Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
On 10/12/12 1:55 AM, Christopher Soghoian wrote: If conversations are taking place over ZRTP, and, assuming that the crypto works, and that there isn't a backdoor, then the only data that silent circle should have access to is conversation metadata and data about the subscribers (IP addresses, an email address, and whatever info is required for credit card billing, such as a name/address). I run that kind of mobile voice crypto business since 2006, had worked with Phil on our Board of Advisor, but i basically have not much trust in the SAAS business model for that kind of stuff, given my own personal experience. When i meet customers (mostly Enterprises and Governments, ONG get it for free), the big obstacle is not the technology but is the trust. SilentCircle have worked a lot on the concept of Trust by having trustful people on-board, however i do think that who really need communication encryption support, normally doesn't have the skills to evaluate and understand how a technology or security mechanism works. As written on http://www.mail-archive.com/liberationtech@lists.stanford.edu/msg00446.html, i tried in past to run and market a service for mobile voice encryption, but there was always one question from customers: So, all my phone calls goes trough your systems? After that question, from a commercial point of view, for Enterprise Government customers, represented a dead-end. So now, like CryptoPhone and other companies doing voice crypto, i had to provide that stuff only with in-house server for customers. Still i would be very happy if SilentCircle realize a marketing model where they can have customers interested to use their service! We need more innovation that field, we need opensource and free products, commercial products, software as a service products: At the end we it's just important that what you get from a community, you provide it back to the community! [...] I'm not even sure what specific legal method would be used to compel such a backdoor in the US, since CALEA specifically addresses (and largely shields) communications service providers that provide encrypted communications but do not have access to the key. See: http://paranoia.dubfire.net/2010/09/calea-and-encryption.html Yeah, when i spoke with Nicolas from Calyx he showed me the same US law. US Law is *extremely better* than EU Directive on the same topic, as in EU is not specifically considered and as long as you are an Electronic communication service provider you are obliged to provide assistance and cooperation with Lawful interception requirements mandated by ETSI-LI and further. If you do provide the encryption tools along with the electronic communication service, it's your clear intention and goals to put yourself in a condition that will not let you respect the lawful interception legal requirements. So your basically violating the law. The only way is to work on the concept of what is an electronic communication service, as we did (at privatewave). Here you can find our legal and technical analysis on how to run a voice encryption services in Italy (EU) not representing an electronic communication service https://docs.google.com/open?id=1vHoApU0x6PyR2_4RAL7OrEQzecQkuHoYjq1ISfaRqMWNVadCCZgfdsKtngSG . However, on the compelled backdoor front, if this is a threat you are worried about, I would be equally (if not far more) worried about the government compelling Google or Apple to covertly push a malware update to your phone. I don't think that this could practically happen, basically due to the liability and trust risks that Google or Apple would incur. Given their stock market capitalization, their CFO would never permit something like that, and for that reason i consider Apple or Google store the most secure software delivery method even, there are too many interests to get this backdoored :-) Fabio -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. However, is Silent Circle dangerous to the development of cryptography software or simply an example of poor implementation of how to do it well? I would argue that it is the latter. I think it can be helpful for the development of cryptography. First and foremost, while many on this list understand the import of encryption and privacy, increasing mainstream digital security. One way to do this is offering a service and ease of use. I agree that charging for services increases barriers but I also think that increased availability also helps raise the profile of why digital security is important. I make no claims or defense of the actually security of Silent Circle. It might be fine for some people and it might have built-in backdoors that would revealed through a security audit. Either way, I would not recommend it for sensitive uses. Where there is a perceived demand there will always be someone ready to offer a product. Not necessarily a good one, but something nonetheless. Concluding, I think there are two main important themes here. First, I see Silent Circle as an example of increased understanding of security threats and thus increased demand for secure communications. Secondly, conversations of best and worst practices of cryptography are vibrant in this community but not necessarily mainstream. I think Silent Circle is an opportunity discuss what people need to look for in a secure communications tool, and when not to trust it. *TL:DR *I don't think Silent Circle is dangerous for the development of cryptography software but demonstrates potential demand and can spark a discussion of best and worst practices of crypto software development. Nadim and others I'm curious of your thoughts. J On Thu, Oct 11, 2012 at 5:41 PM, Nadim Kobeissi na...