CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

E911--aid or intrusion?

CNET News.com's Declan McCullagh examines the FCC debate about whether to keep undisclosed the location of a person using a mobile phone to browse the Web or send text messages.

I recently bought a Nokia 3650 cell phone, a curvaceous feat of engineering that includes a video camera, Bluetooth, Symbian's Java operating system, and Internet connectivity. About the only feature the Nokia lacks is a Global Positioning System (GPS) receiver.

But it turns out that even without a GPS receiver--which can calculate someone's location through satellite positioning--your wireless provider may still be collecting and recording pretty detailed information about your whereabouts.

What's mildly disturbing is that the legal standards governing who has access to that location information remain unclear. For instance, your location could be private when making voice calls, but disclosed when you're browsing the Web or sending SMS text messages. Courts have not offered much guidance so far, although the Federal Communications Commission set a deadline of last Friday for public comments on whether it should start an E911 proceeding that might clarify matters.

First, some history. In 1997, the FCC ordered the wireless industry to jumpstart so-called , which lets a cellular provider determine the location of a cell phone to within several hundred feet. The justification was the obvious one: Without a way to determine the physical location of someone who dials 911 in an emergency, lives might be lost.

Since then, the FCC has made the requirements more detailed. If a wireless company uses a handset-based technique (such as Assisted GPS) in the phone, it must be able to pinpoint callers to about 165 feet for 67 percent of their calls, and to about 495 feet for 95 percent of their calls. Verizon Wireless, Sprint PCS and Nextel Communications have chosen this route.

Companies that locate a customer through network techniques--such as triangulating position using multiple cell towers--have more leeway. They must be able to locate callers to about 330 feet for 67 percent of their calls, and to about 990 feet for 95 percent of their calls. AT&T Wireless, Cingular Wireless and T-Mobile have taken this network approach.

Your wireless provider may be collecting and recording pretty detailed information about your whereabouts.
In 1999, Congress stepped in with a law called the Wireless Communications and Public Safety Act. (The scenario it was intended to prevent: Walking by a McDonald's and getting spammed with unwanted electronic coupons or advertisements.) The law states that people who use a "commercial mobile service" only consent to the disclosure of their "call location information" if they give "express prior authorization."

Well, that law created more problems than it solved. Mobile service within in such a Byzantine manner that nobody knows whether it covers only voice calls, or data communications as well. In addition, U.S. cellular companies have filed comments with the FCC giving their sometimes inconsistent interpretations of the law.

Because location information is not defined, Cingular has concluded that it can disclose the location of the nearest cell tower--which could pinpoint a customer to within a few blocks, in a large city--without the customer's consent. The meaning of prior authorization has become a legal quibble fest: Nokia asserts that consent can't be implied and must be explicit, while other companies, such as Leap Wireless, argue that consumers imply consent when using cellular devices to access Web-based services like Mapquest.com.

The FCC once considered drafting regulations to clear things up, but then inexplicably abandoned the project, which the Cellular Telecommunications and Internet Association had requested. In a July 2002 decision, a majority of the commissioners said: "Because we do not wish to artificially constrain the still-developing market for location-based services, we determine that the better course is to vigorously enforce the law as written, without further clarification of the statutory provisions by rule."

To his credit, FCC Commissioner Michael Copps dissented. Copps said the commission needed to step in because "serious definitional questions and disagreement between commenters about how this (location privacy) protection will function remain unaddressed."

Cingular has concluded that it can disclose the location of the nearest cell tower...without the customer's consent.
Copps is right. Congress should have stayed out of the location privacy debate in the first place. After all, the wireless market is intensely competitive. And if one company becomes too intrusive with GPS-enabled ads, others will be happy to seize the opportunity to offer more reasonable alternatives. But now that Congress has acted, it would be helpful for businesses and consumers to know what the law actually means.

"Nobody knows," said David Sobel, general counsel for the Electronic Privacy Information Center. "We said at that time that these were open questions that the commission should address. And we even said that if they determine that the coverage of the requirements was only limited to cell phones, that they should recommend to Congress that there should be a technology-neutral privacy standard for all location technology. They declined to do that. That confusion remains."

Meribeth McCarrick, a spokeswoman for the FCC, told me on Thursday that the agency could not comment on a pending proceeding. "I cannot speculate what we will do with the comments we receive, since the comment deadline hasn't passed and we're in the middle of establishing a record at this point," she said.

Until the FCC acts, there's always the self-help technique. A company named MobileCloak is selling for $24 a nifty frequency-deadening pouch, in which you can put your wireless device when you really, really don't want to be tracked by anyone at all.