By CHRIS R. ALBON
Have a secret to share? Maybe a health problem you’d rather keep off your employer’s network, or an affair you want to protect from prying eyes? Forget trench coats and burner phones, now there's an app for that.
Since October, the new privacy startup Silent Circle has been making waves and ruffling feathers with its cryptography apps. The company drew the attention of cryptographers and privacy activists for it's apps allowing (with $20 or $28 a month subscription) users to send secure texts and calls to any other subscriber using their iOS app. Now Silent Circle is taking the next step, adding the ability to send encrypted files securely through their mobile device. They’ll even self-destruct if you want. That updated app hits the Apple Store today.
While most of the attention has focused on technical features of the software, probably the most interesting aspect about Silent Circle comes not from their code but the company’s policies.
First, Silent Circle has taken a bold stance, compared to many technology companies, by refusing to create a digital "backdoor" for law enforcement organizations to use to view user data. Backdoors have often reportedly been created in products like Microsoft Vista and services like telecoms through pressure from the law enforcement and national security agencies to allow governments to bypass security features.
Second, while most services (e.g. Facebook, Google) want to know everything about users, and will happily hand over that information to both law enforcement organizations and advertisers, Silent Circle takes the opposite approach—actively attempting to minimize the amount of information it keeps about users. Specifically, Silent Circle only stores five pieces of information about users: username, password (hashed and salted), email address, Silent Circle phone number, and IP logs for login (only for seven days). Everything else? Completely your own. They don’t know, and they don’t want to know.
Third, the company is pledging to comply only with government requests for information only when they are legally compelled to do so, and not before.
"We must and will comply with valid legal demands for the very limited information we hold. Thus, we want to make it clear that when legally compelled to do so, we will turn over the little information we hold, described above. Before turning it over, however, we will evaluate the request to make sure it complies with the letter and spirit of the law."
The company also makes clear that if at all possible, they will individually inform users that they have turned over that information.
If you remember my column on Twitter’s Transparency Report, these policies are essentially my naive wish, made a closer to a reality. An app that refrains from collecting and using your data? That protects you from (possibly) gratuitous governmental data banks? Yes please. But Silent Circle is not without faults. The company has rightly been under pressure from privacy experts for not releasing its complete source code. What this means is that users are not able to evaluate the capabilities and limitations of the software independently.
Assuming (and the problems with assuming anything regarding security are not lost on me) the software does what it claims to do, Silent Circle could mark a sea change in the way Internet users share sensitive information. In fact, it could do something momentous: help strengthen privacy as the default on the web.
The trend in online application design over the past few years has been to capture as much data as possible about users and their behavior. The services we use every day want to know where we are, what we are buying, and who we are talking to. Their very business models are built on a bedrock of this information. From their perspective it makes sense: the more they know, the more valuable that data is to them, the more they can sell to advertisers, the more valuable their ads are. From our perspective, we allow companies, governments, to track our location in return for a location tag on our tweets, or access to our contact information in return for the ability to post a comment. To not put too fine a point on it, this is rarely a fair trade.
We should applaud Silent Circle for the stand they’ve taken, even if it’s not perfect. Silent Circle's corporate policies around privacy, e.g. limited cooperation with government information requests and minimal collection of user information, should be part of all online services. If there were more apps with Silent Circle’s approach to user information, it could became more mainstream, and in turn, create a better Internet. An Internet where the norm is anonymity, and the release of information is done explicitly and consciously by the user. An Internet where our privacy is protected and our personal information is rare, and valuable.
A user can dream, can’t he?
Silent Circle’s focus on privacy is the Internet we deserve, rather than the Internet we are crashing towards headlong.
Chris R. Albon is a political scientist and writer on the global politics of science and technology. Presently, Chris leads the Governance Project at FrontlineSMS. Prior to FrontlineSMS, Chris earned a Ph.D. in Political Science from the University of California, Davis.