The federal government appears ready to take dramatic action against U.S. wireless carriers that fail to protect Android smartphone buyers against malware — specifically by not pushing out timely operating-system updates. And the catalyst most likely to kick the feds into gear is an American Civil Liberties Union complaint filed Tuesday with the Federal Trade Commission.

Let The Market Decide

What the ACLU is asking is not difficult.  Rather than have the FTC order carriers to ship security updates to the Android operating system as soon as they are made available by Google, the ACLU wants customers to be told upfront that they won't be getting the updates needed to protect their personal data from hackers.

"We think the companies should be forthcoming about this," Christopher Soghoian, principal technologist and a senior policy analyst for the ACLU, said. "If consumers knew that certain phones weren't going to get updates, they might not buy those phones in the first place."

Rather than force carriers to spend a lot of money on automatic update services, the ACLU wants the market to fix the problem, a stand that many lawmakers in Congress should applaud.

"We want the market to work, but consumers are never going to get to vote with their wallets if they don't know which phones are secure and which phones are not secure," Soghoian said.

(See also: FTC To Carriers: Fix Security Or End Up Like HTC)

The ACLU complaint names AT&T, Verizon Wireless, Sprint Nextel and T-Mobile USA. AT&T declined comment, Sprint said it follows "industry-standard best practices," and Verizon said it works closely with manufacturers to provide "mandatory updates to devices as quickly as possible."

T-Mobile was the only carrier to say that it keeps Android customers up to date with the latest software. "T-Mobile takes security very seriously, and regularly provides security updates to our customers, including those using the Android operating system," a company spokesman said.

The FTC Plays The Heavy

If that is what T-Mobile does, then it is more in line with the FTC's thinking than its rivals. In a February settlement with smartphone manufacturer HTC, the agency pointedly emphasized the need to secure mobile devices.

Under FTC pressure, HTC agreed to a "comprehensive security program" that includes patching vulnerabilities that could be exploited by hackers and spammers. The agreement was significant because it outlined for all device manufacturers what the FTC considers best practices for security.

Keeping software up to date is a critical defense against hackers, who often target known vulnerabilities in software because so many users continue to run older, bug-ridden versions. In a blog post following the HTC settlement, FTC chief technologist Steve Bellovin made it clear that securing mobile devices was the responsibility of manufacturers and carriers, and they have to work together at getting updates out to customers.

"Bugs happen, ergo fixes have to happen," Bellovin said.

Android malware is a much larger problem outside the U.S., particularly in Asia and Eastern Europe. That's because people in those regions will download applications from third-party app stores, many of which distribute malware-infected software. In the U.S., most people get their apps from the Google Play store, which regularly checks for malicious software.

Nevertheless, 97% of new mobile malware is directed at Android devices, which comprise 72% of the smartphone market, according to security vendor Symantec's latest Internet Security Threat Report. While most infections today occur from downloading bad apps, experts say hackers are increasingly trying to compromise devices through spam that carries links to malicious Web sites.

Given the mood of the FTC, and trends in Android malware, it should be obvious to carriers that the status quo is unacceptable. If they aren't ready to make changes on their own, then they're likely to get an unfriendly shove from the feds.

Image courtesy of Shutterstock

AT&T is telling its customers that the "recent hullaballoo" over unlocking consumer devices is all just a lot of needless hand waving, and that its customers were never affected by recent interpretations of the Digital Millennium Copyright Act (DMCA).

According to AT&T, the issue of unlocking cell phones was never going to be a problem for its customers.

Consumer concerns over prohibitions reached a fever pitch this year, after the Librarian of Congress performed a review of the DMCA back in October. In that review, the Librarian let the exemption that enabled consumers to unlock their phones without legal retribution expire on January 26.

This led to many in the mobile phone sector, including the Electronic Frontier Foundation, interpret the clause's expiration as any attempt to unlock a phone would be deemed illegal to unlock a mobile device.

"If a court rules in favor of the carriers, penalties can be stiff - up to $2,500 per unlocked phone in a civil suit, and $500,000 or five years in prison in a criminal case where the unlocking is done for 'commercial advantage'," the EFF wrote back in January.

As part of a public response, a White House petition was created that called for making unlocked cell phones legal again. The petition garnered 14,000 more signatures than the required 100,000 needed to get an official response.

(See also The White House Agrees: Unlocking Your Cellphone Should Be Legal.)

This week, the issue came to a head again when the White House, instead of giving one of its carefully worded neutral responses, came out to blast the interpretation of the DMCA rule.

