Submitted March 18, 2011
The Privacy Rights Clearinghouse (PRC) respectfully submits the following comments to the Public Safety Communications Office of the California Technology Agency (PSCO) for its consideration with respect to the call for public comment regarding the Notice of Public Meetings on Next Generation 9-1-1 in California.[1]
I. Background
The PRC is a nonprofit organization, established in 1992 and located in San Diego, California. Our mission is two-part: consumer education and consumer advocacy. We have published more than 50 Fact Sheets that provide practical information covering strategies that consumers may employ to safeguard their personal information.
The PRC also invites individuals to contact the organization with their questions, concerns and complaints. Over the course of our 19-year history, PRC staff members have worked directly with tens of thousands of consumers. Our positions stated in the comments below reflect, in large part, our observations based on direct communication with individual consumers over the years.
II. General Statements
Transitioning from a legacy 911 system to a more modern Internet Protocol (IP)-based system will provide California citizens enhanced communication options in emergencies, and aid first responder effectiveness. The PRC believes that the decision to move forward with Next Generation 911 (NG911) will ultimately have a positive effect on California public safety. However, NG911 poses significant consumer privacy concerns that we urge the PSCO to systematically analyze and address throughout planning and implementation. In our opinion, medical and location data are of greatest concern.
California gives residents greater built in privacy protections than most states and often leads the nation in enacting consumer-friendly privacy legislation. Protecting sensitive data accompanying 911 calls should be no different. All entities handling data associated with 911 calls, namely Public Safety Answering Points (PSAPs), must be subject to robust, relevant, and enforceable privacy policies. Furthermore, individuals must retain maximum control over personal data, and be afforded educational opportunities so they remain informed of NG911 benefits and capabilities. Without such measures, consumers may lose trust in the 911 system and jeopardize personal and public safety by refraining from using the system.
III. Responses to Specific Inquiries
Legal, Regulatory and Funding
E. With the ability to gather increased information with NG9-1-1 how will an individual’s confidentiality and privacy be maintained (e.g. medical information)?
The PRC appreciates the PSCO’s inquiry regarding individual privacy, and thanks the PSCO for the ability to comment. Baking consumer privacy protections into an NG911 system will allay many consumer concerns, and ideally PSAPs and any other entities handling consumer data will be held accountable by way of a comprehensive privacy policy. We recommend any governing policy be based on the full set of Fair Information Practices (FIPs) and be completely enforceable. FIPs “are a set of internationally recognized practices for addressing the privacy of information about individuals.”[2] They include: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, accountability.[3]
PSAPs must also be subject to robust data breach notification policies whereby all individuals affected are apprised of the breach.
To adequately protect individual privacy, we urge the PSCO to consider: 1) distinguishing between protections afforded to 911 calls and their associated data, or making 911 calls private; 2) giving special consideration to medical and location data; and 3) considering the importance of consumer choice and education (education is discussed below under “Other NG9-1-1 issues”).
1) Distinguishing between protections afforded to 911 calls and their associated data (primary vs. secondary usage of media), or making 911 calls private.
Because 911 calls are considered public record in California, we believe it is imperative to determine what will and will not be included in the public call record prior to implementing NG911. For example, the Federal Communications Commission’s recent Notice of Inquiry (NOI) asks the question of whether “different standards or requirements should apply to primary conversational media as opposed to secondary non-conversational media” especially if secondary media include the capability to transmit sensitive data.[4] Primary media is listed in the NOI as voice, Real Time Text (RTT), and Short Message Service (SMS). We support the concept of offering greater protection to data associated with a call than to call itself, especially if 911 calls remain public record. Neither sensitive data nor records should be accessible to the public merely because they are associated with a 911 call.
The PSCO should also note that consumers may be unaware of the information they are sharing with PSAPs when they use alternative forms of media to contact emergency services. For example, smart phones and modern cameras may transmit information via metadata (such as they type of device used, the time, the exact location, etc.), which would then become part of the call record if the consumer transmits a photo to a PSAP. We believe any such metadata should be nonpublic information.
a) Using social media as a means of communicating with 911: privacy implications.
The PRC advocates against using social media status pages as primary means of communication with a PSAP. As stated in the PSCO’s recent comments to the FCC, the PSCO “do[es] not believe a social network status page should be a primary means to contact a PSAP, because PSAPs and the social networking provider lack personnel to monitor millions of pages or “tweets” at all times.”[5] We agree with the first portion of the PSCO’s statement and believe that social media should not serve as a primary form of communication with PSAPs; however, we do not believe that the reason listed is valid. Monitoring social media for any reason, especially constant monitoring, should be limited to the most extreme circumstances under which other modes of communication would be impractical or completely unavailable. In such situations using social media to communicate an emergency may benefit consumers.[6]
To prepare for events in which social media may be utilized, we believe that there should be a statewide FIPs-based privacy policy in place that minimizes sensitive data collection, retention, and sharing (tailored to the particular instance when practicable). For example, the Electronic Frontier Foundation has filed a Freedom of Information Act suit concerning social network surveillance that revealed in part that the Department of Homeland Security (DHS) established a Social Networking Monitoring Center (SNMC) during President Obama’s January 2009 inauguration. Prior to implementing the SNMC to monitor “items of interest” publicly available on social media sites, DHS discussed privacy implications and implemented FIPs as part of its design.[7] We suggest that any future plan to monitor publicly available social media be planned in a similar manner.
b) Public versus nonpublic 911 call record.
