Legal 101Hi, we're interested in writing an article on the Light Phone II, and we have some questions about the device which don't appear to be listed on your website. LightOS - Who built LightOS, is it based on an existing platform, or did you develop it in-house from scratch? Is the OS code open source and public? - Will details about each LightOS update be posted online in advance, so users will be able to review the features before deciding if they want to update? - How will you guarantee the data integrity of the LightOS updates in transit to the device? Will you host and push the updates? Will any third parties be involved? Who? Security - Have you performed any in-house penetration testing? Do you have a Bug Bounty program? Have you invited any outside agency or individuals to perform penetration testing? - Do the micro-USB port or headphone port provide data access to the device? If so, what data is available? Have you subjected the ports to penetration testing? - What data encryption methods are used to guarantee the privacy of user data? What screen lock types are available (4-digit, 6-digit PIN vs full alphanumeric)? Privacy - Will device owners be able to disable Bluetooth 4.2, Wireless 802.11a, and GPS / location services? What, if any, telemetry is sent to you or via third-party applications? - If you are served a warrant by federal, state, or local law enforcement or issued a National Security Letter (NSL) to assist in a criminal investigation, what safeguards have you implemented to protect device owners against data searches by your own staff? - Where are your policies regarding all of the above (with emphasis on device data privacy) posted for potential owners to review? I appreciate any insight you can provide. Ethan Grant, CEONefarious Laboratories
What a No-Carrier Phone Could Look Like
No ResponseThe Light Phone, Inc. has not responded to our inquiry, nor have they posted the answers to these questions on their website or blog. Like the Punkt MP-02, this appears to be yet another designer phone that's all flash and no substance.
Without formal policies and safeguards, device owners will be exposed to data privacy risks and legal uncertainty. In our opinion, the crowdfunded, bohemian cell phone industry emerging from NYC basements is in desperate need of strict government regulation and oversight.Published September 08, 2019 by Ethan F Grant