Monday, 1 October 2007

The Wiretapping Controversy: Telcos Getting it Lightly

The wiretapping controversy in the Senate has been going on now for weeks. While it has been established that illegal wiretappings have been indeed routinely committed by the ISAFP, there has been yet no finding as to how. If one of the avowed purposes of the Senate hearings is the amendment of the Anti-Wiretapping Law, it must be established how such wiretapping is conducted.

Quite interestingly, a similar controversy is brewing in Greece involving Vodafone Greece and Ericsson regarding the wiretapping of more than 100 high-ranking government officials and dignitaries including the prime minister of Greece, his wife, and the Mayor of Athens beginning shortly before the 2004 summer Olympic Games. An article in New York Times regarding this:

The surveillance was done with a remarkable degree of sophistication, exploiting software developed by Ericsson, the Swedish manufacturer of the GSM cellular switches, which were used by Vodafone. Shortly before the bugging of the cellular system began, the telephone equipment maker had provided a software update to the computerized switches that route cell phone calls.

The article raises fascinating unanswered questions by noting that the Swedish phone equipment firm supplied only a portion of the the lawful intercept system — which had not been purchased by Vodafone Greece. The control interface software module was not included in the upgrade. However, because the modules necessary to essentially target and “clone” phone calls came with the upgrade, the attacker was able to control the modules inside the system, while effectively hiding from Vodafone Greece technicians.

That code permitted someone — who almost certainly had physical access to the computerized switches — to install at least 14 “shadow” cellular phone accounts. Whenever a call was made or received by one of the targets of the surveillance, one of the secretly created cell phone accounts could listen in.

The researchers note that Vodafone bungled its investigation of the crime by abruptly switching off the accounts and then erasing crucial phone and physical entry log data that might have provided clues about the intruders.

In another article, the same issue is being pursued:

A parliament committee is investigating the illegal cell phone surveillance of Premier Costas Caramanlis' and senior state security officials from just before the August 2004 Olympic Games until March 2005.

The list also included senior military officers, human rights activists, journalists, Arab businessmen and a mobile phone used by the US Embassy, according to a list of numbers given to parliament by Vodafone.

Victims of the wiretap operation were subscribers of Vodafone, which uses technology built by the Swedish telecoms equipment maker Ericsson to maintain its Greek network.

Ericsson's CEO in Greece, Bill Zikou, told parliament yesterday that software it installed in the network to allow legally-sanctioned surveillance had been exploited by a rogue programme to tap government phones.

Zikou maintained Vodafone had been informed about that legal software and had been responsible for its protection - a claim strongly denied by the British mobile phone operator.

"Ericsson provided the customer with full details and informative documents, noting that the new software package included software components for lawful interception," Zikou told parliament, according to a statement released in Greek by Ericsson.

But a Vodafone statement issued after Zikou's appearance said it had not been informed about the surveillance software.

In our case, when the telecoms were invited in the Senate hearings, they sent lawyers who seem more intent on leading the Senate on a "wild goose" chase by claiming that the wiretapping being claimed by former T/Sgt. Doble cannot be done without backing up their claim, at the very least, by presenting their technical people. Quite funny that the senators asking the questions base their questions on movies rather than on real-life controversies.

It seems strange that the telecom executives sent to the Senate are not aware of controversies of cellphone providers all over the world as far as wiretapping is concerned. To my mind, that may have been the point why they were sent. They are not technically competent to testify on the matter of cellphone wiretapping.

The actuation of the telecoms in the Senate hearings is quite suspicious. Information, as they say, is the real power. What if they are using the capability to listen to other people's conversation to further their own interests? Or worse, what if they are providing the capability to listen to cellphone conversations to the highest bidder?

Questions begging to be asked:

  • What are the capabilities of the government in monitoring and regulating the franchise of these telecoms?
  • What are these telecoms doing to safeguard the right of its subscribers to privacy of information?
  • What happens when these telecoms violate such?

No comments: