Business Users of Smartphones May Be Breaking the Law

Smartphones show the ride-hailing apps Uber Technology Ltd., left, and Didi Chuxing at a residential compound in Beijing, on Aug. 1, 2016. (AP Photo/Andy Wong)
Smartphones show the ride-hailing apps Uber Technology Ltd., left, and Didi Chuxing at a residential compound in Beijing, on Aug. 1, 2016. (AP Photo/Andy Wong)

BY REX M. LEE

Commentary

This article is part of a series on corporate surveillance, highlighting civil liberty, privacy, cybersecurity, safety, and tech-product user exploitation threats associated with connected products that are supported by the Android (Google) OS, Apple iOS, and Microsoft Windows OS, smartphones and their harmful effects. 

Due to the proliferation of smartphones and bring-your-own device programs, many businesses, major corporations, government entities (including the military), law enforcement agencies, health care providers, legal professionals, and journalists have adopted smartphones to use professionally.

However, are smartphones secure enough to use within a confidential and protected environment such as the defense industry, enterprise business, government, health care, critical infrastructure, and the legal profession?

The answer to this question is no. That’s according to an admission made by T-Mobile, per a Federal Communications Commission (FCC) formal consumer complaint that I filed against T-Mobile in July 2015.

T-Mobile has admitted that smartphones that are supported by the Android and Apple operating systems (OS) aren’t private or secure forms of telecommunications and computing, because of preinstalled surveillance and data-mining technology developed by Google and Apple.

Don’t take my word for it. T-Mobile explains it better than I can:

“We, too, remember a time before smartphones when it was reasonable to conclude that when you activated service with T-Mobile that only T-Mobile would have access to our personal information. However, with the Samsung Galaxy Note, the iPhone, and many other devices, there are indeed a variety of parties that may collect and use information.” —T-Mobile Privacy Team (FCC Consumer Complaint #423849 filed by Rex M. Lee/public record)

In March, I contacted Verizon and asked if Verizon could sell me a private and secure smartphone, tablet PC, or even a flip phone. After three months of vetting Verizon’s solutions, I concluded that Verizon couldn’t sell me a private or secure smartphone, tablet PC, or flip phone.

Shockingly, Verizon agreed with my conclusion, which also validates the T-Mobile admission. However, Verizon admits that Android, Apple, and even Microsoft OS-driven smartphones, tablet PCs, and flip phones aren’t private or secure because of preinstalled surveillance and data-mining technology that not even Verizon can control, disable, or uninstall.

Verizon admission: “We have reviewed your request at the highest levels of our organization and have confirmed that the only solutions to make a phone private and secure are available through third parties, not directly from Verizon. … Additionally, Verizon is not equipped to address preinstalled solutions or applications on any device.”—July 2 email to Rex M. Lee

Additionally, Android, Apple, and Microsoft OS-supported smartphones, tablet PCs, connected products, and PCs are also supported by intrusive and exploitative factory-installed content developed by companies such as Amazon, Facebook, and Baidu (a nation-state Chinese company/Android content developer).

My research and analysis indicate that such products aren’t private, secure, or safe enough to use within a confidential and protected environmentbecause all products concerned are enabled to support indiscriminate surveillance and data-mining business practices rooted in surveillance capitalism.

It’s safe to conclude that smartphones, tablet PCs, flip phones, connected products, and PCs plus voice automated assistants are intentionally designed for consumerism. This means that the factory-installed content that supports all products concerned is intentionally designed to enable the OS and content developers with the ability to monitor, track, and data-mine the product user for financial gain, even at the expense of the product user’s privacy, cybersecurity, and safety.

The products aren’t safe to use because the collective terms of use that support the products don’t indemnify (protect) the product user from harm, even if the user’s personal and professional information is used in a negligent manner, such as the Facebook/Cambridge Analytica scandal.

This means that connected products such as smartphones and tablet PCs aren’t private, secure, or safe enough to use within a confidential and protected environment that is governed by confidentiality agreements (employment), nondisclosure agreements (NDAs), industry and federal cyber-security standards, federal information processing standards (FIPS), and confidentiality laws.

All of this means that when a person uses a smartphone or tablet PC that is supported by surveillance and data-mining enabled technology for official business, the product will leak confidential and protected personal and professional surveillance data (e.g., location data) and sensitive user data (digital DNA) to numerous unauthorized third parties such as content developers.

