Redmond, Washington — A Michigan woman this week filed a lawsuit against software monopolist Microsoft Corp. that accuses it of storing location information about its Windows Phone 7 operating system tracks its users without their permission, the centerpiece of the company’s efforts to grab part of the burgeoning mobile market.
The lawsuit, filed in the U.S. District Court in Seattle, alleges that Microsoft designed its mobile OS to “extract geographic location information from users and transmit their specific whereabouts to Microsoft’s servers even after the software’s tracking feature is apparently disabled,” according to the suit, which was filed yesterday by Rebecca Cousineau.
The suit, filed by Cousineau, further accuses Microsoft of violating various communications and privacy laws and is asking for both an injunction to stop Microsoft from collecting the data, and punitive damages to punish the company for collecting the information in the first place.
Data, including location information, is collected from Windows Phone 7 devices such as the HTC 7 Mozart and Samsung Omnia 7 when a phone’s camera is turned on. Cousineau gestured towards the Windows Phone Camera app, and said when you first load that app, it will produce a prompt that says “Allow the camera to use your location?” According to Cousineau’s suit, the phone collects location data regardless of whether you selects “allow” or “cancel.”
“Microsoft blatantly continues to collect users’ location information,” the suit said.
The lawsuit also alleges that Microsoft misled Congress when the company earlier this year mentioned that the operating system does not collect data from mobile users without their consent. The lawsuit alleges that “Microsoft’s representations to Congress were false.”
In a letter responding to queries from several members of the House of Representatives, Microsoft acknowledged that it “collects limited information necessary to determine the approximate location of a device.” But added that “collection is always with the express consent of the user and the goal of our collection is never to track where a specific device has been or is going.”
Microsoft collects location data from users to furnish “useful and relevant experiences to users, such as local movie options, directions to a nearby coffee shop or to find a meeting of nearby friends,” the letter said.
The plaintiff’s attorney could not be reached for comment.
Microsoft, based in Redmond, Wash., declined to comment on the lawsuit.
Interestingly, how does Cousineau discovered the deceptive design? According to PCMag.com, Cousineau stated she assigned security researcher Samy Kamkar to run tests on a ‘Samsung Omnia 7’. Kamkar has made big news for location tests he performed on Google devices as well as a Javascript API he created that manages a new type of cookie known as an “evercookie.”
In tests he carried out on the Windows Phone device, Kamkar mentioned that the Camera app starts collecting data even before the pop-up prompt is displayed.
“When hitting ‘cancel’ to stop your location information from being shared, the phone continues to intermittently transmit information from Wi-Fi networks and cellular towers to a host owned by Microsoft Corporation leading to the user’s location,” he wrote in a report. “The Windows Mobile operating system is clearly sending information that can lead to accurate location information of the mobile device regardless of whether the user allowed the Camera application to share location information or not.”
As the market for smartphone user increases, tracking technology on mobile devices has now become a hot-button issue for privacy advocates and technology companies as the technology becomes more sophisticated and potentially more valuable to advertisers and more invasive for users. Earlier this year, Apple Inc. and Google Inc. came under scrutiny because their mobile software can also track user locations.
In early August, however, Microsoft revised its geographic location positioning service so the location of Windows-based devices could no longer be easily tracked. Specifically, Microsoft said it improved filtering to validate each location request so that Windows devices, like phones and laptops, no longer return an exact location. The change came in response to a report from Stanford University security researcher Elie Bursztein, who claimed that Wi-Fi data stored by Windows could be used to see where a particular laptop has been.
The question still remains unanswered is whether or not to allow a mobile to collect location data about itself presents users with a dilemma. They can shut down the option and preserve their privacy but by doing so, they also disable some of a phone’s nifty features, such as geotagging photos taken with the handset’s camera and calling up maps of a current location.
Complaint here [PDF].