FCC Smartphone App Raises Privacy Concerns

Privacy promises abound in a beta version installed by a Communications Daily reporter. It’s available for Android devices at http://bit.ly/1adhTgG. Various screens tell the user that private information will be collected but stripped out before publication of any final reports. By default, the app uses GPS, which provides exact latitude and longitude coordinates. A settings page lets the user change location information to “Mobile Network,” which will capture less granular location information.

Pop-ups and information pages displayed before and after installation inform the user that location information will be collected, but the app page clarifies: “No unique or persistent identifier is associated with any data we collect from you.” That sentence is hyperlinked -- if the user clicks it, a pop-up screen elaborates: “We do not label the data we collect from you with anything that would directly identify your handset. Because your data is part of an anonymous pool that includes information collected from all participants, the risk of someone being able to successfully identify an individual from the data is minimal."

Amie Stepanovich, director of the Domestic Surveillance Project at the Electronic Privacy Information Center, is wary. “Location information is incredibly easy to match to a person,” she said. It’s likely that everyone will have two points they visit every day -- work and home -- and research has shown that with only four data points, someone can determine “exactly who you are, from the entire universe,” she said.

A user must wade through several information pages before the app starts collecting data. A privacy page specifies the “five kinds of information” it will collect: location information; time of data collection; handset type and operating system version; cellular performance characteristics; and broadband performance info such as upload speed, download speed, latency and packet loss.

Upon clicking “Next,” the user is presented with further terms of use, explaining what the data collected will be used for. It’s “helpful for consumers, the FCC, and others interested in understanding mobile broadband in the United States,” the app says. The data may be shared within the FCC for its Measuring Broadband America report, “and to support our development of broadband policy.” The data will be shared with the FCC’s third-party contractor, SamKnows. “Aggregated averages and minimally necessary datasets” will be made available to the public, the app says. “These highly aggregated statistics pose very low risks to your privacy."

"The FCC is making a big data play at a time when public sensitivity is heightened with respect to data collection by the government,” said Omer Tene, vice president-research and education at the International Association of Privacy Professionals. On one hand, Tene said, there’s a “clear value proposition” both for users of the app and for the public at large. On the other, the FCC should comply with mobile privacy and transparency best practices currently being advanced by the FTC, the California attorney general, the Future of Privacy Forum and others, Tene said. Those best practices advocate “enhanced notice to the collection of sensitive data such as granular location information and unique device IDs, as opposed to legalese buried in a privacy policy,” he said.

FCC officials have spent the past year thinking about the best way to protect users’ privacy. Despite “very valuable research benefits” that come from having the ability to identify what data was produced by what particular handset, agency attorney James Miller said earlier this year that including that element introduces too may risks.

Upon reviewing the app’s privacy disclaimers, Stepanovich found a “failure in regard to transparency about the identity of [the FCC’s] third party partners, what information can be shared, and in what form.” The app “says that the data is not connected to a number that would directly identify the owner of the phone, but not that it isn’t segregated by person, which is where the risk lies for re-identification,” she said.

The app’s privacy page promises further protection. “Prior to release of this data, the FCC and researchers skilled in the field of statistics and computer science will identify patterns in the raw data that could be exploited to compromise your privacy,” it says. “If we find concerns, we will take steps to address the risks by making the time, location or other information less specific, limiting the combinations of information we release, or deleting information.” The final data will be published “in a processed and coarsened form,” it says.

The FCC might have the best of intentions, but “there are other agencies in the government that might want this information,” Stepanovich said. If the FBI seeks information in order to investigate a case, “is the FCC going to give them that information?” she asked. And will that individual be alerted? “None of this has been indicated,” she said.

When the user clicks “Run now,” the app brings up a stylized clipboard with graph paper, on which test results are displayed. Sample tests run by a Communications Daily reporter on T-Mobile’s LTE network in Washington showed wildly divergent results. A test run indoors found a download speed of about 25 Mbps, and an upload speed of 6 Mbps; a test outdoors saw 6 Mbps down and 20 Mbps up. An additional outdoor test found near 7 Mbps down and only 200 kbps up. The three mobile broadband tests used 86 MB of data.