Carrier IQ and Starbucks?
Now that I have your attention, there is an interesting parallel between Carrier IQ and Starbucks that explains a lot about the phantoms we battle in the mobile world.
Remember about one year ago, the newswires were full of security articles on the Starbucks wallet. Mobile Commerce Daily published a story titled, “How to compromise the Starbucks Rewards Card app in 90 seconds” (see story).
Foaming at the mouth
To compromise the system, the mobile forger could simply photo-capture a Starbuck’s 2D code off an unattended phone and proceed to debit the owner’s prepaid account at any Starbucks café.
The Starbucks mobile stored-value program has the identical functionality of the Starbucks plastic stored-value card. Instead of swiping the card, the Starbuck’s attendant scans the number off the phone via a 2D code on the phone screen.
What is interesting about this scenario is not the fraud.
Plastic stored-value Starbucks cards are stolen, lost or misused every day. There is limited risk. The wallet is designed for micro-transactions and Starbucks is happy to repay the loyal but irate consumer two lost “No-foam soy mocha decaf lattes.”
As I discussed at length in my book, “The Impulse Economy,” what is of note is that the mobile misdemeanor gets more press.
The phone is more personal than the cowhide wallet and, therefore, under more scrutiny. The mobile phone houses family photos, girlfriend’s SMS, business notes and now a wallet.
Then Carrier IQ arrived
We woke up to CNN showing the hoodwinked public – care of Trevor Eckhart – that their phone in their pocket had been hijacked.
Wired Magazine editors explained that every keystroke, every media selection, every location was recorded by the Carrier IQ software as a Matrix-like data.
For the unsuspecting phone owner of AT&T, Sprint, T-Mobile and Verizon phones, all this information was recorded.
• Perhaps our secret SMS messaged are being posted on the cafeteria wall?
• Our photos and videos screened by the IT department?
• Our love life the laughing stock of the mailroom?
The fact that the Carrier IQ software is basic diagnostic code installed in the phone to help debug and improve performance on the network and the fact that the code is impossible to read without an IT certificate – all seems immaterial.
But here is the Starbucks parallel.
We did not seem to react when Windows ran the Dr. Watson diagnostic software on our 1995 PC operating system.
The only complaint we had then was it was slowing down the computer and most folk went to their geek squad to dive into the Window’s Registry and disable it.
Why is Carrier IQ different from Dr. Watson? Why is the Starbuck’s mobile app different from the piece of plastic in our wallet?
Are we more vulnerable on our phone? Should Minnesota Senator Al Frankin and the nice folk at the Federal Communications Commission be panicking? I do not think so.
Of course, we need to be aware of privacy and security issues related to new technology. Trust needs to be built and trust needs to be kept. We need to proactively work on security and privacy standards.
However, the mobile industry is light years ahead of incumbent digital media in self-regulating, self-policing and considerable navel gazing.
The digital incumbents – online and other media – need to look to the mobile industry that has proudly monitored mobile messaging short code provisioning in the United States unlike Japan and Europe, and to Apple which invented the mobile app and has closely monitored provisioning of content on its network.
IS THE INDUSTRY perfect? No. Does it need to work hard to maintain trust? Yes.
But in a world where every screen is mobile and soon many wallets, where health, media, fitness, gaming, business and, of course, communication convergence is happening aggressively on a month-to-month basis, we are doing a fantastic job.
(Since this was written on my U.S. smartphone, I hope the industry folk are reading my data now. Send.)
Gary Schwartz is president/CEO of Impact Mobile, Toronto, and author of “The Impulse Economy” (Simon & Schuster, 2011). Reach him at [email protected]