Your smartphone is about as private as a public restroom. Prone to surveillance and data leaks, today's smartphones pay little more than lip service to the concepts of privacy and security. That's about to change.
The Blackphone, a new privacy-minded smartphone from encryption firm Silent Circle, went on sale this week. Unlike most phones on the market, the Blackphone promises to keep users' activity private and immune to the sort of security vulnerabilities commonly found in such devices.
"The problem we had to solve was simple: how do you provide a way for two or more people to communicate in a way that leaves no trail, no digital breadcrumbs, no centralized server that could be used to do an intercept on your communication?" says Blackphone CEO Toby Weir-Jones. "What we’re trying to do is parlay the heightened awareness that exists around the surveillance revelations into an awareness that you have a choice, and that doesn’t have to mean having your data harvested without your permission or knowledge."
Offering encrypted phone conversations, and a rejigged Android OS that is far from the "toxic hellstew of vulnerabilities" Apple’s Tim Cook talked about at this year’s WWDC, Silent Circle is hoping the Blackphone will change the face of mobile privacy forever.
So will it?
Since Edward Snowden's revelations about government eavesdropping emerged in 2013, there have been thousands of column inches dedicated to the surveillance state and what it means for citizens.
But while companies like Google and Facebook have been outspoken about the need for sweeping changes in government surveillance, that hasn’t stopped them from collecting huge amounts of data about their own users: data which is used to define your online identity—and can even be linked back to specific individuals, despite its promise of anonymity.
"For the past few years the trend we’ve seen has been for the main players in the industry to view the users as the product—the generators of marketable data which can be sliced and diced, correlated, and cross-referenced in a way that can be used to benefit advertisers and other related services," says Weir-Jones. "It’s been a slow advance, much like the boiling frog analogy, where customers didn’t realize what was happening until it was too late."
Weir-Jones points out that while this tracking is not necessarily "for evil purposes," it is definitely insidious. "What Blackphone gives you is the ability to assert your privacy rights on all forms of digital communications—whether that’s voice, video, messaging, or just how you browse websites, or use network-enabled applications," he says. "The idea is that it should be your decision whether you choose to reveal your footprint to another party. If you choose to, no problem. But it should be your choice to opt in, rather than having the burden of figuring out how to opt out."
Blackphone takes care of phone eavesdropping by eschewing regular GSM (Global System for Mobile communications) calls in favor of an encrypted data connection. To put this simply, consider how a regular mobile phone call is placed. Person A dials the number of person B, which the phone signal then connecting to a cell tower, based on the particular phone network being used, which then looks for the correct way to place the call to person B. Along the way there are multiple points at which the message can be intercepted.
With Blackphone, the calls are encrypted using cryptographic keys that exist only as long as the length of the phone call. There is no centralized set of rules for this code, and the data sent between the two (or more) phones doesn’t go through a central switching network.
"Even if you were somehow able to intercept the package stream, you would also have to compromise both phones during the phone call in order to compromise the keys you would need to decrypt the message," Weir-Jones says.
The phone’s operating system, known as PrivatOS, comes with a slew of useful packages for dealing with data mining, too. The texting tool, for instance, allows you to send files such as audio messages or GPS coordinates as well as regular text messages—and even lets you set self-destruct timers to each one, thereby adding another level of security.
The phone additionally comes with two years of 1GB-per-month Disconnect virtual private network service, alongside Disconnect’s anonymizing search as part of the phone’s web browser. Disconnect is a startup founded in 2011 by a consumer-and-privacy-rights attorney and, ironically, former Google engineers. It prevents search engines from tracking users’ searches and locations.
Why do you need a phone to do this? Fair question. Founded by cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmerman, Silent Circle started out by launching privacy-oriented iOS and Android apps in late 2012. The company’s business model called for subscribers to pay $20 a month, in exchange for the kind of subscriber-to-subscriber conversations, encrypted video conferencing, encrypted text messaging, encrypted email, and storage, which come as standard with the Blackphone.
It was computer pioneer Alan Kay who once said that people who are really serious about software should make their own hardware as well. As it grew as a company, this idea appealed more and more to the Silent Circle team.
