Secure Telephone Unit, 3rd generation
The STU-III is the last of a series of digital
Secure Telephone Units (STU),
developed by the National Security Agency
(NSA) in the United States, allowing secure
voice communication over non-secure analogue telephone networks.
The STU-III was introduced in 1987 as the successor
to the STU-II.
The units were built by various manufacturers, such as
RCA and AT&T.
There are different versions, for desktop use and wall mounting,
with a built-in modem for fax and data transmission.
STU-III is also known as Low Cost Terminal (LCT),
and as STU-III/LCT.
The STU-III was succeeded in the 1990s by the
Secure Terminal Equipment (STE).
The image on the right shows a typical STU-III unit. The one shown here is the
top-of-range SECTEL 2500 from Motorola.
It has a black case, made of metal and plastic, but it was also available
in beige. It is capable of sending voice and data at 2400, 4800 and 9600 baud.
A similar Motorola SECTEL unit
was used in 2001 by former US president George W. Bush to liaise with
his security advisors just after the 9-11 attacks on the World Trade Center
in New York, whilst visiting Emma E. Booker Elementary School
in Sarasota (Florida, USA) (see below).
STU-III uses NSA Type 1
or Type 2 encryption,
allowing conversations at all levels of security classification,
up to Top Secret.
In order to be interoperable,
all Type 1 STU-III phones had to support the same vocoders
(LPC-10E and CELP).
Special lower grade variants, with
and Type 4 encryption,
were produced for other customers, but were no commercial success.
Several hundreds of thousands STU-III phones were produced.
They were used in the US and in some of the allied countries until
when they were gradually phased out and replaced by
Secure Terminal Equipment (STE).
For this, early versions of the STE had an STU-III compatible mode.
The last day the STU-III was used, is 31 December 2009, after which
the unit was no longer allowed for Type-1 communication.
STU-III has now fully been replaced by STE
and other products that support the new
Secure Communications Interoperability Protocol (SCIP).
STU-III manufacturers on this website
The STU-III standard was developed in 1987 by the NSA and
three manufacturers were allowed to produce secure telephones based
on this standard: Motorola, RCA and AT&T. In 1996, AT&T was renamed to
Lucent, which was taken over a year later by
General Dynamics. For this
reason, STU-III phones with their names are sometimes found.
The following manufacturers are known:
When RCA was commissioned to produce STU-III phones, they were in the
process of being taken over by
General Electric (1986). The business unit
responsible for the STU-III was taken over in 1993 by Lockheed Martin,
who finally spun it off as L3 Communications East in 1997. The latter (L3)
is also responsible for the successor to the STU-III:
AT&T also sold STU-III terminals via their partner Datotek.
Motorola is the only company
who never changed names.
Within the STU family, the STU-III introduced the concept of the
Crypto Ignition Key (CIK), which is used for protection of the cryptographic
keys stored inside the phone. This concept is
similar to that of
compatible Spendex 40
that was introduced by Philips in the early 1980s.
With the STU-III, the CIK takes the form of a physical plastic key that is
inserted into a slot at the right hand side of the phone and rotated 90°
The image on the right shows the KSD-64 that was
used with the STU-III family.
The key, manufactured by Datakey Electronics in the US, contains 64Kb
of storage space, and can be used for a variety of purposes, including
CIK functionality and key transport. In practice, the color of the label
should give a hint to the key's functionality. A white label indicated
that the key was used as CIK (see the image at the top).
When used as CIK, the key contains a random number (generated internally
by the phone when the keys are loaded) that is used for encryption of
the actual cryptographic keys stored inside the phone. This way, a phone
without the CIK, or a lost CIK alone, have no meaning whatsoever and will
not reveal any information about the cryptographic keys. Only when the
CIK is entered into the phone it is paired to, can the original keys
be recovered and can the phone be operated.
The KSD-64 is no longer in production and is not available from the
manufacturer anymore. Other versions of the key, produced by the same
manufacturer, are used with a variety of other crypto devices, such as
the US replacement for the KG-84,
known as the KIV-7.
More about the CIK
Although STU-III phones are intended for connection to analogue
telephone networks (PSTN), all voice data is processed and transmitted
digitally. Before the human speech can be encrypted, it first has to
be digitized by means of a so-called vocoder. Over the years,
a variety of vocoders have been developed to allow human voice to
be transmitted (digitally) over narrow channels.
In the late 1960s, the NSA developed a revolutionary
technique called Linear Predictive Coding (LPC). It allowed human
to be transmitted speech with a resonable quality via narrow-band
communication channels at 1200 or 2400 baud. The 10-bit standard,
known as LPC-10E, was also used by the earlier STU-II.
This standard is also known as FS-1015 .
LPC was later improved by several parties, leading to newer
standards like CELP, MRELP, HDLPC, etc.
