Re: Encrypt cell phones calls!!!!
by adafruit_support_mike on Fri Jun 14, 2013 11:40 pm
Before everyone gets too excited about encryption, I'd suggest you look up civilian cryptography guru Bruce Schneier and read what he has to say on the subject.
Short version: there was a time in the early days of civilian cryptography when people believed encryption was a 'magic security dust' (his term) that people could sprinkle on problems and make the bad stuff go away. As civilian experts spent more time exploring detailed real-world problems, they found that security protocols are even more important. It doesn't matter how good your lock is if your bank vault has a big plate glass window.
Real security is a hard problem, and many years of expert research have shown there's no product you can buy that will make it stop being a hard problem.
WRT cell phone encryption, the first and most obvious problem is, "how do you plan to transfer the keys that allow the people at the other end to decrypt your call?" An unencrypted phone call is probably not the best option. On another track, if the keys live in hardware, anyone who gets physical access to any phone you can call has just broken your security.
WRT the recent disclosures about PRISM, encrypting the conversation is irrelevant. The NSA has been collecting metadata about the calls.. which numbers you called, how long each call lasted, when you made the calls, where you were when you made each call, etc. Your actual conversation could be in a pdigin of Navajo, Teochow, and Basque for all it matters. The stuff the NSA has collected is inherent in making the phone system operate.
When you void a product warranty, you give up your right to sue the manufacturer if something goes wrong and accept full responsibility for whatever happens next. And then you truly own the product.
