AT&T’s recent mega customer data breach — 74 million accounts affected — laid bare how much data carriers have on their users, and also that the data is there for the hacking. On Thursday, a startup called Cape — based out of Washington, D.C., and founded by a former executive from Palantir — is announcing $61 million in funding to build what it claims will be a much more secure approach: It won’t be able to leak your name, address, Social Security number or location because it never asks for these in the first place.
“You can’t leak or sell what you don’t have,” according to the company’s website. “We ask for the minimal amount of personal information and store sensitive credentials locally on your device, not on our network. That’s privacy by design.”
The funding is notable in part because Cape’s appeal to users is not yet proven. The company only came out of stealth four months ago, and it has yet to launch a commercial service for consumers. That’s due to come in June, CEO and founder John Doyle said in an interview. It has one pilot project in operation, deploying some of its tech with the U.S. government, securing communications on Guam.
The $61 million it announced Thursday is an aggregation across three rounds: a seed and Series A of $21 million (raised when it was still in stealth mode as a company called Private Tech) and a Series B of $40 million. The latest round is being co-led by A-Star and a16z, with XYZ Ventures, ex/ante, Costanoa Ventures, Point72 Ventures, Forward Deployed VC and Karman Ventures also participating. Cape is not disclosing its valuation.
Doyle attracted that investor attention in part because his past roles have included nearly nine years of working for Palantir as the head of its national security business. Prior to that, he was a special forces sergeant in the U.S. Army.
Those jobs exposed him to users (like government departments) who treated the security of personal information and privacy around data usage as essential. But, more entrepreneurially, they also got him thinking about consumers.
With the big focus that data privacy and security have today in the public consciousness — typically because of the many bad-news stories we hear about data breaches, the encroaching activities of social networks and many questions about national security and digital networks — there is a clear opportunity to build tools like these for ordinary people, too, even if it feels like that might be impossible these days.
“It’s actually one of the reasons I started the company,” he told TechCrunch. “It feels like the problem is too big, right? It feels like our data is already out there and all these different ways and there’s really nothing to be done about it. We’ve all adopted a learned helplessness around the ability to be connected, but have some sort of private, some sort of control over our own data, but that’s not necessarily true.”
Cape’s first efforts will be focused on providing eSIMs to users, which Doyle said would be sold essentially on a prepaid format to avoid the data that a contract might entail. Cape on Thursday also announced a partnership with UScellular, which itself provides an MNVO covering 12 cellular networks; Doyle said that Cape is talking with other telcos, too. Initially, it’s unlikely to bundle that eSIM with any mobile devices, although that also is not off the table for the future, Doyle said. Nor will the company provide encryption services around apps, voice calls and mobile data, at least not initially.
“We’re not focused on securing the content of communications. There’s a whole host of app-based solutions out there, apps out there like Proton Mail and Signal, and WhatsApp and other encrypted messaging platforms that do a good job, to varying degrees, depending on who you trust for securing the contents of your communications,” he said. “We are focused on your location and your identity data, in particular, as it relates to connecting to commercial cellular infrastructure, which is a related but separate set of problems.”
Cape’s not the only company in the market that is trying (or has tried, past-tense) to address privacy in the mobile sphere, but none of them has really made a mark so far. In Europe, recent efforts include the MVNO Murena, the OS maker Jolla and the hardware company Punkt. Those that have come and gone include the Privacy Phone (FreedomPop) and Blackphone (from GeeksPhone and Silent Circle).
There’s already the option to buy a prepaid SIM in the U.S. anonymously, but Cape points out that this has other trade-offs and isn’t as secure as what Cape is building. Although payments for this might be anonymous, a user’s data is still routed through the network infrastructure of the underlying carrier, making a user’s movements and usage observable. You can also still be open to SIM swap attacks and spam.
For a16z, the investment is becoming a part of the firm’s “American Dynamism” effort, which this week got a $600 million boost from the latest $7.2 billion in funds that the VC raised.
“Cape’s technology is an answer to long-standing, critical vulnerabilities in today’s telecom infrastructure that impacts everything from homeland security to consumer privacy,” said Katherine Boyle, general partner at a16z, in a statement. “The team is the first to apply this caliber of R&D muscle to rethinking legacy telecom networks, and are well placed to reshape the way mobile carriers think about their subscribers — as customers instead of products.”