Jon Callas during his stint as Entrust CTO
|Known for||Internet Security|
Jon Callas is an American computer security expert, software engineer, user experience designer, and technologist who is the co-founder and former CTO of the global encrypted communications service Silent Circle. He has held major positions at Digital Equipment Corporation, Apple, PGP, and Entrust, and is considered "one of the most respected and well-known names in the mobile security industry." Callas is credited with creating several Internet Engineering Task Force (IETF) standards, including OpenPGP, DKIM, and ZRTP, which he wrote. Prior to his work at Entrust, he was Chief Technical Officer and co-founder of PGP Corporation and the former Chief Technical Officer of Entrust.
On his own website, Callas describes himself as "an entrepreneur and innovator in information and business security, including cryptography, operating system security, public key infrastructure, and intellectual property rights," as well as "an innovator in human-computer interactions, collaboration and social virtual reality."
He has also worked for Bruce Schneier's Counterpane Internet Security, was one of the primary authors of the DKIM method, and was Chief Scientist of the original PGP, Inc. founded by Phil Zimmermann. Callas is a member of the Infosec think tank The Shmoo Group.
Early life and education
He was a member of the technical staff at Century Computing from 1980 to 1981, then served as Principal Software Engineer at Digital Equipment from 1981 to 1993. He has described the VMS development department at Digital Equipment as "the best computer science grad school there was." While working there, he "got to work on a wide variety of things, from graphics to schedulers to memory management to operating system security," and created a random password generator. At Digital Equipment, he designed the PATHWORKS network operating system as well as software for Macintosh client systems and server systems running VMS or UNIX, and created cross-platform communications between computers running Mac OS, VMS, UNIX, Windows and OS/2, using AppleTalk, DECnet, and TCP/IP networks. He also developed software for 3D, PEX, and DDX for OpenVMS, OSF/1 and Windows NT.
After Digital Equipment folded, Callas co-founded World Benders, Inc., where he worked from 1993 to 1995. At World Benders, he "was the lead architect and developer of Meeting Space, a cross-platform group collaboration product" that "allowed people to conduct meetings in real-time on existing networks."
Callas then held the title of Senior Scientist II at Apple Computer from 1995 to 1997. He describes himself as having been the firm’s Security Privateer, and as having "designed and built next-generation cryptographic security products for Mac OS X and iOS, including the 'FileVault 2' full-disk encryption product." He also "designed a concurrent programming system for high-performance computing, 'Transforms.'" In addition, he "led the engineering and approvals for a FIPS 140 validation of iOS." Callas was trusted with the security of Apple's operating system, and worked on Apple's Whole Disk Encryption. "That was the worst time to be working for Apple, the year before Steve Jobs came back," Callas has said.
At Apple, he worked for Gursharan Sidhu, the inventor of AppleTalk. Callas "shipped the very first crypto built into an OS, called PowerTalk," which, he has said, "failed for being far too early," although he and his colleague Bruce Gaya managed to hack a piece of it, a password manager called The Keychain, "so that you could run it without the rest of PowerTalk, and thus rescued it from oblivion. The present Keychain on Apple products is completely and utterly rewritten, but I’m proud of saving it."
He joined PGP, Inc. (Pretty Good Privacy, Inc.), in January 1997 as Chief Scientist. Network Associates (NAI) bought PGP in December 1997, and Callas became CTO for the Total Network Security Division of NAI, creating "architecture and direction for the company's network security products" and serving as "the primary author of the IETF's OpenPGP standard."
He was Director of Software Engineering at Counterpane from 1999 to 2001, serving as "co-architect of Counterpane's Managed Security Monitoring system – a redundant system with adaptive fail-over that monitors networks on three continents." He also "led the engineering team that built the system, taking it from prototype to operational in four months," and "managed Counterpane's export control process, getting approval for the system, including fifteen new ciphers." As Senior Architect at Wave Systems Corporation from 2001 to 2002, he was the lead architect for Wave's EMBASSY Trust System, on which he performed security analysis and created product security subsystems.
He then co-founded "the new PGP Corporation," which has received many awards for its encryption technologies. He worked as a server architect at PGP from July 2002 to October 2009, and during his time at the company was the principal author of the IETF OpenPGP standard, now RFC2440, and developed the PGP (Pretty Good Privacy) Universal Server. Apropos of PGP, he has said, "I thought it was a great way to do fun things and change the world for the better….That was a great place to really become an expert."
He was security privateer at I Could Tell You But Then I'd Have To Kill You and Associates from October 2009 to July 2011. He was Chief Technical Officer at Entrust, a provider of identity-based security solutions, from July 2011 to January 2013, and was "responsible for shaping the direction of new technology and innovation."
He co-founded Silent Circle in 2012 and Blackphone in 2013, and continued to serve as CTO of Silent Circle until April 2016, where he led the development and operations groups, the former of which "produces the apps that manifest Silent Circle's services to its subscribers" and the latter of which "runs the actual services themselves."
Callas holds patents, or has patents pending, on several systems and methods for erasing media, facilitating secure media access, for secure and transparent electronic communications, for dynamic security operations, for partial message authentication, and for facilitating encryption and decryption operations over an email server.
Callas's security product designs have won major innovation awards from The Wall Street Journal and others. He is one of the primary authors of the DKIM method and a member of the Infosec think tank The Shmoo Group. He has served as Adjunct Professor at Indiana University since 2012.
Callas has lectured widely about computers and Internet security, and is scheduled to be a speaker at the Oslo Freedom Forum in 2014. Callas was selected to be one of two keynote speakers at the 2015 PDF Technical Conference in San Jose, California.
By May 2016 Callas rejoined Apple.
Callas has stated that tech companies are a bigger threat to privacy than the government. His views stem from big tech's mass pooling of personal data for advertising and the polarization within Silicon Valley. While some companies are committed to privacy, many more earn their revenues from selling user data. Interestingly, Callas has stated that if the advertising market takes a downturn, companies that protect their users' data are the most insulated from harm.
- Interview with Jon Callas, CTO of PGP Corporation. Help Net Security, 2011. Retrieved 17 July 2011.
- Trutta, Filip (Jul 26, 2011). "Former Apple Security Expert Jon Callas Joins Entrust". softpedia.
- "Jon Callas" (PDF). Merry Meet.
- Risner, Erin (June 5, 2013). "AMA: Interview with Cryptographer, Computer Security Expert Jon Callas". Spideroak Blog.
- Kucan, Berislav. "Interview with Jon Callas, CTO of PGP Corporation". Net Security.
- "Speakers" (PDF). Oslo Freedom Foundation.
- "Phil Ydens and Jon Callas to keynote at the PDF Technical Conference 2015" (PDF). PDF Association. Retrieved September 24, 2015.
- Apple rehires prominent security pro as encryption fight boils, Reuters, May 24, 2016
- Whittaker, Zack (Feb 4, 2016). "PGP co-founder: Ad companies are the biggest privacy problem today, not governments". ZDNet.