Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 2

Tracking Smartphone Data

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Morning, everybody. How you doing today? I wanted to tackle the topic of smartphones and personal profile information that we talked about that a lot last year on the show, but it come up again. I'm with free articles in the last week the kind of went. Hey, there's something else going on here or at least it's time to revisit and to bring people back up to speed again.

So those three articles pretty straightforward. The first one was John Chen the CEO of BlackBerry talking about how he would instruct his engineering team to break the encryption on their products. If so, I ask by law enforcement down on its surface. It's not that bad of a thing for a CEO to say hey if we get a legal request we are going to follow through on that.

In fact, that's what we want every CEO around the planet to say because we want companies to follow the law, but the problem here is that by breaking a system. You're actually going to put absolutely everybody at risk and it's a mismatch in Risk Management in threat analysis. So when This is come up with the states.

This is come up in Canada. This come up and another number of area specially Australia which actually passed legislation that permits this which is that companies are saying or companies are saying we're building strong secret products law enforcement is saying we're going dark because they're encrypted we can't see them but that's only one side of the story The encryption actually protects us as users through millions and millions of transactions and interactions everyday law enforcement has a very small portion here.

Now. I'm covered this debate number of times. I'll put the link up here. I'm for or appear course of previous videos on this time and some Link in the description as well. I didn't want to dive into that. But what I did want to tackle was this is sort of 1.2 said like a smart phones are producing Sunday to some of that data is encrypted and people are blind to see now that's in stark contrast to another article on that.

I read from Joseph Cox at motherboard who had a follow-up for for my pee. She did last year. I'm on data Brokers and selling locations from your smartphone. Now. I'm at the time the US carriers at War we're going to stop this practice, you know, it's being abused. They haven't stopped is practice.

What is that practice you're asking basically what they do is not only to law enforcement but to a number of Partners, they sell real-time location data now in the case of Joseph's investigative article, it's a really great headline. He basically said I gave $300 to a bounty hunter and to help them track down this phone and what that was was he had literally paid somebody to bail industry who use their company's position and to go to a third-party data broker.

So T-Mobile had the original phone it went to one data broker went to another date of broker for location information and not Thursday to broker was selling into the bail bonds industry at this point, but it was a highlight of the fact that there is a whole secondary and third tertiary.

It for a real-time location data and a whole bunch of other data about your cell phone. So get second thing that kind of popped up. And then the last thing was an article on from The Verge that highlighted that the latest Samsung have Facebook installed as bloatware that you can't remove turn that you can actually remove it and takes a command line through a debugger.

You don't have to root the phone but the average users never going to figure that out for developer. It's easy to do but for the average user a problem since purposes, you can't remove Facebook from your phone. You can double the disabled it be can't delete it. Now. There's another there's a number of other apps that fall under the same category.

But again, it was that last sort of like, hey, there's companies are saying they're going to break encryption or these one company Blackberry said they don't actively break encryption. Apple said flat-out know Google's never come out publicly one way or the other on Android and then we see from Joseph Cox that there's this active market for real-time tracking data and we know there's a whole bunch of other markets and four.

Brokerage and profiling and then Facebook which is the worst culprit of all of them is is not removable for all intensive purposes on the latest set of Samsung's these three together really highlight the fact that our smartphones while wonderful are generating a ridiculous amount of valuable information about us.

We need to take control of that. We need some sort of awareness and it's not necessarily A Bad Thing personally. I think it is but that I would leave up to each and every individual what I really have a problem with his that people are making these agreements without understanding them and I'm so it's a it's an expected.

It's an assumed the tree off as opposed to an explicit one. I've been in security long enough to know that everybody has their own initial feelings. They have their own position. They have their own use case. It's not for me to decide. What's right or wrong. But what I do feel is fundamentally wrong is making those assumptions for other people.

I like to see that explosive trade off when you are booting up your phone. It says hey, by the way, if you give this location information, here's what you get. What you give up. In an open and honest way now, there's another example that popped up on this week on Homefront in Canada around Bell Media, which is one of our big isps there doing a new opt-in targeted advertising profile anything in the way they worded it is totally disingenuous.

I'll put out a post I think on that I'm probably this week or next week because again, it's an example of how to not to actually ask for consent. I'm an informant educate your user. So sinh thoughts around that today, I think that'll bubble up to something else that might be actually the first episode of that new podcast.

I mentioned in the first Vlog of this year. And so that's a gray wolf large audience or pay. Did you know, your phone is doing this did you know there's a market for it? I might make a great story there. What do you think? Are you aware of all this data brokerage the secondary and tertiary markets for real-time location.

Let me know hit me up online at Mark NCAAF for those we have logged in the comments down below is always at 4 podcast listeners. Everybody else by email me at Mark and. CA. Hope you are set up for fantastic day. Look forward to having this discussion with you about these issues and this is going to keep going for the foreseeable future, but it's a great thing to be discussing out in the open.

