Why "carnivore" type systems can't be (entirely) open source

Owen Lewis oml at eloka.demon.co.uk
Wed, 7 Feb 2001 21:26:48 -0000 

----- Original Message -----
From: "Nicholas Bohm" <nbohm@ernest.net>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: 07 February 2001 12:20
Subject: Re: Why "carnivore" type systems can't be (entirely) open source


> Since a call from a GSM phone passes over the terrestrial system, it is
> always vulnerable to those with access to that system, e.g. the local law
> enforcement and intelligence communities.

Exactly so and that is why the system provides no more than conditional
privacy. GSM cannot be termed a secure system. It was never intended to be,
nor does the public at large believe it to be so in so far as they think
carefully about  security at all).

What the broken character of GSM
> adds in the way of vulnerability is access by foreign intelligence and
> perhaps law enforcement communities, without compliance with any local
> safeguards that may be in place.

You might think so but in fact both can usually get what they want from GSM
regardless of the strength of the cipher and without requiring to 'break'
that cipher. This is caveated by the cost and relative inconvenience to the
ways of doing it , the combination of which law enforcement in the main
cannot afford. There has been great market pressure over quite a few years
for a man portable GSM decoder that can be used on every occasion that the
decoder can be brought within range of the GSM user. The requirement has
been for a system that will allow immediate action 'on information
received'. Poor little GSM has manfully withstood this pressure until the
very last few months of its life before likely targets will migrate rapidly
to UMTS. The remaining 'window of opportunity' is now too small to make
commercial sense out of developing such a decoder. However, given that the
crack on a PC has been published one or two may be custom built here and
there.

> >        -    Despite the conditional nature of the privacy afforded to B
in
> >GSM, B has flocked en masse to the system and finds that, in the main,
the
> >level of privacy provided suits his need.   That you and some others
> >vehemently disagree with B in this matter has not influenced B's desire
to
> >adopt GSM in the least. It is B's wishes and none other than has
determined
> >both the past success and assured the future of GSM type cellular
wireless
> >telecom system design.
>
> I doubt if the analysis above was appreciated by B, on account of (ST)O,
> and B didn't have any other choice anyway.  If there had been a second
> group of GSM phones on the market at the same cost but without the added
> vulnerability described above, market choice might have been evidence one
> way or the other.

The answer falls into two parts:

    1. He had the choices either to stop using cellphones altogether of the
risks inherent in the systems, to decline to migrate from TACS to the GSM
because he saw insufficient advantage in doing so (this has killed other
telecom developments such as UK CT2) or to migrate quickly and voluntarily
to GSM. He chose the last. IMO mainly because of its much higher level of
resistance to cloning and because of the pretty good privacy it affords.
Yes, GSM privacy is conditional but there has been no substantial pressure
for better.

    2. The hypothesis of a very secure challenger to GSM  could never have
been a reality. Under current UK/EC rules such a system would have to fall
into the Dual Use category of systems, with all the restrictions on sale
that entails. It would have been a commercial failure since to succeed a
cellular wireless telephone system needs a mass market. You know of the
secure voice cryptosystem called NAUTILUS? Source code for that has been on
the net for many years. There has never been an appreciable exploitation of
it.
>
> >STO is an old saw. However, sometimes even an old saw can be employed to
> >fine effect by a skilled craftsman.
>
> But hardly to improve security, in this case.

STO has, for convenience, been adopted in this thread as the acronym for
'security through obscurity'. Had not the medium strength cipher in GSM been
protected for many years from cracking by the fact that it took determined,
knowledgeable outsiders that long to penetrate the obscurity of the cipher
design, GSM's privacy would have been breached at will by all the heavy
private dicks and minor govt snoops who would have loved to have done so. It
is STO and some pretty fine calculation of the delay to a crack that should
be caused thereby that made GSM the success it has been.

Nothing to do with its cipher could ever have made GSM a secure system. What
STO afforded was pretty good privacy to be enjoyed by millions of users  in
all walks of life for up to a decade.

Owen