Why Is the Government Afraid of this iOS App?

Discussion in 'privacy technology' started by LockBox, Oct 11, 2012.

Thread Status:
Not open for further replies.
  1. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    'Silent Circle' now prepares to roll out in two days - and a lot of people are nervous.

    An excellent look at 'Silent Circle'..."The most secure and advanced set of information security tools ever put into the hands of consumers."

    "The 'portable code room' model means that all the encryption happens on the iPhone, rather than leaving it to be done on an outside server. By the time the data leaves your phone it's indecipherable, and that garbled data is the only thing Silent Circle or anyone else besides your intended recipient could ever see. Because the keys to unscramble the data are deleted after every call is completed, there's no way to decode the call after the fact. All Silent Circle can do is hand over the encrypted data."

    http://www.buzzfeed.com/tommywilhelm/why-is-the-government-afraid-of-this-iphone-app


    ~
     
  2. Now this I like. Glad it's only a iPHONE app at this stage, android is so buggy.
     
  3. I suspect you need both caller and receiver to have the app installed for it to work?
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    http://www.slate.com/articles/techn...makes_encryption_easy_governments.single.html

    Note: No politics please. Discuss the technology only.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    It looks amazing, and the team is impressive. I'm very happy that it will be open-source. And there will be no centrally-stored keys.

    I wonder whether they'll accept "anonymous" payments.

    Maybe I can finally get a smartphone that I would feel safe using ;)
     
  6. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    It will come down to the implementation to where the vulnerabilities lie. I believe for everyday users like me, I'll wait for the free spin-off version prior to testing. Unless the organization I work for puts it on my "thing to play with" list.
     
  7. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    Yeah, implementation is everything. One good thing about this team is they have put together some well respected cryptographers. And the news that it will be open-source is nice as well. Of course, if you want to be sure you will compile your own binary from the source. ;)
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    If the firmware and OS were backdoored, this would be hosed too, right?
     
  9. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    I'm not sure why the article is referring to possible wiretapping of communications as "new laws". CALEA already requires this and has since 1994. (Yes I know I'm talking laws, but give me some room, it's relevant to their intentions for this app) Encrypting personal files on a system and completely giving the finger to LEA and governments are two different worlds. Being open source will help prevent user suspicion (provided we can trust these guys and whatever 3rd parties they may use), but I don't see this getting very far.
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    They've incorporated in Canada, and have built their network there.

    The article talks about various prospective clients, but it's not clear whether any would be using Silent Circle in the US. How does CALEA deal with peer-to-peer encryption? I don't think that it's prohibited (yet).
     
  11. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    You're forgetting that the hardware might be "Made in the USA", which means it would have to obey U.S Federal law..which means Canada or not, the ability to tap in is still there. P2P Encryption is not prohibited, or else you would have never had Skype among many other things. Problems however occur when that decentralized network gets moved to or handled by a central location (such as when video calls in Skype were transferred partly to in-house servers) or, as with the case of new Skype owners Microsoft, "Lawful Interception" technology gets put in.

    Also, these guys consulted Canadian privacy commissioners meaning the Office of the Privacy Commissioner of Canada. If you're trying to bypass government surveillance, are you going to go to the government with your idea and say "Hey guys, can you get past this?" If LEA and governments are already staring at these guys and their idea hard, they've already gained too much attention and the whole thing could die out before it begins. Canada does not have good privacy laws, and new bills being mulled over will make it worse. Switzerland and Hong Kong aren't exactly heaven either when it comes to that. You also may be forgetting how much sway the U.S has over other nations due to trade and other normal world business. Otherwise you would have likely never had the Megaupload mess.

    We'll have to see here how this goes, but I wouldn't get overly excited about "sticking it to the man" or being untouchable to prying eyes just yet. These guys have a great idea that can actually work very well. But they and the idea is at the mercy of a lot of "ifs ands or buts".




    Edit: I wanted to provide a note here that my comments aren't an attempt to insert politics into the thread. This isn't about who is sitting in the big boy chair, but more about current laws and the products that are affected by those laws. CALEA doesn't care who is in office, it exists and hardware and software is subject to it if they are imported from the U.S. Laws are laws no matter where you are.
     
