According to top-secret documents given to The Intercept by Edward Snowden, British and American spies stole encryption keys from the largest SIM card manufacturer in the world. This is a huge deal because it means it could be way, way easier for the NSA to conduct widespread surveillance of encrypted communications without ever asking permission or even letting on that it’s doing so.
With these stolen keys, the NSA and GCHQ (the British equivalent) have the ability to conduct surveillance on our phones without getting warrants or asking permission from telecom companies or foreign governments. The SIM card manufacturer, Gemalto, sells to over 450 wireless carriers worldwide, so the theft gives spies a tool to unlock an untold number of encrypted communications.
It’s a hell of a heist, documented by The Intercept’s team in highly disturbing detail:
Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”
This is bad news for pretty much anyone with a phone, since it’s highly likely that your phone contains a Gemalto-manufactured SIM card, and that means any attempts on your part to encrypt communications is futile. It’s also bad news for governments other than the US and UK, since these encryption keys give them an easy way to spy in foreign countries without asking permission (that they’d never get). And it’s really bad news for Gemalto, since the NSA and GCHQ cyberstalked and hacked its employees to obtain the keys.
Obama has been talking the talk about curbing abuses of power when it comes to surveillance, but reports like these highlight how broad and unfettered the NSA’s spying missions are, and how thoroughly they shit on any notion of a reasonable expectation of privacy. This needs to end. [The Intercept]