Can Blackphone really protect you from the NSA?

Avatar By Aaron Sims | 7 years ago

The constant stream of revelations regarding the NSA’s domestic spying activities are sure to raise eyebrows for even the most trusting citizen, and qualify as erotic literature for hardcore conspiracy theorists. Surely, most citizens want to know what, if anything, they can do to keep their private business private. U.S.-based encryption firm Silent Circle is offering what they hope to be an answer with Blackphone, a smartphone that puts privacy first. Of course, the question is: Will it work?

While the device’s privacy technology is impressive, even Silent Circle is quick to point out that calling it “NSA-proof” is something of a misnomer. For instance, Blackphone uses VoIP technology similar to Skype for voice calls. While potentially more secure than standard GSM or CDMA connections, Skype calls still run through Microsoft’s servers, which could be accessed by the NSA if necessary.

“The media coined that [NSA-proof] idea early on after our January 15 release, but we’ve not only never said it, but actively refuted it,” says Toby Weir-Jones, chief product officer for Blackphone.

While experts admit that Blackphone’s security measures are unlikely to have any “major flaws,” no piece of man-made technology is entirely hack-proof. Given someone with adequate knowledge and available time, any device is theoretically vulnerable.

“If someone spends enough time and money to attack that code, they will be able to find a way around it,” says Stu Sjouwerman, founder and CEO of Florida-based computer security consultancy KnowBe4.com. “So, if the NSA thinks, ‘Hmmm, we don’t like this,’ and they throw a couple of supercomputers at it, they will find zero-day bugs even in that code, and they will be able to circumvent it.”

Sjouwerman calls Blackphone “commendable,” but ultimately “doomed to fail.” He also suggests that early adopters would likely be those involved in organized crime.

Blackphone’s main security feature is voice and text encryption, enabled by Silent Circle’s smartphone app. Anyone receiving a message from a Blackphone user must have the app in order to read or talk with the other user. Though effective, the problem with this strategy is that this isn’t the kind of data the NSA collects.

Rather than the voice or text content of a communication, the NSA reports that they only collect so-called “metadata.” That is, data about and related to a communication, not necessarily the content itself. Not only can Blackphone not entirely shield itself from metadata collection, but that data may actually be more valuable than the content of a message. After all, it logs key details such as date, time, location and the potential identity of the correspondents.

In the end, Blackphone’s fate might not rest on the merits of its security features, but on old-fashioned consumer demand. Though consumers are more aware of security and privacy concerns than ever before, access to apps and functionality are still the biggest factors driving smartphone consumption. Since third-party apps would undermine Blackphones security protocols, there might not be enough of a draw for consumers.