mmcp merged

Mobile Mayhem:Designing an E-Commerce Regime to Regulate Dangerous Behavior in

Mobile Environments

Joshua Fairfield Associate Professor of Law, Washington and Lee University School of Law Director, Frances Lewis Law Center  

Professor Robin Fretwell WilsonWashington and Lee University School of Law

© 2010

RoadMap

1. Mobile Mayhem: What Can the ‘Net Teach Us About the Future of Mobile Environments?

2. Failures of Real-World Enforcement Regimes in Novel Contexts

3. Incentives: Workable Alternatives to Enforcement

Mobile Mayhem: Mutating Issues

Marginal Conduct Appeared on the Internet Immediately

“Measured in terms of depravity, insularity and traffic-driven turnover, the culture of /b/ has little precedent. /b/ reads like the inside of a high-school bathroom stall, or an obscene telephone party line, or a blog with no posts and all comments filled with slang that you are too old to understand.” –Matthias Schwartz, “The Trolls Among Us,” in The New York Times, 2008

Mobile Mayhem: Mutating Issues• Virtual Worlds made

this Marginal Conduct • more graphic • more real, and • more accessible to Children

• Virtual Worlds Accept/Target Children via Gaming Model

• and provide parent-free venue for kids to bully/speak explicitly to each other

• Mobile Environments offer LESS supervision and GREATER variety

Mobile Mayhem: Sex• Sexting: Early Indicator of

Marginal Conduct Moving from Desktop to Mobile

• Augmented Reality Objectification• “Jiggletits”: user takes pics

of women & manipulates their bodies

• “Bikini Camera”: user takes pics of clothed women and overlays bikini-clad women over them

• Pornographic MMS, Websites, Ads, & Apps

Mobile Mayhem: Violence

• Augmented Reality

• Brings Violence Closer to Real Life

• Will get more gruesome (realistic) as devices progress

Mobile Mayhem: Privacy & Anonymity

Geolocation Services

• Passive (unlike Desktop “cookies,” which operate on click)

• Constant (unlike cookies, which stop logging you when you log off)

• Necessary for the Commerce Services

Mobile Mayhem: Privacy & Anonymity

Social Network Integration

• Real Life ID Connection

• Broadcasting Private Information

• Makes Users Easier to Contact in Real Life

Imagine that instead of “Capt. Tim’s Galley, this showed your presence at the local jail, or the

free clinic, or your child’s daycare facility.

Mobile Commerce is now much more threatening to personal privacy than any

world government.

Mobile Mayhem: Holistic Approach

Users Must Be Protected from Social AND

Economic Misconduct in Online Environments

Deceptive Advertising

Adult Content Accessible to

Children

Fraud/Scamming

Hate Speech, Cyber-Bullying,

Kid-to-Kid Explicit Chat

Invasions of Privacy

Technical Attack

Mobile Mayhem: Scams & Fraud

USER-Focused

• SMShing

• VOIP phishing

• Fraudulent Apps or Websites

Mobile Devices offer more

varied means of contact,

increasing risk that user will be

unaware of threat and trust communication

too easily.

Mobile Mayhem: Technical Attack

DEVICE-Focused

• Signal-borne• Wifi• Bluetooth• Email• Download• SMS/MMS

• Containment Problems• Mobility = Infection

Opportunity

• Hardware Theft• More Common than

Stationary Desktop Devices

Mobile Microtransactions

The U.S. system of

COLLECTIONSALE, and

RESALE

of personal information cannot be allowed to migrate to mobile

markets.

Traditional Enforcement Regimes have been

Forced into Novel Environments

(the internet, virtual worlds, and now the mobile marketplace)

Enforcement is Ineffective

Low Equipment

Cost +$1000s Profit

Through Comm. Fraud

Strong Incentive to

Defraud=

Strong Incentive to

Defraud+

Many Wrongdoers Engaging in

Fraud

Ineffectiveness of Even Harsh

Penalties=

Failures of Enforcement Regimes

Email

• costs nothing to send• incentives strongly in favor of

abuse• CAN-SPAM act limits recovery

to ISPs, and has been nonexistent

Fax

• costs more to receive than to send

• TCPA enforcement destroyed legitimate business models

Text Messaging

• can cost to send or receive• abuse low where sending costly• enforcement has led mostly to

prosecuting children: punishing children for things they do offline anyway

Telephone

• do-not-call list: arguably best abuse prevention of all

• businesses know who they may/may not contact

• enforcement serves as backstop

The Myth of the Tech-Savvy Third Grader:

She may know which buttons do what, but she does NOT know

how to keep herself [or her (parents’) money] safe.

Make Abuses Less Profitable!

Fewer Users Falling For

Scams+

Fewer Devices Vulnerable to

Attack

Lower Profit Margins, and

Lower Incentive for

Abuse

=

Fewer Users Allowing Privacy

Invasions

+Competitive

Marketplace for Non-Invasive

Products

Lower Profit Margins, and

Lower Incentive for

Invasion

=

Multi-Part User Authentication"Double Opt-In" Procedures Cross-Account & Cross-Device

Authentication

Cross-Device Password Protection

• DO NOT store multiple passwords on mobile phones

• Use DIFFERENT passwords for each device and account

Technological Authentication

• Apple’s new iPhone heart monitor patent• Pantech’s ten-digit speed dial

fingerprint reader

Regulation of Private Money

• Real-world-backed currencies are problematic

• Online fiat currencies do well

Educating Users about Dangers to Children

Carrier and Industry Provided Programs

Public (Gov’t) Provided Programs

Other Accessible Info

Mobile Mayhem:Designing an E-Commerce Regime to Regulate Dangerous Behavior in

Mobile Environments

Joshua Fairfield Associate Professor of Law, Washington and Lee University School of Law Director, Frances Lewis Law Center  

Professor Robin Fretwell WilsonWashington and Lee University School of Law

© 2010