Dear A.P. – Encrypt your telephones.

Well, not what I’d intended. I’d intended to get back to “International Affairs” as they relate to word stability and economic outlook, and back to some stock trading (now that I have a secure method of using my stock trading account again… yes, I’d largely backed off of on-line trading until I had a solution to the Java vulnerability). But things didn’t work out that way.

Seems that Dear Leader and / or Dear Leader’s Minions decided that “contact tracing” the entire Associated Press was ‘a good thing’ for “security” (and, one presumes “for the children“…) Why? Because someone in Government was suspected of leaking. So the right to privacy (the foundation, BTW, of Roe v. Wade) gets thrown under the buss if an Agency suspects their own government of talking to the press? Well excuse me, but that’s the PURPOSE of a Free Press. To be an outlet for Regular Folks to undermine the foundations of tyranny. If the leak is valid, it is a positive feature for the strength and health of a democracy. If the leak is invalid, then both the leaker and the press agent end up looking the fool and the press agent is likely to “leak” themselves about just who lied… Untidy? Unpleasant? Certainly. Reality is like that.

So our government has decided that Freedom Of The Press is only at the pleasure of unnamed government agents and agencies.

At least, at last, the Press Corp has shown a tiny bit of spine and is actually asking some non-lap-dog questions. Perhaps they will eventually generalize to the I.R.S. being used as a political tool of oppression of dissent and the use of the Military as a political chess piece (with the death of Diplomatic Corp folks as a consequence) to create a political narrative. Heck, they might even start to ask about Gun Walking to Mexico and the recent “push” in some overly liberal media of stories pro-gun-restriction saying that most of the guns used in criminal acts in Mexico come from the U.S.A. – leaving out the furnishing and pushing of those guns in a government run Gun Walking operation… The stink is so strong from all of those, collectively, to wake up even the most numb brown nose in the White House Press Corp. The question now being “for how long?” will they stay awakened.

Perhaps even Congress will realize that if THEY want to talk to the Press, they too will end up in a report on the desk of the Administration… (Anyone who thinks that the ‘contact tracing’ was neatly focused only on a D.O.D. related leak doesn’t know how this works. You map ALL contacts. Then search that space for who is likely to be the path of most interest. By necessity, ALL contacts are identified and assessed as to likely purpose and effect.) So Dear Congress: You make the laws. How about restoring some of the Right To Privacy for We The People, and remember that you are part of We The People; especially when a “contact trace” is being run on the Press.

Technical Solutions

So now I find myself forced to look into technical solutions to telephony interception and contact tracing. Not what I wanted to do today at all. I run in “phases”. Interest then rotates back to other things. I’ve done several technical posts in a row now, and I’m getting a bit jaded on the whole Tech Thing and my “novelty seeking” need is starting to push at me… yet I’m being herded by circumstances into more Tech. So please, bear with me for a bit longer. I promise to get back to “other things” soon.

First off, you need an encrypted phone. There are many ways to do that. Skype does encryption (though now that it’s owned by Microsoft, I’d be a bit worried about government asking for ‘back doors’ to be inserted…) so one quick thing to do is swap to some Skype based communications until you get a better solution in place. Realize that sending a ‘tweet’ or an open email saying ‘call me on Skype’ is itself a ‘contact trace’, so the “set up” of the contact must be done by other more discrete methods (to be worked out in another posting, but ‘burner’ email, encrypted, is a good first option). For now, just presume that you slipped someone a card with a Skype address on it and / or another anonymous contact point.

Eventually, there’s a need to get a more “appliance” like solution. I’ll be doing an article on “public key encrypted email” at some future point. This does not hide the ‘contact trace’ but does let you send a private message. So setting up a disposable email account, using the contacts public key to send an encrypted text with YOUR contact info and public key, and then “burning” that email account; that lets you communicate the ‘request for contact’ in a darned hard to find / track method. (Provided the recipient is at all careful to not save that message in clear text…) Once you have a private “contact me here” message, then what?

You could use something like Skype on a computer “not your own” (where the Dongle Pi comes into play again… so I need to look for Skype like software on the Pi…) and preferably from a public WiFi access point. If not doing that, is there a regular telephone like solution?

