Italian Phone Taps Spur Encryption Use 176
manekineko2 writes "This article in the NYTimes discusses how a recent rash of high-profile mobile phone taps in Italy is spurring a rush toward software-encrypted phone conversations. Private conversations have been tapped and subsequently leaked to the media and have resulted in disclosures of sensitive takeover discussions, revelations regarding game-fixing in soccer, and the arrest of a prince on charges of providing prostitutes and illegal slot machines. An Italian investigative reporter stated that no one would ever discuss sensitive information on the phone now. As a result, encryption software for mobile phones has moved from the government and military worlds into the mainstream. Are GSM phones in the US ripe for a similar explosion in the use of freely available wiretapping technology, and could this finally be the impetus to for widespread use of software-encrypted communications?"
Nice thing (Score:5, Interesting)
Re:Nice thing (Score:2, Interesting)
Companies first (Score:3, Interesting)
Here at Chevron we encrypt our Blackberries, both on the unit and during transmission. If the Blackberry is lost, the data is safe because of the encryption.
I don't see it happening for the public unless the carrier provides the service and then wouldn't the government just request the carrier to give them access?
Key Exchange? (Score:1, Interesting)
Really, you need to ensure that your public keys don't get intercepted as if you sent them via SMS or otherwise. Considering the fact that you aren't trusting the network any longer, it means that you couldn't pass keys across it either.
So if you wanted a secure key exchange, you would probably have to meet someone or another trusted person and do a key exchange that way, IR would probably workk.
I guess email could work too.
Re:Key Exchange? (Score:5, Interesting)
Re:Nice thing (Score:2, Interesting)
Worried now? (Score:4, Interesting)
An Italian investigative reporter stated that no one would ever discuss sensitive information on the phone now.
Why on Earth would you ever discuss sensitive information on the phone before? There's always been phone tapping tech. It's only the laws for that technology's usage that protected anyone from it. You never say anything on the phone that you wouldn't say to a cop. If you don't know that rule, you're a pretty inept criminal.
Cordless phones too (Score:1, Interesting)
For a very long time (Score:4, Interesting)
In the days of AMPS and NAMPS it was a piece of cake. Friend of mine worked in IT for the local PD and was able to get a scanner that wasn't 800-900 blocked, and a little card and software for the computer that allowed us to follow calls as they went from cell to cell.
CDMA and GSM just throw a little wrinkle in.
Re:Key Exchange? (Score:3, Interesting)
Re:Key Exchange? (Score:3, Interesting)
Re:Italy & US (Score:3, Interesting)
Re:Italy & US (Score:4, Interesting)
The encryption is only between the handset and basestation. If people have the ability to make "legal" taps it wouldn't even help with a call between two phones connected to the same basestation.
You'd need end to end encryption which would also require you to establish a "data" call, which could well be charged differently from a "voice" call.
RF blend from the microphone (Score:1, Interesting)
The only way to get around this is to specifically design the phone so that no signal bleeds from the microphone to the antenna. The government uses such phones, but I haven't seen any of them available for consumers and companies yet (and their production cost is prohibitively high for consumers anyway).
Re:GSM encryption is not all that trivial (Score:3, Interesting)
Re:Italy & US (Score:3, Interesting)
Re:Not Gonna Happen in US (Score:3, Interesting)
I work for a telecom provider (mostly hosting of SIP apps) and we are not required under CALEA to provide access to law enforcement. Rather, the telco carriers that _we_ use, like AT&T, Qwest, etc. are required to provide access. What that means is that we could offer customers a VPN connection to our network, give them a soft-phone and ensure that their SIP traffic remains encrypted. You'd probably have to do SIP to SIP since I don't know how you'd encrypt the PSTN leg of the call.
Cell phones would be tricky to encrypt since you'd have to run specialized software on the phone. For fixed stations it would be trivial. Setup SIP gateways on both ends, connect the gateways using a VPN and use either a hardware or software based SIP phone. The two parties would then need to physically exchange the encryption keys needed for the VPN. In this sort of arrangement CALEA would not apply and law enforcement would not be able to demand access to the network traffic.
I currently have access to all the necessary software and hardware, but simply haven't have the time to setup an experimental system like the one I described. This sort of system has been technically feasible for over a decade. Perhaps I should start selling all-in-one packages?