Sprint, Verizon and AT&T on users' privacy: We aren't the gatekeepers anymore


Consumer privacy has become a hot topic in recent months. From the dust-up surrounding Carrier IQ to Path's storage of users' addresses, there are plenty of examples to highlight in the discussion. Indeed, just last week the New York Times disclosed that the nation's wireless carriers responded last year to 1.3 million requests for subscriber information from law enforcement officials.

As a result, lawmakers and regulators from across the spectrum have responded with investigations into the topic. For example, Al Franken (D-Minn.) grilled Apple (NASDAQ:AAPL) and Google (NASDAQ:GOOG) last year over their respective location-tracking protocols; Rep. Edward Markey (D-Mass.) released a discussion draft of the proposed Mobile Device Privacy Act; and even President Obama stepped in with the Consumer Privacy Bill of Rights.

The FCC recently got into the game by opening a proceeding on how wireless carriers are handling their subscribers' personal information, and how the agency should oversee this area. The FCC already has a stake in the issue thanks to the Telecommunications Act of 1996, which gives the FCC authority over how customer proprietary network information (CPNI) can be used by telecom carriers.

In their responses to the FCC's investigation, the nation's top wireless carriers universally argued: It's a brave new world, and they are no longer the only players in the game.

Summed Sprint Nextel (NYSE:S) in its filing: "Carriers are no longer the gatekeepers or sole enablers of the mobile experience. Many players have a role in a user's mobile experience, from platform providers to device manufacturers to application providers, as well as carriers."

Sprint, along with AT&T Mobility (NYSE:T) and Verizon Wireless (NYSE:VZ), argued that wireless carriers are no longer the sole owners of mobile users' personal information. This comes as no surprise to anyone remotely familiar with how the wireless industry functions: Smartphone platform vendors like Apple (NASDAQ:AAPL) and Google (NASDAQ:GOOG) track users' whereabouts to provide services like highway traffic information, and also offer a range of data-storage options. App vendors like Facebook keep records of users' communications and relationships. And smaller vendors sometimes play key roles in the system: Carrier IQ offers software that records mobile users' every action (with the goal of improving wireless carriers' networks).

"Older feature phones largely hid the OS from the average consumer, with no capability to add apps beyond those allowed by a service provider, but today's smartphones are essentially personal computers (PCs), with voice/cellular capability merely a small part of their overall capability," wrote Verizon in its FCC filing.

Therefore, Sprint, AT&T and Verizon argued that the FCC should not attempt to oversee this area. They argued that the FCC shouldn't impose regulations on wireless carriers dealing with users' privacy since the issue covers so many more companies in the ecosystem.

However, the carriers disagreed on how best to tackle the issue:

"A flexible privacy framework that relies on the development of voluntary codes of conduct with a first layer of self-enforcement by market-based accountability mechanisms, with the backstop of FTC oversight, can best take account of the role that each participant plays in the mobile marketplace," wrote AT&T.

"NTIA initiated an important consultation among a wide array of privacy advocates, academics, industry representatives, and others to begin crafting industry codes of conduct to address privacy issues. This multi-stakeholder approach is designed to help develop industry codes of conduct as part of a privacy framework to govern all relevant players in the Internet ecosystem. NTIA's initiative presents the opportunity to develop a comprehensive approach that will protect consumers while helping promote continued innovation," wrote Verizon.

Not surprisingly, there is a chorus of critics on the other side of the table. For example, the Electronic Privacy Information Center wrote that the FCC should institute a number of requirements on wireless carriers, including that wireless carriers allow their customers to access the data wireless carriers are storing about them.

There's no doubt that the issue of mobile user privacy is going to get bigger before it gets solved. And some in the industry already know that--Sprint CEO Dan Hesse named privacy as the top issue of the year for Sprint during his appearance at the CTIA trade show in New Orleans in May.

Yet it's unclear exactly how the industry will address concerns about users' privacy, whether through their own efforts, through an industry association or through the NTIA or FTC. But my guess is that there will be disagreements and conflict every step of the way. Ultimately, I expect this whole issue will be left up to lawyers, lawsuits and lawmakers to sort out. Actual users, unfortunately, probably won't get any clear guidance on how their personal information will be stored and used, at least for the foreseeable future. +Mike Dano