WIRELESS WEB WORKSHOP FEDERAL TRADE COMMISSION THE MOBILE WIRELESS WEB, DATA SERVICES & BEYOND: Emerging Technologies & Consumer Issues Tuesday, December 12, 2000 CONFERENCE PROCEEDINGS VOLUME 2 - - - - - The above entitled workshop was held on Tuesday, December 12, 2000 of commencing at 9:00 a.m. at the Federal Trade Commission, 600 Pennsylvania Avenue, Room 432. P R O C E E D I N G S MS. ROSENFELD: Good morning, and welcome to day 2 of FTC's wireless workshop. My name is Dana Rosenfeld, and I'm the assistant director of the Office of Director here in the Bureau of Consumer Protection. A couple of just housekeeping notes. There are demos that are continuing to run in the cafeteria all day, so when you get a break, please go up and check those out. The other thing is I would like to thank the Wireless Advertising Association and Wiley, Rein and Felding for providing the wonderful breakfast we had here this morning. We're going to open with a panel on the introduction to privacy and security issues, but before we do that, Commissioner Thompson, who is in Europe, is here by videotape and will make a few introductory remarks. PRESENTATION BY COMMISSIONER THOMPSON VIA VIDEOTAPE MR. THOMPSON: I welcome you for the second day of our workshop on mobile wireless technologies. I have long followed the development of wireless technologies, and I have previously spoken about the impact of new information delivery platforms on the future relationship between consumers and industry. I'm sorry that I won't be able to join you, but if I carried a satellite phone or a global positioning system, perhaps you would be able to find out that I was somewhere in the Hague talking about online ADR, and that's one of the wireless privacy problems that you'll be talking about today. Yesterday, we all had a chance to learn about the breadth of exciting business and technological opportunities presented by the wireless world. These opportunities are not expected at some time in the distant future. Instead, they're at our doorstep right now, but we've also learned that these opportunities impose important challenges, and today we will focus on some of these challenges and how they should be addressed. More specifically, we'll examine three topics that are particularly relevant as wireless technologies develop: Privacy, security and the form that advertising will take in this new medium. Now, the Commission has examined these issues in the context of online commerce and how they relate to the FTC's core consumer protection mandate. Now, we're seeking to learn how they'll develop in the mobile world. This workshop provides a forum for all of us to get to know the companies and issues involved in creating these products and services. It also provides us with an opportunity to engage in an interactive dialogue between government, industry and consumer advocates about how these issues should be addressed. Now, I think we all recognize that this is a rapidly changing area. Accordingly, our responses should be creative, flexible and organic built with an ability to embrace change. At the same time, however, I hope that we will have laid the foundation for a continuing discussion of these issues in the upcoming months, so thank you again for coming, and I hope you'll find this workshop fun, informative and thought provoking. PANEL ON INTRODUCTION TO PRIVACY & SECURITY ISSUES PANEL MEMBERS: MS. ROSENFELD: Thank you, Commissioner Thompson. If the first panel would like to come and take their seats, we'll get started. As Commissioner Thompson just highlighted, along with the exciting opportunities mobile wireless technologies offer come a host of issues that will affect consumers as wireless providers introduce new equipment, services and applications to the U.S. market. The first panel today is introduction to privacy and security issues. We plan to give you a broad overview of the privacy and security issues that will affect consumers and guide public policy discussions as consumers increasingly take advantage of mobile wireless technologies. With me to discuss these issues are Donald Bromley, the practice leader for the wireless risk management service group at Fiderus Strategic Security and Privacy Services. MR. BROMLEY: Good morning. MS. ROSENFELD: Dr. Lorrie Faith Cranor, a senior technical staff member in the secure systems research department at AT&T Labs Research. Dr. Cranor is a chair of the Platform for Privacy Preferences Project (P3P) specification working group at the Worldwide Web Consortium. Alan Davidson is an attorney at the Center for Democracy and Technology. David Moore is the president and chief executive officer of 24/7 Media, and Dr. Lawrence Ponemon is a partner and global leader of compliance risk management for Pricewaterhouse Coopers and is the founder of its privacy practice. Peter Swire, who is the chief counselor for privacy in the Office of Management and Budget, was supposed to be here this morning but unfortunately was not able to make it, but he did ask me if I would read a statement that he prepared. "I'm sorry that other events made it impossible for me to join you at this important panel today on wireless privacy. For wireless technology to develop to its full potential, consumers will clearly need to have an understanding of how their personal information is used and confidence that it will be used only in ways they approve. "I particularly draw your attention to an issue that has been a major theme of the administration's privacy efforts, the strong protection of medical and other especially sensitive information. Wireless users will sometimes be medical patients. What rules and practices will be in place, for instance, for the information that a user has visited a psychotherapist or an HIV clinic? "Whatever privacy practices develop generally for wireless information, I urge you to consider how to build an infrastructure that will also assure proper privacy protections for the most sensitive information." And with that, I will turn to our panel, and really -- I'm sorry, before we get started, I want to let those know in the overflow room and here that we will be taking again questions from the audience about 20 minutes before the end of the panel, and that will be at approximately ten o'clock. And, panelists, if you would just let me know when you want to respond to a particular question, if you want to put your tents up or raise your hand, that's fine. First really just getting into the basic issue here is what type of information is collected when consumers use wireless devices and who is collecting that information? I think before we talk about whether protections need to be in place and how those protections work, really the fundamental question here is what information are we talking about? Would anyone like to get started with that? David? MR. MOORE: I think Alan raised his hand. MS. ROSENFELD: Oh, I'm sorry, Alan? MR. DAVIDSON: I didn't raise my tent though. Well, I'll jump in and start and say, first of all, thank you for having us, and thank you for having this workshop because I think this is continuing in the Commission's excellent tradition of looking at these issues, trying to get ahead of the curve thinking about a lot of these issues early on at a time when they can make a real difference, and so I think that this is an excellent effort. There are huge looming privacy issues in the wireless space because of the collection and aggregation of new information that was never before collected and aggregated in new ways and in ways that the consumers don't understand, and I think you start off by asking the right question, what are we talking about? In addition to -- well, to start with I think the same kinds of information that we are concerned about in both the off line and the traditional online Internet environment, both personally identifiable information, transactional information about what people are doing online and how they're using their phones, that can be very sensitive, but beyond that I think there's some particular challenges in the wireless environment because of different kinds of information that we didn't collect before. Of course, the biggest one and one that we've talked about already in this workshop is location information, and it's the snapshots of location that service -- that providers of services in the wireless environment may be getting that can create when aggregated over time a very detailed and invasive dossier of a person's movements in a way that we never were able to collect before, so that's a starting point. The carriers, in addition, when we were talking about not just carriers but others who may be collecting this information on a regular basis, we may be facing a situation where individuals are having their location tracked in a detailed way, in a way that was never available before through probably any technology being applied to a hundred million users in the United States who don't necessarily know that this is happening, so that is a huge element of this. Another big piece of this is the fact that the information is very closely linked to identity. We're seeing the downstream transmission in the wireless web context perhaps of a mobile phone number or a unique user identifier that may be transmitted outside of the carrier to other individuals and may be collected. And in the case of mobile phone number, of course that's a very sensitive piece of information for a lot of consumers. In the case of a unique identifier, there's an additional issue in the sense that I think individuals are more closely linked to these wireless devices than we've seen in other environments, that a person's wireless device tends to be really theirs and theirs alone, and it's less sort of the kind of thing where there's a computer in an office or a house where an IP address may be used by many different people. So there's particularly -- there's extra issues there, so we've got problems, the traditional problems that we've seen in the off line and traditional online environment plus this extra information that's being collected both by carriers and by those downstream. MS. ROSENFELD: Larry? MR. PONEMON: Well, I agree with everything that Alan says. Can you hear me, by the way? Good. The major issue in my mind is that you need to have very significant personalization to have success in the wireless environment. If you don't have that level of personalization, basically your Smart device, something like this Nokia that I'm holding here, becomes meaningless. All of it is SPAM. You think it's bad now, you're sitting down with your family and you're having dinner at six o'clock in the evening and the phone rings and it's the guy from a financial service organization trying to sell you insurance, right? Well, now it's going to happen all the time, right, because now you have one of these devices, but understand that with personalization, you could actually express in clear and concise language your preferences, and you could turn it off or you could turn it on. You could be the recipient of the messages that are important to you, and that's real important. The flipside of personalization is in order to do it right you have to collect a lot of personally identifiable information, and included in that quandary would be locational information and velocity information. Just like a boat on some water where you can triangulate a position, we're seeing technology today that could actually figure out where you're heading and how fast you're going to get there. So suppose you like Starbucks and at ten o'clock you normally have your cafe latte, right? This is your cafe latte time. It's 9:58 you're going to get a phone call and it's going to be someone from the local Starbucks telling you, Hey, if you make a right turn right now we're going to give you a 10 percent discount, and if you're a consumer, that might be a good thing. But if you're not interested in that or if they basically called on the wrong person, it basically starts moving in to the SPAM zone. This personally identifiable information, I'm not a security guy. I'm a privacy guy, but on the security side, that information as far as I'm concerned is top of the line. This is as bad as it gets if it gets into the wrong hands, so you basically have to build the right security infrastructure. And quite frankly a lot of companies that are starting to move in this space pretty quickly might not have the resources today to build that infrastructure. So those are some of the issues. May I respond to one other point very quickly? MS. ROSENFELD: Sure. MR. PONEMON: And that is the concern that was expressed yesterday. If you're a physician, a practicing physician, you might want to use a Smart device like a Palm Pilot to collect information about patients, and there are many business models currently that require the physician to actually use that type of device. And in fact I was told that one Palm Pilot, I think it's a Palm VII, can collect up to 14,000 records, 14,000 patients. Imagine if you're like me and you're absentminded and you leave it in a cab? So we're basically dealing with just basic blocking and tackling issues as well as the whole wireless environment. The device itself needs to be engineered in ways that allow you to have immediate turn off, the immediate ability to track it if it's lost, so those are other issues that hopefully we'll try to address. MS. ROSENFELD: We'll try to get to the security issues a little bit later, and those issues of course are exacerbated when everything -- all of your devices are converging in to one single device where all of your highly personal information may be held. I think Don was next. MR. BROMLEY: And I agree with Larry. In order for these devices to have any value to you as a consumer, the content needs to be very highly personalized, and from that viewpoint, it's not just that I like Starbucks, but it's if I'm traveling, it knows where I am. It knows the state, whether I'm working or it's pleasure travel, and it presents to me information that's relevant and timely to where I am, who I am and what state I'm in, whether it's work state, leisure state or whatever, and then it becomes of real value. But again that provides some real opportunity for abuse of that information. If I'm collecting and bringing together all that kind of information, I know a lot about you. I know a lot about your habits. I know a lot about where you are, who you are and what you're doing at any point in time. It sounds somewhat Orwellian, but it's true, and this technology is available and generally distributed today. It's not something that's ten years off. MS. ROSENFELD: