Mobile Privacy And Personalization: Joyce Schwarz book CUTTING THE CORD Tech TV's Guide to Going WIreless Pearson Publishing

C H A P T E R 7

PRIVACY, PERSONALIZATION, ANDSECURITY

Convenience and safety are key reasons for cutting thecord and going wireless. Yet, 24/7 mobility brings a chal-lenge to safeguard your personal information in thealways-on world. In the wireless environment you’llwant to know how to protect your privacy and makeyour kids’ wireless Web experiences safer. Only then willyou be ready to cash in on personalized-for-youcoupons, alerts, and news.

A new era of location-based commerce is bringing theconvenience of shopping on-the-go and new cashlesspayment methods to your device. Expanded cyber-security programs offer solutions, but it’s up to us totake personal responsibility to protect our data andwireless networks against use and abuse.

That’s why this chapter delves into these critical issuesin the wireless world:

• Steps to guard your privacy

• A guide to Web sites that help you protect per-sonal data

• Tips for making your kids safer on the wirelessWeb

• Cautions on how to cash in on mobile offers andstill protect your identity

• Software and systems you should know about toguard your devices and wireless networking

08 6483 ch07 5/9/02 8:51 AM Page 205

PROTECTING YOUR PRIVACYDeveloping this chapter and creating hints, guidelines, and recommendations for protect-ing your privacy in the wireless world took numerous hours of interviewing experts,reviewing key Internet and online privacy organizations and Web sites, and then updatingand adapting that information for wireless technology.

Let’s start with some basic guidelines on privacy and then move on to personalizing yourcontent while protecting your identity. Then, we’ll delve into the latest developments onwireless security systems and software.

Privacy Guidelines

Here are some basic steps to follow to protect your privacy:

• Read privacy statements—All Web sites list a privacy statement, and all wirelessInternet providers and wireless carriers should list privacy statements on their Websites, too (see Figure 7.1).

206

EEA privacy statement is a legally binding document that describes personal infor-mation gathering and disseminating practices. If you have any questions abouta firm’s privacy statement, be sure to call or e-mail them for details. Note,though, that wireless Internet providers and carriers usually post their privacypolicies on sharing information with marketing partners. Check for the policythey will follow if their firm is sold or acquired, and ask what their policy is fortheir data if they go out of business or file for bankruptcy.

• Watch for seal programs—Many Web sites post approval seals indicating that theirprivacy policies are being monitored by an outside agency. These programs pro-vide direction of how to turn to that monitoring third party if you feel your privacyhas been violated. Check to see whether your wireless Internet provider or carrieroffers the same service on its Web site.

• Be m-finance savvy—Understand your carrier or provider’s mobile finance, creditcard, and check card policies. In most cases the same consumer protection lawsthat apply in the mall apply on the Internet. Experts believe that the federal lawthat limits your liability to $50 for purchases made with stolen credit cards shouldapply in the mobile world, too. You should be able to contest any charges if themerchandise or service you order wirelessly does not live up to the promotion.

• Remember, no Web site is hack-proof—You should place credit or check cardorders only through secure servers. Most carriers and wireless providers offer step-by-step instructions for mobile commerce purchases in their manuals or on theirWeb sites.

• Keep your information private—Don’t disclose data you don’t want merchants oryour provider to know. Safeguard your Social Security number and your mother’smaiden name, which are crucial information to your personal identity. If you’re

08 6483 ch07 5/9/02 8:51 AM Page 206

asked for that information, you can usually substitute another personal identifica-tion number (PIN) or password.

7

207

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

Figure 7.1

Virginmobile.com, like most carriers, covers marketing, billing, fraud protection, and other consumerinformation on its privacy policy posted online.

How Private Are You?

An American Demographics magazine survey in its Spring 2001 issue shows thatwomen are less protective than men are about their food preferences, but aremuch more protective of body weight information. Different age groups andincome brackets are more sensitive about guarding their privacy. Women aremore sensitive than men, seniors are more fearful than the young, and marriedpeople are more wary than singles.

What you think is personal might not be what I rate as private. For example, 73%of the American Demographics respondents say that their home address is personal,69% say health information is personal, but only 23% of people rate food prefer-ences as personal information.

What concerns consumers most about disclosing personal information? The samepoll shows that 66% of respondents are extremely or very concerned that theirchildren will be targeted, 55% are extremely or very concerned that they will berobbed or cheated if they reveal information, and an overwhelming 64% agreethat they are extremely or very concerned that they will be bombarded with solici-tations after disclosing personal data.

08 6483 ch07 5/9/02 8:51 AM Page 207

Privacy and Your Device

One of the key things you can do to protect your privacy and security is to keep yourdevice visible to you at all times and guard against misuse by fellow co-workers or intrud-ers.

Here are some tips we’ve developed with additional assistance from Verizon Wireless tohelp you keep tabs on your wireless phone:

• Store your device in a designated space at home or the office when not in use(think of it as being as valuable as your keys).

• If you carry it, consider using a belt clip or carrying case that can attach to yourpurse, briefcase, or backpack.

• Don’t tempt a passersby to help themselves to your device. If you leave it in yourcar, make sure it’s not visible.

Some areas offer wireless insurance programs. Verizon Wireless has teamed up with Lockline to offer this option to Midwest subscribers. Those who choose it pay a pre-mium of $3.95 per month and have a deductible of $35. Coverage includes lost, stolen,and damaged (out of warranty) phones and select accessories with a $1,500 limit.Check with your carrier or the retailer where you bought your phone.

If you think your phone is stolen or missing, act quickly:

• Dial your phone number (if the device has a phone) to see whether you can hear itring. It might be out of sight but nearby. Or, someone might answer it and helpreturn it to you.

• Retrace your steps, physically and mentally.

• Try calling the location where you last had your device, such as a store or bank.

• Forget when you last used it? Call a friend or family member; they might remem-ber when they talked to you last via the wireless phone or got a text messagingfrom you via your two-way messenger.

• If you believe it was stolen or lost for more than a few hours, call your provider tosuspend the service. Alert the provider when you find the phone.

• Call your local police department to report the loss if it has been stolen.

Consider offering a reward if your phone is left in a cab or other public place. Frequent travelers say a $20 reward will often inspire a cab driver to deliver a missing phone toyour door at your hotel faster than numerous queries to taxicab companies withoutsuch incentive.

208

CAUTI O N

08 6483 ch07 5/9/02 8:51 AM Page 208

Privacy Protection Symbols

TRUSTe (www.truste.org), the leadingprivacy seal program, is an independent organiza-tion dedicated to building consumer trust and confidence in the Internet. The TRUSTe coali-tion of participating companies includes such biggies as America Online, Intel, Intuit,Microsoft, and others. More than 2,000 Web sites are certified throughout the world.

Watch for TRUSTe to move beyond the Internet into cell phones, PDAs, and other devicesthat collect personal information. Because Internet Web site privacy statements arelengthy, under this new program, icons will be created to help you make choices based onspecific privacy practices (such as opt-in versus opt-out). In addition, these icons will betranslatable to a variety of different media. According to TRUSTe spokespersons, its initia-tive aims to develop a Privacy Label, similar to the Food and Drug Administration’s (FDA)nutritional facts panel found on virtually all food labels. The group promises that thePrivacy Label will be a useful, consumer-friendly summary of key privacy practices of con-sumer concern (see Figure 7.2).

7

209

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

Figure 7.2

Privacy seal programs such as the one posted at www.truste.org guide consumers and publishers tosafer online and wireless Web access.

Other groups, such as the Better Business Bureau, also have privacy labeling systems. Check to see what their standards are to ensure they match your privacy goals.NOTE

08 6483 ch07 5/9/02 8:51 AM Page 209

Privacy Resources

The following Web sites and organizations serve as links to some of the building blocksfor the next generation of privacy and security.

Check the Web sites or e-mail the organizations to see what their suggestions are for wire-less devices and networks if they don’t have information listed. You also should refer toyour device manufacturer’s Web site, your contract for your wireless carrier or wireless ISP,or those firms’ Web sites to check out their privacy policies. Here are some sites to visit:

• American Civil Liberties Union (www.aclu.org)—The ACLU advocates individualrights by litigating, legislating, and educating the public on a broad variety ofissues affecting individual freedom in the United States. You’ll also find details onnational security programs and “cyber-liberties” listed.

