Don’t Trust The Data Protection Commission

A printed circuit board inside a mobile phone
Can't find any messages here

It’s extremely worrying when the national Data Protection Commission doesn’t seem to understand the basics of phone security. Moving swiftly to unbolt a horse, they have found a way to protect us against the News Of The World: Asking phone networks to turn off remote access to voice messages.

But remote access itself was never the problem, it was access using a default PIN such as 1234. The existence of this useless PIN gave an impression of security, while providing absolutely none – surely the worst possible combination.

And the misunderstanding goes even deeper than that. To quote from the above article:

Deputy Commissioner Gary Davis confirmed his office had been in touch with the providers since the details emerged last week.

“Who does it serve to be able to access the messages left on your mobile phone?” he asked.

The messages are not on your phone. They are held by the network. So this service is useful when your phone is lost, stolen, left behind or simply turned off. You can use another phone to access the messages left by people trying to call you. It’s the kind of service that will not come in useful very often, but once in a while could be a complete life-saver.

The obvious solution, and the one the Data Protection Commission possibly should consider, is to not allow remote access unless a real PIN has been set, so that strangers can’t access it but you can. That would be all you needed to do to allow us to enjoy the service while protecting everyone against the predations of tabloid journalists.

But that’s the thing. Do we all need protection against the predations of tabloid journalists? I don’t really think we want to start living our lives as if we do. I haven’t set a PIN on my voicemail. You can access my voice messages any time you like. You will find that they are so boring that, frankly, I never listen to them myself. (Really, it’s much better to call me back.)

Don’t turn remote access off by default. I am never going to think to turn it on just in case. So when the day comes that I do need it urgently, I’ll have to call up the phone company to request the service using someone else’s number, and they’ll have to establish my identity over the phone, which will mean they’ll have to ask me for another PIN, which I also haven’t set up…

And all this to prevent papers doing something that’s illegal anyway? Fine them, jail them. Don’t protect me with bars.

Advertisements

2 thoughts on “Don’t Trust The Data Protection Commission

  1. There are voicemail systems that only require a PIN to be input on a remote access, which sounds good but with caller ID spoofing you can get around it. Hell, caller ID spoofing will get you around denying remote access to your voicemail like they’re proposing.

    You’ll never stop hackers by changing the security, but you will stop them when you punish every one you catch with punishments that are very harsh for a simple crime. They need to spend their time figuring out how to make tracing a voicemail hack easier not trying to make the hacking harder.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s