I believe that at this time the differential market value to customers of having strong crypto in telephones is near-zero, and in cell-phones is only slightly greater. My reasons will follow below. I'm explicitly discussing "things as they are" rather than "things as they should be." At 9:10 AM -0500 11/21/96, Clay Olbon II wrote:

I think we need to keep a couple of goals in mind. The first, is to get encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where probably most Americans now buy their phones). The prices need to be low enough that people will want to buy them (<$100?). Is this technically feasible? The comsec device from the above URL already demonstrates the needed capability. Is the cost target possible? My guess is soon, given the lowering costs and increasing capabilities of current processors.

While I would certainly _like_ to see wider use of crypto, and crypto deployed ubiquitously in products like telephones, cellphones, pagers, and, of course, computers and networks, I think any honest appraisal of market conditions must conclude that there is little _average American_ awareness of, or demand for, crypto. One could cite many reasons. Here are some that I see. (Note: I'm not saying these are true for me and thee, nor for everyone else. And these reasons may change with time. But for now, I think they're pretty accurate.) * Most people don't think they're targets of wiretapping. They don't think the FBI is tapping their phones, and they've never even heard of the NSA, let alone GCHQ, NRO, SDECE, etc. * "What have I got to hide?" * Given a choice to use ordinary phone lines or cordless handsets, with attendant ease-of-eavesdropping issues, they'll take the convenience of cordless handsets nearly every time. (And the 900 MHz increase-security cordless handsets are not yet in heavy demand...they'll succeed when they're as cheap as ordinary cordless phones.) * Security always takes some effort. The military can have it only by having elaborate protocols, checks and balances, and essentially full-time "crypto" personnel to go through the rigamarol of setting up secure communications and locking up key material according to elaborate procedures. (I like to cite the evolution of metal safes. Mosler Safe Company says the driving force behind safe design, and deployment to merchants and banks, was the _insurance business_. Instead of preaching about the value of increased security, the insurers--who knew how to take the long view--offered rate discounts if stronger safes were installed. Voila, stronger safes. Until similar incentives exist for data--e.g., insurance for loss of patient records, confidential dossiers, etc.--I doubt most people will listen to the "preaching.") * Look at how few people--myself included--routinely use crypto (digital signatures, etc.) here on this list! It is now "worth it" to me to digitally sign all messages. (Please, don't send me your personal experiences or your scripts for interfacing Pegasus Zapmail to PGP 2.8!) * Even those with secure phones--STU-IIIs and Clipperphones--admit that they rarely use the features. (Recall several stories where advocates of Clipper had to take the books and magazines piled up on top of their Clipperphones, dust them off, and try to remember how to initiate a secure conversation!) * And this raises the problem of: whom do you communicate with securely? If your friends and family don't have compatible hardware, what's the point? Sure, some corporations and enterprises will take the plunge and buy sets of units, but Joe Public will likely not, at least not until a critical mass of compatible crypto is installed...perhaps a decade or more from now. * In short, most people don't see the need. They're not doing things they think would warrant surveillance, and they have no experience with bad effects from wiretaps or whatnot. Just not on their list of things to worry about. And they don't want the additional confusion, learning, and incompatibility with what their friends and coworkers have. As to the larger issue of "edcucating the public," I think this is almost always an exhausting and fruitless task. Do-gooders have been trying this for decades, even longer. (Don't let me stop you, anyone. But I think it's unlikely that a new campaign to educate people about a potential risk that they have never seen any concrete evidence for in their own lives is going to do much.) When crypto is cheap enough, it may be a selling factor for a consumer making a choice. How much extra people are willing to pay is unclear. And there are "sophisticated users" who may pay extra for such features. And certainly there does not have to be "wide acceptance" for crypto to be deployed to the "point of no return" (hint: this is a more important goal to me than acceptance by Joe Public). For example, the SSL and SWAN stuff is incredibly important, because wide encryption of network traffic, even if Joe and Jane Public are not using crypto at home, means surveillance and vacuum-cleaner types of NSA monitoring are made ten thousand times more difficult. Which may be enough to secure for us the blessings of crypto anarchy. P.S. I'll be away at the Hackers Conference in Santa Rosa, CA for the next several days, and then travelling for the American holiday of Thanksgiving Day. So, I'll be mostly away from the list for a while. --Tim May

The second goal needs to be to push a similar product for cell-phones. I think this will be perhaps an easier sell, given the higher initial cost for these phones, and their reduced security. Perhaps a home device could be sold with the cell-phone as a package deal, so that communications with the "home base" (i.e your office, home, etc) would be secure. With the rapid growth in cell-phone sales, selling a package such as this might ensure a larger user-base of home devices.

Given that these goals are met, I think widespread use of crypto over phone lines would become almost inevitable. However, the fun part would be the introduction of such products. The FUD coming from police, the government, etc. would be amazing to behold.

Clay

******************************************************* Clay Olbon olbon@ix.netcom.com engineer, programmer, statistitian, etc. **********************************************tanstaafl

Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."