
Silent Circle is in the midst of a troubled period - ilarum
http://www.forbes.com/sites/thomasbrewster/2016/07/06/silent-circle-blackphone-losses-layoffs-geekphone-lawsuit/#a2fe2c560df3
======
alister
It continually depresses me that privacy and software security products have
such a difficult time. I very much hope that Silent Circle makes it, but the
landscape is littered with privacy/security products that went nowhere.

But there have been some billion-dollar success stories. Off the top of my
head, they are:

(1) Security Dynamics who invented the little token with ever-changing 6-digit
numbers that you have to enter to login to your remote office computer. You
probably know it today as the RSA SecurID:
[https://upload.wikimedia.org/wikipedia/commons/3/33/RSA-
Secu...](https://upload.wikimedia.org/wikipedia/commons/3/33/RSA-SecurID-
Tokens.jpg)

The hardware was simple (microcontroller, real time clock, and an LCD display)
and the proof of concept for the software could've been written in an
afternoon by a crypto-knowledgable programmer. I genuinely admire this idea as
having the least amount of technical development required to create a billion-
dollar market.

(2) Paper shredders. Fellowes created a billion-dollar market for _personal_
shredders. Seriously, before this market existed, if you told the average Joe
that they needed a shredder for their home, you would have been laughed at.
Then came along all the brouhaha about identity theft, and now Office Depot
and Staples sell dozens of home models.

(3) Firewalls. When I first heard the concept of a network firewall--and this
is going back a long time--my first thought was "What a stupid idea, why don't
they instead fix the bugs that would allow you to penetrate the network?"
Turns out to be a multi-billion dollar market.

(4) Password managers like LastPass and 1Password. I doubt these have reached
a billion in sales, but I figure they will.

(5) Certificate authorities. An early implementation of that idea made Mark
Shuttleworth into a billionaire with enough money to visit the International
Space Station just for fun.

Looking at the list, the threats are sometimes abstract. I do have a home
shredder, but I'll admit that it's very unlikely I'd be a victim of identity
theft if I never shredded. However, the threat that Silent Circle addresses is
_proven_ worldwide surveillance, yet it's a much harder sale. It's very
difficult to predict what privacy/security product will succeed.

~~~
danieltillett
Great list. I am wondering what is going to be next?

~~~
andrey_utkin
Open Source Hardware?

~~~
lisper
[https://sc4.us/hsm/](https://sc4.us/hsm/)

------
vabmit
I been involved in the cryptography/security community for many years. I
continually see privacy/security start-ups struggle. There are lots of
reasons. But, I think the key one is that doing something online securely will
always be more difficult and expensive that doing it insecurely. This truth
was instilled like a law of physics when the internet was first designed.

There's only a certain number of people that are deeply passionate enough
about their privacy to put in the extra effort or pay the extra cost. So,
companies in the space tend to plateau after 2-4 years. They essentially
saturate their markets and the (rather static) size of these markets are
rarely large enough to sustain the company (this is especially true when
hardware is involved in the business plan). In cases where they are
sustainable, I have seen it be at the level of "life style business" rather
than exponentially growing startup that can IPO at a level that will provide
investors a significant return. While there have been exceptions over the
years, I would caution people on HN from doing privacy and security startups
until you sit down and honestly and truthfully estimate the size of the market
that you are targeting.

Us old folk remember another secure phone company before
SilentCircle/Blackphone - CryptoPhone. I have talked with some friends that
remember the CryptoPhone product failure. Some thought that the Snowden
revelations changed things. They thought that such companies would be viable
now due to mainstream market apatite. But, I think over the next few years
we'll see more evidence that this isn't the case.

Privacy is an area that is very easy to get passionate about and become
emotionally invested in. But, it's probably not a great space for your startup
(or for your investment).

~~~
rdtsc
> But, I think the key one is that doing something online securely will always
> be more difficult and expensive that doing it insecurely.

Yeah that is a good way to put it. There are periodic spikes for demand when
there are large publicized security breaches -- Snowden, Sony, Target etc.

Most people out there are hard to convince to jump through extra hoops to get
more security unless they see those around them or themselves being hurt by
not having it.

There is market for silly "rfid wallet blockers" because the story is "it
protects you against identity theft". It is mostly a scam, but the point is
people relate to identity theft, it happened to someone they know probably.

> There's only a certain number of people that are deeply passionate enough

Yap. An additional observation, from talking to a few people at Silent Circle
is that those working there are also deeply passionate about it (why would
they hire anyone who isn't, right?). That is good of course, but is also bad,
because it translates to rose colored glasses when it comes to market demand.

Everyone thinks there are many others out there, who are just as interested
and passionate as themselves, so it is easy to overestimate demand. I think to
a certain extent that the idea behind the lawsuit. Someone somewhere massively
overestimated the market demand.

------
rdtsc
I interviewed with them. It was team of very bright people and I enjoyed
interacting with them. Hopefully everyone I talked to is still there and
didn't have to be let go. Wish them all the best.

In general, for privacy related software there these large segments -- the
enterprise, the government, personal / casual. Sometimes it is hard to find a
single product to appeal to entice all of those segments. The requirements are
just so different. (Well there is also the other type of segment -- the
criminal segment, drug lords will pay cold hard cash for ability to secure
their communications, but you know building a business selling mostly to them
is not healthy for doing well in other segments).

