My GettingLost Blog
Do You Value Your Privacy? Wireless Carriers Don’t

Nokia Map

Apparently, wireless carriers don’t care about your privacy.  California has proposed a law (Senate Bill 1434) that will require government entities, such as law enforcement, to obtain a search warrant before being provided location and other information from your wireless phone. In other words, as to a very basic and simple example, if the police wanted to know where your phone is, they would have to present a warrant that contains “probable cause” (more likely than not) evidence to a Magistrate as to why they want the location of your phone. If the Magistrate agrees, the warrant gets issued. If not, no warrant. To a certain extent, your rights have been protected as the police are not allowed to go straight to a wireless carrier and obtain whatever they want.

Guess who is against the proposed law? That’s right, the wireless carriers. The CTIA – an international trade association for the wireless telecommunications industry representing wireless carriers – has sent a letter to the California Senator who proposed the bill advising that they oppose the proposed law. The reason stated in the letter as to why the CTIA is opposed to the proposed law is that they believe that the law might “create confusion for wireless providers and hamper their response to legitimate law enforcement investigations.” The CTIA also stated that the “definitions within SB 1434 are so overly broadly that they could create confusion for wireless providers attempting to respond to legitimate law enforcement requests.” The CTIA specifically mentions the definition of “location information” in their letter. Well, let’s just see how confusing the definition really is:

(d) “Location information” means information, concerning the location of an electronic device that, in whole or in part, is generated, derived from, or obtained by the operation of an electronic device.

Just in case the CTIA was confused and meant “location information service,” let’s look at that definition as well:

(e) “Location information service” means the provision of a global positioning service or other mapping, locational, or directional information service.

Nope, both look pretty straightforward to me. Maybe they are confused as to what an electronic device is. Let’s take a look at that definition:

(b) “Electronic device” means a device that enables access to, or use of, an electronic communication service, remote computing service, or location information service.

Again, it seems pretty straightforward to me. If the definitions are not confusing, then that leaves two possible conclusions: either they do not care about your privacy or they do not want the current way of how they conduct business to change. Or, maybe it is both? Or, could the answer lie within the other part of the proposed law?

The second part of the proposed law would require the wireless carriers to compile annual reports that basically provide the number of federal and state warrants requesting location services and the total number of disclosures made by the wireless providers. As to this information, the wireless carriers would also have to provide more detailed information such as the number of times they disclosed information (not limited to warrant requests), the number of times they did not disclose any information, the number of times they contested releasing the information, and the number of users whose location information was disclosed. Here is the kicker: the annual reports must be made available to the public on the Internet in a searchable format on or before March 1st of each year. The CTIA claims that this requirement would be “onerous and costly.” They further claim that it is “unclear what useful purpose such reports would serve that if the wireless carriers are forced to provide this information.” Really? Sorry, but I beg to differ. The CTIA knows exactly what purpose this information would serve if they were forced to release it. It is called being accountable to your customers. Let me explain.

If there is not a law that requires a warrant, the police can basically fill out a form from the wireless carrier and obtain your “location information” for no other reason other than they want it. With this information, they can track where you have been, whom you have called, and who has called you. They can obtain this information without you ever knowing. Now throw in the requirement of having to obtain a warrant. The police have to have probable cause and a Magistrate agree that the probable cause is sufficient and justified. Despite whether you ever find out if a warrant was issued, at least there is a layer of protection to your privacy. It is not perfect, but it is a step in the right direction.

As to how this relates to the CTIA, let me ask you this question: if the wireless carriers had to disclose how many times they released their customers “location information,” do you think they would do it as often and without a warrant? It is called accountability. And right now, under the current system as to this information, there is no accountability with the wireless carriers.

It is time to put an end to governmental intrusion into our private information without obtaining a warrant. It is time to hold the wireless carriers accountable for their actions as to our private information. Requiring warrants has to become standard, not only in California, but in every state. Requiring wireless carriers to disclose how often they have released their customers “location information” also has to become standard practice. This is not just a California issue. This is an issue for every state and every individual who owns a wireless device. If you value your privacy, get involved! It is obvious that the wireless carriers could care less.

Brief Overview of the Class-Action Lawsuits Filed Against Carrier iQ

 Two class-action lawsuits have now been filed against Carrier iQ.  This should not come as a surprise to anyone who has been following the ongoing saga regarding the rootkit that has been installed on more than one million smartphones.  One lawsuit was filed in California on behalf of four smartphone users with HTC and Samsung devices and accuses Carrier iQ, HTC, Samsung, and the wireless carrier of violating the Federal Wiretap Act, which prohibits the unauthorized interception or illegal use of electronic communications and California’s Unfair Business Practice Act.

