Feeds

PGP Zimmermann teams with Navy SEALs, SAS techies in London

Offers 'Silent Phone' crypto to biz, aid workers

5 things you didn’t know about cloud backup

Encryption guru Phil Zimmermann is going after security conscious users with his new venture Silent Circle, a security start-up offering ultra-secure VoIP and texting services.

Silent Circle, which opened a UK office this week, charges a monthly subscription of $20 (£13) per month for a bundle of secure voice, text and video services.

Zimmermann, creator of the Pretty Good Privacy (PGP) program, told El Reg that he's done with "trying to convince people that didn't know about crypto that they needed to use encryption". Instead Silent Circle is targeting US forces based overseas, businessmen visiting China and human rights workers: "who know that they need crypto because they are under high threat".

Silent Circle chief exec and co-founder, Mike Janke, said the start-up had ambitions to target the business community as well as power users, thereby gaining a foothold into the enterprise through the industry-wide Bring Your Own Device Trend. Janke is an former Navy SEAL sniper who approached Zimmermann with the idea for a business that became Silent Circle around a year ago.

Silent Circle released a suite of iOS apps in October, and plans to release complementary Android apps in December. The "curated crypto apps", as Zimmermann describes them, offer Silent Phone (secure VoIP), Silent Text (encrypted messaging) and Silent Eyes (desktop videoconferencing, initially only Windows compatible).

Silent Phone offers secure mobile video and voice. The technology uses the ZRTP encryption developed by Zimmermann, and is designed to work over mobile and WiFi networks.

A forthcoming Silent Mail product will be based on PGP Universal and designed to run on smartphones, tablets, and computers using your existing mail program (Outlook, Mac Mail). Secure business packages, calling plans and enterprise packages are also in the works.

Client to client communications using Silent Circle will offer end to end encryption. Users using Silent Circle apps to call from China to landlines in the West, for example, will get the benefit of encryption on the first leg of their journey, to Silent Circle's dedicated servers in Canada. Crypto keys for VoIP calls are thrown away as soon as they are used and texts are encrypted on a device. Communications data, such as IP logs, are kept for 24 hours, and only used for debugging.

"Users don't even have to trust us. They don't have to be worried about Silent Circle being coerced into doing wiretapping," Zimmerman explained.

Janke added that Silent Circle "retained the least amount of data possible" limited to username, email address, hashed password, short-term IP logs and 10 digit private phone number. Credit Card processor Stripe holds the customer credit card data, not Silent Circle.

Silent Circle's site explains the benefits and limitations (the risk of shoulder surfing, malware etc) of its technology.

Our secure communications products use “Device to Device Encryption” – the keys that encrypt your communications are generated on your device and discarded when unneeded. The only exception is Silent Mail which either uses PGP keys you create and manage yourself or allows you to have our PGP Universal server generate them for you.

We do not have the ability to decrypt your communications across our network and nor will anyone else - ever. Silent Phone, Silent Text and Silent Eyes all use end-to-end encryption and erase the session keys from your device once the call or text is finished. Our servers don’t hold the keys.

The technology distinguishes itself from Skype and most mobile voice encryption products by publishing source code, something Janke said appealed to its potential government customers.

Faced with the challenge of intercepting the Skype and IM conversations of terrorist and criminal suspects, law enforcement agencies have increasingly decided to use Trojans as wiretapping tools rather than trying to decipher encrypted traffic. Both Janke and Zimmermann readily conceded that Silent Circle was "not a magic bullet" and wouldn't protect users of compromised devices.

However Zimmermann said that Silent Circle's trust model is specially designed to detect and block man in the middle digital certificate attacks such as the DigiNotar compromise that exposed the privacy of Gmail, Skype and Yahoo users in Iran last year.

The level of security offered by Silent Circle might have appeared to appeal to only a paranoid niche, who would probably have insisted on hardware-based encryption anyway, just a few years ago. But the desire to use the latest smartphones or tablets combined with growing concerns about industrial espionage and privacy have created a potential market for its services and technology.

The combination of the PGP founder teaming up with two Navy SEALs and three British SAS Special Forces communications experts* offers frankly unmatchable geek credibility. ®

Bootnote

*Perhaps actually from 18 Signals Regiment, the electronic warfare/SIGINT/ELINT/communications formation supporting the UK Special Forces. Though there are signaller specialists who are fully badged members of the SAS itself, 18 Regiment would probably have a higher level of corporate expertise.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.