A German firm, GSMK, has produced the CryptoPhone
, which is a mobile GSM cellular phone featuring strong encryption.
The firm claims to be the only producer of an encrypted mobile telephone whereby the source code is openly published so that people can verify there are no 'back doors' into the code. Publication of source code does not compromise security.
This policy has been also adopted by other reputable secure communications companies, such as CryptoHeaven in Canada, which provides a similar service, at very low cost, to e-mail and instant messaging users on the Internet.
The mobile telephone will be rather expensive (about $1,800) at first, and and can be shipped in a security sealed box direct from the manufacturer. This is to ensure the telephones are not tampered with.
Although normal GSM phones feature encryption between the hand set and the base stations, the telephone call routed over the rest of the network, especially on land lines, is not encrypted. The GSMK CryptoPhone provides end-to-end encryption.
Again this is the same principle used by the Internet and Secure E-mail Communications product CryptoHeaven in that encryption is end to end, if both recipient and sender are CryptoHeaven users.
The same applies to CryptoPhone in that to ensure security, both parties must be using CryptoPhone.
According to GSMK, the Cryptophone is engineered in such a way that the encryption key is only stored in the phone for the duration of the call and securely erased immediately afterwards.
GSMK says that the Cryptophone is in compliance with German and EU export law. This means the device can be sold freely within the EU and a number of other states such as the US, Japan and Australia. It cannot be sold to customers within Afghanistan, Syria, Iraq, Iran, Libya and North Korea. A number of other states are subject to tight export controls and a special licence will have to be obtained.
CryptoHeaven being based in Canada has to comply with Canadian laws, but the users who download the software around the world, must comply with their own national laws, which in many countries do not allow the use of encryption.