s privacy ratings on Clueful.     
      Other privacy-related measures you can take include the following:
  • Password protect your devices. For tips on creating an effective password see PRC’s “10 Rules for Creating a Hacker-Resistant Password.”
  • Do not allow your smartphone to automatically remember login passwords for access to email, VPN, and other accounts.
  • Use your phone’s security lockout feature.  Set the phone to automatically lock after a certain amount of time not in use.
  • Depending on the settings, your smartphone may be using its built-in GPS capability to embed your exact location into the file of photos you take using the smartphone’s camera. The process of embedding location information into photos is called geotagging. If you share your photos and they end up on the Internet, criminals can use the geotag to track your movements or find out where you live. Note that Facebook automatically strips out geotags, so any photos posted to Facebook do not have your location embedded in the file.
  • Disable photo geotagging on your phone. See instructions at Network World
  • Also install security software that allows you to remotely lock your phone and wipe the data.  Never leave your phone unattended.
      This article cannot possibly identify the myriad ways your privacy is being electronically invaded. We live in an age where your most personal information is a keystroke away.  Each of us must become more cognizant of how our digital history is being collected, shared and shaped.  The laws above are still behind the curve for individual privacy protection.  Until we become more adept at keeping the snoops out of our lives we each must find our own balance of privacy vs. functionality. 
-------
 
iii. Data retention policies vary among service providers, and certain records are kept longer than others.  For instance, as of September 2011, Verizon, T-Mobile, AT&T and Sprint all differ when it comes to how long they store any combination of cell tower history records, text message detail, text message content, IP session information, IP destination information, and bill copies.
v. http://www.networkworld.com/article/2190651/wireless/obama-and-romney-election-apps-suck-up-personal-data--research-finds.html
.
 

 
Other Recent Articles
Clifford C. ("Kip") Marshall is a trial attorney with, and President of, Marshall, Roth & Gregory, PC.  Recognized as a "Best Lawyer"™ (Government Relations Practice) for the past six years -- most recently in 2017 -- Kip's practice encompasses all forms of land and title litigation, commercial litigation and catastrophic injury.
 
To receive more information on this topic or to suggest topics for future editions of "A Legal Moment," feel free to contact Kip by email (cmarshall@mrglawfirm.com) or telephone (828.281.2100).

Or visit our firm's website.

Other articles which may be of interest to you may be found in our Newsletter archives.

You may not rely on this content as legal advice for any specific situation, but should instead contact an attorney for specific advice.
Copyright © 2016 Marshall, Roth & Gregory, PC, All rights reserved.
Email Marketing Powered by MailChimp