From: Phil Karn <karn@qualcomm.com>
Date: Mon, 25 Apr 94 22:47:44 PDT
To: perry@imsi.com
Subject: Re: cryptophone ideas
In-Reply-To: <9404220006.AA00614@snark.imsi.com>
Message-ID: <199404260546.WAA24163@servo.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


>Hacking and reprogramming all the base stations is impossible. Its not
>the same as reprogramming the phone. Its the difference between
>learning French and getting everyone in the world to learn French.

Since I work in this digital cellular business, I think I can
confidently say that Perry *does* know what he is talking about. He's
right -- it's not enough to simply reprogram your phone, you must take
care of the other end too: the base station.

NSA has already let it be known that any cellular system that can
provide end-to-end encryption will not be exportable. It is not
exactly clear what this means, given that once you provide a
transparent *data* (as opposed to vocoded voice) bearer service, the
users can do whatever they want on an end-to-end basis without the
carrier's further cooperation or permission. I guess they figure this
won't be a common practice.

And they have indicated their willingness to allow export of *phones*
with strong encryption -- but not the base stations. This underscores
the uselessness of implementing strong encryption only on the mobile.

Phil