Will Mobile Phone Security Always Be An Oxymoron?
Is true mobile phone security a lost cause? With the increasing popularity of mobile messaging applications with weak security practices, the escalation of sim card registration requirements, and the nearly antiquated legal definitions of the ways that mobile phones are used by citizens, securing mobile phone communications is a multi-faceted problem.
I’ve done mobile security trainings for a number of years now. And one of the biggest challenges that emerges with thinking through mobile security is all of the different areas where threats can emerge: the technical infrastructure of GSM networks, the personal information that’s needed to obtain a sim card, the location tracking capabilities of phones, and the list goes on.
During RightsCon, I had the opportunity to chat with the following rockstars about the current state of mobile security and what can be done to make improvements:
Alix Dunn, Creative Lead at The Engine Room
Bryan Nunez, Technology Manager at The Guardian Project
Carly Nyst, Legal Director at Privacy International
Chris Tuckwood of The Sentinel Project
Craig Vachon, VP Corporate Development at Anchor Free
Pablo Arcuri, Chief of Party at Internews
Oktavía Jónsdóttir, Program Director at IREX
Rory Byrne, Founder and CEO at Security First
During this panel, a number of important steps forward emerged to (hopefully) improve the state of mobile security expansion.
1. It’s not the users’ fault: Most communication around digital security puts almost all onus onto users to protect their data. Instead, if service providers are unable to provide adequate security to safeguard the private data of their customers, or clear options for users to secure their data beyond the default settings, then this is the fault of providers. Instead of constantly holding individual users’ responsible for data security, technology companies and mobile network operators need to improve the safety of their products and be more clear about what vulnerabilities exist and how they are being mitigated.
2. Shaping notions of privacy at an early age: As younger and younger individuals gain access to and regularly use mobile phone technologies, understanding the impact of oversharing personal information as well as its ownership by companies is lacking. Instead of targeting trainings and awareness-raising campaigns to adults, sharing this information with youth who have begun to trust implicitly the privacy promises of service providers without in-depth technical knowledge of how mobile networks function would serve an emerging need.
3. Shared responsibility: there are multiple stakeholders, beyond users, who benefit from mobile security. Thus, it is imperative for mobile network operators and providers to be more overt about what they do with customer data, mobile phone and application providers to improve technical vulnerabilities and limit the scope of customer data collection, governments to safeguard the privacy and free expression rights of consumers through pushback against encroaching legislation, and for citizens to continue to insist on protection of their rights by companies and government for their mobile phone communications.
There is still much work to be done, but we look forward to continuing the paradigm shift of what true mobile security entails.