Politicians and regulators in Europe need to decide whether they want a secure mobile phone system or something their own police agencies - as well as spy agencies in the US, China and elsewhere - are able to easily tap into, according to a renowned security and privacy expert.
Christopher Soghoian, principal technologist of the speech, privacy & technology project at the American Civil Liberties Union, told a European Parliament hearing on Civil Liberties, Justice and Home Affairs that keeping foreign intelligence agencies out of mobile phone traffic while allowing local cops access to it is a practical impossibility.
"The NSA employs the best hackers in the world and if they can't get in directly they will just hack into the cops' systems," he said.
Soghoian told MEPs that mobile phone networks in Europe are not safe and the much-publicised interception German chancellor Angela Merkel's mobile phone is essentially a symptom of a wider problem that's been years in the making.
"Weaknesses in GSM have been known about for 20 years," Soghoian said.
It used to be the case that you need government-grade surveillance equipment to intercept communications but it's now possible for researchers, hobbyists and hackers to build interception kit for a few hundred dollars. As Soghoian explained, “mobile phone interception tech has been democratised."
That means that the mobile phone conversations of politicians were vulnerable to spying on by paparazzi as well as creating the means for unscrupulous businessmen to hire hackers to spy on their rivals, according to the technology policy expert.
"For years there's been a widespread failure of telco regulators to prevent threat of interception. It should not have taken the Edward Snowden revelations" to reveal this, Soghoian argued, asking rhetorically: "Regulators have intervened when it comes to roaming fees but what about data security for cellphone networks?"
"Mobile networks are insecure by design and this is not an accident. The needs of local law enforcement and intelligence come first," he said.
If European regulators and politicians were to go down the road of building more secure telecoms networks then they would be giving up some forms of law enforcement access, though not information such as location data, which needs to be exchanged for a mobile phone system to work, and call records. But this was a price worth paying because European mobile users are "secure against nothing right now".
There are already secure apps for smartphones but at the time of writing they require action on the part of users, so they're not widely deployed, according to Soghoian.
Government ministers can be provided with secure phone, which tend to be more expensive. For mass adoption of encrypted voice and text, regulators need to demand it, Soghoian concluded.
A written copy of Soghoian's testimony can be found here.
Glenn Greenwald, chief journalistic collaborator with Edward Snowden in the ongoing release of leaked NSA secrets, appeared before the same European Parliament privacy hearing by a video link.
Greenwald told MEPs that the NSA and its allied intelligence agencies were "out to eliminate personal privacy online" by collecting all forms of electronic communication. He said that the NSA was even attempting to break into WiFi systems on aeroplanes, though he didn't go into details and none of the politicians at the hearing picked him up on the point.
The NSA use metadata to build a network of associates and friends, something Greenwald described as "very invasive".
"If you value privacy then it would almost be preferable to have the NSA listen in to your phone calls," Greenwald said in an uncharacteristically semi-flippant aside.
He went on to criticise the "strange and disappointing dynamic" of European politicians welcoming greater knowledge about the actions of intelligence agencies while "turning their backs on Snowden in offering to protect him from persecution by accepting his requests for asylum.”
The lawyer-turned-journalist and privacy activist declined to answer some MEPs questions, for example on the role of intelligence agencies in Sweden, by saying reportage on these particular topics had not yet been completed. The overall, at times slightly condescending, performance was literally phoned in from Greenwald's pad in Rio. In fairness, he did say that he'd been advised by lawyers that travel to Europe at this time would present opportunities for official harassment.
The European Parliament's Inquiry on Electronic Mass Surveillance of EU Citizens is expected to issue a report early next year. ®