SAN FRANCISCO Aug 5 Public concerns about the
U.S. government's secretive surveillance programs exposed by
Edward Snowden have spawned a slew of encryption products and
privacy services that aim to make electronic spying more
difficult.
Two products brought out in the past five weeks illustrate
the rapid development of the new marketplace: Blackphone, a
handset which started shipping on June 30 for $629, and Signal,
a free app that appeared on the iPhone app store last week.
They are among an array of offerings to emerge since
Snowden, a former National Security Agency contractor, last year
leaked documents that showed the U.S. government harvested
enormous amounts of data from the likes of Google Inc,
Yahoo Inc, Microsoft Corp, AT&T Inc and
Verizon Communications Inc.
Though they have different business philosophies, target
markets and tactical approaches, the companies behind Blackphone
and Signal share an underlying encryption technique, world-class
cryptographers, and an anti-government stance.
"In an environment of increasingly pervasive surveillance,
we want to make it as easy as possible for anyone to be able to
organize and communicate securely," Signal maker Open Whisper
Systems wrote on its blog.
Secure communications will be a major topic at two key
hacking conferences in Las Vegas this week: Black Hat, which is
aimed at professionals, and Def Con, which attracts many
amateurs.
Blackphone uses software from one of its backers, Silent
Circle, that allows users to send encrypted voice calls and
texts to one another. Silent Circle's software is already
available for iPhone and Android phones, but the company says
Blackphone is more secure because it uses a new operating system
- based on Android - that makes it harder for hackers to take
control of the phone and eavesdrop.
Silent Circle recently expanded its service by allowing
encrypted calls to landlines. That feature has helped its sales
rate triple in the past three months, said Silent Circle Chief
Revenue Officer Vic Hyder. He declined to give subscriber
figures but said Chevron Corp and Walt Disney Co
were among the company's major corporate customers.
Supported mainly by grants, Signal maker Open Whisper
Systems was co-founded by security researcher Moxie Marlinspike
and already has a compatible Android version called RedPhone.
The company said Signal had 70,000 downloads on the first day.
Marlinspike said the company may charge in the future for
extra services, but the basic functions of the app should remain
free forever. "Open Whisper Systems is a project rather than a
company, and the project's objective is not financial profit,"
he wrote on his personal blog.
An encrypted chat service popular with security
professionals is Wickr. The free service relies on heavy
encryption that is considered unbreakable for the foreseeable
future if implemented correctly.
Wickr does not use the open-source software that is the
industry standard, which means security experts cannot inspect
its software code. But Wickr says it will soon post results of
security audits by well-regarded firms, and it is offering
a$200,000 reward for anyone who breaks its system.
Wickr Chief Executive Nico Sell, a longtime official at Def
Con, said she plans to add a desktop version of Wickr soon.
LAW ENFORCEMENT CONCERNS
Civil liberties enthusiasts have welcomed the proliferation
of new privacy-protecting software and services, but some law
enforcement and intelligence agents are concerned that they make
it more difficult for agents to intercept communications.
"It's a significant problem, and it's continuing to get
worse," Amy S. Hess, executive assistant director of the Federal
Bureau of Investigation, told the Washington Post. An FBI
spokeswoman declined to elaborate.
Experts said it was unlikely that any communications system
can be 100 percent safe from government interception. The goal
for some users would be simply to make it expensive for the
authorities to eavesdrop on them without good reason.
The variety of new services can be confusing for consumers,
who must wade through marketing hype for unproven products and
seek out reviews by experts. Knowing the limitations of these
services could be as important as picking the right product.
"When people make claims about 'military-grade security' and
being 'NSA-proof,' that doesn't pass the laugh test," said
security researcher Kenneth White, the director of a nonprofit
project that audits cryptography-dependent services.
However, he praised both Blackphone and Signal, saying the
people behind those products had extensive industry experience.
Over the next few years, it is likely that many more privacy
services will be introduced. The majority will likely vanish
amid the competition and confusion, technologists say.
"There's going to be a lot of carnage," Wickr's Sell said.
