If youre making a phone call with your iPhone, you used to have two options: Accept the notionthat any wiretapper, hacker or spook can listen in on your conversations, or pay for pricey voice encryption software. <\/p>\n
As of today theres a third option: The open source software group known as Open Whisper Systems has announced the release of Signal, the first iOS app designed to enable easy, strongly encrypted voice calls for free. Were trying to make private communications as available and accessible as any normal phone call, says Moxie Marlinspike, the hacker security researcher who founded the nonprofit software group. Later this summer, he adds, encrypted text messaging will be integrated into Signal, too, to create what he describes as a single, unified app for free, easy, open source, private voice and text messaging. <\/p>\n
Signal encrypts calls with a well-tested protocol known as ZRTP and AES 128 encryption, in theory strong enough to withstand all known practical attacks by anyone from script-kiddy hackers to the NSA. But WIREDs test calls with an early version of the app, after a few false-starts due to bugs that Marlinspike says have now been ironed out, were indistinguishable from any other phone call. The only sign users have that their voice has been encrypted is a pair of words that appear on the screen. Those two terms are meant to be read aloud to the person on the other end of the call as a form of authentication. If they match, a user can be sure he or she is speaking with the intended contact, with no man-in-the-middle eavesdropping on the conversation and sneakily decrypting and then re-encryptingthe voice data. <\/p>\n
Like any new and relatively untested crypto app, users shouldnt entirely trust Signals security until other researchers have had a chance to examine it. Marlinspike admits there are always unknowns, such as vulnerabilities in the software of the iPhone that could allow snooping. But in terms of preventing an eavesdropper on the phones network from intercepting calls, Signals security protections are probably pretty great, he says. <\/p>\n
After all, the technology behind Signal isnt exactly new. Marlinspike first took on the problem of smartphone voice encryption four years ago withRedphone, an Android app designed to foil all wiretaps.Signal and Redphone both use an encryption protocol called ZRTP, invented by Philip Zimmermann, the creator of the iconic crypto software PGP. <\/p>\n
Zimmermann has developed his own iPhone implementation of ZRTP for his startup Silent Circle, which sells an iPhone and Android app that enables encrypted calls and instant messaging. But unlike Open Whisper Systems, Silent Circles charges its mostly corporate users $20 a month to use its closed-source privacy app. Signal offers the same services gratis, making it the first free encryption app of its kind for iOS. <\/p>\n
Since Silent Circle users are limited to calling only contacts with the same paid software installed, its practicality for non-business users has been limited. Though Signal and Redphone users similarly cant make encrypted calls to users without Open Whisper Systems apps installed, they can make secure calls from one app to the other, a feature that will make both Android and iOS-encrypted calling apps vastly more practical. Marlinspike notes that journalists hoping to communicate privately with a source, for instance, would have a difficult time convincing them to shell out for an expensive subscription app. If you want the ability to, in principle, call anyone securely, it really has to be free, says Christine Corbett Moran, one of the lead volunteer coders on Signal. <\/p>\n
Instead of taking the for-profit startup route, Open Whisper Systems will instead by funded by a combination of donations and government grants. Marlinspike says the project has received money from the free-software-focused Shuttleworth Foundation and the Open Technology Fund, a U.S. government program that has also funded other privacy projects like the anonymity software Tor and the encrypted instant messaging website Cryptocat. <\/p>\n
That government funding is ironic given the last years boost in encryption interest from the Snowden Effect: Open Whisper Systems argues, like other encryption projects, that the eavesdropping countermeasures Signal and its Android counterpart provide are more important than ever in the wake of Snowdens year of revelations of blanket spying by the NSA. When I call the United States Im hearing more and more self-censorshiprelatives in the U.S. saying, Id rather talk about this in person, says Moran, who is pursuing a PhD in Astrophysics at the University of Zurich. Thats not a climate anyone should have to live in. <\/p>\n
Open Whisper Systems founder Marlinspike has been a fixture of the security and cryptography community for years, demonstrating groundbreaking hacks like ones that revealed vulnerabilities in the Web encryption SSL and Microsofts widely used VPN encryption MS-CHAPv2. He co-founded the San Francisco-based startup Whisper Systems in 2010 with the intention of hardening the security of Googles Android and providing tools for encrypted communications. But that work took a hiatus when Whisper Systems was acquired by Twitter in late 2011. <\/p>\n
<\/p>\n