Open Letter to Phil Zimmermann and Jon Callas of Silent Circle, On The Closure of the Silent Mail Service


SUBMITTED BY: Guest

DATE: Aug. 23, 2013, 9:36 a.m.

FORMAT: Text only

SIZE: 6.2 kB

HITS: 1467

  1. Dear Phil and Jon: Hello there! It is good to have a chance to chat
  2. with you in public.
  3. Please accept the following in the spirit of constructive criticism in
  4. which it is intended.
  5. For those readers who don't know, I've known you both, personally and
  6. professionally for decades. You've each written texts that I've
  7. learned from, inspired me to follow your example, we've worked
  8. together successfully, and you've mentored me. I have great respect
  9. for your technical abilities, your integrity, and your general
  10. reasonableness. Thank you for the all of that and for holding fast to
  11. your principles today, when we need it more than ever.
  12. Now:
  13. Your job is not yet done. Your customers are currently vulnerable to
  14. having all of their communications secretly monitored.
  15. I just subscribed to the service at https://SilentCircle.com, and
  16. after I paid $120 for one year of service, it directed me to install
  17. the Silent Text app from Silent Circle on my android phone, which I
  18. did. Now, when I use that Silent Circle app to send text messages to
  19. other Silent Circle customers, I have no way of verifying whether it
  20. is really encrypting my message on my own phone, and if it is really
  21. keeping the encryption key only for me, or if it is leaking the
  22. contents of my messages or my encryption keys to you or to others.
  23. If some attacker, for example the U.S. Federal Government ? or to pick
  24. a different example the Zetas Mexican drug cartel ? were to coerce
  25. Silent Circle into cooperating with them, then that attacker would
  26. simply require Silent Circle to distribute an update to the app,
  27. containing a backdoor.
  28. There is no way for me to verify that any given version of Silent
  29. Text, including the one that I just installed, is correctly generating
  30. strong encryption keys and is protecting those keys instead of leaking
  31. them.
  32. Therefore, how are your current products any safer for your users that
  33. the canceled Silent Mail product was? The only attacker against whom
  34. your canceled Silent Mail product was vulnerable but your current
  35. products are safe is the attacker who would require you to backdoor
  36. your server software but who wouldn't require you to backdoor your
  37. client software.
  38. Does that constraint apply to the U.S. Federal Government entities who
  39. are responsible for PRISM, for the shut-down of Lavabit, and so much
  40. else? No, that constraint does not apply to them. This was
  41. demonstrated in the Hushmail case in which the U.S. DEA asked Hushmail
  42. (a Canadian company) to turn over the plaintext of the email of one of
  43. its customers. Hushmail complied, shipping a set of CDs to the DEA
  44. containing the customer's messages.
  45. The President of Hushmail `emphasized`_ in interviews with journalists
  46. at the time that Hushmail would be able to comply with such orders
  47. regardless of whether the customer used Hushmail's ?client-to-server?
  48. (SSL) encryption or its ?end-to-end? (Java applet) encryption.
  49. .. _emphasized: http://www.wired.com/threatlevel/2007/11/hushmail-to-war/
  50. Phil had been Chief Cryptographer of Hushmail years earlier, and was
  51. still a member of the Advisory Board of Hushmail at the time of that
  52. case. He commented commented about the case at that time, and he also
  53. `stated`_, correctly, that the Hushmail model of *unverified*
  54. end-to-end encryption was vulnerable to government coercion. That's
  55. the same model that Silent Circle uses today.
  56. .. _stated: http://www.wired.com/threatlevel/2007/11/pgp-creator-def/
  57. You have just taken the courageous act of publicly shutting down the
  58. Silent Mail product, and publicly stating your reasons for doing so.
  59. This, then, is your opportunity to make your stance consistent by
  60. informing your customers of the similar dangers posed by the software
  61. distribution practices currently used by Silent Circle (along with
  62. most of the rest of the industry).
  63. I don't know the perfect solution to the problem of the
  64. *unverifiability* of today's software. But being frank about the
  65. current approach and the vulnerability that it imposes on users is the
  66. first step. People will listen to you about this, now. Let's start
  67. talking about it and we can start finding solutions.
  68. Also, warn your users. Don't tell them the untruth that it is
  69. impossible for you to eavesdrop on their communications even if you
  70. try (as your company seems to be on the borderline of doing in public
  71. statements like these: [ `?`_, `?`_]).
  72. .. _?: http://www.forbes.com/sites/parmyolson/2013/07/15/corporate-customers-flock-to-anti-snooping-app-silent-circle/
  73. .. _?: http://techcrunch.com/2013/08/08/silent-circle-preemptively-shuts-down-encrypted-email-service-to-prevent-nsa-spying/
  74. We're trying an approach to this problem, here at
  75. https://LeastAuthority.com, of ?*verifiable* end-to-end security?. For
  76. our service, all of the software is Free and Open Source, and it is
  77. distributed through channels which are out of our direct control, such
  78. as Debian and Ubuntu. Of course this approach is not perfectly secure
  79. ? it doesn't guarantee that a state-level actor cannot backdoor our
  80. customers. But it does guarantee that *we* cannot backdoor our
  81. customers.
  82. This currently imposes inconvenience on our customers, and I'm not
  83. saying it is the perfect solution, but it shows that there is more
  84. than one way to go at this problem.
  85. Thank you for your attention to these important matter, and your
  86. leadership in speaking out about them.
  87. (By the way, https://LeastAuthority.com is not a competitor to Silent
  88. Circle. We don't offer voice, text, video, or email services, like
  89. Silent Circle does/did. What we offer is simply secure offsite
  90. *backup*, and a secure cloud storage API that people use to build
  91. other services. So we aren't competitors.)
  92. Regards,
  93. Zooko Wilcox-O'Hearn
  94. Founder, CEO, and Customer Support Rep
  95. https://LeastAuthority.com
  96. Freedom matters.

comments powered by Disqus