Don’t throw out that old phone — turn it into a privacy device

An idea aimed at consumers just might work for enterprises that want to safeguard communications too

old nokia phones
Jorge Barrios

Most forms of communication used by enterprises these days are highly prone to being intercepted, whether by law enforcement, cyberthieves, corporate spies, or wayward employees and contractors. That leaves enterprise IT open to new approaches to safeguard communications. I just saw one creative idea on the Lifehacker website suggesting that outdated mobile devices could be used as top-secret, Wi-Fi-based privacy devices.

The core of this idea is that old smartphones that are no longer tied to a cellular network can use Wi-Fi (preferably someone else’s, to ensure non-traceability); a number-assigning service to send text messages or even place calls; and a VPN to encrypt the texts and anonymize location. Lifehacker focused on the usefulness of such privacy devices for law-abiding individuals. But I think enterprises could benefit too.

I am not condoning anything that would skirt the law and keep illicit activity out of sight. But enterprises always want to keep sensitive information away from competitors and hackers, and they sometimes have a legitimate interest in keeping communications out of the hands of law enforcement agencies, whose probes invariably capture a lot of irrelevant data. Merger negotiations come to mind. No company wants criminals or competitors to intercept such sensitive information, but they also would rather that it not get swept up by investigators, who could make it part of the public record.

Repurposed old cellphones could come in handy in other situations. Suppose you hear rumors that your tech staff or call center employees are treating people poorly. You could use untraceable cellphone privacy devices to call in and see for yourself.

Or a retailer’s loss-prevention people could move in on a professional shoplifter by reaching out and pretending to be an interested buyer. That won’t work so well if the incoming call is clearly from HQ.

The Lifehacker article makes a good point about why using an old phone is the best way to go: “You could do this with your normal, everyday phone, but the goal here is to be as untraceable as possible, and your real phone carries and leaks a ton of data about you, where you go, and what you do. The disposability of an old device that’s doing nothing but acting as a ghost texting phone is important here. Plus, worst case, you can always wipe it or toss it, no harm no foul.”

Just don’t get carried away. Most of your communications should continue on normal channels. Keep these ghost phones locked up, and let them out only for purposes that have been approved at a high level of the hierarchy.

With all of the public and private surveillance going on and records being kept, true privacy is hard to find. Maybe, just maybe, you can find a little slice of privacy in those phones you’re about to destroy. It’s a cost-effective idea worth considering.

This story, "Don’t throw out that old phone — turn it into a privacy device" was originally published by Computerworld.

Copyright © 2015 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)