Problem solve Get help with specific problems with your technologies, process and projects.

Wireless 411: Gateway to nuisance, higher costs and mobile virus attacks for the enterprise

Current wireless 411 legislation creates a loophole that lets employees "opt-in" to a wireless directory. Learn how to prevent this from becoming a nightmare for your enterprise.

Bob Egan's weekly column
October 19, 2004

What's happening?

The current wireless 411 legislation creates a loophole that lets employees "opt-in" to a wireless directory, thus threatening to strip enterprises of control over key business assets while exposing them to higher costs, privacy issues and more security risks.

Our Conclusions

Meanwhile, mobile viruses

The fundamental assumptions of wireless 411 are flawed in that they apply an outdated wireline white-pages mentality to wireless. The directory initiative ignores key differences not only between wireline and wireless, but between businesses and consumers, too:

  • Unlike wireline desk phones, today's wireless phones are complex devices, with computing power on par with late-'90s laptops.
  • Enterprise wireline phone numbers are hidden and protected by the corporate PBX. But access to wireless phones is controlled by a public cellular network, thus bypassing the enterprise's direct control.
  • A mobile phone number is the DNA of the wireless device itself, determining who uses it and which application and service capabilities exist.
  • Wireless 411 would let employees rather than employers determine whether third parties have access to those devices.


    To prevent the wireless 411 nightmare from become reality, CIOs and IT managers should immediately do three things:
  • Call your Congressional representatives and get your interests represented. We expect formal Congressional action on wireless 411 after the elections are over.
  • Wireless contracts must include specific privacy covenants. Employees with company-provided phones should be barred from including their information in the wireless 411 directory. Ensure that this limitation is clearly and explicitly outlined in your contract, and demand that your wireless carrier outline how it would block your employees from trying to list their numbers. Enterprise telecom managers should be the only people empowered to decide whether employees' wireless numbers can be publicly distributed.
  • If employees obtain wireless service on their own, company policy should be that reimbursement is contingent on the number not being listed in the wireless 411 directory.


    The key attribute in provisioning a wireless phone is its phone number. With it, one can call the phone, address its short and multimedia messaging services, and e-mail. Several companies have already developed software that uses the number to access the phone's status and software revisions, overall phone capability, operating system type, memory and application sets. Would you give a third party the fixed IP addresses to your desktops and laptops and throw away your enterprise firewalls? That's the equivalent of what happens when a company's wireless number is made public.

    Even the questionable guidelines aimed at protecting consumer privacy do nothing to safeguard enterprise wireless numbers. Nearly five months have passed since we warned that the Cellular Telecommunications & Internet Association's (CTIA) directory threatens to make wireless business numbers public and thus fair game to anyone who calls wireless 411 or the directory itself is hacked. CTIA's president called us after our first research note on this topic, and after a "lively" discussion, he conceded that the needs of the enterprise customer need to be addressed. Action was promised, yet none has been taken, despite our offer to help.

    Time is growing critical as the bills have moved out of Congressional committees. This wireless directory has the potential to combine the anxiety of Internet pop-ups, spam, telemarketer calls and a new level of virus attacks for any person who's listed.

    Bob Egan is president and CEO of Mobile Competency, a Providence, R.I.-based market analyst and consultancy. He can be contacted at or via phone at 401-241-4000.
  • A mobile phones number is the near equivalent of a computer having a fixed IP address. We believe that if an employee "opts-in" (perhaps unknowingly) to a directory service, telecom and IT management may well be stripped of its protective role over business phone numbers. and SMS spam are already emerging threats, and we believe that a public directory of wireless phone numbers will make it even easier for spammers and hackers to target individual enterprise wireless users, if not entire companies.

    Dig Deeper on Enterprise mobility strategy and policy

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.