What is PGPfone?
PGPfone lets you whisper in someone's ear, even if their ear is a thousand miles away. PGPfone (Pretty Good Privacy Phone) is a software package that turns your desktop or notebook computer into a secure telephone. It uses speech compression and strong cryptographic protocols to give you the ability to have a real-time secure telephone conversation. PGPfone takes your voice from a microphone, then continuously digitizes, compresses and encrypts it and sends it out through a modem to the person at the other end who is also running PGPfone. All cryptographic and speech compression protocols are negotiated dynamically and invisibly, providing a natural user interface similar to using a normal telephone. Public-key protocols are used to negotiate keys without the need for secure channels.
All you need to run PGPfone is:
1) A really reliable fast modem: at least 14.4 Kbps V.32bis (28.8 Kbps V.34 recommended).
-An Apple® Macintosh with at least a 25MHz 68LC040 processor (PowerPC recommended), running System 7.1 or above, Thread Manager 2.0.1, ThreadsLib 2.1.2, and Sound Manager 3.0. These are available from Apple's FTP sites.
-A multimedia PC running Windows 95 or NT, with at least a 66 MHz 486 CPU (Pentium recommended), sound card, microphone, and headphones.
For the technically curious: PGPfone does not need any secure channels for the prior exchange of cryptographic keys before the conversation begins. The two parties negotiate their keys using the Diffie-Hellman key exchange protocol, which reveals nothing useful to a wiretapper, yet allows the two parties to arrive at a common key that they can use to encrypt and decrypt their voice streams. PGPfone version 1.0 uses biometric signatures (your voice) to authenticate the key exchange, triple-DES, CAST, or Blowfish for encrypting the voice stream, and GSM for the speech compression. More on all that later. Why we made PGPfone, and why you need it.
It's personal. It's private. And it's no one's business but yours. You may be planning a political campaign, discussing your taxes, or having an illicit affair. Or you may be doing something that you feel shouldn't be illegal, but is. Whatever it is, you don't want your telephone calls to be intercepted or overheard by anyone else. There's nothing wrong with asserting your privacy. Privacy is as apple-pie as the Constitution. The right to privacy is spread implicitly throughout the Bill of Rights. But when the US Constitution was framed, the Founding Fathers saw no need to explicitly spell out the right to a private conversation. That would have been silly. Two hundred years ago, all conversations were private. If someone else was within earshot, you could just go out behind the barn and have your conversation there. No one could listen in without your knowledge. The right to a private conversation was a natural right, not just in a philosophical sense, but in a law-of-physics sense, given the technology of the time.
But with the coming of the information age, starting with the invention of the telephone, all that has changed. Now most of our conversations are conducted electronically. This allows our most intimate conversations, both business and personal, to be exposed without our knowledge. Cellular phone calls may be monitored by anyone with a radio. Electronic mail can be routinely scanned for interesting keywords, on a large scale. This driftnet fishing approach has been readily applicable to email for a long time, but in recent years advances in voice recognition technology have begun to bring similar capabilities to filtering phone calls. Now the government can scan large numbers of phone calls for particular words, or for particular individual's voices. I'm not saying the government actually does this to domestic phone calls today on a large scale as a matter of policy, but they have acquired the technology nonetheless.
In 1991, Senate Bill 266 included a non-binding resolution, which if it had become real law, would have forced manufacturers of secure communications equipment to insert special "trap doors" in their products, so that the government could read anyone's encrypted messages. Before that measure was defeated, I wrote and released Pretty Good Privacy, my email encryption software that uses public-key encryption algorithms. I did it because I wanted cryptography to be made available to the American public before it became illegal to use it. I gave it away for free so that it would achieve wide dispersal, to inoculate the body politic.
The 1994, Digital Telephony Bill mandated that phone companies install remote wiretapping ports into their central office digital switches, creating a new technology infrastructure for "point-andclick" wiretapping, so that federal agents no longer have to go out and attach alligator clips to phone lines. Now they'll be able to sit in their headquarters in Washington and listen in to your phone calls. Of course, the law still requires a court order for a wiretap. But while technology infrastructures tend to persist for generations, laws and policies can change overnight. Once a communications infrastructure optimized for surveillance becomes entrenched, a shift in political conditions may lead to abuse of this new-found power. Political conditions may shift with the election of a new government, or perhaps more abruptly from the bombing of a Federal building. A year after the 1994 Digital Telephony bill passed, the FBI disclosed plans to require the phone companies to build into their infrastructure the capacity to simultaneously wiretap one percent of all phone calls in all major US cities. This would represent more than a thousandfold increase over previous levels in the number of phones that could be wiretapped. In previous years, there were only about 1000 court-ordered wiretaps in the US per year, at the federal, state, and local levels combined. It's hard to see how the government could even employ enough judges to sign enough wiretap orders to wiretap 1% of all our phone calls, much less hire enough federal agents to sit and listen to all that traffic in real time. The only plausible way of processing that amount of traffic is a massive Orwellian application of automated voice recognition technology to sift through it all, searching for interesting keywords or searching for a particular speaker's voice. If the government doesn't find the target in the first 1% sample, the wiretaps can be shifted over to a different 1% until the target is found, or until everyone's phone line has been checked for subversive traffic. The FBI says they need this capacity to plan for the future. This plan sparked such outrage that it was defeated in Congress, at least this time around, in 1995. But the mere fact that the FBI even asked for these broad powers is revealing of their agenda. And the defeat of this plan isn't so reassuring when you consider that the 1994 Digital Telephony bill was also defeated the first time it was introduced, in 1993.
