Governments Using, Also Fretting, Encrypted Communications App

from the you-can't-see-me dept

As Glyn recently wrote about, while governments around the world are busy diving further and further into their citizens personal communications over their cell phones and the internet, the implementation of cryptography has been slow to catch up. We could point to several reasons for this, but chief among them appears to be the difficulty in encryption for the average user. Now, an ex-Navy SEAL and security defense contractor is looking to change that.

Mike Janke is releasing a finished application, called Silent Circle, that is designed to provide encryption for communication and is supposedly easy to use. We've heard that promise before, so we'll have to see how close the reality matches the claims, but the goals are certainly lofty.
Named Silent Circle, it is in essence a series of applications that can be used on a mobile device to encrypt communications—text messages, plus voice and video calls. Currently, apps for the iPhone and iPad are available, with versions for Windows, Galaxy, Nexus, and Android in the works. An email service is also soon scheduled to launch.

The encryption is peer to peer, which means that Silent Circle doesn’t centrally hold a key that can be used to decrypt people’s messages or phone calls. Each phone generates a unique key every time a call is made, then deletes it straight after the call finishes. When sending text messages or images, there is even a “burn” function, which allows you to set a time limit on anything you send to another Silent Circle user—a bit like how “this tape will self destruct” goes down in Mission: Impossible, but without the smoke or fire.
Without the smoke or fire? What the hell is the point? Well, according to Janke, the point is civil liberties. He states that the idea for this service, which will be subscription based, came about during his time overseas. He noted the lack of an easy to use but still secure method for calling his family back home, while also recognizing the erosion of civil liberties from government snooping, and decided to develop Silent Circle. His development team includes some notable figures, such as Phil Zimmerman (who invented PGP encryption) and Jon Callas (responsible for Apple's whole-disk encryption). Silent Circle is reportedly light years easier to use than other encryption methods and already has several customers, including international news outlets and special forces military units.

Still, despite governments seeing the value in the application for their own military forces, you just had to know they wouldn't be pleased with it appearing for use by the general public. But Janke insists the company has its bases covered to protect its customers.
The very features that make Silent Circle so valuable from a civil liberties and privacy standpoint make law enforcement nervous. Telecom firms in the United States, for instance, have been handing over huge troves of data to authorities under a blanket of secrecy and with very little oversight. Silent Circle is attempting to counter this culture by limiting the data it retains in the first place. It will store only the email address, 10-digit Silent Circle phone number, username, and password of each customer. It won’t retain metadata (such as times and dates calls are made using Silent Circle). Its IP server logs showing who is visiting the Silent Circle website are currently held for seven days, which Janke says the company plans to reduce to just 24 hours once the system is running smoothly.
Now, to be fair, there have been promises of easy to use and secure encryption methods in the past, and they've failed to gain any steam. Likewise, the open source community is enormously important in validating the security and usability of this kind of thing, and there are some questions being posed about exactly how much Silent Circle will be available for testing.
Nadim Kobeissi, a Montreal-based security researcher and developer, took to his blog last week to pre-emptively accuse the company of “damaging the state of the cryptography community.” Kobeissi’s criticism was rooted in an assumption that Silent Circle would not be open source, a cornerstone of encrypted communication tools because it allows people to independently audit coding and make their own assessments of its safety (and to check for secret government backdoors). Christopher Soghoian, principal technologist at the ACLU's Speech Privacy and Technology Project, said he was excited to see a company like Silent Circle visibly competing on privacy and security but that he was waiting for it to go open source and be audited by independent security experts before he would feel comfortable using it for sensitive communications.
Janke has indicated that, to some extent at least, Silent Circle will be available for scrutiny, though exactly to what level remains to be seen. That said, he is housing his infrastructure outside of the United States for fear of laws that would require him to build in back doors for government snooping. As a start up, he's asking for a great deal of trust from his users, but all the right words appear to be there.
But what if, one day down the line, things change and Canada or another country where Silent Circle has servers tries to force them to build in a secret backdoor for spying? Janke has already thought about that—and his answer sums up the maverick ethos of his company.

“We won’t be held hostage,” he says, without a quiver of hesitation. “All of us would rather shut Silent Circle down than ever allow a backdoor or be bullied into an ‘or else’ position.”
The question I find more interesting is does something like Silent Circle initiate the first United States government outlawing of an otherwise legal application?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 1:03am

    The harder people try to encrypt and hide their communications, they more they look like they have something to hide. It becomes somewhat self-defeating at some point, because the obvious acts of concealment attracts the attention you are trying to avoid.

