I'm unclear why Lucky dislikes the Sectra Tiger (www.sectra.se); the key management is not what I'd like, but seems designed specifically for hierarchical military or corporate organizations, which is the only viable market for a EUR 2500 encrypting cellphone. I think the most cost-effective voice crypto solution today is a bluetooth-enabled cellphone, a bluetooth-enabled PocketPC (ipaq) with fast ARM, and then conventional encrypted-voice software (such as speak-freely) running over PPP over bluetooth. It would be fairly easy to develop a belt or briefcase cellphone, handheld PDA with audio I/O via headset worn on the belt or held in the hand (or, using an Ericsson headset, stored in a briefcase as well), . System cost USD 1000 or less, entirely COTS consumer hardware and open-source software, and you get a free normal GSM cellphone, high-spec PDA (==ecash terminal), and equivalent ease of use to the very best cellphone (as you would be using a headset, carrying the phone and processor separately). If you're concerned about rf monitoring on the local bluetooth side, you could substitute a wired headset/microphone; if you're concerned about the general unavailability of bluetooth-enabled fast PDAs, you could with an ease of use penalty use IrDA. I don't believe a dragonball could do viable voice crypto (especially compression), at least without a coprocessor card, but perhaps it could, and it certainly could support encrypted SMS. You could possibly use your own non-standard link protocol, vs. PPP, if you are concerned about latency, but it should be relatively easy to achieve 100-200ms latency on cell to cell communications. The benefit of using software which exists on general purpose machines and TCP/IP over the link is of course that normal desktops could be used as secure phone terminals as well, and I think there really isn't much demand for voice crypto in the marketplace, outside the military and defense-mandated commercial contractor use. When audio I/O-enabled PDAs, bluetooth cellphones, etc. are widely deployed, perhaps this will change (plus, bluetooth or 802.11b PDAs could serve as cordless phones with IP-IP or VoIP calling when in range of a legitimate or borrowed network). I've used speak-freely on a unix laptop for years, using IP transport of opportunity, and with a good headset/microphone, it seems to meet my needs for secure voice. The other reason for using PPP-Voice is to abuse cell providers; in the UK, for instance, I have a GBP 75/month unlimited-calling phone (UK numbers); I could easily use this to dial in to a UK-based phone with HSCSD and a fast IP connection at 14.4kbps, and then use IP-IP or a VoIP bridge to get cheaper or free international calling; encrypted by default to the gateway, and possibly to the other end if supported. -- Ryan Lackey [RL7618 RL5931-RIPE] ryan@havenco.com CTO and Co-founder, HavenCo Ltd. +44 7970 633 277 the free world just milliseconds away http://www.havenco.com/ OpenPGP 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F