Join 3,561 readers in helping fund MetaFilter (Hide)


Shhhhhhh …..
February 5, 2013 8:40 AM   Subscribe

Silent Circle, a security start-up led by PGP creator Phil Zimmermann and two ex-Navy SEALs, has been teasing technology that purports to make mobile communications "virtually invulnerable to surveillance efforts" for a few months (previously). Now, they're pushing a "groundbreaking encrypted data transfer app that will enable people to send files securely from a smartphone or tablet at the touch of a button." The company has pledged not to comply with law enforcement surveillance requests, nor to provide backdoor access for the FBI.
posted by jbickers (49 comments total) 26 users marked this as a favorite

 
I've always been weary of this kind of claim, and I admit that it's my own lack of education in this arena. But, how are we sure that this is really secure? Isn't encryption/decryption technology always progressing?

But props to them for not providing carte blanche access to the FBI and other Law Enforcement.
posted by furnace.heart at 8:44 AM on February 5, 2013


If anybody has the background to be trusted to make encryption software for private use that is both technically sound and trustworthy, it would probably be Phil Zimmerman. You have more reason to distrust Apple and the system they put on your phone than you do his app.
posted by idiopath at 8:52 AM on February 5, 2013 [12 favorites]



I've always been weary of this kind of claim, and I admit that it's my own lack of education in this arena. But, how are we sure that this is really secure? Isn't encryption/decryption technology always progressing?


It's not usually encryption breaking that's a problem, it's what happens to the information before and after it's sent. At some point your data must be unencrypted and if it's done on a vulnerable device then you're in trouble. When they're talking about FBI backdoors they're speculating on whether or not your secure device will be sabotaged right out of the box, not on whether or not the encryption technology works.
posted by Stagger Lee at 8:56 AM on February 5, 2013 [4 favorites]


Is there a problem with VOIP and data over SSH now?
posted by jaduncan at 8:59 AM on February 5, 2013


I've always been weary of this kind of claim

I'm wary as well, but Phil Zimmerman is pretty much on my 'trustworthy good guys' list. So there's that.
posted by pjern at 9:01 AM on February 5, 2013 [3 favorites]


jaduncan: "Is there a problem with VOIP and data over SSH now?"

your mom doesn't know how to use voip over ssh on her iphone
posted by idiopath at 9:01 AM on February 5, 2013 [12 favorites]


Full disclosure: I'm part of a startup with a competing product. The problem with Silent Circle is that it requires you to disclose your own identity to Silent Circle, even if they can't read your traffic. This makes it completely useless for organisations (eg private Swiss bankers) who want to keep their own traffic on their own servers.
posted by unSane at 9:02 AM on February 5, 2013 [1 favorite]


Is there a problem with VOIP and data over SSH now?

I'm guessing ease of use on a smartphone or tablet for the average user would qualify as a problem with that solution, yes.
posted by tocts at 9:02 AM on February 5, 2013


Yes, entrusting your data to guys who can be reactivated by the Pentagon at any time is a *fantastic* idea.
posted by mobunited at 9:11 AM on February 5, 2013 [3 favorites]




If anybody has the background to be trusted to make encryption software for private use that is both technically sound and trustworthy, it would probably be Phil Zimmerman. You have more reason to distrust Apple and the system they put on your phone than you do his app.
posted by idiopath at 8:52 AM on February 5 [3 favorites +] [!]


The devices and people sending and receiving the data are almost always the weak point in secure data transfers, not the encryption itself. And that of course really underscores the problem here: if the government wants access to your data, encryption is not going to be what stops them. As xkcd concisely illustrated, you don't need fancy technology when you can hit someone with a five dollar wrench.*

*Randall Monroe must have a source on cheap wrenches, they're not five dollars where I am.
posted by Stagger Lee at 9:16 AM on February 5, 2013


But, how are we sure that this is really secure? Isn't encryption/decryption technology always progressing?

