The Edward Snowden leaks pertaining to data collection by intelligence agencies has thrown a spotlight on government surveillance over-reach, and most would believe that the impetus for the enhanced monitoring was in reaction to the infamous September 11, 2001 attacks that brought down the World Trade Centers in New York, but the government’s desire to access communications data apparently goes back much further.
Individuals who participated in the drafting of Europe’s mobile network known commonly as the GSM (Global System for Mobile Communications, originally Group Spécial Mobile), now say they were pressured by government agencies in the 1980′s to weaken encryption standards to facilitate surveillance activities.
In question is the A5/1-encryption standard the GSM employs, which is still only 54 bit, and the British government had advocated for an even weaker 48 bit encryption to be used in the mobile network.
“Originally we proposed that the encryption key length should be 128 bit, because we knew little about cryptographic systems, and how secure they were. The request was that the keys and algorithms should be secure at least for 15 years after the installation,” said Jan Arild Audestad, a professor at Gjøvik Universty College and the Norwegian University of Science and Technology, one of the GSM architects.
“They wanted a key length of 48 bit. We were very surprised. The West Germans protested because they wanted a stronger encryption to prevent spying from East Germany. The compromise was a key length of 64 bit – where the ten last bits were set to zero. The result was an effective key length of 54 bit,” Audestad claims.
The Washington Post reported in December that encryption experts advocated for strengthening A5/1 encryption, or to scrap the standard for newer ones that are much more difficult to crack, but the majority of telecoms around the world have not done so, “even as controversy has intensified in recent months over NSA collection of cellphone traffic.”
“We cannot rule out the option that NSA now has the capacity to crack 128 bit encryption. But several experts we have spoken to, says that is very unlikely, unless there is another weakness in the encryption,” Audestad said.
Categories: Top Security Stories