Lorrie? MR. CRANOR: Yeah, I just wanted to comment on what types of data are actually available today, and I think this is definitely an evolving thing. From my understanding today a typical cell phone that most of you have in your pocket actually sort of phones home every ten minutes and identifies where the nearest cell tower or cell site is to it, and if you're out in the country, that means they can locate you to about 30 miles, but if you're in the city you can be located to about two blocks based on that. And so this is happening today. For the most part service providers are not archiving this information. They just keep it until the next ten minutes when you check in and they find out you've moved to the next cell site. It's a huge amount of data, and for the most part they don't have anything that they're doing with it, but there are a lot of interesting business models that we've been hearing about that of course could make some really valuable use of that information. And it's really nice in these business models to know not only where you are now and where you were ten minutes ago but that for the past two weeks you've come here every day at this time, so keeping that kind of data is something I think we're going to see more and more of in the future. We're also going to see it get more precise. Instead of knowing just to the nearest cell site, we're going to know within a few hundred meters of exactly where you are, and that's something that once you have GPS capabilities, that you're going to have. There's also the issue of who is going to have access to this data and what form it's going to be in, so you may actually opt in to a customization service that you may say, This is very valuable to me, I actually want this service, I trust this service provider, it's fine for them to collect this data. They now have this entire dossier on you, and the question is, Who else might have access to it, and the service provider may be very trustworthy, but with a court order, now all of a sudden your ex-spouse or all sorts of other people may have access to that data. MS. ROSENFELD: We're going to talk about the Fair Information Practices in a little bit, but I think David wanted to comment on the initial question. MR. MOORE: Yes. I also think there's quite a few issues that we have to address, and I commend the FTC for getting involved early as this medium begins to evolve because there's many important policy issues that I think will need to be decided over the next 12 to 24 months that allow the medium to grow in a way that is conducive to consumers and industry. I think Alan identified a lot of the important issues, and I think Larry also brought up something that's very important, which is personalization. I think that it behooves us to help educate the consumers about the types of issues that they face when they go about buying a web phone for the first time and similar to some of the issues that we face in the E mail sector or the online advertising sector, consumers aren't all that aware of what types of tracking occurs and why some of that tracking is necessary in order for an advertiser to be able to advertise in a way that is conducive to ultimately selling their product. So I think that the opt-in as soon as possible is very important for consumers so that when they sign their first wireless carrier agreement, for instance, and all this information is laid out up front and that if they're interested in accessing content from the web through a WAP phone, that they have a choice. They could either pay for that content or they could accept advertising with that content. And if they accept advertising with that content, there will be a number of other items that they have to agree to that would enable that advertiser to know that an ad has been seen and been effective with that particular consumer. So my recommendation would be that the consumers are advised as soon as possible in the purchase of a wireless device and given the choice as to the type they would like to pay for the content that they will access. MS. ROSENFELD: I think these comments are a good segue into the next question which is: Is there agreement here? I'm hearing about notice. I'm hearing about opt-in choice. Should the Fair Information Practice principles of notice, choice, access and security apply in the wireless world? Larry? MR. PONEMON: I would just like to comment on choice. Quite frankly, David is absolutely right. I really like the opt-in model. I think that makes a lot of sense. Here's a practical problem. Actually there are two. Again looking at my Nokia, I hate to pick on this company. This is a great telephone, but look at the screen. Can you see it? I can't even see it. How do I know the privacy policy of a site that I'm visiting, okay? Some telephones have a larger screen, so you could actually build it out so you have eight lines, four lines, but it becomes pretty difficult from a pure mechanical point of view basically to use this to understand the full issue. I mean, it's difficult enough when you're basically looking at an Internet site in the wired Internet, right, to be able to understand what a privacy policy states. So I think we have to rely on other mechanisms. I think P3P and other ways of disclosing privacy preferences will become very important, and the other issue -- and it's not directly part of the Fair Information Practices is this whole issue of redress because the chain is so complicated, you know, who owns that data, so when you opt-in, you're opting in to what? And there would be different touch points with the consumer, the device manufacturer, the carrier, the ad serving company. All of these people will be touch points so when you opt-in or opt-out or whatever, when you express choice, who is honoring that and how can you test, how can you verify that that touch point is honoring that commitment? This is going to be as a practical point of view incredibly, incredibly difficult. Thank you. MS. ROSENFELD: Alan? MR. DAVIDSON: You asked the question, should the Fair Information Practices apply, and I think the easy answer is yes. We've said it before that consumers are not going to use systems that they do not trust, and they will not trust these new wireless systems if their privacy and security is not protected, and Fair Information Practices are a good starting point for figuring out how to help people protect their privacy in this environment. The FTC has laid out before it's framework for thinking about Fair Information Practices, notice, choice and consent, access, security, enforcement. All of those need to be applied here. I think we've -- Larry already started by giving us a window into how difficult it is going to be to simply apply them here. The devil is in the details, and the question of, for example, what is real robust notice on a device that's got a very limited amount of space to put up a privacy policy? How will we do choice in an environment where the consumer may not have a whole lot of visibility of exactly who is getting this information. Even in an opt-in setting, even if we use that has a starting point, opt-in when? Opt-in how? If it's just opt-in at the beginning of a creation of a contract with a wireless provider or even the creation of an interaction with a particular web application provider, that may not be enough, and so we're going to have a lot of work to do to try to figure that piece of it out, and it's going to be hard. MS. ROSENFELD: David? MR. MOORE: While there's a whole bunch of different technologies that are available for phones today, and it's been tough to find a standard here in the U.S. I think it's pretty clear that the Fair Information Practices principles are a standard that can apply not only to the Internet E mail but of course to wireless as well, and I think the real question is how those standards or those practices are applied to this medium. In the case of the opt-in and opt-out, it's pretty clear right now that there's no real standard for opting in or opting out right now. In fact, opting in or out might be pretty difficult in the medium as it stands today, and those are clearly policies that have to be established, but as I look at the practical use of that Nokia that Larry has over there, one of the great uses would be to be able to access a restaurant in midtown Manhattan, and in order -- a French restaurant in order to ask for that type of information and to have that phone feed back to you that Pierre's is right around the corner and there's reservations available. It's a real benefit, and I'm essentially opting in for that type of information, and of course the location I'm in is of critical importance here, so I don't know whether or not that type of activity would qualify as an opt-in at that point in time and whether or not that would transfer over in to other events over the period of time that I used the phone, but it would seem to me that that type of activity is something that we certainly want to promote and find ways to protect the consumer from that type of information going any further but being available at that point in time to provide valuable service. MS. ROSENFELD: Don, I think, wanted to comment on the Fair Information Practices question, and then I would like to move on to the issues you're already talking about but implementation, what are different ways to implement notice and choice, but, Don, go ahead. MR. BROMLEY: Yeah. I would agree that the Fair Information Practices Act really is a key in bringing privacy and security together because you can have security without privacy, but you can't have privacy without security, and when you bring those two together, you create confidence and trust, and that's what's going to explode the market with wireless devices. When people begin to trust and have confidence that the information that they're providing is protected and shared according to their wants and needs, then you'll see an explosion in these devices because they're very valuable. I can use this to make travel arrangements or make restaurant reservations, and I could even use it to vote. I'll preface my next remark with the fact that I do live in the state of Florida. My question to the audience is, How do I determine a dimple or a hanging chad with something like this? MS. ROSENFELD: So I guess we have some consensus here about the Fair Information Practices, but as I think Alan said, the devil's in the details. How will notice be given in an effective way in the wireless space? We've heard about possible notice in service contracts with carriers, P3P type technologies. Maybe there are other ways, pop up screens, a way to access notice at another place on your PC at home or making a phone call. Does anyone want to comment on that? Lorrie, I think you had your tent up, but go ahead. You can comment on the previous question. MR. CRANOR: Actually I was going to comment on that, although it's hard to resist on commenting on the voting and other things. In any case, yeah, I think that there are a variety of different ways to offer notice, and I think that at least initially I think the most obvious one is through service contracts, that you're not going to just decide one day to get a restaurant listing without actually being subscribed to a service that provides restaurant listings, and so when you had subscribed to that service that will allow you to get information about nearest restaurants or stores or whatever, as part of that there will be a contract which indicates what types of information they have to collect to provide that service to you and what they're going to do with that information. And so any opting that you're going to do will probably be done at that point, not each time you want to go to a restaurant. As also has been mentioned, P3P is another way that we can probably help facilitate notice and choice when you're doing kind of more web surfing type activities with your phone. It would be very analogous to when you're doing it on your PC. So I think that those are some of the main ways that you're going to get the opt-in and out. Also with the security, clearly we need really good mechanisms to protect the security of this data, but another thing that I think we need to do is find ways of reducing the amount of data that needs to be kept in order to provide the services, and I hope that will be addressed on the panel this afternoon. But I think that there's a lot of things that companies that are doing marketing, they have all sorts of fancy algorithms that allow them to try to match you up to different sorts of things. I think they can also use that in order to reduce the amount of data that they have to keep on you so it serves their marketing purposes without having this complete dossier on you. MS. ROSENFELD: Larry? MR. PONEMON: You know, I think we're starting to see the evolution of these new solutions that capture privacy preferences, and this is not just for the wireless environment. It's also in the wired Internet, but basically if you look at these technologies like P3P, I think that it basically provides half of the trust solution, not the full trust solution, and we have to remember that the other part of the trust solution is the company will honor their equipment and basically say, I'm opting in or opting out. There's a choice that you make, and you make the big assumption that the company will honor it in the same way that you make the assumption that a company's privacy policy is true. Empirical evidence would suggest that many companies post a privacy policy that may not be true completely, and so we have to keep that in mind, so the preference, the ability to capture consumer information is half of it. The other half is coming up with an enforcement mechanism that holds organizations accountable for doing the right thing. If you're not doing the right thing, you basically have to pay some consequences, and that's really the arm of enforcement and the arm of regulation, so I hope we get to discuss that as well today. Thanks. MS. ROSENFELD: Alan? MR. DAVIDSON: First off, I would definitely second those remarks in that the enforcement is going to be an incredibly important part of this, but we're going to be talking, I think we've already touched a lot on the search for technical solutions here, and I think the reason is because the kinds of mechanisms that exist right now seem like they may be very unsatisfying for the consumer in terms of protecting their privacy, the difficulty in putting up really good privacy policies that people can look at on this device, the difficulty of trying to figure out where the information is