    Trying to hide something, and yelling "I AM HIDING HERE!" doesn't work out.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    lfroen (profile), Oct 23rd, 2012 @ 1:42am

    done nothing wrong, have nothing to hide

    What "civil liberties" activists have to understand, is that phrase "if you've done nothing wrong you have nothing to hide" have some sense.
    I, personally, wouldn't spend single minute of my life on some "encrypted-p2p-whatever" app, for very simple reason. Since virtually all other mine (and of other people) communications are plain-text; using encryption of _some_ is like posting note for police - "here is stuff you want to look at".
    Contrary to most people here, I (unfortunately) had an experience of living in totalitarian country - USSR. And you know what - KGB need not read everyone's mail or wiretap every single phone call. This stuff is as nice as painting your helicopter in black. Yea, that's cool too - but serve little function.
    If for some reason, some intelligence agency (not necessary from US, mind you) will need to know contents of your mail/phone/sms - you _already_ in trouble. They won't bother to break encryption, they will break _you_.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Rekrul, Oct 23rd, 2012 @ 1:46am

    But what if, one day down the line, things change and Canada or another country where Silent Circle has servers tries to force them to build in a secret backdoor for spying? Janke has already thought about that—and his answer sums up the maverick ethos of his company.

    I'm confused; If this is an app that you download to a mobile device and it generates encryption keys on the fly, why does it need servers?

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Corwin (profile), Oct 23rd, 2012 @ 2:00am

    Why is he even hosting it?

    Why not make it distributed peer-to-peer? And on top of TOR / FreeNet / I2P? And a stateless service that keeps no logs whatsoever? Why have to register at all?

    Now that would shake things up a little. "hosting servers", did Kim Dotcom teach nothing to anyone?

    Yeah, the base tech may be a good idea, but as long as there are targetable points of failure, the system's not good enough.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Beech, Oct 23rd, 2012 @ 2:08am

    Re:

    I'm no expert, but I'd guess that you need to download the app from somewhere

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Zakida Paul (profile), Oct 23rd, 2012 @ 2:09am

    Re: done nothing wrong, have nothing to hide

    "if you've done nothing wrong you have nothing to hide" is a load of bollocks.

    What if you innocently say something that taken out of context can be construed as a threat against someone? Who hasn't flippantly said "I'm gonna kill him" when talking about someone who has annoyed us? Or who hasn't uttered the words "This government are hopeless, I can't wait for the revolution"? Now, the vast majority of us have no intention of acting on those words but law enforcement does not have a sense of irony and those utterances could land a perfectly innocent person in some pretty hot water.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Beech, Oct 23rd, 2012 @ 2:11am

    Re:

    If it's easy enough to use, I'll probably be using it, and I don't have anything to hide. I just think it would be funny to make the government spend tons of man/computing hours to try and figure out that my wife just text'd me the grocery list. And that is what very well save this app, popular usage. If EVERYONE is using it, then it doesn't look nearly as suspicious.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Zakida Paul (profile), Oct 23rd, 2012 @ 2:11am

    Re:

    The sad thing is that people feel that they have to encrypt their communications to hide it, not from government or law enforcement, but also from other nefarious people and organisations.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 2:25am

    "Now that would shake things up a little. "hosting servers", did Kim Dotcom teach nothing to anyone?"

    yes, he taught us that he is a big mouth making money on other people's hard work.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 2:35am

    Re:

    0/10, troll harder.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    xploder (profile), Oct 23rd, 2012 @ 2:43am

    Re: Re:

    hi im new here first post so....


    the interface uses the phones original look and feel,
    so if you can call on an iphone, you can use this app.


    i agree that if everyone is using it, why would they single out any one person for using the service,

    to the people who confuse privacy with something to hide,
    ARE THE WALLS ON YOUR TOILET GLASS, what do you have to hide,?
    after all your doing nothing wrong

    oh the internet, anyone using that must must be a criminal hacker.\sarcasm off

    the i have done nothing wrong statement sends chills down my spine, are you aware on the internet there are identity thieves? that intellectual property is worth stealing?
    or that private information "is private" i like talking dirty to my girl, (would prefer my sex life was between me and my girl).

    i have heard that "most" of the details will be "open sourced" and the community will be able to get their hands on it as soon as the papers are finalised.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    And just who defines what is "wrong"?, Oct 23rd, 2012 @ 2:46am

    Re: done nothing wrong, have nothing to hide

    Perhaps you forget too easily that what is "wrong" can be arbitrarily defined by whoever happens to be in power by the passing of bad laws. Perhaps you have forgotten about the reality of kangaroo courts and show trials. Without even knowing it, there are myriad laws you unintentionally break everyday. What if someone in power were to deem you "politically undesirable", and look through every communication you've ever made for the slightest hint of deviance or subversion, and use these pieces of evidence as the basis for trumped up charges against you?

