Last week The Intercept broke the story that American and British spies, from the National Security Agency (NSA) and Government Communications Headquarters (GCHQ), hacked into the internal computer network of Gemalto, the largest manufacturer of SIM cards in the world. The intelligence agencies stole encryption keys used to protect cellphone communications around the world. This information was provided to The Intercept by NSA whistleblower Edward Snowden.
The heist of these encryption keys gives intelligence agencies the ability to monitor mobile phone communications, without having to notify telecom companies or foreign governments. It also allows these intelligence agencies to avoid obtaining the warrant needed to legally monitor these private communications. The clandestine operations against Gemalto involved snooping on the private communications of Gemalto employees in many countries. Gemalto was never aware their systems had been compromised.
In a rational world, news of the theft of encryption keys of the major cellphone companies would be a devastating development and would result in abolishing the agency. But we do not live in a rational world, so the beat goes on.
The Intercept reports on the implications of this theft on global privacy:
Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”
Beverly said that after being contacted by The Intercept, Gemalto’s internal security team began on Wednesday to investigate how their system was penetrated and could find no trace of the hacks. When asked if the NSA or GCHQ had ever requested access to Gemalto-manufactured encryption keys, Beverly said, “I am totally unaware. To the best of my knowledge, no.”
According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We “believe we have their entire network,” the slide’s author boasted about the operation against Gemalto.
This news can make even the most optimistic liberty lover feel hopeless. It doesn’t seem likely that we will have the pleasure of living in a society without privacy intrusions by government any time soon. With each NSA leak it becomes increasingly difficult to imagine a future where the most powerful governments in the world are unable to spy on private communications. Adding to the frustration is the fact that the majority of society becomes more enraged by the prospect of their favorite movie being snubbed at the Oscars than they do about mysterious government entities having access to the most intimate details of their lives.
What if I told you there are actions that can be taken today that will alleviate this helpless feeling and might actually weaken the surveillance state? You’d probably be intrigued, much like I was when I stumbled on this news reported by the EFF.
The website is the result of a February 6 ruling by the Investigatory Powers Tribunal (IPT). Similar to the Foreign Intelligence Surveillance Court in the US, the IPT is a special court in the UK established by the Regulation of Investigatory Powers Act (RIPA) that deals with issues of surveillance and human rights.
The February 6th ruling held that intelligence sharing between GCHQ and NSA done prior to December 2014 was unlawful. The decision, which applied to information collected by the NSA through Prism and Upstream, was based on the secrecy of the rules governing sharing of that information. This followed a December ruling in which the court held that information sharing between the NSA and GCHQ could continue because the oversight of the data-collection program had been made public, bringing it into compliance with European law. Privacy International disagreed with the decision made by the tribunal on this point and is appealing to the European Court of Human Rights.
As Privacy International points out, “The [February] decision was the first time in the Tribunal’s history that it had ruled against the actions of the intelligence and security services.”
This website presents an opportunity for people to find out if their communications were monitored by the NSA, then shared with GCHQ. Obviously, GCHQ is not going to just volunteer this information. This is where Privacy International (PI) has stepped up to collect names, numbers, and emails to assist individuals with finding out if their private transmissions have been spied on. If it is determined that someone has been spied on, then PI will assist with helping individuals seek a declaration that their privacy rights have been violated under Article 8 and Article 10 of the UK Human Rights Act. If the Investigatory Powers Tribunal (IPT) issues a declaration for the individual, then that individual can request their illegally obtained private communications can be deleted.
This process is open to anyone. You do not need to be a UK citizen to participate.
Check out Privacy International to find out if you have been spied upon.
Hopefully this morsel of hope brightens your Monday morning.
– “CitizenFour” – the Edward Snowden documentary – wins Best Documentary Oscar.
– Rudy Giuliani continues to act like a maniac. (via CBS news)
– The Telegraph has a shocking report on toxic fumes in airplane cabins.
– Zero Hedge reports that Allen Greenspan thinks a “significant market event” will occur and gold price will go “measurably higher.”
– The Free Thought Project has the scoop on a new anti-police-militarization bill proposed in Montana.