Encrypted Cell Phone Hits the Market

notshannon writes "Reuters reports about a new cell phone which automatically encrypts communications. Of course, the matching handset will decrypt the message. Security doesn't come cheap, around $4000 per pair, but it's probably as reliable as anyone in these parts could wish. Favorite quote: 'We allow everyone to check the security for themselves, because we're the only ones who publish the source code,' said Rop Gonggrijp at Amsterdam-based NAH6. Amusingly, the article cites government.nl and not nsa.gov as the world's most prolific phone tapper."

Limited Use?

[BadCable]

Doesn't this seem of limited use?

I mean if it only encrypts for other cellphones of it's type on it's network the usability is rather limited.

You might as well use encrypted walkie talkies, it's not too different when you think about it.

Why not sooner?

[Orien]

Personally, I am flat-out amazed that this kind of thing hasn't taken off much sooner. There is a public outcry right now about "Privacy" and all kind of laws are being enacted to ensure consumer protection of personal information. So why isn't there a much higher demand from consumers for "Privacy" when it comes to data transmission and data storage? It's not like it's hard from a technology standpoint. Encrypted communications have been around since long before cellular phones. We just need more people asking for it to see this kind of thing standard in phones, bluetooth, 802.11, etc.

US most prolific phone tapper?

[sulli]

give me a break. [www.gov.cn]

*yawn* so what?

[Not_Wiggins]

First, cell-phone encryption has AT LEAST been available (weak or otherwise) in GSM since 1990. Sure, it is crackable, but it takes hours to do... making it impractical for eavesdropping on a conversation in real-time.

Ok... let's say you're not happy with the encryption. This product will have use in every part of the world *except* the US because, I believe, encrypted voice transmission is illegal. Heck, there have even been home cordless phones available for years that would encrypt only between the handset and the base station... and you're not allowed to have them in the US for that same restriction.

So... either you're going to spend a lot of money to gain encrypted communication that you could more cheaply acquire with other technologies, or you won't be allowed to use it (in the US) without giving the government a backdoor to listen in. For $4K? Forget it.

What about GSM?

[TwistedGreen]

Wasn't GSM supposed to be encrypted as well, but the algorithm was found to be extremely trivial to crack?

How long until that happens with these technologies? I'd hope a long time, for $4000/pair.

How will you verify keys?

[whois]

Nobody verifys keys for webpages, email or ssh right now. How many times have you seen "HOST KEY HAS CHANGED" or "host key not found" and typed "yes" anyway?

The good news is that if people really understood crypto, key exchange would be easy. You meet in person, establish a bluetooth link, swap public keys and verify fingerprints.

The bad news is that nobody will do this, or the phone won't support it (article didn't say how key exchange happens)

So when Joe calls and it says "incoming encrypted call" are you going to answer it because you know and like Joe, even though you've never exchanged keys with him?

Key exchange can't be done through a trusted third party (except the company you work for) because there is no trusted third party. Even if you trust Bob, and he trusts Mary, you don't know where their dirty phones have been.

If your work is the trusted third party, they'll probably hold copies of your private keys so calls can be monitored later if needed. (Hopefully the phone ethier allows you to generate a new key whenever you want, or doesn't allow exporting of it's private key. Hopefully both)

Don't get me wrong, I want one. Real bad, but not $4k bad, not to test out someones (probably flawed) cryptosystem.

Even if they understand crypto and got it right, the user still has to understand it to make it all work.

If I had about 10 of these I'd give one to each of my friends and make sure they only accept encrypted calls from known keys. I'd also make the screen light up in red or green or something to show it's an encrypted call.

Then we could talk about Joe behind his back, with no chance of interception from governments.

So yeah, anyone got a real use for these?

"targeted at business executives"

[v_1matst]

yea... but they really mean drug dealers, terrorists, etc.
Don't get me wrong, I think personal privacy is very
important (for individuals as well as 'executives'), however
I think this technology is just begging to be abused.

just my 2 cents...

Terrorists? Give it a rest.

[mindstrm]

Get real.

Look.. law enforcement snoops on phones because they can, not because from day 1 it was required by law to let them. Yes, there are rules in the US and elsewhre that require companies to make it easier for law enforcement to snoop.. but still.

Just because some form of communication exists does NOT mean you need to make it's contents available to the government upon request.
You have the RIGHT to encrypt your communications, and keep them private, as do terrorists.

I think maybe you are a troll, though.

Re:Responsibility

[Fulcrum of Evil]

For instance, have the manufacturers considered the applications for which terrorists might use these?

Terrorists tend to use more secure methods, like meeting out in the middle of nowhere and talking face to face.

Re:Their concerns about Windows (from the FAQ)

[Devi0us]

If it runs on Pocketpc, why can't they just make an app that will run on all softphones? Its trivial to intercept the mic and speaker calls and route them through an encryption/decryption routine. Hell, you could use bluetooth for it and just make a headset profile that handles the encryption/decryption. Then you could use your PDA as a handset for your bluetooth enabled phone, with encryption over the public network segment. The PAN would be encrypted as well.

Re:NSA vs. the Dutch

[mesocyclone]

And your sources for this are?

I often hear claims about nefarious activity by NSA, but considering the level of security, I am rather dubious of these claims because it leads to the question of how people broke NSA security enough to find out about this stuff.

If you want industrial espionage, check the French. Air France was discovered to have bugged every seat in first class on every flight for the French security agency. Why first class? Industrial espionage seems an obvious reason, although again, how would you know.

The government doesn't have time to spy on ordinary citizens. Unless it is doing a criminal investigation or a national security (i.e. counter-intelligence/counter-terrorism) case, it isn't going to pay attention to you.

If the rumored key phrase sniffers are out there, then they no doubt have listened to a few of mine and lots of other conversations, just to be annoyed at the waste of time.

Oh, and NSA is allowed to operate inside the US. It is the agency responsible for communications security for the US military, and as such monitors US military communications in the US in addition to providing secure systems.

Many years ago, when I was a radio operator in P-3 Orions, another radio operator in my squadron sent a false MAYDAY as if he were a ship (not aircraft) in distress. A few days later he was in the brig. Can you say "signature analysis" and "broadband recorders"? This was in the late '60s, btw, so you can imagine what sort of technology was used to be able to go back to an arbitrary frequency, pull out the false MAYDAY, and subject it to signal analysis.

The same technique is almost certainly how the KAL-007 shootdown was recorded. Basically, at least in the past and no doubt now, NSA records and archives a whole lot of spectrum in a whole lot of places.