Presumably they would be using standard encryption methods that have been analyzed for years with no major vulnerabilities found. As with PGP, the hard part is not having solid encryption, it's coming up with a overall system that is both secure and usable for the end user. Almost nobody encrypts their email because there's a lot of setup involved and it's hard to make sure that everyone else uses the same system, even though there are plenty of encryption schemes that would work great for email.
posted by burnmp3s at 9:17 AM on February 5, 2013 [3 favorites]


your mom doesn't know how to use voip over ssh on her iphone

Now I don't know every detail of my mother's life, but I'm also going to guess she isn't in the market to pay Silent Circle a monthly subscription for secure comms.
posted by jaduncan at 9:17 AM on February 5, 2013 [1 favorite]


Presumably they would be using standard encryption methods that have been analyzed for years with no major vulnerabilities found. As with PGP, the hard part is not having solid encryption, it's coming up with a overall system that is both secure and usable for the end user. Almost nobody encrypts their email because there's a lot of setup involved and it's hard to make sure that everyone else uses the same system, even though there are plenty of encryption schemes that would work great for email.
posted by burnmp3s at 9:17 AM on February 5


Yeah, and I think what they're really trying to sell here is the ease of use on i-products.
You have to dig through a lot of cruft and ranting about evil governments and shadowy hackers to get that from the articles though.
posted by Stagger Lee at 9:19 AM on February 5, 2013


"Is there a problem with VOIP and data over SSH now?"

I believe there's an attack on encrypted voice communications that exploits how the audio compression works. Basically when Alice isn't speaking, the bit rate drops. This can be used to identify the pauses between words, and then figure out what words fit in the spaces.
posted by borkencode at 9:19 AM on February 5, 2013 [1 favorite]


I believe there's an attack on encrypted voice communications that exploits how the audio compression works. Basically when Alice isn't speaking, the bit rate drops. This can be used to identify the pauses between words, and then figure out what words fit in the spaces.

Now that is interesting. Does that mean you can defeat it by sending uncompressed or CBR audio at the cost of bandwidth?
posted by jaduncan at 9:22 AM on February 5, 2013


mobunited: they claim that they don't see your data, they only see who is sending to who (and are saying they won't even be storing that information).

Are connections between users done point to point? If not, is there some backdoor in the encryption algorithm?

If this were open source software and/or run on a device you actually control in a meaningful way, these questions could be answered a little easier. But thanks to the way the iphone ecosystem works, you can't ever have a secure setup on an ios device.

borkencode: "Basically when Alice isn't speaking, the bit rate drops. This can be used to identify the pauses between words, and then figure out what words fit in the spaces."

"William Shatner is clearly a terrorist, what other reason would he have for introducing randomized pauses and arbitrary elongations of word duration into his speech?"
posted by idiopath at 9:24 AM on February 5, 2013 [2 favorites]


This is PZs second or third crack telephony encryption. Maybe a couple ex-navy SEALs were the missing ingredient all along.
posted by Ad hominem at 9:27 AM on February 5, 2013


I believe there's an attack on encrypted voice communications that exploits how the audio compression works. Basically when Alice isn't speaking, the bit rate drops. This can be used to identify the pauses between words, and then figure out what words fit in the spaces.

There was an ssh exploit that used the same timing analysis between packets to figure out what characters were being sent based on a person's typing pattern.
posted by RonButNotStupid at 9:28 AM on February 5, 2013 [4 favorites]


jaduncan: "she isn't in the market to pay Silent Circle a monthly subscription for secure comms."

Fundamentally I am of the opinion that if you would ever have reason to send an enclosed letter rather than a postcard, then you have valid reason to use end to end encryption. Anything that makes it more common and easier to use is a win.
posted by idiopath at 9:28 AM on February 5, 2013 [1 favorite]


This sounds like a bad encryption implementation, since encrypted data should have preimage resistance, which of course is the point everyone is making above, it's usually a failed implementation or failed key management that leads to encryption breaks, rather than failures of the algorithm itself.
posted by odinsdream at 9:31 AM on February 5, 2013 [1 favorite]


I agree, which is why I'd prefer an open source and non-paid system.
posted by jaduncan at 9:33 AM on February 5, 2013 [2 favorites]


I generally interpret claims like "We won't ever tell the FBI what you're up to! Never ever ever!" to mean the party making such a claim is the FBI.

Because, I mean, come on. At the very least, they're goading law enforcement into covertly infiltrating their organization ASAP.
posted by Sys Rq at 9:33 AM on February 5, 2013


I guess this is good. There's kind of a problem right now when it comes to secure voice communication. In theory you can encrypt SIP, but a lot of SIP ATAs don't support it, few softphones do, and most people only do SIP between their ATA and some sort of VOIP provider that connects to the PSTN to do call routing anyway, so it would go into the clear at that point as it was routed around, even if the ultimate destination was also a SIP endpoint. It's very, very hard to get end-to-end encryption working, and even if you can get a clear path for SIP to work over (poking holes in firewalls along the whole way), then you have to screw around with certificates. (Any cryptosystem that involves certificates is basically dead on arrival as far as most users are concerned, unless they have a department full of IT drones to constantly manage the stupid things. Terrible.)

