The ways we communicate and interact digitally seem besieged on all sides. However, Def Con 22 contributor, Phil Zimmermann, offers some hope through his organization Silent Circle.
Silent Circle is an encrypted communication service designed to protect people’s privacy. The program started in 2011 when former Navy SEAL, Mike Janke, approached Zimmermann about creating a communications network for people in the armed services to communicate safely. Designed as an encrypted alternative to Skype and traditional phone lines, Silent Circle has become the most trusted source for secure communication. Zimmermann tells the story of the time he received a call that the FBI was at Silent Circle’s offices. Assuming the FBI was there to shut him down, Zimmermann was shocked to find they were there to asking about pricing so they could use the service.
The anecdote about the FBI is not an anomaly. Since launching, Silent Circle has been used by federal law enforcement, intelligence, and military agencies; and is even employed by members of Congress. So what is it about this service that has attracted so much attention?
For starters, voice data may be the most simple to protect. Unlike texts and emails in which the sender, receiver, and host retain copies of the interaction; voice and video conversations are much more ephemeral—once the words are spoken, they are gone forever. This is a Peer-to-Peer system: no one keeps a record and no one but the parties knows what was said.
Furthermore, the underlying protocol of Silent Circle was designed to not even trust itself. Before the creation of Silent Circle, Zimmermann designed a protocol to run over traditional phone lines in such a way that it did not share any information with the phone companies, but rather ran independently. With this protocol, people could use traditional phone companies without allowing them access to any of the transmitted data. Zimmerman implemented this same protocol within Silent Circle to mask user data from itself. As Zimmermann put it: even if the NSA seized all of Silent Circle’s servers, they still could not tell what the actual data being transmitted would be.
Silent Circle derives its privacy power from what Zimmerman describes as a “crude” system where users verify the security of their communication. Each user has a hash (portion) of the encryption key display on their screen. In a secured connection, both parties share the same hash. Users can then audibly verify with the person they are speaking to that their hashes match. If a third party taps into their communication through a man-in-the-middle attack, the attacking party would pull a different portion of the encryption key and the hash that each original user views would be different. Thus both original parties could see their communication was being intercepted.
While Zimmermann concedes that it is still possible that the NSA could glean metadata about who is calling whom, it is impossible for them to access the underlying communication without detection. How does Zimmermann hold these views with such confidence? Simple: the government wants it that way. With the variety of legislators and intelligence organizations that now rely on Silent Circle to protect their own data, no one wants Silent Circle to create a backdoor. In what may be a totally new occurrence, the security interests of the Senator, FBI agent, and college student may all be aligned: a totally secure form of communication.
While the security features of this service are impressive, what is truly remarkable is the way it captures the needs of both the private and the public sectors. Many of the security discussions today center on the public verses the government. However, as Silent Circle demonstrates, perhaps that tension is less pronounced than it appears. If we can build more secure technology solutions that bundle the needs of the private and public sectors then we can incentivize everyone to respect the importance of privacy.