I need a new phone. No, there is nothing wrong with my phone, from a purely functionality point of view. It makes phone calls, sends text messages. I can even get to Facebook and YouTube from time to time. But while I recently was able to download and use the Starbucks app, I still can’t order and pay online, then grab my drink at the counter like other users do. When Pickup Stix launched their new app, I wasn’t able to download it and register to get my free entrée. You see, I have a Windows phone, and no one makes apps for that platform despite the general ease of doing so.
I need a new phone. My phone does all the functions I need a phone to do. I go online, I check emails, I can even use Excel. But I can’t get mail from one of the companies I work with because their security only allows for installation of a security sandbox they control. In exchange for the ease of using exchange, I must cede to the company the ability to wipe my phone out on the promise that “they have never done it before, and, c’mon, we would never do that to someone unless the phone was lost,” which seems like a very flimsy argument from a security based organization: isn’t one of the most basic tenets of digital security that you only grant the minimal level of access needed and only to those who need it? This would be an overreach allowing them to invade my privacy, destroy my data, and even control how I interact with my own bought and paid for device.
I need a new phone. My phone does all the functions I need of a phone, it even can recognize my face or my fingerprint apparently, but it doesn’t do enough to put me in charge of safeguarding my own data, and my privacy. This year we have heard countless stories of the Border Patrol’s overreach, insisting on phone passwords, Facebook passwords, text and call logs, etc. There is even a new law being considered in NY that would allow law enforcement officers to hook up a device at an accident scene that will tell them if you were using your phone at the time, but many advocates are uncomfortable with this on Fourth Amendment grounds, and I am honestly not even sure which side I agree with more.
I need a new phone. I don’t need to switch my Windows phone for a shiny new Android (that may or may not blow up on me) or the latest iPhone that will already be outdated within 10 minutes of my walking out of the apple store. I fail to see why one platform is better or worse than another these days, as each platform dictates to me what I can or cannot do. Every phone has a deficiency when it comes to personal and private security, and the compromises we must make for both. What we really need is a container phone.
A container, for those not familiar with it, it a software concept where resources on a computer are segregated into a virtual box. Within that box, the code execution environment is completely self contained, separate from the hosting environment, and limited to the boundaries container. Think of a terrarium sitting on the corner of your desk, the plants inside living in a simulated outdoor environment when they are really on the third floor, northwest cubicle D12 of your office building. A container would solve the problem of apps targeting a platform as apps could simply come with their own container, or install to a common container with the appropriate environment. And containers would solve many of our security problems.
Here then is my 6 step Container Phone Manifesto:
- The container host should be specific to the phone and know how to expose the hardware functions to the container in a common API. But it should allow for the inclusion of any container within its environment. Apps then could be written to target the container. You should never have a situation where you want to download an app and you can’t because it requires Container X and your phone only does Container Y. Otherwise, what is the point? App developers would suddenly get three times more productive as resources wouldn’t need to be spent developing separate apps for separate platforms, and companies would never need to decide any platform simply isn’t worth it.
- The phone should maintain its own hardware functions outside of any container. It should still be the responsibility of the device to handle the hardware, and that hardware should be fully functional on its own without requiring any specific container. This means that it can make calls, send and receive text messages, user the camera and the GPS, etc. The phone, at the hardware level, should also allow you to control what hardware is accessed, what kind of information is accessed, and cannot be overridden by the container. i.e. you should be able to say, no Mr employer I do not trust you to see my phone call log or a log of my texts even if you say you can’t or won’t read them. I will not allow your container to track my location via GPS or look at me through my phone camera.
- The phone should allow multiple containers so long as there is room on the disk (or SD Card). If work wants to force a container on you, they can have it completely separate from your personal container. This is both a security concern, and a usability concern. If you have multiple containers, you can ensure that your work container is only ever going to have access to your work and not your personal information. If you have multiple work environments, they can be kept separate. If you share your phone with siblings, each one can have their own special container. You could even power down your phone, remove the SD card, then move it to a new phone just like that.
- The container should have the functionality to backup online to any personally selected configurable services and have the data stored in an encrypted format. For each container, you should be able to go to the settings screen and provide the URL, Username, Password, Protocol, etc. The backups are optional, and the user can change at any time without notifying anyone. The backup would be incremental and allow for a slow steady upload of periodic changes. That way, at any given time, not only my data is protected out in the cloud somewhere (already a common offering) but the state of my containers as well.
- The container’s image should be easy to delete with a passcode on a moment’s notice, and the data on the hard drive shredded a la PGP Shredder or similar functionality. When dumping an image, it will also remove any configuration information about the backup location or provider since that info will be stored directly within the container’s settings. When walking through the security gates at LAX, or pulled over by the police, I simply type in my four digit pin and the container is gone from my phone. “Gee officer, I only use my phone for making emergency calls. I never use it for Facebook.” They may know I am lying, but they can’t prove it or do anything about it, and they certainly can’t violate my Fourth Amendment rights. And when I get home, I simply tell the phone to synch with the offline storage, and within a few hours I have my full container back just the way it was before I dumped it (or at least the last good backup.) Some people may think that this suggestion is underhanded or shady, like i am a smuggling drugs and weapons across the border. But I want to challenge you also to think about journalists living in repressive countries where the information on their phone can get them killed. Think about women in violent home situations that may want to hide the fact that they are consulting a crisis counselor. Undoubtedly, this will make law enforcement’s job harder, and for that I will apologize, but so does literally every amendment in the Bill of Rights. It’s kind of the point.
- Not everyone is concerned about security. Not everyone has a need to be. And for many people, all these options will be confusing. So let the phone auto log someone into a default container. This will allow sales people to still demo the phone on the sales floor easily. This will allow your grandparents to text photos of the kids even though they think PGP is a new movie rating for young adults. It allows the phone to just be a phone.
I truly think these are the important next steps in the evolution of the device market. But I also tend to doubt that it will happen. Microsoft is on the losing end of the app game, but Apple stands to lose a lot from containers. Apple will need to be forced into this by competition from Android phones. But it seems like the Android community takes more of their cues for the for profit corporate world than the Linux community where they get their underlying operating system. I guess we will just have to wait and see.