New Partnership Raises Privacy Concerns

POSTED BY Kayla Morency

On February 19, 2014, Facebook publicly announced that it was acquiring one of the world’s most popular and fastest growing mobile phone messaging applications, WhatsApp, for an astounding $19 billion in cash and stock. In particular, the app is widely known around the globe due in part to its easy accessibility and user-friendly capabilities but also in part to its consumer base of 450 million that is gaining about one million users every day. As a result, Facebook formed the partnership with the fairly new startup in order to boost its popularity among the younger crowd.

The application’s unique capabilities help explain why the company is attractive to a younger audience, thus contributing to its enormous success. In particular, WhatsApp serves as a cross-platform mobile messaging app, so that its customers can send and receive free SMS and MMS text messages from several different types of phones, including the iPhone, Android, Blackberry, Windows Phone, and Nokia. These messages are sent using the phone’s existing data plan for web browsing and email, so there is no additional cost to the user, aside from the nominal membership fee. Furthermore, the app also enables users to create groups, so that multiple friends can communicate at once while sending unlimited pictures, audio, and video messages. These features motivated Facebook to enter into a partnership with the startup in order to become the leader in the market for messaging and to attract younger users of social media.

However, in the immediate aftermath of Facebook’s press release, WhatsApp’s users expressed serious concerns that their personal data would be shared with advertisers. As a result, WhatsApp stated on its blog that it had no intention of changing any of its business practices in light of Facebook’s acquisition. Moreover, WhatsApp insisted that the company would remain autonomous and operate independently, so that users could still enjoy their services for its nominal 99-cent yearly fee. However, even after CEO Jan Koum’s promises, users remain skeptical and believe that after a while advertisements will interrupt their mobile messaging.

Aside from this is the concern of many federal and governmental institutions, which are considering the merger in light of worldwide data regulation and restrictions. For example, Schleswig-Holstein’s data protector commissioner, Thilo Weichert, acknowledged that German data protection laws strictly regulate the possibility of merging WhatsApp user data with Facebook user data. In particular, the Telemedia Act and the Federal Data Protection Act both purport that data stored for one purpose cannot be used for another; however, no similar restrictions exist in the United States. Weichert also expressed fear that the merger of personal information would be exploited for advertising purposes, which is the same concern for consumers. Weichert’s expert opinion suggested that these users are rightfully concerned seeing as though many of them moved away from Facebook in favor of a more privacy-friendly alternative, such as WhatsApp.

Despite CEO Jan Koum’s and Facebook’s repeated assurances that WhatsApp would operate independently and honor its current privacy and security policies, it is still too early to gauge the implications of this deal. Since a significant amount of WhatsApp users are located in Europe, there is likely going to be more detailed investigations by the European authorities, including Germany. However, CEO Jan Koum was quick to remind the public that WhatsApp’s respect for privacy is considered tantamount to the company and that the company was predicated on the idea that users need to share very little personal data. For example, information such as the user’s name, email address, birthday, place of employment, etc. is not collected or stored by WhatsApp, and the company adamantly stated that it has no plans to change their mode of operations in the future. Furthermore, in support of Koum’s assurances, the company recently added a new privacy option that allows users to limit the visibility of their information from being seen by the public.

Although many individuals and governmental officials have expressed their concerns about Facebook’s acquisition of WhatsApp, the strategy seems logical considering that WhatsApp’s popularity is driven by its unobtrusiveness in its users’ lives. As a result, consumers appreciate the minimal fee in exchange for the comforting reminder that the company is not earning its money by exploiting its users’ personal information. Even though there is no guarantee that WhatsApp will maintain its identity, Facebook’s Mark Zuckerberg acknowledged that it is the app’s unique features and attributes that Facebook hopes to capitalize on, rather than alter, in order to retain its position as a social media and messaging mogul.

