It is not a new trend, but as we are becoming increasingly connected, a unique identifier for people is becoming increasingly important. Created in 1936, the original sole purpose of the social security number (SSN) was to track Social Security benefits. Almost all Americans have one, receiving a unique social security number shortly after birth usually at the same time the birth certificate is being processed. The uniqueness of the SSN number lends it much better than names to identify individuals in the employment records of people, for bank purposes, insurance records. The problem is that it is being used for purposes it was never designed for which opens the floodgates to fraud and criminal activity such as identity fraud.
With the advent of the mobile phone, telephone numbers transformed from a way to reach a family to reaching an individual. Wireless local number portability, introduced in 2003, has allowed customers to take their number with them when they change operators. Combined with essentially full mobile penetration, the result is that people are rarely changing their mobile phone number anymore and the number has become almost an extension of the person.
What differentiates the phone number from the social security number is the extensibility and the built-in security of the phone number and the associated device. Mobile phones, especially in the US, are the thing that is around us more than anything else. People will leave their home without their keys, they will leave their home without their wallet, they will leave their home without underwear, but they won’t leave their home without their mobile device. It is with us all the time. This always on the person, makes the time lap between a theft and the reporting of the theft very short. You know immediately when your phone is gone missing. For example, every phone and SIM number has a unique identifier which is registered with the operator’s network. When the phone number associated with the SIM or the phone are no longer in synch, especially when the device appears suddenly at a location far away from where the customer usually is, fraud could be a factor if the phone is being used for a transaction. This is especially true when your phone is active thousands of miles apart within minutes of each other.
People are creatures of habit. There is an old saying in wireless that 90% of the people use their phone in the same places 90% of the time. We generally wake up in the same place, we go the same way to work at the same time, day in and day out. The majority of calls go to the same five people. The wireless identity management ecosphere is able to bring a level of security and flexibility that social security numbers were never designed for and never had nor will have – all tied to a phone number.
The possibilities are endless. The phone combined with a unique ID and behavior pattern can solve our most vexing security problems. Security measures are based on three factors: Something you know, something you have, and something you are.
Something you know is the worst of all the factors. Passwords are something you know and we all know how bad passwords are. Our system for passwords has made it difficult for people to remember and easy for programs to crack. Password retrieval tools are a significant vulnerability to the security of the system. On top of it, people cannot be trusted with passwords. 30% of phishing emails get opened. 97% of users are not able to identify a sophisticated phishing email. Only 3% report a phishing attack to IT or management. Every time a system uses a password for access you know your security system is a failure. Passwords have to die in order for us to be safe.
Something you have is much harder to fake. Authentication tools ranging from RSA fobs to authentication software are one way to make sure that only authorized individuals get access. The phone is just about the most personal device there is and theft is almost immediately reported.
Something you are is the most reliable single factor. Our finger prints or retina is difficult to impersonate. Our behavior pattern of where we go, when we go and what we do is even more difficult to fake.
Just imagine this scenario: You wake up at your home because your phone’s alarm went off at the same time as always, pressing the snooze button twice. As you get up you check your messages and your favorite app. By combining your location with your device interaction both roughly at the same time and the same applications, the system knows you are most likely you. You take a shower and then leave your home at the same time as every workday as you head to the gym. Your phone and car synch their Bluetooth for handsfree calling and you call your mother. Since you regularly stop at your favorite coffee drive through, the system asks you if you would like your usual order. You agree and the system contacts the coffee drive through with your order and the time of arrival based on your normal route, traffic conditions and the length of the drive through line. As you get to the window your latte is hot and steaming. The barista verbally checks you are you, verified by the NFC chip in your phone. The barista hands you your coffee and you get automatically charged for your beverage because your phone number is tied to your favorite credit card. After the gym you head to work, where as you approach your office the phone lets you know which parking spots are still open. Since you are showing up at the usual time and did you usual morning routine, the automatically locked door opens for you as it identifies your phone as you near the door. As you sit down at your desk you boot up your computer. When you are at the login screen, you provide either a fingerprint scan or retina scan with your phone and the computer provides access. The level of security can be tailored to the situation but predominantly relies of factors “you have” or “you are”. Things that are unique and are difficult to give away. Short of a James Bond-type effort such a system that ties together your phone number with your device and your behavior is as secure as it gets.
This is what is possible with a phone number and will become reality in the next few years. Say good bye to password, all thanks to phone numbers and how they are interconnected through your device to other databases, financial institutions and biometric data.
