You realize the developer of PGP and the technical cofounder of Silent Circle are the same person, right?

Bittorrent isn't really a great example either... How long do you think The Pirate Bay would last hosted in the US?

I think the point is that silent circle is secured by policy, not by technology. The validity of their security assertions only extend as far as you trust their word.

It's hard for anything but policy to protect against denial of service (legal attacks against the company). Even if you have technical security which prevents compromise of data, they can shut the business down.

CALEA means you are actually prevented from building/operating some kinds of privacy tech within the US (PSTN voice without wiretaps for sure, and PSTN-interconnected VOIP is a gray area; a mobile-focused VPN would be a gray area too, although not as dark as some.)

I didn't know Tor, Bittorrent and Bitcoin use laws to protect themselves from DoS.

They do in that the organizations involved clearly dissociate themselves from running critical operational infrastructure, or getting involved with the potentially-illegal activities enabled by their tools.

If Tor Project ran a large number of Tor nodes directly, they'd be open to very simple legal attacks.

Those are protocols, not companies or even services... That's like saying ZRTP or SCIMP are using laws to protect themselves...

There are certainly examples of companies using the protocols you listed that have chosen where they operate with great care...

As a service provider you have to provide access to a fairly low percentage of data on your network under CALEA. But CALEA does not make end-to-end data protection illegal. You are not obligated to steal your customers' keys or access their endpoint equipment.

In practice, many operators do offer up access to 100% of their traffic, and to their endpoint devices to law enforcement and security agencies, but it's not a CALEA legal requirement.

You don't have to take anyone's word for anything...

https://github.com/SilentCircle/silent-phone-android

> secured by policy, not by technology

I'd say the goal can only be to maximize both, because no single factor will ever give you the best solution.

And their strategic positioning certainly also benefits from this move.

These are not two equal factors. Policy == human promise. Solid tech works regardless of promises.

Pirate bay is not Bittorrent. Bittorrent, Tor and Bitcoin are all services. But they are not centralized in hands of one person who needs to live in CH. They are distributed among thousands of small nodes which makes the entire service truly reliable. Also: each user stores the keys to his destiny vs. giving them to a single trusted party.

Silent Circle's services are designed to be 'untrusted.' Keys never leave the client. Feel free to build the client yourself, the code's on GitHub (the android clients are currently a bit easier to build than the iOS versions... ).

The problem is that the GP conflates software with services. Everything he mentioned is software/software companies, Silent Circle is a services company.

Besides, as you mention, the apps are open-source anyway.