Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Zimmermann's Silent Circle Now Live

timothy posted about 2 years ago | from the different-zimmerman dept.

Encryption 127

e065c8515d206cb0e190 writes "Several websites have announced the launch of Silent Circle, PGP's founder Phil Zimmermann's new suite of tools for the paranoid. After a first day glitch with a late approval of their iOS app, the website seems to now accept subscriptions. Have any slashdotters subscribed? What does SilentCircle provide that previous applications didn't have?"

cancel ×

127 comments

Sorry! There are no comments related to the filter you selected.

Now, with centralized user tracking! (5, Insightful)

Animats (122034) | about 2 years ago | (#41716265)

The "Silent Circle" uses their own "Silent Network", allowing centralized user tracking. Also, the code isn't open source, so you have no idea if the crypto key generation is any good or if there are backdoors.

Re:Now, with centralized user tracking! (1, Flamebait)

fustakrakich (1673220) | about 2 years ago | (#41716333)

If there are backdoors? Doesn't the government mandate them?

Re:Now, with centralized user tracking! (5, Funny)

Anonymous Coward | about 2 years ago | (#41716439)

HURR DURR Obama Warrantless Wiretapping HURR DURR

Re:Now, with centralized user tracking! (-1)

Anonymous Coward | about 2 years ago | (#41716821)

God I wish I could mod you up.

Re:Now, with centralized user tracking! (1)

Ken_g6 (775014) | about 2 years ago | (#41716449)

If there are backdoors? Doesn't the government mandate them?

Depends on the government, I think. From one of TFAs:

Canada's privacy laws are the most stringent in the world

Not that I really trust the company's proprietary software any more because of this.

Canada's Canada's privacy laws the most stringent? (1)

whathappenedtomonday (581634) | about 2 years ago | (#41716769)

citation needed. should probably read "among the most stringent".

Re:Now, with centralized user tracking! (0)

Anonymous Coward | about 2 years ago | (#41716691)

It is an FBI sting operation. The whole fucking internet is hahahah !

Re:Now, with centralized user tracking! (5, Informative)

Bysshe (1330263) | about 2 years ago | (#41717115)

Considering Zimmermann's track record of not including backdoors and that he was investigated for several years much to his personal detriment for several years in the 90s for his release of PGP I think this particular protocol is pretty safe. Lastly and business case is based 100% on total security. If ever it leaked that there's any kind of backdoor it would all be for naught. I highly doubt the core team (there are 4 of them, including Zimmermann, 2 ex seals, and Callas) would risk their reputations on including a backdoor. In addition any real backdoors would flag an interference.

Re:Now, with centralized user tracking! (2)

fustakrakich (1673220) | about 2 years ago | (#41717405)

Regardless of their reputation, a central server will always put you at risk. There are lots of bad people out there with squeaky clean reputations, but we only find out when they slip up. If you're trying to hide your communications from anyone, then you should better than to trust anyone, including the person you're communicating with. So, you know the risks, take your chances, and hope for the best.

If the government is ordering the placement of backdoors, which is very likely if the service becomes widespread, I hope he comes clean on it.

Re:Now, with centralized user tracking! (2)

mlts (1038732) | about 2 years ago | (#41719183)

Even if the endpoints encrypt data, encrypted data going through one central point is still at risk. Even though it can't be read, it can be tampered with, possibly DoS-ed. At the minimum, an attacker can eventually do traffic analysis and figure out who is communicating to whom.

The physical car example:

You don't drive an armored car with your gold in it via a depot in Spokane every time you want to make a deposit to the bank.

Re:Now, with centralized user tracking! (4, Funny)

Bill, Shooter of Bul (629286) | about 2 years ago | (#41719243)

Of course I don't drive an armored car with my Gold. The armored car is only used for the silver. The gold is transported by zepplin, for increased security.

Re:Now, with centralized user tracking! (5, Funny)

pnot (96038) | about 2 years ago | (#41718085)

Lastly and business case is based 100% on total security. If ever it leaked that there's any kind of backdoor it would all be for naught.

Lance Armstrong is innocent. His business case is based 100% on being a non-cheating cyclist: if it ever leaked that he'd taken any kind of performance enhancers, it would all be for naught.

Re:Now, with centralized user tracking! (1)

Anonymous Coward | about 2 years ago | (#41719283)

Lastly and business case is based 100% on total security. If ever it leaked that there's any kind of backdoor it would all be for naught.

Lance Armstrong is innocent. His business case is based 100% on being a non-cheating cyclist: if it ever leaked that he'd taken any kind of performance enhancers, it would all be for naught.

