Reporting on telcos' role in communications interception is getting very, very, silly.
Back in July, Australian media “discovered” an agreement between Australia's dominant carrier Telstra and the USA's Federal Bureau of Investigation and Department of Justice to snoop submarine cable traffic. As we demonstrated at the time, the agreement is business as usual: foreign carriers that want to land a cable in the USA have to sign such agreements in order to do business. Such agreements are not carte blanche to snoop, but a guarantee foreign carriers will allow “Lawful US process” to be applied as signatories will be required to “provide technical or other assistance to facilitate such Electronic Surveillance.”
What we now know about the NSA is that the extent of that surveillance may be rather greater than had previously been imagined. That's not good, but doesn't change the fact reports Telstra had given up our secrets were looking at the agreements through the darkest-imaginable lenses.
Which brings us to today's “revelations”, touted by Fairfax media as ”Telstra's data 'vacuum'.
The guts of the story are as follows:
- Telstra deals with a Melbourne company called Newgen Systems that is the sole supplier of Gigamon kit in Australia
- Gigamon's products “are designed to find not just a needle in a haystack, but bits of needles in many haystacks".
- Gigamon kit is spookware
- Telstra also uses Splunk products
- Splunk is spookware
Before we go on, let's note that a tiny bit of Googling undertaken by Vulture South's Richard Chirgwin came up with this auto-downlading slide deck dated 2007 and titled “Gigamon Training for Telstra”, by way of pointing out that Gigamon's been chatting to Telstra for quite a while without ever upsetting anyone before. And also to show that there's not much revelatory on offer.
Let's now deal with each element of the story in turn
Newgen Systems is a shadowy funnel for spookware
The time-honoured way for US companies to enter Australia is to find someone who already knows its products and set them up as a distributor/reseller. The aim of this ploy is to find a big customer – nearly always a telco or bank – that will provide enough revenue for the first distributor/reseller to survive and grow. Newgen looks like just such a distributor/reseller. That is the only Gigamon distributor/reseller in Australia is unremarkable: Australia does not have a huge prospect pool for Gigamon kit
Gigamon's products “are designed to find not just a needle in a haystack, but bits of needles in many haystacks"
Carriers operate networks. If they didn't monitor them extensively, we'd be worse off than if they did! That the tools they use harvest lots of data about network traffic should not be news to anyone. Fairfax at least acknowledge that Telstra has an obligation to collect lots of data to facilitate lawful interception, but should also acknowledge that attacks on networks can be very sophisticated. Finding fragments of needles is a very useful thing to do if you're trying to defend a network on which millions of people rely for phone calls and internet access
Gigamon's products are spookware
No they are not. That they gather a lot of data that spooks could find interesting cannot be denied. That they gather a lot of data network administrators find interesting cannot be denied. That they gather a lot of data marketers keen to understand usage patterns of newspaper web sites would find interesting cannot be denied. OMG! Fairfax is SPYING on readers of its websites!
Telstra uses Splunk products
Yes it does. It evaluated it back in back in 2009. Splunk, by the way, shows up in shadowy places like conferences where its “booths” offer a “sales presence” it uses to “find new customers” ! Damning evidence, we know.
Splunk is spookware
Puh-lease. Yes, Splunk can analyse all manner of activity. But again, it can be used by spooks in the same way that any other log file analysis tool can be used by spooks.
And let's not forget that just about every piece of technology Telstra and every other business uses to operate produces log files. And those files can be analysed to produce information on who did what, when and where. Customers. Partners. Staff. Records about all of them are being created by every router, every server, every firewall.
And they're all sitting there waiting to be analysed by someone unscrupulous – maybe even a journalist – who will use them to prove a point. ®