Smartphones and government surveillance

What does a smartphone have in common with a smart TV, a smart refrigerator, smart toaster or any other supposedly ‘clever’ piece of technology?

Ah, I’ve already mentioned tech, that’s left you stumped hasn’t it!

But it shouldn’t as the answer is amazingly simple: none of them are smart.

Or, to put it another way, “smart means exploitable” (quote ruthlessly stolen from Rik Ferguson).

And if you need any evidence of that, you need look no further than an episode of Panorama (iPlayer link, may not work outside of the UK without a VPN) aired by the BBC this week.

Filmed in Moscow, the program spoke to ex-NSA contractor-turned-whistleblower Edward Snowden who explained how security services could exploit security weaknesses in smartphones to totally invade a target’s privacy:

“It’s called an ‘exploit’, a specially crafted message that’s texted to your number like any other text message but when it arrives at your phone it’s hidden from you. It doesn’t display. You paid for [the phone] but whoever controls the software owns the phone. GCHQ is to all intents and purposes a subsidiary of the NSA”

Famed for blowing the lid on mass surveillance by the US National Security Agency, Snowden said the UK’s subsidiary – GCHQ – could gain “total control” over a smartphone and that there was “very little” the user could do to prevent that.

During the interview he went on to explain how GCHQ could gain access to a device by sending it an encrypted text message – that the user would almost certainly never be aware of – and then leverage a number of surveillance tools known as ‘Smurfs’ to engage in all manner of privacy-invading shenanigans.

Smurfs

Snowden said the security agencies “want to own your phone instead of you” as he went on to detail the various Smurfs and their individual functions:

  • Dreamy Smurf can be used to switch a mobile phone on or off without the user’s knowledge
  • Nosey Smurf can turn a smartphone into a ‘hot mic’ able to eavesdrop on any conversation within range
  • Tracker Smurf can locate a smartphone’s exact location with amazing precision
  • Paranoid Smurf is a self-defence mechanism, designed to hide the other Smurfs from view, by masking the manipulation by the secret services and making it incredibly difficult for a typical service centre to ever realise that anything was ever amiss with the device.

Taken together, Snowden explained that the full range of tools allows GCHQ to monitor “who you call, what you’ve texted, the things you’ve browsed, the list of your contacts, the places you’ve been [and] the wireless networks that your phone is associated with. And they can do much more. They can photograph you”.

Now many readers may be thinking so what – they don’t do anything illegal and GCHQ are never going to be interested in them or their mundane lives.

And that’s certainly true, for now at least.

But, as Snowden says, to collect information on suspected terrorists, paedophiles and other criminals, the security services need to collect massive amounts of indiscriminate data in order to identify their associates and targets – and that desire and thirst for data is only likely to increase in the future.

So, while I do recognise the need to keep us safe from the bad guys, I do wonder what a future government may do with all the information it has about me, you, and our children.

That’s why I call this program a gross invasion of privacy, facilitated by the exploitation of smartphones.

Whether or not you think a government taking advantage of security exploits on devices you own to keep tabs on suspected criminals is legal, ethical or downright creepy is, of course, a matter of opinion but GCHQ’s own position on the matter is clear:

“It is long-standing policy that we do not comment on intelligence matters.

All of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee.

All our operational processes rigorously support this position”.