Feeds

PGP Zimmermann teams with Navy SEALs, SAS techies in London

Offers 'Silent Phone' crypto to biz, aid workers

The Essential Guide to IT Transformation

Encryption guru Phil Zimmermann is going after security conscious users with his new venture Silent Circle, a security start-up offering ultra-secure VoIP and texting services.

Silent Circle, which opened a UK office this week, charges a monthly subscription of $20 (£13) per month for a bundle of secure voice, text and video services.

Zimmermann, creator of the Pretty Good Privacy (PGP) program, told El Reg that he's done with "trying to convince people that didn't know about crypto that they needed to use encryption". Instead Silent Circle is targeting US forces based overseas, businessmen visiting China and human rights workers: "who know that they need crypto because they are under high threat".

Silent Circle chief exec and co-founder, Mike Janke, said the start-up had ambitions to target the business community as well as power users, thereby gaining a foothold into the enterprise through the industry-wide Bring Your Own Device Trend. Janke is an former Navy SEAL sniper who approached Zimmermann with the idea for a business that became Silent Circle around a year ago.

Silent Circle released a suite of iOS apps in October, and plans to release complementary Android apps in December. The "curated crypto apps", as Zimmermann describes them, offer Silent Phone (secure VoIP), Silent Text (encrypted messaging) and Silent Eyes (desktop videoconferencing, initially only Windows compatible).

Silent Phone offers secure mobile video and voice. The technology uses the ZRTP encryption developed by Zimmermann, and is designed to work over mobile and WiFi networks.

A forthcoming Silent Mail product will be based on PGP Universal and designed to run on smartphones, tablets, and computers using your existing mail program (Outlook, Mac Mail). Secure business packages, calling plans and enterprise packages are also in the works.

Client to client communications using Silent Circle will offer end to end encryption. Users using Silent Circle apps to call from China to landlines in the West, for example, will get the benefit of encryption on the first leg of their journey, to Silent Circle's dedicated servers in Canada. Crypto keys for VoIP calls are thrown away as soon as they are used and texts are encrypted on a device. Communications data, such as IP logs, are kept for 24 hours, and only used for debugging.

"Users don't even have to trust us. They don't have to be worried about Silent Circle being coerced into doing wiretapping," Zimmerman explained.

Janke added that Silent Circle "retained the least amount of data possible" limited to username, email address, hashed password, short-term IP logs and 10 digit private phone number. Credit Card processor Stripe holds the customer credit card data, not Silent Circle.

Silent Circle's site explains the benefits and limitations (the risk of shoulder surfing, malware etc) of its technology.

Our secure communications products use “Device to Device Encryption” – the keys that encrypt your communications are generated on your device and discarded when unneeded. The only exception is Silent Mail which either uses PGP keys you create and manage yourself or allows you to have our PGP Universal server generate them for you.

We do not have the ability to decrypt your communications across our network and nor will anyone else - ever. Silent Phone, Silent Text and Silent Eyes all use end-to-end encryption and erase the session keys from your device once the call or text is finished. Our servers don’t hold the keys.

The technology distinguishes itself from Skype and most mobile voice encryption products by publishing source code, something Janke said appealed to its potential government customers.

Faced with the challenge of intercepting the Skype and IM conversations of terrorist and criminal suspects, law enforcement agencies have increasingly decided to use Trojans as wiretapping tools rather than trying to decipher encrypted traffic. Both Janke and Zimmermann readily conceded that Silent Circle was "not a magic bullet" and wouldn't protect users of compromised devices.

However Zimmermann said that Silent Circle's trust model is specially designed to detect and block man in the middle digital certificate attacks such as the DigiNotar compromise that exposed the privacy of Gmail, Skype and Yahoo users in Iran last year.

The level of security offered by Silent Circle might have appeared to appeal to only a paranoid niche, who would probably have insisted on hardware-based encryption anyway, just a few years ago. But the desire to use the latest smartphones or tablets combined with growing concerns about industrial espionage and privacy have created a potential market for its services and technology.

The combination of the PGP founder teaming up with two Navy SEALs and three British SAS Special Forces communications experts* offers frankly unmatchable geek credibility. ®

Bootnote

*Perhaps actually from 18 Signals Regiment, the electronic warfare/SIGINT/ELINT/communications formation supporting the UK Special Forces. Though there are signaller specialists who are fully badged members of the SAS itself, 18 Regiment would probably have a higher level of corporate expertise.

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.