photo by Simon Yeo
If a government agency wanted to implant a monitoring chip into the bodies of billions of people, it could save itself the trouble. These days, a hacked smartphone can do basically the same work for much cheaper.
Apparently, the government agency in question already knows this and acted accordingly.
According to a report by The Intercept, documents provided by Edward Snowden show that American and British intelligence agents hacked the internal computer network of Gemalto, the world’s largest manufacturer of SIM cards. The hack’s target was encryption keys used to protect a wide array of cellphone communication worldwide. SIM cards, while once simply a way to verify cellphone billing, today serve as the keys to voice, text and data. In other words, with a SIM card encryption key in hand, the National Security Agency and British Government Communications Headquarters can gain access the large section of your life conducted over your smartphone without the permission, or even the knowledge, of telecommunications companies or other government agencies, at home or abroad.
Gemalto is a multinational company, and its official headquarters is located in Amsterdam. Dutch lawmakers have expressed indignation at the NSA and GCHQ’s actions. Gerard Schouw, a member of the Dutch Parliament, told The Intercept that he and other legislators plan to ask their own government to clarify whether it knew of Gemalto’s infiltration. Jan Philipp Albrecht, the chief negotiator for the European Parliament for the new data protection law in the European Union, reportedly urged the Dutch government to investigate the incident.
Worth noting, too, is that Gemalto’s chips are not exclusively used in phones. The company’s technology is also used by financial institutions, including Visa, MasterCard, JP Morgan Chase and Barclays. It manufactures chips used in luxury cars, including those made by Audi and BMW. And it produces the chips built into new electronic U.S. passports. While it is not clear that intelligence officials obtained information for any of Gemalto’s other products, it is clear that had they wanted to do so, considerations such as Gemalto’s lawful behavior or the privacy of its clients would not have stood in the agencies’ way.
An internal investigation within Gemalto confirmed that the alleged hack “probably happened” between 2010 and 2011. However, the company was quick to add, the investigation did not reveal evidence that the intelligence agencies successfully lifted a large number of SIM keys, only that they infiltrated office networks. The company, whose stock suffered a hit after The Intercept article, also said in its statement that 3G and 4G cellular networks would not have been compromised, even if the effort had been successful. Many security experts are skeptical of Gemalto’s confidence. Even if the company’s assertions are true, the fact that U.S. and U.K. intelligence agencies did indeed attempt to compromise Gemalto is hardly reassuring.
Nor was Gemalto the only target, according to the documents published by The Intercept. The project, which involved intercepting employee emails and scoring them based on the frequency of technical terms mentioned in order to identify likely points of entry, included emails of employees of hardware companies like Nokia and mobile network operators like Belgacom, among many others. The highest score belonged to an employee of the Chinese company Huawei. NSA and GCHQ seemingly neither had, nor needed, any evidence of wrongdoing in order to pry into the communications of major international corporations.
The intelligence community’s targeting of companies that make smartphone security means that a law-abiding business is now evidently considered fair game by American and British spooks, who seem to believe that they are the only ones qualified to set limits on their own activities. They expect us to trust that such power will never be abused or corrupted. All we need to do to grant such trust is to ignore virtually the entirety of human history.
Your hacked cell phone might not only track your whereabouts; it might also be listening to your conversations and scanning your surroundings each time you take it out of your pocket. Once you lay it down on your nightstand, your phone might be keeping an eye on everything that happens there. Of course, this isn’t East Germany. Surely no one like Gerd Wiesler, the Stasi captain played by Ulrich Muhe in the film “The Lives of Others,” is listening in as you go about your daily life. Trust us.
In Washington and London, policy makers have studiously avoided a serious debate about the implications of all this spying for years now. If recent history has taught us anything, it is that they will continue to avoid that debate until we collectively demand they do otherwise.