Click for homepage
Secure Terminal Equipment

The STE is a secure telephone that provides voice and data security via ISDN and PSTN telephone lines. It was developed in the early 1990s by the NSA as the successor to the successful STU-III crypto phone. The units were built under contract from 1994 onwards, exclusively by L-3 Communications in Camden (New Jersey). STE units were still available from L3 in 2011 [1].

The image on the right shows a typical STE Tactical unit as it was built by L3 in 2008. The unit is dark-grey and is slightly higher than the Motorola STU-III. In 2006, the price of an STE was between US$ 3000 and US$ 4000, excluding the Crypto Card, depending on the model [2].

At the front of the unit is a PCMCIA-slot that allows a Fortezza Crypto Card (KOV-14) or a KSV-21 Enhanced Crypto Card to be inserted. Only when such an NSA-configured crypto card is present, can secure calls be placed to other STE phones (and STU-III phones).
Secure Terminal Equipment (STE) - Tactical

Unlike the STU-III, the STE is neither a classified nor a restricted item, as the cryptographic algorithms are held inside the Fortezza crypto card. Without this card, the STE can be used to place standard (unsecure) calls on a PSTN or ISDN network, just like an ordinary phone [3]. Although the STE is backwards compatible with the STU-III, it offers a number of advantages:

  • Can be used over ISDN lines (as well as over PSTN).
  • Better speech quality (in full digital mode).
  • Backwards compatibility with STU-III.
  • Higer data rates (38.4 Kb/s asynchronous, 128 kB/s synchronous).
  • No delay when going secure.
On 31 December 2009, STU-III was officially phased out. After that date the STU-III, and hence the STU-III compatible mode of the STE, was no longer to be used [4]. In the meantime, all STE units had been upgraded to version 2, which made it compatible with Secure Communications Interoperability Protocol (SCIP). This was done by swapping two PCBs inside the terminal [5].

The American Government started replacing the STE during the course of 2014 by the Sectéra® vIPer Universal Secure Phone, which has built-in security and does not require an external crypto card or Crypto Ignition Key (CIK). vIPer is approved for Top Secret/SCI traffic and is interoperable with the STE and other secure phones used by the Government and the Department of Defence.

Secure Terminal Equipment (STE) - Tactical L-3 and STE logo Tactical STE rear view ISDN connection PSTN connection Power socket Expansion slot 4-wire connection
1 / 8
Secure Terminal Equipment (STE) - Tactical
2 / 8
L-3 and STE logo
3 / 8
Tactical STE rear view
4 / 8
ISDN connection
5 / 8
PSTN connection
6 / 8
Power socket
7 / 8
Expansion slot
8 / 8
4-wire connection

The STE comes in a number of variants, each of which is tailored to a specific application or customer. The following models are known:

  • Office
    This is the most widely used version of the STE within the US Government. It offers voice and data protection via ISDN (Integrated Services Digital Network) and PSTN (Public Switched Telephone Network). It is available in two configrations: ISDN only, and ISDN plus PSTN.

  • Tactical
    The Tactical version is similar to the Office-version, but can also be used to access the TRI-TAC network (Tri-Service Tactical Network). In addition, it has a secure serial EIA-530A/EIA-232 BDI port (BDI: Black Data Interface). It is featured on this page.

  • Data
    This unit is suitable for voice, data, fax and video-conferencing. It has two EIA-530A/EIA-232 BDI ports and can be used for data connections to multiple destinations. This unit comes as a 'black box' without any controls or a handset.

  • C2
    This model is similar to the Tactical-version. It contains modified software for use with its Tactical Terminal Locking Handset mechanism.

  • STE-R
    This model is similar to the Data-version. In addition to the features offered by the STE-Data, it provides dial-in access to the DRSN (Defense Red Switch Nework). The letter R stands for Remote.

  • VoIP
    Voice Over Internet Protocol (VoIP) is a new emerging standard, which has become available to the STE in the form of an upgrade to the existing models. It requires a PCMCIA 10/100 Mb/s ethernet card to be inserted into the BLK EXP slot at the rear. VoIP comes standard with some of the later models.
Multiple Networks
The STE can be used on different communication networks. It was designed for the fully digital ISDN network, but could still be used on legacy PSTN networks. In addition, the Tactical STE was suitable for TRI-TAC and MILSTAR networks as well. The difference between the Office-version and the Tactical-version is just the bottom part: the so-called wedge. They can be used on:

  • ISDN
    Digital, BRI, 2B+D, RJ45 connector
  • PSTN
    Analogue, 2-wire, RJ12 connector
    MSE, 4-Wire Modem, 16/32 kbps CVSD
    BDI service (black data interface) RS-530A or RS-232, DB25 connector
  • VoIP
    Voice over Internet (when using ethernet expansion card)
The best performance is obtained when the STE is used on an ISDN network. As all data is already in the digital domain, there is no need to initiate a call in clear as with the STU-III. Furthermore, when used on ISDN, the STE doesn't have the dreaded 10-15 second delay when 'going secure'. Protocols and keys are negotiated even before a call is answered.

In secure voice mode on an ISDN network, speech is compressed at 32 Kb/s using ADPCM, producing excellent quality speech with good intelligibility. In this mode, the STE uses the (Enhanced) Firefly encryption algorithm developed by the BSA [7]. When used on a PSTN network (i.e. when in STU-III compatible mode), speech is compressed at 4800 baud using the CELP algorithm.

For data transmission, various speeds are possible both in synchronous and asynchronous modes. The maximum speed of 128 Kb/s is obtained in synchronous mode, when both ISDN B-channels are used. For connection TRI-TAC, the 4 wire-terminals at the rear are used.

STE units can be enhanced in several ways. First of all, all users have been upgraded from 2001 onwards to version 2.0 which is SCIP compatible. This was done by swapping two internal PCBs. SCIP was developed by the US Department of Defense Digital Voice Processor Consortium, in cooperation with the NSA, and is a platform independant interoperability protocol. In addition, STE units can easily be adapted to new emerging standards by adding hardware expansion units.

Fortezza Crypto Card
The basic STE set can be regared as a standard (non-secure) telephone set, and is therefore neither classified nor restricted. In order to make secure telephone calles, a Fortezza Crypto Card has to be installed in the PCMCIA slot at the front.

The Fortezza card contains an NSA-developed Type 1 algorithm that is used to encrypt voice and data calls. It is issued for a specific user and comes with a unique PIN code.

 More information

Inserting the Fortezza Crypto Card in the STE

Secure fax
STE can be used to send secure fax messages, by connecting an external gateway to the red dataport at the rear of the STE. The 90si Secure Fax Gateway shown in the image on the right was approved for this application.

By adding a GFS-910 Fax Switcher, the same fax machine can also be used for receiving non-secure fax messages, without swapping cables. Both items were approved for use with the STE.

 90si instructions
 GFS-910 instructions

Secure Fax Gateway 90si

Expansion slot
Two expansion slots are available at the rear. One is marked BLK EXP (Black Expansion). It allows hardware to be added to the unsecure (black) side. The other expansion slot is marked RED EXP. It can be used to add hardware to the red side (the side that needs to be protected.

An example of a possible hardware expansion is the ethernet card that was introduced in 2006 to add VoIP capability 1 to the STE. The card was inserted into the BLK EXP slot and allowed connection to a standard (insecure) network.
Expansion slot

  1. The use of VoIP over STE was approved by the NSA in July 2006 [6].

STE phone with Fortezza Crypto Card half-way in STE phone with Fortezza Crypto Card Inserting the Fortezza Crypto Card in the STE Placing the crypto card Fortezza card in place Releasing the crypto card Crypto card released Removing the crypto card
Secure Fax Gateway 90si Expansion slot
1 / 15
STE phone with Fortezza Crypto Card half-way in
2 / 15
STE phone with Fortezza Crypto Card
3 / 15
Inserting the Fortezza Crypto Card in the STE
4 / 15
Placing the crypto card
5 / 15
Fortezza card in place
6 / 15
Releasing the crypto card
7 / 15
Crypto card released
8 / 15
Removing the crypto card
9 / 15
Secure Fax Gateway 90si
10 / 15
10 / 15
11 / 15
11 / 15
12 / 15
12 / 15
13 / 15
13 / 15
14 / 15
14 / 15
15 / 15
Expansion slot

Backwards compatibility
In order to guarantee a smooth transition from the older STU-III secure phones, the STE was made backwards compatible with it. Whenever the STE senses a STU-III terminal at the other end, or when it is used over an analogue telephone line (PSTN), it uses a Type 1 STU-III compatible encryption algorithm for voice transmission.

The image on the right shows the STU-III, which is the predecessor of the STE. STU-III units were manufactured by Motorola, AT&T and RCD (later: L-3 Communications). The one shown here was made by Motorola. More information...

Please note that for all encrypted traffic, the Fortezza Crypto Card has to be present inside the slot at the front of the STE terminal.