"We thought a useful thing for people who care about privacy [would be] to have a device that includes our services, as well as other software and services which increase privacy," says Silent Circle CTO and Blackphone board member, Jon Callas.
For Callas, it’s all about the experience of the end user. "It's like giving someone a well-cooked and tasty meal as opposed to a cookbook and some ingredients," he says. "It's a better experience for them overall."
To build the Blackphone handset, Silent Circle paired up with GeeksPhone, a Spanish smartphone company most notable for building open Android phones, which also ran Firefox OS. "They weren’t making hundreds of millions of units, but they had a very good understanding of how to do specialty products at a high level of quality, and bring them to a worldwide market," says Weir-Jones, who joined the company at this juncture.
One of the big advantages of building a handset from the ground up is that it let Silent Circle create a stripped-down version of Android’s 4.4 KitKat release for its custom operating system. PrivatOS makes several changes to the core Android kernel to keep the phone better protected.
"We disabled a lot of the features we saw as leaky, and built an additional set of management tools to allow the user to very precisely control what permissions their applications have," Weir-Jones continues. "On most smartphones, your only options are to accept or reject the security requirements of individual apps. What we let you do is to install the app, after which your security center will identify all the security permissions needed, suggest security-conscious defaults, and allow you to fine-tune these permissions yourself. You can then change those any time you like."
One of the niftiest features of Blackphone is that it lets users communicate securely with other people, even when one side of the party doesn’t own a Blackphone themselves. All they need is the Silent Circle app, which handles the call encryption. Fortunately, each Blackphone handset comes complete with three one-year "Friend and Family" Silent Circle subscriptions, which allow your contacts to install the service on their existing smartphones.
"One of the best features of Blackphone is that I can speak to you, even if you’ve got an Android or an iPhone," says Weir-Jones. "This is something I’ve not seen done before."
There are, of course, questions that will be raised. The most obvious and pertinent to Silent Circle is whether or not the Blackphone will sell. After all, while most readers may not like the idea of eavesdropping or mass data collection, many of us accept it as an inevitable part of life in 2014. No matter how admirable the aim of the Blackphone is, what percentage of smartphone users will shell out for one rather than picking up the new Samsung Galaxy S5 or forthcoming iPhone 6?
And while avoiding NSA eavesdropping is clearly important, are there potential criminal applications for the Blackphone, where it could become a next-generation "burner"—an update of the kind of one-use pay-as-you-go phone used by criminals in HBO’s The Wire?
"The important point to make here is that we have no data to release," Weir-Jones says. "We will comply with requests, but even if you came along with a subpoena, there’s simply nothing for us to reveal about our users because because we don’t moderate or connect your calls."
A larger question concerns what will happen if tools like Blackphone do become successful. In the wake of major privacy stories in the press—ranging from Facebook data leaks to tales of NSA surveillance—this is not an entirely unrealistic proposition.
If this is the case, Weir-Jones thinks the Blackphone could help trigger major changes in the privacy space. "In the long run what we anticipate is that if people move away from seemingly ‘free’ tools like search engines because they perceive the costs to be too high, the market will be forced to step up," he says. "Instead of offering a tool based on monetizing your behavioral data, it may be that you could control your own data but instead pay these companies a small fee to use their services. In the past, everyone believed everything online should be free, and now we’re seeing that maybe that’s not going to be the case."
But while this is an idealistic view of future privacy, not everyone is so convinced it will happen anytime soon.
"I have often heard people suggest that the fact we will willingly use tools like Google which collect our data means we don’t care about privacy," says Helen Nissenbaum, professor of Media, Culture and Communication and Computer Science at New York University, known for her work on privacy, trust, and security in the online world. "For me that is not correct. I hate the fact that airlines move the seats closer together to fit more on, and yet I still use the plane. Does that mean I don’t care about my comfort? We can’t draw a direct line between what we care about and what will put up with under duress. There are a lot of issues we need to look at here, but I think we’re a long way from doing the kind of cost-benefit analysis that is useful for solving these problems."
Whether or not the Blackphone does become a major player in the smartphone market—or prompts further investigation into subjects like NSA eavesdropping and large-scale corporate data-mining—it seem that early units of Silent Circle’s new handset have been very well received by their customers.
For Toby Weir-Jones and his team, that is enough. For now.