“The reason we need software and devices is to better secure the customer,” Vic Hyder, Chief Strategy Officer of Silent Circle, the company behind the secure device Blackphone, told MediaNama at the Mobile World Congress yesterday. “The weakest link in the chain of security is the individual, who is going to install malware on to the device. What we do is protect the operating system and the hardware to better protect the individual from the prevailance of the malware coming in.”
On why the company needs to do its own hardware, Hyder said that “If we don’t know where the hardware came from and we install software on it, whether it’s the best encryption in the world or not, you don’t know if it’s being recorded, and if there’s a vulnerability already in that hardware. So we provide the hardware, the operating system and the software that runs on it to give a more holistic solution.
The company also has a suite of applications that can be installed on Android and iOS devices, that allow users to text and call securely. So, is that less secure? “It is less secure, if the device is tainted,” Hyder said. “What I’m saying is that you have people who have these devices, who can install Silent Phone, Silent Text. As long as it’s clean, you have perfectly encrypted communication. If it’s not clean, if they’ve installed something that hasn’t been identified by the OS, then there’s a weakness there. We provide the OS that will prevent you from putting that on. That’s the process: hardware, software and devices, to have a holistic solution.”
During the press conference, Phil Zimmerman, Co-founder of Silent Circle, and co-creator of PGP encryption had explained: “Malware can exfiltrerate your keys from your phone, and the best way of addressing this is by controlling the OS. The only way to address the OS is to build your own hardware, you own kernel, your own everything that surrounds the phone. It’s an arms race, and we’re happy to be a part of that arms race.”
Yesterday, Silent Circle announced an enterprise privacy platform: a system of devices, software and services, apart from launching the BlackPhone 2, and announcing the BlackPhone+ phablet. On the software side, they have PrivatOS, an Android based OS created by Silent Circle to address modern privacy concerns, with “no hooks to carriers, and no leaky data.” This includes the Silent Suite set of apps, Silent Spaces for virtualization in devices, Silent Phone for encrypted VoIP calls, Silent Text for encrypted texts, Silent Contacts, an encrypted address book, Silent Meeting, an encrypted conference calling system, Silent Store app store, and Silent World, which allows secure communications with those not using Silent Phone.
Some notes from the press conference:
– A consumer play that became an enterprise play:Personal privacy has become an enterprise issue, Zimmerman said. “We’re replacing blackberry in the enterprise. Our core technology is based upon devices encryption, ephemaral key encryption. We don’t hold the keys, the users do.”
The Blackphone was launched at the Mobile World Congress last year, and “We have three quarter of a billion (dollars) in sales for Blackphone one in contracts. 83% of our business is outside of North America. We started off in consumer, but businesses have a massive issue. They need a saferoom within their company. This shift happened, where companies began to buy up our products. 75% of our business is today taken up by enterprise. We have become one of the more dominant products in enterprise. We stick to privacy and security. It’s a god given right for every citizen to have it. Never before have the private citizens of the world been under such barrage from governments, or businesses been under assault.” The company claims that they have 32 clients from the top Fortune 50 companies, indicating how security of communications is a significant corporate concern.
Bill Conner, CEO of Silent Circle also said that consumerisation of the enterprise has led the company to do both – consumer and enterprise business.
– Malware is everywhere, the hack is changing: Conner said that “There are 400,000 signatures of malware a day. It is not going to go away, and will continue to attack the networks. Sony talks about that in a profound way. Why was Sony such a pivotal piece? Sony’s all about the nature of the hack changing. It was a government led initiative with hacktavists, with insiders within the enterprise aiding and abetting. That is a very different nature of what is happening in the world today.
– Trust is at an all time low: “Look at Gemalto: Governments are attacking the supply chain of people who are building the hardware and software that are supposed to protect us. Trust is at an all time low. Trust is privacy. You can’t have privacy if you can’t trust someone. Government trust is at an all time low. If your customers don’t trust you to rigorously protect their sensitive data, they’ll take their business elsewhere.”
– Silent spaces: allows a phone to host both personal and enterprise spaces using virtualization, as a part of Silent Circle’s PrivatOS. “With any Android controlled OS, we can offer your personal space and an enterprise space, in a virtual container-ised space. Increasingly, 50% of BYOD (Bring Your Own Device) has found its place in the enterprise. Spaces is the first chance that you have for both personal privacy and enterprise privacy.” John Callas, co-founder of Silent Circle and also one of the creators of PGP said that Spaces “allows you to group your apps and systems that you use on your deice in separate containers and you get multiple phones in one phone. It works with the OS itself, you get separate screen locks, separate work apps. We’re delivering it next week on Blackphone 1 and it will be on all our devices. The first apps we supply is Silent Spaces are our own. It allows private containerising of everything else. They can be the same app that is configured differently, or different apps. You can have separate VPN and email setups. You can have multiple private spaces. You can have a private space for kids and for yourself. You have multiple phones configured in one phone.”
– Silent Store: is a secure app store, “where we are providing security and privacy, and apps that are whetted.” The company will launch version 2 in the fall of this year.
– Not doing secure email: “Email was fundamentally different. Its architecture is 40 years old. Someone can get access to that. Our tech is different: the key is created by the users. Email has become a free product. You’ve got even routers that can create free email systems. For us to create email is a kind of a redundancy. We have the tech to create the worlds first p2p email system.”
– Internet of Things (IoT) is next: “What most people are talking about is putting some security on device. We think the next generation of IoT is different: we’re experimenting with how to do you take a P2P generation of technology which is about security and privacy of content.”
– Monitoring their own manufacturing: Zimmerman added that “All the phones here at MWC have been made at Chinese factories. We’ve put in a lot of effort into monitoring our own people at manufacturing. You have to consider that if a major intel agency wants to target an single individual, they have a variety of ways of targeting them. What we can do is create something that tries to protect the bodypolitik.”
– Surveillance has undermined democratic institutions: Pointing towards his civil liberties background, Zimmerman said that “My interest in cryptography has always been about civil liberties. The NSA will find a way of targeting a single individual. The Dalai Lama was attacked by the Chinese government, where they tricked him into opening a PDF file, and took over the mic and the webcam. We can make a good product that can protect a lot of people from mass surveillance. Pervasive surveillance undermined democratic institutions and our confidence in interpersonal communications, where we live in a society where we feel we don’t have enough privacy.