Are Smartphone User Agreements and Harmful Technology Legal? (Part 2)

Save

11/27/2018

Updated:

11/28/2018

Commentary

This article is part of a series on corporate surveillance, highlighting civil liberty, privacy, cybersecurity, safety, and tech-product user exploitation threats associated with connected products that are supported by the Android (Google) OS, Apple iOS, and Microsoft Windows OS, smartphones and their harmful effects. Part 1 of this article can be read here.

Before I explain why I believe the collective terms of use that support telecom-related products, such as a smartphones, are misleading and possibly illegal, there are several things you need to understand about the terms of use.

When a smartphone owner clicks on “I Agree,” to accept the collective terms of use that support a smartphone, he or she is accepting:

• Published (online) terms of use that include terms and conditions (T&Cs), privacy policies, and end user licence agreements (EULAs).

• Unpublished (hidden-in-device) terms of use that include application permission statements, application product warnings, and interactive application permission command strings.

• Multiple sets of published and unpublished terms of use associated with each company that is responsible for developing the pre-installed (“rooted") content, such as apps that support a smartphone.

Depending on the number of pre-installed apps, the collective terms of use authored by numerous companies can exceed well over 3,000 pages of legal text, written in a manner that enables the content developers to exploit the smartphone user for financial gain.

Telecommunication subscribers (“paying customers,” both individuals and businesses) and authorized device users (spouse, children, and employees) aren’t indemnified (protected) from harm even if companies such as AT&T and Google are negligent with the telecom-product user’s personal and professional information (“digital DNA”).

Smartphone terms of use are written in a manner to protect companies such as Google, Apple, Microsoft, AT&T, Verizon, T-Mobile, and Sprint from costly lawsuits due to protective measures such as the use of arbitration clauses.

However, if the collective terms of use can be proven to be illegal, that would open the door for a class-action lawsuit, rendering the safety measures such as an arbitration clause to be non-binding.

I hope that my research, analysis, and findings regarding the terms of use can prove the collective terms of use are, in fact, illegal, according to existing consumer laws governed by the Federal Communications Commission (FCC), Federal Trade Commission (FTC), and state attorneys general (AGs).

The legality regarding smartphone terms of use will have to be determined by legal experts coupled with the FTC, FCC, Department of Justice (DOJ) and state AGs.

I will present the evidence and let all parties concerned, including the public, decide.

First, in order to understand the law, U.S. telecommunications subscribers and authorized device users need to realize that a smartphone is an integrated cellular phone and computer supported by protected (due process/Fourth Amendment) telecom infrastructure governed by the FCC.

Protected telecommunications mean that telecom-product users are covered by numerous telecom and consumer laws that are meant to protect their privacy, plus protect them from fraud and deceptive trade practices associated with products that require payment, such as smartphones.

Now that we understand that telecom-product owners and users have rights, we can move forward.

Forced Participation and Express (“Lawful”) Consent

I want to state that I’m not against surveillance and data-mining business practices, as long as the telecom-product user has the freedom to opt in or out of said practices at any time.

I also believe that telecom service providers (e.g. AT&T), smartphone manufacturers (e.g. Samsung), operating system (OS) developers (e.g. Apple, Google, Microsoft), and pre-installed content developers (e.g. Amazon, Facebook, Baidu, etc.) should be required by law to fully disclose, in fine detail, all surveillance and data-mining business practices associated with all products concerned, especially telecom-related products such as smartphones.

Due to unpublished (hidden-in-device) application legalese and application product warnings that support the pre-installed content, such as smartphone apps, I believe that telecom subscribers and authorized device users are being forced to participate in a highly exploitative surveillance and data-mining business model.

Surveillance and data-mining business practices enable the telecom provider, smartphone manufacture, OS developer, and pre-installed content developers with the ability to monitor, track, and data-mine the smartphone user for financial gain.

Smartphone users are surveilled and data-mined at the expense of their civil liberties, privacy, cyber security, and safety, regardless if the user is an adult, child, or business professional.

Due to misleading terms of use, the smartphone user becomes an “uncompensated information producer” who is being exploited by the very telecom and technology companies the product owner patronizes with their loyalty, trust, and hard-earned money.

Tech-product user exploitation occurs when a person pays for a smartphone while the content developers are enabled to exploit the smartphone user’s digital DNA for financial gain, without compensating the product user for their digital DNA. I believe that tech-product user exploitation is illegal due to misleading terms of use.

How do I know that the terms of use may be illegal? Because, according to consumer laws governed by the FTC and state AGs, it is illegal to hide application legalese and application product warnings associated with pre-installed content from consumers, such as the Samsung Galaxy Note/Android (Google) OS examples below:

• Social media app includes a product warning to censor speech: “Allows the app to access and sync social updates from you and your friends. Be careful when sharing information—this allows the app to read communications between you and your friends on social networks, regardless of confidentiality. Note: This permission may not be enforced on all social networks.”