• Call for Action (www.callforaction.org)—An international, nonprofit network ofconsumer hotlines. The goal of the group is to “empower consumers by givingthem a voice larger than their own.”

• The Center for Democracy and Technology (www.cdt.org)—The CDT works to pro-mote democratic values and constitutional liberty in the digital age.

• Consumer @ction (www.consumer-action.org)—A nonprofit membership organiza-tion that refers consumers to complaint-handling agencies through its free hotline.

• Council for Better Business Bureaus: BBBOnLine (www.bbonline.org)—Theumbrella group for 135 Better Business Bureaus throughout the U.S.

• CyberAngels (www.cyberangels.org)—Says it is “your cyber-neighborhood watch.”The organization helps educate families about online safety and works withschools and libraries.

• Direct Marketing Association (www.the-dma.org)—Offers information on onlinemarketing protections and advice for getting rid of unsolicited commercial e-mail.

• Electronic Frontier Foundation (www.eff.org)—A nonprofit organization that worksin the public interest to protect privacy, free expression, and democracy online.

• Electronic Privacy Information Center (www.epic.org)—EPIC is a Washington, D.C.-based research center. Its site includes privacy-related news, online guides to pend-ing legislation, encryption tools, and other privacy resources (see Figure 7.3).

• www.consumer.gov/idtheft/index.html—The FTC’s site includes governmentreports, Congressional testimony, law enforcement updates, and other links to siteswith helpful information about identity theft.

• The Federal Trade Commission’s Sample Opt-Out Letter(www.ftc.gov/privacy/cred-ltr.htm)—Offers a downloadable form that speaks tothe three national credit reporting agencies. The form requests that your personalcredit report information not be shared with third parties.

210

08 6483 ch07 5/9/02 8:51 AM Page 210

Figure 7.3

For more information on privacy laws, order the EPIC.org sourcebook.

• Internet Fraud Complaint Center (www.ifccfbi.gov/)—IFCC is a partnershipbetween the FBI and the National White Collar Crime Center (NW3C). Its mission isto address fraud committed over the Internet, offer a central repository for com-plaints, and provide timely statistical data of current fraud trends.

• Junkbusters (www.junkbusters.com)—Its mission is to “free the world from junkcommunications.” The site includes information, resources, and links to rid yourselfof junk e-mail, telemarketing calls, and more.

• Private Rights Clearinghouse (www.privacyrights.org)—A California-based organi-zation that offers privacy information through its publications and hotline.Information is available in English and Spanish on wireless communication, tele-marketing, employee monitoring, and other privacy concerns.

• Truste (www.truste.org)—An independent nonprofit organization dedicated to rais-ing consumer confidence in the Internet and wireless communication. For moreresources and online Web sites, see Truste’s reference pages, includingwww.truste.org/education/users_privacy-links.html (see Figure 7.4).

The Privacy Exchange’s online resource at www.privacyexchange.org/gpd/sites/advocacysites.html also provides good information. In addition, the Electronic IndustryPrivacy Council offers more referrals at www.epic.org/privacy/tools.html.

7

211

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

08 6483 ch07 5/9/02 8:51 AM Page 211

Figure 7.4

Truste.org offers a free parents’ and teachers’ online privacy guide.

PROTECTING YOUR CHILD’S PRIVACYAlmost three-quarters (73%) of U.S. children between the ages of 12 and 17 have Internetaccess, according to a study by Pew Internet and American Life Project. Pew’s researchshows that more than 30 million Americans under the age of 18 are now online. Webaccess via wireless networks and devices promises to increase that total.

Protecting your child’s privacy online is such a major concern that the government enactedthe Children’s Online Privacy Protection Act (COPPA) to address it.

Enacted in 1998, COPPA places significant restrictions on methods by which Web sites cancollect personally identifiable information from children under the age of 13. The actbecame a law in April 2000. COPPA requires that commercial Web sites obtain parentalconsent to gather information from those age 12 and under. This can include the grade orage of a child, full name, home address, e-mail address, phone number, Social Securitynumber, or other information that the FTC determines could permit online or offline con-tacts for individuals. At press time, the FTC is planning to propose a two-year extension tothe portion of COPPA that allows Web sites to obtain parental permissions via e-mail foruse of children’s data. In the long term, it is expected that the FTC will require a moresecure means of confirming permission other than e-mails, which could be intercepted bychildren.

Most experts believe that COPPA will also apply to children using the wireless Web.Because young wireless subscribers will jump from 11 million in 2001 to more than 30

212

08 6483 ch07 5/9/02 8:51 AM Page 212

million in 2004, according to the research firm Cahners In-Stat Group (wwww.instat.com/insights/wireless 2001/wp007md.htm), and because millions more kids can access wire-less content and Web sites via parents’ or pals’ devices, protecting privacy is an expand-ing challenge. Kids want the devices for socializing, and parents are willing to pay forservices for safety reasons. Parental controls for the wireless are just starting to evolve.Meanwhile, here are some tips for online safety that apply to wireless access as well.

Kids’ Wireless Safety Tips

In developing these tips, I used a number of resources that you can also refer to. Theyinclude the FTC, which maintains a special privacy Web site for children atwww.ftc.gov/bcp/online/edcams/kidzprivacy/index.html, and a list of rules for onlinesafety at www.4j.lane.edu/safety/rules.html. These were created with help from abrochure written by Lawrence J. Magid, syndicated columnist for the Los Angeles Times.Here are the suggestions I’ve updated for the wireless world—pass these along to your kids:

• Never give out your last or family name, your home address, or phone number inchat rooms, during instant messaging, or in a voice message to people you andyour family don’t know.

• Don’t tell other kids your user ID or passwords.

• If you accidentally give out some information to a Web site when playing a mobilegame or in response to an alert you receive that you feel was private (such as yourname, age, or physical location), tell your parents who you gave it to so they cancontact the Web site or content provider and ask them to delete or erase the infor-mation.

• If anyone online or on your mobile device asks for more information than youknow you can share safely, leave the Web site, end the instant message, or hangup on the caller.

• Don’t give out your parents’ work addresses or telephone numbers or the nameand location of your school without your parents’ permission.

• Never agree to get together with someone you meet online or someone you don’tknow who sends you an e-mail or text message or plays a mobile game with you.

• If you get an e-mail or message that is mean or uses bad language, don’t respondto it. Report it to your parents or teacher (if you’re at school) so they can contactofficials if necessary.

For more information about parents’ and children’s privacy issues, check out the followingWeb sites:

• America Links Up (www.americalinksup.org)—Provides resources for parents andkids with information on safe and rewarding online experiences.

• The FTC Kidz Privacy site (www.ftc.gov/bcp/conline/edcams/kidzprivacy/index.html)—A Web site produced by the FTC in conjunction with COPPA. Itincludes do’s and don’ts for children’s online privacy (see Figure 7.5).

7

213

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

08 6483 ch07 5/9/02 8:52 AM Page 213

214

Figure 7.5

KidzPrivacy is the FTC site for kids, parents, and teachers at www.ftc.gov.

How Much Information Should You Share?

Some people—especially teens—seem to be more than willing to unlock a treasure-trove of personal information in return for a free gift, according to a recentUniversity of Pennsylvania, Annenberg Public Policy Center study titled “TheInternet and the Family.” Take a look at what information kids aged 10–17 whowere polled were willing to give out in return for the free offer (courtesy ofeMarketer.com):

• 26% were willing to reveal what their parents do on weekends.

• 39% were willing to reveal the amount of their allowance, how they spend theirweekends, and whether their parents talk frequently about politics.

• 44% were willing to reveal the type of car their family owns.

• 54% were willing to reveal the names of their parents’ favorite stores.

• 65% were willing to reveal the names of their own favorite stores.

For more details on the study, see the study’s Web site athttp://www.appcpenn.org/internet/family.

