Feeds

Eurospook plan for Web and wireless bugs

If Enfopol 98 is genuine, the cops are getting seriously out of control

  • alert
  • submit to reddit

Intelligent flash storage arrays

A global wire tapping system covering mobile phone, fixed wire, Internet and satellite is being pushed by the European police co-ordination body, Europol, according to German Web magazine Telepolis. A paper published by the mag (much of the meat in German, sorry people) purports to be a high level Europol document putting forward proposed legislation for Europe, and trailing the prospects of links with US and other non-European security agencies. But if the document, entitled Enfopol 98, is genuine, Europol has moved way beyond its brief. Conspiracy theorists might say that's what you'd expect of a transnational bunch of spooks, but it far exceeds existing European policy on transnational policing and electronic surveillance. "Exactly," as the conspiracy theorists would have it. On the other hand, Enfopol 98 takes numerous European and international initiatives to deal with drugs, terrorism and cybercrime to their logical conclusion. It is claimed to have been drawn up in the form of a "Draft for a Recommended Resolution" by Europol at the EU's behest (Telepolis doesn't specify who within the EU) in order to "simplify the passage of the resolution." The draft does not seem to have appeared at Brussels yet, but that's not to say it won't. Enfopol 98 plans to have tapping built into all communications systems. Each country will have "interception interfaces" in telephone exchanges, ISPs, cellular networks and satellite ground stations. Intriguingly Telepolis alleges that the Iridium ground station in Italy is slated as one of these. It's not known what Iridium's views on this are, but we've heard some interesting suggestions about the usefulness of global commercial satellite phone systems to US security services. Tapping data will be shared across countries - each state should be able to tap into communications right across the EU, and the system is intended to extend to the US, Canada and Australia. The bona fides of the document are also reinforced by the suggestion that an identification system for individuals should be tacked onto it. Data to be exchanged between countries would include names, addresses, phone numbers, credit card numbers, email addresses and computer passwords. Only a crazed cop would think these could be obtained or could be rammed through in legislation. A report by Duncan Campbell in today's Observer newspaper takes the paranoia to fever pitch. Duncan may, like a substantial proportion of The Register, hail from god's own country, but he shows frequent signs of being barking. According to Campbell Enfopol 98 will be brought in as part of the European Convention on Mutual Legal Assistance, and will go into national law by 2000. The sinister bits, says Campbell, will be hidden in a "technical handbook" which is (was) unlikely to be read by ministers. You can see why Europol would want such a system, and why the UK's own dear home secretary Jack Straw (currently trying to figure out a plausible strategy for springing a Chilean mass-murderer) would love to be able to help. You can also see why the bug-happy French security services, who want to read everything, and the control-freak German and Italian ones, who've a long history of urban terrorism, would support it too. But how do you get it through? And how does it work? A system that knows where everybody is, what they're saying, and how to get into all of their email is a global civil liberties no-no. Even if you got it through, all hell would break loose when the people found out (this, incidentally, is why Jack Straw hasn't yet dared to send Pinochet to Northolt airbase, where a Chilean military plane awaits him). Enfopol 98 also requires real-time bugging capabilities. If, say, the Italian security services were bugging a mobile phone in the UK they'd want to do it real time, and just dealing with non-encrypted systems would be tricky, and encrypted GSM very tricky indeed. The networks will squeal if they have to pay for it. ISPs? It's possible to bug by forcing all the major ISPs to implement interception systems, but unless you legislate to licence ISPs, you can't get them all. Then you have to legislate to restrict the available of leased lines (license these as well), then you start to worry about how you intercept calls dialled direct into computers. And then you've got to worry about how you actually read the traffic. Enfopol says codes have to be broken, but it's not clear how. Government agencies don't have any obvious abilities to do this, and although the major software companies would no doubt roll over (not a lot of choice), they don't necessarily cover the more interesting parts of the waterfront. So even if the whole shebang comes in globally, you can still operate secure communications point to point or via the Web (unless of course they then try to make it illegal to transport messages they can't read). It can only work if they can monitor everything, all the time, in real time. And they can't. Europol itself, incidentally, was set up to deal with drugs, and is probably the "high level Group, set up following the Dublin Council, [which] is finalising an Action Plan to fight cybercrime." (EU documentation) Europol's responsibilites have now been extend to include: illicit trafficking in nuclear or radioactive substances; crime linked to clandestine immigration networks; trafficking in stolen vehicles; and trafficking in human beings (sexual exploitation). You can see why it might think it needs the extra surveillance, can't you? ®

Choosing a cloud hosting partner with confidence

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.