Secure Terminal Equipment
The STE is a secure telephone that provides voice and data security via
ISDN and PSTN telephone lines. It was developed in the early 1990s
by the NSA as the successor to the successful
STU-III crypto phone.
The units were built under contract from 1994 onwards,
exclusively by L3 Communications in Camden (New Jersey).
STE units were still available from L3 in 2011 .
The image on the right shows a typical STE Tactical unit as
it was built by L3 in 2008. The unit is dark-grey and is slightly higher
than the Motorola STU-III.
In 2006, the price of an STE was between US$ 3000 and US$ 4000,
excluding the Crypto Card, depending on the model .
At the front of the unit is a PCMCIA-slot that allows a
Fortezza Crypto Card
(KOV-14) or a KSV-21 Enhanced Crypto Card to be inserted. Only when such an
NSA-configured crypto card is present, can secure calls be placed to other
STE phones (and STU-III phones).
Unlike the STU-III, the STE is neither classified nor
a restricted item, as the cryptographic algorithms are held inside
the Fortezza crypto card.
Without this card, the STE can be used to place standard (unsecure)
calls on a PSTN or ISDN network, just like an ordinary phone .
Although the STE is backwards compatible with the STU-III, it offers a number
- Can be used over ISDN lines (as well as over PSTN).
- Better speech quality (in full digital mode).
- Backwards compatibility with STU-III.
- Higer data rates (38.4 Kb/s asynchronous, 128 kB/s synchronous).
- No delay when going secure.
On 31 December 2009, STU-III was officially phased out. After that date
the STU-III, and hence the STU-III compatible mode of the STE, was no longer
to be used . In the meantime, all STE unit had been upgraded to version 2,
which made it compatible with
Secure Communications Interoperability Protocol (SCIP).
This was done by swapping two PCBs inside the terminal .
Basically, the STE can be viewed a s standard telephone. By default it has no
encryption and is therefore neither classified nor restricted. At the front
of the phone, a PCMCIA slot is available, that accepts a so-called
Fortezza Crypto Card.
That card provides the cryptographic functionality.
The card contains the necessary crypto-building blocks, plus a programmable
processor that allows the blocks to be combined into algoritms.
The image on the right shows a typical
Fortezza-II Crypto Card, built by
Spyrus (USA). It contains a number of NSA-developed and approved
Type-1 algoritms. Each card is programmed for a specific security level,
matching the clearance of the customer, and comes with a PIN code.
The STE comes in a number of variants, each of which is tailored to a
specific application or customer. The following models are known:
This is the most widely used version of the STE within the US Government.
It offers voice and data protection via ISDN (Integrated Services Digital
Network) and PSTN (Public Switched Telephone Network). It is available in
two configrations: ISDN only, and ISDN plus PSTN.
The Tactical version is similar to the Office-version, but can also
be used to access the TRI-TAC network
(Tri-Service Tactical Network).
In addition, it has a secure serial EIA-530A/EIA-232 BDI port
(BDI: Black Data Interface). It is shown on this page.
This unit is suitable for voice, data, fax and video-conferencing.
It has two EIA-530A/EIA-232 BDI ports and can be used for data connections
to multiple destinations. This unit comes as a 'black box' without any
controls or a handset.
This model is similar to the Tactical-version. It contains modified
software for use with its Tactical Terminal Locking Handset mechanism.
This model is similar to the Data-version. In addition to the
features offered by the STE-Data, it provides dial-in access to the
DRSN (Defense Red Switch Nework). The letter R stands for Remote.
Voice Over Internet Protocol (VoIP) is a new emerging standard, which has
become available to the STE in the form of an upgrade to the existing models.
It requires a PCMCIA 10/100 Mb/s ethernet card to be inserted into the
BLK EXP slot at the rear.
VoIP comes standard with some of the later models.
The STE can be used on different communication networks. It was designed for
the fully digital ISDN network, but could still be used on legacy PSTN networks.
In addition, the Tactical STE was suitable for TRI-TAC and MILSTAR networks
as well. The difference between the Office-version and the
Tactical-version is just the bottom part: the so-called wedge.
Tactical STE units can be used on the following networks:
- ISDN (Digital), BRI, 2B+D, RJ45 connector
- PSTN (Analogue, 2-wire), RJ12 connector
- TRI-TAC / MSE, 4-Wire Modem, 16/32 kbps CVSD
- BDI service (black data interface) RS-530A (MILSTAR) or RS-232, DB25 connector
The best performance is obtained when the STE is used on an ISDN network.
As all data is already in the digital domain, there is no need to initiate
a call in clear as with the STU-III. Furthermore, when used on ISDN,
the STE doesn't have the dreaded 10-15 second delay when 'going secure'.
Protocols and keys are negotiated even before a call is answered.
In secure voice mode on an ISDN network, speech is compressed at 32 Kb/s
using ADPCM, producing excellent quality speech with good intelligibility.
In this mode, the STE uses the (Enhanced) Firefly encryption algorithm
developed by the BSA .
When used on a PSTN network (i.e. when in STU-III compatible mode),
speech is compressed at 4800 baud using the CELP algorithm.
For data transmission, various speeds are possible both in synchronous and
asynchronous modes. The maximum speed of 128 Kb/s is obtained in
synchronous mode, when both ISDN B-channels are used.
For connection TRI-TAC,
the 4 wire-terminals at the rear are used.
STE units can be enhanced in several ways. First of all, all users have been
upgraded from 2001 onwards to version 2.0 which is
This was done by swapping two internal PCBs.
SCIP was developed by the US Department of Defense
Digital Voice Processor Consortium,
in cooperation with the NSA, and
is a platform independant interoperability protocol.
