Wednesday, May 16, 2012

Is it time to open source mobile phones?


In a recent conference, CIA Director David Petraeus admitted that the CIA is finding less and less need to bug ordinary people since it seems most people are more than happy to do the job for them. 


Speaking at a summit for In-Q-Tel, the CIA’s venture capital firm, Petraeus noted that new devices that link ‘dumb’ home appliances such as refrigerators, ovens and lighting systems to the Internet could “change our notion of secrecy.”  Mr. Petraeus went on to explain how these ordinary household items can easily be used to garner intelligence about their owners and the environments in which they operate and that their proliferation has made his agencies job a loi easier.
Then he pulled out a mobile phone. With its ubiquity, the ordinary mobile phone is perhaps the perfect device for tracking near the whole of a population. Everyone has them and everyone carries them everywhere. This provides agencies like the CIA an unprecedented view into the lives of almost anyone on the planet and, as smartphone's become even smarter and private industry gets in on the business of spying for dollars, carrying a mobile phone might just become the biggest threat to your privacy ever.
Your mobile phone, not just your smartphone, can provide a lot of information about you. It can track your location, heading, speed, and can even be used as a listening device under the right circumstances. Add the 'smart' elements to it and you can see where this seemingly innocent technology can quickly become rather concerning.
But the story doesn't stop with government spying. In fact, the government listening in might just be one of the least of our worries. Private companies are constantly watching our mobile phone for data they can use to sell us stuff. Sure, it's all done under the guise of 'providing a service you want' but the fact remains that these companies know a hell of a lot about you and they're pushing to learn even more.  We can't look to government to stop them because, the more intrusiveness we allow in our lives through our mobile devices, the easier it can be leveraged by governments wanting data. It's an incestuouscannibalistic relationship between private industry and big government.
Unfortunately, most consumers are not willing to do what it takes to protect themselves on the most basic levels. Most smartphones are only encrypted because the manufacturer implemented it by default and not because of anything special the user did, most email sent from anywhere (including mobile devices on untrusted  networks) is still plain text, and users are installing an ever growing catalog of spy apps on their devices while gleefully thinking they are being part of the cool crowd.
What about those of us who value privacy? What are our options for still having useful devices but not allowing government and industry to completely rape our privacy. Sadly, the choices are few but I believe that presents an incredible opportunity for open source entrepreneurs to step in and make a difference.
Imagine a mobile phone service built for security from the ground up. Everything from the network to the handset makes it nearly impossible to tap, monitor, and track. Users are forced to use strong encryption unless they turn it off and apps are sandboxed for true security and not just 'what damage they might do to the handset'.  Everything from device operating systems to the software used to run the network is open source and all communication is encrypted and never stored beyond what is necessary to provide services like SMS, email, etc.
Of course, such a service would immediately come under massive attack from governments who want access. Laws would be cited or passed to compel such a provider to give up their data. The point is that, if planned and executed correctly, I believe it could be successful. I don't presume to know all of the in's and out's of the mobile phone industry so I know there's a lot to consider that I don't cover here. But I believe that it's time we start looking at what our alternatives are to our spy happy gadgets and seriously start making moves to reclaim our privacy. We're doing a lot on the desktop to have privacy but the desktop doesn't present even a fourth of the threat potential the tiny little spy gadgets we all carry with us do. 
The question comes down to this: how much do you value your privacy? How much are you willing to do to protect your privacy?  If the answer to both of those questions are 'more than I'm doing now' perhaps it's time to step up your game and get involved in a movement to actually do something about it.
The time is now. The tech is here. What do we have to lose?