Government wants to control and certify the system in certain ways. Just
getting over the certification red tape mountain is huge hassle. Spending time
doing that means ignoring other segments largely, just because of costs and
time involved. Enterprise wants centralized management of devices (they'd have
thousands or more potentially), that means monitoring and controlling what
employees do or who they use the phones. Personal / casual might involve a
free tier or being able to pay less, this needs to be very user friendly, with
no hassles, and the biggest thing needed is a network effect. If none of ones'
friends are on the network, it is hard to justify using the service.

As for Blackphone, SEAndroid (NSA Secure Android) research project has slowly
been incorporated into latest version of Android but hardware remains a
problem. If there is a closed source firmware blob running on the baseband
processor, and if it can read main system memory, the situation is quite
bleak, it is hard to convince governments or serious enterprise customers that
the platform is secure. I believe the idea with Blackphone to address that was
to ensure baseband processor talks to the main system via a serial interface +
AT style model commands. So perhaps Silent Circle just need to publicize more
those features?

Focusing on the Enterprise market is smart but perhaps it will take another
Sony-like enterprise breach before companies will get scared into spending
more on this.

------
sschueller
How far will they go to save the company? Let's hope they don't take money
from In-Q-Tel[1] which is probably eager to give them what they need (in
exchange for certain things of course).

[1] [https://en.wikipedia.org/wiki/In-Q-Tel](https://en.wikipedia.org/wiki/In-
Q-Tel)

~~~
tptacek
People who say things like this generally have no idea what In-Q-Tel actually
is. Wait'll they find out where Tor's funding came from!

~~~
wglb
Heck, not even that. The original funding for computers as we know them came
from that general area as well.

------
rbcgerard
Honest question - who is the market for this phone?

Very security minded corporate it departments?

From first glance it would seem I would need other people to have silence
circle in order for most of the features to be useful...I don't know anyone
who uses it - why would I be an early adopter as a consumer?

~~~
dexterdog
That's always the problem. They had an app before (maybe they still do) that
worked great for me for calls and texts, but I know knew one person who had
it. I'm better of with Signal, but even there I only have a few contacts on
it.

------
andrey_utkin
When I first met Silent Circle and its products, my opinion was that their
product design is impractical and not convincing for customers. With all
respect to Phil Zimmermann (he really deserves a decent pension).

Either you ditch Android and go fully FOSS (no firmware blobs!) and OSHW with
as little software footprint as possible and get software stack audited and
thoroughly pentested.

Or you are fine with Android and you just provide some additional applications
and maybe services. But this doesn't justify selling a _device_. You know,
there's no such thing like Angry Birds Phone. There's no Facebook Phone
either.

~~~
dexterdog
But it's hard to go full tinfoil without owning the device. I applaud their
effort, but there are just too many interests vested against it.

~~~
andrey_utkin
But you cannot be owning the Android device because Google is owning it by
means of closed-source core components.

Well, manufacturers also aren't going to let you own your device because they
release only blob-stuffed devices.

There's actually no such thing as fully open-source Android:
[https://plus.google.com/+JeanBaptisteQueru/posts/9HHRURorE7g](https://plus.google.com/+JeanBaptisteQueru/posts/9HHRURorE7g)

It feels very silly, but still running Linux kernel self-built from sources on
modern ARM devices is mostly discouraged, and if it works, it's result of
volunteer effort. And even if drivers are there in source, datasheets for
hardware are often not public and one needs to sign NDA to read it.

------
Bartweiss
> in the belief it had secured big distributor agreements with three partners

This line reads _very_ strangely, especially with the followup about one
agreement having some legitimacy.

Did Silent Circle have actual, signed purchase agreements with these
distributors? If so, are they suing, and why is it not mentioned in the
article? If not, why did they think they had agreements?

------
masmullin
Who provides the baseband for the Blackphone?

EDIT: To answer my own question. Qualcomm

------
girvo
Apologies for the meta comment: I'd like to read the article, but the
obnoxious ads on Forbes and the even more obnoxious splash screen that won't
let you through if you use a blocker show me that Forbes web presence is
obviously in a troubled period. Does someone have the text of the article
elsewhere?

~~~
ominous
Archive.is seems to work without showing you that overlay:
[http://archive.is/76nRX](http://archive.is/76nRX)

I removed the trailing hash after #, 'a2fe2c560df31', in the original URL,
before posting it to archive.is. What is that for anyway? For them to log the
source of the URL?

~~~
jessaustin
Yes, the hash is a way to track referrals without relying on the Referer
header, especially in situations that don't involve such headers. (E.g., when
you click on a link in an email, or post to a social site like HN.) I think
you are right to strip the hash before posting, for your own privacy if for no
other reason.

------
eis
When I clicked the link, I got a gray page with a "Quote of the day" in big
font. Nothing else visible on the page, no X to close this or similar.

I was about to close the tab when it suddenly redirected to the article.

What kind of nonsense is this? I mean, seriously Forbes?

[http://i.imgur.com/ALe3s1v.png](http://i.imgur.com/ALe3s1v.png)

~~~
DiabloD3
Closing the tab, and then clicking the link again makes it go away. I think
Forbes links need to be banned on HN until Forbes stops doing this shit.

------
SEJeff
With how intrusive Forbes's ads are, even with uBlock origin, I wish HN would
just disallow stories from forbes.

~~~
sp332
With the adblocker, the full-page quote will only show up once per day. Reload
the page and it goes away.

------
cocotino
This letter makes me cringe. Is this how this stuff works, or they were
stupidly naïve? [https://www.documentcloud.org/documents/2941005-Silent-
Circl...](https://www.documentcloud.org/documents/2941005-Silent-Circle-
Considers-Bankruptcy.html)