going to go and when it may be used downstream by many different providers you may not have notice of. That's one of the reasons why I think we're all looking for things like P3P to be expanded into the wireless environment to be able to find technical solutions that make this simple for consumers. We're talking about probably a much broader group of consumers using wireless devices, broader than who are even on the Internet right now in the United States. And it needs to be something -- the discussion about this needs to be something that consumers can understand that's simple, and we needed technology to help us out. The other piece of that, and I really want to echo something Lorrie said, is looking at how we limit collection, which is sort of an implicit part of the Fair Information Practices as articulated, but the fact is that if you collect this -- if a company collects this information people are going to try to get it, and that's not even thinking about commercial uses. What we're talking about is government access to information in a way that right now has very little privacy protections and also access to information in the context of civil actions and civil lawsuits, so this is all lawful access, but where the standards are very unclear and the information that could be collected is extremely sensitive, and we need to work out the rules for that too. The base line answer is if you can find ways to deliver the services without keeping the information, you'll be doing yourself a huge favor and the consumer a huge favor. MS. ROSENFELD: Don, I think you were next. MR. BROMLEY: Just briefly. I think Alan brought up a good point about the kind of information that may be discoverable in a civil action. Let's say, for example, you're driving one of the most popular SUVs on the market, and your in-vehicle information system is telling you that your tire pressure is low, and it's been telling you this for weeks, and you have a rollover accident and try to bring a civil action against that manufacturer, is that kind of information then discoverable in a civil action to claim contributory negligence? I don't think anything like that has been discussed in the courts, but it's information that's collected and available. MS. ROSENFELD: David? MR. MOORE: Well, I think a lot of these issues should ultimately revert back to the consumer and where this consumer has notice of what the issues are and then choice, and I think to a certain extent, it's a mistake to go overboard in terms of the protection of the consumer because you will find many instances where consumers are very willing to give information in exchange for a valuable service. Stock quotes are a great example here where a consumer can sign up to have quotes sent to their wireless device every 20 minutes, every hour, however often they choose, and in accepting that information, they're agreeing to a set of guidelines that that content provider will use in order to be able to sell advertising to that consumer in exchange for providing that content for free. And I know Lawrence mentioned earlier about accessing a site on your phone and you don't know really what their privacy policies are. In many cases you could argue that the carriers should have agreements with content providers that require privacy policies that are identical to their own, but at the same time then you've got consumers that might see an advertisement for a particular type of content that they think is really terrific that they would like to access, and I'm not so sure that they should have to go back through the carrier to be able to get that type of content. So while we're totally in support of protecting the consumer, I would caution that there's a point where you go overboard in terms of protecting them in a manner that actually becomes a disservice and makes it a lot tougher for them to get the content that they would like to receive. MS. ROSENFELD: That's a good lead in to my next question which you've already touched upon but: How should choice be provided and who should provide it? We've heard about putting it in service contracts, but isn't it possible that that choice could be a condition of providing the service, or is it more appropriate that choice be provided at each site or each location that the consumer visits and wants to obtain services or content from? Anybody? Larry? MR. PONEMON: Basically as I mentioned before there's a chain, and that chain requires a chain of trust, right? It's not just one organization. There are many parties involved, and quite frankly I think this is a great opportunity for some consistent form of disclosure that cuts across organizational boundaries. Consumers need to understand what they're getting into here, and it's not going to be that easy. I think about do you ever call up the telephone company and complain about a charge on your telephone bill? Have you ever tried to do that during the day? You know how frustrating that is? You want to kill, you want to kill, just very, very bad. So can you imagine if you're trying to figure out, Geez, you know I've opted in, now I choose not to opt-in or I want to change my choice? You need to have a process that works for the consumer, and I think it's a good opportunity for self regulation. I think if we can come up with a self regulatory program, I think the Wireless Advertising Association, John Kamp, is leading that initiative, really start looking into coming up with a self regulatory framework with teeth so that you could actually enable trust. That's what it's all about, but if you can't come up with the right self regulatory framework, then basically you have to look at government, so I think that that needs to be factored into that equation. I think I answered your question. I started going astray a little bit. I apologize. MS. ROSENFELD: So which parties are in the best position to provide notice and choice? Is it the manufacturer of the wireless device? Is it the wireless supplier, the carrier, or is it the content service provider? Anyone? Alan? MR. DAVIDSON: I think it's going to be all of the above. Sorry. The fact is the people who -- the organizations and entities that are collecting information obviously are in a good position to know what information is being collected to try to provide some sort of notice and choice to the consumer beforehand. But it may be in this environment in this network environment, in this architecture it may be something that everybody -- all of the pieces here need to work together for. For example, you can imagine a situation where a hand set can be designed in such a way that it provides very clear notice to a consumer through an icon or a light whenever information is being -- location information is being transmitted or collected. That might require coordination between the handset manufacturer and the carriers and maybe even the downstream application providers, and I think we're still in the early stages of trying to figure out how to build an architecture that builds that, but it's going to require that kind of coordination probably, but there are a lot of great possibilities here for designing architectures that make it really simple for consumers so that you just push a button when you want to send that location information or not perhaps. There may not -- some of the solutions that we're talking about, the network based solution where the carrier is the one who's providing the location information, maybe you're going to have to send something back to the phone to let the consumer know it's happening, but I don't think there's any simple answer that there's one party here, that's who's responsible. MS. ROSENFELD: Lorrie? MS. CRANOR: Yeah, I think it definitely requires all the parties to work together. I mean, already even in our very limited functionalities that we have where we have had situations of cell phones that are broadcasting the user's phone number or a unique ID. In looking at how to solve those, we've discovered that there's no one party you can go to, that in fact when you go to the service provider, while it would seem like, well, they're the ones broadcasting it, but actually the software in the phone is generating it to begin with. Well, where does that come from? Well, that's another company that provides the software for the phone. So until they change the software, it's hard for the service providers to change what's happening, so basically you end up with a lot of different parties that really need to cooperate to really make this work. MS. ROSENFELD: Don, then David, and then we need to move on to security so... MR. BROMLEY: I'll be brief. I would just agree with the previous statements and add that as Larry said, it's a chain of custody. It's a chain of confidence that has to happen so that every party has to be involved from the handset manufacturers to the carriers to your -- to the service providers and the ASPs and every party involved in that transaction has to provide that confidence that that information is being protected and used for appropriate purposes based on the consumer's choice. And again there's no easy answer to this, and it's a fairly complex process. MS. ROSENFELD: David? MR. MOORE: I'm also in agreement, but my agreement is more based on the need for educating consumers on a regular basis about the various types of tracking and choices that they have when they purchase a wireless device. I think education is our friend here, and to the extent that we can do more and more of it, I think it will allow consumers to feel more comfortable giving the information, personal information in exchange for services that they really value. Now, one last comment I have, many of you may be aware that Qualcomm has a product called Snap Track that they're working on which is little switch on your cell phone that allows you to transmit your location when you click the switch, and it sounds like a terrific idea. The real question in all of this is there's going to have to be an economic model that works for the wireless providers, the cell phone manufacturers, the advertisers, and it may be that that switch, as great an idea as it sounds, may not be economically viable in this arena, and as a result we'll have to look for other ways to give that consumer a choice when it comes to revealing their location. MS. ROSENFELD: Alan, real quick, and then we have to move on. MR. DAVIDSON: I just want to put a sharper edge on this one. When are talking about a massive coordination effort for a self-regulatory approach to work here. It's very early in the process right now. There's still a lot of opportunities here, but when you're talking about this many different people having to coordinate in this many complicated ways, different carriers, providers, handset manufacturers, you may be in a situation where it may be a very natural place to look for a base line of regulation. Before we go there, I think the answer is there's an opportunity that the technology presents to give people a lot more control, and if we can actively work in that direction, that is the hope here. We're talking about a very different kind of architecture than the architecture we've been used to, where there's a lot of different intermediaries, a lot of different players to have to worry about. If we can try to change that to give users back more of the control over how information is being used and what information is being generated, we'll do for ourselves a lot of favors in the future in terms of what kind of regulatory approaches are going to be needed and what kind of self-regulating approaches are going to work. MS. ROSENFELD: Thanks, Alan. Moving on to security, the initial question here is how secure is transmission of personal information in the wireless medium? We've heard I think a lot about consumer concern and perceived risks of transmitting information. Would anyone like to comment? Don? MR. BROMLEY: I think security has two aspects, and it's even more exemplified in the wireless arena today. There's the perception, and there's the reality. The perception is that the airwaves is where the vulnerability exists where people are setting up scanners and putting on headsets and listening to stuff on the airwaves. I would say that that is -- the probability of that happening, of anybody gaining any information that has any real value today is very, very small. The real vulnerability exists in a couple different areas. One is within the carrier networks, where those gateways are for web phones. The carriers own those gateways. It's the place where the transmissions are translated from wireless to wire line capabilities, so the carriers control security over those gateways is the key point in today's environment. Now, there's new versions of software and controls where that issue can be resolved. The idea though is to having of course the carriers to implement those in their gateways, and the problem with that is it becomes a political issue with them. Today they control that relationship. Today they own those gateways. Therefore, they have the power in implementing the new proxy gateways and some of the new technology they lose that policy to the service providers or other intermediaries so it's more than just the technology issue that's driving the adoption of those new and better technologies. Then again, once you get past that gateway, it's just the common security vulnerabilities of the Internet whether it's protecting web sites or protecting transmission, and then you have the handset. As I have to -- because of bandwidth issues, because of capability issues in the software, as I want to roll out new and more sophisticated applications, I have to bring down more information. As these devices become more capable of storing local information and doing local processing, what happens when I leave this in a taxi cab? Talk about identity theft. This is me. Depending on how that application is defined, depending on how the authentication is designed to the local device, it is very easy for someone to high-jack a phone number and a serial number off this phone and make phone calls on my bill. As these become data capable and transaction capable, that doesn't change, so those controls and procedures need to be designed into the applications. MS. ROSENFELD: Larry? MR. PONEMON: Again I have to admit here, confess, I should say, I'm not a security expert, but let me just tell you what I have seen in the last 26 years, a lot of -- in business. A lot of companies that are start-ups have a difficult time spending the real dollars required to secure their infrastructure. Security is usually at a lower level of priority. It's