Governments Using, Also Fretting, Encrypted Communications App

from the you-can't-see-me dept

Named Silent Circle, it is in essence a series of applications that can be used on a mobile device to encrypt communications—text messages, plus voice and video calls. Currently, apps for the iPhone and iPad are available, with versions for Windows, Galaxy, Nexus, and Android in the works. An email service is also soon scheduled to launch.



The encryption is peer to peer, which means that Silent Circle doesn’t centrally hold a key that can be used to decrypt people’s messages or phone calls. Each phone generates a unique key every time a call is made, then deletes it straight after the call finishes. When sending text messages or images, there is even a “burn” function, which allows you to set a time limit on anything you send to another Silent Circle user—a bit like how “this tape will self destruct” goes down in Mission: Impossible, but without the smoke or fire.

The very features that make Silent Circle so valuable from a civil liberties and privacy standpoint make law enforcement nervous. Telecom firms in the United States, for instance, have been handing over huge troves of data to authorities under a blanket of secrecy and with very little oversight. Silent Circle is attempting to counter this culture by limiting the data it retains in the first place. It will store only the email address, 10-digit Silent Circle phone number, username, and password of each customer. It won’t retain metadata (such as times and dates calls are made using Silent Circle). Its IP server logs showing who is visiting the Silent Circle website are currently held for seven days, which Janke says the company plans to reduce to just 24 hours once the system is running smoothly.

Nadim Kobeissi, a Montreal-based security researcher and developer, took to his blog last week to pre-emptively accuse the company of “damaging the state of the cryptography community.” Kobeissi’s criticism was rooted in an assumption that Silent Circle would not be open source, a cornerstone of encrypted communication tools because it allows people to independently audit coding and make their own assessments of its safety (and to check for secret government backdoors). Christopher Soghoian, principal technologist at the ACLU's Speech Privacy and Technology Project, said he was excited to see a company like Silent Circle visibly competing on privacy and security but that he was waiting for it to go open source and be audited by independent security experts before he would feel comfortable using it for sensitive communications.

But what if, one day down the line, things change and Canada or another country where Silent Circle has servers tries to force them to build in a secret backdoor for spying? Janke has already thought about that—and his answer sums up the maverick ethos of his company.



“We won’t be held hostage,” he says, without a quiver of hesitation. “All of us would rather shut Silent Circle down than ever allow a backdoor or be bullied into an ‘or else’ position.”

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

As Glyn recently wrote about, while governments around the world are busy diving further and further into their citizens personal communications over their cell phones and the internet, the implementation of cryptography has been slow to catch up. We could point to several reasons for this, but chief among them appears to be the difficulty in encryption for the average user. Now, an ex-Navy SEAL and security defense contractor is looking to change that.Mike Janke is releasing a finished application, called Silent Circle, that is designed to provide encryption for communication and is supposedly easy to use. We've heard that promise before, so we'll have to see how close the reality matches the claims, but the goals are certainly lofty.Without the smoke or fire? What the hell is the point? Well, according to Janke, the point is civil liberties. He states that the idea for this service, which will be subscription based, came about during his time overseas. He noted the lack of an easy to use but still secure method for calling his family back home, while also recognizing the erosion of civil liberties from government snooping, and decided to develop Silent Circle. His development team includes some notable figures, such as Phil Zimmerman (who invented PGP encryption) and Jon Callas (responsible for Apple's whole-disk encryption). Silent Circle is reportedly light years easier to use than other encryption methods and already has several customers, including international news outlets and special forces military units.Still, despite governments seeing the value in the application for their own military forces, you just had to know they wouldn't be pleased with it appearing for use by the general public. But Janke insists the company has its bases covered to protect its customers.Now, to be fair, there have been promises of easy to use and secure encryption methods in the past, and they've failed to gain any steam. Likewise, the open source community is enormously important in validating the security and usability of this kind of thing, and there are some questions being posed about exactly how much Silent Circle will be available for testing.Janke has indicated that, to some extent at least, Silent Circle will be available for scrutiny, though exactly to what level remains to be seen. That said, he is housing his infrastructure outside of the United States for fear of laws that would require him to build in back doors for government snooping. As a start up, he's asking for a great deal of trust from his users, but all the right words appear to be there.The question I find more interesting is does something like Silent Circle initiate the first United States government outlawing of an otherwise legal application?

Filed Under: encryption, privacy