Feral Jundi

Wednesday, October 10, 2012

Mobile Apps: Silent Circle

Check this out. Silent Circle is a subscription service that promises to deliver a secure and encrypted communications platform. Phil Zimmermann put this concept together and he is marketing this thing for security professionals with the help of some former Navy SEALs.

What I like about this service is that companies could actually set up accounts with contractors/employees using Silent Circle, and know that the communications between all parties will be secure. From the phone calls to text messages to emails–the entire communications system will be secure and extremely difficult to hack.

Families can also be a part of a separate Silent Circle account between the contractor and their loved ones/friends. This is great because today’s enemy’s and hostile governments all have a desire to hack into the accounts of folks involved with security operations throughout the world. They monitor everything from Facebook and Twitter accounts, to emails/phone calls etc. You have to assume all of that is happening, and to have any tools to help in the battle to secure your communications is a good thing. –Matt

 

 

Silent Circle

When a Silent Circle subscriber makes a phone call, sends a text or video chats with another Silent Circle member, that transmission is secured and encrypted end-to-end from the iPhone, Android, iPad or computer on our crystal-clear secure network. Silent Mail is an elegant and encrypted email solution, however, it utilizes server side key encryption not peer-to-peer. Our Silent Phone, Silent Mail and Silent Text products also allow you to call or send/receive emails to anyone in the world – any phone number – any email address, even to those not in our secure Circle (subscribers). Our products download from the Apple App Store, Android Play Store and from our website – simple, fast, secure.
Silent Network
We Designed It, We Custom-Built It & We Own The Network
Silent Circle Network provides encrypted communication tools that leverage cutting edge and simple to use apps and software. Here’s how we do it:
• Open Source Peer-Reviewed Encryption – Our founders are the inventors of the world’s most trusted encryption protocols: PGP, ZRTP, SCimp
• Multimillion dollar custom-built high definition network
• Geographic server redundancy – Servers located in Montreal and Toronto built with scalability for continued geographic expansion (Our Switzerland Network will come online Fall 2012)
• 100% dedicated network – No sharing
• Custom-built servers, PBXs and hardware – Ensuring security integrated through design
• E-Commerce, customer service, analytics and network monitoring software all custom built and designed to ensure security
• Device-to-Device Encryption – True peer-to-peer key negotiation with every communication session. Keys are destroyed at the end of every call eliminating the possibility of retroactive compromise
• Interactive Voice Authentication – Visual and vocal encryption verification eliminating the possibility of MiTM (man in the middle) attacks and a short authentication string (SAS)
• Peer Reviewed Encryption and Hashing Algorithms
– Elliptic Curve Cryptography (P-384)
– Advanced Encryption Standard (AES-256)
– Secure Hash Algorithm (SHA-256)

Company website here.

—————————————————————-

Phil Zimmermann’s Silent Circle Builds A Secure, Seductive Fortress Around Your Smartphone
By Neal Ungereider
October 5, 2012
The cryptography legend is teaming up with two ex-Navy SEALs to offer encrypted phone calls, video conferencing, and text messages with no learning curve whatsoever. The target market? Businesspeople and government employees traveling abroad.
In the 1990s, cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann faced federal criminal investigation. His encryption software was so strong, it was charged, there was fear it violated arms trafficking export controls.


