Data protection offers network operators an opportunity for differentiation

Considering the many different ways third parties can access ­private customer data, the question arises as to what ­customers can do to protect effectively their data and how a network ­operator can support them in their efforts.

Willful misuse of user data by network operators can be ­excluded because there is effective monitoring of the ­compliance with ­applicable laws such as the Telecommunications Act (TKG) in Germany. This legislation regulates in detail what data may be used for what purposes. Data protection officers in the ­companies are answerable to supervisory authorities.

The problem lies in the uncontrolled capture and use of data by companies or private individuals who are not subject to the ­pertinent laws or control mechanisms. As has been described in the above sections, the number of these data users and ­exploiters has grown tremendously as a consequence of the extensive spread of applications on mobile end devices and the use of the global Internet.

Network operators have an opportunity to set themselves apart from the competition by responding specifically to the worries of their customers about privacy. After all, the great majority of people are not prepared to reveal their data voluntarily and certainly do not want them to be distributed in shady ways on the Web.

Network operators have three fundamental opportunities to support their customers: technical measures, legal precautions, and raising users’ awareness of the hazards.

Technical measures aim at restricting the unwanted disclosure of data or at providing users with control over the ­transmitted data. Network operators who also have control over the cell phone or applications can protect various device data such as the model name, serial number, unique network address, IMEI,⁴ or ­ICCID⁵ from unauthorized access. If the cell phone is connected via WLAN, the data should be secured as standard ­procedure by a VPN tunnel, and a firewall could possibly restrict the number of usable communication channels. The utilization of the ­position data of a cell phone by an application should be transparent to the phone’s user; for example, every access must be approved and the list of accesses can be evaluated later.

A list of the currently existing connections can be maintained to track down unauthorized data connections. It could also show the external server, the service used (protocol), duration, data volume, and the local application. Other technical data could be included as long as they are not related to private content. A regular check of these data would reveal anomalies, and the user could be notified. The monitoring of credit cards can serve as an analogy: a bank creates a usage profile of the credit card and notifies the customer whenever there are deviations from this profile. A major problem is presented especially by the cell phone applications written by third parties. They are usually vulnerable to bugs and can consequently be attacked easily, or they themselves contain mechanisms which can be used to spy on customers. A network operator is under obligation here to perform strict software tests before releasing an application so that optimal ­customer protection is assured.