08 6483 ch07 5/9/02 8:52 AM Page 214

Parental Controls in Progress

Parents worried about the content of video games for Microsoft’s Xbox have the optionof accessing a parental control that can restrict kids’ access to violent or inappropriatecontent. Neither Sony nor Nintendo’s game consoles come with parental block options,although Sony’s PlayStation 2 offers a password-controlled parental block on the DVDplayer add-on. What controls do wireless devices/systems offer families? Parental con-trols set at a PC apply to the America Online mobile communicator device. Check to seewhether your wireless provider offers a parental control option on its corporate Website (see Figure 7.6). Many of the wireless home networking systems feature built-in oroptional parental control systems. You’ll need to consider instant message filters ande-mail controls, too. Symantec’s Norton I-Net Security 2002 (www.symantecstore.com), at a $99.95 estimated retail price, offers Norton Parental Control for parents whowant to protect children from receiving inappropriate content through online file shar-ing and peer-to-peer networks such as digital music file systems.

7

215

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

NOTE

Figure 7.6

AOL empowers parents through its keyword “parental control.”

Often, parents share their wireless networks and devices with their kids, so the wirelessproviders and carriers don’t even know children are using their mom or dad’s phone, PDA,or PC. That’s why you should understand more about how to guard your own privacy andsecurity.

PERSONALIZATION VERSUS PRIVACY AND SECURITYHow personal is your own information? If you’re online, you’re probably familiar with onemethod of gathering information on you and your surfing patterns—cookies, which develop

08 6483 ch07 5/9/02 8:52 AM Page 215

a more personalized approach to users’ returns to Web sites by serving up content oroffers that will appeal more personally to you.

216

EEInternet cookies—no, these are not Oreos or chocolate chip—are small data itemsabout you and your visit to Web sites that tell marketers what you looked aton the Web site, which information you read first, which site you came from,and which site you went to next. Also called Web bugs, these files usually are 1pixel wide and 1 pixel long, embedded in a Web page, camouflaged in thesame color as the page background, and invisible to the eye. You can think ofthem as your identification for that Web site that, when combined with infor-mation on the site’s database, are part of what forms your profile. So, if youuse another computer and log in with your username and password, the sitecan find your preferences.

Cookies look tame when you compare some methods next-generation marketers are plan-ning. In an increasingly competitive cyberspace economy, wired and wireless networks,carriers, and service providers are seeking to know not only your numbers and demo-graphics but also your psychographics—your habits, preferences, and beliefs—so they canpersonalize commercial alerts, offers, and even coupons for your location and interests.

Perhaps you’ve seen the television commercial depicting an ISP’s cavalier attitude in han-dling subscriber information. The spot shows a guy at a bar who obtains the phone num-ber of a gal next to him and then next shocks her and some viewers by selling that numberto the guy sitting next to him and also to the bartender. In the past, some companies whowere gathering phone numbers, addresses, and names of subscribers began to look at thisinformation as a marketable asset. They began to sell or share this personally identifiableinformation (PII) with their marketing partners or even tried to include that data in theirremaining assets when they were declaring bankruptcy.

As a result of the junk e-mails and in some cases unauthorized credit card charges fromthis misuse, thousands of local bills and regulations are pending. On the national level, pri-vacy legislation has become a key issue.

Privacy Legislation Sources

For a complete list of federal privacy legislation pending and explanations, the bestonline resource I found was the Center for Democratic Technology. It lists legisla-tion enacted and in progress for the 107th Congress (2001–2002). The Web sitecovers such areas as free speech, privacy, wiretaps, cyber security, domain names,junk e-mail, digital signatures, encryption, and e-government rulings and band-width concerns. For compete lists, go to http://www.cdt.org/legislation.

At press time, the site included details on the recent enactment of HR 3162, theU.S. Patriot Act of 2001, which covers “uniting and strengthening America by pro-viding appropriate tools required to intercept and obstruct terrorism.”

08 6483 ch07 5/9/02 8:52 AM Page 216

Privacy and Public Safety

Since September 11, 2001, some privacy advocates assert that public security issues areovershadowing privacy concerns. There’s no doubt that public safety is crucial, yet pre-serving your privacy is still a concern for many.

New location-based wireless networks and technology might blur the lines between pri-vacy, personalization, and security even further. Do you know the difference betweenthese terms? You might want to check the following jargon, which I’ve adapted for thewireless environment.

7

217

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

You’ll find details, including the number of the bill, a summary, and its status. TheCDT includes a valuable key to the status that tells you information such aschanges to the bill, which legislation is on the fast track, bills the CDT urges you totake action on, a link for more information, and the legislation that has beenenacted (approved as a law).

EEPrivacy is the capability to withhold or keep secret a body of information andpersonal information ranging from address and phone number to age, weight,and spending preferences. In the wireless world, this could also apply to per-sonal data that evolves from wireless use and interactions.

Personalization connotes methods (often technological) to customize news,alerts, coupons, and offers that are available via your mobile device or wirelessnetwork based on your personal preferences.

Security

The Web site webopedia.com defines security as “the techniques for ensuring that datastored in a computer (or in this case in a smart handset or PDA) cannot be read or com-promised. Most security measures involve data encryption and passwords. Data encryp-tion is the translation of data into a form that is unintelligible without a decipheringmechanism. A password is a secret word or phrase that gives a user access to a particularprogram or system.”

In a wireless world, security includes communication links, integrity of the channel, andaccuracy of transactions.

08 6483 ch07 5/9/02 8:52 AM Page 217

The Wireless Industry and Privacy

The good news is that carriers and marketers know they make money only when youhave your cell phone or device on. A spokesperson for the cellular industry organizationCellular Telecommunications and Internet Association (www.ctia.org) is quoted as saying,“If people are constantly being spammed on their cell phones, they are going to turn themoff.” That makes a lot of sense, doesn’t it (see Figure 7.7)?

218

Figure 7.7

Turn to www.wow.com for more articles on the CTIA.org consumer Web site.

The CTIA recommends the following wireless privacy guidelines to its members and thirdparties:

• Consumers need to be informed that information on their locations is being col-lected.

• Consumers need a meaningful opportunity to proactively opt in for location ser-vices, provide consent to the collection of location information before the data isused, and be made aware of exactly what is being collected.

08 6483 ch07 5/9/02 8:52 AM Page 218

• Service providers must ensure the security and integrity of any data collected andmust permit the customer reasonable access to it to ensure its accuracy.

• The guidelines apply across the country and across all types of platforms, hand-helds, wireless phones, and PDAs and across all businesses involved, including car-riers, handset manufacturers, or third parties.

What does this policy statement really mean in plain English? The CTIA proposes thatproviders of location-based information do the following:

• Inform customers about the collection and use of the information

• Provide consumers with a “meaningful opportunity” to consent to the collection oflocation information before the information is used

• Ensure the security and integrity of any data collected

• Permit the customer reasonable access to ensure accuracy

• Provide uniform rules and privacy expectations so consumers aren’t confused asthey roam or use different locations

Are You In or Out?

If you’re shopping to upgrade your mobile services or getting new navigation systemsinstalled in your vehicle, you need to take time to opt in or opt out and familiarize your-self with the privacy policy and security systems. Often in the mobile world, you’ll dothis via phone or maybe even by keying in the information on your new device. Forquestions, be sure to ask your service representative—or if no “live” representative isavailable, refer to the mobile operator’s Web site. Trying a wireless network at a publicspace like a hotel or an airport lounge? Don’t be shy; check the privacy policy and askabout security before you log on.

Keep a watchful eye on how these policies evolve or change in the future. Forbes.comreports that AT&T, Verizon Wireless, and Sprint PCS told the FCC that it’s premature toadopt rules governing location privacy practices, but if the agency decides to moveahead, the rules should treat handheld computers with wireless connections in thesame way as mobile phones. The same Forbes.com report also says that the DirectMarketing Association urges the FCC to allow the industry to regulate itself on privacy.

7

219

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

EEOnline and mobile direct marketing have made the terms opt-in and opt-outpart of the jargon used by direct mail moguls and new media marketers. Opt-inis where you tell the online service or mobile marketing company that youwant to give them information about yourself or subscribe to a service, such asan e-mail newsletter or coupons. Opt-out means the marketers or services cantrack or mail to you unless you choose not to have them do so. Most of thelocation-based services and manufacturers we talked to said that giving cus-tomers the opt-in option is the only way to go. Maybe you’ve even seen Websites who demand double-opt-in, meaning that you check off that you want tobe on a mailing list or get a free newsletter and then you receive an e-mailasking you to mail back to them to confirm your interest.

