Edward Snowden spoke at SXSW conference. He obviously didn’t fly to Texas, but instead spoke over Google Hangout from somewhere in Russia. Many people’s perception of Snowden has evolved over the past year; some still see him as a traitor who has done irreparable damage to the US Intel gathering community and compromised many people’s lives. On the other hand, some people view him as a hero, who uncovered misuse of personal information and helped change an industry’s perspective on privacy by encouraging large companies, like Yahoo and Google, to implement encryption to protect customer access.
A few weeks ago at Mobile World Congress (MWC), Blackphone, which claims to be the “world’s first smartphone to put privacy and control ahead of everything else” was being showcased. Since then, we have seen two other phones announced in the press – The FreedomPop Privacy Phone (aka Snowden phone) and The Boeing Black, which boast about more secure Android platform. CryptoPhones have been around for years, but they weren’t based on U.S. certified algorithms and architectures, like the Blackphone. The purpose of the Blackphone is to provide more secure communications for the average citizen, to prevent being tapped by criminals, nosey networks, telcos and most recently, governments.
These offerings are catering to a new generation of paranoid folks looking for a way to protect their privacy when using public networks and telecommunications lines. But, like with all risk management, tradeoffs must be accepted. Everything can be secure, but what ease of use and functionality will you give up to reduce the risk (remember it’s NEVER eliminated) to that of which you fear? These secure phones are not as feature-rich as regular phones, their updates, and applications, even use of GPS and maps (because you don’t want them knowing where you are, right?) are limited. Additionally, these platforms are not as well vetted as current consumer phone platforms, which you could apply security controls to perform similar functions as the Blackphone. Remember, these specifications were for a unique customer requirement, the DoD, who expects a well-funded, motivated adversary who will be persistent in compromising their data. General Citizens (who are not on the “Most Wanted” list) don’t have the same targeted persistent adversary concern. So, if you are one amongst the rising paranoid bunch, you don’t need to buy an expensive Blackphone. A potentially better, easier to use, and more cost effective solution is to:
- Start with what you are protecting, and then apply controls to that. You don’t need to go overboard, or you might realize the inconvenience might not be worth the feeling of being “secure.”
- Apply encryption to your device
- Use a strong password (or biometric as many of the new phones are supporting this feature)
- Protect your communications with a VPN (Virtual private network), or hardware (micro SD) solution.
And, don’t forgot, using one of these phones could make you a target for the hackers who just might think that you have something valuable to hide.