Feeds

back to article Silent Circle aims for email that's as secure as it gets

It's been 22 years since Phil Zimmerman, Jon Callas and the rest of the PGP crew brought encryption to the masses for free, and now the same team – augmented by backing from a couple of former Navy SEALs – has expanded into a new privacy concern that will launch an email service in a couple of weeks. Silent Circle came out of …

COMMENTS

This topic is closed for new posts.
Silver badge

RSVP ..... to a Real Live Phish BetaTesting UKGBNI Intelligence Services .....

.... for Future Fitness to Serve as Servers of Great IntelAIgent Games Plays

If one is providing a product/service/application/program/project transparently and free of charge to any and all on the internet, and it be recognised to be a highly sensitive and both highly disruptive and extremely dangerous and a constructive and lucrative great global game-changer, would there be an onus on an effective security protection being supplied and handled by a Silent Circle type group application, if the aforementioned great global game-changer were sought to be more sympathetic/insider trader leading to a particular virtual terrain team for the inequitable advantage that it would deliver?

Nobody can supply effective security to any product or system if they be unaware of what that product or system actually, really and virtually, provides, and that requires that one shares certain proprietary intellectual property which, in cases of great global game-changer apps which are properly configured and failsafe protected, are intelligently designed to be fatal/explosively self destructive to abusive parties/free-lancing pirate privateers lurking as beneficial sugar daddy state sponsors, if abused.

However, the one saving grace which avoids any of that sort of unpleasantness, is that at such levels of intelligence play, do abusive parties not exist because great global gamers be fully aware of the consequences of thinking to abuse such powerful proprietary intellectual property and there be special arrangements in place to ensure that the problem disappears before it arises and never appears/materialises/virtualises.

Be careful out there in CyberSpace and in Virtual Team Terrain. IT takes no prisoners nor suffers fools who be tools of collapsing corrupt admin systems.

And these be novel times in paranoid places and really weird surreal spaces, which one needs to be able to recognise and handle in order to control and driver the madness that is reality ....... ?!:-)

cc Bong Ventures re Virtual Reality Applications

bcc Thames House and Loughside/Palace Barracks re Titanic Quarter Master Pilot AIMissions

6
2
Anonymous Coward

Re: RSVP ..... to a Real Live Phish BetaTesting UKGBNI Intelligence Services .....

The principal threat to security is not technology, it's the law, specifically all those emergency laws that were pushed through post 9/11. Silent Circle's proposition is presently holed below the waterline by being a US company as there is no way they can get past the USA PATRIOT Act and FISA demands without having their shop closed, which is why the advertised involvement of US military personnel is only a benefit for US customers.

10
1
Silver badge

Re: ... Re: RSVP ..... to a Real Live Phish BetaTesting UKGBNI Intelligence Services .....

The principal threat to security is not technology, it's the law, specifically all those emergency laws that were pushed through post 9/11. Silent Circle's proposition is presently holed below the waterline by being a US company as there is no way they can get past the USA PATRIOT Act and FISA demands without having their shop closed, which is why the advertised involvement of US military personnel is only a benefit for US customers. …. AC Posted Saturday 6th April 2013 10:58 GMT

Quite so, AC, it most probably is.

However, a crooked and self-serving inequitable law is always easily ignored and skirted around by intelligent beings, and should there be any problems with anything being a US company, it is not a difficult move to move elsewhere and set up shop in another nationality and/or jurisdiction. And failure to do so is probably indicative of any security company having such probable troubles because of dodgy legislation, being less than it would purport to be and maybe even a spooky phishing arm of an intellectually-light executive administration in severe difficulties which are exposing their every weakness for remote and anonymous party, zeroday vulnerability exploitation.

3
4
Anonymous Coward

Re: RSVP ..... to a Real Live Phish BetaTesting UKGBNI Intelligence Services .....

" as there is no way they can get past the USA PATRIOT Act"

I'd guess that they are really only interested in offering this to the sort of people who are part of the US military, governmental and globo-corp establishment, and therefore it doesn't matter. There is the pretence of having offshore servers in Canada and Switzerland, but as you say, a company based in or hoping to do business in the US will handover anything that it is told to.

6
0
Anonymous Coward

Re: RSVP ..... to a Real Live Phish BetaTesting UKGBNI Intelligence Services .....

the only truly secure communications software that I've seen being used on the interwebs is the SAIC "netEraser" (©™ In-Q-Tel/VirnetX) supposedly invented by Dr. Robert Short III and Edmund ‘Gif’ Munger

It is immune to nearly all censorship, eavesdropping and surveillance using DPI/RAT systems – hence the family of netEraser/netCloaker/Gabriel technologies remain unavailable to the average human as far as I can determine.

