We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.


As Apple Doubles Down on Encrypted Phones, Google Sits on Its Design for a “Digital Safe”

A memory card developed by Google that upgrades a smartphone with strongly encrypted messaging and storage could improve security and trouble law enforcement.

As Apple faces criticism from the FBI for refusing to help law enforcement break into iPhones, rival Google is sitting on technology that would upgrade existing mobile devices with an encrypted “digital safe” that secures data, messages, and video and voice calls.

The technology, known as Project Vault, was created by a team led by Peiter Zatko, a hacker and security expert also known as Mudge who has since left Google. This month he called on Google to release the technology to underline its support for Apple’s refusal to open phones for the FBI and other law enforcement agencies. Google spokeswoman Victoria Cassady wouldn’t reply when asked whether the project was still active, but she hinted that there might be updates at Google’s annual developer conference in May. Zatko said he is not permitted to comment on Google’s plans.

Project Vault was introduced at the developer conference last year by Regina Dugan, leader of Google’s Advanced Technology and Projects group and previously head of DARPA, the Pentagon research agency. She showed attendees what looked like an ordinary memory card the size of a fingernail. It contained a tiny computer and storage system that instantly upgraded a device with advanced security features, such as strongly encrypted storage, messaging, video, and voice calls. Two phones were shown using Project Vault prototypes to exchange encrypted messages.

“Project Vault is your digital mobile safe,” Dugan said at the time. She said that it would initially be tested and developed with corporations before being offered to consumers. Google said it was already testing 500 of the devices internally, and it released code and documentation for Project Vault’s hardware and software online.

This memory card invented by Google upgrades a smartphone or other mobile device with encrypted storage and messaging.

Were Project Vault to be released, it could pull Google deeper into the argument between the tech industry and law enforcement over encryption technology.

Apple’s faceoff with the FBI was triggered by its decision to build iPhones that encrypt all stored data, and then to refuse to help investigators working on December’s San Bernardino shootings get around that protection. Similarly, the encryption method used by Facebook’s WhatsApp program and Apple’s iMessage service—a system that prevents even the companies providing the services from reading the messages— has angered authorities in Brazil, and is reported to also trouble the U.S. Department of Justice.

Project Vault is designed to upgrade a mobile device with both encrypted data storage and messaging. Because the code and digital keys used to encrypt messages and calls never leave the secure memory card, it could be even more resistant to eavesdropping or hacking than iMessage or WhatsApp, which operate as conventional apps.

Even if Google doesn’t move forward with Project Vault, it may still help other companies strengthen their security because its design is open source, meaning others can use it. Zatko says that some large companies, including financial institutions, are experimenting with pieces of what Google released to protect high-value customers against fraud.

Making the design open source would also help keep Project Vault trustworthy if it is released, by allowing outside experts and researchers to probe its security, says Simha Sethumadhavan, an associate professor at Columbia University who works on hardware security.


Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.

Subscribe today
This memory card invented by Google upgrades a smartphone or other mobile device with encrypted storage and messaging.
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Print Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.