If you put a gun to my head right now and told me I had to set up a secure voice channel between two points, I'd probably tell you to get two analog phone lines and two modems and two computers old enough to run PGPfone, because as far as I'm concerned that's the high-water mark of easy-to-use voice channel encryption for a semi-casual user. (And also, if you had a gun to my head I figure running around trying to find two analog phone lines and two modems ought to keep you busy for a while.) And PGPfone was written in 1995. Clearly we can do better than that.
posted by Kadin2048 at 9:34 AM on February 5, 2013 [3 favorites]


In fairness, I will say that Zfone, which was another Zimmerman effort, looked really promising but then it stagnated and seemingly died. It suffers from the SIP routing problem I described above though, in that it doesn't survive call paths that go from SIP to the PSTN and then back to SIP later on, which is what happens to basically every call made using a traditional NANP number.

IMO, what we need is something like Zfone, but that operates further down (in the sense of being closer to the user) in the protocol stack -- something like an analog "scrambler", that actually mangles the incoming audio before it gets compressed and fed into the SIP connection at all. You'd need to force the use of an uncompressed audio codec for this to not fail spectacularly (much like T.38 fax), but requiring 64Kbps doesn't seem that onerous. Maybe the encryption module would take the place of the G.711 codec itself. That way an encrypted call wouldn't be any different to the phone system than a normal call, and would be routed the same way, all the way to the destination where it would be encrypted.

Presumably, since Zimmerman isn't a dumb guy, he's already thought of this, but I can't help but think that a lot of VOIP folks keep looking for elegant solutions (e.g. ones that reuse TLS or IPSec) when what we really need is a brutal, ugly, but workable solution.
posted by Kadin2048 at 9:50 AM on February 5, 2013


I agree, which is why I'd prefer an open source and non-paid system

This makes it completely useless for organisations (eg private Swiss bankers) who want to keep their own traffic on their own servers.

Which brings me to a previous quote of mine, about the same software:

Selling encryption software to people is a losing business. First off, the people who really care about this demand open source, on every single part on the system, from client to server to protocol. They probably won't trust any service on a remote provider, especially because your security could disappear the second a warrant is issued. So how do you make money on a service that must be locally installed, and must be open sourced. It was the same problem PGP had.

Also, it seems like you can't have an encryption service that's A) easy enough for the folks at home to use and B) secure enough that the government can't intercept, which makes it useless for the cryptography maximalists. So no cryptography service can ever reach the user share needed for encryption not to be seen as circumstantial evidence of wrongdoing, while being secure enough that rubber hose cryptanalysis is not a possibility.
posted by zabuni at 9:54 AM on February 5, 2013 [5 favorites]


There's nothing dumber than a phone with unbreakable security. Its like Osama bin Laden's compound--the fact that it wasn't hooked up to the outside world is the giveaway. Similarly a phone the cops can't read once they get a warrant? Talk about knowing you've hit the jackpot as an investigator. You'll draw more attention, not less.
posted by Ironmouth at 10:05 AM on February 5, 2013


Ad Hominem: This is PZs second or third crack telephony encryption. Maybe a couple ex-navy SEALs were the missing ingredient all along.

If the data is about to be compromised, they pop up out of nowhere and use their Awesome Karate Power to scramble it.

Bruce Schneier has been wasting his time on all that math nonsense, that's for sure.
posted by dr_dank at 10:09 AM on February 5, 2013 [1 favorite]


I think the only effective way to ensure secure communications is to install a better designed government.
posted by srboisvert at 10:28 AM on February 5, 2013 [3 favorites]


Stagger Lee: *Randall Monroe must have a source on cheap wrenches, they're not five dollars where I am.

