Competitive Intelligence | Smart Phones
Charan Kumar Bommireddipalli
and Leena Patel
Intelligence gathering has been an integral part of statecraft,
so is information protection.
Encryption is essential to information protection
The Enigma machine was a key variable for Hitler's army to
conquer and spread dominance in Europe during World War II, until
its successful decryption by the English led to Hitler's
Why use mobile phones to gather intelligence?
Why would individuals trust their cell phones to
place all their information?
Cell phones are with individuals at all times. Access to the
physical device is usually secured through a password. This creates
an element of trust. The user of the device believes that if the
physical device is secured so are its contents. Like securing a box
would imply that its contents are secured. This trust encourages
the individual to place information into the device which he/she
would not otherwise. The trust in the device is the reason for
information being stored therein.
QUALITY OF INFORMATION
What is quality of information and why would cell
phones have it?
Cell phones provide quality information.
Accuracy of Information
An individual trusts his or her cell phone. This trust influences
the individual to place accurate information onto their devices as
they see no reason to camouflage it.
The natural instinct of an individual is to have access to
up-to-date information. The physical device is available with the
individual at all times. It is convenient and easy to update
information on the cellphone as and when changes occur to a
Individuals tend to record as much information as they need in
their cellphones. On occasions the notes section in the address
book records additional information that does not have a dedicated
Cell phones contain
- Detailed contact information: That is
who all one would know and who they are?
- Geo positions including time stamp:
This records where the individual was and at what time.
- Conversation: Otherwise considered
confidential like SMS messages, WhatsApp, BBM, emails.
- Calendar: Who is the subject meeting?
When? Where? And possibly "why" as well is recorded in the
WIDE SPREAD USE
According to the UN Telecom Agency Report there were 6.8 billion
cell phone subscriptions in the world when population was 7.012
billion. With 97 cell phone subscriptions for every 100 citizens,
that is 93% of Global population.
Why would existing phones be deficient in
Existing phones are available as a retail solution. This means
that anyone can walk into a store and buy the device. The seller
has no influence on how the technology would be used by the
buyer. If the buyer intends to use the security features
against interests on society, case in point is the security of BBM
whereby use of Blackberry devices by the perpetrators of the 26/11
Mumbai attacks, the seller has no control. This leads to the
requirement that security features need to have balance so that
security agencies can access the devices and their communication,
but not the 'BAD GUYS'. This leads to the requirement that
manufacturers, as a matter of design, have a back door into the
The manufacturer's advantage:
The manufacturer of the device is also the developer of the
essential code that operates the device. This allows the
manufacturer to embed a code that could potentially provide the
manufacturer access to the device and contents. There are three
core cellphone technologies namely BlackBerry OS, Apple iOS and
Android (Samsung being popular). The operating system (OS) for all
three is proprietary. This means that access to details of the
code's functionality is available only to the extent that the
manufacturer is willing. There are parts of the code that are
restricted and therefore unknown to its users.
Vulnerability: For security reasons, the
manufacturer may not access to their devices. They may not agree in
How a target device can be compromised if you are not the
For protection against being 'listened to', one of the common
solutions is the use of encryption apps. They are applications that
can be downloaded from online stores and claims to protect
conversation. This takes care of voice communication from one point
of the encryption software to the other point of the encryption
software - the Green Zone.
Vulnerability: If an app can be installed as
hiddenware, where it is installed between the kernel and the app,
then the hiddenware can continue to intercept voice communication
while the encryption app gives the perception that communication is
Boltware are software apps that come pre-installed with the
device. The user cannot uninstall or otherwise remove them. If they
are 'BOLTED' in the device, they are considered boltware, like
Samsung and Google apps that come pre-loaded on Samsung phones.
Vulnerability: The functionality of these apps
is beyond the control of the user. The app's true functionality is
known to the extent it is made known.
Technology has only simplified Intelligence
The easiest channel to obtain information from a device is to
obtain the authorization of the user to gather that information.
When an app is downloaded such as a NEWS app, during installation
it requests authorization to most, if not all, resources on the
device e.g. storage, camera, Wi-Fi, etc. More often than not, an
average user would click 'agree' to the installation without
reading what is being agreed to or the type of access being
provided. This app now can gather information and remit it to the
app developer without violating any law or alerting the device user
to the extent of information being shared.
Commercial Espionage: Is it for real? How easy is it?
