Ensuring portable privacy

Banks, retailers and airlines face the 'opt-in' issue and other challenges.

In less than a year, wireless phones in the U.S. must begin providing location information as part of the government's attempt to help police and fire dispatchers locate people in emergencies. But privacy experts are already waving red flags, worrying that location information could be misused by marketers or stolen for illegal purposes. Their worries are sometimes extreme, with one privacy advocate recently wondering how long it will take before a lawsuit is filed because somebody stole location data to kidnap a child or stalk a stranger [News, Oct. 2].

Advocates say the problem with location data will become more worrisome because location technology will be available on all kinds of wireless devices, such as personal digital assistants and laptops equipped with wireless cards, not just wireless telephones.

The 1999 Wireless Communications and Public Safety Act permits release of location data in emergencies for wireless telephones, specifically, but the Federal Communications Commission's definition of what constitutes a phone is still legally unclear, says David Sobel, general counsel for the Electronic Privacy Information Center in Washington.

"We can't foresee how this location information will be abused, and most people consider it to be very personal," Sobel says. "The privacy protections for location information are not at all clear."

Will Data Find You?

The privacy of consumer location data is one of the key issues U.S. banks, retailers and airlines will face as they roll out services that send advertising and information to wireless users. Businesses will also need to bolster security to protect location and other private data and develop means of preventing wireless spamming, experts say.

Sobel says he hopes some clarity is brought to the issue at a Federal Trade Commission-sponsored public workshop starting today in Washington. Jodie Bernstein, the FTC's top consumer official, has already said the agency may initiate privacy rules on wireless but is also concerned about stifling the wireless industry [News, Oct. 9].

1pixclear.gif
1pixclear.gif
1pixclear.gif

Wireless Privacy Guidelines

The Cellular Telecommunications Industry Association adopted the following wireless privacy guidelines in October to be presented to the Federal Communications Commission and the Federal Trade Commission:

Consumers need to be informed that information on their location is being collected.

Consumers need a meaningful opportunity to proactively opt in for location services, and they should be made aware of exactly what's being collected.

Location information needs to be kept secure and correct, and consumers need meaningful access to their own location information.

These guidelines apply across the country, in all states; across all types of platforms; whether they be handhelds, wireless phones or PDAs; and across all the businesses involved, whether they be carriers, handset manufacturers or third parties.

Source: Cellular Telecommunications Industry Association, Washington

1pixclear.gif

The sanctity of location data falls squarely into the laps of U.S. businesses, especially wireless carriers. Businesses claim that they will respect the privacy of wireless users when sending digital coupons for stores that consumers are near, the location of the nearest cash machine or updates on a flight or hotel reservation by allowing users to "opt in" - or agree to participate in marketing programs that use their location data.

"We are very, very wary of blasting wireless customers with information," says Alan Young, vice president of technology at e-Citi, a division of Citigroup Inc. in New York. "Our rule is that customers are to be given an option to start services and given an opportunity to stop it."

But How?

The logistics of how consumers will opt in and out aren't well defined, analysts say, citing several concerns.

First, it would be impractical to put pages of privacy disclosure information on a four-line cellular phone screen for a user to click a button to opt in or out, analysts say.

So would the disclosure notice be provided when a phone is sold, or later, over a desktop PC hooked up to the Web? And would someone who opts in be able to easily opt out later? Analysts say it wouldn't be practical to expect a user to opt out during a business trip using a cell phone or other small wireless device.

Second, wireless spamming is a distinct worry, say several analysts and IT executives. A user might consent to a profile of notices he would like to see based on his location only to later be hit relentlessly by wireless ads, notices for local restaurants and shopping advice while walking down a city street and passing by stores equipped with Bluetooth, 802.11 LAN or wide-area wireless technologies.

"Picture the scenario of somebody walking into a mall and being bombarded with information from all the stores," says Joy Marshall, manager of the E-business Frontiers group at Wachovia Corp. in Winston-Salem, N.C. "We've got tremendous concern about how location-based technology will aggravate customers."

What's in It for Me?

