Home Your Tech Mobility Mobile computing security 'worse than the wild, wild west', says FTC

Mobile computing security 'worse than the wild, wild west', says FTC

According to the US Federal Trade Commission’s (FTC) Bureau of Consumer Protection business, regardless of size has a legal responsibility to properly disclose what information it collects then to secure it and finally dispose of sensitive consumer and employee information.

In a case against Compete, a web analysis company that uses web tracking software (Compete Toolbar) to collect personal data without disclosing the extent of what it collects the FTC has ordered that in future the company must obtain consumers express consent. The company captured: usernames and passwords; searches conducted; credit card and financial account information, security codes and expiry dates; social security number and more.

In another recent case the FTC found seven “rent to own” firms using DesignerWare software spied on their renters by using so called “location tracking software” that captured screen shots, key stroke logging and activated and took web can pictures of users all without notice or consent. The software also contained a “kill switch” that could be used to disable the computer if payments were late.

Even Google got caught in September 2012 and had to pay a record setting penalty of $22.5M to the FTC over circumventing Apple’s Safari browser (iPad, iPhone and Mac) by placing cookies which delivered targeted advertisements to users. “No matter how big or small all companies must abide by FTC orders… and keep their privacy promises…” See iTwire story

So serious is the FTC that they have just fined developers of Path, a social networking app US$800,000 for collecting personal information from children without parental consent by interrogating users mobile address books. FTC has a special US Children’s Online Privacy Protection Act (COPA) that helps to protect children under 13 years.

The FTC is now looking at privacy issues for mobile apps (smartphones and tablets). The issue has only started since smart mobile computing devices have virtually dominated phone sales. See iTWire story

Staff have prepared a string of recommendations titled “Building Trust Through Transparency” which if implemented would ensure that smart phones include a “do not track” feature. The majority of recommendations are about informing the consumer what information is collected to allow them to make an informed decision – do you care if location data is collected to give you a list of local restaurants?

Implementing the FTC policy won’t be easy. At the top end it will require mobile phone OS makers (Apple, Google, Microsoft and Blackberry) to secure the system API’s against data leaks from geolocation, contact lists, calendar information and photos etc. API’s will need to inform the user if an App is trying to access such data. A great suggestion was that the OS makers develop a dashboard system that analyses what Apps access and to provide a “one button” do not track facility.

At the next tier the App developers, advertising networks and analytics companies will most likely lose access to the data that has made them a lot of money. Recommendations included having a plain simple disclosure policy – what is collected and what it is used for. Apps would also be required to alert the user and obtain “just in time” consent before use.

Even ISP’s and Telco’s will be drawn into the web needing to ensure compliance.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!