What are the privacy limits when users give permission for an app to access their smartphone’s microphone? A purported class action filed last week by LaTisha Satchell (a New York resident) against the Golden State Warriors (the first NBA franchise employing such an app), Signal360 (the New York-based licensor of the relevant technology) and Yinzcam (the Pennsylvania-based app developer) tackles this issue. Plaintiff filed her complaint in the Northern District of California, asserting violations of the Electronic Communications Privacy Act of 1986 for the class that downloaded the Android version of the Warriors app and for a broader class of those using any Android app with the Signal360 technology.
The Electronic Communications Privacy Act and the Stored Wire Electronic Communications Act are commonly collectively referred to as the Electronic Communications Privacy Act of 1986 (ECPA). The ECPA updated the Federal Wiretap Act of 1968, which applied to the interception of conversations using “hard” telephone lines, but not to the interception of computer and other digital and electronic forms of communication. As amended, the ECPA, protects wire, oral and electronic communications while those communications are being made, are in transit and are stored on computers. The ECPA also applies to email, telephone conversations, and data stored electronically.
The free Warrior’s app at issue allows fans to view live scores and share posts from Warriors games on social media. Although the app requests permission to access fans’ microphones, the app does not disclose that once launched, the app can and does use signals obtained from the device to: (i) track the user’s location, (ii) send targeted advertising material, (iii) and listen to the user’s conversation (and to all other audio transmitted within a radius of the phone). According to the complaint, the app’s capabilities are not restricted to only when the user is engaged but rather continue operating and listening until the app is closed—either when the consumer’s smartphone is turned off or when the consumer “hard closes” the app.
Specifically, Plaintiff alleges:
In 2014, in furtherance of its desire to remain a technological leader among NBA organizations, Golden State partnered with Defendant Signal360 to integrate Signal360’s beacon technology. Beacons are a novel method to track consumers and how they interact with marketing and advertisements. For instance, with beacons, advertisers might be able to discern when a consumer is looking at a specific billboard—something previously unprecedented. With the App, Signal360’s software allows Golden State to target specific consumers and send them tailored content, promotions, or advertisements based on their location.
The App determines a consumer’s precise location by listening for nearby Signal 360 audio beacons by (secretly) activating a consumer’s smartphone’s built-in microphone (“Microphone”). With the Microphone activated, the App listens to and records all audio within range—including consumer conversations. If the App “hears” one of Signal360’s beacons it may display an ad to the consumer or simply send that information to Signal360.
Even more disconcerting, the App turns on the Microphone (listening in and recording) any time the App is running. No matter if a consumer is actively using the App or if it is merely running in the background: The App is listening.
The Complaint asserts ECPA claims for each class for allegedly intercepting (by listening in and recording) Plaintiff’s and the class’s private conversations, including oral communications, where Plaintiff and the class expected such communications were and would remain private. Plaintiff seeks injunctive relief to prevent Defendants from continuing to listen to and record consumer conversations and statutory damages equal to “the sum of actual damages suffered plus any profits defendants earned through their unlawful conduct” or “$100 per class member per day of the defendants’ violations, or $10,000 per class member,” whichever is greater.
The Satchell case remains in the pleading stages and as such it is still too early to evaluate the merits of this complaint. If, however, the intercepting and recording of oral communications allegations without consent are proven to be true, such actions would constitute serious violations of the ECPA. In addition to the legal implications, it will be interesting to see how fans react to this news. Some may care enough to stop using the app. However, one-click purchasing and the camaraderie of sharing on social media seems to have forever raised the tolerance for what consumers are willing to disclose with their mobile devices; for many, the allure of convenience and community outweigh privacy concerns. Fan-based apps for sports teams, TV shows and reality TV characters arguably inspire even more intense loyalty than retail chains, and these serious fans are not likely to stop using their mobile devices to check on their teams or for news on cult favorite TV cliffhangers. (Consider Kimojis, which require access to everything on your phone, including credit card data and purchases.)
Cases like Satchell vs Sonic Notify remind us that the battle to better target and track consumers is as fierce in its own way as any cyber jousting between nations, and that the most important coming battles over personal privacy may well occur in relation to one’s favorite team, TV show or tennis shoe.