08 6483 ch07 5/9/02 8:53 AM Page 219

All the emphasis on your location becomes more critical in an increasingly mobile world.

Location-Based Services and Privacy

Expanded geographic and mobile technology innovations in devices and systems willmean your carrier and other third parties can launch location-based content, services, andoffers. How all this will work is still being defined as we move to next-stage technologies,including wireless broadband and third-generation (3G) networks and equipment.According to www.WBT2.com, location-based services will come in three different forms:

• Location-blind—You pull wireless content, such as news and sports scores, directlyfrom content suppliers or from your carrier’s central Web site or gateway to yourdevices or home and office wireless networks.

• Location-aware—You input a location on your device to receive informationrelated to your surroundings, such as a recommendation for an Italian restaurant.

• Location-precise services (LPS)—Services that are evolving as a result of emerginggeographic technologies and the FCC’s E911 mandate that requires carriers to beable to locate you within 30 feet for emergency services. With LPS, your providerwill be capable of pinpointing your location in nonemergency situations and send-ing relevant information to your device.

These new systems promise terrific benefits for the road warrior looking for a motelvacancy or a driver seeking a safe gas station open at 5 a.m. Yet, just like the onlineworld’s personalization systems, they bring new challenges.

Will these new location systems mean wireless spam as marketers battle for your atten-tion? Michelle Slack at Jupiter Communications reminds us that “advertisers must first sur-mount the consumer privacy issue.” She adds in a TechTV.com article that “they’re paintinga very pretty picture, but it’s just not a reality now.” She expresses a common doubt overwhether customers even want such highly targeted ads.

In the best-case scenario, location-based systems will serve as your personal conciergeproviding recommendations on shopping, points of interest, and specials nearby. SeeChapter 8, “Connecting on the Go,” for details on how location services will enable vehi-cles to use systems such as EZ passes and transponders for paying tolls and purchasingfast food and more.

Marketers Adopt Privacy Rules

The CTIA policy on privacy says companies should get permission from consumers beforeusing location information from their cell phones and ensures the security of the data col-lected.

The Wireless Advertising Association (WAA) says it is very concerned about privacy forconsumers, especially in location-based situations, according to Barbara Sweetman,administrative director for the group.

220

08 6483 ch07 5/9/02 8:53 AM Page 220

The WAA (www.waaglobal.org) says it has been proactive in developing a list of industryguidelines and establishing a committee on privacy and spam. According to the WAA Website, its guidelines—although similar to some principals from the Online Privacy Alliance,the Internet Advertising Bureau (IAB), and the Network Advertising Initiative—in some casesrequire a higher level of permission from consumers, particularly for wireless “push” adver-tising.

The following are the wireless advertiser guidelines defined by the WAA:

• WAA members should adopt a privacy policy regarding PII that is readily availableto consumers at the time that PII is collected and encourage partners to do thesame.

• WAA members should notify subscribers of how PII is being obtained.

• WAA members should give users notice and choice regarding the use of PII, andthey should not use PII for purposes other than those for which it was collectedwithout explicit consent. Such consent shall be by confirmed opt-in.

• The WAA does not condone wireless spam.

• WAA members shall make every effort to ensure that PII is accurate and secureand where reasonable and appropriate allow wireless subscribers to correct ordelete such information.

7

221

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

EEPersonally identifiable information (PII) is defined as data that can be used toidentify or contact a person uniquely and reliably, including but not limited toname, address, telephone number, and e-mail address. Non-personally identifi-able information (non-PII) is defined as data not uniquely and reliably linked to aparticular person, including but not limited to activity on a wireless networksuch as location or log files related to Web browsing activity on a mobiledevice.

The WAA recommendations cover such topics as privacy notices and disclosure, what theprivacy policy must state, what the definition of wireless spam is (push messaging withoutpermission and so on), data security information, data quality, and access procedures. Formore specifics, go to http://www.waaglobal.org.

EEThe WAA defines push messaging as including audio, short message service(SMS), e-mail, multimedia messaging, cell broadcast, picture messages, surveys,or any other pushed ads or content.

CONTROLLING PRIVACY AND PERSONALIZATIONAnother trade group guiding the future of privacy and personalization is thePersonalization Consortium (www.personalization.org), a voluntary organization ofdozens of major companies.

08 6483 ch07 5/9/02 8:53 AM Page 221

Bonnie Lowell, former co-chair of the group’s privacy committee and one of the pioneersin online privacy and personalization technology creators, says the consortium’s goal is toenhance privacy features and to make the process of sharing information safer and moreconvenient for customers. She explains that new services and intelligent systems aim tomake privacy policies interactive. A system called Platform for Privacy Preferences (P3P)collects privacy preferences and then flags any discrepancies between your preferencesand the firm’s actions.

Now that you know the term, you can find out whether software, devices, your carrier, or your wireless ISP is P3P compliant before you make a purchase.

Lowell urges firms to work with consumers on what she calls participation management,which enables you to opt in, opt out, control your own level of personalization, and checkthe status at any time from anywhere.

Personalizing Offers

As long as the customer is in control (or believes she is in control) of the content, fre-quency, and timing of communications, she will be receptive, enabling mobile and wire-less marketing and commerce to succeed, says Barry W. Peters, director of emerging mediaand relationship marketing at the San Francisco ad firm Lot 21 Inc. Peters says thatalthough the mobile medium offers tremendous potential, if one of the variables of “rightoffer at the right time to the right audience” is slightly off, the medium will instantly limitand perhaps kill its potential.

222

NOTE

What Do You Want?

What circumstances will convince users in the U.S. to accept wireless advertising?According to research firm Strategy Analytics, these incentives will drive mobilemarketing acceptance:

• 43% of users said companies would have to give them all incoming calls free.

• 24% said they’d have to send them a coupon.

• 23% said the ads would have to be only from companies they approve.

• 11% said they’d have to offer a $10 bill reduction.

• 7% would settle for a $5 bill reduction.

Obviously, that adds up to more than 100%, so some folks would probably acceptmore than one alternative.

Researchers see mobile wireless advertising revenues rising to between $16 billionand $23 billion by the year 2005, according to groups ranging from Ovum toDurlacher of London to the Kelsey Group.

08 6483 ch07 5/9/02 8:53 AM Page 222

“The winners in mobile commerce will be those firms that figure out how to make mean-ingful offers to consumers who hit them at the impulse time,” according to Daniel Springer,chief marketing officer for credit card company NextCard. His firm is using four types ofmobile messages in trials:

• Time-sensitive promotional coupons

• Ads based on specific products (see the section “Actionable Offers,” later in thischapter)

• Sales alerts

• Interactive branding offers

Wireless Coupons

How do these offers work? Sometimes they will be in the form of wireless coupons. Bigbrand names such as Procter and Gamble, Visa, NextCard, Kinko’s, HP Online, eCoupons,and even KFC chose wireless marketing pioneer SkyGo’s trial to try mobile marketing (seeFigure 7.8).

7

223

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

Figure 7.8

SkyGo delivers wireless alerts to cell phones and PDAs. Check out Subway’s mobile coupons.

During their trials, SkyGo researchers found that what irritates participants most are alertsthat are not targeted to their interests.

08 6483 ch07 5/9/02 8:53 AM Page 223

Actionable Offers

Offers based on specific products will often be actionable in the wireless world. All you dois click the product logo or text name or video demo, and you are connected directly to acall center. For example, online gift retailer RedEnvelope (www.redenvelope.com) is just oneof the marketers using actionable offers that let you connect directly to Red Envelope oper-ators to buy a gift via your device.

For example, are you a chocoholic looking for the nearest Godiva retail store? You can getan electronic map sent to you wirelessly that pinpoints your location and shows the pathto the bonbons (see Figure 7.9). If you click a logo or an alert, you also might get a specialsales offer.

224

Figure 7.9

Chocolate on the go and more at www.PDAcentral.net, where you can download applications to guideyou to Godiva boutiques.

Protecting Yourself

So, how do you protect your privacy while cashing in on these new meaningful offers?

Many companies give users an opportunity to get wireless offers in return for special dis-counts on wireless services. Often, you’ll find similar incentives from wireless carriers thatoffer you free trial periods for their data services and that often include alerts or offers forsponsors of their content offerings, such as news or sports updates.

