[cryptography] open letter to Phil Zimmermann and Jon Callas of Silent Circle, re: Silent Mail shutdown

ianG iang at iang.org
Sat Aug 17 05:41:39 EDT 2013

On 17/08/13 00:46 AM, Zooko Wilcox-OHearn wrote:

> We're trying an approach to this problem, here at LeastAuthority.com,
> of “*verifiable* end-to-end security”. For our data backup and storage
> service, all of the software is Free and Open Source, and it is
> distributed through channels which are out of our direct control, such
> as Debian and Ubuntu. Of course this approach is not perfectly secure
> — it doesn't guarantee that a state-level actor cannot backdoor our
> customers. But it does guarantee that *we* cannot backdoor our
> customers.

Other than the open source solution [0], how does one do it?  The 
example of Skype and its self-immolated reputation for security is 

In order to gain early credibility for its closed source solution, it 
commissioned an audit of the tech.  This audit gave it a good passing 
grade, and specifically indicated that there were no known weaknesses, 
and the claims were good.  The aggressive cryptographic community was 
duly impressed.

However, an audit is a point-in-time review.  That means it is only true 
for that period of review.  Auditors will specifically state that you 
cannot rely on this review for a prediction of the future.  The audit 
must be repeated at some sort of regular interval to stop the company 
changing its mind.  The audit process must be a commitment to 
continuation, so as to control that possibility.

In contrast, the public widely believes that an audit is a prediction of 
the future (and the audit _profession_ does nothing to dissuade that 
view).  So Skype left that audit sitting there, and decided itself never 
to repeat that audit [1].  Fast forward nearly a decade, and the house 
of cards came tumbling down:  first the Heise discovery (as confirmed by 
Adam Back here) and then the PRISM claims [2].

So back to Silent Circle.  One known way to achieve some control over 
their closed source replacement vulnerability is to let an auditor into 
their inner circle, so to speak.

But if they wish to do this, they should not repeat the Skype mistake. 
Especially as this is the known & routine PLC of a cryptographic tool: 
first gain the trust of the cypherpunks, and promise them the world. 
Then, when sale time comes, gain the trust of the NSA, and the promise 
of future business.


[0]  Remember that PGP Inc also tried the open source way.  In the long 
run, it didn't help.  If you compare on brutal measures, Skype succeeded 
with closed source, PGP Inc failed with open source.  Of course it is 
more complicated than that, but the end-delivery of security is 
something that can be measured and can be relied upon.

[1]  Nor to ever mention it, as rumour has it.  As time went on, the 
audit became more and more of an embarrassment...

[2]  Rumour/hearsay confirms:  Skype put the bad stuff in after the eBay 
sale, and before the Microsoft sale (who for their sins were happy 
either way).  Up until around that time, the various European agencies 
were lividly trying to gain access, and agitating in the press.  We know 
they got attack kits, and they also went quiet around the same time: 
It's been a long time since a western TLA has complained about Skype -- 
go figure.

More information about the cryptography mailing list