NSA, GCHQ reportedly stole mobile network encryption keys

Private information protected by the little SIM card in your handset might not be so private after all. Based on new documentation from former NSA-employee-turned-whistleblower, Edward Snowden, The Intercept is reporting on a state-sponsored theft of encryption keys from Gemalto; a company that makes 2 billion SIM cards annually.

encryption theft

According to The Intercept’s report, the U.K.’s GCHQ, working with the U.S. National Security Administration, was behind the hack on Gemalto, providing government agencies with the information by infiltrating the company.

What exactly does that mean to individuals and their privacy? Quite a bit, The Intercept said:

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

Snowden’s documentation suggests for the first time the formation of a Mobile Handset Exploitation Team (MHET), with the purpose of seeking ways to gain access to handsets and cellular communications. This would allow the agencies to decrypt cellular communications with the knowledge of either private citizens or the cellular network providers, and without requiring a court order.

gemalto-slide-540x404

In short, such a situation removes the potential for any semblance of privacy for individuals using default smartphone services.

Any data, including contacts or saved messages, stored on a SIM card could be at risk for harvesting; but that’s just the tip of the iceberg. Mobile phone communications could be harvested in bulk and later decrypted by the agencies, so it’s not just a “real-time” communications problem.

Essentially, then, with these encryption keys compromised, I don’t see how carriers can effectively guarantee privacy on their networks, depending on how widespread the theft really is.

And that points to the core of the problem: With clandestine acts such as this, do we even know if we have all of the information on the agency’s activities? It’s unlikely, at best and extremely concerning.

In light of the report, Gemalto has provided the following email statement to Gigaom:

“In the digital world we all live in, Gemalto is especially vigilant against malicious hackers and of course has detected, logged and mitigated many types of attempts over the years, and at present can make no link between any of those past attempts and what was reported by The//INTERCEPT.  We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated technique to try to obtain SIM card data. From what we gathered at this moment, the target was not Gemalto, per se – it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible.  There have been many reported state sponsored attacks as of late, that all have gained attention both in the media and amongst businesses, this truly emphasizes how serious cyber security is in this day and age.”

This post was updated at 1:16pm with Gemalto’s statement.

UK access to NSA mass surveillance data was illegal, court rules

The system through which U.K. spy agency GCHQ can access data from NSA mass surveillance programs was in violation of fundamental rights, the Investigatory Powers Tribunal has ruled. However, the limits of that finding have left human rights groups dissatisfied.

The decision came as a result of a case brought about by Privacy International, Liberty and other human rights groups regarding the Prism and Upstream programs. Prism is the scheme through which U.S. intelligence gets users’ communications from service providers in that country, and Upstream intercepts bulk data from the internet’s core infrastructure.

In December the IPT ruled that it was legal in principle for GCHQ get data from these programs now – i.e. from December 2014, in the post-Snowden world, where people actually know what’s going on — but it held back on saying whether there had been historical breaches of human rights.

Having subsequently heard out both the complainants and the intelligence agencies, the tribunal said on Friday that the data-sharing regime had violated the rights to privacy and free expression, as set out in Articles 8 and 10 of the European Convention on Human Rights. However, it reiterated that it believes the system now no longer does so.

In a statement on Friday, Privacy International said it and Pakistani NGO Bytes For All would ask the IPT, which generally acts as a secret court, to “confirm whether their communications had been unlawfully collected prior to December 2014 and, if so, demand their immediate deletion.”

The groups also disputed the December ruling’s assertion that the disclosure of “a limited subset of rules governing intelligence-sharing and mass surveillance” made everything OK. They will now appeal that ruling with the European Court of Human Rights, as will Liberty.

Here’s what Liberty legal director James Welch said in the statement:

We now know that, by keeping the public in the dark about their secret dealings with the National Security Agency, GCHQ acted unlawfully and violated our rights. That their activities are now deemed lawful is thanks only to the degree of disclosure Liberty and the other claimants were able to force from our secrecy-obsessed Government.

