February 12, 2013
Silent Circle — Snapchat for grownups
Nicole Perlroth's February 5 New York Times story about a new encryption service for big girls and boys noted that it costs $20 a month — and that the company is so confident about its impenetrability that it's already "published its source code for review to prove that its encryption is secure and that there are no back doors."
Has your supposedly bomb-proof software undergone that test?
Didn't think so.
Below, excerpts from the article.
Phil Zimmermann, the creator of Pretty Good Privacy, is widely considered the godfather of encryption software. After making his software available for download in the 1990s, he was the subject of a criminal investigation that was eventually dropped in 1996. Today, his P.G.P. software is the most widely used e-mail encryption software in the world.
But these days, Mr. Zimmermann is busy with his new venture, Silent Circle, which provides encryption for smartphone users. At a security conference in San Juan, Puerto Rico, Mr. Zimmermann introduced the service, which is available for Android and iPhone. Silent Circle lets users make encrypted phone calls, send text messages, and do videoconferencing. Messages are scrubbed completely from the phone after a predetermined amount of time. Communications are secured using a new, peer-reviewed open-source encryption technology
Mr. Zimmermann's business partners include Jon Callas, who co-founded the PGP Corporation, which now belongs to Symantec, and two former Navy SEALs, Mike Janke and Vic Hyder. His target market, Mr. Zimmermann said, is soldiers based overseas, business people who operate in known surveillance states, human rights activists, dissidents and (more recently) journalists. Since starting Silent Circle in October, Mr. Zimmermann, said, he has spent nearly all his time in Washington signing up government agencies and contractors.
He was adamant that the service be subscription-based. Individual users pay $20 a month, while businesses are charged per employee. He said he was often asked why people would pay to use the service when they could just as easily make free calls with Skype.
"I tell them go ahead and use Skype — I don't even want to talk to you. This is for serious people interested in serious cryptography," he said. "We are not Facebook. We are the opposite of Facebook."
Silent Circle's interface looks a lot like the native iOS and Android dialing and text messaging features, and the videoconference service closely resembles Skype. Users are given 10-digit "silent numbers" that work with other Silent Circle subscribers. For an additional $29 a month, the numbers can be used to dial outside Silent Circle. In those cases, the service encrypts phone calls between its users and its servers in Canada, so anyone looking to track users wouldn't be able to trace them beyond Canada.
The company had its reasons for locating its servers in Canada, where they fall outside United States government control. Canada also has much stricter privacy laws than the United States or even the European Union. Mr. Zimmermann noted that law enforcement would not be able to eavesdrop on Silent Circle users and, for that matter, neither would Silent Circle.
"When we say we don't have the keys, we mean that," Mr. Zimmermann said, referring to the electronic key that would be necessary to decrypt a message.
There are now a number of apps that promise to secure communications. Wickr, a mobile app, performs a similar service that encrypts video, photos and text messages. Security researchers, however, complain that not enough is known about the app's protocols.
Anticipating that criticism, Silent Circle has published its source code for review to prove that its encryption is secure and that there are no back doors.
"I've spent my whole career on the principle of no back doors," Mr. Zimmermann said. "So we're not about to start."
While they are not exactly Silent Circle's target market, teenagers are increasingly using Snapchat, a popular mobile app that allows them to take and send pictures and control how long messages are visible on the recipient's phone. Facebook recently unveiled a service called Poke that competes with Snapchat. Those services make no encryption promises, and researchers have pointed out that a security flaw makes it easy for recipients to save messages without senders knowing about it. It is also unclear whether data sent through the services is wiped completely, which would make it impossible for forensics investigators or law enforcement officials to reconstruct messages.
Asked whether Mr. Zimmermann considered Snapchat a competitor, he chuckled. "I've never heard of it."
February 12, 2013 at 08:01 AM | Permalink
TrackBack URL for this entry:
Listed below are links to weblogs that reference Silent Circle — Snapchat for grownups:
Tiger could have used this a few million ago.
Posted by: sherlock | Feb 16, 2013 9:17:51 PM
Posted by: umm | Feb 13, 2013 1:47:13 AM
This should be mandatory and free for the average yutz and banned for people who know what it is and why they want to use it.
And I've had P.G.P. keys on the MIT key server since the service began...
Posted by: 6.02*10^23 | Feb 12, 2013 10:20:27 AM
The comments to this entry are closed.