mobile privacy

Last week, U.S. Customs and Border Protection (“CBP”) released a revised Directive governing searches of electronic devices at the border.  These are the first official revisions CBP has made to its guidelines and procedures for devices since its 2009 Directive.  The new Directive is intended to reflect the evolution of technology over the intervening decade, and CBP’s corresponding need to update its investigative techniques.

Notably (and as in previous CBP Directives), the new Directive does not require officials to obtain a warrant before conducting searches of travelers’ devices—even if the traveler being searched is an American—based on CBP’s position that searches and seizures at the border are exempt from the Fourth Amendment’s “probable cause” requirement.  CBP nevertheless acknowledges that its searches must still meet the Fourth Amendment’s “reasonableness” requirement, which the self-imposed restrictions contained in the Directive are meant to achieve. 
Continue Reading CBP Revises Rules for Border Searches of Electronic Devices

In a speech delivered at the United States Naval Academy on October 10, Deputy Attorney General Rod Rosenstein waded into the public debate between data privacy and law enforcement interests.  As part of a discussion moderated by former Covington cybersecurity attorney Jeff Kosseff, Rosenstein’s remarks discussed cyber issues facing law enforcement with a particular focus on the advent of “warrant-proof” encryption.  In his view, warrant-proof encrypted data and devices are unable to be intercepted or unlocked by law enforcement, even with a court order.

Noting that “[p]rivate sector entities are crucial partners” in the fight against cyber threats, Rosenstein expressed concerns about the role played by tech companies in advancing warrant-proof encryption.  While recognizing the need to balance important privacy interests against law enforcement priorities, Rosenstein argued that “[w]arrant-proof encryption defeats the constitutional balance by elevating privacy above public safety.”  He emphasized the threat posed to public safety when technology developers deprive law enforcement of “crucial investigative tools.”  Rosenstein advocated for “responsible encryption,” recognizing that this approach would not be one-size-fits-all and that solutions would likely look different depending on the company and technology at issue. 
Continue Reading Deputy Attorney General Rod Rosenstein Warns Against Warrant-Proof Encryption

By Lala Qadir

The Supreme Court of Canada recently issued a 4-3 decision that gave the police a green light in conducting warrantless searches of an arrestee’s cell phone as long as the search is directly related to the suspected crime and records are kept.  Over three dissenting judges that characterized mobile phones as “intensely personal and uniquely pervasive sphere of privacy,” the majority held a balance can be struck that “permits searches of cell phones incident to arrest, provided that the search—both what is searched and how it is searched—is strictly incidental to the arrest and that the police keep detailed notes of what has been searched and why.”

Canada’s high court ruling stands in stark contrast to that of the United States.  Earlier this year, the United States Supreme Court heard argument on two cell phone cases—Riley and Wurie—ultimately holding that warrantless searches of cell phones, even when held incident to an arrest, were unconstitutional unless they were subject to specific exceptions to the Fourth Amendment’s warrant requirement.
Continue Reading Canada’s Highest Court Rules That Police Can Search Cell Phone Contents After Arrest

Tomorrow, the Senate Judiciary Subcommittee on Privacy, Technology and the Law will hold a hearing on legislation reintroduced in March by Senator Al Franken (D-MN), the Location Privacy Protection Act of 2014.  The bill would regulate the development, operation, and sale of “stalking apps” and also would require companies

Continue Reading Senate Judiciary Subcommittee To Examine “Stalking Apps”

Yesterday, the FTC announced that it had approved a final order settling charges that HTC America failed to take reasonable steps to secure the software it developed for mobile devices.  (We’ve previously blogged about the case here.)  The FTC alleged that this failure amounted to an “unfair” practice in

Continue Reading HTC America’s Settlement with FTC Becomes Final

Telecommunications carriers and providers of interconnected VoIP service with access to certain kinds of customer information collected through mobile devices are subject to existing privacy rules governing their use and disclosure of that information, the Federal Communications Commission announced in a declaratory ruling adopted at its June 27 meeting.  Significantly, the decision makes clear that third-party applications, device manufacturers and operating system developers are not covered. 

The ruling addresses the scope of the FCC’s rules governing Customer Proprietary Network Information (CPNI). A federal statute — Section 222 of the Communications Act — requires carriers “to protect the confidentiality of proprietary information” relating to customers, which is defined as information in customers’ bills and other information “that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship.” This includes information about numbers dialed and received, the length and frequency of calls, and the locations where calls are made.Continue Reading FCC: Customer Data Carriers Obtain Through Mobile Devices Subject to Existing Privacy Rules

The Federal Communications Commission is scheduled to vote this month on a declaratory ruling stating that existing rules governing telephone carriers’ use of subscribers’ personal information also apply to data collected on mobile devices.

Existing regulations restrict telecommunications carriers’ ability to use or disclose Customer Proprietary Network Information (CPNI) that a carrier obtains in the course of providing service to the customer. CPNI includes information such as the locations where calls are made, the numbers called, the length of calls, and other information contained in a customer’s bill.Continue Reading FCC to Consider Ruling on Carriers’ Use of Data Collected on Mobile Devices

Today, the Federal Trade Commission released the agenda and panelists for the public forum it is holding on mobile security, Mobile Security: Potential Threats and Solutions, on June 4, 2013.  The forum will bring together technology researchers, industry members, and academics to explore mobile malware, the security of existing

Continue Reading FTC Announces Information about Upcoming Mobile Security Forum

On March 27, 2013, the Federal Reserve released a report on consumers’ use of mobile banking and mobile payments.  The report follows a similar report issued by the Federal Reserve last year.  The report found that use of mobile banking has increased significantly in the past year while use of mobile payments has increased as well. 

As of November 2012, 28 percent of all mobile phone users (compared to 21 percent in December 2011) and 48 percent of smartphone users (compared to 42 percent in December 2011) had used mobile banking in the past 12 months.  The recent report found that 15 percent of all smartphone users have made a payment from their phone in the past 12 months, compared to 12 percent of users from the prior report.  In addition, the use of mobile phones to deposit checks has doubled in the past year, rising from approximately 10 percent to 21 percent.      

The most common uses of mobile banking are to check account balances or recent transactions (87 percent of users) and to transfer money between accounts (53 percent of users).  The most common use of mobile payments is to make online bill payments (42 percent of users).  Six percent of all smartphone users have made a point-of-sale payment using their phone in the past 12 months, which represents a sizable increase from the one percent of users in December 2011. 

Continue Reading Federal Reserve Releases Report of Mobile Banking and Mobile Payments Use

By Dan Cooper and Philippe Bradley

This week the Article 29 Working Party released its Opinion 2/2013 on apps on smart devices (WP 202), a 30-page report on mobile app privacy and data protection considerations. This development follows on the Working Party’s Statement on the draft General Data Protection Regulation on 27 February 2013 (which we previously discussed here). 

The report sets out several sets of prescriptive, but non-binding, recommendations that target app developers, app stores, OS and device manufacturers, and other third party participants in app ecosystems, such as advertisers and network operators that bundle apps with devices. 

This short post sets out a summary of some of the report’s less conventional prescriptions and recommendations, which could present participants in the European digital/mobile ecosystem with significant compliance challenges.Continue Reading EU Data Protection Working Party Sets Out App Privacy Recommendations