Jon Callas is an American computer security expert,[1]software engineer, user experience designer, and technologist who is the co-founder and former CTO of the global encrypted communications service Silent Circle.[2] He has held major positions at Digital Equipment Corporation, Apple, PGP, and Entrust, and is considered "one of the most respected and well-known names in the mobile security industry."[3] Callas is credited with creating several Internet Engineering Task Force (IETF) standards, including OpenPGP, DKIM,[4] and ZRTP, which he wrote.[3] Prior to his work at Entrust, he was Chief Technical Officer and co-founder of PGP Corporation and the former Chief Technical Officer of Entrust.
On his website, Callas describes himself as "an entrepreneur and innovator in information and business security, including cryptography, operating system security, public key infrastructure, and intellectual property rights," as well as "an innovator in human-computer interactions, collaboration and social virtual reality."[5]
He was a member of the technical staff at Century Computing from 1980 to 1981, then served as principal software engineer at Digital Equipment from 1981 to 1993.[2] While working there, he "got to work on a wide variety of things, from graphics to schedulers to memory management to operating system security," and created a random password generator.[7] At Digital Equipment, he designed the PATHWORKS network operating system as well as software for Macintosh client systems and server systems running VMS or UNIX, and created cross-platform communications between computers running Mac OS, VMS, UNIX, Windows and OS/2, using AppleTalk, DECnet, and TCP/IP networks. He also developed software for 3D, PEX, and DDX for OpenVMS, OSF/1 and Windows NT.[5]
After Digital Equipment folded, Callas co-founded World Benders, Inc., where he worked from 1993 to 1995.[2] At World Benders, he "was the lead architect and developer of Meeting Space, a cross-platform group collaboration product" that "allowed people to conduct meetings in real-time on existing networks."[5]
Callas then held the title of senior scientist II at Apple Computer from 1995 to 1997.[2] He describes himself as having been the firm's Security Privateer, and as having "designed and built next-generation cryptographic security products for Mac OS X and iOS, including the 'FileVault 2' full-disk encryption product." He also "designed a concurrent programming system for high-performance computing, 'Transforms.'" In addition, he "led the engineering and approvals for a FIPS 140 validation of iOS."[5] Callas was trusted with the security of Apple's operating system,[3] and worked on Apple's Whole Disk Encryption. "That was the worst time to be working for Apple, the year before Steve Jobs came back," Callas has said.[7]
At Apple, he worked for Gursharan Sidhu, the inventor of AppleTalk. Callas "shipped the very first crypto built into an OS, called PowerTalk," which, he has said, "failed for being far too early," although he and his colleague Bruce Gaya managed to hack a piece of it, a password manager called The Keychain, "so that you could run it without the rest of PowerTalk, and thus rescued it from oblivion. The present Keychain on Apple products is completely and utterly rewritten, but I’m proud of saving it."[7]
He joined PGP, Inc. (developer of Pretty Good Privacy), in January 1997 as chief scientist. Network Associates (NAI) bought PGP in December 1997, and Callas became CTO for the Total Network Security Division of NAI, creating "architecture and direction for the company's network security products" and serving as "the primary author of the IETF's OpenPGP standard."[5][8]
He was director of software engineering at Counterpane from 1999 to 2001, serving as "co-architect of Counterpane's Managed Security Monitoring system – a redundant system with adaptive fail-over that monitors networks on three continents." He also "led the engineering team that built the system, taking it from prototype to operational in four months," and "managed Counterpane's export control process, getting approval for the system, including fifteen new ciphers." As Senior Architect at Wave Systems Corporation from 2001 to 2002, he was the lead architect for Wave's EMBASSY Trust System, on which he performed security analysis and created product security subsystems.
He then co-founded the new PGP Corporation in 2002. He worked as a server architect at PGP from July 2002 to October 2009, and during his time at the company was the principal author of the IETF OpenPGP standard, now RFC2440,[2][5][8][9] and developed the PGP (Pretty Good Privacy) Universal Server.[7] He was security privateer at I Could Tell You But Then I'd Have To Kill You and Associates from October 2009 to July 2011. He was chief technical officer at Entrust, a provider of identity-based security software, from July 2011 to January 2013.[3]
He co-founded Silent Circle in 2012 and Blackphone in 2013, and continued to serve as CTO of Silent Circle until April 2016,[2][3] where he led the development and operations groups, the former of which "produces the apps that manifest Silent Circle's services to its subscribers" and the latter of which "runs the actual services themselves."[5]
Callas holds patents, or has patents pending, on several systems and methods for erasing media, facilitating secure media access, for secure and transparent electronic communications, for dynamic security operations, for partial message authentication, and for facilitating encryption and decryption operations over an email server.[5]
Callas's security product designs have won major innovation awards from The Wall Street Journal and others.[7] He is one of the primary authors of the DKIM method and a member of the Infosec think tank The Shmoo Group. He has served as Adjunct Professor at Indiana University since 2012.[2]
Callas lectured widely about computers and Internet security, and was scheduled to be a speaker at the Oslo Freedom Forum in 2014.[9] Callas was selected to be one of two keynote speakers at the 2015 PDF Technical Conference in San Jose, California.[10]
Callas's employment ended with Apple in December 2018. Moving on to work as a Senior Technology Fellow at the American Civil Liberties Union until August 2020. He moved on to work as a Director of Public Interest Technology at the Electronic Frontier Foundation (EFF). He ended his employment with the EFF in June 2023. Callas is currently the founder of Zatik Security (since August 2023) and a Senior Computer Scientist at SRI International (since November 2023).[2]
Views
Callas has stated that tech companies are a bigger threat to privacy than the government. His views stem from big tech's mass pooling of personal data for advertising and the polarization within Silicon Valley. While some companies are committed to privacy, many more earn their revenues from selling user data. Callas has stated that if the advertising market takes a downturn, companies that protect their users' data are the most insulated from harm.[13]
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.
