Over the past 25 years, we have gone from corded phones to walking around with computers in our pockets. This rapid technological development is a testament to our ingenuity and scientific prowess. It has brought the world together, enhancing our accessibility to community created apps, websites, add-ons and softwares. But in doing so, it has put the individual at a greater risk. In the technology industry, we have been so obsessed with innovation that we have neglected to keep our cyber security measures developing at the same rate.
This could affect everyone with a smart phone. But whose responsibility is it to solve this problem? Should phone companies be setting aside technological advances for the sake of security concerns or should it be the responsibility of the end user to utilise third party softwares to secure their devices?
Security is the responsibility of the customer
Upon launch, the hardware that makes up a mobile device is introduced to the masses and can no longer be updated until the next generation is released. The same cannot be said about the software. Considering that phone companies are first and foremost profit-making machines, it therefore makes sense for them not to delay a product’s inauguration in full knowledge that software updates will be made available as soon as security gaps become apparent. Developing an impregnable operating system from the get-go is impractical when you know that its security will be able to be continuously enhanced by “white-hat” hackers.
One prevalent way in which technological advances manifest themselves is through the availability of user created content such as apps and websites which offer more customisation and simplify tasks such as scheduling, uploading files and pictures, or social networking. However, these innovations are accompanied with an increased likelihood of cyber attacks through phishing attacks, trojan viruses and many more. A plethora of security software companies focuses on the development of high performance security systems and firewalls for mobile phones and personal computers, which reduce the risk of these attacks if one was to use these sharing platforms and apps/softwares. Knowing that these security systems are performant and readily available with different prices depending on the level of security, shouldn’t it be the individual’s responsibility to take the necessary measures to purchase and use these if they are afraid of being at risk? This would allow tech companies to focus their resources on the development of high value products and technologies which the user wants, while leaving security and protection to specialised businesses who are more experienced and better placed to do so. This approach grants the user with the freedom to choose the level of security they desire for their device.
Developing an impregnable operating system from the get-go is impractical
Since improved security measures are synonymous with restricted device capacity and processing power, and considering that most people will never experience a major cyber attack (the majority target organisations rather than individuals), there is scope to argue that companies are taking a utilitarian approach in providing more performant but less secure devices.
Security is the responsibility of the company
Would you purchase a car knowing that it does not have an alarm on it? Would you feel at ease driving around not knowing whether someone has tampered with your car? We have passcodes on our phones, we have locks on our cars and both can be broken. But, if our car is broken into the alarm rings, if our phone is broken into, nothing. Is this ok? Shouldn’t cyber technology companies be working harder to provide the same level of security we expect in our homes and cars, in our phones.
The problem is that a lack of cyber security, due to phone companies not prioritising it, may put everyone at risk. We associate hacking with big organisations but as we become more dependent on our phones for internet banking, for example, we become more of a target to cyber-attacks. And yet we are being left to fend for ourselves, it has become the responsibility of the general public to understand the details of cyber security instead of leaving it to industry professionals.
Phone companies should be pooling more resources into security
You might even be targeted on a more personal level, ask yourself how much personal information your phone contains; passwords, personal identification details, pictures you don’t want your boss to see. Wouldn’t you have much more peace of mind knowing that this information is protected instantly and without the need for expensive private security software? This is why phone companies should be pooling more resources into security instead of research and development and leaving security to the customer
It has been claimed in the previous argument that a utilitarian approach would suggest that innovation should be prioritised by tech companies over the development of security. This argument stands in our current technological state where the majority of people would prefer speed over security, but we need to look to the future. As people become more and more dependent on their phones and use them to store more and more private data, the balance of utilitarianism will shift. Personal security will become more of a concern to the majority of people and it shouldn’t be a problem for them to solve. Even informally, it is common-sense that these phone companies provide high level security with new products instead of waiting for the customer to play catch up for them.
So what should we do?
So who’s responsibility is cyber security? On one hand leaving it to the public allows the phone companies to focus all their resources on creating the best product possible. Ultimately this may be what the average customer wants, wouldn’t you prefer speed over security? On the other hand it seems ethically irresponsible for phone companies to not prioritise security. They are creating these highly personal products that they want us to trust with all our personal details but do not even ensure that they are secure. So, once again, who’s responsibility is cyber security? Yours or theirs, what do you think?
Group 24: Samy Krim, Angelo Darriet, Michael Portnell & Oli Welbourn