Loading ...
Sorry, an error occurred while loading the content.

Expand Messages
  • Lou Novacheck
    *20121016- New Surveillance-Proof App To Secure Communications Has Governments Nervous* * * *Silent Circle promises to make encryption easy for everyone.* By
    Message 1 of 1 , Oct 23, 2012
    • 0 Attachment
      *20121016- New "Surveillance-Proof" App To Secure Communications Has
      Governments Nervous*

      * *

      *Silent Circle promises to make encryption easy for everyone.*

      By Ryan Gallagher <http://www.slate.com/authors.ryan_gallagher.html>

      http://www.slate.com/articles/technology/future_tense/2012/10/silent_circle_mike_janke_s_iphone_app_makes_encryption_easy_governments.single.html





      [image: Silent Circle logo.]

      Lately, Mike Janke has been getting what he calls the �hairy eyeball� from
      international government agencies. The 44-year-old former Navy SEAL
      commando, together with two of the world�s most renowned cryptographers,
      was always bound to ruffle some high-level feathers with his new project�a
      surveillance-resistant communications platform that makes complex
      encryption so simple your grandma can use it.



      This week, after more than two years of preparation, the finished product
      has hit the market. Named Silent Circle <https://silentcircle.com/>, it is
      in essence a series of applications that can be used on a mobile device to
      encrypt communications�text messages, plus voice and video calls.
      Currently, apps for the iPhone and iPad are available, with versions for
      Windows, Galaxy, Nexus, and Android in the works. An email service is also
      soon scheduled to launch.



      The encryption is peer to peer, which means that Silent Circle doesn�t
      centrally hold a key that can be used to decrypt people�s messages or phone
      calls. Each phone generates a unique key every time a call is made, then
      deletes it straight after the call finishes. When sending text messages or
      images, there is even a �burn� function, which allows you to set a time
      limit on anything you send to another Silent Circle user�a bit like how
      �this tape will self destruct� goes down in *Mission:
      Impossible*<http://www.youtube.com/watch?v=MA2KmJMKFrQ>,
      but without the smoke or fire.



      Silent Circle began as an idea Janke had after spending 12 years working
      for the U.S. military and later as a security contractor. When traveling
      overseas, he realized that there was no easy-to-use, trustworthy encrypted
      communications provider available to keep in touch with family back home.
      Cellphone calls, text messages, and emails sent over the likes of Hotmail
      and Gmail can just be �pulled right out of the air,� according to Janke,
      and he didn�t think the few commercial services offering encryption�like
      Skype<http://www.slate.com/blogs/future_tense/2012/07/20/skype_won_t_comment_on_whether_it_can_now_eavesdrop_on_conversations_.html>
      and Hushmail <http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/>�were
      secure enough. He was also made uneasy by reports about increased
      government snooping on communications. �It offended what I thought were my
      God-given rights�to be able to have a free conversation,� Janke says. �And
      so I began on this quest to find something to solve it.�



      Janke assembled what he calls an �all-star team�: Phil Zimmerman, a recent
      inductee to the Internet�s Hall of
      Fame<http://www.internethalloffame.org/official-biography-philip-zimmermann>,
      who in 1991 invented PGP encryption, still considered the standard for
      email security<http://searchsecurity.techtarget.com/definition/Pretty-Good-Privacy>.
      Jon Callas, the man behind Apple�s whole-disk encryption (which is used to
      secure hard drives in Macs across the world), became Silent Circle�s chief
      technology officer. Other employees were top engineers and
      ex-special-forces communications experts based in England, Latvia, and
      Germany. Together, they designed their own software, created a new
      encryption protocol called SCimp, registered their company offshore and
      outside U.S. jurisdiction, then built up their own network in Canada. (They
      eventually plan to expand to Switzerland and Hong Kong.)



      Though many encryption options already exist, they are often difficult to
      use, which is a barrier for those without the skills, patience, or time to
      learn. Silent Circle helps remove these hurdles. As a result, organizations
      that have a real need for secure communications but have maybe not
      understood how to implement them are coming forward and expressing interest
      in Silent Circle.

      Janke says he�s already sold the technology worldwide to nine news outlets,
      presumably keen to help protect their journalists� and sources� safety
      through encryption. (ProPublica, for one, confirmed it�s had �preliminary
      discussions� with Silent Circle.) A major multinational company has already
      ordered 18,000 subscriptions for its staff, and a couple of A-list actors,
      including one Oscar winner, have been testing the beta version. The basic
      secure phone service plan will cost $20 a month per person, though Janke
      says a number of human rights groups and NGOs will be provided with the
      service for free.



      The company has also attracted attention from 23 special operations units,
      intelligence agencies, and law enforcement departments in nine countries
      that are interested in using Silent Circle to protect the communications of
      their own employees�particularly on the personal devices that they use at
      home or bring to work. Some of these same agencies, perhaps unsurprisingly,
      have contacted Janke and his team with concerns about how the technology
      might be used by bad guys. Because Silent Circle is available to just about
      anyone, Janke accepts there is a real risk that a minority of users could
      abuse it for criminal purposes. But he argues you could say the same thing
      about baseball bats and says if the company is ever made aware someone is
      using the application for �bad illegal things��he cites an example of a
      terrorist plotting a bomb attack�it reserves the right to shut off that
      person�s service and will do so �in seven seconds.�



      The very features that make Silent Circle so valuable from a civil
      liberties and privacy standpoint make law enforcement nervous. Telecom
      firms in the United States, for instance, have been handing over huge
      troves of data to
      authorities<http://www.slate.com/blogs/future_tense/2012/07/09/ed_markey_wireless_surveillance_report_law_enforcement_requests_private_cell_phone_data_1_3_million_times_a_year.html>
      under a blanket of secrecy and with very little oversight. Silent Circle
      is attempting to counter this culture by limiting the data it retains in
      the first place. It will store only the email address, 10-digit Silent
      Circle phone number, username, and password of each customer. It won�t
      retain metadata (such as times and dates calls are made using Silent
      Circle). Its IP server logs showing who is visiting the Silent Circle
      website are currently held for seven days, which Janke says the company
      plans to reduce to just 24 hours once the system is running smoothly.



