Metaswitch cleared by FBI for spying

John Kelsey kelsey.j at ix.netcom.com
Sat Apr 12 07:59:19 PDT 2003


At 04:53 AM 4/12/03 +0200, Thomas Shaddack wrote:
...
>Something like an embedded computer, dedicated to PGPfone-like device,
>using a cellphone as its communication unit. Basically, an embedded
>computer, with audio I/O on one side and audio I/O and serial port on the
>other one. The unit would connect between the phone and either a
>hands-free or a handset/headset, acting either as an encryption/decryption
>device (and using the phone in data-call mode), or as just a passthrough
>(for nonencrypted ("plainsound"?) calls)).

I wonder how hard it will be to just implement encryption in software on 
the phone.  Does anyone know if these relatively new PDA-phones have the 
ability to process the packets they receive from digital calls before 
feeding them into the codec, and the codec outputs before they send them 
out over the air?  Or just to set up a data-only call where you're just 
sending bits to/from Nautilus or some similar program?

I keep thinking that the only way we're going to get strong encryption on 
cellphones is to make it something that individuals can do themselves.  The 
cellphone providers have little incentive to do this well.

Maybe we could put the dedicated computer you're talking about at home, 
with two phone lines available to it.  People trying to reach you call into 
the box, and it is the only thing that ever legitimately calls your 
cellphone.  These calls can just always be encrypted, or can use Nautilus 
or some such thing, and set up a connection for data instead.  When the 
cellphone calls out, it always calls to the box first.  Ideally, the 
software for both the box and the phone would be open source, and no harder 
to set up than a VCR. In fact, this could double as a secure cordless 
phone, using an 802.11b card; the box chooses the cheapest method to reach 
your handset.

For extra credit, if two such boxes ever talk to each other, they could do 
end-to-end encryption.  But honestly, it's a lot more critical to get the 
stuff going out over the air encrypted (since that can be intercepted with 
very little risk of anyone noticing).

I wonder if such a box could become a kind of communications hub, handling 
(secure) voice mail, cellphone, and multiple cordless phones.  Someone who 
wants one probably wants all three, and might be willing to pay a couple 
hundred dollars for it, making the whole thing reasonable to sell.  Even 
just getting the over-the-air part encrypted means someone has to leave a 
paper trail or physical evidence lying around to eavesdrop on phone calls, 
which probably implies actually getting a warrant, rather than just getting 
a hacked scanner and using it to troll for interesting cellphone or 
cordless conversations.  And if the boxes became widespread, we'd start 
seeing "transparent" use of end-to-end encryption.  (The only way we're 
ever likely to see normal, non-paranoid non-criminals using voice 
encryption very often is if it's just something that happens automatically 
and painlessly.)


--John Kelsey, kelsey.j at ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD  BBC8 2A80 6948 4CAA F259





More information about the cypherpunks-legacy mailing list