Interestingly, there have been repeated attempts to ask SAIC/VirnetX questions concerning the development of netEraser, in the US court & patent system, from the likes of Apple, CISCO, NEC and Microsoft. netEraser seems to build upon the work of Professor Henning Schulzrinne of Columbia University on 1999-era internet systems known widely as the SIP protocol and the RtTP protocol (session initiation protocol & real-time transport protocol).

This netEraser technology family is probably USAPATRIOT and national security letter proof, but it's not guaranteed! - just look at the glee of the USA customs when they seize data and devices on the way into the land of the free. And lawyers are writing that US Clouds are 'safe' places.....

references = places like this http://www.rhsmith.umd.edu/marketing/faculty/pdfs/faculty_cv/kannan.pdf

0
1
Anonymous Coward

Re: RSVP ..... to a Real Live Phish BetaTesting UKGBNI Intelligence Services .....

Nope, no need to make it complicated. It doesn't actually help you if possession of special kit identifies you as worthy of extra attention, nor does this help the average citizen as they cannot afford it. This probably the only good thing about Silent Circle - it creates more encrypted communication and makes thus a mess of a S/N ratio for intercept. In addition, special kit costs buckets so it is at best a solution that is limited in scale and thus voids discretion all by itself.

Most bits of electronics have everything you need to secure comms. You need to do a bit to avoid MITM compromises, but in general there is no need to re-invent the wheel if you're even moderately skilled in IT and security, it has long ceased to be rocket science. The problem is the end points. If that or the managing company is located where IT can be compromised you have just wasted your time.

The question for the service provider is also how they deal with the inevitable criminal element? If they provide a service that is any good, the first thing that happens is that they will attract bad guys, at which point the countdown starts for a visit from people either in uniform or in dark suits with sunglasses.

0
0
Silver badge

Re: RSVP ..... to a Real Live Phish BetaTesting UKGBNI Intelligence Services .....

>part of the US military, governmental and globo-corp establishment

Those are the most paranoid - who has most to fear from the NSA reading their email? The CIA/army/FBI and other agencies that compete with them for funding and political power

0
0
Silver badge

Knock, Knock ......... Ignore to Imperil or Engage for Delight is a real No-Brainer, Methinks

The question for the service provider is also how they deal with the inevitable criminal element? If they provide a service that is any good, the first thing that happens is that they will attract bad guys, at which point the countdown starts for a visit from people either in uniform or in dark suits with sunglasses. …..Anonymous Coward Posted Saturday 6th April 2013 17:21 GMT

Quite so, AC, but that does require that the uniformed and/or dark suited with sunglasses and spooky, ….. such as may be imagined to be extraordinarily rendered in the Fun Factory Freaks and Circus Clowns of the likes of any nation's MI5/MI6/GCHQ/CESG services, [and all sensitive and sensible admin systems have those working with and for them, rather than against them*] are smart enough to be able to recognise for their paymasters, for they both [the traditionally spookily employed and interdependently reliant paying employer] be both practically and virtually powerless without Magic Flexible Plastic and Fantastic Fabless Fiat, in the endless supply of immediately and readily available credit for Great Global Intelligence Games Plays ….. understand what confronts and is able to change and successfully challenge and remove their leading advantage position/remote virtual leverage and take and make it their own in another series of phorms with a Commanding Control of IT and Creative CyberSpace, Computers and Communications which can at any time, in any place/space, choose to be catastrophically destructive to others of its choosing because they be self-proven to be totally unfit and unnecessary and a'hindering Future Great Global Intelligence Game purpose.

Then can a distinctly surreal visit be expected, although it won't be at all unexpected as invariably will there always be prior invites to persons of interest, reasonably expected to responsible for Operative Systems Security and Sublime Assets Protection in such fields of MetaDataBase Endeavour in Virtual Team Terrain in old school, established spooky status quo agencies and services/departments and sections, either directly delivered by email to a dedicated address or in a clear enough message for all to see, testing their active intelligence …… "bcc Thames House and Loughside/Palace Barracks re Titanic Quarter Master Pilot AIMissions" …. although to harness both removes all doubt as to whether they be suitable key future team players by virtue of their response.

