Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russians Order Mobile Phone Encryption Removed

Posted by simoniker on from the static-still-encrypts-messages dept.

PenguinRadio writes "The Moscow Times is reporting that Russian security officers (The FSB, formerly the KGB) ordered all mobile phone providers to switch off their encryption systems for 24 hours, so the police could eavesdrop on all calls. An alert, either an exclamation point or an unlocked padlock, was sent to the phones in question. This is the second time such an order was given - the last time was after the hostage crisis involving Chechnya fighters in a Moscow theater. At least the Russian has the courtesy to warn all their phone users that this was going on. Not sure what the standard FBI procedure is on something like this..."

26 of 302 comments (clear)

  1. The FBI by vought · · Score: 4, Interesting
    Don't the NSA and FBI have access to the keys to unlock encryption per user here, or did I just see that in a bad movie* at some point?

    *Mercury Rising/Consipracy Theory/That horrible movie with Denzel, etc.

    1. Re:The FBI by Beryllium+Sphere(tm) · · Score: 5, Interesting

      The session key used by the A5 cipher in the GSM standard is 64 bits. Interestingly, ten of those bits are not used. Suspicious people have claimed that the key length was reduced to facilitate eavesdropping. Carriers hotly deny this (http://jya.com/gsm042098.txt).

      Looking at it from first principles, there'd be little reason to disable encryption for a single user. Law enforcement could tap the phone network downstream of the tower, and intelligence services would want to listen to everybody. (I'm speculating 'cause I don't know).

    2. Re:The FBI by bhimaji · · Score: 5, Interesting

      The clipper chip was most assuredly implemented. In fact, Clipper chips sold more PCMCIA interfaces for desktop computers than just about any other application. Clipper chips were sealed modules, and PCMCIA seemed like the best way to package them.

      Interestingly, there was an attack for the Clipper chip which would let you encrypt your messages such that they would appear to be decryptable by the government, but if they tried to decrypt them they'd fail.

      Clipper worked as well as having government agents dressed in nazi-esque outfits in locksmith stores asking for voluntary copies of your house keys would work. That's to say, government agencies used it, but nobody else.

    3. Re:The FBI by asynchronous13 · · Score: 4, Interesting

      Do US cell phones even use encryption? I few years ago I worked at a company that made high-speed A/D and D/A converters. One of our test setups picked out the strongest 10 cell phone signals and we could listen in to whichever one we chose. all for, uhh, testing purposes, of course. I know that we weren't breaking any 64 bit (or 54 bit) encryptions on 10 different channels in real-time.

    4. Re:The FBI by laemas · · Score: 2, Interesting

      "The session key used by the A5 cipher in the GSM standard is 64 bits. Interestingly, ten of those bits are not used."

      indeed , 10 of those bits were set to 0 by request of the American government , to allow easy decryption by unauthorised parties. 56 bit key is a hell of a lot easyer to decrypt than 64 bits.
      Also , you can buy mobile base stations for a few thousand usd. One of the examples shown to me worked by telling the phone it was in iraq/iran/somewhere else , the phone would not encrypte the call then. Something to do with not selling "weapons" to these countrys.

      All this was told to me by an ex-CIA agent friend of mine.

  2. scary by MrLint · · Score: 4, Interesting

    It kind of concerns me that the encryption isnt hardwired into the phone, and that it can be turned on an off at a whim. I wonder if the russian or US govt's allow the encryption on their stuff be turned off, or is this a lowly citizen thing only.

  3. Huh? by pv2b · · Score: 5, Interesting

    The only thing GSM encryption prevents is eavesdropping on GSM calls with radio receivers. Law enforcement can still wiretap where the GSM call hits the copper, after all the call has to be decrypted by the phone network.

    I don't really see why they'd have to do this, technically.

    Perhaps they just wanted to "appease" the public by showing them that they are invading their privacy to search for Chechyen terrorists? After all, this is pretty visible.

    1. Re:Huh? by pv2b · · Score: 5, Interesting

      A Swedish company named Sectra among other things sell mobile phones with non-standard strong encryption, that only works between two of the same phones.

      But with normal GSM, not really. The GSM encryption, from what I've understood, is only intended to stop normal people from building equipment to eavesdrop on calls, not to stop law enforcement wiretaps.