David Edelmen, senior advisor for the Internet, innovation and privacy at the White House, wrote:

"The White House agrees with the 114,000+ of you who believe that consumers should be able to unlock their cell phones without risking criminal or other penalties. In fact, we believe the same principle should also apply to tablets, which are increasingly similar to smart phones. And if you have paid for your mobile device, and aren't bound by a service agreement or other obligation, you should be able to use it on another network. It's common sense, crucial for protecting consumer choice, and important for ensuring we continue to have the vibrant, competitive wireless market that delivers innovative products and solid service to meet consumers' needs.

Today, however, AT&T is clouding the issue somewhat by saying that as it sees the Librarian's October ruling, the question about unlocking cell phones was never a problem. Joan Marsh, AT&T Vice President of Federal Regulatory, wrote:

"While we think the Librarian's careful decision was reasonable, the fact is that it has very little impact on AT&T customers. As we make clear on our website, if we have the unlock code or can reasonably get it from the manufacturer, AT&T currently will unlock a device for any customer whose account has been active for at least sixty days; whose account is in good standing and has no unpaid balance; and who has fulfilled his or her service agreement commitment. If the conditions are met we will unlock up to five devices per account per year. We will not unlock devices that have been reported lost or stolen."

So, was all of the fuss about cell phone unlocking much ado about nothing? Perhaps. For its part, AT&T doesn't seem to have a problem with the unlocking policy.

"We believe this policy is fully consistent with the White House statement from earlier this week – namely that if a customer has paid for his or her device and is no longer bound by a service agreement or other obligation, the customer should be able to use the device on another network. We hope this clears up any confusion," Marsh added.

When reached for additional comment, an AT&T spokesperson simply replied, "The blog post simply reiterates our standing policy."

It may not clear up the confusion, because one has to wonder what would happen if a carrier decided to not let its customers unlock their phones. Would the DMCA, then, have the teeth that the EFF and others have warned us about?

For now, we have AT&T's word that it will allow phone unlocking for its customers, and one should expect clarifying statements from the other carriers soon. The DMCA could still be a problem in other ways, but as long as carriers don't care, the ruling from the Librarian will not affect the status quo.

Image courtesy of Shutterstock. With thanks to Dan Rowinski for reporting help.

The technology industry has been excluded from the government's definition of what constitutes the nation's critical infrastructure, giving them a free pass from regulations. While this may be good for IT businesses, telecom companies like AT&T and Verizon Communications are crying foul.

Information technology is crucial to business, and according to these telecom companies, IT is just as important in securing power plants, telecommunications and water filtration systems. Which is why they want IT companies to be listed as part of the nation's critical infrastructure, something IT vendors are resisting because they don't want to be saddled with more government regulation.

The very political situation raises many questions, and has few answers.

Obama's Executive Order

Currently, IT - think companies like Microsoft, IBM, Apple, Oracle, Cisco and more - is excluded from the government's definition of critical infrastructure, as defined by President Obama in an executive order issued last month. In directing the Secretary of Homeland Security to identify critical infrastructure at the greatest risk of attack, the order says the Secretary "shall not identify any commercial information technology products or consumer information technology services under this section."

This exclusion, the result of heavy lobbying by the IT industry, is not sitting well with telecom companies, such as AT&T and Verizon. They believe technology vendors are as important as the network operator in building adequate security to fend off cyberattacks from terrorists.

"The Internet ecosystem is far more interconnected and dependent on a host of players than it was even five years ago," a Verizon spokesman said.

Fighting Regulations

While the government battles terrorism, telecom and IT companies are trying to fend off regulations. The executive order sets the groundwork for cybersecurity legislation from Congress. So far, the IT industry has been excused, and the telecom industry wants it to share whatever regulatory burden results from current negotiations between the White House and Congress.

"The telecom community is concerned the tech industry is going to get a free pass here," David Kaut, a Washington analyst with Stifel Nicolaus & Co. told Bloomberg. "You have an ecosystem and only the network guys are going to get submitted to government scrutiny."

Telecom companies have a point when it comes to critical infrastructure. Hackers who break into the Windows computer of a telecommunications company could wind their way into control systems and shutdown wireless or landline service for hundreds of thousands of people. But is regulating IT security directly the best way to prevent such a breach? I don't believe so.

