CryptoPhone, a unit of privately held GSMK, said a European model of its encrypted GSM (Global System for Mobile Communications) phone is available immediately for $2,270 (1,900 euros), and a U.S. configuration will ship by the end of the year. Two CryptoPhones are necessary to have a secure conversation.
But CryptoPhone is unique in that its phone is cheaper, and the complete source code to its encryption software is available, allowing independent auditors to check for accidental bugs and intentional backdoors. For encryption, CryptoPhone uses AES256 and Twofish, two algorithms considered to be among the strongest available.
Interception of GSM calls is illegal in most, if not all, nations, but equipment to sniff and decode phone calls is readily available. GSM spy gear claims to "auto detect," decode and record conversations and "target specific numbers or randomly screen GSM mobile communication." The GSM standard itself includes a limited form of encryption, but Israeli researchers recently discovered a basic flaw in it.
"This is something that is no longer theoretical," Rieger said. "This is something that you can expect every private investigator to have in his toolset."
CryptoPhone's Web site also mentions possible eavesdropping by the National Security Agency and warns that "law-enforcement agencies have in the last years acquired an ever-rising set of capabilities, with ever-shrinking restrictions on their use." In 1998, the Los Angeles Police Department was discovered to have illegally wiretapped hundreds of telephones in violation of the law.
To make a CryptoPhone, the company buys an off-the-shelf phone from a Taiwan manufacturer (sold in the United States as an AT&T SX56) and loads its encryption code into it. The company also plans to release free encryption software for Windows computers on Nov. 23 that will interoperate with its GSM units.