Monday, February 13, 2006

Greek wiretappers used police interfaces

It appears that senior members of the Greek government have been wiretapped using the "lawful access interfaces" that are increasingly built in to telecommunications equipment to facilitate communications intercepts. Unknown agents bypassed the authentication systems supposed to restrict access to these interfaces. Also monitored were peace activists, alternative community heads, known leftists and many persons with seemingly Arabic names (thanks, Erich!).

Dr. George Danezis writes:

1) None of the safeguards actually worked, to detect or find the perpetrators. The wiretaps were discovered allegedly in a routine control by Vodaphone. The minister admitted that if the CEO of Vodaphone had chosen to say nothing, no one would have ever known.

2) Many questions (and surveys) are asked about how to provide assurance that this is not going to happen again. The government keeps repeating that this is a matter that has legal and constitutional solutions, and if necessary says that it will strengthen these. At the same time (a) the role of the governments (there were many) that promoted laws / regulation / standards that introduce these systemic vulnerabilities are never addressed (b) The possibility to build and deploy security technology for everyone (the PM is already using it apparently — so they are not worried) has never been mentioned…

3 ) The oversight structures that proved useless turn out to be very close to the British ones. They have a Data Protection Authority, a 'Confidentiality of Communications Commissioner' who in fact is a surveillance commissioner, etc. The government has used them as a fig leaf to take away responsibility, so drawing the parallels between the Greek and potential UK issues would be interesting.

1 comment:

Watching Them, Watching Us said...

There are plenty of Ericsson AXE telecomms switches in use within the UK Mobile Phone Networks, so any potential remote compromise of this Interception Management System (IMS) is of extreme interest to our privacy and security here in the UK.

The IMS manual gives you an idea of what is, and what is not possible without further expense, in terms of the categories of data affected by the UK Home Office RIPA Code of Practice and European Union Directive Communications Traffic Data Retention plans.