Safety on the Line - A new report by the BBG and Freedom House on Mobile Security

Posted by admin on Jul 31, 2012

The US Broadcasting Board of Governors and the US organization Freedom House recently collaborated on a new study on mobile safety in 12 countries. The study, Safety on the Line: Exposing the myth of mobile security (PDF), sets out to investigate two distinct areas: 1. Testing of specific mobile applications (with a strong focus on circumvention tech) vis a vis their security and usability; and 2. a very small survey of users in 12 countries about their use and security challenges of mobile telephony.

The BBG, as the parent of news outlets such as the Voice of America and Voice of Asia, is, of course, keenly interested in delivering content to various countries without a free media, so the report emphasizes circumvention tools and barriers to online content, and focuses on countries of particular interest to the BBG. 

The study is peculiar.  It seems rather an internal assessment than one aimed at a particular audience (other than the US Congress that funds the coffers of the BBG) and there are a number of significant flaws with it.  The findings such as this one:

"A study of the technical aspects of GSM and later  mobile networks used for both voice, text, and internet access teaches us that there are significant flaws in the security of mobile networks that could be exploited for the purpose of blocking and monitoring"  

are hardly revolutionary to anyone who works in repressive environments.  

The study is poorly written with sentences such as this one, describing the selection of mobile apps chosen for 'testing':  "A specific risk of selecting applications is the need for them to function across many smartphone platforms.  Applications that only work for one platform may require users to employ more ubiquitous, but insecure services such as email, voice, or text chat."  We honestly have no idea what that means. 

Equally opaque is the scoring system used to arrive at the conclusion that, for instance, skype on iOS is classified as 'good' in regard to its security features while it is 'adequate' on the Symbian operating system while garnering the exact same number of 'stars' all the while Skype has come under considerable attack for its inadequate security.  Freedom House has previously been criticised for its evaluations of circumvention software and while the methodology in this report is marginally more sound, there are significant questions about the assessments. 

Likewise, there are flaws with the methodology of assessing user behaviour and perceptions vis a vis mobile security risks. As Katy Pearce, an experienced researcher on tech use in some of the hardest-to-survey countries notes, the study is unclear how respondents (total n for all 12 countries is a paltry 1,644) were recruited. Asked via email, she writes, "If it was a snowball sampling (asking people to identify who else they know), that can be a threat to validity." She also noted that "web based surveys are problematic for many reasons. One, you're self-selecting only those with some tech skills already, thus skewing your answers. Also when people answer web surveys they tend to just click through answers."  Pearce notes that typically such surveys are conducted face-to-face, especially in countries that are extremely hard to survey. 

The extremly small sample size makes one wonder, in Pearce's words, "What we can infer from this? Why does this matter at all?"

The report is useful in one respect: The analysis of the mobile market in the 12 specific countries, and more specifically, the cost analysis of mobile communications.  Price and handset market analysis for all countries is something that the ITU (as the chronicler of this information) ought to make available at no cost.  Currently, the information is only available at a cost, is old almost 12 months, and does not include handset information for each country. 

In the end, though, there is hardly anything new in this report that is not already rather well known: Mobiles are ubiquitous, increasingly used by citizens for activism, content generation, and accessing online content; strictly controlled and highly insecure mini-computers that are subject to significant surveillance as mobile operators exist within a highly regulated and government-controlled environment. Unfortunately, other than stating the obvious, the BBG/Freedom House study does little to substantively add any additional usable information about the degree of surveillance, technical capabilities, or actual incidences of mobile data use against activists or human rights defenders.  It is a missed opportunity to push for greater transparency, accountability, or changes in this mobile environment we all work in. 

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd><p><br> <b><i><blockquote>
  • Lines and paragraphs break automatically.

More information about formatting options