Ultraprivate Smartphones

On January 21 a text message flashed on phones held by the protesters thronging Kiev’s Independence Square. Ukraine’s president, Viktor Yanukovych, was then still clinging to power and brutalizing opponents. The message—from the number 111—read: “Dear subscriber, you are registered as a participant in a mass disturbance.” Widely presumed to have been sent from Yanukovych’s security apparatus to all phones in the protest zone, the message was a stark reminder of how mobile phones can be used for surveillance.

Soon after, a Ukrainian man walked into a nondescript office in National Harbor, Maryland, and sought help from a man named Phil Zimmermann.

Zimmermann is a cryptologist. His company, Silent Circle, encrypts voice calls, text messages, and any file attachments. If you use Silent Circle, your calls to other users are sent through the company’s servers and decrypted on the other phone. The service won’t stop the delivery of ominous messages in range of certain base stations. But it can block eavesdropping and prevent the snooper from knowing the number of the person you are calling or texting. Soon, access codes for Silent Circle were making their way to protest organizers in the heart of Kiev. “Those are the kinds of environments where you need widespread deployment of crypto technology,” Zimmermann says, with evident satisfaction.

In the past year, it’s become clearer that places like Kiev are not the only environments where people might want the privacy Zimmermann can provide. Documents brought to light by former U.S. National Security Agency contractor Edward Snowden suggest that the NSA gathers huge amounts of information from cloud computing platforms and wireless carriers, including the numbers ordinary people called and the times they called them. Not only could the government be watching you: so could websites, advertisers, and even retailers trying to track your movements within stores. Modern smartphones and the apps running on them are engineered to collect and disseminate enormous amounts of user data—such as location, Web browsing histories, search terms, and contact lists.

By summer Zimmermann will be delivering a new way to fight back: a highly secure smartphone, called Blackphone. Now being manufactured by a joint venture that includes Silent Circle, it uses Zimmermann’s encryption tools and adds other protections. It runs a special version of the Android operating system—PrivatOS—that blocks many of the ways phones leak data about your activities. While custom security phones have long been in the hands of military and government leaders, this effort may signal a shift toward mass-market phones that are far more private and secure.

Blackphone, which sells for $629 with subscriptions to privacy-protecting services, is one of many measures that technologists are taking in response to the Snowden revelations. One such effort involves wider encryption of ordinary Web traffic. Stephen Farrell, a computer scientist at Trinity College Dublin who is leading that project through the Internet Engineering Task Force, says a phone that encrypts communications and seals off data leaks is a crucial part of the strategy. “Personally, I really would like to have a phone with a much more hardened and privacy-friendly configuration,” he says.

Crypto Warrior

Growing up in Florida, Phil Zimmermann liked breaking into places and things: his youthful conquests included Disney World and the Miami Seaquarium. He studied computer science at Florida Atlantic University, and he became interested in cryptography in the 1970s, when papers on a technology called public-key cryptography emerged. Traditional crypto required the parties in an encrypted conversation to possess the same unique decoding tool (or “key”). The new approach was fundamentally different: it involved two mathematically linked keys, one private, the other public. Suddenly, applications such as digital signatures became possible. You could use a private key to “sign” a document; later, anyone else could use the public key to verify that you were indeed the author.

Zimmermann’s fascination with this new tool dovetailed with an activist streak. In the 1980s, while laboring as a software engineer by day, he was a peace activist by night, working on the nuclear weapons freeze movement and getting arrested at the Nevada nuclear test site. (He tells of seeing actor Martin Sheen and the celebrity scientist Carl Sagan in jail.) He viewed the Reagan White House as a threat to peace and human rights as it battled socialist movements and governments. He soon started putting his interests together. “I wanted to make crypto software to protect the grassroots community, for the people of El Salvador, for human-rights groups,” he says.

JOSEPH VICTOR STEFANCHIK

He eventually came up with something new for applications like e-mail. Now known as PGP, for “pretty good privacy,” it built on public-key cryptography with a few new tricks, using speedier algorithms and binding things like usernames and e-mail addresses to public keys. PGP quickly became the most popular way to encrypt e-mail. It also made ­Zimmermann a combatant in the so-called crypto wars of the 1990s. At the time, the U.S. government was worried about the prospect of strong encryption technologies slipping out of the country and making it harder to snoop on other countries. So after Zimmermann published his code on the Internet in 1991, the Justice Department opened a criminal investigation. It wasn’t dropped until 1996. By then, any fears that foreign governments would use cryptography to hide their activities from the U.S. were overshadowed by the great potential the technology had for American companies in the globalized business environment that emerged after the Cold War. Businesses were opening offices and factories in cheap labor markets, “which tend to be in countries with aggressive wiretapping environments and low on human rights,” Zimmermann says. These businesses were now facing threats once faced only by human-rights and political activists. To better serve that market, Zimmermann began selling cryptography tools through a startup, PGP Inc.

Zimmermann always wanted to take widespread encryption to the next level: secure telephony. Until the past few years, however, voice transmissions did not generally take the digital form required by cryptographic technologies. In the 1990s he’d built a prototype, but it required using modems tethered to PCs. “That product was never going to get any traction,” he says. Today, telephone companies and carriers do encrypt calls—but they hold the crypto keys in their servers, and “phone companies have historically been very coöperative with wiretapping,” he says. Zimmermann’s protocols instead kept the keys only at endpoints—preventing the carriers and even his own servers from decrypting the content of a call.

