AT&T’s recent mega customer data breach — 74 million accounts impacted — laid bare how much data carriers have on their users, and also that the data is there for the hacking.
Today, a startup called Cape — based out of Washington DC and founded by a former executive from Palantir — is announcing $61 million in funding to build what it claims will be a much more secure approach: it won’t be able to leak your name, address, social security number, or location, because it never asks for these in the first place.
“You can’t leak or sell what you don’t have,” it says. “We ask for the minimal amount of personal information and store sensitive credentials locally on your device, not on our network. That’s privacy by design.”
The funding is notable in part because Cape’s appeal to users is not yet proven. The company only came out of stealth four months ago, and it has yet to launch a commercial service for consumers — that’s due to come in June, CEO and founder John Doyle said in an interview. It has one pilot project in operation, deploying some of its tech with the U.S. government, securing communications on Guam.
The $61 million it is announcing today is an aggregation across three rounds, a Seed and Series A of $21 million (raised when it was still in stealth mode as a company called Private Tech) and a Series B of $40 million. The latest round is being co-led by A* and Andreessen Horowitz, with XYZ Ventures, ex/ante, Costanoa Ventures, Point72 Ventures, Forward Deployed VC, and Karman Ventures also participating. Cape is not disclosing its valuation.
Doyle will have attracted that investor attention in part because his past roles have included nearly nine years of working for Palantir as the head of its national security business, and prior to that, as a Special Forces Sergeant in the U.S. Army.
Those jobs may have exposed him to users (government departments) who treated the security of personal information and privacy around data usage as essential. But, more entrepreneurially, they also got him thinking about consumers.
With the big focus that data privacy and security have today in the public consciousness — typically because of the many bad-news stories we hear about data breaches, the encroaching activities of social networks, and many questions about national security and digital networks — there is a clear opportunity to build tools like these for ordinary people, too, even if it feels like that might be impossible these days.
“It’s actually one of the reasons I started the company,” he said in the interview. “It feels like the problem is too big, right? It feels like our data is already out there in all these different ways and there’s really nothing to be done about it. We’ve all adopted a learned helplessness around the ability to be connected, but still have some sort of privacy, or some sort of control over our own data, but that’s not necessarily true.”
Cape’s first efforts will be focused on providing eSIMs to users, which Doyle said would be sold essentially on a prepaid format to avoid the data that a contract might entail (subscription marketing speaks better). (Cape today also announced a partnership with USCellular — which itself provides a MNVO covering 12 cellular networks — and Doyle said that it’s talking with other telcos, too). Initially, it’s unlikely to bundle that eSIM with any mobile devices, although that also is not off the table for the future, Doyle said. Nor will the company provide encryption services around apps, voice calls and mobile data, at least not initially.
“We’re not focused on securing the content of communications. There’s a whole host of app-based solutions out there, apps like ProtonMail and Signal, and WhatsApp and other encrypted messaging platforms that do a good job, to varying degrees, depending on who you trust, for securing the contents of your communications,” he said. “We are focused on your location and your identity data, in particular, as it relates to connecting to commercial cellular infrastructure, which is a related but separate set of problems.”
Cape’s not the only company in the market that is trying (or has tried, past-tense) to address privacy in the mobile sphere, but none of them have really made a mark so far. In Europe, recent efforts include the MVNO Murena, the OS maker Jolla, and the hardware company Punkt. Those that have come and gone include the Privacy Phone (FreedomPop) and Blackphone (from Geeksphone and Silent Circle).
You also currently already have the option to buy a prepaid SIM in the U.S. anonymously, but Cape points out that this current has other tradeoffs and isn’t as secure as what Cape is building. Although payments for this might be anonymous, a user’s data is still routed through the network infrastructure of the underlying carrier, making a users movements and usage observable. You can also still be open to SIM swap attacks and spam.
For a16z, the investment is becoming a part of the firm’s “American Dynamism” effort, which this week got a $600 million boost from the latest $7.2 billion in funds that the VC raised.
“Cape’s technology is an answer to long-standing, critical vulnerabilities in today’s telecom infrastructure that impacts everything from homeland security to consumer privacy,” said Katherine Boyle, general partner at Andreessen Horowitz, in a statement. “The team is the first to apply this caliber of R&D muscle to rethinking legacy telecom networks, and are well placed to reshape the way mobile carriers think about their subscribers — as customers instead of products.”
[…] giant Salesforce was eyeing a potential acquisition of Informatica, a long-standing data management company with roots predating the cloud. However, the idea was met with immediate backlash from investors on […]