Supreme Court ruling for mobile phone privacy does not answer Cloud issue
Forrester report an emphatic decision by the Supreme Court in the US this week, which has endorsed the fundamental right of the individual to safeguard the privacy of data held on a mobile phone and that the only way for 3rd party agencies to access this, would be to seek a warrant.
The sheer variety of applications now available on mobile phones (cameras, video players, Rolodexes, calendars, tape recorders, libraries, diaries, albums, televisions, maps, newspapers, forums etc.) reveal much about its owner as well as what can be shown through the browsing history. Consequently it was felt this would give 3rd parties too personal an insight about things we would prefer to keep private, even from our partners. The crossover impact for this in business is in BYOD where corporate employers may not yet have taken steps to assess and implement data security policies to safeguard corporate privacy.
With the increase of devices and wearable technology, much of the content will inevitably be stored in the Cloud and what is not revealed through the phone as its conduit, will be accessible once it hits storage sites like Dropbox, Evernote etc. So as soon as you have connected, you are no longer able to control that privacy, or that right. This ruling is insufficient therefore in the wider context of cloud content and management of personal (and customer data), so expect more rulings in future as the further legal ramifications are reviewed. As an MSP, it is your responsibility to be a privacy advocate.
Stop thief – you are turning me off!
Research by Glasgow Caledonian University into the way we hold and use smartphones, is leading to a new form of security being developed, to identify abnormal patterns which could trigger a “kill switch”. The software logs, monitors and profiles “normal” behaviour, carriage mannerisms, application access and timing, plus geolocation and browsing. Subtle changes to this information could indicate unauthorised use and prompt a shut down. The profiles take a few days of average use to build up a coherent picture and current versions of logging software are detecting illegal use within a couple of minutes which will no doubt get far quicker.
Lead scientist, Professor Lynn Baille notes that a further development of this software could be in authenticating identity. Research indicates users wiping or tapping in their pin up to 100 times a day to unlock their handset, which for some users is putting them off using security measures, if they have that choice. This new software could sanction access simply because the device is “in the right hands” and keeps a phone unlocked in normal use, except where a user needed to purchase something, or log in to a corporate network. Yet again, there are implications about privacy for such monitoring and whether this is managed centrally, or locally on the device.