In spite of the Washington Post being chosen by Snowdon to publish his “revelations” (a circulation-grabbing but arguably cyclical move), and in spite of accepting a Pulitzer prize for this irresponsible journalism, the paper is now calling for him to be prosecuted. Unlike the liberal Guardian in the UK, the US paper, which profited by his betrayal are now seeing the situation for what it is.
The long awaited ruling about whether the Safe Harbour agreement allowing free transfer of data concerning European citizens to the USA is valid under European Law has just been published. And it’s a doozie.
Basically a Safe Harbour agreement (note the use of the indefinite article here) means that you won’t be sent down the river for doing something that might otherwise be illegal. The specific Safe Harbour agreement in this case (2000/520/EC) says it’s okay for European data controllers to send whatever they like to the American’s because Uncle Sam is a good friend. This would otherwise be a no-no because you’d be giving up control over information that would otherwise be protected by European privacy laws.
This situation is currently being misrepresented in the popular press as being about Facebook (social media being their favourite subject after themselves); it’s not. It’s about all data. The case was brought by Austrian civil rights campaigner, Max Schrems in the Irish courts to test the legality of Facebook doing just this, as a high-profile example. A lot of American companies like to base their data centres in Dublin because, up until now, the Irish courts have been quite relaxed about what goes in compared with certain other European governments. (And lets not forget the tax breaks, and that Dublin is a nice place to be).
Hanging over this is the shadow of Edward Snowden (yet again), raising public awareness and anxiety over government access to PII. The fact that this PII is already in the hands of the likes of Facebook, Amazon, Microsoft, Google and Twitter with the full knowledge of the subjects doesn’t seem to matter – it’s the principle of the thing!
Anyway, the ruling basically says that the initial ruling is incompatible with European Law, and we can’t trust the Yankees to look after it without further safeguards. Where this leaves American companies with European data centres remains to be seen.
The most incredible revelation has just appeared on the BBC News web site. Apparently Edward Snowdon has revealed in a Panorama interview that smartphones can be taken over by sending them an SMS.
“The former intelligence contractor told the BBC’s Panorama that UK intelligence agency GCHQ had the power to hack into phones without their owners’ knowledge.” it begins. It continues with “Mr Snowden said GCHQ could gain access to a handset by sending it an encrypted text message and use it for such things as taking pictures and listening in.”
That’s pretty specific, and as I said, incredible. For anyone with a shaky knowledge for the English language, “incredible” means difficult or impossible to believe. If it were true, then one of the following must also be true:
- All the handset makers in the world would have to pre-install a wedge to intercept SMS traffic before the OS got to the hardware.
- Apple would have to be in on it; and there would have to be something hidden in the publicly available Android source code that no one had noticed.
- All the hardware used in smartphones would have the ability to intercept SMS and implement a hypervisor to manipulate the OS in way I can’t even comprehend (and with the chip maker’s collusion.
None of the above strikes me as very likely, so if there is any truth in it, what could it be?
The obvious answer is that GCHQ and the NSA have some dodgy Apps which, if you install them and give them permission, could do things on receipt of a SMS. Not such a big deal – criminals are doing this and I’d be surprised if governments weren’t in on that game too. He could also be referring to known exploits in some phone OSs that could be used to compromise its security. But the BBC quote is clear that this is something “new”, and applies to all, or at least the majority of smartphones. It does not say “some handsets”; the implication is clearly that all handsets can be pwned by the spooks whenever they want. I’ve kept the text of the original article, as I suspect they’ll be needing to change it!
It could also be that Mr Snowden is being grossly mis-represented in a case of sloppy journalism, or in a deliberate attempt to hype the forthcoming Panorama program. The term “encrypted text message” rings an alarm bell here; no one who knew anything about the subject would have used the word “encrypted” to refer to a specially crafted or encoded message.
Or it could be that the publicity-seeking Mr Snowdon has sold some credulous hacks a fairy story and they’ve lapped it up.