end-to-end crypto for mobile voice (Re: Wired: Echelon Furor Ends in a Whimper)

Owen Lewis oml at eloka.demon.co.uk
Wed, 25 Jul 2001 12:31:40 +0100 

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Adam Back
> Sent: 22 July 2001 02:18
> To: ukcrypto@chiark.greenend.org.uk
> Subject: end-to-end crypto for mobile voice (Re: Wired: Echelon Furor
> Ends in a Whimper)
>
>
> I always thought cell phones with Infra Red transceivers such as
> Nokia 6110
> series would be an interesting and very practical way to build a WoT.  You
> would build up WoT binding phone numbers and names to keys by key signing
> done in person phone to phone via the IR link.  You can already
> beam and SMS
> (I think) phone book entries, which would then have the
> additional property
> of acting as a signed introducer.

Won't help you talk securely to that human rights activist in Papua New
Guinea though, will it?

> I figure the first moderately wide spread end-to-end crypto for
> mobile voice
> will be when there is enough computing power, bandwidth available and
> sufficiently open development platform for such devices as we move towards
> the merge of PDAs, laptops and cell-phones.

I have little doubt that such thoughts were part of the process leading to a
requirement to surrender keys built into RIPA. My guess is that other
countries will be watching closely the effectiveness (or otherwise) of that
type of legislation and may well decide to copy it. It's essential intent is
to make secrecy in communication strictly conditional according to the laws
of one or more countries.
>
> Adam
>
> On Sun, Jul 22, 2001 at 12:35:25AM +0000, David Wagner wrote:
> > I think it might not be so hard as you imagine, in some
> contexts. Consider
> > what it would take to institute universal end-to-end encryption for
> > cellphones to protect against passive eavesdropping. The technological
> > infrastructure is well within our reach, and it doesn't require a global
> > PKI where every cellphone user must have a certified public key.

No, it doesn't *require* a global PKI. Nevertheless, it my guess that it is
in that way that things will develop, given time.

I do not advocate reliance on any such system; quite the reverse in fact.
However, I do believe that risks to confidentiality and, particularly, of
the misuse of personally identifiable secure communications to effect a scam
would be no worse than with WoT.

Owen