US Representative Edward Markey has released a draft of the new "Mobile Device Privacy Act." The proposed legislation emerged in the wake of the Carrier IQ scandal in which data from mobile handsets were being transmitted to mobile operators without users' knowledge or consent.
The MDPA would require disclosure of any device monitoring by carriers, OEMs or app developers. It would also require the information collected to be identified and consumer consent to be obtained. According to a missive put out by Markey's office:
[The Mobile Device Privacy Act] would require companies to disclose to consumers the capability to monitor telephone usage, as well as require express consent of the consumer prior to monitoring. News broke last month that Carrier IQ software installed on millions of smart phones and mobile devices can track every keystroke of users and send the information back to the software company without user knowledge or permission.
Here are the rules, requirements and enforcement provisions contained in the act in broad strokes:
Carriers and others in the industry are likely to cry foul over "new government regulation." However, almost without exception -- Verizon claimed it never used the monitoring software -- US carriers and OEMs used Carrier IQ on their handsets without making any disclosures to consumers.
As with GPS-based tracking and monitoring the law is struggling to keep up with the pace of technology and cultural change in its wake.