Philip R. Zimmermann is an American computer scientist and cryptographer. He is the creator of Pretty Good Privacy (PGP), the most widely used email encryption software in the world. He is also known for his work in VoIP encryption protocols, notably ZRTP and Zfone. Zimmermann is co-founder and Chief Scientist of the global encrypted communications firm Silent Circle.
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.
A cypherpunk is any individual advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since at least the late 1980s.
Leonard Harris Sassaman was an American technologist, information privacy advocate, and the maintainer of the Mixmaster anonymous remailer code and operator of the randseed remailer. Much of his career gravitated towards cryptography and protocol development.
Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.
End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.
PGP Corporation was a company that sold Pretty Good Privacy computer software. It was founded in 2002, and acquired by Symantec in 2010, and by Broadcom in 2019.
This is a comparison of voice over IP (VoIP) software used to conduct telephone-like voice conversations across Internet Protocol (IP) based networks. For residential markets, voice over IP phone service is often cheaper than traditional public switched telephone network (PSTN) service and can remove geographic restrictions to telephone numbers, e.g., have a PSTN phone number in a New York area code ring in Tokyo.
Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.
Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.
Secure messaging is a server-based approach to protect sensitive data when sent beyond the corporate borders, and it provides compliance with industry regulations such as HIPAA, GLBA and SOX. Advantages over classical secure e-mail are that confidential and authenticated exchanges can be started immediately by any internet user worldwide since there is no requirement to install any software nor to obtain or to distribute cryptographic keys beforehand. Secure messages provide non-repudiation as the recipients are personally identified and transactions are logged by the secure email platform.
The following outline is provided as an overview of and topical guide to cryptography:
Linoma Software was a developer of secure managed file transfer and IBM i software solutions. The company was acquired by HelpSystems in June 2016. Mid-sized companies, large enterprises and government entities use Linoma's software products to protect sensitive data and comply with data security regulations such as PCI DSS, HIPAA/HITECH, SOX, GLBA and state privacy laws. Linoma's software runs on a variety of platforms including Windows, Linux, UNIX, IBM i, AIX, Solaris, HP-UX and Mac OS X.
Silent Circle is an encrypted communications firm based in Washington DC. Silent Circle provides multi-platform secure communication services for mobile devices and desktop. Launched October 16, 2012, the company operates under a subscription business model. The encryption part of the software used is free software/open source and peer-reviewed. For the remaining parts of Silent Phone and Silent Text, the source code is available on GitHub, but under proprietary software licenses.
Vincent (Vinnie) Moscaritolo is a retired American computer security expert known for his work in encryption applications for mobile devices. After decades in the computer industry, he now volunteers as a search and rescue professional. He holds NREMT, WFR, and Amateur Radio Extra Class and a General Radiotelephone Operator with Ships Radar License.
The Blackphone is a smartphone built to ensure privacy, developed by SGP Technologies, a wholly owned subsidiary of Silent Circle. Originally, SGP Technologies was a joint venture between the makers of GeeksPhone and Silent Circle. Marketing is focused upon business users, stressing that employees often conduct business using private devices and services that are not secure and that the Blackphone service readily provides users with options that ensure confidentiality when needed. Blackphone provides Internet access through VPN. The device runs a modified version of Android called SilentOS that comes with a bundle of security-minded tools.
PrivatOS was an operating system used in the Blackphone from June 1, 2014, to June 30, 2016. It was targeted at users who sought improved privacy and security. It provided encryption for phone calls, emails, texts, and internet browsing. PrivatOS was a modified version of Android, forked from Android 4.4.2, that came with a bundle of security-minded tools. However, in contrast to Android, PrivatOS was not open source. The company that shipped PrivatOS, SGP Technologies is a joint venture between the makers of GeeksPhone, and Silent Circle.
pretty Easy privacy was a pluggable data encryption and verification system that provided automatic cryptographic key management through a set of libraries for written digital communications.
The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was first introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app for one-to-one conversations. Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.
This page is based on this Wikipedia article Text is available under the CC BY-SA 4.0 license; additional terms may apply. Images, videos and audio are available under their respective licenses.
