Feeds

What the hell is – the Echelon scandal?

Europe's aflame, but we are underwhelmed...

  • alert
  • submit to reddit

Security for virtualized datacentres

In the past week increasingly scandalised Echelon stories have ripped across Europe, following the publication of a European parliament report into the shady spook system. But in all the sound and fury there are aspects that haven't really been properly covered - how little of Echelon's claimed activities we didn't know about already, and how little new information the report adds.

Basically, the report tells us quite a few things that were already obvious, and fails to stand up earlier stories claiming more dramatic and dastardly sins by the Echelon alliance. It repeats these, certainly, and the European press repeated them some more with glee, but when it comes down to it there's a sad lack of further information. That doesn't mean the Echelon scandal won't run and run, of course; it's an important factor - possibly the important factor - that Echelon is an intelligence co-operation agreement between the UK, the US, Canada, Australia and New Zealand, so Brussels politicians can get paranoid about being bugged by an Anglo-Saxon alliance.

The French are leading the charge here, with former interior minister Charles Pasqua coming up with what might be viewed as an unfortunate sound-bite: "The rules of the game are rigged and they are rigged especially by the British. This is shocking."

Roll that one around in your head before you start thinking of Brussels as a defender of liberty and privacy in the face of unauthorised intrusions by the evil Echelon alliance. M. Pasqua seems not to be objecting to the bugging, but griping about not getting fair access to the data. You might think Brussels launching an inquiry is a good thing, but you'd be better reserving judgement until you get the full result.

So, as an aid to rational analysis, we at The Register are publishing an instant guide to the Echelon scandal.

What is Echelon? Echelon has been memorably described as a huge vacuum cleaner in the sky sucking up phone, Internet and fax traffic. If something of this sort didn't exist already, then the security agencies would be bound to want to invent it, so we can safely assume it exists, even ignoring the odd hard-copy sighting.

Is Echelon wrong? Well, of course it is, silly. The spooks are bugging their way around the world invading privacy willy-nilly. But this is what spooks do, and we hear French spooks are especially keen on it. You knew that already.

Does Echelon work? What Echelon does with this stuff is another matter. Even if all of the intercepted stuff was in unencrypted ASCII, sorting out the ones that warranted attention would be a massive crunching task. Register spook specialist Thomas C Greene tried a few 'look at me Echelon, I'm an international terrorist!' phrases last year here, but remains strangely unarrested. Rational people might reckon that identifying dubious traffic you didn't know about already was beyond the technical capabilities of any system today, and that Echelon therefore targets known suspects. It's worth noting at this juncture that, as you generally don't know who terrorists are, or where they are, 'known suspects' generally can't include rational suspects. How likely is Gerry Adams to have planted any bombs in the last week? But how likely is Gerry Adams to be a target for Echelon? Exactly.

And who are these known suspects? This is where the scandalised press gets interested. Margaret Thatcher's less sound cabinet ministers. Princess Diana. Saddam Hussein (not a lot of point here though, because he knows he's being listened out for). Liberal and left wing organisations and agencies. Anything that's well-known as maybe a bit subversive, but too well-known to be stockpiling semtex. Your partner governments, and businesses from rival (friendly?) countries trying to sell in competition to your own industries.

Aha! So this is where the US using Echelon to stop European countries getting contracts comes in? Well, sort of. There are a couple of examples in the report of the Euros having been blown out following the US government allegedly using Echelon material to tip off US competitors. The scandalised reports of this didn't point out that the Euro companies were said to have been offering bribes in order to win the business. We note that US trade negotiators have in the past been somewhat vehement on the readiness of European companies to bribe their way into deals, and that US captains of industry (hello, AT&T) have tended to be curiously in step with this. So we think this allegation is true, but the kickback aspect does make it a more difficult one to get on your high horse about. US spooks are probably unshakably convinced that it is right to tip off US industry under such circumstances, and will be happily blind to the number of bungs their own companies are prepared to dispense.

Microsoft leaves holes in its software so Echelon can snoop This was a press favourite early in Echelon Week, but unfortunately the hacks reporting the claim neglected to run it down in the report, and then understand it. The old claims that Microsoft, IBM and Lotus leave holes for this reason are repeated, but the report doesn't claim they're true. The nearest it gets is to point out that US restrictions on the export of encryption technology mean that the likes of Exchange and Notes in European versions are a lot easier for Echelon and the NSA to crack than US ones. Since the US relaxed restrictions, this is of course no longer applicable, and there's no obvious justification for claiming that US software companies complying with US law were colluding with the US government prior to this.

So what's going to happen? Given that Europe in general, and France in particular, is agog and aghast over the whole thing, you'd reckon on some pretty stringent reprisals. But the report's own recommendations are extremely tame, and the subtext seems to be that we're more likely to be seeing the air slowly leak out of the whole dirigible.

The recommendations repeat a Euro parliament resolution calling for "protective measures concerning economic information and effective encryption". The report suggests blocking access to message content by "hostile Comint" (Communications Intelligence). It suggests defining a "shared interest," the implication being that the UK should be inside the tent, but it's unspecific on the nature of the tent. It adds further to any doubts you might have had about privacy by noting that: "A clear boundary between law enforcement and 'national security' interception activity is essential to the protection of human rights and fundamental freedoms."

And beyond that, it covers the cryptographic imbalance, suggesting that US software that has strong encryption disabled should conform to "open standards," allowing encyryption to be added, and then suggesting that the alleged extra-parliamentary activities of Europe's own law enforcement agencies be brought under control. This last is another of the report author's areas of concerns, but not absolutely Echelon-related. Not a lot really, is it? ®

New hybrid storage solutions

More from The Register

next story
Apple's Mr Havisham: Tim Cook says dead Steve Jobs' office has remained untouched
'I literally think about him every day' says biz baron's old friend
Flaming drone batteries ground commercial flight before takeoff
Passenger had Something To Declare, instead fiddled while plane burned
Cops apologise for leaving EXPLOSIVES in suitcase at airport
'Canine training exercise' SNAFU sees woman take home booming baggage
Every billionaire needs a PANZER TANK, right? STOP THERE, Paul Allen
Angry Microsoftie hauls auctioneers to court over stalled Pzkw. IV 'deal'
Jony Ive: Apple iWatch will SCREW UP Switzerland's economy
Apple's chief designer forgot one crucial point about overpriced bling
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.