Feeds

Soghoian & Greenwald tell EU bigwigs: Fight state snooping on mobe networks NOW

Never mind roaming fees, what about data security?

High performance access to file storage

Politicians and regulators in Europe need to decide whether they want a secure mobile phone system or something their own police agencies - as well as spy agencies in the US, China and elsewhere - are able to easily tap into, according to a renowned security and privacy expert.

Christopher Soghoian, principal technologist of the speech, privacy & technology project at the American Civil Liberties Union, told a European Parliament hearing on Civil Liberties, Justice and Home Affairs that keeping foreign intelligence agencies out of mobile phone traffic while allowing local cops access to it is a practical impossibility.

"The NSA employs the best hackers in the world and if they can't get in directly they will just hack into the cops' systems," he said.

Soghoian told MEPs that mobile phone networks in Europe are not safe and the much-publicised interception German chancellor Angela Merkel's mobile phone is essentially a symptom of a wider problem that's been years in the making.

"Weaknesses in GSM have been known about for 20 years," Soghoian said.

It used to be the case that you need government-grade surveillance equipment to intercept communications but it's now possible for researchers, hobbyists and hackers to build interception kit for a few hundred dollars. As Soghoian explained, “mobile phone interception tech has been democratised."

That means that the mobile phone conversations of politicians were vulnerable to spying on by paparazzi as well as creating the means for unscrupulous businessmen to hire hackers to spy on their rivals, according to the technology policy expert.

"For years there's been a widespread failure of telco regulators to prevent threat of interception. It should not have taken the Edward Snowden revelations" to reveal this, Soghoian argued, asking rhetorically: "Regulators have intervened when it comes to roaming fees but what about data security for cellphone networks?"

"Mobile networks are insecure by design and this is not an accident. The needs of local law enforcement and intelligence come first," he said.

If European regulators and politicians were to go down the road of building more secure telecoms networks then they would be giving up some forms of law enforcement access, though not information such as location data, which needs to be exchanged for a mobile phone system to work, and call records. But this was a price worth paying because European mobile users are "secure against nothing right now".

There are already secure apps for smartphones but at the time of writing they require action on the part of users, so they're not widely deployed, according to Soghoian.

Government ministers can be provided with secure phone, which tend to be more expensive. For mass adoption of encrypted voice and text, regulators need to demand it, Soghoian concluded.

A written copy of Soghoian's testimony can be found here.

Glenn Greenwald, chief journalistic collaborator with Edward Snowden in the ongoing release of leaked NSA secrets, appeared before the same European Parliament privacy hearing by a video link.

Greenwald told MEPs that the NSA and its allied intelligence agencies were "out to eliminate personal privacy online" by collecting all forms of electronic communication. He said that the NSA was even attempting to break into WiFi systems on aeroplanes, though he didn't go into details and none of the politicians at the hearing picked him up on the point.

The NSA use metadata to build a network of associates and friends, something Greenwald described as "very invasive".

"If you value privacy then it would almost be preferable to have the NSA listen in to your phone calls," Greenwald said in an uncharacteristically semi-flippant aside.

He went on to criticise the "strange and disappointing dynamic" of European politicians welcoming greater knowledge about the actions of intelligence agencies while "turning their backs on Snowden in offering to protect him from persecution by accepting his requests for asylum.”

The lawyer-turned-journalist and privacy activist declined to answer some MEPs questions, for example on the role of intelligence agencies in Sweden, by saying reportage on these particular topics had not yet been completed. The overall, at times slightly condescending, performance was literally phoned in from Greenwald's pad in Rio. In fairness, he did say that he'd been advised by lawyers that travel to Europe at this time would present opportunities for official harassment.

The European Parliament's Inquiry on Electronic Mass Surveillance of EU Citizens is expected to issue a report early next year. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.