normally about getting your burn rate and getting some profitability, and it does create a lot of vulnerability especially when there's an area on the Internet where there are a lot of great young start-up companies, so if you don't put the dollars in to the security solution, the critical infrastructure, there will be significant vulnerability. It goes back also to some other issues, that there's an engineering opportunity as well because I spoke at an I-device conference a year ago, and in the audience of about 4 or 500 people were all engineers developing these Smart devices, these I-devices. They didn't have a clue. They never even heard about this privacy debate. They were just trying to build the best possible product, and so if we develop technology that is supportive of the privacy issue and the security issue as a starting point, I think we can solve a lot of the problems that would otherwise happen in the future. MS. ROSENFELD: Anyone else want to comment? Lorrie. MS. CRANOR: I agree that trying to build these things from the beginning is going to be really crucial, and I'm a technologist. I go to these security conferences, and one of the things that was really kind of a wake-up up for me is I went to an electronic commerce conference about a year ago, and there was a panel on mobile devices, and there were all these great experts from fancy universities who got up there and talked about their vision of the future. And they had these demos of these little devices that you put your shopping list in them, and as you're walking down the street, it beeps when you pass a store that has items on your list, and it radios in, and you can walk in there and your purchase is waiting for you to pick up. It's already paid for, and this sounded really fabulous, and I was sitting there thinking, but what about the privacy issues, and so during the Q&A, I raised my hand and said, What about the privacy issues, and they looked at me like I was from outer space, and they said, Well, we'll worry about that later. And it seemed to me that if you don't worry about it now, it's not going in there, and somebody even made a comment, Well, we can think of it like an arms race. We'll put in better privacy and security, and then they'll find ways around it, and when you do patch it on later, it definitely does become an arms race, and that's all the more reason it's important to design these things in from the beginning. MS. ROSENFELD: We're certainly glad you were there, Lorrie. Alan? MR. DAVIDSON: Me, too. I've had a couple of experiences over the last year being on panels on privacy at various wireless conferences, and I have to say, they haven't been well attended, and that may be more of a personal commentary than anything else, but I do -- I think there may be a take home lesson that people are not paying as much attention to these problems as early on as they should. Just on the security side, I think part of the security puzzle here is the sensitive nature of the information that we're talking about being collected by a lot of different people, so when you're talking about location information, especially a location profile over time or real time location information, there are real public safety issues regarding the security of that information as it's in various places, real concerns for people who might be worried about who might get access to that information. I think we may -- unfortunately we have to hear real horror stories before we start thinking about how to protect that information. Authentication's another variable, piece of the puzzle, and what the liability rules are for example for the average consumer who's used to buying Coca Colas with his cell phone according to the commercials but then leaves her cell phone in a cab and finds that other people are buying Coca Colas with it, you know, unanswered questions. MS. ROSENFELD: David? MR. MOORE: I think as Don mentioned up front that you can't have privacy without security, and I think that's absolutely true, particularly when you look at what will inhibit the growth of this medium and to a certain extent has inhibited the growth of online commerce today is that people are very concerned, particularly about their financial information. And if we're going to be trading stocks on our wireless devices, there has to be the proper type of security that makes sure that information is safe and sound. At the same time I think we talked at the beginning of this panel about medical information, very, very hot item with consumers as well as industry and everyone else, again critical to protect that type of information from getting into the wrong hands. And of course the last part of it is, and this is perhaps to a lesser degree on wireless devices. But particularly on the Internet people don't want others to know what type of content they access, and again I think that when it comes to security, we're going to have to find a way to protect those consumers from that type of information getting into the wrong hands. MS. ROSENFELD: Well, thank you everyone. This has been a very interesting panel. I think given the time we'll go ahead and move to the general audience questions. If you would give your name and your organization before you ask your question, please? MR. LE MAITRE: Marc Le Maitre with Nextel Telecommunications. Obviously the wireless carrier has a part to play in the security and privacy of this information. MR. DAVIDSON: A small part. MR. LE MAITRE: Just a small part. I'm interested in hearing your thoughts on timing because, Alan, I've heard you say thanks to the FTC for raising this issue before the event and Lorrie's saying we're playing catch up. I think without talking about Nextel's plans in this area it's fair to say that some of the carriers on an international basis are already delivering wireless location based services and I'm viewing this as an implementation issue at the moment, and I was wondering if you could talk us through where we are on the implementation curve, and is this a problem I should be worried about today or something I should wait for legislation in order to make a first move. MR. DAVIDSON: Well, I'll start by saying I guess you should -- I guess it's something we should have been worrying about yesterday, and I guess I was probably being more courteous than anything else to the FTC, I guess, although there are a lot of people who have not spent a lot of time thinking about this, so I'm glad that we're here. But this is happening now. You've said it yourself. This has been happening, that there are millions of consumers out there using devices, for example, where the location -- their location may be roughly, may be very specifically, is available in ways that they, for example, don't have any idea of. There are millions of people moving to use the web over wireless devices and without giving any thought to what kind of information is being transmitted downstream, so this is a problem that's very real for consumers right now, and the protections are not there. There are huge drivers. Some of them come from our government. We haven't spent a lot of time talking about the E911 or the CALEA mandates that many of us are concerned about may be pushing industry to develop systems that are not as privacy friendly as they ought to be. This is also a very real issue in terms of government access to this stuff, and I just want to jump in because we haven't talked about this yet, but to say every company in this industry ought to be supporting higher privacy protections in the law or location information vis-a-vis government access. This is something -- HR 5018 is a bill that got passed through the House Judiciary Committee that heightens the standard for location information. Right now that information is available to the local sheriff or the FBI without serious privacy protections in it right now, not anything close to the kind of probable cause Fourth Amendment protections that consumers are used to and we need to be working on this now too and get those privacy protections added in because consumers are going to start hearing about this, and I think people are going to react very negatively to the situation right now. MS. ROSENFELD: We'll be hearing just a little bit later about the E911 rules, and also we're going to focus specifically on the use of location based information but, Lorrie. MS. CRANOR: So even before you start talking about web, for just a normal cellular phone, when you make a phone call, your location information is recorded in your billing record by your service provider, and as I said, if you're in an urban area, that's about down to two blocks, and that information is on a regular basis requested by law enforcement to track an individual as well as to say some crime occurred in this area at this time. They may go to the wireless provider and say, Tell me everybody in your service who was in that area at that time. They really can't tell them everybody, but they can tell them everybody who made a phone call or received a phone call in that area at that time. MS. ROSENFELD: Any other questions? If you could -- I'm sorry, if you could just spell your name too for the court reporter, we would appreciate it. MR. DEVINE: Tim Devine, D E V I N E. The question has to do with whether folks are thinking about sort of cross channel preference respect, preference compliance provisions so, for example, folks have taken more and more care to express their privacy statements toward the consumer information on a web site, but the same company might have web contact with consumers and wireless contact, and the question I guess is what sort of compliance and very practical logistical measures are you seeing or hoping folks are undertaking to match up the preferences and to update them, so that you could foresee somebody saying in response to a web provided privacy statement compiling a fairly sophisticated preference profile for consumer data handling and consumer contact. But then the consumer saying in response to opt-in or opt-out opportunity on the wireless context, No, I don't want to be contacted in such a such a way or, yes, you can use my information in such a way, and it might be in conflict with what they've previously stated in the web and an 800 number and some other application. I'm just sort of wondering if people are thinking of sort of the cross channel preference setting. MR. PONEMON: Do you mind if I comment? MS. ROSENFELD: Larry? MR. PONEMON: We're starting to see a lot of local initiatives developing along these lines. There have been some rather radical ideas. There's a data integrator. I'm not going to mention their name, but they're quite, quite good and very interesting on the privacy issues, and basically they're thinking about coming up with a privacy cookie for every person in the United States, maybe in the world. They would be this cookie that respects an individual's preference, and you as the consumer could actually change and adjust your cookie. It's not that dissimilar to the P3P model, but it basically allows you to control all your choice on everything that you do. So if you have different preferences on M commerce versus E commerce versus the off line universe, you could actually specify that, but then it goes back to something really basic, really fundamental. It's about education. I think a lot of people are just unaware, and so there's this hype issue. People are concerned, and maybe they're overly concerned, and that's going to block innovation in this new technology, and then there's a side that education could actually help people who are not concerned today who should be concerned. For example, I talk about this story, but my mother is 80 years old. She basically is the most incredible user of the Internet. She buys everything over the Internet, and she gives all her information away, by the way, so this is very interesting. And when I asked her why are you doing this, Mom, she said, I'm going to die pretty soon, this isn't valuable, but understand that I think educating -- it's really what we've discussed before, what Dave discusses, about getting the consumer to understand this issue and to control it, and we're starting to see movement in that direction, but we have a long, long way to go before we have consistency across platforms. MR. MOORE: Ultimately it would be terrific to have the privacy cookie that expands not only from online to off line too because right now we confine our talks to what's happening online in terms of privacy, but if you go off line for a minute, you find that there's quite a few more flagrant violations of our privacy there than you find online. So from a cross channel perspective, I would suggest that we want to expand it beyond just the Internet, wireless and broad band into some of these other off line arenas so we have the ability to actually control what types of information go to industry both on and off line. MS. ROSENFELD: Thank you. Any other questions? MR. CHARTIER: Mike Chartier from Intel. MS. ROSENFELD: Could you spell your name, please? MR. CHARTIER: C H A R T I E R. MS. ROSENFELD: Thank you. MR. CHARTIER: This is for the panel about implementing one of the Fair Information Practices. You talked about notice and choice and security, but I think access is real interesting in this domain. If my location is information that I should have access to, then it ought to be a relatively simple matter for that ten minute polling that you talked about of the carrier when he finds your location to ship those bits down to my phone so my phone will always know where it is. And it would seem to solve some of the authentication problems because only a particular wireless device would get its location, and if you do that, then the wireless device knows where it is. I could contract directly with a third-party like Starbucks who could get the information from me without having going through the carrier or somebody that is the repository of all this information. And if you could do that, if third parties could get the information directly from the users, it would tend to remove some of the economic incentive for people collecting that information. MS. ROSENFELD: Anyone want to take that on? Don? MR. BROMLEY: Yeah. I would agree that with the nature of cellular communications, your carrier always knows where you are, but it doesn't know that I'm who I am. Again the example, if I leave this in a cab, it knows that my phone is in that cab, but it doesn't know that the next person that picked it up isn't me, so I have a local authentication issue or I have to authenticate remotely to the carrier to whoever to authorize