Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian has released a new white paper entitled, “Mobile Near Field Communications (NFC) “Tap ‘n Go” – Keep it Secure and Private,” at an Ottawa Conference on “The Future of the Internet: Opportunities & Challenges of Web 3.0.” Tap ‘n Go technology gives smartphone users new benefits and conveniences. Advances in mobile technologies, such as NFC, will provide people with control over our converging real and virtual worlds.
Nokia was also a major contributor to this paper, which illustrates NFC’s capabilities with four smartphone use case scenarios, investigates privacy and security risks, and offers practical “Privacy by Design” solutions to protect privacy, empower consumers, and build trust in the mobile ecosystem.
“User privacy does not have to be sacrificed for the sake of using NFC, which is currently in the early stages of adoption – we can have both the technology’s convenience and privacy,” said Commissioner Cavoukian. “Now is the time to apply Privacy by Design – to embed additional security and privacy into the design of applications that use NFC capabilities.”
“Nokia has been committed to development of NFC technology standards and products for many years. Privacy by Design is a key element of Nokia’s privacy strategy and is a commitment in our product creation process. Collaboration with Dr. Ann Cavoukian, Collin Mulliner and Harley Geiger was a great opportunity to provide guidelines on how the privacy principles can be manifested in a mobile technology, such as Near Field Communications,” said Mikko Niva of Nokia Global Privacy Counsel.
NFC is a short-range wireless technology that enables mobile devices to interact with other mobile (and fixed) devices, as well as with passive physical objects. Currently, NFC is most often used to:
- Initiate a service (e.g., read a tag to launch a Web browser to get a coupon);
- Pair devices (e.g., activate a Bluetooth headset);
- Transfer peer-to-peer data (e.g., share contact information, synchronize data); and
- Secure NFC card (e.g., mobile device acts as an access, loyalty or payment smartcard).
Mobile devices that allow for system-to-system data transfers, or for pairing of devices to enable interaction, may trigger privacy and security concerns, including unwanted data “leakage” or collection, user identification, user location-tracking, improper redirection to an unknown website, initiation of an unknown service (such as text messages charged to the user) or receipt of unwanted content.
By applying Privacy by Design principles, “data privacy and security can and should be ‘baked into’ mobile device architectures, including physical design, operating systems, applications and services, with special attention to effective user interfaces and default privacy options. All stakeholders in the mobile ecosystem have critical roles to play in fostering users’ trust and confidence,” said Commissioner Cavoukian.