    Privacy allows a society to exist and function without the fear of being crushed by the clumsy and heavy hands of those who wield political power. The people in power have to understand that there are certain lines they cannot cross.

    If a government wants to break a person, they use torture, the courts, and the prisons. Abstract algebra and number theory, however, do not yield to such tools.

    Perhaps you should refresh on your own Soviet history:

    http://en.wikipedia.org/wiki/Alexander_Solzhenitsyn

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Mike Masnick (profile), Oct 23rd, 2012 @ 2:46am

    Re:

    The harder people try to encrypt and hide their communications, they more they look like they have something to hide. It becomes somewhat self-defeating at some point, because the obvious acts of concealment attracts the attention you are trying to avoid.

    Trying to hide something, and yelling "I AM HIDING HERE!" doesn't work out.


    Says the anonyomous coward...

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 3:06am

    Re: Re:

    I hate to say it, but his point is actually valid. If you are the only person who is encrypting data then it draws attention. The defense there is for everyone to encrypt all of their data, but we have a ways to go to get to that point.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    xenomancer (profile), Oct 23rd, 2012 @ 3:17am

    FTFY

    .\sarcasm off
    /linux

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    xenomancer (profile), Oct 23rd, 2012 @ 3:19am

    Re:

    It is based on a subscription service.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    The eejit (profile), Oct 23rd, 2012 @ 4:08am

    Re: Re: Re:

    Yep. However, if millions of people are doing it each day, then perhaps consider that the laws are not correct for the present time.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    John Doe, Oct 23rd, 2012 @ 4:21am

    Why the middleware?

    I would love to see a service like this buy why can't it be software that runs on the endpoints and function without middleware? Whenever there is middleware, there is danger of backdoors, hacking, etc. Just look at RIM in India. If I could run an app that could communicate with the same app on another mobile device with no middleware, I would be interested.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    DUMBASS POLITICIANS, Oct 23rd, 2012 @ 4:24am

    Sorry america, NO one trusts you anymore

    Sorry america, NO one trusts you anymore.
    I have and make my own apps free of you....enjoy

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 4:37am

    The problem is this isn't open source. So what happens when the Government pressures them into shutting their company down? Poof goes the product?

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 4:41am

    Re:

    So why are you hiding? Clearly you have something to hide and are a criminal.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    abc gum, Oct 23rd, 2012 @ 4:41am

    Re: Re: done nothing wrong, have nothing to hide

    Yeah, similarly one should not yell greetings to their friend named Jack in an airport ... the entire globe has become an airport environment. So one had better just scurry along with your head down and not cause any trouble because the man will beat you down for the least little perceived objection to the totalitarian regime.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 4:42am

    Re:

    So he's just like all the deadbeats in Hollywood, making money from other peoples hard work.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 4:42am

    Re: Why the middleware?

    Without static IPs for mobile phones, a means is required to find the called phones current IP address. I presume that their servers are acting as a dynamic DNS server.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    abc gum, Oct 23rd, 2012 @ 4:46am

    Re: Re: Re:

    I think the point is - that governments, corporations, your neighbor should not be eavesdropping.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 5:05am

    I'll stick to a person to person meeting in my shitty car with my radio cranked up to 11.

    Almost forgot I'll definitely be wearing my tin foil hat. (^.~)

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    The Real Michael, Oct 23rd, 2012 @ 5:10am

    Re:

    "The harder people try to encrypt and hide their communications, they more they look like they have something to hide. It becomes somewhat self-defeating at some point, because the obvious acts of concealment attracts the attention you are trying to avoid."

    What it is is a response born out of paranoia that a government agency is attempting to track your every move. The problem here is ...they really are trying to track your every move. They basically admit to as much, what with all their domestic spying programs, willfully infringing people's Constitutional rights.

    What people such as yourself fail to realize is that we're supposed to have privacy rights, like being able to communicate without the government snooping. That said, I don't think I would ever trust a closed encryption app with a central database such as this. For all we know it could be a government smokescreen to easy data-gathering. It's being fronted, after all, by an ex-Navy seal.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    John Doe, Oct 23rd, 2012 @ 5:10am

    Re:

    Tinfoil hats are no longer enough. Technology has improved to the point that they can read your thoughts through your body now and not just your head. Tinfoil body suits are now required.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 5:13am

    Thought this was a good idea until I went to subscribe... $20/month for their basic service? I'd be willing to give em a one-time contribution of $5 for their efforts... this just sounds like a money grab masquerading as tool to protect free speech... not likely to catch on anytime soon.