Well, to start with, use an encrypted phone. Even if the “contact trace” says the two of you talked, it says nothing about what was discussed. Encrypting the communications makes a ‘tap’ fairly useless. Now the Agency has to break into the equipment and crack the system to get to the clear form communications. I’m presently searching for encrypted phone solutions on Linux (and will be looking for a Raspberry Pi encrypted phone solution – it does have and audio jack) but until that’s done; or for folks more interested in commercial products, there are such systems commercially available. This one caught my eye as it is “open source” (which means that Agencies can’t lean on the vendor to insert a hidden back door into the code).

http://www.endoacustica.com/encrypted_telephone.htm

ENCRYPTED TELEPHONE VoIP
Encrypted Telephone

Welcome to the End of the Telecommunications Interception Age.

Trustworthy Voice Encryption

The Encrypted Telephone VoIP comes with full source code available for independent review. Finally, you can perform an independent assessment to ensure that you can rely on strong encryption without any backdoors in the communications device that you entrust your security to.

The Encrypted Telephone VoIP enables you to put the trust where it belongs – in a trustworthy, open and scientific verification process.

GSMK CryptoPhone technology is based on well-researched algorithms for both encryption and voice processing. It features the strongest encryption available combined with key lengths that provide peace of mind today and in the future.

TECHNICAL SPECIFICATIONS
Telephone IP Network Interface

Gigabit Ethernet IEEE 802.3 10/100/1000 BaseT with RJ45 plug
Compatible with Inmarsat BGAN satellite terminals
Optional IEEE 802.11b/g/n wireless LAN support

Voice Encryption

Secure voice over IP communication on any IP network
strongest and most secure algorithms
available today – AES256 and Twofish
4096 bit Diffie-Hellman key exchange with SHA256 hash function
readout-hash based key authentication
256 bit effective key length
encryption key is destroyed as soon as the call ends

Device Protection

Encrypted storage system for contacts protects confidential data against unauthorized access hardened Linux operating system with security optimized components and communication stacks protects device against outside attacks GSMK CryptoPhones are the only secure phones on the market with full source code available for independent security assessments.
They contain no proprietary or secret encryption, no backdoors, no key-escrow, no centralized or operator-owned key generation, and require no key registration.

Interoperability

Fully compatible with all GSMK CryptoPhone IP mobile, satellite and fixed-line encryption products
IP PBX integration with virtual extensions

There’s even folks in Germany offering such products, so you don’t need to worry about “U.S. Export Restrictions” on cryptography:

http://www.cryptophone.de/

GSMK introduces new groundbreaking secure mobile phone

Launch of trailblazing Android-based secure mobile phone at the world’s largest information technology trade show

I’ve not “vetted” the product, especially for ‘contact tracing’ security, but they look like they’ve done their homework:

http://www.cryptophone.de/en/use-cases/private-individuals/

• All GSMK Cryptophone products are interoperable with each other

• Secure mobile telephone calls can be established on any number of mobile networks (including roaming and cross border connections)

• The use of the Thuraya satellite network allows secure calls from areas without GSM coverage or when the user does not want to be visible on the local GSM network

Not sure what that Thurays satellite network might be, but being able to keep off the GSM network means that your information is kept out of the general Telco / provider network. GSM Global System for Mobile phones signalling method is commonly used on phones outside the USA, but also from some USA based carriers. I’ve had GSM phones in California and they work well. Other CDMA methods are more common in the USA; while TDMA is the old “gargling underwater” signalling method on early AT&T services that is now deprecated / obsolete. But it looks like a system worth exploring.

It looks like the Australians can pick up a solution as well:

http://spycity.com.au/gsmk-cryptophone-400.aspx

SMK Cryptophone 400

The GSMK CryptoPhone 400 is a secure IP mobile phone for secure voice over IP communication on any network – GSM, 3G or WLAN.

