None of us should be surprised anymore about the increasing digital privacy risks to our lives. It’s a rare day when we don’t read headlines of the latest enterprise whose data was compromised and is facing losses in the millions, or about individuals who’ve had intimate secrets revealed. Some people might argue that being an “average Joe” makes them immune to these threats, but if you still believe only celebrities should worry, just read the recent case about the Ashley Madison breach.
The situation is even more critical from the perspective of corporations of any size. While larger enterprises seem to be more evident targets and concentrate most of the attention from the media, smaller companies face similar and sometimes larger risks, since recovering from the economic damage of a “digital meltdown” can easily drive them to the brink of bankruptcy.
In this scenario of increasing uncertainty, one thing remains constant: there is no turning back, and the way business is done across the world will continue on an unstoppable tendency towards digitalization. This leaves enterprises, governments and individuals alike looking for the right tools and practices to mitigate such risks. The conversation no longer spins solely around security but policy as well. It’s not only a matter of building a tall fence to protect your home, but also making sure no one leaves the door open during the night. The combination of these two core elements is what we call data privacy.
When we talk about privacy and security, it’s impossible to guarantee absolute safety (and if someone does, it’s a naïve claim). Among the myriad software and hardware solutions that are clamoring for attention in this space, how do we as users know which is the right choice to rely on for our protection? It is a combination of technology expertise, a proven track, and most importantly: trust.
At Silent Circle, we believe openness is the best way to prove all three. By exposing the inner-workings of our secure communications suite and the Blackphone itself, experts around the world can review and help us fix the latest vulnerabilities in record time, as it was the case with the recent Android Stagefright vulnerabilities. On the contrary, a locked-down approach like that followed by the more veteran players like Blackberry or Apple itself might give an initial impression of security; but as their own users have noticed, not only is it opaque, but it kills the agility needed to respond dynamically to the latest threats. We must design privacy-conscious products that people want to use, and break way from closed ecosystems – something that is both natural and increasingly imperative in the new era of BYOD (Bring Your Own Device).
Tackling the issue from a different perspective, there are also political connotations that affect this conversation as a whole. The majority of the worldwide population is subject to lawful interception laws, meaning governments can intercept private communications, in many cases even without an explicit order from a judge. Contrary to the typical solutions that rely on a central server where all users’ keys are stored as in the case of Blackberry, our technology relies on peer-to-peer ephemeral key exchanges. This means that not only would we not have access to users’ encryption keys even if we were sued or served with a warrant to provide them; we also avoid massive deployment costs for large enterprises and carriers alike.
When you make your privacy choices, take your time. Not all privacy tools are made equal.
- Chief Scientist Devices, Javier Agüera