If you’re running a company whose whole purpose is devoted to protecting people’s private communications, what do you do when the cops show up and say, “Look, we want to see what people are writing to each other, and we don’t want you to tell your users that we’re looking.”
That’s a question that’s been anticipated by TunnelX, the new super private messaging application that we previewed recently. Now, it is launched on the web and as an app in the iOS and Google Play stores.
To mark the occasion of the app’s launch, the cofounders of the company organized an event at Manhattan’s SubCulture on Wednesday — a mixer followed by a conversation between CEO Eric Liftin, Harvard professor Laurence Tribe, a lawyer, a privacy-focused journalist and the CEO and CTO of Salon.
“You don’t have to have anything to hide to care about privacy,” Tribe, a professor of constitutional law, said at the event. In fact, the TunnelX team hopes that users will enjoy the app not just because it’s secret, but because it makes their conversations feel more special.
Many Internet users feel that the big service providers are crossing the creep line in monitoring and tracking behavior.
Ian Samuel, the practicing attorney, introduced himself by saying, “If you want to have a private conversation, there are no real legal, reliable guarantees that you can count on.”
Samuel recently litigated a case concerning Lavabit, a secure email service that Edward Snowden used to communicate with the press and activists. When the feds came, Lavabit founder Ladar Levison became something of a web sensation when he decided to shut down the service rather than comply with government demands to turn over information about its customers. For more, start with the Wikipedia page.
The point is this: TunnelX has entered into much of the same space, but with a critical structural difference that reflects advances in encryption since its predecessor began. Put most simply: Lavabit was heavily encrypted, but its founder had all the keys. He could, if he chose, see what people were writing. It’s the sort of trust most of us put in the providers of services.
You don’t have to trust TunnelX, though. Their databases store encrypted data. You have the keys on your devices. Which means that you really need to not lose that key if you want to get back into your messages, because they can’t help you get back in if you do — at least not yet.
The first key to your conversation is an image you select. In a major user experience improvement on earlier versions, somehow that image is used to generate a very strange standard English sentence. You send that sentence to the person you would like to communicate with. You also send the person a PIN that the app generates. There’s more complexity that follows to keep the conversation secure.
Daniel Menaker, author and former editor at The New Yorker, asked Liftin what he is going to do if the cops show up one day and ask that they quietly change the system so that they can have a look at what users are writing. Liftin said that he, his cofounder Steve Schneider and the startup’s advisors have talked through a wide array of options as to what they might do under a number of different scenarios.
Liftin said: “I’m not going to reveal those cards at this time.”
One intriguing idea he mentioned was what’s called, “Warrant Canaries.” A secure site could simply post a message every day that said, “As of this posting, we have never been served with a warrant by any government agency.”
If that message went up every day and then one day they were served with a warrant that also ordered them not to state that they had been served with a warrant, they could simply not post the message. Which would effectively be the same thing as notifying the public that they have been served with a warrant.
Samuel suggested that the courts might not be very moved by a hack like that, which raises the possibility that the authorities could simply make a service provider lie.
During the Q&A session, one questioner asked whether or not the company was worried about real terrorists using the service. Liftin said that any service can be used to do wrong, however, in his research, he found that the real bad guys tend to have their own engineers and their own services and they only trust the networks they’ve built in house.
Members of the Technical.ly team have been trying out TunnelX. We can confirm that it works and that the user experience has improved a lot with the shift to an app. One element that has tripped us up: right now there are no notifications, though you can understand why with a service that’s first and foremost about security.
Some other existing apps in the space include Threema, Heml.is, Criptext and one from Blackberry.
Join the conversation!
Find news, events, jobs and people who share your interests on Technical.ly's open community Slack