• Calendar app includes a product warning: “Allows the app to read data about your contacts stored on your phone, including the frequency with which you’ve called, emailed, or communicated in other ways with specific individuals. This permission allows apps to save your contact data, and malicious apps may share contact data without your knowledge.”

(Screenshots with annotation via Rex M. Lee)

According to the Texas Deceptive Trade Practices Act (DTPA), chapter 17, statute 17.12 (deceptive advertising), I believe that the telecom subscriber is fraudulently induced into purchasing all products concerned, due to misleading advertising, which doesn’t disclose surveillance and data-mining business practices associated with telecom products such as a smartphone.

From my own research and analysis regarding the Texas DTPA, coupled with the terms of use that support smartphones, I have concluded that individuals, children, and business professionals aren’t giving express (“lawful”) consent regarding surveillance and data-mining business practices employed by telecom providers, smartphone manufacturers, OS developers, and pre-installed content developers.

Furthermore, telecommunication subscribers are being fraudulently induced into purchasing addictive, intrusive, exploitative, and harmful technology, developed by companies such as Google and Facebook.

Don’t take my word for this claim: T-Mobile and Verizon, plus former executives and product developers for Alphabet Inc. (Google) and Facebook, admit that social media platforms, smartphones, tablet PCs, and connected products are supported by addictive, intrusive, exploitative, and harmful pre-installed content that the product owner or user can’t uninstall nor in many cases control or disable.

As noted in previous articles of this series, T-Mobile and Verizon admit that smartphones aren’t private, secure, or safe forms of telecommunications and computing, due to uncontrollable pre-installed addictive, intrusive, exploitative, and harmful content. Advertisements for smartphones don’t disclose this.

Furthermore, ads don’t disclose that the pre-installed content that supports a smartphone is supported by intrusive and exploitative application legalese that includes numerous application product warnings.

Deceptive Trade Practices

I will provide examples of what I believe are deceptive trade practices associated with misleading terms of use, plus unpublished application legalese that includes application product warnings that aren’t transparent to the telecom subscriber (smartphone owner) or the authorized device user.

1. Locating Unpublished (Hidden-in-Device) Terms of Use: Application Legalese and Product Warnings

It’s impossible for a smartphone owner or user to locate unpublished application legalese and product warnings without proper instruction.

Here’s how to locate Android (Google) application legalese associated with the pre-installed apps that support a Samsung Galaxy Note 8 smartphone.

Step 1: Swipe down top of screen to locate settings.

Step 2: Tap settings icon located in top right-hand corner.

Step 3: Tap “Apps.”

Step 4: Tap on an app.

Step 5: Tap on “Permissions.”

Step 6: Locate and tap navigation buttons located in top right-hand corner.

Step 7: Tap on “All Permissions.”

Step 8: Tap on a master permission to reveal application permission statements and application product warnings.

Step 9: Read hidden application permission statement.

A device user must know that pre-installed app permissions exist in order to try to locate the permissions. The device user has to know what navigation buttons are and how to use them to locate the hidden pre-installed app permissions. The user is led to believe the Calendar app (used in this example) only has five permissions that can be controlled. The user has to know to click on the navigation buttons to locate the “All Permissions” navigation button to find all of the permissions and hidden app legalese attached to the Calendar app. The other hidden app permissions cannot be controlled.

The above example shows that Google, Samsung, and AT&T are potentially violating consumer laws associated with deceptive trade practices by hiding application legalese and product warnings from the smartphone owner, which, in this case, was me.

Without knowing where to start, plus knowing the exact order of taps, swipes, and touches, the product owner and/or user will never know how to find the application legalese and product warnings that support the pre-installed apps associated with the Galaxy Note 8 or any other smartphone for that matter.

2. Contradictory Published (Online) and Unpublished (Hidden-in-Device) Terms of Use

Smartphone users have no idea that the apps can actually identify the product user, plus forward the user’s ID and profile information to the content developer and others.

That content developers can identify smartphone users when sharing the user’s ID with other third parties contradicts the published terms of use that state users aren’t identified when the content developer shares their personal information with third parties.

Here’s an example of the T-Mobile and Google published (online) terms of use vs. an Android application permission statement, “Your Personal Information.”

• T-Mobile online privacy policy 2018: “De-identified Data. We many provide your de-identified information to third parties for marketing, advertising, or other purposes.” (Implies the device user’s personal identity is protected.)

• Google online privacy policy 2018: “We may share non-personally identifiable information publicly and with our partners—like publishers, advertisers, developers, or rights holders. For example, we share information publicly to show trends about the general use of our services. We also allow specific partners to collect information from your browser or device for advertising and measurement purposes using their own cookies or similar technologies.” (Implies personal information is protected.)

• Samsung Galaxy Note 2, Personal Profile App Permissions: “Allows apps to read personal profile information stored on your device, such as your name and contact information. This means apps can identify you and may send your profile information to others.”

3. The Practice of Separating Critical Legalese and Product Warnings from Published (Online) Terms of Use

One misleading tactic that needs to be investigated by the FTC and state AGs is the practice of separating unpublished (hidden-in-device) terms of use from published (online) terms of use.

