How Are Consumer Privacy, Security and Government Regulation Affected by the Latest in Mobile Innovations?
MWC Barcelona (#MWC19) debuted revolutionary changes, including the increased unveiling of 5G network use and the highly anticipated advent of foldable phones.
Yet, in the wake of the massive “Collection 1” data exposure (followed by Collections 2-5), last year’s abundant data breaches and Facebook’s Cambridge Analytica misuse of consumer information—security and privacy in the mobile space were on a lot of people’s minds. Closely related discussions tackled increased government regulation on how data is managed as technological advances connect us more extensively—and at faster speeds.
Mobile manufacturers, retailers, resellers and service providers from around the globe descended on “the biggest event in mobile” to cover these topics and more. Blancco was there in full force, with 16 staff members from Europe, North America and Asia. At our booth, customers and solution seekers met face-to-face with sales and support teams. Through software demos and conversations, they discussed trust and data privacy concerns, retailer and reseller diagnostic needs, and what Blancco is doing to support mobile-related businesses in bolstering consumer confidence in this era of $1,000 phones and ultraconnectivity.
We had a fantastic response to showing that we can track a phone across the mobile ecosystem from retailer to processor, providing valuable data to our customers on what happens to the phone along its journey.
But, particularly with the release of Blancco’s recent research study on consumer trust in the mobile markets, there was a lot of discussion on what really happens to consumer data when used phones are traded in, and how mobile technology in general affects our data privacy.
Consumer Trust is Critical in Mobile Resale Markets
It’s sometimes thought that government regulation and oversight can stifle innovation. But the issue of protecting mobile consumers’ personal information on new and used devices is an important one, and it’s unclear whether industry or regulators should take the lead in establishing protocols. With faster data delivery and sharing speeds, data breaches are often undetectable for long periods of time, despite the volume of data that may have been accessed. In the mobile space, consumers trade in old phones for new devices, increasingly aware that they could be sharing residual information about themselves. But as one password or piece of personal information on one device can easily lead to entrances to other repositories of consumer information on other accounts or devices, consumers are right to be cautious about who handles their used devices.
The Secondary Device Market is Growing
In a conference panel, “How to Secure a Connected Digital Society,” Russ Ernst, EVP of Products and Technology for Blancco, empathized with consumers wanting to cut costs when buying a new phone, as well as original equipment manufacturers (OEMs) recapturing those devices.
“If you’re like me, you have three or four old smartphones sitting in a desk drawer somewhere,” he said. “Well, really, that’s about 500- or 1,000-euro worth of kit just sitting in a drawer slowly depreciating in value.”
“It’s a huge emerging market,” Russ continued, “especially as we see some of the operators and OEMs start to look for residual value in those devices when new device sales are really plateauing or starting to fall down. But it’s important to understand that there’s a lot of security risk [concerning] the data that’s on those devices that the consumers need to be aware of before they turn in those devices….That comes back to, what’s the trust that they have in the buy-back provider to make sure that any personally identifiable information they have on those devices is securely erased before they turn it in?”
And that could hamper the resale industry’s growth if not addressed. In fact, Blancco’s 2019 publication, “The Critical Importance of Consumer Trust in the Second-Hand Mobile Market” found that 58 percent of global consumers surveyed have yet to trade in an old device, though almost two-thirds (64 percent) globally reported they would be willing to do so if more stringent data management processes were in place.
Both Time-to-Market and Consumer Privacy are Critical to Industry Growth
Blancco President of Global Strategy Alan Bentley commented during a security panel for Mobile World Live earlier in the week, “In the secondary device market, the processes are very unregulated, so you’ve got all the OEMs and the carriers and the 3PLs [third-party logistics providers] processing these devices. And there is a challenge around the volumes because they’re trying to get these volumes out to market as quickly as possible because that is what drives their profits. What we’re seeing now is a massive increase in that secondary device market without that regulation. And so, there’s a much wider understanding from the consumer around what data is resident on that device.”
