By Matthew E. Milliken
Feb. 26, 2015
At least once a month, I’ll read through recent posts on Kevin Drum’s blog at Mother Jones. When I did this the other day, I ran across something that I found extremely startling, especially because I hadn’t heard or seen it mentioned anywhere else.
Last week, Drum wrote about a lengthy investigation by First Look Media’s Jeremy Scahill and Josh Begley. The duo, using documents provided by Edward Snowden, the infamous National Security Agency leaker, revealed that American and British spy agencies have compromised a significant number of the encryption keys that are supposed to protect the privacy of the communications of cell-phone users.
(Scahill co-founded First Look with journalist Glenn Greenwald and filmmaker Laura Poitras, both of whom collaborated with Snowden to publicize information from his confidential documents. Poitras’s documentary about Snowden and his leaks, CitizenFour, was named the best documentary film of 2014 in Sunday’s Academy Awards.)
Scahill and Begley write that the NSA and its British equivalent, GCHQ, targeted Gemalto, the multinational corporation that manufactures SIM cards for hundreds of cell-phone networks. SIM cards handle a variety of functions — they store contact information, guard against fraud and, yes, encrypt phone conversations, text messages and other data transmissions.
The SIM card is a kludge; it was originally designed to prevent billing fraud, and enabling privacy was added to its list of functions later on. So it was never an ideal tool for ensuring confidential communications to begin with.
Conditions become even less ideal when one company, Gemalto, makes a large proportion of commercially produced SIM cards, and when two spy agencies deliberately infiltrate that company’s computer systems in order to steal encryption keys.
I can’t fathom why no one is discussing the extent to which the American and British governments appear to have compromised private mobile communications. The original revelation of Snowden’s leaks, back in 2013, created a firestorm; also, some conservative pundits are enamored with the allegation (based on very tenuous evidence, to my mind) that President Obama has been using the NSA and the Internal Revenue Service to spy on his political enemies.
So why does no one seem to be talking about this? I think there are two reasons.
One is that this story is a bit complicated to describe. On the one hand, boiling it down to “The U.S. government is eavesdropping on all of our cell phone communication” isn’t quite accurate. On the other hand, boiling it down to “The U.S. and British governments have compromised the computer systems and security measures of a multinational corporation that makes many of the SIM cards that are supposed to ensure mobile communication privacy” lacks a certain emotional charge.
Also, it’s not clear how exactly citizens of democratic republics should respond to stories like this. Clearly, I don’t want the government to have the ability to spy on all of my (or all of anyone’s) cell-phone transmissions without a warrant. But how does our society draw a bright line between spying that is completely legitimate — that is, eavesdropping on people who are planning to blow up a bridge — and spying on Jane and John Q. Public?
There’s no simple answer. And even if there were, there would be certain disadvantages in explaining it to the public: After all, the clearer we make our rules about security and spying measures, the easier it is for malevolent actors to evade them.
The tension between the needs of the security apparatus and the principles of an open, democratic society has always existed, and it always will exist. There’s no clear-cut solution to this kind of dilemma, and there never will be.
I just wish I had confidence that the people in government — especially Congress, who are supposed to represent the will of the public — and the public itself were doing more to engage with the problem.