Phil Zimmermann's New App Protects Smartphones From Prying Ears 121
Hugh Pickens writes "Neal Ungerleider notes that cryptography pioneer and Pretty Good Privacy (PGP) creator Phil Zimmermann has launched a new startup that provides industrial-strength encryption for Android and iOS where users will have access to encrypted phone calls, emails, VoIP videoconferencing, SMS, and MMS. Text and multimedia messages are wiped from a phone's registry after a pre-determined amount of time, and communications within the network are allegedly completely secure. An 'off-shore' company with employees from many countries, Silent Circle's target market includes troops serving abroad, foreign businesspeople in countries known for surveillance of electronic communications, government employees, human rights activists, and foreign activists. For encryption tools, which are frequently used by dissidents living under repressive regimes and others with legitimate reasons to avoid government surveillance, the consequences of failed encryption can be deadly. 'Everyone has a solution [for security] inside your building and inside your network, but the big concern of the large multinational companies coming to us is when the employees are coming home from work, they're on their iPhone, Android, or iPad emailing and texting,' says Zimmermann. 'They're in a hotel in the Middle East. They're not using secure email. They're using Gmail to send PDFs.' Another high-profile encryption tool, Cryptocat, was at the center of controversy earlier this year after charges that Cryptocat had far too many structural flaws for safe use in a repressive environment."
exceptionally interesting and useful (Score:5, Interesting)
for those of us who prize our anonymity. I do hope they'll take Bitcoin for the $20/month they charge.
Re:Much easier ways (Score:5, Interesting)
A beacon, trap and trace, a microphone, a camera lab (as in pictures taken, shared, gps, unique data in every image to find other images you took and posted)...
As for any encryption - detailed keystroke logs, clear-text captures of passwords was offered by diagnostic options shipped in many US telco offerings.
You had the 'mic on' remote dial in, spyware in the cell phone infrastructure - when will a generation learn to put down their small versions of ENIGMA?
As for 'your device to record anything going to your mic? "
The classic case was the NSA and GCHQ - let us work in the dark and we can predict the future
Then you had federal police asking for non court help with encryption, tracking...
Then for logs, recordings
Then high profile cases... state task forces.. fusion centers... the press reports on recordings
At some point the court magic stops and that next person of interest takes the battery out.
Does it encrypt REAL phone calls? (Score:4, Interesting)
While it is nice for someone to be making an easy-to-use all-in-one encryption app, the real question for me is this:
Does it encrypt phone calls; real, phone-to-phone, no-VoIP phone calls.
There are already several solutions [cellcrypt.com] out [whispersys.com] there [securegsm.com] for encrypted VoIP. Even a free, open-source general-purpose Android SIP client CSipSimple [google.com] supports ZRTP for key exchange (or 'of course' a free, open-source ...)
However, I have not found a single app (and indeed only a few specialised devices) to actually make encrypted phone calls without using VoIP, and none that have made encrypted phone calls over GSM voice. A few people have talked about phone call encryption over GSM voice (e.g. at DEFCON [defcon.org]) and there are many papers on the topic of data-over-GSM-voice), but I haven't yet seen it implemented. If this *does* implement it, *then* I'll be pumped.
On the SMS front, there is already TextSecure [google.com] for sending encrypted SMS, and all the key exchange is handled through SMS (and perhaps MMS? I believe only SMS). Mind you, Moxie Marlinspike hasn't released the source for it (and it is now owned by Twitter, so we'll probably never see it).
Re:Whatever (Score:5, Interesting)
That is another valuable experience Zimmermann brings to the table: They tried pretty hard to suppress PGP and he prevailed. I remember than in order for him to not go to jail, it was exported as printed book and then scanned in Europe. He used the stupidity of the US bureaucracy against them. Development continued outside of the US afterwards. That was the time when the US snoops wanted backdoors into any crypto.
I think is will be interesting to watch, but I expect he will make it again.