    2. Re:Huh? by dmszero · · Score: 2, Interesting
      What about calls made to mobiles on the same cell? surely the base station will not route this to the network and back?

      dms0

      --
      -= world leaders choose world leaders not us, not a democracy, not a revolution! =-
  4. Why bother? by provolt · · Score: 3, Interesting
    Not sure what the standard FBI procedure is on something like this.

    Why bother shutting off the encryption? Why not just go the the cell tower and and tap the line? Seems like it would be much easier than trying to pick calls out of the air. If you just disable the encryption, then the police would have to set up their own receiver. Why not just take advantage of receiver that's already available?

    1. Re:Why bother? by provolt · · Score: 2, Interesting
      So they can track down the physical location of the person making the call?


      If the phone is within range of two towers the location could be pinned down to two locations, and a single location if it's in range of three towers. This isn't ideal, but it seems a lot more practical than dropping encryption for a large area and then using directional antennas to track them.

  5. Courtesy Warning - Pointless? by grimani · · Score: 2, Interesting

    I'm quite surprised that they issued a warning to the phones in question.

    Doesn't this defeat the purpose of eavesdropping?

    As if terrorists would discuss their plans via mobile phones fully knowing that the FSB is listening.

    This type of action doesn't seem to serve any purpose other than to: (1) send terrorists scrambling to other forms of communication (land lines, maybe?), (2) cause terrorists to delay their planning by a day, and (3) bring attention to the potential abuse and rile up privacy advocates everywhere.

    None of the above seem to accomplish any worthwhile goals for the FSB.

    Yes, in the hostage crisis case gain the ability to intercept terrorist communications while the crisis is in progress.

    In this case, however, the attacks have already been concluded. Two suicide bombers have taken 14 others with them. I don't think the accomplices are going to be calling the bombers anytime soon.

  6. Crypto? What crypto? by Anonymous Coward · · Score: 4, Interesting

    The FBI procedure might be to use equipment that can crack worthless cellular encryption in real time.

  7. I don't think you can have encryption in the US by _Brazil_ · · Score: 2, Interesting

    What carrier lets you have encryption? I don't think it's a law or anything, but I never seen it as a feature for any of the major carriers. I have AT&T and I never saw that on the website... I remember I even tried to turn it on for my phone... it kept beeping at the beginning of the call saying encryption is not on...

    I now kinda would like to know what service does let you do it.

  8. I'm shocked that... by David+Hume · · Score: 2, Interesting

    [a]n alert, either an exclamation point or an unlocked padlock, was sent to the phones in question.


    We'll probably see the standard privacy (natural, fundemental, pre-existing) rights vs. untilitarian (what if the terrorists have a nucclear weapon? / are going to kill 10,000 hostages?) posts.

    However, I'm just amazed that Russia issued such a warning... unless, as a matter of software determinism, they couldn't turn off the encryption without turning sending the warning.

    A bug, or a feature?

    --
    Only Women Bleed (Sex, Sharia remix)
  9. The last part of the article is most interesting. by mikeophile · · Score: 1, Interesting
    The only court conviction in the theater tragedy was handed down last month to Zaurbek Talkhigov, who was charged with using his cellphone to pass key information about law enforcement activities during the crisis. The charge was based on tapes of Talkhigov's cellphone conversations. A Moscow court sentenced Talkhigov, 25, to 8 1/2 years in prison on June 20 and ordered the tapes destroyed.

    There was a lot of controversy surrounding the use of the narcotic gas in the theater. This just looks like the police botched the job and mopped up a whistleblower.

    Do you think the US would do the same thing today to the camera crew that caught the tear gas tank pumping flame into the building at Waco?

  10. GSM encryption is unsafe anyway by lylum · · Score: 5, Interesting

    As proven by the German CCC

  11. Overt versus covert by Ghoser777 · · Score: 4, Interesting

    I'm wondering if there's anything proventing the ex-KGB from doing this eavesdropping without doing this type of warning. The interesting thing in this policy is that it lulls people into thinking that they know overtly when they're being monitored, which may keep people from wondering when they maybe monitored covertly i.e. without a friendly reminder.

