We all have multiple identities: we are spouses, colleagues, neighbors and friends all at once. These are various roles we play throughout the day and combined they form our unique identities. We instinctively know which role to play depending on the interactions we have with the people around us.

For officers in law enforcement, government or security agencies, correctly managing separate identities is not only a matter of social interaction: it could be the difference between life and death.

In today’s digital world, officers’ physical identities are linked increasingly to their activities online. Keeping these digital identities secure and separate from each other is now just as important to officers’ safety as their backup, bulletproof vests and firearms. Currently officers use throwaway phones – the “burner phones” of television and movies – to keep their identities separate and secure.

But protecting the phones themselves is nowhere near as important as protecting the data they contain. Agency IT departments would argue that the information stored on these phones is now kept to a bare minimum. We at Red Tulip Systems agree that this is typically the policy, but in practice it isn’t the IT department’s work that worries us the most.

We’ve witnessed it first-hand: the majority of security threats are not the result of malicious behaviour. Instead they originate from actions taken to save time, stemming from a mandate ‘to do more with less’ combined with a ‘just get things done’ mentality. If we borrow a term from the IT world, we can give these everyday, seemingly harmless actions a name: workarounds.

An example: we’ve worked with one service with extremely high security requirements, including issuing their employees specially procured and configured corporate phones. A fairly standard security measure with understandable goals.

So of course, the first thing the officers in this service did with those phones was to remove their SIM cards, trim them down, and stick them in their personal iPhones. As easily as that, they were all set to make calls and send texts. No big deal, right?

Wrong! Everyday workarounds like this can easily jeopardize officers’ identities. It’s all a matter of control. Unique identifiers are mixed, contacts are placed at risk, and the IT department loses oversight and is unable to monitor from day to day what happens on – and with – the phone.

Here’s how workarounds can easily blow an officer’s cover in the field or result in a serious data breach.

Browsing history:

Modern phones store loads of information without the user even knowing about it, whether it’s cache and history data in the browser or previous locations and future destinations stored in the route planner. It’s not too difficult to figure out where a person wants to go to or what their interests are: it’s all found in the history recorded on their phone.


A smartphone doubles as a portable GPS-tracking device. Remember back in 2003, when the CIA’s abduction and rendition of alleged terrorist Abu Omar backfired and agents were prosecuted? According to Wikipedia: ‘Because the agents had apparently not, at any time, removed the batteries from their cellphones, investigators were able to pinpoint their locations from moment to moment.’ Those were simple burner phones. Now imagine the capabilities thirteen years later with full GPS capabilities built in to every single smartphone.


Would anyone intentionally store secrets on their phone? We all hope not. Yet, even Hillary Clinton had classified documents pass through her phone during her tenure as US Secretary of State. She claims to have never sent classified information. Even if that’s true, isn’t all e-mail communication from a top-ranking official sensitive information?

It may seem harmless at first glance, but every email contains information that could potentially breach security if it wound up in the wrong hands. Think about phone numbers, locations, nicknames, schedules, etc. Even attachments may contain sensitive metadata about the sender and the recipient.

Call history and contact details:

It goes without saying: nobody should ever have access to a list of everyone you’ve talked to. Period. Still, too often, it seems like a harmless workaround for officers to simply save contact details or leave call history stored on their phones. Even if the contacts are left anonymous or given code names, it’s still a major threat if the phone is lost or stolen: all it takes to find out who is calling who, is to dial the number.

The solution:

Let’s agree that any phone being used by an officer in a government or security setting could reveal identity data or leak classified information. Importantly, it does not take an intentional security breach for this to happen. All it takes is someone cutting a few corners here and there and then losing their phone. An officer’s phone should be treated as a blank canvas. Every dot of information reveals something about the bigger picture.

Fortunately, it’s now possible to limit the amount of operational information stored on a phone to zero. The solution is to store data in the cloud. That’s why we created WorkFone, a solution that allows officers to use their work phones as if they were any other phone and to create multiple, separate identities.

No more workarounds or cutting corners to get things done: WorkFone provides access to as many phones as an officer requires and allows instant provisioning of new numbers. It offers NSA Suite B-compliant encryption and there’s no need to ever store data on the phone itself: the information is stored safely in the cloud or at the agency’s own data centre.

We know first-hand how difficult it is to keep identities apart, especially when the stakes are high. Police and security services have made significant investments to protect data stored on their servers and workstations. With WorkFone these agencies can leverage that investment, bring the same level of safety and security to their mobile workforce, and ensure that the thin line between identities never gets crossed.