Senate Tackles Mobile Location Restrictions—And Does So Very Poorly

Written by Evan Schuman
July 6th, 2011

Two U.S. Senators have introduced a pair of competing bills intended to make it more difficult to track consumer locations on mobile devices, which is a very rich area for retailers. But the bills suffer the same critical flaws that have inflicted earlier Senate technology efforts—such as one dealing with data-breach disclosures and another trying to limit E-Commerce tracking attempts—namely that they are sufficiently vague to completely undermine the intended restriction.

The first bill, introduced by Senator Al Franken (D-Minn.), is called The Location Privacy Protection Act of 2011. It is trying to force telcos and retailers to get the consumer’s “express consent before collecting his or her location data and to get that customer’s express consent before sharing his or her location with third parties.” The second bill, introduced by Senator Ron Wyden (D-Ore.), is called The Geolocational Privacy and Surveillance (GPS) Act. It is designed to restrict how government investigators can access mobile-location data.

The key problem is that these bills are focused on location-based mobile services, and they tend to forget that the most common location-based mobile service is getting the phone to ring when receiving a call. Second, there are no significant instructions about how telcos are supposed to notify consumers and get their consent.

This creates a very easy way to comply with the wording of the law, while cleanly sidestepping its intent. What’s to prevent a company from burying a few extra lines in the middle of the small-print legal documents that consumers need to agree to before receiving phone service? Something like “We need to know your phone’s location so your calls will reach you. Accepting this service will mean that we may therefore track your location. We sometimes use third parties to help route and manage our calls. Accepting this service means that we have permission to share with these firms the data they need to perform their duties.”

That sounds innocuous—for the nine people who end up reading the fine print. But there’s no viable way for the consumer to opt out. But there’s a better way: Force telcos to offer two services—one with tracking to make the phone ring and to support emergency services and one with all tracking enabled. And then borrow the techniques from the U.S. Surgeon General, whose cigarette warning dictates font size in relation to the package size and specifies the exact wording.

Senator Franken’s bill, though, has an honorable objective. Here’s part of The Location Privacy Protection Act of 2011’s summary.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.