Unauthorized third parties include Google, Apple, Microsoft, Samsung, Amazon, Facebook, Baidu, and other telecom and tech providers responsible for the development of the OS, plus the intrusive and exploitative preinstalled content that supports the products.

At this point, many people that I’ve discussed these matters with bring up mobile device management (MDM) and security solutions as a means to privatize and secure connected products such as smartphones and tablet PCs.

Let’s take a look at MDM and security solutions to see if said solutions can privatize and secure a smartphone or tablet PC.

MDM and Security Solutions

My research indicates that it’s impossible to privatize and secure a smartphone, tablet PC, or connected product supported by the Android OS, Apple iOS, or Microsoft Windows OS, due to preinstalled surveillance and data-mining technology developed by all parties concerned.

My research also indicates that factory-installed and third-party MDM and security solutions won’t prevent Google, Apple, and Microsoft from collecting personal and professional digital DNA from a user’s smartphone, tablet PC, or connected products in general, including PCs that support said solutions.

For example, the application permission statements that support the preinstalled Android Samsung Knox security app enable Samsung plus all affiliated content developers, such as Google, to indiscriminately collect surveillance data and sensitive user data from the Samsung Knox app user.

See the Android Knox app permission analysis below for a Samsung Galaxy Note smartphone supported by the Android OS:

(Rex M. Lee)

The so-called Android Knox security app is granted more than 60 highly intrusive permissions, which indicates that Samsung, plus all relevant affiliated content developers, is enabled to collect nearly 100 percent of the Knox app user’s personal and professional digital DNA from the Galaxy Note smartphone.

My research indicates that the Android Knox security app can be classified as a predatory surveillance and data-mining app.

Furthermore, the Android Knox app that I analyzed is supported by a Facebook interactive application permission command string, implying that Google and/or Samsung are enabling Facebook to collect the user’s personal and professional digital DNA via the Knox security app, further validating that the app is predatory in nature.

Per the formal customer complaints that I’ve filed with AT&T, T-Mobile, and Samsung, I’ve sent my Galaxy Note smartphone terms of use and factory-installed content reports to AT&T, T-Mobile, and Samsung on several occasions to confirm all of my findings.

AT&T, T-Mobile, and Samsung have yet to address the complaints, information, concerns, questions, and smartphone reports that I’ve submitted to them dating back to 2015, which is surprising because I paid for all products concerned. That means that I’m a paying customer just like you.

Now that we can safely conclude that smartphones and tablet PCs supported by surveillance and data-mining enabled technology aren’t private, secure, or safe enough to use within a confidential and protected environment, let’s review confidentiality laws plus telecom laws associated with protected (due process/Fourth Amendment) telecom infrastructure governed by the FCC.

The analysis of existing laws will help validate if, in fact, smartphone and tablet PC users plus OS developers and content developers may actually be breaking existing laws plus violating legal agreements and cybersecurity standards associated with confidential and protected telecommunications, information, and data.

Confidential and Protected Telecommunications and Infrastructure

In my professional career, I’ve yet to review a confidentiality agreement, NDA, industry or federal cybersecurity standard, FIPS, or confidentiality law that makes an exception for telecom and tech providers such as AT&T, Verizon, T-Mobile, Sprint, Google, Apple, Microsoft, Samsung, Amazon, Facebook, or Baidu.

It’s illegal for any individual to leak confidential and protected telecommunications, information, or data to any unauthorized third party, which would include all telecom and tech providers concerned.

Additionally, it is also illegal for any unauthorized third party (such as telecom and tech providers) to collect, use, share, sell, purchase, and aggregate any confidential and protected telecommunications, information, and data collected from a telecommunication subscriber (individual/business/government entity) or authorized device user (employee) without proper authorization.

Smartphones and tablet PCs are no less significant than a home or office phone or PC that is supported by protected (due process/FourthAmendment) telecom infrastructure governed by the FCC within the United States.

This means that smartphone and tablet PC users are also protected by the same telecommunication and consumer laws that protect home and office phone and PC users from unwarranted and unauthorized surveillance and data-mining conducted by state actors, individuals, or companies.

