"Whatever you do will be insignificant, but it is very important that you do it."
If you want to know what Phil Zimmermann’s about, this quote from Mahatma Gandhi might be a good place to start. Zimmermann picked it up during his earlier days as an anti-nuclear activist, during which he’d once been arrested along with astronomer Carl Sagan, actor Martin Sheen, and Pentagon Papers-leaker Daniel Ellsberg. And when, in 1991, he released Pretty Good Privacy, an encryption program for the increasingly popular technology known as electronic mail, the quote was on his mind. It found its way into a section titled “Why I Wrote PGP” as a humble declaration of purpose: a single action may not change the world, but that doesn't absolve individuals of the responsibility of acting.
Few software manuals include a Gandhi quote. Phil Zimmermann’s does
Few software manuals include a Gandhi quote. Phil Zimmermann’s does. Few software programs are written as an explicitly political act. Phil Zimmermann’s was. Throughout the 1990s, legal battles raged over privacy and surveillance. There was the Communications Assistance for Law Enforcement Act (CALEA), mandating that phone companies provide remote wiretapping access to law enforcement. There was the Clipper chip, an encryption technology developed by the National Security Agency specifically to provide backdoor access to the authorities; supporting the idea, FBI Director Louis Freeh said the government, in the wake of the Oklahoma City bombing, also had to curtail the public use of strong cryptography. He said this despite the fact that, as Zimmermann noted, none of the bombers had used crypto. “Privacy is as apple-pie as the Constitution,” he wrote, but the government didn’t want email to be like regular mail, sent in a private envelope. It wanted email to be like a postcard.
Few software authors find themselves the target of a federal investigation. Phil Zimmermann did. When he saw the introduction of Senate Bill 266, which would have required all secure communications technology to include a government-accessible backdoor, he worried if passed it would effectively outlaw encryption. So he created PGP and began distributing it to friends. It soon found its way onto the internet, then migrated from American-hosted sites to foreign computers. A U.S. Attorney in California began investigating Zimmermann for violating the Arms Export Control Act — strong cryptography was already treated like a weapon, prohibited from export without government approval. Only three years later was the case dropped without charges, in 1996.
“Trying to stop this is like trying to legislate the tides and the weather.”
After that Phil Zimmermann turned PGP into a company, his plan all along. CALEA passed and remains part of the surveillance landscape today; the Clipper chip and SB 266 died ignominious deaths, thanks in part to near-unanimous opposition from Silicon Valley and civil libertarians. Strong, public cryptography, he later told Congress, was here to stay. “Trying to stop this,” he said, “is like trying to legislate the tides and the weather.” He eventually sold his company and watched PGP become an enterprise tool. Meanwhile, he spent years working on secure telephony — encrypted voice calls that anyone could use.
You might think a guy like Phil Zimmermann could be content to kick back and relax. He’s probably got the money to do so; he’s pushing 60, and he’s now officially a member of the Internet Hall of Fame. You could understand if he wants to appreciate his own accomplishments. He might not want to return to the arena that made him the target of a time- and money-sucking government investigation, or to the daily grind of running a company. He’s certainly done enough.
Then again, not many people see writing software as a political act. Few user’s guides quote Mahatma Gandhi.
So Phil Zimmermann has a new company. He and his co-founders — like him, long-time fixtures in the cryptography world, with a Navy SEAL or two thrown in to boot — are taking another shot at bringing secure communications to the people. And, he says, “I'm having more fun now than I've had in probably 15 years.”
Which brings us to Silent Circle.
II: Closing the circle;
Mike Janke saw a problem. After a stint as a Navy SEAL, he’d founded his own private contracting firm, providing construction, security, and logistics. Among his clients and former colleagues he saw a growing concern about surveillance and privacy. It began to seem like anyone could be electronically eavesdropping. Secure government or corporate laptops went unused, for fear of employers’ spying. Overseas work, often in hostile terrain, meant unsecured calls home, because there was no other option. It was a far cry from glamorous locales and high-tech CryptoPhones. “What people don't know is that in the special forces you spend a lot of time in t-shirt and blue jeans traveling around other countries,” Janke says. “Not just your typical Hollywood, war-torn zones.”
Meanwhile, intellectual property theft went mainstream. Small businesses had almost no way to protect themselves from it, and often weren’t even aware of the problem. Janke gives an example: a fashion designer in Milan sending new ideas as a PDF via webmail to a manufacturer in Vietnam, only to have bootlegged versions appear in India and Bangladesh before prototypes were completed. Easy to use, comprehensive, secure communications could solve that problem. But most of the options were security theater, or working models of “you get what you pay for.”
“I'm not a technologist,” Janke says, “But I'm somebody who understands how technology is the very life-blood of my work now.” And he remembered a name from his SEAL days, when everyone in government and special forces used Pretty Good Privacy: Phil Zimmermann.
“We're blessed to have made enough money that we took a blood brothers' promise that we wouldn't take funding from VCs.”
