Encrypting Phone Storage and Transmission?

An anonymous reader writes "Soon I'll be moving to one of the hot, culturally restrictive countries which has recently been in the news ... and which monitors and filters web traffic. ISPs and cellular providers are both owned by the government. Needless to say, I'm concerned about privacy and am even posting to my fellow Slashdotters as an anonymous coward. Which smart phones are the best for a) encrypted storage, and b) encrypted transmission? I'm not worried about encrypting SMSs or traditional voice traffic, but I would like all IP traffic as secure as possible. Setting up a server in my less restrictive home country is an option. What storage encryption and transmission encryption would you recommend for that situation? I'm willing to buy yet another device, if necessary. (No, I won't get a SatPhone.) I currently have a Nokia N900 running Maemo5 and another device running Symbian S60v3. I was hoping to have a secure OS like BackTrack running on the N900, but it looks like the software was never totally ported for the device."

Traditional VPN?

[RyuuzakiTetsuya]

Why not a traditional VPN with an Android or iOS device? Symbian should also be able to support VPN connections as well.

Re:Traditional VPN?

[MoonBuggy]

I thought the same, but there are a few important supplementary questions (to which I don't know the answers):

• By consistently streaming encrypted information out of the country, will you just make yourself a target for more invasive surveillance measures (and perhaps some rubber hose cryptanalysis)?
• When the ISP themselves are your adversary, you're at an immediate security disadvantage. How far can they go towards cracking your connection when they can monitor everything you transmit, and cross reference it with real-world info about you?
• If your connection is compromised, how much extra risk are you at? Is the sense of security leading you to transmit things that you wouldn't otherwise have committed to writing, and might they cause you trouble?
• Are these encryption measures legal where you're going? Even if so, are the state the type who might see it as a reason throw you in jail on vague espionage charges?

I understand wanting to maintain your privacy as a matter of principal, but ultimately you're the one choosing to go to their country. You don't have to like it, but you do have to live by their rules. From my own experience travelling in some of the more repressive parts of the world, I would say that there's generally a certain amount of leeway given to foreigners that isn't afforded to locals, but you're still safer not giving them an excuse to pay you any extra attention. What I can't tell you (especially without knowing which country you're going to) is what they will or will not consider to be an excuse; honestly I doubt that even a police chief in the country could give you a definitive answer in a lot of places - the strictness of the definition tends to be inversely proportional to the wealth and influence wielded by the person that it is being applied to.

Just bear in mind that while it may be discomforting to know they're reading your emails home, they probably don't care what you're saying. They might well start caring about the fact that they can't see what you're saying.

Buy the phone in that country

[ogfomk]

You will just need to buy that phone in the country you are going in. Otherwise you may loose it through customs unless you are a diplomat. Best to get something boring and assume that everything you send is readable by anyone. If you keep something that is valuable there is nothing that customs would like better than to have your device.

Solution.

[Zurk]

I have the same problem. I am not in a restrictive country, however my phone lines are tapped on a regular basis since i deal with defendants. its not paranoia -- they really do tap phones of attorneys to get around atty/client and ive seen the records more than once. I use an SSH connection to a tomatousb router (ASUS RT-N16) and forward ports to my N810. you can do the same with your N900. this allows me to do VOIP directly and also share the same connection locally by letting my N810 serve as a local hotspot. All traffic is encrypted with SSH until it reaches my home which is on a dynamic ip anyway. This has worked against local and fed agencies but may not work against NSA/big brother type agencies or against foreign government state departments. You need a fast upload connection (my 25/2 Mbps cable connection works fine). For anything more than the usual calls i meet people in person at the office. meeting in person is covered by priv and works well.

Re:Solution.

[BluBrick]

I am not in a restrictive country, however my phone lines are tapped on a regular basis since i deal with defendants.

Y'know, if the second part of that statement really is true, you might just want to re-think the first.

Re:Solution.

[guruevi]

Welcome to the US. If you're speaking on a phone, you're not talking in private, if you're talking in a room where other people are or have been, you're not talking in private. Better-paid attorneys will actually sweep the rooms regularly for bugs and have external audits performed.

