Our earlier blog post provided an overview of what a cell phone ping is and why the practice of cell phone pinging is illegal in all but some very specific circumstances.
This post discusses some of the compliance issues related to cell phone pinging. There are some dry legal citations throughout, but they are important to understanding what the law defines as compliance, and non-compliance.
To get a cell phone location you need customer permission.
Locating a cell phone without the the consent of the customer (cell phone owner or person in possession of the cell phone) is not compliant with at least 4 telecommunication laws, rules and regulations.
The Communication Act of 1934, amended by the Telecommunications Act of 1996, section 222, imposes a duty on all carriers (covered entity) to keep customer’s information confidential. The Telephone Records and Privacy Protection Act of 2006 (TRPPA) was amended to include the word “location,” with the specific intent to protect cell phone location information.
For confidential phone records, TRPPA states that the definition is:”… information that—”
- (A) relates to the quantity, technical configuration, type, destination, location, or amount of use of a service offered by a covered entity, subscribed to by any customer of that covered entity, and kept by or on behalf of that covered entity solely by virtue of the relationship between that covered entity and the customer;
- (B) is made available to a covered entity by a customer solely by virtue of the relationship between that covered entity and the customer; or is contained in any bill, itemization, or account statement provided to a customer by or on behalf of a covered entity solely by virtue of the relationship between that covered entity and the customer.
Note the word “location” in section A. It’s there to protect the cell phone location information.
Anyone selling cell phone location information without the customer’s consent would be in violation of TRPPA—because cell phone location information falls under the definition of “confidential phone records.” See section (1):
Except as otherwise permitted by applicable law, whoever, in interstate or foreign commerce, knowingly and intentionally sells or transfers, or attempts to sell or transfer, confidential phone records information of a covered entity, without prior authorization from the customer to whom such confidential phone records information relates, or knowing or having reason to know such information was obtained fraudulently, shall be fined under this title, imprisoned not more than 10 years, or both.”
Some reading this may argue that a cell phone location is not a confidential phone record. In fact on June 27th 2013, the FCC issued a declaratory ruling to specifically include cell phone location information as confidential information, i.e, a confidential phone record. Law enforcement, however, in a criminal investigation, or in an emergency, can access these records without consent.
Here’s the ruling: FCC ACTS TO PROTECT PRIVATE CONSUMER INFORMATION ON WIRELESS DEVICES
Anyone purchasing or in possession of cell phone location information would also be in violation, see section (1):
Except as otherwise permitted by applicable law, whoever, in interstate or foreign commerce, knowingly and intentionally purchases or receives, or attempts to purchase or receive, confidential phone records information of a covered entity, without prior authorization from the customer to whom such confidential phone records information relates, or knowing or having reason to know such information was obtained fraudulently, shall be fined under this title, imprisoned not more than 10 years, or both.”
Purchasing cell phone location information obtained without the customers consent would also land you squarely in the sights of the FTC.
The Federal Trade Commission initiated suits in 2006 under Section 5 of the Trade Commission Act, which prohibits unfair or deceptive acts or practices in or affecting commerce. Those suits sought penalties and injunctions of the sale of telephone records, and the payment of the ‘iil-gotten gains’ from those sales to the agency.
Some examples of location information that would not be compliant:
- Contacting someone, giving them a cell phone number, they supply you with the location for the cell phone number.
- Repeatedly texting a cell phone number until the cell phone number replies to the text message. When the cell phone replies to the text message, the text messages stop — and the (cell phone owner) location information is obtained.
- Purchasing and/or being in possession of cell phone location information from anyone else other than the carrier or a provider approved by all carriers.
There are Federal laws that apply to a cell phone ping. The laws we cited make clear that locating a person’s cell phone without their consent is against the law. The only exception being a criminal investigation or emergency 911 calls. There’s a number of State laws that apply, but it’s beyond the scope here to cover laws in each state.
There are no methods we’re aware of, whereby a cell phone location could be obtained—legally—without consent. We also can’t see that selling or possessing cell phone location information is compliant, unless the customer has consented to releasing that information.
The Consumer Finance Protection Bureau and the Federal Trade Commission make it easy for a consumer to file a complaint—the agencies share information and each of them have enforcement authority. The CFPB is expanding, both in its supervision and in the number employees. Privacy, as indicated by the recent NSA scandal, will be an increasingly important concern. The CFPB states states that institutions are responsible for the acts of its vendors and those institutions need to be able to demonstrate that they checked their vendors for compliance.
A cell phone ping without permission, without following the strict rules and regulations that are required of all carriers, is simply not compliant.
Consider this. The consumer may have a cause of action for damages if their cell phone location was obtained without their consent, as the information could only have been obtained through fraudulent actions. Regardless, the costs to defend will be far out of proportion to whatever is paid for a cell phone ping.
Belles Camp is an approved location information developer, we’re working on adding location information to BellesLink.com. We know what the carriers require. Carriers base their requirements on laws they must follow. But if anyone reading this has information otherwise, please contact me with your facts.
Our next post will talk about compliant location information services.
*We’re not lawyers, we’re certainly not your lawyer. Nothing here or in the associated posts on this topic should be interpreted as legal advice or a commentary on how others do business.