just a quick disclaimer: I'm the co-founder of Cellcrypt.

Having said that you're 100% right on the soundproof room. I have spoken with customers that they have the same setup for their board meetings or emergency rooms. Pretty much they are protected to everything that requires proximity (lip reading, laser microphones etc) or physical access (bugging)

What we do address is that you are constrained to that room and that is not always an option. Suppose your board meets once every month to discuss sensitive issues – how are your board members going to communicate the other 29 days? What if it's not a billion dollar deal but just millions. What if it's an emergency and you do not havethe luxury of time? The marginal cost (time and money) of the clean room or even having all team members flying in might be a factor in your decision to switch to encrypted calls.

Imagine a scenario where you have people deployed in a developing country handling reconstruction projects. Maybe in a deserted area where it's pretty hard to have a secure room. Would you trust the network? You bet I would not.

More to that point we have seen board members of large companies equipped with military handsets specifically for the reasons I just mentioned. And their usability is atrocious.

On your second issue re handsets security you are also spot on. We need to be able to trust the device not just have secure communications. Only manufacturers can address this issue and they currently do it by locking down the devices and signing software but it's not a silver bullet.
I still prefer Cellcrypt to military handsets with 10 year old firmware (which is anyway a civilian solution stripped down of certain functionalities).

My 0.02

just a quick disclaimer: I'm the co-founder of Cellcrypt.

Having said that you're 100% right on the soundproof room. I have spoken with customers that they have the same setup for their board meetings or emergency rooms. Pretty much they are protected to everything that requires proximity (lip reading, laser microphones etc) or physical access (bugging)

What we do address is that you are constrained to that room and that is not always an option. Suppose your board meets once every month to discuss sensitive issues – how are your board members going to communicate the other 29 days? What if it's not a billion dollar deal but just millions. What if it's an emergency and you do not havethe luxury of time? The marginal cost (time and money) of the clean room or even having all team members flying in might be a factor in your decision to switch to encrypted calls.

Imagine a scenario where you have people deployed in a developing country handling reconstruction projects. Maybe in a deserted area where it's pretty hard to have a secure room. Would you trust the network? You bet I would not.

More to that point we have seen board members of large companies equipped with military handsets specifically for the reasons I just mentioned. And their usability is atrocious.

On your second issue re handsets security you are also spot on. We need to be able to trust the device not just have secure communications. Only manufacturers can address this issue and they currently do it by locking down the devices and signing software but it's not a silver bullet.
I still prefer Cellcrypt to military handsets with 10 year old firmware (which is anyway a civilian solution stripped down of certain functionalities).

My 0.02

Super secure phone line/voice mail/whatever will always be defeated by stupid or naive behaviour.

As Mike42 says, if you're in a multi-bn deal environment, you'd better have your own spooks looking after you. This kind of solution, neat and cool though it is, just can't be good enough.

a) over milspec cypher kit
b) be made in a soundproof, clean (i.e. bug-swept) room
c) be made out of line of sight of ANYONE or ANYTHING that could record your face and pass it to a lipreader.
d) The recipient likewise must not be compromised by their environment.

So – any call made outdoors, or in an office with glass windows, or in a car you don't own / have had debugged, or within earshot of anyone you don't 100% trust, is not secure.

Plopping an app onto a handset that can also run loads of other apps is not the way. Who's to say while you were at the pool last week that someone didn't crack your locker (£5 combination lock from Halfords) and install a simple audio recording app that then sent the WAV files to a server somewhere? You'd never know – unless you didn't have a data plan (unlikely on an iPhone or BB) and anyway, it could make ghost calls/MMS you weren't aware of.

If execs believe they are safe because they use CellCrypt, they need re-educating by their own 'Dark Ops' guys.

Bottom line: if you think you NEED this solution, then by definition of what it's installed on and how it gets used it isn't good enough.

/m