Silent Circle: Mobile Encrypted Comms Get Mainstream-Easy

Posted on 11 February 2013 by

1


SILENT CIRCLE LOGOIf you’ve never given thought to the fact that, most of the time, critical non-federal law enforcement operations are conducted by unencrypted cellular and text communications, today might be a good time to start. (A good place to start understanding the wider implications of safe and unsafe smartphone use is here).

I spend a great deal of time advising agencies and large organizations about the risks posed by un-encrypted communication, but until now there’s not been a truly scalable encryption product that can affordably bring the security of scrambled comms to non-federal LE.

Now comes Silent Circle, a system that supports strongly encrypted text and voice communication over commercial airwaves – like cellular networks and the Internet – at a very low cost.

It’s controversial. The FBI would state that, by not having a backdoor into which it can peer, the technology can support criminals.

But everything – cars, radios, weapons, armor – that provides a tatical advantage is a two-edged sword.

And this is technology – try and stop it, and you’ll fail every time. Just ask those folks who thought that VHS would kill the film industry, that CDs would kill the music industry. And the feds who tried in the 1990s to say that PGP encryption would be a detriment to law enforcement.

I’ll let others argue about whether you should fear whether Silent Circle will end up in the hands of criminals (you can read testimony of co-founder and PGP inventor Phil Zimmermann here, and the comments by co-Founder Mike Janke in this article in Slate).

I will say that, in an interview for this article, Janke – a former US Navy SEAL – told me that Special Operations units, law enforcement, military and intelligence agencies from several countries have bought and used Silent Circle products.

In this article, I’ll talk about basically what Silent Circle is, and how you as a law enforcement officer – and as an agency – can use it.

The Product
The idea behind Silent Circle is to simplify and democratize access to strong encyrption. Through two apps, its products support encrypted voice calls and video as well as secure text messaging and encrypted document transfer. Silent Phone provides encrypted voice and video communications on a smartphone. Silent Text provides encrypted SMS-like text and document transfer. Silent Phone is currently available for both iOS and Android. Silent Text is currently available for iOS, with an Android version expected later this year.

It’s long been held that the issues that stop widespread adoption of strong encryption are less about the underlying encryption algorithms and more about the delivery and management technologies that make it easy to use. Encryption in email has become very simple for geeks, but widespread message encryption has remained outside the mainstream.

Silent Circle seeks to change this with easy-to-use apps that are front ends to a powerful system that not only encrypts but assures confidentiality by limiting the information it keeps on its customers, limiting how keys are distributed and using a voice component to allow users to self-authenticate one another, and heavily supporting its users by refusing government back-ends, outsourcing payment data and bringing outside the scope of most subpeonas and search warrants as much personally identifiable information as practicable.

Additionally, its policy on cooperation with authorities mirror the conservative policies of companies like Twitter, in which requests to cooperate are looked at from the most customer-defensive perspective to determine compliance by authorities with the “letter and the spirit” of the law.

That last part, as you can imagine, has some federal agencies apparently up in arms – we were hard pressed to find actual public comment on this specific product. We’re not going to opine on the controversy.

Janke tells me that government agencies currently comprise a large percentage of Silent Circle customers. Janke himself was a SEAL (not too many anarchists in their ranks, the SEALs), and Janke mentioned to me the name of at least one large law enforcement agency that uses it.

Silent Circle also provides a 5% across the board discount to law enforcement, and bulk discounts for orders of over 50 seats.

In our opinion, encrypted comms increase the safety of officers in the field. In our interview, Silent Circle CTO Jon Callas raised several examples of how he believes that simplification is fundamental to adoption by law enforcement, and as we’ve said many times in this space, we do too.

We don’t endorse this or any other product.

Law Enforcement Use Case
Before I go into one obvious LE use case, allow me to speak for a moment on our reliance as police officers on cellular networks and unencrypted email communications. I have observed for years an endemic … shall we say, insouciance (that’s, ‘Ah, da hell wid it” to you) about these dependencies, despite mountains of evidence that it is foolish and dangerous, so I’m not going to get all gloom-and-doom here other than to say that, if you’re engaging in missions in which lives are potentially at risk and you’re doing it through unencrypted email or text messages then you have probably underestimated the ease of interception of your signal.

The Scary Part File this if you will under the heading of “Fear, Uncertainty and Doubt”, but it’s just the way things are these days. When we talk about the mainstream availability of cellular signal hacking gear, we encounter skepticism. After all, people wonder, isn’t this prety esoteric? Well, sure. Your average knuckle-dragger isn’t going to be cracking GSM.

But what about those of us who seek people who are not the average knuckle-dragger? Are any of us running into, I don’t know, organized groups that have a lot at stake? Say, any of us in Texas, Arizona, New Mexico or California? It’s long been understood that drug cartels have been using a national radio system set up by cartels since 2006; you can find much more recent stories – here’s one from October, 2012 – along with credible stories from the past few months detailing how cartels are kidnapping technicians and engineers to build out their technical capabilities.

What about Man-In-The-Middle attacks which get between your mobile phone and your carrier?

I will tell you that I have seen them work.

The fact is, if you’re dealing with drug dealers or those involved even secondarily with cartels, they do indeed have at the very least the technical capabilities to intercept unencrypted email and text messages and voice communication.

Using those vulnerable methods, then, to coordinate arrests of those people doesn’t make any sense at all.

The use case I’ve given here is but the most obvious of endless applications of encryption in law enforcement. (See the work of Matt Blaze, director of the Distributed Systems Lab at the University of Pennslyvania for for more on this, including his excellent paper, Why (Special Agent) Johnny (Still) Can’t Encrypt:A Security Analysis of the APCO Project 25 Two-Way Radio System.)

The Bottom Line

Silent Circle costs about $20 a month per user (less that 5% LE discount, if you ask for it). It can be used on existing devices and provides a very high level of protection at a very low cost both financially and operationally. Dave Henderson and I will be using it soon and will report back on its ease of use and any drawbacks we find.

More information: http://silentcircle.com