Distrust of phone networks will lead to more secure lines and peer-to-peer phone connections.
Speaking to IT Security Guru, David Davis MP said that he suspected that eventually we will have direct peer-to-peer phone networks where, if we are not far away from each other, secure calls will be possible.
“Where there is not an exchange, it will come because it is cheaper and more efficient than having massive networks with huge volumes,” he said.
Mike Janke, chairman of Silent Circle, told IT Security Guru that he had heard this sort of comment before, and usually from Government types in the US, UK and Europe.
He said: “Although it sounds good, the reality is that it presents enormous challenges. The ideas being floated around do not include device-to-device encryption like Silent Circle, but rather device-to-server encryption.
“Although this would stop several forms of simple eavesdropping, it also opens up all communication to a single point of failure – the main servers. This is much like public key cryptography. I can guarantee you that other nation states, hackers, criminal gangs and others will attack this single point of failure.”
Janke admitted that the trust factor is a difficult area to overcome, as Governments will have the ability to wire tap at the server, but he asked if Government’s can be trusted to build and host a system that will keep out other nations, hackers and criminals?
“The answer is no,” he said. “So in the end, it sounds like a better solution than what currently exists, but it is fraught with security and trust issues as well.”
Davis said that the whole structure of western Government is not very bright on a technical and a strategic level, and the inevitable result is that people will react as people do not like the state poking their nose in and it goes up to Angela Merkel, right through to the lowly citizen to commercial concerns.
“All those problems, that is a strategic one in terms of effectiveness,” he said. “If you tell an entire nation that they are being spied on then the entire nation will respond and that will create a place where the terrorists can hide and that is the agency’s fault.”
Asked if he felt that the concept of secure P2P networks was possible, mobile analyst Alan Goode said that anyone that is thinking of using any radio spectrum or offering telephony services in the UK needs a license to operate and this is heavily regulated and controlled (and under the control of HMG).
“If a company is using secure telephony then a Government may require that the tech company or service provider offers the capability of ‘lawful intercept’ by Government services,” he said. “Senior execs of international companies are usually well advised as to say and what to use when using telephony services.”
In an email to IT Security Guru, Goode did say that organisations can (and do) create their own cellular networks using technology such as WiMAX or Pico cells or install IP telephony networks that are managed by either themselves or through a service provider, and then use standard mobile phones to then switch intelligently between the various networks at different locations.
