Is My Phone Spying On Me?

Share the joy

We’re approaching the point when smartphones and tablets become the primary communication and internet-access device for a majority of users in the United States. Mobile phones, smart or not, are the way most people around the world now communicate.

There is no more personal computer than a mobile device. Screen grab from mobile marketing promotional video.

Thanks to the ease with which these devices can track every move, every contact, and many of the choices we make each day, we’re faced with a conundrum: Which do I value more: privacy or convenience?

I should qualify that statement: Those of us who realize how much data is being collected and mined have concerns. Most users have no idea how they are being tracked and how this information is being stored, aggregated, synthesized, re-linked, and mined.

Data Privacy Day

On January 27,2012, The Cumberland School of Law at Samford University hosted a panel discussion: “Is My Phone Spying On Me?” in conjunction with the Data Privacy Day events held around the United States, North America and internationally. I was one of the panelists, along with Brian Warwick, attorney with Maynard Cooper & Gale, P.C.; Brian Cauble, entrepreneur and founder/CEO of Appsolute Genius; and Woodrow Hartzog, assistant professor of law at Cumberland School of Law.

Our goal was to raise awareness of the current state of U.S. privacy law as it applies to mobile technology, the competing interests of marketing and personal privacy, the safeguards available to consumers who want to be proactive in protecting private information, and the ways in which organizations address mobile data privacy.

Woodrow Hartzog served as the moderator and introduced the topic. Brian Warwick focused on the current state of privacy law in the U.S., I gave an overview of the competing interests between data-aggregators and data-mining firms, marketing and consumer privacy and focused on the emerging privacy challenges arising out of mobile apps that allow users to access electronic health records. Brian Cauble discussed mobile data privacy from the perspective of a mobile app developer.

Here’s the unedited video of our entire event, converted from a flash video file. The actual panel begins about 2 minutes into the clip. A summary of my comments can be found just below the video embed.

Is My Phone Spying On Me? Jan 27 2012 from Sheree Martin on Vimeo.

Mobile Marketing vs. Data Privacy

Consumers, especially  American consumers, love “free” and they (we) love “deals.” Mobile apps are mostly free—or nearly-free. Platforms like Facebook, Twitter, Pinterest and Foursquare are “free.” We can use our devices to listen to streaming music that is, for the most part, free (although paid options and upgrades are available). Unlike broadcast radio, though, internet music streaming providers can learn a lot about their listeners by tracking and mining our digital footprints.

These apps may not cost dollars and cents but they are not really free. Users exchange a little or, or often, a lot of personal information in exchange for the content they consume and share through these apps.

Mobile marketers know the value of the personal information to be gleaned from tracking and monitoring how a person is using a mobile phone or tablet.

For context, consider the data presented in this video by Google to promote its mobile ad services. The data was collected for Google by IpsosOTX, an independent market research firm at the end of 2010. They surveyed 5013 U.S. adult smart phone users. I’m confident the percentages are higher today for every data point.

[youtube_sc url=”” title=”Google%20The%20Mobile%20Movement%20Understanding%20Smartphone%20Consumers”]

A few highlights from Google:

  • 81% of smartphone users browse the Internet, 77% search, 68% use an app and 48% watch videos on their smartphone
  • 9 out of 10 smartphone searches results in an action (purchasing, visiting a business, etc.)
  • 79% of smartphone consumers use their phones to help with shopping

According to the Lucid Agency (see infographic below), over 300,000 mobile apps were developed in the last 3 years. Gartner estimates that in 2013, $29.5 billion will be spent on mobile apps (see infographic below).

Mobile Data Privacy & Personal Health Information

Most of my comments focused on privacy issues related to the use of mobile devices  to access and/or store personal health information. At the end of this post, I include a brief explanation of how I got interested in the relationship between mobile data privacy and personal health information, after considering the implications of the U.S. Supreme Court decision in Sorrell v. IMF Health, Inc. (2011).

The big question I raised is the risk to personal health information (PHI) privacy when mobile users don’t protect their device. Although certainly not failsafe, the Health Information Privacy Protection Act (HIPPA) provides some degree of oversight for use and protection of PHI as maintained and accessed by healthcare providers and insurers.

But HIPPA doesn’t apply to the consumer. Privacy may be compromised if a patient or family member of a patient is careless in the use of a mobile device to access electronic health records. More importantly, there’s no chance of responsible use if the patient or family caregiver doesn’t know the importance of enabling remote wipes, installing antivirus software, using caution when installing apps that track private log data recorded by the mobile device, and so on.

On January 24, 2012, a few days before our Data Privacy Day event, Kaiser Permanent announced its launch of a new initiative to allow about 9 million of its patients to access their electronic medical records (EMR) via a mobile phone app. Kaiser emphasized in its that patients would have the same security protections in place for accessing patient information via the web. But what happens if the patient’s phone is stolen or the device is infected with a trojan horse that can capture login information?

I’ll save many of the questions I raised about specific types of applications for another post.

Mobile Privacy & Personal Health Information

View more PowerPoint from ShereeMartin

More Questions Than Answers

Our panel didn’t answer all the questions. The goal was simply to raise awareness of the challenges of maintaining some modicum of personal privacy in a mobile, digital, connected and logged-in world.

This infographic shared on SocialMediaExplorer illustrates the proliferation of smart phones and growth rates of some of the most popular smartphone apps.

Mobile Marketing Infographic



Brief aside: I got interested in the question of mobile privacy and personal health information when I began to consider the ramifications of the U.S. Supreme Court decision in Sorrell v. IMF Health, Inc. (2011). This case considered whether a corporation has a First Amendment right to collect and market data to third parties. The U.S. Supreme Court said corporations do have such a right under the First Amendment.

Consider the wealth of personal data that a third-party aggregator can pull together by combining personal information obtained through mobile tracking (location data, contact lists, etc.) and data obtained through mining prescription records like those at issue in Sorrell. Most data-mining and security experts confirm that most purportedly anonymized data can be relinked to the individual with three pieces of information: Birthdate, zip code (or other location data) and gender. [Source: One study here and a report by the New York Times here. Many other sources are out there. There are others who take a different view and argue that anonymized data isn’t so easily relinked, but that seems to be the minority view, based on the methods commonly used to anonymize data.] A full analysis of linking is beyond the scope of this post and certainly beyond the scope of the 15 minutes I had in the panel discussion.

About Sheree

Change Catalyst, Idea Explorer, Dot-Connector, Square Peg