One of Russ’s co-panelists, David Gorodyansky, CEO of AnchorFree, emphasized the massive anticipated growth in the smartphone segment of the mobile market, also underscoring the different considerations affected by geography.
“We are going to have 5 billion smartphone users in the coming years. Today we have 2.5 billion. So, the amount of smartphone users is going to double,” he said. “Most of these new users will come online from emerging markets, and for a lot of them, security and privacy are going to be extremely important,” David continued. “In a lot of those places the governments heavily censor information. So, for a lot of people, access to security and privacy in emerging markets will be a matter of liberty and life.”
5G, Foldable Phones and the Internet of Things Intensify Consumer Privacy Vulnerability
So what about new, or even retained, devices in this once-futuristic world that’s now reality?
Foldable Phones Will Spur Mobile Device Resale Demand
After the conference, Alan reflected on the impact of new technologies showcased at MWC19, as well as their effect on data privacy.
“For full-scale adoption, there is still plenty of work that needs to be done to enable 5G globally,” he wrote in an email. “There were a number of innovations around this to enhance user experience. There was also the drive on Samsung and Huawei foldable phones as the future of smartphone/tablet combos. This will only continue to drive higher adoption on new devices. Given that the current new models are expensive, we will certainly see greater increase in consumers wishing to trade in these devices to get some recovery of the expense.”
5G Accelerates Exposure Risk
Alan also addressed the impact of the high-speed, lower latency technology on data breaches in general, regardless of device. While he doesn’t think 5G changes the methods used in data breaches, he does have other concerns.
“I think what it does is, it speeds up and makes more devices connected. Will there be some type of brand-new type of attack that no one’s ever seen before because of 5G? I don’t think so,” he said. “Ultimately, if you’re thinking about what the process is for someone who is trying to gain access into your environment—they’re elevating admin privileges, they’re trying to work their way through to a place where they can find things of value to them, and if we’re connecting multiple devices at high speed from the home straight into work or even autonomous cars (now, you get into a rental car and the first thing you’re doing is syncing up your phone to their entertainment system and you know, leaving [data] behind)—the challenge becomes [that] it’s a wider net to be able to control.”
The Rise of IoT Broadens the Attack Surface
David and Russ provided context on just how wide that net can be.
“An interesting stat is that 90% of all the data that’s available about people online today has been accumulated over the last five years,” stated David. “So, if you think about the next five years, we’re just going to have an exponentially larger amount of information available about both consumers and businesses.”
He also added, “We’re going to have 100 billion internet-connected devices in the next few years. Everything from our refrigerators to our mattresses will be connected. Our mattress will send information on how we sleep to our doctor. Our refrigerator will send information on how we’re running out of milk or eggs or whatever to the grocery store. This will a bring a lot of great conveniences for consumers, but also a goldmine for hackers.”
As more everyday objects become connected to the internet of things (IoT), both the amount of data and type of data grows, and there’s the risk that consumers will have less control over data that concerns them.
“Users typically, up to this point, have been the ones creating this data, whether it’s been by using their device or through the apps or through their behaviors online,” said Russ. “But as the number of IoT devices increases, and with the advent of 5G, more and more it’s going to be about the active sensors out there collecting data about you—so [there’s] just this massive collection of data. And then, with the commoditization of AI tools being able to process this type of data, there’s a massive risk in terms of how this data can be used against you by malicious actors.”
AI and Machine Learning Can Make Companies More Secure…Depending on Who’s Using Them
Warren Dixon, Director of Technical Marketing at Spirent, also on the “How to Secure a Connected Digital Society,” panel, outlined the risk of artificial intelligence (AI) further.
“We’ve already started seeing machine learning and AI being used by security vendors to beef up the security posture of their networks,” he said. “And if not’s already being used [this way], it’s not going to be long before malicious actors start using that to really speed up the rate at which they start trying to exploit vulnerabilities. Machine learning in the reconnaissance phase would be a goldmine to a malicious actor in speeding that whole process up.”
