.
Meet the groundbreaking new encryption app set to revolutionize privacy and freak out the feds.
By Ryan Gallagher
For the past few months, some of the world’s leading cryptographers
have been keeping a closely guarded secret about a pioneering new
invention. Today, they’ve decided it’s time to tell all.
Back in October, the startup tech firm
Silent Circle ruffled governments’ feathers with
a “surveillance-proof” smartphone app
to allow people to make secure phone calls and send texts easily. Now,
the company is pushing things even further—with a groundbreaking
encrypted data transfer app that will enable people to send files
securely
from a smartphone or tablet at the touch of a button.
(For now, it’s just being released for iPhones and iPads, though Android
versions should come soon.) That means photographs, videos,
spreadsheets, you name it—sent scrambled from one person to another in a
matter of seconds.
“This has never been done before,” boasts Mike Janke, Silent Circle’s
CEO. “It’s going to revolutionize the ease of privacy and security.”
True, he’s a businessman with a product to sell—but I think he is right.
The technology uses a sophisticated peer-to-peer encryption technique
that allows users to send encrypted files of up to 60 megabytes through
a “Silent Text” app. The sender of the file can set it on a timer so
that it will automatically “burn”—deleting it from both devices after a
set period of, say, seven minutes. Until now, sending encrypted
documents has been frustratingly difficult for anyone who isn’t a
sophisticated technology user, requiring knowledge of how to use and
install various kinds of specialist software. What Silent Circle has
done is to remove these hurdles, essentially democratizing encryption.
It’s a game-changer that will almost certainly make life easier and
safer for journalists, dissidents, diplomats, and companies trying to
evade state surveillance or corporate espionage. Governments
pushing for more snooping powers, however, will not be pleased.
By design, Silent Circle’s server infrastructure stores minimal
information about its users. The company, which is headquartered in
Washington, D.C., doesn’t retain metadata (such as times and dates calls
are made using Silent Circle), and IP server logs showing who is
visiting the Silent Circle website are currently held for only seven
days. The same privacy-by-design approach will be adopted to protect the
security of users’ encrypted files. When a user sends a picture or
document, it will be encrypted, digitally “shredded” into thousands of
pieces, and temporarily stored in a “Secure Cloud Broker” until it is
transmitted to the recipient. Silent Circle, which charges $20 a month
for its service, has no way of accessing the encrypted files because the
“key” to open them is held on the users’ devices and then deleted after
it has been used to open the files. Janke has also committed to making
the source code of the new technology available publicly “as fast as we
can,” which means its security can be independently audited by
researchers.
The cryptographers behind this innovation may be the only ones who
could have pulled it off. The team includes Phil Zimmermann, the creator
of PGP encryption, which is still
considered the standard for email security;
Jon Callas, the man behind Apple’s whole-disk encryption, which is used
to secure hard drives in Macs across the world; and Vincent
Moscaritolo, a top cryptographic engineer who previously worked on PGP
and for Apple. Together, their combined skills and expertise are setting
new standards—with the results already being put to good use.
According to Janke, a handful of human rights reporters in
Afghanistan, Jordan, and South Sudan have tried Silent Text’s data
transfer capability out, using it to send photos, voice recordings,
videos, and PDFs securely. It’s come in handy, he claims: A few weeks
ago, it was used in South Sudan to transmit a video of brutality that
took place at a vehicle checkpoint. Once the recording was made, it was
sent encrypted to Europe using Silent Text, and within a few minutes, it
was burned off of the sender’s device. Even if authorities had arrested
and searched the person who transmitted it, they would never have found
the footage on the phone. Meanwhile, the film, which included location
data showing exactly where it was taken, was already in safe hands
thousands of miles away—without having been intercepted along the
way—where it can eventually be used to build a case documenting human
rights abuses.
One of the few people to have tested the new Silent Circle invention
is Adrian Hong, the managing director of Pegasus Strategies, a New
York-based consulting firm that advises governments, corporations, and
NGOs. Hong was himself ensnared by state surveillance in 2006 and thrown
into a Chinese jail after getting caught helping North Korean refugees
escape from the regime of the late Kim Jong Il. He believes that Silent
Circle’s new product is “a huge technical advance.” In fact, he says he
might not have been arrested back in 2006 “if the parties I was speaking
with then had this [Silent Circle] platform when we were
communicating.”
But while Silent Circle’s revolutionary technology will assist many
people in difficult environments, maybe even saving lives, there’s also a
dark side. Law enforcement agencies will almost certainly be seriously
concerned about how it could be used to aid criminals. The FBI, for
instance, wants all communications providers to
build in backdoors so it can secretly spy on suspects. Silent Circle is pushing hard in the exact opposite direction—it has an
explicit policy
that it cannot and will not comply with law enforcement eavesdropping
requests. Now, having come up with a way not only to easily communicate
encrypted but to send
files encrypted and without a trace, the
company might be setting itself up for a serious confrontation with the
feds. Some governments could even try to ban the technology.
Janke is bracing himself for some “heat” from the authorities, but
he’s hopeful that they’ll eventually come round. The 45-year-old former
Navy SEAL commando tells me he believes governments will eventually
realize that “the advantages are far outweighing the small ‘one percent’
bad-intent user cases.” One of those advantages, he says, is that “when
you try to introduce a backdoor into technology, you create a major
weakness that can be exploited by foreign governments, hackers, and
criminal elements.”
If governments don’t come round, though, Silent Circle’s solution is
simple: The team will close up shop and move to a jurisdiction that
won’t try to force them to comply with surveillance.
“We feel that every citizen has a right to communicate,” Janke says,
“the right to send data without the fear of it being grabbed out of the
air and used by criminals, stored by governments, and aggregated by
companies that sell it.”
The new Silent Circle encrypted data transfer capability is due to
launch later this week, hitting Apple’s App Store by Feb. 8. Expect
controversy to follow.
This article arises from Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture.
http://www.slate.com/articles/technology/future_tense/2013/02/silent_circle_s_latest_app_democratizes_encryption_governments_won_t_be.single.html
<< Home