Your Cellphone is a Homing Device

Don't want the government to know where you are? Throw away your cell, stop taking the subway, and pay the toll in cash. By Brendan I. Koerner IF YOU PURCHASED A NEW CELLPHONE over the past 18 months or so, odds are that one of the features listed in small print on the side of the box was "E911 capable." Or, as in the case of my latest Motorola, "Location technology for piece [sic] of mind." Perhaps you asked the salesman to explain the feature, and he replied that it means that cops can home in on your phone in case of an emergency, a potentially important perk should you ever find your hand pinned beneath an immovable boulder in rural Utah, as Aron Ralston did recently. Assuming he could have gotten a signal, an E911-capable phone might have saved the young backpacker the pain of having to amputate his own arm.

What your salesman probably failed to tell you—and may not even realize—is that an E911-capable phone can give your wireless carrier continual updates on your location. The phone is embedded with a Global Positioning System chip, which can calculate your coordinates to within a few yards by receiving signals from satellites. GPS technology gave U.S. military commanders a vital edge during Gulf War II, and sailors and pilots depend on it as well. In the E911-capable phone, the GPS chip does not wait until it senses danger, springing to life when catastrophe strikes; it's switched on whenever your handset is powered up and is always ready to transmit your location data back to a wireless carrier's computers. Verizon or T-Mobile can figure out which manicurist you visit just as easily as they can pinpoint a stranded motorist on Highway 59.

So what's preventing them from doing so, at the behest of either direct marketers or, perhaps more chillingly, the police? Not the law, which is essentially mum on the subject of location-data privacy. As often happens with emergent technology, the law has struggled to keep pace with the gizmo. No federal statute is keeping your wireless provider from informing Dunkin' Donuts that your visits to Starbucks have been dropping off and you may be ripe for a special coupon offer. Nor are cops explicitly required to obtain a judicial warrant before compiling a record of where you sneaked off to last Thursday night. Despite such obvious potential for abuse, the Federal Communications Commission and the Federal Trade Commission, the American consumer's ostensible protectors, show little enthusiasm for stepping into the breach. As things stand now, the only real barrier to the dissemination of your daily movements is the benevolence of the telecommunications industry. A show of hands from those who find this a comforting thought? Anyone?

GPS tracking is already a staple of workplace surveillance, especially for those not bound to desks. Trucking companies have long outfitted their fleets' semis with devices that monitor how long and how frequently a driver stops to rest. Now the vogue is for smarter GPS versions, which can pinpoint exactly where each truck stops en route. A New York Times article reported on a Texas company that busted an employee whose vehicles had been spending on-the-job time in the parking lot of a strip club.

The difference between that and E911 tracking is the nature of the relationship between the tracker and the trackee. Private-sector employees are essentially at the mercy of their bosses, a power dynamic that the courts have affirmed again and again. When using company-issued equipment, there is no "expectation of privacy," perhaps the most important legal test in deciding whether incriminating data was obtained lawfully. That's why The Times was able to check the cellphone records of the disgraced reporter Jayson Blair, who was fired for fabricating interviews and facts. The records revealed that on days that Blair professed to be reporting from West Virginia or Maryland, his calls were routed through cellphone towers in New York—ironclad evidence that he'd never actually left home.

Obviously, Verizon and I have a vendor-customer relationship, not a boss-underling one. But the matter is complicated by the public nature of E911 information: It is designed to be shared with emergency services. So a police-friendly judge could easily decide that with this third, governmental player involved, no cellphone user should count on privacy, at least as far as location data goes. Which way the courts will lean, though, is anybody's guess; as of this writing, no criminal case involving E911 has yet materialized.

Handwringing over prickly privacy issues has, of course, inspired many books in recent years. The most popular viewpoint is that espoused in Jeffrey Rosen's The Unwanted Gaze: that electronic records are too accessible and that laws are needed to guarantee that certain data will rarely see the light of day. A smaller—and, frankly, geekier—crowd advances the thesis of David Brin's The Transparent Society, which amounts to the following: "Privacy is vanishing. Get over it." Brin, a sci-fi author, contends that the end of privacy as we know it needn't necessarily mean an Orwellian future, because technology will allow citizens to monitor the authorities, too.

Much of the academic discourse has focused on what can be termed "fixed surveillance": websites that track user preferences, bosses who covertly scrutinize employee performance, companies that leak employee medical records to insurers. Tracking a person's physical movement throughout the day is a new type of violation, one that naturally conjures up rather nasty comparisons to the East German Stasi and similarly thuggish outfits. It's one thing for Amazon.com to suggest that, judging by my past CD purchases, I may enjoy the new Mobb Deep album, and quite another for Amazon to spam my phone with a message beginning, "We notice you are standing in a Tower Records store. Did you know that Amazon is selling the new Mobb Deep album for $2 less than Tower?"