>part of the US military, governmental and globo-corp establishment

Those are the most paranoid - who has most to fear from the NSA reading their email? The CIA/army/FBI and other agencies that compete with them for funding and political power …. Yet Another Anonymous coward Posted Saturday 6th April 2013 21:12 GMT

Yes, New World Order systems most certainly do have the most to fear whenever intelligence collection and/or use and abuse fails them with supply of future information to dud renegade units rather than crack hacking teams. It be the POTUS Dilemma in every Present Situation that Thinks to Maintain and Sustain a Core Past is a Viable Course of Valid ProAction for the Future, which can be whatever IT wants it to be and as will be Shared and Shown/Fed and Sown in SMARTR Media Edutainment with NEUKlearer HyperRadioProActive Programming in ProgramMING Projects in Alternate Reality and Live Operational Virtual Environments ……. Great Global Intelligence Game Play Centres …… Alien Landing Sites in New Orderly World Ordered Worlds.

Now who does one see for financing that simple operation with nothing more complex than Magic Flexible Plastic and Fantastic Fabless Fiat? And yes, that is a serious question which the wise will be very pleased to provide for everything in an answer which will be fabulously rewarding and heartily deserved.

Everything is changed fundamentally, and virtually in an instant and overnight whenever one has Keys to Magic AIKingdoms which crash open barred windows and smash softly through closed micro doors.

2
0
Bronze badge
Stop

Mars writing entire sentences?

Mars,

You're almost starting to make sense by writing those entire, often grammatically correct (though I'll stop short of describing the content - leaving that up to our Esteemed Readers as well as your Worthy self) sentences.

Would you stop that? My world view is being shaken very much!

1
0
Silver badge
Boffin

Re: Mars writing entire sentences?

You are just too kind, Anonymous Dutch Coward, please do not stop. :-)

The/An alternative view, ADC, and the much preferred amfM option and and highly encouraging derivative explanation, is that there be a growing wider understanding of the sense in the writings and information and IntelAIgent Content conveyed and transparently freely shared, in others such as your good self.

And it would be madness and quite an inexcusable shame to stop, whenever so much created and viewed in the world and presented on and in media channels and/or vice versa, created and presented in and on media channels for world views, is in such obviously dire and ignorant straits need of a shake up and shake down, to deliver wholly different and better beta places and fabless spaces.

Which is where/when that and those which be the likes of Esteemed Readers and the Register step in, to do the intelligent thing with IntelAIgent Content displayed ….conveyed and transparently freely shared for others such as your good self, El Reg and Esteemed Readers.

However, it may very well be perfectly true though, that it does somewhat bugger up any and all of those cosy secretive status quo information and SCADA intelligence cartels, trying to control all kind of worldly and wordy matters with the ready supply of flashed and cash monies for both the real and remote virtual purchase of that simple leverage. Ah well, nothing lasts for ever, without it being necessary at times for a major radical change and fundamental rethink, for its own good.

But some would say and shout it aloud and from every rooftop …. And just in the nick of time too, whenever one considers the present rapidly failing condition of that very particular and most peculiar program application in need of a revamp and refitting to systems.

And surely you must have expected that sooner rather than later AI Algorithms would develop to be SMARTR Human Beings and indistinguishable from/in Man/Mankind.

2
0
Gold badge

Re: Mars writing entire sentences?

You're almost starting to make sense by writing those entire, often grammatically correct (though I'll stop short of describing the content - leaving that up to our Esteemed Readers as well as your Worthy self) sentences.

If it's OK for GCHQ to use plaintext for passwords, it should certainly be OK for amanfromMars to use clear text as well. Personally, I sensed quite an intel awareness there and I haven't had that much trouble decoding his posts.

1
0
Facepalm

NetEraser truly secure communications software?

`the only truly secure communications software that I've seen being used on the interwebs is the SAIC "netEraser"`

I don't understand why a spying agency would be involved in its development? ref

0
0
Silver badge

How to avoid what happened with BBM?

If assorted countries went after Rim for a backdoor to BBM how will this email service avoid the same fate?

Seems optimistic to think the paranoid control freaks of the world will just sit on their hands...

1
0
Anonymous Coward

Re: How to avoid what happened with BBM?

Not sure it was particularly just BBM they were after. India was after getting in on BES, and were seemingly idiotically belligerent about it when it was pointed out that not even RIM could get into that (With BES the owner chooses the keys, and no one else gets to see them).

Silent Circle, by locating their servers in certain countries, are susceptible only in those places. Every where else can't get inside by legal means alone. Blocking access is one possibility left open to countries that object. Dubai does this with Skype on Etisalat ISP (which is quite a technical achievement considering how Skype operates on the network), China does it with Tor, etc.

