Deprecated: Unparenthesized `a ? b : c ? d : e` is deprecated. Use either `(a ? b : c) ? d : e` or `a ? b : (c ? d : e)` in /www/wp-content/plugins/js_composer/include/classes/editors/class-vc-frontend-editor.php on line 673 How Secure Was Silent Circle Email? | Cryptophone Australia

Ladar Levison, the owner and operator of Texas-based Lavabit, said in a statement that his hand was forced after six weeks of legal wrangling and two attempts by him to squash the gag order, both of which were rejected by a judge. As a result, he’s not at liberty to publicly reveal exactly what’s going on.

Silent Circle logoWithin hours, a fast-growing Maryland-based start-up called Silent Circle also closed its e-mail service and destroyed its e-mail servers. The company said it saw the writing on the wall — while also making it plain that it had not yet received any court orders soliciting user data.

[quote]“More governments around the world use GSMK Cryptophones than any other product to secure their calls.”[/quote]

There’s something more to this story which most news outlets seem to have overlooked. Silent Circle (SC) offered a secure PGP encrypted email service to customers. Their website states “Complete end-to-end encryption with you, the Silent Mail user, holding your own OpenPGP key or S/MIME certificate.”

But if it their service was as secure as advertised, why the need to destroy the servers?

If Silent Circle customer email was properly encrypted, should customers really care if the US Government issued a search warrant, or confiscated the servers? While only their staff will know the truth, customers could speculate that despite the promise of security, Silent Circle still held the ‘Master Key’ to their email. A serious concern if forced to provide the NSA with access to their customer data.

The same claim of end-to-end encryption for their Silent Mail, is still being advertised as to reason you should continue trust their Silent Phone and Text service…

Apple services are vulnerable for the same reasons

iMessage SecurityApple’s iMessage is often touted as ‘secure’ because it uses end-to-end encryption. Sure that’s lovely, but Apple still holds the key to that encryption.

In the same way iCloud is advertised at secure by Apple, their terms of service state that they routinely sift through your account to make sure you’re not making any DMCA violations. The only way for this to be possible is if Apple holds the master keys.

Cryptophone provide true end-to-end encryption. With every call a new key exchange is run for every call. In the event that a Government demanded access to customer call and message data, there’s nothing to give them of any use. This is why Cryptophone make the source code available for independent review. There’s no secrets to hide when encryption is done right.

Why Cryptophone and not VoIP/SIP

Existing VoIP protocols, even those with an added encryption layer (like SRTP used by Silent Circle and others), pose a number of risks and practical problems that are incompatible with the requirements of a reliable high-security communication encryption system with mobile users.

Recent research has exposed the inherent weakness in ZRTP (PGP creator Phil Zimmermann’s implementation of SRTP) and shown how VoIP/SIP is a very complex protocol with a huge software footprint and a multitude of extensions and add-ons that pose exploitable security risks. In contrast, Cryptophone has been purpose-engineered to be a narrow bandwidth, hard-to-detect communications protocol with a small and easily auditable software footprint in a well-defined, manageable system environment.

With the integration of encrypted messaging and encrypted voicemail, it can provide a much richer feature set than strap-on encryption solutions for VoIP/SIP.

While SRTP-based encryption solutions with either static keys or key exchange methods can be made to work in well-defined network environments like corporate Intranets, making them work reliably over the public Internet and with a multitude of different client devices is challenging.

Mobile network operators in particular resort to all kind of protocol and port filtering to block standard VoIP protocols in their networks in order to maximise voice revenue.

The seamless integration of encrypted telephony, encrypted voicemail and encrypted messaging that Cryptophone All round offers cannot be recreated with existing protocols without incurring a huge software footprint, user interface problems, and a host of security issues.

Cryptophone is the most efficient and most secure solution for its intended purpose.

For this reason more governments around the world use GSMK Cryptophones than any other product to secure their calls.