That was just over a year ago. Janke contacted Zimmermann, and the two soon found themselves forming a company. They went to Def Con, recruited friends: former PGP guys Jon Callas and Vincent Moscaritolo, and another former SEAL, Vic Hyder. In contrast to the typical startup cast of fresh-faced twenty-somethings, they saw themselves as grizzled veterans and started joking about being “the Grateful Dead of secure communications.”
They were all ideologically sympatico, believers in the ideal of cryptography as the tool for guaranteeing a fundamental human right to privacy. And they were lucky enough to have the financial leverage to act on that belief. “We're blessed to have made enough money that we took a blood brothers' promise that we wouldn't take funding from VCs,” Janke says, “because we would not be able to take this forward and have control of it if we brought in other people funding it. So we financed it ourselves.”
The system they built offers enhanced security for voice, text, and video chats. Designed for elegance and simplicity, it encrypts data on the phone before passing it on to the company’s servers. That means end-to-end encryption between subscribers; calls to non-subscribers are encrypted until they reach the company’s servers, then decrypted back into plain voice for the non-subscriber’s phone. Another app allows encrypted texting, with a “burn” option for deleting sent texts after a period of time. With an update expected this week, the Silent Text app will let users send encrypted files as well, up to 60 MBs in size.
“You should come into the world with the right to private communications between you and everybody else.”
Of course, any marginally savvy consumer wants full transparency from a secure communications product. That means, for example, an open security audit of the underlying code; as with PGP, the team plans to make their code open for peer review, to prove there are no security holes, intentional or otherwise — though they admit this hasn’t been possible yet. They’ve located their servers in Canada, known for its strong privacy protections. And they’ve published a comprehensive explanation of their law enforcement compliance policy, detailing how they keep customer identification data to a minimum, and how they’ll respond to any requests for customer information. Peer-to-peer encryption means the company never has access to unencrypted conversations or texts, leaving them nothing to turn over. That said, the truly cautious adopt a wait-and-see approach with new security products.
Silent Circle requires a $20/month subscription, which allows the company to offer encryption as a service with regular updates, rather than a buy-once product that might become outdated. (And yes, it guarantees a continued revenue stream.) Janke acknowledges the price tag will turn off some customers, but he’s not looking to appeal to everyone. He has a specific market in mind: military personnel, travelers, and small businesses. “None of us want to be running a 200-person company,” he says. “If we can keep it at 25 and service 250,000 people around the world, that's how we measure success.”
Still, beneath the pragmatic calculations lies the belief that Silent Circle is more than just seizing a business opportunity. Among the founders, cryptography matters. As Janke puts it, “I look at it outside of any country border, outside of any patriotism, outside of any ideological thought, simply as a citizen of this world. You should come into the world with the right to private communications between you and everybody else.”
III: Why your phone is like an electronic megaphone;
“The part of the story that I think is most fascinating is why we even need Silent Circle in the first place,” says privacy researcher and activist Chris Soghoian. “Why don't we already have it today? Why isn't this built into your phone?” The answer, as he tells it, is determined by two powerful constituencies whose interests just happen to align: wireless carriers and the U.S. government.
“The real shame here is that the phone companies haven't been really honest with their customers about how poor their existing products are,” he says. Cell phone conversations travel through the air, susceptible to eavesdropping with relatively inexpensive equipment — a perennial demonstration at hacker conferences.
But, Soghoian says, almost no one cares. Or rather, not enough people care to force carriers to spend money to fix the problem. Take text messaging. Most people don’t worry about who might be eavesdropping on their texting as much as who might see the texts once they’ve reached their destination. (That’s why Silent Circle’s “burn” feature offers a degree of control over information that’s now in someone else’s hands, literally. Snapchat, Wickr, and TigerText offer similar features.)
It would take a point-and-click demonstration of the vulnerabilities to make most people aware of the eavesdropping risks. “The phone system,” he says, “is where packet sniffing [eavesdropping on network data] was 15 years ago. The flaws are known to experts, but the tools are still very difficult to use.” The problem’s out of sight, so most people don’t spend much time thinking about it.
“phone companies haven't been really honest with their customers about how poor their existing products are.”
“The only thing protecting your calls is that most people don't want to listen to them, and most people don't have the tools,” Soghoian says. While Silent Circle is one among many apps promising secure communications — including Wickr, TextSecure and RedPhone — that have appealed to privacy-conscious consumers, and can claim hundreds of thousands of downloads, Soghoian says most users simply can't imagine why they’d need such protection. He figures it’ll take the wireless equivalent of Firesheep, the point-and-click packet sniffer that let users steal their friends’ Facebook and Twitter logins, before the general public realizes its vulnerability. (Then again, Snapchat, which lets users send self-destructing photo messages, has seen a surprising number of downloads. Wickr claims a similarly quick uptake by users.)
But before that happens, Apple or Google could bypass the carriers entirely and build encrypted calls and messaging directly into their mobile operating systems. Apple’s iMessage and Facetime already encrypt texts and video chat, and either company could include by-default voice encryption fairly easily. Thus far, though, neither has shown much interest, perhaps coming to the same conclusion as the carriers: it’s a feature without a market, and not worth spending time and money on.
