PGP Zimmermann teams with Navy SEALs, SAS techies in London Encryption guru Phil Zimmermann is going after security conscious users with his new venture Silent Circle, a security start-up offering ultra-secure VoIP and texting services. Silent Circle, which opened a UK office this week, charges a monthly subscription of $20 (£13) per month for a bundle of secure voice, text and video …
Hmmm.
Quote 'We do not have the ability to decrypt your communications'.
and....
Quote ' Users using Silent Circle apps to call from China to landlines in the West, for example, will get the benefit of encryption on the first leg of their journey, to Silent Circle's dedicated servers in Canada.'
If they can't decrypt, how can the servers in Canada convert an encrypted call into an unencrypted call to pass back onto the public phone system?
Most likely if you are calling an "ordinary" number, and not another Silent something user, then it uses the certificate for their server and your public one to decrypt and forward over conventional telecoms links.
Clearly a big hole if you are not careful who to speak to, but equally a big advantage if you are in a very suspect situation (so want encryption over the local infrastructure) and have to make a call to someone in a moderately trustworthy region.
Also remember that most communications is not that important, even for those who think they are special, and you have to juggle the desire for 'unbreakable' security to a couple of people who you know well enough to trust (and also have validated their devices) versus the desire to be able to call pizza hut for a carry out, etc, in real life using one phone.
1 - it's a US company, thus subject to the US Patriot Act. It is entirely irrelevant that they host their DATA in Canada, so how will they protect against the abuse of law taking place?
2 - those who really need security typically are not that talented in IT and don't like the hassle. This means someone else has to (a) install and maintain the platform and (b) accredit it. Who is going to do that?
3 - to make something REALLY secure it takes a LOT of work, especially if you also take care of the legal matters (they will have plenty IMHO, see point 1). At the price they charge that isn't possible (especially not with so many people involved), so what is happening? An absence of care, or a presence of sponsorship?
I have the greatest respect for Zimmermann, but the facts do simply not add up.
From their website:
https://silentcircle.com/web/law-compliance/
Basically they're saying that yes, we might have to comply with CALEA requests from the feds, but the effect this can have on our users will be minimised because we don't hold that much information on them at any one time, and will notify them prior to handing the data over so they can appeal against the decision.
Re: Question 3, I'm not sure what you mean by 'Really Secure' but using standard encryption methods you can get to the point where it's basically impossible to decrypt things.
By 'standard methods' I mean a proper authenticated encryption* scheme, public/private identity verification using private trust infrastructure and an ECDHE style key exchange mechanism with frequent changes and disposal of session keys. Recent versions of TLS implemented in well-audited libraries will do a lot of this for you.
In the case of data streams created like this they cannot later be decrypted by anyone, including the original parties, as all the keys used to encrypt the data are long gone. Legal sanctions then become useless.
(*authenticated encryption does not mean encryption with RSA-style authentication, it means schemes like GCM)
@kyza - Pls forgive density in this question...is this the equivalent of, or similar to, a one-time pad?
If this was directed at me....
OTPs are designed for encrypting smallish messages, and the pad itself must be exchanged between parties ahead of time. Generating and exchanging enough OTP data to carry on multiple phone conversations (you'd need a pad for each side) would be a hassle and you would have to top up your pad with face-to-face contact every so often.
OTPs also do not provide the protection of a proper authenticated encryption scheme, either. In the way they are typically used it's perfectly possible that a message could be altered in flight (say by a compromised router) if you make certain assumptions about the format of the underlying data. Using a GCM-like system protects against this. This weakness is something I thought of off the top of my head and I'm not even a crypto expert, just an interested amateur. I'm sure there are other weaknesses an expert could point out.
Re: Question 3, I'm not sure what you mean by 'Really Secure' but using standard encryption methods you can get to the point where it's basically impossible to decrypt things.
You're displaying prime problem #1 of tech people dealing with end user crypto: all you see is technology (apologies if this is unfair, but you're far from the only one). If you want to secure a PERSON's comms, especially your average end user in a business, getting the tech right isn't the problem - I'm convinced Zimmermann has dealt with that. The problem is practically everything else: usability, flexibility, scalability, and leaving the tech behind, the legal framework and the processes you surround the business and users with to make sure that you don't have legal or insider threat exposure. Do you know that to do anything secure you have to be conversant with EU law, US law and whatever local implementation thereof? (also has its good sides, you can use cross border processes to significantly slow down abuse).
