Today's Top Stories
1. NTIA-led group inches closer to mobile app code of conduct
2. Apple's iMessage encryption stymies DEA surveillance
3. Researchers recover cloud-based data through mobile devices
4. Digital divide cannot be bridged by mobile Internet, report says
5. Navy explores explosive-support mobile apps for the warfighter Editor's Corner: Standing BYOD security on its head  Follow @fiercegovit on Twitter
Also Noted: Progress and problems in hashing out government mobile baseline; The competitive mobile app landscape; and much more... More News From the FierceMobileGovernment Network:
1. Tech firms criticize anti-Chinese technology spending bill provision
2. House Intelligence to markup CISPA with amendments
3. Agencies need to need to spend carefully under sequestration, OMB controller says
| This week's sponsor is Coveo. |  | eBook:
How to Get a Return on Knowledge in a Big Data World
Learn how to get a higher return on your company's collective knowledge with advanced enterprise search technology - and watch your employee productivity rise and profits soar. Download Now! |
| 
Standing BYOD security on its head
 Virtualization, the thinking goes, can provide access anywhere from any device. Many see it as the answer to mobile device security problems because it can provide access to applications without actually storing data on the device.
Some agencies' hopes for bring-your-own-device plans hinge on their ability to make employees' mobile devices into thin clients and less like storage devices. But agency CIOs should take note of recent research out of the University of Glasgow that calls that principle into question. In a new study, researchers used Android and iOS devices to recover files from cloud service providers because the devices "contain a proxy view of the data stored in a cloud storage service." A partial view of data stored in the cloud can also be provided even without access to the cloud if the user did not clear the cache of recently viewed files. -->READ THE FULL EDITOR'S CORNER |
|
Today's Top News 1. NTIA-led group inches closer to mobile app code of conduct
It's been a long haul since the National Telecommunications and Information Administration set out to develop a code of conduct that would provide visibility into how mobile application companies handle personal data. The agency announced the goal in June 2012. But now, with only three meetings left and an updated draft document, NTIA appears close to a final version. With minimal changes from the March 14 to April 4 version, the guiding principles of the five-page draft (.pdf) center around the use of short form notices. App developers and mobile service providers can use these notices to consistently display information about application practices, allowing consumers to "compare and contrast data practices of apps, with the goal of enhancing consumer trust in application information practices," according to the draft document. Those voluntarily adopting the code would post short form notices on what data is collected, how it will be used, if third parties will access user- or device-specific data, and the company providing the app. The draft lists data collection categories as: biometrics, browser history and phone/text logs, contacts, financial information, health information, location and user files. The disclosure should also reveal who the app shares data with, including carriers, consumer data resellers, social networks, or operating systems and platforms, such as app stores. In addition to the short form notices which can be read easily on a mobile device, developers and publishers should link to data usage policies, terms of use or long-form privacy policies where legally required, says the draft code. It's best practice for these longer form documents to explain how consumers can delete their collected data, identify business affiliates with access to collected data and identify data retention policies. The group collaborated on the latest markup at its twelfth meeting on April 4 at the American Institute of Architects in Washington, D.C. According to a report from Politico, Chris Olsen, assistant director of the Federal Trade Commission's privacy division, raised several concerns about the code of conduct to meeting participants. Considering stakeholders are nearing the end of a lengthy process, some attendees worry that FTC suggestions this late in the game could impede or delay the group's ability to reach a consensus, write Politico. "[We] have been willing to consider the perspectives of anybody and everybody, it just seems like the commission's comments are not focused on the goal of successful consensus, but rather focused on the goal of perfection," Application Developers Alliance President Jon Potter, told the publication. For more:
- download the markup of the latest draft document, "Mobile App Transparency," (.pdf)
- read the Politico article Related Articles:
FTC: mobile "ecosystem" of stakeholders needs more effective privacy disclosures
Mobile Device Privacy Act calls for vendors to disclose monitoring
Transparency not enough for mobile app privacy protection, say stakeholders Read more about: privacy, NTIA
back to top |
| This week's sponsor is Oracle. |  | Whitepaper: Optimize Programs and Fulfill Mandate Expectations with Project and Portfolio Governance Knowing which programs your agency should support doesn't have to be a guessing game. Learn how you can align projects with strategic goals, balance spending and assess risk with Oracle's Primavera Portfolio Management's enterprise approach to governance. Download Now.
|
2. Apple's iMessage encryption stymies DEA surveillance
 The Drug Enforcement Administration has been unable to intercept communications sent over Apple's iMessage service, according to an internal DEA document obtained by CNET.
