Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Will mobile kill user privacy?

The internet is evolving to deliver individualized experiences, but at what cost to privacy, asks Forrester's Chenxi Wang.

Innovations in mobile technologies are making the mobile internet increasingly ubiquitous and powerful. Consumers are drawn to the mobile internet because it can be highly contextual and leverages information – such as geolocation, proximity and user-specific information – to deliver a rich and intensely personal experience.

Already the phone is packed with sensors that can gather more contextual data about its surroundings than anything that we've seen before. Sensors such as GPS, accelerometers, gyroscopes, near-field communication (NFC), and high-resolution camera and displays are now commonplace with high-end smartphones. Emerging sensor technologies – like barometer, microbolometers and chemical sensors – will provide even richer user contextual information.

As this is happening, your mobile phone will know more about you than perhaps your closest family members. As more and more of your activities will be tied to the device, it will know where you are, what you are doing, and, if Apple gets its way, the rate your heart beats!

Mobile internet enables the mass-scale collection of such user contextual data. Mining of this data gives rise to transformational business opportunities – interests in location-based services have already sparked a new growth market. In fact, it is not too far-fetched to imagine an intensely personalized internet experience unlike any that we've seen before. Soon, the concept of “going to a website” will become obsolete. Our children will no longer need to surf the internet. Rather, personalized content and services will come to them magically via the little device that is known as the mobile phone. The internet as we know it today will transform into a platform to deliver highly individualized experiences to users.

Will they sacrifice privacy in such a world, in exchange for the many benefits and conveniences of the mobile internet? Will privacy still exist when the mobile internet reaches its full potential?

“One must explore the role of regulatory oversight.”

– Chenxi Wang, VP and principal analyst of security and risk at Forrester Research

One thing is clear: Consumers will favor a rich, relevant and individualized mobile internet experience. Even if app producers or operators offer an option to block the collection of user contextual information, consumers will simply not exercise that option if it will adversely impact their experience.

To help consumers retain some semblance of privacy, one must explore the role of regulatory oversight. More specifically, regulations can limit who can be in the business of user data collection and mining. Just as PCI demands rigorous security practices from those who handle consumer credit card data, regulations can demand a similar level of competence from companies that collect and mine user contextual data. Furthermore, regulations may restrict what a business can and cannot do with users' private contextual  data. For instance, it may be perfectly OK to correlate location and time-of-day information, but it will be deemed unacceptable if a third stream of user contextual data is introduced.   

Technology may be another key safeguard. Just as homomorphic encryption allows one to aggregate two functions without knowing the original input, new data-mining technologies may allow meaningful statistical results without access to original raw user data.  

It is not clear if or when the regulatory or technological safeguards will be in place. Consumers, lured by the shining promises of the mobile internet, may be blind to the privacy risks. Right now, technologists and firms in the mobile internet market only have a social responsibility to consider user privacy when they craft their next fancy mobile strategy. Are we headed toward a dark place where everyone is perpetually connected, but none can keep anything private?

What do you think?

Chenxi Wang

Dr. Chenxi Wang is the Founder and General Partner of Rain Capital, a Silicon Valley-based venture fund focused on Enterprise Software and Cybersecurity investments. A well-known operator, technologist, and thought leader in the Cybersecurity industry, Dr. Wang is a member of the Board of Directors for MDU Resources, a Fortune 500 company. Previously, Chenxi was Chief Strategy Officer at Twistlock, VP of strategy for Intel Security, and VP of research for Forrester. Chenxi was recognized as a Women-of-Influence by the SC Magazine, Women Tech Founders, and Cyber Risk alliance.

Chenxi’s career began as a faculty member at Carnegie Mellon University, where she helped found the Cybersecurity Lab of Carnegie Mellon. Chenxi is a trusted advisor to IT executives and a sought-after keynote speaker. She has headlined events worldwide and been featured by top media outlets for her thought leadership work. Chenxi is a Forbes contributor and writes a column for Dark Reading. Chenxi holds a Ph.D. in Computer Science from the University of Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.