The Light Phone, Inc. has announced pre-orders for the Light Phone II, a device with a monochrome e-ink display and no camera, designed to reduce phone distraction.

The Light Phone II will never have feeds, social media, advertisements, news or email. A special thanks to all of our backers for helping to make this project a reality. We’re humbled to have raised over $3.5 million on our crowdfunding campaign for Light II.

That sounds great, but at $350 per device and $3.5 million in the bank, one might expect a more robust website to address issues of security, data privacy, and functionality. Their website's privacy policy is pretty awful. Last week, we emailed The Light Phone, Inc. to ask how they intend to protect device owners.

Legal 101

Hi, we're interested in writing an article on the Light Phone II, and we have some questions about the device which don't appear to be listed on your website.



LightOS



- Who built LightOS, is it based on an existing platform, or did you develop it in-house from scratch? Is the OS code open source and public?



- Will details about each LightOS update be posted online in advance, so users will be able to review the features before deciding if they want to update?



- How will you guarantee the data integrity of the LightOS updates in transit to the device? Will you host and push the updates? Will any third parties be involved? Who?



Security



- Have you performed any in-house penetration testing? Do you have a Bug Bounty program? Have you invited any outside agency or individuals to perform penetration testing?



- Do the micro-USB port or headphone port provide data access to the device? If so, what data is available? Have you subjected the ports to penetration testing?



- What data encryption methods are used to guarantee the privacy of user data? What screen lock types are available (4-digit, 6-digit PIN vs full alphanumeric)?



Privacy



- Will device owners be able to disable Bluetooth 4.2, Wireless 802.11a, and GPS / location services? What, if any, telemetry is sent to you or via third-party applications?



- If you are served a warrant by federal, state, or local law enforcement or issued a National Security Letter (NSL) to assist in a criminal investigation, what safeguards have you implemented to protect device owners against data searches by your own staff?



- Where are your policies regarding all of the above (with emphasis on device data privacy) posted for potential owners to review?



I appreciate any insight you can provide.



Ethan Grant, CEO

Nefarious Laboratories

No Response

The Light Phone, Inc. has not responded to our inquiry, nor have they posted the answers to these questions on their website or blog. Like the Punkt MP-02, this appears to be yet another designer phone that's all flash and no substance.

Without formal policies and safeguards, device owners will be exposed to data privacy risks and legal uncertainty. In our opinion, the crowdfunded, bohemian cell phone industry emerging from NYC basements is in desperate need of strict government regulation and oversight.

Published September 08, 2019 by Ethan F Grant