But the Intelligence Services retain a largely unfettered power to rifle through millions of people’s private communications – and the Tribunal believes the limited safeguards revealed during last year’s legal proceedings are an adequate protection of our privacy. We disagree, and will be taking our fight to the European Court of Human Rights.

“We must not allow agencies to continue justifying mass surveillance programs using secret interpretations of secret laws,” Privacy International deputy director Eric King added. “The world owes Edward Snowden a great debt for blowing the whistle, and today’s decision is a vindication of his actions.”

Levitation program tracked file-sharing sites, Snowden doc shows

The Canadian spy agency CSE monitors activity across over 100 free file upload sites, a newly-revealed PowerPoint document from NSA whistleblower Edward Snowden’s cache has shown.

The document describing CSE’s Levitation program was published on Wednesday by The Intercept, reporting alongside Canadian broadcaster CBC. Although Canada has long been known to be a member of the core Anglophone “Five Eyes” spying club, this is the first Snowden revelation putting it at the forefront of one of the Eyes’ mass surveillance programs.

Using an internet cable-tap program called Atomic Banjo, CSE’s agents were at the time of the presentation’s authoring collecting HTTP metadata for 102 cyberlocker sites, including Sendspace and Rapidshare, and tracking 10-15 million “events” each day to find “about 350 interesting download events per month.” And yes, this meant filtering out loads of TV shows and such.

According to the presentation, the technique yielded a “German hostage video” (the hostage was killed, according to The Intercept) and an “AQIM [Algerian al-Qaeda] hostage strategy”.

In total, there were 2,200 file addresses that effectively acted as traps once CSE had identified them. Once the agents have an IP address for someone downloading a suspect file, they then run a query on it through GCHQ’s Mutant Broth tool to see which ad cookies have been tracking them (insecure marketing technologies provide an easy vehicle for spying efforts), what their likely Facebook ID is, and so on.

SendSpace told CBC that no-one had permission to trawl its service for data, and internet policy lawyer Tamir Israel told the broadcaster that the program was potentially very intrusive, as CSE (known until last year as CSEC) could pick whichever documents it wanted.

Defending encryption doesn’t mean opposing targeted surveillance

David Omand, the former head of British spy agency GCHQ, has made an extraordinary threat. Speaking earlier this week, he said that if companies such as Apple and Google don’t abandon their end-to-end encryption efforts, intelligence services will have to employ more “close access” surveillance on people they suspect of evil deeds.

This means physical observation, or bugging rooms, or hacking into phones and computers. According to Omand, such actions are “more targeted but in terms of intrusion into personal privacy – collateral intrusion into privacy – we are likely to end up in an ethically worse position than we were before.”

No, you’re not. Surreptitiously getting a key to a suspect’s communications is no more ethical than conducting close personal surveillance — but in the big picture, the latter is vastly preferable.

The ethics of spying

Targeted surveillance will always mean “collateral intrusion” into the privacy of people associated with a suspect, regardless of whether communications are read by having a master key or by hacking into client devices. Either way, communications with innocent people will probably be scooped up. When the master key mechanism means a weakening of security for the public at large, though, that option has the added downside of being dangerous and counterproductive.

Omand was spouting what is either a misinterpretation of the pro-end-to-end-encryption argument, or (more likely) a willful misdirection. His implication is that those who favor end-to-end encryption – which leaves your Apples and Googles without any keys to offer the spooks – are against the surveillance of people who want to blow things up.

That’s nonsense. I can’t speak for everyone, but I don’t personally fancy being murdered by terrorists, nor would I like anyone else to be. We do need to have intelligence services, and they do need to keep us safe.

However, strong encryption also keeps us safe from criminals and potentially foreign agents too (GCHQ and the NSA aren’t the only ones with mean hacking skills). Our ecommerce infrastructure wouldn’t work without it. A trustworthy internet will not work without it. The next-best alternative to end-to-end encryption is arguably the use of key escrow databases, which are inherently less secure. There’s a reason the U.S. government’s own cybersecurity department recommends people use end-to-end encryption.

