GSM & A5

Owen Lewis oml at eloka.demon.co.uk
Wed, 23 May 2001 14:03:06 +0100 

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Ross Anderson
> Sent: 23 May 2001 09:46
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: GSM & A5
>
>
> There is an extensive discussion in my book about the design and
> consequences of GSM security. It's an interesting case study, as the
> mechanisms do quite different things for the different principals.
>
> * It helps the subscriber very little: it doesn't stop premium-rate
> scams, and although it blocks casual air-link eavesdropping it
> doesn't stop the big government agencies, who do almost all of the
> eavesdropping in the known universe.

Among other things, you're better at hyperbole than I am.

I don't know much about pan-galactic eavesdropping but I know something
about electronic eavesdropping in the UK and the odd place elsewhere.

AFAIK, the last attempt to quantify the amount of 'unofficial' electronic
surveillance being conducted was a Met study c. 1992. Before discussing that
it will be useful to have a quick reminder of what the main sources for
equipment for this purpose are.

	1. Around the world, there are small R&D outfits run by X, Y & Z nations.
These can develop almost any item to spec and but are equipped to produce a
one-off or short, hand-built runs of (say) up to 10-off. If the production
requirement is larger than that, it is cheaper to put out an OTT to commerce
for the system.

	2. Leading on from the above there are electronics manufacturers large and
small who will tender for such classified contracts.

	3. The small manufacturers that specialise in this type of work also supply
o'seas govts, NGO's, 'security' companies and other, mainly corporate
customers in good standing. These firms to not advertise and are unknown to
the general public. Were one to call one without a proper introduction, they
are unlikely to give one as much as the time of day.

	4. There are companies, some international and some very small that do
advertise and sell over the counter and by mail order and e-commerce. A
minority of these manufacture and most simply badge out devices produced by
firms in cat 3 or even, occasionally, in cat 2. Much of the stuff sold in
this category is heavily hyped and sells more on expectations rather than
performance but (most of) it does work to some extent. It's good enough for
the husband who wants to spy on his wife of the business man who wants to
spy on his partner. This, together with cat 3, is the only market that is
visible and in any way quantifiable. It is also without doubt the largest in
in terms of numbers of systems produces but not necessarily in terms of
value.

Working from the advertising spends and turnover figures from filed
accounts, The study of the UK cat3/4 market concluded that in the Met area
alone (and about 10 years ago), the gross sales of surveillance systems was
about £12M per year and on a rising trend. Taking the average price of a
system (then) as about £500, this means that about 24,000 systems per year
were being sold annually in the Met area.

Little or none of this stuff would have been for home govt use. Certainly, a
fair amount of this stuff is exported but there is also substantial but
unquantifiable importation from sales outlets in the US, Spain, Taiwan,
Japan, Denmark, France, Germany and Italy in particular.

By observation, until recently, the most common use of bugs was in domestic
or trivial disputes. Serious use in commercial espionage was relatively rare
but could be lethal to corporate life when it occurred. These days, it could
be that the largest group of users have become the police and some
non-national security oriented govt depts.

Go clubbing or to a massage parlour these days and watch for the chap in a
baseball cap. The cap is quite possibly fitted with a high definition
pinhole/wide angle camera and GHz band transmitter, with or without an audio
channel. Meet a game warden in some African game parks and their bush hats
may be similarly fitted.

Personally, I doubt that anyone knows the amount of watching and listening
that is going on. Certainly, the more one learns the more one needs
constantly to revise upwards any tentative estimate. whatever the total, its
colossal. My belief is that only a small fraction of the total is of a
'national security' type, as I would understand the meaning of that label.

re GSM etc:

> The moral is: don't ask `is this equipment secure?' but `for whom is
> this equipment secure?'

Sometimes. Often, the question might be 'for what purpose is this equipment
secure?'

Owen