November 5, 2014

The phones of the Dutch Prime Minister

(Updated: January 1, 2017)

With last year's news of NSA eavesdropping on the mobile phone of German chancellor Angela Merkel in mind, Dutch online media assumed it was big news that the Dutch prime minister Mark Rutte has a phone that cannot be intercepted.

As was the case with chancellor Merkel, most people do not seem aware of the fact that political leaders usually have two kind of phones: an ordinary one that is easy to intercept and a secure one, that is very difficult to tap.

That prime minister Rutte has a secure phone was said by the director for Cyber Security in a radio-interview last week. Afterwards this was seen a slip of the tongue, because the government has the policy to never say anything about the security methods they use.

But from pictures and other sources we can still get a fairly good idea of which phones, both secure and non-secure, are used by the Dutch prime minister. As we will show here, he currently has three landline and two mobile phones at his disposal, only one being a highly secure one.



Dutch prime minister Mark Rutte working at his desk, May 29, 2012
At his right hand are three desktop phones and in front of him an iPhone 4
(photo: Prime Minister @ Flickr - Click for the full picture)


Since 1982, the office of the Dutch prime minister is on the second floor of a small tower that is part of the parliament buildings and which dates back to the 14th century. In Dutch this office is called Het Torentje.

From the left to the right we see the following telephones on the desk of the prime minister:
1. Ericsson DBC212 (black)
2. Sectra Tiger XS Office (silver)
3. Unidentified office phone (gray)

First we will discuss the two phones without encryption capability and then the secure phone:


1. The Ericsson DBC212

This is a common office telephone which has been part of the internal private branch exchange (PBX) network of the Department of General Affairs for over a decade. Other pictures from rooms in the same building also show the same and similar models of this telephone series, which was made by Ericsson, a Swedish company that manufactured many home and office phones used in The Netherlands. The prime minister can use this phone for every phone call he wants to make that doesn't require encryption.

Update:
In December 2016, it appeared that the Department of General Affairs had installed new telephone equipment: high-end IP phones with full-color touch screen from the Canadian manufacturer Mitel (probably the MiVoice 5360 IP Phone). Such a device also replaced the at least 10-year old Ericsson DBC212 on the prime minister's desk.


3. The gray office phone

The make and type of this phone couldn't be identified yet, but it seems to be a common office telephone too. However, this phone is most likely connected to the Emergency Communications Provision (Dutch: NoodCommunicatieVoorziening or NCV).

This is an IP-based network which is completely separated from the public telephone network. Communications over this network are not encrypted, but the switches are in secure locations and connect redundantly.

The purpose of the NCV-network is to enable communications between government agencies and emergency services when during a disaster or a crisis situation (parts of) the regular communication networks collapse. This network replaced the former National Emergency Network (Nationaal Noodnet) as of January 1, 2012 (see below).



Close-up of the phones on the desk of the prime minister in 2013
(picture: Google Street View - Click for the full picture)
 

2. The Sectra Tiger XS Office

The silver-colored telephone which sits in between the two other ones is a Tiger XS Office (XO). This device is capable of highly secured phone calls and can therefore be used by the prime minister for conversations about things that are classified up to the level of Secret.

The Tiger XS Office is manufactured since 2005 by the communications division of the Swedish company Sectra AB, which was founded in 1978 by some cryptology researchers from Linköping University. Sectra, which is an acronym of Secure Transmission, also has a division in the Netherlands: Sectra Communications BV.

Tiger is the brand name for their high-end secure voice products, but with everyone assuming that this refers to the exotic animal, it's also Swedish for "keep silent" (see for example: En Svensk Tiger).


Tiger XS

Although the Tiger XS Office looks like a futuristic desktop phone, it actually consists of a small encryption device which is docked into a desktop cradle with a keypad and handset. The encryption device, the Tiger XS, was originally developed for securing mobile phone communications and has special protections against tampering and so-called TEMPEST attacks.



The Sectra Tiger XS docked into the office unit
(Photo: Sectra - Click to enlarge)


The desktop unit has no encryption capabilities, but with the Tiger XS inserted, it can encrypt landline phone calls and fax transmissions, so it turns into a secure desktop telephone. The Tiger XS enables secure communications on GSM, UMTS, ISDN and the Iridium, Inmarsat and Thuraya satellite networks. When inserted into the office unit, it also works on the standard Public Switched Telephone Network (PSTN).


Workings

On its own, the Tiger XS device can be used to secure certain types of cell phones. For this, the Tiger XS is connected in between a headset (consisting of an earpiece and a microphone) and a mobile phone, to which it connects via Bluetooth. A secure connection is set up by putting a personal SIM-sized access card into the Tiger XS, entering a PIN code and selecting the person to connect to from the phonebook.

What is said into the microphone of the headset is encrypted by the Tiger XS and then this encrypted voice data go to an ordinary mobile phone through the Bluetooth connection. The phone then sends it over the cell phone network to the receiving end, where another Tiger XS decrypts the data and makes it audible again.



The Tiger XS with personal
access card and headset

Mobility

At first sight it seems to be a very flexible solution: connecting a separate encryption device to common cell phones. But in reality the Tiger XS can only connect to older mobile phones which suppport the original Circuit Switched Data (CSD) channel and a Bluetooth version that is fully tested and compatible with the way the Tiger XS has to use it. Because of this, the Tiger XS is rarely used for mobile phones anymore, but mostly in combination with the desktop unit.

To restore the intended mobility, Sectra introduced the Tiger 7401 as a replacement for the Tiger XS. The Tiger 7401 is a custom made mobile telephone with TEMPEST verified design that is capable of encrypting phone calls by itself. In 2014, this new device was ordered to replace the Tiger XS for high-level officials of the Dutch Ministery of Defense.


Encryption

The encryption algorithms used by the Sectra Tiger XS are secret, so we don't know whether public standard algorithms like AES and ECDH are used, or ones that are especially designed for the Dutch government, or a combination thereof. The algorithms and the encryption keys are created by the National Communications Security Bureau (Dutch: Nationaal Bureau voor Verbindingsbeveiliging or NBV), which is part of the General Intelligence and Security Service AIVD.

This bureau has approved the Tiger XS for communications up to and including the level Secret (in Dutch marked as Stg. Geheim) in 2007. In the Netherlands, there's no phone that is approved for communications at the level Top Secret (Stg. Zeer Geheim), so these matters cannot be discussed over phones that use public networks. This is different from the US, where there are secure telephones approved for Top Secret and even above.

Encrypted communications are only possible if both parties have the same key: the sender to encrypt the message and the receiver to decrypt it. This means that all people to which the prime minister needs a secure line, also have to have a Tiger XS. That's why we can see this device also on the desk of for example the Dutch foreign minister:



The desk of the Dutch foreign minister in 2013. Between the computer
and a Cisco 7965 IP phone we see the Sectra Tiger XS Office.
(photo: Ministerie van Buitenlandse Zaken - Click for the full picture)


Management

Besides encrypting phone calls and text messages, the Tiger XS also provides user authentication, so one can be sure to talk to the right person. For the actual implementation of these features there are centrally managed user groups.

This remote management, which includes supplying up-to-date phonebooks and encryption keys for the Tiger XS devices is provided by Fox-IT, a Dutch cybersecurity company founded in 1999. Since Dutch state secrets are involved, it is considered essential that this remote management is in the hands of a trusted Dutch partner.

Update:
In November 2015, Fox-IT was taken over by the British cybersecurity company NCC, and although the Dutch regulations regarding state secrets still fully apply, it was announced in April 2016 that an independent commission would investigate whether the take-over could affect the Dutch national security.

The partnership between Fox-IT for the management and Sectra as the supplier of the hardware was established in 2007 by the VECOM (Veilige Communicatie or Secure Communications) contract. Under this contract all Dutch cabinet members and high-level officials of their departments are provided with secure phones.


Usage

The Tiger XS has also been installed at all government departments in order to provide secure fax transmissions, for example to distribute the necessary documents for the weekly Council of Ministers meeting. Dutch embassies and military units deployed overseas probably also use the Tiger XS for securing satellite communications. For this, Sectra also made a manpack communications set which uses the Tiger XS.