That’s why we should ignore calls by Omand and David Cameron and Barack Obama and the EU’s counter-terrorism coordinator to abolish end-to-end encryption in communications tools, and why we should be deeply annoyed at the intelligence community’s surreptitious attempts to weaken encryption standards. Sure, security will always be an arms race — attackers make better attacks, so defenders make better defenses; rinse and repeat — but hyperconnected societies require state-of-the-art defenses for regular citizens.

The case for friction

There’s an added benefit to proper encryption technology, which may be the real reason spies and securocrats want it stamped out. Intelligence services can, to put it generously, get somewhat carried away, particularly when a framework such as the internet makes it so much easier and cheaper to spy on people’s communications than ever before, by encouraging everyone to live their lives on spy-friendly infrastructure.

This lack of friction makes mass surveillance relatively efficient and secretive, as there’s no need for a lumbering, conspicuous Stasi-like system (something that really had extra ethical downsides, creating a society based on mutual suspicion). When the secrecy associated with the agencies’ programs also leads to fewer judicial and political safeguards, an excess of efficiency may also encourage the overuse of targeted surveillance, because who would know?

In short, the internet’s opportunities for surveillance efficiency create the potential for intelligence agencies to become too powerful. End-to-end encryption adds friction and acts as a counterbalance. It doesn’t make targeted surveillance impossible – Omand himself noted that client device hacking and physical surveillance render encryption moot – but it does make it more resource-expensive, and therefore discourages its overuse.

We don’t want intelligence agencies to be unable to do their job. We do want them to focus more and even keep a more watchful eye on those who need watching — perhaps by diverting resources from mass surveillance efforts to targeted surveillance. We also want the necessary security underpinnings of our digital economy to be genuinely secure.

These things can and should coexist, and there’s no reason to inaccurately paint them as being in opposition. So, spies and law enforcement, please go right ahead and employ close access surveillance where it’s necessary. You have more support in that regard than you’re making out.

The curious case of Angela Merkel and her EU data retention ideas

In the wake of last week’s terrorist attacks in Paris, German Chancellor Angela Merkel has called on the European Commission to deliver on its “promise” of a new EU-wide data retention directive to replace the one struck down by the EU’s highest court last year.

Merkel wants to implement this new directive into German law. There’s only one problem: the Commission doesn’t seem to have promised any such thing, at least not in public.

The Court of Justice of the European Union struck down the Data Retention Directive 2006 in April of last year because it was disproportionate and had insufficient safeguards. The directive had mandated that EU countries had to force telecommunications firms to retain metadata about their customers’ communications for between six and 24 months. Even before the CJEU scrapped it, Germany had already stopped implementing it on constitutional grounds.

On Thursday, according to a DPA report, Merkel told German parliamentarians:

Given the cross-party conviction among all interior ministers, both state-level and federal, that we need such minimum retention periods, we should insist that the revision of the directive promised by the EU Commission is quickly completed and then implemented into German law.

That DPA report claims “Brussels is drafting a follow-up that meets the judges’ standards,” but that’s not what the Commission says.

Last month, Netzpolitik reported that new Home Affairs Commissioner Dimitris Avramopoulos was planning to make such an announcement, and that his department was “now reflecting on the how, rather than the if.” However, after that report came out, the department backtracked, with a spokeswoman saying: “I meant that we are now reflecting on the how to take things forward, rather than if we need a new directive or not.”

Avramopoulos’s predecessor, Cecilia Malmström, had previously said she wouldn’t propose any new data retention directive until the EU’s new data protection rules had been finalized – something that now may not happen before 2016.

An EU source confirmed to me today that the Commission is taking its time evaluating the issues raised by the CJEU ruling, and intends to have an open dialog with the European Parliament, member states, civil society, law enforcement and data protection authorities. Only then will it be able to decide whether there is a need for a new proposal, the source said.

Technically, Merkel could try setting up a new German data protection law without a broader EU directive. However, her own justice minister has firmly rejected the mass surveillance idea, telling German television a few days ago: “With data retention, we also store all data from journalists and restrict freedom of the press. That does not fit together.”

She would also need to somehow make sure that her data retention law didn’t fall foul of the arguments the CJEU used to strike down the EU Data Retention Directive, advice from the EU Legal Service division suggests.

