Wednesday, February 01, 2006

Mobile Ecosystem: We Need A Comprehensive Approach to Consumer Security

Mark Lowenstein at Mobile Ecosystem has a lengthy call to action for the mobile industry to develop a comprehensive approach for mobile security for consumers. He states:

One or two high profile occurrences could affect industry economics, retard new product development, and get the regulators breathing down our necks more than they already are. What if a virus caused the mobile equivalent of the “blue screen of death” – would carriers re-up the $150 subsidy to the tune of millions of phones? Or what if mobile spam becomes even a fraction of the problem it is on the Internet? Can’t you imagine some Congressman making this a high profile issue during an election year? And what is the cost to the operator of taking the customer service call from a customer who is disgruntled over content that is downloaded off-portal?
Lowenstein believes some of the key catalysts are:
  • Erosion of the walled garden. Off-portal content could reach 50% of all transactions by the end of this year. The increase in direct to consumer relationships means that consumers will have access to a broader array of content – which also raises the possibility for abuse.
  • New forms of content. Music, video, and television on your phone are great. But it also means that all of the inappropriate content that can be viewed on your TV or PC is now coming to the “third screen”. Some MVNOs have specific plans to offer “edgier” content that might not be appropriate for all viewers.
  • New business models and services. This includes the first forays into mobile advertising, increased use of SMS and MMS for direct marketing, and the proliferation of direct brand-to-consumer relationships using the mobile channel.
  • More open networks. Everything is becoming more open. MMS uses SMTP rather than SMPP. IMS is about a more open framework. We’re moving toward a more open OS on phones. Opera has released a client for the device that allows full internet browsing. And there’s significant activity to get full search capabilities onto the mobile device.
  • Data on subscriber location, profiles, and content preferences, is becoming available, made possible by capabilities such as LBS, presence, mobile search, wireless 411, and directory type services. As an example, just this month, a high profile start-up company called Tello announced a service that uses presence to allow users to determine if others are logged on and available, across fixed line, mobile, and IM platforms.
Lowenstein proposes a detailed consumer security framework, which encompasses Anti-Spam and Anti-virus, content controls, opt-in/opt-out, and content and device security. He concludes that there are important next steps the industry needs to take:
  • we need to take a more holistic view of the issue and accelerate product development and partnership initiatives. I recognize that addressing each of the above issues requires time, money, and commitment. It’s admittedly easy for a consultant to trivialize the effort that would be required here.
  • I think marketing and education are as important here as product development. We need to create a better perception that as an industry we are on top of this, on multiple fronts. Consumers and regulators will be understanding if they are aware of all we are doing as industry, but will punish us if we are glib or aloof about the problem. As an example, T-Mobile USA’s customer service ratings have increased significantly ever since it began being much more up-front and specific about their network coverage. So a good start would be a coordinated effort to communicate to subscribers what we are doing, and what the roadmap looks like. Perhaps the operators should establish a “security hotline” or Web link for consumers to contact when they receive some form of unwanted content or a virus.
  • consumers need to know that this is a two-way street. Not all security and protection measures will happen magically, in the background. We need to educate consumers on their role in preventing viruses, spam, and unwanted content or access to personal information. For example, when is Bluetooth or LBS "on" or "off"?
  • operators should get it out of their heads that they should charge subscribers for the basic elements of the CSF. There might be a premium level of safeguards for which fees could be justified. But for a core level of protection I believe we should take the long-term view that the trust/goodwill built up by this proactive effort will outweigh what would be, at best, a modest revenue stream from “productizing” security and prevention services.