“Surveillance-Proof” Encryption: Silent Circle by PGP Creator & a Navy SEAL

By on February 11, 2013 · 10:57 am
PrintEmail

Q. & A.


SilentCircle_BlackWhat does one get when a company is co-founded by: (1) An Internet Hall of Fame inductee who created PGP (Pretty Good Privacy) and was named one of the "top 50 tech visionaries of the last 50 years" while also receiving numerous other awards; and (2) a former Navy SEAL sniper and Special Operations communications expert who previously started a global defense and logistics firm? The answer is a company called Silent Circle, co-founded by Phil Zimmermann and Mike Janke, which now offers a suite of privacy-facilitating communications encryption services that may be more robust, capable, surveillance-resistant, and easy to use than any such services ever before available to private individuals, business enterprise, law enforcement agencies, military special operations, and non-profits.

Who Are Those People?


Throw into the recipe an additional "eclectic mix of world-renowned cryptographers, Silicon Valley software engineers, German VoIP engineers, Latvian system analysts and former US Navy SEALs and British Special Air Service (SAS) security experts", and the result is a complete suite of super-high-security encryption services covering most of the types of data that should be secured from prying eyes and ears. Initially being released for Apple products, the Android versions are also on the way to secure 3G and 4G mobile phone conversations, texting, VoIP high-definition video / voice teleconferencing, and e-mail.

Quoting the company's website: "We built this team with a mantra of “Friends & Family” – relationships and work histories that span over 20 years on just about every level." "We don’t like oppressive regimes, indiscriminate wiretapping, big brother, data criminals, intellectual property theft, identity thieves or governments that persecute their citizens for saying or writing their opinions." Making their position even more clear, the company promises in writing: "We will post the request we get from Government, Law Enforcement and worldwide legal entities for users’ data." "We are putting a stake in the ground for your right to have private conversations and to conduct business without fear of compromise."

The two co-founders have taken an oath that they will not take funding from venture capitalists. Silent Circle co-founder Phil Zimmerman made it clear while speaking at the Kaspersky Lab Security Analyst Summit in Puerto Rico, that Silent Circle will never provide law enforcement access back-doors or mechanisms for its products. The company has also stated its intention to release source code so their products' integrity can be verified by the entire software community.

The even better news is that Silent Circle operates in such a way that it retains almost no user data, and therefore has very little information to give to governments or anyone else. Silent Circle currently locates its servers in Canada because of that country's strong privacy protections, and has plans to place additional servers in other countries that offer similar protection. Many governments world-wide may not like that, but according to Phil Zimmermann in testimony to congress several years ago: "Trying to stop this is like trying to legislate the tides and the weather".

A Strange Symbiosis


Strangely enough, that actually works out to be a very good thing for government agencies of all kinds, including covert intelligence operations, members of Congress, and the court system, in addition to high-profile public figures, private individuals, and perhaps most of all, businesses of all sizes. The reason for that becomes clear when considering a 2004 Greek wiretapping case called the "Athens Affair" and sometimes referred to as the "Greek Watergate", because hackers seized control of the back-doors and spied on government officials. The taps were removed in 2005, but the criminals were never caught.


Silent-SliderAlso notable is an incident in which the hacker group known as "Anonymous" recorded an unencrypted, unsecured FBI conference call in which both Scotland Yard and the FBI were discussing how to stop the "Anonymous" hacking collective, though it is not entirely clear that they used a government installed back-door. It is clear however, that that both government agencies would have benefited from a secure encryption service without any back-doors for hackers to seize.

Encryption: It's Not Just for Criminals Anymore


The crux of the matter is both simple and potentially devastating to any government that installs back-door mechanisms into communications software to facilitate wiretapping by law enforcement and other government agencies. Those very same back-doors can be hacked by hostile foreign countries or criminal elements, and then used to spy on every level of the government that installed those back-doors. The very real potential for espionage raises the stakes even higher when back-door spy mechanisms are seized by either foreign governments or corporate hackers to gain advantage on either military operations, or commercial product developments by stealing information worth billions of dollars, or worth winning or losing in military conflicts.

As Phil Zimmermann's experience clearly indicates, it was only a few years ago that the U.S. government treated those creating or using encryption software as potential or actual criminals. By definition hackers "know no bounds", and data and communications hackers are now just as much a threat to government agencies, the military, the court system, and law enforcement as they are to private individuals and corporations. Back-doors swing both ways, and some in government are beginning to realize the fact that the best protection is not to install any back-doors at all.

Keys to Understanding Silent Circle


When Silent Circle subscribers send a text, or make a phone call or video chat to another SC member, their data is encrypted and secured end-to-end on their Apple or Android smartphone, tablet, or computer. Silent Circle describes it this way: "Key negotiations are purely peer-to-peer through the media stream. The ZRTP software detects when the call starts, and initiates a cryptographic key agreement between the two parties, and then proceeds to encrypt and decrypt the voice & data packets on the fly. The keys are destroyed at the end of the call." Adding to security, there is no voice-mail feature, and missed calls are displayed in the call log and as a notification.

Those keys are not retained on the server, and neither the company nor anyone else can access or listen to the conversations. Phone calls can be made to non-subscribers outside of the Silent Circle membership, in which case the call is encrypted all the way to the server, but unencrypted from the server to the non-subscriber, which still provides a substantial boost in privacy.

E-mail sent through the system is encrypted using server-side key encryption, and is not peer-to-peer.

The Silent Circle products go a long way toward addressing many issues and outright problems corporations are experiencing as a result of the growing BYOD (Bring Your Own Device) trend. The suite of products is known by the names: Silent Phone, Silent Text, Silent Eyes (video), and Silent Mail. Memberships are typically in the US-$20 to $30 per month range, and include a Silent Circle phone number.

Topics: Technology News Inventions & Innovations Laptops & Ultrathin Ultrabooks Smartphones & Mobile Devices Tablets

Tags

Join the conversation!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.