The Gaping Holes in Mobile Phone Security
A recent study conducted by Freedom House and the Broadcasting Board of Governors evaluated a comprehensive range of mobile technologies—from smartphone devices including iPhone, Nokia, and Droid, to the applications and security protocols that are installed on them—to determine how secure one can really be on a mobile phone. The purpose of the effort was to assess the dangers of using mobile phones in countries where privacy rights are not respected, and where the rule of law and due process are faulty or nonexistent. Mobile phones, rather than internet-enabled computers, are often the communications method of choice in these countries, which makes them a top priority for government surveillance. The findings of the study were quite worrying.
Across the board, the assessed technologies failed to adequately protect user security. In autocratic countries such as Belarus, China, and Iran, this has serious implications for human rights defenders, journalists, and political opposition figures, as well as for ordinary citizens. Individuals who manage to get on the bad side of the government in these countries are harassed, imprisoned, tortured, or even killed, and there is no structure in place to prevent authorities from using mobile phone data to carry out such abuses.
Are citizens in nondemocratic countries the only ones who should be concerned? Perhaps not. In the United States and other democracies, there are certainly institutions and procedures designed to protect user privacy, as well as legal remedies if one’s privacy rights are violated. But these safeguards are far from ironclad, and they may be falling behind the pace of technological development. Moreover, even the most benign government is likely to be tempted by the monitoring opportunities associated with devices like smartphones, which a growing number of citizens carry 24 hours a day, seven days a week.
Here are five things everyone should know about the safety of their mobile phones:
Big Brother could be watching. The video and audio recording capabilities that have become so vital to capturing important moments in our lives are also perfect surveillance tools for intrusive governments. It is even possible for the cameras and microphones in smartphones to be remotely activated by government agencies and mobile service providers.
There is nowhere to hide. The Global Positioning System (GPS) that allows us to get directions, find local businesses, and keep tabs on our friends and family members can also be used by governments to track our movements. Because most of our phones rarely leave our sight, we are essentially carrying personal tracking devices.
Our mobile carriers can’t protect us. Mobile providers gather personal data to keep up with our constant desire for customized services, and perhaps more importantly, because it is immensely profitable for them. However, once this data has been gathered, it is for the most part out of our control. Relying on these companies to make the right decisions about who is allowed access to personal information—particularly under threat from governments or when the provider itself is a state enterprise—is not a very safe bet.
The choice is not ours. When we buy a computer, we have the power to install the security tools of our choice, including applications that encrypt communications, circumvent censorship, and detect viruses and malware. When we buy a mobile phone, we are generally forced to use the default settings of the mobile operating systems we purchase. According to the recent Freedom House study, these default settings are grossly inadequate for keeping us secure. Moreover, add-on security and encryption options are often incompatible with the phones and/or limit one’s ability to use other features.
Everyone is to blame. Because mobile security is threatened on various fronts—mobile networks, operating systems, applications, handsets, and users—it is nearly impossible for any single actor to change the situation. The only way to better protect our security is through improved coordination among all players. In the meantime, users in repressive environments should be aware of the risks they are taking, particularly if they are engaging in activities likely to put them on the radar screen of their government.
Photo Credit: Gesa Henselma
The technology that some governments are using to oppress their own citizens is primarily developed in advanced democratic countries. The developers of these tools appear more concerned with potential profits than the potential risks they might pose when misused by repressive regimes. But even those of us who do not have to fear an authoritarian government should care about what we may be giving up in order to live in an interconnected world. Our information is out there, possibly forever, and probably out of our control. It might be time to start demanding new phones and applications that protect our privacy and security as well as entertain us.
Analyses and recommendations offered by the authors do not necessarily reflect those of Freedom House.