STU-III phones are allowed to support different and even proprietary
When establishing a connection, the terminals at
either end first negiotiate the best possible vocoder
that is supported by both devices.
In order to be interoperable, the STU-III terminals
from all manufacturers have to support at least
LPC-10E (2400 bps)
and CELP (4800 bps).
A special version of the STU-III, known as STU-II/B
was developed for use by NATO
forces. It was similar in appearance to the
STU-III, but had more keys on the keypad to allow compatibility
with the military AUTOVON and IVSN networks.
It also had a standard military
U-229 connector at the rear,
for connection of a key fill device.
It replaced the NATO variant of STU-II.
More about STU-II/B
A special version of the STU-III, known as the STU-III/A, was
supplied to the allied countries, such as Canada and some European
countries. It was backwards compatible with the earlier
STU-II and allowed calls at all
levels of confidentiality. The STU-III/A is believed to
be similar (or perhaps identical) to the STU-II/B.
The STU-III/A is also known as Low Cost Terminal 1 (LCT-1).
The STU-III/MPT was a ruggedised Mobile/Portable Terminal (MPT) that was
intended for military applications.
It was compatible with the STU-II, the STU-II/B and
the STU-III/A, and was used by NATO and NATO members.
The STU-III/MPT is also known as Low Cost Terminal 2 (LCT-2).
So far we have never seen a picture of the STU-III/MPT, and it is uncertain
whether this version ever existed. If you have more information,
please contact us.
A STU-III phone can be connected to any standard analog telephone line
A call is always initiated in non-secure mode. In order to
go secure, both parties have to insert and activate their unique
Crypto Ignition Key (CIK).
Then, one of the parties initiates
the secure conversation by pressing the Secure button.
After a 15-second delay, during which the message keys are exchanged
and the phones are synchronised, a secure conversion is possible.
The 10 to 15 second delay is common for all STU-III phones and can be
considered a nuisance to the user. Furthermore, valuable information is
often given away in the clear voice conversation that takes place
before secure mode is entered.
This delay did not occur with the later STE.
Until today, there have been no reports of STU-III units being broken.
That does not mean, however, that foreign intelligence services did not
gather valuable information from intercepted lines, directly before
and after the secure part of the conversation.
For a president, communication with his ministers and advisors
is paramount. In the past, the STU-III has proved to be a major
'lifeline' for various presidents whilst travelling through the
country or during overseas visits.
Generally, a couple of STU-III phones were installed by the
US Secret Service, at any likely or unlikely location that the president
could possibly visit that day.
As the STU-III had an analogue interface, it could be connected to a
POTS telephone wall socket
anywhere in the world, allowing a secure conversion
over a non-secure telephone line, up to the level of Top Secret.
For this reason, the later STE
phone still supports analogue connectivity.
The long life-span of the STU-III is illustrated by the fact that
it served four US Presidents: Ronald Reagan,
George H. W. Bush (Sr),
and George W. Bush (Jr).
Although it is quite possible that the succeeding president,
Barack Obama, also used the STU-III, there is no photographic evidence
of this. Obama is known to have made extensive use of the
STE, which was introduced around the time
he was installed as the 44th President of the United States.
Ronald Reagan served two successive terms as the 40th President of
the United States (1981-1989). During this time he became known as
a strong supporter of secure communications. He endorsed, for example,
the use of the STU-II secure phone at all levels
of the US Government and the Department of Defense (DoD), and made
funding available for the development of the STU-III.
President Ronald Reagan using an early (white) Motorola STU-III. © NSA 
Towards the end of Reagan's presidency, the STU-III entered service
and soon became a beste-seller in government circles. Eventually more
than 100,000 units would be ordered. The image above shows President
Ronald Reagan using one of the first Motorola Type 1 STU-III phones.
President George H. W. Bush
The next president to use the STU-III, was
George H. W. Bush. His administration was in office from 1989
to 1993 and used the STU-III on many occasions throughout
his entire presidency. Bush, who served as Vice President under Ronald
Reagan (1981-1989) was well aware of the security aspects involved
with secure communication.
President George H. W. Bush (Sr) using a black Motorola STU-III. © NSA 
The image above shows President George H. W. Bush using
a STU-III that is placed on a small table aside his chair.
The sign below the table reads: 'SPECIAL TELEPHONE FOR
PRESIDENTIAL COMMUNICATIONS'. Although the protograph was taken
during his presidency, the exact date and place are currently unknown .
Neither do we known what the white device at the bottom is.
William Jefferson (Bill) Clinton served two terms as the 42th President
of the United States (1993-2001).
Although the STU-III must have been used heavily during the Clinton
administration, we have not found any photographic evidence
that shows Clinton using such a phone.
If you have one, you can help use by sharing it with us.
