UN steps into Blackberry debate
The secretary general of the International Telecommunications Union has stepped into the lawful interception debate, saying that companies are just going to have to provide governments with access somehow. In an interview with the Associated Press, Hamadoun Toure said that governments had the right to demand access to …
> governments had the right to demand access to communications
It doesn't matter who you vote for, the government always wins.
I see no problem with the government having the right to access telecommunications for legitimate purposes as laid down in that countries legislation. After all, the government does have a duty to keep it's citizens safe and in excpetional circumstances this may require communication interception.
The problems arise when the government goes beyond this legitimate use and how this can be monitored. In some countries the whole idea of a legitimate government can be hard to define but I don't believe that negates the original premise that a legitimate government does have a right to do this.
The U.S. government, through the Patriot Act, as amended, is breaking The Constitution by wholesale monitoring of private communications WITHOUT WARRANTS, i.e. without the oversight of a court.
This service is provided courtesy of the usual suspects - AT&T, Sprint, etc.
They can also access all computers on the issuance of a letter that also makes it illegal to notify the victim.
Another sick joke is "duty to keep it's citizens safe". What did Blair do when America offered to return ALL UK citizens illegally imprisoned in Cuba? He cherry picked, refusing to accept certain citizens. Some safety.
Likewise, I meet many backpackers travelling in my country of residence with backpacks displaying the Canadian flag and on being asked where they are from (I being a Canadian) and getting answers in distinctive American regional accents giving false information.
When challenged most say they are scared about getting attacked as American citizens - particularly when Bush was running the shop.
Governments don't keep their citizens safe and often they do little to help - particularly when drugs are involved.
With respect I think your trust is wholly misplaced and governments have demonstrated why they should be strictly accountable to a public forum - although many UK judges are little better than a rubber stamp.
There may be a legitimate reason to intercept some communications - a right, if you will, for the government.
But that doesn't mean it's feasible.
Implementing crypto isn't *that* hard: and if it's done right, there's little reason to suppose that *anyone* other than the intended sender/recipient can intercept the communications. Denying this capability to big business, but leaving it available to any hobbyist (or those bent on mayhem and destruction) is bonkers. You can't prevent the latter, after all.
they move their backup facilities from the US to europe at great cost to conform to european privacy laws and then they are forced to hand over anything to the US agencies which was deemed inappropriate before.
They don't have to let the Governments have "lawful" intercept.
They could exercise the right to cease to trade there.
I wonder what the reaction of the Indian business community would be to loosing all their Blackberries. Would the users in India accept this? or would the Government suddenly find themselves out on their ears?
It's a big game of bluff.
you will still have several million ways of encrypting information that they wont be able to crack if your a terrorist with an IQ above 10.
Meanwhile business will haemorrhage information.
Are you suggesting that foreign governments aren't as interested in stopping terrorism as they are in profitting from intercepted company information.
Apart from millions of dollars/pounds/euros/funny shaped pieces of metal that could be made from doing such a thing, what could their motivation be?
The ITU position is pragmatic and sound and it's unlikely they'll adopt a political mantle in championing privacy above government any time soon.
It is predictable that some governments will want to intercept communications and equally predictable, when attempts are made to thwart that, they will do all they can to ban it or make it illegal, shut those who won't play ball out of their jurisdiction.
The answer is simple for everyone - if you don't want a government which intercepts communications and bans and prohibit such things then vote in a government which believes differently and holds to other principles.
Of course it may require a whole new view of government and society to achieve that, but no one else is going to be able to change the system from outside. Viva la revolution!
Thing is, if the plods came to me and said "look, we think one of your staff is up to some dodgy stuff. Do you mind if we have a look at his email?", I don't think I would have much of an issue with it (assuming the "dodgy stuff" sounded credible).
But there is a HUGE difference between this and "look, can you just channel all your email traffic to us so we can browse it as we see fit, just in case".
The first scenario is (admittedly, arguably) not unreasonable. The second is downright intrusive and suspicious on many levels. Unfortunately, it seems to be the second model that is being pushed by governments around the world. And (blindingly obviously), anyone up to said "dodgy stuff" will encrypt their communications by other means anyway.
there is a difference between routing all of your emails through a government server and routing them through a server that the government can access. So yes, your emails will still be private, and the government will still have to go and ask someone to access your emails.