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    G Thompson (profile), Oct 23rd, 2012 @ 5:15am

    The question I find more interesting is does something like Silent Circle initiate the first United States government outlawing of an otherwise legal application?

    How people so easily forget.

    After WWII and basically still in existence in some form until 2000 (after the signage of the Wassenaar Arrangement - which only allowed short key encryption) it was a criminal offence for a US citizen to distribute or sell in any way whatsoever encryption technology outside of the USA. In fact the military placed it on the United States Munitions List.

    Now the USA has the U.S. Export Administration Regulations (EAR) which makes it an offence to export to certain countries (ie Cuba, Iran, North Korea, Sudan & Syria) or if to be used in the design, development or production of nuclear, chemical or biological weapons, or rocket systems, space launch vehicles, or sounding rockets, or unmanned air vehicle systems (drones) etc.. and the list goes on.. This is also for ANY software producer residing in the USA including Open Source programs.

    Philip Zimmermann's was investigated by the FBI and Customs service in early 90's for his release of PGP onto the internet. RSA wanted it stopped, so did the US Govt.. The ONLY reason it was allowed was the outcry and the US discovering that they are NOT the only country who can create code.

    Then luckily in 1999 David Bernstein pissed off the USG by winning Bernstein v. United States Dept. of Justice, 192 F.3d 1308 (9th Cir. 1999). Though the USG only loosened restrictions, and well...

    the DMCA was born which criminalized all production, dissemination, and use of certain cryptanalytic techniques and technology (now known or later discovered) and IS STILL THE LAW, though not enforced.

    So umm.. yeah back to your original question.

    It's already outlawed, you just forgot about it.

    [personally I wouldn't use this since it is still relying on a third party for routing and key generation/seeding. Give me a white noise/star generator anyday with one time pads.]

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    Richard (profile), Oct 23rd, 2012 @ 5:20am

    Re:

    Which is why the answer is for everyone to encrypt everything - sensitive or not.

    You need to take encryption 101.

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    Richard (profile), Oct 23rd, 2012 @ 5:30am

    Re:

    Are you just talking about the anti-circumvention provisions - or is there more to it than that?

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    John Doe, Oct 23rd, 2012 @ 5:31am

    Re:

    Let me flip that around for you. I have nothing to hide so nobody should be listening.

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    lfroen (profile), Oct 23rd, 2012 @ 6:04am

    Re:

    >> ... and the US discovering that they are NOT the only country who can create code.
    Ah, what a lovely arrogance. Some people in US _still_ believe in modern version of "manifest destiny".
    Yep, there are people on this planet capable to write encryption program and not living in US. What a surprise, really.

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 6:05am

    Re: Re:

    You kind of make his point. You are famous for capturing the IP address of certain AC's to glean information about them. Isn't this exactly what he is saying.

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    The Real Michael, Oct 23rd, 2012 @ 6:05am

    Re: Re:

    Here's what I say to all the people who retread the tired "If you've done nothing wrong then you've got no reason to hide" diatribe: Why not invite an agent to permanently live with you and monitor all of your communications, because that's essentially what you're advocating for when you defend this wholesale intrusion of people's privacy.

    "Do unto others as you would have them do unto you." Words of wisdom. If you resent being spied on for any reason then don't spy on others. The people are supposed to have guaranteed rights, bought and paid for with blood. Therefore, to infringe upon those rights is to show utter contempt for the memories of those who sacrificed themselves.

    This is not the same America I used to know.

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    Killer_Tofu (profile), Oct 23rd, 2012 @ 6:16am

    The saddest part

    The saddest part of this is that an ex-Navy SEAL is hosting his app servers outside of the US for fear of what the government he used to work for will try to do. Does this fact scream out to anyone else besides me?

     

    reply to this | link to this | view in thread ]

  38.  
    icon
    Dan (profile), Oct 23rd, 2012 @ 6:17am

    Re: Re:

    The Real Mike has a point. It is the job of American government to protect the civil liberties of it's citizens. Failing to do that, then it is our responsibility to do so ourselves. What we happen to be doing at the time is irrelevant.

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 6:26am

    Re:

    Ever heard of steganography?

    Steganography is the art/science of writing messages in such a way that, to the outside observer, it is not immediately obvious what the nature of the communication is.

    For example, I could trivially disguise VoIP traffic as HTTP traffic. For anyone that is analysing Internet traffic, it will not be immediately obvious (as in, general purpose computer algorithms won't catch it) that I am using VoIP, and not surfing the web.

