Imagine you are a citizen of a tyrannical government whose police force has a habit of busting skulls in public. You desperately want to capture evidence of these crimes and make them available to the outside world in order to bolster the case for humanitarian intervention. You have video and images stored on your cell phone, but are fearful of utilizing digital networks to send the data, as your government has its its claws deep in the region’s ISP and mobile carrier operations. Time is running out: any day now, you may be taken into custody by state thugs, who will surely discover the material on your phone.
A shit situation, as they say.
If you happened to have a new app from Silent Circle installed on your device, things might look a little different. Representing a major leap forward in encryption technology, the app allows ordinary users to securely send files up to 60 megabytes from a smart phone or tablet without needing an advanced degree in cryptology or complicated software. The new app follows a previous Silent Circle release that did the same for phone calls and text messages.
Without getting into how the app functions (basically peer-to-peer “shredding” and locally-stored encryption keys that are immediately destroyed after transmitting), it seems obvious that Silent Circle is a potential game-changer. And not just for hostile dictatorships — democracies like the US should also take notice. For example, technology like this may complicate not only digital surveillance, but also efforts to crack encrypted communications in general. That’s gotta piss off the National Security Agency, which is going full-bore to establish an ungodly large data facility in Utah.
Before you go thinking that there are, ahem, laws preventing the US government from accessing your digital communications, think again. The 4th amendment — which exists to place limits on governmental searches and seizures — is not a bulwark against the feds requesting that private companies make available any and all private data. You may recall the hubbub back during George W. Bush‘s presidency when AT&T allowed the installation of a fiberoptic splitter at their San Francisco facility and subsequently copied and forwarded web traffic to and from AT&T customers straight to their pals at the NSA.
People got rightfully pissed, and Congress said that this kind of snooping was a no-no (albeit with retroactive immunity for the telecoms). But that’s hardly the whole story.
As it turns out, warantless wiretapping was/is a fairly narrow activity that involves the real-time capturing of signals. Under existing law, the US government is free to request of internet service providers practically any telecommunications data that is domestically transmitted; NSA can (legally) scrape photons that travel across borders (though they collect far more, for reasons I’m about to get into).
The case law goes back decades, and includes Supreme Court rulings premised on the fact that if I tell you something, I should have the “reasonable” expectation that you will, in turn, inform the government. This was extrapolated to criminal cases involving pay phones, and later, bank records. As the Supreme Court itself stated, “The Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.”
So there you go. Lax interpretations of the 4th amendment in the courts, plus Patriot Act powers basically means that the government can compel any telecommunications service provider — from data pipe to mobile to edge-of-network — to divulge third party data. Probable cause? Brothers and sisters, they don’t even require reasonable suspicion.
This is one reason why even the US government might be annoyed by the Silent Circle app.
Another is that certain intelligence agencies, such as the aforementioned NSA, are keen to crack communications of other countries. How to go about doing this? Collect as much data as possible, and throw it at the biggest supercomputer you’ve got. This is the Utah project. The whole “spying on American citizens” thing is probably a red herring. The way to crack (NSA-approved) 256-bit encryption, which is standard for email, is to scrape all the flying photons and store them in one giant location. Then you can set your supercomputer to work in a “brute force” attack against the encryption. If your processor is powerful enough (and some suggest it is), you may be able to collapse the time it takes to crack the code based on the ability to discern and exploit hitherto undetectable patterns.
If you can do this, you can read China’s email.
But if everyone starts using P2P-enabled, temporarily cloud stored, locally-keygenned app technology to send and receive information, such expensive government projects aren’t worth much.
This is bona fide bummer if you’re a government that’s into electronic eavesdropping. And one assumes that’s most of ’em.