From Galen Gruman's Mobile Edge blog
Originally Published on InfoWorld (http://www.infoworld.com)
Home > Mobilize > Mobile Edge > The smartphone that spies, and other surprises
The smartphone that spies, and other surprises
By Galen M. Gruman
Created 2010-12-21 03:00AM
The invasion of consumer-oriented smartphones and now tablets into business is old news. But we're beginning to see unintended consequences of the adoption of such devices that users, businesses, and mobile platform providers should pay attention to. For example, the U.S. Army has begun educating soldiers on how to turn off the often automatic location-detection capabilities [1] in their smartphones and digital cameras so that they don't inadvertently reveal their locations to enemy fighters or spies.
Built-in microphone and cameras also can have unintended consequences, from inadvertant revelation of company secrets (say, a Christmas party photo that happens to include a view of a whiteboard with a product launch schedule in the background) to personal embarrassment (forgetting to end a call, then be heard talking like a sailor by a client).
The easy reaction [5] would be to ban such devices to eliminate the risks, but of course, that also eliminates the benefits. Plus, banning personal equipment in the workplace is extremely difficult to do -- for example, even with its body scanners and pat-downs, the feds can't provide 100 percent assurance of what enters an airplane. Companies that believe they can cordon off their environs from smartphones, USB drives, Eye-Fi cards, cameras, audio recorders, and the like are simply fooling themselves.
The U.S. Army's measured reaction [1] is a better example of how to address the issue; the Army realizes that letting soldiers stay in touch with loved ones when away from home is good for morale. Plus, the use of smartphones lets them manage their finances better thanks to the wide availability of mobile banking apps; soldiers are less prone to have financial difficulties that compromise their attention when in service.
The dilemma posed by consumer-focused devices in a blended world
Most of the problematic devices are designed primarily for consumer usage, and today that usage is biased toward unfettered sharing. Digital cameras (not just the ones built in to smartphones) often include geolocation stamps to help you remember where the picture was taken. More and more social networking apps, such as Foursquare and Facebook, track and publish your current location[6] -- courtesy of your smartphone -- so that your online friends can know where you are, allowing impromptu get-togethers or a reminder from your spouse to pick up a carton of orange juice while you're at the grocery store. There's even an industry that uses the technology to track kids in case they get lost.
In the business world, such tracking has long been used [7] to make sure delivery truck drivers aren't goofing off en route, such as swinging by a favorite bar or taking the gas- and time-consuming scenic route.
There are similar examples for the use of cameras and microphones: You can deposit a check at several banks by snapping a picture on your iPhone or Android, then sending in the image. You can buy products or compare prices by scanning bar codes via the built-in camera. You can sample music and get its name and a chance to buy the song or album via apps that tap into the bult-in microphone. You can record lectures for richer note-taking. And on and on.
But the same technology that brings benefts to some can bring dangers to others. Troop location is one such example. Stalking is another -- public geolocation makes that easier, too. Cameras and audio recording are great for spying uses, whether personal, business, or government.
First steps to managing multiple-user devices
So what to do? Educating users is the first step. As I hear over and over again from security and IT pros, most people want to do the right thing -- they just don't know if they are and, if not, or how to do it.
The use of mobile management tools can help [3], as they can disable cameras and so forth on several popular devices. The catch is that the devices have to be actually managed -- a person who brings in a personal device and never accesses the corporate network won't ever get managed by IT's mobile management tool. Plus, even for managed devices, the tools today aren't sophisticated enough to, say, disallow use of the camera within the employer facilities but allow it elsewhere, to prevent only problematic photo-taking.
The mobile industry needs to embrace the new business usage
Mobile device makers should play a stronger role. Although the devices may have been intended for consumer use, the lines between personal and business have all but disappeared [8], and device makers should design their wares with that merger in mind. Most don't even think about the business implications, as they consider the devices to be consumer electronics.
That thinking holds everyone back -- look at how the iPhone and iPad leaped into the enterprise [9] once Apple enabled business-class management capabilities, and then consider that they could have made that jump three years earlier had Apple built in such management from the get-go. Google's Android OS still suffers [10] from its avoidance of the business side of its use.
Apple, Google, and the rest should help users, businesses, and governments do the right thing more easily. It's great that iOS [11] and Android [12] let users manage location-information permissions, but they could do a better job in ensuring that individual apps can't act surreptitiously to access location information, personal information on the device, and so on -- in other words, to not be botnets. Device makers need to understand that in many environments -- such as health care and defense -- having 3G connectivity is problematic, so they should offer non-3G models, as Apple does with the iPad [13]. Ditto on cameras, microphones, and GPS.
I realize having a bunch of hardware variations is not realistic, but what if the mobile OS makers had a software switch that could turn these devices on or off as desired? That way, company-purchased devices could come preconfigured with the desired capabilities disabled (and not able to be turned on by users), and employee-purchased devices could be managed via mobile management tools' policies as to whether and when these particular capabilities were enabled. Think of this as the No Spy and No Stalk equivalents of the Airplane Mode software switches that smartphones have to disable radio communications when in flight -- except they could be managed "fleetwide."
The new capabilities of mobile devices can do a lot of good -- and some harm. The modern devices are used in a wide variety of personal and business situations. It's time that they're designed with that heterogeneity in mind, with the nuances of situational control built in from the beginning.
This article, "Dealing with the unexpected as smartphones pervade the workplace [14]," was originally published at InfoWorld.com [15]. Read more of Galen Gruman's Mobile Edge blog [16] and follow the latest developments in mobile technology [17] at InfoWorld.com.
No comments:
Post a Comment