With recent news topics covering the “standoff” between the
FBI’s ask for access to `the San Bernadino Killers’ phone and Apple seeking to
stand up and protect the privacy of its customers with concerns this could
quickly become a default ask for all devices, ironically, I am getting a sense of
déjà vu from almost 15 years ago when operators were facing the same debate.
15 years ago, governments and their security agencies were
asking telecom operators to share their voice and data information for people
deemed a security risk or to investigate a person’s activities prior to an
event that happened - criminal or otherwise. At that point, the world was up in
arms as to what this would mean for personal security or for that matter
privacy as governments were able to
track what people were doing and where they were going.
However, over the years this has become a norm and, although
not always accepted, a balance has been established where the operators report
to the public on how many times they are asked to share information by the
relevant government agency. What is interesting here is that this data is quickly
becoming irrelevant as we move to digital and start to reduce our use of mobile
platforms like traditional voice and SMS. With these traditional platforms, operators
have had visibility of the activities of individual’s voice and messaging communications,
whilst in our digital world all communications are increasingly moving to IP or
Internet based services. This makes it incredibly difficult for operators to
keep track, if they can keep track of the information at all.
I recognize that it is not only telecom operators being
asked for end user information, but also the over-the- top players like Google,
Apple and Facebook among others, and that they report on these regularly to the
public. However, we need to recognize that there is increasingly ony one common
source when it comes to telecom services, over-the-top services and other
applications and that is simply our mobile phone. A little like our wallets
used to be with our ID, credit card information, loyalty cards, receipts etc,
with all of this now digital it is the mobile phone, which will increasingly
become the centre of security discussions.
It is therefore not surprising that in recent surveys when
people are asked what they would be most worried to lose the “mobile phone” is
becoming increasingly prevalent[1],
versus a decade ago when it was their wallet. The simple reason for this being
we store more of our lives in our phones and online that anywhere else these
days. Government agencies can approach credit card companies or operators and
even online providers to ask for data about an individual, but the one area
they are still trying to gain access to remains the phone. The documents,
photos, message exchanges all have a common source instead of trying to debate
access rights with all of the individual platforms.
I raise this because at some point the “national security”
card will get played by government agencies and businesses could end up being
forced to comply, similarly with what telecom operators have been through
already. I would like to suggest to these handset manufacturers and over-the-top
providers to start collaborating together about how they can protect the
majority and isolate any handset access to be limited to individual cases. Perhaps
there is a unique code that is created based on mutual compliance between the
vendor and a government agency for an individual handset, that is to say avoiding sharing access to all
phones through a generic override code or similar, which governments could
then gain access to whenever they should so choose. In combination with this,
then provide visibility to the public as to how many devices the government
agency requested access to and how many devices they were given access to. Now
this is just a suggestion and the important point here is for the digital
community to think through a proactive approach of how they want to engage
government agencies rather than being forced to comply with some all-encompassing
banner of national security.
Our world continues to change and we need to remember that
our lives, which were once paper-based, followed by analog and mobile, are now
quite simply digital. Combine this with many governments that continue to fear
what they don’t understand, the result is raising concerns on information that
they believe exists, but are unable to see or control. In a digital world,
where the data we create and store is growing exponentially every day, of
course it is impossible to track absolutely everything. However, perception can
quickly become reality, as governments and their associated agencies will
continue to want to gain further visibility of our digital lives. So, we either
act proactively and educate through defining an engagement model which protects
the majority of people and addresses data sharing when only absolutely critical
for the protection of society, or digital businesses will rapidly become the
victims after a few cases under the banner of “National Security” become common
place.
I appreciate this is a fine balance and many people will be unhappy with
the idea of giving up privacy of our personal items, some will say this must
be defended at all costs, but there are precedents already and I fear simply defending will result in a outcome none of us are happy with. I for one would rather know there is an
understanding between digital providers and governments as to how this will be
managed in the future before it becomes a case of turning on my phone or tablet
and asking myself the question “Who’s watching me now?”