Another option for the PSCO to consider is whether the state of California should visit the issue of whether the launch of NG911 is an appropriate time to transition to a nonpublic call record system. There have been multiple instances of egregious privacy violations because of the public nature of 911 calls. Witness the death of celebrity Michael Jackson. In the event 911 calls cease to be public record, we of course believe that non-personal aggregate information should continue to be public so that government agencies and independent watchdogs can monitor statistics such as response time.
Regardless of whether 911 calls become nonpublic, data in addition to the call must be protected across the board in California. Ensuring its protection would help instill consumer confidence in NG911 systems from the point of implementation. For example, victims of stalking and domestic violence, among others, must take great measures to protect their privacy on all fronts and may fear making a call to a 911 system that they do not trust will protect their personal information. Because consumer opinions differ as to what constitutes “sensitive” information, we encourage the state of California to enact strong protections in law encompassing all secondary media transmissions, paying special attention to medical and location data.
2) Medical and location data must be given special consideration.
The ability to place a 911 call and simultaneously transmit medical and accurate location information to first responders has huge potential to enhance emergency response effectiveness, but presents challenges regarding consumer privacy protection.
a) Transmitting medical data
As PSAPs become capable of receiving, storing, and/or transmitting electronic medical data, they must be required to observe relevant privacy laws. At a minimum, PSAPs must be covered by state privacy and data breach disclosure laws. We recommend that the PSCO look into the sufficiency and potential application of all appropriate state laws. Consumers must have reason to trust that their medical records and data are handled with appropriate care. As such, we suggest that the PSCO consider the importance of minimizing data retention and develop a state-wide process to handle data breaches and notify all affected individuals. Employees within the 911 system must also receive comprehensive training with respect to sensitive data (see discussion below under “Other NG911 Issues”).
Furthermore, consumers deserve to retain maximum control over their medical records, especially in determining when and whether they authorize PSAPs to forward the data. When possible, we advocate allowing all callers to decide whether and/or what to transmit at the point when the call is made. Individuals must also be able to access their information to change or delete it. This is especially true if information is provided to a PSAP on a prior-consent basis to be forwarded to first responders.
b) Location information
Many consumers consider their location information to be highly sensitive. As the PSCO moves forward with its plan to bring the 911 system up-to-date with current technology, it must consider how to best protect this information from being misused. If the system relies on service providers to determine location information, it must also take into account the fact that such information is increasingly valuable. Because of this value and the potential for abuse by third parties, we believe state law must exist to ensure that entities outside of the 911 system are unable to sell and/or use this data for unrelated purposes.
3) Consumer choice is critical.
The more choice consumers have over the use and transmission of their personal data, the more they will trust and utilize an NG911 system to its fullest potential. As mentioned above, it would be best for medical data to be transmitted to first responders by choice at the time an individual makes a call. In the event that an individual to whom the data would pertain is incapacitated at the time of the call and unable to consent, he or she should be able to set preferences with regard to whether data will be automatically transmitted to responders.
Many commonly-used devices will be enabled to place 911 calls via automatic triggering mechanisms. Examples include a vehicle’s automatic collision notification system, medical alert devices, and security cameras (among others). We believe consumer choice should be allowed to be incorporated into devices and compatible with an NG911 system from the outset. Notwithstanding any benefit consumers may incur because a device can automatically contact 911, the choice of whether and when to enable these devices should rest wholly with the individual consumer. This choice could be in the form of a persistent authorization that allows the device to contact 911 under certain circumstances, or, preferably, could be presented each time a triggering incident occurs.
Consumers must also be able to access information concerning their selected preferences and edit them if they so desire. To illustrate, if a consumer purchases a second-hand device, the prior owner’s preferences should be easy for that consumer to edit or delete to fit his or her needs.
Other NG9-1-1 Issues
A. What type of education, awareness, or training would you consider important for the public, PSAP staff, and/or first responders once NG9-1-1 is implemented in California?
Public Education: Effective information campaigns will be critical tools for consumers as NG911 is implemented. Because NG911 focuses largely on improving emergency response via modern technology, consumers must be provided high quality educational materials disseminated through multi-media channels. Information campaigns must also clearly lay out the capabilities of 911 systems so consumers do not attempt to call 911 through media that are not enabled by their particular system. The campaigns must be put forth by both local and regional entities as well as state entities where appropriate.