    Matt Fahrenbacher

    --
    James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
  12. This is suspicious by ugen · · Score: 5, Interesting

    The russian authorities have a law (SORM) which requires any communications provider to have special equipment tapped by FSB. This law is well implemented and therefore FSB has access to all phone conversation regardless of the encryption.

    The true purpose of this action is any one of the following in order of highest to lowest probability:

    1) Draw public attention to the bombing/terrorist act and drum up support for whatever it is the government is planning next. Good way to do it as anyone and their dog carries a cell phone. Bad way to really tap conversations since now everyone knows they are being tapped.

    2) Draw a lot of attention to current interior minister Gryzlov and his tough and honest men tactics (that and the current cleaning of "dishonest" policement from less important police units). He's probably getting promoted to
    head up some political party so that will help.

    3) Put the terrorists/chechens/whoever on the run - scare them etc. This sure is a big dynamite in a small pond though - so i doubt it.

    4) Have other units not equipped with SORM uplink do the tapping, using scanners or some such. Unlikely since GSM even when unencrypted still can't be listened in on without expensive equipment. I doubt this one even more, but i had to put it here for the sake of balanced options:)

  13. So does that mean... by phorm · · Score: 2, Interesting

    That my phone has the ability to work in encrypted and non-encrypted mode? Does the phone automatically join the non-encrypted session without warning, or will it balk?

    Really, it would be a good idea to have some sort of *privacy off* icon or something like that on most phones (I think some Nokias I've seen have this).

    1. Re:So does that mean... by afidel · · Score: 3, Interesting

      When I tried to turn on encryption on my Nokia phone using AT&T's system it warned me on every connection that encryption was not active. My home network aparantly has encryption turned off, I believe this is true of the entire AT&T network.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  14. CDMA by Detritus · · Score: 2, Interesting
    I've been told that U.S. CDMA systems XOR the data frsmes with a static bit pattern. Needless to say, that is pathetically easy to crack.

    U.S. law enforcement agencies and the TLAs do not want cellular users to have ubiquitous encryption.

    Warrants? Warrants? We don't need no stinking warrants!

    --
    Mea navis aericumbens anguillis abundat
  15. Old words, but still valid. by nicodemus05 · · Score: 2, Interesting
    Reminds me of a quote:

    What we obtain too cheap we esteem too lightly. It would be strange indeed if so celestial a thing as freedom should not be highly rated. -Thomas Paine

    --
    while (!sleep){

    sheep++;

    }

  16. Re:This is not the second time by Vitus+Wagner · · Score: 2, Interesting

    Severety of Russian laws was always compensated
    by lack of obligation to follow them.

    There are laws, and there are operating instructions. They may contradict, but you'll have
    lot of problems if you would appeal to law.

    There always is something which they can incriminate
    cellular operator, such as some tax miscalculations,
    and thus withdraw license and push him out of business, if he wouldn't cooperate with FSB.

    So, SORM-1 (System for operative and searching actions) in cellular networks exists and operate.
    FSB may call cellular operator anytime and ask for cooperation.

    Internet community in Russia is more concerned
    about privacy and human rights, so SORM-2 (simular system in internet) recieve much more attention
    from press. look at http://www.libertarium.ru/libertarium/sorm if you can read Russian.

  17. Document Describing Standard Procedure. by Elvisisdead · · Score: 4, Interesting

    This document will tell you exactly what procedure is for wiretap.

    It also lists that: "In 2002, no federal wiretap reports indicated that encryption was encountered. State and local jurisdictions reported that encryption was encountered in 16 wiretaps terminated in 2002; however, in none of these cases was encryption reported to have prevented law enforcement officials from obtaining the plain text of communications intercepted. In addition, state and local jurisdictions reported that encryption was encountered in 18 wiretaps that were terminated in calendar year 2001 or earlier, but were reported for the first time in 2002; in none of these cases did encryption prevent access to the plain text of communications intercepted.

    --

    "Want in one hand and spit in the other and see which one fills up first." - My Dad
  18. Re:Standard FBI procedure is.. by cayenne8 · · Score: 3, Interesting
    So....could someone get into said VoIP phone...and 're-write' the perl script to turn things off?

    ;-)

    Also...what about people using PGPhone and such...wouldn't that be pretty tough for them to eavesdrop on you?

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........