By Simon Davies, Gus Hosein and Ian Brown
The Daily Telegraph, 29 February 2000
The early 1990s were boom times for eavesdroppers. Any curious teenager with a £100 Tandy Scanner could listen in to nearly any analogue mobile phone call. As a result, Cabinet Ministers, company chiefs and celebrities routinely found their most intimate conversations published in the next day's tabloids.
With the shift to GSM digital - which now covers almost the entire UK mobile sector - the phone companies assure us that the bad old days are over. Mobile phones, they say, are secure and privacy friendly.
This is not entirely true. While the amateur scanner menace has been largely exterminated, there is now more potential than ever before for privacy invasion.
The alleged security of GSM relies on the myth that encryption - the mathematical scrambling of our conversations - makes it impossible for anyone to intercept and understand our words. And while this claim looks good on paper, it does not stand up to scrutiny.
The reality is that the encryption has deliberately been made insecure. Many encrypted calls can therefore be intercepted and decrypted with a laptop computer.
Security experts at Israel's Weizmann Institute recently cracked the strongest European GSM encryption (A5/1) in less than a second, using a PC. Lucky Green, writing in the New Yorker last year boasted "I know how to build a GSM interception station using off-the-shelf hardware and a PII (Pentium II machine) running Linux for a total cost of well below US$ 10,000". One well known security specialist recently revealed to an internet news group "I figured out the algorithms (the code used in the encryption) during evenings and on weekends over the course of a few months on a budget of well below $100." Such attacks also reveal that mobile phone chips and identities can be cloned.
But even if the encryption was unbreakable, the security of mobile phone calls is fatally compromised because the encryption exists only between your mobile phone and the base stations. From there on, the signal is easy to intercept. The unencrypted signals being passed around the base stations are only marginally more secure than the old analogue system. Devices such as "The Harvester" can then simultaneously intercept thousands of calls between base stations. French security services were recently discovered to have established listening stations on the French mainland positioned to intercept UK mobile phone signals. The human rights watchdog Privacy International, in its 1996 report "Big Brother Incorporated" lists dozens of companies selling such equipment on the open market.
These threats are particularly relevant to people in the business or political world, though anyone with an interesting life may want to think twice before speaking freely on a phone. The Civil Liberties Committee of the European Parliament will next week discuss recent revelations that the US National Security Agency has been routinely monitoring virtually the entire telecommunications spectrum. In 1998, members of the European Parliament (EP) were provided with evidence that the NSA in collusion with the British Government, has created the means to intercept almost every fax, email and telephone call within the European Union. Sketchy details of the NSA's spying activities in Europe have been common currency for decades, but had never been formally acknowledged.
Of particular interest to the Parliament was the report's assertion that the NSA is beefing up its commercial espionage activities. According to evidence presented to the Parliament, the NSA has been routinely intercepting sensitive traffic relating to bids, takeovers, mergers, investments and tenders for the economic benefit of the US.
However the most immediate security problem for mobile phone users can be found within the phone companies themselves. The "traffic data" generated by each call provides a wealth of information on who you know, and where you've been. Police and other agencies use Harlequin's WatCall software to convert lists of phone calls, obtained automatically (without any judicial oversight) from phone companies, into "friendship networks" that can be matched with information in police intelligence computers. Meanwhile, the traffic data also contains information on the areas from which calls were made (this information is necessary for billing purposes).
While the base station and billing data provides a retrospective location tracking mechanism, some phone networks are offering a real-time tracking facility. Companies in Sweden now incorporate a service that uses triangulation between base stations to pin-point a user's precise location. Ideal for nosy partners, malevolent stalkers, and obsessive employers.
Prepaid phones do not provide any guarantee of anonymity. Not only do many companies ask for personal details upon registration, but each phone carries a unique ID number, which can be tied to the user once it has been logged during an intercepted call.
Nor does UMTS - the next generation of mobiles -appear to offer any improvement. The government's policy on communications privacy remains unchanged. Indeed the security problems are likely to become more acute as new services support video images, email and data. This new generation of phones offers such services as interactive navigation, "secure" financial transactions, and health data exchange.
The government argues that access to our phone calls is essential for national security and law enforcement. Their position is superficially persuasive, but at no time in the past decade have any of the relevant agencies quantified these threats. Meanwhile, the security and privacy of our communications is being engineered into extinction.
Simon Davies and Gus Hosein are privacy specialists in the London School of Economics. Ian Brown is in the Computer Science Department, University College London