services on this phone. And that's the real issue is the phone is me as long as it's in my hand, but once it leaves my hand, it becomes me in somebody else's body. MS. ROSENFELD: Anyone else? MR. DAVIDSON: I would like to comment. I would also like to say there's something very attractive about user control oriented solutions like that where the information is in the user's hand or it's specifically in the user's control. I think those kind of things are things that consumers are going to feel better about when they know they're the ones that have control over this information. The access issue, we didn't get into it. I mean, it's a very complicated issue. Of course it goes to a much broader question about all of the kinds of information that's collected over time by many different carriers and access to that after the fact and being able to verify it and take a look at it and make sure that it's correct. And it's going to be very difficult in this arena, I think we've touched on this, because of the fact that there's so many different parties involved here and the consumer doesn't necessarily have a clear understanding of who they are. MS. ROSENFELD: Lorrie, did you want to respond? MS. CRANOR: One of the things that I hope we'll hear more about this afternoon in the technology session is how much of this personalization information can we store on the user's device, and when I go to get a personalized service basically have my device engage in a dialogue with the service provider to just answer the specific questions needed to provide the service now rather than the service provider keeping my whole profile and everywhere that I've been. MS. ROSENFELD: Next. The mike is over there. MS. FAGRE: Danielle Fagre from O'Connor and Hannan spelled F as in Frank, A G R E. I have a question, a follow-up question to one of Dana's questions regarding choice. I've heard choice described as -- I've heard the Fair Information Practices described as both notice, choice, access and security and more recently as notice, consent, access and security, so it's kind of a two-part question, but the question is to me consent more implies opt-in, and choice implies either opt-in or opt-out. Is there a consensus that we're moving toward opt-in in the arena of advertising and M commerce, and if so, does the panel think that that will spill over into the financial services arena specifically which is right now opt-out under Gramm Leach Bliley. Thanks. MS. ROSENFELD: Who would like the first crack at that? Larry. MR. PONEMON: Yeah. Just let's talk about GLBA, Gramm Leach Bliley. A lot of our clients are having a lot of difficulty complying with GLBA today, and what went into effect November 13 but there is this window of opportunity through July 1, 2001. If you put the pressure on financial service organizations to move from an opt-out to an opt-in world, it would be unbelievable. It would just be unbelievable right now. I think the spiritual answer is opt-in is better than opt-out. I think choice, really honest capturing of a consumer's choice is what it's all about. We can give these labels, opt-in, opt-out, opt up. It's really irrelevant. It's about giving the consumer the power to make the choice, so one of the problems with opt-out or opt-in, excuse me, from a financial services point of view is the breakage, that if I basically allow the opt-in before you could actually use this information, you start to see that people just don't want to spend the time to read the disclosure, and we have one client that actually tested that proposition. They found that in an opt-out world, they would lose about 5 percent. In an opt-in world they would lose about 85 percent of participation so there are really consequences to financial services organizations right now. MS. ROSENFELD: Alan? MR. DAVIDSON: I would just jump in and say I think opt-in and opt-out it may be a false dichotomy here. I mean, we are really talking about trying to find informed consent, and I'll go back to say I think the devil is in the details here in a lot of ways in terms of trying to figure out what's going to give the consumers the feeling that they've got that kind of control. There may be a much greater level of granularity that's needed in terms of what people feel like they have the ability to chose or not chose in terms of which interactions, which kinds of information. That may ultimately be a lot more important than some sort of dichotomy here. I think you hear about a lot of people talking about opt-in because of the recognition that we are talking about some incredibly sensitive information here from the consumer standpoint. MS. ROSENFELD: Next question? MR. BARNES: Milton Barnes from Spirus, Incorporated. I'm kind of trapped back here. I'm not standing. My question to the panel has to do with education. I've heard some of you mention we need to educate the consumer. What form will that take from industry and government because the wireless environment is coming about because of people's need to move fast, and the American attention span is short, so how are you going to educate them on these complex issues of opt-in, opt-out, security and privacy in a form that's easy to understand and quick enough to hold them and get that information to them so that they can make an intelligent choice? MS. ROSENFELD: That's a great question. Does anybody want to take the first crack. David? MR. MOORE: Well, I think as we indicated earlier, the first step would be to make sure that that type of information is pervasive throughout the various chain of delivery systems that exists today, whether it's the wireless carrier contract, whether it's the content that's going to be provided to a user. I think to the extent we can put it in as many different places as we possibly can in a way that it's clear, robust and easy to understand, that's a great first step. Now, does the industry need to go further and spend a lot of money educating consumers? The question is who would do that and at what cost and what's the return on investment for a company to do that, so I'm not sure there's a clear-cut path to education that goes beyond just putting that type of information throughout all the various content and delivery systems and providers that exists today. MS. ROSENFELD: Larry and then Lorrie. MR. PONEMON: Basically I'm not sure if it's an education issue initially. It's an awareness issue. I think you can come up with powerful ways of communicating. On line for example you would be learning models, get people aware of their rights and their choices and the whole issue. Obviously you don't have to get into the technology discussions unless someone is really interested. There might be another little button you push if you want to scroll down, but there is something else we didn't discuss, which is educating the employees of companies that are providing this new technology. In my experience, as an auditor, the biggest vulnerabilities are inside the organization. It's not what you say. It's what you do, and a lot of organizations have a difficult time doing what we consider reasonable levels of compliance around the privacy and security issues, so training, education has to start internally, and then let's focus on the consumer. MS. ROSENFELD: Lorrie, did you want to comment? MS. CRANOR: Yes. I just wanted to say that one of the things we hope P3P will do is help serve to help raise awareness and educate consumers, so in particular once P3P is built into the consumer's web browser, when they see this little privacy light, that they'll get curious. They'll click on it. They'll want to follow it to get more information, and we hope that the software that gets developed will provide that information, not in this long legalese form, but in a more digestible format that the consumer will be able to understand. MS. ROSENFELD: Next question? MR. PINKERTON: Name is Mark Pinkerton, P I N K E R T O N. I'm with ClickSure. I just wanted to ask you, Larry, I saw you at the Microsoft conference. I would like to find out, is your account with Verizon Wireless, by the way, because one of the things that has come to light -- MR. PONEMON: No comment. MR. PINKERTON: One of the things I would like to ask, a number of us here in this room obviously have Verizon accounts. It's one of the largest cellular companies in the United States, and following on with what Larry said, it's recently come to light that when you open your account with Verizon, you probably -- you gave them your Social Security number. One of the things that has recently come to light is that, speaking to a comment that was made about the off line world, that Social Security number is displayed to every Verizon wireless employee in every single store in the United States. If you go in and buy a battery, they ask for your wireless account number. You give it to them. They pull up your account, and there displayed on that screen is your Social Security number, so I would like to ask the panel what could be done about what I consider to be an egregious release of personal information that I didn't opt-in to releasing that information to all of their employees when I simply opened my cellular account. MR. PONEMON: You start by killing people. That's the starting point. No, but in answer to the question, this goes back to the education issue, seriously. There is probably no logical reason, at least in this universe for collecting a Social Security number and having that as an identifier, but yet it's done. These are the practices that are done, and it's just the general idea more information is better than less information so let's collect everything, so I think we have to stop thinking in those terms. We have to understand how this information could be used. If it's not useful, at least let that be the first critical decision that a company like Verizon makes, and I will be changing my account. Thank you. MS. ROSENFELD: Anyone else? No. One really quick question. Then we have to wrap up. MR. WEITZNER: Danny Weitzner, W E I T Z N E R, with W3C. Just a quick comment on the education question, I agree with Larry. I think that the user interfaces here are going to have to do the lion's share of the education. If we've learned anything since the Florida vote it's that people don't read directions, and if you rely on people to read directions, we see the problems. My question is actually about security, and I wonder if the perfect is not going to become the enemy of the good here. I hear these comments about what happens when you leave your wireless phone in a car, a cab and then it's you and you've lost yourself. I mean, I've left my wallet in a cab, and it's a real pain in the neck. It's a bad thing, but we actually don't have the expectation that we can somehow secure our physical wallets with the level of kind of end to end perfection, and I'm just wondering for anyone's thoughts about how this is going to play out, whether we're going to kind of meet the practical expectations that people have of security that you can cancel your credit cards and that sort of stuff or where we're heading on this question. MS. ROSENFELD: Lorrie? MS. CRANOR: Sort of two thoughts on that. One is that there should be a way of canceling, especially if the wireless device -- there should be some way that I can send some code to it that basically turns it off so, yes, maybe it was vulnerable for an hour or two until I realized it, but after that it shut down. The other idea is that there could be basically a thumb print reader or something like that on the device itself so basically when I'm holding it in my hand I have my thumb on it and it's on. When my thumb is not on it, it's not on. People get scared about biometrics but this is something only between me and my device. That biometrics doesn't go anywhere else. MS. ROSENFELD: Alan? MR. DAVIDSON: I was going to say it's not knowable right now exactly what these security mechanisms are going to look like. What's important is that the redress for the consumer takes into account whatever kinds of security exists out there, so in the credit card context, my credit card gets stolen, I have a liability limit. The law actually got involved here in trying to help us come up with those base line rules. We're going to need the right kind of base line rules for consumers here depending -- we may have an extremely secure thumbprint activated device. We may have a device that's only somewhat secure, that's kind of got practical security. Regardless, there's got to be appropriate levels of protection for the consumer on the liability front to deal with that. Just real quick on the education thing, I would say I agree that the interface is the best place if it's done right for consumers to get to learn to understand this stuff. We really do have a big education job on the company side, on the employee side and for the consumers even beyond that as we try to make the choices right now, and right now we're engaged in education, kind of maybe not the best way which is the front page stories and newspapers about horrible privacy violations. And I think we're going to see more of those because we haven't I think been straight with people exactly about what kind of information is out there and how it might be used, and while it might be good for privacy advocates to get a lot of those front page stories, it's really not good for the debate in the long run. There's a better way to help consumers understand this, and I think we've got to try to pursue it. It may take some resources to do it. MS. ROSENFELD: Thank you so much to the panelists for a really wonderful discussion. (Applause.) MS. ROSENFELD: Thank you to the audience because those were really terrific questions. We appreciate that. We'll let the panelists take their seats, and then we'll move on to our next speaker in just a minute. This is not a break so please take your seats. (Pause.) MS. ROSENFELD: Okay. Everybody, please take your seats. Everybody? I don't want to have to name names. Please take your seats. Thank you. I think that panel really set the stage for the rest of the day, so as many of you know, the federal law requiring carriers to implement enhanced 911 or E911 is driving the move to location based technologies. We will now learn more about the regulations with a presentation from James Schlichting from the FCC. Mr. Schlichting is the deputy chief of the FCC's wireless telecommunications bureau. He oversees the bureau's policy and commercial wireless divisions. These two divisions are responsible for the bureau's rulemaking proceedings relating to commercial wireless services, the licensing of commercial wireless