"PGP was too much effort for most people, and it never got properly integrated with the more popular email clients"
Seems to work very smoothly to me - Thunderbird, Enigmail & GNU PG
I'm not sure why poor S/MIME never gets mentioned in the same breath as PGP. Bad PR, I guess. Support is built in to Thunderbird and Outlook and countless other email clients. End-to-end, point-to-point crypto. Simples.
"It's the mass adoption of encryption that worries governments."
Therefore, encrypt, and encourage everyone to learn how to. It is better that they fear us than that we fear them.
> governments had the right to demand access to communications
Whether they should get it or not is, of course, quite another matter ...
I decided to embed my response in 1024 bit Two Fish encryption so that only non-government entities can see my response.
<encryption ON>
thbbbbbbbbbbbbbbbbbtttttttttttttttttt....
<encryption OFF>
Government security workers have used security information to enrich themselves in the U.S.A.
Whilst those with intimate familiarity in the telecommunications industry have known what governments routinely do, surreptitiously, the current level of chatter is very healthy for more and more people are becoming sensitive to eavesdropping/monitoring done by governments.
RedPhone 0.1(voice)[uses ZRTP by Phil Zimmermann] and TextSecure 0.3 (text) are amongst several answers for Android users and defy government monitoring.
Secfone (software), Rohde & Swartz (Bluetooth hardware) and SnapCell (hardware) are others.
Using specific cell phones to call specific numbers stops governments building a database of contacts and using a pair of hand-phones as one-way communicators or split communications (A cell used for talk only to cell B; cell C used only to talk to cell D [A & D are one end and B & C are the other end]) is very effective, more so when they are paired using different carriers.
Developing countries, China excluded, definitely don't have the technology to beat these and even the U.S. capabilities are challenged.
Cell hygiene is essential (clearing registers, powering down periodically), Carrying cells across borders allows Plod and company to gather information such as the IMEA which can be used to build contact information.
Using calling cards is ineffective as all numbers are recorded, although dedicating one card to one called number increases difficulty in building contact databases (and not using different cards sequentially from one number).
The IMEI number is a flashed serial number that is unique to every cell phone. IMEI number facilitates an important function; it easily identifies a mobile phone being used on a GSM (Global System for Mobile Communications) network.
To increase the difficulty in nosy people creating a contact database this number should be changed.
IMEI numbers either come in a 15 digit or 17 digit sequences of numbers. These numbers can identify a handset. Currently the format of the IMEI is AA-BBBBBB-CCCCCC-D.
- AA - These two digits are for the Reporting Body Identifier, indicating the GSMA approved group that allocated the TAC (Type Allocation Code).
- BBBBBB - The Remainder of the TAC
- CCCCCC - Serial Sequence of the Model
- D - Luhn Check Digit of the entire model or 0 (This is an algorithm that validates the ID number)
There are on-line databases to check a phones status:
Color Meaning
White Valid Mobile Station
Grey Mobile Station to be tracked
Black Barred Mobile Station
Any cell phone of interest to a third party only need be made Grey.
There are links for changing IMEI numbers such as < http://www.renjusblog.com/2009/11/how-get-new-imei-number.html >.
Zimmerman didn't only code PGP, he also came up with the ZRTP protocol for voice comms and that is presently being implemented in a number of products - which can only be sold in accordance with the Wassenaar Agreement (wassenaar.org) unless the reseller want's to get into real big trouble.
The problem is not legal intercept - I'm pretty sure everyone accepts that some privileges are needed to catch the bad guys. The problem is the incessant abuse made of those privileges, which erodes the trust required for police et al to do their job, so it's their own fault. Action creates reaction, and the privacy swing is on the rebound.
"lawful interception debate"
Germany in the 1930s passed laws which made everything which subsequently happened there "lawful" in a technical meaning.
Later the Americans and British and others just hung many of those who operated within that "lawful" environment, using their own laws to retrospectively make those actions "unlawful".
So there's "lawful" and there's "lawful". All that's meaningful is who has the greatest power, at any particular time.
NB : I'm certainly not condoning war crimes or other abominations, just pointing out the facts.
For all we know, US already has full access to _all_ Blackberry communications. Other countries want to have access too.
Sign up, sign up for The Register's weekly mobile & wireless newsletter - click here