Watch when your trial period for free content or data services ends, and be sure youhaven’t signed up for auto-billing without your consent. You might have to opt out to can-cel the monthly subscription after the trial period.

08 6483 ch07 5/9/02 8:53 AM Page 224

Bricks and mortar stores might ask for your wireless e-mail address when you sign up towin a prize. Don’t give it out unless you want an offer sent to it. By signing up for the con-test at retail or online, you might be giving your permission to send alerts to you. If youuse a “swipe-to-buy” scanner system, such as EZPass or SpeedPass, be sure you know theirprivacy policies in advance.

Be sensitive to SMS alerts you get and check before clicking to see whether they arelabeled “advertising.” Don’t click a logo or a video demo unless you’re really interested. Ifyou do click and end up buying something you don’t want, be sure you call your wirelesscarrier or ISP to see that the purchase is deleted from your bill because many wireless pur-chases are added to your phone or ISP bill at the end of the month.

A report by Los Angeles-based ABC Channel 7 news says that dashboard devices called transponders are being stolen in Orange County, California from toll road customers’cars and being used to buy food at local McDonald’s. These Fast Track transponders(made of plastic and the size of a wallet) are placed in your window via Velcro, sothieves have to get inside your car to steal them. Don’t leave your car unlocked or yourdevice in the window when you leave your car, and treat the Fast Track devices likecash. The bad news is that $15,000 worth of charges have been racked up via thievesusing these transponders. The good news, though, is that consumers who’ve beenripped off are not being charged for the purchases.

Location, Location, Location

With the proliferation of handhelds and cellular devices, m-commerce business models areevolving, according to David A. Finck, editor-in-chief of Laptop magazine. He says that inthe location-based services arena, you have two primary options. First, you can go wholehog where you, the customer, sign up with a push service and offer up detailed personalinformation. The service tracks your location via your cell phone, and sponsoring vendorscan target you with discounts and sales notices in proximity to your favorite products.Wherever you go, you’ll be notified of relevant shopping information.

In the second option, you open an account with a service and access it only when youneed it, such as at lunchtime on the road. You dial in and get a list of restaurants in yourcurrent location. You’ll be able to find participating vendors, order a meal, pay for it, anddrive over and pick it up; directions are provided too, of course.

Most importantly, you’ll have a choice. If you love to shop, love bargains, and don’t mindreceiving information, you can opt for the push services, where the advertisers can bom-bard you with product alerts. Or others can request specific information by signing up foruser-controlled services.

So Who Owns the Customer?

That’s the big question: Who owns the customer in the mobile environment? At least sixcategories of players are jockeying for your dollars, according to Lot 21’s report:

7

225

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

CAUTI O N

08 6483 ch07 5/9/02 8:53 AM Page 225

• The carrier/FCC license holder/service provider—AT&T, Verizon, Nextel, Sprint, andthe other big guys who provide your phone service say they own your communi-cation gateway. Kind of like AOL owns the window to its subscribers.

• Device manufacturers—Nokia, Motorola, Palm, and Ericsson are less aggressive inthis customer battle, but they are also cutting deals with your carriers now.Meanwhile, they’re making money by getting you to upgrade to fancier andsmarter phones and devices.

• Content aggregators and providers—These companies, such as online and televi-sion names like AOL, Yahoo!, CNN, and CNET who aggregate content, want togather new dollars from you in the wireless space. Plus, many plan to sell ads ontop of the content they send you because they feel they own the relationshipoffline or on TV. Many ad experts think it’s an either/or proposition: Either giveaway the content for free and subsidize it with ads or ask consumers to pay andthen provide it ad-free. It’s kind of like the cable television model.

226

EEWhat’s a content aggregator, you ask? These are the media giants of the futureaccording to some experts. By slicing and dicing all the content they haveonline or on TV or radio and promoting wireless subscriptions, these contentguys want to extend their brands. They spent millions or even billions of dol-lars aggregating (putting together in one place) their information in what somecall walled gardens of media, and now they want to extend those walls to thewireless world.

• Infrastructure—This is the enabler that allows users to access content through itswireless devices, such as Openwave (formerly Phone.com). Some people comparethese guys to early browsers such as Netscape. Other consumers are turning tomobile portals online where they sign up for content in advance and get adsincluded if they opt-in for the free information.

• Delivery networks—Aether Systems or AvantGo are just some of the delivery net-works targeting businesses or consumers to deliver content to devices. Your devicemight come with embedded delivery networks or services.

• Ad and content networks—Companies such as Doubleclick, WindWire, and Yahoo! are online networks that are now selling wireless ads for media properties.These networks also track who is seeing or hearing the offers and track other m-commerce applications.

So who owns the customer? Obviously, you know the answer you want to hear: You ownyou! That’s why it’s crucial for you to protect your identity and to watch so that you’re notswayed by bribes from opt-out systems that encourage you to give away your name andSocial Security number without your informed consent.

So don’t be gullible. Choose wisely because not all offers deliver on their promises. Nooffer tastes as good as your privacy does.

08 6483 ch07 5/9/02 8:53 AM Page 226

WIRELESS CONTENT AND OFFERSConsumers want wireless multimedia now according to a survey by IDC commissioned bymajor firms Qualcomm Inc., Lucent Technologies, and Microsoft. The most popular appli-cation in the survey was accessing e-mail, and the second most popular was accessingimages and audio content. About 31% of the 1000 people surveyed said they had morethan 30 minutes of time a day to use such services.

The challenge with such surveys is that they ask what would you do if. The real answerslie in what you are doing. Today, fewer than 1 million users can even access the WorldWide Web via their cell phones. Some cynics think you won’t even want to use the Webvia phone. Technological breakthroughs are making it easier than ever to access contentand offers wirelessly without hooking into what we know as the Internet.

Offers on the Go

If you live in New York City or plan to visit, watch out for outdoor ads that communicateto many devices that run the Palm operating system. Streetbeam wirelessly enables out-door displays with interactivity. The infrared kiosks and bus shelters are equipped withinfrared signals (kind of like your remote control signals) so they beam a small file of infor-mation to your PDA. They encourage you to go to the Streetbeam Web site later. Thereyou can download the conduit and get updated promotional information from the ven-dors every time you hotsync your PDA (see Figure 7.10).

7

227

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

Figure 7.10

Hotsync your PDA to your computer to get mobile offers and updated wireless information.

EEYou will hotsync a PDA—or perhaps even a phone in the future—by putting it inits cradle and hooking it up to a PC (or maybe someday a TV or another digi-tal storage source) so that it gets not only power but updated information thatgoes from one device to the other—in other words, from PC to PDA, or viceversa. For example, you might enter a phone number into a PDA and thenhotsync it to your PC master data phone address lists.

Banana Republic, a division of Gap, Inc., is one retailer that uses the Streetbeam system.In one campaign, it says it generated 3,000 hits by posting ads on 100 Manhattan-based

08 6483 ch07 5/9/02 8:53 AM Page 227

phone kiosks to provide consumers with a list of store locations and information on salesand holiday gifts.

Another pioneer in this mobile media delivery area is WideRay, a wireless tech firm in SanFrancisco. Saul Kato, CEO, says that you can use his system to walk by a closed store andinstead of just window-shopping, get more information about a product displayed.

Streetbeam was originally founded by outdoor media entrepreneur Udi Aloni with thevision of connecting outdoor media and the emerging wireless technologies. The companyreceives a monthly licensing fee for each media display enabled with its technology. “Byenhancing powerful visual displays on the streets with wireless interactivity we provideconsumers with a new way to retrieve and save valuable information,” says Jan Renner,Streetbeam’s president.

Beaming systems built into devices including phones, PDAs, and Pocket PCs will soon allow you to send business cards by beaming virtual business cards to colleagues, sendinformation across a conference table, and even window shop when a store is closed.Check with your device manufacturer’s Web site for its privacy policy, and be aware thatsecurity systems for cutting-edge technologies are still being defined.

Yankee Group researchers project that there will be 26.6 million PDA units by 2003. Thatdoesn’t even count all the new types of wireless devices or networks that will be rolled outin the next few years.

AdAlive, a Massachusetts-based company, is giving PDA users access to airport billboards,hotel ads, and mall ads for e-mail and data synchronization with partners such as city-guide Vindigo and content portal AvantGo.