Wait! Are you saying Zimmerman has testicular cancer?

Re:Now, with centralized user tracking! (0)

Anonymous Coward | about 2 years ago | (#41718615)

Ex Navy Seals = two thugs who run 'security contractor' (really mercenary) companies in Iraq

Re:Now, with centralized user tracking! (0)

Anonymous Coward | about 2 years ago | (#41718815)

--2 ex seals -- So what does a guy who can stand being wet and move logs 100 pounds heavier than himself know about cryptography anyway? I worked for a government spook house. There are a lot of people there who are 'secure' and have 'government issue' tattoos, and can be trusted to keep secrets, but their knowledge of computers is limited to point and click (on the flip side, there where people without tattoos but several advanced degrees (like Masters Degrees in Computer Science and Electrical Engineering) walking around.

Re:Now, with centralized user tracking! (0)

Anonymous Coward | about 2 years ago | (#41720635)

To get into the SEAL program you do indeed have to pass those physical tests. However, there are a lot of different roles within the SEAL teams, and only people on the inside ever get to know the difference between (just for example) the guy doing long-range sniping, the guy who defuses the bombs, and the guy who can take apart a motherboard and re-engineer it in the field.

Re:Now, with centralized user tracking! (1)

Bill, Shooter of Bul (629286) | about 2 years ago | (#41719211)

So how do we know he wasn't found guilty of something, cut a deal and released a closed source program with a direct link to all government agencies? ....tin Hat Maximum power!@!!

Doesn't matter. (3, Funny)

Anonymous Coward | about 2 years ago | (#41716427)

The "Silent Circle" uses their own "Silent Network", allowing centralized user tracking. Also, the code isn't open source, so you have no idea if the crypto key generation is any good or if there are backdoors.

I couldn't sign up going through my 3 proxies - the website timed out.

What?!? And let them know my IP?!?!

This could be a honey pot for the FBI or CIA or Illuminati!

Re:Doesn't matter. (2)

K. S. Kyosuke (729550) | about 2 years ago | (#41716743)

This could be a honey pot for the FBI or CIA or Illuminati!

You think that FBI and CIA would fall for it and ditch their own encryption measures? I mean, they're dumb at times, but still...

Re:Now, with centralized user tracking! (0)

Genda (560240) | about 2 years ago | (#41716485)

Why stop there. The government can just watch the "Silent Circle" and log the folks who go on their site on the presumption that if they want to hide their stuff, there must be reasonable cause for investigation.

Re:Now, with centralized user tracking! (5, Funny)

Anonymous Coward | about 2 years ago | (#41716739)

Careful there. You're commenting on a story about "wanting to hide stuff" on a known gathering place for geeks and occasionally cyber-terrorists. You're in a database somewhere for simply being here.

Re:Now, with centralized user tracking! (0)

Anonymous Coward | about 2 years ago | (#41717581)

This website is a database you know....

Re:Now, with centralized user tracking! (0)

Anonymous Coward | about 2 years ago | (#41719661)

Whoa. You just blew my mind, man.

Re:Now, with centralized user tracking! (1)

HeX314 (570571) | about 2 years ago | (#41718045)

"; DROP TABLE comments;

...not anymore. ^_^

Re:Now, with centralized user tracking! (0)

Anonymous Coward | about 2 years ago | (#41718717)

Can you use the drop command with wildcards? (e.g. DROP TABLE * or DROP DATABASE *)

Re:Now, with centralized user tracking! (5, Interesting)

interval1066 (668936) | about 2 years ago | (#41716667)

Even so, with Zimmerman's involvement I tend more to a "trust" relationship than an "untrusted" one. Zimmerman is on my whitelist.

Re:Now, with centralized user tracking! (1)

nurb432 (527695) | about 2 years ago | (#41716751)

Him being trusted makes it even more dangrous if hes gone rogue, or someone else in his organization has.

I prefer point to point encryption with no middle man and a direct connection between us. Nothing is perfect, but it should be better than putting your trust in someone else, no matter who it is..

Re:Now, with centralized user tracking! (4, Interesting)

Bysshe (1330263) | about 2 years ago | (#41717125)

Zimmermann's one of those hyper-idealists who will defend his position to his own detriment and the detriment of anyone close to him. If you have to trust someone for privacy, its him.

Re:Now, with centralized user tracking! (1)

ubrgeek (679399) | about 2 years ago | (#41718421)

> if hes gone rogue

Next up, Sarah Palin releases her own encryption solution.

Re:Now, with centralized user tracking! (1)

Anonymous Coward | about 2 years ago | (#41716877)

Zimmerman is on my whitelist.

Why... because he has a web page on which he asserts that there are no backdoors in PGP?

And what do you expect he would have said if there are?

Note that the source code you can download doesn't compile into the PGP executable. Convenient.

Re:Now, with centralized user tracking! (1)

TangoMargarine (1617195) | about 2 years ago | (#41718275)

Note that the source code you can download doesn't compile into the PGP executable. Convenient.

And you conclude this how? MD5/SHA-1? Because that proves a whole lot...just one character different somewhere and it's out the window.

Re:Now, with centralized user tracking! (2)

mlts (1038732) | about 2 years ago | (#41719227)

Which PGP executable? I've never encountered his work not building when I used PGP in the past (before GnuPG came out.) Even RSAREF would work.

PRZ stuck his neck on the line from the get-go way back when Congress was in the process of codifying laws to completely ban cryptography wholesale in the US, or only allow backdoored implementations like Clipper/Skipjack to be used. He spent years twisting on the wind of the ITAR lawsuit.

You have to trust someone; and he is one of the few people in the industry who has shown they deserve that trust.

Re:Now, with centralized user tracking! (3, Funny)

maestroX (1061960) | about 2 years ago | (#41716967)

buuttt.... is it Zimmerman?

Re:Now, with centralized user tracking! (4, Interesting)

chihowa (366380) | about 2 years ago | (#41717217)

Even so, with Zimmerman's involvement I tend more to a "trust" relationship than an "untrusted" one. Zimmerman is on my whitelist.

That's funny, because I almost feel the complete opposite way. I really want to trust Zimmerman, but I can't make myself do it. Part of it is keeping his work closed source, which is extra scary when talking about cryptography. Being asked to trust a security solution that you can't examine is insane.

But part of it also comes from his past. He went against the wishes of the US government and won. In my experience, that just doesn't happen... ever. The fact that he's still working in cryptography and not in some hole somewhere makes me think he's playing ball with the government. It at least raises doubts, which cannot be alleviated by reviewing the source code.

Or maybe I'm just paranoid. But cryptography is the plaything of the paranoid, and relying on the paranoid to just trust you seems a little off.

Re:Now, with centralized user tracking! (4, Funny)

Incadenza (560402) | about 2 years ago | (#41717549)

"Yes, I am paranoid. But am I paranoid enough?"

Re:Now, with centralized user tracking! (0)

Anonymous Coward | about 2 years ago | (#41717845)

>Or maybe I'm just paranoid.

A little know story, google for NSA in relation to firewalls and "secure" email services. They secretly own many of them.

Re:Now, with centralized user tracking! (2)

DerekLyons (302214) | about 2 years ago | (#41717885)

Part of it is keeping his work closed source, which is extra scary when talking about cryptography. Being asked to trust a security solution that you can't examine is insane.

Unless you're a crytpographer and a programmer... examining the source is pretty much pointless. It may give you a warm happy fuzzy to be able to do so, but you lack the qualifications to actually evaluate it.
 

But cryptography is the plaything of the paranoid

No, it's mostly the plaything of those desperately trying to improve their self image. It's the digital equivalent of elevator shoes or SUV's.

Re:Now, with centralized user tracking! (5, Insightful)

pnot (96038) | about 2 years ago | (#41718053)

Part of it is keeping his work closed source, which is extra scary when talking about cryptography. Being asked to trust a security solution that you can't examine is insane.

Unless you're a crytpographer and a programmer... examining the source is pretty much pointless. It may give you a warm happy fuzzy to be able to do so, but you lack the qualifications to actually evaluate it.

The point, surely, is not that I am necessarily a cryptographer, but that the source is available to those who are. It's not necessary for every user to independently audit the code, because the skilled individuals who do audit the code can then communicate their findings.

"But why trust the skilled individuals?", you may ask. Answer: because I find it unlikely that all the world's cryptographers are conspiring to keep quiet about any vulnerabilities they find the code. At any rate it's a more sensible strategy than "assume that Zimmerman is both infallible and incorruptible".

Re:Now, with centralized user tracking! (3, Insightful)

martin-boundary (547041) | about 2 years ago | (#41718907)

The point, surely, is not that I am necessarily a cryptographer, but that the source is available to those who are. It's not necessary for every user to independently audit the code, because the skilled individuals who do audit the code can then communicate their findings.

Yes. Let me just add a nitpick. It is necessary that *any* user can *initiate* an independent audit of the code he personally received.

