This post kicks off our "DCoded" series, a partnership with the Center for Democracy & Technology in Washington, DC. Each installment takes you inside Washington and provides a look at the most important bills, regulations, think tankery, and bloviation on issues that will affect your Internet experience. First up: smartphones and privacy.

I have nostalgic memories of building computers with my father in the early 1990s. We’d set jumpers on motherboards, string together previously unrelated pieces of hardware, and pray for a successful boot screen. The process was arcane and often frustrating—definitely not for everyone. But the result was a machine that was decidedly our own.

When connectivity dawned on personal computing, users were still squarely in the driver’s seat. My first dial-up Internet access was limited to twenty hours per month, requiring careful timekeeping on a clipboard that hung next the monitor. I would dart onto the Web, download articles and shareware games, then log off to preserve precious connection time. I was in control.

Today, it’s a different story; our devices are more opaque and more connected than ever before. As a result, gadget geeks face a whole stack of privacy concerns the minute they fire up a new smartphone. Wireless carriers might be using their online browsing habits for market research; the hardware itself comes equipped with GPS, a camera, a microphone, and other sensors; the operating system might quietly compile logs of the user’s location; and other pre-installed software might include hidden processes like CarrierIQ.

And this is all before installing the first app.

Recently, data security expert Bruce Schneier said, “I have much less control over this iPhone than I do over my computer... I cannot do things on this machine that I can do on my computer. I can’t erase data to my satisfaction; I can’t run an antivirus program to anybody’s satisfaction. Because Apple isn’t giving me the same level of control, of access that I have to a PC or even to a Mac.”

Schneier’s point holds true for other smartphones and consumer electronics of all kinds.

It’s also true that not all users need—or even want—root level access to their devices. Heavily sandboxed computing environments have led to more stable, user-friendly devices. But the less we know, the less we can understand and control. “Computers seem more like specific appliances—but it’s never an appliance, it’s a computer with spyware on it out of the box,” is Cory Doctrow’s blunt assessment.

This creates a puzzle pitting convenience against privacy. Solving it has urgency because smartphones are deeply personal, always-connected, and increasingly cloud-reliant. They have all the power of traditional computing platforms plus the ability to precisely track our location. They’ve already become our personal assistants and will eventually replace our wallets. We’re literally falling in love with the things.

These two trends—receding control and increasing reliance on third parties to manage and serve up our personal data—mean that we badly need an update to our privacy laws.

The incomplete patchwork of US privacy laws sets a low bar for many companies. The Federal Trade Commission can police companies that lie about their data practices, but this isn’t enough on its own. As companies rush to collect more data, they’re also making fewer disclosures. As result, it can be hard, even for privacy professionals, to know what’s being collected and how it’s being used.

Piecemeal policy

A small set of federal lawmakers have struggled recently to address privacy threats in the mobile space. The result is a handful of bills (which have yet to be passed) and letters to companies and regulators (which have no legal effect, but can exert pressure). These efforts hit on important issues and are worth highlighting, but this piecemeal approach has yet to produce meaningful protections.

A number of recent bills have focused on location. Senators Al Franken (D-MN) and Richard Blumenthal (D-CT) have introduced the Location Privacy Protection Act of 2011, which would require consent before a company collects or shares our location information. Sen. Ron Wyden (D-OR) and Rep. Jason Chaffetz (R-UT) proposed the Geolocational Surveillance and Privacy (GPS) Act, which would require government agencies to obtain a warrant—in accordance with our Fourth Amendment rights—to track our location, and also to restrain companies from sharing location data about their customers without consent. Both bills would be welcome protections, especially given that even phones without GPS can still be used to track owners who connect to cell towers and to Wi-Fi networks.

Highly publicized software scandals have also drawn the attention of Congress. The CarrierIQ uproar prompted letters from Franken to carriers and handset makers. Recently, Rep. Ed Markey (D-MA) released a draft of the Mobile Device Privacy Act, which would require your permission before monitoring software is used on a mobile device. This is a complicated issue, but it’s hard to argue against the idea that users should always be able to see what software is running on their devices. This bill might not be primed for passage, but it recognizes the importance of true transparency and control.

This scattershot approach from Congress demonstrates that at least some policymakers are paying attention. Even without the bills’ passage into law, these efforts raise awareness and put pressure on companies to observe responsible policies. Unfortunately, the introduction of these bills hasn’t changed the ground rules: at the end of the day, we have little control over or even awareness about how our information is collected and used. This is unsustainable.

The Obama Administration recently published a Consumer Bill of Rights and recommended that it be codified into federal law. The principles contained in the report are designed to empower individuals in the highly connected environment we live in today. They include concepts like “individual choice,” transparency,” and reasonable limits on the personal data that companies can collect—fundamental building blocks of a sound privacy framework.

In the absence of legislation, the administration has committed to working with companies, advocates, and academics to advance these goals. This process is currently in the planning stage, and the Administration has indicated that the mobile space is a top concern (see its recent report).

The Federal Trade Commission recently released a much-anticipated Privacy Report and joined the administration in asking Congress to consider a law. The Report itself is a nuanced articulation of privacy challenges and solutions—all good stuff—but it’s not legally binding. Without Congressional support, some of the best suggestions in the Privacy Report don’t have teeth.

Non-governmental actors can have some sway, too. The GSMA, a trade group for mobile operators and related companies worldwide, recently released a strong set of mobile privacy guidelines. CDT recently published a set of app developer best practices in an effort to help with the app side of the equation. Other initiatives are underway across the industry and public interest spheres.

But the bottom line is this: we deserve to have better laws on the books. Modest progress is welcome, but without fundamental change, our privacy remains at risk.