Think You Can Use Smartphones In-Store? Read The Contract First

Attorney Mark D. Rasch is the former head of the U.S. Justice Department's computer crime unit and today serves as Director of Cybersecurity and Privacy Consulting at CSC in Virginia.

With many retailers contemplating the use of iPhones or other smartphones for mobile payments or as in-store selling aids, overly restrictive contract terms aren't going to fly. But that is exactly what a typical smartphone wireless contract is full of. For example, apps that use data or stream video so an iPhone can work as an in-store sales aid may be a contract violation. And on the customer side, mobile-payment apps violate contract terms, too.

It's bad enough for retailers that smartphones can't be locked down against software changes. But terms like these (which are becoming the norm) mean payment-card transactions and many types of data that retailers may want to use would violate a mobile operator's contract—and could make smartphones practically unusable for in-store purposes. This assumes, of course, that the telcos opt to enforce these clauses, which were probably crafted with little thought about the likely mobile-payment world of 2012.

How bad are these terms? Have you read your wireless contract lately? Not your hundred page bill, but your contract. You might be surprised. For example, if you are an AT&T iPhone customer, you will find that it is a violation of your contract to download and use Web applications (apps) that use data. Or to use Skype or streaming video services. Or to "tether" your phone to another computer to, for example, enable you to view Flash content.

In this case, that's because if AT&T determines—at its own discretion and without providing any notice—it thinks a customer has done anything that violates his or her contract, AT&T may terminate service unilaterally or change the customer to a different plan. What's worse, AT&T can also read customers' E-mails, monitor their network traffic, analyze their usage and, yes, listen in on their voice calls (even those to their lawyer) if it believes these actions will help AT&T protect its rights.

Oh, and that part in the contract that requires all disputes between the customer and AT&T to be submitted to arbitration? That doesn't apply to AT&T's disputes with the customer. The mobile operator asserts that it can unilaterally change the terms of the contract, or terminate service without notice, without providing any evidence of breach and without arbitration or judgment. It also can make the consumer keep paying for the terminated service and, if the customer doesn't, AT&T can go to a collection agency and sue the customer without arbitration.Although AT&T advertises that it offers "unlimited" data for a price, it reserves the right to limit customers' "unlimited" use if it determines they have engaged in "excessive usage" or if their use compromises AT&T's network capacity or results in a degradation in performance of its network. In other words, if AT&T does not build sufficient capacity for customers to use their unlimited data plan, it can kick those same customers off but continue to require them to pay.

These problems are not unique to AT&T. All contracts are written to protect the interests of the person writing the contract, and the AT&T wireless subscriber agreement is no different in that regard. Of course, if you are a retailer rolling out smartphones for associates to use in hundreds of stores, your legal department might negotiate much better terms for your contracts. While you are testing and doing pilot projects using a consumer device, you'll probably inherit those consumer contracts. And they will definitely apply to consumers who want to make mobile payments.

AT&T contends that its current wireless agreement spells out the only uses anyone can make of its "unlimited" plan:

Except as may otherwise be specifically permitted or prohibited for select data plans, data sessions may be conducted only for the following purposes: (i) Internet browsing; (ii) E-mail; and (iii) intranet access (including access to corporate intranets, E-mail and individual productivity applications like customer relationship management, sales force and field service automation).

That's it. Browse the Web. Send or receive E-mail. Connect to an intranet. Everything else is prohibited. That's right: Everything else.

Web apps (which are not technically "browsing" the Internet): gone. Streaming video: gone (so forget about managers using an iPhone to keep an eye on a store's front door, stock room or checkout lines). Anything that generates "excessive amounts of net traffic": gone.

And if AT&T thinks that a customer is doing something in violation of the agreement, "AT&T reserves the right to (i) deny, disconnect, modify and/or terminate Service, without notice, to anyone it believes is using the Service in any manner prohibited or whose usage adversely impacts its wireless network or service levels or hinders access to its wireless network." No proof necessary. AT&T just has to believe it.And if AT&T—as ISP, wireless carrier, wireless data carrier, phone company, GPS locater and text message provider—thinks a customer is in breach of the contract, then "AT&T may, but is not required to, monitor your compliance, or the compliance of other subscribers, with AT&T's terms, conditions or policies." Thus, it can read your E-mails, monitor your GPS location and cell tower location, filter and analyze your network traffic and, what is worse, listen in on your phone calls. (Yes, that's perfectly legal under provisions of the federal wiretap law.)

It also means AT&T can intercept and disclose payment-card information that's transmitted if an iPhone is used for mobile payments or as a POS—not to mention inventory data and other retailer proprietary information. No wonder the logo looks like a Death Star!

Of course, there's a reason for such restrictive contracts. Mobile providers have learned they can make a business out of writing restrictive policies that prohibit a host of perfectly legitimate uses, and then force customers to repurchase these services.

For example, tethering is purportedly prohibited by the contract because it causes "excessive usage." Then AT&T discovered it could make a business out of charging additional money for tethering. So now, tethering is no longer evil and destructive—as long as you pay extra for the "unlimited" data you are using. And if AT&T finds out you are using tethering (by monitoring your use), it will graciously and automatically charge you for its new service. Oh, no arbitration necessary.

If someday AT&T finds it can make a business out of streaming music, it can graciously terminate customers' access to Pandora and upgrade them to AT&T's music service. Same with GPS—Navigon disappears in favor of an AT&T service. Same with everything that does not specifically constitute "Web browsing, E-mail and intranet access."

And if AT&T discovers customers are making mobile payments with something other than an AT&T-backed service or retailers are using in-store retail applications that don't fall strictly into those categories? All bets are off.

For retailers trying to use smartphones in-store and support mobile payments, that's not just a nuisance. It's a threat to security, reliability and IT functionality.

If you disagree with me, I'll see you in court, buddy. If you agree with me, however, I would love to hear from you.