Header graphic for print
Trading Secrets A Law Blog on Trade Secrets, Non-Competes, and Computer Fraud

Covert Cellular: Enough Protection for Trade Secrets?

Posted in Cybersecurity, Data Theft, Espionage, International, Trade Secrets

With the ever-increasing need to maintain communications with customers and your employees, mobile phones have become a requirement for business people. Spanish telecommunications company Geeksphone is targeting the business market with Blackphone, the first mobile phone that encrypts data transmissions. No one would argue against the value of increased wireless data security, but do CIA-style cellular phones really provide enough extra protection to justify the cost?

All cell phone transmissions are encoded in some way, which may be why we feel some level of comfort sending some of our most intimate personal information through mobile devices. We text our friends from Antarctica using satellite phone links, Instagram selfies from the beach, play games with people from all over the world while waiting for a flight (thank you, Alec Baldwin, for delaying a flight departure because of a “Words with Friends” obsession), purchase goods online (with our credit card numbers sailing through cyberspace) and catch up on email while driving (which may be against the law in some jurisdictions). If these modern conveniences are not continuously available from almost anywhere on the globe, some may consider that cellular service providers have somehow usurped our constitutionally guaranteed freedom of expression.

Business discussions also involve confidential data. If trade secrets are involved, reasonable measures, such as limiting dissemination and providing adequate safeguards on the restricted material, must be taken to maintain legally enforceable protection.

Thanks to Edward Snowden, though, we are aware that Big Brother is essentially recording every transmission from mobile phones. Senator Dianne Feinstein, German Chancellor Angela Merkel, and many Americans consider such data collection “spying.” More First Amendment violations.

In light of Mr. Snowden’s revelations, the use of cellular communications in business, especially when confidential information is involved, may fall short of the required security threshold.

And thus, a niche market for encrypted cellular communication has been born. With a Blackphone, whomever attempts to record your encrypted calls and texts will record unintelligible data bits instead of a verbatim transcript.

This extra level of protection may be worth the $629 per unit for your company. Indeed, an entire fleet of spy-thwarting cellular phones may be a wise investment if your executives routinely travel to parts of the world where someone in addition to the National Security Agency (NSA) may be listening—and this may be especially true if your company uses wireless networks to send confidential data or trade secrets.

But are Blackphone’s hyper-secrecy and extra cost really necessary for confidential data transfer? Possibly not. As another post on this blog reports, 2.5 Exabytes (computer jargon for “a whole bunch”) of information are created daily. That means the “c u @ movies @ 7” text you just sent is akin to a single needle in a billion billion haystacks on any given day, so your data is already pretty difficult to locate even without Blackphone’s extra level of encryption.

Still, all communications sent over wireless networks, even from a Blackphone, are broadcast in the open, and therefore subject to interception by unwanted prying eyes (and ears). Yes, Blackphone transmissions will be harder to interpret without the special secret decoder ring. And for additional privacy, the Blackphone automatically deletes the transmitted text or call details after the transmission is completed.  Therein lies the problem.

Whether Blackphones are company-provided or the personal property of employees, the legal standard courts may use could be, “Does encrypted, public dissemination of a company’s proprietary data represent ‘reasonable protection’?” Is additional encoding of a public broadcast considered enough of an access limitation?

Further, although the extra layer of encryption may be deemed a limited access, is providing untraceable back doors to your private data an adequate safety measure?

Data-encrypting cell phones such as the Blackphone may appear to be the perfect fit for your company’s needs, but do not be deluded into a false sense of security; Edward Snowden, after all, used the NSA’s own technology to disseminate the agency’s secrets. Remember that although Blackphone transmissions are difficult to trace, the data are sent somewhere. That means that somebody has the key to decode the data—and that might be your competition.

Indeed, the best course of action for your company might be to adopt a policy that prohibits confidential communications via cell phone, and restricts them to an environment that is secure.

If you absolutely must communicate verbally, or with drawings or formulae, you can always forego the phone and communicate face-to-face with your clients.

Because even with a Blackphone, the airwaves might just be your competitor’s (and a spy’s) best friend.