Merely trusting a community of experts who choose to publish their audits as they please is another form of argument from authority. It's a slippery slope to a world where the source code is only available to qualified experts, since there would be no point in making it available to nonqualified individuals.

Instead, the point of open source is that any user can hire an expert of their choosing, to work on source code as given to them (not source code the expert downloaded from a presumably equivalent source). AND THE PROBABILITY THAT SOME USERS ACTUALLY DO SO MUST BE STRICTLY POSITIVE.

because I find it unlikely that all the world's cryptographers are conspiring to keep quiet about any vulnerabilities they find the code.

Like nearly everybody, cryptographers tend to act in the best interests of their employers. That is why it is necessary for random users to hire such cryptographers every once in a while, as outlined above.

We cannot trust that the usual employers won't keep quiet about the findings for selfish reasons, eg large companies like Microsoft or Google sitting on discoveries until they can create and deploy a patch.

Re:Now, with centralized user tracking! (3, Insightful)

phantomfive (622387) | about 2 years ago | (#41718343)

He went against the wishes of the US government and won. In my experience, that just doesn't happen... ever.

Then you don't pay attention enough.

Re:Now, with centralized user tracking! (2)

davydagger (2566757) | about 2 years ago | (#41719081)

paranoid is good when you are dealing with security. If your security product doesn't properly asses the concerns of the paranoid, its a shitty secutiy product.

Re:Now, with centralized user tracking! (0)

Anonymous Coward | about 2 years ago | (#41719881)

How can you verify that the source code corresponds to the binaries running on your phone and on their servers? Making it open-source does not effect the level of trust, since they can run arbitrary binaries on their system.

Re:Now, with centralized user tracking! (1)

MangoCats (2757129) | about 2 years ago | (#41717539)

Your Logical Fallacy is genetic [yourlogicalfallacyis.com] .

Re:Now, with centralized user tracking! (0)

Anonymous Coward | about 2 years ago | (#41717999)

See, this is my problem with you logical fallacy people: Pretty much every argument to you is a logical fallacy because you've typecasted every argument and made a dinky website to say "Your type of argument is a logical fallacy because we've typecasted it to be so, BWAHAHA!" and you get instant invalidation for anyone's opinion you don't like. Notice how no one who brings up logical fallacies ever actually adds to the argument.

Re:Now, with centralized user tracking! (0)

Anonymous Coward | about 2 years ago | (#41718527)

Sorry, but that is a tu-quoque [yourlogicalfallacyis.com] fallacy.

Re:Now, with centralized user tracking! (1)

reybo (2540564) | about 2 years ago | (#41717481)

There are more gov agents misleading this topic than any we've seen before in this forum. Probably means this will make eavesdropping on email, etc. more complicated.

the first rule of the silent circle... (3, Funny)

Anonymous Coward | about 2 years ago | (#41716269)

shhh...

Silent circle (0)

Anonymous Coward | about 2 years ago | (#41716307)

That's what we call it when a bunch of guys gather round in a circle and... you know what I mean. We never talk about it. Hence "silent" :)

What does SilentCircle.... (5, Informative)

Anonymous Coward | about 2 years ago | (#41716341)

"What does SilentCircle provide that previous applications didn't have?"

The 20$/*PER MONTH* price tag. You can also use csipsimple, it does secure messaging (using sips) and voice using the zrtp protocol. For 0$/*PER MONTH*.

(Captcha: investor. How fitting...)

MDM and MAM? (0)

Anonymous Coward | about 2 years ago | (#41716351)

From TFA:

The company's encryption tools offer potentially powerful capabilities for those who need to secure sensitive data. However, broader MDM and MAM capabilities currently aren't included, which means that Silent Circle could be a component in an enterprise's security policy but not a complete solution.

What do MDM and MAM stand for?

Re:MDM and MAM? (0)

Anonymous Coward | about 2 years ago | (#41716387)

"It's ma'am, as in ham, not ma'am as in farm."

Re:MDM and MAM? (3, Informative)

furbearntrout (1036146) | about 2 years ago | (#41716593)

What do MDM and MAM stand for?

Mobile Application Management (MAM) and Mobile Device Management (MDM)

You cannot subscribe to good crypto (4, Insightful)

betterunixthanunix (980855) | about 2 years ago | (#41716415)

How many times will subscription approaches to crypto have to fail before people understand that it does not work? It failed with Hushmail, and it will almost certainly fail here.

If at first you don't succeed... (0)

Anonymous Coward | about 2 years ago | (#41716519)

How many times has it been tried?

