LAS VEGAS—Phil Zimmermann, the creator of Pretty Good Privacy public-key encryption, has some experience when it comes to the politics of crypto. During the “crypto wars” of the 1990s, Zimmermann fought to convince the US government to stop classifying PGP as a “munition” and shut down the Clipper Chip program—an effort to create a government-mandated encryption processor that would have given the NSA a back door into all encrypted electronic communication. Now Zimmermann and the company he co-founded are working to convince telecommunications companies—mostly overseas—that it’s time to end their nearly century-long cozy relationship with governments.

Zimmermann compared telephone companies’ thinking with the long-held belief that tomatoes were toxic until it was demonstrated they weren’t. “For a long time, for a hundred years, phone companies around the world have created a culture around themselves that is very cooperative with governments in invading people’s privacy. And these phone companies tend to think that there’s no other way—that they can’t break from this culture, that the tomatoes are poisonous," he said.

A call for crypto

Back in 2005, Zimmermann, Alan Johnston, and Jon Callas began work on an encryption protocol for voice over IP (VoIP) phone calls, dubbed ZRTP, as part of his Zfone project. In 2011, ZRTP became an Internet Engineering Task Force RFC, and it has been published as open source under a BSD license. It’s also the basis of the voice service for Silent Circle, the end-to-end encrypted voice service Zimmermann co-founded with former Navy SEAL Mark Janke. Silent Circle, which Ars tested on the Blackphone in June, is a ZRTP-based voice and ephemeral messaging service that generates session-specific keys between users to encrypt from end to end. The call is tunneled over a Transport Layer Security-encrypted connection through Silent Circle’s servers in Canada and Switzerland. ZRTP and the Silent Circle calls don’t rely on PGP or any other public key infrastructure, so there’s no keys to hand over under a FISA order or law enforcement warrant.

Now, thanks largely to the revelations of NSA and GCHQ monitoring of telecommunications triggered by documents leaked by Edward Snowden, there’s a growing market demand for call privacy —and telecom companies, especially in Europe, have become more receptive to the idea of giving customers the power to protect their privacy. In February, Dutch telecommunications carrier KPN signed a deal to be the exclusive provider of Silent Circle’s encrypted voice call service in the Netherlands, Belgium, and Germany. The company started offering Silent Circle services to customers this summer.

That move was driven, Zimmermann said, by KPN’s chief information security officer, Jaya Baloo. “She decided she wanted to break ranks from the rest of the phone companies and get KPN to offer their customers privacy,” Zimmermann said. “So for the first time, you see a phone company offer real privacy. My hope is that other phone companies will find the tomatoes are not poisonous.”

Defense through dependency

Thanks in part to Janke’s connections, the service has been adopted by the Navy SEALS—not just for calling home, but for operational communications, as well as Canadian, British, and Australian special operations forces, members of the US Congress and US law enforcement. “About a year ago we had a visit from the FBI in our office,” Zimmermann said. “Mike Janke called and told, ‘The FBI was in our office today,’ and I said, ‘Oh no, it’s started already.’ And he said, ‘No, no, they were just here to ask about pricing.”

All of this plays into Zimmermann’s strategy to keep government agencies from pressing for backdoors into Silent Circle's service. “I thought what we need is, we needed to create the conditions where nobody was going to lean on us for backdoors because they need it themselves. If Navy SEALs are using this, if our own government develops a dependency on it, then they’ll recognize that it would be counter-productive for them to get a backdoor in our product. Now maybe it was an overabundance of caution, because they never asked for a backdoor in PGP, but that took years to get that propagated into government customers. We saw government customers take this up almost as soon as the product was ready—in fact before the product was ready they were asking about it. So we’ve created a situation where it’s difficult for them to even bring up the suggestion of a backdoor.”

That’s not to say that everything has gone smoothly. Zimmermann’s company had to abandon its secure email service in the wake of the shutdown of LavaBit. “We wiped out our entire secure email service—backups, and everything,” Zimmermann told the Def Con audience. “Some of our customers were pissed off, but for the most part they understood we were protecting their privacy.”

Giving NIST (and RSA) the finger

Doing business with US government customers generally requires the use of National Institute of Standards and Technology (NIST) standards for encryption. But by default, Zimmermann said, Silent Circle uses an alternative set of encryption tools.

“It wasn’t because there was anything actually wrong with the NIST algorithms,” Zimmermann explained. “After the Snowden revelations, we felt a bit resentful that NIST had cooperated with the NSA."

He continued, “So to express our displeasure at NIST, we offered alternative algorithms. We’re using a new elliptic curve (encryption algorithm) that we commissioned Dan Bernstein to do for us, we use a Twofish block cypher, and we use Skein as our hash function.”

Silent Circle does offer the NIST algorithms as an alternative. But he took the opportunity to use the controversy over the NIST standard’s now-deprecated random number generator standard—one that was crafted by the NSA to provide a way to break encryption—to get in a few digs about an old adversary. “We’re not using the stupid random number generator that NIST did at the behest of the NSA,” he said in response to an Def Con audience question. “I can’t imagine why anyone would use such a stupid random number generator. But apparently RSA did, and put it in their Bsafe subroutine library, which is closed source. It’s funny, back in the 90s, back when RSA started the criminal investigation against me by calling up the prosecutor and asking him to put me in prison, they said RSA was the most trusted name in cryptography…So, it’s ironic that we find today that they were paid $10 million to put an NSA-designed random number generator in their subroutine library.”