If you live in San Francisco and want to try this new technology, head downtown toMetreon, a Sony entertainment center. And don’t forget your PDA, so you can find out thelatest information. For more information, check it out at www.metreon.com.

Wireless/Mobile Offers

As noted earlier, offers in the mobile arena will not always be labeled as ads. Games andmessaging technologies will entice you with special deals and freebies.

To protect your privacy, think before you enter the contests and claim the free prizes.Advise your teens that if they play a mobile game or enter a wireless sweepstakes, theycould be giving out personal information without realizing it. That doesn’t mean youshouldn’t take advantage of these new offers because some can be not only valuable butfun to participate in. However, you should check out some of the forms these mobile offerscan take.

228

NOTE

08 6483 ch07 5/9/02 8:53 AM Page 228

Heineken

Agency.com’s Applied Concepts Lab in Europe is leading the way with a mobilephone–based trivia game that entertains pub-goers with SMS while promoting Heinekenbeer.

Holiday Inn

At press time, if you go to the USAToday.com PDA channel, you’ll see Holiday Inn hotelsand resorts offering free flight, free night promotional offers. Greg Price, VP of Marketingfor Holiday Inn brand, says, “This targeted and technological savvy way of advertising ispositively raising awareness and reinforcing the brand to a new consumer base.”

Travelocity.com

This travel Web site has partnered with electronic messaging firm Centerpost Corporationto provide an introductory service allowing for travel alerts on a wide range of wired andwireless devices. The system uses Centerpost’s SmartDelivery electronic messaging serviceto send travel advisories and messages to Travelocity.com members.

NHL’s Carolina Hurricanes

The National Hockey League’s Carolina Hurricanes are developing a strong local audienceby sending offers to mobile Web devices. The team uses wireless ad network WindWire topush attendance to the season opener. To make the ads more traceable, the team offersdiscounts with a special event code. If you use the code, the discount is taken and the com-pleted sale can be attributed to that wireless ad. Eventually users will also be able to linkto the team’s wireless Web site.

Sephora.com

Sephora’s Valentine’s Day 2001 mobile advertising campaign scored high with wirelessusers by toting up a 10.4% click-through rate, which wireless advertising solutions com-pany WindWire says is 20–50 times the response rate for the average Web-based banner.

This is great for mobile shopping but, as you probably know by now, clicking a banner is like responding to an ad. Your click is being measured, and your browsing patternsare being recorded in some cases.

Old Navy

As an example of how advertisers are trying to generate more traffic from consumers,WindWire has posted a mobile phone ad on its Web site from the clothing retailer OldNavy. The offer encourages users to enter a ZIP code to find the nearest Old Navy store.The added plus is a link to the latest fashion news. Always watch for the value-added infor-mation, in this case the free fashion news. After all, in this situation the only thing theretailer will know about you is your ZIP code, not your name, phone number, streetaddress, or e-mail address—unless, of course, you opt-in to give them that information.

7

229

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

CAUTI O N

08 6483 ch07 5/9/02 8:53 AM Page 229

Fox Sports Interstitial

WindWire uses what it calls interstitial ads as one of its branding methods with Fox Sportsso that the message can appear while you’re waiting for the next page to load on yourmobile phone screen. The timed interstitials appear between links in a wireless site. Rightnow these ads consist of logos or text, but soon they might include animation and videoas the multimedia messaging capabilities of your phone upgrade with next-generationmobile devices. As we saw with the Web, you might not even have to click to find you’refacing pop-up offers.

Voice Offers

Voice-centric versus click offers are expanding. You’ll hear more of this in the future whenVoiceXML (a new way of describing data on the Web) with advanced voice recognition willprovide interactive access to the Internet via phone or voice browsers.

Look for systems that voice-enable Internet applications or content features via yourphone or PDA. Some of the voice applications you’ll probably see soon include the fol-lowing:

• Entertainment—Games, movie reviews, and horoscopes

• Enhanced directory services—Phone numbers, directions, and store hours

• Financial information—Stock quotes and bank transaction information

• Travel-related information—Flight schedules, flight delays, weather, and traffic

Some of these are available today. AT&T, Yahoo!, AOL, and Virgin Mobile are all partner-ing with third-party marketers and content suppliers to use voice-activation and voice-enabled systems to communicate with consumers.

Some systems embed the ad or offer in voice-enabled e-mails, bringing you free e-mail orcontent in return for listening to the sponsor promo. Most voice systems require that youopt-in in advance, probably when you sign up for the service, so check it out at that time.

Dad probably told you to think before you talk. Now it may be more important than ever to do just that. Wireless offer acceptance may be only a word away. Saying “yes” tooquickly might be as bad as waving your hand at an auction. Most systems, though, giveyou a second chance to confirm your purchase before you buy.

GETTING TO ANYONE AT ANY TIME: PRESENCE-AWARETECHNOLOGY

Despite the proliferation of devices, wireless networks, and even in-vehicle communica-tions systems, it seems to be getting harder to contact someone when you want to.

A system called presence technology (often called m-presence) should simplify the next gen-eration of communication. After it’s installed it notifies you if the intended device user isavailable before you make the call. It could also reveal the device user’s location and

230

08 6483 ch07 5/9/02 8:54 AM Page 230

enable you to click through to him even without making a call (similar to instant messagebuddy lists).

Presence systems will enable you to do the following:

• Control your communications across multiple platforms (devices, laptops, PCs, andinteractive televisions)

• Establish priorities and interests

• Set up buddy lists (for work and play)

• Program filters for callers and date and time blocking

Searchnetworking.com tells us that the Internet Engineering Task Force’s (IETF) InstantMessaging and Presence Protocol (IMPP) Working Group is forming core standards thatmake presence technologies interoperable so that the systems will work across platformsand wireless networks.

Presence and Privacy Issues

Experts say that privacy issues will be addressed by allowing you a high degree of user-defined control. You select the conditions when you’re available or even detectable.

Lucent, Novell, and Motorola are just some of the name brands with patent-pending pres-ence messengering systems in the works. Most of these require GPRS phones, WAP-enabled devices, and carriers that offer instant messaging services.

In addition to person-to-person communications that enable you to locate anyone at anytime, presence technology will also have mobile commerce applications that facilitatemerchant-to-person offers, alerts, and personalization.

Privacy and Identity Alliances

Representing more than one billion names, almost 40 major companies, including someof the world’s largest businesses and industries, are joining together to form the LibertyAlliance Project (www.projectliberty.org).

The major players include American Express, America Online, Bank of America, eBay,Fidelity Investments, General Motors, Nokia, Sony, Sprint, United Airlines, Zkey.com, andmany more.

The goal is to create an open, federated solution for identity-enabling ubiquitous, singlesign-on, decentralized authentication and authorization from any device connected to theInternet from traditional computers and cellular phones to TVs, automobiles, credit cardsale terminals, and more.

“The Liberty Alliance Project is driving an open standard for what we believe will be thedefining issue of the networked economy: digital identity,” says Scott McNealy, Chairmanand CEO Sun Microsystems, Inc.

7

231

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

08 6483 ch07 5/9/02 8:54 AM Page 231

232

EEAccording to the Web site www.projectliberty.org, identity refers to informa-tion such as phone numbers, Social Security numbers, addresses, creditrecords, and payment information. A Nokia spokesperson further defines iden-tity as the basic information needed to identify a consumer, an employee, abusiness, a supplier, or even a machine or device when using the Internet andmobile Internet services. The spokesperson adds that “the inpoints of serviceidentity leads to service data which may include name, address, phone num-bers, work and home e-mail, credit cards, club memberships, Social Securitynumber, health records, banking records or part numbers.”

Passport and Privacy

The biggest rival to the Liberty Alliance service is Microsoft’s Passport system. More than20 million users already have Passport accounts that provide master account logins andpasswords, automatically pulling down mailing addresses and credit card numbers.

A story on eweek.com explains that Microsoft sees Passport evolving into a system over-seen by multiple companies or becoming one of several authentication systems that willwork in tandem to facilitate the use of the Web.