I have been doing this at a very high level for quite some time (El Reg knows who I am - and anon is only anon for readers :), and I used to be in legal intercept - you could say I'm a gamekeeper turned poacher. I have been looking at Silent Circle for quite some time, and it's too opaque and too glib for me to invest any trust in it - ESPECIALLY since they have made no real attempts at dealing with the US Patriot Act.
All that, and then problem no 3: you have to make this acceptable to an end users. The Apps look at least decent in that respect. But I won't get an account other than by proxy - I have learned to distrust anything US based a long time ago, that's also why I don't use WhatApp, Viber, iCloud, iMessage, Siri and even LinkedIn for anything that relates to business..
Paranoid? These days, you *have* to be..
@Paranoid AC
Oh I see, you meant to be compliant with the law! Of course I considered the legal landscape - I was looking at ignoring it completely and rendering it ineffectual. I guess it comes down to whether you prefer compliance and legalit or security and maybe being imprisoned.
I mean, of course you can't have properly secure comms and comply with all the various laws, the laws are specifically designed to prevent real security. You only have to look at the UK where many standard TLS ciphersuites could be interpreted as being illegal because you can't provide the government with a decryption key afterwards.
I don't think it would be that hard to secure a persons audio comms using decent tech and a reasonable frontend. I don't think it would be that hard to do it in such a way as your comms are unbreakable, even to you (after the fact), but that doesn't mean you wouldn't get put in prison for using whatever I designed.
Usability, flexibility, whatever else are really no more difficult to overcome than the tech issues, IMHO. But you absolutely have to start with the absolute knowledge that you *cannot* have real comms security without the user taking some extra steps - for instance meeting, in person, the folks that they want to talk securely to and using something like NFC to perform a 'bump' certificate exchange/cosigning.
I'm not saying these guys are doing that or are even any good, mind, I haven't looked into it.
Like you, I've been doing this for a long time. My background is in the tech and in usability, mostly military, some commercial. That said:
Silent Circle are in fact registered in Canada and in Switzerland. You (as a user) can choose which country you want to connect to. PATRIOT is only relevant if you use the software in the US, and then only the client software. I'm not sure why you worry about EU law, because that again is bounded in the same way that US law is.
That then reduces the whole thing into risk management - what is an EU- or US-based user's appetite for the risk of getting caught with a client device?
Everything else is indeed tech, and Zimmermann, I think, understands more than most that, when given usability, security and cost you can only every choose two. Implementing a security protocol is no more complex than doing a breadth-first tree traversal. You get n00bs who f*ck it up, and you get good and experienced devs who produce something good.
You (and I mean this respectfully) sound a lot like your average ex-government "security consultant", who's approach is compliance-based, rather than risk-based. Every built a threat model for a distributed client/server app? Or a peer-to-peer app? The threats are finite*, and not difficult to mitigate.
* Especially since their scope is well-defined, i.e. excluding the likes of shoulder-surfing.
You (and I mean this respectfully) sound a lot like your average ex-government "security consultant", who's approach is compliance-based, rather than risk-based
:). I'm also conversant with applied deception, so maybe not, but I agree my posts may look that way. I have worked a lot on crisis management and prevention so I think I'm still more on the risk side, but knowing applicable laws means you can incorporate government stupidity into your risk models too. I work a lot with lawyers who have to protect sensitive clients - client privilege is a very difficult thing to protect.
I go back to my original point - yes, making the tech secure (defined as "secure enough for the field of application") is indeed doable, and Phil has been at the root of much of it. My angle is that of protection your average VIP or celebrity who (a) jets around the planet, (b) has really zero time or desire to correct any risky behaviour and (c) wants to use their toys as they're used to. In order for any product or tool to be acceptable, I don't just look at the tech, I also look at what abuse of law can be used to get around it, and in contrast to what you seem to have read, there is NO corporate registration in Switzerland unless they use a different name (check for yourself at http://zefix.ch). And then it has to be usable too. PGP and GPG do not rank about the most usable schemes in my book - the best test is to find a bright 12 year old and an intellgent 70 year old and see how they get on unprompted (an approach MANY software companies should take IMHO, but I digress).
Back to law - it's not enough to HOST data somewhere. If your governing company is located in a nation who plays fast and loose with privacy laws you can be compelled to comply, or close shop. The EU has joined the US "let's turn back the clock on human rights" game by implementing anti-terror legislation that overrides due process (and thus Human Rights) - this leaves only a few places left where you should host the company as well as the data. If you're UK based I'm sure I don't have to point out that the UK Regulation of Investigative Powers Act leaves lots of opportunity for abuse - this you have to protect people from too.
