The Senate Judiciary Committee was expected Thursday to approve legislation that would close a legal loophole that allows so-called cyberstalking apps to operate secretly on a cellphone and transmit the user's location information without a person's knowledge.
The bill, sponsored by Sen. Al Franken, D-Minn., would update laws passed years before wireless technology revolutionized communications. Telephone companies currently are barred from disclosing to businesses the locations of people when they make a traditional phone call. But there's no such prohibition when communicating over the Internet. If a mobile device sends an email, links to a website or launches an app, the precise location of the phone can be passed to advertisers, marketers and others without the user's permission.
The ambiguity has created a niche for companies like Retina Software, which makes ePhoneTracker and describes it as "stealth phone spy software."
"Suspect your spouse is cheating?" the company's website says. "Don't break the bank by hiring a private investigator."
An emailed statement from Retina Software said the program is for the lawful monitoring of a cellphone that the purchaser of the software owns and has a right to monitor. If there is evidence the customer doesn't own the phone, the account is closed, the company said. The program is not intended or marketed for malicious purposes, the statement said.
But Franken and supporters of his bill said there is no way to ensure the rules are followed. These programs can be installed in moments, perhaps while the cellphone's actual owner is sleeping or in the shower. The apps operate invisibly to the cellphone's user. They can silently record text messages, call logs, physical locations and visits to websites. All the information is relayed to an email address chosen by the installer.
Even if people do discover the software is installed on their phones, they often don't know what to do about it, said Rick Mislan, a professor at the Rochester Institute of Technology who specializes in mobile security and forensics. "Law enforcement usually won't help them because they've got bigger fish to fry," he said.
Victim's advocacy groups said Franken's bill is a common-sense step to curb stalking and domestic violence by weakening a tool that gives one person power over another.
"It's really, really troubling that an industry would see an opportunity to make money off of strengthening someone's opportunity to control and threaten another individual," said Karen Jarmoc, executive director of the Connecticut Coalition Against Domestic Violence.
A domestic violence case in St. Louis County, Minn., helped persuade Franken to introduce his bill. A woman had entered a county building to meet with her advocate when she received a text message from her abuser asking her why she was there, according to congressional testimony delivered last year by the National Network to End Domestic Violence. Frightened, she and her advocate went to the local courthouse to file for a protective order. She got another text demanding to know why she was at the courthouse. They later determined her abuser was tracing her movements with an app that had been placed on her cellphone. The woman was not identified by name in the congressional testimony.
The bill includes an exception to the permission requirement for parents who want to place tracking software on the cellphones of minor children without them being aware it is there.
An organization representing software companies opposes Franken's bill because it said the user consent requirement would curb innovation in the private sector without adequately addressing the problem of cyberstalking. Voluntary but enforceable codes of conduct for the industry are more effective methods for increasing transparency and consumer confidence, said David LeDuc, senior director for public policy at the Software & Information Industry Association.