In the wake of Edward Snowden’s revelations about National Security Agency (NSA) surveillance programs, tech companies made a lot of noise about encrypting user data both in movement and at rest.
Now comes the inevitable next stage: building ultra-secure hardware for everyday mobile use.
Such devices already exist, of course, for some government officials. For example, President Obama can’t have an iPhone for “security reasons,” according to Reuters, but he relies on an NSA-hardened BlackBerry to communicate with a very limited circle of people.
For everybody else, however, there’s the pervasive concern that government agencies (along with sophisticated hackers) have figured out how to crack pretty much every mobile platform on the market, including BlackBerry. Some companies are moving to deal with that fear: secure-communications provider Silent Circle, in conjunction with smartphone manufacturer Geeksphone, has begun work on a mobile device—dubbed the Blackphone—that will supposedly give regular users a heightened level of privacy and security.
The Blackphone will run PrivatOS, a custom Android distribution. Beyond that, Silent Circle and Geeksphone are keeping quiet on software details ahead of a big unveiling (and the start of preorders) at this February’s Mobile World Congress in Barcelona, Spain. Considering the parties involved, it’s likely that PrivatOS supports some version of Silent Circle’s communications apps, which give users the ability to exchange secure messages and calls. (In addition, PrivatOS will supposedly support regular Android apps.)
Blackphone’s creators will own and control the infrastructure underlying the company’s networks. They’ve also vowed not to sell customers’ personal data to third parties; nor will they retain credit-card information used to purchase a device.
“Blackphone stores minimal detail from its web server and other logs,” added a note on the company’s Website. “Whenever possible we disable the collection of identifying information. We delete logs as soon as reasonably possible. We turn the logging level on our systems to log only protocol-related errors. Our goal is to have nothing to turn over or disclose to any third party.” Basing its infrastructure in Switzerland, which hosts the company’s Website, probably won’t hurt in terms of keeping that information outside U.S. jurisdiction.
Blackphone’s lengthy privacy message does more than assure potential customers their data is protected—it’s a notice to governments that the company isn’t an easy target for surveillance. In mid-2013, encrypted email service Lavabit shut itself down rather than surrender its Secure Sockets Layer (SSL) private key to the U.S. government; that followed a bitter legal battle in which Lavabit founder Lavar Levison was reportedly threatened with massive fines if he didn’t turn over the SSL key. No company wants to go through a similar war with the NSA and FBI; announcing that no data is kept on-hand, as Blackphone is doing, could prove an easy way of avoiding one. (Or not—if the federal government has demonstrated anything over the past few years, it’s a willingness to request data from tech companies.)
But until Silent Circle and Geeksphone actually unveil the Blackphone at the Mobile World Congress, a lot about its security and privacy setup remains unclear.