Mobile Media and PrivacyPrivacy, Security and Forensics in the Digital Age Symposium
6 September 2012
Dr Jules F. Pagna DissoHead of Cyber Security Research EADS Innovation Works UK
Page 2
Disclaimer
.
The material in this presentation has been prepared by the presenter and does not represent in any shape or form the ideas of its employer.
.
• Mobile Media: Industry at a glance
• User Perspective on Mobile Media Privacy
• Privacy Concern Origin
• Mobile Media Privacy – the actor: Who is to blame?
• Usability vs. Privacy / Content vs. Privacy
• Better User Experience and Privacy
• Mobile Privacy Act UK 20..
• Future of Privacy Concern
Objectives
• Understand the reasons of mobile privacy concerns
• Understand our responsibility in ensuring our own privacy
• Discuss ways to improve the user experience and maintain a good level of privacy
Page 3
In this presentation
Mobile Media: Industry at a glance
Page 4
Mobile Media: Industry at a glance
Page 5
Mobile Media: Industry at a glance
Page 6
User Perspective on Mobile Media Privacy
Page 7
User Perspective on Mobile Media Privacy: Concerns
GSMA survey on user perspective on mobile privacy
• 81% of all mobile users felt that safeguarding their personal information was very important
• 76% said they were very selective about who they gave their information to because of their concerns
• 92% expressed concern about applications collecting their personal information without their consent
• 81% have concerns about receiving behavioural advertising without their consent
• • 84% want the choice whether to receive advertising based on their browsing behaviour and to
• be able to switch it on or off
• • 79% want the choice whether to receive location based advertising and to be able to switch it on or off
• 89% want to know when and how their information is being shared by an application
Page 8
User Perspective on Mobile Media Privacy: Concerns
• Exposure and engagement with the mobile internet and application
• Exposure to mobile advertisement (mainly SMS)
• Mobile users feel they have lost their privacy when they are bombarded with SMS
• Heavy mobile users have concerns when using apps, however over 60% of these users would carry their mobile experience as normal. 36% of these users would limit their activities.
• 50% of Heavy mobile users would regularly agree to a user agreement or privacy statement without reading it
• Medium / Light users appeared to be more diligent – 36%would agree to these statements without reading them
• For both audiences, the main reason for agreeing without reading these statements or agreements was because
• They were too long (52%) and they didn’t have the time (21%)• Non-users of mobile internet / apps had never considered privacy an issue on a mobile device.
• Their concerns were more about the loss of their handset - most did not think their mobile was technically advanced enough to pose a threat to their personal information
• People do not read privacy statement
• From 40% on regular PC to 19% on mobile devices (screen size
Page 9
Privacy Concern: Origin
• Faster network with higher bandwidth and affordable flat rate with lower mobile data cost
• Strong adoption of smart phones
• Growth of mobile apps, mobile game
• Location based campaigns (targeted campaigns)
• More media availability
• Rich media experience
• Growth in mobile payment and M-Commerce
• Race against profit
• Bad intentions
• Criminal intention
• Programming bad practices
• Mobile application poor design // poor display of privacy
Page 10
Page 11
Mobile Media Privacy: Actors
• Application developers and development
• ...simple functionality up front, while in the background, they send the identification number of the device, the personal whereabouts of the user, or even the contact details of friends, colleagues and customers to a server somewhere in the internet
• A study from the University of California in Santa Barbara (US) concluded that among 825 examined apps for the iPhone and its operating system iOS, 21 percent forward the ID number, four percent the current position, and 0.5 percent even copy the address book
• Jiang's team found that 48,139 of the apps (1 in 2.1) had ad libraries that track a user's location via GPS, presumably to allow an ad library to better target ads to the user.
• However, 4,190 apps (1 in 23.4) used ad libraries that also allowed advertisers themselves to access a user's location via GPS. Other information accessed by some ad libraries included call logs, user phone numbers and lists of all the apps a user has stored on his or her phone
• it was discovered that iPhone apps Path and Hipster were uploading user address book information without informed consent
• Meanwhile Twitter was criticised because its privacy policy failed to explain that if users used the “Find Friends” feature on its iOS and Android clients – Twitter would store the user's entire address book for 18 months.
Page 12
Mobile Media Privacy: Actors
• Application designer – Would you read these policies?
Page 13
Mobile Media Privacy: actors
Your mobile phone or maybe YOU ?
Page 14
Mobile Media: The law
Legal basis for free speech in the UK
The UK is known around the world for its respect for and tolerance of free speech. Although free speech has long been recognised as a common law right in Britain, it also has a statutory basis in Article 10 of the European Convention on Human Rights (the "Convention"), which has been incorporated into UK law by the Human Rights Act 1998.
In fact, Article 10 of the Convention goes beyond free "speech" and guarantees freedom of "expression," which includes not only the spoken word, but written material, images and other published or broadcast material.
When, however, you begin to consider the possible range of expression --including, say, hate speech that incites violence -- it becomes apparent that even a tolerant society has to put some limits on freedom of expression. Therefore, much of the law relating to free speech is concerned with trying to strike the right balance between freedom of expression and the use (or abuse) of that freedom in a way that harms society.
Article 10 of the European Convention on Human Rights itself recognises the need for some limits on free expression. It provides, however, that limits can only be imposed in order to achieve certain specified aims. The Convention lists several permitted reasons for limiting free speech, including national security, the protection of health or morals, and protection of peoples' rights and reputations.
Page 15
Usability vs. privacy
• http://www.cl.cam.ac.uk/~acr31/pubs/beresford-mockdroid.pdf
Page 16
Page 17
Mobile Media: better privacy with better user experience
Page 18
Mobile Media Privacy: What’s next
- No doubt, technology will continue to grow
- More and more media will be available via mobile devices
- Privacy concerns should be addressed
- Better education is needed for all parties involved in mobile media (users and producers)
- There is a need for strong regulations
- Problems will continue to occur if users are not given clear and transparent notice of an application’s access to and use of their personal information, or when they are not given an opportunity to express meaningful choice and control over the use of their information and secondary purposes and beyond that necessary to the operation of an application or service
Page 19
• Mobile Media: Industry at a glance
• User Perspective on Mobile Media Privacy
• Privacy Concern Origin
• Mobile Media Privacy – the actor: Who is to blame?
• Usability vs. Privacy / Content vs. Privacy
• Better User Experience and Privacy
• Mobile Privacy Act UK 20..
• Future of Privacy Concern
Objectives
• Understand the reasons of mobile privacy concerns
• Understand our responsibility in ensuring our own privacy
• Discuss ways to improve the user experience and maintain a good level of privacy
Page 20
In this presentation
Page 21
