Federal Trade Commission Chairman Jon Leibowitz said Thursday that wireless operators should require their customers to use a password to access the voicemail on their mobile phones. The problem for Leibowitz, as he was quick to note, is that his agency has no jurisdiction over wireless carriers.
The issue of cell phone security has gained new attention because of the cell phone hacking scandal involving Rupert Murdoch's News Corp. Reporters at some of the company's British publications have been accused of hacking into the cell phone voicemail of celebrities, politicians and even crime victims.
During a Brookings Institution forum on privacy, Christopher Soghoian, a cybersecurity researcher and former FTC technologist, noted that only some of the nation's top wireless carriers require their users to use a pin number to access their voicemail on their cell phones, adding that without such protection it's easy to hack into a user's voice mail. Soghoian demonstrated how to do it during an appearance on CBS News earlier this week.
Soghoian asked Leibowitz if he believed cell phone makers should adhere to the FTC's call for building privacy into products, a concept known as "privacy by design," and require their customers to use a pin to get voicemail on their cell phones.
"Yes. They should engage in privacy by design. I'd like to think most companies are moving in that direction," Leibowitz said, but added, "We have no jurisdiction whatsoever" over wireless carriers.
Leibowitz noted that his agency would like some jurisdiction over telecommunications carriers and that some lawmakers in Congress have floated the idea as it relates to privacy enforcement.
The Federal Communications Commission does have jurisdiction over cell phone and other telecom carriers, but Chairman Julius Genachowski has given no indication that his agency is pressing cell phone makers to make password-protected voicemail standard on all mobile phones.
During a hearing last week on privacy before a House subcommittee, Genachowski was asked about the security of cell phones in light of the hacking scandal. He noted that there are several U.S. laws that would cover any criminal hacking and said some carriers automatically require a password and some don't.
"There is no question that greater protection can be accomplished by using password protection and that this is an area that should be looked at," Genachowski said.