These days, almost all telephony is digital—not just obvious forms like Skype, but cellular and landlines, too. So when a former U.S. Navy SEAL, Mike Janke, approached Zimmermann in 2011 with an idea for providing a service to help U.S. military members make secure calls home, he was game. They joined with Jon Callas, creator of Apple’s whole-disk encryption, to found Silent Circle. (The company originally offered e-mail, too—a service called Silent Mail. But many users were opting to store keys with Silent Mail, leaving the company vulnerable to an NSA request for data. The team killed Silent Mail and is rebuilding it so it stores the keys differently.)

No Breadcrumbs

Silent Circle had a missing piece: the hardware. “Over the years, when people asked ‘How safe can I be using your crypto software?’ I had to say, ‘We think we have some good crypto here, but the computer you are running it on might be owned by a hacker, and it won’t matter,” ­Zimmermann says. “With Blackphone we are trying to do something about that.”

Blackphone is an amalgamation of technologies. Silent Circle provides the encrypted voice and text services; the device is being made by Geeksphone, a Spanish company that specializes in phones that run open-source operating systems. Together they created ­PrivatOS, which gives more control over what data apps can see, encrypts data stored on the phone, and allows you to get wireless security updates directly from Blackphone, rather than relying on carriers. The two companies also brought on other vendors of privacy and security services. For example, one blocks tracking companies from seeing the websites you visit and the searches you make.

By February, they had one carrier lined up to sell the phone (though any buyer could use it and put a SIM card in it): Netherlands-based KPN, which also serves Belgium and Germany. They were talking to other carriers, too. It would be “the unique device that nobody has dared to make yet,” said Geeksphone’s 22-year-old founder, Javier Agüera—at least, nobody who had the average user in mind.

Fast-forward to late February. ­Zimmermann and his team sat at a sidewalk restaurant in Barcelona, munching tapas. It was the eve of Blackphone’s launch at the largest mobile trade show, Mobile World Congress. Early versions of the phone were in their pockets. As I joined the group and learned more about the phone, I became aware of my digital nakedness. I glanced at my new iPhone 5S. Opening my Wi-Fi settings, I saw available networks called Barcelona Wi-Fi, Cbarc 1, Spyder, and several others. All were of unknown trustworthiness, but I didn’t think it mattered; after all, I wasn’t connecting with any of them. But it turns out that my phone’s automatic process of seeking such signals meant it was notifying those routers of my phone’s ID number. This is already being exploited by retailers, who use Wi-Fi probes to track customers’ habits. And because information from apps is merged with data from Web browsers, shopping sites, and other sources, dozens of companies can use that ID number to keep tabs on me.

Mike Kershaw, Blackphone’s chief architect, came over to my side of the table. He proudly explained how Blackphone would prevent any such thing. Software Kershaw developed programs the phone not to search for Wi-Fi signals unless it is in a predefined geographical area, such as one around your home or office. So as we ate tapas, I was the only person at the table leaving digital breadcrumbs. The others had tools to prevent browsing history and search terms from being tied to their identity; I didn’t. They had fine-grained control over app permissions; I didn’t.

The next morning, near a modest booth at Mobile World Congress, some 200 journalists and analysts crowded the hallways for Blackphone’s launch announcement. “We are not a phone company adding a privacy feature,” ­Zimmermann said. “We are a privacy company selling a phone.” But it was already clear that this was a kind of anti-phone, going against the grain of the mainstream smartphone industry. Later that day, ­Zimmermann walked by Samsung’s enormous installation. It was bristling with Galaxy 5 phones, loaded with Android configured largely the way Google likes it: to gather data. “They’ve got a pretty big booth,” Zimmermann deadpanned.

Not NSA-Proof

Top security experts are reserving judgment on Blackphone until they can test the phone. It won’t ship until June. But the underlying encryption Silent Circle uses—and the evident paranoia of its creators—is widely admired. “I very much like Silent Circle’s solutions,” says Bruce Schneier, a cryptologist who has been calling for more security in communication technologies and wider use of encryption.

While the phone is resistant to everyday threats like hacking and snooping by data brokers, even the company concedes that it’s not NSA-proof, and it could have an Achilles’ heel: the apps that its users will inevitably download. Xuxian Jiang, a computer scientist at North Carolina State University and an authority on Android security, says that’s how devices acquire many of their vulnerabilities. Blackphone also doesn’t protect e-mail on its own; whether your e-mail uses encryption technology such as PGP depends on your e-mail provider. Still, Jiang says of the phone: “These are certainly good privacy improvements.”

There are a few competing efforts. Open Whisper Systems has released an encryption system for Android calls. Nonetheless, Blackphone is already establishing itself: by March, Zimmermann says, hundreds of thousands of units had been ordered. The company expects to sell millions of phones in the first two years. In many ways, the NSA revelations, the growing awareness of how consumers are being tracked by commercial interests, and conflicts like the one in Ukraine have been the best possible advertising. “It used to be an uphill battle to make people believe there was a need for this kind of technology,” ­Zimmermann says. “Not anymore.”