After that, however, the encryption becomes invisible. When you contact another Silent Circle user, the two apps quickly exchange data to set up a one-time encryption key; you both confirm it worked by verifying that you see the same sequence of words in the app. In one call, this was the unintentionally-timely "stormy handiwork"; in a text, it was "Uniform Quebec One One."
After each exchange, the software destroys that key after computing a "hash" value from it, which it will use to generate the next one-time key. The company never sees each key.
Silent Circle says it will publish its source code for others to inspect. Matthew Green, a computer-science professor at Johns Hopkins University, is waiting for that but said its system "looks like a pretty solid protocol."
Green also noted one unavoidable vulnerability: You can be spoofed if somebody takes a caller's phone and imitates their voice. Zimmermann called that the "Rich Little attack" at a meeting in September.
ANALYSIS: Eye Movements Could ID Computer Users
Christopher Soghoian, a privacy researcher with the American Civil Liberties Union, also wanted to see Silent Circle show its code so outside researchers could "beat up their text encryption protocol" to test for any vulnerabilities.
(My conversations with Green and Soghoian happened over unencrypted e-mail.)
Over a series of calls, I ran into a different issue: audio dropped out briefly, and video calling suffered from sluggish frame rates and sometimes the absence of audio. There's also no voicemail.
The Silent Text app requires more trust, since you can't verify a person's identity by their voice in it. Its "Burn Notice" feature can wipe messages after a preset interval, but you can defeat that with screen captures.
In the coming weeks, Silent Circle plans to offer the option to call conventional numbers from the app–which could help travelers calling the U.S. from countries that tap phone lines. A Silent Mail service is also on the way.
The company has already drawn business from governments and corporations (not to mention some anxiety from the latter), and it will offer free service to human-rights organizations. Will individuals pay $20 a month for calls no government can tap? You tell me.
Credit: Rob Pegoraro/Discovery