The row that's been brewing for months over controversial Carrier IQ software has prompted action in Congress: a draft bill titled The Mobile Device Privacy Act was introduced in the US House today that, if enacted, would require companies to disclose tracking software and detail what information it collects. The bill would require consumer consent for any data collection or transmission, and companies that want to transmit data to third parties would need to gain approval from the FTC and FCC in order to do so. In a statement released on his website, the bill's sponsor, Representative Edward Markey (D-MA), says that "consumers have the right to know and say no to the presence of software on their mobile devices that can collect and transmit their personal and sensitive information."

Here's what the bill would require:

  • Monitoring software must be disclosed when a person buys a mobile phone, and also after the sale if any party decides to install monitoring software after the fact.
  • App makers that include monitoring software must also disclose it.
  • All disclosures must say whether the monitoring software has been installed, and detail the type of information collected, where it's going, and how it will be used.
  • Consumers must give their consent before monitoring or data transfer takes place.
  • Those who receive data must be able to secure it.
  • Data sharing agreements have to be filed with the FTC and FCC.

Since the firestorm over Carrier IQ began, some carriers and manufacturers have either disavowed or discontinued the tracking software, but Carrier IQ has denied that its software records, stores, or transmits several types of personal data. Still, there are concerns about how third parties have used Carrier IQ's software, and where the data has ended up.

The bill has a long way to go before becoming law, but it may have support on the Senate side, if only in spirit: when we interviewed Senator Al Franken concerning Carrier IQ, he told us that "the default for collecting any kind of personal data should be opt-in consent," and that "we have a fundamental right to know what information is being collected about us and who it is shared with." We'll keep you posted as the bill works its way through the lawmaking process.