An undated excerpt of the document, which CNET posted online, said that on Feb. 21 of this year, the DEA's San Jose, Calif. office learned it wasn't capturing iMessages via pen register devices, trap-and-trace devices, or Title III interceptions. The document, marked as sensitive but unclassified, said that "iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider." As a result, investigators may think they have a full record of someone's communications when in fact they do not, the document warned. Apple's iPhone, iPad and iPod Touch come with iMessage, which allows users to send text messages without paying carrier text-message fees. But the DEA document noted that iMessages sent from an Apple device to a non-Apple device transmit as normal text messages. Those messages can be intercepted, "depending on where the intercept is placed," the document said, adding that placing it on the non-Apple device seemed to bring more success. Law enforcement could also ask Apple to turn over the contents of certain iMessages. According to the company's privacy policy, Apple can disclose user information "if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate." For more:
- view the DEA document excerpt that CNET posted
- read the CNET article Related Articles:
DOJ pen register and trap and trace surveillance sharply up
VA has issued only 475 iOS devices to staff
ICE tries to revoke mobile surveillance records it made public in 2011 Read more about: privacy policy, DEA
back to top |
3. Researchers recover cloud-based data through mobile devices
 Researchers from the University of Glasgow were able to access data from mobile devices even when that data was stored remotely in the cloud. Researchers used Android and iOS devices to recover files from Dropbox, Box and SugarSync, according to a paper (.pdf) presented at the 2013 Hawaii International Conference on System Sciences.
Report authors found traces of data are retained on mobile devices that were used to access cloud storage services. "Smartphone devices which access cloud storage services can potentially contain a proxy view of the data stored in a cloud storage service," say report authors. And in many cases, recovering that data provides access to what is stored in a cloud-based account. Sometimes, a partial view of data stored in the cloud is provided even without access to the service--such as when the mobile application was used to view the files in the cloud and the user did not clear the cache of recently viewed files. Of the 20 files tested--of varying formats ranging from .pdf to .mp3--researchers testing the HTC Desire running Android v. 2.1 "Éclair" recovered nine files from Dropbox, 15 from Box and 11 from SugarSync. The same tests on the iPhone 3G running iOS v. 3, depending on application and device manipulation, resulted in either five or seven files recovered from Dropbox, seven or 15 from SugarSync and five from Box. Many deleted application files were recovered from the Android device, while no deleted application files were recovered from the iPhone, according to the report. Metadata, including transactional logs, were recovered from all the applications on both devices, and on both devices JPEGs, mp3s and mp4s were harder to recover, write report authors. For more:
- download the paper, "Using Smartphones as a Proxy for Forensic Evidence contained in Cloud Storage," (.pdf) Related Articles:
Appeals court restricts school searches of cellphones
HTC America settles with FTC over mobile device security vulnerabilities
DHS to publish mobile security playbook in May Read more about: mobile security, cybersecurity
back to top |
4. Digital divide cannot be bridged by mobile Internet, report says
Greater access to mobile technology allows users to bypass personal computers and access the Internet through mobile devices, but that doesn't mean those devices are ready to replace personal computers, according to an April 1 New America Foundation report (.pdf). While greater access to mobile technology suggests the possibility of a leapfrog effect, the lack of 3G adoption shows that mobile phones are not yet functionally-equivalent substitutes for personal computers, the report says. Mobile devices have shortcomings compared to personal computers such as memory and speed, content availability, network architecture and patterns of information seeking and content creation amongst users, the report says. Both personal computers and mobile devices provide access to the Internet, but the mechanisms by which a user engages with the Internet are different and that changes the way users take advantage of the opportunities for social, political and economic development that the Internet provides, the report says. An important dimension of the digital divide is the potential gap between those who have advanced functionality and services and those who have technologies with lesser capabilities, according to the report. Mobile Internet users aren't able to dive as deep when gathering information as those using personal computers, the report says. One usage study of mobile users in six countries concluded that information gathering was not a common task among mobile device users. Another usage study that examined the nature of mobile Internet users' information-seeking activities found that PC-based users habitually access an average of 8.64 categories of websites, whereas mobile-based users habitually access an average of 3.58 categories of websites, the report says. The average number of characters in mobile search queries is significantly lower than the average number of characters in PC-based search queries, and mobile searches utilize a significantly more limited search vocabulary than PC-based searches, according to the report. Also, mobile searchers are much more likely to rely on the first few search returns than PC-based searchers, the report says. Because of these shortcomings, policymakers shouldn't use mobile access as a way to bridge the digital divide, the report says. It's important for policymakers to be informed by a more detailed understanding of how "the technological, content and network characteristics of different platforms impact patterns in information seeking, access, usage, creation and dissemination that are at the core of why the digital divide matters," the report says. For more:
