Problem is the mobile end device is incredibly insecure. You'd have to custom build an o/s to NSA fishbowl specs and then drop in Silent Circe, but even that wouldn't guarantee privacy since all of us have SIM cards with unknown carrier installed apps on them, and unknown software running on the baseband (which is typically in ARM supervisor mode w/no NX bit)
Also interesting the inventor of PGP and guy who once went against the gov tells people to mail him in clear text and uses a closed source OSX blackbox.
Hint: look at what NSA is advising other government agencies to use for classified systems.
They published a white paper spec of what a mobile phone system would have to do in order to be accepted as a potential solution.
Hint: Hardware would have to be certified together with firmware and software. It would contain some kind of a locked down VPN connection so no network packets ever get sent or received unless it goes through that one VPNed connection. This way metadata doesn't leak. From what everyone can observe you only connect to one VPN server. Inside the VPN connection you'd have multiple encapsulated sRTP based voice channel to whoever you are calling. BUT this VPN server would be running in a centralized government owned facility. So they would know all the metadata. Now how would that work in real life to hide from their surveillance? I don't know. If there ever appears a trusted VPN provider, you bet it will be a single point of compromised and a single pointer of failure.
> have SIM cards with unknown carrier installed apps on them
SIM cards don't have apps on them! They just have the IMSI, a key, some prior data about which tower it last connected to, and some miscellaneous data (such as a PIN number, etc), together with a data area that's used exclusively to store a limited number of contacts and SMS messages. This was useful when phones (think Nokia bricks) didn't have much (or any) storage capacity.
Carriers can, however, create their own firmware images that contain their crapware apps, which is why they're uninstallable.
The general consensus seems to be that if you are specifically targeted, there is very little in your power you can do. Few people are going to throw away any electronic device they own when they have the slightest suspicion about it.
My opinion is that specific goals should be acknowledged and agreed upon. These are things that will do little or nothing to protect dangerous criminals but will prevent dragnet surveillance, political blackmail, and what essentially amounts to a consolidation of power by kleptocrats (which is either the state the US is in now, or will soon be.)
The following are goals, each representing its own layer. A) would be a very good start. Each additional layer is helpful, but the first priority is A.
A) The end of plain text communication. There is no reason two parties communicating digitally should have their communication readable by anyone with access to the data stream. Ignore the NSA for a moment, any nation your data passes through you should assume is being spied on -- very serious espionage concerns for any business public or private.
B) Client side end to end encryption when two parties are communicating with each other. Currently this would put an end to contextual email advertising, stifle history, search indexing, and usage metrics collecting. However, there are potential options here such as Crypton.io.
C) Open source software as a service. Lavabit, Silent Circle, and others have a big dilemma -- they can not prove they are not spying on their users. If a software-as-a-service provider is the one doing the encryption, even "client side", there is the possibility of a security compromise, through a court order or otherwise, by modifying how the software executes. Most certainly an astute security researcher would discover something was amiss. The average user may not. The more serious issue is rather the destruction of that business's credibility when a problem is discovered (this is hacker news after all, presumably you are here because you run a start up or internet business.)
The best solution -- separate the encryption layer from the service provider. Dropbox (allegedly soon to be complicit with PRISM) can't provide a lot when a user syncs a TrueCrypt volume. What about Silent Circle? Is it really secure? Or Spideroak? We don't know. While their work is admirable, forced automatic updates could break the security. Lack of source code means lack of public auditing.
Both Silent Circle and Spideroak could alter their business models to become substantially more secure. For example, if a particular country has a draconian data retention law and you operate in that country, then your business should not store data nor have any business interest in storing data.
There are numerous trends that have made security slide out of fashion. We want metrics on everything to optimize our UX. We want deep demographic, behavioral, and contextual data to maximize the amount of money advertisers can spend. Users want plug and play software that just works with the press of a button. View all of these as both obstacles and opportunities to build better versions of what exists today. Software development is getting cheaper, easier, and faster by the day, unlike, say, drilling for oil.
You can use EncFS [1] (Linux, FreeBSD, OSX) instead. This is far more efficient. I'm using it with Dropbox and it was fairly easy to set up and works well.
You can make things even easier by using Gnome EncFS Manager [2] (Ubuntu, Debian, Fedora, OpenSUSE, Arch) to automate mounting encrypted drives or folders. The GUI is simple and intuitive.
Basically, any directory or drive you can write to can be mounted as an encrypted container of individual files.
> Open source software as a service. Lavabit, Silent Circle, and others have a big dilemma -- they can not prove they are not spying on their users.
Lavabit can't, but Silent Circle can; it's possible to prove that communication apps are secure (just show the source), it's impossible to make a mail server secure without the client knowing anything about encryption.
Of course. That doesn't mean a service can't prove it's secure. The service can be as secure as it wants, if you're talking within earshot of your adversary, you're screwed.
Also interesting the inventor of PGP and guy who once went against the gov tells people to mail him in clear text and uses a closed source OSX blackbox.