Friend or foe?

Recent tragedies at universities, high schools and shopping malls around the U.S. have increased interest in mobile emergency alerts. In the event of a shooting, explosion, tornado or other disaster, the theory goes, a text message sent to cell phones and other mobile devices — warning people of the danger and telling them how to stay safe — could dramatically improve the emergency’s outcome.

If public safety agencies could broadcast those alerts just to individuals near the point of danger — and not to everyone across a whole county, city or campus — all the better. Research shows that when people get too many warnings that don’t apply to them, they become desensitized and start tuning out, said Art Botterell, community warning system manager for the Sheriff of Contra Costa County, Calif. “We’re constantly looking to increase the relevance of our warning delivery,” he said.

Finding all the mobile devices within a defined danger zone — say, a half-mile radius around a gas explosion — is technically feasible. Most cell phones incorporate global positioning system (GPS) chips; wireless carriers also can locate devices using triangulation, a method that measures the strength of signals from nearby towers. Carriers already use GPS and triangulation to locate mobile phones when subscribers call 911, so finding wireless subscribers to alert them to nearby danger is possible. But is it legal? In other words, does pinpointing an individual who has not called 911 constitute an invasion of privacy?

The answer may depend on whether the subscriber wants to be found. Or it may depend on the technology employed.

“The Telecommunications Act [of 1996] protects location information as if it were what’s called CPNI — customer proprietary network information,” said Guilherme Roschke, an attorney with the Electronic Privacy Information Center (EPIC) in Washington, D.C. Along with location, CPNI also identifies the technical configuration, type, destination and amount of use of a telecommunication service.

Before using CPNI or sharing it with a third party, the carrier must, in some cases, give a subscriber the chance to opt out of such use; in other cases, the subscriber specifically has to opt in. The law also distinguishes between ordinary location and “call location” — the location of a phone while it’s actually making or receiving a call. According to Roschke, a carrier is not allowed to use call location data unless the subscriber expressly opts in.

Subscribers who use phones with GPS capabilities generally have two options, said Kevin McGinnis, program adviser with the National Association of State EMS Officials (NASEMO) and communications technology adviser for three other national emergency medical services associations. They can set their phones to provide position data only when they call 911, or to provide such data for use in location-aware services. Generally, those are consumer-friendly services — the sort that help a subscriber, for example, find restaurants near a current location. Then, along with pointing the subscriber toward the closest sushi bar, the carrier may use the position data to deliver targeted emergency alerts.

“If you put it on ‘all GPS services,’ you’ve just given away your rights to privacy,” McGinnis said.

Privacy definitely is a concern for wireless subscribers and the carriers that serve them, but the concern may be misplaced, Botterell said. While the technology exists to track individual cell phones when there’s a law enforcement interest in doing so, simply adding an emergency warning system to the picture won’t trigger a surveillance boom, he said. “Tracking large numbers of people is, frankly, not terribly interesting to us from a law enforcement point of view,” Botterell said.

Nevertheless, subscribers do worry about privacy. That’s why Botterell raised the issue as a member of the Commercial Mobile Service Alert Advisory Committee (CMSAC), a group advising the FCC on mobile emergency warning systems. “I do remember bringing it up myself, that this is obviously a point of great public sensitivity and that we needed to be able to make a case that this was not going to impinge on people’s privacy,” he said.

Joe Walsh, chief operating officer at SquareLoop, a Reston, Va., vendor of location-based services, encounters this sensitivity all the time as he markets his company’s technology for emergency alerts. “There is an incredible concern about privacy from subscribers, about who knows where they are and when,” he said.

Contra Costa County is the first community to deploy SquareLoop’s Mobile Alert Network, delivering alerts initially to Sprint Nextel subscribers. (See MRT, Feb. 2008, page 14.) Based on technology developed by Mitre Corp., SquareLoop’s system sidesteps the privacy question because it doesn’t need to collect subscribers’ locations from their mobile devices. Instead, the system broadcasts alerts with embedded data to indicate the targeted geographic area. When a phone receives an alert, it checks the target area against its own location. Only if the phone is in the right place will it display the message.

The software that subscribers download also configures their handsets to store two weeks’ worth of location data. That means SquareLoop can target alerts to subscribers based not just on where they are at the time, but on where they’ve been. Such a capability might be useful, for example, if the subscriber had visited a building later found to contain a biohazard.

Again, this does not involve disclosing any individual’s location, a point that Walsh said he stresses with clients in public safety. “I can’t tell you who was there,” he said. “What I can do is let you open up a line of communication with those folks, and you can encourage them to contact you back.”

Another system designed to transmit location-specific alerts without violating anyone’s privacy is the Cell Broadcast Broker Management System, developed by CellCast Technologies of Montgomery, Texas. Cell broadcast technology uses capabilities already built into most cellular network infrastructure and most phones to transmit an alert in the form of a text message. Public safety officials can target an alert geographically by directing the system to transmit it only through specific antennas. In that case, “all activated phones in the affected area would receive the message regardless of the carrier that provides the service,” according to a white paper written by Paul Klein, CellCast’s chief operating officer. Klein did not return phone calls seeking comment.

Einstein Wireless, a carrier based in Little Chute, Wis., is the first to deploy the system. Shannon Daniels, a spokesperson for Einstein Wireless, has her own phone activated to receive alerts. “A weather alert came over saying there was a winter storm warning,” she said. “It was specific to the county that I live in.”

As part of their broader effort to recommend standards for mobile emergency alerts, CMSAC members have discussed how to deliver such messages more efficiently than wireless carriers do now, as well as how to target them geographically.

“Right now from a technology standpoint, if I’m sending a broadcast alert to 10,000 students, I’m actually sending 10,000 individual messages to students,” said Bruce Lee, industry solutions manager, public sector, for Sprint Nextel.

When that many messages flood a small area in a short period of time, the result often is that many of the messages get blocked by spam filters. To combat this, the wireless industry and the FCC are working toward a broadcast-like model that would address the point-to-multipoint nature of the current model.

CMSAC members also discussed whether it was feasible to target alerts to very small, specific areas. “There were services who were sure they could do it and, therefore, it ought to be required that everybody has to be able to do it. We discussed it at length,” McGinnis said.

The final proposal, however, requires only that carriers target alerts to the county level and nothing further — an unsatisfying outcome, Botterell said.

“The carriers, particularly some of the smaller rural carriers, were very concerned [about signing up] for what was going to be a very expensive and onerous burden,” Botterell said. “Now, county level is not very precise at all. So that was setting the bar pretty low.”