Even if the cryptography were perfect the endpoints could still be listened in on and the latter would still be a huge problem.
Mobile phone encryption only works for the phone-to-tower part. Obviously what Appelbaum is referring to is a phone that does end-to-end encryption (still leaking some info but at least the contents of your conversation should be mostly safe), but people that are not capable of making this distinction will be wary of radio intercepts rather than wholesale line tapping.
It would be a funny thing if you needed a key-signing party before you could start to call people on the phone but it may come to that yet.
Social networks are the ideal medium to exchange keys and form and maintain a web-of-trust.
This does not fix traffic analysis, but it would blind Sauron's eye enough to make the current surveillance infrastructure so unreliable as to be useless.
What's needed is for one or two national governments to come to the conclusion that their own surveillance is so far behind the NSA that the only way to win is not to play the game and actually secure their nation's communications and sell this the way tax havens sold financial privacy.
I can see some real problems with that method.
Voice conversations are actually much easier to secure than other types of traffic. If the two parties know each others voices, then the security of the connection can be authenticated by each party reading back the shared secret, to each other after the call has been established. This is how ZRTP works and Moxie Marlinspikes "Red Phone".
It seems to me something like Bump would be the perfect avenue for this. Want to call someone securely? Bump phones, transfer public keys over Bluetooth, and compare each other's screens to make sure the keys match. Done.
Anyone know what he is referring to? I'd like one of those.
https://play.google.com/store/apps/details?id=org.thoughtcri...
"I have in my pocket a cryptographic telephone [...] This phone, short of breaking into it when I make a phone call, no one here, short of a mathematical breakthrough, is going to be able to intercept it. I have a couple different encrypted text messaging services. I have the TOR project, Orbot, Progra, Cryptophone, Redphone, TextSecure."
In context, the "cryptographic telephone" is a smartphone running all of this software. "Progra" is a mistranscription; I just listened to the original and he says "the Tor Project's Orbot program".
I think the outcome was 1000€ phones for use by Government officials, the chancellor, etc., who can choose between Blackberry and Android.
nb: Thales is also known for supplying tools the other end too...
It doesn't need to be said anymore, but it still needs to be said.
