Eurospook plan for Web and wireless bugs

If Enfopol 98 is genuine, the cops are getting seriously out of control

  • alert
  • submit to reddit

Security for virtualized datacentres

A global wire tapping system covering mobile phone, fixed wire, Internet and satellite is being pushed by the European police co-ordination body, Europol, according to German Web magazine Telepolis. A paper published by the mag (much of the meat in German, sorry people) purports to be a high level Europol document putting forward proposed legislation for Europe, and trailing the prospects of links with US and other non-European security agencies. But if the document, entitled Enfopol 98, is genuine, Europol has moved way beyond its brief. Conspiracy theorists might say that's what you'd expect of a transnational bunch of spooks, but it far exceeds existing European policy on transnational policing and electronic surveillance. "Exactly," as the conspiracy theorists would have it. On the other hand, Enfopol 98 takes numerous European and international initiatives to deal with drugs, terrorism and cybercrime to their logical conclusion. It is claimed to have been drawn up in the form of a "Draft for a Recommended Resolution" by Europol at the EU's behest (Telepolis doesn't specify who within the EU) in order to "simplify the passage of the resolution." The draft does not seem to have appeared at Brussels yet, but that's not to say it won't. Enfopol 98 plans to have tapping built into all communications systems. Each country will have "interception interfaces" in telephone exchanges, ISPs, cellular networks and satellite ground stations. Intriguingly Telepolis alleges that the Iridium ground station in Italy is slated as one of these. It's not known what Iridium's views on this are, but we've heard some interesting suggestions about the usefulness of global commercial satellite phone systems to US security services. Tapping data will be shared across countries - each state should be able to tap into communications right across the EU, and the system is intended to extend to the US, Canada and Australia. The bona fides of the document are also reinforced by the suggestion that an identification system for individuals should be tacked onto it. Data to be exchanged between countries would include names, addresses, phone numbers, credit card numbers, email addresses and computer passwords. Only a crazed cop would think these could be obtained or could be rammed through in legislation. A report by Duncan Campbell in today's Observer newspaper takes the paranoia to fever pitch. Duncan may, like a substantial proportion of The Register, hail from god's own country, but he shows frequent signs of being barking. According to Campbell Enfopol 98 will be brought in as part of the European Convention on Mutual Legal Assistance, and will go into national law by 2000. The sinister bits, says Campbell, will be hidden in a "technical handbook" which is (was) unlikely to be read by ministers. You can see why Europol would want such a system, and why the UK's own dear home secretary Jack Straw (currently trying to figure out a plausible strategy for springing a Chilean mass-murderer) would love to be able to help. You can also see why the bug-happy French security services, who want to read everything, and the control-freak German and Italian ones, who've a long history of urban terrorism, would support it too. But how do you get it through? And how does it work? A system that knows where everybody is, what they're saying, and how to get into all of their email is a global civil liberties no-no. Even if you got it through, all hell would break loose when the people found out (this, incidentally, is why Jack Straw hasn't yet dared to send Pinochet to Northolt airbase, where a Chilean military plane awaits him). Enfopol 98 also requires real-time bugging capabilities. If, say, the Italian security services were bugging a mobile phone in the UK they'd want to do it real time, and just dealing with non-encrypted systems would be tricky, and encrypted GSM very tricky indeed. The networks will squeal if they have to pay for it. ISPs? It's possible to bug by forcing all the major ISPs to implement interception systems, but unless you legislate to licence ISPs, you can't get them all. Then you have to legislate to restrict the available of leased lines (license these as well), then you start to worry about how you intercept calls dialled direct into computers. And then you've got to worry about how you actually read the traffic. Enfopol says codes have to be broken, but it's not clear how. Government agencies don't have any obvious abilities to do this, and although the major software companies would no doubt roll over (not a lot of choice), they don't necessarily cover the more interesting parts of the waterfront. So even if the whole shebang comes in globally, you can still operate secure communications point to point or via the Web (unless of course they then try to make it illegal to transport messages they can't read). It can only work if they can monitor everything, all the time, in real time. And they can't. Europol itself, incidentally, was set up to deal with drugs, and is probably the "high level Group, set up following the Dublin Council, [which] is finalising an Action Plan to fight cybercrime." (EU documentation) Europol's responsibilites have now been extend to include: illicit trafficking in nuclear or radioactive substances; crime linked to clandestine immigration networks; trafficking in stolen vehicles; and trafficking in human beings (sexual exploitation). You can see why it might think it needs the extra surveillance, can't you? ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Big Content outs piracy hotbeds: São Paulo, Beijing ... TORONTO?
MPAA calls Canadians a bunch of bootlegging movie thieves
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
Hungary's internet tax cannot be allowed to set a precedent, says EC
More protests planned against giga-tariff for Tuesday evening
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
prev story


Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.