The CryptoPhone 400 gives you the flexibility to conduct secure voice over IP calls using either GSM, 3G/UMTS, or wireless local area networks.
This unmatched flexibility combined with:

secure messaging
a hardened operating system
encrypted storage for your confidential contacts
messages and notes provides you with 360-degree protection in a sleek
elegant package including a brillant 3.2-inch TFTLCD high-resolution touch screen

Quad-band GSM
Dual-band UMTSHSDPA / WCDMA with HSUPA support
IEEE 802.11 b/g Wireless LAN
Voice & SMS encryption
Secure storage
Hardened WM 6.5 operating system
Standby: Up to 360 hours
Secure talk time: Up to 5 hours

Note: Available to Australian & New Zealand Purchasers only.

That ability to work over a WiFi link is a nice touch. Lets you drop into Starbucks for that call that’s not going to show on the corporate LAN…

I’ll leave the rest of the search for a Commercial Solution to folks who have a real need. I’m going to be putting some “mindshare” on finding an open source roll-your-own solution for those of us who do not have $Million I.T. budgets and corporate staff to provide the solution. I figure A.P. has a Director of I.T. (or perhaps even Chief Information Officer) who can work out a solution for them. (If not, I’m available… “chiefio” came from that job role in my past…)

So no, not a “how to roll your own” in this posting. This is just the “line in the sand” marker. The notice that: If you do not presently have a ‘contact trace’ proof and ‘tap proof’ telephony solution, the time to start selecting one is now.

Since GSMK is open source, it ought to be portable to most any Linux device. It also looks like some folks are already using the Raspberry Pi in telephony applications:

http://www.techweekeurope.co.uk/news/raspberry-pi-gsm-network-cambridge-102553

Raspberry Pi Runs a Mobile Phone Network In Cambridge

The £25 Raspberry Pi becomes a GSM base station
On December 21, 2012 by Max Smolaks

Engineers from PA Consulting Group have managed to create a GSM base station based on the tiny Linux-powered computer Raspberry Pi and some open source software, running their own mobile phone network in a sealed room.

Operating a mobile network usually requires an expensive GSM base station and other infrastructure, but Cambridge-based PA conducted this experiment to highlight the hidden value of cheap, off-the-shelf solutions, keeping the system tucked indoors to avoid encroaching on licensed spectrum belonging to mobile operators.
[…]
Now, it turns out the tiny computer can also successfully route voice and SMS traffic through a GSM network. PA hooked up the Raspberry Pi to a radio interface and,

using two pieces of open source software (OpenBTS and FreeSWITCH), made it perform the same functions as a 30-foot cellphone tower.

The wireless experts had to tweak the software by hand, as well as code-optimise the signal processing. Once this was done, the new network was capable of connecting mobile phones at PA labs. The consultancy tested the device in a special facility, to ensure no laws on frequency spectrum were broken.

“This proves what can be achieved through low-cost off the shelf-systems. Just imagine the other possibilities that other such low cost technologies could inspire across other sectors and industries,” commented Frazer Bennett, a technology expert at PA.

You can see a short video explaining how the consultancy created its private network below:

So this also means that a private company, say A.P., can set up their own GSM access point inside their building. Now all calls to / from that point, go through their Linux and they can choose what data gets out about who is talking to whom. It would take a bit of work, but essentially one could add the equivalent of NAT Network Address Translation to that phone switch such that the actual originating phone ID is hidden. Furthermore, the call can be routed out to the internet and on to a ‘relay’ to mask point of origin, and then back to The Congressman on his / her Skype account. Now the “contact trace” just shows a call originating from Vidalia Washington (or wherever the relay is planted) and nothing about the individual or their actual location. The “contact trace” is broken.

No, don’t know if anyone has such services set up yet. Yes, they WILL come into existence… In theory, anyone could make such an Onion Router like service for internet based telephone calls.

So that’s where I’m “Digging Here!”. Looking for what it takes to capture and secure both the content (via encryption) and the contact trace (via re-routing / IP masking).

Anyone else with ideas / information, this is a giant “Dig Here!!”.

I think a whole lot of reporters are about to get an education in encrypted email, telephony, and contact tracing… If you work for A.P. (or any other news agency) I suggest a phone call to your I.T. department asking about the availability of encrypted phones and contact trace proof telephony solutions. It’s going to be a busy day in the news room, and you don’t need Big Brother with a bug in your ear…

Subscribe to feed