I was invited to review this important, timely, and sound article from a non-technical standpoint by TJOE. My comments focus on making more explicit the urgent current need for such a case and other technical solutions for end users, and not just in conflict areas or in illiberal states.
1) The authors might want to underscore more explicitly at the beginning something they know very well: that targeting journalists with their phones is no mere theoretical possibility, but a rapidly expanding practice aided and abetted by offensive security corporations, such as Hacking Team, for governments in many shades of authoritarianism (here worth citing some of the fantastic work of Citizen Lab, such as https://citizenlab.org/2015/03/hacking-team-reloaded-us-based-ethiopian-journalists-targeted-spyware/ and the rest of their important reports; ( readers of TJOE would appreciate in particular the more technical forensic reports there).
And as I needn’t tell the authors, it’s worth perhaps stressing explicitly this isn't simply a problem with so-called authoritarian countries: the targeting of journalists within liberal democracies appears, likewise, a growing concern, as the roiling controversy about Canada’s CSIS (from yesterday: https://www.thestar.com/news/canada/2016/12/14/csis-breaches-promise-to-report-on-past-media-surveillance.html). I know E.S. has spoken often about this, but worth including explicitly.
2) US probably led the way with the declaration that dialing information has no reasonable expectation of privacy in Smith v. Maryland, and the subsequent application of this precedent to metadata writ large (for the longer story of phone interception, might cite Landau and Diffie’s great book).
But if US protections around metadata rather weak, they are considerably weaker in Five Eyes partners, notably the UK RIPA’s shockingly cavalier treatment of “communications data” and the Australian “telecommunications data,” all available with little legal friction to a broad range of domestic agencies, not just spooks and cops, e.g. at http://www.zdnet.com/article/61-agencies-after-warrantless-access-to-australian-telecommunications-metadata/ and in the text of RIPA itself. In other words, all sorts of quotidian domestic journalism and activism potentially affected now, in liberal democracies and illiberal polities alike: not just national security, but everyday domestic stories may be implicated.
3) Most importantly: I’d encourage the authors to outline briefly but a bit more thoroughly the diverse sorts of dangers posed by telephony metadata, better to explain the risk model focused on here: 1/ bulk collection generally, 2/ pattern of life analysis, and 3/ tracking of individual phones. This project, of course, cannot solve the larger problem of metadata associated with a particular sim or phone being accumulated and analyzed over time. But it would be extremely useful for 2/ and 3/. (A good citation for 2/ might be https://snowdenarchive.cjfe.org/greenstone/collect/snowden1/index/assoc/HASH01fd/9744a8b9.dir/doc.pdf )
The article is quite clear.
-The text does not cover anything about the updating process for the case and the attack surface this may provide; given that government seizure of phones at border crossings of US and others seems on the uptick, any sense of how to guarantee the integrity of the case’s software and hardware if seized even for a few minutes?
-While the ability to switch sims would very convenient, perhaps the display should remind the user than changing sims doesn’t alter the IMEI—a point most security aware users should know, but may forget. Perhaps an explicit reminder of this on the screen.
-Like the other reviewer, I’d urge the authors to address “why not a simple faraday” cage more forthrightly.
- Some of the points here and above would benefit from some illustration. If need the perfect graphic for the article, two NSA slides perfect: “who knew in 1984…that the would be big brother” [picture of Jobs holding iPhone] (https://snowdenarchive.cjfe.org/greenstone/collect/snowden1/index/assoc/HASHc240.dir/doc.pdf )
OPENNESS AND REPRODUCIBILITY
Little is said here about the software for the case’s independent cpu. Is there any envisioned auditing process to guarantee integrity of that software?