Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure Voice Communications While Travelling?

Posted by Cliff on from the thwarting-eavesdroppers-everywhere dept.

captnitro asks: "My father works for the US Dept of Commerce in the Eastern Bloc. His hotel room phones are routinely bugged -- a few (former) coworkers have had their stays 'shortened' and politely asked to leave the country, when they said dumb things over the phone. A few days ago he asked me what I use for secure voice when I don't have broadband. Remembering PGPfone from a while back, I looked up the link, but apparently they're no longer supporting/distributing it. While I wouldn't recommend he say much of anything in a bugged room, it got me thinking -- what do *you* use for simple, no-nonsense (requiring modem + sound card), low-bandwidth secure voice app? Unix works, and scriptability gets geek points, but I'll take what I can get."

8 of 85 comments (clear)

  1. Analog Hole by zulux · · Score: 4, Insightful

    Voice has a *huge* analog hole - any microphone within 100 ft can pick the converation up, and parabolic dish or laser bounched off the window can extand that range to blocks.

    So given that you want to be secure, you *really* have to rule out speach.

    So try IM.

    --

    Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.

  2. Tricky, may need tempest shielding by WolfWithoutAClause · · Score: 2, Insightful
    If he has a laptop then he may be best off just using SSL, a modem, and one of the instant messaging technologies (even something really crude like talk would work).

    It all depends on how secure he really needs to be though; in theory they can tap his laptop keyboard remotely, and/or watch his display just by analysing the emitted radio waves. The only solution to that is tempest-level shielding. I do vaguely remember somebody selling a conductive tent that you go inside and it blocks the laptop's emissions.

    Of course if he goes the voice route then he has to worry about being physically overheard- it doesn't matter how encrypted his laptop link is then! Similarly if his typing or screen is being videoed; or if somebody subverts his laptop then all bets are off.

    --

    -WolfWithoutAClause

    "Gravity is only a theory, not a fact!"
  3. encryption may not be the answer by morcheeba · · Score: 2, Insightful

    If they see you using encryption, they may through him out just for that. I'd suggest discrection.

    --
    HIV Crosses Species Barrier... into Muppets
  4. Be aware of the risk by Piquan · · Score: 3, Insightful
    Remember that no matter what you do, there's risks. Encrypt a voice connection? A room bug will have no trouble listening to that. Even if the room itself has no transmitters, somebody can point a laser at the window and hear what's up. Besides, the encryption doesn't buy you great security: to the NSA, encrypted phone calls are pretty much a joke.

    Email may be better. It stands up to cryptanalysis better, and room bugs don't get it. But, it is vulnerable to a lot of new problems: Van Eck emissions, screen flicker, and even a good ol' pair of binoculars across the street.

    If you use these, remember that the security of the mechanism is only as good as the security of the computer. If you get 0wnz0r3d, then you're screwed.

    Now, consider the idea of "proportional response". Right now, your dad gets phone taps. What do you think will happen if he starts encrypting communication? Sure, a regular phone tap falls apart under almost any sort of encryption. But start using encryption, and they're more likely to put more resources into finding out what you're up to. That's when the things like room bugs and Van Eck attacks come into play.

    So, you have to figure out: how much of a risk does your dad represent to them? How much are they willing to spend to monitor his communications? That's the first step to deciding what appropriate encryption would be.

  5. Isn't the government good at that sort of thing??? by Tintivilus · · Score: 3, Insightful

    He's a government employee; I'd expect that if they wanted his communications to be secure, they would be. I'm sure they have all kinds of nifty toys that are provided to those they think need them.

  6. NSK 200 - Secure GSM/DECT phone by neonstz · · Score: 3, Insightful

    If you really want to get secure you should take a look at the NSK 200, a GSM/DECT-phone which is approved for NATO Secret. I don't know if it is available for everyone though.

    1. Re:NSK 200 - Secure GSM/DECT phone by CharlieG · · Score: 2, Insightful

      NATO Secret = Not very high level

      From the bottom:
      Confidential - Not a very big deal - getting cleared for confidential stuff is fairly easy. A lot of times, it's used for things like - a plant works on secret/TS stuff in parts of the plant. Your the employee of a subcontractor who is working on something non classified. If you visit, and you don't have a clearence, you will have to be escorted EVERYWHERE - including the rest room, even if you stay in the "Open" part of the plant (aka, not secret stuff is going on there). So they will get you a confidential clearance, so you can go to the restroom, or lunch, with out an escort. The basically want to know if they can trust you enough not to jimmy locks to get past doors marked secret

      Secret - the 2nd level. Where I used to work, there were a dozen or so guys with Secret level clerance. This is a lot of basic stuff, plus stuff that you can figure out if your in certain areas. Ever look at airplane cockpit photos, or photos inside subs? There is always a few things covered up, be cause you can deduce things. Generally, a secret clearence allows you to see that kind of stuff - stuff folks in the military see every day, and think nothing of

      Top Secret - a level above that, and traditionally the highest level of clearence - I say traditionally, because it's fairly well know that there are levels above that, but all those levels are in the "we deny they exist". From what I understand, some TS stuff gets hairy

      Levels above that - "Code Word", "Compartmentalized", "Crypto", etc. Now you getting special clearence to work on individual things. Things start to get VERY strange. I've met a few of these folks. Can you imagine working on a project, and when your boss askes what your working on, the reply is "I can't tell you"

      I used to work on Long Island - some great Ocean fishing. Knew a guy who loved fishing, and was doing subcontract work for us. He loved to go, but he would rarely go. You see, once he went more than 3 miles off shore, he had to spend a day filling out paperwork listing why, where, who he saw there, what was said, etc - he said it wasn't worth the hassle. I never did find out what he was working on for his parent company (it sure wasn't for us - there was nothing classified in our plant), and frankly, I never asked, or hinted that I wanted to know

      So based on what I've just told you, i would trust a telephone ONLY rated secret very far

      --
      -- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
  7. IAD by Anonymous Coward · · Score: 1, Insightful

    He should get in touch with the US government's IAD (Information Assurance Directorate). They'll advise him and can provide something properly certified as secure.

    If you just use some random program recommended by random slashdotters you don't know how secure it really is. Even if the crypt is good there are other things to worry about (e.g. EM emissions, your laptop getting hacked).