EU legal advisers cast doubt on data retention legality

The European Parliament’s legal advisors have issued a report into the repercussions of last year’s ruling by the Court of Justice of the European Union, in which the CJEU struck down the E.U. Data Retention Directive. And the lawyers’ opinions suggest that surviving national data retention laws are on shaky ground.

The Directive forced E.U. member states to have a data retention regime in which telecommunications and internet service providers had to maintain records of their customers’ communications – metadata about who contacted whom and when, as opposed to the contents of those communications. After the CJEU judgement in April 2014, countries including Austria, Slovenia and Romania scrapped their national data retention laws (a couple others, notably Germany, had already rolled theirs back on constitutional grounds).

However, some countries have continued or – in the case of the U.K. with its DRIPA surveillance law — even expanded their national data retention regimes. Here’s a breakdown of what the Legal Service department said about the ruling’s implications in that regard (a copy of the opinion was obtained and published by the digital rights group Access).

  • The CJEU ruling was specific to the Data Retention Directive, which had been challenged by Digital Rights Ireland (DRI), so it did not have a direct effect on national data retention laws, apart from saying that it’s now okay by the E.U. for countries to repeal them.
  • With the Data Retention Directive now out of the picture, the continuing national laws are now governed by the earlier e-Privacy Directive of 2002, which allows member states to implement data retention regimes “when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system.”
  • Because member states’ national data retention laws are therefore still in the realm of E.U. law, they have to be compatible with the E.U.’s Charter of Fundamental Rights, specifically Articles 7 and 8, which set out the rights to privacy and personal data protection respectively, and Article 52(1), which says any limitations to rights must be proportionate.
  • The Charter is what informed the CJEU judgement striking down the Data Retention Directive – the court said the directive was not proportionate and didn’t provide “clear and precise rules” to limit the interference to what is “strictly necessary” and provide “minimum safeguards”.
  • Therefore, countries maintaining national data retention laws must re-examine those laws to check whether they fulfil the requirements “as interpreted by the Court of Justice in the DRI judgement”, and fix them if they’re not. What’s more, anyone who wants to challenge those national laws can now point to the CJEU judgement as a guideline, even though it doesn’t have a direct effect.
  • The same goes for existing E.U.–level data retention programs such as the Terrorist Finance Tracking Programme (TFTP) and the Union’s international passenger name record (PNR) agreements – they’re still valid, but if someone wants to challenge the legality of those, they can also point to the CJEU’s DRI judgement. The CJEU ruling should also be heeded when formulating any new E.U. data retention legislation. As it happens, TFTP and the international PNR agreements are about to be renegotiated.

This is particularly good news for the two British members of Parliament that are challenging DRIPA in the U.K. High Court. DRIPA was fast-tracked as an “emergency” law because the Data Retention Directive had been implemented in the U.K. as secondary rather than primary legislation, so the government feared that the CJEU judgement left it without a proper legal justification for continuing to demand that ISPs and web service providers keep retaining communications data.

DRIPA is temporary, time-limited to the end of 2016, but the underlying primary legislation that it expands on – the Regulation of Investigatory Powers Act (RIPA) – is not. RIPA is however up for review, as the government will want to make the DRIPA powers permanent before the end of 2016, so those conducting the review will now also need to take the E.U. legal advice into account.

RIPA was designed as anti-terrorist legislation but it’s widely used by local authorities in the U.K. to spy on citizens, in order to see whether they’re putting their trash out in the prescribed manner or trying to cheat their kids into schools in a different neighborhood. It’s also used to spy on lawyers and journalists. Around half a million RIPA requests for communications data are made each year.

The CJEU ruling will make it hard to justify the continuation of this situation, and even in the case of terrorism and more serious crime, the British government may have a struggle proving the proportionality of its mass surveillance regime. Proper reviews of data retention laws in other countries such as Sweden may uncover similar problems.

