Authors: David Hobbs and Duncan Hare. Date: August, 2020
Introduction
“As soon as you turn it on, it is not yours anymore1.” This astonishing statement is the title of a short documentary which accurately describes the current use of smart phones as surveillance devices. By putting the phone in your pocket or purse, you are being surveilled in everything you do.
Cell phone privacy, (especially Android’s) is abysmal. We propose a strong privacy shield for mobile phones. Complete privacy is important, to prevent leakage of business intentions to competitors and others, thus we eschew traditional carriers, who also have huge appetites for customer data, and focus instead on VOIP (Voice over Internet Protocol) providers as a channel to market, who are suppliers to business in a very competitive market, where one privacy misstep would result in loss of customers.
There were 62 Million VoIP telephones in the US as of 20172. This market is estimated (2019) to grow to US $93.2 Billion in revenue by 20243. An incremental-cost offering can certainly make a profitable addition to a VoIP provider’s service portfolio, and at a reasonably low customer acquisition cost.
There is a growing level of awareness that privacy is being stolen, and needs to be returned to phone users. Some examples include Silent Circle, and other “secure phone” manufacturers. Email privacy is Protonmail’s promise. Tracefree.com, provides a browser proxy server as a Windows application, and promises customer privacy and protection from malware attacks, via their proxy server. These are incomplete solutions, at best.
We estimate Proton email has about 88,000 subscribers. The estimate is based on their revenues and the assumption that their average customer spends $50/year with Protonmail, for privacy purposes.
The VoIP providers have an established customer base; they sell service in a tiered-cost structure. Our service offering enables VoIP providers to offer a cell phone privacy service to their customers, for a premium, incremental price.
Our goal is to provide a mobile phone environment which supports reasonable expectations of privacy.
To reach profitability, we we need $2 million in revenue per year, initially at $100 per phone to us; that is, we need 20,000 customers or to upsell 0.03 % of the current VOIP users.
Our full privacy package for complete anonymity, we’d price at at least $100 per month, possibly much more.
Cell Phones are Targets
Everything one does with a cell phone is recorded –– location, contacts, leisure activities, predilections, medical visits, where you live, where you play and so on.
Aside from the normal privacy concerns, it is unwise and unsafe to leak your personal information to enrich a corporation. The cost of that software is anything but “free!”
The ACLU warns:
“Cell phones and other wireless electronic devices are vital communications tools that have become necessary for full participation in modern life. But they are also powerful tracking devices that can be used to infringe on individual privacy.
Knowing where a person’s phone is located can reveal sensitive information, like when they go to the doctor or psychologist, what political activities they engage in, who they spend time with, and where they sleep at night. Law enforcement agencies can often obtain this personal information without ever getting a warrant from a judge. The federal government also invokes powerful surveillance authorities to collect this information and more, including our call records, contact lists, and even the contents of our text messages and calls.”4
Consider for a moment the information you give out when you consult a map on your smart phone.Using the map can give information on your current location, your IP address, where you want to go, and, if you book reservations through the website, the dates of your trip.
Do you really want to give away that level of detail about your current location and your future activities to people you don’t know?
Privacy, Security and You
“As soon as you turn it on, it is not yours anymore”5. Individuals and businesses are under assault as never before. Governments want to gain a competitive advantage, by spying on successful businesses in other countries. Competitors are not above trying to get access to your business plans. US government contractors have been found embedding spyware in apps they provide for public use (“If it’s free you’re not the customer, you’re the product.6”) There is no security without privacy. The US government has acknowledged this, and the NSA has made limited suggestions for cellular users to reduce the problem.7 The US and foreign governments feel free to wade through your data, sometimes even acquiring it from your local “Service Providers.”
Applying Encryption to your extended network can secure the data path between your data network and the user, but what if the user’s device gets hacked? Enterprises must protect both the data path AND the remote network device.
Vendors have had nearly 30 years to create secure networked operating systems, and do not appear to want to succeed, perhaps because of continuing future revenue from upgrades.Every successive release of their software seems to introduce new and improved avenues for data theft. Anew approach focused on privacy and security is necessary. You, personally are the Target;yourinformationis too valuable for them to let you keep it private, and they are too avaricious to pay you for it. This includes your Government, Enormous Internet Companies, and Competitors.
Our remote devices will do all their work on remote servers. As a result, the hand-held device’s operating system has been designed to be both READ-ONLY and contain NO data. A hacker cannot install malware, because he can’t save it to the device’s hard disk, or change the running Operating System. Private and confidential data is protected, because it’s in a secure facility, not on the device.
To protect your data, we create an encrypted network to the remote user.
Our Cell Phone System Device Development
We spent the last 3 years developing a prototype Private Edge device, based on the Raspberry PI 3 for remote access to Windows Systems in data centers. As a demonstration it was very effective. As a product it had to overcome resistance from Windows support organizations, to enter the corporate market, as it eliminated the need for Windows desktop support in an enterprise.
Based on the Corporate Resistance, we asked ourselves – “We have a process to provide complete privacy. Who is our potential customer, and why would they buy this as a service?”
We came to the conclusion that the consumer market is completely compromised by the large International Corporations, and that users have no real mechanism currently to regain the privacy they have lost with their smartphones, without abandoning a cell phone completely. Our solution restores privacy to smart phone owners – whether they be corporations or individuals.
Two final quotations illustrate the privacy problems encountered in the US and Canada.
From a Harvard Gazette story (2017):
“In fact, internet users in the United States have fewer privacy protections than those in other countries. In April, Congress voted to allow internet service providers to collect and sell their customers’ browsing data. By contrast, the European Union hit Google this summer with a $2.7 billion antitrust fine.”8
One last quote highlighting why we should be concerned about location tracking:
“Privacy is about retaining the ability to disclose data consensually, and with expectations about the context and scope of sharing. Identifiable, linkability of data, and the mining of vast quantities of aggregated information all erode the individual’s ability to manage disclosure, context, and scope. Networks depend on the use of unique (and often identifying) numbers, and facilitate the instant global dissemination of information; increasingly, devices and applications gather and use geolocation data that builds up into a unique ‘track’ for each user.A growing commercial ecosystem based on targeted and behavioural advertising results in an inexorable financial pressure for service providers to exploit personal data (emphasis ours). The privacy implications of the current Internet represent a significant and growing concern.9”
Budget and Timeline
image.png36.04 KB
image.png36.04 KB
Summary
Cell phones are a threat to you and your enterprise’s data security and privacy. Controlling the phone’s operating system is vital to keeping your corporate plans and data secure, because whoever controls the OS controls the phone and can access your information! By closely controlling the phone’s operating system and separating the Graphical User Interface (GUI) from the OS, we give the enterprise complete control over the devices.
Governments and corporations may need certain information as a result of our desire to transact with them, but it is inappropriate for either governments or corporations to gather our information out of curiosity or a desire to sell it to someone else. Privacy protection laws are badly outdated. People need to protect themselves. We can help.
