Michael Becker sat down with Breno Pilar at IPification, a mobile authentication solutions provider, to discuss his views on how mobile authentication can be used to protect vulnerable populations, especially children, as they use the Internet and Internet-powered services.
Properly implemented, Breno asserts that mobile authentication can improve security, protect privacy, streamline the user experience (i.e., make it easy to use and transparent), and empower parents and guardians to effectively steward and safeguard their charges.
During our discussion Breno noted, “We could speak on the personal data and identity market for a week and never reach a conclusion.” To help focus our conversation, he zeroed us in on a specific topic near and dear to his heart: the protection of children and their online experience. UNICEF estimates (2020) that, at a global level, seventy-one percent of young people are online. Breno proposes that mobile authentication can help families stay safe online.
The Chicken and Egg Problem
Breno suggests that we have a “chicken and egg problem.” He notes, “This is a completely new world for parents. It seems simple and harmless, but it is far from that.” Here is the problem: He argues that “parents should be knowledgeable about what’s going on with children’s data, but they’re not even aware of what is going on with their own data.” Moreover, he suggests that “little ones are just following their instincts, they’re super fast to give away their data because they don’t have idea of consequence.”
The Internet can be a great boon for children, but it can also be a bust because it can present many dangers.
Online services can be a boon to a child since internet experiences can help children access educational services and entertainment and socialize with their friends. It can teach them self-directed learning and improve reading and comprehension.
Breno points out, however, that the Internet is full of danger and that we need to do what we can to protect children. “We don’t want a 6-year old going to places online that we’d never let them go in real life,” he notes.
Kids can be exposed to all kinds of harm on the Internet. Kaspersky highlights 7 dangers facing kids online, including cyberbullying, cyber predators, phishing, falling for scams, downloading malware, inappropriately sharing personal information, and submitting posts that can come back to haunt them in the future. The online threats, which have been exasperated by the pandemic, are not just theoretical; they are real. A 2011 study by Carnegie Mellon SyLab study found that children were 51% more likely to have their security number used by someone else. A Facebook study reportedly found that Instagram use could be harmful to teens; for example, 32% of teenage girls felt negatively about their bodies due to their use of Instagram and 13% of UK teens (6% in the US) traced a desire for suicide back to the platform.
The distention between the outside and inside the house is gone. The danger is no longer just outside the house, it’s in your child’s bedroom”
Breno Pilar, VP Ibero-America, IPification, 2021
But the harms above are not the only ones we need to be concerned about. Breno also raises the risk of “enterprise gossip,” which is exacerbated by surveillance capitalism and has become a reality due to “ubiquitous computing” and our failure to effectively implement Morris’s rule: “build computer systems to have the same privacy safeguards as the real world, but no more, so that ethical conventions will apply regardless of setting.” Breno infers that this gossip can be quite harmful. This is because enterprises are able to take bits of information about the person in and out of context.
To further understand this issue, refer to the definition of gossip, which is the “casual or unconstrained conversation or reports about other people, typically involving details that are not confirmed as being true” (Dictionary, 2021). Industry has been enriching itself by mining data about people, which is then used and passed around (aka the data broker market). Trillions of dollars are made annually by the mining and application of individual insights. However, the data collected on people is often inaccurate and when used is tantamount to “enterprise gossip,” which can lead to a myriad of harms: surveillance, bias, reputation loss, anxiety, missed opportunity, and so much more.
These risks will only get more pronounced as the world becomes increasingly more digitalized. Today, an individual’s digital footprint starts well before they are born, grows exponentially throughout their life, and carries on after their death (see Clear & Simple Collective’s “Ada for Trust Exhibit,” an art exhibit presented at MyData 2019 detailing 6 key “digital” life moments).
Risks extend beyond just kids
These online risks impact us all. However, as Breno and I discuss, we need to take special care to protect the kids and members of other vulnerable populations—the mentally and physically challenged, incapacitated, elderly, minority groups, etc.