Examples of Android, Apple, and Microsoft unpublished application legalese hidden in the OS or within settings of smartphones, tablet PCs, and PCs, in general, include statements on accessing your location (determined from network location sources such as phone towers, Wi-Fi, and GPS) or tracking of PC use.

The unpublished terms of use such as application permission statements (“app permissions”) and application product warnings are the most important terms of use to the smartphone owner.

Unpublished legalese such as app permissions explains to the connected-product user the level of surveillance and data mining that the content developer can conduct on them via pre-installed apps.

In addition, many app permissions contain application product warnings, which are not transparent to the product user.

After all, how can a product user heed a non-transparent product warning such as the Android (Google) examples below?

• Phone data product warning: “Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Note that this doesn’t allow the app to call emergency numbers. Malicious apps may cost you money by making calls without your confirmation.”

• Phone log product warning: “Allows the app to read your phone’s call log, including data about incoming and outgoing calls. The permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge.”

This leads to two questions: “How can product owners and users be legally bound to non-transparent legalese associated with a legal contract?” And “What kind of company feels that it is necessary to not publish application legalese that includes application product warnings within the published (online) terms and conditions, privacy policies, or end-user licensing agreements?”

Google, Apple, and Microsoft should have to explain why each company separates application permissions and application product warnings from online terms of use.

I believe the practice of separating application legalese from published terms of use is an illegal practice because the application permissions and product warnings aren’t clearly disclosed to the product owner.

Additionally, unpublished application legalese that includes application product warnings aren’t disclosed within TV ads, the sales process, or published within product packaging.

4. Predatory App Permissions are Defaulted to “On”

Another example of a deceptive trade practice is that content developers default controllable application permissions to “on.”

When a consumer or business first purchases a smartphone and then activates the smartphone, controllable application permissions are defaulted to “on.”

This means that if the smartphone owner doesn’t know how to configure his or her device for optimum privacy, the predatory apps will enable the developers to monitor, track, and data-mine the product user for financial gain without the user’s consent or knowledge.

Without proper instruction, the smartphone owner won’t even know he or she can disable some intrusive permissions associated with some pre-installed apps.

However, the dirty secret is the fact that the smartphone owner only has control over some app permissions but not all app permissions, because the apps are supported by two sets of app permissions that include controllable permissions and uncontrollable permissions.

This leads to another question: “What kind of company intentionally sets controllable application permissions to “on” while not disclosing instructions on how to configure the product for optimum privacy?”

The smartphone user is left with a false sense of security, believing they are in control of their device when the fact is, they are not in control, even though they paid for the product.

5. Two Sets of App Permissions: Controllable and Uncontrollable

As just mentioned, another example of a deceptive trade practice is that some pre-installed apps are supported by two sets of app permissions, of which the smartphone user can control some permissions that are transparent to the user.

However, some pre-installed apps are actually supported by application permissions that aren’t transparent to the smartphone user unless the user knows how to locate the hidden second set of application permissions and application product warnings.

6. User App Permissions and System App Permissions

Yet another example of a deceptive trade practice is that the smartphone is supported by user apps and systems apps, both of which are supported by intrusive and exploitative application permissions and application product warnings.

The user apps are transparent to the smartphone user, yet the system apps aren’t transparent to the user unless the user knows how to locate the system apps.

I believe examples 1–6, discussed above, are all clear violations of consumer laws that are enforced at the state and federal level, which are governed by the FTC and state AGs.

Impossible to Read and Understand Terms of Use

The collective terms of use that support a smartphone are too torturous to read and understand, due the total number of pages of complicated published and unpublished legalese, validating that the terms of use are misleading and impossible to read.

According to the Texas DTPA, chapter 17.46, statute 24 (failing to disclose goods and services) and the FTC, the contracts are illegal because the contracts cannot be read and understood by the smartphone owner prior to making a product purchase or prior to using the product due to misleading terms of use.

In closing, my analysis of the Texas DTPA revealed numerous violations that I’ve documented and reported to the Texas AG’s office, plus I have reported numerous violations of federal consumer laws to the FCC and FTC.

To date, neither the FTC, FCC, nor the Texas AG’s office has investigated the violations that I’ve reported.

As it remains today, telecom and tech giants may be actively violating consumer laws at the state and federal level if my analysis is correct.

It’s clear that numerous laws are possibly being violated by all parties concerned, yet the FTC, FCC, DOJ, state AGs and law makers aren’t willing to protect citizens, children, and business professionals from predatory surveillance and data-mining business practices rooted in surveillance capitalism.

It’s time they did so.

In the next article, I will reveal numerous privacy and cyber security threats associated with the use of smartphones, tablet PCs, and connected products within the defense industry, critical infrastructure, and enterprise business.

Rex M. Lee is a privacy and data security consultant and an analyst and researcher for Blackops Partners. You can read of his analyses on his website, MySmartPrivacy.com

Views expressed in this article are opinions of the author and do not necessarily reflect the views of The Epoch Times.