Why Is The Government Afraid Of This iPhone App?
He’s talking about paramilitary operations — spy stuff — but it applies just as much to a gossipy text message. A Wi-Fi sniffer can pluck emails right out of the air. Old texts linger on phones for years, waiting to be smuggled out with malware. Your cell signal is encrypted, but researchers have cracked it in as little as two hours. It rarely occurs to us as we blast out emoji, but for security professionals — a military contractor carrying sensitive information through a hotel in Hong Kong, for instance — that paranoia is a way of life.
an app called Silent Circle that offers on-board military-level encryption for phone calls, texts, email and video. When it hits the App Store next week, anyone with an iPhone and $20 a month will have a secure line at their disposal. (So, is this the cost of privacy, a new Tax of sorts!) So when Janke’s paramilitary friends are traveling through hostile territories, they can call home without worrying who they’re tipping off.
It’s not just for spies either. One of the first beta testers was Vern Abila, another ex-soldier who now splits his time between government contracts and protecting the Scarlett Johanssons of the world from embarrassing data leaks. All the recent leaks of celebrity selfless could have been stopped by an app like Silent Circle, and phone calls are even more vulnerable. “The general rule has always been, don’t say something on a phone that you wouldn’t say in a crowded room,” Abila told me. “Silent Circle will change that.”
The answer is always delicate. Janke will tell you, if you’re making a call from a Russian hotel, it could be secret police or identity thieves or would-be blackmailers who have paid off the concierge. But he’s careful to never name the most obvious culprit: the U.S. Government.
1.3 million cell records were pulled by law enforcement, covering anything from stored text messages to location-tracking data. Many analysts believe the NSA caches all domestic data traffic — in other words, everything anyone sends to anyone. The legal barrier for eavesdropping has never been lower. We’ve learned to be comfortable with it because, for the most part, we’ve never had any means of escape, but Silent Circle could change that.
Even pulling basic use logs from Silent Circle would be difficult, as they’re stashed in privacy-friendly districts in Canada and Switzerland, with only the bare minimum of stored user data. If you’re worried about court-ordered surveillance, that’s essential. If you’re worried about paparazzi and would-be blackmailers … not so much. Still, as co-founder Jon Callas put it, “We try very hard to stay away from the domestic wiretapping issue,” because it can make them sound like conspiracy theorists.
It also leads to dangerous places. Once you’ve established a secure line of communication, there’s no telling who’s going to use it — from cheating husbands to drug dealers and terrorists. Skeptics have been using this argument against cryptographers since the days of the telegraph — but they’re not wrong. Silent Circle is just as effective at protecting the Avon Barksdales of the world as it is protecting corporate whistleblowers (like this recent case). That’s a fact most cryptographers have accepted, but as they reach farther into the mainstream, it’s an increasingly inconvenient one.
Silent Circle won’t do that, and it could set up the project for a massive court battle when the law is changed. The “portable code room” model means that all the encryption happens on the iPhone, rather than leaving it to be done on an outside server. By the time the data leaves your phone it’s indecipherable, and that garbled data is the only thing Silent Circle or anyone else besides your intended recipient could ever see. Because the keys to unscramble the data are deleted after every call is completed, there’s no way to decode the call after the fact. All Silent Circle can do is hand over the encrypted data.
That might be good enough or it might not — it depends on how the laws are written. It’s a reason for Silent Circle to stay on Washington’s good side, and downplay the more controversial aspects of the app. And if the company is ever called before Congress to explain exactly what they’re doing, it will be two Navy SEALs talking about military contractors, instead of two cryptographers talking about anti-corporate activists. That could make all the difference in the world.
It was a lesson in the politics of cryptography. At the time, encryption was seen an anti-establishment tool, characterized by a cypherpunk scene that pursued the practice on civil libertarian grounds. “I always distanced myself from the cypherpunks,” Zimmermann told me. “I made the political calculation that we would win the war if we would stay clear of the cypherpunks and just shepherd this through the legal system.”
The last 15 years have proved him right. Because of data-breach laws, every corporate database is kept under state-of-the-art encryption, and the result has been a powerful shift towards the mainstream. PGP and tools like it are as vital to corporate IT as anti-virus software. The cypherpunks are gone. Zimmermann remains.
It’s not quite a safe room, but it’s close.
Photos for Buzzfeed by Michael Schmidt
This article has been updated to reflect that fact that TigerText does apply encryption to text messages.