services and the review of the wireless license transfer issues involved in merger transactions. Mr. Schlichting? MR. SCHLICHTING: Sorry about that. Every laptop seems to be slightly different, where the buttons are put and how to get from here to there. Thank you for the invitation to spend a few minutes going over some critical issues relating to privacy on wireless devices, and what I'm going to focus on are the three key areas that the FCC -- both are federal laws, and they're also federal regulations, the wireless enhanced 911 service, CPNI or customer proprietary network information, and the Wireless Communications and Public Safety Act of 1999 which enacted some specific privacy provisions dealing with wireless location. What I'm going to do, generally I had an extensive set of handouts that I had included, including a somewhat longer version of my presentation here, plus some briefing sheets and more detail on the Commission's wireless E911 requirements and the like, so I'll be trying to run through those relatively quickly. Sort of the overview, wireless E911, the Commission's rules do require covered carriers, basically wireless and PCS carriers, to provide location information automatically to 911 call centers on calls from mobile wireless phones, and we'll get into more details on precisely what the Commission's rules require both in terms of timing and in terms of accuracy and the like to have a backdrop of what's going on in that arena. Customer Proprietary Network Information is broader than mobile wireless, but it's a key element to discussion of the privacy protections that consumers have with regard to common carrier derived information and the like. Then the Wireless Communications and Public Safety Act of 1999 specifically addressed the issue of privacy protection for location information generally, and also focused some specific protections on wireless location information. All right. Wireless E911, the Commission has had rules since 1996 requiring carriers to adapt their network to provide location information automatically to 911 call centers. E911 in the wire line world, I think people are familiar with. For a wire line phone, you dial 911. With E911, there is on the screen of the 911 call center the subscriber, the address and the like which means that when the public safety officer starts to talk to the person who's made the call, they start with an idea of where the person is, and so they can go directly to the question of what the -- what the emergency issue is and what necessary response vehicles and the like may need to be called with regard to it. Now, when we went to having wireless 911, it was both a blessing and a curse. It was a blessing in the sense that you could call from wherever you were with your wireless phone. You didn't have to find a farmhouse with a wire line phone or a pay phone or the like to make a call or you could call directly from your car or from wherever you were. The curse or the disadvantage is that while on an E911 call from a wire line phone, the 911 call center has on the screen your location. With a wireless call it's a blank screen, so the first part of the conversation oftentimes has to deal with -- an early part has to deal with trying to figure out where you are. In some situations the caller knows precisely where they are, and that's quick, but in a lot of locations, a lot of situations the caller doesn't know precisely where they are, and there has to be a dialogue, assuming a dialogue is possible, between the caller and the person at the 911 call center, so the length of the call, the amount of delay before emergency services can be dispatched is potentially much, much longer in the like and in some cases may not be possible, and so that's behind the mandate of having rules that require implementation of wireless E911. We've divided up broadly into both phase 1 set of requirements where the wireless carriers have to provide to the public safety answering points, that is the call centers, the telephone number of the wireless 911 caller, so there can be a call back in case the connection is broken, and secondly, the cell site or the base station receiving a wireless 911 call which is not necessarily precise. In fact, on some cell sites that could be an area that includes a number of square miles and the like. It just gives a general facility in most instances of where a caller might be able to be. Phase 2 is where the information will be getting more helpful, more accurate for purposes of emergency call situations. In particular, the requirement would be that a 911 caller would have to be located by latitude and longitude using either a handset based technology or a network based technology. Now, accuracy standards, what the Commission's requirement -- these are Phase II -- is a handset based solution to be in compliance. The location technology would have to locate you within 50 meters on 67 percent of the calls, and 150 meters for 95 percent of the calls. For network based solutions, our requirements are double that so it's a hundred meters for 67 percent of the calls and 300 meters for 95 percent of the calls. So in terms of how precisely will somebody be accurately located under Phase II, one, it's not as accurate as a global positioning satellite with all the money in the world to target you to the last three or four meters and the like, and in both cases they're going to be some calls where the senses -- the sense of the technology is where you might not be locatable at all which is why the last 5 percent and the like. That goes to a broader question because with regard to sort of what's possible today, the technology providers are on later in the day, but certainly the sense that we've gotten is that the locating cab and the cab at the corner of X and Y on a broad market basis for all cellular phones isn't something that's technically feasible today or again talking -- the providers can talk to what they actually do on their networks today. To be honest, my understanding is the information that carriers collect today include, one, the information necessary to do your bill, which is generally based on what the general vicinity is. If I call from Arlington to Leesburg, it needs to know I'm in Arlington as opposed to Leesburg or Richmond or the like. I don't pay a different rate because I'm on the corner -- this corner as opposed to that corner a half mile away, so for purposes of billing they have a general location, and then the other information they collect on a real time basis is, at least I understand it, where the cell phone is so that if somebody wants to call you, the network knows generally where to look. And that is the base station where you're located and the like, but as I say, that's my general understanding of what's going on right now as a general proposition but representatives from industry and the carriers can better address that down the pipe. Deployment schedule, in general the 911 call center has to ask for -- has to be able to receive and utilize the 911 information and be able to recover the cost. For phase 1, you would have to implement within six months of a PSAP's request. In phase 2, if you have a handset based approach the handsets have to be available October 1, 2001, and delivery of the information within 6 months of the PSAP request for a network based solution, a 50 percent coverage within 6 months of the PSAP request. That's very general. The slides I passed out and the handouts and the attached briefing sheets are much more detailed as to what the requirements are. So let me move on to Customer Proprietary Network Information. That is subject to section 222 of the act and it governs the use and disclosure by carriers of their Customer Proprietary Network Information, and generally it restricts the use of your CPNI without your approval, and section 222 also enables customers to have some control over the relinquishment of the privacy, presumption of privacy as they see fit. More particularly, under section 222 (c)(1), the Commission adopted a rule some years back that before carriers may use your CPNI to market outside the customer's existing service relationships, they had to get an opt-in method of approval, but the customers also had the right with regard to third parties to have a carrier disclose their CPNI to third parties upon affirmative written request. Now, the status of the CPNI rules, the U.S. Court of Appeals for the 10th Circuit vacated the opt-in portion of the Commission's rules, and that goes primarily to the use of information of your CPNI within the carrier for marketing and other purposes. It didn't go to what protections you have for release of information to third-parties and the like. We're in the process of preparing, initiating a rulemaking to address the 10th Circuit's opinion with regard to what the rules ought to be with regard to consent to use of your CPNI within the carrier. So let me go finally to the Wireless Communications and Public Safety Act of 1999. In particular, the 1999 Act added location to the definition of Customer Proprietary Network Information. Customer Proprietary Network Information is now basically information that relates to -- and I set the definition out there. It includes location of a telecommunications service subscribed to by a customer and made available to the carrier by the customer solely by virtue of the carrier-customer relationship. So CPNI goes to information, these particular types of information that the carrier has about you because you're their customer. Now, the customer approval requirement for CPNI generally is 221 (c)(1) and 222 (c)(2), and it provides, except required by law, and I think one example is the emergency services exception, or with the approval of the customer, a telecommunication carrier can only use or disclose individually identifiable CPNI of the telecom service where service is necessary or used in the provision of such services. As I mentioned earlier, there's more specific protection with regard to wireless location information. 222 (F) was adopted, and for this the carrier actually needs the customer's "express prior authorization" in order to use or disclose call location information concerning the user of a commercial mobile service or the automatic crash notification information and the automatic crash notification system operations that are found in some cars and the like to anybody other than -- any person other than for use in the operation of that system. Now, there are some exceptions to this protection and particularly emergencies. 222 (d)(4) permits three emergency related disclosures of your wireless call location information where this express prior authorization is not needed. I thought these were so important that I quoted them in their entirety, but the focus would be -- these are very much emergency service related circumstances or situations, and the information is to be used solely for that purpose and the like when it is provided without your express prior approval. Then the question of -- there is another provision related to emergencies of other subscriber information that can be released with regard -- released more specifically to emergency service providers, and this goes to the names, telephone numbers, addresses, and 222 (G) provides "The carrier shall release that information but only to the providers of emergency services for the use with regard to the provision of emergency services." So that's a very quick overview of a lot of information. What I have focused on and what the laws the FCC administers and what the FCC's regulations focus on is the privacy protections and wireless location information, the carriers, telecom carriers subject to the FCC jurisdiction have available to them and what they may or may not do. One of the questions that I think people need to worry about is when that information, location or otherwise, goes to folks that are not carriers, and it's not provided to the carriers' part of your subscription to a telecom service, these protections don't apply, but if you're talking about information that a carrier has by virtue of their relationship to you as a subscriber, these protections do apply. Sort of in the broader picture, as in most consumer areas, one needs to be sensitive to and aware and look at what permission are you giving when you give consent for the use of your information, whether it be wireless location information or other private information about you, make sure that you understand to the extent you're able how that may be used and when that may be used. So in any event, that's sort of a regulatory backdrop from the FCC's perspective of various laws and rules that apply, and I guess we will go from here in the sessions to hear from various folks in the industry involved in the technology that provides this information and industry efforts and the like to provide further information in this context, so thank you very much. MS. FINN: Thank you very much. We're going to take a very short break now to about 10:50 a.m., and everybody should be back here, but I want to advise everybody there are additional people doing demonstrations up on the seventh floor in the cafeteria today, different folks than were here yesterday, so even if you went by there, you may want to stop by and see who is here. (Break in the proceedings.) PANEL ON GENERATION AND CONTROL OF LOCATION INFORMATION PANEL MEMBERS: MR. FORBES: Good morning. My name is Dean Forbes. I'm an attorney who works on advertising, privacy, fraud and related technology issues here at the FTC in the Bureau of Consumer Protection. Our last panel really segues into our next set of discussions and the discussions for the rest of the day. We're really taking about, at least for this panel, the balance between the generation of default in some cases, at least in the E911 perspective, location information that's transmitted for safety purposes with the maybe opt-in transmission of such information for either enabling E commerce, or rather M commerce, and personalization services, and what control the consumer has over that information,. I'm pleased to introduce our next panel of very technically savvy individuals, Michael Amarosa, Jonas Neihardt and Art Hurtado. This panel will present to you, make presentations on the technologies that reside behind really the issues that we're here for this two-day workshop to discuss. These issues are very technological in nature, but we have asked our panelists to present them in as much of a consumer friendly and laymen's presentation as possible. The technologies that are going to be discussed are terrestrial triangulation