Click for homepage
Secure Terminal Equipment

The STE is a secure telephone that provides voice and data security via ISDN and PSTN telephone lines. It was developed in the early 1990s by the NSA as the successor to the successful STU-III crypto phone. The units were built under contract from 1994 onwards, exclusively by L-3 Communications in Camden (New Jersey). STE units were still available from L3 in 2011 [1].

The image on the right shows a typical STE Tactical unit as it was built by L3 in 2008. The unit is dark-grey and is slightly higher than the Motorola STU-III. In 2006, the price of an STE was between US$ 3000 and US$ 4000, excluding the Crypto Card, depending on the model [2].

At the front of the unit is a PCMCIA-slot that allows a Fortezza Crypto Card (KOV-14) or a KSV-21 Enhanced Crypto Card to be inserted. Only when such an NSA-configured crypto card is present, can secure calls be placed to other STE phones (and STU-III phones).
Secure Terminal Equipment (STE) - Tactical

Unlike the STU-III, the STE is neither a classified nor a restricted item, as the cryptographic algorithms are held inside the Fortezza crypto card. Without this card, the STE can be used to place standard (unsecure) calls on a PSTN or ISDN network, just like an ordinary phone [3]. Although the STE is backwards compatible with the STU-III, it offers a number of advantages:

  • Can be used over ISDN lines (as well as over PSTN).
  • Better speech quality (in full digital mode).
  • Backwards compatibility with STU-III.
  • Higer data rates (38.4 Kb/s asynchronous, 128 kB/s synchronous).
  • No delay when going secure.
On 31 December 2009, STU-III was officially phased out. After that date the STU-III, and hence the STU-III compatible mode of the STE, was no longer to be used [4]. In the meantime, all STE units had been upgraded to version 2, which made it compatible with Secure Communications Interoperability Protocol (SCIP). This was done by swapping two PCBs inside the terminal [5].

The American Government started replacing the STE during the course of 2014 by the Sectéra® vIPer Universal Secure Phone, which has built-in security and does not require an external crypto card or Crypto Ignition Key (CIK). vIPer is approved for Top Secret/SCI traffic and is interoperable with the STE and other secure phones used by the Government and the Department of Defence.

Secure Terminal Equipment (STE) - Tactical L-3 and STE logo Tactical STE rear view ISDN connection PSTN connection Power socket Expansion slot 4-wire connection
1 / 8
Secure Terminal Equipment (STE) - Tactical
2 / 8
L-3 and STE logo
3 / 8
Tactical STE rear view
4 / 8
ISDN connection
5 / 8
PSTN connection
6 / 8
Power socket
7 / 8
Expansion slot
8 / 8
4-wire connection

Fortezza Crypto Card
Basically, the STE can be viewed as a standard telephone. By default it has no encryption and is therefore neither classified nor restricted. At the front of the phone, a PCMCIA slot is available, that accepts a so-called Fortezza Crypto Card. That card provides the cryptographic functionality.

The card contains the necessary crypto-building blocks, plus a programmable processor that allows the blocks to be combined into algoritms.

The image on the right shows a typical Fortezza-II Crypto Card, built by Spyrus (USA). It contains a number of NSA-developed and approved Type-1 algoritms. Each card is programmed for a specific security level, matching the clearance of the customer, and comes with a PIN code.

 More information
Inserting the Fortezza Crypto Card in the STE

STE phone with Fortezza Crypto Card half-way in STE phone with Fortezza Crypto Card Inserting the Fortezza Crypto Card in the STE Placing the crypto card Fortezza card in place Releasing the crypto card Crypto card released Removing the crypto card
1 / 8
STE phone with Fortezza Crypto Card half-way in
2 / 8
STE phone with Fortezza Crypto Card
3 / 8
Inserting the Fortezza Crypto Card in the STE
4 / 8
Placing the crypto card
5 / 8
Fortezza card in place
6 / 8
Releasing the crypto card
7 / 8
Crypto card released
8 / 8
Removing the crypto card

The STE comes in a number of variants, each of which is tailored to a specific application or customer. The following models are known:

  • Office
    This is the most widely used version of the STE within the US Government. It offers voice and data protection via ISDN (Integrated Services Digital Network) and PSTN (Public Switched Telephone Network). It is available in two configrations: ISDN only, and ISDN plus PSTN.

  • Tactical
    The Tactical version is similar to the Office-version, but can also be used to access the TRI-TAC network (Tri-Service Tactical Network). In addition, it has a secure serial EIA-530A/EIA-232 BDI port (BDI: Black Data Interface). It is shown on this page.

  • Data
    This unit is suitable for voice, data, fax and video-conferencing. It has two EIA-530A/EIA-232 BDI ports and can be used for data connections to multiple destinations. This unit comes as a 'black box' without any controls or a handset.

  • C2
    This model is similar to the Tactical-version. It contains modified software for use with its Tactical Terminal Locking Handset mechanism.

  • STE-R
    This model is similar to the Data-version. In addition to the features offered by the STE-Data, it provides dial-in access to the DRSN (Defense Red Switch Nework). The letter R stands for Remote.

  • VoIP
    Voice Over Internet Protocol (VoIP) is a new emerging standard, which has become available to the STE in the form of an upgrade to the existing models. It requires a PCMCIA 10/100 Mb/s ethernet card to be inserted into the BLK EXP slot at the rear. VoIP comes standard with some of the later models.
Multiple Networks
The STE can be used on different communication networks. It was designed for the fully digital ISDN network, but could still be used on legacy PSTN networks. In addition, the Tactical STE was suitable for TRI-TAC and MILSTAR networks as well. The difference between the Office-version and the Tactical-version is just the bottom part: the so-called wedge. Tactical STE units can be used on the following networks:

  • ISDN (Digital), BRI, 2B+D, RJ45 connector
  • PSTN (Analogue, 2-wire), RJ12 connector
  • TRI-TAC / MSE, 4-Wire Modem, 16/32 kbps CVSD
  • BDI service (black data interface) RS-530A (MILSTAR) or RS-232, DB25 connector
The best performance is obtained when the STE is used on an ISDN network. As all data is already in the digital domain, there is no need to initiate a call in clear as with the STU-III. Furthermore, when used on ISDN, the STE doesn't have the dreaded 10-15 second delay when 'going secure'. Protocols and keys are negotiated even before a call is answered.

In secure voice mode on an ISDN network, speech is compressed at 32 Kb/s using ADPCM, producing excellent quality speech with good intelligibility. In this mode, the STE uses the (Enhanced) Firefly encryption algorithm developed by the BSA [7]. When used on a PSTN network (i.e. when in STU-III compatible mode), speech is compressed at 4800 baud using the CELP algorithm.

For data transmission, various speeds are possible both in synchronous and asynchronous modes. The maximum speed of 128 Kb/s is obtained in synchronous mode, when both ISDN B-channels are used. For connection TRI-TAC, the 4 wire-terminals at the rear are used.

STE units can be enhanced in several ways. First of all, all users have been upgraded from 2001 onwards to version 2.0 which is SCIP compatible. This was done by swapping two internal PCBs. SCIP was developed by the US Department of Defense Digital Voice Processor Consortium, in cooperation with the NSA, and is a platform independant interoperability protocol. In addition, STE units can easily be adapted to new emerging standards by adding hardware expansion units.

For such additional hardware, two expansion slots are available at the rear. One is marked BLK EXP (Black Expansion). It allows hardware to be added to the unsecure (black) side. The other expansion slot is marked RED EXP. It can be used to add hardware to the red side (the side that needs to be protected.

An example of a hardware expansion is the ethernet card that was introduced in 2006 to add VoIP capability to the STE. The card was inserted into the BLK EXP slot and allowed connection to a standard (insecure) network.
Expansion slot

Both expansion bays are industry standard PCMCIA slots, allowing upgrades to be carried out by the end-user. The use of VoIP over STE was approved by the NSA in July 2006 [6].

Backwards compatibility
In order to guarantee a smooth transition from the older STU-III secure phones, the STE was made backwards compatible with it. Whenever the STE senses a STU-III terminal at the other end, or when it is used over an analogue telephone line (PSTN), it uses a Type 1 STU-III compatible encryption algorithm for voice transmission.

The image on the right shows the STU-III, which is the predecessor of the STE. STU-III units were manufactured by Motorola, AT&T and RCD (later: L-3 Communications). The one shown here was made by Motorola. More information...

Please note that for all encrypted traffic, the Fortezza Crypto Card has to be present inside the slot at the front of the STE terminal.