Re:You cannot subscribe to good crypto (1)

MangoCats (2757129) | about 2 years ago | (#41717547)

Hushmail is still going, for anyone who wants to trust a service that can be cracked by court order.
Actually, in theory, point to point encryption can also be cracked by court order - but if you are the putative holder of the secret key, you get the option to reveal it or go to jail.

Re:You cannot subscribe to good crypto (2)

betterunixthanunix (980855) | about 2 years ago | (#41718785)

Hushmail is still going, for anyone who wants to trust a service that can be cracked by court order.

Or by any Hushmail employee, or by anyone who can hack Hushmail, etc., etc., etc.

Actually, in theory, point to point encryption can also be cracked by court order

In which case at least one of the two parties is aware that the secret was leaked. In the case of Hushmail, neither the sender nor the receiver of the message would know.

Zimmerman, "Silent Circle" (0)

Anonymous Coward | about 2 years ago | (#41716419)

I was almost sure you were talking about the Trayvon Martin murder.

SEAL of approval? (1)

Anonymous Coward | about 2 years ago | (#41716441)

Seriously though, WTF is it with the SEAL shit. Do they cover advanced cryptography after mastering small unit tactics and CQB? I have nothing but the greatest respect for Phil Zimmerman but this just smacks of crude marketing.

crude marketing (1)

nurb432 (527695) | about 2 years ago | (#41716773)

well, hes gotta eat too....

Poor headline (1, Informative)

Anonymous Coward | about 2 years ago | (#41716459)

Using the name Zimmerman immediately after a post about Treyvon Martin was a poor choice. Perhaps "PGP Creator's Silent Cirlce is now live" would have been a better choice. I certainly didn't associate the name with PGP, I associated it with the previous article, and I'm sure others did as well.

Re:Poor headline (1)

nurb432 (527695) | about 2 years ago | (#41716797)

I associated it with the previous article, and I'm sure others did as well.

No, just you.

Re:Poor headline (3, Informative)

1u3hr (530656) | about 2 years ago | (#41719347)

I certainly didn't associate the name with PGP, I associated it with the previous article, and I'm sure others did as well.

I associated it with Bob Dylan myself.

Would you believe? (4, Funny)

bigdarryld (2551986) | about 2 years ago | (#41716465)

They have the first working implementation of CONTROL's Cone of Silence.

All This Needs Is A FOSS Solution (2)

Jane Q. Public (1010737) | about 2 years ago | (#41716483)

Seriously. Make programs (like email, IM, etc.) work with a good but open encryption protocol, like gpg for example. And surely (since Skype has shown what is possible with compression) voice applications can make good use of encryption too.

But a subscription-based, proprietary solution with central servers? No thanks.

Re:All This Needs Is A FOSS Solution (3, Informative)

HatofPig (904660) | about 2 years ago | (#41716641)

Ostel [ostel.me] is a running public beta of the Open Secure Telephony project [guardianproject.info] . It's end-to-end secure VoIP. Anyone with an Android phone (i.e. everybody reading this) is covered for everything but video by The Guardian Project [guardianproject.info] .

Re:All This Needs Is A FOSS Solution (0)

Anonymous Coward | about 2 years ago | (#41720255)

HatofPig, do you use Ostel?
Don't take this as aggressive, I'm truly interested in it and just wish to know the involvement.
I'm worried at the current lack of laptop OS versions ('calling home'); I happily discovered this is for year 2 but then this very info is on a page that's been "accessed 9 times"!
If some here do use it, I'll try to turn the android apk into something working on the BlackBerry playbook.

Re:All This Needs Is A FOSS Solution (1)

westlake (615356) | about 2 years ago | (#41717923)

Seriously. Make programs (like email, IM, etc.) work with a good but open encryption protocol, like gpg for example. And surely (since Skype has shown what is possible with compression) voice applications can make good use of encryption too.

Encryption in Skype is transparent to the user. He doesn't have to give it a second thought --- much less persuade a critical mass of users to adopt the same standard,

Re:All This Needs Is A FOSS Solution (1)

icebraining (1313345) | about 2 years ago | (#41718443)

That's because it's weak and leaves you vulnerable to snooping by Microsoft (either for their own purposes or for someone else's, like law enforcement), since there's no way for you to verify that you're communicating directly with the other party's instance, and that the network doesn't have a copy of its key. This is the reason why people using PGP/GPG publish their fingerprints.

d'oh! (1)

pbjones (315127) | about 2 years ago | (#41716491)

why would you mention on CIA-/. that you have subscribed to that service??