In addition, STE units can easily be adapted to new
emerging standards by adding hardware expansion units.
For such additional hardware, two expansion slots are available at the rear.
One is marked BLK EXP (Black Expansion). It allows hardware to be added to
the unsecure (black) side. The other expansion slot is marked RED EXP.
It can be used to add hardware to the red side (the side that needs to be
An example of a hardware expansion is the ethernet card that was introduced
in 2006 to add VoIP capability to the STE. The card was inserted into the
BLK EXP slot and allowed connection to a standard (insecure) network.
Both expansion bays are industry standard PCMCIA slots, allowing upgrades
to be carried out by the end-user. The use of VoIP over STE was approved
by the NSA in July 2006 .
In order to guarantee a smooth transition from the older
STU-III secure phones, the STE was made backwards
compatible with it. Whenever the STE senses a STU-III terminal at the other end,
or when it is used over an analogue telephone line (PSTN), it uses a
STU-III compatible encryption algorithm for voice transmission.
The image on the right shows the STU-III, which is the predecessor of the STE.
STU-III units were manufactured by Motorola, AT&T and RCD (later: L-3
Communications). The one shown here was made by Motorola.
Please note that for all encrypted traffic, the
Fortezza Crypto Card has to be present inside the
slot at the front of the STE terminal.
When used on a PSTN network, the analogue line is connected to the RJ12
connector (J2) at the rear of the STE (covered here with a placard).
STU-III units were last allowed for secure communication on 31 December 2009.
After that date, the STU-III compatible mode of the STE was not to be used
At the same time, the new SCIP compatible
mode was introduced .
This photograph shows President Obama on Sunday 9 May 2010, just before
the Hampton University commencement. On the table are
two L-3 STE phones,
one of which is used by Obama to discuss the economic situation in Europe
with German Chancellor Angela Merkel. At the same time
he holds a GSM phone in his right hand, which can be seen as
a security breach .
Official White House Photo by Pete Souza . 9 May 2010.
Oakley Lindsay Center
This photograph shows President Obama using one of two L3 STE phones
in a holding room at Oakley Lindsay Center in Quincy, Illinois,
on 28 April 2010. To his right is Deputy Chief of Staff Mona Sutphen.
Both phones are equipped with a Fortezza Crypto Card.
Click for an enlargement.
Official White House Photo by Pete Souza . 28 April 2010.
This photographs shows President Obama in a backstage room at Intel
Corporation in Hillsboro (Oregon) on 18 February 2011, discussing the
developments in the Middle East with National Security Advisor Tom Donilon.
The L-3 STE phone is on a small table at the left.
Official White House Photo by Pete Souza . 18 February 2011.
Conference call in Brazil
This photograph shows Presedent Obama, standing to the right of
National Security Advisor Tom Donilon, both taking part in a conference
call in which Obama authorizes action against Libya, as part of
an international effort to protect Libyan civilians. The STE is operated
here by Donilon, whilst Obama holds a Sectéra GSM Phone .
Click for a close-up of the STE phone
and note the label POTUS2 at the back of the phone.
POTUS is short for President Of The United States.
Obama is thought to be violating security rules here, as he is operating
a mobile phone too close to an STE unit .
Operating a GSM phone in close proximity of an STE unit (< 5 metres)
causes the strong RF signals from the GSM to mix with internal
signals inside the STE, producing a third (mixed) RF signal. This mixed
signal can be intercepted and exploited by an eavesdropper.
Official White House Photo by Pete Souza . 19 March 2012.
Chilmark, Massachusetts (USA)
This photograph shows President Obama, together with his Assistent for
Homeland Security John Brennan, conducting a conference call with his
National Security Staff to discuss the situation in Lybia on 22 August 2011.
The photo was taken through a mirror, and has been digitally corrected
by Cryptome .
Note the use of Duct Tape
to attach the many cables to the table (at the right).
Official White House Photo by Pete Souza . 22 August 2011.
White House Situation Room
This image shows President Obama amidst his National Security Team
in the Situation Room of the White House, discussing the mission against
Osama Bin Laden on Sunday 1 May 2012.
On the table are a couple of telehone sets, including an L3 STE-unit.
Click for a larger view.
Official White House Photo by Pete Souza . 1 May 2012.
Although the STE is still in use today (2011), brand new STE units were
showing up on flea markets in 2011, making them collector's items.
All information presented on this page is available in the public
domain, from the manufacturer,
the NSA and from a variety of other
sources (see the references section below).
- L-3 Communications - Communication Systems-East, Secure Terminal Equipment
Description of the NSA-certified STE offered by L3.
- L-3 Communications, STE Direct Sale Price List
15-10-2006. Retrieved via WayBack Machine.
- Federation of American Scientists, STU-III and STE
Secure Telephone Unit Third Generation (STU-III) / Secure Terminal
Equipment (STE). September 2010.
- L-3 Communications, STU-III Replacement
Retrieved January 2012.
- L-3 Communications, STE SCIP Upgrade Information
Retrieved January 2012.
- L-3 Communications, VoIP STE Product Overview
VoIP STE cleared by DoD/OSR for Public Release.
OSR Case Number 08-S-1752, 6 August 2008.
- L-3 Communications, STE Users Manual
Release 2.6 Rev. A, January 2008
- Cryptome, Obama Phones
Retrieved October 2012.
- Peter Koop, Top Level Communications
Website. Retrieved October 2012.
- James M. Atkinson, Obama Called a Moron at Phone Security
Cryptome website. 7 January 2012. Retrieved October 2012.
- Wikipedia, Barack Obama
Retrieved February 2013.
Any links shown in red are currently unavailable.
If you like this website, why not make a donation?|
© Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Saturday, 23 February 2013 - 13:10 CET