Thanks to the NSA privacy scandal, business is booming for services that claim they can keep mobile phone communications away from prying eyes and ears. One of the most high profile among them is Silent Circle, a National Harbour, Maryland-based firm whose monthly revenue has increased more than 400 per cent month-on-month since June 6, the landmark day that documents leaked by Edward Snowden revealed a mass, government snooping campaign called PRISM.
After moving to bigger offices three times in the last five months, the privately-funded company is living out of boxes and expects to ramp up staff numbers from 64 to 100 by year’s end.
The biggest surprise for its founders: a significant interest from enterprise customers, which now make up 40 per cent of Silent Circle’s revenue.
“We never saw that coming,” says CEO Mike Janke. “We didn’t realize global businesses had such a problem as it relates to mobile security and BYOD [bring your own device]… We thought we’d make a nice business, solve a problem, have 50-75,000 customers.”
Now Silent Circle is forecasting 2-3 million subscribers by the end of 2013, spanning individuals, corporations and various government agencies and militaries from around the world. Having launched in October 2012, Silent Circle says it became profitable in late May 2013. Earlier this year it sold 35,000 one-year subscriptions to luxury phone maker Vertu, which pre-installed the software on phones that are popular among the super-rich.
While individuals can download Silent Circle’s four mobile apps for $10 a month – encrypting phone calls, video and text messages in the country they originate – businesses will typically buy bulk subscriptions for their staff, along with a management console for $1,500. They’ll get a discount of 5-15 per cent depending on the number of subscriptions they buy, and while that can range in the thousands, it can end up being cheaper than the cyber-security packages they might buy for desktop networks.
“Typically they were spending $3-million on some kind of IT security and very little dealt with mobile,” says Janke. “For $200,000 they can cover not only their devices but the devices of their sources and management them with a management console.”
While the NSA snooping story has boosted the number of individuals who want their phone calls and text messages to remain private, corporations can at least put a palpable dollar value on their privacy.
Gregg Smith, CEO of mobile security firm Koolspan recounts a story from the last year where an executive at a board meeting inadvertently became a spying conduit after the microphone of their mobile phone was activated without their knowledge. The organization that was listening in (Smith says it was not a hedge fund) went on to short the company’s stock and net itself $30-million. “Dollars are being shifted from network attacks to attacks on mobile devices,” says Smith, who has also seen an increase in customer interest since the NSA spying scandal broke.
While Koolspan provides a hardware-based chip, Silent Circle’s products are software based, and represent a bespoke alternative to smartphone vendors like Samsung and BlackBerry, whose SAFE and Balance programs offer IT departments blanket protection for staff devices. With Silent Circle apps, staff can use a smartphone of their choice while setting their own security boundaries through use of the subscription.
Silent Circle’s encryption technology works a little like a virtual private network, particularly when it re-routes a call from say, Shanghai, to a phone that doesn’t have the app in Ohio. The call will go through Silent Circle’s servers in Canada, before hopping onto the public telephone switch gateway.
The company says it is unique to other Voice Over Internet Protocol (VoIP) services like Skype because it avoids keeping the keys to unlocking each customer’s encrypted data. It means that even with a U.S. court order, Silent Circle would not be able to hand over identifying metadata about its clients, or the content of their communications.
Phil Zimmerman, Silent Circle’s co-founder and the inventor of popular e-mail encryption software PGP, says most VoIP services don’t use encryption, and most of the few that do use protocols that share encryption keys with their servers. “Whoever controls that servers is in a position to use your key to read your traffic,” Zimmerman says.
Avoiding encryption keys and refusing to build backdoors is partly a business decision, he adds, since it would put off government customers. To get street cred from the cyber security community, Silent Circle has published its application source code on GitHub where other hackers can check its validity, although at least one critic claims the source code is incomplete.
Silent Circle’s product may be well timed, but its encryption protocols have been a long time in the making. “I’ve been wanting to do it with secure telephony for longer than I wanted to with e-mail, but 20 years ago the industry wasn’t ready,” says Zimmerman, who has been working on secure voice protocols for about eight years now. Zimmerman had been promoting software to secure phone calls through his own website, ZFone.com, in late 2011 – and not making much money from the venture – when Janke first sent him an e-mail with a business idea.
“We talked on the phone,” Zimmerman remembers. “He pitched the idea that he want to start a company to do secure VoIP, secure text messages and secure email, and he wanted to provide it to military people serving overseas so they could speak to their families. He wanted it for other things too like banks, oil companies and all kinds of enterprise customers, but it sounded like a great idea to me and so I said, ‘Sure.’ And that’s what we did. It’s kind of an unusual partnership.”
While Janke used to be a U.S. Navy Seal, Zimmerman was once the target of a three-year criminal investigation because of his work with PGP. The incongruity goes further. What does Zimmerman think about his American customers using the same Silent Circle software as certain American intelligence agencies, to hide from said intelligence agencies? Zimmerman laughs. “I love it,” he says.