It seems that developers are increasingly concerned about protecting the privacy of their mobile phone conversations. Encryption of phone conversations has sometimes been talked about as the killer app for encryption. However, it has never caught on – mostly I believe because there was never an open platform to develop for a wide audience… keeping development costs high, limiting the interested market ,etc. (and all the Five Forces) Now, there are widely deployed mobile operating systems with enough generic CPU power to handle real-time encryption and it seems developers ready for a go at it.
In one day, I heard of two separate companies developing similar solutions – voice encryption applications for smartphones:
- SecureGSM: Available for both Window Mobile and Windows Mobile Smartphone (SecureGSM™)
- PhoneCrypt: Window Mobile only (SecurStar)
Both of these products are developed outside of North America (Australia and Germany) and appear to work the old-fashion way – creating dialup connections between the two phones to transfer and receive the encrypted conversation. CryptoPhone from Germany offers another Windows Mobile solution plus the option for purchasing unlocked GSM phones with the software already installed.
As one would expect, their positioning includes protecting against the usual bad guys, the government and your competition, but they also focus on keeping your conversation safe from your own mobile carrier. Suspected operator assistance with US surveillance programs maybe influencing the paranoid to purchase these products, but will the primary mobile channel, mobile operators, offer such solutions? And will large business customers buy?
To date, I haven’t seen industry analysts cover this application or identify the need. Comparisons could be drawn to Phil Zimmerman’s Zfone, but the threat models are somewhat different given IP vs. GSM, etc. Given the lack of inherent security for VoIP and the barrier to intercept mobile phone calls, I expect businesses to adopt VoIP encryption before mobile voice encryption. And when it comes to protecting conversations from governments, Brian Snow, former technical director for the NSA’s Information Assurance Directorate, noted at the 30th Birthday of Public Key Cryptography that if governments really want to spy on you, they will, whether or not you are using encryption.