For example, if Google, Apple, or Microsoft were state actors, they would need to obtain a warrant from a domestic judge or a U.S. Foreign Intelligence Surveillance Court (FISC/FISA) to conduct lawful surveillance and data-mining on U.S. telecommunication subscribers and authorized device users.

Note that Baidu is, in fact, a nation-state actor (of China) concerning U.S. telecom subscribers and authorized device users.

The Federal Trade Commission, FCC, Department of Justice, Department of Homeland Security, state attorneys general, and relevant agencies need to investigate if existing civil liberty, telecommunication, and consumer laws are being violated by Google and Baidu with regard to intrusive Android and Baidu content, such as the Baidu web browser and Android Baidu apps that support smartphones (discussed further below).

Additionally, individuals or private companies must seek the authorization from the telecom subscriber or authorized device user in order to conduct surveillance and data-mining on the telecom product user by way of the user’s smartphone or tablet PC.

By way of application legalese, such as app permissions, an individual can’t lawfully grant an unauthorized third party (e.g., Google, Apple, Microsoft) the ability to collect confidential and protected telecommunications, information, or data from a smartphone or tablet PC that is supported by protected telecom infrastructure governed by the FCC.

In fact, the smartphone or tablet PC user, plus the unauthorized third party (e.g., Google, Apple, Microsoft), could both be held liable for breaking the law or for violating any relevant legal agreements and cyber-security standards.

For example, it would be illegal for a smartphone or tablet PC user to divulge confidential and protected information associated with the smartphone or tablet PC to any unauthorized third party, whether that third party is a telecom provider, OS developer, original equipment manufacturer, content developer, or a spy.

Use of Consumer-Grade Smartphones Is Illegal in Confidential Environments

According to the T-Mobile and Verizon admissions, coupled with my research, numerous third parties that include Google, Apple, Microsoft, Samsung, Amazon, Facebook, and Baidu are, in fact, enabled to collect a smartphone and tablet PC user’s personal and professional digital DNA, which could also include confidential and protected telecommunications information and data due to the indiscriminate surveillance and data-mining business practices employed.

Based on this information, one could conclude that it is illegal to use a smartphone, tablet PC, voice-automated assistant, connected product, or PC that is enabled to support surveillance and data-mining business practices within a confidential and protected environment, such as the defense industry, health care, legal profession, critical infrastructure, or government, including the military.

This means that health care providers, members of the military and law enforcement, judges, attorneys, elected officials, and even lawmakers may be inadvertently breaking the law when they use a smartphone or tablet PC for official use.

Additionally, people who use smartphones supported by surveillance and data-mining enabled technology within the defense industry, critical infrastructure, enterprise business, and government may be inadvertently in violation and/or in breach of confidentiality agreements (employment), NDAs, industry and federal cyber-security standards, and FIPS.

Due to predatory surveillance and data-mining business practices, companies such as Google, Apple, and Microsoft may have ended privacy and cybersecurity as we know it.

Organizations need to consider the investment they are making with regard to privacy and cybersecurity associated with their telecom and network infrastructure, because smartphones and tablet PCs supported by surveillance and data-mining enabled technology aren’t private, secure, or safe.

After all, what good is a secure network if smartphones, tablet PCs, voice-automated assistants, connected products, and PCs are unsecure due to factory-installed surveillance and data-mining technology developed by telecom and tech providers?

Who knows? You may be surprised to find out that you are leaking your personal and professional information to nation-state companies from China such as Baidu.

If you don’t believe me, review the installed apps that support your smartphone. You may find the following Android Baidu app permission in your smartphone: Email app, Android permission: BAIDU_LOCATION_SERVICE.

I was surprised and horrified when I found this Android Baidu interactive application permission command string in a Samsung Galaxy Note smartphone that I purchased from a T-Mobile corporate store in Selma, Texas.

In Part 2 of this article, I will address the fact that the Android OS supports intrusive content developed by nation-state companies such as Baidu.

I will also address a conflict of interest between telecom providers and data-driven OS and content developers that compete in multiple industries worldwide, such as Google.

Rex M. Lee is a privacy and data security consultant and an analyst and researcher for Blackops Partners. His website is MySmartPrivacy.com

Views expressed in this article are the opinions of the author and do not necessarily reflect the views of The Epoch Times.

Be the first to comment

Leave a Reply