Dear Friends,
Be Well.
David
The Threat of Silence
Meet the groundbreaking new encryption app set to
revolutionize privacy and freak out the feds.
By Ryan Gallagher|Posted Monday, Feb. 4, 2013, at
12:21 PM ET
Silent Circle CEO Mike Janke
Courtesy of Silent Circle
For the past few months, some of the world’s leading
cryptographers have been keeping a closely guarded secret about a pioneering
new invention. Today, they’ve decided it’s time to tell all.
Back in October, the startup tech firm Silent Circle
ruffled governments’ feathers with a “surveillance-proof” smartphone app to
allow people to make secure phone calls and send texts easily. Now, the company
is pushing things even further—with a groundbreaking encrypted data transfer
app that will enable people to send files securely from a smartphone or tablet
at the touch of a button. (For now, it’s just being released for iPhones and
iPads, though Android versions should come soon.) That means photographs,
videos, spreadsheets, you name it—sent scrambled from one person to another in
a matter of seconds.
“This has never been done before,” boasts Mike Janke,
Silent Circle’s CEO. “It’s going to revolutionize the ease of privacy and
security.”
True, he’s a businessman with a product to sell—but I
think he is right.
The technology uses a sophisticated peer-to-peer
encryption technique that allows users to send encrypted files of up to 60
megabytes through a “Silent Text” app. The sender of the file can set it on a
timer so that it will automatically “burn”—deleting it from both devices after
a set period of, say, seven minutes. Until now, sending encrypted documents has
been frustratingly difficult for anyone who isn’t a sophisticated technology
user, requiring knowledge of how to use and install various kinds of specialist
software. What Silent Circle has done is to remove these hurdles, essentially
democratizing encryption. It’s a game-changer that will almost certainly make
life easier and safer for journalists, dissidents, diplomats, and companies
trying to evade state surveillance or corporate espionage. Governments pushing
for more snooping powers, however, will not be pleased.
By design, Silent Circle’s server infrastructure
stores minimal information about its users. The company, which is headquartered
in Washington, D.C., doesn’t retain metadata (such as times and dates calls are
made using Silent Circle), and IP server logs showing who is visiting the
Silent Circle website are currently held for only seven days. The same
privacy-by-design approach will be adopted to protect the security of users’
encrypted files. When a user sends a picture or document, it will be encrypted,
digitally “shredded” into thousands of pieces, and temporarily stored in a
“Secure Cloud Broker” until it is transmitted to the recipient. Silent Circle,
which charges $20 a month for its service, has no way of accessing the
encrypted files because the “key” to open them is held on the users’ devices
and then deleted after it has been used to open the files. Janke has also
committed to making the source code of the new technology available publicly
“as fast as we can,” which means its security can be independently audited by
researchers.
The cryptographers behind this innovation may be the
only ones who could have pulled it off. The team includes Phil Zimmermann, the
creator of PGP encryption, which is still considered the standard for email
security; Jon Callas, the man behind Apple’s whole-disk encryption, which is
used to secure hard drives in Macs across the world; and Vincent Moscaritolo, a
top cryptographic engineer who previously worked on PGP and for Apple.
Together, their combined skills and expertise are setting new standards—with
the results already being put to good use.
According to Janke, a handful of human rights
reporters in Afghanistan, Jordan, and South Sudan have tried Silent Text’s data
transfer capability out, using it to send photos, voice recordings, videos, and
PDFs securely. It’s come in handy, he claims: A few weeks ago, it was used in
South Sudan to transmit a video of brutality that took place at a vehicle
checkpoint. Once the recording was made, it was sent encrypted to Europe using
Silent Text, and within a few minutes, it was burned off of the sender’s
device. Even if authorities had arrested and searched the person who
transmitted it, they would never have found the footage on the phone.
Meanwhile, the film, which included location data showing exactly where it was
taken, was already in safe hands thousands of miles away—without having been
intercepted along the way—where it can eventually be used to build a case
documenting human rights abuses.
One of the few people to have tested the new Silent
Circle invention is Adrian Hong, the managing director of Pegasus Strategies, a
New York-based consulting firm that advises governments, corporations, and NGOs.
Hong was himself ensnared by state surveillance in 2006 and thrown into a
Chinese jail after getting caught helping North Korean refugees escape from the
regime of the late Kim Jong Il. He believes that Silent Circle’s new product is
“a huge technical advance.” In fact, he says he might not have been arrested
back in 2006 “if the parties I was speaking with then had this [Silent Circle]
platform when we were communicating.”
But while Silent Circle’s revolutionary technology
will assist many people in difficult environments, maybe even saying lives,
there’s also a dark side. Law enforcement agencies will almost certainly be
seriously concerned about how it could be used to aid criminals. The FBI, for
instance, wants all communications providers to build in backdoors so it can
secretly spy on suspects. Silent Circle is pushing hard in the exact opposite
direction—it has an explicit policy that it cannot and will not comply with law
enforcement eavesdropping requests. Now, having come up with a way not only to
easily communicate encrypted but to send files encrypted and without a trace,
the company might be setting itself up for a serious confrontation with the
feds. Some governments could even try to ban the technology.
Janke is bracing himself for some “heat” from the
authorities, but he’s hopeful that they’ll eventually come round. The
45-year-old former Navy SEAL commando tells me he believes governments will
eventually realize that “the advantages are far outweighing the small ‘one
percent’ bad-intent user cases.” One of those advantages, he says, is that
“when you try to introduce a backdoor into technology, you create a major
weakness that can be exploited by foreign governments, hackers, and criminal
elements.”
If governments don’t come round, though, Silent
Circle’s solution is simple: The team will close up shop and move to a
jurisdiction that won’t try to force them to comply with surveillance.
“We feel that every citizen has a right to
communicate,” Janke says, “the right to send data without the fear of it being
grabbed out of the air and used by criminals, stored by governments, and
aggregated by companies that sell it.”
The new Silent Circle encrypted data transfer
capability is due to launch later this week, hitting Apple’s App Store by Feb.
8. Expect controversy to follow.
This article arises from Future Tense, a collaboration
among Arizona State University, the New America Foundation, and Slate. Future
Tense explores the ways emerging technologies affect society, policy, and
culture. To read more, visit the Future Tense blog and the Future Tense home
page. You can also follow us on Twitter.
NEXT ITEM IN TECHNOLOGY×
Love Bytes
A veteran of online dating finds he’s somewhat
compatible with Dan Slater’s new book.
Sign up for MySlate to follow all Technology stories.
No comments:
Post a Comment