Archive for October, 2013

Merkel’s Telephone: How Secure Does She WANT it to be?

Monday, October 28th, 2013

The news that the NSA has been listening in on German Chancellor Angela Merkel’s cellphone had me wondering, as a techie who has paid some attention to computer security, how would I recommend the Germans secure her phone?  It is an interesting puzzle to think through.  And part of my approach would involve other European countries, pick an open source cellphone encryption program, and work it over, audit all its security aspects, make improvements, and put a EU stamp of approval on it. Make sure it really is secure.

Then yesterday I read something about what is known about how her calls are secured and was disappointed that they apparently use proprietary encryption products. This is a mistake. You don’t know what is in a commercial product, with secret source code, mostly no one does, not even the commercial folks producing it.  Remember the Swiss company Crypto AG?  They had an NSA backdoor in their encryption products.  A lot of people worked on that product and a lot of people used it, and most of them didn’t know what they were using, they didn’t know that the NSA had a backdoor because it is easy to hide something in a commercial product.  With open source programs it is harder to hide something, because it has to be in plain sight. If Merkel wants security she should use open source. And if she isn’t sure an open source program is secure she should put some talent on going over it with a fine-tooth-comb to find and fix any holes.

And, there is the question of what the NSA heard: did they crack the encrypted calls or just the regular calls between her phone and regular phones?  If Merkel wants to make secure calls the other person on the call needs to be on a secure call.  If the NSA can listen to everyone then there is no one for Merkel to talk to.

How much does she care?  The German government has its own security services, do they listen in on phone calls, too?

Ah, there is the rub: If she wants her population to be easy to listen in on, she is easy to listen in on, at least if she wants to talk to anyone outside a small circle.

How much privacy does Merkel want for herself? How much privacy does Merkel want for others?

-kb, the Kent who feels like less of a crank in recent months.

© 2013 by Kent Borg