 

Advertisements

State and Federal Lawmakers Propose Bills in Hopes of Suppressing Theft of Mobile Devices

POSTED BY Caroline Carollo

Smartphone theft is a major problem in the United States, and the number of smartphone-related robberies has significantly increased over the past couple of years.  These thefts make up between 30 to 40 percent of all robberies across the country.  In 2012, approximately 1.6 Americans were victims of smartphone theft, and consumers in the U.S. spent more than $30 billion in recovering cell phones.  In San Francisco, California, cell phone thefts make up 66 percent of all robberies, and in Oakland, California, that number increases to over 75 percent.

In an effort to curb smartphone theft, as well as the violence that often accompanies these robberies, several lawmakers around the country have come together to promote the Secure Our Smartphone initiative to urge phone carriers to include a “kill switch” in their devices.  On February 7, 2014, California State Senator Mark Leno and San Francisco District Attorney George Gascon took this initiative a step further and introduced a bill (Senate Bill 962) that would require the inclusion of a “kill switch” in phones sold in the state.  If the bill is passed, any phone sold after January 1, 2015 would require the security feature, which would prevent the phone from operating if stolen.  Although the phone’s owner would not be required to keep the security feature, the purpose of the bill is to guarantee that the feature is preloaded on the phone.  The user would then have the option to disable the feature and opt-out of the system.  The prediction is that thieves will be deterred from stealing smartphones, knowing that such a security device is in place.

One week after California Senate Bill 962 was proposed, federal lawmakers put forward a similar bill.  On February 13, U.S. senators introduced national legislation to require a method of disabling smartphones remotely.  Like the California bill, the goal of this proposed bill is to deter theft and protect consumers.

Nevertheless, the proposed legislation is facing resistance from the phone carriers.  Several U.S. carriers have already stated they would not support such a feature, including AT&T, Verizon, Sprint, T-Mobile, and US Cellular.  The wireless industry has voiced concerns over the possibility of increasing the chance of hacking if the antitheft technology is required.  The CTIA, a telecom industry group, discussed how the technical details involved in the remote transmission of a “kill message” would be broadly known among mobile operators.  Consequently, it would be difficult to prevent hackers from remotely sending those kill messages and shutting down customers’ phones permanently.  The problem becomes even more serious when imagining hackers disabling an entire group of customers, such as the Department of Defense or law enforcement.  There are also concerns over unintended consequences.  For example, a permanent kill switch could have unintended consequences for customers who eventually find their lost phones.

Proponents of the proposed antitheft security feature believe the resistance coming from mobile carriers is largely motivated by money, and that carriers are prioritizing profit over safety.  It seems likely that business relationships, such as with insurance companies, play a role in carriers’ opposition for such a bill.  Indeed, mobile carriers make billions every year from selling theft insurance to their customers.

While I agree with the sentiment that steps need to be taken to reduce the number of cell phone thefts, I am not completely convinced that a kill switch is the answer.  While it appears that it could be an effective solution in theory, I do worry about the possibility of hacking and of unintended consequences.  Individuals need to be more aware of their surroundings and should resist the urge to take out their phones in public.  While maybe not the strongest deterrent, I do find that the “Find my Phone” application that users can download on their iPhones serves as a deterrent nonetheless, and more people should consider downloading this feature.  Ultimately, I believe more research should be done on how kill switch technology will operate, and how to fix the inevitable glitches, before implementing such a feature.

Smartphone theft is a major problem in the United States, and the number of smartphone-related robberies has significantly increased over the past couple of years.  These thefts make up between 30 to 40 percent of all robberies across the country.  In 2012, approximately 1.6 Americans were victims of smartphone theft, and consumers in the U.S. spent more than $30 billion in recovering cell phones.  In San Francisco, California, cell phone thefts make up 66 percent of all robberies, and in Oakland, California, that number increases to over 75 percent.

