App security concerns highlighted at Vancouver privacy conference
Do you know where your latest app has been? Or maybe more to the point, does your app know where you’ve been, with whom, and how often? Is it selling that information? Is it putting your security at risk?
The privacy and security questions surrounding our mobile devices’ use of applications, and the connectedness of computers generally, were explored repeatedly by experts Oct 10 in Vancouver at a conference of freedom of information and protection of privacy.
Surveillance expert Dr David Lyon, of Queen’s University in Ontario, suggests people should think of their smartphones as being “personal tracking devices” because they track the user’s location, the type of messages sent and the content of messages.
While that’s not a reason to panic, people need to read the fine print before agreeing to add an app to their collections, says Dr David Flaherty, a past BC commissioner of information and privacy.
Flaherty notes that a recent international privacy conference in Warsaw, Poland, released a declaration that app developers should be designing privacy into their products from the beginning of the process, should ensure users have control over their information, and should minimize unfortunate surprises.
“Privacy has to come from app design,” agrees Fiaaz Walji, a private-sector expert on web security. “But does that developer think about security? How much security do you think is in a 99-cent app?”
Using geo-locations sleepers, some apps allow people to track your movements over time and in a given day, warn Walji and Ryan Berger, a lawyer specializing in security issues. This has led to home break-ins and other violations.
There are now approximately 20 class-action suits against app manufactures in Canada, and Berger expects that number to increase.
Canada’s national privacy commissioner confronted the manufacturer of What’s App about the multiple privacy violations built into the app. The app is being redesigned to meet Canada’s privacy laws, but with thousands of apps introduced yearly to the marketplace, government watchdogs are unable to monitor abuse.
The onus should be on manufacturers to ensure their apps give users an ongoing flow of information about what information is being accessed, Berger says.
Users should be given a privacy button to mask individual actions, Walji adds.
People are really exercising free choice only if they are aware of how their privacy is being violated and can adjust settings to minimize it, or okay it, on an ongoing basis, Berger says.
But computer privacy violations go beyond businesses collecting our information and using it for marketing purposes or reselling to other businesses. Recent public revelations have focused on the extent that businesses are sharing your data with government, and government is directly collecting information on its citizens. We’re in an era “where security overwrites society,” says Dr Kevin Haggerty, a University of Alberta professor of criminology and sociology.
Canadian laws around privacy and security are more rigorous than those in the US, Lyon adds, but people are often not aware of details, such as whether their information is stored in a US “cloud” or server.
US law requires that security agencies be given access to that information, and the information of foreign nationals, such as Canadians, has less privacy protection than that of American citizens.
There’s nothing inevitable about loss of privacy, emphasizes Steve Anderson, executive director of Open Media, a Vancouver-based organization campaigning for an open, low-cost internet. He rejects the suggestion that there is a “new normal” and an inevitability around corporate and government intrusion into privacy. Instead, he suggests, people should remember that “we have changed these things before and we can do it again.”
The conference, Privacy and Access 20/20, marked the 20th anniversary of the proclamation of British Columbia’s legislation recognizing the rights of citizens to access government information and have their privacy protected.
Gareth Kirkby is a former producer and editor with Pink Triangle Press, publisher of Xtra. He is the director of operations and communications for the Vancouver-based Canadian Institute for Information and Policy Studies.