Phil Zimmerman is ok in my book (4, Informative)

hardie (716254) | about 2 years ago | (#41716669)

I worked with Phil for awhile at StorageTek--6 months or a year I think. He's a very smart guy. He was also one of the most evangelistic people I have ever met. I do NOT mean this in a religious sense, any way shape or form. At the time (this was the 1980's) he spoke a lot (incessantly?) about the danger of nuclear war and all these bombs we've got. I expect that this same incredible focus and sense of purpose has now been applied to security, which could be a really good thing. I also expect that he has mellowed a bit, but that's just a guess.

Steve

Re:Phil Zimmerman is ok in my book (4, Interesting)

e065c8515d206cb0e190 (1785896) | about 2 years ago | (#41716737)

OP here.

Exactly. My reason to believe SilentCircle is in good faith is Zimmerman's history fighting for privacy. It doesn't mean I would trust that service. But I guess it gives some hope that people are going to become more aware of privacy issues in general.

Which is why I was ambivalent about this and came to get /.'s opinion

Re:Phil Zimmerman is ok in my book (1)

Bysshe (1330263) | about 2 years ago | (#41717153)

Nope, not mellowed. Just as focused and evangelical on privcay. Just the public eye has moved on a bit.

Silent Circle? (0)

93 Escort Wagon (326346) | about 2 years ago | (#41716679)

When I saw the title, I thought it was a Google+ story. There are a lot of silent circles over there, after all.

Re:Silent Circle? (-1)

Anonymous Coward | about 2 years ago | (#41717007)

When I saw the title, I thought it was a Google+ story. There are a lot of silent circles over there, after all.

There's also a silent circle around your crotch that not only has no members, but has been void of activity for decades.

CALEA (5, Informative)

gellenburg (61212) | about 2 years ago | (#41716793)

I wrote to Silent Circle over a week ago when news of the impending launch first started making circles.

SC's COO was kind to respond in an attempt to allay my fears. Sadly though his answer was more "non" than one.

A week ago replied back with a follow-up question, and have yet to receive a response.

While my political activism is pretty much limited to change.org petitions, SC is directly marketing their services TO activists. As the Occupy movement has shown, political activism, and the free-speech that goes along with it, are becoming in jeopardy. My concern, and I feel it's a valid one, is that CALEA will give subscribers a false sense of security. After all when Microsoft purchased Skype, one of the first things they did (they had no choice) was to install CALEA intercepts.

Hopefully somebody at Silent Circle will be able to answer this. Until then, I wouldn't recommend it. Check out The Guardian Project and Jitsi instead.

(Note - I'm only posting this because as Silent Circle's COO, Vic Hyder is authorized to speak on behalf of the Company.)

-----BEGIN EMAIL-----
Mr. Hyder,

Thank you very much for the reply and information you've provided below,
but I'm afraid I'm still unclear on one particular point: /does Silent
Circle fall under /CALEA/jurisdiction or not/?

Kind regards,

George Ellenburg

On 10/11/12 7:43 PM, Vic Hyder wrote:
> *George*,
> Thanks for the note. Quick response - Silent Circle provides peer to
> peer encryption from subscriber to subscriber. The Secure Calling Plan
> offers members a little flexibility to use their Silent Phone number
> to send and receive calls outside the Circle (encrypted to our servers
> but decrypted from servers to non-subscriber). We'll let our members
> determine what their threat model is and how they need to protect
> their transmissions.
>
> Circle up.
> *______________*
>
> Vic Hyder
> Chief Operations Officer
>
> Silent Circle
> Private Encrypted Communications
> Silicon Valley | Washington DC
>
> w: SilentCircle.com
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you received this e-mail in error, please notify the
> sender immediately and destroy and/or delete all copies. Circle up.
>
>
>
> On Oct 11, 2012, at 6:01 AM, George Ellenburg > wrote:
>
>> Hello-
>>
>> I read with interest news reports yesterday that Silent Circle was
>> getting ready to launch. As an activist and privacy advocate, I was
>> troubled though to read that Silent Circle was planning on offering a
>> Secure Calling Plan amongst other communication services.
>>
>> I understand the obvious revenue stream such an offering will generate,
>> but I'm intrigued as to how you plan to not comply with CALEA, or
>> curious as to how CALEA wouldn't do an end-run around your service
>> altogether? CALEA, as you probably know, is the Communications
>> Assistance for Law Enforcement Act, which requires mandatory technical
>> intercept points for Law Enforcement and Intelligence purposes.
>>
>> Being a United States Company, offering Communication services, located
>> in the United States, your Company is certainly subjected to mandatory
>> CALEA implementations.
>>
>> Thanks for your time. I earnestly look forward to your response.
>>
>> -George Ellenburg
>>
>
-----END EMAIL-----

Re:CALEA (1)

Anonymous Coward | about 2 years ago | (#41717281)

You might be asking for a legal theory when trying to find out if CALEA applies. CALEA requires telecommunications carriers and manufacturers of telecommunications equipment to modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic in real-time. (taken from wikipedia)

Are they a telecom carrier or telecom equipment manufacturer? How is a telecom carrier defined? Any gov't registered company that charges money (or not) while using the physical telecom network to provide some kind of service? I don't think so, and would guess it's limited to verizon, at&t, level 3 et. al.

