“When mobile carriers use their control of customers’ devices to collect information about customers’ use of the network, including using preinstalled apps ... carriers are required to protect that information,” the FCC said in a statement today. “This sensitive information can include phone numbers that a customer has called and received calls from, the durations of calls, and the phone’s location at the beginning and end of each call.”
The FCC began looking into expanding its privacy rules to wireless devices in response to allegations that the mobile software company Carrier IQ was logging users' keystrokes. Carrier IQ has always denied that it logged keystrokes, but acknowledged in a 2011 report that an unintentional glitch allowed some SMS messages to be collected. However, Carrier IQ says those messages were never decoded or made available in “human readable form.
The FCC's decision today makes clear that carriers must treat data about phone calls as private regardless of the type of device the calls are made from. But the ruling doesn't appear to apply to a host of other data that can travel on wireless networks -- including SMS calls and emails.
Today's FCC move also doesn't affect device manufacturers or operating system developers or third-party apps -- all of whom might collect information from consumers. Commissioner Jessica Rosenworcel pointed out some of those issues today. “Dial a call, write an e-mail, make a purchase, post an online update to a social network, read a news site, store your family photographs in the cloud, and you should assume that service providers, advertising networks, and companies specializing in analytics have access to your personal information. Lots of it-- and for a long time,” she wrote in a statement supporting the ruling. “Our digital footprints are hardly in sand; they are effectively in wet cement.”
She adds that the rules issued today apply only to carriers. “They do not apply to the manufacturers of wireless phones. They do not apply to the developers of operating systems,” she wrote. “Consumers can be confused by these distinctions.”
Of course, even when the FCC tells companies to protect consumers' privacy, judges can still order telecoms to disclose information to authorities like the National Security Agency. In fact, revelations about widespread NSA surveillance came up in today's decision. “The privacy of Americans' phone records is a topic that has been in the news quite a bit lately,” Commissioner Ajit Pai wrote in a concurring statement. “This morning, the Commission tackles a small piece of this subject that hasn't made the headlines.”