Multi-faceted solutions: 4 Pillars
Breno calls out for pillars that must be simultaneously considered to protect people, especially kids, while online. These pillars are:
- Security. Security measures ensure that only those authorized can access a designated service and its data, i.e., they keep the “bad guys” out.
- Privacy. Privacy measures ensure that the individual data subject, or their parents or guardians, choose with who, what, when, where, for what purpose, and for how long personal data is shared.
- User Experience (UX). User experience measures ensure that an application is easy to use and is transparent—if it is not, then people won’t use it.
- Compliance. Compliance measures ensure that appropriate contracts, agreements, laws, regulations, standards, and industry best practices are met, along with assuring that individuals know and understand how to enact their rights. An example regulation relevant to kids is the UK’s Information Commission’s (ICO) Children’s Code, also known as the “Age Appropriate Design Code: a Code of Practice for Online Services,” which went into force on September 2, 2021. The code regulates how the personal data of people under the age of eighteen should be handled. In the U.S., the most relevant regulation is the “Children’s Online Privacy Protection Rule,” which protects children under the age of 13.
Focus on value
For Breno, the key to success is to remember that people just want value and utility. Adequately navigating the four pillars above takes a ton of expertise and experience. Most people don’t want to become security, privacy, UX, and regulatory experts, Breno points out. They just want to live their lives: “They want value and utility without having to spend years becoming an expert,” Breno notes.
Address the Four Pillars with Mobile Authentication
Mobile Authentication, also referred to as SIM-based authentication, is a method for authenticating an individual’s identity by leveraging unique signals associated with the mobile device they are using. As IPification’s CEO notes, “It verifies mobile identity using the information only a mobile operator would know, like which SIM card a user has been issued, which device is being used in combination with that SIM card, which IP address has been assigned to the user.” In addition to using SIM card signals, mobile authentication can be enhanced with mobile number intelligence. Mobile number intelligence can be used to pull in other signals and factors to verify someone’s identity, such as the location of their device or the veracity of the information they are providing (e.g., if they are providing the correct address or not) when registering or interacting with a service (See my interview with Lee Suker to learn more about mobile number intelligence). Mobile authentication is said to enhance privacy as well, as it can leverage service URI, thus isolating one service from another and protecting the sharing of data.
Enhance Mobile Authentication for Kids and the Vulnerable Class
In our interview, Breno explains how mobile authentication can be enhanced to protect kids and the vulnerable class. He explains that the mobile networks could keep track of additional parameters about each subscriber, such as age and gender, and how this information could be added to the mobile authentication signals. The mobile operator network, in partnership with players like IPification and application developers, could keep kids safe by having the network automatically filter out and protect vulnerable users from content and services that may harm them. For example, a device that has been designated by the account owner to be in use by a minor could, at the network level, have all adult content blocked.
To effectively put Breno’s vision into action, however, much work is needed. Global regulations need to be reviewed and harmonized. Industry standards should be evaluated. Alignment amongst industry players and is needed. And buy-in from individuals, e.g., parents, is needed. One valuable resource of support to look to is UNICEF and its effort to protect children’s online rights.
Breno, in our interview, makes some very compelling arguments for protecting children online. He illustrates how mobile authentication could be used to protect children and those who may be in a state of vulnerability in their lives. To make all this work, however, he reminds us that much needs to be done. Breno argues that:
- The best approach is to “centralize data with the mobile network operators”
- Politicians need to become more technically aware and savvy so that the policies they produce can be as dynamic and relevant as technology
- We need to systematize the rules and regulations to build trust into the system
- Enterprises need to build tools to help people control their data, and the data of those they’re responsible to protect
I am hopeful that one day we will find the equilibrium state where people can truly balance security, privacy, compliance, and experience. We’ll get there—we just have to remember that we have to work together to do it. As Breno points out: “We live in a community. We can’t live by ourselves.”