Developer’s silence raises concern about surespot encrypted messenger
1. AntiPolygraph.org News
News about polygraphs, voice stress analyzers, and other purported
"lie detectors."
Menu
Skip to content
Developer’s Silence Raises Concern About Surespot
Encrypted Messenger
Posted by George Maschke on 7 June 2015, 5:27 am
In June 2014, I suggested
Surespot Encrypted Messenger to visitors to AntiPolygraph.org as a secure means of contacting me, and I’ve
been including my Surespot address (georgemaschke) in my signature block on message board posts and e-
mails, as well as on AntiPolygraph.org’s contact page. Now I’m not so sure about Surespot. I fear the developer
may have received a secret demand to facilitate electronic eavesdropping on Surespot users, as did Ladar
Levison, who operated the now defunct Lavabit e-mail service.
Surespot is a free, open source, easy-to-use app for Android and iOS that allows users to exchange encrypted
messages using public key cryptography. The source code is available on GitHub. Surespot is provided by
2fours, a small company run by Adam Patacchiola of Boulder, Colorado.
The Electronic Frontier Foundation’s Secure Messaging Scorecard gives Surespot relatively high marks:
2. Before recommending Surespot, being cognizant of the Lavabit saga, I e-mailed Berdovich and Patacchiola to
ask about any governmental demands for information, sending the following questions on 31 May 2014:
1 – Have you ever received a National Security Letter?
2 – Have you ever received a court order for information?
3 – Have you ever received any other request to cooperate with a government agency?
Berdovich replied that the “[a]nswer to all three questions is no.” Because Surespot’s website doesn’t include a
warrant canary, I wrote again on 12 Novembember 2014 asking the same three questions. Patacchiola, who
programmed Surespot, replied the same day: “1 and 2, still no, 3 we have received an email asking us how to
submit a subpoena to us which we haven’t received yet.”
The following day, I asked Patacchiola if he could say what agency or organization is seeking details on how to
submit a subpoena. He did not reply.
In April 2015, I sent Patacchiola a similar set of questions but received no reply. I wrote again on 25 May 2015,
asking:
1. Has 2fours received any governmental demand for information about any of its users?
2. Has 2fours received any governmental demand to modify the surespot client software?
3. Has 2fours received any governmental demand to modify the surespot server software?
4. Has 2fours received any other governmental demand to facilitate electronic eavesdropping of any kind?
If the answer to any of the above questions is yes, can you elaborate?
I have also attempted to contact Berdovich and Patacchiola via the Surespot app itself but have received no
reply. While its possible that they’ve simply tired of being pestered by me about government demands for
information, I don’t think that’s the case and suspect they are under a gag order.
Surespot is doubtless of interest to U.S. and British intelligence and law enforcement agencies because of its
adoption by English-speaking supporters of the Islamic State. In February 2015, the U.K. Daily Mail reported
that the Islamic State in Iraq and Syria (ISIS) was using Surespot to recruit British brides for jihadis:
3. And on 26 May 2015, the U.K. 4 News ran a story heralding “Intel fears as jihadis flock to encrypted apps like
Surespot”:
4. While Islamic State supporters may use Surespot, so too do a diverse group of people, including individuals
who wish to contact AntiPolygraph.org privately. The Google Play Store indicates that the Android version of
Surespot has been installed 100,000-500,000 times. It would be inappropriate for any government agency to
take action that would compromise the privacy of all users of a messaging service in the course of its effort to
5. investigate one, or a few. But that is what happened to Lavabit, the privacy-focused e-mail service used by NSA
whistleblower Edward Snowden. The government secretly ordered Lavabit’s proprietor, Ladar Levison, turn
over his server’s secret key, and forbade him from telling anyone about it.1 I fear something similar may have
happened to Surespot’s Adam Patacchiola.2
Update (12 June 2015): The day after this post went online, on 8 June 2015, the Surespot server
(server.surespot.me) experienced an outage, two references to which are to be found on Surespot’s Facebook
page. Two days thereafter, on 10 June 2015, the U.S. Department of Justice filed a Statement of Facts (PDF) in
U.S. v. Ali Shukri Amin that mentions the use of Surespot by the defendant, a supporter of the Islamic State in
Iraq and the Levant (ISIL):
11. In or about late November or early December 2014, the defendant put RN [Reza Nikbakht] in touch with an
ISIL supporter located outside the United States via Surespot in order to facilitate RN’s travel to Syria to join
and fight with ISIL.