The other lawsuit was filed in Federal Court in the Eastern District of Missouri seeking in excess of five million dollars on behalf of all U.S. residents who had smartphones containing Carrier iQ software. The lawsuit names Carrier iQ and HTC as defendants alleging that both companies violated the Federal Wiretap Act.   HTC was quick to respond stating that even though Carrier iQ is required on devices by a number of U.S. carriers, “HTC is not a customer or partner of Carrier iQ and does not receive data from the application, the company, or carriers that partner with Carrier iQ.”  Read what the lawsuits are about after the break.
So, now that class-action lawsuits have been filed, what exactly is going on?

We all have read the articles and have a basic understanding of what Carrier iQ, the smartphone manufactures, and wireless carriers are being accused of.  But, now that lawsuits have been filed, what does that mean to the smartphone user?  Hopefully the following brief overview will answer that question.

The following is a brief overview of the pending litigation regarding the allegations against Carrier iQ, smartphone manufactures, and wireless carriers.  It is not meant nor intended to be an all-inclusive explanation of the legal process and/or pending litigation.  Furthermore, the information provided in this article is not, nor is it intended to be, legal advice.  You should consult an attorney for individual advice regarding your own situation.

In its simplest form as it pertains to the topic at hand, a class action is a civil court procedure under which one party, or a group of parties, who are similarly situated, may sue as representatives of a larger class. There are certain criteria that the class must meet which you can read here. Once those prerequisites have been established, the class should be certified and then allowed to proceed forward with their lawsuit. Once the class is certified, members of the class must be given notice and the opportunity to opt-out of the lawsuit.  Only the members who opt-in and become a member of the class will be bound by the judgment rendered in the lawsuit. In Federal Court, the amount in controversy must exceed five million dollars.  A perfect example is the lawsuit that was filed in Missouri.  The attorneys who filed the lawsuit limited the class to those who own a HTC smartphone that has Carrier iQ’s rootkit on the device.  If you are a U.S. resident and own a HTC smartphone that has Carrier iQ’s rootkit on it, then you are a potential class member of the lawsuit. In regards to the California lawsuit, if you are a California resident and own a HTC or Samsung smartphone that has Carrier iQ’s rootkit on it, then you are a potential class member of that lawsuit.

Basically, the lawsuit filed in the Eastern District Federal Court of Missouri is alleging that Carrier iQ embedded a rootkit on HTC’s smartphones that logs and transmits in real time the location of the phone and everything that you do on the phone to Carrier iQ, HTC, and/or the wireless carrier which violates Federal Wiretap Act.  (The lawsuit specifically names AT&T and Sprint, but did not list them as defendants) The lawsuit further alleges that this is being done without the user’s permission.

In addition to proving the allegations that data is being transmitted, the class is also going to have to prove that what the defendants transmitted is a violation of the Federal Wiretap Act.  Proving that Carrier iQ’s rootkit is logging and transmitting data is actually the easy part.  In fact, it appears thatTrevor Eckhart has already proved it.  Still yet, experts will need to be retained and numerous experiments will have to be performed to establish that the rootkit is doing what is being alleged.  The next step is the difficult step: if Carrier iQ’s rootkit is indeed logging and transmitting in real time the location of the phone and everything that is being done on the phone without the owner’s permission, does it violate the Federal Wiretap Act?  That leads us to the next question:

Act, as
 system…” (18 U.S.C. § 2510 et. seq. – you can read the full act here) Clearly, a smartphone transmits electronic communications that is protected by the Federal Wiretap Act.

In regards to the lawsuit, the class is alleging that Carrier iQ and HTC violated several sections of the Federal Wiretap Act.  Specifically, they are alleging that Carrier iQ and HTC , “…intentionally disclosed, or endeavored to disclose, to other person the contents of wire, oral, or electronic communications, which were intercepted” by Carrier iQ and HTC without the consent of the user.

There are two exceptions that allow disclosure of the data collected.  The first exception states that:

“[I]t shall not be unlawful under this chapter for an…electronic communication service, whose facilities are used in the transmission of a[n]…electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights and property of the provider of the service.” 
(18 U.S.C. § 2511)

In other words, what is anticipated that HTC will argue, is that they used Carrier iQ to obtain data to “protect the right and property” of the service that they were providing.

The second exception is for disclosure with the consent of one of the parties.  Yep, you guessed it; HTC and the wireless carrier will testify that they consented.

Still yet, even without them consenting, do you remember that very long and very small print contract you did not read before signing when you purchased your smartphone?  By signing it, you consented.  You might want to go back and read your contract.  An AT&T contract states that they may obtain data from your phone to be “used for a variety of purposes such as scientific and marketing research and services such as vehicle traffic volume monitoring.” The contract also states that in regards to data collected,  “your personal information has been removed or obscured.”

