Wednesday, 22 January 2014

Interview: ‘Fully encrypted’ Android Blackphone – will it allow for spy-proof communication?

A new, sleek Android-based smartphone will allow secure calls, text and exchange of data from any country on the planet, its makers claim – and the upcoming launch of Blackphone has ignited worldwide debate.
The company behind it, Silent Circle, is to launch the device at Mobile World Congress in Barcelona this Spring, in collaboration with Spanish smartphone company Geeksphone, according to Business Insider.
According to TechCrunch’s report, the venture is Switzerland-based, with Geeksphone having previously manufactured Android handsets, and currently working on hardware for Mozilla’s open HTML 5-based Firefox OS before teaming up with encryption experts Silent Circle. The company describes Blackphone as, “The world’s first smartphone placing privacy and control directly in the hands of its users.”
Speaking via email, Silent Circle’s Toby Weir-Jones said, “It’s obvious there is tremendous interest in the goals we’ve set for Blackphone, even though we have released so little concrete detail so far.   Our focus is on the visible layers of the phone — the applications, the user interface of the operating system — and giving our customers the control necessary to exercise their right to privacy.”
TechCrunch points out that encrypted phones are already on sale, such as Germany’s GSMK Cryptophone, which offers 256-bit AES and Twofish symmetric encryption. But such phones do not offer the versatility of a modern smartphone OS, according to Blackphone’s makers.
Silent Circle was formed in 2011, has has launched messaging services for PCs and Smartphones, according to AFP’s report. Its founders include Phil Zimmerman, a famous figure within the world of encrypted communication, who created the widely used PGP (Pretty Good Privacy) standard. Silent Circle previously offered an encrypted email service – but the company shut the service to avoid handing records to the U.S. government, after rival service Lavabit was subpoenaed.
CEO Mike Janke told AFP that the phone was in development before Edward Snowden’s revelations about NSA programs: “We did this because there was a problem that was not being solved: secure communications,” said the former U.S. Navy Seal.”We offer completely encrypted, peer-to-peer communications. We have encrypted video, encrypted text and secure VoIP (Voice-over-Internet-Protocol) calls.”
One vocal fan of previous encrypted phones is Julian Assange, “I don’t use email,” he said in an interview with Google’s Eric Schmidt, reported by Yahoo News. “Too dangerous, and encrypted email is possibly even worse, because it is such a flag for end point attacks … but we do have encrypting phones. Unfortunately they don’t work in all countries, but the SMSs work in all countries.”
Blackphone runs a modified version of Android known as PrivatOS. Weir-Jones said that the company is aware that no device can be ‘spy-proof’, and that the gadget is a “first step”
“This is an important and incremental step towards restoring some of the balance of power which has been eroded over the past many years,” he said via email. “ It stops the consumer from being the product themselves, where their activity is monetised in exchange for access to free services.  And in cases where the information they wish to exchange is, itself, commercially valuable, it makes it harder for malicious actors to intercept and gain access to that information.”
“Most of the individuals who’ve contacted us are just grateful that someone is making real efforts to improve the state of the art,” he says. “and recognise that it’s an important step in what will be an ongoing journey.  We’ve also had a huge amount of coverage from both the technical and general press.”
“As far as consumer awareness of privacy issues goes, we’re aware that at least some of the present activity is more to do with recent high-profile news stories about surveillance agencies and their activities, rather than a more fundamental sea change in attitudes and degrees of awareness.  We see the longer-term effect of these episodes as catalysing events first and foremost; once the volatility of the day-to-day news cycle subsides, we’ll be able to see what lessons have stuck.  Security has always been a tough sell at the consumer level, because it usually decreases convenience and is therefore an impediment to getting stuff done.”
ESET Senior Research Fellow David Harley said, in an earlier We Live Security article regarding government spying and encryption, “Paraphrasing Bruce Schneier, if a well-resourced intelligence agency or LEA wants to know your secrets ‘they’re in’, and some much-hyped encryption programs will offer very little resistance. Selecting the right security software of this sort and properly installing and maintaining it is not easy. If you want to do it properly – and safely! – it needs time and care.”
Graham Cluley, a security industry veteran, said that one of the dangers Blackphone faced was success, saying that if such a device became a “de facto standard”, it would become a target not just for intelligence agencies but for “glory-seeking hackers”.
Standard Android devices do have cryptographic protection built in, as do modern PCs, although this is focused on protecting files rather than cloaking communications – a beginner’s guide from We Live Security, detailing to how to protect your data using such technology can be found here.

No comments:

Post a Comment