or a network overlay solution as well as a GPS or a hybrid of that I think is called Snap Track and finally a location information gateway. The panelists are Michael Amarosa who is the vice president of public affairs for True Position, Inc., out of New York City. His presentation will explain how location information is generated in a network overlay or terrestrial triangulation system; Jonas Neihardt, who is the vice president of federal government affairs for QUALCOMM, and he works on GPS and Snap Track GPS assisted technology. His presentation will explain how location information is generated in GPS based system or a Snap Track system. Arthur Hurtado, who is the CEO of Invertix out of Annandale, Virginia, his presentation will speak on Invertix's plans to serve as a location information gateway. Michael, just by way of background, he as I mentioned is vice president. He's vice president of public affairs for True Position, a position he's held since November 1997. He joined the company from the New York City Police Department where he served for over 24 years in various managerial capacities. For the last three, he was a deputy commissioner for technological developments. In this position he was directly responsible for the implementation of E911 for the city of New York. Michael? MR. AMAROSA: This shows a lot about my technological abilities, huh? Good morning. Thank you for this opportunity to speak with you folks this morning and tell you a little bit about wireless location privacy and how True Position works through this whole issue. True Position provides end to end wireless solutions that enable a broad range of location aware type of services. We were formed in 1992, and the original parent company of True Position was a firm known as The Associated Group, which had developed cellular properties in the upper New York City area, and out of that we started to get into the location technology business. Our main offices today are in the King of Prussia area in Pennsylvania just outside of Philadelphia where we have over 120 direct employees. We are one of the largest companies solely dedicated to wireless location capability, and our technology has been very well proven over the last several years in terms of our product and our organization's ability to deliver. Recently we were purchased by Liberty Media, and we became a subsidiary of the Liberty Media Corporation. True Position was one of the first companies to put a privacy statement up on its web site. We are totally committed to maintaining the privacy of all individuals. In fact, we've recently guarded against it and protect against it. Now, when we say that we talk about privacy in the context of location based services. When you deal with enhanced 911, the implicit consent is constantly there. I can call upon my prior experience. I mean, finding people in emergency situations, reducing response times saves lives, and I think anyone who calls 911 today is looking to be found, is looking for services to get there in a very expedited fashion, so I think that discussion aside, when you look at the additional services that are provided, this location information is only provided to those that people ask for help. People that subscribe to these types of services, we do not dispense any type of information regarding a customer or a subscriber absent their explicit consent, and this is how the entire privacy issue has been governed in True Position. Privacy is very prevalent in today's society as we all know, financial records, medical records, history information, the Internet and all of the types of services that you're provided through web capabilities that we see today, and even our E mails, all of this is something that has become a very, very major topic that we have to deal with. There are considerable trade-offs of the conveniences we have today in this electronics and this personalized information. Privacy in some cases has to be looked upon very stringently by the consumer as to what and how they want to make available in order for certain services that they will receive. The entire industry has been working very hard to build in certain safeguards, and location is being treated very similarly to the way equipment is constantly looked upon. Two basic, basic questions, do location systems constantly generate location information, and do carriers constantly track the specific information as to where that caller is? The answer is no. Why? How does this work? True Position collects radio signals at the various cell towers. We put a box about the size of a VCR which is the network overlay, and that is placed right on the cell tower, and it captures that radio signal, and through a triangulation capability, through mathematical algorithms, we basically compute the X Y coordinates which I'll get into a little bit later, but that is -- doing that location based when we're asked to do. We only deliver records to these application providers again that are authorized by the users, and the application that receives this information is only for those specific requested services that the subscriber has asked for. Location and transfer points and location and control points are keys in this entire operation, especially when you're dealing with specific applications, traffic services, enhanced 411, concierge type services or road side assistance just to name a few. How do we do this? We do this through a basis of mathematical algorithms which process the signals that are captured from the device, whether that be a telephone or whether it be a kiosk type of device, and we calculate the location. Today on the network side there are many different types of capabilities. There's the angle of arrival capability which measures the angle upon which the signal arrives at a particular side, the time difference of arrival, which is the time -- you're measuring the difference in time when that signal arrives. As we all know there's global positioning systems which are based on the satellites, and there's several other systems that are basically hybrid type of operations which is the enhanced observed time difference and a combination of what we affectionately called TDOA and AOA. Again you should take note of the fact that radio signals of any device can and will be located, and these phones are basically radio transmitters. TP location systems today again are only calculating those of which we've been asked to do and go forward with. Where is this done? The location records are delivered to those application providers. You sign up for a particular service at a given point in time. You ask for certain things. You ask if you want to be part of a concierge service, you want to be part of a personalized traffic service. You sign up for it, and the user controls that security by allowing people to then take certain information they have. The end user will specify who location information is provided to. Records are not stored unless the subscriber service requires that and the consumer himself would have that capability ahead of time, and only those records are provided to those that are identified ahead of time, never using identity or profile information other than to the subscribed services. The applications that connect to these ports are basically for the specific records that are requested and when these applications have no access to any other records that are requested, so there is no mixing of what is going on so that the enhanced 911, the enhanced 411, the road side assistance, traffic services, fleet tracking, if that's some of the services that you are involved with, are not intertwined in a database where this information is shared unless that is requested by the consumer. When you dial and use your wireless phone, the number that is not associated with any location based services will not initiate any processing of the X Y coordinates. Therefore only those services that are linked will allow that to be identified or allow that processing to begin which could be within milliseconds and transmitted on to the application that we talked of earlier. Remember the consumer subscriber always has the ability to turn off and not allow any of these to be linked together. The carriers will eventually determine what services are offered. Again this will be a menu that the users will be able to go forward with. Again our privacy statement which emphasizes that what we have talked about, True Position is continually provided information and protected that information for the consumer and the subscriber and everything that they do. Thank you very much for this opportunity. MR. FORBES: Jonas Neihardt is the vice president for federal government affairs for QUALCOMM. In this capacity, Mr. Neihardt manages QUALCOMM's public policies and its relationship with federal executive branch and the U.S. Congress. Prior to joining QUALCOMM, Mr. Neihardt was director for congressional affairs with the Cellular Telecommunications Industry Association in Washington, D.C., a trade association representing operators of wireless telecommunication systems worldwide. Prior to that Mr. Neihardt served at the White House Office of Management and Budget as a program examiner for the federal telecommunications agencies. In this capacity, Mr. Neihardt provided budgetary and policy oversight for the federal telecommunications agencies during the Bush and Clinton administrations. MR. NEIHARDT: And I just got my show to come up. Thank you very much for having me today. I'm glad to have this opportunity to speak to all of you because I've been here yesterday afternoon and this morning. What I am hearing over and again is that the most interesting and exciting sort of killer app that's coming along for mobile phones is position location, and the area of greatest concern for privacy advocates is position location, especially highly accurate position location, which is what we've been developing, so I'm glad to talk about both of those contexts for this issue and hopefully increase your comfort level in the solution that we've been developing. I have a long presentation, and it's sitting out on the table outside. It's greater than a five minute presentation. I'm going to go through it very quickly, but I encourage you to take the presentation and focus in on elements that are of interest to you. Mike just gave a discussion of the network based position location technology, and all I'm going to say about what we have done is we found that for certain situations, the network based solution, it depends on triangulation, and if you are in a situation where you don't have your cell sites arranged in triangles given where you are, you are going to have a little bit more difficulty accurately locating your handset. So what we did to address this is developed a GPS assist technology which is embedded in the phone here in -- you see the red square there? This is part of the central processing unit of the computer, and what our solution does is integrates the GPS receiver into the antenna, in a colocated antenna. The GPS processor is in the CPU of the cell phone. I have one right here, same CPU as in the phone that's on the screen. In this phone, the processing of the GPS information is all done in your handset and then sent back to a box on the network called the position designating entity that Mike referenced where the calculation of the GPS data and information on time delay from the cell towers that the handset can see at that moment, information is all processed, and then your position is calculated. But the key thing here, and if all you take away from this presentation is this one thought, remember this is that with our solution, all of the processing power and the intelligence resides upon the handset and is only activated upon the manual command of the user, okay? You can't remotely tell the handset to process -- to initiate the process. The process has to be initiated by the user. Benefits are, we found in our testing we've got higher reliability. Again in situations where you are not able to achieve an accurate solution fix, we have the triangulation method, the GPS assist we found resolves this. It all solves -- this process getting done in the handset pretty quickly, and we found it's highly accurate, and so we're quite pleased with it. When you talk about accuracy, Jim Schlichting mentioned the 50 meter and 150 meter accuracy standards. This is a hotel on the waterfront in San Diego. The hotel is that sort of big white space. It's hard to really tell, but that's where the hotel is, and in front of the hotel -- there was a trade show there, and we had a person walking around with our handsets and the red Xs you see show his path. He started in the front of the hotel by the waterfront and was walking around, and you can see a 50 meter accuracy. That's an area of 150 feet. It's about -- it's bigger than this room, but it's about as far you can really make visual contact with somebody in an urban setting when there might be trees or bushes or cars. For police work we feel that -- the police feel that this is the standard that they needed, 50 meters, and you can get a sense of how far that is. You can see the cars parked in lines and those are boats in the marina. The picture is a little fuzzy. When you go to 150 meters, you see the circle goes on the other side of the hotel so it's a circle that could capture buildings and again obstructions in an urban setting that might make it difficult for you to find the person, and then when you go to 300 meters, you're talking about really a whole neighborhood. So I show this slide just to make a point that greater accuracy is better for public safety and something that we all in this line of work strive to improve. Now, getting to the privacy implications, as I said before, the key thing to take away from this presentation is that with handset based GPS, the GPS processor lives on your handset and is activated by the user, and I saw Mike's presentation. I understand how the controls they've had built into the system, and I have a better understanding based on Mike's presentation of how that system works, and that was a good discussion of that. And the difference is with the network versus handset is the network, the brains of the system of processing capability physically resides with the network, and with ours it resides with the handset so that's the difference. This is a matrix discussion of some of the same information so I'll quickly go through that. Safety again, higher accuracy means better safety. I'll just go through this quickly. A lot of folks over the last two days have talked about the types of applications