However, the opposite is true as well: you also do not want to get in the way of due process itself. Otherwise you will end up with a service that hosts every terrorist, child pornographer and drug lord on the planet - you want to be flexible enough to accommodate due process investigations because with rights come obligations.
Yes, I have been in government as well as military level security, but that was many years ago. I prefer to deal with people, so I do less and less IT and business security - that was getting a tad repetitive. Dealing with the end user of security forces me to come up with new answers, which is *much* more fun..
1. Canada is a sovereign nation and not subject to the Patriot At or any other misnamed US legislation.. If the servers are physically in Canada there is not too much they can do, without creating a lot of dust and noise; If the FBI wants in, they will be accompanied by a bunch of horsemen from the RCMP. Canadians are protected by a Constitution, 1982, which has continually proved to be a pan n the butt for government and is jealously guarded by our Supreme Court.
2. In my experience, NGO's and other potential users are well versed in the use of secure software.techniques - much is supplied through the Munk Centre at the University of Toronto. There are already established ways of transporting software in to adverse countries.
3. Ziimmermann has credibility, getting roasted, several times, by agencies of the US Government. See: < http://www.contra.org/pgp/PhilZimmerman.html > and < http://www.gimonca.com/personal/archive/philzima.html >.
Software encryption is legal in many of these countries, some, such as China require registration < http://www.wikinvest.com/stock/ELong_%28LONG%29/Register_Encryption_Software_Chinese_Regulatory_Authorities_They_Request >. Here in VietNam there are only restrictions on hardware-based encryption. No computer/smartphone equipment of mine has ever been checked at the border. There are restrictions on satphones but, again, I have had no hassles takng them in - with the antennae removed.
I have struggled with this for years. In 2009, I created ThreadThat.com with the intention of providing a secure means of conducting online encrypted threaded conversations. TT is free service with no ads. I offer and support it for free because I believe there needs to be a way for the average non-geek to protect against eavesdropping and accidental discovery. Protecting against requests by law enforcement requests is a sticky wicket. The way TT works is that users can create their own pass key (a different pass key for every thread if that's what's desired). The user-supplied pass key is used to encrypt the system generated pass key used to encrypt the thread and any attached files. The only way someone can view the thread is if the creator of the thread authorized them and gave them the pass key. Great so far. But what if we were served with a court order that stated we had to compromise an account by capturing the pass key for a thread as it is entered on the web page and then decrypt any thread that was encrypted with that pass key and provide it to law enforcement? And we could not give any warning to the thread owner? We made a conscious decision to create a service that was easy to use acknowledging that a court order could force us to compromise a user's privacy. It is a major challenge to create an app the provides absolute privacy and can be used by my mother. I have considerable respect for any company that can do so.
"They have to trust that you're actually tellling the truth about the service you're operating."
.. which is where I have problems. Some things just don't add up. Heaps of people involved, but for that charge you cannot possibly pay for all of them. SEALs and SAS? Puhleez - they USE crypto, don't develop it. Those are operational, in-the-field guys, do you really think they will sit with a computer somewhere working out algorithm defects with shells flying over their head? That only works with an audience brought up on Hollywood movies.
Oh, wait..
As far as I can tell, there are group of people who self-identify as "geeks" and anything they like they decide it is their thing. Whether the rest of us like it or not. I personally am still strugglnig to work out how having studied computer programming is supposed to give me a spiritual kinship with people who like to talk about what colour underwear batman wears. The American school system has a lot to answer for.
"Maybe it's different in the US?"
The US has a major culturally engrained level of respect for its military. Some airports in the USA have special lounges just for military people to hang out in and I've been on planes there where before take off, the pilot announces that they have several members of the military aboard and thanks them for their service. Followed by a round of applause from the passengers. If your job is blowing people up for low wages, you get treated like royalty in a lot of parts of the States. If you're Special Forces... well just having that on your project name will get you instant points with the American public.
Bloodthirsty nation, I guess.
Presumably none of you read the footnote:
Perhaps actually from 18 Signals Regiment, the electronic warfare/SIGINT/ELINT/communications formation supporting the UK Special Forces. Though there are signaller specialists who are fully badged members of the SAS itself, 18 Regiment would probably have a higher level of corporate expertise.
