Joe Costello (Dublin Central, Labour)
Link to this: Individually | In context

One of the indirect consequences of the recent scandalous events in the United Kingdom surrounding News Corporation, News International and the widespread mobile telephone hacking which brought Rupert Murdoch's mighty media empire to its knees, closed the News of the World and brought the entire fourth estate into disrepute was to open debate on the need for mobile telephone manufacturers and operators to protect the privacy of their customers. The act of newspaper editors and journalists paying individuals to hack into the phone messages of private citizens to glean personal and private information which was then printed as exclusive front-page news is truly reprehensible and repulsive. The hurt caused to private citizens who were coping at the time with tragic and distressing events in their lives is incalculable. They must now re-live these events and contend with the fact that their privacy and innermost thoughts were completely and comprehensively invaded. The newspapers initially targeted so-called celebrities, justifying their actions by claiming that these were public figures and, as such, fair game for the media. They quickly moved on to politicians and private citizens, with no regard for their basic human rights.

It transpires that much of the hacking that was carried out was easily done because of insufficient security on mobile phone messaging systems. The mobile phone operators have simply set up a basic default password of four zeros for all phones. To access a mobile phone's voicemail, any member of the public merely needs to place a five before the telephone number when dialling, press the hash key and then enter the four-digit password. In the early days of mobile phones this was the only way to access phone messages from abroad. Now that it is possible in many countries to dial the 171 direct voicemail number, most people are not even aware of the existence of a password for accessing their voicemail. It would be interesting to ascertain how many Members of the Oireachtas, despite the recent warnings, have not changed their voicemail passwords from the default four zeros. I would love to do a little survey and find out how many are still vulnerable to hacking.

There are other sophisticated mechanisms for accessing mobile phone data. Bluetooth technology, while providing major advantages, can also allow data on mobile phones to be viewed, downloaded and even corrupted without the phone owner realising that anything is happening. Earlier in the day I Googled the phrase "mobile phone hacking" and got almost 42 million results. Incredibly, millions of websites are offering free software to enable hacking of mobile phone data. That is out there on Google; Deputies can look it up any time. There are even tutorials provided on YouTube about how to hack into phones using Bluetooth.

In these days of mobile data, so much personal information is contained in people's mobile phones - address books, diaries, e-mails, text messages. The mobile phone is for many people an extension of themselves. Unfortunately, however, it offers the peeping Tom an insight into their most personal data.

What can be done about this? I believe mobile phone companies should have an obligation to protect their customers' rights. They should be obliged to ensure each account is secure and cannot be hacked into. There are a number of basic measures, which should be standardised across all mobile phone operators, that would protect consumers. Mobile phone operators at present have a default setting that allows unanswered calls to go straight to voicemail, as I mentioned earlier. There should be a requirement for the customer to set a new password before voicemail can be activated. This would immediately eliminate the four-zero hacking option. Moreover, on phones using Bluetooth technology, the default setting should require a user to grant permission for other Bluetooth devices to connect to his or her own device. How many Members of the Oireachtas who use Bluetooth to talk on the phone in their cars think to turn off Bluetooth when they get out of their cars? If they do not, they are rendering their phones' data accessible through Bluetooth. I would say this is the case for the majority of people. Again, this leaves them vulnerable to hacking.

Mobile phone operators and manufacturers have an obligation to ensure their customers' privacy and rights are fully protected. In the first instance I am asking the Minister to examine the possibility of legislation at national level. However, mobile phones enable global communication and, as such, know no boundaries. It is therefore important that action is taken at a global level. I have already requested that this issue be placed on the work programme of the Joint Committee on European Affairs and I will be seeking a European directive to compel mobile phone operators to protect their customers' privacy.

John Perry (Sligo-North Leitrim, Fine Gael)
Link to this: Individually | In context

I thank the Deputy for raising this important issue. The protection of personal information is a matter for the Office of the Data Protection Commissioner, which falls under the remit of my colleague the Minister for Justice and Equality. However, the point raised by the Deputy is one which is of concern across the Government, particularly following revelations in recent weeks about the unauthorised accessing of personal information via telecommunications equipment.

I assume the particular matter that is of concern to the Deputy is remote access to the voicemail service of mobile phone users by other persons and the apparent ease with which this can occur by the use of default access codes. It appears the main issue in this regard is the lack of information available to mobile phone users about such remote access and the need for users to ensure the default access code is changed to prevent unauthorised access to voice messages.

I understand the Office of the Data Protection Commissioner is having discussions with some of the mobile phone operators with a view to addressing the potential problems with the existing system. Mobile phone users also have the facility, which is easily available, of deleting messages in their voice mailboxes as a further security measure.

With the evolution of smartphones and their ever-increasing data capacities, there are also concerns about the potential for leaks of personal information from such devices. For example, some of the newer smartphones have data capacities of 2 GB or more, which in layman's terms means that they can easily store 2,000 emails and 3,000 medium-sized documents. Many of these devices have built-in privacy managers that allow the user to customise how the phone manages personal information. It is my understanding that such settings can be changed at any time and not just when an application is first installed. While the handsets provide for such privacy settings, it is ultimately a matter for the phone user to ensure they are properly activated, monitored and updated or amended as required.

More generally, mobile phone companies provide services that facilitate the storage and transmission of personal information in a number of ways. These include SMS, e-mail, social media such as Facebook and voicemail. There are a number of mechanisms in place to protect the personal information associated with these facilities. For example, the majority of handsets feature the use of PIN numbers to unlock the handset. This feature is put in place by equipment manufacturers so that access to the handset can be restricted to the user, thereby protecting the handset and preventing misuse. Encryption of messages is another security method that is frequently used, particularly for users of BlackBerry handsets. The combination of such facilities allows users to protect information stored on their phones, such as SMS messages and e-mails, as well as protecting personal information, such as voicemails, stored on the telecommunications network.

It should be noted that the Minister for Communications, Energy and Natural Resources has recently introduced secondary legislation that obliges companies providing publicly available electronic communications networks or services to safeguard the security of their services. It is an offence for such companies not to comply with these requirements. Provisions with regard to data breaches have been also strengthened.

Many mobile phone users do not seem to realise the importance of using all the readily available security mechanisms that are provided by phone operators at present. I believe the recent incidents of phone hacking, which have been widely reported in the media, will serve as a reminder to phone users that they should ensure the handsets they use and the data stored on those handsets are secure. User information and awareness is key to this issue and I look forward to the outcome of discussions between the mobile phone operators and the Data Protection Commissioner in this regard

Joe Costello (Dublin Central, Labour)
Link to this: Individually | In context

I am afraid the reply has missed the point. The onus should be on the manufacturer, not on the user, to provide security.

John Perry (Sligo-North Leitrim, Fine Gael)
Link to this: Individually | In context

It should be, absolutely.

Joe Costello (Dublin Central, Labour)
Link to this: Individually | In context

The entire response given by the Minister of State was parallel to the real issue.

John Perry (Sligo-North Leitrim, Fine Gael)
Link to this: Individually | In context

I will raise the Deputy's concerns with the Minister and safeguards should be provided by the mobile telephone companies.