Silent Circle, a startup company that provides encrypted mobile communication services, released a new version of its Silent Text app for iOS that allows users to exchange encrypted files at the push of a button. The files can be set to self-destruct.
Silent Circle currently offers two mobile apps for encrypted communication called Silent Phone and Silent Text, but plans to add Silent Mail in the future as well. As their names suggest, these apps can be used for secure voice and video calling, secure text messaging and secure email. A fourth app Silent Eyes is available for computers and can be used for encrypted video and voice teleconferencing.
The current and future apps are free to download, but can only be used with a subscription to Silent Circle's service that costs US$20 per month.
All of the communications pass through Silent Circle's servers, but they do so in encrypted form. The data is encrypted locally with keys generated on the devices. The company doesn't have access to them so it can't see the actual content.
Silent Circle's main goal is to put the security in the user's hands, said Jon Callas, the chief technology officer of Silent Circle. "The apps make sure that all of the security controls are with you and that we don't have any way to read your data. We can't read your texts, we can't listen in on the phone calls. Everything gets destroyed when the call completes."
With the newly launched version of the Silent Text app, users now also have the ability to attach files and their geographical location to text messages. The files can be documents, pictures, movies, audio recording, map locations -- basically anything that can normally be sent with an iOS device.
There is currently a 65MB per file size limit in order not to overload the service, but this is expected to be increased in the future, Callas said.
The user can also use a "burn notice" option that will automatically delete the file and the message it's attached to from both the recipient's device and his own device after a configured period of time, so that there are no forensic traces left.
Each file is encrypted with a unique key that gets deleted when the message is destroyed, Callas said.
While there are other tools to encrypt files and exchange them, this is often too complicated for non-technical users. One of the goals of these apps is to remove the complexity associated with encrypted communication, Callas said.
"The apps look pretty much like normal apps," he said. "The texting app looks like the normal texting app. You use it like you would use the regular texting app. We remove all the complexity for you."
Silent Circle's servers are currently located in Canada, but the company is also planning to install servers in Switzerland and later in Asia as the service expands.
The company makes it a point of logging as little information as possible. For example, it logs IP addresses used by users to log in and these are kept for 7 days, but there are plans to reduce retention time to 24 hours.
"There are lot of logs that we don't keep at all," Callas said. "For example, we don't keep logs about who is calling who."
By not logging many things sometimes it's actually hard to debug the company's network, Callas said. There's internal debate about that and how to strike a balance, he said. "We need to run our network, but at the same time we don't want to know what you're doing."
Silent Circle hopes that its services will be particularly helpful for political and human rights activists in countries where free speech is not well protected.
But at the same time, since everything is encrypted and decrypted between the client devices and there are very few logs kept, there are concerns that the service could be abused by criminals to hinder the ability of law enforcement agencies to investigate their activities.
"We have a terms of service that says there are things that we don't want people to do," Callas said. "We don't want people to use it for criminal purposes, but we also understand that it's illegal to be an activist in an oppressive country."
"We have a fine line to walk and obviously there are certain things that we consider to be a violation of the terms of service and some things that we don't consider to be a violation of the terms of service," Callas said. "There's a lot of activist activity that might be technically illegal in some country that we don't actually care about, but there are other things that obviously we do care about. We handle this as best we can."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.