On 10/11/2012 2:14 PM, Katrin Verclas wrote: > Having sat for the better part of the day with Phil Zimmerman with activists > and journalists in a room, here is what I learned: > > On Oct 11, 2012, at 12:15 PM, Nadim Kobeissi wrote: > >> On 10/11/2012 12:04 PM, James Losey wrote: >>> Hi Nadim, >>> >>> I largely agree with your assessment of Silent Circle and I offer these >>> thoughts in an effort to increase my understanding of the issue. The >>> product is a packaged "solution" clearly targeted towards business >>> customers focused on corporate privacy. And while the company offeres >>> regular transparency statements on government requests and strives to >> >> Unless hit by a search warrant and a gag order at the same time, or a >> federal subpoena. > > Zimmerman stated that servers are located in Canada to avoid US subpoenas > (not a lawyer, not sure what's that worth in the end).
His entire IP block is connected to servers in the United States. I am very skeptical of that claim. Furthermore, this is nonsense; the issue isn't being protected against *one* country's subpoena, it's being protected against *any* subpoena. > > According to the Silent Circle website: > > Websites and products that don’t list the people behind the technology or > where their servers are located, how the encryption keys are held or even how > you can verify that your data is actually encrypted, are typical of the > industry and provide only pseudo-security based on a lot of unverifiable > trust. > > Our secure communications products use “Device to Device Encryption” – > putting the keys to your security in the palm of your hand (except for Silent > Mail, which is configured for PGP Universal and utilizes server side key > encryption). We DO NOT have the ability to decrypt your communications across > our network and nor will anyone else - ever. The closed-source nature of the software makes pushing government-mandated backdoors incredibly easy and extremely difficult to detect if done right. This is a tall claim not backed by evidence or the possibility of review. > Silent Phone, Silent Text and Silent Eyes all use peer-to-peer technology and > erase the session keys from your device once the call or text is finished. > Our servers don’t hold the keys…you do. Our secure encryption keeps > unauthorized people from understanding your transmissions. It keeps > criminals, governments, business rivals, neighbors and identity thieves from > stealing your data and from destroying your personal or corporate privacy. > There are no back doors, nor will there ever be. ...unless they're served a court order, in which case Silent Circle will either implement a backdoor or go to jail, thank you very much. > > > More importantly, Zimmerman noted that Silent Circle code will be made > available for audit. > Skype, too, says that its code is available for audit, and then only lets a single academic audit it via an auditing that they themselves fund. This is likely PR; I will not be satisfied unless anyone can audited the code, and the source code is kept updated with every new release. > >> >>> minimize storage of some types of data (and you're right that payment >>> info is problematic) the company is clearly interested in paying for >>> privacy assurances and seems less focused on supporting activists. > > According to Zimmerman (who was keenly interested in use cases for activists) > will make licenses available to activists at no cost. They have not figured > out the process for this yet, but we'll certainly follow up with them. This is just really scary -- a piece of closed source, unaudited, unverifiable software that costs money for corporations, but is free for activists? > > > Katrin > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech > NK -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech