Metaswitch cleared by FBI for spying

Fri Apr 11 19:53:26 PDT 2003

On Fri, 11 Apr 2003, Tyler Durden wrote:
> Well, a secure H.323 is certainly better than nothing, but as of right now
> the world looks like its going to remain circuit switched for a long time.
> That means most standard telephone calls will potentially be under scrutiny,
> unless encryption is used at the end points. And I guess that's where one
> would ultimately want to do that anyway...
> -TD

Which leads me to a different idea. (Or, more accurately, a n-th rehash of
the many-times-discussed-already idea.)

Something like an embedded computer, dedicated to PGPfone-like device,
using a cellphone as its communication unit. Basically, an embedded
computer, with audio I/O on one side and audio I/O and serial port on the
other one. The unit would connect between the phone and either a
hands-free or a handset/headset, acting either as an encryption/decryption
device (and using the phone in data-call mode), or as just a passthrough
(for nonencrypted ("plainsound"?) calls)). The unit would manage
everything from contacts to ringing to encryption of calls and text
messages, the phone would act as just a dumb wireless device, without
carrying any data (nor contact lists) in itself. The unit would also have
to guard the contact lists, stored messages, and other data against
retrieval by unauthorized personnel (thieves, investigators...) - phone
lists from intercepted phones are important intelligence source on its
own. This will also allow us to set the individual phone numbers to
specify if the calls/messages to that number are plaintext by default,
auto-negotiated, or forced-encrypted, and the certificates or public keys
of the other party, allowing checking of the other party's identity.

That all is fairly obvious, and isn't difficult with standalone,
desktop-class PCs, even with the older ones.

A suitable platform for rapid development and deployment seems to be some
flavor of embedded Linux (eg, Midori?). This gives us the advantage of
having most of the code already available, having to just glue it
together.

The question is, how much the available technology changed from when these
things were being actively developed, what of already-existing devices we
can use, if there aren't already enough-powerful devices allowing this
mode of operation without having to develop our own hardware, either as
PDAs, or as some already-existing embedded control systems. (I was looking
around for PC104 boards, but the ones I seen tend to be rather expensive.)
There are already whole computers on a single chip. I seen a full-featured
386 capable of running standard Linux kernel, which would fit both the
power consumption and size requirements, but is too weak for the required
compression and encryption.

The technology marches on and the Moore's Law still applies. So it is just
the matter of time when suitable components hit the market. My question to
anyone who comes into closer contact with this kind of computers is if it
by chance already hadn't happened - and if so, details about the available
devices.

This could be even a decent business opportunity. Make the unit generic
enough, make its function dependent only on its software, sell it anywhere
without any legal restrictions - and make the secure-phone software
available for download, together with eg. GPS car locator software and
remote control/telemetry software. This could drive demand high enough to
benefit from volume production, which could drive the costs low enough to
stimulate demand for secure telephones even between less wealthy people
than the market segment for the overpriced Siemens TopSec units.

-- 
...The best lawyers are Mr. Smith and Mr. Wesson.