    That, coupled with cryptography, would make the work of anyone trying to passively pick up "evil" conversations incredibly hard. You don't stand out in the crowd, because your communications are indistinguishable for the "background noise" of the network.

    Plus, I believe that some day, all our communications will be encrypted. It just makes sense for security and integrity purposes, and the overhead is not all that great. Many sites already offer HTTPS. Things are already heading that way...

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 6:30am

    Bringing it on themselves

    The government/military worries that encryption technology will end up in the hands of the enemy. If they weren't spying on their own people, then maybe only the military would need it!

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 6:33am

    Re:

    Yes, I have something to hide. But hide from whom?

    When I encrypt my communications, it is not to hide from the government. It is to hide from hackers. It is to hide from people sniffing the open WiFi hotspot I am using. It is to hide from a worm on a nearby machine intercepting and redirecting my communications. It is to hide from criminals which could use my information, no matter how insignificant it might seem, as a starting point for identity theft or worse.

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    The dude, Oct 23rd, 2012 @ 6:37am

    Re: Re: Re:

    I think your America only existed in movies and tv ads.

     

    reply to this | link to this | view in thread ]

  43.  
    identicon
    Lord Binky, Oct 23rd, 2012 @ 7:02am

    Re: Re: Re: Re:

    I saw it on a map once.

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    The Real Michael, Oct 23rd, 2012 @ 7:03am

    Re: Re: Re: Re:

    I stopped dreaming a long time ago. Our country has mutated into a corporate-facist dystopia.

     

    reply to this | link to this | view in thread ]

  45.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 7:08am

    Re: Re: Re:

    Evidence?

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Gregg, Oct 23rd, 2012 @ 7:10am

    Re: done nothing wrong, have nothing to hide

    So something very personal that you would like to keep private is perfectly fine for everyone to know about?

    The notion that you have nothing to hide is ridiculous! everyone has something to hide and there are things that the Government does not need to know! and this has nothing to do with national security.
    Frankly the last organization I would want to see my private thoughts and conversations with family and friends is the Government. I've worked the better part of my life for Government organizations and I know first hand that they abuse their power and privileges. They snoop and read, share and spread and worst of all LAUGH at peoples private information. Just because someone applied to work for a government doesn't give them the right to snoop on our private information.

    And remember they'll keep that information forever, not letting you know that it's there and will use it against you if you are ever in their sites for anything! Innocent or Guilty!

    Don't be a fool.

     

    reply to this | link to this | view in thread ]

  47.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 7:18am

    I'm all for this. I'm just curious how they get around the government ban on exportation of encryption technologies.

     

    reply to this | link to this | view in thread ]

  48.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 7:41am

    Re: Why is he even hosting it?

    Because it's for profit, not out of the kindness of his heart.

     

    reply to this | link to this | view in thread ]

  49.  
    identicon
    The Real Michael, Oct 23rd, 2012 @ 8:05am

    Re:

    It's pretty sad when people need to pay a third-party in order to protect their privacy (and even then there's no guarantee).

     

    reply to this | link to this | view in thread ]

  50.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 8:07am

    "Here's what I say to all the people who retread the tired "If you've done nothing wrong then you've got no reason to hide" diatribe: Why not invite an agent to permanently live with you and monitor all of your communications, because that's essentially what you're advocating for when you defend this wholesale intrusion of people's privacy."

    I'm down with a live in agent. Boy, won't someone be surprised when they break into my house, steal my stuff, and it turns out the government had RFID tags and wire taps in all the stuff they stole? MUAHAHAHA! Also, the dude would probably use my internet to pirate shit and we can watch free movies. Double Win! Even better, the government would have to PAY me for this. TRIPLE WIN!

    "The saddest part of this is that an ex-Navy SEAL is hosting his app servers outside of the US for fear of what the government he used to work for will try to do. Does this fact scream out to anyone else besides me?"

    It should scream out what everyone should already know. I don't care WHAT government you have, if you aren't at the least wary of it, you're just plain negligent.

     

    reply to this | link to this | view in thread ]

  51.  
    identicon
    a_fake_name_just_for_this_one_post, Oct 23rd, 2012 @ 8:18am

    Re: Re:

    This. My company has encrypted every internal email for the last ten years. Our office and servers are all virtual, so our communications are frequently going over public networks. We use several layers of encryption, including GPG/PGP on our emails, in case one of our devices were to get intercepted. By whom? We don't care; any leak would be bad. We encrypt everything, whether it includes sensitive client data, product plans, corporate strategies, meeting requests or "hey have you seen this cheap computer on a stick? we should buy like a hundred of them and make a beowulf cluster". (Not an actual email, but you get the idea.)