Harbor Freight has a 10" pipe wrench for 3.99

They also have supplies for rubber hose cryptanalysis.
posted by dubold at 10:41 AM on February 5, 2013 [1 favorite]


I would imagine that those who would be interested in this sort of thing would also be interested only if there were a way it could be untraceably paid for. Obviously the App Store or Google Play do not qualify. Do they take bitcoin or prepaid credit cards?
posted by 8dot3 at 11:37 AM on February 5, 2013


Ahh, I do see the link to the Ronin card. For which they accept Mastercard, Visa and Amex. No bitcoin I guess.
posted by 8dot3 at 11:39 AM on February 5, 2013


You can't secure comms out of an iPhone.

Firstly, you can't inspect the code.
Secondly, Apple has superior privs to you in any case.
posted by jaduncan at 1:10 PM on February 5, 2013 [1 favorite]


Stagger Lee: *Randall Monroe must have a source on cheap wrenches, they're not five dollars where I am.

Heh, Randall Monroe acknowledges this in the associated/mouseover/hover text -
"Actual actual reality: nobody cares about his secrets. (Also, I would be hard-pressed to find that wrench for $5.)"
posted by TwoWordReview at 1:10 PM on February 5, 2013 [1 favorite]


First of all, I like, trust, and respect Zimmerman.

But, to play word parser here, the claims that they won't "not cooperate with surveillance requests from law enforcement" (that quote is from the engadget article, and not in quotation marks when it's made) is a very different thing from saying they won't comply with search warrants signed by a judge.

But there seem to be a lot of companies that will submit to law enforcment requests when they are not legally obligated to, so I'm happy that these guys say they won't do this. I am curious how they would respond to signed warrants though. Even (quite trustworthy) Hushmail does what they are told when the law demands it of them.
posted by el io at 1:47 PM on February 5, 2013 [1 favorite]


While we're talking about using traffic analysis instead of directly decrypting traffic, can anyone find the link to the article about software that (provided it can snoop LAN traffic) can find out where you're looking at on google earth, even when all communications are over https? As far as I recall, this proof-of-concept program worked from knowldge about the compressed sizes of map tiles served up by google...
posted by jepler at 1:49 PM on February 5, 2013


aha, here it is: I can still see your actions on Google Maps over SSL
posted by jepler at 2:39 PM on February 5, 2013 [1 favorite]


Language Identification of Encrypted VoIP Traffic—figure 1 shows you pretty quickly why the idea that you can recover a fair portion of the original speech data from the size of the encrypted packets is quite plausible.
posted by jepler at 2:43 PM on February 5, 2013


There is no value in a closed source crypto system, sorry guys. If you need secure communications on your phone, then dump your iPhone for an Android, ideally dump your phone's default install for CyanogenMod too, and definitely start using the packages on guardianproject.info.
posted by jeffburdges at 5:38 PM on February 5, 2013 [2 favorites]


There's nothing dumber than a phone with unbreakable security. Its like Osama bin Laden's compound--the fact that it wasn't hooked up to the outside world is the giveaway. Similarly a phone the cops can't read once they get a warrant? Talk about knowing you've hit the jackpot as an investigator. You'll draw more attention, not less.

Not if everyone uses it. Or at least a sizable number of people do. It can be as unsuspicious as a locked door or sealed envelope.
posted by ignignokt at 6:36 PM on February 5, 2013 [3 favorites]


Never trust assertions that crypto is "anonymous" or "invulnerable to surveillance" if you can't look at the code for yourself. And never trust a crypto provider who wants your identifying info but promises not to hand it over.

If it's not a honeypot, it might as well be. Why is there a need for this centralized service when we have TOR?
posted by dunkadunc at 7:00 PM on February 5, 2013


One of the things people always miss in this stuff is that actually most people require privacy, not security. Which is to say they don't need hard cryptography, but simply a degree of encryption which makes snooping difficult. They are less worried about the NSA devoting a supercomputer to their communications and more worried about it ending up being trawled as part of a generalised big data fishing expedition. They also require it to be easy to use, and free.
posted by unSane at 7:22 PM on February 5, 2013 [3 favorites]


Considering how many communications are now being stored, it would be wise to be prepared for multiple future possibilities in the national 'security' regime.

These possibilities range from the NSA replacing its mission with the feeding and petting of fuzzy bunnies, to other, much less nice eventualities.
posted by dunkadunc at 7:32 PM on February 5, 2013


What's more, the company's also pledged to not cooperate with surveillance requests from law enforcement, nor will it compromise the service's integrity by introducing a "backdoor" for the FBI.