On November 27, 2017 Recon Analytics convened a panel of esteemed legal, policy and regulatory experts to discuss the Federal Communications Commission’s (FCC) Restoring Internet Freedom Order. The discussion focused on the investment and innovation implications of the FCC treating broadband as a Title I information service; how proponents of Title II may react and the arguments they may raise on appeal; and how all of this will work to either attract or repel additional investment in the sector for years to come.
At the end of October, Recon Analytics surveyed more than a thousand American consumers to assess their awareness of and attitudes towards the variety of ways internet companies and social media platforms like Facebook, LinkedIn, Snapchat and Twitter collect, track and use consumers’ personal information. The survey, explained below, reveals that a majority of Americans are concerned about the amount of personal data these companies track and strongly favor more transparency on how personal data is collected and used as part of internet companies’ business models.
- An overwhelming majority of consumers, 73%, are concerned about how their personal data is being collected and used by internet companies.
- Almost 77% would like more transparency on the ads being targeted to them based on the personal data the internet companies collect.
- Among those surveyed there is a shared feeling of uncertainty and insecurity over how much internet companies and platforms know about each of us and what they’re doing with that information.
- More than 70% of respondents are unaware of tools they can use to control or limit the usage of their personal data.
- Nearly one third of respondents, 29%, did not know that many of the “free” online services they use are paid for via targeted advertising made possible by the tracking and collecting of their personal data.
- Almost half of the respondents are aware that Facebook and Google track their personal data even when they are not actively using their services.
- A vast majority of those surveyed, 77%, support regulations that would require Google, Facebook and other online platforms to be more transparent about how and what personal data they collect from consumers.
- An even greater majority, 82%, are in favor of legally requiring internet companies to disclose what information they collect and to whom they sell it to.
- More than half of the respondents, 55%, would use internet companies’ products and services more if they would give consumers greater control over their personal information.
The all-encompassing surveillance and storage of personal data by internet companies with limited or no regulatory or legal checks and balances worries most Americans, rightfully so, especially when the attitudes of many of these companies’ senior leaders are taken into account.
Nothing to hide
On December 3, 2009, Eric Schmidt, then-Google CEO and current Executive Chairman of Alphabet Inc., Google’s parent company, dismissed the notion of online privacy in an interview with CNBC, saying, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
Terrifying as that statement may be, Google’s all-seeing eye may have already made secrets a thing of the past.
At the 2010 Washington Ideas Forum Schmidt offered more insight into what Google knows.
“We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about,” he told attendees.
Facebook’s chief executive Mark Zuckerberg has a similarly cavalier attitude when it comes to online privacy. In 2010 he said the conventional concept of privacy is no longer a “social norm.” Later that year a Facebook employee claimed that his boss simply “doesn’t believe in it.” Perhaps unsurprising given that Zuckerberg described those who trusted him with their data as “dumb [expletive]s” shortly after launching the social media platform.
Efforts from internet companies’ to be more transparent about how they use consumers’ personal data may be too little, too late: one third of respondents said increased transparency will not alleviate their concerns about online data collection and usage.
Regulation on the horizon?
Americans are skeptical about government interference in private businesses and for the past two decades the internet grew and evolved with little regulatory oversight. The Federal Communications Commission (FCC) took a largely “hands off” approach to regulating the internet under both Democrat and Republican administrations. As a result, the internet economy grew by leaps and bounds. The resulting bonanza has been so successful that today four of the world’s largest corporations are unregulated technology firms: Apple, Alphabet Inc., Microsoft and Amazon. Their founders have become some of the wealthiest people on the planet.
Although the “hands off” approach has long been favored by regulators, the pendulum is now heading in the opposite direction. This is quite a reversal of fortune for internet companies who – just two years ago – were successful in persuading the FCC to impose privacy regulations on network providers to thwart a competitive threat to their business models. Earlier this year internet companies deployed their lobbying muscle to fight Congressional proposals that would have extended the privacy rules beyond network providers to companies like Google and Facebook. What’s good for the goose apparently isn’t good for the gander.
Long term outlook
The silver lining for internet companies and their investors? Over half of Americans – 55% – would use their products and services more if they would give consumers greater control over their personal information. This would require a radical change in thinking by these companies in that they have to depart from the mindset that they own the consumer data they collect. They might have a license to use it, the same way that consumers have a license to use a search engine or a software product, but fundamentally it is an equal exchange.
Although Americans have cheered the free services offered by companies that previously have had “Don’t Be Evil” as their motto, a certain sobering feeling is taking over. Today, internet companies maintain the upper hand in the online economy: they own their products and services and the data and information generated by their customers. This paradigm won’t last forever so these “disruptors” must prepare for when regulators come to disrupt them.