Rule One of cloud security, as stated before, is `if it moves, encrypt it’. This has led to a growth of businesses offering encryption-based services which, for the security-conscious business, have proved to be very useful. Following all the scandals about the US NSA and PRISM this Rule One has become open to question.
That question hinges around the fact that, if a national Government can oblige a service provider to deliver up metafilesfor email, is there any point in having such a service at all?
This is a question that Silent Circle, a Washington, DC-based secure services company specialising in a range of encrypted services, has decided to answer in the negative. It has decided to close down its Silent Mail email encryption service, a move taken, it says, because of its unwavering commitment to subscriber privacy.
In the current environment of ongoing, escalating surveillance and privacy concerns, Silent Circle stands by its customers with resolute commitments to privacy, transparency and `no back doors’, preferring to preemptively shutter a service rather than risk compromising users’ protection.
The move is also very specific, as it does not affect the company’s other services such as its peer-to-peer encrypted platform for mobile apps and services: Silent Phone, Silent Text, and Silent Eyes.
These are secure end-to-end services that utilise encryption keys exclusively on users’ devices. Silent Circle does not log any metadata associated with these services and therefore does not have the ability to decipher the contents of calls and messages.
As a communications medium, e-mail’s inherent privacy weaknesses mean that even encrypted messages leak metadata and other information. Ending Silent Mail means Silent Circle is no longer subject to possessing. Though Silent Circle has yet to be approached by the US security authorities, it has taken this step to pre-empt any such effort to obtain such information through subpoenas, warrants or security letters.
Silent Circle’s Chief Technology Officer, Jon Callas, also raises a more important, long term question that business users of email the world over should now, arguably, start to ponder seriously.
“Silent Mail was a good idea at the time, and that time has passed,” he said. “We introduced Silent Mail in response to customer demand, stating upfront that – even with encrypted contents - e-mail as we know it today is fundamentally broken from a privacy perspective. With further thought – and before we were served with any demands compounding this issue - we decided it is in our users’ best interests to focus purely on peer-to-peer encrypted phone, text and videoconferencing services because the less information we have on how subscribers use our services, the better it is for everyone.
“This is an unfortunate example of the chilling effect the current surveillance environment is having on innovative communications companies While the majority of our government, commercial and consumer subscribers primarily use the unaffected apps that run on our peer-to-peer encrypted architecture - like Silent Phone and Silent Text - we apologise for any inconvenience this decision caused. We want all customers to always know that their privacy is what is most important to us.”
The company’s un-affected services include Silent Phone, which provides encrypted mobile VoIP calling with the ability to switch seamlessly to high-quality, secure video calls, on-demand. This is currently available for iOS and Android, and can be used with Wi-Fi, 3G or 4G cellular anywhere in the world.
Silent Text offers encrypted text messaging with attachments, together with a `Burn Notice’ feature for permanently deleting messages from device registries, while Silent Eyes provides encrypted VoIP audio and video calls, plus conferencing, from laptops and desktops through Silent Circle's custom HD network. It is compatible with Silent Phone and is currently available for Windows.
Finally, there is Out-Circle Access, which enables calls between one Silent Phone subscriber and a non subscriber. This is currently limited to PSTN calls in US, Canada and Puerto Rico.