CARRIERS DIFFER ON FCC ROLE IN WIRELESS LOCATION SAFEGUARDS

One area of agreement was that carrier, to remain competitive, must pay close attention to privacy issues involving location-based information from wireless devices. But several commenters split between some govt. intervention and allowing market forces to shape how carriers dealt with privacy protection for such data. CTIA petition filed in Nov. proposed ways to ensure that privacy principles were technology neutral so subscribers could have same security expectations regardless of which device they were using. Proposal outlined safe harbor for any location information service provider that ascribed to privacy principles. Assn. asked FCC to start separate proceeding to consider petition rather than fold it into other customer proprietary network information issues.

Verizon Wireless told FCC that “self-regulatory efforts” of wireless providers should be sufficient to realize goals of Wireless Communications & Public Safety Act. It said Sec. 220(f) stipulated that customers must be given opportunity to provide “express prior authorization” before carriers could use, disclose or access call location information. Verizon Wireless told Commission that Congress didn’t indicate that it expected agency to implement regulations on that provision. “Without a showing that Section 222(f) read in conjunction with the broader provisions contained in Section 222 is insufficient to prevent harm to consumers, any action by the Commission would be unnecessary or at least premature.” If agency nonetheless decided to adopt location privacy rules, carrier said such regulations should be flexible and broadly based, preempt any state regulation in that area and promote competitive parity in location services marketplace.

Sprint PCS said it wasn’t convinced that “a rulemaking at this time will completely meet the needs of the American public.” It said FCC jurisdiction was limited “to a small subset of firms that will generate or gain access to location information” -- namely, wireless carriers. Sprint argued that Commission didn’t have purview over large number of noncarrier companies that would have access to location information. It said it supported incorporating standards proposed by CTIA into FCC rules, “notwithstanding the inequities and consumer confusion that might result.” If FCC takes that step, it shouldn’t embrace rigid, detailed rules that could stymie development of industry that still was in early stages, carrier argued. If Commission did act, Sprint said it should recognize “that the job is not finished and will not be finished until all location information handlers are subject to the same set of privacy requirements.” Sprint recommends that FCC: (1) Adopt principles in CTIA petition, “whether as rule guidelines or by a policy statement, but resist the temptation to adopt detailed rules.” (2) Preempt all state laws addressing wireless location information. (3) Include development of location-based services and related privacy practices in annual CMRS reports to monitor industry. (4) Host wireless location workshop, possibly with FTC, in part to explore how uniform standards could apply to all information handlers.

Nokia backed CTIA petition, saying fundamental requirement of future FCC rules should be that notice was “both conspicuous and meaningful. While wireless location technologies provide a unique ability to offer valuable services for consumers, these same technologies also raise genuine concerns about the ability to locate or track consumers against their will. Consumers will be understandably reluctant to take advantage of location-based services without strong assurances that data about their location, both real time and historic, remains in their control at all times.” Nokia said unique nature of location information dictated that notice to consumer about how information was used should “consist of more than a boiler plate legal disclaimer buried in a lengthy service contract.” It told FCC that as long as end user was receiving meaningful notice of issues such as service provider’s privacy policy, and actively was opting in to receive those services, “transaction-by-transaction affirmative consent to disclose location information should not be necessary.” Sprint PCS said it used opt-in procedure to protect wireless location information of subscribers but it didn’t rule out that opt-out procedure would protect consumer privacy interests adequately: “Choosing one consent procedure over another is not a decision this Commission (or any other regulator) needs to, or should, make -- at least at this point in time.”

Cingular Wireless backed CTIA petition and “strongly” recommended that Commission move ahead on rulemaking “proposing clearly defined guidelines specifying the obligations of the wireless industry and the rights and obligations of consumers.” On consent, CTIA took approach slightly different from CTIA proposal that customers must provide consent before information was disclosed or used, rather than before information was collected. Cingular said FCC shouldn’t mandate methods by which customers should give consent. “The Commission should recognize the implicit authorization of consumers where, for example, customers request services that require the use of location information.” Wireless Advertising Assn., detailing self- regulatory privacy principles it had developed for its members, told FCC it didn’t believe that principles proposed by CTIA should adopted as rulemaking at this time. “To give them the force of law would create a premature and inflexible standard,” it said.

PCIA took middle ground, telling FCC it supported further inquiry by agency into issue “but counsels against any fast or precipitous implementation of regulations that could limit the use and adoption of relevant and important life-changing products and services.” PCIA said: “Although privacy is definitely a concern of consumers in today’s society, the level of concern varies and there is no consensus on what should be done to address the issue. In such an atmosphere, a one-size-fits-all administrative regulation may not be sufficient to effectively accommodate the wide range of consumer desires.” PCIA said consumers had strong say in allowing market to drive such decisions, particularly because they could choose companies they felt were most protective and rely on technologies such as anonymous Web browsers, remailers, encryption.

Center for Democracy & Technology (CDT) backed CTIA petition in its comments, urging agency to open separate rulemaking to implement privacy protections for wireless location information under Sec. 222 of act. CDT said express prior authorization provision was self-executing, meaning it didn’t typically require FCC to take further action. “But it is clear that the rule has not been adequately noticed by some in industry and has generated uncertainty among some of those who are aware of it,” CDT said. “The confusion is perhaps part of the broader confusion in the Internet, telecommunications and information industries over the meaning and application of basic privacy principles.” Group said early development of industry was among reasons that Commission should act quickly on rules. “If the Commission delays in issuing implementing rules, the wireless location industry could be forced to retrofit its systems when rules are developed,” CDT said.