Phil Zimmermann's New Venture Will Offer Strong Privacy By Subscription

New submitter quantic_oscillation7 writes with this excerpt from the Register: "Phil Zimmermann and some of the original PGP team have joined up with former U.S. Navy SEALs to build an encrypted communications platform that should be proof against any surveillance. The company, called Silent Circle, will launch later this year, when $20 a month will buy you encrypted email, text messages, phone calls, and videoconferencing in a package that looks to be strong enough to have the NSA seriously worried. ... While software can handle most of the work, there still needs to be a small backend of servers to handle traffic. The company surveyed the state of privacy laws around the world and found that the top three choices were Switzerland, Iceland, and Canada, so they went for the one within driving distance."

They better not do the mistake of Hushmail...

Canada is decent, but they can still be forced to modify their code to catch people on demand of Interpol there.

Look what happened with Hushmail.

Re:They better not do the mistake of Hushmail...

[isopropanol]

Also there's been a bill on the order paper for a few years that would require them to backdoor it, and it looks like the bill is probably going to pass this time.

Re:They better not do the mistake of Hushmail...

[lightknight]

Indeed. It's like none of them get the idea that paranoid users are paranoid, and keeping out 99.99% of all various intruders, but letting in the 0.01% via a mandated backdoor is the same, mentally speaking, as letting in 100% of all various intruders. Having a backdoor means the solution is inherently insecure, and requires trusting someone which, let's be honest, you don't know. ("Dude, it's totally cool. Your files are totally secure, except that because of a recent law, we have to create a master key that unlocks all the files, at once, and yes, if this key were ever compromised / stolen for any reason, all of our users would have their proverbial asses hanging out the window onto oncoming traffic, but yeah, come on, what are the chances that'd ever happen? Why wouldn't you want to use an almost-secure solution?").

Not everyone using these services is a spy, thief, hacker, cracker, mentally ill, or otherwise questionable person trying to hide something. Sometimes they're just people who like the idea of living quiet lives, and would like a secure / protected e-mail service to actually live up to its name. But there are some eccentric people in positions of power which don't like that idea -> they can't sleep at night until they know for sure that there isn't a bogeyman living under your bed!

 

Re:They better not do the mistake of Hushmail...

If I were doing a service like this, I'd split the company into five independent divisions, either owned by a holding company in Antigua, or otherwise protected the same way the telephone scammers keep a step ahead of the authorities.

First company does the billing. Then it sends money to the other three companies, using tokens that change often. This separates users from their online userIDs.

Second company does the client coding and makes packaged, signed executables.

Third company takes the packaged code from company #2 and installs it. The reason for this is to make it harder for backdoors to be inserted at the whims of a local government. Users will easily see the executables have invalid signatures. Because company #2 is a separate firm, it is harder to demand they create a bongoed executable.

Fourth company provides the VPN service, and tosses logs between IPs.

Fifth company does the servers. Since the clients do a layer of encryption, commanding the server holding company to cough up user data is going to not give much, other than perhaps traffic analysis reports.

This isn't perfect, but it means that if the servers get seized, the data isn't compromised. Same if the client making company gets demanded they insert a backdoor, or the network between the servers is seized.

I would like to work on a service like this However, the main reason why I wouldn't run it is because of cynicism -- it would turn into a nice stomping ground for the child pornography crowd, not to mention a haven for people who are interested in turning the a local church or synagogue into rubble.

Re:They better not do the mistake of Hushmail...

If we want freedom we have to accept an increase in terrorism an violated children. This is a very tough call that we should not avoid discussing. Anyone has evidence on how many children, synagogues we have to sacrifice for how much children? Sure would be interesting reading.

Re:They better not do the mistake of Hushmail...

[cheekyjohnson]

personally, I am ok with a backdoor, provided that there are some proper controls around it, such as:

- The government is entirely composed of perfect beings that would only use the backdoor against actual criminals.

Re:They better not do the mistake of Hushmail...

[rioki]

Ok kill me if you like. I really do not endorse CP in any form. But sending JPEG or AVI files around does not do any real harm. Cut the balls off the dude who actually took the pictures; do whatever you want.

But there is a good case for strong encryption within legal bounds. Why do we have to hand over all our civil liberties just because someone says Terrorism and Pedophiles?!

The police should do real police work, like infiltrate the organisations, instead of relying on stupid criminals and technological gizmos. I can still use strong stenography and encryption on my open e-mail connection, if I feel like it.

Help me out here...

[icebike]

encrypted email, text messages, phone calls, and videoconferencing

With the proper encryption software on the endpoints, and properly encrypted storage, why does the server location even matter?

If nothing was actually stored on the server (or if everything stored there was encrypted with keys unknown to the operators) there would be no point in any government agency grabbing the server other than to shut it down. And nothing prevents that better than multiple sites.

It would seem to me the best solution would be for that server to have zero knowledge about the content of any data, and serve as a store and forward repository for content where one or the other party is off line (file transfer or email). For Video conferencing and text messages the servers might serve only as a routing agent for firewall piercing (where each participant is behind a firewall). But in no case should it contain un-encrypted data, and all logging should be to /dev/null.

Almost all of this is available today using a variety of off the shelf software with PGP keys, etc.

Wouldn't concentrating this traffic in a single place make it easier to monitor? If nothing else, a monitoring agency can gain the equivalent of pen register data simply by doing packet analysis at the upstream of such a service provider.

