Mobile Privacy

An interview with OracleMobile's CTO

As the CTO and vice president of product development for OracleMobile, Jacob Christfort is responsible for development, quality assurance, and product management. He has been with Oracle since 1997 where he has also served as the director of solutions development within the mobile and embedded products division.

IE: What is your position on the issue of wireless privacy, particularly in respect to the location-tracking capability?

Christfort: I think there are two very different aspects of privacy and technology in general. One is the technical properties of the technology itself, whether it is inherently secure and the other aspect is the way that the application is built on top of the technology enables end users to manage privacy, right? Because it really is two very different things.

Every modern technology is potentially very bad for privacy. Let me give you an example - credit cards are a huge privacy concern. My credit card company knows everything I purchase, where I shop, what I purchase, and which part of the world I shop. It's a huge privacy concern if you just look at technology in a vacuum. But the way banks implement credit cards and bank statements is very private. So it's exactly the same with mobile technology: The technology inherently can compromise privacy. Absolutely.

But the way I believe carriers are going to implement [E911] is going to honor that [privacy] because if you don't honor that, if you don't give people the ability to opt out, then people will not use that carrier. If Sprint compromised my privacy by selling my location record, well, I'd stop using Sprint. Sprint would go out of business. So there is a subtle business balance in these things that people forget.

IE: How much control should users have in the wireless world?

Christfort: That's interesting. I think that I should, of course, have the control to say I don't want my location to be recorded at all vs. I want it to be used intensively to give me ads and all kinds of things because I want a cheaper service. For instance, I can pay $40 a month and I can block that from being used for anything or I can pay $10 a month and it'll be used for advertising. So teenagers will want to use it because it's a way of gaining cheaper service. Or I can go in between and say, for select services, I'm willing to release my location for the benefit of getting that service.

The point is, carriers are going to have to look to consumers to find the optimal type of privacy because that's how they optimize their business. But what people forget is that just as banks are not stupid enough to sell my history, carriers will not be so stupid that they will sell my position record. Everyone can figure out that that's not a smart thing to do because consumers don't like it. And consumers rule to that extent. So that's why the concern is a little bit of a funny concern.

I think that every technology from the last 100 years has huge potential privacy issues. It's just that successful providers of those services tend to not misuse it.

Think about ordinary telephony. Every CEO in the US uses a wire telephone - completely unencrypted. And people are concerned about WAP (wireless access protocol)! People are concerned about the WAP gateway security hole? To my knowledge, the WAP gateway has never ever been misused. The idea is, if you buy something on a WAP phone, my transaction with Amazon, for instance, could be tapped into by someone having access to the carrier's WAP gateway. Now that has never happened because it's technically very complex to do and you actually have to be in their physical data center.

You should be concerned about your CEO making conversation with other CEOs over completely unencrypted phone lines. It's absurd! The phone has tremendous potential to be misused and be nonprivate because you can basically go in even without decrypting anything, tap into the wires that run in the ground and compromise that communication channel.

IE: Do you think that mobile users will trust the industry to self-regulate or will the FCC and Congress need to get more involved?

Christfort: I think that it will depend on whether particular carriers misuse it. If there are instances of misuse, you will have regulation. You may have regulation anyway just because of user perception. But I think that, in general, the industry will self-regulate because it is in their economic interest. In fact, too much regulation up front could thwart the business value of this technology because there are many users who would want to get the services by compromising their privacy.

By giving up where I am, I can get a particular value-added service. If you have very heavy regulation, maybe it simply becomes prohibitive for the carrier to offer me a service. It's possible that they could say, I would love to give you that service but because of regulation, I can't. My hope is that there will not be too much up front regulation -- that the industry will get a chance to self-regulate because that will definitely be the biggest benefit for it.