Instead of more regulations, the government should focus on requirements for companies directly involved with maintaining the nation's critical infrastructure. As IT customers, these companies, which include utilities, financial institutions, defense contractors and manufacturers, are in a much better position to get the security they need built into the products they agree to buy. If an IT company such as Microsoft, Oracle or IBM cannot meet the requirements, than another one will.

"Commercial products and services often are the weakest link, but regulating them directly means imposing costs that many users won’t be able to shoulder," Stewart Baker, a partner at law firm Steptoe & Johnson and a former assistant secretary for policy at DHS, said. "So you end up imposing costs on everyone to protect a portion of the economy."

Political Talks

This issue is sure to come up during negotiations underway between the White House and congressmen supporting a cybersecurity bill introduced in the U.S. House Intelligence Committee. The bill emphasizes sharing threat information between businesses and government, while the Obama administration also wants minimum security standards set for the most critical companies.

For telecom companies to get what they want, they will have to convince the Republican majority in the House, which adamantly opposes more government regulation, to broaden the cybersecurity bill to include the IT industry. That's unlikely, so telecom and other critical infrastructure companies should be prepared to take full responsibility for securing their systems.

Image courtesy of Shutterstock.

You know the feeling you get when your 2-year mobile contract is up and you start thinking about what kind of new smartphone or tablet you can justify buying? It’s almost like being a kid in November knowing Christmas is coming soon.

That was how I felt as the service contract for my Motorola Xoom tablet was set to expire in January. I thought I wanted an iPad this time, but the cost seemed too high. 

 Even though I am a long-time Verizon customer and I was “upgrading” at the end of my Verizon contract, there was no discount offered on the device. I didn't see a way to make it happen.

Until one came along.

Flush With Cash

Some unexpected checks came in to my business. A client that hadn’t paid in a while brought their payables up to date. A big project we’d just completed paid early. So we brought up the idea of buying an iPad for all three members of our team (we had done without a Holiday bonus last year).

But which iPad? A friend - and certified Apple fanatic - had recommended the 32GB iPad with retina display and 4G cellular service. He called it the gateway to Apple fandom. We had a spare 45 minutes before a lunch appointment, and being a spontaneous bunch, we decided to check out tablets for ourselves at a local store. We had no intention to buy so we headed to a the nearest one, which happened to be an AT&T store.

The minute we walked in the door a salesperson approached. I waved him off, saying we were just looking. He hovered anyway.

We compared the iPad mini to the full-size version and decided we needed the bigger tablet, just as my friend had suggested. But the cost - $729.99 - seemed too high. That just seemed unjustifiable.

But suddenly, good things started happening.

$100 Off Was An Unexpected Treat

The salesman, sensing my mix of desire and reluctance, offered to take $100 off the price!

That was not expected - especially after my Verizon conversation. I was tempted, but smelling the chance for a deal, I shifted into flea-market mode (I spent a lot of time in my teen years with my dad selling men’s shirts — he owned a men’s clothing store — at a Long Island flea market). I asked the salesman what he could do for us if we bought three iPads?

He offered $100 off each device. No better than for one.

My significant other says I’m a sucker for a bargain — even if it’s not really a good deal. So I decided that wasn’t good enough. “Is there anything else you can do?” I asked sweetly, expecting nothing.

Service Credits Count, Too

But he surprised us and offered an additional $300 credit on mobile service for the three devices. The $600 savings had me hooked, but then, I’m an easy mark.

I turned to my far more thrifty and level-headed partner for an opinion. (I felt like I was in an “of course we should buy the timeshare in Hawaii” mode.) She thought for about 30 seconds… and agreed. She reasoned that the $600 savings was nearly equivalent to a whole free iPad.

Of course we couldn't stop there. We also bought keyboard cases (we are writers after all) for all three iPads and their associated 2-year contracts. So the store made made back some of the discount before we walked out the door.

Lessons Learned Worth More Than The Savings

Is this the way responsible business owners should make purchasing decisions? Probably not.

But there are some worthwhile lessons for entrepreneurs here:

• Do your homework before you set foot in a store or go to a website to make a purchase. That way even if you do make an impulse buy, at least you’ll be making a more informed decision.
• Be open to doing business with vendors you haven’t worked with before.
• It's OK to play hard to get, and don’t be afraid to haggle.
• On the flip side, it's a good idea to empower your own salespeople to make quick decisions to close the deal. We never would have bought the iPads if the AT&T salesman hadn't offered the discounts.

After only three days of using my iPad, I love it. It’s intuitive, easy-to use, and could indeed be a gateway device turning me into a tablet junkie.

AT&T Store image courtesy of Jason Dunn.