@nadim.cc wrote: My blog post on the matter: http://log.nadim.cc/?p=89 Your feedback is appreciated, thank you! NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. However, is Silent Circle dangerous to the development of cryptography software or simply an example of poor implementation of how to do it well? I would argue that it is the latter. I think it can be helpful for the development of cryptography. First and foremost, while many on this list understand the import of encryption and privacy, increasing mainstream digital security. One way to do this is offering a service and ease of use. I agree that charging for services increases barriers but I also think that increased availability also helps raise the profile of why digital security is important. James, you can charge for a service and leave it as open source software. This has been done countless times over the years and has functioned successfully. I am not against Silent Circle costing money - I'm against it being closed source software. I make no claims or defense of the actually security of Silent Circle. It might be fine for some people and it might have built-in backdoors that would revealed through a security audit. Either way, I would not recommend it for sensitive uses. Where there is a perceived demand there will always be someone ready to offer a product. Not necessarily a good one, but something nonetheless. Concluding, I think there are two main important themes here. First, I see Silent Circle as an example of increased understanding of security threats and thus increased demand for secure communications. Secondly, conversations of best and worst practices of cryptography are vibrant in this community but not necessarily mainstream. I think Silent Circle is an opportunity discuss what people need to look for in a secure communications tool, and when not to trust it. *TL:DR *I don't think Silent Circle is dangerous for the development of cryptography software but demonstrates potential demand and can spark a discussion of best and worst practices of crypto software development. How did you jump to this? Even the softest cryptography software still has to allow for an audit, and Silent Circle operates from a culture that doesn't. It is still dangerous. Nadim and others I'm curious of your thoughts. J On Thu, Oct 11, 2012 at 5:41 PM, Nadim Kobeissi na...@nadim.cc mailto:na...@nadim.cc wrote: My blog post on the matter: http://log.nadim.cc/?p=89 Your feedback is appreciated, thank you! NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
*TL:DR *I don't think Silent Circle is dangerous for the development of cryptography software but demonstrates potential demand and can spark a discussion of best and worst practices of crypto software development. How did you jump to this? Even the softest cryptography software still has to allow for an audit, and Silent Circle operates from a culture that doesn't. It is still dangerous. It is possible that I am misunderstanding something in your post but perspective I am coming from is that insecure (or closed) attempts at offering secure communications software is not necessarily bad for the development of software writ large but an example of how to do it wrong that needs to be highlighted as well as an opportunity to say why access to code and independent verification is so important. J On Thu, Oct 11, 2012 at 6:15 PM, Nadim Kobeissi na...@nadim.cc wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. However, is Silent Circle dangerous to the development of cryptography software or simply an example of poor implementation of how to do it well? I would argue that it is the latter. I think it can be helpful for the development of cryptography. First and foremost, while many on this list understand the import of encryption and privacy, increasing mainstream digital security. One way to do this is offering a service and ease of use. I agree that charging for services increases barriers but I also think that increased availability also helps raise the profile of why digital security is important. James, you can charge for a service and leave it as open source software. This has been done countless times over the years and has functioned successfully. I am not against Silent Circle costing money - I'm against it being closed source software. I make no claims or defense of the actually security of Silent Circle. It might be fine for some people and it might have built-in backdoors that would revealed through a security audit. Either way, I would not recommend it for sensitive uses. Where there is a perceived demand there will always be someone ready to offer a product. Not necessarily a good one, but something nonetheless. Concluding, I think there are two main important themes here. First, I see Silent Circle as an example of increased understanding of security threats and thus increased demand for secure communications. Secondly, conversations of best and worst practices of cryptography are vibrant in this community but not necessarily mainstream. I think Silent Circle is an opportunity discuss what people need to look for in a secure communications tool, and when not to trust it. *TL:DR *I don't think Silent Circle is dangerous for the development of cryptography software but demonstrates potential demand and can spark a discussion of best and worst practices of crypto software development. How did you jump to this? Even the softest cryptography software still has to allow for an audit, and Silent Circle operates from a culture that doesn't. It is still dangerous. Nadim and others I'm curious of your thoughts. J On Thu, Oct 11, 2012 at 5:41 PM, Nadim Kobeissi na...@nadim.cc mailto:na...@nadim.cc wrote: My blog post on the matter: http://log.nadim.cc/?p=89 Your feedback is appreciated, thank you! NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
