As news of the alleged hack of encrypted SIM-card producer Gemalto by the NSA and GCHQ spreads, a Dutch MEP is demanding to know what the European Commission is going to do about what could constitute a serious breach of EU law.
According to a new report from Glenn Greenwald, mouthpiece of rogue NSA sysadmin Edward Snowden, the US National Security Agency and the UK’s Government Communications Headquarters successfully infiltrated the Dutch SIM-card maker, allowing spooks access to hundreds of mobile networks. Gemalto supplies 450 different operators worldwide.
“We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation. We take this publication very seriously and will devote all our resources necessary to fully investigate and understand the scope of such sophisticated techniques,” said the Netherlands-based Gemalto in a statement.
Dutch MEP Sophie in't Veld was more outspoken: “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet! In fact, those very same governments push for ever more surveillance capabilities, while it remains unclear how effective these practices are. How is it possible that they have developed so much capacity, while the rise of IS stayed unnoticed?”
In't Veld has already written to the EU’s executive arm about other alleged snooping activities revealed by Snowden: including an alleged hack into the SWIFT server, which contains data on all financial transfers, and the alleged infiltration of the Belgium ISP Belgacom, which counts both the European Parliament and the European Commission as customers.
With this latest allegation, In't Veld believes the time has come for answers. “How will the Commission investigate these allegations which, when confirmed, would constitute a serious breach of European data protection legislation? How will the Commission act against illegal hacking activities by EU member states on the territory of other member states?”
"If the average IT whizzkid breaks into a company system, he'll end up behind bars," said In't Veld, adding that "hacking a SIM card manufacturer in another EU country" could hardly be within the law, unless it was the "law of the jungle".
According to the leak, the alleged Gemalto hack dates from 2010. ®