The 911 system has a problem. As people switch from landlines to mobile phones, more and more 911 calls come from wireless devices. But under current FCC E911 (Enhanced 911) regulations, carriers are only required to provide 911 dispatchers with a mobile phone’s location to within 300 meters, and aren’t required to provide any sort of vertical location information (i.e. to pinpoint what floor of a skyscraper someone is on). This lack of accurate location information can make it difficult for first responders to find callers, especially when the person calling becomes disoriented or unable to speak.

Unfortunately, in an effort to solve this problem the FCC may be about to create a whole host of new ones, this time for people’s privacy. On Thursday, January 29th, the FCC will vote on new E911 rules which would require carriers to provide more accurate location information—within 50 meters horizontally, and three meters vertically—enough to pinpoint what floor of a building somebody is on. The four major carriers have proposed a roadmap [PDF] that outlines how they intend to meet these new rules when they are finalized, but this roadmap is almost completely devoid of any mention of privacy safeguards.

The Privacy Dangers

For example, the roadmap and the FCC rules aren’t clear about whether enhanced location reporting will always be on whenever the phone is on, or only available during 911 calls; or if it’s not always on, whether it will have to be triggered on the phone or could be triggered remotely. Without more specific guidelines, this could mean that carriers could use E911 regulations as an excuse to ubiquitously track the precise locations of all of their customers, both indoors and outdoors, all the time. Of course organizations like the NSA and DEA will likely demand access to that data, using the flimsy reasoning that such information is “only metadata.” There’s also the risk that state or local police might try to get this data without a warrant. While the U.S. Supreme Court made clear in U.S. v. Jones that Americans’ location history enjoys significant privacy protections, and in Riley v. California that our mobile phones are also entitled to strong privacy protections, it’s still not settled on the national level whether or not police need a warrant in order to demand location information from a mobile carrier.

And it’s not just law enforcement we should be worried about. As recent articles have explained, the world’s cell phone systems don’t exactly feature strong security. A malicious hacker or a foreign government can already extract your location from the current system without your carrier’s knowledge or consent. More accurate location information would doubtless pose an even more alluring target—and the roadmap doesn’t mention how this information will be secured.

The roadmap also poses privacy concerns for anyone using a stationary wireless device, be it a Wi-Fi router, a set-top cable box, or even a smart thermostat. That’s because carriers want to create something called the National Emergency Address Database (NEAD), which would match the Wi-Fi and Bluetooth MAC addresses of stationary devices to physical street addresses (and even apartment, suite, or floor numbers). This would enable the carriers to take advantage of the same sort of indoor location technology that companies like Google, Apple, and Skyhook already use, which use your phone’s Bluetooth and Wi-Fi antennas to scan for nearby fixed devices, and then match those MAC addresses to a database to determine your precise location.

While this sort of technology isn’t new, that doesn’t mean it doesn’t raise privacy concerns. In addition to these privacy concerns, the carriers propose going one step further by suggesting that users should be required to enter their physical address when they setup a new stationary wireless device (like a wireless router) in order to make NEAD’s coverage as comprehensive as possible. As you might expect, the roadmap doesn’t go into what sort of privacy safeguards might be built into NEAD or the smartphones that will use it, or who will have access to NEAD.

Easy Solutions

Obviously these issues pose a very real danger to Americans’ location privacy. That’s why EFF, along with numerous other privacy- and consumer-rights-focused organizations (including New America’s Open Technology Institute, the ACLU, CDT, Consumer Federation of America, Public Knowledge, Privacy Rights Clearinghouse, and several others) have called on [PDF] the FCC commissioners to make clear to carriers that any technology they use to satisfy E911 regulations must meet the following criteria:

E911 functionality should be designed so that it can only be triggered on the phone itself (i.e. not remotely) and a prominent notification should be shown as long as it’s enabled.

Carriers should offer users the ability to opt-out of having their stationary wireless devices entered in NEAD.

The FCC should ensure that NEAD and E911 data is used only for E911 purposes, and is never used for commercial purposes or shared with other government agencies without a warrant.

The FCC should also help users take back their location privacy by ensuring that any technology added to a phone to satisfy enhanced location regulations should only be used for non-911 purposes with the express opt-in consent of the user, on an app-by-app basis. This means that if carriers want to expose the output from things like barometric sensors or the names of nearby Wi-Fi networks to third-party apps, users should have the ability to decide for themselves whether or not they want to share that data with a given app.

Better 911 location accuracy has the potential to make a huge positive impact in peoples’ lives. But if people are concerned that this benefit will come at the expense of their privacy, they’re more likely to take steps that will prevent these location services from working properly. In order to prevent this, we need the FCC to make sure that privacy is baked in to new E911 regulations from the start. Otherwise, these rules may force people to choose between privacy and response time in an emergency, and that’s a decision nobody should have to make.