OnQ Blog

As phones become our IDs, how will we secure the future?

3. Jun. 2015

Qualcomm products mentioned within this post are offered by Qualcomm Technologies, Inc. and/or its subsidiaries.

Joshua Gans is an economist and professor of strategic management at the University of Toronto. His writing has appeared on Slate, The Financial Times, and Forbes.com. He currently pens the “Disruptive Economist” blog on The Conversation. The views expressed are the author’s own, and do not necessarily represent the views of Qualcomm.

If we consider the past two decades, it is hard to believe there is an industry with the title “the cell phone industry.” The key word in that phrase is “phone,” yet today, there is a strong case to be made that the device we carry around with us every day has nothing to do with the “phone”—a function that connotes voice communication. Indeed, voice communication on wireless devices has already been overcome by data communications. One suspects that voice may never dominate again.

A recent report from the Boston Consulting Group (The Mobile Revolution: How Mobile Technologies Drive a Trillion-Dollar Impact) highlights the voice-to-data shift even further. It documents $1.8 trillion in private investment in mobile infrastructure and R&D between 2009 and 2013—directed mostly at enabling better data communication. Moreover, this has spurred almost the same level of additional investment along mobile value chains—again directed at both fueling and satisfying increased user demand for data over voice.

Rooted in this anachronism is a problem: While the mobile phone has fallen in terms of its relevancy to voice communication, it has started to become more and more important in terms of its relevance to our identity. But such an application might be outpacing the capabilities of our current networks.

In banking, for example, mobile phones have become a vehicle for financial and payment transactions, especially as some of them bypass traditional banks (as may be possible with peer-to-peer cryptocurrencies), meaning users must be able to verify their identity to transact through their phones.

Given all this, it is striking just how much our mobile devices continue to hang off voice-based systems, which were designed for general use more than a decade ago. Think, for instance, of the humble phone number, which remains the main identifier for voice and SMS communication across mobile and fixed-line networks. Every device that uses the ubiquitous mobile network (as opposed to Wi-Fi) requires a phone number. That includes our mobile phones, of course, but also mobile hotspots and tablets that have cell service.

But, in terms of person-to-person communication, the phone number is irrelevant. I barely know my own number, let alone the numbers of anyone I communicate with (including my own children). Instead, I interface with software that tells the network how to use my number and another person’s number to enable communication. In other words, only robots still use phone numbers.

A clear-cut example is how we use our phones for security. Two-factor authentication (now commonplace on most email services, social networks, and bank websites) sends a code to your phone to verify your identity at login. The idea is that if your password is stolen, it is unlikely that a culprit would also have possession of your phone. Thus, there is an additional layer of security.

It isn’t foolproof, of course. What if someone also has your phone and that is how they are accessing your account? In this situation, access to your phone becomes the issue. If there is security at the device level, it is typically via pin number, fingerprint recognition, or other pattern-based passcode. Before long, other biometric systems will hit the market. For instance, the Nymi band reads the unique pattern of your heartbeat; as long as you’re wearing the band, you can access your phone.

All this is to point out a simple fact: Your phone will one day be how you tell the world, unequivocally, that you’re you. And safeguarding that power is a task that’s only just begun.