Spying 2.0: from telco tapping to cyber-warfare

The spying row between the Abbott government and the Jakarta is still generating waves and while the impasse will eventually be resolved, the sound and fury surrounding the issue highlights a salient truth of the telecoms world.  

With stories coming in from all over the world about the prolific use of telecommunications to spy on what people are doing, the ball has been thrown back into the industry’s court, to do something about it.

In principle, ever since telecoms came into existence in the 1850s spying was high on the agenda of the people who started to use the new technology. In 1865, countries formed the International Telecommunications Union (ITU), which later became the first institution under the UN with all countries in the world signing up as members.

Until last year all decisions taken within the ITU were made without voting – they have always been able to reach a consensus, and this included the periods of two World Wars and the Cold War. The simple reason behind this was that no country wanted to be left behind in the telco race and they wanted to know what technologies others were implementing.

So, national security issues have been driving international telecommunications arrangements for nearly 150 years, with everybody spying, using more or less the same technologies. The ‘red phones’ in the White House and the Kremlin during the Cold War were good examples of this. They bypassed the interconnected international telecoms system and provided a unique and secure connection between the two Cold War leaders.

The grand disruption

The arrival of the internet and the mobile phone disrupted this unspoken status quo.

Telecommunications was no longer just the few calls that people would make during a day. It now consisted of their continued interaction with each other through the many new modes that have become available over the last 10-20 years.

On one hand this started to take control away from the traditional telecommunications companies as others became involved and started to build new services on top of the basic telecoms infrastructure; on the other hand people started to make use of telecommunications on a far more personal level.

On the technical side, the change from analogue to digital has meant that telecommunications now resembles information technology (IT), with traditional telephony technology making way for computer systems and software platforms.

With this change of technology two things happened. Firstly, there was no longer the one international standardised telecoms technology with a plethora of different technologies coming into play. Furthermore, control of the telecoms system was no longer solely in the hands of the traditional telecom monopolies. Market liberalisation saw a very large number of new players enter the market.

Power politics and the ‘Five Eyes’

From a security perspective the big change happened in the US after 9/11. Suddenly the message was driven home that new technologies had become key tools in a new political landscape. The US government responded by pumping billions of dollars into new security systems that took this new political and technical environment into account.

As everything was becoming digital, software and systems could be developed to hack into any information communication technology (ICT) system. If an ‘ordinary’ hacker with a limited budget can hack into the Pentagon, imagine what you can do with an enormous budget. You can hack into whatever you want; under those circumstances it is only a matter of how much money you want to throw at it.

At the same time the US government began looking for the most trustworthy allies it could find in order to make it easier for them to get a better global reach for their new spying machine. For their cooperation the allies would get access to this latest technology. This group is known as the ‘Five Eyes’ – USA, UK, Canada, Australia and New Zealand. But in the meantime, this access has been extended to other countries and, based on their level of ‘trustworthiness’ in the eyes of the Americans, new groups are known as the nine eyes, and another group, I understand, is the 11 eyes.

In general there have been plenty of warnings in the past regarding the lack of security in these modern ICT systems, but it was Edward Snowden who exposed the enormous extended spying system that the US security apparatus had built up over the last decade. It had become very easy for them to spy on whomever and whatever they wanted. It had become so easy that special warrants were no longer requested, as they simply would spy on anything and everything and then use the technology to find the needle in the haystack.

The 9/11 effect in reverse

What has happened in the last few months is like the 9/11 security effect in reverse. After the American government pumped billions of dollars into the development of new hacking technologies, it is now individual countries and companies that are putting billions of dollars into protecting their systems and their customers from the US spying machine (which, of course, could be anybody’s spying machine, including those of criminals).

There will not be many countries, or many ICT companies, that are not reviewing their security systems at the moment following the revelations gathered from the Snowden affair.

The Snowden revelations will almost certainly cause further embarrassment for the US government and its allies. Understandably, the immediate focus of the agencies will be damage control and it’s more than likely that it’s going to become very difficult for them to conduct this level of spectacular spying.

That window is closing very rapidly and the spy agencies will have to revert to the official policy – that is, ask for legal permission to spy into the affairs of certain people. The cat and mouse game perpetrated since 9/11, with unlimited purview and blanket coverage,  will be hard to sustain.

This is an edited version of a post originally published on November 25. Paul Budde is the managing director of BuddeComm, an independent telecommunications research and consultancy company, which includes 45 national and international researchers in 15 countries.