Ten Questions To Ask Your Cell Phone Provider—and the Online Marketers They Work With—to Protect Your Mobile Privacy

The Mobile Platform Presents New Challenges to Consumer Privacy

As the recent Federal Trade Commission filing by the Center for Digital Democracy and USPIRG makes clear, many of the same monitoring and marketing practices that raise profound privacy questions on the World Wide Web have found their way to the mobile platform. In the words of the CDD/USPIRG complaint itself, “Mobile devices, which know our location and other intimate details of our lives, are being turned into portable behavioral tracking and targeting tools that consumers unwittingly take with them wherever they go.”

Fortunately, mobile communications, unlike online transactions, are still in a comparatively early stage of development, and there’s time for the adoption of regulations to protect consumer interests in the mobile arena. The CBD/USPIRG complaint, in fact, represents an early test of the Obama administration, whose FTC now has an opportunity to take a strong stand for consumer privacy.

In the meantime, there will be the predictable denials from the mobile industry claiming that there’s really no problem at all, and the obligatory corporate self-regulatory campaigns that invariably have more to do with public relations than with the public interest.

More importantly, there’s something that mobile users can do, too, just to let AT&T, Sprint, Verizon et al know that we’re aware of the threats to privacy that cell phones represent, and that we’d like industry to address this issue in a meaningful fashion. Here, then, are Ten Questions To Ask Your Cell Phone Provider—and the Online Marketers They Work With—to Protect Your Mobile Privacy.

1. Do you (or your partners or affiliates) use GPS technologies to monitor my whereabouts at any given time in order to deliver location-specific advertising?

The good news about the new smart phones is that they incorporate GPS navigation systems to aid us in reaching our destinations. The bad news is that mobile marketers will be following us every step of the way, delivering targeted ads based on our current location. Acuity Mobile, for example, boasts that its new Embedded Mobile Advertising Platform can track users to within 3-5 feet, close enough to “identify a consumer’s proximity to a specific retail store rack or display.” That, needless to say, is a little too close for comfort. Cell phone users should have the option of shielding their travels from the prying eyes of mobile marketers.

2. Do you (or your partners or affiliates) monitor or track my Web usage (such as compiling a list of the sites or pages I visit)?

Even when were standing still, mobile marketers are able to follow us, by relying on the same Web tracking technology that has made the Internet such a privacy minefield. Mobile software developer Bango, for example, “monitors millions of visitors across many leading sites every moment of the day.” Because all cell phones are equipped with a unique Mobile Identification Number, moreover, marketers now know precisely who is going where in the mobile Web. Thus Bango allocates mobile users “a unique persistent Bango user ID,” which provides a level of accuracy and tracking capabilities “not available on the PC Web.” Here again, cell phone users should have the option of traversing the mobile Web without having their identity revealed at every stop along the way.

3. Do you collect data concerning my cell phone usage and online spending patterns?

The Mobile Advertising Alliance (UK) is clear on this point, explaining in a recent white paper that “[t]he Operator has exclusive access to detailed information on subscriber behaviour and characteristics,including spending patterns, location, availability, interests (through browsing habits), social status (implied from device) as well as demographic data….” The real question, then, is whether you have the option of excusing yourself from these data-gathering efforts. And the answer to that question should be as simple as the ringer on your phone: just as you can turn it off, or set it to vibrate mode, so should you be able to deactivate the mobile data gathering machinery—or simply tell those prying mobile marketers to buzz off.

4. Do you employ data aggregation and analysis for the purpose of subscriber profiling, and, if so, can I inspect (and, if necessary, correct or suppress) my own profile?

This one should be simple. Just as we have the right to inspect our credit reports (and to correct any information that we believe to be erroneous), so should we be given access to the digital dossiers that mobile marketers compile, based on cell phone and mobile Web usage. The Millard Group, a direct-marketing company involved in mobile advertising, claims to have access to “detailed segmentation” information on 63 million U.S. consumers, maintaining a wide range of information on these consumers, including their “full demographics,” religion, marital status, “auto interest,” political party affiliation, pet ownership, personal finances, sexual orientation, and even whether or not a person gambles. While some mobile marketing segments may sound frivolous—4Info’s “Social Butterflies” and “Entertainment Addicts,” for example—the privacy implications of this kind of audience segmentation, not to mention the social implications of targeted minority and youth marketing, are profound. Users should have access to this personal data, and should be allowed to challenge the suppositions and inferences that mobile marketers are making about them.

5. Do you permit my user data to be combined with personal information from any other sources—online or off—for marketing or profiling purposes?

A standard practice on the Web, where online marketers routinely consult off-line consumer databases to sharpen their ad targeting efforts, more detailed personal profiles are now showing up in the mobile marketplace, too. In May 2007, for example, Acuity Mobile and Acxiom Corporation announced that they had partnered to create “a powerful new mobile marketing solution that integrates world-class consumer data and behavioral analytics with the industry’s leading real-time mobile content delivery platform.” More recently, the Nielsen Company entered the online arena with its new @Plan service, which “provides audience profiles based on leisure activities, life events, electronics ownership, media use and brand-level purchase activity across travel, auto, finance, food and beverage, real estate, pets and more.” Straying even farther into the realm of personal information, Nielsen Claritas supplements its compiled profiles with financial information from credit bureaus Experian and Equifax, posing yet another challenge to the maintenance of basic privacy rights in the mobile sector.

6. Do you employ behavioral targeting techniques, including efforts to “personalize” the “user experience” (by selecting or filtering, for example, the mobile content and advertising that I view)?

