[liberationtech] Silent Circle? Re: AES-encyrpted telephony in Iran?

Sat Jun 16 11:01:09 PDT 2012

On 6/16/12 5:45 PM, liberationtech at lewman.us wrote:
> Technically, their website[0] states "Absolutely NO Backdoors: No
> backdoors with our encryption for any individual, organization or
> government."
> 
> This only refers to the encryption, not anything else. I would expect
> Zimmerman and Callas to not put backdoors in their encryption. I wonder
> about everything else related to their services. As they are still in
> private beta, I'm giving them a huge benefit of the doubt for now. The
> future could be bright.

I had a quick email exchange with Michael Janke (SilentCircle CEO), will
speak with him soon to have an exchange of opinions.

I had Zimmermann working with me at PrivateWave in 2008-2009 and i can
confirm that when he work on a Board of Advisor and put his face on a
company/product. He is a "crypto-taliban" and perfectionist!

Nothing can be left behind and everything had to be reviewed by him, i
had a 1-months delay on product release due to additional paranoid to be
added to the product by Phil! :-)

So i expect SilentCircle products will be well designed and implemented.

<OT-TLDR Marketing consideration on mobile security businesses>
However i have some doubt about the sustainability of the "prosumer"
business model they are proposing, $20/month subscription.

I've been struggling on marketing model for mobile secure telephony in
past few years and it's absolutely a "difficult market" .

What i see everyday on daily-job dealing with mobile voice crypto is:

* Enterprises and Governmental projects give you the core-business with
which you live with.
That kind of customers keep many months before buying something, they
need to penetration-test you, need to evaluate deeply how security and
product works, are "commercially expensive to be followed" but are
"high-budget" customers that can pay for your time/product.
Establishing "trust" with "customers" for that kind of product it's a
very challenging tasks.

Additionally they *need* to have their own infrastructure in-house and
will refuse to use any "hosted solution".

* On the private/personal use i've see several attempt to make
"prosumer" business model but none being able to really survive.
 - "average users" use skype if they feel to need phone privacy
 - criminals use skype if they feel to need phone privacy

So, considering that "average users" uses skype, criminals uses skype we
remain with "paranoid users" .

So the question is, do we think that Paranoid users are willing to pay
something for secure telephony?

I expect no.

Imho paranoid private user want to use products that free.

So i expect initiatives like Guardian's OSTel/CSipSimple project will
play a major role in the private/personal uses for mobile secure
communications.

But at the same time i find difficult to consider economically
sustainable for a company to make enough recurring/subscription private
users to survive in long-term.

If we think, what made PGP really successful?

The fact that it was "free for personal use" and it remained free for
enough time to diffuse.

But Enterprises and Government customers paid the bill for PGP
employee's time.

So, as a personal consideration for what i can try to do with
PrivateWave is to try to push for approval on my board of directors a
"free for non-commercial use" licensing schema.

Currently on PW-side it's possible to get free-licensees only trough the
NGO Program and trough "friendly network of relationship", but i would
be really happy if we would be able to provide it free for anyone with
no questions!

</OT-TLDR Marketing consideration on mobile security businesses>

-naif