This phone doesn't exist because there's not a market for it. I definitely wouldn't buy that. I, like a lot of others, don't have anything to hide from the government so even though I oppose the wire-tapping i'm not going to inconvenience myself to keep arbitrary data and idle chat secure.
> do you ever wonder why there is no consumer hardware PGP telephone?
Not on the analogue phone. But you can easily get a TLS-enabled or ZRTP-enabled hardware or software VoIP phone. Many vpbx providers will also provide you with a vpn tunnel endpoint if you ask about it often enough.
Also, since the analogue phone PSTN interface is pretty trivial to handle, there are multitude of analogue encryption boxes which work as an adapter to the line. Plug & play. You could even use a pc to compress the voice on one side, encrypt, send over an established modem connection and decrypt on the other side.
You don't need the analogue phone itself to do that at all.
> But you can easily get a TLS-enabled or ZRTP-enabled hardware or software VoIP phone.
In theory, arbitrarily strong/usable encryption products can be marketed within the USA.
In practice, from this list:
A) Usable by non-experts (requires no software fiddling, hardware mix-and-match, or other wastes of time)
B) Based on uncrackable/de-facto uncrackable cryptosystem (One-time pad, Public Key - respectively)
C) Affordable by / marketed to ordinary people
We are permitted to choose only TWO.
>...the analogue phone PSTN interface is pretty trivial to handle, there are multitude of analogue encryption boxes which work as an adapter to the line.
Analog "scramblers" are a joke. Any seriously-interested party can crack any and all of them without breaking a sweat.
>...use a pc to compress the voice on one side, encrypt, send over an established modem connection...
Sure, you can use a PC. But if you package this up as a pure-hardware solution usable by anyone who already knows how to use a telephone, certain people will take steps to ensure that your product does not stay on the market.
I do not know what the penalty is for violating the "gentleman's agreement" between the NSA and the electronics industry. But I would not care to find out.
Example of a system doing A+B+C -> Skype. You can claim that they have some way to clone the traffic for NSA use - maybe they do, but from the technical point of view - they satisfy the requirements. It also relies on Skype doing proper authentication / identity presentation.
Hardware-only plug & play box will never work here. You actually have to know something about the connection - information provided out of band. And I don't think most people would accept pressing ~150 digits on the pad as an easy solution.
Analog encryption does not end on scramblers and they don't have to be a joke. As mentioned before, put 2 modems together, apply gsm encoding and any digital encryption you want.
There's a lot of FUD here. If you come up with a proper system, black vans will take you away; NSA has gentelman's agreement; your product will disappear from the market; etc. etc. I don't think you can prove any of it and I can't disprove it either, so I'd rather stay with things we can be sure about.
If it doesn't have backdoors now, it will soon. The remote-intercept capability mandate for land line phones is in the process of being extended to all commercial VOIP.
> Hardware-only plug & play box will never work here.
> But the absence of any easy-to-use/uncrackable/provably non-backdoored secure voice phone on the market is proof enough for me.
If you have to worry about being monitored by government, a super secret phone will not help you anyways. If it's worth doing, your room / furniture / clothes / windows are already bugged and all you say will be recorded before it hits the phone. I really think a provably secure phone is a non-issue.
If it's worth doing, you will be caught and tortured. "Extraordinary Rendition."
The worth of the phone is to prevent you from turning into someone who ought to worry in the first place.
Bugging room / furniture / clothes / windows is expensive.
The NSA is known to use voice recognition and keyword search. It is no longer necessary to already be a target in order to be extensively and intelligently eavesdropped on.
How would a phone use an OTP? Would you send the key by carrier pidgeon to the guy every time you wanted to make a phone call?
There's absolutely no way to get security without some sort of verification by the user. At the very least, you need someone to verify that the keys are correct "can you read me your phone's security serial?". It shouldn't be too hard to create affordable, usable phones based on PKC. The problem is that nobody cares who listens to their conversations, because it's all "where are we meeting tonight/that movie was shit/i can't believe X did Y".
Public key cryptography seems like the wrong choice for phones, because it's relatively computationally intensive, and you'd want a phone to use the cheapest hardware imaginable. However, there is an alternative that would work.
You can use a symmetric cipher (AES is the current standard), and exchange keys via Diffie-Hellman key exchange, which is a method of securely generating a shared private cipher key over a public channel.
As I understand it, the primary advantage of public key cryptography is that it makes encryption and decryption asymmetric processes - i.e. everyone can encrypt something using your public key, but only you can decrypt it, because only you know your private key. In the phone case, the asymmetry would actually be annoying, because both parties want to send encrypted messages to each other, so you'd have to deal with two key pairs for each phone conversation.
That's how most encryption protocols work now, by exchanging symmetric encryption keys at the start. There are protocols to do this, PGPfone was written in the 90s.
Well, actually you won't, but only because you will "listen to reason" when some well-dressed uninvited guests come over for an evening chat.
Call me mad, but do you ever wonder why there is no consumer hardware PGP telephone?