When used on a PSTN network, the analogue line is connected to the RJ12 connector (J2) at the rear of the STE (covered here with a placard).
Motorola SECTEL 2500 with CIK

STU-III units were last allowed for secure communication on 31 December 2009. After that date, the STU-III compatible mode of the STE was not to be used anymore [4]. At the same time, the new SCIP compatible mode was introduced [5].

President Obama
Presidential Bus
This photograph shows President Obama on Sunday 9 May 2010, just before the Hampton University commencement. On the table are two L-3 STE phones, one of which is used by Obama to discuss the economic situation in Europe with German Chancellor Angela Merkel. At the same time he holds a GSM phone in his right hand, which can be seen as a security breach [10].

Official White House Photo by Pete Souza [8]. 9 May 2010.

Oakley Lindsay Center
This photographs shows President Obama in a backstage room at Intel Corporation in Hillsboro (Oregon) on 18 February 2011, discussing the developments in the Middle East with National Security Advisor Tom Donilon. The L-3 STE phone is on a small table at the left.

Official White House Photo by Pete Souza [8]. 18 February 2011.

Conference call in Brazil
This photograph shows Presedent Obama, standing to the right of National Security Advisor Tom Donilon, both taking part in a conference call in which Obama authorizes action against Libya, as part of an international effort to protect Libyan civilians. The STE is operated here by Donilon, whilst Obama holds a Sectéra GSM Phone [9]. Click for a close-up of the STE phone and note the label POTUS2 at the back of the phone. POTUS is short for President Of The United States.

Obama is thought to be violating security rules here, as he is operating a mobile phone too close to an STE unit [10]. Operating a GSM phone in close proximity of an STE unit (< 5 metres) causes the strong RF signals from the GSM to mix with internal signals inside the STE, producing a third (mixed) RF signal. This mixed signal can be intercepted and exploited by an eavesdropper.

Official White House Photo by Pete Souza [8]. 19 March 2012.

 Close-up of the STE telephone set

Chilmark, Massachusetts (USA)
This photograph shows President Obama, together with his Assistent for Homeland Security John Brennan, conducting a conference call with his National Security Staff to discuss the situation in Lybia on 22 August 2011. The photo was taken through a mirror, and has been digitally corrected by Cryptome [8]. Note the use of Duct Tape to attach the many cables to the table (at the right).

Official White House Photo by Pete Souza [8]. 22 August 2011.

White House Situation Room
This image shows President Obama amidst his National Security Team in the Situation Room of the White House, discussing the mission against Osama Bin Laden on Sunday 1 May 2012. On the table are a couple of telehone sets, including an L3 STE-unit. Click for a larger view.

Official White House Photo by Pete Souza [8]. 1 May 2012.

Although the STE is still in use today (2011), brand new STE units were showing up on flea markets in 2011, making them collector's items. All information presented on this page is available in the public domain, from the manufacturer, the NSA and from a variety of other sources (see the references section below).

  1. L-3 Communications - Communication Systems-East, Secure Terminal Equipment
    Description of the NSA-certified STE offered by L3.

  2. L-3 Communications, STE Direct Sale Price List
    15-10-2006. Retrieved via WayBack Machine.

  3. Federation of American Scientists, STU-III and STE
    Secure Telephone Unit Third Generation (STU-III) / Secure Terminal Equipment (STE). September 2010.

  4. L-3 Communications, STU-III Replacement
    Retrieved January 2012.

  5. L-3 Communications, STE SCIP Upgrade Information
    Retrieved January 2012.

  6. L-3 Communications, VoIP STE Product Overview
    VoIP STE cleared by DoD/OSR for Public Release.
    OSR Case Number 08-S-1752, 6 August 2008.

  7. L-3 Communications, STE Users Manual
    Release 2.6 Rev. A, January 2008

  8. Cryptome, Obama Phones
    Retrieved October 2012.

  9. Peter Koop, Top Level Communications
    Website. Retrieved October 2012.

  10. James M. Atkinson, Obama Called a Moron at Phone Security
    Cryptome website. 7 January 2012. Retrieved October 2012.

  11. Wikipedia, Barack Obama
    Retrieved February 2013.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Monday 26 September 2011. Last changed: Wednesday, 27 February 2019 - 10:49 CET.
Click for homepage