Spies don't like us: Phone encryption enjoys the spotlightAugust 5, 2011: 9:39 AM ET
Between the insider trading bust and the British tabloid scandal, there's never been a better time to be in phone security.
By Rob Curran, contributor
Wire taps are at the center of the Justice Department's latest crackdown on financial crimes -- it was evidence collected from them that helped U.S. attorney Preet Bharara win a rare insider trader victory over hedge fund manager Raj Rajaratnam. On encrypted phone lines, the speech of both parties is scrambled to prevent eavesdropping -- by the Feds or anyone else.
Like our own landlines, encrypted phones used to be a low-tech affair -- special agents for the State Department in the 1980s and 1990s would carry their phones in a briefcase and plug them into a wall to make a call. These days, neither special handsets nor repurposed Max Smart-style shoes are required, says Saul Backal, chief executive of Meganet, which makes encryption software for almost any kind of cell phone. Typically the phones on both ends of the conversation must be enabled to encrypt and decipher the speech, although some software enables phone calls to be encoded one way and then decoded when they reach the recipient's network.
Backal says his company's revenue from customers in the financial sector grew from almost nothing to $20 million in the last two years. During that time frame, one financial client alone activated 19,000 encrypted cell phones with Meganet software. Backal says the growth in the company's commercial business, led by the financial industry and the oil-and-gas sector, is helping Meganet prepare for an IPO. Neither Backal nor the other security professionals interviewed for this story would name their clients.
Internet-and-voice security software maker Fortinet (FTNT) is seeing similar demand for encrypted phones from corporate clients. The Sunnyvale, Calif.-based company is developing its first product that would "interact" with encryption software, says vice president of product development Patrick Bedwell. Fortinet's software is designed to protect phones -- and data -- at network "gateways" rather than on individual lines. But clients are encountering voice encryption so much, Fortinet wants to allow IT security personnel to intercept calls at these gateways and decrypt them.
Demand for such capabilities is particularly strong in the financial sector. "In financial services, they are trying to improve the level of protection for voice content," says Bedwell. "The financial sector is extremely important to us -- they are often the early adopters of more advanced security techniques. Partly because they're the target of often more advanced security attacks, they're the sharp end of the stick."
Fortinet and Meganet are smaller players in the phone-security industry that includes closely held Tripleton and General Dynamics (GD).
In many ways, says Fred Burton, a counterterrorism authority at the intelligence consulting firm Stratfor, phone security is just an extension of Internet security. Most corporations use voice-over Internet protocol, meaning their phone lines go through the same "pipe" as their Internet connection. While the corporation worries about its Internet data security, computer hackers – or tabloid newspaper reporters, as in the case of News of the World – could be busy eavesdropping on phone calls.
And then there's the threat of corporate espionage. "Let's say you have a CEO that's traveling to places where there are high rates of industrial-espionage type activities, such as China, Russia, India or Israel, and they want ability to communicate back with HQ," says Burton. All the more reason to encrypt.
For most financial institutions, of course, another major worry is the prying ears of law enforcement. As phone-encryption and satellite-telephone technology develops, says Burton, investigators are finding it tougher to make cases using phone surveillance and phone records.
Telephone-security consciousness among some parties on Wall Street became clear during the trial of ex-Galleon Group trader Zvi Goffer for insider trading earlier this summer, which resulted in a conviction. In one particularly damning piece of evidence, the court heard a tape from the FBI that featured one of Goffer's accomplices, Jason Goldfarb, calling him with a panicky request for new prepaid cellphones. Goldfarb feared that a third party had compromised the supposed anonymity of his prepaid phone by calling him on it. Alas, Goldfarb was a little late with his security consciousness -- Goffer's line had already been tapped by law enforcement.
It's not just hedge funds that are protecting their lines. At least two major credit card companies and four of the top ten U.S. banks have bought phone-encryption software, a security firm representative told Fortune.
"We have seen in large [financial] corporations [where] all upper management members were required to carry encrypted cell phones," says Meganet's Backal. With some clients, anyone involved in any "financial aspect" of the firm's business, including trading, uses encrypted cell phones, he says.
One hedge-fund manager told Fortune that a colleague inside one of the largest firms subpoenaed during the sweeping insider-trading investigation had told him long ago that the phones at that firm were "secure." Notably, that firm has yet to be charged.