Education, Tip of the Week, Trends & Technology

Part Two of the Practical Security Series: Awareness

A Smartphone is a device that enables you to make a phone call and has many differing types of added capabilities similar to a computer. Emails, playing games, taking photographs, alarm clock, and editing documents are just a few examples that a smartphone is capable of. Smartphones come in many flavors from a multitude of manufacturers, so the term is used here generally to describe a communications device with some traditional computing capabilities.

We all use our smartphones to learn about other people, places, or businesses, but have you ever thought about what your smartphone is revealing about you? As I enjoyed adding new apps in my brand new smartphone, I was asked for permission by the application prior to installing. Like many people, I was fine until I saw that the application required full network access. The browser and other applications needed to send data to the internet. It wanted permission to read phone status and identity by accessing the device ID, etc. In addition, it wanted to read personal information about me by reading my web bookmarks and history. This application, and the unknown company behind it, will know all the URLs that my browser has visited, and all of the browser’s bookmarks. It can even see my Wi-Fi connection and use developmental tools testing in my phone.

Background

In the past, personal digital assistants or PDAs were used as portable organizers to store your contact information, to do list, and has the ability to sync with your desk top computer. Cell phones were only used for making telephone calls. Pagers are wireless telecommunications devices for receiving and displaying numeric or text messages only. With the popularity of smartphones, pagers and PDAs became less popular. Now, it makes more sense to carry an android phone because of its versatility and usefulness. Pagers enjoyed their popularity in the 90s both in healthcare and in illegal drug sales as made popular by the HBO series The Wire. Healthcare, being focused on stability and guaranteed communications, stuck with pagers longer than most industries.

Reasons for buying smartphones include pricing, battery life, camera features (no endorsement implied), limited computing power, social networking support, and the list goes on. Another reason is popularity and ease of use. The Apple iPhone has been incredibly popular because of their charismatic look, high performance score, and image quality of 100% according to the Top Ten Reviews (2014) of the Apple iPhone 5s. However the price of $649.00 is hefty compared to Samsung’s Galaxy S of $199.99. Samsung is known for their gizmos, gadgets, and fun software such as the drama mode for moving pictures. The Top Ten Reviews (2014) for the Galaxy is only at 80% compared to the 100% of the iPhone’s image quality.

But who is snooping for your information?

Popularity aside, we should be asking ourselves how smartphones are being targeted or attacked. Criminals, advertisers, commercial organizations, and the government are the four big categories that come easily to mind. Criminals can install surveillance spyware to record your activities and upload the information to a web-based account. Some spyware can even enable your phone’s microphone and camera to listen and record your location.

An article written way back in 2010 said it perfectly “Thanks to the Bush administration and one Will Smith movie, we all have a fairly justifiable fear of government surveillance” (Hill, 2010). They are referring to modern technology and the hi-tech gadgets. Geofencing is being used by business where a GPS enabled cell phone has a software enabling managers to know where their employees are located through an email alert. Employees are provided with a work cell phone for clocking in and out, recording their breaks, etc.

Just being aware of your actions and existing federal laws is a great start. Read up on the Electronic Communications Privacy Act (ECPA) enacted in 1986 ECPA (18 U.S.C. §§ 2510-22) includes the Wiretap Act, Stored Communications Act, and the Pen Register Act. It can apply to both law enforcement agencies and companies.

Know your Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy for Consumers. Visit the U.S. Department of Health and Human Services for a video on guidance materials for consumers: http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html

General Provisions

The ECPA, as amended, protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The Act applies to email, telephone conversations, and data stored electronically.

Amendments

The ECPA was significantly amended by the Communications Assistance to Law Enforcement Act (CALEA) in 1994, the USA PATRIOT Act in 2001, the USA PATRIOT reauthorization acts in 2006, and the FISA Amendments Act of 2008 (116pp | 303kb | PDF).

For detailed information: https://it.ojp.gov/default.aspx?area=privacy&page=1285

ComplianceSponsored by: RISC Management and Consulting, www.RISCsecurity.com

Contact us today for all your compliance needs: Sales@RISCsecurity.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s