    A lot of our work is for companies whose data is privileged, and not encrypting it could get us into trouble. So why attract unscrupulous parties to the good stuff by only encrypting some of it?

    As for this product, I can't imagine we'd use it simply because we (and security auditors we trust) can't see the code. And the "self-destructing" functionality sounds like something Microsoft would come up with, imagining a world where no one has virtual machines with which to take screenshots or headphone jacks with which to hook up a voice recorder. It intimates that they expect a level of control over my equipment that I'm not willing to give them without (at least) the same level of control over their code.

    We'll stick with GPG and other open-source tools, thanks. For business, anyway. When most of the people I know outside of business are so comfortable talking about intimate things on Facebook or Twitter that it's comical, I don't have a lot of hope for getting them to run a special app just to talk to me privately.

     

    reply to this | link to this | view in thread ]

  52.  
    icon
    DH's Love Child (profile), Oct 23rd, 2012 @ 8:18am

    Re: Re: Re:

    They (like mos if not all such sites) capture all IP addresses for analysis purposes (hey where are people coming from) and also to help us users differentiate between different AC's. I'm sure he also uses it to weed out spam, and to block abusers. He doesn't use the IP addresses to glean the information.. anybody who reads this blog for any length of time has gleaned the information on their own.

     

    reply to this | link to this | view in thread ]

  53.  
    identicon
    Gregg, Oct 23rd, 2012 @ 8:38am

    Re: Re:

    Obfuscation in other words.... been around for a while. It's a little more tricky to retrain the person you are communicating with than to give them an app to cipher your messages

     

    reply to this | link to this | view in thread ]

  54.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 8:39am

    Re: done nothing wrong, have nothing to hide

    Security services are switching from targeted monitoring of people to gathering all the data they can get hold of and then use computer system to search through the data. This results in bits of data being taken out of context.
    The massive gathering of data can only be considered with the support of computer systems, and I doubt that the security services queries are any better than Google searches.
    Note it can be very difficult to distinguish between a couple of people working an a work of fiction, or on a real assassination plot. In both cases there may be discussion of weapons characteristics and locations and site lines from buildings etc. The current government paranoia about terrorists only increases the risks to innocent people in such situations.

     

    reply to this | link to this | view in thread ]

  55.  
    icon
    John Fenderson (profile), Oct 23rd, 2012 @ 9:03am

    Re: done nothing wrong, have nothing to hide

    is that phrase "if you've done nothing wrong you have nothing to hide" have some sense.


    Except that it's factually incorrect. If you're doing something wrong, you certainly have something to hide. However, a 100% innocent person also has quite a lot to hide, from health status through financial data through sexting to their spouse and so on.

    If for some reason, some intelligence agency (not necessary from US, mind you) will need to know contents of your mail/phone/sms - you _already_ in trouble.


    This is true -- and indeed, if you are engaging in actions that are of extreme interest to an intelligence or law enforcement agency, casual encryption like this is not a huge help to you (but can be helpful as part of a larger security strategy).

    Casual encryption like this is helpful, however, in preventing fishing expeditions and widespread data mining. These sorts of operations are more of a threat to "innocent" people anyway, as they tend to have a higher rate of false positives and can get you wrongly sucked up into the security apparatus.

     

    reply to this | link to this | view in thread ]

  56.  
    icon
    John Fenderson (profile), Oct 23rd, 2012 @ 9:06am

    Re: Re: Re:

    Steganography itself has been done for thousands of years.

     

    reply to this | link to this | view in thread ]

  57.  
    icon
    John Fenderson (profile), Oct 23rd, 2012 @ 9:11am

    Re:

    I don't know this app in particular, but have produce several similar applications in my day. They probably need the servers to facilitate the users being able to contact each other.

    It's trickier than it sounds due to the fact that the IP address of the end points can and do change, especially with mobile devices. The simplest way around this is to have a directory server that tracks who is at what IP address at any given moment.

     

    reply to this | link to this | view in thread ]

  58.  
    icon
    Chosen Reject (profile), Oct 23rd, 2012 @ 9:13am

    Re: Re: done nothing wrong, have nothing to hide

    I'd go one step further. If you have no reason to know, then I have no reason to tell you. It doesn't matter if I have no personal health secrets, or if I were an amateur exhibitionist porn star. If I don't want the government or anyone else to know something, and I've done nothing illegal, then they have no business knowing it, no matter how personal or nonpersonal it may be. If I want to encrypt my boring grocery list of milk and eggs, then by golly I will and the police don't need to know it.

