AT&T’s recent major breach of customer data — 74 million accounts were affected — revealed just how much data carriers have on their users, and that data exists for the hack. On Thursday, a startup called Cape — based in Washington, DC and founded by a former executive from Palantir — announces 61 million dollars in funding to build what it claims will be a much more secure approach: It won’t be able to leak your name, address, Social Security number or location because it never asks for it in the first place.
“You can’t leak or sell what you don’t have,” according to company website. “We ask for the least amount of personal information and store sensitive credentials locally on your device, not on our network. This is secret by design.”
The funding is notable in part because Cape’s appeal to users has yet to be proven. The company emerged from secrecy just four months ago and has yet to launch a commercial service for consumers. That’s expected to happen in June, CEO and founder John Doyle said in an interview. It has a pilot project running, developing some of its technology with the US government, securing communications in Guam.
The $61 million it announced Thursday is a sum of three rounds: a seed and $21 million Series A (lifted up when it was still in stealth mode as one company called it Private Tech) and a Series B of $40 million. The latest round is being led jointly by A-Star and a16z, with XYZ Ventures, ex/ante, Costanoa Ventures, Point72 Ventures, Forward Deployed VC and Karman Ventures also participating. Cape did not disclose its valuation.
Doyle caught the attention of investors in part because his previous roles included nearly nine years working for Palantir as head of its national security business. Before that, he was a special forces sergeant in the US Army.
These jobs exposed him to users (such as government departments) who treated the security of personal information and privacy around data use as fundamental. But, more business-wise, they also made him think about consumers.
With the heavy focus that privacy and data security have on the public mind today – usually due to the many bad news we hear about data breaches, intrusive social network activities, and many questions about national security and digital networks – there is a clear opportunity to create tools like these for ordinary people as well, even if it seems like that might be impossible these days.
“It’s actually one of the reasons I started the company,” he told TechCrunch. “It seems like the problem is too big, right? It feels like our data is already out there and all these different ways and there’s really nothing that can be done about it. We’ve all adopted a learned helplessness about being able to be online but have some kind of privacy, some kind of control over our own data, but that’s not necessarily true.”
Cape’s first efforts will focus on provisioning eSIMs to users, which Doyle said would essentially be sold in a prepaid format to avoid the data that a contract might entail. Cape also announced Thursday a partnership with UScellular, which itself provides an MNVO covering 12 mobile networks. Doyle said Cape is also talking to other telcos. Initially, this eSIM is unlikely to be bundled with any mobile devices, although that’s also not off the table for the future, Doyle said. Nor will the company provide encryption services around apps, voice calls and mobile data, at least not initially.
“We are not focused on securing the content of communications. There are a plethora of app-based solutions out there, apps like Proton Mail and Signal and WhatsApp and other encrypted messaging platforms that do a good job, to varying degrees, depending on who you trust to secure the content of your communications. ” he said. “We focus on your location and your identity data, in particular, as it relates to connecting to commercial cellular infrastructure, which is a related but separate set of problems.”
Cape isn’t the only company on the market trying (or trying, in the past) to tackle privacy in the mobile realm, but none of them have really made a mark so far. In Europe, recent efforts include MVNO Murena, OS maker Jolla and hardware company Punkt. Those that have come and gone include Privacy Phone (FreedomPop) and Blackphone (by GeeksPhone and Silent Circle).
There is already the option to buy a prepaid US SIM card anonymously, but Cape points out that this has other compromises and is not as secure as what Cape makes. Although payments for this may be anonymous, a user’s data is still routed through the underlying provider’s network infrastructure, making the user’s movements and usage observable. You can also be open to SIM swap attacks and spam.
For the a16z, the investment becomes part of the company’s “American Dynamism” effort, which this week acquired $600 million increase of the last $7.2 billion in VC capital raised.
“Cape’s technology is a response to long-standing, critical vulnerabilities in today’s telecommunications infrastructure that affect everything from homeland security to consumer privacy,” Katherine Boyle, general partner at a16z, said in a statement. “The team is the first to apply this caliber of R&D to rethinking legacy telecom networks and is well-positioned to reshape the way mobile operators think about their subscribers – as customers instead of products.”
