Don’t Trust Us: Defense-in-Depth at Cape

02.05.25 - 7 min read

An image of a person standing in front of a building

In telecom, network trust has always been foundational, yet it remains a significant vulnerability, as incidents like Salt Typhoon have starkly demonstrated. At Cape, we’ve built our security approach around a simple idea: Don’t trust us. Instead of asking you to place blind faith in our systems, we’ve engineered them to protect your data—even from us.

The telecom ecosystem is built on inherent trust. Phones trust the networks they connect to, those networks trust each other, and this interconnected trust forms the backbone of global communication. But that trust comes with risks. Legacy systems expose users to surveillance, data breaches, and SIM swaps, because they assume trust in anyone who has access to the system. Cape rejects that assumption. By designing a system with minimal trust requirements, we’re flipping the telecom model on its head.

Here are some examples:

1. Encryption

In an increasingly interconnected telecom ecosystem, securing sensitive data against threats—both external and internal—is paramount.

Encryption: In Transit

Data exchanged between Cape’s systems and external vendors is safeguarded using robust encryption protocols, including app-level encryption for direct connects. This ensures that sensitive information remains secure as it moves through the network. App-level encryption on direct connects involves implementing encryption directly within the application layer to secure data transmitted over private, dedicated connections between Cape and its partners. Our encryption standards extend across a variety of critical integrations, including:

    • Roaming: Subscriber data and signaling exchanged with roaming partners are encrypted to prevent unauthorized access during cross-network handoffs.
    • CALEA (Communications Assistance for Law Enforcement Act): Secure pathways are maintained for compliance with lawful interception requests while safeguarding all other data from exposure.
    • e911: Emergency services location data and call information are transmitted via encrypted channels to ensure accuracy and confidentiality.
    • SIM Delivery and Fulfillment: Data exchanged during SIM provisioning and delivery is encrypted, ensuring subscriber information remains private throughout the process.
    • Trunking: Voice and messaging traffic routed over VoIP trunks are encrypted using industry standards, preventing eavesdropping on communications.

Encryption: Internal Workflows

Encryption doesn’t just apply to external communications—it’s embedded into every step of our internal workflows. We ensure that sensitive information remains secure throughout its lifecycle, even in our internal processes, by implementing a multi-layer encryption strategy:

Segregated Environments with Independent Encryption Keys

We maintain strict separation between our production and staging environments:

    • Production: Reserved for real users and devices, ensuring live data is handled with the utmost security.
    • Staging: Used exclusively for simulators and test code, where no real user data is present. Despite this, all workflows in the dev environment are encrypted to maintain consistency and prevent potential vulnerabilities.

Each environment uses unique encryption keys. Even if a key from the staging environment were compromised, it would not grant access to the production environment.

Limited Scope Data Keys

Our encryption model follows a limited scope approach:

    • Every piece of information stored in a workflow is encrypted with a unique data key, ensuring that the compromise of one key does not impact other workflows.
    • These data keys are themselves encrypted using a primary key specific to the environment. This layered approach means the encryption hierarchy is tightly controlled and isolated.
Comprehensive Coverage

Encryption isn’t limited to the obvious data touchpoints, like inputs from the mobile app or outputs back to it. We encrypt every step in between, covering:

    • Intermediate data generated during workflows.
    • Logs and system states involved in processing requests.
    • Any temporary data stored during operational processes.

2. Access Control and Monitoring

Cape goes beyond encryption to ensure your data remains secure by tightly controlling access and continuously monitoring for suspicious activity.

Fine-Grained Access Controls

Preventing unauthorized access to sensitive systems and data is central to Cape’s security strategy. Cape enforces fine-grained access control policies tailored to individual roles and responsibilities:

    • Every user’s access is limited to only the data and systems necessary for their role.
    • Employees and contractors cannot access information outside their defined scope of work.
    • Granular controls ensure no single user can access or manipulate sensitive data without proper authorization.

These policies significantly reduce the risk of insider threats and unauthorized actions.

Audit Logs for Transparency and Accountability

While encryption and access controls secure data, comprehensive logging provides transparency and accountability, enabling Cape to monitor and investigate any suspicious activity.

    • Non-Repudiable Logs: Cape maintains tamper-proof audit logs for all system activities, including access to sensitive data, configuration changes, and transactions. These logs are cryptographically secured to ensure their integrity.
    • Complete Visibility: Every action within Cape’s environment is recorded, from user logins to data queries. This visibility ensures any potential breach or misuse can be identified and traced.
    • Proactive Monitoring: Audit logs are continuously monitored to detect anomalies or unauthorized access attempts in real time, allowing Cape to respond swiftly to threats.

3. Minimal Data Storage

At Cape, we deliberately store as little data as possible. Unlike traditional carriers that pool user information, increasing its vulnerability, we’ve built our systems to minimize data retention. We don’t collect personal identifying information like your name, Social Security number, address, etc., because we don’t need it to operate our service. We also aim to minimize other customer data in the following ways:

Emergency Service Compliance Without Data Retention

We integrate with emergency service infrastructure to comply with safety obligations while protecting user data:

    • For e911, Cape provides location data securely to emergency responders through our underlying carrier, without storing it in our systems.
    • For text-to-911 and Wi-Fi calling, we provide some location information directly to emergency responders, and retain Call Detail Records (CDRs) for , which falls in line with regulatory requirements.
    • We don’t operate location-based services nodes like GMLC, meaning no location data can be accessed through our network.

Owning Our CALEA Infrastructure

Many small carriers rely on trusted third-party (TTP) providers for lawful interception compliance, giving outsiders access to their core networks. While we rely on trusted third-party providers for specialized systems like emergency service routing and payment tokenization, these integrations are designed to prevent sensitive data from ever passing through or being retained by Cape. In contrast, for lawful interception (CALEA), we chose to own and manage the infrastructure in-house. This decision minimizes third-party exposure to user communications, reflecting our commitment to protecting the most sensitive aspects of your privacy.

Tokenized Payments

We avoid storing payment information by partnering with Stripe for . When you enter payment details, Stripe replaces sensitive information with a secure token. This allows us to process transactions without exposing or retaining your credit card data.

4. Transparency Through Our Trust Portal

We don’t just say, “Don’t trust us”—we back it up with transparency. Our provides a comprehensive view of our privacy and security practices. Here, customers can access details about our encryption standards, compliance measures, and internal audits. This commitment to openness empowers you to make informed decisions about trusting Cape with your mobile connectivity needs.

Why Minimal Trust Matters

Traditional carriers demand your trust while hoarding your personal information—location data, call logs, payment details, and more. But trust, as history shows, can be misplaced. Cape takes a different approach: by relying on encryption, direct routing, and tokenized systems, we minimize the trust you need to place in us. Because real security doesn’t require blind faith.

Share it

Join our mailing list and stay up to date on all things Cape.

SIGN UP TODAY
Your email will be used to send you updates from Cape. It will never be associated with your account or shared with anyone else.
All provided information is protected by our Privacy Policy.
This site is secured by reCAPTCHA, which is subject to Google's Privacy Policy and Terms of Service.