Better question might be: 'have you implemented measures to be in compliance with CALEA?' Or are they willing to fight in court before they implement measures, etc..

Individuals with no contracts with the government are outside it's jurisdiction as long as they 'do no harm' (simplification). Bit more complicated if you have a contract...

Re:CALEA (1)

Cornan (2728879) | about 2 years ago | (#41717287)

You may want to re-read this bit of the email you just posted. > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you received this e-mail in error, please notify the > sender immediately and destroy and/or delete all copies. Circle up.

Re:CALEA (0)

Anonymous Coward | about 2 years ago | (#41717443)

Most corporations put similar boilerplate on the end of their emails. I don't understand why since it has no legal force.

Re:CALEA (1)

IndustrialComplex (975015) | about 2 years ago | (#41718227)

It makes a big difference when criminal charges or lawsuits are filed.

In the US at least, there are laws which apply extra penalties for people if they willfully violate them. For 99.99% of all email traffic, things like this don't mean anything. However, when you start dealing with things like breaches of confidential data, trade secrets, PII, proprietary information... it makes a big difference.

Working in the Defense Industry, one of the big things that we work hard to remind our workers of, is that it is VERY important to mark things properly with respect to Proprietary information.

The very LAST thing you want is a big contract win subject to protest because a dumbass project manager forgot to mention that one of our competitors accidentally cc'd them on their cost data. Even if we would have won the contract anyway, the whole thing now becomes a huge waste of money and can potentially kill the entire program.

It's important, and it DOES have legal force, just not in the "Oh I said that was confidential so you can't repost it" manner that a lot of people think it does.

Re:CALEA (2)

Threni (635302) | about 2 years ago | (#41717457)

He didn't agree to that - it was stuck on an email someone sent him. If I email you saying `you get to send me some Zappa CDs once a month` I don't expect you to give a shit either. It's not a contract - I'm not going to expect a copy of `One Size Fits All` in the post from you, and some guy sending emails to random people shouldn't expect them to follow his random instructions either.

Re:CALEA (1)

cbhacking (979169) | about 2 years ago | (#41717555)

So, your point is that this Vic Hyder person, the COO of a company supposedly providing a technological solution to private conversations, apparently thinks that such PS blocks are worth the bits to transmit them? That says a lot for my confidence in SC...

Or were you suggesting that the GP shouldn't have posted that message? Here's a hint: those blocks are not only completely unenforceable, they're basically meaningless business-speak bullshit. Short of legal or contractual obligations to do otherwise, once you receive a document by any means, it's yours to do with as you please. In the case of email, even copyright doesn't apply.

Re:CALEA (1)

MangoCats (2757129) | about 2 years ago | (#41717561)

Also check out CryptoCat [crypto.cat] (no affiliation), and StegaMail [stegamail.com] (affiliated), or just roll your own and wrap it in a couple of more common layers of trusted security such as PGP, etc.

Re:CALEA (1)

sociocapitalist (2471722) | about 2 years ago | (#41720963)

A week ago replied back with a follow-up question, and have yet to receive a response.

The lack of response is the response. The product is surely CALEA compliant.

Was gonna say something (0)

Anonymous Coward | about 2 years ago | (#41716803)

But it's the wrong damn Zimmerman.

Timely Idea, but Do It Yourself? (3, Interesting)

rueger (210566) | about 2 years ago | (#41716819)

Of late I've been thinking that it might be prudent to establish an on-line persona that can't be traced back to me. Between corporate tracking (Google?) and government's love of surveillance, and a sense that we could be heading for some economically or politically charged time, I can see situations where anonymity could be essential.

It seems to me that if you can start with an untraceable e-mail address and consistent use of Tor, you should be on the way to building up an on-line profile that's recognizable, useful, and fairly disconnected from real life.

I'm not naive enough to think that anything I could do would be 100% safe or secure, but surely you can keep most of the prying eyes away from you.

