Why "carnivore" type systems can't be (entirely) open source

[Ross Anderson]

Owen:

> > * From the point of view of the large-country intelligence agencies,
> > GSM was fine. They have access to local and international traffic in
> > the clear anyway, and A5/2 makes tactical signint against developing
> > countries easier.
> 
> Nah. Only the Sharks and the Jets (or equivalent ) could be thick enough to
> rely on GSM for COMSEC. Tac sigint would be a profligate overkill in
> resource allocation.

Come off it. During the last couple of coups in Fiji, USUKA dispatched
a frigate (Australian, Kiwi) to monitor stuff. You're not telling me
they didn't listen in to what officials said on their mobiles.
(Remember that case when a Northern Ireland minister got bollocked for
referring to Mrs Thatcher on his mobile as a cow?)

> >...And the second wave of GSM equipment is bringing
> > juicy features, such as remote control of handsets by the operator.
> 
> Now that's the bullseye.
> 
> Forget cipher. Current GSM has some interesting  features that lead to novel
> exploitations and large security holes. Some of these are now widely known
> and others perhaps not. I believe that they are controllable by those
> knowledgeable enough and disciplined enough to do so. The security problem
> becomes worse with DECT which is gaining largescale corporate acceptance. I
> do not yet see how the security problems (non-crypto related) that seem
> likely to arrive with UMTS can be countered.

My book also goes into 3gpp/UMTS security and how it's not that much
different. MITM attacks now need a false visited network, not just a
false base station, for example. But not much has changed really, even
if the crypto now appears to be kosher

> > * From the customer's point of view, GSM was originally sold as being
> > completely secure. The encryption of the air link certainly did stop
> > Squidgygate-style casual eavesdropping.
> 
> The Gaussian Modified Shift Keying with time division multiplexing within
> the duplexed channels, together with a degree of frequency agility, are
> quite sufficient to stop casual eavesdropping  with no need for cipher at
> all. The cipher is only necessary to defeat the organisations who could
> afford to buy pretty sophisticated technical solutions. That's not my
> definition of casual eavesdropping.

If there hadn't been cipher, then within a year or two the usual
suspects from Taiwan would have had a scanner on the market. It would
have been sold initially to cops and spooks for thousands but I expect
that fairly soon it would have been in Radio Shack for a few hundred.

> >But almost all the phone
> > tapping in the world is done by large spook agencies, to whom the
> > encryption doesn't matter much.
> 
> Not quite. The last time (c.1994) I got a calculated estimate of the value
> of over-the-counter bugging/tapping  systems sold in London alone the
> turnover was UKP 12m a year. For the simple stuff that, mainly,  is sold
> over the counter/mail order that roughly represented somewhere upstream of
> 24,000 units per year being sold retail in London alone. My personal view is
> that this figure will have increased over the intervening years. This stuff
> is mainly used domestically or for low level corporate espionage (boss bugs
> sec/partner bugs partner etc). The better quality stuff is never advertised
> nor is it particularly easy to obtain by the general public.

Oh, sure, the total private bugging/tapping market is somewhere in
eight figures. But most of this is `technical surveillance', i.e. room
bugs. I was referring to phone taps, which are quite different (and I
was not including cases where one of the participants does the tap).

Nonetheless, Owen, I am reassured that our analyses agree on 80% or
so of the relevant issues!

Ross