Last year’s revelations regarding NSA surveillance has forced ordinary citizens, cryptography researchers and business organizations to reconsider their use of software without robust security controls. Previously only a small subset of those working within the technology industry or those who had an interest in data security made use of encryption, user access, complex passwords and other security protocols.
In the aftermath of leaks revealing that the NSA has worked to weaken accepted cryptography standards, even security experts are unsure if there are any techniques left which have not been compromised in some way or the other. However that hasn’t stopped consumers and enterprises from clamoring for applications or services which can provide an extra layer of security. Accordingly there has been a rise in the number of apps (for both desktops and mobile devices) which claim to provide secure communication channels between users whether it is for texting or sharing pictures.
The maximum interest appears to be in apps which provide secure calling between phones I.e. encrypted VoIP. While enterprises have generally used some form of encryption for VoIP calls, consumers have fewer options. Though Skype uses encrypted channels and is widely viewed to be secure, the encryption only works when calls are made between users who are both using the service. If a call is made to a PSTN number, the portion of the call that travels through copper lines is necessarily unencrypted and open to interception. Even when complete encryption is possible as in the case of calls between Skype members, users are forced to trust Microsoft since Skype uses proprietary technology instead of open source standards.
Recently a company called Silent Circle started offering ‘out of circle’ calling to its users along with its existing services of Silent Phone and Silent Text. Although this ‘Out Circle Calling’ claims to offer a secure alternative for standard VoIP calls made to cell phones and land lines, it is fairly obvious that calls are not encrypted over the entire distance traveled. If a user makes a call to a cell phone or landline, only the portion of the call that passes between the user and Silent Circle’s server is encrypted. This means that the call is open to interception anywhere from that point on and does not provide any extra security for Silent Circle users.
Even though more people than ever before are interested in secure applications, the very nature of existing voice infrastructure means that complete encryption is not possible. At least not yet.