Will New 911 Location Requirements Compromise Privacy?

emerg
Los Angeles County Sheriff’s deputies stand near the scene where a pedestrian was killed in a hit-and-run crash in Compton, California, on January 29, 2015. Jonathan Alcorn/Reuters

Updated | On July 21, 2014, at around 11 p.m., a woman in San Bernardino, California, called 911 to report that she had been stabbed. The victim, later identified as 26-year-old Michelle Miers, told dispatchers she had been attacked in her apartment but did not provide an address.

Because Miers made the emergency call from her cellphone, law enforcement was unable to pinpoint her location, as is possible with the use of a landline. Instead, police were forced to rely on the location of the cell tower her phone had connected to, placing her within a one-block radius.

After 20 minutes of searching, police deduced she was in an apartment complex, where they eventually spotted a shattered sliding-glass door. Miers was inside, covered in blood. She was immediately taken to a local hospital, but succumbed to her wounds shortly after arrival.

San Bernardino police said at the time that if they had known Miers's exact location, they could have brought her to the hospital 25 minutes earlier. Whether this could have saved her life is unknown. But it is known that her story is not unique.

Americans dial 911 nearly 240 million times a year, and 70 percent of the calls are made on cellphones—a percentage that is only expected to rise as cellphones become more ubiquitous and landlines obsolete. Under Federal Communications Commission (FCC) regulations, carriers were required to provide emergency services personnel only with a cellphone's horizontal location (x and y coordinates on a flat map) within 300 meters.

Based on those regulations, a 2013 study cited by the FCC estimated that about 10,120 Americans die each year because the location data that wireless providers transmit to emergency responders are insufficiently precise.

On Thursday morning, the FCC addressed that problem, voting 5-0 to improve the indoor location of wireless 911 calls over the course of five years. After two years, the regulations require companies like AT&T, Sprint, T-Mobile and Verizon Wireless to provide horizontal-location information to within 50 meters of all emergency callers in 40 percent of cases. After five years, that level of accuracy would be required in 70 percent of emergency calls.

The FCC initially considered a proposal of more stringent rules; After two years, telecoms would have to provide horizontal-location information to within 50 meters of an indoor caller, and vertical information (like what floor of a building someone is in) to within three meters, for 67 percent of emergency calls. After five years, that level of accuracy would be required for 80 percent of indoor emergency calls. But closed-door talks between telecoms and organizations that represent public safety and 911 officials yielded an agreement to the more subdued terms, which the FCC integrated into its 911 roadmap.

Though first responders overwhelmingly supported the proposed rules, wireless service providers were full of objections. In filings sent to the FCC before the vote, AT&T said the changes would "waste scarce resources," while Sprint said the standards were "not achievable using current technology."

In an interview with Mother Jones, Don Brittingham, vice president of national security and public safety policy at Verizon, said, "Instead of putting a lot of money and time and effort into a set of solutions that may not actually help, we would like to see more focus on things that provide some long-term benefits."

Civil liberties groups such as the American Civil Liberties Union, New America's Open Technology Institute and the Consumer Federation of America are also not fans of the new FCC policy, but for very different reasons. The Electronic Frontier Foundation (EFF), for instance, argues that the plan lacks any mention of privacy safeguards.

"Without more specific guidelines...carriers could use E911 regulations as an excuse to ubiquitously track the precise locations of all of their customers, both indoors and outdoors, all the time," writes EFF staff technologist Jeremy Gillula.

He continues, "[O]rganizations like the NSA and DEA will likely demand access to that data, using the flimsy reasoning that such information is 'only metadata.' There's also the risk that state or local police might try to get this data without a warrant. A malicious hacker or a foreign government can already extract your location from the current system without your carrier's knowledge or consent."

And these worries are not unfounded. Law enforcement agencies sometimes use "stingrays"—devices that mimic cellphone towers—to collect everything from cell users' locations to their call logs, and sometimes do so without a warrant, according to documents that for years were shrouded in secrecy. In fact, recently revealed FBI policy states that the technology can be used without a warrant whenever the phone is in a public place.

While all can agree that every second counts in an emergency situation, objections from wireless service providers and civil liberties groups alike have raised questions as to whether the FCC's efforts are feasible or worth the potential costs. The FCC did not respond to a request for comment.

This story has been updated to reflect the difference between the FCC's proposed regulations and the rules that had been voted on January 29, 2015.

Will New 911 Location Requirements Compromise Privacy? | Tech & Science