I'm pretty certain that SIGINT types would qualify as 'geeks'...
I've met many such SIGINT types from such regiments. The majority of them are essentially the modern equivalent of a radio operator/maintainer. By no means knowledgeable enough to qualify as "geeky" by any sensible meaning of the word (especially in this context - crypto geekery is essentially pure mathematics and the notably tricky art of coding it without leaving huge gaps everywhere).
The US has a major culturally engrained level of respect for its military
Well, actually, anyone should, regardless of country or personal views. If you have a problem with where they are DEPLOYED you should talk to your politicians, but these *are* people who put their life on the line so people at home have the freedom to whinge about them..
Maybe it's just me, but in that context I must admit that I find the treatment of those who return from war in many cases flat out deplorable.
"but these *are* people who put their life on the line so people at home have the freedom to whinge about them"
Actually, in the case of the USA which is the context I was talking about, it is a small fraction of the USA's overseas operations that are about ensuring the people of the USA have the "freedom to whinge". Mostly it's about maintaining the USA's position as preminent power in a region or obtaining oil reserves. Even when the stated aim is protecting the people of the USA, such as invading Afghanistan as a supposed response to 9/11, it's reasonably clear to the rest of the world that this is not the real motivation. (And 9/11 itself was a response to the US presence in Saudi Arabia, primarily).
"Maybe it's just me, but in that context I must admit that I find the treatment of those who return from war in many cases flat out deplorable."
Anyone who signs up to the US army thinking they're primarily going to be literally protecting the people of the USA, is naive in the extreme. I hope you will agree with that. So what is left, is people who sign up knowing that they are agreeing to kill people, in return for a paycheck.
I didn't join up with the aim of risking my life for anyone's freedom, when I got deployed it was an extended inconvenience rather than some kind of heroism, and I was then (and am now) deeply suspicious of anyone who DOES join up with the avowed intention of defending freedoms.
I may have not expressed myself clearly enough. I didn't say that people sign up to do heroic things and risk their lives, at a guess I'd say about 95% or more would rather avoid going anything more dangerous than a drilling sergeant. But once you're in you have little choice, and then people will be exposed to danger. Any government who sends these people out should also have the decency to plan care for those who return from that. Which they often don't.
I wish these people luck. We should definitely encourage more encryption. Even if you don't have something to hide personally, fostering a culture where the only people who have privacy do have something to hide (and thus stand out), has bad long-term implications. We should never trust that we wont need our privacy in the future.
But what I'd really like to see is an easy (for non-technical people) Free Software approach. Publishing the source code is merely open source, not Libre software. And the latter would be better still because ultimate trust only comes when you do it yourself.
I'm sure this service could try all kinds of things but a determined agency would figure out what addresses are hit, probably just through the simple expedient of paying for a few subscriptions themselves and seeing where the software connects to.
Once they know the IP addresses they probably have the means to monitor who else is hitting those addresses and work things out from there.
Not quite. I have worked with VoIP code that deploys traffic cloaking in addition to ZRTP. That stuff even punched through the firewalls in Dubai, so it *is* possible. Having said that, you wouldn't be able to afford that stuff for $20/month - you'd have to add a zero.
I travel / cross borders frequently and in my experience the US is by far the worst, followed by the UK and Canada. I don't go to Australia.
Once you have had equipment 'borrowed' by the USA, they will annotate your ICE/Customs profile and being stopped will likely increase. The UK are a little better, at least they treat you with civility but just as pushy in seeking access. I have been given the usual "Password or 4 years" routine.
I explain it's kind of hard to use a password when there is no hard drive and it's like a car without an engine.
Canada Customs simply calls an RCMP tech who quickly copies the hard drive contents.
Smart-phones are treated similarly, they plug their little device into the unit and suck the contents - in the same countries.
In China and VietNam never a problem - they hardly even check baggage.
I wonder what the GCHQ wll do if Silent Circle proves they are eunuchs?
From Silent Circle CEO
Really great in depth questions and comments here. I will try to clear up any of the misconceptions that always happen when things hit the press. At Silent Circle- we are a small tribe of only 30 people, so it's important to us that we try our best to clear up any questions about what we do- and how we do it...I will try my best to give this a shot and address some of the above comments..
- we offer Peer-to-Peer encrypted mobile voice, video and text. Our email is encrypted using Phil's PGP protocol. We use a newer stack of his ZRTP voice-video encryption for voice- video. If a silent circle subscriber calls another subscriber on our silent phone app- that call is encrypted phone to phone- the callers generate the keys- when the call is done- the keys are deleted.
