Last year, before the Edward Snowden scandal leaped into the news, the United Nations Human Rights Council published a "Report of the Special Rapporteur" on the right to freedom of opinion and expression. Frank La Rue, the UN's special rapporteur, concluded that:
Individuals should have a legal right to be notified that they have been subjected to communications surveillance or that their communications data has been accessed by the State... Individuals should be free to use whatever technology they choose to secure their communications. States should not interfere with the use of encryption technologies, nor compel the provision of encryption keys. [emphasis added]
The report also calls mass surveillance a violation of basic human rights. It refers specifically to individual rights, but in my humble opinion, those rights should apply to corporations, too.
The GSMK CryptoPhone is based on Samsung's Galaxy S3 handset with a special Android ROM that allows encrypted calls, disables location tracking, and provides zero-knowledge encryption keys that never leave the device. You can have your privacy back, but that will lighten your wallet by $3,500. This includes two years of secure service.
GSMK CryptoPhones were the first products to take advantage of the fact that the CPU performance of portable consumer devices, like mobile phones and PDAs, is now sufficient for strong real-time voice encryption. According to the GSMK website, it offers secure messaging and voice:
- Secure messaging and voice over IP calls on any network, including 2G GSM, 3G UMTS/W-CDMA, and Wireless LAN
- Hardened Android operating system with granular security management and streamlined, security-optimized components
- Permission enforcement module controls access to network, data and sensors, keeping you in control of your security policies
- Baseband firewall protects against over-the-air attacks with constant monitoring of baseband processor activity, baseband attack detection, and automated initiation of countermeasures
- Two-layer storage encryption system protects data at rest against unauthorized access
One of the key features the company offers is Zero-Knowledge. Zero-Knowledge solutions are completely anonymous, and no one, not even the company selling the device and service, knows who is using it. Obviously, this is not possible when an organization is ordering hundreds of devices. But the CryptoPhone is generating unique keys from static noise, and those keys never leave the device and are not accessible by the company or the user, making it impossible to share them.
GSMK offers the possibility to communicate with a company securely, and provides the GPG/PGP company key on its own website to inquire privately about the service.
Since Edward Snowden started making NSA files public last year, GSMK has seen a jump in sales. There are more than 100,000 CryptoPhones in use today. How secure they really are will be determined in the future. But I'm sure that some government agencies, not just in the US, are very interested in getting a list of users.
The company also offers satellite, land-line, and PBX solutions, all interconnected, to provide full security at corporate level.
I am not against government agencies using today's technology to fight terrorism, but if devices such as the GSMK CryptoPhone are making their job a bit more difficult because they went too far then it is well deserved.