Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phil Zimmermann's New Venture Will Offer Strong Privacy By Subscription

Posted by timothy on from the sounds-like-a-pretty-good-plan dept.

New submitter quantic_oscillation7 writes with this excerpt from the Register: "Phil Zimmermann and some of the original PGP team have joined up with former U.S. Navy SEALs to build an encrypted communications platform that should be proof against any surveillance. The company, called Silent Circle, will launch later this year, when $20 a month will buy you encrypted email, text messages, phone calls, and videoconferencing in a package that looks to be strong enough to have the NSA seriously worried. ... While software can handle most of the work, there still needs to be a small backend of servers to handle traffic. The company surveyed the state of privacy laws around the world and found that the top three choices were Switzerland, Iceland, and Canada, so they went for the one within driving distance."

6 of 219 comments (clear)

  1. They better not do the mistake of Hushmail... by Anonymous Coward · · Score: 5, Interesting

    Canada is decent, but they can still be forced to modify their code to catch people on demand of Interpol there.

    Look what happened with Hushmail.

    1. Re:They better not do the mistake of Hushmail... by isopropanol · · Score: 5, Informative

      Also there's been a bill on the order paper for a few years that would require them to backdoor it, and it looks like the bill is probably going to pass this time.

    2. Re:They better not do the mistake of Hushmail... by Anonymous Coward · · Score: 5, Interesting

      If I were doing a service like this, I'd split the company into five independent divisions, either owned by a holding company in Antigua, or otherwise protected the same way the telephone scammers keep a step ahead of the authorities.

      First company does the billing. Then it sends money to the other three companies, using tokens that change often. This separates users from their online userIDs.

      Second company does the client coding and makes packaged, signed executables.

      Third company takes the packaged code from company #2 and installs it. The reason for this is to make it harder for backdoors to be inserted at the whims of a local government. Users will easily see the executables have invalid signatures. Because company #2 is a separate firm, it is harder to demand they create a bongoed executable.

      Fourth company provides the VPN service, and tosses logs between IPs.

      Fifth company does the servers. Since the clients do a layer of encryption, commanding the server holding company to cough up user data is going to not give much, other than perhaps traffic analysis reports.

      This isn't perfect, but it means that if the servers get seized, the data isn't compromised. Same if the client making company gets demanded they insert a backdoor, or the network between the servers is seized.

      I would like to work on a service like this However, the main reason why I wouldn't run it is because of cynicism -- it would turn into a nice stomping ground for the child pornography crowd, not to mention a haven for people who are interested in turning the a local church or synagogue into rubble.

    3. Re:They better not do the mistake of Hushmail... by Anonymous Coward · · Score: 5, Insightful

      If we want freedom we have to accept an increase in terrorism an violated children. This is a very tough call that we should not avoid discussing. Anyone has evidence on how many children, synagogues we have to sacrifice for how much children? Sure would be interesting reading.

    4. Re:They better not do the mistake of Hushmail... by rioki · · Score: 5, Interesting

      Ok kill me if you like. I really do not endorse CP in any form. But sending JPEG or AVI files around does not do any real harm. Cut the balls off the dude who actually took the pictures; do whatever you want.

      But there is a good case for strong encryption within legal bounds. Why do we have to hand over all our civil liberties just because someone says Terrorism and Pedophiles?!

      The police should do real police work, like infiltrate the organisations, instead of relying on stupid criminals and technological gizmos. I can still use strong stenography and encryption on my open e-mail connection, if I feel like it.

  2. Re:What do SEALs have to do with privacy? by Phat_Tony · · Score: 5, Insightful

    They may have any amount of legitimate expertise to contribute. Even if it's just on the business/managerial side of things and not the software/encryption side, not that that's necessarily the case.

    But you know one big thing they contribute just by being there? This company will be accused of being anti-American, of "helping the terrorists win." There's nothing that will help inoculate them against that as much as having a couple of combat veterans as founders.

    And to those who will say the presence of veterans means you can't trust this organization because they will provide a backdoor for the feds, the people in our armed forces hold a range of political opinions, they are not all clones. And there are a lot of them who agree with a libertarian or traditional conservative view of highly restricted government power and lots of freedom. A lot of people in the military are there to fight for our freedom, and that includes opposing the Orwellian encroachments of our own government.

    --
    Can anyone tell me how to set my sig on Slashdot?