- we are not subject to CALEA or any similiar European law- why? Because they all explicitly allow end to end encrypted VOIP or communications previously encrypted before hitting the cell network- to be allowed without requiring a wiretap capability. We are doing our best to ensure this right is not taken away from the citizens. We are trying hard to educate the law enforcement agencies of US, Europe and around the world- that hundreds if studies have shown that if a Backdoor is mandated- this can be exploited by criminal hackers, competing intell agencies and others- exposing everyone to risk.
- SEALs and SAS. Yes- part of our tribe is made up if two SEALs and three SAS members- they are communications experts in hostile and austere environments, but are highly trained in navigating and understanding the threats of communication networks in not only countries with horrible human rights records- but first-world countries that have sophisticated wiretapping and data collection technologies. Think France or Italy or Brazil...most people don't realize that all of us came together because there was no viable commercial encrypted communications service for the citizens of the world- no way to call home when deployed as a military member, human rights activists or just a businessman protecting his company's secrets. The SEALs and SAS members had the same problem. Prohibited from using the militaries system- it became impossible or even dangerous just to say goodnight to the kids...until now.
- law enforcement leaning on us does no good. We cannot decrypt anything that runs thru our servers- the keys are generated and destroyed on the users device- we have nothing but encrypted junk. That is why peer to peer using ZRTP is so powerful when built correctly. We hold the least possible data - only a username, hashed password and 10-digit phone number we issue the subscriber. Our IP logs are aggregated and deleted after 5 days- we expect to get this down to 24 hours shortly.
- we will offer a Secure Calling Plan feature here in December with 3000 minutes per month.This add-on option allows subscribers to also call someone or reciece calls- to any regular phone number- not just silent phone users. This is to allow everyday functionality and still provide encryption on one end of the call. If you want your call encrypted end to end- both people should use silent phone.
Hope this helps- we are not the answer to everything, and not for everyone- we want to let people know what we can and cannot do-feel free to send any questions thru our site.
Thank you for coming here and posting that. It's very interesting and it's great to see products like yours emerging. I really hope it works well as privacy is important.
You're not wrong about mandated backdoors being misused by outside parties. There was a case in Greece some years ago (you are probably aware of it, so posting more for other readers' benefit), where Vodafone's own backdoor technology was subverted by a hacker who used it to listen in on the phone calls of the Greek Prime Minister and others. All they had to do, was use the bugging that had actually been deliberately built into the system for law enforcement / intelligence agencies to use.
You're not wrong about mandated backdoors being misused by outside parties
Exactly my point. As a good citizen, you have 3 choices: have the backdoors, which means a risk they're being abused, not have them and risk jail in countries which are so keen on anti-terror backdoors that they'll just send you to jail for helping terrorists on the flimsiest of evidence, or not have them and operate from a nation that still knows what Human Rights look like.
The latter has one problem; you need to do a degree of checking yourself or you'll end up with every drugs dealer, pedo and activist on your system..
law enforcement leaning on us does no good. We cannot decrypt anything that runs thru our servers- the keys are generated and destroyed on the users device- we have nothing but encrypted junk
In other words, they can only ask you to kill the service for a particular ID. Cool. How do you prevent the not-so-nice guys from flocking to your service? The drug dealers, the pedos and the real terrorists? I can see that becoming quite an issue for you (or is that why you have the SEALs ? :) ).
Our IP logs are aggregated and deleted after 5 days- we expect to get this down to 24 hours shortly.
I'd be careful, that will give you problems detecting APTs (Advanced Persistent Threats), which is exactly what any gov agency will use to affect the service..
"How do you prevent the not-so-nice guys from flocking to your service? The drug dealers, the pedos and the real terrorists?"
The same way Ford stops drug-dealers using Ford cars to transport drugs, and the same way Nike stop terrorists from wearing Nike trainers in order to walk around blowing things up.
Umm, Fords are not bought for a specific purpose that appears to run against what some spooks consider your "normal" habits. It's more the digital equivalent of lugging around a crowbar at night - an issue until everyone does it, at which point it's going to be a tad harder to find the burglars in the crowd. The "I am Spartacus" approach.
There is, however, a way, provided users accept that there are obligations associated with rights. Also keep in mind that no service provider can afford to be associated with especially pedo support..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
