Privacy Chernobyl in Bonn

That gaggle of elite geeks who have been arguing against the horrible possibilities an internetworked world offers to fraudsters and state bullies for years have often said that one day, there’ll be a horrible crunch. A disastrous moment of truth. As Chernobyl finished the reputation of nuclear power for 20 years, the Privacy Chernobyl will kibosh all those monster database schemes for the foreseeable future. The subtext is perhaps that whatever the damage may be, it’s the collateral damage we have to accept to stop the bastards overrunning us.

What if, however, the first people to catch it were pompous German executives? Some would fear this wouldn’t draw any moral reaction from the public – who cares what happens to the bastards? Others might think it’s precisely their outrage that would finish the buggers quickest. It seems, though, that the Privacy Chernobyl might already have happened, in Germany. Scandal has been raging around Deutsche Telekom for a while; the monster telco, one-third state-owned, has been caught spying on members of its supervisory board, and much worse, journalists and trade union reps. Der Spiegel burst the story, interviewing the boss of a Berlin information security firm that was given the raw data from DTAG’s systems to analyse. He’s singing like a canary. DTAG promised that it was all over by the time the current CEO took over, but it turned out that the security firm was receiving money years later, money that came from the same cost-centre as the CEO’s office.

But this is far from the worst that might have happened. It wasn’t so much the content of the calls that was being spied upon, but rather their metadata. This is something one learns quickly on joining the telecoms industry – it’s the signalling that matters. The SS7 signalling traffic on a mobile network contains a treasure of information on who telephones, with whom, and from which geographic locations. Matching the dumps of data, they would have been able to trace the movements of the targets, their social networks, and who they met with.

It gets worse. Last week, Der Spiegel revealed that Lufthansa had also trawled its frequent flyer files in order to find out who a particular hack was getting information from. The real killer was, though, the suggestion that the two companies’ security departments might have swapped data – it turns out there is a strong old boys’ network between the security organisations German industry set up during the extreme-left terrorism of the 1970s, and something like a black market in database tables. Lufthansa’s frequent flyer programme offers benefits on all kinds of other stuff, including railway tickets and their own virtual mobile phone operator (MVNO), and a credit card – there’s a lot there already, but the kicker is that most big German companies outsource their expenses management to the same Lufthansa division that runs the loyalty scheme. And the journos were run through the same analysis.

Quite possibly, an entire corporate elite’s movements, communications, and tastes may be compromised. Everyone involved is already in the deep shit, as the rights to privacy and to freedom of the press are guaranteed by the German constitution, to say nothing of the ordinary law. If the radioactive smoke isn’t already billowing over the countryside, the containment vessel is bulging and glowing.

But there’s an odd detail here – T-Mobile USA refused to participate in illegal surveillance operations, like Qwest and no other US telcos. I have always believed that the reason for this was that T-Mobile, alone among telcos, has on-network transatlantic roaming. Due to the fundamental principles of GSM, T-Mobile subscribers from Germany, Holland, the UK, or indeed any other T-Mobile network in Europe, would have been spied on in the US with the involvement of T-Mobile in their home country, because their Home Location Register (HLR) would have been queried for every network transaction that occurred in the US. (It’s the signalling, remember.) This would have obviously had very serious legal consequences back in Europe.

Zurück durch Technik

Another Euro 2008 open thread but one in which we feel compelled to note how tonight’s match was an insight to the central role of television in the experience — as evidenced by how flat things went (at least where I was watching) when the global TV feed apparently collapsed for significant portions of the second half, including the 2-1 and 2-2 goals.  At least it was back in time for Lahm’s emphatic finish on the winner.

Serbia almost has a government!

It looks like Boris Tadic’s Democrats have hammered out a coalition with the small but crucial-for-a-majority Socialists. They tried to convene Parliament a couple of days ago, but the soon-to-be-opposition parties disrupted it. They’re trying again today.

If they do form a government, it would be after a mere 44 days of negotiation. This is, by Serbian standards, blinding speed; both the last two majorities took over 100 days to hammer out.

The negotiations for the new government have been shrouded, not so much in secrecy, as in disinformation and confusion. So it’s not yet clear who’ll have which Ministry, nor what prices are being demanded and paid.

The new government will, we are told, be more “pro-European”. Just what that means remains to be seen. It’s pretty clear they won’t be interested in meaningful negotiation over Kosovo; the best that can be hoped for is that they won’t continue the previous government’s policy of half-heartedly trying to stir up trouble in Kosovo’s Serb-majority north.

Still, watching with interest.

Hard to hide from trouble

It wasn’t clear over the weekend how the Zimbabwe crisis could manage to get more complicated but now we know: Morgan Tsvangirai has taken refuge in the Dutch embassy in Harare.  It seems that he was left with little choice since, far from seeing his withdrawal from Friday’s “election” as a concession, the state security apparatus was taking the opportunity to crush the MDC.  A few things now seem clearer.  First, the EU is now drawn into the crisis more than before.  The US and UK are probably relieved that it wasn’t their embassies.  Second, the regional approach to crisis resolution has failed i.e. leaving it to the Southern African Development Community.  And it has failed because of Thabo Mbeki [Incidentally, I once heard a South African political comedian observe that you can't spell Thabo without Botha].   Any notion that Mugabe had enough reasonableness left in him to ease towards a compromise is gone — his plan was to unleash all the thugs this week, no matter what.    Anyway, one hopes that the EU can look up long enough from the Irish dossier to see a crisis looming.

Political Football

As some parts of Europe prepare for Jean-Claude Juncker’s “Club of the Few” while others fall by the wayside, it’s time to look back at how we got here. Nothing unites Europeans like football, and this year’s Euro 2008 tournament is turning out to be one of the best in a long time, maybe ever. What else could have us feeling sorry for Switzerland and cheering for Austria? Isn’t Europe a more harmonious entity without the English? Would Brussels be paralysed by protests today if Belgium had qualified? And would Ireland have voted No if they were in the tournament?
Part of the fun of football is the way in which it overturns the international order of power politics.

Continue reading

Euro 2008 open thread

With the obvious topic being that breathless incredible match in Geneva.  Now while the superlatives like “best match ever” should be held in reserve (particularly given the extent to which the goals turned on simple mistakes — and possibly the Geneva rain), the Turks did a great job, especially in staying positive after conceding the second goal.  Tacticians will argue that the Czechs gave them far too much space down the right wing and left the opening.  Anyway, sorting out who plays goalie in the quarterfinal against Croatia will seem like a minor problem tonight.

Pass the parcel

UK Foreign Secretary David Miliband provided indication today of the emerging EU strategy for dealing with the Irish No to Lisbon: it’s being left up to the Irish government to sort it out, but with a reminder of the high stakes should they choose to accept the referendum result.  Or, as Miliband colourfully put it

If you like he’s [Irish PM Brian Cowen] got to decide whether or not to apply the last rites. We’ve got to listen to his analysis of what went wrong

Yet Miliband also insisted that UK parliamentary ratification would go ahead next week, which will be hard to defend from Tory attacks that it reflects a presumption that the Irish will be talked out of their rejection, since otherwise ratification is pointless.   One wheeze floated in yesterday’s Telegraph (see also) is that Ireland would be left on the sidelines as the other 26 agreed to implement Lisbon on their own, with the Irish catch-up taking place by attaching the Lisbon provisions to an Irish parliamentary ratification of Croatia’s EU accession, whenever that happens.   But the fact that such schemes are out there is just one indication that the ministers don’t yet really have a well-laid out plan for how to proceed.