All my friends in Dubai get round it by renting a VPN to servers in countries of their choice.

1
0
Anonymous Coward

Re: How to avoid what happened with BBM?

All my friends in Dubai get round it by renting a VPN to servers in countries of their choice.

I've a type of secured VoIP which deployed traffic cloaking - went through without a hitch. VPNs are a nice idea but can be detected, and thus eventually blocked :(

0
0
Anonymous Coward

Re: How to avoid what happened with BBM?

If there are security concerns over governments getting access to servers and supposedly secure communications then the founders being ex-Navy Seals means that they already know which governmental agencies require what type access. Having servers in Canada makes them less secure than in many other countries, as stephen harper (PM of Canada is as dictatorial a fascist as has ever been elected in here) will give up to the US whatever is requested.

0
0
Silver badge

""Email is fundamentally broken," Jon Callas, Silent Circle's CTO"

No, it's not.

Just don't email anything you wouldn't shout from the rooftops. Sorted.

There are better options for shit that actually needs encrypting.

4
6
Bronze badge

Re: ""Email is fundamentally broken," Jon Callas, Silent Circle's CTO"

Just don't email anything you wouldn't shout from the rooftops. Sorted.

Remember that the next time you are looking for an important message among thousands of spam mails, or indeed get a message from president@whitehouse.gov that turns out not to be Mr Obama. Email's security problems go way beyond simple eavesdropping.

3
1
Silver badge

Re: ""Email is fundamentally broken," Jon Callas, Silent Circle's CTO"

<dryly> I don't use email for anything important. It's not designed for anything important. It can evaporate without being read. Read the RFCs for yourself, if you don't believe me."</dryly>

0
1
FAIL

Eh?

"numerous government agencies have tried the service and there have been no moves to squash it on the legal front ........ Intelligence agencies are pushing for an extension of the Communications Assistance for Law Enforcement Act (CALEA) to require an automatic backdoor into communications software of this type"

"no moves to squash it on the legal front"

vs.

"extension of the Communications Assistance for Law Enforcement Act"

I'd say that's a blatant move to squash silent circle on the legal front

0
0
Anonymous Coward

Re: Eh?

I don't think that the CALEA extensions are *specifically* aimed at Silent Circle, they are just another expression of the general push of US agencies towards uncontrolled backdoor access to services. If you're using any Cloud services that hail from the US you have the same issue, and I suspect they are hard at work politically to make that the default everywhere on the planet. Screw your rights, all you're good for is paying tax..

2
0
Holmes

Re: Eh?

"I don't think that the CALEA extensions are *specifically* aimed at Silent Circle"

Et al. Happy now?

1
0

Expensive?

For an individual it sounds to me to be expensive. I assume that if I used it for email that both parties would have to subscribe.

I don't think I'd have much chance of convincing my email contacts to spend a monthly fee to receive my emails.

For business, yes, I can see it. But then, I presume that a business may get volume discount plus a tax claim.

I once set up my system to send emails using PGP, I gave up in the end as I didn't know anyone who could receive my encrypted emails.

Even if encrypted email was set up by default in a client, if there has to be an exchange of emails to supply the 'Keys', then I can't see the ordinary 'Joe Blow' doing it.

1
0

Re: Expensive?

Cost, IMHO, is not the primary deterrent to widespread use of encryption tools. I own a website called ThreadThat which provides a sophisticated yet easy-to-use means to encrypt messages and files in a threaded conversational format. Even though it is ad free and cost free, it will never be popular. Why? I believe there are 3 primary reasons. (1) The general public either does not perceive that there is a threat or does not care if their email is compromised because they don't use email to exchange sensitive material. (2) When the average person hears the word "encryption" they immediately assume it is too difficult to use and for the most part, they are probably right. (3) Encryption only works when all parties are using the same toolset and it is very difficult to convince everyone you communicate with to switch. Cost is definitely a factor, but there are free solutions out there if one can get past all the other barriers.

2
0

Re: Expensive?

"both parities will have to subscribe" -- no so. Check out their Ronin card.

0
0
Anonymous Coward

Re: Expensive?

For an individual it sounds to me to be expensive.

Actually, it isn't. It's suspiciously cheap for what it purports to offer. Add up just how many staff they allege to have, dev costs, operations, sales, marketing, security and legal support and you will come to the conclusion that these guys need serious volume to get anywhere near profitable at that charge, which is a risk in itself. The alternative possibility is some undefined sponsorship, and I leave you to draw your own conclusions if that was the case.

