CTIA: FCC Has No Roving Mandate to Protect Info Stored on Mobile Devices


The Federal Communications Commission may not have applied non-discrimination rules to wireless broadband, but carriers don't want the agency to start using the issue of wireless privacy to regulate the management of their networks.

In comments to the FCC Friday, CTIA: The Wireless Association said that "the Commission lacks statutory authority to regulate carriers' use of tools to diagnose and troubleshoot network problems in order to improve the provision of service to subscribers."

CTIA made it clear it wanted the FCC to steer clear of that space.

And while the FCC does regulate the use and protection of CPNI (customer proprietary network information) on both cable and phone networks, which is defined as "information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service," data storage on mobile devices does not fit in that category.

"The FCC does not have a 'roving mandate' to safeguard the privacy of text messages, pictures or emails on wireless devices, says CTIA. Instead, the group points to the Obama Administration's proposed voluntary privacy Bill of Rights as a better way to address the issue through industry action.

Last week, the Commerce Department's National Telecommunications and Information Administration hosted its first stakeholder meeting enforcing that bill of rights, with a representative of CTIA member AT&T weighing in to pitch self-regulation.

"NTIA is already considering these privacy issues as part of a broader, ongoing multi-stakeholder process that involves the wireless industry," said CTIA in its comments, referencing that stakeholder meeting. "The Commission should not attempt to get out ahead of this process."

The FCC in May sought comment on how and whether it should protect the privacy and security of info stored on mobile devices, which, with the addition of tablets, have morphed from cellphones into the primary vehicle for accessing the Internet.

"The devices consumers use to access mobile wireless networks have become more sophisticated and powerful, and their expanded capabilities have at times been used by wireless providers to collect information about particular customers' use of the network -- sometimes, it appears, without informing the customer," the FCC said in seeking comment. "Service providers' collection and use of this information may be a legitimate and effective way to improve the quality of wireless services. At the same time, the collection, transmission, and storage of this customer-specific network information raise new privacy and security concerns."

That notice came after numerous stories Google and Facebook and others collecting and/or sharing info, as well as apps that track and collect without the users' knowledge.

But CTIA points out that the issues have been with websites and third-party info collectors rather than carriers.

"Due to the openness of the Internet, today's privacy risks originate from the acts and omissions of entities independent of the carrier-customer relationship. Indeed, consumers use a variety of applications and other third-party software to store personal data on their mobile devices, providing many other players in the wireless ecosystem with the ability to access this information," said CTIA. "Wireless carriers have no control over these third parties and are unable to restrict their access to consumer information residing on a mobile device."