Charlie Hebdo murders are no excuse for killing online freedom

There’s been a predictable split in the reactions to Wednesday’s slaughter of the staff of French satirical newspaper Charlie Hebdo, along with others including police who were trying to protect them. On the one hand, hundreds of thousands of people have rallied in France and across Europe in defiance against those behind this attack on free speech…

… while others have taken a decidedly different tack, using the outrage as a justification for the rolling-back of online civil liberties. This approach was taken by Dan Hodges in the Telegraph, and by the Sun in an editorial arguing that “intelligence is our best defense… yet liberals still fret over the perceived assault on civil liberties of spooks analyzing emails.”

Here’s what Hodges (a well-known admirer of Tony Blair, the British prime minister who was no friend of civil liberties) wrote:

We hear a lot about freedom, and threats to our freedom. We heard about it, for example, when the government asked the Guardian to stop publishing the Snowden files because of the risk to national security. We heard about it last year, when David Cameron announced he was bringing back plans to allow the security agencies to monitor, and retain data on, our electronic communications – the so-called ‘snooper’s charter’. We heard about it in the wake of the Lee Rigby killing, where we [were] told the state would use the murder as an excuse for a further erosion of our liberties.

But those are not real assaults on our freedom. Switch on your TV. You will see and hear what an assault on freedom really looks like…

If one way of stopping obscenities like today is providing the security services a bit more access to our e-mails, we must give it to them. If it means internet providers handing over their records, the records must be handed over. If it means newspapers showing restraint the next time an Edward Snowden knocks on their door, then restraint will have to be shown. Because look who came knocking at the door today.

Hodges must be given credit for at least calling himself a “coward” in that piece, saving time for the rest of us.

I’m not going to go into the rights and wrongs of Charlie Hebdo’s content, much of which I personally found grossly offensive. That, after all, is the publication’s aim – to make points offensively (to a multitude of targets, it should be noted) and to meet calls for restraint with more proud offense. Freedom of expression is an essential civil liberty, not only in France, but across much of the democratic world. It was set out in the Declaration of the Rights of Man and of the Citizen, which emerged from the French Revolution in 1789, and it is today enshrined on an international level in the International Convention on Civil and Political Rights (ICCPR) .

The ICCPR’s signatories, including France, the U.K. and most of the world, have also pledged to ensure that “no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence.” Yes, this is a right that needs to be balanced against others, most notably the right to security, but arguably no calculation of that balance can justifiably permit mass surveillance.

To quote last year’s report on online mass surveillance by Ben Emmerson, the U.N.’s special rapporteur on the protection and promotion of human rights while countering terrorism:

International human rights law require States to provide an articulable and evidence-based justification for any interference with the right to privacy, whether on an individual or mass scale. It is a central axiom of proportionality that the greater the interference with protected human rights, the more compelling the justification must be if it is to meet the requirements of the Covenant. The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether. By permitting bulk access to all digital communications traffic, this technology eradicates the possibility of any individualized proportionality analysis.

Apart from the fact that mass surveillance hasn’t been shown to work – France’s extensive surveillance regime, expanded just weeks ago, clearly failed in this case – it is no way to protect freedom of expression. It is a tool for chilling free speech, of dissuading people from speaking their minds, and the same British government that wants to introduce the “snooper’s charter” is also working to stop its citizens from seeing extremist material online, by getting ISPs to filter out such content. It is cracking down on free expression on social media, leading the police there to tweet things like this:

It forced the Guardian‘s editors to destroy computers holding copies of the Snowden cache with angle grinders, for whatever that was worth. And the Sun, so keen on Blair’s Regulation of Investigatory Powers Act (RIPA) this week, recently made an official complaint about the police using the mass surveillance law to spy on its journalists and their sources in a case that was embarrassing the government.

After a cartoon featuring Mohammed led to the firebombing of Charlie Hebdo’s offices in 2011, editor Stéphane “Charb” Charbonnier famously said: “It perhaps sounds a bit pompous, but I’d rather die standing than live on my knees.”

On Wednesday, Charb died for liberty. To suggest that the correct response is the curtailment of liberty — to effectively argue that terrorism should be met with fearful capitulation — is more offensive than anything he ever published.