Feeds

Soghoian & Greenwald tell EU bigwigs: Fight state snooping on mobe networks NOW

Never mind roaming fees, what about data security?

SANS - Survey on application security programs

Politicians and regulators in Europe need to decide whether they want a secure mobile phone system or something their own police agencies - as well as spy agencies in the US, China and elsewhere - are able to easily tap into, according to a renowned security and privacy expert.

Christopher Soghoian, principal technologist of the speech, privacy & technology project at the American Civil Liberties Union, told a European Parliament hearing on Civil Liberties, Justice and Home Affairs that keeping foreign intelligence agencies out of mobile phone traffic while allowing local cops access to it is a practical impossibility.

"The NSA employs the best hackers in the world and if they can't get in directly they will just hack into the cops' systems," he said.

Soghoian told MEPs that mobile phone networks in Europe are not safe and the much-publicised interception German chancellor Angela Merkel's mobile phone is essentially a symptom of a wider problem that's been years in the making.

"Weaknesses in GSM have been known about for 20 years," Soghoian said.

It used to be the case that you need government-grade surveillance equipment to intercept communications but it's now possible for researchers, hobbyists and hackers to build interception kit for a few hundred dollars. As Soghoian explained, “mobile phone interception tech has been democratised."

That means that the mobile phone conversations of politicians were vulnerable to spying on by paparazzi as well as creating the means for unscrupulous businessmen to hire hackers to spy on their rivals, according to the technology policy expert.

"For years there's been a widespread failure of telco regulators to prevent threat of interception. It should not have taken the Edward Snowden revelations" to reveal this, Soghoian argued, asking rhetorically: "Regulators have intervened when it comes to roaming fees but what about data security for cellphone networks?"

"Mobile networks are insecure by design and this is not an accident. The needs of local law enforcement and intelligence come first," he said.

If European regulators and politicians were to go down the road of building more secure telecoms networks then they would be giving up some forms of law enforcement access, though not information such as location data, which needs to be exchanged for a mobile phone system to work, and call records. But this was a price worth paying because European mobile users are "secure against nothing right now".

There are already secure apps for smartphones but at the time of writing they require action on the part of users, so they're not widely deployed, according to Soghoian.

Government ministers can be provided with secure phone, which tend to be more expensive. For mass adoption of encrypted voice and text, regulators need to demand it, Soghoian concluded.

A written copy of Soghoian's testimony can be found here.

Glenn Greenwald, chief journalistic collaborator with Edward Snowden in the ongoing release of leaked NSA secrets, appeared before the same European Parliament privacy hearing by a video link.

Greenwald told MEPs that the NSA and its allied intelligence agencies were "out to eliminate personal privacy online" by collecting all forms of electronic communication. He said that the NSA was even attempting to break into WiFi systems on aeroplanes, though he didn't go into details and none of the politicians at the hearing picked him up on the point.

The NSA use metadata to build a network of associates and friends, something Greenwald described as "very invasive".

"If you value privacy then it would almost be preferable to have the NSA listen in to your phone calls," Greenwald said in an uncharacteristically semi-flippant aside.

He went on to criticise the "strange and disappointing dynamic" of European politicians welcoming greater knowledge about the actions of intelligence agencies while "turning their backs on Snowden in offering to protect him from persecution by accepting his requests for asylum.”

The lawyer-turned-journalist and privacy activist declined to answer some MEPs questions, for example on the role of intelligence agencies in Sweden, by saying reportage on these particular topics had not yet been completed. The overall, at times slightly condescending, performance was literally phoned in from Greenwald's pad in Rio. In fairness, he did say that he'd been advised by lawyers that travel to Europe at this time would present opportunities for official harassment.

The European Parliament's Inquiry on Electronic Mass Surveillance of EU Citizens is expected to issue a report early next year. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.