Slashdot Mirror
Preventing Another Carrier IQ: Introducing the Mobile Device Privacy Act
MrSeb writes "Lawmakers in Washington have turned their sights on mobile device tracking, proposing legislation aimed at making it much harder for companies to track you without consent. The Mobile Device Privacy Act (PDF) makes it illegal for companies to monitor device users without their expressed consent. The bill was introduced Thursday by Massachusetts Democrat Representative Edward Markey, co-Chair of the Bi-Partisan Congressional Privacy Caucus. Much of the impetus for the bill came from last year's Carrier IQ debacle, where it emerged that the company's software was found to exist on both iOS and Android devices on AT&T and Sprint's networks. While the company denied any wrongdoing, the software captured keystrokes and sent the details of your device usage back to the carriers. If passed, the legislation would require the disclosure of including tracking software at the time of the purchase of the phone, or during ownership if a software update or app would add such software to the device, and the consumer gains the right to refuse to be tracked. This disclosure must include what types of information is collected, who it is transmitted to, and how it will be used."
I have an iPhone 3GS on AT&T. How do I check if Carrier IQ is on it? Did that program show up "randomly" or only on new phones after a certain date?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
They'll just put the required consent in the Terms of Service. Problem solved.
How about the ability to opt out instead? Telling me about it is a start, but it does not get rid of the problem.
Come on - it's an election year. Of course they are going to propose
anything for a re-election/election.
Is anybody stupid enough to belive anything like this will pass?
Oh - wait, this is the /. community, sorry.
All this will due is put some disclosure into EULA's, certainly buried way toward the back in small print, because everyone knows that users read EULA's before giving their consent, right? But the cat is out of the bag, and this won't cause vendors to stop trying to collect or sell your data. Android is already pretty good at this, by giving users a pretty detailed list of what information an app has access to at the time the app is installed. I've been alarmed at the number of apps that want permission to access information that they really don't need. I've also been alarmed at apps that want your Facebook login. I won't use apps like that, but I think I'm unique among users. Maybe I missed it, but I have not seen any kind of widespread user revolt against this kind of thing, just articles here and there vaguely implying misbehavior (like CarrierIQ). I haven't seen any comments on in the Android app store saying "you don't need that permission". The users don't care, so we're going to be railroaded out of the info no matter what we do, because someone else finds it profitable.
1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
I haven't read the bill, but I can confidently state:
* it will create regulations that provide an appearance of privacy but not an actual "expectation of privacy"
* it will not restrict any law enforcement investigations' abilities to spy without warrants or other oversight
Thus pacifying the people who started to get riled before they can move for real change.
Likely, but not certain:
* it will actually expand law enforcement powers by making explicit what they've claimed implicitly, preventing any court but SCOTUS from slapping them down.
* it will contain so many loopholes on "mere" commercial spying as to stop nothing.
I just noticed in my EULA that I have renounced my citizenship and rights as a US citizen.
stop using cell phones. they are just trackng devices. otherwise, just turn on the camera and show your penis and/or vagina to everyone!
Also, before you know it, we will all have cancer, and if you take advice from my previous sentence.. you will have genital cancer!
So if you dont want your genital(s) to fall off, you should stay clear from cell phones, aka tracking devices, aka penis and/or vagina cameras.
As much as I - as one of the Android world's major fighters of CIQ - and the rest of /. may like this, we all know it's not going anywhere. Regulatory capture, anyone?
"Representative" in that context is a title, like "Sir" or "Lord". It's part of the proper name; the grammar was fine (in that sentence, anyway).
Everything is better with chainsaws.
I love how the government is trumpeting the fact that they're doing this, because they're all upset that THEY should be the only ones allowed to track people.
A legal solution is fine, but it isn't sufficient by itself. It's like trying to legalize that I don't receive spam. Well, the law can't really do that (it's tried). I can only do that myself, by being careful with who I give my email to.
So this seems like the same idea. Such a law doesn't hurt, but it isn't enough, by itself. What's needed is a technical infrastructure where the people who buy mobile products fully control them, from the hardware on up, rather than some phone carrier controlling them. Then I can blow away whatever crapware comes with the device by installing my own operating system and only running software I trust.
As long as the device is secured against the people who buy them, there can be no trust that we have any privacy.
If they wanted to pass a better law, they'd have passed one like that: carriers cannot secure phones against who buys the phones.
Just having to disclose that what you track from the customer is not good enough. The ability to opt out must be mandatory.
I've said it once, and I'll say it again: carriers have no busyness selling mobile phones, they need to be separate things, to avoid vendor-lock in, and plenty of other issues.
