An App Keeps Spies Away from Your iPhone
A cryptography pioneer offers a simple way to fight electronic surveillance.
Anytime you use your phone to make a call or send an e-mail or text message, there’s a chance it will be intercepted by someone who has access—legal or otherwise—to your providers’ servers. A new app called Silent Circle tries to change that by encrypting calls, e-mails, and texts. It’s aimed at activists, companies, and individuals who fear they’re being spied on.
Silent Circle is also the name of the company behind the app. Both were masterminded by Phil Zimmermann, who earned a place in Internet history in 1991 by releasing PGP (for pretty good privacy), open-source software that can be used to encrypt e-mails and other digital messages.
PGP quickly earned a large following amongst free speech and privacy activists worldwide, but the technology is now controlled by a company that sells it to businesses. “PGP has got pretty far from what it was intended for: use by individuals,” says Zimmermann. “I wanted to do more stuff for the individual.”
Silent Circle is intended to offer solid encryption to just about anyone, he says; and to promote privacy in an era when governments sometimes see electronic communications as ripe sources of intelligence.
Prototypes of Silent Circle are being tested on iPhones and iPads. Zimmermann says a finished version will be released later this year for $20 a month. The product will actually be a suite of four apps—one each for encrypting voice calls, e-mails, and text messages, and one for encrypted cloud storage.
Calls and texts between two users of the app will be fully encrypted at all stages; they are encrypted between a Silent Circle user and the company’s servers only if a user is communicating with someone not using the app. Silent Circle’s e-mail service can exchange fully encrypted messages between other users of the app as well as people with compatible e-mail systems that use PGP.
Zimmermann says the app is intended to be easy to use and expects it to have broader appeal than PGP, which requires some technical know-how. He thinks human rights workers and businesspeople traveling to countries such as Iran or China that are known to use wiretapping will welcome the app, as will privacy-conscious individuals in the U.S. “Surveillance is a growing problem all over the world,” he says, “and I believe there are a lot of people in the U.S. that might feel more comfortable using it.”
Zimmermann chose to locate Silent Circle’s servers in Canada, which has strong privacy laws. To protect against government demands to hand over users’ data, he has also designed his apps so the encryption keys used to secure communications always remain with the user and never reach the central server (although the current version of the e-mail app doesn’t yet work this way). “We can’t be coerced into giving up what we don’t have,” says Zimmermann.
Twitter, Facebook, and many other Web companies are required by law to hand over user data to U.S. government agencies and law enforcement in certain situations and typically comply. Using Silent Circle would also protect communications against controversial warrantless wiretapping tactics such as those the NSA was found to be using on U.S. telecommunications providers in 2005.
Ashkan Soltani, an independent privacy researcher, welcomes Zimmermann’s attempt to make secure communications as easy as installing an app. Silent Circle is one of a handful of companies trying to prove that there is a market in charging for privacy-enhancing technology outside of specialized use cases such as for law enforcement or defense. “It’s a move to monetize privacy in the same way that computer security is, for example, with anti-virus,” he says.
But Soltani says Silent Circle could struggle to persuade people that they need the app. He suggests that the company could attract users by putting less emphasis on technology or the specter of surveillance. “They’re selling the negative, not the value,” he says, adding that the company might do better to market privacy apps as providing a feeling or warmth and peace of mind.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today