THE WIRELESS INDUSTRY HAS A NAME FOR SUCH CUSTOM-TAILORED HAWKING: "location-based services," or LBS. The idea is that GPS chips can be used to locate friends, find the nearest pizzeria, or ensure that Junior is really at the library rather than a keg party. One estimate expects LBS to be a $15 billion market by 2007, a much-needed boost for the flagging telecom sector.

That may be fine for some consumers, but what about those who'd rather opt out of the tracking? The industry's promise is that LBS customers will have to give explicit permission for their data to be shared with third parties. This is certainly in the spirit of the Wireless Communications and Public Safety Act of 1999, which anticipated that all cellphone carriers will feature E911 technology by 2006. The law stipulated that E911 data—that is, an individual's second-by-second GPS coordinates—could only be used for nonemergency purposes if "express prior authorization" was provided by the consumer.

"But no one clearly understands what that means," explains David Sobel, general counsel for the Electronic Privacy Information Center, which has repeatedly petitioned the FCC for a clarification of the law's language—to no avail. " 'Express prior authorization' has never been fleshed out." Think about the consent process in the realm of software law, where a user must click "I agree" to a licensing agreement in order to install the program. A user irked by some aspect of the agreement can select "I do not agree," but that prevents the software from being installed, which makes the product essentially worthless. There's nothing stopping a cellphone carrier from instituting a telecom equivalent of the shrinkwrap license—when you break the seal on the box and activate the phone, you agree to abide by the company's conditions. One of those could easily be, "I authorize for my location data to be shared with third parties."

This could very well be the case with my Motorola, one of those spiffy picture phones advertised on TV every 60 seconds. The thick user's guide makes no mention of the GPS chip's privacy implications; Verizon Wireless's website is devoid of any specific language relating to location privacy. The technology industry's attitude toward end-user licenses seems to be "Don't worry, it's too complicated for you to understand." When I asked to be pointed in the direction of Verizon's E911 privacy policy, a company spokesman named Jeffrey Nelson told me, "We don't have a policy, because we're not offering any location-based services at this time." I pushed a little, pointing out that the phones are still GPS-enabled and thus remain able to collect data. "What I can say," Nelson responded, "is that in all of our internal discussions, we do acknowledge the importance of very healthy opt-in promises."

The libertarian counterargument would be that the market will ultimately favor privacy, since most consumers would balk at onerous privacy terms. Smart companies will eventually differentiate themselves from the pack by getting serious about privacy, and the advantage will go to the carrier that can honestly claim, "We're the ones who protect your data, unlike the folks at XYZ Communications, who sell your restaurant habits to the highest bidder." Governmental privacy laws, this line of logic goes, are an unnecessary burden on the private sector.

But laissez faire hasn't really worked as a way of protecting consumers online. Partly it's their own fault. Consumers do a poor job of reading and understanding the privacy statements of the websites they visit. Given the complexity of these sites, though, can you blame them? No one would shop online, or even surf, if it meant reading a long slab of legalese for each site. Cookies? Registration forms that ask for a home address, age, and income? Anything to get that cool Shockwave game a little faster. John Soma, a University of Denver law professor and the author of Computer Technology and the Law, explains that consumers are easily seduced into giving up their privacy: "If you were at a McDonald's in downtown Denver, and you agreed to give everyone three free Big Macs, fries, and a shake if they'd sign away their DNA, you'd have 200 people lined up." Since medical information is considered more sensitive than, say, mere web browsing habits—think of how your insurance company would love to factor your genetic predispositions into their actuarial tables—the inducements to obtain other types of data needn't be that lavish. And once signed away, privacy is hard to recoup.

Consumers may also be quite willing to accept an erosion in privacy in exchange for a sweet enough reward. Take the growth of wireless "communities," groups of cellphone users who swap text messages about The Lord of the Rings, pro basketball, or whatever interests they share. As a recent Marketplace report noted, these groups need corporate sponsorship to survive and grow, since most draw no revenue. If the choice eventually comes down to catching the latest Frodo Baggins gossip or staving off Kmart spam, many aficionados will accept the spam. Finnish hunters are already signing up in droves for "dog radar," which allows them to use their cellphones to pinpoint their wandering hounds, who bear GPS locators in their collars. It would take a cold heart to give up on protecting Fido merely because he gives away your location when you take him for a walk.

