Silent Circle aims for email that's as secure as it gets

PGP and Navy SEALs take on privacy

It's been 22 years since Phil Zimmerman, Jon Callas and the rest of the PGP crew brought encryption to the masses for free, and now the same team – augmented by backing from a couple of former Navy SEALs – has expanded into a new privacy concern that will launch an email service in a couple of weeks.

Silent Circle came out of stealth mode last June with a $20 (£13) per month package for voice, text, and video services that are encrypted by an application on a user's smartphone, tablet or computer. Users download the software and all traffic is handled by the company's own servers.

Encryption keys are set up on each device using the application and are then discarded once the message has been completed, so that they cannot be slurped. To further protect against wiretapping, the firm's servers that handle traffic are located in Canada and Switzerland, with an Asian location to be decided.

Now the company is moving into email, with an encryption system based on decades of encryption experience and the desire for private communications. Based on the team's background, there's good reason to believe it will be successful.

Disruptive tech

Younger readers won't remember the huge kerfuffle caused when Zimmerman put Pretty Good Privacy out there, over 20 years ago. The system was investigated by the US government for "munitions export without a license" after use of the code spread, although no charges were brought.

Security was barely an issue when email was designed, and PGP addressed a key need for internet users. Thankfully, governments around the world recognized that the benefits of encryption have far outweighed the threat, and now similar systems are built into almost every online transaction – but it's still not enough.

"Email is fundamentally broken," Jon Callas, Silent Circle's CTO, tells The Register, pointing out that security was not a serious factor in the original protocols. Wrapping messages in the best possible encryption will give a measure of security, and the team have spent nearly two years honing their product.

"We believe we've got it as good as we can get it," he said. "Nothing is perfect, and anything we find there's a problem with, we'll fix it."

To further test the system's mettle, Silent Circle has put its source code up on Github for analysis by the security community. So far, Callas said, three possible problems have been found. None of them were serious, and all have since been fixed or ameliorated.

The new email service will take the best of this encryption, plus some extra special sauce and tools from PGP, and aims to offer secure service to subscribers across the world.

Baghdad beginnings

It's not just the PGP crew behind Silent Circle. Two of the key backers, including CEO Mike Janke, are former US Navy SEALs who saw a need for this kind of secure communication.

Janke was operating a security detail in Baghdad and became increasingly frustrated with the inability to run a simple, secure communications setup. It was a problem he'd seen around the world, where the presumption of monitoring by outsiders is the norm.

You might think a service like this would have the government worried, but according to Callas the response so far has been very positive. Since the launch, numerous government agencies have tried the service and there have been no moves to squash it on the legal front.

"We've checked with a bunch of people on it and talked to people inside the government. We hired on contract a private attorney who used to be terrorism prosecutor. She advises us and has been our envoy to Congress and other places. We know they need to hear about us first," Callas said.

Such issues are much on the mind of legislators of late. Intelligence agencies are pushing for an extension of the Communications Assistance for Law Enforcement Act (CALEA) to require an automatic backdoor into communications software of this type. A legislative push in the area is expected later this year.

The market chooses

So far, Callas reports that subscription sales for the service have gone much better than he expected, and the company is bringing forward its plans to scale out with a bigger server footprint.

There's been some interest in the service from the highest end of the market, with Nokia's luxury phone outfit Vertu adding it in as an extra for the punter who has €7,900 to splash out on the fanciest of mobiles. But Callas said that for certain types of enterprise employees, the service is proving much more popular than first thought.

There's increasing concern about doing business abroad, now that some states seem to have built industrial espionage into their economic policy. And while Silent Circle isn't free like PGP, it's not massively expensive either. It and similar products may soon become security best practices for enterprises overseas.

With the extension of its service to email, Silent Circle is moving into more popular waters, and it should pick up more customers, depending on how well it can integrate operations into its secure setup. Callas said the company is playing a long game; it's not looking for lightning expansion or to sell out as soon as possible.

We'll see if there's a mass market for this kind of service, but El Reg suspects it could prove more popular than Silent Circle expects. These are paranoid times, and it pays to be as safe as possible. ®

Similar topics

Broader topics

Other stories you might like

  • Tesla driver charged with vehicular manslaughter after deadly Autopilot crash

    Prosecution seems to be first of its kind in America

    A Tesla driver has seemingly become the first person in the US to be charged with vehicular manslaughter for a deadly crash in which the vehicle's Autopilot mode was engaged.

    According to the cops, the driver exited a highway in his Tesla Model S, ran a red light, and smashed into a Honda Civic at an intersection in Gardena, Los Angeles County, in late 2019. A man and woman in the second car were killed. The Tesla driver and a passenger survived and were taken to hospital.

    Prosecutors in California charged Kevin George Aziz Riad, 27, in October last year though details of the case are only just emerging, according to AP on Tuesday. Riad, a limousine service driver, is facing two counts of vehicular manslaughter, and is free on bail after pleading not guilty.

    Continue reading
  • AMD returns to smartphone graphics with new Samsung chip for your pocket computer

    We're back in black

    AMD's GPU technology is returning to mobile handsets with Samsung's Exynos 2200 system-on-chip, which was announced on Tuesday.

    The Exynos 2200 processor, fabricated using a 4nm process, has Armv9 CPU cores and the oddly named Xclipse GPU, which is an adaptation of AMD's RDNA 2 mainstream GPU architecture.

    AMD was in the handheld GPU market until 2009, when it sold the Imageon GPU and handheld business for $65m to Qualcomm, which turned the tech into the Adreno GPU for its Snapdragon family. AMD's Imageon processors were used in devices from Motorola, Panasonic, Palm and others making Windows Mobile handsets.

    Continue reading
  • Big shock: Guy who fled political violence and became rich in tech now struggles to care about political violence

    'I recognize that I come across as lacking empathy,' billionaire VC admits

    Billionaire tech investor and ex-Facebook senior executive Chamath Palihapitiya was publicly blasted after he said nobody really cares about the reported human rights abuse of Uyghur Muslims in China.

    The blunt comments were made during the latest episode of All-In, a podcast in which Palihapitiya chats to investors and entrepreneurs Jason Calacanis, David Sacks, and David Friedberg about technology.

    The group were debating the Biden administration’s response to what's said to be China's crackdown of Uyghur Muslims when Palihapitiya interrupted and said: “Nobody cares about what’s happening to the Uyghurs, okay? ... I’m telling you a very hard ugly truth, okay? Of all the things that I care about … yes, it is below my line.”

    Continue reading

Biting the hand that feeds IT © 1998–2022