Sampo Syreeni wrote:
But anything that goes over the air, whether cellphone or cordless phone, ought to be properly encrypted, and it isn't now.
Why? As I see it, this is fundamentally an economic question, not a technical one. It's about the risk of somebody listening in, taking notice and acting adversely to the talker's own interest, versus speaking what one wants without having to take expensive precautions. Currently such risks mostly materialize when one *truly* has something to hide, that is, one talks about something criminal, there is reason to believe law enforcement agencies might be listening and one talks in terms which will reasonably lead to conviction in the right circumstances.
Getting back to the world of users, there is a threat out there: idle listeners. For the famous and the vulnerable, there have been countless scandals whereby private conversations have been recorded and dumped on a shocked and titillated public. GSM stopped that one cold. It wasn't ever meant to be encrypted to stop LEOs listening in, and that never would have been an issue anyway, as taps are more conveniently put at the base station (assuming legal behaviour by LEOs). (And, we can pretty much assume that the encryption wouldn't be allowed any further than the basestation ... in fact, I'm given to understand that there is a reason that the microwave links were never encrypted ;-) What was a real issue was that people who had something to hide wouldn't use the phone. And, those people with something to hide, *wanted* to use the phone. It was actually economically sensible to give all those scandalising lovers secure phones so they could romance away the hours safely, because the charging was per-minute. The other issue was phone spoofing, which was a massive industry in Europe with the older analog devices. Again, the crypto in GSM phones killed that little loss leader.
End-to-end encryption isn't nearly as important.
Huh? Bare on-the-air encryption only proofs you against nosy neighbours and the attendant probability of one of them giving you in for something illegal.
I'm guessing here that neither civil litigation nor Murdoch papers are much seen in Finland :-) -- iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com