In announcing AOL’s addition to Liberty Alliance, TheStandard.com recounts that Microsoftis relaying its own plans to create a shared and open single sign-on service with Passport.According to the report, Microsoft will begin using a secure authentication technologycalled Kerberos in Passport that will make it compatible with other systems that also useKerberos.

If you’re an AOL user, you’re probably familiar with that service’s two authentication sys-tems:

• The Screen Name Service lets users sign on to AOL’s Internet services and partnersites without reentering a password.

• An electronic wallet service called QuickCheckout enables users to make purchasesonline at participating e-commerce Web sites.

IndustryStandard.com says that AOL is continuing to develop a new authentication service,dubbed Magic Carpet. They say AOL authentication services will be interoperable with theLiberty Alliance system.

Certificate-Based IM Solutions

VeriSign, Inc. (www.verisign.com) is working with Bantu (www.Bantu.com), a leader ininstant messaging (IM) and presence technology, to integrate VeriSign’s Certificate Servicesand Secure Messaging Technology with Bantu’s platform to create the first certificate-based IM solution for enterprises, communications providers, and governments.

Legal information on Bantu’s Web site (http://corp.bantu.com/bantu_legal.asp) says,“Bantu.com takes privacy and security seriously.” They add that the purpose of Bantu.com

08 6483 ch07 5/9/02 8:54 AM Page 232

is “for you to be able to confidently share important information with your colleagues,friends, and family.” The site says, “We know that privacy and security are important to youand accordingly, respect the privacy and security of the information you place intoBantu.com.” For specifics about registration, IP addresses, cookies, privacy policies, andanti-spam measures, check out its Web site.

The challenge with privacy and presence is that the data is generally automatic and highlydynamic. If you’ve used an instant messenger system, you know how fast your buddy’sname pops up and sends you a message. Some experts are developing an automated ver-ification approach to ensure that systems conform to complex policies including privacy,security, verification, and coordination.

Why all this emphasis on presence technologies? Even if you’re not familiar with these sys-tems, you will be soon (see Figure 7.11). Presence will offer immediacy for messaging andvoice calling. The systems will work not only on today’s mobile wireless networks but alsoon peer-to-peer projects such as today’s file-sharing programs like Gnutella and othersnow being created.

7

233

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

Figure 7.11

Presence technology is moving to classrooms to allow students to hook up wirelessly for online discus-sions via laptops or PDAs.

Intelligent presence-aware technology could serve as the next generation of personal assis-tants for voice mail, reminders, alerts, and even auto-purchasing. One example is the smartrefrigerator that records your purchases and consumption and then auto-orders milk whenyou’re down to the last carton.

INTELLIGENT CONCIERGES AND PRIVACYWhat are the advantages of mobile concierges, or intelligent agents, who assist you? Theycan help you save time; they might not be considered intrusive; and your wireless carriergets several benefits, such as selling more tickets and collecting from the sponsor of themessage that was sent to your pals for free. Beware, though, the wireless carrier is also col-lecting data because it could figure out which of your friends likes movies from these sig-nals sent.

Is all this artificial intelligence (AI) stuff light years ahead? Not really. Check out www.relatia.com to see how companies like Relatia are building in this interaction engine.They focus on human interaction in the mobile community. Is it good or bad? Depends on

08 6483 ch07 5/9/02 8:54 AM Page 233

how you use it and how paranoid you are about what people know about you and yourbuying habits. Don’t forget that your credit card company has known lots about your buy-ing patterns for years.

MAKING MOBILE MORE HUMAN-CENTEREDHidden behind every cell phone instant message is a human. Stanford University profes-sor Mary Baker says she is working on a “personal-level router” that creates a link not justto a network but to a person. Designed to act as a personal assistant, the router wouldknow whether you’re available at your land-line phone, cell phone, or e-mail. Privacy pro-tection from the MPA (mobile people architecture) would also filter and prioritize emer-gency messages from spam.

The second part of the MPA is something called identiscape, which is a type of addressbook for personal proxies. Check out the current version at http://mpa.stanford.edu,which covers wireless telephones, e-mail, and ICQ (instant messaging programs).

The MPA service doesn’t require a smart card to carry a user’s identity and works acrossall networks. Baker hopes that as technology continues to advance, the role of the personisn’t forgotten. So, the good news is that new technology is being developed daily that willnot only protect you and your identity, but also will appeal to you as a human being.

234

Disposable Phones and Privacy

You’ve probably already heard a lot of the concern being expressed by journalistsand politicians about not being able to track you via your device if you’re using adisposable. What’s all this static about? Take a look at a couple of the new dispos-able cell phone systems out there, and you’ll see both advantages and disadvan-tages in using them.

Known as the phone-card phone from Diceland Technologies(www.dtcproducts.com), the Altschul phone is an example of a disposable cellphone. These are also called recyclable in some circles. The gadget comes with 60minutes of prepaid airtime. Supposedly, there are $100 million in orders for thesedevices already. The creator, Randice-Lisa Altschul, says she envisions teens andbusy moms using Elvis phones or WWF-branded phones. The company didn’treveal who has placed the orders, but watch for them coming to your neareststores.

08 6483 ch07 5/9/02 8:54 AM Page 234

Figure 7.12

Try the Hop-On Wireless disposable phone demo at www.hoponwireless.com.

NEXT-GENERATION SECURITYNew levels of connectivity in the wireless world come with increased security risks.According to RSA Security.com, “Wireless transmissions are susceptible to interception and

7

235

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

Hop-On Wireless (www.hop-onwirelss.com), another manufacturer of disposablephones, is launching its product with Hollywood tie-ins, including featuring freecoupons on Jurassic Park III videos and DVDs (see Figure 7.12).

The Hop-On phone includes call and end buttons. Outgoing calls are made byspeaking a phone number into a microphone; voice-recognition software takesover and dials the number. An ear bud is included for hands-free operation.Because of network limitations, the phones can make only outgoing calls; they’renot capable of receiving calls. Watch for other disposable models from firms suchas Telespree (www.telespree.com).

Following September 11, 2001, the U.S. Attorney General’s office and the FBI indi-cated that disposable phones are one of the reasons they want to give the U.S.law enforcement community more legal power to fight terrorism, using techniquessuch as tapping phones. Other experts feel that calling cards are more of a secu-rity threat than disposable phones.

08 6483 ch07 5/9/02 8:54 AM Page 235

tampering.” Most experts agree that portable devices with no fixed connection offer tempt-ing wireless access points to hackers and devices. Improved mobile devices now containvaluable information and credentials of users, and this information needs to be protectedin case of theft or loss of the device.

Wireless users are especially vulnerable to loss or theft of wireless devices, according toCompaq Computer International. Gartner researchers estimate that 250,000 mobilephones and handheld devices will be left behind at U.S. airports. According to analysts atTekPlus, when a mobile device is compromised, the total cost to the company can be morethan 1,000 times more expensive than the actual device. And if an unauthorized user gainsaccess to the network and plants a virus, the costs can be much higher. (Be sure to see theguidelines for protecting your device listed earlier in this chapter.)

Sample Cell Phone Security Features

Devices are now featuring more security features. Know what your device offers you interms of protection and encryption systems. Here’s an example of some of the featuresyou’ll find on Nokia’s 9110 Communicator model, courtesy of Nokia.com in a security storyon www.WBT2.com on:

• SIM security—System Identity Module Security includes SIM lock and SIM changesecurity PIN code.

• Device locking—Includes capability to lock the device and lock the memory card.

• Call barring.

• Radio interface security—Has GSM encryption because it is a GSM phone.

• Software installation security—Digitally signed software.

• Internet and intranet security features—These include dial-up security, callbacksystems support, and encrypted connections.

• Web browser that supports SSL version 3 and strong encryption algorithms.

• Mail support for TLS version 1, SSL version 3, and strong encryption algorithms.

• WAP security—Wireless transport layer security (WTLS).

236

EEEncryption is the translation of data into a secret code. Encryption is a methodto make messages, data files, and electronic commerce transactions secure.Encoded blocks of data, called keys, are used to lock the message from outsideview when it’s traveling across the Internet or network (source:webopedia.com and Computerworld.com).

EESecure Sockets Layer (SSL) is a protocol that protects data sent between Webbrowsers and Web servers. SSL also ensures that the data comes from the Website it’s supposed to originate from and that no one tampered with the datawhile it was being sent.