Enpocket, a mobile marketer recently acquired by Nokia, provides a sobering example of the use of behavioral targeting in the mobile arena, with a proprietary “Personalization Engine… that scores mobile users based on their past behavior. It enables us to predict which products and services a customer might purchase next. That way, we can provide the right message, advertisement or promotion to the right person at the right time.” Nor is this an isolated example of mobile targeting techniques. In addition to behavioral targeting, there is also contextual targeting, which allows advertisers to place ads in and around content that their audience frequently visits, and device targeting, geared to the specific make, model or functionality of a mobile device. Time-based targeting permits advertisers to select the time of day when an ad will appear, and there is also demographic targeting, which utilizes a wide range of demographic data in order to mark mobile users for advertising. Taken together, this arsenal of mobile-based targeting technologies affords marketers plenty of opportunities to breach consumer privacy.

7. Do you use ancillary services, such as mobile video and music, downloadable ring tones and wallpapers, as a proxy for consumer “opt in” to various data-collection practices?

Smart phone users know what they want, and they want it now—from video programming to music downloads to personalized ring tones and graphics. The problem with many of these on-the-fly services is that they come with fine-print user agreements that often involve clicking away one’s privacy rights. These multimedia services, moreover, serve as vehicles for increasingly personalized advertising, which itself raises serious privacy questions. “Ads delivered through the ear are arguably the most intimate and personal of all ad forms,” notes mobile marketer Apptera. The company claims that its “precision… targetingcapabilities” are possible because “unlike other forms of advertising (such as TV, radio, direct mail, banner ads, keyword ads or billboards), voice ads are achieving unprecedented response rates…. [C]allers have implicitly opted-in…. Thus, their ‘mental door’ is unlocked.” The notion of “implicit opt-in,” of course, is simply another example of user deception in the mobile industry, and regardless of whether or not our “mental doors” are unlocked, mobile marketers shouldn’t be allowed to walk right in and violate our privacy any time they want to.

8. Do you ever use “free offers,” discount coupons, online games, and other enticements as a means of securing subscriber permission for data collection and ad-targeting practices?

Especially in today’s difficult economy, no one is opposed to a special discount now and then. But such offers should not come at the expense of our privacy. Unfortunately, as a recent study reveals, over half of all cell phone users would be willing to view more advertising on their cell phones in exchange for a 25 to 50 percent discount on their monthly service bill. “Mobile advertising has taken on many forms, and is generally considered to be intrusive,” admits Iain Gillott, president of the market strategy company (iGR) that conducted the study. “But when consumers are given the choice to receive ads and share their usage patterns in exchange for discounts, mobile advertising has the potential to be highly targeted and highly effective.” And highly invasive as well, especially when that targeted advertising is based on our compiled preferences and interests.

9. What are my options for protecting myself from these various tracking and targeting practices?

The mobile privacy conundrum will never be finally solved until each of the practices outlined here (and discussed in much greater detail in the CDD/USPIRG filing) is attached to a clear, concise declaration that the user agrees to be the subject of such monitoring. The default state for cell phone tracking, in other words, should be “No thanks,” to be overridden only when the user explicitly states otherwise, and only for each instance of data-gathering technology that is deployed. While the mobile industry often points to its strict “opt-in” and even “double opt-in” procedures before operators or advertisers are given access to any personal data, SMS advertising company ChaCha’s more covert approach—“There’s no complicated opt-in process—users are part of ChaCha when they ask their first question, and your valuable message or offer is integrated naturally into the answers they receive”—is all too typical.

10. Can I have a short, simple explanation of my privacy rights?

Unfortunately, the same industry that is a model of efficiency when it comes to marketing its wares—from Verizon’s self-congratulatory “America's Most Reliable Wireless Network” claim to AT&T Wireless’ resurrected “Reach Out and Touch Someone” campaign—is powerless to come up with a concise, comprehensible presentation of consumer rights. Instead, mobile operators offer dense, longwinded documents that seem calculated to obscure rather than illuminate user rights. Verizon’s Customer Agreement, for example, runs to nearly 5,000 words, as does its equally convoluted Privacy Policy (which actually extends to seven separate documents online).

And then, of course, there’s the problem of mobile links to external sites, which invariably subject us to another dose of equally fine-print disclaimers: “The Verizon Wireless websites contain links to other sites. We are not responsible for the content or the privacy practices employed by other sites.” Add to this the fact that these policies are not exactly etched in stone—“Verizon Wireless will provide 30 days notice on our web site of any material changes to the privacy statement and in the use of personally identifiable information”—and it’s clear that mobile user agreements and privacy policies are scarcely worth the paper on which they’re written.

In the final analysis, the mobile industry knows full well that it is sitting on a veritable gold mine of consumer data, and that intimate access to consumers will only increase as cell phones become more powerful and as complex mobile transactions become more commonplace. As mobile marketer Amobee puts it, “mobile phones are the most widely held media device in the world. With nearly 2.5 billion subscribers, the mobile phone dwarfs every other media platform. The reach is greater than TV, the effectiveness is stronger than print and the targeting is more precise than the Web. The mobile phone is a personal, interactive device that is always on and engaged throughout the day.”

The power of mobile technology is enormous, clearly, and it’s potential to shape communications in the 21st century is unrivaled. With that vast potential comes a corresponding danger, however—the threat to our privacy in particular—and citizen action and regulatory oversight alike will be needed both to realize the full potential of the mobile platform, and to minimize its dangers. Ultimately, Congress, the Federal Trade Commission, and the Federal Communications Commission will need to act to ensure that the necessary rules are in place to protect our privacy in the mobile marketplace.