With the recent theft and release of several celebrities’ private photographs (many of which appear to have been taken with, and stored on, mobile devices), mobile privacy and the protection of sensitive data stored or transmitted through the cloud has once again come to the forefront of national discussion. While this most recent incident is still under investigation, initial reports indicate that the photographs were obtained by unauthorized intrusions into individuals’ cloud storage accounts.
Although it appears that this most recent privacy breach only concerned the theft of personal photographs, it again highlights the fact that as cloud data storage becomes more prevalent, everyone should be vigilant to guard against the theft of other sensitive information, including confidential business information.
Not only are data, information, documents, etc. stored in the cloud vulnerable, but when they are transmitted or even deleted by a user they may still be at risk. Several of the celebrities affected by the iCloud theft have stated that the pictures stolen were taken many years ago and were believed to have been deleted. This could have serious ramifications for businesses and governments that use the convenience of cloud storage to encourage employee collaboration and to manage their information and data storage needs.
While embarrassing in nature, the theft of private photographs is unlikely to have serious consequences for their owners. More concerning is the risk of theft of confidential information concerning economic, legal and national security matters. Adding to this concern, mobile device manufacturers are beginning to work with banks and credit card companies to allow the use of phones in place of credit/debit cards for payment purposes. Already there have been major data breaches at retailers where consumers’ financial information was stolen. Adding mobile devices to the mix may create another temptation for hackers, creating a renewed interest in policing mobile privacy and data security policy.
Given the confluence of these recent events, it is possible that Congress and the Obama Administration may again turn their attention to mobile device privacy issues in the coming months. Indeed, mobile privacy was one of the top priorities to be addressed by the U.S. Department of Commerce National Telecommunications and Information Administration’s (NTIA) multi-stakeholder privacy and data initiative. The NTIA was unable to make any real headway on mobile privacy due to disagreements among involved stakeholders. Many of the stakeholders have recommended NTIA scrap the process and instead pursue legislation from Congress.
In the meantime, consumers, businesses and federal and state agencies should review their use of mobile devices and cloud storage, and take measures to protect sensitive information and data from such breaches.