08 6483 ch07 5/9/02 8:54 AM Page 236

Secure Phones and PDAs

Which are the most secure phones and PDAs? I didn’t find any such list because most ofthe equipment manufacturers are continuing to strive to add more security features,develop security patches for holes, and create stronger encryption systems.

I did find some solutions that can help you protect your devices and hint at what solutionslie ahead.

No-Tap Phone

A German company called Rhode and Schwarz (no relation to the author) and cell phonemaker Siemens are marketing a new device called the TopSec cell phone. Pricey at a whop-ping $3,000, the model is a modified Siemens S35i mobile phone. Alas, the model is notready for The Sopranos yet because the company is not marketing the phone in the U.S.yet. For more information, see www.siemens.com.

Biometric PDA Security

Identix (www.identix.com) is creating a biologon security application for Pocket PC-basedPDAs that features a biometric identification for locking and unlocking PDAs. The PDAs arefitted with their BioTouch PCMIA cards.

7

237

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

EETransport Layer Security (TLS) is a protocol that ensures privacy between commu-nicating applications and their users on the Internet. When a server and clientcommunicate, TLS ensures that no third party can eavesdrop or tamper withany message. TLS is the successor to SSL (source: searchsecurity.com).

EEMobile devices with WAP browsers are capable of securely browsing by usingend-to-end Wireless Transport Layer Security (WTLS). Future Mobile Information2001 Server editions will incorporate WAP processing capabilities (source:microsoft.com).

EEBiometrics literally means “life measurement” in the realm of security. It refers toautomated methods for identifying people based on their unique physical char-acteristics or behavioral traits. Types of biometric methods include fingerprintscanning, iris scanning, retina scanning, handwriting analysis, handprint recog-nition, and voice recognition (source: Computerworld.com).

Biometric Solutions (www.biometricsolutions.com) is rolling out two security products:BioSentry and BioHub. BioSentry is a portable biometric fingerprint reader designed forCompaq’s iPAQ pocket PC that attaches in place of the iPAQ expansion pack to increasesecurity and prevent unauthorized access to both hardware and data on the device.

08 6483 ch07 5/9/02 8:54 AM Page 237

BioHub by Biometric Solutions uses portable fingerprint authentication for Compaq,Hewlett Packard, and Casio handheld devices where users can choose authentication withor without a smart card.

SECURITY BEYOND TECHNOLOGYMany of the experts I talk with believe security is more than specific technologies; youneed to view it as procedures and policies. Four key security requirements they mentioninclude

• Confidentiality—So that you know your communications are private and confiden-tial

• Authentication—So that you know communicating parties are who they claim tobe

• Integrity—So that you know the information being communicated has not beenaccidentally corrupted or modified

• Nonrepudiation—So that you know transactions can’t be denied or disowned byone of the parties involved at a later date

According to the Washington Post, in a poll sponsored by the Information TechnologyAssociation of America and security firm Tumbleweed Communications, more than 70%of Americans are at least somewhat concerned about Internet and computer security inthe wake of the September 11 attacks. Security is the most commonly cited reason for con-sumer’s hesitation to use online services such as banking and shopping so it makes sensethat their concerns will be even greater as we move to mobile devices.

Compaq Computer International says that researcher IDC estimates the global market foroverall information security services will more than triple over the next four years—from$6.7 billion in 2001 to $21 billion by the end of 2005.

DOWNLOADABLE THIRD-PARTY SECURITY APPLICATIONSCheck out such Web sites and PDA portals as www.handango.com and www.palmgearhq.comfor numerous utilities you can download to enhance password protection. Handango.comoffers Handango Security Guard, a file encryption program, and Handango Vault, a securedatabase program that works with Palm OS, Pocket PC, and even RIM Wireless Handhelddevices.

You can also download encryption tools such as PocketLock, which is said to protect andencrypt Pocket PC files, and Sentry 2020, which offers transparent data encryption.

CNN.com explains that for $3.99–$9.99 monthly (depending on the price of your hand-held) you can insure your PDA against theft, loss, or breakage. Before signing up, checkto see whether your homeowner’s or office insurance covers the price of your PDAbecause the deductible might be higher than the price of a new device. For one source,check out www.palmslostorstolen.com.

238

08 6483 ch07 5/9/02 8:55 AM Page 238

ADDITIONAL SECURITY SOURCESFor more security information—including firewall installation; virtual private networks(VPNs); and new systems that will protect your corporate network, home office systems,and laptops and PCs that are wirelessly connected—see Chapter 9, “Home Sweet WirelessHome,” and Chapter 10, “The Wireless Workplace.”

7

239

PRIVACY, PER

SON

ALIZATIO

N, A

ND

SECU

RITY

EEA firewall consists of hardware and software that lies between two networks,such as an internal network and an Internet service provider. The firewall pro-tects your network by blocking unwanted users from gaining access and bydisallowing messages to specific recipients outside the network, such as com-petitors (source: Computerworld.com).

Meanwhile, here are some references for antivirus Web site sources and for Web sites lead-ing you to more security information and software:

• McAfee.com—Antivirus software developer McAfee is adding antivirus technologiesfor mobile phones to its wireless family of products. These include VirusScanWireless, which provides virus protection for PalmOS; Windows CE and SymbianEPOC platforms; and VirusScan Wireless for Mobile, which scans applicationslocally on smart phone devices to help safeguard against potential attacks byviruses, worms, or Trojan horses.

EEA Trojan horse is a destructive program that masquerades as a benign applica-tion. Trojan horses do not replicate themselves, but they can be just as destruc-tive. One of the most insidious types of Trojan horse is a program that claimsto rid your computer of viruses but instead introduces viruses into your com-puter (source: webopedia.com).

A worm is a special type of virus that can replicate itself and use memory butcan’t attach itself to other programs.

A virus is a program or piece of code that is loaded onto your computer ordevice without your knowledge and runs against your wishes. Viruses can alsoreplicate themselves.

• Symantec.com—You can subscribe to a free monthly newsletter that gives you tips,news, and promotions on new antivirus and security check systems. The site alsooffers a click-through to Symantec’s Internet Security Web site that includes infor-mation on surfing the Internet for your entire family.

• Look.com—This is the search engine of search engines and leads you to more than3,000 business, industry, and mobile security Web sites. It also has more than 180references to antivirus information Web sites ranging from computer virus hoaxesto virus encyclopedias, if you want to read more about these nasty bad boys.

• 4security.com—This is a guide to computer security from 4anything.com.

08 6483 ch07 5/9/02 8:55 AM Page 239

• Security.oreilly.com—O’Reilly’s Security Center offers computer books, securityinformation, and product recommendations and evaluations.

• Cerias.purdue.edu/hotlist—The Center for Education and Research in InformationAssurance and Security, courtesy of Purdue University. It’s a great list that includescommercial site information, virus detection, publications, organizations, and cryp-tography click-throughs.

• Lockdown.co.uk—This site labels itself the home security center and provides linksto PC security, encryption, downloads, site information, and security updates. Notethat the site is from the United Kingdom.

• SecurityPortal.com—This is a Web site developed and dedicated to providing cor-porate security professionals with information and resources to protect networks.

PDA users can get additional references to PDA and Pocket PC Web sites for security andprivacy updates in Chapter 4, “Maximizing Use of Your Device.”

240

PDA Virus Warnings

TechTV advises that there are at least three ways bugs could attack your devices:

• In hotsyncing your PDA up with your PC

• By beaming data between devices with infrared ports

• Via wireless Web access that automatically exposes your device to the normalsecurity threats of the Net

The good news is that in a TechTV interview, Roger Thompson, director of mali-cious code research at security firm TruSecure, says that the risks of infection fromNet access are low because the low bandwidth available on the wireless Web actu-ally helps filter out potentially loaded files. Another source of infection is in the cellphone modules available for PDAs. A virus dubbed Telefonica spread throughSpain in 2000 proving that mobiles could be vulnerable to attack. Palm officialssay that the sync-up process is actually a safeguard for PDA users. Most Palm usersregularly synchronize their data, meaning the data is constantly backed up, accord-ing to a Palm spokesperson, so that if anything were to damage it, users couldinstantly reset their devices and hotsync to restore their data.

08 6483 ch07 5/9/02 8:55 AM Page 240