safe techs

Can Apps Make You Surveillance-Proof?

A customer inspects the new iPhone 5 at an Apple Store on September 21, 2012 in San Francisco, California. Customers flocked to Apple Stores across the U.S. to purchase the hotly anticipated iPhone 5 which went on sale nationwide today.
Photo: Justin Sullivan/Getty Images

This week’s surveillance scandals have been a disaster for just about everyone involved — the Obama administration, the many phone and Internet companies that reportedly turned over user data to the NSA, civil libertarians, and newly minted paranoiacs everywhere. But they’ve been great for a small number of software firms that are building tools to protect users from being hacked and spied on.

It’s amazing!” Phil Zimmermann, the co-founder and president of Silent Circle, an encrypted communication platform for iOS and Android, said of this week’s news. “The level of interest we’re seeing is huge. I’m having more fun than I’ve ever had in my career.”

As an enraged public attempts to sort through the details of the NSA’s apparently widespread data-collection efforts, the scandal promises to create a boom in demand for products that can help people cloak their communication.

Silent Circle is one such product; for $20 a month, users get access to a suite of mobile software that provides secure, encrypted voice and video calls, e-mail, and texting. Zimmermann, an esteemed cryptologist whose business partners include former Navy SEALS, says that Silent Circle doesn’t keep logs of who is calling or texting whom, and it doesn’t store the kind of location and usage metadata that authorities appear to have gotten from Verizon, AT&T, T-Mobile, and a host of web and social media companies. The software suite is designed to make a user virtually anonymous — in fact, if Silent Circle were ever subpoenaed for its users’ information, Zimmermann says there would be nothing much to subpoena, since the company doesn’t keep the keys to the encrypted data it holds.

Wickr, another data-encryption app that is poised to gain from the recent NSA scandals (and the Chinese hacking stories that came before it), is essentially a Snapchat on steroids. It allows users to send self-destructing texts, photos, and audio and video files with military-grade encryption. Like Silent Circle, Wickr also keeps no records of its users’ communiqués – and is therefore immune to being forced to give them up to government authorities.

Verizon’s mistake was not giving data to the NSA – it was having data to give to the NSA,” Wickr co-founder Nico Sell told me yesterday. “We’ll hand over our database for a subpoena, but our database is just numbers. We don’t have the keys.

These two apps, and more like them, can greatly reduce the number of traces their users leave behind. But can they make users completely surveillance-proof?

That depends. In both cases, simply switching to an encrypted app won’t eliminate the top-layer metadata cell phones leave behind — the kind that can be used to track the locations of phones and other basic usage information. But diligent users can make their tracks as faint as possible.

In Silent Circle’s case, any calls that involve a public switched telephone network (or PSTN, also known as the normal phone system) are still traceable. But if one Silent Circle subscriber calls another subscriber’s silent number over a wi-fi network, those calls go through Silent Circle’s servers instead of the PSTN, and are thus more or less untraceable. Silent Circle doesn’t even collect the names of its users during the subscription process — a third party handles credit card transactions — lending another layer of security to its process.

Wickr users don’t have quite the same options — their app covers only the sending and receiving of files and texts, and not voice calls — but they do get a similar level of security. The app collects no data about users, thoroughly encrypts all files that pass through its servers, and is described by Sell as “resistant” to the type of basic traffic analysis that the NSA or another government agency might attempt. The app also removes metadata from photos, PDFs, and other files being transmitted, to decrease the likelihood of a John McAfee–type incident. And it includes a “shredder” function that works in the background of a user’s phone, making sure files that are deleted from the phone are removed entirely from the device.

Zimmermann and Sell both warn that it is impossible to be completely off-grid in the modern surveillance state, when every move is tracked by camera and satellite and every communication portal is lousy with trackable data. “It is very difficult to protect against traffic analysis,” Sell said. Asked if it would be theoretically possible to live a modern life completely free of surveillance, Sell said, “You’d basically have to be off the earth.”

Despite the impossibility of total anonymity in the modern era, Silent Circle and Wickr are profiting massively by offering the possibility of getting close. Encryption apps have long been the territory of journalists, government workers handling classified data, and shady dealers. But now, with a high-profile surveillance scandal making front-page news, average Americans have a new reason to be concerned about who has access to their personal data.

Traffic analysis is a powerful tool. You can see who’s friends with who, who’s sleeping with who, who’s doing business with who,” Zimmermann said. “If a future government wants to go after its enemies, this kind of metadata would help them do that.”

Scare tactics, of course, are a part of the security professional’s sales pitch. And it’s not clear yet that the worst fears of privacy advocates have come true. (For one thing, as the Times reported today, the phone metadata and web communications gathered by the NSA as part of the PRISM was part of a database that may have targeted foreign nationals; tech companies are denying that they’ve worked with the NSA to provide user information, and officials have said that data about U.S. users is only “incidentally acquired,” and summarily discarded, as part of the process.)

But when the security of closely held information is at stake, these security start-ups are finding that even offering a bit of potential refuge from the surveillance state can be big business. Zimmermann said that although Silent Circle is less than a year old, it has already sparked interest from foreign military officials, as well as domestic agencies like the FBI

Sell, of Wickr, has also experienced a dramatic uptick in business as more and more people begin to fear for the safety of their everyday communications. “We’re growing exponentially, way beyond my belief,” she said. “We’ve reached the point of mass adoption — it’s past the privacy advocates.”