Then there are LBS companies like Calgary's Cell-Loc, which plans to pitch its location service to worried parents. "I have a daughter turning 16, and I know I'm getting her a cellphone for her birthday," one Cell-Loc employee told The Toronto Star. "She'll be like, 'Great, Mom, thanks for the phone.' I'll be like, 'No problem, I'm going to be tracking your every step.' "

Corporate data collectors do their best to present a trustworthy image, but they haven't always been entirely forthcoming about the details of their practices. Early adopters of the TiVo digital video recorder knew that the box somehow uses the Internet, since it needs to be plugged into a telephone jack. But it wasn't until the Privacy Foundation attached a "sniffer" to a test unit that TiVo's true nature was revealed. Every night, the recorder transmits the day's viewing records back to the company's servers—which channels were viewed when, when the volume was turned up and down, even the device's internal temperature. (That's not to mention TiVo's habit of recommending shows to viewers based on their past viewing habits, a feature that has famously vexed homophobes, who worry that a peek at a Miss America pageant will convince their box to recommend "gay" fare.) None of this was revealed in TiVo's brochure, which contained only a vague privacy pledge that records are stripped of identification markers—and a statement that the company's privacy policy was subject to change.

Despite Congressional testimony by Privacy Foundation founder Richard M. Smith, the TiVo revelation stirred only the barest of public outcries and did nothing to push forward privacy legislation. That's not a surprise, as Congress has always been slow to recognize the privacy implications of new technologies. Unauthorized wiretapping wasn't outlawed until 1967, 91 years after "Mr. Watson, come here, I want to see you," and 77 years after Louis Brandeis and Samuel Warren's famous Harvard Law Review article on the importance of privacy as a legal concept. As Rosen writes in The Unwanted Gaze, "The politics of privacy tends to be largely reactive, fired by heartstring-tugging anecdotes that capture the public imagination." Not until after The Washington City Paper published Judge Robert Bork's video-rental records in 1987, for example, did Congress pass the Video Privacy Protection Act, which outlawed that kind of disclosure. At the intersection of privacy and technology, the legislative wheels require considerable grease to start turning.

There's also a substantial anti-privacy lobby, composed of industry front groups that view tough privacy laws as potential revenue killers. The Online Privacy Alliance and the Privacy Council may sound like muckraking Naderite organizations, but they're pure "Astroturf," fake grass-roots lobbies that hammer home the message that privacy restrictions hurt American business.

Law enforcement likewise views privacy laws as an impediment, especially now that it has grown accustomed to accessing location data virtually at will. Take the MetroCard, the only way for New York City commuters to pay their transit fares since the elimination of tokens. Unbeknownst to the vast majority of straphangers, the humble MetroCard is essentially a floppy disk, uniquely identified by a serial number on the flip side. Each time a subway rider swipes the card, the turnstile reads the bevy of information stored on the card's magnetic stripe, such as serial number, value, and expiration date. That data is then relayed back to the Metropolitan Transportation Authority's central computers, which also record the passenger's station and entry time; the stated reason is that this allows for free transfers between buses and subways. (Bus fare machines communicate with MTA computers wirelessly.) Police have been taking full advantage of this location info to confirm or destroy alibis; in 2000, The Daily News estimated that detectives were requesting that roughly 1,000 MetroCard records be checked each year.

A mere request seems sufficient for the MTA to fork over the data. The authority learned its lesson back in 1997, when it initially balked at a New York Police Department request to view the E-ZPass toll records of a murder suspect; the cops wanted to see whether or not he'd crossed the Verrazano Narrows Bridge around the time of the crime. The MTA demanded that the NYPD obtain a subpoena, but then-Justice Colleen McMahon of the State Supreme Court disagreed. She ruled that "a reasonable person holds no expectation of confidentiality" when using E-ZPass on a public highway, and an administrative subpoena—a simple OK from a police higher-up—was enough to compel the MTA to hand over the goods.

What McMahon was advancing, in effect, was an extension of the rationale behind the rules governing "pen register" and "trap and trace" surveillance of phone lines. While police need a warrant to listen in on the content of calls, they do not need judicial warrants to monitor the phone numbers a person calls or is called from. The phone company already knows what numbers you are dialing, and their existence as a knowing third party means that you should not expect this data to be kept private—or so the logic goes. On the Verrazano Narrows Bridge, how could a toll transaction between a driver and the MTA be private, since the bridge is a public space with a zillion other drivers (third parties all) around to witness it? It doesn't take a genius to see how this argument could be extended to location data obtained through E911; if the emergency operator can get access to your GPS coordinates, how can you expect privacy? It's not like the cops are asking to know what you talked about, only where you were.

