Feeds

Soghoian & Greenwald tell EU bigwigs: Fight state snooping on mobe networks NOW

Never mind roaming fees, what about data security?

Providing a secure and efficient Helpdesk

Politicians and regulators in Europe need to decide whether they want a secure mobile phone system or something their own police agencies - as well as spy agencies in the US, China and elsewhere - are able to easily tap into, according to a renowned security and privacy expert.

Christopher Soghoian, principal technologist of the speech, privacy & technology project at the American Civil Liberties Union, told a European Parliament hearing on Civil Liberties, Justice and Home Affairs that keeping foreign intelligence agencies out of mobile phone traffic while allowing local cops access to it is a practical impossibility.

"The NSA employs the best hackers in the world and if they can't get in directly they will just hack into the cops' systems," he said.

Soghoian told MEPs that mobile phone networks in Europe are not safe and the much-publicised interception German chancellor Angela Merkel's mobile phone is essentially a symptom of a wider problem that's been years in the making.

"Weaknesses in GSM have been known about for 20 years," Soghoian said.

It used to be the case that you need government-grade surveillance equipment to intercept communications but it's now possible for researchers, hobbyists and hackers to build interception kit for a few hundred dollars. As Soghoian explained, “mobile phone interception tech has been democratised."

That means that the mobile phone conversations of politicians were vulnerable to spying on by paparazzi as well as creating the means for unscrupulous businessmen to hire hackers to spy on their rivals, according to the technology policy expert.

"For years there's been a widespread failure of telco regulators to prevent threat of interception. It should not have taken the Edward Snowden revelations" to reveal this, Soghoian argued, asking rhetorically: "Regulators have intervened when it comes to roaming fees but what about data security for cellphone networks?"

"Mobile networks are insecure by design and this is not an accident. The needs of local law enforcement and intelligence come first," he said.

If European regulators and politicians were to go down the road of building more secure telecoms networks then they would be giving up some forms of law enforcement access, though not information such as location data, which needs to be exchanged for a mobile phone system to work, and call records. But this was a price worth paying because European mobile users are "secure against nothing right now".

There are already secure apps for smartphones but at the time of writing they require action on the part of users, so they're not widely deployed, according to Soghoian.

Government ministers can be provided with secure phone, which tend to be more expensive. For mass adoption of encrypted voice and text, regulators need to demand it, Soghoian concluded.

A written copy of Soghoian's testimony can be found here.

Glenn Greenwald, chief journalistic collaborator with Edward Snowden in the ongoing release of leaked NSA secrets, appeared before the same European Parliament privacy hearing by a video link.

Greenwald told MEPs that the NSA and its allied intelligence agencies were "out to eliminate personal privacy online" by collecting all forms of electronic communication. He said that the NSA was even attempting to break into WiFi systems on aeroplanes, though he didn't go into details and none of the politicians at the hearing picked him up on the point.

The NSA use metadata to build a network of associates and friends, something Greenwald described as "very invasive".

"If you value privacy then it would almost be preferable to have the NSA listen in to your phone calls," Greenwald said in an uncharacteristically semi-flippant aside.

He went on to criticise the "strange and disappointing dynamic" of European politicians welcoming greater knowledge about the actions of intelligence agencies while "turning their backs on Snowden in offering to protect him from persecution by accepting his requests for asylum.”

The lawyer-turned-journalist and privacy activist declined to answer some MEPs questions, for example on the role of intelligence agencies in Sweden, by saying reportage on these particular topics had not yet been completed. The overall, at times slightly condescending, performance was literally phoned in from Greenwald's pad in Rio. In fairness, he did say that he'd been advised by lawyers that travel to Europe at this time would present opportunities for official harassment.

The European Parliament's Inquiry on Electronic Mass Surveillance of EU Citizens is expected to issue a report early next year. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.