The fact that the Tiger XS uses highly sensitive technology and secret encryption methods, also means that it is not possible to use this device to make secure phone calls to for example foreign heads of state. That's the reason why, as we can see in the picture below, prime minister Rutte used his standard non-secure phone when he was called by US president Obama in 2010:



Prime minister Mark Rutte talks with president Obama
In front of him is probably his Blackberry
(photo: RVD, November 2, 2010)



The mobile phones of prime minister Rutte

Besides the three landline telephones, current prime minister Mark Rutte also uses an iPhone 4 and a Blackberry. He is seen with these devices on several photos and Rutte also confirmed that he uses a Blackberry when he publicly admitted that it accidently fell into a toilet in January 2011.

The iPhone is probably his private phone, because the Blackberry is the device used by Rutte's own Department of General Affairs, as well as by other departments, including those of Foreign Affairs and Social Affairs. Blackberrys are preferred by many companies and governments because they provide standard end-to-end encryption for chat and e-mail messages through the Blackberry Enterprise Server (BES).



Prime minister Rutte showing his iPhone during
a school visit in Heerhugowaard, September 3, 2014


Blackberrys do not encrypt voice, but the Dutch computer security company Compumatica has developed a solution called CompuMobile, which consists of a MicroSD card that can be inserted into a Blackberry and then encrypts phone calls and text messages by using the AES 256 and ECDH algorithms. CompuMobile has been approved for communications at the lowest Dutch classification level (Departementaal Vertrouwelijk) in 2012, but whether government departments actually use it, is not known.

Without this security measure, phone calls from both the iPhone and the Blackberry of prime minister Rutte can rather easily be intercepted by foreign intelligence agencies, just like NSA apparently did with the non-secure cell phone of his German counterpart.




The prime minister's phones in 2006

The telephones that are currently installed in the office of prime minister Mark Rutte can be compared with those from his predecessor, prime minister Jan Peter Balkenende. From his office we have this picture, which gives a great view on the communication devices on his desk:



Former prime minister Jan Peter Balkenende (left) being interviewed
by Willem Breedveld (right) in his Torentje office, May 2006.
(photo: Werry Crone/Trouw - Click for the full picture)


In this picture we see from the left to the right the following three phones, all of them provided by KPN, the former state owned landline operator of the Netherlands:
1. Ericsson DBC212 (black)
2. Siemens Vox 415 (gray)
3. Ericsson Vox 120 (white)



1. The Ericsson DBC212

This is the same telephone which is still in use today, as we could see in the pictures above. It's a common office telephone made by the Swedish company Ericsson and which is part of the internal private branch exchange (PBX) network of the Department of General Affairs.


2. The Siemens Vox 415

The dark gray Vox 415 was an ordinary telephone from a series that was manufactured by Siemens for both home and office use. For private customers this model was sold by KPN under the name Bari 10.

This phone has no security features whatsoever, but as it is in the same place where later the Sectra Tiger XS Office sits, it seems very likely the Vox 415 was also used for secure communications.

For that, it was probably connected to a separate encryption device, maybe one that was compatible with the PNVX, the secure phone which was manufactured by Philips and used by the Dutch government since the late 1980s.


3. The Ericsson Vox 120

The Vox 120 was the business version of a telephone developed by Ericsson around 1986 and that was sold for home use under the name Twintoon. Attached to the back is a separate speaker unit so a third person can listen in to a conversation.

In the bottom left corner the phone has a black label with its extension number for the National Emergency Network (Dutch: Nationaal Noodnet or NN). This was a separate network which enabled government agencies to communicate with emergency services when the public telephone network collapsed.

The National Emergency Network was established in 1991 and was operated by KPN. It had some 5500 connections for 2500 end users, like the departments of the national government, city halls, hospitals, and local police and firefighter headquarters. As of January 2012, it was replaced by the IP-based Emergency Communications Provision NCV (see above).



Links and sources
- Background article in Dutch: De wereld van staatsgeheim geheim (2007)
- Academic paper about Secure Text Communication for the Tiger XS (pdf) (2006)
- The first version: Tiger XS Mobile security terminal (2005)

1 comment:

Skyler said...

wow that Vox 120 is really cool.