What the hell is – the Echelon scandal?

Europe's aflame, but we are underwhelmed...

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

In the past week increasingly scandalised Echelon stories have ripped across Europe, following the publication of a European parliament report into the shady spook system. But in all the sound and fury there are aspects that haven't really been properly covered - how little of Echelon's claimed activities we didn't know about already, and how little new information the report adds.

Basically, the report tells us quite a few things that were already obvious, and fails to stand up earlier stories claiming more dramatic and dastardly sins by the Echelon alliance. It repeats these, certainly, and the European press repeated them some more with glee, but when it comes down to it there's a sad lack of further information. That doesn't mean the Echelon scandal won't run and run, of course; it's an important factor - possibly the important factor - that Echelon is an intelligence co-operation agreement between the UK, the US, Canada, Australia and New Zealand, so Brussels politicians can get paranoid about being bugged by an Anglo-Saxon alliance.

The French are leading the charge here, with former interior minister Charles Pasqua coming up with what might be viewed as an unfortunate sound-bite: "The rules of the game are rigged and they are rigged especially by the British. This is shocking."

Roll that one around in your head before you start thinking of Brussels as a defender of liberty and privacy in the face of unauthorised intrusions by the evil Echelon alliance. M. Pasqua seems not to be objecting to the bugging, but griping about not getting fair access to the data. You might think Brussels launching an inquiry is a good thing, but you'd be better reserving judgement until you get the full result.

So, as an aid to rational analysis, we at The Register are publishing an instant guide to the Echelon scandal.

What is Echelon? Echelon has been memorably described as a huge vacuum cleaner in the sky sucking up phone, Internet and fax traffic. If something of this sort didn't exist already, then the security agencies would be bound to want to invent it, so we can safely assume it exists, even ignoring the odd hard-copy sighting.

Is Echelon wrong? Well, of course it is, silly. The spooks are bugging their way around the world invading privacy willy-nilly. But this is what spooks do, and we hear French spooks are especially keen on it. You knew that already.

Does Echelon work? What Echelon does with this stuff is another matter. Even if all of the intercepted stuff was in unencrypted ASCII, sorting out the ones that warranted attention would be a massive crunching task. Register spook specialist Thomas C Greene tried a few 'look at me Echelon, I'm an international terrorist!' phrases last year here, but remains strangely unarrested. Rational people might reckon that identifying dubious traffic you didn't know about already was beyond the technical capabilities of any system today, and that Echelon therefore targets known suspects. It's worth noting at this juncture that, as you generally don't know who terrorists are, or where they are, 'known suspects' generally can't include rational suspects. How likely is Gerry Adams to have planted any bombs in the last week? But how likely is Gerry Adams to be a target for Echelon? Exactly.

And who are these known suspects? This is where the scandalised press gets interested. Margaret Thatcher's less sound cabinet ministers. Princess Diana. Saddam Hussein (not a lot of point here though, because he knows he's being listened out for). Liberal and left wing organisations and agencies. Anything that's well-known as maybe a bit subversive, but too well-known to be stockpiling semtex. Your partner governments, and businesses from rival (friendly?) countries trying to sell in competition to your own industries.

Aha! So this is where the US using Echelon to stop European countries getting contracts comes in? Well, sort of. There are a couple of examples in the report of the Euros having been blown out following the US government allegedly using Echelon material to tip off US competitors. The scandalised reports of this didn't point out that the Euro companies were said to have been offering bribes in order to win the business. We note that US trade negotiators have in the past been somewhat vehement on the readiness of European companies to bribe their way into deals, and that US captains of industry (hello, AT&T) have tended to be curiously in step with this. So we think this allegation is true, but the kickback aspect does make it a more difficult one to get on your high horse about. US spooks are probably unshakably convinced that it is right to tip off US industry under such circumstances, and will be happily blind to the number of bungs their own companies are prepared to dispense.

Microsoft leaves holes in its software so Echelon can snoop This was a press favourite early in Echelon Week, but unfortunately the hacks reporting the claim neglected to run it down in the report, and then understand it. The old claims that Microsoft, IBM and Lotus leave holes for this reason are repeated, but the report doesn't claim they're true. The nearest it gets is to point out that US restrictions on the export of encryption technology mean that the likes of Exchange and Notes in European versions are a lot easier for Echelon and the NSA to crack than US ones. Since the US relaxed restrictions, this is of course no longer applicable, and there's no obvious justification for claiming that US software companies complying with US law were colluding with the US government prior to this.

So what's going to happen? Given that Europe in general, and France in particular, is agog and aghast over the whole thing, you'd reckon on some pretty stringent reprisals. But the report's own recommendations are extremely tame, and the subtext seems to be that we're more likely to be seeing the air slowly leak out of the whole dirigible.

The recommendations repeat a Euro parliament resolution calling for "protective measures concerning economic information and effective encryption". The report suggests blocking access to message content by "hostile Comint" (Communications Intelligence). It suggests defining a "shared interest," the implication being that the UK should be inside the tent, but it's unspecific on the nature of the tent. It adds further to any doubts you might have had about privacy by noting that: "A clear boundary between law enforcement and 'national security' interception activity is essential to the protection of human rights and fundamental freedoms."

And beyond that, it covers the cryptographic imbalance, suggesting that US software that has strong encryption disabled should conform to "open standards," allowing encyryption to be added, and then suggesting that the alleged extra-parliamentary activities of Europe's own law enforcement agencies be brought under control. This last is another of the report author's areas of concerns, but not absolutely Echelon-related. Not a lot really, is it? ®

Security for virtualized datacentres

More from The Register

next story
Boffins who stare at goats: I do believe they’re SHRINKING
Alpine chamois being squashed by global warming
Space exploration is just so lame. NEW APPS are mankind's future
We feel obliged to point out the headline statement is total, utter cobblers
Down-under record: Australian gets $140k for pussy
'Tiffany' closes deal - 'it's more common to offer your wife', says agent
Internet finally ready to replace answering machine cassette tape
It's a simple message and I'm leaving out the whistles and bells
FedEx helps deliver THOUSANDS of spam messages DIRECT to its Blighty customers
Don't worry Wilson, I'll do all the paddling. You just hang on
The iPAD launch BEFORE it happened: SPECULATIVE GUFF ahead of actual event
Nerve-shattering run-up to the pre-planned known event
Win a year’s supply of chocolate (no tech knowledge required)
Over £200 worth of the good stuff up for grabs
STONER SHEEP get the MUNCHIES after feasting on £4k worth of cannabis plants
Baaaaaa! Fanny's Farm's woolly flock is high, maaaaaan
Adorkable overshare of words like photobomb in this year's dictionaries
And hipsters are finally defined as self-loathing. Sort of
Not a loyal follower of @BritishMonarchy? You missed The QUEEN*'s first Tweet
Her Maj opens 'Information Age' at the Science Museum
prev story


Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.