On March 15 the FCC voted to advance a Further Notice of Proposed Rulemaking (“FNPRM”) that would require wireless carriers to provide more accurate location data for emergency calls. Under the proposed rules, wireless carriers would have to give first responders three-dimensional location data instead of two-dimensional location data as currently required. Commissioners acknowledged that the pinpoint accuracy of three-dimensional location data could raise significant privacy issues if the data was misused, but they declined to immediately mandate that three-dimensional location data receive the same stringent data protection as two-dimensional location data currently does. Rather, they have asked for public comments on whether three-dimensional data should be subjected to the same heightened data protection standard.
The pinpoint accuracy provided by three-dimensional location data will likely improve the response time of first responders, but if the data is misused it could lead to significant privacy concerns.
The proposed shift to a three-dimensional location system is an attempt to aid first responders in locating emergency callers within multi-story buildings.
Under the current emergency location system, unless a caller is able to tell the operator what floor the emergency is located on, first responders have to search every floor within the building. For example, in a recent incident it took eight hours for a stroke victim to be located by first responders in her New York high rise.
The proposed rules attempt to remedy this problem by requiring wireless carriers to use barometric sensors in a caller’s phone to determine its vertical position. This information would then be combined with the existing two-dimensional location information to give first responders the caller’s three-dimensional location to within three meters.
The pinpoint accuracy provided by three-dimensional location data will likely improve the response time of first responders, but if the data is misused it could lead to significant privacy concerns. Therefore, the FCC is asking for public comment to help it decide the proper regulatory framework to address data privacy and misuse concerns. There are currently two already existing sets of data protection rules that could be applied to three-dimensional location data. The first is called Customer Proprietary Network Information (“CPNI”). Data covered by CPNI must not be disclosed by wireless carries without the express authorization of the user, but it does not prevent third parties from accessing the data once the user has given permission. In most cases the consumer, often unwittingly, agrees to share their location each time they download an application. Once in possession of data covered by CPNI, the third party can use it to determine a wireless user’s general location. The second, and more stringent set of rules, applies to data that falls under the National Emergency Address Database (“NEAD”). Data that falls under NEAD, which includes the data currently used for the two-dimensional emergency response system, can be used to determine a wireless user’s exact two-dimensional location. According to the FCC, it “may not be used for any non-911 purposes, except as otherwise required by law.” It is likely that the FCC will choose one of these two regulatory frameworks for the protection of three-dimensional location data.
The public comments must advocate for an approach that preserves the benefits three-dimensional data location will bring to the emergency response system, while ensuring adequate privacy protection to prevent data misuse. Federal regulators “estimate that shaving a minute off response times [by first responders] could save as many 10,000 lives a year.” Providing accurate three-dimensional location data, especially in cities, will make a significant impact in response times. However, at the same time, data breaches and misuse can cause significant harm to those affected. Therefore, the best approach the FCC could adopt is one that uses three-dimensional location data to improve response times without compromising the adequacy of data protections.
Killian Steer, 18 March 2019