- download the report (.pdf) Related Articles:
Smartphone ownership highest among young adults and higher income households, says Pew report
Android increasingly attacked, says McAfee report
Mobile devices can streamline healthcare, say panelists Read more about: mobile devices, New America Foundation
back to top |
5. Navy explores explosive-support mobile apps for the warfighter
The Navy is researching mobile application development and deployment techniques to inform a future app of its own that could assist warfighters in the explosive ordnance disposal community. According to a request for information posted April 3, the Navy is looking for information on smartphone- and tablet-compatible projects in industry or government that collect incident information and transfer data securely. "The ability to develop subsets of currently fielded applications and data distribution would greatly speed up development efforts," says the RFI. The app Navy envisions would serve the EOD user community--those who detect, identify, secure, recover and dispose of explosives--in dismounted missions. The app would connect with the Joint Service Explosive Ordnance Disposal Decision Support System. The JEOD DSS is an information management tool used to capture, store and disseminate operational experience data, according to DISA. The system allows warfighters to interact with JEOD support organizations and explosives experts--enhancing situational awareness and providing a common operational picture. Navy seeks information on native, web or hybrid apps and currently-fielded standalone ruggedized platforms running government-off-the-shelf Java based apps. Requesters envision the app being able to provide EOD-specific data, collect incident information and transfer data from a ruggedized laptop to the Global Information Grid, when connected. For more:
- read the solicitation Related Articles:
DoD seeks MDM, app store
DoD releases comprehensive mobile strategy Read more about: explosive ordnance disposal, JEOD DSS
back to top |
Also Noted > City sees a lot more than potholes in mobile reporting apps. Article (GCN)
> Apple bans Chinese bookstore app over 'illegal content.' Article (Cnet)
> White House announces civil hacking event at the White House. Post (White House Blog)
> Progress and problems in hashing out government mobile baseline. Article (FCW)
> The competitive mobile app landscape. Post (Mobile Gov Blog) And Finally… A video homage to the cellphone, which was 40-years-old on April 3. Embedded video > Software Engineering Institute Carnegie Mellon Invitational Hiring Event - Pittsburgh, PA - April 11th- 12th SEI currently has immediate opportunities available for experienced professionals. The SEI Career Fair is by appointment only. You must be a U.S. citizen and be eligible for a security clearance to be considered for positions. To apply and submit your resume please visit http://www.SEIexpo.com > TECHEXPO POLYGRAPH ONLY Hiring Event - Baltimore, MD - April 17, 10am- 3pm ET Join the Nation's leading Defense, Government & Technology employers and interview for 100's of jobs in Cyber Security, IT, Engineering, Aerospace, Telecom, Intelligence, Operations, Homeland Security & more! Active TS/SCI Clearance w/ CI or Full Scope Polygraph Required. For more event information on attending or exhibiting at TECHEXPO's hiring events visit: http://www.TechExpoUSA.com > TECHEXPO POLYGRAPH ONLY Hiring Event - Reston, VA - April 18, 10am - 3pm ET The leading Information Technology companies are seeking qualified Security-Cleared professionals who hold a CI or Full-Scope Polygraph this April at TECHEXPO! Join us April 18th and interview for 100's of immediate positions with the industry's top Defense, Government & IT employers. Active TS/SCI Clearance w/ CI or Full Scope Polygraph Required. For more information on pre-registration, exhibiting & attending TECHEXPO visit: www.TechExpoUSA.com > TECHEXPO CYBER SECURITY Hiring Event - Columbia, MD - April 30th, 9am - 3pm Are you a Cyber Warrior & seeking a new employment opportunity? Don't miss TECHEXPO's Cyber Security Job Fair on April 30th in Columbia, MD. Interview face-to-face with industry leaders & learn from our panel of distinguished speakers! Cyber Security Experience Required. For more information on attending or exhibiting visit: www.TechExpoUSA.com
| > eBook: Smarter Service: The Contract Center of the Future This eBook explores the challenges facing traditional contact centers and the benefits of deploying the contact center of the future. You'll find links to further resources on the final page. Download today. > Research: How to Unlock Knowledge from Big, Unstructured Data to Improve Customer Service Learn how to unlock knowledge trapped in silos and systems and read how advanced enterprise search technology can put your organization's collective knowledge in the hands of your service reps. Watch your service performance improve and customer satisfaction soar. Download Now! | ©2013 FierceMarkets This email was sent to ignoble.experiment@arconati.us as part of the FierceMobileGovernment email list which is administered by FierceMarkets, 1900 L Street NW, Suite 400, Washington, DC 20036, (202) 628-8778.
Refer FierceMobileGovernment to a Colleague Contact Us Editor: Molly Bernhart Walker
VP Sales & Business Development: Jack Fordi
Publisher: Ron Lichtinger Advertise Advertising Information: contact Jack Fordi. Request a media kit.
Email Management Manage your subscription Change your email address Unsubscribe from FierceMobileGovernment Explore our network of publications: |
No comments:
Post a Comment
Keep a civil tongue.