TORONTO – Ontario’s Information and Privacy Commissioner says she, too, would like to see the Canadian wireless industry do far more for their customers on the security front.
Dr. Ann Cavoukian told Cartt.ca in a recent interview that she supports the CRTC’s renewed insistence on holding our wireless carriers’ collective feet to the fire when it comes to helping their customers protect the data on their mobile phones when they are lost or stolen. “Absolutely, they should be doing more,” said Dr. Cavoukian of the country’s wireless service providers.
“I mean, it's no longer just you lose your cell phone,” she said. “Who cares about that particular device? It's everything that the device contains that has such enormous value – and it seems crazy to me that people use smartphones and other mobile devices without some kind of protection of the information contained in them.”
Dr. Cavoukian noted that while it is also up to individuals to protect themselves, the handset makers, app developers, software writers and network operators all must play a role to help. She and her office have been pushing as hard as possible to make privacy, not openness, the default setting when it comes to the technology itself, meeting with developers and the handset makers to press the idea of doing their utmost to protect privacy first and foremost under the Privacy By Design guidelines. “We felt that in order to be proactive and protect privacy in every aspect with all these new practices and infrastructure, we needed the co-operation of… the device developer, the platform developer, the network provider and the apps developer,” she said.
Mobile customers are regular, busy people and often don’t know or don’t educate themselves on how to protect their data and that’s why the companies involved must help them with easy-to-use security protection and apps whose default settings are strict privacy. “Give them one application for privacy protection in security controls that will run across apps, and it's not just one company,” Dr. Cavoukian explained. “They can, of course, always provide really simple, easy-to-understand user interfaces for such controls because… people aren’t really inclined to use things anyway, let alone if they’re difficult.”
The IPC office has done substantial work on this issue, including a December 2010 report called The Roadmap for Privacy By Design in Mobile Communications; A Practical Tool for Developers, Service Providers and Users.
The federal government’s Office of the Privacy Commissioner has also urged Canadians to take control of their data with a 2011 survey which showed only 40% of Canadians protect their handsets with a password. The federal office also set out tips for Canadians to protect themselves. None of even this basic warning information seems to be available on the web sites of the Canadian wireless companies to help urge consumers to take action.
This, combined with the fact that smartphones will soon be acting as the de facto wallet for Canadians – a large number of whom do their banking over their mobiles already, has privacy commissioners on edge and forced the CRTC to demand action from the Canadian Wireless Telecommunications Association and its members, as Cartt.ca has reported. The CWTA says a consumer education campaign is coming soon, which Dr. Cavoukian said she is anxious to see.
She also noted that it is simply in the industry’s best interests to act on this on its own, and soon, lest it risk more regulation. “All the companies must move forward themselves with tougher measures, because they want to avoid legislation and demonstrate how they can handle it themselves,” she said.
“We know theft is going to happen and loss is going to happen, so I would say try to minimize the harm when it comes to personally identifiable data… encrypt it on mobile devices… because if the personally identifiable data are encrypted and they actually lose the device, it's unfortunate; but the harm is minimal because the personally identifiable data isn’t accessible.”
Acknowledging that consumers must also defend themselves, and saying “it boggles the mind” how much data people have on unprotected phones, she adds “people are just too busy to figure all of this out,” and need help from their network providers.
“I don't know why these companies don’t look for better ways to try to strengthen the protection on the mobile devices.”
