Metaswitch cleared by FBI for spying

[Thomas Shaddack]

On Sat, 12 Apr 2003, John Kelsey wrote:
> I keep thinking that the only way we're going to get strong encryption on
> cellphones is to make it something that individuals can do themselves.  The
> cellphone providers have little incentive to do this well.

The telcos are often legally required to NOT do this well. We should keep
in mind that the Adversary keeps the infrastructure compromised.

> Ideally, the software for both the box and the phone would be open
> source, and no harder to set up than a VCR. In fact, this could double
> as a secure cordless phone, using an 802.11b card; the box chooses the
> cheapest method to reach your handset.

Ideally, it would be a plug-and-play thingy, a box with just a connector
and the antenna.

> For extra credit, if two such boxes ever talk to each other, they could do
> end-to-end encryption.  But honestly, it's a lot more critical to get the
> stuff going out over the air encrypted (since that can be intercepted with
> very little risk of anyone noticing).

In "auto" mode, the box should ask the other side if it is a compatible
box, and if yes, do a key handshake.

> I wonder if such a box could become a kind of communications hub, handling
> (secure) voice mail, cellphone, and multiple cordless phones.

There is no reason why it couldn't. :)

> And if the boxes became widespread, we'd start seeing "transparent"
> use of end-to-end encryption.  (The only way we're ever likely to see
> normal, non-paranoid non-criminals using voice encryption very often
> is if it's just something that happens automatically and painlessly.)

The Adversary won't like this. This is another reason why the design has
to be completely open and widely published. I can imagine a government
shutting down a corporation or an individual enterpreneur. I can't imagine
a government successfully shutting down eg. Linux movement, DeCSS, pr PGP.
Asymmetrical warfare in its best :)