9/11 Attacks at the World Trade Center
On 11 September 2001, the two largest towers of the World Trade Center
in New York (USA) were attacked by terrorists. When it happened,
president George W. Bush was visiting
Emma E. Booker Elementary School in Sarasota (Florida).
As the Secret Service had already installed a readily available
STU-III unit in a nearby room, President Bush was able to speak with his
security staff in Washington only moments after the first impact.
Official White House Photograph by Eric Draper . 11 September 2001.
The image above shows President George W. Bush using his
Motorola SECTEL STU-III phone in the
foreground, whilst the attack on the second tower is visible on a TV
screen at the back.
The photo is part of a series of three photographs (see below) that
were made by White House photographer Eric Draper at the event .
Click for a larger view.
On 9 September 2011, exactly 10 years after the attacks, CNN released
an interview with Eric Draper, who was President Bush's
personal photographer at the White House at the time.
In the interview, several of Eric's photographs,
taken on 9/11, are shown alongside CNN footage.
More about the Motorola SECTEL
Interview with Eric Draper
The history of the STU-family starts with the development of the
first generation digital Secure Telephone Unit STU-I
in the late 1960s and the early 1970s, after the NSA
had recognised telephone communication as one of the major security threats.
Problems with existing systems had shown that speech quality was too bad
on narrowband systems, and that it was difficult to distribute
cryptographic material to the users. As a result,
standard phones were mostly used.
In the late 1960s, the NSA defined the design goals for a digital Secure
Telephone Unit (STU) that would solve the existing problems.
The problem of voice quality was solved by using a revolutionary technique
called Linear Predictive Coding (LPC), which greatly improved voice quality
in narrowband systems. The key distribution problem was solved by introducing
the concept of the Key Distribution Center (KDC) .
In the late 1960s, in the light of the Vietnam War,
the NSA had developed a highly secure
light-weight high-quality encryption system, called SAVILLE,
for use in COMSEC devices such as VINSON (KY-57).
The same SAVILLE encryption algorithm was used in the STU design.
The first generation of the new system was called STU-I
and was technically successful in that it allowed secure voice communication
in full-duplex over standard (analogue) telephone lines, with a relatively
good speech quality.
Other design goals, such as the size of the unit and the price tag,
had failed. Immediately after the introduction of the
the NSA started development of the 2nd generation,
which was supposed to be much smaller and more affordable.
The STU-II was indeed cheaper than the STU-I
(US$ 13,000 as opposed to US$ 35,000)
but was still much more expensive than the projected US$ 2,500-5,000.
Furthermore, the STU-II was still a large and bulky system, consisting of
a large cabinet with the electronics, and a separate desktop unit for its
operation. Development of the STU-II was finished in 1980 and production
ran from 1982 to 1986, after which some 10,000 units had been delivered.
In the meantime, Philips had introduced the
Spendex 40 in the early 1980s:
A relatively small single-piece STU-II compatible product that was fully
approved by the NSA as a Type-1 product and for use by NATO.
Around the same time, engineers of the Lincoln Laboratory at MIT had
succeeded in shrinking the size of the LPC vocoder to a single board unit,
by using the latest DSP technology. A demonstration of this board
convinced the director of the NSA that it was time to start development
of the STU-III: an even smaller single-piece solution.
Development of the STU-III was started in 1984 and took several years.
Production started in 1987 and the NSA had decided to allow the STU-III
to be build by several manufacturers. Apart from the size of the unit
a STU-III is roughly the same size as a normal telephone set the price
had also come down significantly: just US$ 2,000 for a single unit.
Codebook Excited Linear Prediction
Method for digitizing human speech, also known as a vocoder.
Improved version of LPC encoding.
CELP is a US Government standard that can be used at 4800 baud.
Common name for a method of converting analogue human speech into
digital data (coding) and vice versa (decoding). In the days of the
STU-III, a CODEC was also known as a Vocoder.
Linear Predictive Coding
A method for digitizing human speech by analyzing and storing
specific characteristics of it, in such a way that an intelligible
signal can be reconstructed later. LPC-10E was a US Government
standard that was used at 2400 baud on all STU-III terminals.
Plain Old Telephone System
Analogue swiched telephone network, also known as a Switched Voice
Network, that predates digital communications networks like ISDN
and the Internet.
Secure Terminal Unit
Standard for secure voice and data conversations via standard
analogue telephone networks, developed and maintained by the
US National Security Agency (NSA). There are three generations
of STU devices, known as STU-I,
STU-III. STU was later succeeded
by Secure Terminal Equipment (STE).
Voice Coder, or Speech Digitizer
Method for converting (analogue) human voice signals into
digital data, in such a way that it can be used for digital
storage and/or transmission. Vocoders are also used to digitize
speech before encryption.
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?|
© Crypto Museum. Created: Sunday 11 July 2010. Last changed: Monday, 21 December 2015 - 08:10 CET.