Feeds

US Senators pen Act to ban location-based stalking

Watching the watchers

Security for virtualized datacentres

Two US senators have filed a new Act called the Location Privacy Protection Act, which would require stricter controls and more transparency for all cellular companies that collect location data.

The Bill, brought by Senator Al Franken and co-sponsored by Senator Richard Blumenthal would make it illegal to divulge location information to any third party, and set penalties for a variety of location offences, including location-based stalking.

A special report commissioned by the Department of Justice in 2009 uncovered that there were 26,000 victims of GPS stalking each year, many of them by cellphone.

Last month Senator Franken held Senate Judiciary hearings on privacy which helped him collect data for this bill and shape its content. Of particular concern were the behavior of Apple and Google, which are said to make location data available to a large number of applications.

Beastly acts

Senator Al Franken

Franken: Right to Privacy

If the bill passes, they will be obliged to tell the user that location data is being held and specifically asked, on each occasion if it is okay to release that data to another company.

Franken says that Apple iPhones and Google Android smartphones automatically send location data from the phone to Apple and Google, even when the users are not using location applications. It has been suggested, and denied by Apple, that in Apple's case users have no way to stop this data collection.

Senator Franken is most concerned that a number of prior US Acts contradict one another, specifically the Cable Act and the Communications Act prohibit companies from freely disclosing customer location. while the Electronic Communications Privacy Act (ECPA) has a clause that allows smartphone companies, app companies, and phone companies to freely share their customer location data without consent.

The ECPA allows location collection when the internet is used on the phone. Franken wants these provisions changed and made explicit.

In April when this issue first broke, Apple put out a letter to satisfy customers that it was not overtly collecting location data and explained that it only collected a map of local hotspots and cell towers so that "if" an Apple customer asked for his or her location, it could then provide it quickly, combining GPS and cell tower triangulation.

We know where you live

But Apple insists that the data held on the iPhone is a small subset of this, and not usable by anyone else and that only an anonymous version of that data ever left the phone, and then it was encrypted. The Senators disagreed and said that they found many Apps which clearly have location data.

Apple continues to insist that it has not offered up this data to applications, which might then offload that data to remote databases, but the senators feel there is enough evidence so show that location privacy is being breached.

The bill calls on the National Institute of Justice to issue a study on the use of location technology in dating violence, stalking and domestic violence and to facilitate the reporting of these crimes to the FBI's Internet Crime Complaint Center.

It also calls on the Attorney General to develop a training curriculum so that law enforcement, courts, and victim advocates can better investigate and prosecute crimes involving the misuse of location data.

The bill will also create criminal penalties for so-called "stalking apps" which knowingly and intentionally disclose geo-location information when there is a potential for domestic violence or stalking to occur.

It also criminalizes knowing and intentional aggregation and sale of the location data of children 10 years old and younger. The bill has the support of a broad coalition of consumer protection and anti-stalking advocacy groups. If such US legislation passes, it is likely to provide a template for wider law-making around the world.

Copyright © 2011, Wireless Watch

Wireless Watch published by Rethink Research, a London-based IT publishing and consulting firm. This weekly newsletter delivers in-depth analysis and market research of mobile and wireless for business. Subscription details are here.

Bootnote

You can see Senator Franken introducing the Location Privacy Protection Act in this YouTube clip.

Protecting against web application threats using SSL

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.