     

    reply to this | link to this | view in thread ]

  59.  
    icon
    Chosen Reject (profile), Oct 23rd, 2012 @ 9:16am

    Re: Re:

    Exactly. If he truly believed what he said, then he'd encrypt his communication and then pass out the key. That way law enforcement would know to look at his communications and be able to decrypt it easily so that they'd know he has nothing to hide.

    AC, why are you hiding your communication in with all of the other innocent people? Got something to hide, eh?

     

    reply to this | link to this | view in thread ]

  60.  
    identicon
    Anonymous Anonymous Coward, Oct 23rd, 2012 @ 9:46am

    Re: Re: Why is he even hosting it?

    Free for personal and priced (service contract really) for business is a business model that works for some.

     

    reply to this | link to this | view in thread ]

  61.  
    identicon
    bob, Oct 23rd, 2012 @ 9:49am

    Re: Re:

    trigger words like "the guest list EXPLODED, so you'll need to pick up some more SOUTH OF THE BORDER salsa. etc.. :-P

     

    reply to this | link to this | view in thread ]

  62.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 10:20am

    Re: done nothing wrong, have nothing to hide

    "done nothing wrong, have nothing to hide"

    Tell that to the Jews in Germany under Hitler.

     

    reply to this | link to this | view in thread ]

  63.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 10:58am

    Re: Re: Re:

    IP addresses are usually set up to be DHCP (Dynamic Host Configuration Protocol). As the acronym implies these Dynamic IPs are temporarily assigned to a network device such as a computer or tablet then later get reassigned to a different network device. In short IP addresses do not identify an individual or usually even a particular computer. They generally identify a Starbucks, McDonalds or an ISP, not really a person.

     

    reply to this | link to this | view in thread ]

  64.  
    identicon
    Rekrul, Oct 23rd, 2012 @ 11:04am

    Re: Re:

    I'm no expert, but I'd guess that you need to download the app from somewhere

    You don't need servers in different countries just to offer an app for download. As hard as it might be to believe, a user in one country can actually connect to and download from a server that's based in another country. Even more amazing, this works from any country to any other country (barring government censorship).

     

    reply to this | link to this | view in thread ]

  65.  
    identicon
    Rekrul, Oct 23rd, 2012 @ 11:05am

    Re: Re:

    It is based on a subscription service.

    Naturally. How stupid of me to think that something beneficial would come without a leash attached...

     

    reply to this | link to this | view in thread ]

  66.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 11:35am

    Re: The saddest part

    Tagged "insightful", however there is a little more to this. Yes, the govt would almost certainly try to pressure a small startup into adding a backdoor. But also, there are laws about exporting encryption capability, and being outside of the U.S. may simplify marketing in other countries. (http://www.bis.doc.gov/encryption/default.htm)

     

    reply to this | link to this | view in thread ]

  67.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 11:38am

    Re:

    Whoops, I posted above about the export control laws before I saw your post. I suspect the fact that their servers are outside of the U.S. has much to do with bypassing those laws.

     

    reply to this | link to this | view in thread ]

  68.  
    icon
    art guerrilla (profile), Oct 23rd, 2012 @ 11:47am

    Re: The saddest part

    yep, our mercenaries aren't safe from their own paymasters...
    ...and yet we still have an endless supply of mercenaries!

    (geez, wonder if it has anything to do with the fact that the military and prisons are about the only industries hiring...
    i wonder...)

    art guerrilla
    aka ann archy
    eof

     

    reply to this | link to this | view in thread ]

  69.  
    icon
    Rikuo (profile), Oct 23rd, 2012 @ 11:53am

    Re:

    I can guess that it's something like Skype.

    You log into Skype with your username and password. Skype's servers now know what machine you're using and its IP address. Your friend then logs in with their own account, Skype knows what machine they're on and their IP address. Your friend calls you, Skype's servers then tell his computer what your IP address is at the time, so he connects to you. From that point on, all the communication data goes between only your two computers, not Skype (or this app in this case).

     

    reply to this | link to this | view in thread ]

  70.  
    icon
    Killer_Tofu (profile), Oct 23rd, 2012 @ 12:38pm

    Re: Re: The saddest part

    Also marked insightful for adding another dimension I did not even think about.

