Privacy and the mobile

July 29, 2014 |

The Conversation usually publishes insightful and well written pieces on subjects of public policy, law, science or the humanities (to name but a few topics covered).  Sometimes its offerings are not so good.  Like with Your life in their hands – privacy and your mobile device.  Something of a curate’s egg – good in parts.

It provides:

The explosive uptake of mobile devices including smartphones and tablets has us immersed in a complex, volatile soup of hyper-connected digital technologies, where not only is the perception of time being compressed, but privacy protections are being reshaped.

Smartphones and mobile devices are highly sophisticated micro computers packed with tightly integrated geospatial, optical, voice synthesis, radio transceivers, motion detectors and other technologies, glued together by very smart software.

The concentration and integration of these technologies into a single handheld device transforms the smartphone into a truly multifunctional device. This concentration, however then becomes a serious threat to privacy protection, as we are seemingly inseparable from our smartphones.

For the most part, we still appear to be concerned about our own privacy online.

The 2013 Office of the Australian Information Commissioner (OAIC) Community Attitudes to Privacy study found the majority of those sampled were concerned about the loss of protection of their personal information online whether through identity fraud, theft, misuse or other means. These findings are also mirrored elsewhere.

Notwithstanding our concerns about privacy, will our love of smartphones lead us to willingly trade off our concerns of privacy for this convenience?

Privacy legislation meets the smartphone – who wins?

Legislation may be passed, but how effective it is in a virtual, volatile and jurisdiction agnostic digital world remains to be seen. The rapid pace of development and change in digital technologies stands in stark contrast to the comparatively glacial rate of change in legal and regulatory frameworks. The effectiveness of any legislation is based on considerations such as the deterrence factor, the actual protections afforded under the law and the practicalities of enforcing the law.

But when it comes to new and emerging digital technologies – which cut across conventional legal jurisdictions – the effectiveness of legislation is sadly lacking.

The effectiveness of privacy and data breach legislation is questionable, at best. The volume and severity of data breaches continues apace, despite the substantial increases in spending on information security measures as well as the existence of privacy protection legislation and mandatory data breach reporting in many countries.

The dismal rate of successful convictions of elusive cybercriminals is testament to the comparative ineffectiveness of our jurisdiction-bound legal frameworks in the face of rapidly evolving digital technologies and their associated applications.

A rich target

Given the ubiquitous nature of mobile devices, they are rich targets for legitimate information harvesting as well as cybercrime as they concentrate, generate and broadcast a wealth of personal information about our lifestyle patterns and habits in one place. The array of systems and apps on your smartphone that continually harvest, interrogate and report back to their masters on the various types of your usage data including geospatial, phone call details, contacts and hardware information is where the real value lies to others.

Internet security company Kaspersky Labs, recently uncovered an extensive legal cyber sleuthing network with over 300 servers dedicated to the collection of information from users located in over 40 countries including Kazakhstan, Ecuador, Colombia, China, Poland, Romania and the Russian Federation. A number of these countries, however, are also associated with known cybercriminal activities.

The bottom line is that, as an individual consumer of smartphone and tablet based technologies loaded with apps, we are relatively powerless to do anything about protecting our privacy.

Your ultimate protection lies in your choice whether to download that app or not, or to limit the use of your smartphone to only making phone calls.

When deciding to load any smartphone services, in the majority of cases, you have to agree with non-negotiable terms and conditions of the provider. A Hobson’s choice at its best.

Tips for protection

Despite this, there are nevertheless a few fundamental steps you can take to help mitigate the risks to your privacy. These include:

  1. Purchase reputable mobile device security software and install it to your mobile device. This will not only help keep your device clear of known malware and viruses, but also scan all apps and other software for known privacy risks.

  2. If you are no longer using an app, remove it from your device.

  3. Download apps from reputable sources only. If the originator is a real, legitimate business, delivering a real service using their bespoke app the risks of mal- and spyware are minimal. The challenge is that reading the standard “terms and conditions” of the app (if offered) can be not only onerous, but the full ramifications from accepting that the app will access other services on your mobile device (such as location, contacts, call details or any unique network or hardware identifiers) may not be fully understood.

  4. Mobile devices are easily lost or stolen. Ensure you setup your power-on and screen lock security, as well as a other security measures including remote wipe and location identification services.

  5. When disposing your mobile device, ensure you remove any SIM and data cards then perform a hard factory reset. This will return the device to its original ex-factory settings, and remove all traces of your data from the device.

The bald statement that “The effectiveness of privacy and data breach legislation is questionable, at best” is more assertion than argument.  The supposed basis for this sweeping statement is that that “..volume and severity of data breaches continues apace..” and the author hyperlinks to an article from the Economist titled Defending the digital frontier. This article was one in a series on a special report on cyber security by the Economist earlier this month.  But the Economist came out in favour of mandatory data protection laws.  Duh! The author also ignores one of the bases for data breach notification laws, to notify those whose personal information has been accessed or compromised.  A person whose data has been stolen or otherwise accessed should have the right to be made aware of that fact so that he or she can take remedial action if necessary.  The author is right that cyber crime is a real problem.  It is difficult to stop a determined hacker.  But proper security measures will make that task hard and that is usually enough to dissuade a garden variety criminal.  Prosecutions can be difficult, particularly where the cyber criminal is in a foreign jurisdiction which does not have a strong government or which is apathetic about such activities. Or complicit in them.  But that does not mean the effort should not be made and that organisations that hold personal information should not maintain proper security controls and properly store and handle data.  That is usually a bigger problem than master criminals at work.

The piece tends to be a jeremiad with a sub text that paraphrases Dr Strangelove “How I Learned to Stop Worrying and Love the Net”.   The conclusion being:

The bottom line is that, as an individual consumer of smartphone and tablet based technologies loaded with apps, we are relatively powerless to do anything about protecting our privacy.

is inane.  Simplistic and foolish.  Some apps are better than others.  Regulators should do more to regulate apps and force them to protect and respect privacy.  Regulators are focusing on that issue at the moment.  They need proper powers and need to be assertive in their use.

There are some good points made and the tips are useful in a very general sort of way.

But as a piece in the Conversation it is a disappointment.

One Response to “Privacy and the mobile”

  1. Privacy and the mobile | Australian Law Blogs

    […] Privacy and the mobile […]

Leave a Reply