On 10/11/2012 09:15 AM, Nadim Kobeissi wrote: James, you can charge for a service and leave it as open source software. This has been done countless times over the years and has functioned successfully. I am not against Silent Circle costing money - I'm against it being closed source software. The problem is that if you have an enterprise focus, you can't sell a service, you have to sell software. Serviced-based models have certainly made inroads into the enterprise, but they still want to host security-focused stuff themselves (even if it's encrypted end-to-end). It's hard to sell an expensive site license for your software if the software is freely available. In general, I'm not actually convinced that OSS is a necessity for secure communication tools. Protocols can generally be verified on the wire, and unfortunately, the number of people who are going to be able to look at software-based cryptography and find vulnerabilities is very small -- and two of them put their names behind Silent Circle. It's certainly great if secure communication tools are open source, but I think that I'd gladly trade OSS for tools that are crisp, incredibly well polished, accessible, and a joy to use. Not that they're necessarily mutually exclusive, and not that we're necessarily going to get that here. Much has been made about the fact that Phil Z and Jon Callas are responsible for this effort, but the cryptography is the easy part. I'd be much more interested if some really great software developers or designers were starting a secure communications company. - moxie -- http://www.thoughtcrime.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
On 10/11/2012 1:54 PM, Moxie Marlinspike wrote: In general, I'm not actually convinced that OSS is a necessity for secure communication tools. Protocols can generally be verified on the wire, and unfortunately, the number of people who are going to be able to look at software-based cryptography and find vulnerabilities is very small -- and two of them put their names behind Silent Circle. Protocols aren't half the story. There is much more in a piece of cryptography software to consider. Backdoors, to say the very least. NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). According to the Silent Circle website: Websites and products that don’t list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. Our secure communications products use “Device to Device Encryption” – putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers don’t hold the keys…you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. More importantly, Zimmerman noted that Silent Circle code will be made available for audit. minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. According to Zimmerman (who was keenly interested in use cases for activists) will make licenses available to activists at no cost. They have not figured out the process for this yet, but we'll certainly follow up with them. Katrin -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
On 10/11/2012 2:14 PM, Katrin Verclas wrote: Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). His entire IP block is connected to servers in the United States. I am very skeptical of that claim. Furthermore, this is nonsense; the issue isn't being protected against *one* country's subpoena, it's being protected against *any* subpoena. According to the Silent Circle website: Websites and products that don’t list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. Our secure communications products use “Device to Device Encryption” – putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers don’t hold the keys…you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. ...unless they're served a court order, in which case Silent Circle will either implement a backdoor or go to jail, thank you very much. More importantly, Zimmerman noted that Silent Circle code will be made available for audit. Skype, too, says that its code is available for audit, and then only lets a single academic audit it via an auditing that they themselves fund. This is likely PR; I will not be satisfied unless anyone can audited the code, and the source code is kept updated with every new release. minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. According to Zimmerman (who was keenly interested in use cases for activists) will make licenses available to activists at no cost. They have not figured out the process for this yet, but we'll certainly follow up with them. This is just really scary -- a piece of closed source, unaudited, unverifiable software that costs money for corporations, but is free for activists? Katrin -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
