recommended reading

Contractors Are Now Using Encrypted Calls and Texts for Legal Advice

Maksim Kabakou/

With economic espionage and domestic surveillance creating a climate of cyber insecurity, some intellectual property attorneys now employ encrypted communications to correspond with federal contractor clients.  

Tools such as RedPhone, a mobile voice app, and Silent Circle, a text, video and voice service, are among the more user-friendly technologies in use. Civil liberties activists, dissidents and some journalists have long resorted to cryptography to protect information, but some assembly was always required. The new secret message techniques still require trading a little convenience for confidentiality. 

In an attempt to promote wider adoption, and perhaps his business, James Denaro, a patent litigation attorney with the CipherLaw Group, tweeted  Friday night: "We use@Silent_Circle phone and text and encourage our clients to use it to contact us."

The firm started using Silent Circle about a month ago for calls and texting, and six clients are now active users, he told Nextgov via PGP-encrypted email. About 90 percent of the practice’s federal contractor clients use some sort of secure communications to talk or type with counsel. Adoption is lower among companies outside the government sector, with only a bit more than half of all clients, total, using encrypted correspondence. "Our federal contractor client base is relatively technically adept,” Denaro said.

CipherLaw began communicating through PGP-encrypted email when it opened in 2011. Twenty-two-year-old PGP, which stands for pretty good privacy, scrambles messages in a way that requires a unique, private "key" to decode. Along with PGP and Silent Circle, clients also use RedPhone, developed by Open Whisper Systems, and X.509 encryption, another technique for digitally locking emails.

"While there is concern about government surveillance at the moment, there have long been concerns about corporate espionage or security failures at third-party systems through which communications pass or are stored," Denaro said. The financial loss attributed to economic espionage is hard to pin down, with estimates ranging from $13 billion to, as recently reported by the Commission on the Theft of American Intellectual Property, more than $300 billion. 

Competitors and foreign adversaries poach trade secrets by accessing data stored in systems and intercepting data in transit, the way the U.S. government sometimes bugs communications. In fact, the FBI has proposed forcing Web services to build "back doors" into their technology for wiretapping -- a tactic that critics argue would let in eavesdroppers who don't have U.S. citizens’ best interests at heart. 

"While most corporate clients aren't particularly worried about the U.S. government misappropriating their intellectual property in connection with a surveillance program, there is a pervasive concern that any backdoors make systems less secure," Denaro said. 

In May, Silent Circle co-founder Phil Zimmermann condemned the FBI’s proposal. Zimmermann invented PGP. Another company co-founder, former Navy SEAL Mike Janke is slated to discuss the tension between national security and privacy at the Nextgov Prime conference in October.  

"The voice and text message offerings from Silent Circle and Open Whisper Systems are relatively easy to use while still offering a high degree of security,” Denaro said. “Unfortunately, most of the software offerings for PGP email encryption are somewhat difficult for many users to configure and use.”

As secure communications tools become more expedient, he expects to see additional clients take to encryption. 

The American Civil Liberties Group applauded CipherLaw’s legal maneuver. 

ACLU privacy technologist Christopher Soghoian tweeted late Friday, "Cyber security focused law firm the Cipher Law Group encrypting calls with clients. I hope this is a trend."

(Image via Maksim Kabakou/

Threatwatch Alert

Credential-stealing malware / User accounts compromised / Software vulnerability

Android Malware Infects More than 1M Phones, Adds 13,000 Devices a Day

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.