interoperability per se.  They relate to what people   are not interoperable at all are just as likely to have
               do with the interoperable systems.              damaging security breaches if proper precautions
                                                               are not taken.

               4.4.1   Increased security risks
                                                               4.4.2   Decreased privacy
               As described above, systems can increase
               interoperability by:                            The possibility, in certain situations, that
                                                               interoperability might reduce individual privacy is
               •  providing greater opportunities for technical   among the most commonly voiced concerns.  It
                   interconnection;                            is true that increased interoperability may raise
                                                               the number of individuals with access to one’s
               •  being more open about the types of systems   personal information.  Single sign-on systems
                   and services that can interconnect;         are the most obvious ways that interoperability
                                                               might lead to less privacy.  If technical and user
               •  supporting a greater variety of data; and by  controls are not well established, giving multiple
                                                               service providers access to a user’s online identity
               •  making it easier for humans to leverage the   increases the risk of misusing that data.  In the
                   interconnections.                           electronic health records context, where privacy
                                                               is of the utmost importance, an interoperable
               Unfortunately, each of these forms of interop   standard may allow the capture or theft of highly
               can also increase the opportunities to exploit the   sensitive personal data.
               system.  A system that has more points of access
               allows (1) more types of systems to connect,    Interoperability builds more complex ecosystems,
               (2) processes data with fewer limitations, (3)   with more participants, creating more risk vectors.
               increases potential attack vectors and (4) creates   Against that backdrop, however, interoperability
               more opportunities for nefarious actors to exploit   per se does not give rise to increased privacy risks.
               data or to inject bad code.  For example, single   Rather, it is the specificities of its implementation.
               sign-on systems like “Login With Facebook” are   Even if one assumes a technically waterproof
               convenient for end users, but they can also mean   interoperability solution cannot be achieved—a
               that a single stolen credential gives an attacker   highly debated assertion—one can imagine
               access to numerous online systems, instead of just   effective organizational or legal tools, such as
               Facebook itself.                                privacy regulation, successfully addressing privacy
                            32
                                                               concerns.
               This security concern is not precisely a problem
               with interoperability, nor is it insurmountable.
               The fact that the systems can interoperate does   4.4.3   Increased homogeneity
               not per se mean that more people have access to
               underlying data in a given system.  But increased   Interoperability might lead to less diversity
               interoperability between systems can lead to    in a market.  A single platform for many
               vulnerability if sound security measures are not   interoperable systems might become a de facto
               taken.  For example, it was recently discovered   standard that constrains innovation.  Again,
               that Apple Pay’s mobile payment system was      it is not interoperability per se that causes
               being misused to commit credit card fraud.   The   such homogeneity, but rather the economic
                                                   33
               problem was not caused by interoperability, but   consequences of market actions made easier by
               rather because some banks were not properly     the interoperability.
               verifying account credentials when users set up
               Apple Pay accounts.  Criminals were able to take   The Internet is a wonderfully interoperable system
               advantage of this by registering stolen credit   that has led to tremendous innovation, but the
               card numbers in Apple Pay.  Interoperability    protocols that underlie it represent a form of
               may increase the number of opportunities for    homogeneity.  Most of the interconnected systems
               security breaches, or the potential fall-out from   that people use today rely on TCP/IP at some
               such breaches, but it does not cause the security   level to connect to the Internet.  The protocols
               vulnerabilities.  By the same token, systems that   themselves do not include security components




          108  Trends in Telecommunication Reform 2016