Metaswitch cleared by FBI for spying
John Kelsey
kelsey.j at ix.netcom.com
Sat Apr 12 07:59:19 PDT 2003
At 04:53 AM 4/12/03 +0200, Thomas Shaddack wrote:
...
>Something like an embedded computer, dedicated to PGPfone-like device,
>using a cellphone as its communication unit. Basically, an embedded
>computer, with audio I/O on one side and audio I/O and serial port on the
>other one. The unit would connect between the phone and either a
>hands-free or a handset/headset, acting either as an encryption/decryption
>device (and using the phone in data-call mode), or as just a passthrough
>(for nonencrypted ("plainsound"?) calls)).
I wonder how hard it will be to just implement encryption in software on
the phone. Does anyone know if these relatively new PDA-phones have the
ability to process the packets they receive from digital calls before
feeding them into the codec, and the codec outputs before they send them
out over the air? Or just to set up a data-only call where you're just
sending bits to/from Nautilus or some similar program?
I keep thinking that the only way we're going to get strong encryption on
cellphones is to make it something that individuals can do themselves. The
cellphone providers have little incentive to do this well.
Maybe we could put the dedicated computer you're talking about at home,
with two phone lines available to it. People trying to reach you call into
the box, and it is the only thing that ever legitimately calls your
cellphone. These calls can just always be encrypted, or can use Nautilus
or some such thing, and set up a connection for data instead. When the
cellphone calls out, it always calls to the box first. Ideally, the
software for both the box and the phone would be open source, and no harder
to set up than a VCR. In fact, this could double as a secure cordless
phone, using an 802.11b card; the box chooses the cheapest method to reach
your handset.
For extra credit, if two such boxes ever talk to each other, they could do
end-to-end encryption. But honestly, it's a lot more critical to get the
stuff going out over the air encrypted (since that can be intercepted with
very little risk of anyone noticing).
I wonder if such a box could become a kind of communications hub, handling
(secure) voice mail, cellphone, and multiple cordless phones. Someone who
wants one probably wants all three, and might be willing to pay a couple
hundred dollars for it, making the whole thing reasonable to sell. Even
just getting the over-the-air part encrypted means someone has to leave a
paper trail or physical evidence lying around to eavesdrop on phone calls,
which probably implies actually getting a warrant, rather than just getting
a hacked scanner and using it to troll for interesting cellphone or
cordless conversations. And if the boxes became widespread, we'd start
seeing "transparent" use of end-to-end encryption. (The only way we're
ever likely to see normal, non-paranoid non-criminals using voice
encryption very often is if it's just something that happens automatically
and painlessly.)
--John Kelsey, kelsey.j at ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
More information about the cypherpunks-legacy
mailing list