Wednesday, February 6, 2013

Cryptography super-group creates unbreakable encryption designed for mass market

phonelock

Share This article

Silent Circle is the closest thing to a super-group in the cryptography universe, and for months it has just been sitting. The public wondered what monster figures like Phil Zimmerman, creator of PGP and the modern cryptographic world, or John Callas, inventor of Apple’s Whole Disk Encryption, could have up their sleeves. Teaming up with a number of Navy SEALs and other military professionals certainly added an element of intrigue, and an early call-encryption app was dismissed with little comment — they must have something juicier in the pipe. Now, it turns out that the juice was actually quite simple: Silent Circle will offer a previously military-grade encryption service to the average smartphone user — and to the military itself, of course.
For an annual price of $20/month (closer to $30/month on their 3-month plan), users of the company’s Silent Phone app suite will be able to send and receive voice calls, text messages, pictures, video, and even provide video conferencing under the cloak of Zimmerman’s venerable workhorse, PGP encryption. CEO and former SEAL Mike Janke has been making the rounds claiming that the new smartphone app will revolutionize smartphone security, and he may be right.
The reality is that most of what they’re offering (certainly text, call, and email encryption) is available already, but the point Silent Circle seems intent on making is that usability is the key to use. The classic example of the ugly fire extinguisher which is hidden away in a back room and is thus useless in an emergency, seems salient here. Silent Phone is partially a technological breakthrough, but it is primarily an innovation in ease of use. Whereas before, total encryption of your phone required some fairly serious tinkering, and virtually always voiding the manufacturer’s warranty, the process here is as simple as installing an app (and paying a subscription fee).
Though it might seem like a simple deferral of the problem (“okay, so now my info is stored at some shady security firm, rather than on my own damn phone”), the company will have no access to encrypted files, as the keys are hosted only on your device and that of your counterpart. Once your communication is finished, the keys are deleted and new ones are generated next time. It’s interesting that, given the influx of military talent, Silent Circle has retained all of Zimmerman’s famous disdain for the government’s information security apparatus. The company promises not to bend to any government requests for information, and has in any case designed their system so as to make such disclosure impossible on their part. The most they could disclose is subscriber information. Whereas many encryption standards have “backdoors” built for use by legal authorities, Silent Phone professes to be your personal, impenetrable bulwark.
It’s not surprising that the company sees its role in such a politicized way, since several of its founding members have made careers out of “undermining national security” and “enabling criminal communication.” For their part, Silent Circle makes reference to leaks and whistle-blowing as important uses for encryption, as well as international activism. Janke claims that their encryption helped journalists send out video of Sudanese human right violations, and after the files had been sent, all trace was “burned” from the transmitting device. This means that it was deleted, then thrice overwritten with noise. No trace of the video was found by Sudanese authorities, and they were allowed to go about their business.
Currently, file transfers are capped at 60MB, a somewhat prohibitive number that is likely the result of PGP’s most notorious drawback: it’s really quite slow. That’s the primary reason an “encrypted internet” will require more than just hardware and usability advances. The algorithms themselves are beginning to lag behind, and for all Silent Circle’s talk about revolutionary routing algorithms, only time will tell if their servers are ready for the onslaught. Latency-free video calling is no trivial technical feat, and to handle potentially thousands of these calls simultaneously, all encrypted and streamed without interference from further storms of voice calls, emails, text messages, and regular old file transfers will be impressive, if achieved.

No comments:

Post a Comment