Now Zimmermann has launched a new startup that provides industrial strength encryption for smartphone users. And this time around, his business partners include two ex-Navy SEALs.
Silent Circle, which launches on October 15, is a secure communications product for Android and iOS that works on a paid subscription model. Users will have access to encrypted phone calls, emails, VoIP videoconferencing, SMS text messages, and MMS multimedia messages. Security varies depending on whether communications are made to another user on Silent Circle’s closed network, or to an outside user. Text and multimedia messages are wiped from a phone’s registry after a pre-determined amount of time, and communications within the network are allegedly completely secure.
Subscribers will pay $20 a month, which includes unlimited subscriber-to-subscriber conversations, encrypted video conferencing, encrypted text messaging, encrypted email, and storage. Text messages will only be encrypted when sent to other Silent Circle subscribers. Outdialing to public telephone networks (in which Silent Circle users’ ends are secure but the other end is insecure) will be optional with an additional fee. For an additional $39 a month, Silent Circle is offering 3000 calling minutes for the United States, Canada, and Puerto Rico. However, release of the encrypted email product has been delayed “so that they can focus on the launch of” the other products. Silent Circle was originally supposed to launch on September 17 before being pushed back to October.
Once installed, Silent Circle has a simple interface that requires no learning curve to encrypt communications. The project’s target market, according to Zimmermann, are troops serving abroad, foreign businesspeople in countries known for surveillance of electronic communications, government employees, human rights activists, and foreign activists. For enterprise sales, Silent Circle will be marketed direct to employees as a security measure which they can deduct from their travel expenses. While the company appears to be focusing on the mobile market, a secure Windows VoIP communications product will be released on October 15th as well; full desktop versions for Windows and Mac will be launched at a later date.
THE STARTUP’S SECRET SAUCE IS THE DEAD-SIMPLE INTERFACE.
“Almost all of the companies in enterprise and defense that came to us, 60% of their problems are away from the office,” says Zimmermann. “Everyone has a solution [for security] inside your building and inside your network, but the big concern of the large multinational companies coming to us is when the employees are coming home from work, they’re on their iPhone, Android, or iPad emailing and texting. They’re in a hotel in the Middle East. They’re not using secure email. They’re using Gmail to send PDFs. At the same time, the companies can’t mandate what employees put on their personal iPads.
Zimmerman claims that, “there isn’t a commercial service out there that you can trust,” just before underscoring his company’s primary ambition: “Where do you build that trust into an elegant platform?”
Zimmermann’s partners at Silent Circle are PGP Corporation cofounder Jon Callas and former Navy SEALs Mike Janke and Vic Hyder. Both Hyder and Janke have both been involved with security consultant businesses (Hyder at Trident Crisis Management Group and Janke at SOC) and have extensive ties to the close-knit community of military contractors serving overseas. In conversations with the press, the team emphasizes their mix of computer security bona fides and special forces experience. Besides the two SEALs, the company’s employees also include three British ex-SAS communications experts.
The startup’s secret sauce is the dead-simple interface of their secure communications products. Both the iOS and Android versions are skinned to look like their respective systems’ dialing/text message systems. Video conferencing strongly resembles Skype. Subscribers will have ten-digit identification numbers which resemble phone numbers (and which, Silent Circle claims, will become phone numbers at a later date). Zimmermann deliberately contrasts this to his experience at PGP, which he tells Fast Company “went over to enterprise so much that it was neglecting the individual. This, however, was all about the individual. It was very appealing to me. It sounded like a market that needed to use this–I spent a lot of years trying to tell people who didn’t care about cryptography why they had to care about crypto, now here are people who already do.” Unlike PGP, which required a steep learning curve, Silent Circle’s peer-to-peer encryption does not require any training or prior experience.
Of course, any encryption tool is only as good as the encryption it provides. If Silent Circle promises secure encryption, they need to deliver it to their customers. Another high-profile encryption tool, Cryptocat, was at the center of controversy earlier this year when Wired’s Patrick Ball raised serious concerns about its effectiveness. For encryption tools, which are frequently used by dissidents living under repressive regimes and others with legitimate reasons to avoid government surveillance, the consequences of failed encryption can be deadly.
Silent Circle, in fact, pushed back their release date by more than a month in order to fine-tune their product before public release. The company boasts that they use open source peer-reviewed encryption and offer redundant servers abroad; encryption and hashing algorithms used by Silent Circle include Elliptic Curve Cryptography (P-384), Advanced Encryption Standard (AES-256), and Secure Hash Algorithm (SHA-256). Users will also be offered options for the Skein hash function, as well as the Twofish and Threefish ciphers. These functions and ciphers are commonly used in other encryption tools.
According to Zimmermann and Janke, all products use device-to-device encryption. PGP RSA public key encryption will be used for emails, ZRTP for video and voice, and a custom instant message protocol called SCimp, which, Silent Circle says, is currently in the peer review process, will be open sourced with white papers to follow.
UNLIKE PGP, WHICH REQUIRED A STEEP LEARNING CURVE, SILENT CIRCLE’S PEER-TO-PEER ENCRYPTION DOES NOT REQUIRE ANY TRAINING OR PRIOR EXPERIENCE.
The email product will be a Sparrow-like app with 100% peer-to-peer encryption. Text messages will be encrypted device-to-device with a special option to set a timer that will erase them from the registry. As a bootstrapped for-profit encryption firm, Silent Circle’s financial health will only be as good as the product they put forward. “We delayed the launch so that we’d be absolutely sure our company had everything,” Zimmerman told Fast Company.
Silent Circle stresses that their product offers secure communications within the networks and only uses Canadian servers that are outside of U.S. government control. Canada has far more stringent data privacy regulations than either the United Stations or the European Union, meaning that users’ encrypted communications are less likely to be intercepted by American authorities. Zimmermann and Janke noted that law enforcement and outside parties would not be able to snoop on communications conducted via Silent Circle; they also noted that law enforcement are frequent users of services such as Tor, which they use to avoid surveillance by outside intelligence agencies. The company also stressed that only users would be able to decrypt secure conversations; Silent Circle will not have eavesdropping abilities. Besides the Canadian servers, additional servers will be added in Switzerland.
Hyder, Janke, Zimmermann, and Callas all emphasized that their company was a “double-only-Nixon-can-go-to-China-thing” where their combination of cryptography bona fides and military connections opened more potential markets than either would have on their own. Silent Circle is aggressively chasing after companies who will steer individual employees their way as customers, even down to offering pre-paid encryption gift cards called “Ronin Cards.” Purchase for most of Silent Circle’s encryption products will be through the company’s website and the secure phone call and text message applications will be sold through Apple and Google’s app stores.
While the company talks a great deal about Silent Circle’s benefits for activists abroad, the $20 a month subscription fee filters many of them out. It seems more likely that the primary market will likely be corporations, governments, consultants, military serving abroad, and military contractors. According to the company, a deliberate choice was made to sidestep procurement cycles and market their product directly to users as a tool to be placed on expense accounts.
Story here.

1 Comment

  1. I’ve been reading about this.  It’s very interesting, I shot the article link and website to my boss. Communication security when dealing with individuals overseas is always a tough issue.

    Comment by MoreLiberty — Thursday, October 11, 2012 @ 9:05 AM

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress