While the FBI keeps crying wolf about the dangerous dark future where criminals use technology that's impossible to spy on, the Pentagon's blue-sky research arm wants someone to create the ultimate hacker-proof messaging app.
The Defense Advanced Research Projects Agency, better known as DARPA, is looking for a "secure messaging and transaction platform" that would use the standard encryption and security features of current messaging apps such as WhatsApp, Signal, or Ricochet, but also use a decentralized Blockchain-like backbone structure that would be more resilient to surveillance and cyberattacks.
DARPA's goal is to have "a secure messaging system that can provide repudiation or deniability, perfect forward and backward secrecy, time to live/self delete for messages, one time eyes only messages, a decentralized infrastructure to be resilient to cyber-attacks, and ease of use for individuals in less than ideal situations," according to a notice looking for proposals, which was recently posted on a government platform that offers federal research funds to small businesses.
In other words, as a security researcher put it, DARPA wants "a public wall anyone can monitor or post messages on, but only correct people can decrypt."
DARPA wants "a public wall anyone can monitor or post messages on, but only correct people can decrypt."
The advantages of this decentralized structure is that it would be more resilient, and there would be no centralized server where a spy or hacker could gather metadata, according to Frederic Jacobs, an independent security researcher who in the past worked as a developer for the encryption messaging app Signal.
The problem with that, he told me, is that such a structure would have higher latency and it's harder to deploy at scale.
"When a lot of people start using the service, it might become challenging to find messages that are addressed to you, without revealing to other people who have the data what exactly you are looking for," Jacobs said in an online chat.
A spokesperson for DARPA declined to comment for this story.
DARPA's dream messaging app will be developed in three phases. The first will be focused on creating a model for the decentralized platform and "experimenting" with encryption protocols and schemes. The second will consist in developing, testing and creating a "working prototype." The third and last will "focus on commercialization and full-scale implementation," so DARPA wants this to be out in the open, for everyone to use, eventually.
"The government has grand ambitions here, but have they set the SBIR program up to meet those ambitions?"
This project falls under the rules of the Small Business Technology Transfer (STTR) program. During the first phase, according to the program's rules, successful applicants might be awarded no more than $150,000 for one year. The companies and researchers who are part of phase one can then be eligible for a phase two award of up to $1 million for two years. Lastly, during phase three, the company or companies can pursue commercialization, and receive no funds from the federal government.
"The government has grand ambitions here, but have they set the SBIR program up to meet those ambitions?" Dan Guido, the founder of the consulting and research security firm Trail of Bits, told me, explaining that the SBIR program is "supposed to be for research and for small business, but the proposal requirements are very high and the funding amounts are very low."
This is just the first step in DARPA's quest for a secure, unhackable, messaging app. But one thing is for sure, with the involvement of the agency that spurred the creation of the internet, the rise of encryption apps seems even more inevitable now.