Feeds

What the hell is – the Echelon scandal?

Europe's aflame, but we are underwhelmed...

  • alert
  • submit to reddit

High performance access to file storage

In the past week increasingly scandalised Echelon stories have ripped across Europe, following the publication of a European parliament report into the shady spook system. But in all the sound and fury there are aspects that haven't really been properly covered - how little of Echelon's claimed activities we didn't know about already, and how little new information the report adds.

Basically, the report tells us quite a few things that were already obvious, and fails to stand up earlier stories claiming more dramatic and dastardly sins by the Echelon alliance. It repeats these, certainly, and the European press repeated them some more with glee, but when it comes down to it there's a sad lack of further information. That doesn't mean the Echelon scandal won't run and run, of course; it's an important factor - possibly the important factor - that Echelon is an intelligence co-operation agreement between the UK, the US, Canada, Australia and New Zealand, so Brussels politicians can get paranoid about being bugged by an Anglo-Saxon alliance.

The French are leading the charge here, with former interior minister Charles Pasqua coming up with what might be viewed as an unfortunate sound-bite: "The rules of the game are rigged and they are rigged especially by the British. This is shocking."

Roll that one around in your head before you start thinking of Brussels as a defender of liberty and privacy in the face of unauthorised intrusions by the evil Echelon alliance. M. Pasqua seems not to be objecting to the bugging, but griping about not getting fair access to the data. You might think Brussels launching an inquiry is a good thing, but you'd be better reserving judgement until you get the full result.

So, as an aid to rational analysis, we at The Register are publishing an instant guide to the Echelon scandal.

What is Echelon? Echelon has been memorably described as a huge vacuum cleaner in the sky sucking up phone, Internet and fax traffic. If something of this sort didn't exist already, then the security agencies would be bound to want to invent it, so we can safely assume it exists, even ignoring the odd hard-copy sighting.

Is Echelon wrong? Well, of course it is, silly. The spooks are bugging their way around the world invading privacy willy-nilly. But this is what spooks do, and we hear French spooks are especially keen on it. You knew that already.

Does Echelon work? What Echelon does with this stuff is another matter. Even if all of the intercepted stuff was in unencrypted ASCII, sorting out the ones that warranted attention would be a massive crunching task. Register spook specialist Thomas C Greene tried a few 'look at me Echelon, I'm an international terrorist!' phrases last year here, but remains strangely unarrested. Rational people might reckon that identifying dubious traffic you didn't know about already was beyond the technical capabilities of any system today, and that Echelon therefore targets known suspects. It's worth noting at this juncture that, as you generally don't know who terrorists are, or where they are, 'known suspects' generally can't include rational suspects. How likely is Gerry Adams to have planted any bombs in the last week? But how likely is Gerry Adams to be a target for Echelon? Exactly.

And who are these known suspects? This is where the scandalised press gets interested. Margaret Thatcher's less sound cabinet ministers. Princess Diana. Saddam Hussein (not a lot of point here though, because he knows he's being listened out for). Liberal and left wing organisations and agencies. Anything that's well-known as maybe a bit subversive, but too well-known to be stockpiling semtex. Your partner governments, and businesses from rival (friendly?) countries trying to sell in competition to your own industries.

Aha! So this is where the US using Echelon to stop European countries getting contracts comes in? Well, sort of. There are a couple of examples in the report of the Euros having been blown out following the US government allegedly using Echelon material to tip off US competitors. The scandalised reports of this didn't point out that the Euro companies were said to have been offering bribes in order to win the business. We note that US trade negotiators have in the past been somewhat vehement on the readiness of European companies to bribe their way into deals, and that US captains of industry (hello, AT&T) have tended to be curiously in step with this. So we think this allegation is true, but the kickback aspect does make it a more difficult one to get on your high horse about. US spooks are probably unshakably convinced that it is right to tip off US industry under such circumstances, and will be happily blind to the number of bungs their own companies are prepared to dispense.

Microsoft leaves holes in its software so Echelon can snoop This was a press favourite early in Echelon Week, but unfortunately the hacks reporting the claim neglected to run it down in the report, and then understand it. The old claims that Microsoft, IBM and Lotus leave holes for this reason are repeated, but the report doesn't claim they're true. The nearest it gets is to point out that US restrictions on the export of encryption technology mean that the likes of Exchange and Notes in European versions are a lot easier for Echelon and the NSA to crack than US ones. Since the US relaxed restrictions, this is of course no longer applicable, and there's no obvious justification for claiming that US software companies complying with US law were colluding with the US government prior to this.

So what's going to happen? Given that Europe in general, and France in particular, is agog and aghast over the whole thing, you'd reckon on some pretty stringent reprisals. But the report's own recommendations are extremely tame, and the subtext seems to be that we're more likely to be seeing the air slowly leak out of the whole dirigible.

The recommendations repeat a Euro parliament resolution calling for "protective measures concerning economic information and effective encryption". The report suggests blocking access to message content by "hostile Comint" (Communications Intelligence). It suggests defining a "shared interest," the implication being that the UK should be inside the tent, but it's unspecific on the nature of the tent. It adds further to any doubts you might have had about privacy by noting that: "A clear boundary between law enforcement and 'national security' interception activity is essential to the protection of human rights and fundamental freedoms."

And beyond that, it covers the cryptographic imbalance, suggesting that US software that has strong encryption disabled should conform to "open standards," allowing encyryption to be added, and then suggesting that the alleged extra-parliamentary activities of Europe's own law enforcement agencies be brought under control. This last is another of the report author's areas of concerns, but not absolutely Echelon-related. Not a lot really, is it? ®

High performance access to file storage

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.