…
18. On January 16, 2015, an overseas ISIL supporter communicated to the defendant via Surespot that the group
of ISIL supporters, including RN, had successfully crossed over into Syria.
The Statement of Facts does not specify how the Department of Justice came to know these details. Under terms
of the plea agreement (PDF), Amin “agrees to provide all documents, records, writings, or materials of any kind
in [his] possession or under [his] care, custody, or control directly or indirectly to all areas of inquiry and
investigation.”
In addition, Amin also agrees that, at the request of the United States, he “will voluntarily submit to polygraph
examinations, and that the United States will choose the polygraph examiner and specify the procedures for the
examinations.”
1. Levison contestedthe secretorderin court,but lost.He ultimately turned overhis secret key aftershutting downLavabit entirely.
He was threatened with arrest forclosinghis own business.[ ]
2. On 22 May 2015, the Daily Mail reportedthatCherie Berdovich “left the [Surespot]organisationlast summer.” [ ]
Filed under Other | Tagged surespot | 3 Comments | Permalink
3 Comments
1. Terry Moonshine
9 June 2015 at 9:19
It’s probably no coincidence the Surespot guys keep quiet; I can’t imagine they stopped responding
because they got tired of answering your questions (given what it must lead you to believe, that’d be
incredibly stupid).
6. Have you heard of Threema? This secure messenger is based in Switzerland, where strict privacy laws
prevent such government interventions.
Reply to this comment
o aix
11 June 2015 at 23:30
Even if an app is developed in a good jurisdiction, it is delivered to your device by a US
company (Apple, Google, or Microsoft) which can be legally compelled to give you (or ‘update’
you to) a modified version or sideload a bit of covert surveillance code. NSA simply will not
allow “secure communications” apps to operate unchecked.
Reply to this comment
2. Steve Kinney
9 June 2015 at 16:27
Thanks for publishing this. It’s relevant to security issues way beyond antipolygraph.org, and any
attention it draws to your own work is also a Good Thing.
The problem at hand is a special case within a larger context: No product or service can guarantee
confidential or anonymous communication. People need to examine their security needs vs. the
adversaries who create those needs on a case by case basis, and find best fit solutions. The objective is
not to make it impossible to breach one’s security – that is impossible – but to make it cost likely
adversaries more than it is worth for them to do so, without spending more than it is worth to protect
your own assets. In this context, good enough solutions are usually available.
If I wanted to communicate “very privately” with your organization under adverse conditions, such as
protecting a lucrative security clearance, my first option would be “do not do it at all.” I might ask a
trusted friend or family member to download and print documents for me.
My second choice would be to use TOR via the TAILS operating system at an open residential WiFi
router, download any documents I need and wrap it up quickly. Using any “anonymous” communication
tool that does not have a long track record and/or has not received substantial peer review would be out
of the question, as would using any application however trustworthy, on an inherently insecure platform
i.e. a Microsoft operating system or any “smart phone.”
Another factor, relevant when State adversaries are included in the threat model, is that some methods of
breaking network security are “too secret” to be disclosed by using them against low level adversaries,
because this might lead to much more important targets learning that the attacks in question exist. This
may be a very relevant factor for visitors to antipolygraph.org, since the hostile actor in this instance is a
clusterfuck of State Security services.
Personally, I am quite sure that the TOR network (and all other remix networks) are vulnerable to a
simple but rather expensive attack that enables tracking of most users, most of the time; but also, that
this capability is “really” secret and used for genuine military intelligence purposes only. If private
7. parties using TOR, i2p, Mixmaster or etc. were penalized for policy or legal violations discovered
through de-anonymization, no intelligence service or “terrorist” organization, however low budget,
would continue to use those networks. The continued value of attacks in this category depends on not
using the intel they make available except in cases of genuine importance to The National Interest. (We
used to say “National Security” but nowadays aggressive trade wars have displaced that as DoD’s
principal mission.)
Anyhow, thanks again. I have been a fan for a long time and I use any excuse I find to promote
antipolygraph.org.
Reply to this comment
https://antipolygraph.org/blog/2015/06/07/developers-silence-raises-concern-about-surespot-encrypted-messenger/