When You're the Apple of Their Eye


Your Smartphone: An Intravenous Line into Your Financial Bloodstream

I couldn't agree more with the Senator and I believe that data collection from smartphones is worth your attention for a very simple reason: you don't know who's got information about you, or how they intend to use it. The stated purpose of data collection, about locations, and everything else, is targeted marketing. Where you go can reveal so many things about you: what you like, what you might buy, where it is you stand on the economic ladder. Now there is nothing wrong with targeted marketing in and of itself; in fact, many people who use Gmail find those very effectively targeted ads served up when they log in to their account convenient and useful. The problem is that that there is a secondary use for the collected data. In the wrong hands that information can be used to make you more vulnerable to the attacks of clever identity thieves. It's very simple—the more information that is collected about you, and the more companies that collect it, the more likely it becomes that the wrong guys get access.

[Related: The End of Digital Innocence: What Does the Epsilon Breach Mean?]

As Sen. Franken pointed out, "Anyone who finds a lost or stolen iPhone or iPad or who has access to any computer used to sync one of these devices could easily download and map out a customer's precise movements for months at a time."

You need to think of your smartphone as a sort of intravenous line—a tap into your financial bloodstream. Every company involved in the provision of your cell phone service, and the provision of services available through your cell phone, is probably collecting data about you in some way, shape, or form.

Last December, the Wall Street Journal also reported that Pandora, the popular music service with a very popular iPhone app, was collecting data on its users and transmitting that data regularly to eight different tracking companies. No matter how benign the intentions may be of the people who are "following" you electronically, the mere fact that information is being collected by folks with whom you are totally unfamiliar creates risks.

[Related: Digital Footprints: The Do Not Track proposal]

If the bad guys know that you visit a particular store in person as well as online, their phishing attack (in which a group of people are targeted) becomes a spear phishing attack (in which an individual is targeted). If they know where you go and who you are, they can correlate that information with facts gleaned from other sources and ultimately perform a far more credible impersonation of you.

In all those apocalyptic vision-of-the-future novels, the threat was aimed at personal freedom. But the clear and present danger today is aimed at your wallet. To thwart the cyber ninjas there are things that can be done and things that you must do. The single most important thing is the creation of legislation covering at least two areas: first, creating strict privacy laws codifying best practices for companies in the business of collecting this data, including strict penalties if systems are breached no matter who is at fault; and second, creating laws to provide disclosure to consumers as to who is collecting what and how, giving the consumer the ability to "opt out" at all times.

  • 1
  • |
  • 2
  • |
  • 3
Join the Discussion
blog comments powered by Disqus
You Might Also Like...