The 2002 Washington State case State v. Jackson is perhaps the only other instance of the use of location data being contested on appeal, and the conclusion was similar. In the absence of laws specifically addressing GPS, the court ruled that the police didn't need a warrant to attach a tracking device to a suspect's vehicles. The vehicle was in plain view, and the cops weren't intercepting any "communication"; in other words, the tracking conformed to the "trap and trace" standards. Never mind the obvious stretch of applying wiretap laws from the 1960s to such a novel technology.

Any time the police are allowed to act without obtaining a judicial warrant, it is natural to be concerned about whom they're accountable to. How much evidence must a detective present before he or she is given access to someone's subway habits? How easy would it be for the men and women of the 10th Precinct, right behind my apartment in New York City, to find out that I'm fond of taking the F train to East Broadway on Sunday mornings? How about the GPS data from my Motorola? The NYPD's lips are apparently sealed about this matter; despite repeated phone calls and a formal written request, spokesman Detective Walter Burnes did not respond to questions.

The Department of Justice is equally silent on the topic. I submitted a request to the organization's press office for information about the FBI's methods of obtaining location data from a target's GPS-enabled phone, but received no response. David Sobel was not surprised by my defeat, as his organization, EPIC, has been asking for the exact same clarification for well over a year now. Without a potentially precedent-setting case moving through the federal justice system, however, the Justice Department's silence is at least understandable. You get away with what you can.

If new laws aren't forthcoming, perhaps our location-data guardians will be those twin pillars of federal bureaucracy, the FCC and the FTC. Wireless communications are the former's responsibility, and the FCC's official mission, as set out in the 1934 act that created it, is to protect the "public interest." Yet under Bush-appointed chairman Michael Powell, an avowed fan of laissez faire, the FCC has shown little interest in employing its rule-making powers to take responsibility for protecting the privacy of cellphone users. Last August, the FCC turned down a request from the Cellular Telecommunications Industry Association to draw up location-data privacy rules. (Though it is an industry group, the CTIA believes that federal rules—lenient ones, if it has its way—would convince consumers that LBS isn't as menacing as it sounds.) The commission explained that it did "not wish to artificially constrain the still-developing market for location-based services."

So all hopes rest with the FTC, charged with holding companies to their contractual word. This is exactly the sort of oversight that's required for the libertarian fantasy to come true. If a cellphone carrier is going to one-up its competitors by positioning itself as a stickler for privacy, there need to be consequences if it breaks its pledge. In Connecticut, the Department of Consumer Protection took a step in the direction of punishing privacy violations in February 2002 when it backed a suit against Acme Rent-a-Car for using GPS monitors installed in its autos to fine renters for exceeding the speed limit. The department successfully argued that Acme's contracts were not upfront about this monitoring, and the company discontinued its policy.

Optimistic that the FTC would confirm that, in lieu of federal statutes on the matter, it would take the lead in making sure no one finds out that I enjoy the occasional Taco Bell feast, I called the agency. Staff members seemed mystified at the prospect of scrutinizing a company's location-privacy policy. I started with a gruff Consumer Protection staffer, high in the hierarchy. He was obviously less than pleased to hear from me. "Never dealt with an issue like that . . . I don't have anyone that's readily available to talk to you," he said, before kicking me down to the Office of Public Affairs.

Despite my appeals to speak with an actual lawyer, an FTC spokeswoman rebuffed my every request—and, in true government style, passed the buck. "Talk to the F-C-C," she added, enunciating each letter to emphasize her irritation. Clearly, E911 is not an issue to which the FTC has given much thought.

Back to square one, then: no clear laws, no bureaucratic oversight, a permissive judiciary. Aside from saying "Trust us," industry's response is to push technological safeguards, like GPS phones equipped with "I AM HERE" buttons. If you don't want to be bothered, don't press that button when the handset starts flashing. Trouble is, this doesn't really shut off the GPS chip—the satellites still know where you are. They just won't remind you of that fact.

When it comes to consumer protections, technology simply doesn't have the teeth necessary for the job—especially when the safeguards in question are manufactured by the same folks who'd love to peddle your location data. But until some privacy Waterloo embarrasses the law into catching up, technology is what we're stuck with. The legendary hacker zine Phrack recently published a how-to guide on building a GPS-jamming device. Maybe I'll head to RadioShack this weekend and pick up the parts. And I'll leave the cellphone at home when I go—the only surefire way to opt out.

Brendan I. Koerner, a fellow at the New America Foundation, last wrote for Legal Affairs about dying declarations.

Copyright Family Guardian Fellowship