That's a mighty strong stance to take against Uncle Sam, but Janke's not concerned. If the United States government does eventually prove an impediment, he's ready to move Silent Circle's shop to a locale that understands "...every [citizens'] right to communicate... without the fear of it being... used by criminals, stored by governments, and aggregated by companies that sell it."
I hope they've thought this through better than they communicated to this writer, because what's written here is rah-rah amateur hour. They are going to receive requests that are mandatory under current law: there's no "if" about whether the government will come down on them for non-compliance. I'd like to hear what locale is a good candidate to move their operations to, and what their business looks like then. (Will they still be getting paid through app stores or credit card processors that fall under U.S. jurisdiction?)

Best case: this talk about whether they comply with law authority requests is a smokescreen, and they've actually put their efforts into as much technical difficulty as they could design into their system against their being able to derive transactional data or to man-in-the-middle the key exchange, etc.

If they do a good enough job of that, the problem shifts to whether they can be compelled to release a backdoored version, or whether the carrier puts wiretap code in a system image instead.
posted by away for regrooving at 12:07 AM on February 6, 2013 [1 favorite]


One of the things people always miss in this stuff is that actually most people require privacy, not security. Which is to say they don't need hard cryptography, but simply a degree of encryption which makes snooping difficult. They are less worried about the NSA devoting a supercomputer to their communications and more worried about it ending up being trawled as part of a generalised big data fishing expedition. They also require it to be easy to use, and free.

While that's certainly true, there's a huge problem in defining 'difficult' given how technology advances. My account information is the same as it was ten years ago. If I had sent it over the net using a standard of encryption that was good enough for privacy ten years ago, anyone who trawled it then and sat on the data until now would have a much easier time recovering useful information about me that's still mostly valid.

I'm not worried about the NSA devoting significant amounts of time to monitor my communications. I am worried about someone from the future using commodity hardware and archived communications to determine the name of my first pet.
posted by RonButNotStupid at 4:38 AM on February 6, 2013


Just fyi, I'd no luck installing Orbot off Google Play, but the F-droid install worked perfectly.
posted by jeffburdges at 8:18 AM on February 6, 2013


Ironmouth: There's nothing dumber than a phone with unbreakable security. Its like Osama bin Laden's compound--the fact that it wasn't hooked up to the outside world is the giveaway. Similarly a phone the cops can't read once they get a warrant? Talk about knowing you've hit the jackpot as an investigator. You'll draw more attention, not less.
You're assuming that the only reason to encrypt is to avoid suspicion. Rather, I assume the most common reason to encrypt is to avoid incrimination after the authorities are already watching you.
posted by IAmBroom at 2:24 AM on February 9, 2013


"One of the things people always miss in this stuff is that actually most people require privacy, not security. Which is to say they don't need hard cryptography, but simply a degree of encryption which makes snooping difficult. "

Crypto doesn't really work that way... Data isn't 'somewhat encrypted', there isn't a simple dial that keep the 'bad guys' out but lets governments in.
posted by el io at 10:08 PM on February 9, 2013


I know how crypto works. Like I say I'm part of a crypto startup. The point is that it's easy to go down the rabbit hole of worrying about compromised handsets and all sorts of funky side-channel attacks which are really only a concern for people who are likely to be the subject of a very targeted attack. Whereas what most people need is a free, easy-to-use service that doesn't require them to disclose their identity to a third party and keeps the keys only on the handsets of the participants of the conversation. You obviously use hard encryption on the data, but ease of use and anonymity are enormously important because without them people will not use the service.

There's a herd immunity thing here: we should all be using encrypted comms all the time, and use the keys to grant access to those whom we wish to share our information with. And that should be trivially easy to use. But of course it is not in the interest of Google and Facebook to provide that.
posted by unSane at 2:27 PM on February 10, 2013


AND Silent Circle are bullshitting if they say they won't co-operate with requests from LE and so on. I understand their servers are located in Canada, but good luck with that one the subpoenas start flying.

The ACTUAL solution to this is to build the system from the ground up with an architecture which makes it impossible to comply with such requests, but co-operate with them to the fullest extent that your architecture makes possible, and be honest about that.
posted by unSane at 2:30 PM on February 10, 2013 [1 favorite]


« Older The Face Of A 'Computer' From 1946...  |  For Your Consideration - Anne... Newer »


This thread has been archived and is closed to new comments