Privacy Advocates: Latest GCHQ, NSA Revelations More Evidence Surveillance Reform Needed
U.K. spy agency GCHQ was able to hack into the internal networks of Gemalto, “the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications” on carriers including “AT&T, T-Mobile, Verizon,…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Sprint and some 450 wireless network providers around the world,” The Intercept reported Thursday. “In other words, for millions or even billions of users around the world, global cellular communications are about as secure from GCHQ and NSA as an FM radio broadcast,” wrote Electronic Frontier Foundation activist Nadia Kayyali in a blog post Thursday. Normally calls, texts and other communications made on a mobile phone are encrypted as they travel from a mobile device to a carrier’s tower, Kayyali wrote. Only those who had the encryption key, known as "Ki," would be able to decrypt that communication. GCHQ and the NSA “obtained the master keys -- literally and figuratively -- to unlock millions, if not billions, of the world’s mobile devices” while leaving no trace on the network or on an individual users’ device, Kayyali said. “This is an unprecedented mass attack on the privacy of citizens worldwide,” said Center for Democracy & Technology Senior Counsel Greg Nojeim in a statement Friday. “There is certainly value in targeted surveillance of cell phone communications,” Nojeim said, but “this coordinated subversion of the trusted technical security infrastructure of cell phones means the U.S. and British governments now have easy access to our mobile communications.” Standards "for intelligence surveillance are weak worldwide,” Nojeim said, urging a global response “to the threats of government surveillance” and that government surveillance standards be substantially raised. Due to a ruling by the Investigatory Powers Tribunal Feb. 6, which said intelligence sharing between GCHQ and the NSA was unlawful before December 2014, Americans may file a request at the Privacy International website to learn if the NSA provided GCHQ with information about them. Risk of a privacy violation after filing a request is relatively low, Kayyali wrote in another blog post on Friday. “The payoff is that the more people who sign on and learn that they’ve been affected by GCHQ and NSA spying, the clearer it becomes that reform to surveillance is urgently needed.” "It is longstanding policy that we do not comment on intelligence matters," said a GCHQ spokesperson. "All of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position. In addition, the UK's interception regime is entirely compatible with the European Convention on Human Rights." A spokeswoman for Sprint said the company had no comment. AT&T, NSA, T-Mobile and Verizon didn't comment by our deadline.