Wouldn't merely subscribing to such a service (and leaving a money trail) become a red flag?

Re:Help me out here...

[girlintraining]

With the proper encryption software on the endpoints, and properly encrypted storage, why does the server location even matter?

You're new here. Okay, from the top ... If the server gets disappeared in some government raid, then the services offered by said server are no longer available. Sorta obvious there. The internet requires some types of centralization to function; As to any services that run on top of it. DNS, e-mail, Facebook, BGP, etc. -- everything on a packet-based network which lacks broadcast/multicast ability needs to have a static point of entry into whatever superstructure you build on top of it.

In this case, the server acts as a mediator of identities: Person A wants to talk to Person B, so Person A subs Person B's public key, and the server returns Person B's IP address, drop box, or whatever, thus allowing the transaction to complete.

It would seem to me the best solution would be for that server to have zero knowledge about the content of any data

The server would regard the data as a binary blob with a source and destination. You know, just like a router does. Except the data is encrypted, so the only useful data that can be recovered is where it's going, and where it's coming from.

But in no case should it contain un-encrypted data, and all logging should be to /dev/null.

But what if someone unlinked /dev/null? Server should immediately self-destruct, Mission Impossible style? :P

Almost all of this is available today using a variety of off the shelf software with PGP keys, etc.

One word: Convenience. And another word: Cheaper.

Wouldn't concentrating this traffic in a single place make it easier to monitor?

Dude, the NSA is building a massive data center under a mountain in Arizona to monitor every packet sent or received on the internet domestically as you read this. The "single place" is now the entire network. Europe is doing the same thing, but requiring ISPs to store all the data instead. If you want something hard to monitor, go back to sneakernet and drop boxes.

Wouldn't merely subscribing to such a service (and leaving a money trail) become a red flag?

I see that you're paying with cash, instead of credit card. You filthy terrorist. Well, actually, everything these days is a red flag. Carrying a bottle of water in your car? You must be using drugs. Breast implants? Possible weapons of mass distraction. Driving a car at the speed limit -- you're paying too close of attention, you must be up to no good. Ah, the rationalizations are endless. Look, there's no technology on this planet that's going to save you from a government that decides (for whatever reason) to make you disappear. All these laws, the constitution, your rights, it's all for show and it always has been. The powerful do whatever they want, and then give it post-facto legitimacy after the fact.

All that said, I do all my browsing on Tor. Which mostly includes posting to slashdot and reading the Skyrim wiki. If you encrypt everything, and everyone else does the same, then you have made stateful packet inspection a waste of time. Nobody should be sending packets in the clear these days anyway -- most of you are reading this from a processor with an AES encryption/decryption module built into the CPU that can run at gigabit speeds with very little overhead. -_-

Re:Help me out here...

[EdIII]

also you are always at war with your own penis

Are we not all at war with our own penises?

You would have to be. My Penis tells me to do some incredibly dumb, stupid, and impulsive shit all the time that is quite counterproductive to my continued standard of living. If I listened to him, I would probably be penniless on the side of the road with two nuts for company.

Re:Maybe I'm just a retard.....

[CRCulver]

But if it's made up of a bunch of ex-navy seals, can you really trust that it's going to be secure against american intelligence access?

No, you can't completely trust that it's going to be secure. On the other hand, there's a remarkable amount of ex-SEALs who have become embittered about the government they once served, and Mike Janke is a privacy advocate. So, the involvement of SEALs isn't a guarantee that this company is in bed with the US government.

Re:What do SEALs have to do with privacy?

[Phat_Tony]

They may have any amount of legitimate expertise to contribute. Even if it's just on the business/managerial side of things and not the software/encryption side, not that that's necessarily the case.

But you know one big thing they contribute just by being there? This company will be accused of being anti-American, of "helping the terrorists win." There's nothing that will help inoculate them against that as much as having a couple of combat veterans as founders.

And to those who will say the presence of veterans means you can't trust this organization because they will provide a backdoor for the feds, the people in our armed forces hold a range of political opinions, they are not all clones. And there are a lot of them who agree with a libertarian or traditional conservative view of highly restricted government power and lots of freedom. A lot of people in the military are there to fight for our freedom, and that includes opposing the Orwellian encroachments of our own government.

Re:Canada

[BlueParrot]

Sweden has few effective laws for private citizens. It's explicitly codified into law that the authorities are allowed to snoop on your communications. It's a bit better than England ( where you can be jailed for not giving police your encryption keys ) , but there's really no good way to defend against a hostile government. If you truly want to avoid government meddling with your communication your best bet is probably hiding in plain sight. I.e, make sure you and your communication appear dull enough that your government can't be bothered to look at it.

Re:lesson learned

[PopeRatzo]

And clearly your definition of "Rent Seekers"

My definition of "rent seekers" is people who accumulate wealth while contributing nothing to society.

"tax cut for the MAFIAA"

It's called the Paul Ryan budget.

Countries that made some reasonable attempt to live within their means (e.g., Switzerland, Germany) are still fine

Greek workers put in as many hours as German workers. They retire no earlier than German workers. When you talk about "living within their means" you aren't talking about the working and middle classes. The ones that didn't "live within their means" were entirely the financial sector and the "1%".

Yes. the "rent seekers" whose income is entirely in capital gains.