Update 1/30/15: Recently a vulnerability was discovered in the Blackphone's text messaging application, enabling hackers to decrypt and see users' messages and contacts, track the geographical location of the phone, and control its functions. Australia-based Azimuth Security consultant Mark Dowd reported the bug to Silent Circle and it was quickly fixed.
In the post-Sony hack world, as data breaches become more wide-reaching, individuals need to take control of their own personal data security. More and more aspects of our lives are connected to the Internet, from our health maintenance systems to our home appliances, which means there's more data about you being collected and stored online.
"All this personal information--our most sensitive information on what we're thinking about, what we're doing, where we are--is all online all the time and running across a network that is not secure and not private," says Casey Oppenheim, the co-founder of Disconnect, the developer of a private web browsing application. "This is not a problem a couple of security freaks are talking about. This is a mainstream problem, and the conversation is now happening between companies and politicians."
The most vulnerable element in any company's security is its employees. Nearly 50 percent of businesses in the developed world require employees to use personal smartphones at work. Many of those employees wind up using insecure apps, clicking bad links, and opening bogus email attachments--all easy entry points for cybercriminals.
On Data Privacy Day (aka January 28), Inc. spoke with three companies who have developed new technologies to protect the consumer. Check out what these companies are doing to help secure your personally identifiable information and protect your company.
1. Browse like no one is watching
If you thought Mad Men highlighted the darkest side of advertising, take a look at what today's online advertisers are doing. "Every webpage you go to, and each smartphone application you use where you're seeing advertisements, those advertisements are actually seeing you," Oppenheim says. "When an ad pops up on your screen, that advertisement is sending back data to the advertiser's server."
The data that companies like Google and Facebook collect and sell includes your IP address, device information, personal information, and all your activity online, he explains. "Super cookies" follow you from site to site and all that information is compiled by advertisers, tech companies, and analytics companies to build a profile on what you search for, where you are, and what you're doing. These profiles are then used to serve more targeted ads or are sold to the highest bidder. What's even scarier is the fact that the companies do not secure the data they collect on users, leaving it vulnerable to hackers.
This is where Disconnect's private browsing application comes in. Founded in 2011 by Oppenheim, an attorney and consumer-rights advocate, along with ex-Googlers Brian Kennish and Austin Chau, Disconnect's software blocks more than 5,000 known trackers, from legitimate companies to malicious hackers, from collecting your data. The app is free and can be installed as a web browser extension. For $5 a month you can get the premium service, which encrypts all of your traffic through a virtual private network, blocks trackers, and shows you what sites would be tracking you if you weren't protected.
2. Secure calls, texts, and emails
Spun off by software firm Silent Circle and Madrid-based phone manufacturer Geeksphone, Switzerland's Blackphone has developed an unlocked Android smartphone with a custom privacy-focused operating system. For $629, the company's eponymous phone offers secure calls, video chats, texts, and file transfers. It also features built-in anonymous web browsing through a pre-paid VPN in partnership with Disconnect, and a suite of secure apps.
Jon Callas, co-founder of Blackphone and Silent Circle, says companies that collect customers' data are guilty of untold privacy rights violations. "We're all under attack. It's criminals, governments, it's all over the place. The consumer-based devices are designed to sell peoples' information. We are the product and we are being sold to ad companies," he says. "We are given terms of service and permissions for our apps that tell us take or leave it. We wanted to put the power of privacy and control back in the hands of civilians."
Callas says in order to use most apps, you need to agree to terms and give permissions to do things like "read my text messages," "send emails without my knowledge," "modify my contacts," and "read all data on my phone." Truly, as Blackphone's motto goes, "the biggest risk to you and your company's privacy is your smartphone."
3. The password replacement
By now, it is well-known the password is not effective in preventing data breaches. Hector Hoyos, the founder and CEO of biometrics technology company Hoyos Labs, is working on a replacement. "Passwords will disappear in a few years," Hoyos says. "Everyone agrees passwords have outlived their usefulness."
Hoyos Labs, headquartered in New York City, has built the Biometrics Open Protocol Standard (BOPS) for implementing biometrics to authenticate identity and protect data. Hoyos says the company's customers, some of the largest banks in the U.S. and Europe, will, for example, use the biometric technology to replace the ATM card--you'll walk up to the ATM and a sensor will scan a QR code on your phone after your camera scans your facial features to verify your identity. The technology also has been licensed by a U.S.-based car manufacturer to replace keys. Sensors will read your facial features to unlock the car, start the engine once your hands are on the steering wheel, and alert you if you start falling asleep. (Hoyos declined to name the car company.)
The company's new consumer-facing product, revealed at the International Consumer Electronics Show earlier this year, is an app called 1U. The app uses your smartphone's camera to scan your facial features, which are then used to log into your email, bank account, and other apps and websites. Hoyos' patented technology, including an iris scanner and a "liveness indicator," ensure that no one can use a photo or video to gain access to your accounts.
The danger of biometrics, like any other personally identifiable data, is the potential for theft. For this reason, Hoyos does not store your biometrics on its back-end server or anywhere else. Instead, all your biometric data is encrypted and stored on your smartphone.
Hoyos says the company's biometrics framework will slowly replace passwords industry by industry. The free 1U app will bring consumers onboard, and licensing agreements with the financial services industry is already under way. The health care and automotive industries are next.
"It's not only about asserting your identity, it's helping to open or close anything you use in your digital life in a secure way," he says. "Our technology helps you assert your identity to a third party without giving up sensitive information to the third party."
Hoyos, who built the world's first commercial iris scanners and developed tech for the military earlier in his career, is now working on the next iteration of 1U, a service that offers encryption of all your data, across all your devices and accounts. The key, which will unlock and lock a file, text message, or email, will be your biometrics.
"Identity is not your password or social security number. Your identity is your biometrics. There's one set for every human being," he says. "Once you protect the biometrics and privacy, a whole new world of applications opens with the ability to properly identify and authenticate someone."