Encrypted Cell Phone Calls for Journalists in Fragile States

Encrypted Cell Phone Calls for Journalists in Fragile States

Organisation: Broadcast Media (Ethiopia)

Publication Date: 06/11/2015



I am working with journalists operating in fragile states, who frequently worry that their cell-phones are tapped. Though the headquarters of CryptTalk are in Stockholm, Sweden, I discovered Szabolcs Kun in his native Budapest, Hungary. He runs a startup team which has spent the last 15 years on securing live data for telecom companies all around the European Union. "We’ve been working with the largest call centres and IP-telecom companies, developing a secure Voice-Over-IP engine to process voice calls. So when we decided to form a company to create the CryptTalk solution, we already had 90% of the technology needed for a secure calling and messaging solution. “ The main point about Crypttalk is that the encryption keys are destroyed immediately after the call. “Most people outside the industry don’t realize that 80% of the work involved in building a secure telecom service is understanding and implementing the right telecom infrastructure. The encryption part is also important, but we decided not to claim our encryption was more secure than what is already out there. In fact, we’re using tried and tested encryption technology and IT best practices that have never failed. The industry of IT security, including telecom, banks and governments already trust these encryption systems. It’s pointless to reinvent the wheel.” “The real problem is that most IT encryption systems are far too complicated for most people to use.” “So our approach was the other way round. We’ve focused on putting proven encryption technology into an application which gives you end-to-end secure communication in an easy and affordable way. It sounds easy. But it is actually very difficult to do well.” I put Ethiopia in the country list, but this system works world-wide. It only works on iOS, but runs well on both an iPad and iPhone. They are looking into Android, but say that for the moment the security issues are difficult to solve. Just posted the details of this startup because it's the only system I've seen with no back door. Would be interested in hearing from others with their own experience.

Technologies used for this project:

“We’re using the Elliptic Curve Diffie-Hellman key exchange that provides what’s called “perfect forward secrecy”. In nutshell: the key is generated as a shared secret, it is never sent over the network (not even in encrypted format). Once the call is over, the key is destroyed. It can never be recovered by anyone.” “This is important in the case that, for example, a curious government agency has recorded your encrypted calls and then seizes your mobile phone when you’re going through customs. Even in this case, they cannot get anything out of the phone which they could use to decrypt the recorded calls made in the past. That’s because the actual decryption key is generated inside the phone and never leaves the device. So without the encryption keys, the contents of the call will always remain encrypted.” SO WON’T YOUR TECHNOLOGY BE USED BY THE REALLY BAD GUYS LIKE TERRORISTS? “We are simply a secure technology provider. We are not going to play judge or jury. And we’re not here to chase the bad guys – that’s the job of the law enforcement agencies, both civil and secret. We created the product in good faith because we believe personal privacy is important. Take the analogy of a knife. You can buy a sharp knife at any department store. Only a tiny fraction of the purchasers will use that knife for evil purposes to harm someone. So a blanket ban on knives doesn’t make sense. Banning a technology like CryptTalk solves nothing.” “I think everyone has the right to protect themselves from the bad guys. If you look at many offices today, there’s an elaborate virus scanner needed on many PC’s in order to protect them from malware from being installed on the outside. In addition, companies spend huge amounts of money building firewalls to prevent hackers breaking in and gaining access to confidential data exchanged on internal, private networks. Let’s say you are a large company like General Electric, and you have two factories in the Netherlands. You are entitled to establish a secure network between those two sites and exchange private data over that channel.” “If it turned out that the security services can show us that one of our clients is engaging in terrorism, then we retain the right to kick them out of the CryptTalk system. Their subscription is cancelled and the app simply doesn’t work anymore. And they can draw their own conclusions as to why.”
Follow this project

Comments (0)

You have to be connected to contribute

You have to be connected to follow

Leave this project and no longer be informed about this project

By joining this project, you will be informed by email when an update or a new contribution is posted on the website.

Thank you for your active participation !

The GEN Community Team