that will come online. We've been mainly focused on safety and making sure that we've got a solution that meets the needs of law enforcement which we think we do, and we know that once we get our solution out in the marketplace there will be lots of folks developing applications for it. And conclusions, go back. We think we've really developed sort of the ultimate opt-in scenario here. Every time that you want to be located, you have to pound that message in to your handset and say -- either by dialing 911 or activating a location enabled feature, you have to tell the phone to find you, and that's about as personal as we think as you can get. So when is it going to get here? We actually found that our Asian customers have been very much pressing us to get to the solution out to them. In Japan we think we'll have handsets walking around out there in the Japanese marketplace in the first half of next year. In the declarations that wireless operators needed to make at the FCC in November, the major CDMA operators said they were going to either partially or completely use or rely on handset based GPS to meet the FCC's mandate, so we'll see it in America a little bit after we see it in Japan, and again the same thing in Korea. Our Korean customers also have been very active in their own markets, and then you also see the Samsungs and the Japanese manufacturer coming in to the U.S. with their sets that have the MSN 3300 which is this chip right here that has the GPS processor. And that is the end, but I have to -- since I have the microphone, I wanted to say, a couple times in the last day and a half I've heard said time and time again that European technology in the wireless sector is ahead of the United States and that the Japanese and other Asian countries are ahead of us too, and let me point out that neither the Japanese or any European manufacturers have anything like this, that this is one example where American technology is ahead. And I have to point out too that in the case of the Europeans saying that they're ahead of U.S. wireless technology, the reason the Europeans have -- they base that assertion on the greater penetration rate, and there's a greater percentage of the population in Europe that use cell phones than in the U.S. That's the basis of that assertion, and the reason that they use more cell phones in Europe than in the U.S. is because they have to pay metered local service for their land line phone service. They still pay a couple pennies every minute segment or however they meter it, which we don't have to do here. The local -- their land line telephone service is of what we would consider a poor quality, incomplete compared to what we're used to in the United States. We just have this great local phone service that we've been building on for 120 years, and that really doesn't exist anywhere else in the world, so that's why other countries have greater penetration rates than we do. And they assert that they have a lead, but in fact the whole reason why we're here is because mobile data is now possible, and the technology that everybody is going to use for mobile data is CDMA, which is a technology that was developed here in the America, and it was developed here in America because we had an open standards process. We didn't have the government mandate saying we can only use one wireless standard, and it gave entrepreneurs the incentive and opportunity to go and develop a better mousetrap, which they've done, and in fact in GSM land in Europe, they've already by government fiat decided they will at some point in the future stop using GSM and will use this American invention CDMA, which would not have been invented in Europe because by government fiat they said everyone will use GSM. And I think we'll see that kind of centralized Soviet planning, thinking, resolve and become less prominent as we move further into the 21st century, so thank you. MR. FORBES: Art Hurtado is chairman, CEO and cofounder of Invertix Corporation. His presentation is going to be a little bit different from the two you've just seen. Basically what Mr. Hurtado will be talking about is Invertix's plans for serving as a location information gateway. Among the things that he'll discuss are what his business model will be, who will have access to consumer's location information and on what terms. Mr. Hurtado? MR. HURTADO: Thank you. I just read on my cellular device that the Supreme Court is about to announce a decision soon. Everybody is waiting, but it hasn't come out, and the Florida Senate is supposed to -- or the Florida Congress is supposed to vote on their electors shortly, so that's the latest news via wireless for those of you who are tracking. Let's get right into this. Let me cut it down to about three or four minutes. Invertix is a B-to-B business company, if you will, and we reside in the wireless Internet space at the technology level between the wireless carrier word and the Internet M commerce world. That gives you a kind of a perspective of where we reside. We launched this year a commercial gateway both as a gateway and a stand alone service that is provided to wireless carriers nationally in Europe and in Asia, and this gateway, as illustrated here, really brings together a wide variety of folks out on the Internet and enterprise side, whether it's instant messaging or unified message, content, wireless, wireless advertising or mobile commerce through a gateway that hooks up to the wireless carrier world. So that brings with it all the interesting issues of where does the data reside, who controls the data, how is it used in the advance of M commerce and how is it used vis-a-vis the desires of the wireless carrier world which obviously has a great deal of concern about how that data gets used. From the architectural perspective, I threw in this chart at the last minute because I did want you to understand that we were at the technology level, but I also wanted you to understand where our privacy resides within the gateway and how we focus on that since the bulk of my presentation is going to be around privacy management. As you can see on the right-hand side of the inner box is the privacy area of the architecture, and in the lower right-hand side, you see privacy management system that is kind of turned on its side, and that connects through the appropriate APIs out in the M commerce world. That API, that privacy management system is a very powerful component of our architecture and was probably the first component that we architected, was how were we going to interface with the M commerce world. From the very inception of this gateway structure we have focused on privacy and privacy management and the whole permission based concept. On the left-hand side then there are a series of APIs that hook up with various components of the wireless carrier world that also bring with them a whole structure of security. Privacy and security as I said are central to our theme. We do build 100 percent permission based privacy gateway. IM Anywhere brings together location, availability, that's on or off presence for buddy listing, for instant messaging which we believe is the real next killer app followed by the others that have been discussed, and that's because of the European and Japanese experiences that we have seen. The permissions and preferences then are supplied by the carrier in conjunction or in cooperation, if you will, with the subscriber. For us the subscriber needs to be empowered. They need to have a very powerful experience when they're in this M commerce world. That's very essential if M commerce is going to thrive and really take off as we hope it will do. On the security side then that is replete with non intrusive options, with security, log on, passwords, physical security of the data as well as electronic security of that data. The privacy management system for this gateway really provides to the wireless subscriber the ability to control, manage and change and eliminate, delete, if you will, the privacy information or the personal information that establishes their relationship with both the carrier and the M commerce world. For the carrier, we want to protect their ability to private label and to structure and tailor that look and feel that is consistent with their advertising and marketing needs. The same way with the M commerce world, our campaign manager that interfaces with the M commerce world provides their look and feel that they need, but also provides that cut out or that barrier, if you will, to protect the data inside of the gateway from being accessed by the M commerce in an inappropriate manner. The permission based information that is collected and stored is the data that we have been talking about throughout this entire conference. The identity information, the personal information and interests and then the privacy management information which really is the key to how you the subscriber, the user, protects your information. Let's take a look at just four or five window shots, and then we'll be done. The privacy management system begins, as you can see in the upper left-hand corner, there are three little arrows, one called register, one called help and one called the privacy policy, so to begin with you can go in and study through the privacy policy as it pertains to you. Then you're able to configure your device. You get on to the web and you pull this menu down and you go in and you answer things like, May we tell others when your wireless device is on, no, yes, but only to selected companies. May we tell others your location and when your wireless device is located, yes, no, but only to selected companies. May we send valid or may we send you messages, I'm having a hard time reading the small print, yes, no, only to selected companies so you get the opportunity to really hone down and refine what it is you want to have made available across the gateway. Then we get into your permissions, whether it pertains to instant messaging, your device status, your device location and the types of messages that you want to receive, the same way with aggregators or with unified messaging, and in the blackout panel, we're able to structure your needs and even tie that to your PDA device. I'm in a meeting between two and four, don't want to be disturbed, don't want to be disturbed at these times of day, or I like to really receive the traffic you want to send me between six and eight in the morning or five and seven in the evening but don't bother me on weekends or do bother me on weekends. And the interesting thing about this is as we've gone to focus groups, we have found that there is a price and there is an interest for every individual and a focus group, and it will surprise you what many of those interests are, for example, let me know what the latest tee time is down at my favorite golf course. Something will drive some people wild and has no interest to others. So my point is that there's a great opportunity in cooperation between the subscriber, the wireless carrier, the gateways, the M commerce world to create fabulous opportunities for M commerce that could revolutionize how we do business in the future. Again interest can be selected in a very refined drill down method, and then finally once that's all set up, then the simple ability to change on the fly from your web phone or any data text message phone is made available, and these are actual screens off of phones that we have captured here. If we had some time we would go into them in some depth, but simply you can go in and log in. You have to use a password. You can change your password on the fly. You can decide that you want to change your permissions right on the fly for 15 minutes and change them back again in 15 minutes. It's totally within the empowerment sphere, if you will, of the individual subscriber. CTIA published on the 22nd of November in a news release their CTIA privacy principles that are shown on the left-hand side, four major principles, not heard any discussion about those in the conference so far, but I think they bear some discussion. Let me simply say that on the left-hand side they speak to, How do you inform the customer and how you do you collect and use the data, how do you give consent, how does a customer give consent in a meaningful manner, and the fact that it should happen before use and the security, integrity of the data and the uniform rules that should go along with that. And what we've shown on the right-hand side is kind of a report card for IM Anywhere to show that as you go down the list we have based ours in close compliance with privacy issues as we possibly can and certainly with the other regulations that are out there and being thought of. Thank you. MR. FORBES: We're going to have time for just one question at this point. In preparing for this panel, I came across a site by a provider of wireless location services, and I'll just read a quote from it. It says they maintain a location database. The location cache keeps a best known database for all subscribers, time stamp, latitude, longitude, confidence and source. And reading that I wasn't clear whether the information that was being talked about was being stored on the client's side on the device itself, kind of like a browser cache or maybe on a server side somewhere or both, and my question to the panel is: Where is the location based information located, and how long is it stored, and following from that, who owns the location of the subscriber? Is it the subscriber, the provider and how does that play into the control of data? Michael? MR. AMAROSA: Let me take the opportunity of trying to respond to that. I think as you can see the information on location basically is stored with the application provider at that point. Based upon the profile information that I would have provided, based upon my preferences that information would be stored there. Who owns that data? I don't think that's really clear at this point. I think there's a lot of it, and myself as a subscriber, that I have access and control over that data, what is provided as Art was talking about, and you can change things and create different types of scenarios based upon preferences, and based upon preferences of the hour of the day so to speak. There's been a lot of talk that the carriers own the location part of the data and what's coming over their network. I think these are things still open to discussion at this point. MR. NEIHARDT: On our system, within the phone itself there will be a record of the last couple calls you made. I think the current listing, depending on which chip we're talking about, is 1 |