[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Monday, 23 July 2007, 10:45 GMT 11:45 UK
Apple iPhone issue highlights security debate
What counts as private has to change if we're to get the most out of the network, argues Bill Thompson.

Hackers have been busy since the launch of the iPhone

The long-term viability of the iPhone is unlikely to be seriously damaged by reports of a serious security vulnerability that allows hackers to take over the device.

Most early iPhone adopters have bought into the Apple mythology which convinces them that anything blessed by Steve Jobs is automatically desirable, so we won't see a mass return of the shiny devices with their slick interface.

And we've all learned to live with bugs, crashes, malicious software and the many other hassles that come with modern computers. An insecure phone is just another thing to add to the list of things that can go wrong, and Apple will soon release a patch to fix the problem, because the iPhone, gets regular updates to its operating software just like Mac OS X, Windows and Linux.

'Unrestricted access'

The iPhone problem, which was discovered by the researchers at Independent Security Evaluators, involves persuading a user to visit a malicious web page using the built-in Safari browser.

The page contains a program that runs on the phone and has unrestricted access to its functions, so it can send texts, call up applications or simply steal copies of contacts, calls made or texts received.

Because the attack can be launched from a public wireless access point under the control of a data thief iPhone users may be forced to use the slower and more expensive cellular network connection instead of wi-fi until the problem is fixed, which will not please them.

But the realisation that today's smartphones really are computers, subject to the vulnerabilities and problems that beset all computers, is probably a healthy thing for anyone considering upgrading from an old-fashioned voice and text mobile.

Bill Thompson
I doubt that anyone would successfully be able to sue Apple, even in the US courts, if the text messages leaked from their iPhone caused them financial damage
Bill Thompson

Phone vulnerabilities are relatively novel, so they get attention and coverage, raising our awareness of the problems that come when complex software and open networks get together.

Yet overall we seem remarkably relaxed about the security and stability of our gadgets, and unwilling to take seriously the potential problems created by our increasing reliance on online services.

As a result we are not thinking carefully enough about the effect that new technologies are having on the assumptions we make in daily life, or about the implications for areas that may be indirectly affected by these new technologies, like banking, politics or the law.

For example, I doubt that anyone would successfully be able to sue Apple, even in the US courts, if the text messages leaked from their iPhone caused them financial damage or lead to the break-up of their marriage or loss of employment, because the contract you agree to when you buy the phone excludes them from liability.

'Exposing ourselves'

The complexity of the interaction between online and offline worlds has been highlighted recently by a spate of warnings about how we are exposing ourselves on social network sites.

Unruly Oxford students have been tracked down by the university authorities, a beauty queen in the USA has been blackmailed over supposedly private photos, and employees have been told that their employers may own any profiles or contacts lists they create using work computers.

Now Facebook users have been warned of the danger of identify theft that comes from posting personal information on the site.

The problem is apparently that we are all giving away too much information that should remain secret, like our date of birth, address and even details of which schools we have attended or where we have worked.

This information should apparently be carefully protected because criminals can use it to fill in applications for credit cards or loans, stealing our identities and causing all sorts of problems. This seems to be entirely the wrong way around.

I have never kept my birthday secret from my friends, partly because I like to get cards and presents, and I do not see why I should have to keep it secret from my online friends. If that means that other people can find out about it then the systems that assume my date of birth is somehow 'secret' need to adapt, not me.

Some things really are private and should be kept confidential. Having a phone that will hand over all my text messages to any hacker who can be bothered to ask for them is a problem, and so is a laptop that will let a malicious site install a key logger that can squirrel away login details for my bank accounts or work networks.

Financial services

But when it comes to loans, credit cards and other financial services it really is up to the banks to adapt to the networked world, not us.

I do not want to make 6 October, 1960 a secret date. Nor do I want to have to remember who knows that my mum's maiden name was Clubbs or that I went to Southwood Comprehensive School.

In the networked world people can find out these things about me, and so anyone who wants to verify my identity should realise that they can no longer rely on them in any way. If they continue to do so then they should be responsible for the consequences, not me.

And if identity theft is becoming easier because of our widespread use of the internet then the ways in which identity is established have to shift to reflect that.

We cannot rely on assumptions that served the Victorians and limit our use of these new tools just because profit-starved credit card issuers are unwilling to improve their inadequate procedures.

The problem here is not Facebook, it is the antiquated thinking of lazy companies.

Bill Thompson is an independent journalist and regular commentator on the BBC World Service programme Digital Planet.

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific