Wednesday, July 18, 2012

PGP's creator extends security to mobile communications with Silent ...

Takeaway: Seen the news? It seems your phone data is free for the asking. Michael Kassner interviews Phil Zimmermann ? the man behind PGP ? about Silent Circle, an encryption system for portable devices.

?I should be able to whisper in your ear from a thousand miles away.?

Says Phil Zimmermann.

Phil and his partners are set to release technology capable of doing just that ? securing email, mobile-phone calls, text messages, and VoIP conferences.

Street cred

If the name Phil Zimmermann sounds familiar, it could be due to a different project of his: PGP encryption, or maybe Phil?s passion for causes. Remind me to tell you about the time he was arrested.

Or it might be the many awards Phil has received, the most recent honor being his induction into the Internet Hall of Fame. You may recognize two earlier inductees: Vint Cerf and Linus Torvalds.

Why Silent Circle

I arranged to chat with Phil this past week about his latest endeavor ? Silent Circle. What I thought would be a 30-minute conversation turned into a two-hour session, hinting at Phil?s enthusiasm. You?ll see why in a second.

I?m not sure of the circumstances, but Michael Janke, a former Navy SEAL, now privacy advocate and author, met Phil. During the ensuing conversation, Michael asked Phil if there was a way for deployed military personnel to have secure phone conversations with their families back home.

Well, that?s all it took. Phil and Michael were off and running. Along the way, Vic Hyder, also a former Navy SEAL and Jon Callas, cryptographer and co-founder of PGP Corporation, joined the team.

Due to time constraints earlier in the week, Phil answered my questions during our phone conversation. Yet another time I regret not learning shorthand.

Kassner: Hello, Phil. Thanks for talking with me. There is little information about Silent Circle on the website. How does it work?

Zimmermann: Sorry about that, but we?re unable to release many of the details yet. As you know, I am a strong advocate of open source and cryptographic peer review. I welcome colleagues to contact me and we can make arrangements.

Silent Circle consists of four applications: Encrypted Email, Encrypted Mobile, Encrypted VoIP, and Encrypted Text. The Silent-Circle client encrypts the traffic before sending it to our servers using the mobile device?s Wi-Fi or data side of the cellular connection. Our servers then forward the packets onto the appropriate remote party.

I need to clarify that encryption currently takes place on the client for Encrypted Mobile, VoIP, and Text. We?re working out some issues with Encrypted Email. So for now, the Silent-Circle client sends email to our servers using TLS. The servers then encrypt the traffic. The sooner we figure out the issue, the better. It is our aim to have zero knowledge of individual encryption keys.

Kassner: Forgive the cliche, but it takes ?two to tango.? I have tried to get colleagues and friends to use PGP, but they can?t be bothered. If I understand, both parties are not required to belong to Silent Circle. The app will still encrypt my portion of the communication. How does that work?

Zimmermann: You are correct; we would prefer both users have the Silent-Circle client. That way traffic is encrypted at all times. If only one user has the client, traffic is encrypted, but only between the user?s mobile device and our servers in Canada.

That may not seem like much, but consider military personnel, government officials, and private individuals working or living outside the United States. Silent Circle will offer some ?peace of mind? by encrypted communications from the foreign location to our servers.

Kassner: Do you expect to have the same kind of governmental pushback with Silent Circle as you did with PGP?

Zimmermann: No, not at all. Back when I first developed PGP, cryptographers had to justify encryption to the government, particularly, if the product was destined for overseas. Today, it?s the opposite. Companies and organizations are getting into trouble because they don?t have encryption in place.

Kassner: I read that you intend to release the iOS beta of Silent Circle this summer. Will Silent Circle be ported to Android?

Zimmermann: Absolutely. We are running Silent Circle on approximately 100 iOS devices right now. We also have a working Android app, but it isn?t as far along. If interested, people can sign up to beta-test Silent Circle on the website. We are looking to go live with Silent Circle this coming fall.

Kassner: The accolades keep piling up ? recognized by magazines, several lifetime achievement awards, and inducted into the Internet Hall of Fame. With Silent Circle this far along, I?m betting you have something else on the horizon. Can you share it with us?

Zimmermann: Securing the cloud. Stay tuned?

Kassner: Phil, For several years I?ve wanted to ask you a few questions about your efforts to provide some semblance of personal privacy while online.

To start, I?m not sure how many people recall your protracted legal battle when PGP was found outside the United States. I certainly do. And I have a dear friend who does as well. He even has a copy of your now famous ?munitions-grade? book, PGP Source Code and Internals. I remember reading the book?s preface, particularly the last paragraph:

?A book comprised entirely of thousands of lines of source code looks pretty dull. But then so does a nondescript fragment of concrete ? unless it happens to be a piece of the Berlin Wall, which many people display on their mantels as a symbol of freedom opening up for millions of people. Perhaps in the long run, this book will help open up the US borders to the free flow of information.?

Have we learned anything since 1994 or is Silent Circle your PGP stand-in for mobile devices?

Zimmermann: I?d like to think we have. Anyone knowing the history of PGP realizes it was quite a battle and we won. I?m afraid we are in the midst of another battle. What I call the ?rising tide of surveillance.? And, I?m taking direct aim with Silent Circle.

Kassner: I almost forgot again. Many years ago, I asked you a few questions about PGP for an article. I had one question left, but ran out of nerve before I could ask it. I?m going to try again. You met three gentlemen under somewhat strange circumstances. What was it like to spend time ?behind bars? with Carl Sagan, Martin Sheen, and Daniel Ellsberg?

Zimmermann: I was arrested twice actually. The best part was meeting those three gentlemen. I found it ironic that Carl and I spent time discussing the Star Wars/SDI initiative ? while incarcerated.

I also remember being the only one out of 400 arrested at the Nevada Test Site wearing a business suit. I was aware of how hot it was, but I wanted to make a point.

Final thoughts

Phil Zimmermann calls his new technology Silent Circle. Once in the circle, your information and conversations are not available to anyone other than those chosen by you. Just the way Phil wants it.

I would like to thank Phil for sharing his Friday afternoon with me. I finally got my question answered.

Source: http://www.techrepublic.com/blog/security/pgps-creator-extends-security-to-mobile-communications-with-silent-circle/8104

cinnamon challenge lou dobbs rock salt david letterman march of dimes james randi wargames

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.