Since then, we had antiterrorist laws after september 11! Advances in technology will not permit the maintenance of the status quo, as far as privacy is concerned. The status quo is unstable. If we do nothing, new technologies will give the government new automatic surveillance capabilities that Stalin could never have dreamed of. The only way to hold the line on privacy in the information age is strong cryptography. Cryptography strong enough to keep out major governments. You don't have to distrust the government to want to use cryptography. Your business can be wiretapped by business rivals, organized crime, or foreign governments. The French government, for example, is notorious for using its signals intelligence apparatus against US companies to help French corporations get a competitive edge. Ironically, US government restrictions on cryptography have weakened US corporate defenses against foreign intelligence and organized crime.
The government knows what a pivotal role cryptography is destined to play in the power relationship with its people. In April 1993, the Clinton administration unveiled a bold new encryption policy initiative, which was under development at NSA since the start of the Bush administration. The centerpiece of this initiative is a government-built encryption device, called the "Clipper" chip, containing a new classified NSA encryption algorithm. The government has been trying to encourage private industry to design it into all their secure communication products, like secure phones, secure FAX, etc. AT&T has put Clipper into their secure voice products. The catch: At the time of manufacture, each Clipper chip will be loaded with its own unique key, and the government gets to keep a copy, placed in escrow. Not to worry, though-- the government promises that they will use these keys to read your traffic only "when duly authorized by law". Of course, to make Clipper completely effective, the next logical step would be to outlaw other forms of cryptography.
The government initially claimed that using Clipper would be voluntary, that no one would be forced to use it instead of other types of cryptography. But the public reaction against the Clipper chip has been strong, stronger than the government anticipated. The computer industry has monolithically proclaimed its opposition to using Clipper. FBI director Louis Freeh responded to a question in a press conference in 1994 by saying that if Clipper failed to gain public support, and FBI wiretaps were shut out by non-government-controlled cryptography, his office would have no choice but to seek legislative relief.
The Electronic Privacy Information Center (EPIC) obtained some revealing documents under the Freedom of Information Act. In a "briefing document" titled "Encryption: The Threat, Applications and Potential Solutions," and sent to the National Security Council in February 1993, the FBI, NSA and DOJ concluded that:
"Technical solutions, such as they are, will only work if they are incorporated into all encryption products. To ensure that this occurs, legislation mandating the use of Government-approved encryption products or adherence to Government encryption criteria is required." In the aftermath of the Oklahoma City tragedy, Mr. Freeh testified before the Senate Judiciary Committee that public availability of strong cryptography must be curtailed by the government (although no one had suggested that cryptography was used by the bombers). A few months later, Senator Grassley introduced legislation that would outlaw placing cryptographic software on any computer network that might be accessible by a foreigner -- in other words, any computer network. The only exception would be if the software were designed to escrow its keys with the government. The government has a track record that does not inspire confidence that they will never abuse our civil liberties. The FBI's COINTELPRO program targeted groups that opposed government policies. They spied on the anti-war movement and the civil rights movement. They wiretapped Martin Luther King's phone. Nixon had his enemies list. And then there was the Watergate mess.
The War on Drugs has given USA the world's largest per-capita incarceration rate in the world, a distinction formerly held by South Africa, before we surpassed them during the eighties even when apartheid was in full swing. We've seen the images and sounds of the Rodney King beatings, Detective Mark Fuhrman's tapes boasting of police abuses, and the disturbing deliberate killings by government agents in the Ruby Ridge and Waco cases.
And now, after the Word Trade Center attack, the Congress seems intent on passing laws curtailing our civil liberties on the Internet. At no time in the past century has public distrust of the government been so broadly distributed across the political spectrum, as it is today. If we want to resist this unsettling trend in the government to outlaw cryptography, one measure we can apply is to use cryptography as much as we can now while it is still legal. When use of strong cryptography becomes popular, it's harder for the government to criminalize it. Thus, using PGP and PGPfone is good for preserving democracy.
If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors and some other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable "military grade" public-key cryptographic technology for telephone conversations. Until now. PGPfone, like the original PGP, empowers people to take their privacy into their own hands. It seems that it is now once again time for direct action, before it becomes illegal to spread this technology. So here is PGPfone.
I'm not as certain about the security of PGPfone. If I were, that would be a bad sign. But I don't think PGPfone contains any glaring weaknesses (although I'm pretty sure it contains programming bugs). I have selected the best algorithms from the published literature of civilian cryptologic academia. For the most part, they have been individually subject to extensive peer review. I know many of the world's leading cryptographers, and have discussed with some of them many of the cryptographic algorithms and protocols used in PGPfone. It's well researched, and has been years in the making. And I don't work for the NSA. But you don't have to trust my word on the cryptographic integrity of PGPfone, because source code is available to facilitate peer review.
In the secure telephone arena, your choices look bleak. The leading contender is the STU-III (Secure Telephone Unit), made by Motorola and AT&T for US$2,000-$3,000, and used by the government for classified applications. It has strong cryptography, but requires some sort of special license to buy this strong version, and even the strong version has a back door for the NSA. A commercial version of the STU-III is available that is somewhat watered down, and an export version is available that is even more severely weakened for NSA's convenience.
Then there is the US$1,200 AT&T Surity 3600, which uses the government's famous Clipper chip for encryption, with keys escrowed with the government for the convenience of wiretappers. Then of course, there are the analog (non-digital) voice scramblers that you can buy from the spy-wannabe catalogs, that are really useless toys as far as cryptography is concerned, but are sold as "secure" communications products to customers who just don't know any better.
adapted by Rafal Swiecki, p. eng. email
This document is in the public domain.