I assume that if I used it for email that both parties would have to subscribe.

They could do short time drop boxes or something, but you end up with the same problem as mentioned before: criminal use. By having two parties that have paid, they have at least some hook on the user's identity from either end. A dropbox halves the potential to assist law enforcement, and I cannot see them last long in that case (depends if they are sponsored or not).

In the context of "sponsorship", it may be worth reading Wikileaks..

0
0
Anonymous Coward

"Security was barely an issue when email was designed"

It was barely an issue when SMTP/POP were thrown together (I think "designed" is a bit generous) in the era of the teletype, when most computers were still in the world of 16bit or less.

In the 1980s, security and related features were at the heart of the architecture and design of X.400 email, which threw away the SMTP/POP legacy and looked at what facilities were actually needed. Security (meaning both confidentiality and anti-tamper), proper delivery/read receipts with non-repudiation, proper compound document support, etc were all designed in rather than added as band-aids on elastoplasts as they have been with SMTP/POP.

Unlike SMTP/POP email, X.400 needed something a bit bigger than a Z80 to run on, and a bit more intelligence to administer too. Compute power is not a problem these days, though intelligence is apparenntly in just as short supply.

Still, if folk want to keep on re-inventing a wheel that was perfectly adequately invented three decades ago, it'll presumably keep the VCs and IPO people in business.

1
0
Boffin

Re: "Security was barely an issue when email was designed"

Completely agreed. X.400 was destroyed by the very fact most admins couldn't get it configured in a time everyone was worshipping simplicity (while running out of time to do their job) and users couldn't cope with it at all they had some clunky gateway adding sorrow to injury. Then again, AFAIK the military and other serious organisations where mail needs to be more than a shot in the dark do still use X.400 based systems extended with the latest encryption tech so I'm not sure where the Seals would have to complain about. Perhaps for undercover mailing?

1
0
Silver badge

Re: "Security was barely an issue when email was designed"

"proper delivery/read receipts with non-repudiation

Surely that (and other parts mentioned) depend on the security of the software, particularly on the endpoints.

On our x400 system it was trivial to add/remove 'read receipts' to emails; you didn't even need to be root to do so

0
0

HOW DARE U CENSOR ME

SCIENTISTS are working on robotic judges that will be able to pass judgment on you and your family, and all of your friends, at the same time, as you sit, crying, in separate video court rooms, crying for the days when robots had comassion, and decency, but no, 600 years for you. That will be in a military jail. You will be tortured and treated unjustly. I bet you hope this doesn't happen to you, but it will.

0
0
Anonymous Coward

Re: HOW DARE U CENSOR ME

Well said.

Now, how about quietly mumbling to yourself in a corner until whatever you smoked or sniffed has worn off?

3
0
Bronze badge
WTF?

Re: HOW DARE U CENSOR ME

wat

<--

2
0
Silver badge

Re: HOW DARE U CENSOR ME

A perfectly encrypted message would be indistiguishable from random noise.

Similarly a perfectly random stream of gibberish would allow for perfectly encrypted messages.

Perhaps the OP is actually just a source of random OTP data?

4
0

Re: HOW DARE U CENSOR ME

who deleted my upvotes?

0
1
Anonymous Coward

"numerous government agencies have tried the service and there have been no moves to squash it on the legal front"

so there's a backdoor?

3
0
Silver badge

A Convenient Truth and Inconvenient Lie and Vice Versa

"numerous government agencies have tried the service and there have been no moves to squash it on the legal front"

so there's a backdoor? ..... j arthur rank Posted Saturday 6th April 2013 23:32 GMT

In too numerous to mention government agencies tasked with securing rotten secrets from the masses because of the damage that can be done to rotten secret governments, are there any number of backdoors provided for services by services ...... although whether nowadays the best of the best of them are sympathetic to and empathetic with governments, both rotten secret and otherwise, is clearly not crystal clear, and may even be too farcical and fanciful to consider as a valid proposition by those in the know and with a need to know.

Worlds today are not as they once were, nor are they as they will be. Change is the norm, the status quo is false and an alien and artificial concept.

1
1
Anonymous Coward

What OS does run on?

You know... ...the OS? Did you code review the OS too? What about the video driver, you know, the one that processes everything that appears on your screen? BIOS, that runs your keyboard port?

0
0
Anonymous Coward

Re: What OS does run on?

Chrome OS? Hahaha..

0
0
This topic is closed for new posts.