    Last edited: Oct 18, 2012
  12. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    CALEA does not require software to have intercept capability. CALEA only applies to telco companies and ISP's. This is what the FBI has been complaining about to Congress for several years now (mostly because of Skype). They want the law changed to include software, but I doubt it will ever happen. And if it does, it will be completely unenforceable.
     
  13. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,411
    Location:
    Lancashire
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    noticed that a couple of the above comments mention that it is open source. proof? from what i read it is P2P based and not open source at all.

    see the bit about the disadvantages of silent circle

     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    You didn't quote the next paragraph, treehouse786:

    But what about the platform? How could Silent Circle be secure if the platform isn't? The OS can see everything on the device, right? I doubt that it's using homomorphic encryption. How could Silent Circle prevent the OS from keeping a record of all keys, either locally or on providers' servers?
     
  15. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,411
    Location:
    Lancashire
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    sorry i must have missed that. but even so it suggests that third party developed versions built off the non-commercial fork of silent circle will be open source and not the actual one which silent circle supply to paying clients otherwise they cant call it non-commercial?

    or have i misunderstood that phrase?
     
  16. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    But Skype already does have a backdoor via Lawful Interception, which MS themselves placed. Hardware will still be an issue for these gentlemen unless they avoid U.S made hardware completely. I personally would never say unenforceable with the way things are going now, but there's not a thing wrong with disagreeing.

    I just don't see this going very far is all, but I'm not God so I don't know that. We'll see what the next few months will bring. With something like this, if it has any amount of success we'll hear about it.
     
  17. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    Some time ago, asking about smartphone security, I got the following "parts list":

    • Nexus S
    • Wirefly
    • Whisper Core
    • Twt Secure
    • Red Phone
    But I've never needed a secure smartphone enough to figure out how to integrate all that.

    Does that make any sense?
     
  18. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    Phil Zimmermann has said he plans to release all source-code. It hasn't happened yet, but it will.

    Of course, some people are angry that he didn't release the code upon launch (as he said previously he would).
     
  19. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    541
    Location:
    United States
    According to their webpage, Silent Circle provides protection predominately for silent circle members and extends it to non-circle members that you contact. I'm guessing one direction only. This reminds me of Burn Note.
     
  20. Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous


    From my knowledge keys are deleted after you hang up the phone. They are not stored on the server at any time.

    It's unlikely they would backdoor the phone through firmware, they would have to man in the middle the servers (which is possible) as it would be illegal to push out out a mass survailence firmware update to all phones.
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    Maybe all smartphones are backdoored by design. "Illegal" means nothing for spooks.
     
  22. Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    Why bother with backdooring a phone when you have the whole network backdoored and you can listen in to anything you like, just assume it is so.

    If all smartphones were backdoored people would find out eventually and all hell would break lose. Multi million dollar fines would be handed out if that were the case.
     
  23. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    If that's all the "observers" have, Silent Circle might be secure :)

    Remember the Clipper Chip? Maybe they just did it quietly this time. Or maybe it's the Chinese ;) In any case, I can't imagine that anyone would get fined.

    Consider the record re warrantless surveillance. Sure, EFF has been trying to raise hell. But it hasn't gone anywhere. The Executive Branch, Congress and the Supreme Court have all agreed that it's needed for "national security". I'm sure that the Chinese would say the same ;)
     
  24. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    Then you actually go/do work for the government and you realize its a miracle it gets anything done on a day to day basis. If one of the U.S. intelligence agencies can pull a clipper chip style implementation off in secret, the first thought that would go through my mind wouldn't be our privacy is doomed; it would be, "wow they must of had a project lead who didn't leave before 3pm and or change out all the supporting contracting companies and vendor solutions prior to that chip deployment." :D
     
  25. Re: New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

    Might be. Who knows until they release the source code.

    We are talking about commercial goods, military sure the temptation to backdoor it is there. But with something like consumer grade phones someone, somewhere will find out if it's backdoored via the chip or hardware like gps from research. It would damage their (China) economy so much if backdoor's where found to the point where it's not worth it. remember China has an interest in keeping the economy going well, less chance of revolution if everyone is feed and not starving.

    & warrentless surveilence has been going on since forever, western countries have checks and balances though which should keep them with in thhe law. Most of what is collected probably can't be used in court and is just filed away on a server somewhere.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.