If I gave you my phone right you’d be able to figure out a lot of stuff about me. If I didn’t unlock it you’d see some of the news I read, the apps I use, and even some of the messages I’ve gotten from my friends. You’d be able to see that my friend Rick just wrote “If she gets desperate enough, let me know?” which, if taken out of context, is pretty weird (it’s not. He’s talking about voiceover work.) You’d know I read Medium, that I bank at Chase, and that something is coming up on my calendar but you won’t know what it is unless you speak Russian. In short, those little glass slabs in our pockets are a wellspring of information, even at rest and locked. Then, if I type in my passcode (which is quite simple), you’d know all about me.
This is the year of mobile security and I’d like to see what the companies exhibiting at MWC are going to do to protect us at borders, on the street, and at home. While IoT is expanding the reach of our mobile devices by embedding voice controls into our door locks and always-on TV surveillance it is, at the same time, the weakest link in our security.
I’ve tried plenty of security solutions but I don’t have the time or impetus to lock down every app. I had a Blackphone – it didn’t work most of the time – and I’ve turned on two-factor and encryption wherever I can. But most of those apps secure me between my fingertips and the cloud. It has no bearing on the data stored on the phone. What happens if my phone is lost or stolen? What happens if it’s compromised? The data on my phone, unprotected, is very telling and very valuable if I’m in the wrong place at the wrong time doing the right (or wrong) thing.
Forget law enforcement trying to crack iPhone passwords of hardened criminals. I suspect we’ll enter an era when law enforcement is encouraged to read our Tweets and private Facebook messages. Our secure devices will become open books at borders and, someday soon, a major political figure will find his or her phone opened up and dumped to Wikileaks. It’s inevitable.
In short, the current passcode/biometric methods are strong but why can’t we use advanced factors for that extra edge of security? Not all of us want this level of lockdown, mind you, but I would argue that all of us need it. In the end the glowing glass slabs in our pockets are the closest we have to a visual and informational representation of our personalities, our deepest secrets, and our identities. We wouldn’t shout our credit card number in a crowded room. Why would we carry our phones across a border?
I’d like to see a few things. First, I’d like a cheap, simple phone that is designed to allow me to keep in touch securely but holds none of my data. This is a simple ask and a quick eBay search brings up plenty of candidates. But it’s a marketing job to convince us all that we need these.
Second I’d like to see a more secure biometric solution and granular levels of encryption. New technologies do allow for further parameters to be gathered from our bodies and personal preferences. The way we type or move with the phone can identify us more readily than a password and iris scanners, which are apparently making their way to phones soon, will further protect us. But why can’t I have an “dump” password that lets me blow up certain data when I’m under duress? Why can my passcode show all the data on my phone when, perhaps, I want to show a certain amount with a key code and even more with a biometric scan?
Again, these are not things we think we want but these are technologies we all need and deserve. And security options never work. This technology must be built-in and immutable except in low-end burner phones. I want the open book of my life – my iPhone or Android device- to be completely closed unless I give my explicit permission.
In a world full of danger – perceived and real – any tool to stem the onslaught of surveillance is welcome. We have to ask for it and manufacturers have to give it to us. Otherwise all of us have lost.