Last week the big news was Carrier IQ--a utility installed on a large percentage of smartphones that tracks an extraordinary amount of information and activity which is provided to the carriers without any consent or knowledge by the customer. The investigation is just getting started, but there are plenty of questions. HTC and Samsung phones have it pre-installed, but only on certain carriers. Why some carriers and why some devices is yet to unravel. From GigaOm:
"AT&T and T-Mobile USA are just the latest to admit they received data from Carrier IQ on the behavior of their customers' smartphones. However, like Sprint, they claimed it used that information solely for network optimization purposes. Verizon is the only major U.S. operator untarnished. Apple copped to installing Carrier IQ's software on all its iPhones before the release of iOS 5. HTC and Samsung acknowledged implementing Carrier IQ, but only at the behest of their carrier customers, which didn't prevent them from getting slapped with class action lawsuits."
Carrier IQ is obviously an extreme example of privacy invasion, but smartphones do hold a treasure trove of personal information--an end user agreement and a free app may be all it takes to legally access it. It is surprising the access rights all these "free" apps require.
There was a very clever application launched last October (as a Halloween stunt) called TakeThisLollipop. The name comes from the lesson our parents taught us about taking candy from strangers. The application requires permission to access Facebook information, which most of us quickly grant. What follows is a terrifying glimpse of the wrong person accessing your data. The video includes freak-boy driving to your home with your photo on his dashboard. After the video, I went back to Facebook and reviewed the apps I'd granted permission to over the years and decided it was time to prune. Of course, they already have all my information.
The rules changed over the past few decades. Consumers had an established arrangement with advertisers and agreed to accept ads in exchange for free or cheap stuff--be it a newspaper, a television show, or radio program. The consumer got content and services, but it wasn't so great for advertisers. The pricing was flawed--based on eyeball exposure rather than exposure to prospects. And the notion of eyeballs was a best effort guess.
In the 1992 movie Sneakers, Cosmo explained the shift of power:
"There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think...it's all about the information!...The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes, little bits of data. It's all just electrons."
Cosmo was talking about how information technology controls the world. Those that control the electrons has a decided advantage. That was 20 years ago, and things have changed ever so slightly. Rather than humans using information to derive wealth, the information now is derived from the wealth of human information. Your information.
Which brings us back to the smartphone in general. Not only does it include our email calendar and address book, but also knows our location, photos, our text messages and more. The Wall Street Journal recently did a report on corporate and foreign surveillance and profiled several companies that legally sell products to hack into IT systems such as FinFisher:
"The company also claims to have allowed an intelligence agency to trick users into downloading its software onto BlackBerry mobile phones "to monitor all communications, including [texts], email and BlackBerry Messenger." Its marketing documents say its programs enable spying using devices and software from Apple, Microsoft, and Google Inc., among others. FinFisher documents at the conference were offered in English, Arabic and other languages."
There are three trends converging that make this a priority to understand.
1.) The ease of tracking information thanks to web cookies, sophisticated websites, and the breadth of information smartphones contain.
2.)Lack of legislation around privacy compared to more mature aspects of the law such as negligence and other forms of consumer protection that give protections by default.
3.) The complexity and ignorance around terms of service and end user agreements that are generally accepted and overly complex.
Google and Facebook know a tremendous amount of information about their users. Microsoft poked fun at "The Gmail Man" because Gmail reads the "free" email to determine the best ads to serve. It is an generally considered an improvement over shotgun advertising (for viewer and advertiser) and allows Google to charge a premium for improved targeting. Few people complain as ads are accepted, so they may as well be more relevant. Though, Google does get it wrong sometimes, as the video shows.
The Facebook "Like" button makes web advertising more social and provides improved measures for ad conversions. It also extends Facebook's tentacles across the web as the Like buttons report informatoin back to Facebook about Facebook user visits, even if unclicked. Combined with Facebook's new "frictionless" sharing, the electronic bread crumbs of our Internet behaviors are turning into loaves. Keep in mind, Facebook audiences easily rival those of prime time television in size--budgets are dramatically swinging from television to the Internet.
It is important to understand that Google and Facebook harvest this information and sell it as part of their business model to fund their free services. There are few restrictions on who they can sell this information to or what those customers can do with it. Facebook just got slapped by the FTC regarding its treatment of customer privacy. As have Google and Twitter previously.
In many cases, this personal information is obtained with full transparency via the user agreement or terms of service. In Are We All Online Criminals, Eric Felton wrote:
"Should you want to acquire music, books or apps digitally from Apple, be prepared to sign off on epic contractual language--more than 17,000 words of boilerplate. How different from the days when we could walk into a record store, pick out a disc and plunk down some cash. Of course, agreeing to any particular Terms of Service is voluntary--at least in principle. If you want to buy a CD without binding yourself to a mortgage-worth of legalese, you can always just go down the street to your local record store. Oh, and don't forget to pet the Western Black Rhino while you're at it. I suspect most of us make more legal agreements in a year than our grandparents made in a lifetime."
Consider the site www.dictionary.com; it offers free services, but installs over 200 tracking cookies in the visitor's browser. The business model is definitions for personal behavior details. "Whether it's one or 10 cookies, it doesn't have any impact on the customer experience, and we disclose we do it," says Dictionary.com spokesman Nicholas Graham. "So what's the beef?"
The beef is it is an area that is widely misunderstood. These agreements exist on just about everything. Even if you read over the license agreement they tend to change frequently. A return visit pops up an alert that you must accept a new agreement for access.
Some people feel that its no big deal--let them have the information. There is really nothing wrong with paying for apps with information, as you do with Gmail. The shift that is occurring is the amount of information being harvested and how it is being used. Carrier IQ said the data was used for network monitoring and improvements, which doesn't sound suspicious until you hear about its partnership with ratings king Nielsen. Forget wiretaps; those require a court order. The US Government should just get its information from Facebook or Google.
The National Defense and Authorization Act, currently under Congressional consideration makes this all that much more important. According to Wired:
"But far more dramatically, the detention mandate to use indefinite military detention in terrorism cases isn't limited to foreigners. It's confusing, because two different sections of the bill seem to contradict each other, but in the judgment of the University of Texas' Robert Chesney--a nonpartisan authority on military detention--"U.S. citizens are included in the grant of detention authority."...So despite the Sixth Amendment's guarantee of a right to trial, the Senate bill would let the government lock up any citizen it swears is a terrorist, without the burden of proving its case to an independent judge."
So you might want to reconsider searching for fertilizer or other common goods that could be construed as a weapon of terrorism.
Cosmo was right--there is a war out there--and as consumer devices invade the enterprise, it isn't just about consumer data any more either. Note that poor old RIM, with years of enterprise mobile experience, was not implicated in Carrier IQ. Over the next few years there is going to be a backlash against "free" services and perhaps even consumerization of IT.
Dave Michels is a frequent contributor and blogs about telecom at TalkingPointz.com
