On Fri, 11 Apr 2003, Tyler Durden wrote:
Well, a secure H.323 is certainly better than nothing, but as of right now the world looks like its going to remain circuit switched for a long time. That means most standard telephone calls will potentially be under scrutiny, unless encryption is used at the end points. And I guess that's where one would ultimately want to do that anyway... -TD
Which leads me to a different idea. (Or, more accurately, a n-th rehash of the many-times-discussed-already idea.) Something like an embedded computer, dedicated to PGPfone-like device, using a cellphone as its communication unit. Basically, an embedded computer, with audio I/O on one side and audio I/O and serial port on the other one. The unit would connect between the phone and either a hands-free or a handset/headset, acting either as an encryption/decryption device (and using the phone in data-call mode), or as just a passthrough (for nonencrypted ("plainsound"?) calls)). The unit would manage everything from contacts to ringing to encryption of calls and text messages, the phone would act as just a dumb wireless device, without carrying any data (nor contact lists) in itself. The unit would also have to guard the contact lists, stored messages, and other data against retrieval by unauthorized personnel (thieves, investigators...) - phone lists from intercepted phones are important intelligence source on its own. This will also allow us to set the individual phone numbers to specify if the calls/messages to that number are plaintext by default, auto-negotiated, or forced-encrypted, and the certificates or public keys of the other party, allowing checking of the other party's identity. That all is fairly obvious, and isn't difficult with standalone, desktop-class PCs, even with the older ones. A suitable platform for rapid development and deployment seems to be some flavor of embedded Linux (eg, Midori?). This gives us the advantage of having most of the code already available, having to just glue it together. The question is, how much the available technology changed from when these things were being actively developed, what of already-existing devices we can use, if there aren't already enough-powerful devices allowing this mode of operation without having to develop our own hardware, either as PDAs, or as some already-existing embedded control systems. (I was looking around for PC104 boards, but the ones I seen tend to be rather expensive.) There are already whole computers on a single chip. I seen a full-featured 386 capable of running standard Linux kernel, which would fit both the power consumption and size requirements, but is too weak for the required compression and encryption. The technology marches on and the Moore's Law still applies. So it is just the matter of time when suitable components hit the market. My question to anyone who comes into closer contact with this kind of computers is if it by chance already hadn't happened - and if so, details about the available devices. This could be even a decent business opportunity. Make the unit generic enough, make its function dependent only on its software, sell it anywhere without any legal restrictions - and make the secure-phone software available for download, together with eg. GPS car locator software and remote control/telemetry software. This could drive demand high enough to benefit from volume production, which could drive the costs low enough to stimulate demand for secure telephones even between less wealthy people than the market segment for the overpriced Siemens TopSec units. -- ...The best lawyers are Mr. Smith and Mr. Wesson.