That question really is the heart of the lawsuit.  What, exactly, are your damages?  Did Carrier iQ and HTC violate your privacy?  If so, what harm came to you? If you are able to prove that you were harmed, what is a reasonable compensation?  According to the attorneys that filed the lawsuit, reasonable damages include the following per the Federal Wiretap Act:

“In an action under this section, appropriate relief includes — … (2) damages under subsection (c) and punitive damages in appropriate cases; and (3) a reasonable attorney’s fee and other litigation costs reasonably incurred … [T]he court may assess as damages whichever is the greater of – (A) the sum of the actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation; or (B) statutory damages of whichever is the greater of $100 a day for each violation or $10,000.”

The key word that stands out is that the court “may” assess damages.  As stated above, among other things, the class is going to have to prove that they were actually harmed by Carrier iQ and HTC violating the Federal Wiretap Act.  This will be a difficult task.  Even though Trevor Eckhart has demonstrated that the data us being transmitted, per the AT&T contract, there has not been any evidence that your personal information has not been removed or obscured. If they are not able to prove damages, there really is no point in filing a class-action lawsuit.

It is anticipated that this matter will not be resolved any time soon and that several more lawsuits will be filed that will include other smartphone manufactures.  In the short term, hopefully the smartphone manufactures will stop logging and transmitting every keystroke from your phone.  Tell us what you think of the lawsuits in the comments below.

Why Sprint and T-Mobile Will Not Get The iPhone 5

iPhone 4

First, let’s get the name straight - is it going to be the iPhone 4S or is it going to be the iPhone 5?  Honestly, does the name of the next iPhone really matter?  Isn’t the only thing that really matters is that Apple is coming out with a new iPhone?  I thought so. Well, I guess for me anyways.  With Apple having a refresh every year since the iPhone was introduced, the only concern for me is when will the iPhone will be coming out and what upgrades will it have. According to all of the rumors, part of this question has been answered - sometime in September.  So, for me, I could care less what the name will be, just as long as Apple keeps improving the iPhone and the iOS every year.

Now, on to the point of this post:  Neither Sprint nor T-Mobile will be getting the iPhone.  Why?  There are basically two very common sense reasons why:

Everyone is well aware of the quality of product that Apple delivers to the consumer.  They are second to none and hence the reason we pay the price we do for Apple products.  As much as Apple is interested in dominating and controlling the market, they have no interest in flooding the market.  It really is as simple as supply and demand.  When the original iPhone came out, it was available at the Apple Store and AT&T.  As the years have progressed, Apple has tested the market in an effort not to flood the market.  They slowly added Best Buy and Wal-Mart.  (For the iPad 2, Apple added Target to the list) And just recently, they added Verizon.  They want to control the supply in order to keep the demand high.  Adding another carrier might flood the market which is what Apple is trying to prevent.  (Can anyone say Android?)  As high in demand that the iPhone is, If Apple really wanted to, they could easily flood the market and have every carrier in the world selling the iPhone.  Of course, this would kill the demand and with the iPhone being on so many carriers, it would cause a fragmentation that would threaten the very existence of the iOS platform. (Again, can anyone say Android) Remember, Apple want to dominate and control the market, not flood it.  As to the mobile phone market, this is something that Google is finally figuring out.

This leads to the second reason: Apple just added Verizon and they did it during a non-refresh period (and there is also this little known device called the iPad2).  As stated above, the demand for the iPhone is high. Apple had to redesign (somewhat) the iPhone 4 in order for it to work on the Verizon network.  I just don’t see Apple doing this again in such a short period of time for Sprint.  Furthermore, please, remind me, how long did it take to add Verizon?  If you ask the Verizon people, forever.  Even though it appears that Apple has pushed the next iPhone to September, unless Apple has been in talks with Sprint for an extended period of time (and if they have, I think it would have been reported by now) I just don’t see Apple adding a third carrier in such a short time period.  Not to mention that by adding Sprint, they not only have to add a third iPhone, they have to add a third iPad 2. (see fragmentation above) I just don’t see that happening.  Not this year anyway.

No, I have not forgotten about T-Mobile.  With AT&T making a bid to buy T-Mobile and the Justice Department looking into the impact that the purchase might have on the market and with the competition (especially if the reports are true that it might take a year for the investigation), there is no way Apple is even going to entertain the idea of adding T-Mobile.  This is a no brainer and I am surprised that the T-Mobile rumor is still circulating.  

Sorry Sprint and T-Mobile customers, I just don’t see you getting the iPhone this year unless Apple starts selling an “unlocked” iPhone.  Now, this is possible as Apple has already set the precedent by selling “unlocked” iPhones in other countries.  But, other than that, sorry.