Re:Timely Idea, but Do It Yourself? (1)

Anonymous Coward | about 2 years ago | (#41717089)

In espionage circles this is called a "legend." Establishing one is probably enough to make you of interest to the security services (except for valid reasons. For example, I established one for the purposes of marketing a novel as part of an elabourate joke.) YMMV.

RP

Re:Timely Idea, but Do It Yourself? (0)

Anonymous Coward | about 2 years ago | (#41717563)

probably enough to make you of interest to the security services

Being alive is apparently enough to make you of interest to the "securicty services" these days.

The NSA, for example, is apparently trying to record, store indefinitely, and no doubt analyze, EVERYTHING [wired.com] .

The former NSA official held his thumb and forefinger close together: “We are that far from a turnkey totalitarian state.”

Re:Timely Idea, but Do It Yourself? (1)

swell (195815) | about 2 years ago | (#41719219)

"might be prudent to establish an on-line persona that can't be traced"

It would be prudent for everyone to do so. And everyone should encrypt every communication possible.

The simple reason is that if only 1% seek privacy, then governments and others can simply focus their great power on that 1%; but when everyone seeks privacy it is more difficult to snoop on any particular 1%.

Yes, it will be harder to pin down bad guys & terrorists, but that's the wrong approach anyway. When people are educated, treated with respect, given medical attention and given opportunities to prosper there won't be any terrorists, and mentally ill 'bad' guys will be managed with dignity.

Re:Timely Idea, but Do It Yourself? (1)

Anonymous Coward | about 2 years ago | (#41720265)

You'll also need a way to block online tracking (cookies, widgets, gifs).
Ghostery comes close, but there's no guarantees that it gets them all.

Next you need to make your browser un-unique.
With version number, installed add-ons and what information is available about your particular hardware, it's quite possible to figure out which personas belong together.

It's not just about a particular id bit any longer, it's tiny bits of irrelevance scooped up by tracker networks combined into a whole in the long term.

TFS / TFTFY (1)

bill_mcgonigle (4333) | about 2 years ago | (#41716857)

new suite of tools for the stupid and paranoid

Restricted (1)

frisket (149522) | about 2 years ago | (#41717199)

Presumably this is a US-only thang?

Two Zimmerman stories in a row! (1)

MouseTheLuckyDog (2752443) | about 2 years ago | (#41717227)

and they are not the same Zommerman. who would have thought.

Zimmerman gave us PGP, he can shoot who he wants! (1)

bussdriver (620565) | about 2 years ago | (#41718973)

That explains why there are so many Zimmerman supporters in the shooting stories... They think it is THAT Zimmerman. I remember Mr. Filesystem which lost files better than he lost evidence... many biased defenders on that one too...

Re:Zimmerman gave us PGP, he can shoot who he want (1)

bussdriver (620565) | about 2 years ago | (#41718981)

Correction. Reiser lost files better than he lost incriminating evidence.

Encryption in the stack (1)

ironicsky (569792) | about 2 years ago | (#41718107)

I'm personally surprised that no one has bothered to build encryption in to the TCP/IP stack yet, an sTCP/IP if you will. Using a public/private key encryption model, each time the stack initiates a new connection to any IP, it would first ask the other side if it supports secure encryption, if it doesn't, the other side would probably return an error. Once it is determined the other side supports encryption, both sides generate one-time key pairs and transmits the public key to the other side. Once the connection closes, the private key is destroyed and must be renegotiated. Of course, this doesn't prevent against man in the middle attacks, because there is no central repository to prove who's keys belong to who, but something like this could be done.

I guess what I am trying to say is, SSL should be implemented in the stack, instead of the application level, then we wouldnt really need to worry about our ISP's or the big bad government sniffing out our traffic.

Re:Encryption in the stack (1)

mlts (1038732) | about 2 years ago | (#41719425)

Isn't this what TLS is for, or am I mistaken? TLS is a connection level encryption protocol.

On the individual IP packet level, there is IPSec, but that tends to be mainly used in Windows domains.

Re:Encryption in the stack (0)

Anonymous Coward | about 2 years ago | (#41719811)

... then we wouldnt really need to worry about our ISP's or the big bad government sniffing out our traffic.

Which is exactly why no government is going to support this.

Laugh... (2)

koan (80826) | about 2 years ago | (#41718841)

"suite of tools for the paranoid" where you let a 3rd party handle your security...

hey (0)

Anonymous Coward | about 2 years ago | (#41719007)

First rule of Silent Circle, don't talk about Silent Circle. Second rule - Don't talk about Silent Circle!!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>