Careless talk costs profits

The telephone was invented in 1876; phone tapping in the 1890s. Today, phone tapping is widespread. A report issued by the Interception of Communications Commissioner of the UK found that 253,557 applications were made in the last nine months of 2006 by 653 state bodies that are authorised to intercept phone calls, including local councils tapping the phones of persons suspected of illegal acts such as fly-tipping, benefit fraud and rogue trading.

However, the use of phone tapping is no longer the preserve of governments or the military and cheap, easy-to-use equipment is now available to anyone who wants to use it. This can be seen in the growing number of headlines related to phone tapping escapades.

In the most recent scandals, the phones of civilians have been compromised—ranging from journalists by the secret service in the Netherlands, to journalists themselves tapping the phones of 2,000 to 3,000 politicians and celebrities in the UK. In Italy, phone tapping is particularly rife and has led to many having details of their personal conversations splashed across the headlines. It was through the use of phone taps that top football clubs such as Juventus were implicated in a massive game-fixing scandal that had severe consequences for many of the major Italian teams. As a result of that scandal, an Italian communications security technology vendor Caspertech reported sales of its products increased by 100%, with 60% of sales made to individuals, whereas they were previously exclusively to government and military agencies. Another example is the fall of the Peruvian cabinet in January 2009 after politicians were implicated in the rigging of multimillion dollar oil contracts through tapping the phones of lawyers and businessmen.

Reliance today on phones, and in particular on smart mobile phones and VoIP, is high and growing fast. Such phones are now commonly used for a variety of applications, including mobile commerce and banking, making them ever more important for conducting our daily lives. With significant money now changing hands, awareness of security issues is growing fast. These issues include the dangers of malware such as viruses, or of programs that can capture data being input via the phone’s keypad. Many of these security issues are similar to those affecting any compute devices connected to IP-enabled networks.

But there is one security issue that is unique to the telecommunications sector—that of eavesdropping on conversations. During the Second World War, the US and UK governments developed campaigns under slogans such as “Loose lips might sink ships” and “Careless talk costs lives” to encourage citizens to be careful about what they say and to whom.

In today’s world, that second slogan could perhaps be better worded as “Careless talk costs profits”. A recent article by Quocirca outlines the perils of discussing business deals in a crowded railway carriage (Keeping on the right track--even railway carriage walls have ears). But the problem with phones is that eavesdropping can easily be done electronically. Any search of the internet will bring up hundreds of products that can be cheaply and easily used to intercept phone calls.

Any organisation that encourages the use of mobile and portable devices for remote working should put in place policies regarding how such equipment should be used and the safeguards that should be taken to protect them. Such policies should address both the social aspects of communications, such as not using mobile phones to discuss business deals in crowded places, and the security technologies that should be in place to secure communications. Of these, encryption is a key tool that should be considered for all portable devices—and mobile phones are no exception.

Encryption technologies available for mobile devices include those that encrypt the data in files and folders on smart phones. Such products will enable an organisation to shield itself from data loss should the smart phone be lost or stolen. Vendors offering such capabilities include TrustDigital, Credant, McAfee, SafeNet and Sophos.

However, newer encryption products are starting to make headway in the market that actually encrypt the traffic in transit, such as the phone conversation between two devices equipped with the same encryption software to protect the callers from eavesdropping. Some of these products are offered as specialised devices, such as those from Caspertech, although there are also new solutions coming onto the market that install software on standard mobile or landline phones, such as the encryption products available from recent start-up Cellcrypt.

The use of standard mobile phones and smart phones will make this an attractive option for companies wishing to retrofit their existing phones with encryption capabilities for ensuring that sensitive conversations regarding such things as intellectual property, or merger and acquisition arrangements, cannot be eavesdropped. As organisations today grapple with keeping their sensitive digital information safe from loss or theft, the same standards of security should be applied to one of the commonest form of business communication—voice.

By Fran Howarth, principal analyst