Paper Address Book - Privacy?
I found a paper address book. This is how my parents would have kept track of who they knew and how to contact them before mobile phones.
This seems like a good excuse to talk about privacy. Did we lose anything of value when our address books went digital?
paper address book
Let’s compare this to the contacts app on a mobile phone.
Paper address book:
- Stores hundreds of contacts
- Doesn’t break when you drop it
- Data likely to be recoverable from moderate damage
- Unlimited battery life
- Data is stored directly in the address book, with no option for remote access or backups
- You generally wouldn’t carry this with you
Mobile phone app:
- Stores effectively unlimited contacts
- The phone is fragile and is unusable with moderate damage
- Data is generally backed up to “the cloud”, automatically synced to other devices including new devices
- You have access all the time
What are the privacy threats for an address book, and how to the two storage mechanisms protect from those threats?
Generally, what we mean by privacy here is secrecy. Nobody should have access to our address book data unless we want them to have it.
Note that privacy is a security property. Both in the sense of computer security, and in the sense that in extreme cases privacy failures can be legitimately dangerous - a risk to your physical personal security.
Scenario 1: Non-technical Family Member or Roommate
Let’s say you’re a teenager, and your jerk brother wants to prank call a friend of yours. First, they need to get your friend’s phone number, and that means getting into your address book.
With a paper address book, they need to get physical access to the book. To maintain your privacy you need to prevent this physical access; you could hide the book, or store it in a locked desk drawer.
With a phone, the typical countermeasure would be to enable the screen lock mechanism on your phone.
Against your kid brother, either of these simple defense strategies is probably fine.
Scenario 2: Technical Family Member
What if your jerk brother is a computer expert who knows how to pick locks?
In this case, the phone is likely to be better if you have a good lock screen PIN, encrypted storage, and a good password on your cloud account.
That being said, the phone is subject to risks that you wouldn’t need to worry about at all with the paper address book.
Consider the following:
- Your cloud provider is Google
- You use Google Music
- You give your brother your password so he can use your Google Music account
- He’s definitely got your address book now
More serious cases are possible:
- Your brother is a political extremist and wants to find out if you’re in contact with a political organizer.
- Your abusive spouse wants to know who you’re in contact with.
- In these cases, the phone tracks another important kind of information: communication history. This includes call history and past messages.
Scenario 3: Random Stranger Steals Your Phone
You generally wouldn’t carry a paper address book with you, so having it get stolen is much less likely. It’d require breaking and entering rather than a snatch and grab or you forgetting your phone somewhere in public.
Modern phones with screen lock and storage encryption are pretty safe against data leaks in this case too. You can just buy a new phone and let your data get automatically restored from the cloud.
Scenario 4: Phone App Developer
Once you put contacts in your phone, you’re one click away from leaking that information to random app developers. Lots of “social” apps ask for access to contacts, and once they have it they can easily simply copy your whole address book to their servers.
The paper address book clearly didn’t have this risk at all.
a mobile app
Scenario 5: Phone Vendor
So if any app developer can get your address book in one click, how many clicks does it take for the phone manufacturer (e.g. Samsung) or the OS vendor (e.g. Google) to get it. Permissions don’t apply to system apps, so zero.
In the case of the OS vendor, they’re the ones providing cloud backups so they already have all your data. They may claim to encrypt your data on their servers so they can’t access it, but when we treat this as a security question (as we should) that claim simply doesn’t matter - we have no way of knowing if it happens to be true right now, and they can change that policy whenever they want.
Scenario 6: Law Enforcement
If the police want your paper address book and they can get a warrant, then they can legally break into your house and take it.
Similarly, if they have a warrant they can request a copy of your phone backups from your cloud provider.
Can they get a copy of your cloud data without a warrant? Maybe.
Scenario 7: Mass Surveillence
Modern governments have realized that computer storage is cheap and that collecting “all the data” is technically possible.
Based on the publicly available information, and considering this as a security question, we should assume that multiple major governments have access to cloud backups of smartphone data.
If an FBI agent had come by and asked my mother for photocopies of her paper address books her response would not have been polite.
your screen watches back
What can you do with a bunch of address books?
Most people today are using smartphone address books rather than paper address books, so that leaves us with the conclusion that many organizations (app developers, smartphone vendors, national intelligence agencies) have large repositories of address books copied from people’s smartphones.
One of the things that gets you is a searchable social graph.
One of the scary phrases from the US in the mid 20th century was “are you now or have you ever been a member of the Communist party?” In the 1950’s answering “yes” wasn’t generally life threatening, but a bunch of people lost their job.
It’s important to keep in mind that while the US Communist party was unpopular in the 1950’s, in the 1920’s it had been seen as basically a more popular version of what the Green party is today.
Do you have any people in your address book who have ever participated in a political protest?
If people get really interested in that question in the future, they probably won’t need to ask.