We’ve all been there. You are at a crowded event, taking pictures with your smartphone and trying to share them on Facebook or Twitter but the damn photo just won’t upload. The data network you are using is clogged because too many people are trying to do the exact same thing you are: making phone calls, sending texts, uploading pictures and streaming video. With everybody trying to do the same thing at the same time, nobody can actually do anything.

The Big Arena Problem

Like other mobile carriers, AT&T has been working on solving this “big arena” problem for a while. It has been working to improve its DAS – Distributed Antenna System – for several years and has been moving to place it in venues across the country, including Lucas Oil Stadium in Indianapolis and the TD Garden in Boston. For the Super Bowl at the Mercedes-Benz Superdome Sunday night, AT&T had its DAS system up and running with 11 temporary COWs (Cells On Wheels) towers to help the data flow.

So, when the lights went down on the Super Bowl, fans were still theoretically able to make phone calls and tweets to their heart’s delight.

Blackout Boosted Data Usage

According to AT&T, the busiest data traffic came during the halftime show when Beyonce was performing - and during the blackout itself. AT&T users consumed 78GB of data on the in-stadium network during the hour, more than twice what they did during the busiest hour of last year’s Super Bowl in Indianapolis. 

During the 34-minute power outage, AT&T users sent twice as many texts, consumed 10GB of data and made more phone calls than they did at any other hour during the game. This makes perfect sense considering that the users were living in the middle of a live news event and had nothing to do but putz around on their phones while the stadium lights returned. 

Total data usage for the entire event was 388GB on the in-stadium network. That is a lot of photos, even for the 71,024 officially in attendance at the game (many of which were likely not AT&T users). That was an 80% increase in traffic from the Super Bowl in Indianapolis. In addition, AT&T users made more than 73,000 calls during the Super Bowl. Even if everybody in the stadium was an AT&T user, that is more than one call per person. In likelihood, it was probably more like three or four per AT&T user.

Of course, many of these numbers are artificially high because of the extended delay in the middle of the game. Judging data from the Super Bowl or any other singular event can lead to suspect conclusions. But if there is one thing to take away from the Super Bowl in New Orleans in relation to AT&T’s cellular traffic - it is that more and more people have smartphones and they are using them more and more. This was the dominant theme of mobile in 2012 and it continues into 2013 and beyond. 

Top image: Mercedes-Benz Superdome, New Orleans, Louisiana, courtesy Wikipedia.

In a note to the Securities and Exchange Commission, Verizon Wireless noted yesterday that it sold 9.8 million smartphones in the fourth quarter of 2012. In the brief release, Verizon noted that the total smartphone sales included, “a higher mix of Apple smartphones.” 

Unlike its top rival AT&T (which yesterday said it had sold in excess of 10 million smartphones last quarter including record numbers of iPhone and Android devices), Verizon has shown more historical balance between the two dominant smartphone operating systems. In the third quarter of 2012, Verizon sold 3.1 million iPhones out of 6.8 million total smartphones, good for 45.5%. Verizon did not give a total on how many iPhones it sold in its SEC note for this last quarter, but expect the number to be closer to a 50-50 split with Android. 

iPhone's Magic Powers

The question to be asked is why would Verizon mention iPhone channel sales in its SEC note at all? Well, right or wrong, the carriers (and hence, investors) tend to think of iPhone owners as more lucrative consumers. iPhone owners tend to be loyal, thus giving carriers guidance for how many net postpaid subscribers they will have years down the line. So, if I am a carrier, I want to show investors that I have a large amount of people using Apple products as a sign of the health of my business. 

As the rest of the fourth quarter smartphone sales from the top carriers in the United States come in, we are once again likely to see that Apple dominates the top of the American smartphone market. In Q3 2012, Apple controlled about 58.1% of U.S. smartphone sales for the three largest carriers (AT&T, Sprint and Verizon). Of those three, AT&T provides the biggest cushion for Apple, taking between 70%-80% of its total smartphone sales. As noted yesterday, AT&T likely sold more than 7.6 million smartphones last quarter. If Apple has a stronger 4Q with Verizon, the iPhone may break the 60% mark for control of U.S. marketshare among the big three. 

Research analytics firm comScore notes that Android still controls the overall U.S. smartphone market. According to comScore Mobile Lens, Android U.S. subscribers grew 1.1% between Aug. 2012 and Nov. 2012 to a total of 53.7%. Apple grew 0.7% in that same period to 35% of U.S. subscribers.