Secure Voice Communications While Travelling?

captnitro asks: "My father works for the US Dept of Commerce in the Eastern Bloc. His hotel room phones are routinely bugged -- a few (former) coworkers have had their stays 'shortened' and politely asked to leave the country, when they said dumb things over the phone. A few days ago he asked me what I use for secure voice when I don't have broadband. Remembering PGPfone from a while back, I looked up the link, but apparently they're no longer supporting/distributing it. While I wouldn't recommend he say much of anything in a bugged room, it got me thinking -- what do *you* use for simple, no-nonsense (requiring modem + sound card), low-bandwidth secure voice app? Unix works, and scriptability gets geek points, but I'll take what I can get."

NCT

[Henry+V+.009]

Me? I bring my Navajo Code Talker with me wherever I go. I do have certain problems with system interoperability, but that is understandable, I'm told.

Man I'm naieve

[Anonvmous+Coward]

" His hotel room phones are routinely bugged -- a few (former) coworkers have had their stays 'shortened' and politely asked to leave the country, when they said dumb things over the phone."

Can somebody explain to me the dynamics involved here? I've been sent to my room before for telling everybody at the dinner table that my mom had to buy larger underwear after gaining some weight, but I've never been told to leave the country...

asterisk or gnuphone

[tzanger]

You could use gnuphone with a SSH or other VPN tunnel, or even a full blown asterisk point and use encrypted IAX transfers. Any old SIP phone would work too.

All of these are IP solutions. Any decent pair of phone encoders (where you encrypt and decrypt the audio stream) would be a lower-tech solution that might work better.

Analog Hole

[zulux]

Voice has a *huge* analog hole - any microphone within 100 ft can pick the converation up, and parabolic dish or laser bounched off the window can extand that range to blocks.

So given that you want to be secure, you *really* have to rule out speach.

So try IM.

bad idea

[Asgard]

If you are in a foreign country and the state agencies are bugging your calls, you better be darn sure of what their crypto laws say because you might get arrested for spying if you break them.

You should read Slashdot more often

Can yuo tlak liek tihs?

Don't talk

[duffbeer703]

Since the gov't isn't willing to provide secure communications, don't talk on the phone. Talk in person in a hotel room with loud music. Bagpipes and tapes of japanese people talking are particularly good.

speakfree

[zcat_NZ]

speak freely is a Free program for Windows and *nix. It supports strong encryption (by default) and is very light on bandwidth. It works more like a walkie-talkie than a phone though.

Or you could just send GPG-encrypted emails..

Nothing

[Johnny+Mnemonic]

What do I use? Nothing. Either of these are true: 1) the gov't in question can crack any lame, consumer oriented encyrption I use; therefore any security I use just provides me with a false sense of security. Or, 2) the gov't in question can't crack it, and their interests are raised. In this instance, "their interests are raised" means I am dragged down to the police station and my testicles have electrodes taped to them; my screams aren't encrypted, natch.

I would suggest that your father not talk about stupid things on the phone when visiting hostile foreign countries, and when he does so, to not depend on consumer grade security. He may as well use the decoder ring he got with a box of cereal.

PGPfone is still available

[SiMac]

From the PGPi website, including the source.

Might not work on newer hardware, but it's still available.

Eastern Bloc???

[Ross+Finlayson]

Hello? 1973 called. They want their story back :-)

Be aware of the risk

[Piquan]

Remember that no matter what you do, there's risks. Encrypt a voice connection? A room bug will have no trouble listening to that. Even if the room itself has no transmitters, somebody can point a laser at the window and hear what's up. Besides, the encryption doesn't buy you great security: to the NSA, encrypted phone calls are pretty much a joke.

Email may be better. It stands up to cryptanalysis better, and room bugs don't get it. But, it is vulnerable to a lot of new problems: Van Eck emissions, screen flicker, and even a good ol' pair of binoculars across the street.

If you use these, remember that the security of the mechanism is only as good as the security of the computer. If you get 0wnz0r3d, then you're screwed.

Now, consider the idea of "proportional response". Right now, your dad gets phone taps. What do you think will happen if he starts encrypting communication? Sure, a regular phone tap falls apart under almost any sort of encryption. But start using encryption, and they're more likely to put more resources into finding out what you're up to. That's when the things like room bugs and Van Eck attacks come into play.

So, you have to figure out: how much of a risk does your dad represent to them? How much are they willing to spend to monitor his communications? That's the first step to deciding what appropriate encryption would be.

Isn't the government good at that sort of thing???

[Tintivilus]

He's a government employee; I'd expect that if they wanted his communications to be secure, they would be. I'm sure they have all kinds of nifty toys that are provided to those they think need them.

NSK 200 - Secure GSM/DECT phone

[neonstz]

If you really want to get secure you should take a look at the NSK 200, a GSM/DECT-phone which is approved for NATO Secret. I don't know if it is available for everyone though.