     

    reply to this | link to this | view in thread ]

  71.  
    icon
    Killer_Tofu (profile), Oct 23rd, 2012 @ 12:41pm

    Re: Re:

    My fiancee and I share a dropbox folder with a small text list for groceries. Felt it worked better than writing down a list or having to remember to text it. Now we just add something to the list and its always with both of us. When we buy it, remove from list. Updates everywhere! =D

     

    reply to this | link to this | view in thread ]

  72.  
    icon
    art guerrilla (profile), Oct 23rd, 2012 @ 1:11pm

    security through obfuscation...

    *many*, *many* years ago when *E*C*H*E*L*O*N, *G*R*E*E*N*L*A*N*T*E*R*N, etc were merely rumors of whacked-out k-k-k-konspiracy mongers (like me!), and subsequently turned out to be -not just 100% true- but 200% true, i suggested that we all append a list of assumed trigger words in ALL our emails...

    *IF* even a small-ish proportion of regular folks did this, then it would make intercepting/reading emails based on these trigger words effectively useless...

    BUT, why is it i have to defend myself against my 'own' (sic) gummint, again ? ? ?

    (um, because it AIN'T my -or yours, unless you're a 1 percenter- gummint any more...)

    art guerrilla
    aka ann archy
    eof

     

    reply to this | link to this | view in thread ]

  73.  
    icon
    Beta (profile), Oct 23rd, 2012 @ 1:47pm

    Re:

    ...the DMCA... criminalized all production, dissemination, and use of certain cryptanalytic techniques and technology...

    Cryptanalytic, or cryptographic?

     

    reply to this | link to this | view in thread ]

  74.  
    icon
    PT (profile), Oct 23rd, 2012 @ 1:47pm

    Re: Re: Re:

    Well, simply, everyone should use encryption for everything as a matter of course. It should be built into mail applications. You wouldn't post a letter unsealed, or write your correspondence on postcards, so why would you not take the trouble to seal email?

    I'm regularly asked to sign Draconian non-disclosure agreements for my business, yet the people who are so concerned for their secrets are quite happy to exchange drawings and sensitive business information by unencrypted email that can be snooped from any place on the planet. I've had PGP or its equivalent for twenty years and I always ask these NDA folk to exchange keys, but so far nobody has ever bothered.

     

    reply to this | link to this | view in thread ]

  75.  
    icon
    Beta (profile), Oct 23rd, 2012 @ 2:10pm

    still waiting

    Like others here, I love encryption but won't use (much less subscribe to) a service that asks me for so much trust.

    In particular:
    “We won’t be held hostage,” he says, without a quiver of hesitation. “All of us would rather shut Silent Circle down than ever allow a backdoor or be bullied into an ‘or else’ position.”
    Shutting the company down is one thing; going to jail is something else. What if someone gets into legal trouble over taxes, or stands to lose child custody in a divorce, and a man from the Justice Department shows up and offers to help? Suppose the FBI spreads out some photos on the table and says "we're tracking a major [VILLAIN OF THE MONTH] and we can nail him if you help us". How many employees of this company have the ability to compromise Silent Circle? Which of them is the most naive? Which one loves money the most? Or just doesn't care much about flawless security protocols?

    To put it another way: apart from embarrassment, what is the consequence of a leak for Janke & Friends? Is it nothing? I'll bet it's nothing.

     

    reply to this | link to this | view in thread ]

  76.  
    icon
    Get off my cyber-lawn! (profile), Oct 23rd, 2012 @ 2:16pm

    Re:

    And tin foil undies for those whose head is up their evacuation orifice.

     

    reply to this | link to this | view in thread ]

  77.  
    identicon
    F!, Oct 23rd, 2012 @ 3:57pm

    proprietary == untrustworthy

    If it's not F/LOSS, it can't be trusted. Period.

     

    reply to this | link to this | view in thread ]

  78.  
    icon
    JMT (profile), Oct 23rd, 2012 @ 4:16pm

    Re: Re: Re:

    "You are famous for capturing the IP address of certain AC's to glean information about them."

    And you are famous for making accusations without offering any proof, or even examples.

     

    reply to this | link to this | view in thread ]

  79.  
    icon
    Mike Masnick (profile), Oct 23rd, 2012 @ 4:45pm

    Re: Re: Re:

    I hate to say it, but his point is actually valid. If you are the only person who is encrypting data then it draws attention.

    It's not difficult to hide encrypted data completely, so that people searching don't even know it's there...

     

    reply to this | link to this | view in thread ]

  80.  
    identicon
    Anonymous Coward, Oct 23rd, 2012 @ 7:29pm

    Re: Re:

    "Says the anonyomous coward..."

    Mike, if you don't want anonymous posters, don't permit it.

    Don't ridicule those who choose to use the options you offer, it makes you just look like a hateful prick.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This