[Infowarrior] - SOCOM-approved Silent Circle Resists Calls For Wiretap Backdoors
Richard Forno
rforno at infowarrior.org
Thu Jun 6 13:10:05 CDT 2013
SOCOM-approved Silent Circle Resists Calls For Wiretap Backdoors
By ARAM ROSTON
http://www.defensenews.com/article/20130606/C4ISR01/306060013/SOCOM-approved-Silent-Circle-Resists-Calls-Wiretap-Backdoors?odyssey=nav|head
The recent disclosure that the Obama administration has secretly been
collecting the phone records of millions of Americans is a reminder just how
much of a digital trail people leave in modern communications.
Some have turned to web-based programs in their search for communications
that can¹t be easily intercepted. For many U.S. businesspeople overseas,
including contractors in Afghanistan and Iraq, Skype has been the approved
standard for VOIP and instant messaging for years. It¹s practically free,
it¹s encrypted, and so easy to use that a grandmother with her desktop can
use it to chat with her wunderkind on his tablet.
Now a new company, Silent Circle, is upping the security bar for web-based
communications. For $20 a month, the company offers encrypted, high-quality
communications for mobile devices and computers. CEO Mike Janke draws a
distinction between Silent Circle and Skype.
³I would not say they are a competitor,² he said. ³We are in the business of
secure communications. They are in the business of cheap long distance.²
His point is that Silent Circle¹s products are built completely around
security and privacy. They meet the NSA¹s ³Suite B² standards. Emails are
encrypted using the PGP protocol designed 20 years ago by Phil Zimmerman,
the longtime security expert and privacy rights advocate who serves as the
company¹s president. Voice and video communications are encrypted by ZRTP,
another Zimmerman invention.
Janke says the company has three customer bases: individual subscribers,
enterprise clients, and governments. In the federal government, he said,
there¹s even been a surprising market coming from the Bring Your Own Device
phenomenon: agencies, he says, buy Silent Circle for their workers to manage
their personal smart phones.
The firm says U.S. Special Operations Command approved it as a commercial
secure operations provider earlier this year.
Privacy Vs. Security
Silent Circle¹s business model is something of a hot-button right now. The
Federal Bureau of Investigation has complained that new encryption and
communications technologies are making interception difficult or impossible.
But privacy rights experts and companies like Silent Circle say trying to
legislate a solution would bring major problems.
Here¹s the issue: Since 1994, the Communications Assistance for Law
Enforcement Act has required telephone companies to build in mechanisms so
that calls can be intercepted. In 2005, the FCC extended that law to VOIP
services that allow calls to and from other phone services.
But there is still a gap. Peer-to-peer networks that don¹t get connected to
the phone networks are still not covered, and law enforcement can¹t get real
time intercepts. In the case of companies like Silent Circle, the FBI
couldn¹t intercept anything at all. The firm says even if it were served a
subpoena for subscribers¹ communications, it wouldn¹t be able to comply if
it wanted to.
³We could give them a bunch of encrypted conversation,² shrugs Jon Callas, a
computer security expert who is the company¹s chief technical officer.
³There is nothing we can turn over.²
The FBI has framed the debate in a law-enforcement context. ³The government
is increasingly unable to collect valuable evidence in cases ranging from
child exploitation and pornography to organized crime and drug trafficking
to terrorism and espionage,² Valerei Caproni, the FBI¹s general counsel,
testified in 2011.
The Obama administration is reportedly considering pushing for changes to
the law, to require that web services and digital devices have built-in
intercept ³backdoors² to allow interception in real time.
But Silent Circle has joined with security experts and privacy advocates to
argue that a backdoor would be a disaster for cybersecurity generally.
³The FBI constantly comes out and says ŒWe¹re going dark!¹² says Janke.
³It¹s very dangerous to try to implement what they are asking for. If you
try to introduce a wiretap into a technology like Silent Circle, you are now
introducing a vulnerability.²
Silent Circle¹s Zimmerman was one of the 20 technologists who prepared a
report outlining how adversaries could easily exploit built-in backdoors if
they were required by law. ³We conclude that deployment of an intercept
capability in endpoint communications services, systems and applications,²
wrote the security experts, ³poses serious security risks.²
Malware
Meanwhile, Silent Circle is growing fast. It emphasizes that it¹s not a cure
to another major problem with mobile devices: hackers and foreign
governments who can use ³exploits² to take over smartphones.
³We are not trying to solve the malware issue,² Janke said. ³If a
nation-state wants to own your device, they will do that.²
For true security, that¹s a serious issue, because even encrypted
communications are potentially vulnerable once a hacker exploits a
smartphone at the operating level.
---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.
More information about the Infowarrior
mailing list