When used on a PSTN network, the analogue line is connected to the RJ12 connector (J2) at the rear of the STE (covered here with a placard).
Motorola SECTEL 2500 with CIK

STU-III units were last allowed for secure communication on 31 December 2009. After that date, the STU-III compatible mode of the STE was not to be used anymore [4]. At the same time, the new SCIP compatible mode was introduced [5].

President Obama
Presidential Bus
This photograph shows President Obama on Sunday 9 May 2010, just before the Hampton University commencement. On the table are two L-3 STE phones, one of which is used by Obama to discuss the economic situation in Europe with German Chancellor Angela Merkel. At the same time he holds a GSM phone in his right hand, which can be seen as a security breach [10].

Click to see more
Official White House Photo by Pete Souza [8]. 9 May 2010.

Oakley Lindsay Center
This photographs shows President Obama in a backstage room at Intel Corporation in Hillsboro (Oregon) on 18 February 2011, discussing the developments in the Middle East with National Security Advisor Tom Donilon. The L-3 STE phone is on a small table at the left.

Click to see more
Official White House Photo by Pete Souza [8]. 18 February 2011.

Conference call in Brazil
This photograph shows Presedent Obama, standing to the right of National Security Advisor Tom Donilon, both taking part in a conference call in which Obama authorizes action against Libya, as part of an international effort to protect Libyan civilians. The STE is operated here by Donilon, whilst Obama holds a Sectéra GSM Phone [9]. Click for a close-up of the STE phone and note the label POTUS2 at the back of the phone. POTUS is short for President Of The United States.

Obama is thought to be violating security rules here, as he is operating a mobile phone too close to an STE unit [10]. Operating a GSM phone in close proximity of an STE unit (< 5 metres) causes the strong RF signals from the GSM to mix with internal signals inside the STE, producing a third (mixed) RF signal. This mixed signal can be intercepted and exploited by an eavesdropper.

Click to see more
Official White House Photo by Pete Souza [8]. 19 March 2012.

 Close-up of the STE telephone set

Chilmark, Massachusetts (USA)
This photograph shows President Obama, together with his Assistent for Homeland Security John Brennan, conducting a conference call with his National Security Staff to discuss the situation in Lybia on 22 August 2011. The photo was taken through a mirror, and has been digitally corrected by Cryptome [8]. Note the use of Duct Tape to attach the many cables to the table (at the right).

Click to see more
Official White House Photo by Pete Souza [8]. 22 August 2011.

White House Situation Room
This image shows President Obama amidst his National Security Team in the Situation Room of the White House, discussing the mission against Osama Bin Laden on Sunday 1 May 2012. On the table are several regular telehone sets, plus a secure L3 STE-unit. Click for a larger view.

Click to see more
Official White House Photo by Pete Souza [8]. 1 May 2012.

Although the STE was still in use in 2011 — in fact, new crypto cards had just been introduced — brand new STE units were showing up on flea markets in Europe that same year, making the STE a collector's item. All information presented on this page is available in the public domain, from the manufacturer, the NSA and from a variety of other sources (see the references section below).

  1. Secure Fax Gateway 90si, Quick reference guide
    Gateway Fax Systems, Inc. Date unknown.

  2. GFS-910 auto FAX/STU switch, User's Guide
    Gateway Fax Systems, Inc. Date unknown.
  1. L-3 Communications - Communication Systems-East, Secure Terminal Equipment
    Description of the NSA-certified STE offered by L3.

  2. L-3 Communications, STE Direct Sale Price List
    15-10-2006. Retrieved via WayBack Machine.

  3. Federation of American Scientists, STU-III and STE
    Secure Telephone Unit Third Generation (STU-III) / Secure Terminal Equipment (STE). September 2010.

  4. L-3 Communications, STU-III Replacement
    Retrieved January 2012.

  5. L-3 Communications, STE SCIP Upgrade Information
    Retrieved January 2012.

  6. L-3 Communications, VoIP STE Product Overview
    VoIP STE cleared by DoD/OSR for Public Release.
    OSR Case Number 08-S-1752, 6 August 2008.

  7. L-3 Communications, STE Users Manual
    Release 2.6 Rev. A, January 2008

  8. Cryptome, Obama Phones
    Retrieved October 2012.

  9. Peter Koop, Top Level Communications
    Website. Retrieved October 2012.

  10. James M. Atkinson, Obama Called a Moron at Phone Security
    Cryptome website. 7 January 2012. Retrieved October 2012.

  11. Wikipedia, Barack Obama
    Retrieved February 2013.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Monday 26 September 2011. Last changed: Thursday, 10 October 2019 - 07:39 CET.
Click for homepage