AH Tech Talk: Phones Worldwide Compromised By American and British Intelligence Agencies

AH NSA Security 2

When you purchase a new Android device, you do so with the belief that the smartphone manufacturer, the telecom carrier, and the manufacturers of the device hardware and equipment take best practices to ensure that your device and its contents remain as secure as possible. If you live in the United States, you also use your Android device with the assumption that your private affairs remain safe from unreasonable searches, as outlined in the United States Constitution. We also assume that there are criminal elements in the world that seek to invade our privacy and obtain data that is critical to our daily lives. It is unfortunate, but it is the reality we have to come to terms with. We can improve our chances of evading criminals by many methods. One such method is encryption. This makes it much harder (though not impossible), for criminals to intercept and steal our data. But what if your encryption keys become compromised from someone other than criminals? Your own government, for instance. Or a government from a foreign country.

According to a report from The Intercept (Source Link Below), the United States National Security Agency or “NSA,” along with Britain’s Government Communications Headquarters or “GCHQ” managed to hack into one of the world’s largest SIM card manufacturers, Gemalto, and steal encryption keys for possibly millions of smart devices. With access to these keys, these two agencies would be able to have almost unabated ability to monitor communications of any person they (NSA and GCHQ) had a stolen encryption key for. This is a massive breach that will no doubt reverberate for some time in the security community.

To obtain the keys, NSA and GCHQ operatives could have used any number of methods to gain access to secure data. Initial reports point to what amounts to ‘cyberstalking’ of various employees from around the world. Monitoring their Facebook, email and other communications to try and get an inroad into Gemalto’s system. Apparently their efforts worked. According to Gemalto, they were unaware of the breach and are working to discover the attack vector used and how to mitigate the threat. In a press release, Gemalto stated, “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.” They will no doubt have a tough road ahead of them though. The Intercept has cited documents from former NSA contractor Edward Snowden as proof of the attacks against Gemalto by the NSA and GCHQ. This is information will have huge impacts around the world and for relations with both the United States and Britain from other countries. Both the United States and Britain have been under fire by several countries, may of them allies, for their violations of privacy of government officials and of citizens around the globe.

For their part, both the NSA and GCHQ have stated in the past after other violations of citizen privacy has come to light, that they are simply protecting the globe from terrorist activity and that they only obtained information for those purposes. They have stated that they do not monitor innocent civilian conversation or private activity unless there is just cause to do so.

This revelation also has implications for the technology sector as well. U.S. President Barrack Obama was part of a technology conference last week, mostly in an effort to repair tensions between the government and technology companies. I think it fair to say this information will not sit well with most technology companies of which many, such as Google, are pushing for stronger encryption standards for the internet in an effort to mitigate many criminal attacks to steal financial and private information of business and everyday users of the internet. This could give the tech companies a boost in the public eye to provide more and tougher encryption to keep the prying eyes of the NSA and GCHQ as well as a whole host of other governments and identity theft criminals. White House secretary Josh Earnest said that the White House would not comment on the matter though he did state that he felt that this latest revelation would not harm The White House’s efforts to improve relations with technology companies. He stated during a White House press briefing, “It’s hard for me to imagine that there are a lot of technology executives that are out there that are in a position of saying that they hope that people who wish harm to this country will be able to use their technology to do so.” He went on to say, “So, I do think in fact that there are opportunities for the private sector and the federal government to coordinate and to cooperate in these efforts, both to keep the country safe, but also to protect our civil liberties.”

As more information is leaked by former NSA contractor Edward Snowden, we gain a bigger understanding of what lengths the NSA and GCHQ have gone to in order to obtain personal information from electronic sources. At what point does security cross the line into violations of civil liberties? This is a question that we as a global humanity will have to figure out. We need to make clear to those we charge with protecting us what that line is, and we need to have oversight to make sure that line is not crossed. We need to make sure that we give our law enforcement agencies the ability to protect their country in circumstances where human lives are on the line. Most of the men and women who secure our digital borders are good well-meaning people who work tirelessly to keep us safe. This is why it is important that we the people open dialogue to make sure that it is clear what is expected of them, and ways that we can make their job more successful while providing insight and maintain control by the citizens to ensure that power does not breed corruption.