Backdoors for Spies in Mobile Devices

There’s been a lot of controversy over this summer about the threats made to several large western mobile technology providers mainly by Asian and Middle-Eastern governments to ban their products and services unless they made it easier for their internal intelligence services and political police to access the accounts of users. The arguments actually started way back in 2008 in India, when the country’s Home Ministry demanded access to all communications made through Research in Motion’s (RIM) famous Blackberry smartphone, which was starting to spread rapidly in the country’s business community. Not much came of this beyond RIM agreeing in principle to the demand. Then over this summer, the issue flared up again, both in India and most strongly in the United Arab Emirates (UAE) and Saudi Arabia. RIM’s data servers were located outside the countries and the UAE’s Telecommunications Regulatory Authority (TRA) said that RIM was providing an illegal service which was “causing serious social, judicial and national security repercussions”. Both countries have notorious internal police and employ torture against political opponents.RIM initially defended its encrypted services and its commitment to the privacy of its users in a full statement issued at the beginning of August. However, they soon caved in when they realised that this could cause a cascade of bans across the Middle-East, India and beyond and promised to place a data server in both nations, and now India is once again increasing the pressure on RIM to do the same for its internal security services. So instead of a cascade of bans, we now have a massive increase in corporate-facilitated state surveillance. It’s Google and China all over again, but RIM put up even less of a fight.

However, a lot of people in these increasingly intrusive and often authoritarian regimes are not happy with the new accord between states and technology-providers, and this may yet prove more powerful than what states want. In Iran, Isa Saharkhiz, a leading dissident journalist and member of the anti-government Green Movement is suing another manufacturer, Nokia Siemens Networks, in a US court for providing the Iranian regime with the means to monitor its mobile networks. NSN have washed their hand of this, saying it isn’t their fault what the Iranian government does with the technology, and insist that they have to provide “a lawful interception capability”, comparing this to the United States and Europe, and claiming that standardisation of their devices means that “it is unrealistic to demand… that wireless communications systems based on global technology standards be sold without that capability.”

There is an interesting point buried in all of this, which is that the same backdoors built into western communications systems (and long before 9/11 came along too) are now being exploited by countries with even fewer scruples about using this information to unjustly imprison and torture political opponents. But the companies concerned still have moral choices to make, they have Corporate Social Responsibility (CSR) which is not simply a superficial agreement with anyone who shouts ‘security’ but a duty to their customers and to the human community. Whatever they say, they are making a conscious choice to make it easier for violent and oppressive regimes to operate. This cannot be shrugged off by blaming it on ‘standards’ (especially in an era of the supposed personal service and ‘mass customization’ of which the very same companies boast), and if they are going to claim adherence to ‘standards’, what about those most important standards of all, as stated clearly in the Universal Declaration of Human Rights, Article 12 of which states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence,” and in Article 19: “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.”

Top Secret America

Top Secret America is a really excellent project from The Washington Post with some excellent articles and classy and educative graphics. It traces the huge current US security-intelligence complex, and is partituclarly interesting for noting the massive private sector involvement. This isn’t actually entirely new – private technology companies have been intimately involved in both the manufacture and the servicing and operation of intelligence for a long time – look at the example of RCA and the early history of the National Security Association, for example. However, this blurring of the boundary between state and private sector now goes much further into the operations of intelligence. The Post alleges that “out of 854,000 people with top-secret clearances, 265,000 are contractors.” That’s almost a third. And the database of companies involved is enormous – nearly 2000. The searchable database is also going to be very helpful in our current work at the Surveillance Studies Centre on the involvment of private companies in Canadian border control!

PS: I should be back up and posting regularly now. I’ve had one of my occasional anti-blogging periods!

Federal judge rules against NSA

A US Federal Court judge has ruled that the National Security Agency’s secret domestic wiretapping program of internal terrorist suspects, was illegal according to the New York Times. The activity violated the 1978 Foreign Intelligence Surveillance Act (FISA) which was put into place after the various inquiries into the activities of the FBI and NSA in the late 1960s and early 1970s. As I’ve said before, that’s hardly a surprise and don’t think this has got a whole lot to do with George W. Bush in particular. Intelligence services might claim to operate under laws but in reality their priorities are not bound by them.But there’s a kind of cycle of collective amnesia that goes on with these inquiries and rulings. This time, the NSA was basically doing almost exactly the same thing as in the earlier period. Some minor superficial changes will occur. People will forget about it. The NSA will carry on. Then in 20 years time, there will be something else that will reveal again the same kinds of activities. Cue collective shock again. And so on. It would take a lot more continual public oversight and openness for them to be held properly to account, and if they were, they’d be very different entities. But that’s not to say that they shouldn’t be held to account: the fact that most democratic nations have what amounts to a secret state within the state that may have very different priorities than the official government or the people should be profoundly worrying. Yet it seems to be such an enormous breach of the democratic ideal that it goes largely unnoticed.

Google does the right thing, but…

Google is, as I type this, closing down its Chinese site as the first stage of its withdrawal of service from mainland China, in response to numerous attacks on the company’s computers from hackers allegedly connected to the Chinese state and ongoing demands to provide a censored service with which they felt they could not comply. The company claims that Chinese users will still be able to use Google, only through the special Hong Kong website, http://www.google.com.hk, which for historical reasons falls outside the Chinese state’s Internet control regime. Whether this will mean that the site will actually be accessible to Chinese Net users is debateable. Some say they cannot access it already. There are also numerous ‘fake Google’ sites that have sprung up to try to make some fast cash out of the situation.

But there’s more to this of course. Google has been widely reported to have opened its doors to the US National Security Agency (NSA) in order, they say, to solve the hacking issue, but the NSA only get involved in matters of US national security – if Google is essentially saying it is effectively beholden to US intelligence policy and interests, I am not sure that this is a whole lot better than bowing to China. You can be sure as well, that once invited in, the NSA will insinuate themselves into the company. Having a proper official backdoor into Google would make things a lot easier for the NSA, especially in populating its shiny new data warehouse in Utah

Closing the Internet

A lot of my current thinking is based around the dynamic of opening / closing. I’ve been considering the way in which elements of state power, and in particular the military and intelligence agencies, regard openness per se as a threat. Now, Wired’s Threat Level blog (just about my favourite reading right now), has an excellent take on the response to what has been termed (in a deliberately mixed-up phrase) the ‘open-source insurgency’. This  is the way in which the ex-head of US intelligence, now working for ‘contractor’*, Booz Allen Hamilton, Michael McConnell. is promoting the re-engineering of the Internet. This is necessary, it is argued, because the current openness of the Net means that terrorists and criminals can flourish. This re-engineering would make attribution, geo-location, intelligence analysis and impact assessment — who did it, from where, why and what was the result — more manageable”. In other words to close the Internet. remove everything that is innovative and democratic about it, and make it easier for agencies like the NSA to monitor it.

Along with a whole raft of measures like extending ‘lawful access’ regimes, introducing corporate-biased copyright and anti-peer-2-peer legislation, censorship and Net filtering, this is an attack on what the Internet has become and to turn it into something simply for consumption – something, in other words, more like television. But there is another layer here too – the US military, I suspect, still has a nostalgic longing for when the Internet was its private domain. It’s a long way from its origins, and now perhaps the military want it back. But it isn’t theirs anymore, it’s ours and we need to fight for it.

* or, more accurately, arm’s length consulting agency of the US state.