My colleague Christopher Soghoian testified today before the European Parliament at a hearing on the “Electronic Mass Surveillance of EU Citizens,” which is a response to widespread concern in Europe about the revelations of NSA spying. His brief testimony is worth reading in its entirety, but he told the lawmakers, in essence, that Europe faces a choice:
The security vulnerabilities in “GSM” mobile telephone networks exploited by the NSA have been known in Europe for nearly two decades. . . . Your own law enforcement and intelligence agencies know that telephone networks in your respective countries can be spied on by anyone with the right equipment. They know this, because they have purchased and are using this equipment for surveillance. . . .
During the past few years, prominent security researchers have repeatedly warned about the flaws in mobile telephone networks that these “government-grade”surveillance devices exploit. Although interception once required a $50,000 commercial surveillance device to intercept calls, it is now possible for researchers, hobbyists, and hackers to build their own interception devices for a few hundred dollars. . . .
If you do not wish for the Americans, the Russians, the Chinese or any other foreign government to spy on the phone calls of your policy makers, business leaders and journalists, you must take action. However, protecting your telephone networks from such surveillance threats will also require the large-scale deployment of advanced encryption technologies that will thwart your own law enforcement and intelligence agencies’ use of the same interception technology.
American policymakers, of course, face precisely the same choice.