Feeds

Soghoian & Greenwald tell EU bigwigs: Fight state snooping on mobe networks NOW

Never mind roaming fees, what about data security?

Choosing a cloud hosting partner with confidence

Politicians and regulators in Europe need to decide whether they want a secure mobile phone system or something their own police agencies - as well as spy agencies in the US, China and elsewhere - are able to easily tap into, according to a renowned security and privacy expert.

Christopher Soghoian, principal technologist of the speech, privacy & technology project at the American Civil Liberties Union, told a European Parliament hearing on Civil Liberties, Justice and Home Affairs that keeping foreign intelligence agencies out of mobile phone traffic while allowing local cops access to it is a practical impossibility.

"The NSA employs the best hackers in the world and if they can't get in directly they will just hack into the cops' systems," he said.

Soghoian told MEPs that mobile phone networks in Europe are not safe and the much-publicised interception German chancellor Angela Merkel's mobile phone is essentially a symptom of a wider problem that's been years in the making.

"Weaknesses in GSM have been known about for 20 years," Soghoian said.

It used to be the case that you need government-grade surveillance equipment to intercept communications but it's now possible for researchers, hobbyists and hackers to build interception kit for a few hundred dollars. As Soghoian explained, “mobile phone interception tech has been democratised."

That means that the mobile phone conversations of politicians were vulnerable to spying on by paparazzi as well as creating the means for unscrupulous businessmen to hire hackers to spy on their rivals, according to the technology policy expert.

"For years there's been a widespread failure of telco regulators to prevent threat of interception. It should not have taken the Edward Snowden revelations" to reveal this, Soghoian argued, asking rhetorically: "Regulators have intervened when it comes to roaming fees but what about data security for cellphone networks?"

"Mobile networks are insecure by design and this is not an accident. The needs of local law enforcement and intelligence come first," he said.

If European regulators and politicians were to go down the road of building more secure telecoms networks then they would be giving up some forms of law enforcement access, though not information such as location data, which needs to be exchanged for a mobile phone system to work, and call records. But this was a price worth paying because European mobile users are "secure against nothing right now".

There are already secure apps for smartphones but at the time of writing they require action on the part of users, so they're not widely deployed, according to Soghoian.

Government ministers can be provided with secure phone, which tend to be more expensive. For mass adoption of encrypted voice and text, regulators need to demand it, Soghoian concluded.

A written copy of Soghoian's testimony can be found here.

Glenn Greenwald, chief journalistic collaborator with Edward Snowden in the ongoing release of leaked NSA secrets, appeared before the same European Parliament privacy hearing by a video link.

Greenwald told MEPs that the NSA and its allied intelligence agencies were "out to eliminate personal privacy online" by collecting all forms of electronic communication. He said that the NSA was even attempting to break into WiFi systems on aeroplanes, though he didn't go into details and none of the politicians at the hearing picked him up on the point.

The NSA use metadata to build a network of associates and friends, something Greenwald described as "very invasive".

"If you value privacy then it would almost be preferable to have the NSA listen in to your phone calls," Greenwald said in an uncharacteristically semi-flippant aside.

He went on to criticise the "strange and disappointing dynamic" of European politicians welcoming greater knowledge about the actions of intelligence agencies while "turning their backs on Snowden in offering to protect him from persecution by accepting his requests for asylum.”

The lawyer-turned-journalist and privacy activist declined to answer some MEPs questions, for example on the role of intelligence agencies in Sweden, by saying reportage on these particular topics had not yet been completed. The overall, at times slightly condescending, performance was literally phoned in from Greenwald's pad in Rio. In fairness, he did say that he'd been advised by lawyers that travel to Europe at this time would present opportunities for official harassment.

The European Parliament's Inquiry on Electronic Mass Surveillance of EU Citizens is expected to issue a report early next year. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.