Secure phones, apps in market after Snowden leaks
Two products brought out in the past five weeks illustrate the rapid development of the new marketplace: Blackphone, a handset which started shipping on June 30 for $629, and Signal, a free app that appeared on the iPhone app store last week.
They are among an array of offerings to emerge since Snowden, a former National Security Agency contractor, last year leaked documents that showed the U.S. government harvested enormous amounts of data from the likes of Google Inc, Yahoo Inc, Microsoft Corp, AT&T Inc and Verizon Communications Inc.
Though they have different business philosophies, target markets and tactical approaches, the companies behind Blackphone and Signal share an underlying encryption technique, world-class cryptographers, and an anti-government stance.
“In an environment of increasingly pervasive surveillance, we want to make it as easy as possible for anyone to be able to organize and communicate securely,” Signal maker Open Whisper Systems wrote on its blog.
Secure communications will be a major topic at two key hacking conferences in Las Vegas this week: Black Hat, which is aimed at professionals, and Def Con, which attracts many amateurs.
Blackphone uses software from one of its backers, Silent Circle, that allows users to send encrypted voice calls and texts to one another. Silent Circle’s software is already available for iPhone and Android phones, but the company says Blackphone is more secure because it uses a new operating system – based on Android – that makes it harder for hackers to take control of the phone and eavesdrop.
Silent Circle recently expanded its service by allowing encrypted calls to landlines. That feature has helped its sales rate triple in the past three months, said Silent Circle Chief Revenue Officer Vic Hyder. He declined to give subscriber figures but said Chevron Corp and Walt Disney Co were among the company’s major corporate customers.
Supported mainly by grants, Signal maker Open Whisper Systems was co-founded by security researcher Moxie Marlinspike and already has a compatible Android version called RedPhone. The company said Signal had 70,000 downloads on the first day.
Marlinspike said the company may charge in the future for extra services, but the basic functions of the app should remain free forever. “Open Whisper Systems is a project rather than a company, and the project’s objective is not financial profit,” he wrote on his personal blog.
An encrypted chat service popular with security professionals is Wickr. The free service relies on heavy encryption that is considered unbreakable for the foreseeable future if implemented correctly.
Wickr does not use the open-source software that is the industry standard, which means security experts cannot inspect its software code. But Wickr says it will soon post results of security audits by well-regarded firms, and it is offering a$200,000 reward for anyone who breaks its system.
Wickr Chief Executive Nico Sell, a longtime official at Def Con, said she plans to add a desktop version of Wickr soon.
LAW ENFORCEMENT CONCERNS
Civil liberties enthusiasts have welcomed the proliferation of new privacy-protecting software and services, but some law enforcement and intelligence agents are concerned that they make it more difficult for agents to intercept communications.
“It’s a significant problem, and it’s continuing to get worse,” Amy S. Hess, executive assistant director of the Federal Bureau of Investigation, told the Washington Post. An FBI spokeswoman declined to elaborate.
Experts said it was unlikely that any communications system can be 100 percent safe from government interception. The goal for some users would be simply to make it expensive for the authorities to eavesdrop on them without good reason.
The variety of new services can be confusing for consumers, who must wade through marketing hype for unproven products and seek out reviews by experts. Knowing the limitations of these services could be as important as picking the right product.
“When people make claims about ‘military-grade security’ and being ‘NSA-proof,’ that doesn’t pass the laugh test,” said security researcher Kenneth White, the director of a nonprofit project that audits cryptography-dependent services.
However, he praised both Blackphone and Signal, saying the people behind those products had extensive industry experience.
Over the next few years, it is likely that many more privacy services will be introduced. The majority will likely vanish amid the competition and confusion, technologists say.
“There’s going to be a lot of carnage,” Wickr’s Sell said- Reuters