In the News International phone-hacking scandal in the United
Kingdom, employees of the now defunct News of the World and other
British newspapers published by News International were accused of
engaging in phone hacking, police bribery, and exercising improper
influence in the pursuit of stories. Operation Tuleta was set up in
June 2011 to address the issue of computer hacking, working
alongside the on-going investigation into phone hacking allegations
by journalists. Everyone from different walks of life was snooped
- Sienna Miller, actress
- Kelly Hoppen, interior designer and Miller's stepmother
- Tessa Jowell, Member of Parliament and former cabinet
- David Mills, lawyer and Jowell's former husband
- Andy Gray, sports pundit and former footballer
- Joan Hammell, aide to the former Deputy Prime Minister John
- Sky Andrew, sports talent agent
- Nicola Phillips, assistant to the publicist Max Clifford
It was not long ago that the law firms were under scrutiny for
engaging private investigators to assist them in their legal
possibility of certain governments, device manufacturers, telecom
and Internet providers complicit in placing potential threats to
national security above our privacy rights, ordinary encryption
software doesn't stand a chance against the infiltration of
On a macro level, in the cloud, where would you even begin to
detect embedded stealth software?
Consider these two cases in point: 1) a recent CBC report naming
Canada's intelligence agencies, among several others, actively
exploiting vulnerabilities in a mobile Web browser used by more
than half-a-billion people worldwide; for another, 2) Bell's
refusal to issue transparency reports after disclosing subscriber
information to watchdog agencies.
When every bit and byte of information that can be monitored and
gathered is fair game, the responsibility for safeguarding the
security of our most valuable assets - our very identities and
intellectual property - falls solely on our shoulders.
As much as the state engages in gathering intelligence, it is
also actively engaged in protecting its information from other
states and agencies interested in gathering it. What has changed
over the years is how the intelligence of the target is gathered
and how the information of self is protected.
For additional information about safeguarding your most
valuable assets, contact:
Charan Kumar Bommireddipalli, CIA, CISA, CGEIT,
Partner | Enterprise Governance
Collins Barrow Toronto LLP
416.646.8773 | firstname.lastname@example.org
Charan leads the Enterprise Governance and Forensic
practices at Collins Barrow Toronto LLP. As a Business Advisor with
over 25 years of experience, Charan leads comprehensive technology
assessments including Critical Assets Protection. He assisted
enterprises to enhance their profitability and competitiveness by
leveraging process reviews and deploying technology for strategic
business advantage. Charan also led a detailed review of the Asset
Management Data of the largest agency of the United Nations. He is
a Certified Internal Auditor (CIA), a Certified Information Systems
Auditor (CISA), Certified in the Governance of Enterprise IT
(CGEIT) and a Certified Fraud Examiner (CFE), as well as a Fellow
of the Institute of Chartered Accountants of India (FCA). Charan is
currently a member of the Board of Directors at March of Dimes
Canada and sits on its Risk and Audit Committee.
Leena Patel, CPA, CA, B.Comm. (Hon.)
Collins Barrow Ottawa LLP
613.768.75623 | email@example.com
Leena is the leader of the Management Advisory
Services practice and the Government and Public Sector Advisory
Services practice at Collins Barrow Ottawa. As the Practice Leader
of these service areas, Leena's focus is to continue to provide
high quality, specialized solutions that meet and exceed the unique
needs and challenges of her clients. She has extensive experience
in assisting organizations to strengthen controls, improve business
processes, and meet their strategic, financial, operational, and
regulatory objectives. Leena graduated from the University of
Ottawa with her Bachelor of Commerce Honours in 1993, and received
her Chartered Accountant designation in 1998. Leena began her
career with a top four international accounting firm and also
worked in two Federal Government Departments and Agencies.
About Collins Barrow
As the fastest growing professional services firm in Canada,
Collins Barrow is the 8th largest national firm in Canada with 48
offices coast to coast. Their professionals help companies with
accounting, tax and business advisory services to assist them in
achieving their business and personal objectives. They serve
companies at all stages of their development from owner-managed
private businesses to large publicly-traded companies. Their
clients come from a cross-section of industries including: real
estate and land development, private equity, manufacturing,
industrial, wholesale, retail and distribution, professional
services, financial services, technology and communications, energy
and mining, biotech and public sector. Through their constant
curiosity and desire to bring solutions to their clients - they arm
their clients with the tools to make clearly defined business
decisions. Collins Barrow extends their presence to 137 countries
worldwide, through their membership in Baker Tilly International, a
network of likeminded accounting firms, committed to client
© FINANCIAL MANAGEMENT INSTITUTE OF CANADA 2016. ALL RIGHTS