Yesterday, there was a great lecture at The Change You Want To See Gallery in Brooklyn, NY about mobile media, dataveillance. The focus was SMS, or Short Message Service, for the uninitiated, also known as texts. You can read more about the lecture here.
Sms’s are much easier to surveil than phone conversations as the messages are ready to be indexed and searched. With voice calls, it takes quite a bit of computing horsepower to decode the analog voice waves into bits that computers can understand and search, and even so, the results are fuzzy at best. As well, a former AT&T employee was present and keyed us onto the fact that all SMS’s are logged and persisted along with their metadata. So who sent a message, who they sent it to, where they sent it from, where it was received, and the content as well is logged and saved, at least with AT&T and still sits today waiting for analyzation by a curious priviledged user.
CryptoSMS is open-source software written to handle the task of encrypting sms messages between two parties. It does not, however, address the problem of obscuring from, where, and to whom a message is sent. This is very promising software given that text messaging is nearly ubiquitous in some developing countries, and its certainly much more prevalent than data connectivity. In fact, in many places, its cheaper to send text messages than to make an actual voice call.
However, there is much development work to be done with this software. The second half of the workshop focused on getting us setup with the software. Some of us had archaic phones and some had smart phones, but I didn’t really hear of one success story getting the software to work. I have an android phone and since the software is written with the J2ME environment, I had to first get a “J2ME runner” installed. The process is supposed to work as follows:
- Install software(optionally install a J2ME runner, if necessary)
- This step will generate a public and a private key
- Add a contact to an address book with name and phone number
- Send that contact your public key
- Your contact who also has CryptoSMS installed, should receive a text message with your public key.
- CryptoSMS should be listening on the standard SMS port(16002 i think) and intercept this from your normal SMS inbox.
- Select “import key from message” which will then assign a public key to that contact
- Now your contact has your public key which will allow them to encrypt messages that only you can decrypt with your matching private key.
Simple right? We had all sorts of problems. On my android phone I actually received a text message with a friend’s public key, but it did not get intercepted by CryptoSMS, and instead went straight to the default messaging application. Most people’s problem was that they were not receiving the public key at all.
Despite these problems, we were assured that significant testing and successes were reported with Nokia phones on the GSM networks in Europe. Its a good start. I definitely recommend other people installing this software and giving it a shot with their phone/network and reporting the results to the kind folks at CryptoSMS.