I like to see them deliver on the code audits before jumping to judgment since the product is not even released. Zimmerman gets those reservations, for sure, so let's see whether they can do a lot better than some companies before them. For now, the fact that Zimmerman and another staffer took significant time with activists and journalists under threat to understand specific use cases was interesting. We shall see... Cheers, Katrin On Oct 11, 2012, at 2:24 PM, Nadim Kobeissi wrote: On 10/11/2012 2:14 PM, Katrin Verclas wrote: Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged solution clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). His entire IP block is connected to servers in the United States. I am very skeptical of that claim. Furthermore, this is nonsense; the issue isn't being protected against *one* country's subpoena, it's being protected against *any* subpoena. According to the Silent Circle website: Websites and products that don’t list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. Our secure communications products use “Device to Device Encryption” – putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers don’t hold the keys…you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. ...unless they're served a court order, in which case Silent Circle will either implement a backdoor or go to jail, thank you very much. More importantly, Zimmerman noted that Silent Circle code will be made available for audit. Skype, too, says that its code is available for audit, and then only lets a single academic audit it via an auditing that they themselves fund. This is likely PR; I will not be satisfied unless anyone can audited the code, and the source code is kept updated with every new release. minimize storage of some types of data (and you're right that payment info is problematic) the company is clearly interested in paying for privacy assurances and seems less focused on supporting activists. According to Zimmerman (who was keenly interested in use cases for activists) will make licenses available to activists at no cost. They have not figured out the process for this yet, but we'll certainly follow up with them. This is just really scary -- a piece of closed source, unaudited, unverifiable software that costs money for corporations, but is free for activists? Katrin -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech Katrin Verclas MobileActive.org kat...@mobileactive.org skype/twitter: katrinskaya (347) 281-7191 A global network of people using mobile technology for social impact http://mobileactive.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
Eric King btw is the name of the person who is the head of research at Privacy International. https://www.privacyinternational.org/people/eric-king Eric is head of research at Privacy International, where he runs the Big Brother Incorporated project, an investigation of the international trade in surveillance technologies. His work focuses on the intersection of human rights, privacy and technology. He is the secret prisons technical adviser at Reprieve, is on the advisory council of the Foundation for Information Policy Research and holds a degree in law from the London School of Economics. regards -- R. Guerra Phone/Cell: +1 202-905-2081 Twitter: twitter.com/netfreedom Email: rgue...@privaterra.org On 2012-10-11, at 2:36 PM, Julian Oliver wrote: ..on Thu, Oct 11, 2012 at 02:24:54PM -0400, Nadim Kobeissi wrote: The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. A chap on Twitter by the name of Eric King wrote that I don't have a URL yet but Phil said yesterday he was releasing the source code. In any case, even with the source (including server-side) it is unclear as to whether protection is not compromised by this suite. With a credit-card payment system the client list is practically a click away for any Government client, itself a worry. Having the servers located on Canadian soil garners little, I think: software in a position like this configures the distributor under responsibility to the juristiction in which its business is registered whilst foreign governments become potential clients. Ultimately software promising this level of privacy needs to reflect that people come from differing geo-political contexts. As such both client and server needs to be freely distributed and installable such that communities can then manage their own communication needs, taking risks within their techno-political context as they see fit. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
That's great -- I'm going to hold up until there is some actual source code. NK On 10/11/2012 2:41 PM, Robert Guerra wrote: Eric King btw is the name of the person who is the head of research at Privacy International. https://www.privacyinternational.org/people/eric-king Eric is head of research at Privacy International, where he runs the Big Brother Incorporated project, an investigation of the international trade in surveillance technologies. His work focuses on the intersection of human rights, privacy and technology. He is the secret prisons technical adviser at Reprieve, is on the advisory council of the Foundation for Information Policy Research and holds a degree in law from the London School of Economics. regards -- R. Guerra Phone/Cell: +1 202-905-2081 Twitter: twitter.com/netfreedom Email: rgue...@privaterra.org On 2012-10-11, at 2:36 PM, Julian Oliver wrote: ..on Thu, Oct 11, 2012 at 02:24:54PM -0400, Nadim Kobeissi wrote: The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. A chap on Twitter by the name of Eric King wrote that I don't have a URL yet but Phil said yesterday he was releasing the source code. In any case, even with the source (including server-side) it is unclear as to whether protection is not compromised by this suite. With a credit-card payment system the client list is practically a click away for any Government client, itself a worry. Having the servers located on Canadian soil garners little, I think: software in a position like this configures the distributor under responsibility to the juristiction in which its business is registered whilst foreign governments become potential clients. Ultimately software promising this level of privacy needs to reflect that people come from differing geo-political contexts. As such both client and server needs to be freely distributed and installable such that communities can then manage their own communication needs, taking risks within their techno-political context as they see fit. Cheers, -- Julian Oliver http://julianoliver.com http://criticalengineering.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
On 10/11/2012 11:24 AM, Nadim Kobeissi wrote: Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). His entire IP block is connected to servers in the United States. I am very skeptical of that claim. Furthermore, this is nonsense; the issue isn't being protected against *one* country's subpoena, it's being protected against *any* subpoena. This is also not going to be technically possible in a mature product. If all servers were located in Canada, that would mean two people having an encrypted conversation in Europe would have an additional 300ms latency added to their call. Getting low-latency audio working on many mobile platforms is extremely difficult, even when you don't have the network working against you. - moxie -- http://www.thoughtcrime.org -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
I just wanted to note that hosting things in Canada isn't inherently, or necessarily, safer than hosting in other countries. Canadian courts are as able as American courts to apply pressure towards 'privacy sensitive' companies, with Hushmail being a good example. I would also note that Canada's lawful access legislation - perhaps on ice now, but something that will likely come back to life at some point - includes a decryption requirement that could have serious implications for companies providing encryption services/encrypting data in transit. A colleague of mine and I have written a piece on those decryption requirements (which is available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2148060) as they would affect cloud services, and it might be of interest to people on this list. Cheers, Chris -- ** Christopher Parsons Doctoral Candidate Political Science, University of Victoria http://www.christopher-parsons.com ** Julian Oliver 11 October, 2012 11:36 AM A chap on Twitter by the name of Eric King wrote that "I don't have a URL yetbut Phil said yesterday he was releasing the source code."In any case, even with the source (including server-side) it is unclear as towhether protection is not compromised by this suite. With a credit-card payment system the client list is practically a click awayfor any Government client, itself a worry. Having the servers located onCanadian soil garners little, I think: software in a position like thisconfigures the distributor under responsibility to the juristiction in which itsbusiness is registered whilst foreign governments become potential clients. Ultimately software promising this level of privacy needs to reflect that peoplecome from differing geo-political contexts. As such both client and server needsto be freely distributed and installable such that communities can then managetheir own communication needs, taking risks within their techno-politicalcontext as they see fit.Cheers, Nadim Kobeissi 11 October, 2012 11:24 AM On 10/11/2012 2:14 PM, Katrin Verclas wrote: Having sat for the better part of the day with Phil Zimmerman with activists and journalists in a room, here is what I learned: On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: On 10/11/2012 12:04 PM, James Losey wrote: Hi Nadim, I largely agree with your assessment of Silent Circle and I offer these thoughts in an effort to increase my understanding of the issue. The product is a packaged "solution" clearly targeted towards business customers focused on corporate privacy. And while the company offeres regular transparency statements on government requests and strives to Unless hit by a search warrant and a gag order at the same time, or a federal subpoena. Zimmerman stated that servers are located in Canada to avoid US subpoenas (not a lawyer, not sure what's that worth in the end). His entire IP block is connected to servers in the United States. I am very skeptical of that claim. Furthermore, this is nonsense; the issue isn't being protected against *one* country's subpoena, it's being protected against *any* subpoena. According to the Silent Circle website: Websites and products that don’t list the people behind the technology or where their servers are located, how the encryption keys are held or even how you can verify that your data is actually encrypted, are typical of the industry and provide only pseudo-security based on a lot of unverifiable trust. Our secure communications products use “Device to Device Encryption” – putting the keys to your security in the palm of your hand (except for Silent Mail, which is configured for PGP Universal and utilizes server side key encryption). We DO NOT have the ability to decrypt your communications across our network and nor will anyone else - ever. The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and erase the session keys from your device once the call or text is finished. Our servers don’t hold the keys…you do. Our secure encryption keeps unauthorized people from understanding your transmissions. It keeps criminals, governments, business rivals, neighbors and identity thieves from stealing your data and from destroying your personal or corporate privacy. There are no back doors, nor will there ever be. ...unless they're served a court order, in which case Silent Circle will either implement a backdoor or go to jail, thank you very much. More importantly, Zimmerman noted that Silent Circle code will be made available for audit. Skype, too, says that its code is available for audit, and then only lets a single academic
