The recent news reports that the US government can pull whatever data it wants from the internet and has free rein to peek at your phone records might have been shocking initially, but really they just underscored something already known (or at least assumed) by lots of people – we’re being watched pretty much all the time. Thanks to all the technology we casually use every day, everyone from corporations to government intelligence agencies to petty criminals have the opportunity to snoop through our stuff on a level that would have been unimaginable just a couple of decades ago. There are some measures you can take to hide from the NSA, but one of the most aggressive ways to guard your data is using the products available from Silent Circle, a tech start-up that sells software that encrypts calls, texts, emails and files. The company, which has been around since last year, employs well-known cryptography experts like Jon Callas and Phil Zimmermann, the creator of the widely used PGP email encryption program, and they also own servers in Canada and Switzerland, where the laws are more privacy-friendly than those of the US. Even if they did open their servers to law enforcement or other government agencies, they say, there’s little to find there – the keys to decipher their customers’ encrypted calls and messages are generated on the users’ own devices and automatically deleted shortly afterward.
Obviously, a company providing a way for individuals – and potentially criminals – to communicate in secret might worry law-enforcement agencies. But Silent Circle isn’t worried about that, and they say that they abide by the laws while giving people an edge over data-gathering busybodies. I recently chatted on the phone with CEO Mike Janke and CTO Jon Callas about the right to privacy, what I got wrong in a previous article, and why even the FBI is buying their products.
VICE: Surveillance is in the news because of the NSA stuff. But obviously, the government isn’t the only one monitoring people and collecting information. What are some common non-NSA threats to people’s privacy?
Jon Callas: The first obvious one is the Chinese government, who do an awful lot of spying, particularly on people who do business. Then there is the usual gang of identity-stealing criminals usually based in Eastern Europe. And there are a lot of cases when, if you’re in business, there are specific people who might engage in espionage against you. There are a lot of industries where the companies spy on each other all the time.
Mike Janke: For the average citizen, it’s not just about the threat of criminal hackers. Many other countries in the world have organisations similar to our NSA with very similar mandates, and many of those operate without the same type of oversight the US has, if you want to call it oversight. Also, how do you feel from a personal privacy perspective that your texts, the websites you shop on, the calls you make – whether it's to an illicit lover or for a business deal – the pictures you share, and the documents you send are being collected, collated, repackaged and sold as data? Where is your version of privacy and what do you use to reign [surveillance] in?
Do you think that this is a moral question? Do we have a fundamental right to keep our communications private?
Jon: Absolutely. In my view, in Silent Circle’s view, every person in this world, regardless of their station in life or religion, should expect a level of basic human privacy. And many of the people on the internet have no understanding on what level they are giving that up.
But is that a legal right? As far as I know, laws regarding encryption differ a lot from country to country.
Mike: In your article, you said that right to encrypt things is notoriously unclear. And that is totally false. It is completely clear. You do have a right to do encryption. That’s certainly true in the United States and what I will call the first world – Canada, the European Union, Japan, etc. You absolutely have the right to encrypt data. And there’s never been any issue with that.
Now, when you go a little further than that, first of all, there are restrictions if you happen to be in a repressive country – Syria, China, you name it. But there’s also the issue that relates to the Fourth Amendment [which protects against unreasonable searches and seizures]. And a way to look at this is that you absolutely have a right to put a safe in your house and no one has suggested you can’t. Where the battles come in is suppose you get accused of some crime and somebody either in the course of a lawsuit or criminal investigation says, “Hey, I ought to be able to look to see what’s in that safe.” And the circumstances to which they can and cannot do something about that vary widely from country to country. In the United States, one of the things we have seen the past couple of years has related to these issues, particularly with people who have been charged with crimes is, do they have to open up their safes when these safes aren’t physically in their homes, but are encrypted disks on their laptops? That’s where the controversies have come in.
Thanks for clarifying that. So what does Silent Circle do to make people’s information more secure? What happens when I send a text, say, from one device with Silent Circle software on it to another?
Jon: The keys that encrypt that message are generated on your device and the other person’s device. So all the encryptions are being done there; we don’t have the keys. When [the text] gets to the other person’s device, there is an integrity check to make sure that it hasn’t been modified in transit. It also gets decrypted there.
Mike: Once the session is done, the keys are deleted off the device, and that’s also true for calls. So every new time I call you it creates new keys and then deletes them after the call. This is called ephemeral keys. Which means if you and I are talking on our silent phones or texting, and you go through an airport in Shanghai and they take your phone to some lab and try to suck the bits out of it, there’s nothing for them to get because the keys are deleted after each session. That’s the beauty of it – we don’t have the keys.
So what happens when law enforcement from one country or another come and ask to see the records of people who have used your services for allegedly illegal means?
Jon: It depends on what country. If the Chinese come to us and say, “Hey, here’s a bunch of dissidents using your service, tell us everything,” we will laugh. And they have no way of doing anything. But it’s a rule that you have to obey the laws of every country you operate in – if you don’t do that, you are a criminal organisation. So if say, the US or the Canadians come to us with and warrant all of those things, we have to comply because we are law-abiding people. We tell them up front, “We don’t have the keys, we don’t keep records of any of the calls, so we can’t give anything to you.”
Mike: We don’t have anything. They understand that now. The odd thing is, they’re also buying [our products]. The FBI and law enforcement and the intelligence agencies have the same BYOD – bring your own device – issues [around keeping data private] that corporations in America and Europe have. So, we’re a solution for them as well. It serves their purpose. We don’t have any data. The FBI doesn’t want their agents’ data collected when they make personal calls.
Do you guys think that there’s any way that we’ll return to a society where people can have some expectation of privacy when they communicate with each other?
Jon: Well, part of quote, unquote “getting your privacy back” depends upon things out of everyone’s control. I mean, I am carrying on my person, right now, three or four devices with cameras. There are video cameras everywhere, and so on and so forth. All of that is going to increase. There are lots of businesses that fund themselves by collecting and selling your personal data. The reason why Google can give you Gmail and searching for free, and Facebook is free is because that they are giving information to advertisers who use that information to present better ads to you. Our business model is the reason why you should want to pay us. We’re not offering some sort of ad-supported service – you are paying us to protect your privacy.
Mike: The new gold coming out of the ground is data, your data. You are not the customer anymore. Your data is worth more than you now. Whether it is to a government being Big Brother, or all of the corporations around the world that need data - Little Brother – the fight for privacy will be an uphill and never-ending fight. There will be more surveillance in the future, not less, but there will also be more of us creating things to protect your privacy.