Everybody has a cryptographic telephone in their pocket. The problems are the cryptography is weak, the endpoints are insecure and people underestimate the value of traffic analysis.
Even if the cryptography were perfect the endpoints could still be listened in on and the latter would still be a huge problem.
Mobile phone encryption only works for the phone-to-tower part. Obviously what Appelbaum is referring to is a phone that does end-to-end encryption (still leaking some info but at least the contents of your conversation should be mostly safe), but people that are not capable of making this distinction will be wary of radio intercepts rather than wholesale line tapping.
It would be a funny thing if you needed a key-signing party before you could start to call people on the phone but it may come to that yet.
It's all very do-able. Even carrier voice could be pulled up into userland code in LTE, and therefore could use open source strong encryption.
Social networks are the ideal medium to exchange keys and form and maintain a web-of-trust.
This does not fix traffic analysis, but it would blind Sauron's eye enough to make the current surveillance infrastructure so unreliable as to be useless.
What's needed is for one or two national governments to come to the conclusion that their own surveillance is so far behind the NSA that the only way to win is not to play the game and actually secure their nation's communications and sell this the way tax havens sold financial privacy.
I've noticed my use of Facebook has been restricted and constrained by mistakes I made when I first used Friendster and Tribe and Orkut. I see my family and friends making many of the same mistakes I made - playing the competitive "more friends" game and connection to people they've never met or who they really don't want "snooping" on their social life - exes, coworkers, bosses, friends-of-friends…
There's no way I'd want Facebook (or Twitter or Google or Yahoo or Microsoft or … ) being any part of a "web of trust" I was using for privacy/encryption/authentication – partly because there's no doubt they're deeply in bed with the NSA (are you really suggesting Facebook's platform is trustworthy enough to exchange keys?), but at least as much because I can clearly see that most people haven't curated their social networking "connections" with anything like the rigor they might have done if they'd been told up-front that "these connections might be used to authenticate your identity and communication to others (potentially including government, law enforcement, and other legal/contractual entities), and also to authenticate your connections identities and communication to those entities."
Do you _really_ know who all of your Facebook "friends" are? Are you _sure_ the person you think that account represents is actually in control of that account? Even if they are, do you trust them enough to vouch for your identity? Are you sure enough of that trust that they wouldn't "betray" you if the NSA, or a police officer, or their local council's dog-catcher, or your car/health insurance company approached them with either a threat or a handful of cash?
Key signing enables keys to be exchanged in a hostile environment. Compare web-of-trust to x.500 directory services, which are dependent on CAs.
It also isn't necessary to use Facebook for key exchange in order to adopt social networking functionality to enhancing a web of trust.
The bottom line is you have to design a secure system to avoid having to trust cloud services. While Facebook may be the poster child for untrustworthyness, you can't trust your own machine in the basement of your house not to get hacked. What you can trust is key signing, because it requires stealing a number of identities all at once.
"It would be a funny thing if you needed a key-signing party before you could start to call people on the phone but it may come to that yet."
Voice conversations are actually much easier to secure than other types of traffic. If the two parties know each others voices, then the security of the connection can be authenticated by each party reading back the shared secret, to each other after the call has been established. This is how ZRTP works and Moxie Marlinspikes "Red Phone".
It would be a funny thing if you needed a key-signing party before you could start to call people on the phone but it may come to that yet.
It seems to me something like Bump would be the perfect avenue for this. Want to call someone securely? Bump phones, transfer public keys over Bluetooth, and compare each other's screens to make sure the keys match. Done.
Andy Mueller-Maguhn is a long time member of the Chaos Computer Club in Germany, and a former spokesman. He is a specialist on surveillance, working in a journalistic capacity on the surveillance industry with his project wiki, buggedplanet.info. Andy works in cryptographic communications, and runs a company called Cryptophone, which markets secure voice communication devices to commercial clients.
I think the part of the speech quoted by the parent commenter was indeed referring to exactly this software, and to the other things that the speech mentions:
"I have in my pocket a cryptographic telephone [...] This phone, short of breaking into it when I make a phone call, no one here, short of a mathematical breakthrough, is going to be able to intercept it. I have a couple different encrypted text messaging services. I have the TOR project, Orbot, Progra, Cryptophone, Redphone, TextSecure."
In context, the "cryptographic telephone" is a smartphone running all of this software. "Progra" is a mistranscription; I just listened to the original and he says "the Tor Project's Orbot program".
I would be shocked if Appelbaum is still using a standard cell-phone at this point. There's just too much reason to worry about remote compromise of the device.
I remember the German government paying some companies to develop telephones that communicate fully encrypted (and putting the required infrastructure to use them in place).
I think the outcome was 1000€ phones for use by Government officials, the chancellor, etc., who can choose between Blackberry and Android.
Even if the cryptography were perfect the endpoints could still be listened in on and the latter would still be a huge problem.
Mobile phone encryption only works for the phone-to-tower part. Obviously what Appelbaum is referring to is a phone that does end-to-end encryption (still leaking some info but at least the contents of your conversation should be mostly safe), but people that are not capable of making this distinction will be wary of radio intercepts rather than wholesale line tapping.
It would be a funny thing if you needed a key-signing party before you could start to call people on the phone but it may come to that yet.