Smartphones like the Nokia Lumia 920 spend all day sending data back and forth. This is obvious when it comes to things like email and social media, but your handset is a lot smarter than that. Apps send usage data so developers can improve them in future, other apps keep track of your location, and all of your details need to stay private, to remain secure. This is something that’s particularly relevant today, as 28 January is Data Privacy Day.
So what is privacy and security all about on a mobile phone, and how does it affect you as a user? Just as importantly, how does Nokia ensure you can trust its products? We’ve been talking to Janne Uusilehto, Director of Nokia Product Security and Mikko Niva, Nokia’s global privacy counsel to find out.
How does privacy affect Nokia and Nokia users?
“We apply privacy by design to ensure privacy is integrated into our products right from the start. We don’t sell or share personal data without user consent. We don’t give user data to authorities unless we are required to do so by local law. We strive to offer a fair value to users in exchange for their data. We also work actively with regulators and industry.”
So where does security come into the equation?
Janne: “Security is creating certain controls to protect all assets we have in the device. It’s also protecting service providers, it’s protecting the authentication of the user, or even the identity of the users.”
Mikko: “Close collaboration between our security, privacy and data organizations is of the essence for Nokia to reach its business objectives while respecting privacy and security of our users.”
What does it mean for Nokia products and services?
Mikko: “This is about so much more than just telling users that some data is being collected. We are actually applying privacy early into our operations through appropriate privacy engineering and assurance activities. We have dedicated privacy resources in our units who work towards common objectives. In fact, we have a full privacy program with proper executive oversight, policies and processes with a lot of focus on awareness and training activities.”
“Last year we introduced robust privacy requirements to mobile application developers who publish their applications through Nokia Store. This was a major milestone in bringing more and more privacy into the ecosystem. Today, all applications that are published through Nokia Store are subject to these requirements. Non-conformance leads to rejection of the application.”
Janne: “Also the environment for Lumia phones is quite well protected. It’s not possible to download applications from anywhere outside the Windows Marketplace, so therefore there’s a level of control. That’s the whole idea of security; the consumer is having a role to play in the protection of data, we give them meaningful protection in technical terms, but we also give a certain level of freedom to do whatever they want with their devices.”
How does Nokia compare against other manufacturers when it comes to security?
Janne: “Balance is the thing the whole industry is working on. At one end is Android, with fewer controls, and users can do almost everything. The user is responsible for many of the security related decisions and the consequences. At the other end is Apple, and it’s much more limited to what you can put there without Apple’s approval. They are giving more control but less freedom, and that’s why Apple devices are under heavy attack to be jailbroken as quickly as possible. Our approach is somewhere in the middle.”
“You make a good business with open platforms, but then the user is getting more responsibility. You make good business with a closed environment, but the user is losing their freedom.”
And what about the rest of the industry?
Janne: “Nokia has been very proactive in the security area: we’ve been an industry driver over the past decade. Also in policy forums, and sharing security activities over SAFECode (a software forum for driving security) and security management principles, we’ve found that Nokia has been the leading mobile phone manufacturer, taking this area very proactively.
“Many industry players are more or less solving problems one by one, but we have been pretty good in our proactive internal awareness programs and engineering efforts. Awareness of security and privacy among users will increase in the future, and the industry is responding to that demand.”