Follow by Email

Friday, 4 March 2016

Who's watching now?

With recent news topics covering the “standoff” between the FBI’s ask for access to `the San Bernadino Killers’ phone and Apple seeking to stand up and protect the privacy of its customers with concerns this could quickly become a default ask for all devices, ironically, I am getting a sense of déjà vu from almost 15 years ago when operators were facing the same debate.

15 years ago, governments and their security agencies were asking telecom operators to share their voice and data information for people deemed a security risk or to investigate a person’s activities prior to an event that happened - criminal or otherwise. At that point, the world was up in arms as to what this would mean for personal security or for that matter privacy as  governments were able to track what people were doing and where they were going.

However, over the years this has become a norm and, although not always accepted, a balance has been established where the operators report to the public on how many times they are asked to share information by the relevant government agency. What is interesting here is that this data is quickly becoming irrelevant as we move to digital and start to reduce our use of mobile platforms like traditional voice and SMS. With these traditional platforms, operators have had visibility of the activities of individual’s voice and messaging communications, whilst in our digital world all communications are increasingly moving to IP or Internet based services. This makes it incredibly difficult for operators to keep track, if they can keep track of the information at all.

I recognize that it is not only telecom operators being asked for end user information, but also the over-the- top players like Google, Apple and Facebook among others, and that they report on these regularly to the public. However, we need to recognize that there is increasingly ony one common source when it comes to telecom services, over-the-top services and other applications and that is simply our mobile phone. A little like our wallets used to be with our ID, credit card information, loyalty cards, receipts etc, with all of this now digital it is the mobile phone, which will increasingly become the centre of security discussions.

It is therefore not surprising that in recent surveys when people are asked what they would be most worried to lose the “mobile phone” is becoming increasingly prevalent[1], versus a decade ago when it was their wallet. The simple reason for this being we store more of our lives in our phones and online that anywhere else these days. Government agencies can approach credit card companies or operators and even online providers to ask for data about an individual, but the one area they are still trying to gain access to remains the phone. The documents, photos, message exchanges all have a common source instead of trying to debate access rights with all of the individual platforms.

I raise this because at some point the “national security” card will get played by government agencies and businesses could end up being forced to comply, similarly with what telecom operators have been through already. I would like to suggest to these handset manufacturers and over-the-top providers to start collaborating together about how they can protect the majority and isolate any handset access to be limited to individual cases. Perhaps there is a unique code that is created based on mutual compliance between the vendor and a government agency for an individual handset, that is to say avoiding sharing access to all phones through a generic override code or similar, which governments could then gain access to whenever they should so choose. In combination with this, then provide visibility to the public as to how many devices the government agency requested access to and how many devices they were given access to. Now this is just a suggestion and the important point here is for the digital community to think through a proactive approach of how they want to engage government agencies rather than being forced to comply with some all-encompassing banner of national security.

Our world continues to change and we need to remember that our lives, which were once paper-based, followed by analog and mobile, are now quite simply digital. Combine this with many governments that continue to fear what they don’t understand, the result is raising concerns on information that they believe exists, but are unable to see or control. In a digital world, where the data we create and store is growing exponentially every day, of course it is impossible to track absolutely everything. However, perception can quickly become reality, as governments and their associated agencies will continue to want to gain further visibility of our digital lives. So, we either act proactively and educate through defining an engagement model which protects the majority of people and addresses data sharing when only absolutely critical for the protection of society, or digital businesses will rapidly become the victims after a few cases under the banner of “National Security” become common place.

I appreciate this is a fine balance and many people will be unhappy with the idea of giving up privacy of our personal items, some will say this must be defended at all costs, but there are precedents already and I fear simply defending will result in a outcome none of us are happy with. I for one would rather know there is an understanding between digital providers and governments as to how this will be managed in the future before it becomes a case of turning on my phone or tablet and asking myself the question “Who’s watching me now?”