This article was authored by Don Sambandaraksa, and was originally posted on telecomasia.net.
The Axis of Espionage has been busy, with its tentacles prying much further into our networks and our lives than earlier suspected. German newspaper Süddeutsche last week outed Verizon, BT and Vodafone as well as Global Crossing, Level 3, Viatel and Interoute for collaborating with the GCHQ’s Tempora, the British version of PRISM, in allowing access to fiber optic cables.
Of course these companies had no choice but to comply with the law, and the UK has reiterated that CGHQ operates within the law, which means judicial oversight when spying on British targets but offers little comfort for us living in the rest of the world.
The real question is not whether providing access to these fiber optic cables was legal but whether the companies were forced into doing so or whether they actively worked to design their networks to be open to real-time interception. Previously, Microsoft’s Outlook.com had been outed as one such service that was engineered to make real-time access to encrypted chat possible by the spy agencies.
It has long been joked that British spies spy on the US for the US, and the US spies on the British for the British, in order to keep accusations of a big brother government at bay. At least half of that is quite probably true as a Guardian story that claims that the NSA paid CGHQ £100 million for information that the United States found useful.
The question here is how much of GCHQ’s intelligence capability was designed for the US, rather than handing over US information that they just happened to come by in their day to day work.
But all of that paled in comparison to training documents published by the Guardian from Snowden on a system called XKeyScore. Training documents showed how the system of over 700 servers in 150 sites could look up practically everything anyone does on the internet. Just seeing an email address, number or name in a session would be enough to correlate a web of activity into the report that cross referenced other emails, conversations, web activity, Facebook activity and messaging and even transmitted documents. Nothing we do online is secret from XKeyScore.
More worrying on a local level is how the XKeyScore training material clearly shows these snooping servers to be present in China, the Philippines, Myanmar, Thailand, Cambodia, Singapore (or maybe Malaysia, Singapore being only a few pixels on the slide) and Indonesia. To think that the west was paranoid of China spying on them.
Then to cap off a week of revelations the Wall Street Journal published a report on how the FBI uses smartphone malware to track their targets, copy data and record nearby sounds. Tracking the behaviour of targets using their phones requires a lower level of judicial oversight than actually tapping into a conversation, though in this day and age of always on smartphones is no less intrusive.
However, the WSJ report noted that the method was not used on tech-savvy targets lest they find out and raise the alarm.
Perhaps the only sane piece of news came from Wikipedia founder Jimmy Wales who in a BBC report slammed the UK government’s plans on porn filtering as ridiculous and unworkable. He also said that instead of spending billions of pounds on snooping on ordinary people in an apparently fruitless search for terrorists, these resources should be focused on dealing with real criminal issues online such as credit cards and hacking into websites.
Good idea, Jimmy, not that anyone seems to be listening anymore.