In an effort to curb smartphone theft, as well as the violence that often accompanies these robberies, several lawmakers around the country have come together to promote the Secure Our Smartphone initiative to urge phone carriers to include a “kill switch” in their devices.  On February 7, 2014, California State Senator Mark Leno and San Francisco District Attorney George Gascon took this initiative a step further and introduced a bill (Senate Bill 962) that would require the inclusion of a “kill switch” in phones sold in the state.  If the bill is passed, any phone sold after January 1, 2015 would require the security feature, which would prevent the phone from operating if stolen.  Although the phone’s owner would not be required to keep the security feature, the purpose of the bill is to guarantee that the feature is preloaded on the phone.  The user would then have the option to disable the feature and opt-out of the system.  The prediction is that thieves will be deterred from stealing smartphones, knowing that such a security device is in place.

One week after California Senate Bill 962 was proposed, federal lawmakers put forward a similar bill.  On February 13, U.S. senators introduced national legislation to require a method of disabling smartphones remotely.  Like the California bill, the goal of this proposed bill is to deter theft and protect consumers.

Nevertheless, the proposed legislation is facing resistance from the phone carriers.  Several U.S. carriers have already stated they would not support such a feature, including AT&T, Verizon, Sprint, T-Mobile, and US Cellular.  The wireless industry has voiced concerns over the possibility of increasing the chance of hacking if the antitheft technology is required.  The CTIA, a telecom industry group, discussed how the technical details involved in the remote transmission of a “kill message” would be broadly known among mobile operators.  Consequently, it would be difficult to prevent hackers from remotely sending those kill messages and shutting down customers’ phones permanently.  The problem becomes even more serious when imagining hackers disabling an entire group of customers, such as the Department of Defense or law enforcement.  There are also concerns over unintended consequences.  For example, a permanent kill switch could have unintended consequences for customers who eventually find their lost phones.

Proponents of the proposed antitheft security feature believe the resistance coming from mobile carriers is largely motivated by money, and that carriers are prioritizing profit over safety.  It seems likely that business relationships, such as with insurance companies, play a role in carriers’ opposition for such a bill.  Indeed, mobile carriers make billions every year from selling theft insurance to their customers.

While I agree with the sentiment that steps need to be taken to reduce the number of cell phone thefts, I am not completely convinced that a kill switch is the answer.  While it appears that it could be an effective solution in theory, I do worry about the possibility of hacking and of unintended consequences.  Individuals need to be more aware of their surroundings and should resist the urge to take out their phones in public.  While maybe not the strongest deterrent, I do find that the “Find my Phone” application that users can download on their iPhones serves as a deterrent nonetheless, and more people should consider downloading this feature.  Ultimately, I believe more research should be done on how kill switch technology will operate, and how to fix the inevitable glitches, before implementing such a feature.

YOU, ME, and the LECs

POSTED BY Alexander D. Schultheis

The Telecommunications Act of 1996 (TCA), codified at 47 U.S.C. § 222, was a major step forward in improving competition for Competitive Local Exchange Carriers (CLECs) in their respective marketplaces.  A recent ruling by the SecondCircuit in Southern New England Telephone Co. v. Comcast Phone of Connecticut, Inc., 718 F.3d 53, (2nd Cir. 2013), made sure the TCA’s purpose was not undermined. The Second Circuit held that “former” monopolist ILECs, such as AT&T, are still required to provide indirect transit service access to CLECs at regulated rates, despite no longer holding exclusive monopolies under state law.

Section 251(a) of Title 47 of the United States Code requires all telecommunications carriers to “interconnect” their networks with one another for the sharing and mutual exchange of traffic. Specifically, § 251(c)(2) and § 252(d)(1) require ILECs, like AT&T, to connect all other carriers (including CLECs) at what is known as Total Element Long-Run Incremental Cost (TELRIC). This is a regulated rate by the TCA, and uses a complex formula to determine a price range for what ILECs may charge. The policy in requiring ILECs to connect all other carriers into their network, and in some cases their physical facilities, is to ensure that they do not exploit their previous monopoly status prior to the TCA’s passage.

