Comment From Silent Circle -Re:CALEA (Score 1) 127
"There has been considerable chatter about Silent Circle's launch and about what our products, service and unique architecture is all about. We wanted to get out in front to keep everyone here informed as best we can....
We just posted our Law & Compliance information on our site (https://silentcircle.com/web/law-compliance/) to clear up a lot of the questions about whether CALEA laws apply to us, what data we do hold and how we will handle the "heat" to come.
We are putting our products out open source. CALEA does not apply to us -we are a VOIP and software company -the law makes it clear that communications service providers can deliver products to their customers that use encryption to protect their communications without having the ability to decrypt those communications.That is us, thats what we do. If Canada -US-UK-EU Governments try to regulate and change this -we will move to where we can provide it to the world. We do not have the ability to track individual user logs nor calls. We hold aggregate server IP logs for 7 days — we are working hard to get it down to 24 hours.The data we do have is:
*Authentication information — your user name and hashed password. We hash passwords with a twelve-character random salt and 20,000 iterations of HMAC-SHA256 via PBKDF2.
*Your contact email address.
*Your Silent Phone number that we issue you...
That's it. No more no less..We use ZRTP and PGP encryption. Phil created both. Jon created PGP universal and Apple's Whole Disk encryption.These protocols have been open, peer reviewed and tested for 10-20 years. We are in the process of open sourcing our code Phil, Jon Callas and Vincent Moscaritolo ( Top crypto engineer at PGP, Apple and Symantec) created our new Instant Messaging encryption called SCimp....it's being released worldwide for audit and review in a few days...we too believe in open source. We will put our products out open source. We are paranoid. We are on the firing line. There are lots of organizations who do not want us doing what we are doing. We want to push back. We worry about CALEA being highjacked again. We do Peer to peer, device to device encryption. We dont like survellience. we believe every worldwide citizen has the right to private comms. We dont like Huawei or the Chinese Government putting holes in the silicon. They dont like Silent Circle. So its a fair fight.
Our silent network is how we can do clear, very low latency Mobile video and voice on 3G, 4G, edge, and wifi- completely encrypted. Without our custom built network- customers would have poor comms- as is the case with modern day VOIP. We wanted better. We did better. Its not perfect, but we are trying hard to make it the best out there. We don't have the keys to your voice, video, text and data- you do. True security is up to the user. We only secure your comms.
We are not perfect. We are swimming as fast as we can to launch Android, our Secure PSTN calling plan, Windows 8 version and some new products in 2013... We will make mistakes. We don't stop traffic analysis. We don't secure the device. We don't peddle "military grade encryption" or snake oil VPN systems and we are not for everyone...we deserve scrutiny, skepticism, and questioning. We want to do this right. Phil has been fighting for this chance for 23 years. We understand that secure comms and crypto is a contact sport. We have our big-boy pants on and know we cannot please everyone -we dont want to.
I have included my email address so anyone on slashdot can let me know what you think, give us some ideas on what we can do better- or just fire criticism missiles my way.