Tech Innovators and Mobile Professionals Have Opportunities Regulation Can’t Provide
“I think everybody rolls their eyes when people start mentioning GDPR, but what we’re going to see coming up is far more standardization,” said Warren. “You look at Europe that’s got another set of standards coming out, and Congress, I read the other day, is looking at 40 standards in the next year coming out. So companies are going to be asked to deal with a lot more legislation around security and how they protect their customers and the public.”
For technologists who strive to push the envelope of innovation, government regulation can seem to squelch creativity and progress. For those in the mobile industry, increased mandates can stretch business processes and staff time. But, as these MWC19 panelists stated, industry has both the responsibility and opportunity to self-regulate.
Alan specifically addressed how this applies to the second-hand mobile market.
“That whole industry is kind of tied to consumer trust and confidence, and if they don’t start thinking more clearly about how they approach that process, with best practices around security, then there’s a much higher chance that data breaches will start to increase across the market,” he said.
The most recent and widespread piece of legislation governing data privacy is the nearly year-old Global Data Privacy Regulation (GDPR) out of the European Union.
Said Alan, “Government intervention does stifle innovation, but there’s also a balancing act between making sure that the consumer has protection. I know that’s exactly why the GDPR was developed. It was developed for the citizen in mind, but [while] trying to help organizations manage data and data movement across many different parts of the country. So, I think it’s important that organizations understand best security practices. And I do think if they can be more self-regulated rather than having government intervention, that doesn’t stifle innovation.”
With more regulation on the horizon, including within the U.S. and other areas around the world, Warren also asserted that industry leaders should take the initiative, setting the stage for consumer data protection—or risk data collection practices being regulated by mandate.
“I think a manufacturer would always want to deal with it in a way that they believe is right,” Warren said. “You know, Facebook doesn’t want anybody coming in and saying, ‘you can’t collect that piece of data.’ If they are proactive in actually dealing with how they manage your privacy, then government won’t need to do that and there will be a bit more flexibility and freedom.”
Alan and Russ advocate that one of the ways industry can proactively protect consumer and business data is with more diligent data management processes. This includes practices that erase end-of-life data that can often accumulate. Maintaining data beyond retention dates or usefulness simply leaves organizations at greater risk of having that data accessed by unauthorized actors.
“The challenge, of course, is there’s so much data and so much storage of data, just trying to identify whether it’s an asset or a liability [is] an issue that we need to take head on. We really need to start thinking about how we do that,” encourages Alan. “And then ultimately, if the data no longer resides, you erase the data—or however you want to go about doing that—so that it’s no longer resident. Then ultimately, there’s nothing that can be removed. So, for me, that needs to be more of an inclusive conversation about the whole way that we manage data.”
For Russ, getting a handle on accumulated data is critical.
“The Harvard Business Review states that upwards of only 50 percent of that data that [organizations] have on hand, structured data, is actually used for any business purpose,” Russ relayed. “And less than 1 percent of unstructured data is ever used at all. So, you really need to think about what’s your lifecycle of that data that you’re collecting.”
Alan agreed. “We need to focus a bit harder on actual data sanitization because the data is always going to reside somewhere. And, from an organizational perspective, the way I look at it, data is either an asset to your business or it’s a liability. It’s nothing in between.”
Additional Mobile Resources
Request Your Free Blancco Mobile Diagnostics & Erasure (BMDE) Trial
If you didn’t get a chance to learn about Blancco Mobile Diagnostics & Erasure software at the show, you can do so with our free demos.
Simply request your free Mobile Diagnostics & Erasure trial for mobile processors or your free Mobile Diagnostics trial for mobile retailers to see these solutions in action.
Learn from These In-Depth Mobile Industry Research Studies
- Our latest “State of Mobile Device Repair & Security Report” provides the most current view of mobile diagnostics, performance issues and overall direction of the new and resale mobile markets.
- “The Critical Importance of Consumer Trust in the Second-Hand Mobile Market” takes an in-depth look consumer sentiment and actions for trading in mobile devices—as revealed from surveying 5000 mobile consumers across five countries.