I'm still surprised how many people in the US seem to buy their phones from their carriers really. Phones need to be sold in closed boxes on default factory settings, and sold by phone-selling companies. Otherwise, there's a severe conflict of interests.
Imagine if PCs were sold by ISPs, and TVs by cable-companies!
First and Foremost needs to be the mention of such privacy-violating software in the EULA/ToS of the agreement. Screw all the other parts. Make this paramount.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I love our new Congress: Nothing is illegal, as long as its documented.
#fuckbeta #iamslashdot #dicemustdie
On the iPhone CarrierIQ did not do most of the stuff the Android version did - no key logging for example.
Apple got rid of CarrierIQ with iOS5 updates anyway.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I think I'm unique among users.
Unqiue? Heh, and I've been called egotistical. Better to refer to yourself as a distinct minority.
Those permissions aren't always a Hobson's Choice. Root your device, install CyanogenMod 7.1 or later, and issue line-item veto on those apps' egregious permissions (ha! no "Read Phone State and Identity" for you!). Some apps deal well with being neutered, others crash. I view it as at least giving the app a chance to work; I would never have installed it if I were forced to accept those permissions, so no great loss if it won't work with revoked permissions.
If you're really paranoid, like I am, you'll also block network access for apps that don't require it, via DroidWall.
Despite what the article says.
Apple does not allow carriers to install software on their phones period.
They can offer apps, but those apps are no different (in capability) than anyone else's apps. And they cannot hide on there.
Disclosure is pointless. Firstly, it doesn't prevent the carrier from installing spyware on your device. Secondly, it's often worded in a way which leaves the customer clueless:
"..In agreeing to these terms, you authorize
Sprint to collect the necessary data needed to improve
and maintain equipment, networks, and customer service.
At no time will Sprint share this information with unaffiliated
third-parties, or individuals"
People just "meh" at shit like this and click through it. The lawyers know it too. I say, If you're going to raise hell about CarrierIQ, make a policy that requires the individual to Opt-in.
Join the Slashcott! Feb 10 thru Feb 17!
Carriers will merely put this into their TOS or other contacts with fine print that a lot people don't read but sign anyways. Mandate a specific title and format of the text so people actually notice it before they just agree. Better yet, mandate it a yes or no question on the agreement. It'd be no different than the customer improvement prompt you get for certain software to know how you use it.
Go Nexus and roll your own from AOSP. You've got all the source.
If the carrier can not capture keystrokes. How would it know that you want to make a phone call or what the text should say or what website to display? Sometimes I wonder about privacy freaks... Maybe I shouldn't do that.... They might pass a thought law.... Never mind...
You think they're going to pass this? Bwahahaha.
this is about the carrier getting a full keystroke log from your phone
so if you typed something decided it was stupid edited it to something sane THE CARRIER WOULD GET BOTH VERSIONS
so lets say you decided to text somebody half drunk after knocking over a convenience store. you decide to NOT tell the world that you just hit %store% but decided to say something else. The Police could get the Evidence version.
Any person using FTFY or editing my postings agrees to a US$50.00 charge
legislation would require the disclosure of including tracking software
Translation: By the way, you're a commodity to be sold by us to the government and other interested parties.
It's why data-tracking won't be banned completely. The sheeple just want, and get this stuff for free; admitting the hidden costs won't change their behaviour.
At least it is on my phone.
And it's on on my phone, you are asked about it when you configure the phone first time.
This is not Carrier IQ. It is not installed by the carrier at all, it's from Apple.
Of course, if you are just worried about usage data in general and not just Carrier IQ, then be sure to turn it off.
And unless that code is Free as in Freedom, expect laws in the meat-space world to always afford data-miners a loophole.
https://archive.org/details/EbenMoglen-HowToRetrofitTheFirstLawOfRoboticshope92012
https://archive.org/details/TheComingCivilWarOverGeneral-purposeComputing
Depending on how it's written, it will either be completely nullified while it's made to having workarounds created by the time it's implemented.
One, forcing waivers in a EULA acceptance/update in order to use/keep service. Two, include generalized language in those warnings that include all possibilities without giving any details. Three, many simply won't care. Four, lobbying will get changes to allow those loopholes. Four, the government will grant itself an exemption and the companies will piggyback on it.
Make "thou shalt not snoop" the law of the land, with narrow exceptions that require prior consent (for cases other than self-defense), imposing jailtime and fines on all who infringe upon anyone's privacy.
Be careful of new laws: "No company can track you, but the government can do whatever it wants."
They're perfectly content to let you rage on about the pseudo-evil of corporations while Sauron bides his time.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.