The Sigma Mobile Advertising Blog

One issue in mobile advertising that’s often treated far too lightly is subscriber privacy, and by this, I mean the exposure–accidental or otherwise–of subscriber phone numbers and personal information.

Mobile ad platforms can integrate at different levels with operator networks:

• They can share all information. They can, for example, keep local copies of the entire operator subscriber base, with periodic updates provided by the billing system. Ad requests pass visible MSISDNs.
• They can share information but hide the keys. The platform can maintain local copies of the subscriber base but use encrypted or hashed MSISDNs.
• They can share no information. The platform receives no subscriber data from the operator. All ad requests contain an encrypted or hashed MSISDN.

The first option is the easy one.  Auditing, validation, and operations in general are easy because the data in the ad platform matches the data kept by the operator. (Ok, synchronization can be an issue, but it’s a relatively minor one. The only problem occurs when a disgruntled employee walks off with a database dump, or when a developer decides to work with a copy of the database or log files on his laptop — and then loses it.

The second option is harder to implement but less risky. Ad requests and profile updates from the operator don’t use a plaintext MSISDN but rather pass some other kind of key, which might be an encrypted MSISDN, a hashed MSISDN, or something else that doesn’t directly identify the subscriber. This makes operations harder but poses much less risk of data loss. If a developer loses a copy of the database, whoever gets it might find subscriber profiles but won’t be able to match them to individual subscribers. He will, however, be able to tell the number of subscribers for this particular operator who are under 21, have premium services, live in a particular postal code, and so on.

The third option is the safest. The operator provides no information about the subscriber base. Instead, the ad platform builds its own profiles. It can do this through questionnaires, or by observing behavior, or by other means.  We can also assume that the MSISDNs are disguised inside ad requests. Now the operator data are completely protected, and the owners of the ad platform can make the point that they own the profiles that they gather. The biggest drawback is that operator data are usually quite good — home postal codes are verified through credit checks, for example– whereas it’s not easy to ensure that a subscriber doesn’t lie about everything in a questionnaire that he knows is tied to advertising.

So, what’s the right answer? It depends on technical constraints, legal constraints, and the operator’s level of comfort. At one extreme is the ad platform that’s bought outright by the operator and hosted at the operator’s data center. With such an arrangement, an operator is likely to feel comfortable with plaintext MSISDNs and unencrypted profiles. At the other extreme is a mobile ad service that’s located outside the operator’s premises. I’ve never found an operator that will knowingly agree to put their subscriber’s confidential information in the hands of a distant service provider. (This also has major legal implications if the service provider is in another country.)  If anyone knows of such an operator, please let me know — so I avoid it!

Update: I mentioned MSISDN as the key piece of identifying information kept with a profile but obviously name and home address count, too. I didn’t mention them because I can’t imagine why an ad platform would ever want to store that data. Maybe for customizing ad templates? I don’t think I’d feel more inclined to buy a product or service through an ad that starts “Hi Mark” and in fact, if I didn’t like the product, I’d be seriously turned off.

<a href=”http://www.freedigitalphotos.net/images/view_photog.php?photogid=851″>Image: Danilo Rizzuti / FreeDigitalPhotos.net</a>