Action and intention – tough cell phone privacy lessons from a pocket dial

This is a guest blog post by Jennifer Leggio. Jennifer Leggio is the founder of Security Market Strategy, a consulting firm that specializes in building security startups, and a partner in MetroSITE Group, a business advisory firm to commercial and public sector organizations in the information security industry. She can be found on Twitter at @mediaphyter.

Long before society gathered around the Internet water cooler to laugh at the typos and flawed connotations of autocorrect, we regaled our friends and colleagues with the latest in pocket dialing disasters. The pocket dial – sometimes called the purse dial, or referred to often more crassly as the “butt dial” – is clearly still alive and well, despite the well-intended cell phone manufacturers that give us lock keys.

Enter James Huff, chairman of the Airport Board in Kenton, Kentucky, who made national headlines when a ruling was issued over his suing a colleague after he inadvertently pocket dialed her – and she listened for a full 91 minutes as well as divulged information from the call. While this brings up many ethical questions, legally a Federal appeals court in Ohio ruled that a pocket dialer shouldn’t have any expectation of privacy for accidentally dialed calls.

I feel for Huff. Some of the most embarrassing moments of my 20s were at the hand, or rather in my case, the hip, of a pocket dial. In the least harmful case, a pocket dial resulted in ruining a surprise birthday party for a dear friend. In the worst case, I left a voicemail for a now ex-boyfriend that included me telling my friend I planned to break up with him. Efficiency points aside, it was awkward.

In neither case did it occur to me to sue either of these recipients for listening to something that was not intended for them, or for denying me cell phone privacy. I suffered my embarrassing fates with aplomb. Of course, there was no business context in these calls, but now that my career has evolved significantly since these events, my personal risks and liabilities are much greater than a ruined birthday surprise or dating relationship.

This is a lesson that Huff learned the hard way, admitting in his deposition that he was aware of the risk of pocket dialing and that he’d make this mistake in the past. The appeals court, in setting this unique precedent, made a comparison of the expectation of cell phone privacy when pocket dialing to that of a homeowner neglecting to cover his or her windows, and then complaining that someone was peering in from outside the property.

While a tough lesson, there’s truth. If you don’t want someone to see you, or hear you, take reasonable action to protect yourself. My grandmother used to tell me that if you didn’t want anyone to know your truths, don’t put them on paper. If she were alive today she might extend that wisdom to say, “don’t pocket dial them,” or “cover your darn windows, girl.”

This is where things get even more serious. There’s a lot of implication in this case around intention and action. Did Huff intend to make the call? If not, why didn’t he take further action to protect his vocal intellectual property to keep it from happening in the first place?

According to one report, the appeals court states that “methods exist to prevent such calls, including locking a phone or using an app designed for that purpose, but Huff didn’t use any of them.”

Lock keys are fairly simple; some cell phone manufacturers even provide the flexibility to set whichever key a user wants to provide easy locking. For those challenged by the locking feature or passwords, applications have been developed to serve as an added layer of protection against pocket dialing.

Now, it’s easy to giggle about the scale of attention a pocket dial mishap can garner, but the loss of intellectual property through a voice call is a significant privacy, and even security, concern. Whenever I take the action to make a call, I presume cell phone privacy, without intending for any undesignated party to hear me. But that doesn’t matter to those who want to take my information against my will.

In the case of the Huff case defendant, administrative assistant Carol Spaw, she did not intend to receive this call. And, despite her sharing the information with others, the judge declared that her action does not violate a Federal wiretap act that makes it illegal to intentionally intercept electronic or oral communications, precluding cell phone privacy.

If Huff had intended to keep his conversation private, he should have actioned it. Since Spaw did not take action to intercept the unintended call, she is not complicit in the eyes of the court.

When I first read this article, and it inspired the cold shudder reminder of pocket dials past, I vowed to take action to triple check my phone lock whenever it is not in use. I never intend to unknowingly give anyone information about my life or my business, so this is good enough, right?

Wrong.

Adversaries are getting craftier, corporations are getting more competitive and are not always ethically motivated, and governments and nation states are another matter entirely. All would benefit from intercepting cell phone conversations of their targets, their competitors, or their potential threats. In security, there used to be a lot of chatter about malicious actors social engineering an organization’s lowest barrier to entry to get access to a network; there’s nothing stopping the bad guys from doing the same with cell phone call interception.

That means, just as securing our data should be our priority, securing our phone calls and texts should be a priority as well. We should consider the lessons of intention and action and consider installing an application that allows us to make secure phone calls, seamlessly ensuring cell phone privacy and security.

Not all “overheard” cell phone conversations happen by accident. Not all individuals that share information from an otherwise private cell phone conversation are as allegedly unwitting as Spaw. Most cell phone calls and texts that are intercepted are done so surreptitiously with the intention of wrongdoing. So, if we as individuals or businesses don’t take the extra action to protect ourselves and our communications, aren’t we gambling with our own security and privacy?

My grandmother might think so.

For information on how to seamlessly protect mobile voice and messaging communications, ensuring cell phone privacy and security, contact KoolSpan.