Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

KPN to offer encrypted Silent Circle services, experts question security and value

Dutch telecommunications company KPN announced on Wednesday that it has entered into a partnership with encrypted communications firm Silent Circle and will be offering customers encrypted phone call and messaging services.

Customers will be able to make and send end-to-end encrypted phone calls and text messages on their iOS and Android mobile phones by June, according to a KPN release translated by Google, which explains that the services will be part of a Silent Circle package available for download over the KPN Cloud Store.

A spokesperson with Silent Circle and KPN did not respond to a SCMagazine.com request for comment, but John van Vianen, director of business market with KPN, was quoted in the release as saying that KPN feels a responsibility to contribute to privacy and security for its customers.

In a Wednesday email correspondence, Seth Schoen, senior staff technologist with Electronic Frontier Foundation, told SCMagazine.com that this is a good step.

“I'm glad to see people recognizing the importance of encrypted phone calls,” Schoen said. “This is the first time I've ever seen that from a carrier. Without it, the cell phone infrastructure is really extremely fragile and not able to protect calls against eavesdropping.”

Schoen said that KPN and Silent Circle still have their work cut out for them, particularly in reassuring customers that copies of the app distributed to actual end-users contain no backdoors.

Terence Spies, CTO with Voltage Security, told SCMagazine.com in a Wednesday email correspondence that this move will be convenient for customers, but may represent be a security issue since users will have to rely on and trust the network that is moving their traffic.

“For some customers that are concerned about privacy, they may have concerns about buying a solution that is bundled by the telecom, as opposed to something they install and administer themselves,” Spies said. “In the U.S., I suspect that telecom privacy solutions will be a fairly niche product and the consumers of that kind of product are likely to view a bundled solution as somewhat suspect.”

Some carriers have hinted that they do not provide these types of services because of government pressure to give up backdoors into encrypted communications, Schoen said, citing incidents in the United Arab Emirates and India as recent examples.

“Only countries like Saudi Arabia and Singapore are likely to block these types of communications,” Tanuj Gulati, CTO of Securonix, told SCMagazine.com in a Wednesday email correspondence. He added that he expects to see these types of partnerships developing in the U.S.

Philip Liberman, CEO of Lieberman Software, told SCMagazine.com in a Wednesday email correspondence that he does not see the value in these services being offered to ordinary users.

“The reality of today's voice communication is that no intelligence agency can afford to record all voice calls, and those that need encrypted communication already have it,” Lieberman said. “So, I am not sure of the value add here, other than someone trying to create a business model around paranoia.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.