• by Steve Smith , Staff Writer @popeyesm, May 10, 2011

When it comes to digital privacy, many critics of data-gathering practices and consumer watchdogs have generally expected that mobile would prove to be the third rail for the interactive industries. User tracking on the desktop, while troubling to many consumers, just gets that much more noticeable and creepy when it is tied to the most intimate device of all, the cell phone. Everything about the phone's unique place in our modern lives raises the stakes on issues and features that get ported over from the general Web.

 I have been in the field long enough to recall when the first consumer studies showed that users would reject the notion of mobile advertising out of hand. And so it is hard to tell whether the issue of privacy and data collection on mobile will follow a similar course of people just getting used to it. After all I recall when we used to call behavioral targeting off search queries a "third rail" of the privacy issue. Not so much any more. 

But the Federal Communication Commission's heightened concern over the question of data collection, and the politicians' discovery of the issue have taken the issue out of conference panel discussions and watchdog warning into general parlance. This morning Consumer Reports chimed in with a cover story on digital privacy that also generally embraces mobile. The annual State of the Net survey of 2,089 online households from the Consumer Reports National Research Center reveals that, first and foremost, consumers themselves may be the greatest source of their own data leakage. The study projects that millions of people are routinely storing or accessing sensitive information like bank accounts and medical records on their phones in ways that leave them vulnerable. Almost 30% of respondents said they do nothing to secure their phone.

Facebook, one of the most fully mobilized Web services around, is a primary focus of the CR report. They found that 15% of people on the social network have posted current locations and vacation plans. As the site I Can Stalk U demonstrates, the metadata contained in many phone cam images uploaded to social networks can be used to find out where a person is.

34% of people surveyed have put their full birth date on their profile, and 21% have posted their kids' names and photos. But here is the headline: 20 million minors are on Facebook, and 7.5 million are under 13, technically outside the acceptable age range. About 5 million are under 10.

Mobile phones are quickly becoming a weak spot in whatever paltry skein of data protection consumers even bother with. CR finds that in the past three months 1.8 million mobile phone owners likely have been storing passwords on their phones that access accounts and sites. Consider that 9% of us are already using their phone for banking. The real privacy and security issue with phones is of our own, not marketers', creation, which makes the theft of the phone one of our major vulnerabilities.

Only about 20% of people are securing their phone with a PIN or master password. Less than a third are updating programs and backing up data in case of crash or theft. And CR warns that the Internet-enabled phone is just waiting for a major malware break. The recent DroidDream outbreak that CR reports affected 260,000 Android users is just a warning shot. The apps that included the code were able to access much of the target phone's data. "What it took 15 years to do in computers, it took two years in mobile," says John Hering, CEO of mobile security company Lookout in the article.  

And it also has taken 15 years for consumers, regulators and legislators to take serious notice of the new culture of digital data. We have spent more than a decade raising questions about our own information trails that have gone unanswered. Mobile platforms make it all very personal and unavoidable. As technologies like NFC turn phones into credit cards, that level of concern only escalates. In some ways, the issue of security on mobile may prove so pressing for many people that the usual digital marketing concerns about behavioral ad targeting will seem minor. Marketers and media should look at this as an opportunity to nurture richer relationships with customers, rather than causing suspicion by a lack of transparency. Privacy should be a feature -- not a fear.