Re: [liberationtech] Silent Circle Dangerous to Cryptography Software Development
Hi all, When considering the threat of legally compelled assistance, I think it is useful to spell out the specific threats. The two big ones, IMHO, are 1. Compelled disclosure of data retained about users. 2. Compelled insertion of backdoors into the product. Now, folks on this list are throwing around a lot of legal terms (subpoenas, warrants, gag orders), but the specific types of legal process matter less once you consider the data that Silent Circle has and doesn't have. [Note, the following is focused largely on the audio/video service aspect of the service, since AFAIK the text service uses some new protocol called SCimp about which there isn't really any public info] If conversations are taking place over ZRTP, and, assuming that the crypto works, and that there isn't a backdoor, then the only data that silent circle should have access to is conversation metadata and data about the subscribers (IP addresses, an email address, and whatever info is required for credit card billing, such as a name/address). [I'm not a lawyer, but I know a bit about US surveillance law. Even so, this isn't legal advice] Under US law, law enforcement agencies only need a warrant to compel the production of stored communications content. Non-content data doesn't require a warrant. I would argue that a court order order issued under 18 USC 2703(d) would be required to compel the production of stored metadata records of silent circle conversations, however, 18 USC 2703(c)(2)(C) permits the compelled disclosure of local and long distance telephone connection records, or records of session times and durations pursuant to a mere subpoena (no judge required). As such, the specific form of legal process required to compel the production of Silent Circle conversation metadata depends on whether or not Silent Circle is more like an Internet communications service (such as e-mail or IM) or a telephone service. As such, I don't think the right question is what if silent circle receives a search warrant, but rather, either a 2703(d) order or subpoena. The answer to this really depends on their metadata retention policy, which we currently don't know much about. I want to see more info about this before I trust the service. Now, you may be asking at this point, who cares about US surveillance law if the data is held on servers in Canada? At least when it comes to requests from the US gov, the location of the data probably doesn't really matter if the execs and most of the staff are in the US. The US government will no doubt argue that US law applies to the compelled production of stored data, regardless of where the servers happen to be located. Ok - as for the basic subscriber records the company keeps, they are apparently going to offer prepaid calling cards (see: http://www.fastcompany.com/3001938/phil-zimmermanns-silent-circle-builds-secure-seductive-fortress-around-your-smartphone). Hopefully, these will eventually be available for purchase from 3rd party retailers or even from a brickmortar vendors via cash, which would go a long way to removing the need for Silent Circle to know basic identifying info about their customers. However, if you sign up over the web and give a credit card, the company could be required to disclose this basic subscriber info with a mere subpoena. Finally, with regard to the compelled insertion of backdoors in the service, this is obviously a serious threat (and something that governments have done in the past to other technology providers). I look forward to hearing public details from Silent Circle about what their plans are on this front. I'm not even sure what specific legal method would be used to compel such a backdoor in the US, since CALEA specifically addresses (and largely shields) communications service providers that provide encrypted communications but do not have access to the key. See: http://paranoia.dubfire.net/2010/09/calea-and-encryption.html However, on the compelled backdoor front, if this is a threat you are worried about, I would be equally (if not far more) worried about the government compelling Google or Apple to covertly push a malware update to your phone. Cheers, Chris On Thu, Oct 11, 2012 at 2:36 PM, Julian Oliver jul...@julianoliver.comwrote: With a credit-card payment system the client list is practically a click away for any Government client, itself a worry. Having the servers located on Canadian soil garners little, I think: software in a position like this configures the distributor under responsibility to the juristiction in which its business is registered whilst foreign governments become potential clients. Ultimately software promising this level of privacy needs to reflect that people come from differing geo-political contexts. As such both client and server needs to be freely distributed and installable such that communities can then manage their own communication needs, taking risks within their techno-political context as