      Almost every base seems to have been covered. Biannually, the company will
      publish requests it gets from law enforcement in transparency reports,
      detailing the country of origin and the number of people the request
      encompassed. And any payment a person makes to Silent Circle will be
      processed through third-party provider Stripe <https://stripe.com/>, so
      even if authorities could get access to payment records, Janke says, �that
      in no way gives them access to the data, voice, and video the customer is
      sending-receiving ... nor does it tie the two together.� If authorities
      wanted to intercept the communications of a person using Silent Circle, it
      is likely they�d have to resort to deploying Trojan-style
      tools<http://www.slate.com/blogs/future_tense/2012/08/20/moroccan_website_mamfakinch_targeted_by_government_grade_spyware_from_hacking_team_.html>�infecting
      targeted devices with spyware to covertly record communications *before* they
      become encrypted.



      Among security geeks and privacy advocates, however, there�s still far from
      consensus how secure Silent Circle actually is. Nadim Kobeissi, a
      Montreal-based security researcher and developer, took to his
      blog<http://log.nadim.cc/?p=89>
      last week to pre-emptively accuse the company of �damaging the state of
      the cryptography community.� Kobeissi�s criticism was rooted in an
      assumption that Silent Circle would not be open
      source<http://opensource.org/osd.html>,
      a cornerstone of encrypted communication tools because it allows people to
      independently audit coding and make their own assessments of its safety
      (and to check for secret government backdoors). Christopher
      Soghoian, principal technologist at the ACLU's Speech Privacy and
      Technology Project, said he was excited to see a company like Silent
      Circle visibly competing on privacy and security but that he was waiting
      for it to go open source and be audited by independent security experts
      before he would feel comfortable using it for sensitive communications.



      When I asked Janke about this, he said he recognized the importance of the
      open-source principle. He says the company, contrary to Kobeissi�s
      assertion, will be using a noncommercial open-source license, which will
      allow developers to �do their own builds� of Silent Circle. �We will put it
      all out there for scrutiny, inspection, and audit by anyone and everyone,�
      he added.



      Another factor is that a number of countries are pushing for new
      surveillance laws<http://www.slate.com/articles/technology/future_tense/2012/08/how_governments_and_telecom_companies_work_together_on_surveillance_laws_.html>
      that will force many communications providers to build in backdoors for
      wiretapping. The Silent Circle team has been following these developments
      closely, and it seems to have played into the decision to register offshore
      and locate its multimillion-dollar network outside U.S. jurisdiction. Janke
      says he has consulted with Canada�s privacy commissioners and understands
      that the new push to upgrade surveillance capabilities in
      Canada<http://www.slate.com/blogs/future_tense/2012/05/23/c_30_surveillance_bill_in_canada_seeks_live_wiretap_of_internet_communications_.html>
      will not affect the company because its technology is encrypted
      peer-to-peer (making it technically incapable of facilitating a wiretap
      request even if it receives one).



      But what if, one day down the line, things change and Canada or another
      country where Silent Circle has servers tries to force them to build in a
      secret backdoor for spying? Janke has already thought about that�and his
      answer sums up the maverick ethos of his company.



      �We won�t be held hostage,� he says, without a quiver of hesitation. �All
      of us would rather shut Silent Circle down than ever allow a backdoor or be
      bullied into an �or else� position.�



      In an age of ever-increasing surveillance, it�s a gutsy stance to take.
      Perhaps Big Brother has finally met its match.



      *This article arises from Future Tense, a collaboration among Arizona State
      University, the New America Foundation, and **Slate**. Future Tense
      explores the ways emerging technologies affect society, policy, and
      culture. To read more, visit the **Future Tense
      blog*<http://www.slate.com/blogs/future_tense.html>
      *and the** **Future Tense home page* <http://www.slate.com/futuretense>*.
      You can also follow us** **on Twitter*<http://www.twitter.com/futuretensenow>
      *.*

      --
      Life is illusory and as fleeting as a bubble in a stream.
      ~ from the Diamond Sutra, the oldest printed book known, circa 868 AD,
      600 years before Gutenberg ever got ink on his fingers, and made of a
      material - paper - which was unknown in the West.


      "Respice post te! Hominem te esse memento! Memento mori!": "Look behind
      you! Remember that you are but a man! Remember that you'll die!�
      ~ Tertullian in his Apologeticus.[3]

      ---
      Looking for the best coverage of American music? You'll find it at
      www.ElmoreMagazine.com, and at www.NoDepression.com.

      Be sure to visit The Morton Report and BlogCritics for the best and the
      most diverse comments and reviews on every subject imaginable.


      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.