13 July 2015
Encryption has become an important tool for journalists ever since we heard the news about global surveillance operations back in 2013. In the wake of the disclosures, journalists discussed how best to protect their sources. Encryption is now seen as a standard protection for email, but what about phone conversations? Szabolcs Kun is the Hungarian Co-founder and CEO of Arenim Technologies - a Swedish-Hungarian startup set up to enable clients to protect their phone calls and maintain their privacy. Arenim Technologies operates the encryption service, CryptTalk. Following fresh revelations about the security of mobile phones earlier this year, GEN talked to Szabolcs Kun about how CryptTalk's software can help journalists to sidestep eavesdroppers.
Q. CryptTalk is a start-up that specialises in making untappable, secure phone systems with no back door entry. How does the security work?
CryptTalk uses end-to-end, strong encryption, with strong authentication. It is a peer-to-peer system, so there are no central servers involved. Maximum security is ensured through the systematic use of best practice cryptography algorithms and methodologies, without a need for specialised hardware. As a result, not even Arenim’s developers can decrypt the content of secure CryptTalk calls and messages. One of the consequences of not employing central servers is that we cannot provide a “back door entry.” Calls and messages are not stored anywhere; they are peer-to-peer. Voice quality is excellent and the app is designed with not just the users’ security in mind, but also ease and convenience of use. In order to CryptTalk, all you need is a “plain vanilla” iPhone. In addition, all parties must be registered and have subscriptions to the service. In light of the above, CryptTalk is a unique solution on the market.
Q. We are familiar with stories of journalists hacking into the phones of celebrities and other public figures, but we don’t hear so much about people hacking into the phones of journalists. Is mobile phone protection much in demand by people working in the media?
Several news organisations and their journalists in Hungary are CryptTalkers. Increasingly journalists are becoming aware that they do not necessarily have to meet in person with their “source”, which might put the source at risk, but can have a secure mobile conversation with them using CryptTalk. Other users are foreign correspondents reporting back on politically sensitive topics from “fragile states.” Arenim is happy to support independent, investigative journalists with CryptTalk.
Q. What kind of phone hacking horror stories have you heard?
We know of several “horror stories” first hand. Often these involve the executives of multinationals involved in bidding type situations and negotiating concession type transactions in “fragile states.” But there are several horror stories in the public domain. Just think of the Snowden revelations or the alleged US wiretapping of international leaders.
Q. Among CryptTalk’s clients working in the media industry, are you able to see whether there is more demand from one particular area of the world and, if so, are you able to account for that demand?
There seems to be demand for secure mobile voice communications everywhere. This trend is highlighted by the fact that CryptTalk is already available in Chinese!
Q. How can you stop terrorists or agents of organised crime from using this kind of data protection on their phones?
CryptTalk was developed so that illegitimate third parties cannot eavesdrop mobile phone conversations between legitimate corporate or private users, and gain access to their commercial or private information. Given the technologies on which CryptTalk is based, Arenim Technologies cannot “control” the service. However, as opposed to most free apps, CryptTalk is subscription based. Users must register and provide billing and payment information, which ultimately identifies them. Furthermore, Arenim Technologies can shut down the service to any user who becomes the target of a legitimate legal investigation for suspected criminal activity. This would prevent the person from any further secure communication using CryptTalk.
Q. Every time a mobile user downloads an app, they are asked to give permission for the app to access their personal data. Is this unavoidable, even for Crypttalk?
CryptTalk does not upload to the cloud and use your contacts on your mobile device. From the security point of view, this is a crucial differentiating feature from most of the free-of-charge, “just download” services, which upload all or part of the contents of each user’s address book.
CryptTalk has a dedicated contact list, which is distinct from your phone’s contact list. This ensures privacy and discretion. You can only use CryptTalk with contacts and business partners who are also registered CryptTalk users and who have consented to being connected with you.
In summary, we do not use the data in your device’s address book in any way whatsoever.
Note: For more information on mobile phone encryption services, see: Kaspersky Mobile Security; AVG Mobilation Anti-Virus Pro; Norton Mobile Security as well as other review articles on mobile phone encryption services.
Photo Credit: Flickr Creative Commons License. Photo by Ant Jackson from "Impressions of London".