My colleague Christopher Soghoian testified today before the European Parliament at a hearing on the 鈥淓lectronic Mass Surveillance of EU Citizens,鈥 which is a response to widespread concern in Europe about the revelations of NSA spying. His brief testimony is worth reading in its entirety, but he told the lawmakers, in essence, that Europe faces a choice:
The security vulnerabilities in 鈥淕SM鈥 mobile telephone networks exploited by the NSA have been known in Europe for nearly two decades. . . . Your own law enforcement and intelligence agencies know that telephone networks in your respective countries can be spied on by anyone with the right equipment. They know this, because they have purchased and are using this equipment for surveillance. . . .
During the past few years, prominent security researchers have repeatedly warned about the flaws in mobile telephone networks that these 鈥済overnment-grade鈥漵urveillance devices exploit. Although interception once required a $50,000 commercial surveillance device to intercept calls, it is now possible for researchers, hobbyists, and hackers to build their own interception devices for a few hundred dollars. . . .
If you do not wish for the Americans, the Russians, the Chinese or any other foreign government to spy on the phone calls of your policy makers, business leaders and journalists, you must take action. However, protecting your telephone networks from such surveillance threats will also require the large-scale deployment of advanced encryption technologies that will thwart your own law enforcement and intelligence agencies鈥 use of the same interception technology.
American policymakers, of course, face precisely the same choice.