[Dave Birch] There was a discussion at this year’s Digital Money Forum with David Nordell from the Terror Finance blog. He called mobile payments a terrorist’s dream, but I disagreed. People always see the worst in new technologies, projecting existing crimes on to it. But the ability of new technology to fight crime is surely just as great. Mobile phones are no different from any other technology in that respect. One the one hand mobile phones can be used to commit new crimes, but on the other hand they can be used to prevent, detect and solve crimes.

Recently, two death row inmates were arrested in Nakuru GK Prison after being tracked through the assistance of mobile services firm Safaricom. More than 10 mobile phones and a number of SIM cards that were used to transact more than Sh300,000 were confiscated. The inmates colluded with people outside the prison to provided them with phone numbers of wealthy people who they called and threatened with death if they did not follow orders. Police launched investigations into how the convicts had separately received Sh350,000 and Sh40,000 in their welfare accounts when the racket that was unearthed in February.

[From Daily Nation: – News |Police probing mobile money transfer racket]

Nice mobile payment application — call people up, get them to send money back via the mobile payment system — but only if you’re a really stupid criminal, since the phone company knows where you are and will tell the police. And the police will be able to track you, and they will know the details of anyone else you call. And it doesn’t matter if it’s a prepaid phone not registered to you, because knowing where you are and who you are calling is pretty useful information.

The tracking is especially useful and in the future we will come to accept that we know where stuff is, all the time. As an aside, this doesn’t mean the end of privacy, but I think it does mean new notions of privacy.

Within seconds, a Tampa map appeared with a blinking orange dot moving away from the park. “We’re thinking to ourselves, there are our cell phones going down the road,” Jennifer Jensen said. The dot left the park, headed down McKinley Drive, headed south of Fowler Avenue and stopped less than 4 miles away from where it started… Caroline switched to satellite mode, and they were suddenly looking at the outside of the Bentley Court Apartments, 11603 N 22nd St.

[From There’s an app for that, too — Tampa cops find stolen iPhones with GPS – St. Petersburg Times]

At one level, this is just a fun “there’s an app for that story”. But think about it more as a window into the “internet of things” future. When everything is connected to everything else across an infrastructure then the idea of stealing something will become outdated (although, to be fair, some idiots still rob banks with shotguns). What’s the point of getting into my car if you can’t drive it without my RFID keyfob, what’s the point of stealing my TV if it will only decode encrypted signals if it is in range of my router and what’s the point of running off with my mobile phone if it won’t allow you to make calls unless you can mimic my voice? And what’s the point of stealing any of them at all if I can log in to any computer anywhere in the world and see where they all are?

On balance, I expect mobile phones to help more than they hinder, and that is because they have unique properties in the identity space. The mobile phone as the basic identity token makes much more sense than an identity card. For one thing, an identity card can’t verify another identity card, but a phone can. So when someone turns up at your door claiming to be from the electricity company, your phone can easily check their phone’s credentials. For another, a mobile phone can hold several identities. This means that you can set it to default to an identity that discloses relevant credentials (eg, I am over 18) but nothing else, and then select other identities (eg, a Citibank customer) when you need it.

What does this mean? Well, it means that when the incoming UK administration abolishes the ID card in a couple of days time, it will be under pressure to come up with another idea (since all of the identity problems will remain). So how about this one: separate the identity carrier from the identity application and give people the choice of carrier (their mobile phone, their bank card, their 3G dongle, anything that has a tamper-resistant chip that meets a certain minimum standard) and the choice of identity application provider (it’s the same identity standard, wherever you get it from) and, perhaps controversially, the choice of identities. If you want a government identity, get one. If you want a bank one, get one. If you don’t want them and are content to screw around with passwords, your mother’s maiden name the secret phrase you made up a decade ago in order to get a limited service, fine.

My guess is that the overwhelming majority of people would chose to load their identity into their mobile phone and the identity that they would use would be the one given to them by either their mobile operator or their bank. Problem solved. Ah, you might say, then that would surely lead to more crime as people steal other people’s mobile phones in order to impersonate them, get their money, use their concert tickets or whatever. Well, it would seem to me to be rather trivial to implement stronger authentication on handsets (stronger than a PIN) and a standardised online shutdown system, rather like the one that Apple provides for the iPhone, so that if your phone is stolen you can simply call a freephone number, punch in some kind of passcode and have the phone wiped and rendered useless.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

1 comment

  1. Hi Dave, It’s all very well saying that:
    ‘One the one hand mobile phones can be used to commit new crimes, but on the other hand they can be used to prevent, detect and solve crimes’.
    And it would be true if we could ensure and were confident that that the phone sellers had thought about and incorporated ‘good and appropriate’ security. However I know from personal experience that marketing and selling always get in the way and take priority over everything and that nothing will stop the launch date that was promised by the marketing guys. Usually the marketing guys did not tell the developers! So I would not choose to put my identity on my phone unless they could prove to me that they had thought about security. But I do like the idea of phoning Apple and wiping out lots of people’s phones – has anyone cracked trhe passcode yet?

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: