Numerous news organizations reported yesterday that popular iPhone and Android Application developers received grand jury subpoenas purportedly relating to a criminal investigation into whether the Apps obtained and transmitted User information without proper disclosures. WSJ’s coverage, ARS Technica, Bloomberg. According to the news articles, the existence of the investigation became public when Pandora disclosed in an SEC filing that it received a grand jury subpoena in early 2011 “to produce documents in connection with a federal grand jury, which [it] believe[s] was convened to investigate the information sharing processes of certain popular applications that run on the Apple and Android mobile platforms.” In addition, Pandora stated that it isn’t a specific target of the investigation and that it believes similar subpoenas have been issued to other Apps. The articles state that it is suspected that the grand jury investigation grew out of the Wall Street Journal’s December 17, 2010 “What They Know” article, which reported that popular applications on the iPhone and Android mobile phones transmit information about the phones, their users and their locations to outsiders, including advertising networks. Also, as noted here, several civil suits filed mainly in the Northern District of California have made similar allegations.
Generally speaking, the government has used the Computer Fraud and Abuse Act to prosecute computer “hackers” who circumvent code-based restrictions on accessing a protected computer, and it would be unprecedented to pursue a theory that turned on the adequacy of a privacy policy disclosure in the absence of such a code-based restriction. See this law review article for more information.