The NSA Has Access to Your Cell Phone’s Encryption Key. And Everyone Else’s Too.

Test ticker

Monika Bauerlein,
CEO

Dear Reader,

The next few months are make-or-break for Mother Jones’ fundraising, and we need more online readers to pitch in than have been of late. In "It's Not a Crisis. This Is the New Normal," we take a level-headed look at the brutal economics of journalism, why investigative reporting like you get from us matters, and why we're optimistic we can grow our base of support in a big way—starting with hitting a huge $300,000 goal in just three weeks. Please learn more and donate if you can right now.

The next few months are make-or-break for Mother Jones’ fundraising. We need to raise $300,000 quickly, and we need more online readers to pitch in than have been. Please learn more in "It's Not a Crisis. This Is the New Normal," where we go into the brutal economics of journalism, and what makes Mother Jones unique and worth supporting if you can right now.

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

The surveillance state, it turns out, is even bigger and badder than we thought. Previously, the story from the NSA has been: yes, we have access to petabytes of telephone metadata (who you called, what time you called, etc.), but we don’t have routine access to your actual conversations. And this even made a kind of sense: telephone companies store bulk metadata and can make it available to the NSA. They don’t record phone conversations. Besides, on cell phones those conversations are encrypted anyway.

But guess what? That encryption depends on a key stored on the SIM card inside your cell phone. If you have access to the key, you can listen in to all the conversations you want.

You know what’s coming next, don’t you? Here is Jeremy Scahill at the Intercept:

American and British spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ.

….The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.

….According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access….Most significantly, GCHQ also penetrated “authentication servers,” allowing it to decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network. A note accompanying the slide asserted that the spy agency was “very happy with the data so far and [was] working through the vast quantity of product.”

The folks at Gemalto say they had no idea any of this had happened. Apparently it was a very stealthy hack indeed. As you might expect, there is much, much more at the link.