Don't be too sure that crypto is that far beneath the radar. I spent Thursday through Saturday at an annual privacy conference for activists from around the country, and they understood the principles. Their voicemails were filling up with calls from reporters last Friday about the Gingrich incident, and I know they were talking crypto. The only other journalist who was there made an interesting point, that encrypting cell phone traffic only up to the point it hits the phone system wouldn't hinder L.E. access but would protect privacy. (Or, perhaps, would be worse in the long term since we wouldn't have such luscious examples.) -Declan On Mon, 13 Jan 1997, Clay Olbon II wrote:

I just caught the news reports of Newt Gingrich's cell phone calls being taped by "a little old retired couple" with a scanner. These were then given to a congressman, who gave them to a newspaper.

The take on this that we won't hear is: "This is outrageous! Why don't cell-phones offer encryption to ensure our privacy?"

Unfortunately, I think crypto is still so far beneath the public consciousness that the obvious solution to these sorts of problems is ignored in favor of the "there oughta be a law" non-solution. (Of course, in this case there is a law!) What I really hope this incident spawns is a market ...

Clay

******************************************************* Clay Olbon olbon@ix.netcom.com sys-admin, engineer, programmer, statistitian, etc. **********************************************tanstaafl

Declan McCullagh wrote:

encrypting cell phone traffic only up to the point it hits the phone system wouldn't hinder L.E. access but would protect privacy. (Or, perhaps, would be worse in the long term since we wouldn't have such luscious examples.)

Actually, I wouldn't think the cops would be too hot on that idea. Taps would require physical access to the phone network, meaning a warrant or other specific authorization and a time delay. Worse from the cops' perspective, the phone company will know who is being monitored. That means accountability, and that means leaks. The goal will always be end-to-end "key recovery." A fixed key in the phone that can be cracked is much preferable to a random DH exchange, which would be the right way to do a last-hop-only encryption (all from the cops' perspective, of course). With "key recovery" currently out of favor, the cops' strategy is FUD and the criminalization of illegal wiretaps (by private citizens anyway), to create a false sense of security. In any case, evangelizing and deploying real end-to-end encryption now is the way to go. -rich

On Mon, 13 Jan 1997, William H. Geiger III wrote:

-----BEGIN PGP SIGNED MESSAGE-----

In <1.5.4.16.19970113191647.098f90d2@popd.ix.netcom.com>, on 01/13/97 at 08:12 PM, Clay Olbon II said:

...

I just caught the news reports of Newt Gingrich's cell phone calls being taped by "a little old retired couple" with a scanner. These were then given to a congressman, who gave them to a newspaper.

...

The take on this that we won't hear is: "This is outrageous! Why don't cell-phones offer encryption to ensure our privacy?"

...

Unfortunately, I think crypto is still so far beneath the public consciousness that the obvious solution to these sorts of problems is ignored in favor of the "there oughta be a law" non-solution. (Of course, in this case there is a law!) What I really hope this incident spawns is a market ...

There is a very basic reason that cell phones are not encrypted; the government does not want them encrypted. Many an arrest has been made from infromation gathered from cell/wireless phone conversations. AFAIK the police do not even need a search warent to do this.

I remember hearing somewhere that a cell phone manufactuer had created an "encryption" algorithm for their phones. It inverted the waveform or something like that. Now, I ask of you, how hard is that to get break? Not very. It will keep Beavis and Butthead from listening to cell phone calls, but that's about all. Like you said, a lot of arrests have been made by evesdropping on cell phone calls. I wouldn't put it past the NSA to be running SIGINT on such calls. If these were encrypted using a method similar to how ssh does shell connections, the NSA would be screwed. And, incidentally, I really wish ssh was more standard than it is. I'd like to be able to hit my ISP and such with it. ;) (Most ISPs don't like you running nohup'ed processes).

With the cell phone industry regulated by the FCC I doubt that you will ever see cell phone's with built in encryption.

Agreed.

As far as the general public is concerned the majority are sheep. They are quite content to know that it is illegal for their neighbor to listen in and ofcource Big Brother would only listen to those nasty drug dealers & mobsters.

Of course. And that stops their neighbor. Yeah. My father bought himself a scanner for his birthday last year. The first night he had it I went over, and we sat on the front porch. We heard a load of cordless phone calls, including one to which a "friend" of mine was a party, which was quite interesting indeed. We also heard a great number of cell phone calls. The majority of the latter were sexual in nature. Christian Coalition, you're failing miserably. ;) I wish I had better voice recognition technology, like the NSA surely has. I'd have the system scan for the voices of people I know and record them; again, like the NSA does.

On Mon, 13 Jan 1997, Dale Thorn wrote:

Clay Olbon II wrote:

...

I just caught the news reports of Newt Gingrich's cell phone calls being taped by "a little old retired couple" with a scanner. These were then given to a congressman, who gave them to a newspaper. The take on this that we won't hear is: "This is outrageous! Why don't cell-phones offer encryption to ensure our privacy?" Unfortunately, I think crypto is still so far beneath the public consciousness that the obvious solution to these sorts of problems is ignored in favor of the "there oughta be a law" non-solution. (Of course, in this case there is a law!) What I really hope this incident spawns is a market ...

I'm not sure what crypto will do to voice transmission, but from my own personal example: I just bought two Motorola portable phones (46 mhz) with Secure Clear(r) voice scrambling. On my AOR 8000 scanner, it sounds to my ears like very muffled Chinese.

How much did the two cost? [...]

On Mon, 13 Jan 1997, William H. Geiger III wrote:

There is a very basic reason that cell phones are not encrypted; the government does not want them encrypted. Many an arrest has been made from infromation gathered from cell/wireless phone conversations. AFAIK the police do not even need a search warent to do this.

With the cell phone industry regulated by the FCC I doubt that you will ever see cell phone's with built in encryption.

As far as the general public is concerned the majority are sheep. They are quite content to know that it is illegal for their neighbor to listen in and ofcource Big Brother would only listen to those nasty drug dealers & mobsters.

A decent article about the subject (one that also gives us some historical proof of the govt's desires) can be found at: http://www.feist.com/~tqdb/h/062694-1.txt By the way, I'm finding all these articles on the page: http://www.feist.com/~tqdb/evis-idx.html for those who care. ____________________________________________________ [ Bruce M. - bkmarsh@feist.com - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "We don't want to get our butts kicked by a bunch of long-haired 26-year-olds with earrings." -- General John Sheehan on their reasons for InfoWar involvement

In article , Declan McCullagh wrote:

The only other journalist who was there made an interesting point, that encrypting cell phone traffic only up to the point it hits the phone system wouldn't hinder L.E. access but would protect privacy. (Or, perhaps, would be worse in the long term since we wouldn't have such luscious examples.)

This is well-known. GSM does this, for example. I've seen the point made in several textbooks. I don't know of any cellular systems that do end-to-end encryption (which would stop wiretapping at the landline switch) as opposed to airlink encryption. Does anyone else?