As an organization that provides educational materials to consumers, we urge the PSCO to encourage the appropriate entities to create easy-to-understand information campaigns that incorporate written, graphic, and auditory materials. Written materials should be made available at a 6th-grade reading level. Information in several languages is also vitally important. When NG911 is launched, public service campaigns via broadcast and cable television should be deployed. Also, comprehensive information should be available via online resources.
PSAP Staff and First Responder Training: Each first responder and PSAP staff member who has the potential to handle sensitive data must receive comprehensive training in data practices and must be apprised of governing laws and/or policies. Training must be provided on a regular basis, not just for new employees. Volunteers must also receive training.
As PSAPs are equipped to handle an influx of multiple forms of consumer information, the potential for employees to jeopardize consumer privacy by disclosing and/or selling any non-public information must be fully addressed. For example, hospital employees have been known to sell celebrity medical data to tabloids for personal gain,[8] and nurses at a San Diego county hospital were fired in 2010 for posting patient information on social media pages.[9] Hospital employees have even sold non-celebrity data for a profit.[10]
To minimize the potential for abuse, PSAP staff and/or first responders must receive extensive and ongoing training and be subject to rigorous monitoring and strict enforcement if such abuses are discovered.
IV. Concluding Remarks
The Privacy Rights Clearinghouse appreciates the opportunity to comment on NG911. NG911 will modernize the 911 system and allow consumers improved service and response effectiveness. With these benefits also come serious privacy challenges, however, and we strongly urge the PSCO to take appropriate steps to protect consumer privacy.
In addition, California state laws may need to be amended and or enacted anew to address privacy-related issues related to NG911. For example, should 911 calls continue to be public record once sensitive information such as medical records, location data, photographic and video images, and text messages become part of the 911 call process? Or if not, how should data associated with calls be subject to greater protection than the publicly available call record?
Respectfully Submitted,
Beth Givens, Director
Meghan Bohn, Staff Attorney
Privacy Rights Clearinghouse
[1] California Technology Agency, Public Safety Communications Office, California 9-1-1 Emergency Communications, Notice of Public Meetings on Next Generation 9-1-1 in California, Jan. 14, 2011, available at http://www.cio.ca.gov/Public/pdf/NG_9_1_1_Public_Meeting_Notice_and_Questions.pdf.
[2] Robert Gellman, Fair Information Practices: A Basic History, Version 1.81, May 13, 2010, available at http://bobgellman.com/rg-docs/rg-FIPshistory.pdf.
[3] See e.g. Organization for Economic Cooperation and Development, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980).
[4] FCC, Framework for Next Generation 911 Deployment, Notice of Inquiry, PS Docket No. 10-255 (rel. Dec. 21, 2010) para. 40, available at http://www.fcc.gov/Daily_Releases/Daily_Business/2010/db1221/FCC-10-200A1.pdf (published in the Federal Register on Jan. 13, 2011).
[5] Comments of the Public Communications Office of the California Technology Agency Before the Federal Communications Commission, In the Matter of Framework for Next Generation 911 Deployment PS Docket No. 10-255, at 8 (Karen Wong & Ryan Dulin) Feb. 28, 2011.
[6] See e.g. Jennifer Preston, After Quake and Tsunami, Japanese Citizens Flock to Social Networks for Information, NY Times, March 13, 2011, available at http://mediadecoder.blogs.nytimes.com/2011/03/13/after-quake-and-tsunami-japanese-citizens-flock-to-social-networks-for-information/?partner=rss&emc=rss (illustrating an extreme situation where many people were able to communicate via social networks when they were unable to use other means of communication—namely mobile phones).
[7] For an in-depth analysis of the issue of social media monitoring, we point the Commission to the Electronic Frontier Foundation’s (EFF) work surrounding its Freedom of Information Act requests regarding social media monitoring. See Jennifer Lynch, New FOIA Documents Reveal DHS Social Media Monitoring During Obama Inauguration, EFF DEEPLINKS BLOG, Oct. 13, 2010, http://www.eff.org/deeplinks/2010/10/new-foia-documents-reveal-dhs-social-media/ (last visited March 8, 2011).
[8] See e.g. Charles Ornstein, Fawcett’s cancer file breached, LA TIMES, Apr. 3, 2008, http://articles.latimes.com/2008/apr/03/local/me-farrah3 (last visited March 14, 2011).
[9] See Michael Burge, 5 fired for discussing patients’ cases online, SAN DIEGO UNION TRIB., June 10, 2010, http://www.signonsandiego.com/news/2010/jun/10/5-employees-fired-for-discussing-patients-cases/ (last visited March 14, 2011)
[10] See Privacy Rights Clearinghouse’s Chronology of Data Breaches: Security Breaches 2005-Present, http://www.privacyrights.org/data-breach (last visited March 14, 2011) for multiple examples.