There are two kinds of interconnection: Direct and indirect. Direct interconnection occurs where the carriers link or attach their equipment to the actual network infrastructure of another ILEC. Indirect interconnection occurs where the carriers attach their equipment to the physical facilities or equipment of the ILEC, thus gaining access to the network in a “round-a-bout” manner. The main difference between the two methods of interconnection boils down to financials. When carriers are directly connected to one another, there is a free-flow of exchanging traffic between them. However, new market entrants (the CLECs) do not possess the balance sheet to directly connect to the network infrastructure of the ILEC, and thus choose to attach their equipment to the ILEC’s equipment and facilities. Naturally, the ILECs charge a rate of use for this service, which routes traffic transit service between the ILEC and the CLEC.

In the particular case at issue, a small communications company known as Pocket Communication (Pocket), a CLEC based in Connecticut, negotiated a transit service agreement with AT&T. Pocket originally petitioned the Connecticut Department of Public Utility Control (DPUC) to review the terms of the agreement. Pocket alleged AT&T violated Connecticut state law and the DPUC’s prior 2003 decision in a proceeding under the auspices of the TCA involving Cox Communication, both which required AT&T to charge the TELRIC regulated rates for transit service. Specifically, Pocket alleged AT&T engaged in price discrimination by charging Connecticut carriers higher rates than carriers in other states, and requested the DPUC to lower them. AT&T argued that its service did not constitute interconnection under § 251, thus allowing them to charge higher negotiated rates. The DPUC ultimately sided with Pocket, and ordered the rates lowered not only to Pocket but to other carriers who provided transit service through AT&T as well.

On first appeal, the District Court rejected AT&T’s argument that the DPUC was “preempted” by the FCC into adjudicating this matter. The District Court held that “interconnection” under § 251 of the TCA included indirect interconnection through transit service with other CLECs because the goal of the TCA was to promote competition, and it would be very difficult for CLECs to compete without at least minimal, indirect interconnection. Thus, the DPUC’s order to lower rates to Pocket was affirmed. However, the District Court reversed the mandatory lowering of rates, especially to carriers in other states who were not parties to the litigation. This is because the TCA’s preferred rate-setting method is still private contract negotiations, with the TELRIC rates serving as a guide of sorts in determining what to charge.

On a second appeal, the Second Circuit had to answer the classification question: Does AT&T’s status fall under § 251(a), which addresses the general duties of all telecommunications carriers, thus allowing them to charge higher negotiated rates, or are they under § 251(c), which addresses the obligations of “former” monopolists, who must provide service at the lower regulated rates? The Second Circuit held that AT&T’s obligation to provide indirect interconnection transit service is an obligation under § 251(c), because it ensures that indirect interconnection will facilitate mutual transit service between new CLECs in the market. The Court reasoned that while AT&T may argue they fall under § 251(a), this section only provides a broad policy goal that all carriers interconnect, but does not specify how, whether direct or indirect. Whereas, under § 251(c), ILECs are required to provide at least indirect interconnection to any CLEC who asks to be connected to their network.

Given the importance of disseminating information in today’s marketplace, there is an increasing importance to ensure competition in the telecommunications industry. It is important to ensure that industries like this do not contain a high degree of concentration, for such concentration may act as a barrier to communicating salient and valuable information between consumers and businesses alike. By strengthening the TCA’s primary goal of increasing competition, the Second Circuit has taken a step towards ensuring that consumers are not left with a limited number of choices from which to access information, or having to pay higher rates to access this information. This public benefit far outweighs any private commercial gain that ILECs may experience through charging higher negotiated rates CLECs.

In particular, it is persuasive that the Second Circuit pointed out that while ILEC “giants,” like AT&T, no longer possess state-sanctioned monopolies because of the TCA’s implementation, they still do possess leverage by controlling access to their network. If “former” ILECs were permitted to still charge higher negotiated rates for access to their transit services, despite no longer possessing a state-sanctioned monopoly, they could effectively continue their dominance of the industry, preventing its de-concentration, and thus limiting competition. Given how important Local Exchange Carriers are today in providing a means of communication across the nation, the Second Circuit’s ruling is consistent with ensuring the TCA’s primary goal of increasing competition, and, as a secondary matter, ensuring the public’s benefit to accessing information from a carrier of their choice.