Have a good one. I will talk to you online and I'll see you at the next. Morning, everybody. How you doing today? I wanted to tackle the topic of smartphones and personal profile information that we talked about that a lot last year on the show, but it come up again.

I'm with free articles in the last week the kind of went. Hey, there's something else going on here or at least it's time to revisit and to bring people back up to speed again. So those three articles pretty straightforward. The first one was John Chen the CEO of BlackBerry talking about how he would instruct his engineering team to break the encryption on their products.

If so, I ask by law enforcement down on its surface. It's not that bad of a thing for a CEO to say hey if we get a legal request we are going to follow through on that. In fact, that's what we want every CEO around the planet to say because we want companies to follow the law, but the problem here is that by breaking a system.

You're actually going to put absolutely everybody at risk and it's a mismatch in Risk Management in threat analysis. So when This is come up with the states. This is come up in Canada. This come up and another number of area specially Australia which actually passed legislation that permits this which is that companies are saying or companies are saying we're building strong secret products law enforcement is saying we're going dark because they're encrypted we can't see them but that's only one side of the story The encryption actually protects us as users through millions and millions of transactions and interactions everyday law enforcement has a very small portion here.

Now. I'm covered this debate number of times. I'll put the link up here. I'm for or appear course of previous videos on this time and some Link in the description as well. I didn't want to dive into that. But what I did want to tackle was this is sort of 1.2 said like a smart phones are producing Sunday to some of that data is encrypted and people are blind to see now that's in stark contrast to another article on that.

I read from Joseph Cox at motherboard who had a follow-up for for my pee. She did last year. I'm on data Brokers and selling locations from your smartphone. Now. I'm at the time the US carriers at War we're going to stop this practice, you know, it's being abused. They haven't stopped is practice.

What is that practice you're asking basically what they do is not only to law enforcement but to a number of Partners, they sell real-time location data now in the case of Joseph's investigative article, it's a really great headline. He basically said I gave $300 to a bounty hunter and to help them track down this phone and what that was was he had literally paid somebody to bail industry who use their company's position and to go to a third-party data broker.

So T-Mobile had the original phone it went to one data broker went to another date of broker for location information and not Thursday to broker was selling into the bail bonds industry at this point, but it was a highlight of the fact that there is a whole secondary and third tertiary.

It for a real-time location data and a whole bunch of other data about your cell phone. So get second thing that kind of popped up. And then the last thing was an article on from The Verge that highlighted that the latest Samsung have Facebook installed as bloatware that you can't remove turn that you can actually remove it and takes a command line through a debugger.

You don't have to root the phone but the average users never going to figure that out for developer. It's easy to do but for the average user a problem since purposes, you can't remove Facebook from your phone. You can double the disabled it be can't delete it. Now. There's another there's a number of other apps that fall under the same category.

But again, it was that last sort of like, hey, there's companies are saying they're going to break encryption or these one company Blackberry said they don't actively break encryption. Apple said flat-out know Google's never come out publicly one way or the other on Android and then we see from Joseph Cox that there's this active market for real-time tracking data and we know there's a whole bunch of other markets and four.

Brokerage and profiling and then Facebook which is the worst culprit of all of them is is not removable for all intensive purposes on the latest set of Samsung's these three together really highlight the fact that our smartphones while wonderful are generating a ridiculous amount of valuable information about us.

We need to take control of that. We need some sort of awareness and it's not necessarily A Bad Thing personally. I think it is but that I would leave up to each and every individual what I really have a problem with his that people are making these agreements without understanding them and I'm so it's a it's an expected.

It's an assumed the tree off as opposed to an explicit one. I've been in security long enough to know that everybody has their own initial feelings. They have their own position. They have their own use case. It's not for me to decide. What's right or wrong. But what I do feel is fundamentally wrong is making those assumptions for other people.

I like to see that explosive trade off when you are booting up your phone. It says hey, by the way, if you give this location information, here's what you get. What you give up. In an open and honest way now, there's another example that popped up on this week on Homefront in Canada around Bell Media, which is one of our big isps there doing a new opt-in targeted advertising profile anything in the way they worded it is totally disingenuous.

I'll put out a post I think on that I'm probably this week or next week because again, it's an example of how to not to actually ask for consent. I'm an informant educate your user. So sinh thoughts around that today, I think that'll bubble up to something else that might be actually the first episode of that new podcast.

I mentioned in the first Vlog of this year. And so that's a gray wolf large audience or pay. Did you know, your phone is doing this did you know there's a market for it? I might make a great story there. What do you think? Are you aware of all this data brokerage the secondary and tertiary markets for real-time location.

Let me know hit me up online at Mark NCAAF for those we have logged in the comments down below is always at 4 podcast listeners. Everybody else by email me at Mark and. CA. Hope you are set up for fantastic day. Look forward to having this discussion with you about these issues and this is going to keep going for the foreseeable future, but it's a great thing to be discussing out in the open.

Have a good one. I will talk to you online and I'll see you at the next.