Agencies showing sudden interest in encrypted comm
Connecting state and local government leaders
Growth of BYOD encryption company Silent Circle, already robust, has skyrocketed in the wake of revelations of NSA surveillance, and government is the biggest customer.
Silent Circle, the company that provides end-to-end BYOD encryption, has introduced a Web-based management console to support large deployments of crypto licenses. It was developed largely in response to government demand for a tool to manage enterprisewide licensing, said CEO Mike Janke.
Government was always a primary market for Silent Circle, but the speed of adoption has caught the company by surprise.
“We had no idea that government customers would need a thousand subscriptions,” said Janke, a former Navy SEAL. “We didn’t see any of this coming. We envisioned 10 special ops guys, reporters in Sudan or some individuals around the world.”
Silent Circle’s secure voice, text, mail and video communications have gone in less than a year from being a point-to-point solution to an enterprise tool. There has been strong adoption in the financial industry and with oil companies, but “most of it was from [the Defense Department] and other government agencies,” Janke said.
The company has benefited from current events, particularly recent revelations about the National Security Agency’s surveillance of Internet and telephone communications. Growth, already a strong 100 percent month-over-month, rocketed to 420 percent in the last two-and-a-half weeks. Agencies that were buying 50 subscriptions now are buying hundreds as concerns grow not only about government snooping, but also of government leaking.
Encrypted communications is not new. What Silent Circle has done is make it practical for bring-your-own-device environments by harnessing the computing power of smart phones for crypto key management, cutting the middle man out of the security equation. Keys remain in the hands of the end users rather than a server, eliminating the need for trust in a third party.
Secure peer-to-peer connections with Silent Circle Android and iOS apps use the Zimmermann Real Time Transport Protocol, a crypto key agreement protocol for voice over IP that uses the Diffie-Hellman key exchange and the Secure Real Time Transport Protocol. Encryption is done with NSA Suite B cryptography, a public interoperable set of crypto tools that include the Advanced Encryption Standard, Secure Hash Algorithm 2 and elliptic curve digital signature and key agreement algorithms. The company operates its own network with SIP servers and codecs, but all encryption and security remain on endpoint devices.
Just 35 percent of the company’s business is in North America, with the rest of it off-shore in countries where security has long been a bigger issue than here. “We look at things in a bit of a bubble here compared to the rest of the world,” Janke said. People in Europe and Asia not only have to worry about NSA snooping, but also about their own intelligence agencies.
Although it is available in time to take advantage of the post-PRISM boom in secure communications, the new console was in the works well before the NSA leaks. “It took five months for our team to create this,” Janke said, primarily because of the security required for the portal. The console is a business management tool only and has nothing to do with encryption. It does not hold or manage keys and does not have access to message content. “It in no way, shape or form touches the technology.”
Despite the unexpected growth, Janke said Silent Circle is holding to its course for releasing new products this year, several of which, requested by government customers, now are in beta. These include encrypted file transfer from desktops, secure video conference calling and encrypted voice mail.