[e-privacy] RE: e-privacy Digest, Vol 9, Issue 20

[info at dataprotection.it]

Tech.gov
>From the DMCA to voice over IP, from Congress to the courts, Senior Editor
Anush Yegyazarian looks at tech policy and its impact on you.
 
 
 
  Don't Call Me, I'll Call You
 
A cell phone directory is in the works, along with legislation to keep it
private. Is this a good thing? 


Anush Yegyazarian, PC World
Wednesday, September 29, 2004
Not too long ago, I was trying to meet up with friends at an outdoor concert
in the park. We had chosen a really good, well-marked meeting place--which
dozens of other people and their closest friends were also using to
rendezvous because it was a good, well-marked place. Wanting to avoid
another 20 minutes of wandering through crowds of people taller than me, I
whipped out my handy cell phone. Problem solved, right? Wrong. My friend
didn't have her phone with her because she was with her significant other,
who brought his. And I don't have his number programmed in my cell.

  
  Advertisement  
   
   
 
  
About 25 minutes later, I finally found them the old fashioned way--we
bumped into each other. But it would have been really nice to be able to
call 411, get his number, and save the time and hassle.

Six of the major wireless carriers (Alltel, Cingular, AT&T Wireless, Nextel,
Sprint, and T-Mobile) have collaborated on a plan for a cell phone directory
set to go live in 2005. It's an opt-in plan in which your number won't be
listed, they promise, unless you give them permission. (Verizon is the
notable holdout, claiming that no way no how will it compromise its
customers' privacy in this way, as a Verizon executive explained in a speech
at The Yankee Group's Wireless Leadership Summit.)

Congress, thinking ahead for once, plans to make the carriers' opt-in
promise law and give you some privacy protections from the get-go--via the
Wireless 411 Privacy Act (S. 1963). As of this writing, the bill has just
gotten out of committee and should come before the Senate for a vote in the
near future (as should the SPYBLOCK bill, which I discussed in a recent
column). The corresponding House bill, still in committee, is H.R. 3558.

But is legislation necessary? My answer is yes--and no.


What Listing, Please?
The directory plan, as set out by proponents in the September hearing on the
Senate bill, includes some good privacy safeguards.

First and foremost, it's strictly an opt-in plan, requiring your permission
for your cell number to be included in the database. There's no cost to you
to opt in initially or to opt out later. Second, the database will exist
only within Qsent, the company that will compile the data and make it
available to the 411 services on an as-needed basis--meaning only when
someone calls 411 and specifically asks for a person's number. The 411
operators will never store or maintain a list of the numbers in the
database. Third, no printed or electronic directory will be created, aside
from Qsent's database. Your cell number isn't going to appear online,
available to any kook with an Internet connection. 

Not bad.

There's already legal protection from telemarketers: 1991's Telephone
Consumer Protection Act (Title 47, U. S. Code Section 227) prohibits
autodialed calls to cell phones. And let's not forget the popular Do Not
Call Registry, which you can use to protect your cell number as easily as
you can safeguard your landline (over 62 million telephone numbers are
already permanently set on "do not call").

So what do we need more cumbersome laws for?


Promises, Promises
It's not that we don't trust you--but we don't trust you. That's the
consumer perspective on the plan as it stands today. While it sounds pretty
good, there's nothing stopping any of the carriers, or Qsent, from changing
their minds later on and leaving us up the cellular creek without a privacy
paddle.

The carriers claim they won't betray their customers' trust: In the
ultra-competitive cell phone service market, that's reason enough to lose
customers and ultimately, sink the business. That's true, but we've been
burned before--other companies have changed their minds about privacy
policies in both dire circumstances (dot-com fire sales, anyone?) and
not-so-dire ones. I'm not about to say no to a little legal guarantee that
must-opt-in won't suddenly change to must-opt-out via Byzantine and
expensive methods.

Moreover, I'm paying for incoming call minutes on my cell, so I want legal
safeguards in place to make sure my money and my time won't be wasted.

The Wireless 411 Privacy Act helps with some of that, but not with all of
it.


A for Effort, C+ for Execution
In his testimony before the committee, Marc Rotenberg, executive director of
the Electronic Privacy Information Center, made some significant and spot-on
critiques of the proposed bill.

First, it's opt-in for existing subscribers, which is good. But new
subscribers need to opt out, which is bad--especially since new subs include
customers who switch from one service to another, and who presumably had
already set a preference and may now be stuck with the wrong default.

Second, though the bill prohibits the creation of a published directory, it
says nothing about selling data to third parties. Selling data should
definitely be a no-no, spelled out in the bill.

Finally, the bill seems to allow sharing of even more information than the
carriers' plan does because it defines "wireless telephone number
information" to mean not only a name and cell number, but also an e-mail
address, physical address, and "any other identifying information by which a
calling party may reach a subscriber." Just because I let someone call my
cell phone does not mean I want them to know my address, too; one should not
automatically go along with the other.

Rotenberg also argues there should be explicit recourse if you're included
in the directory but did not want to be. He adds that the bill should
clearly be a floor--a minimum level of protection--and not a ceiling, so
that if states want to add even more privacy protections, they can.

I have some additional concerns that Rotenberg did not mention. At this
point I'm not convinced that a hard and fast ban on the creation of a
published directory is appropriate. For now it may be best, but the
situation may change as more people abandon traditional land lines in favor
of cell phone service. Eventually, it may be desirable to at least give
people the option of having--and being included in--a published listing of
cell numbers.


To Forward or not to Forward?
Another issue I'd like to see the bill address: Ideally, I, as the recipient
of a potentially unwanted call, should not be charged for it. At the very
least, I should be charged less for it than for a standard incoming call.
The challenge for carriers is figuring out which calls are unwanted. People
I haven't given my number to are likely to use directory assistance to reach
me, and many of these calls may be unwanted. So if directory assistance
could be limited to forwarding calls instead of giving out cell phone
numbers, carriers could track and discount that usage from consumers' bills.

This isn't the most elegant of solutions, I grant you; but it is the one
with minimal hassle and hit-to-the-wallet to the person called, at least
with current technology.

The Senate bill does address forwarding calls and masking the recipient's
number, but doesn't address service fees.

The forwarding clause in the bill is controversial for other reasons. It
tries to set up a service so that you know the identity of a caller before
you accept the call, much as you now do with a collect call. Both Epic.org
and proponents of the directory feel that the wording of the bill constrains
potential service offerings (for example, someone may choose to be listed
with forwarding only, but not in a general directory). Moreover, Qsent
argues the bill aims for the type of positive identification that doesn't
exist right now: Callers could lie about who they are, and even caller ID
services such as those available for landlines may provide misleading
information on calls from unlisted numbers or telephones in public places,
such as a conference room or pay phone.


Go Ahead, Call Me
According to a recent Federal Communications Commission study, 161 million
people had cellular phone service as of the end of 2003, up from 142 million
in 2002. Many of those people use their cell phones as their primary phone,
or even their only phone. Real estate agents, contractors, and the like, who
spend more time out of the office than in, rely on their cell phones to keep
in touch. And many businesses ask employees to list their cell numbers on
business cards, or on internal company lists. For a significant number of
people, cell phones are no longer just for emergencies or a small circle of
family and friends.

If such people are willing to be part of a directory, and we get strong
privacy protections to go along with it, I should be able to dial 411 and
reach those people, and they, me. But I want a directory that provides cell
numbers and names only, with a bit more privacy safeguards than the bill in
Congress