A major deterrent to pushing wireless ads and information, whether they're location-based or just pushed, will be the cost, since wireless users in the U.S. pay for the cost of sending as well as receiving calls and data, says Alan Reiter, an analyst at Mobile Internet & Wireless Computing in Chevy Chase, Md.

Analysts at IDC in Framingham, Mass., and LM Ericsson Telephone Co., the Swedish handset manufacturer, say studies of wireless users in Europe and the U.S. show that consumers are willing to accept personalized ads if they get something in return, such as a free information service or airtime [Computerworld.com, Nov. 9].

Analysts say there are also concerns that a bank could sell data on customers to retailers that might want to attract people who have recently retrieved cash from nearby ATMs.

Which raises the third major concern: Who owns the data?

"A consumer theoretically could say whether he wants his location kept secret or not when he signs up for a wireless service, but the real question is who owns that location information? It's not clear,'' says John Pescatore, an analyst at Gartner Group Inc. in Stamford, Conn. "Legislation or other rules need to require opting-in for service."

Several cellular carriers such as Sprint PCS Group in Kansas City, Mo., and AT&T Corp. say they use the existing information on the location of a phone (which is now based on the nearest cellular tower) only to make connections and bill calls. All the cellular carriers interviewed by Computerworld for this report said they intend to guard that information unless consumers want it used.

But that's only for the time being, analysts say, because marketing groups, ad agencies and other businesses will be actively trying to gain access to the location data - which could, in turn, be sold widely.

In the hopes of lessening the need for government regulation, the Cellular Telecommunications Industry Association (CTIA) in Washington, which represents more than 140 carriers and hardware makers, passed a set of guidelines in October for cellular privacy. A CTIA spokesman says the group hopes the guidelines will gain acceptance by carriers and businesses that will send out wireless ads.

"Worries about Big Brother with location services are premature," says Travis Larson, a CTIA spokesman. "We're getting out in front on what emergency 911 services will mean. After they take effect next October, obviously, commercial location services will follow, and we want consumers to be comfortable knowing that there are industrywide guidelines to protect their privacy."

The CTIA guidelines make it clear that consumers would know exactly how the data would be used and would have meaningful access to the data to ensure information is accurate and that the same information would apply to all types of devices.

Carriers say they're having active discussions within their companies about the privacy concerns of wireless location data as well as the business benefits. "We don't know how location data will be managed or who is going to retain the information, because the technology is not even fully widespread for commercial availability," says AT&T spokesman Ritch Blasi.

AT&T, in Basking Ridge, N.J., is the wireless carrier for an ongoing location services trial in Denver.

Visa International Inc. in Forest City, Calif., is monitoring reaction to a location-based services trial in an undisclosed market in Asia before moving forward, says Philip Yen, executive vice president of e-Visa.

Visa recently began requiring member merchants to post their privacy policies on their Web sites and is favoring a policy that will require opt-in for location services, he says.

But, Yen adds, he's not confident that "natural forces" such as self-policing by the wireless industry and third-party businesses will be enough to protect wireless privacy.

Airlines Ready for Action

At United Air Lines Inc., officials are eager to let passengers use wireless devices to check in for flights once they are within a certain distance of the gate. Someday, a short-distance wireless technology such as Bluetooth will also monitor when the person passes through the gate, says Dan Black, director of e-commerce systems at United Networks, a new network technology division of Chicago-based United.

"I would be worried about keeping location data on customers," Black says. "I would not even want to see that data, but I think the carriers are going to sell me that."

Black says he's hopeful that wireless consumers will be able to set general location preferences, such as allowing only a spouse and parents access to location information.

Best Buy Inc. in Minneapolis recently began selling its wares via wireless connections. Company officials believe that "a segment of the market wants to be alerted to sales opportunities when they are in proximity to a store," says Mark Ebel, director of digital communication services for the retailer. "But if you thought you had to be careful to privacy before, wireless means you have to be extremely sensitive to privacy."

Related stories:

For more coverage of this issue, visit Computerworld's Focus on Privacy page.

Copyright © 2000 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon