Feeds

Eurospook plan for Web and wireless bugs

If Enfopol 98 is genuine, the cops are getting seriously out of control

  • alert
  • submit to reddit

High performance access to file storage

A global wire tapping system covering mobile phone, fixed wire, Internet and satellite is being pushed by the European police co-ordination body, Europol, according to German Web magazine Telepolis. A paper published by the mag (much of the meat in German, sorry people) purports to be a high level Europol document putting forward proposed legislation for Europe, and trailing the prospects of links with US and other non-European security agencies. But if the document, entitled Enfopol 98, is genuine, Europol has moved way beyond its brief. Conspiracy theorists might say that's what you'd expect of a transnational bunch of spooks, but it far exceeds existing European policy on transnational policing and electronic surveillance. "Exactly," as the conspiracy theorists would have it. On the other hand, Enfopol 98 takes numerous European and international initiatives to deal with drugs, terrorism and cybercrime to their logical conclusion. It is claimed to have been drawn up in the form of a "Draft for a Recommended Resolution" by Europol at the EU's behest (Telepolis doesn't specify who within the EU) in order to "simplify the passage of the resolution." The draft does not seem to have appeared at Brussels yet, but that's not to say it won't. Enfopol 98 plans to have tapping built into all communications systems. Each country will have "interception interfaces" in telephone exchanges, ISPs, cellular networks and satellite ground stations. Intriguingly Telepolis alleges that the Iridium ground station in Italy is slated as one of these. It's not known what Iridium's views on this are, but we've heard some interesting suggestions about the usefulness of global commercial satellite phone systems to US security services. Tapping data will be shared across countries - each state should be able to tap into communications right across the EU, and the system is intended to extend to the US, Canada and Australia. The bona fides of the document are also reinforced by the suggestion that an identification system for individuals should be tacked onto it. Data to be exchanged between countries would include names, addresses, phone numbers, credit card numbers, email addresses and computer passwords. Only a crazed cop would think these could be obtained or could be rammed through in legislation. A report by Duncan Campbell in today's Observer newspaper takes the paranoia to fever pitch. Duncan may, like a substantial proportion of The Register, hail from god's own country, but he shows frequent signs of being barking. According to Campbell Enfopol 98 will be brought in as part of the European Convention on Mutual Legal Assistance, and will go into national law by 2000. The sinister bits, says Campbell, will be hidden in a "technical handbook" which is (was) unlikely to be read by ministers. You can see why Europol would want such a system, and why the UK's own dear home secretary Jack Straw (currently trying to figure out a plausible strategy for springing a Chilean mass-murderer) would love to be able to help. You can also see why the bug-happy French security services, who want to read everything, and the control-freak German and Italian ones, who've a long history of urban terrorism, would support it too. But how do you get it through? And how does it work? A system that knows where everybody is, what they're saying, and how to get into all of their email is a global civil liberties no-no. Even if you got it through, all hell would break loose when the people found out (this, incidentally, is why Jack Straw hasn't yet dared to send Pinochet to Northolt airbase, where a Chilean military plane awaits him). Enfopol 98 also requires real-time bugging capabilities. If, say, the Italian security services were bugging a mobile phone in the UK they'd want to do it real time, and just dealing with non-encrypted systems would be tricky, and encrypted GSM very tricky indeed. The networks will squeal if they have to pay for it. ISPs? It's possible to bug by forcing all the major ISPs to implement interception systems, but unless you legislate to licence ISPs, you can't get them all. Then you have to legislate to restrict the available of leased lines (license these as well), then you start to worry about how you intercept calls dialled direct into computers. And then you've got to worry about how you actually read the traffic. Enfopol says codes have to be broken, but it's not clear how. Government agencies don't have any obvious abilities to do this, and although the major software companies would no doubt roll over (not a lot of choice), they don't necessarily cover the more interesting parts of the waterfront. So even if the whole shebang comes in globally, you can still operate secure communications point to point or via the Web (unless of course they then try to make it illegal to transport messages they can't read). It can only work if they can monitor everything, all the time, in real time. And they can't. Europol itself, incidentally, was set up to deal with drugs, and is probably the "high level Group, set up following the Dublin Council, [which] is finalising an Action Plan to fight cybercrime." (EU documentation) Europol's responsibilites have now been extend to include: illicit trafficking in nuclear or radioactive substances; crime linked to clandestine immigration networks; trafficking in stolen vehicles; and trafficking in human beings (sexual exploitation). You can see why it might think it needs the extra surveillance, can't you? ®

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Nokia offers 'voluntary retirement' to 6,000+ Indian employees
India's 'predictability and stability' cited as mobe-maker's tax payment deadline nears
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
Analysts: Bright future for smartphones, tablets, wearables
There's plenty of good money to be made if you stay out of the PC market
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.