[liberationtech] Silent Circle experiences rapid growth in wake of NSA surveillance scandal

Mon Jul 1 13:45:47 PDT 2013

Silent Circle's response to critical security vulnerabilities has been *extremely* bad. They recently quietly fixed numerous critical vulnerabilities that could lead to a full compromise, without informing their users or submitting and advisory in any way.

Pointing to the vulnerable code on their GitHub led to both myself and Arturo (from GlobaLeaks) to be censored.

More information: https://github.com/SilentCircle/silent-phone-base/issues/5#issuecomment-20232374

NK

On 2013-07-01, at 2:35 PM, Yosem Companys <companys at stanford.edu> wrote:

> http://gcn.com/blogs/cybereye/2013/06/agencies-sudden-interest-encrypted-comm.aspx
> 
> Agencies showing sudden interest in encrypted comm
> 
> Silent Circle, the company that provides end-to-end BYOD encryption,
> has introduced a Web-based management console to support large
> deployments of crypto licenses. It was developed largely in response
> to government demand for a tool to manage enterprisewide licensing,
> said CEO Mike Janke.
> 
> Government was always a primary market for Silent Circle, but the
> speed of adoption has caught the company by surprise.
> 
> “We had no idea that government customers would need a thousand
> subscriptions,” said Janke, a former Navy SEAL. “We didn’t see any of
> this coming. We envisioned 10 special ops guys, reporters in Sudan or
> some individuals around the world.”
> 
> Silent Circle’s secure voice, text, mail and video communications have
> gone in less than a year from being a point-to-point solution to an
> enterprise tool. There has been strong adoption in the financial
> industry and with oil companies, but “most of it was from [the Defense
> Department] and other government agencies,” Janke said.
> 
> The company has benefited from current events, particularly recent
> revelations about the National Security Agency’s surveillance of
> Internet and telephone communications. Growth, already a strong 100
> percent month-over-month, rocketed to 420 percent in the last
> two-and-a-half weeks. Agencies that were buying 50 subscriptions now
> are buying hundreds as concerns grow not only about government
> snooping, but also of government leaking.
> 
> Encrypted communications is not new. What Silent Circle has done is
> make it practical for bring-your-own-device environments by harnessing
> the computing power of smart phones for crypto key management, cutting
> the middle man out of the security equation. Keys remain in the hands
> of the end users rather than a server, eliminating the need for trust
> in a third party.
> 
> Secure peer-to-peer connections with Silent Circle Android and iOS
> apps use the Zimmermann Real Time Transport Protocol, a crypto key
> agreement protocol for voice over IP that uses the Diffie-Hellman key
> exchange and the Secure Real Time Transport Protocol. Encryption is
> done with NSA Suite B cryptography, a public interoperable set of
> crypto tools that include the Advanced Encryption Standard, Secure
> Hash Algorithm 2 and elliptic curve digital signature and key
> agreement algorithms. The company operates its own network with SIP
> servers and codecs, but all encryption and security remain on endpoint
> devices.
> 
> Just 35 percent of the company’s business is in North America, with
> the rest of it off-shore in countries where security has long been a
> bigger issue than here. “We look at things in a bit of a bubble here
> compared to the rest of the world,” Janke said. People in Europe and
> Asia not only have to worry about NSA snooping, but also about their
> own intelligence agencies.
> 
> Although it is available in time to take advantage of the post-PRISM
> boom in secure communications, the new console was in the works well
> before the NSA leaks. “It took five months for our team to create
> this,” Janke said, primarily because of the security required for the
> portal. The console is a business management tool only and has nothing
> to do with encryption. It does not hold or manage keys and does not
> have access to message content. “It in no way, shape or form touches
> the technology.”
> 
> Despite the unexpected growth, Janke said Silent Circle is holding to
> its course for releasing new products this year, several of which,
> requested by government customers, now are in beta. These include
> encrypted file transfer from desktops, secure video conference calling
> and encrypted voice mail.
> 
> Posted by William Jackson on Jun 28, 2013 at 9:41 AM
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech