Last fall's privacy flap over Carrier IQ, which makes diagnostic software embedded into millions of mobile phones, may spur federal legislation.

A draft House of Representatives bill (PDF) would give the Federal Trade Commission the power to regulate "monitoring software" that's capable of transmitting location data or other information about who's using the phone.

House of Representatives

The FTC would have a year to require the disclosure of "the fact that the monitoring software is installed on the mobile telephone"--and, in addition, anyone installing the software would have to obtain the "express consent" of customers.

Mountain View, Calif.-based Carrier IQ came under fire last year when it was incorrectly accused of being a "rootkit keylogger." While that turned out not to be true, the software does raise other privacy concerns, such as being able to record and transmit a list of URLs visited when using Wi-Fi, when the contents of encrypted HTTPS URLs are leaked, and so on.

It's not clear that the discussion draft of the Mobile Device Privacy Act, or MDPA, circulated today by Rep. Ed Markey, a Massachusetts Democrat, is necessary.

Existing law may be sufficient to address any privacy shortfall: Carrier IQ is already facing at least four lawsuits, stiff questions from a senator, and, according to a report in the Washington Post, a probe by both the FTC and the Federal Communications Commission. State legislators, too, have asked for an investigation by the Michigan attorney general.

A representative for Markey did not immediately respond to a request from CNET asking why current law is insufficient. Markey's discussion draft has not yet been introduced as a formal bill.

The company came under fire for its Carrier IQ software that some carriers--including AT&T, Sprint, and T-Mobile--use to gather data from phones that can be used to diagnose problems with the network.

Carrier IQ says the software is designed to help carriers troubleshoot network failures and other problems, such as when calls drop or batteries get quickly depleted, and not designed to capture keystrokes or the content of messages.

Vice President Andrew Coward told CNET that his company's software, which is designed to be installed by carriers hoping to improve network performance, can report back what applications are being used and what URLs are visited. Carrier IQ doesn't make these decisions; rather, it sells configurable software and the carriers decide what options to enable.

The carriers have been reluctant to specify exactly how Carrier IQ is configured. Sprint's statement talks about collecting "information to understand the customer experience with devices on our network." And AT&T's statement merely says that Carrier IQ is used in accordance with the company's privacy policies.

CNET's Elinor Mills contributed to this report.