My understanding is that the A5/1 (GSM) encryption is applied to the communication between the device and the local service provider. The local service provider then decrypts and routes the packets.
>FirstNet is designed with a defense-in-depth security strategy that goes well beyond standard commercial network security measures, providing protection without sacrificing usability. And now, we’ve gone farther than anyone in the industry to secure public safety communications. FirstNet will be the first-ever network with comprehensive, tower-to-core encryption based on open industry standards.
Which implies every other network doesn't encrypt that traffic (or does it with some proprietary scheme... which wouldn't give me a lot of confidence)
Telcos rarely do end-to-ends, usually they handle signaling out of band, strip headers, decipher payload and re-cipher with new session information each time your data switches medium. In-band signaling with E2E and recursive encapsulations like TLS over TCP over IP are very Internet/IP pattern.