Why you ask? The duty to keep the attorney/client privilege is not on the state but on the attorney so the state could get a warrant (or not if you're DHS/FBI, the Patriot Act cares for it) for the wiretapping of an attorneys office if they could demonstrate (or not) that it could further their case. If a cop 'accidentally' overhears a conversation between an attorney and his client, it can be used or even if it can't be used in court it could be used in questioning and pressuring. The only exception to that is at a prison or a state office where the attorney or client can request a private area to conduct their conversation (again, duty is on the attorney or his client to request such privacy) but most likely they won't carry on a conversation in those settings - the focus would be to get them out of there first without saying too much if possible.

consider steganography over cryptology

[smoothnorman]

I'd be most worried about the: "he's using techniques which we can't crack. so he's really up to no good, and we must therefore have him 'pay us a visit'" (cf the usual: http://xkcd.com/538/). So perhaps you should consider communication that doesn't trivially look like communication that's subversive to the powers-that-are? Just something to mull over; because you see, the birds do fly west on a sunny day.

Re:consider steganography over cryptology

[izomiac]

I was just about to pop in and say that. Plausible deniability is the only sane choice for this environment. It basically doesn't matter to you if your encryption is never broken if they just take that as an admission of guilt.

IMHO, the way to go would be an android phone with an extra /data/ partition that's encrypted, and swap them out using the terminal. Be sure to use a strong screen lock (i.e. a long password or very long series of numbers, no patterns). That way, you have a benign /data for investigators, you get *everything* (i.e. thumbnails, logs, etc.) encrypted, and if they question you about the partition you can feign ignorance and claim that it must be a corrupted flash chip. All that said, I'm not sure how technically feasible this is, but it seems straight-forward enough with root access and some familiarity with the Linux terminal.

Blackberry + BES Express

[ballwall]

Set up a BES Express server, and get a BlackBerry. I'm not sure you can find equivalent security on any other platform. The BES Express server (free) offers transparent VPN. The devices themselves are unmatched, security-wise (though you'd be stepping back like 5 years in features). Email might be a problem if you don't want to also run exchange or lotus domino, but you could easily set up an IMAPS server and use that.

Your best bet ...

[tgd]

Is not to use those services. Generally speaking, if the country is that restrictive, they probably will not take kindly to a foreigner trying to bypass the restrictions.

A good rule of thumb to travel: obey local laws. If you don't like them, don't go there. As a foreigner, you are in a pretty risky spot to try to take matters into your own hand.

n900 is probably the most flexible

[xeno]

Some resources for the n900:

----- file system encryption--
Truecrypt for true cross-platform encryption on the phone's non-boot volume
  (available by default in the N900's Extras-Testing repository)
A nice script to simplify use of TrueCrypt (no screen icon = non-obvious = good)
  http://forums.internettablettalk.com/showthread.php?p=597269
Also note that for your pc, you can put the x86 tc.exe on the phone's unencrypted boot volume, ...and then mount the phone's encrypted volume from the card, thru 1 usb connection

----- IP encryption
Tor is available as a package and works well, tho with caveats
  http://www.torproject.org/docs/N900.html.en
SSH is also available

----- semi-secure voip
Skype support is inbuilt (tho sometimes suspect w/proprietary encryption & whatnot)
  configure thru Settings>Connectivity>VoIP and IM.
Run your own Asterisk PBX on the n900 with an encrypted config/tunneled
  available in the Extras repository

----- alt boot options
option to boot alt OS hidden on card
  http://wiki.meego.com/ARM/N900/Install/Dual_Boot
  http://neopwn.com/ (sometime soon, one hopes)
option to carry a hidden/alt bootable PC OS in your phone
  http://zitstif.no-ip.org/?p=451

Could be dangerous ...

[gstoddart]

Before you start trying to figure out how to circumvent being spied upon by the host government, maybe you should look into the possible consequences of this. It may well be that if they find out that you're doing this, things could really turn out bad for you.

It's generally a good idea to try to actually obey the laws of the country you're going to, especially if it's as volatile as you say it is. If you're a foreign national and don't have any sort of diplomatic protections, you could be playing a risky game.