And wireless companies have to weigh their relationship with the U.S. government. Leaving all communication in the clear makes wiretapping easier; there’s no way to offer seriously encrypted communication without also locking out the government. Creating backdoors puts you back in Clipper chip territory. Or you end up with a replay of “The Athens Affair,” where hackers used the built-in wiretapping capabilities of Vodafone Greece to eavesdrop on that country’s prime minister and at least 100 other high-ranking dignitaries. U.S. wireless companies have little incentive to roil the same government that, for one, manages the spectrum on which their data travels.
So the status quo remains: even savvy users don’t much consider their security vulnerabilities when it comes to cellphones, and government and carriers would like to keep it that way, as it saves money while providing easy wiretap access. Even among legislators, this state of affairs is often poorly understood (Soghoian points out that Congress’s Office of Technical Assessment, which used to provide nonpartisan technology analysis, hasn’t been funded since 1995) or simply goes unacknowledged.
“The only thing protecting your calls is that most people don't want to listen to them.”
Instead, much of the cybersecurity chatter has focused on more esoteric threats. “It boggles the mind that there is all of this fear in Washington over cybersecurity – that everyone is freaking out about China hacking into U.S. networks and stealing corporate secrets and stealing government secrets,” Soghoian says, “while at the same time every member of Congress is using a smartphone that transmits his or her communications in the clear.” It’s a situation Phil Zimmermann noted already in “Why I Wrote PGP,” saying, “Ironically, the United States government's restrictions on cryptography in the 1990's have weakened U.S. corporate defenses against foreign intelligence and organized crime.” Though today that policy has less to do with active restriction of cryptography, and more to with self-interested neglect. A disturbingly open telecommunications system is simply the default mode. “If you have that kind of policy,” Soghoian says, “you cannot be surprised when foreign governments come in and spy on us.
Yet he also suggests encrypted communications can be cast as not just an issue of individual privacy, but as one of national security. Instead of worrying that foreign companies are providing network backdoors in their routers, for example, simply make sure that the data flowing across those networks is secure — encryption at the individual level. But such a shift in thinking would require giving up easy wiretapping access; it’s the same battle law enforcement waged in the 1990s, when preventing personal encryption was pitched as a way to make sure no criminals could hide their schemes in PGP-encoded emails.
As Soghoian puts it, “At the end of the day you have to make a decision: do you want your communications to be open to everyone, or closed to everyone?” There’s no real middle ground; locking out foreign governments means also locking out your own. But whether an individual right or a collective attempt at national security, Soghoian believes strong encryption is (again) a utility whose time has come. “I’m agnostic about this,” he says, “I don’t really care if Silent Circle captures this market, just as long as somebody does.”
IV: Coming full circle;
Phil Zimmermann doesn’t see himself refighting the crypto wars of the 1990s. To him, what was obvious then remains obvious now: in an increasingly networked world, where confidential data are revealed seemingly every day, encryption is a right, not a privilege. He’d go even further: it’s not just a right but a necessity. Luckily, much of the rest of the world has caught up with this perspective. “The legislative environment has changed so much in the last 20 years,” he says, “that rather than having to explain why you're using strong crypto, you'd have to explain why you're not.” Corporations are increasingly aware of data protection as part of their fiduciary duties, even if they’re not always very good at it.
“We don't have to be defiant young men in leather jackets. We're mainstream. Crypto has become mainstream now.”
The real task, the one Zimmermann began with Pretty Good Privacy all those years ago, is making crypto work for normal human beings. On a technical level that’s become easier: the average smartphone contains portable processing power few would have dreamed of two decades ago. And it has an easy-to-use operating system people already understand, a far cry from the complexity of Pretty Good Privacy. Zimmermann and his co-founders have an opportunity to do what they’ve spent decades working toward: put powerful encryption in the palm of your hand.
On their path to that ultimate destination, they find the world has changed. Surveillance has gotten more pervasive: now it’s not just an abstract fear of the government electronically looking over your shoulder. It’s the National Security Agency hoovering up data from around the world; it’s warrantless wiretapping and secret email intercepts. It’s Facebook and Google and Amazon knowing who you know, where you go, and what you buy — data we’ve come to give up voluntarily in exchange for convenience. It’s your neighbor eavesdropping on your WiFi or snatching your cellphone conversation from the air.
But as the threats have grown, so too has a sense that information security isn’t just for criminals. Zimmermann might have felt like a voice in the wilderness in 1991, predicting a world that looks much like the one in which we live. And it has to be a little disappointing, being so prescient. But that just means “I'm a little more slow-moving today. I used to be more agile. I think that the problems have gotten worse, as far as privacy goes,” he says, with characteristically soft-spoken understatement. But he no longer has to be that voice in the wilderness, either. “We're not cypherpunks,” he says, “We don't have to be defiant young men in leather jackets. We're mainstream. Crypto has become mainstream now.”
These days, Phil Zimmermann’s less likely to be mistaken for a leather-clad cypherpunk. But he's also less likely to face the threat of jail for writing software. And you know what? He can still quote Gandhi.