Hello Garci? Hello Jun and Joey? At a joint Civil Society and Tech community round table on eGovernance earlier this year, the topic of mobile phone wire-tapping came up. The question was, is it possible to eavesdrop on cellphone conversations and intercept text messages?
Cracks for GSM encoding have already been posted on the Web, but network experts say this is not enough. One could surreptitiously install a virus-like program on the target phone that will record conversations and messages for later retrieval, but this would require physical access to the phone. Alternatively, one could position oneself to monitor and intercept all transmissions between the phone and the nearest cellular site; difficult at best, particularly if the target is moving.
When the detailed technical discussions finally settled down, it seemed that the most straightforward way of monitoring cellphones is from a central site; that is, from the telco’s network centers, whether their assistance is provided aboveboard or off the record.As a practical matter, there are so many SMS messages floating around that there is some privacy to be gained in sheer numbers. A lot of faxes are also sent each working day. But it would be far easier to simply tap a (fixed) landline and intercept fax messages, rather than intercept SMS. Which is why I smile when lawyerfriends say they prefer fax to email because they feel it is more “secure.”
Also, in many cases, the most vulnerable point isn’t technical, it’s human—at the user end. An example from a local mailing list: There was this couple who bought matching his-and-hers cellphones. One day, she picked up his phone by mistake. The relationship came to an abrupt end soon after she scanned the stored text messages.
Back Up Phone Data Online
Cellphones are hardly the sole point of security and privacy leaks. One accountant goes into a minor panic and quickly logs off her account whenever someone else has to use her computer. She syncs her phone to the computer and apparently there’s something from her phone that is stored on the computer that she’s more than a bit embarrassed about. Still, it’s a good idea to synchronize your phone’s data (and settings) to a computer as a back-up measure in case you lose your phone. There are online sites for this, including http://mobile.yahoo.com/. But this does create yet another data store, each of which is a vulnerable point.
On any computer, “cookies” and “histories” provide a detailed trail of the sites you’ve visited. Adult entertainment websites are notorious for embedding tracking information. These are easily found on your computer and can be analyzed by anyone, from cyber-forensics experts to your friendly neighborhood office geek, to the technician at the computer shop. Spammers will also embed graphics and false links in HTML e-mail to notify them when you’ve opened their e-mail message.
Telcos can also track your rough whereabouts by simply noting the cell sites your phone connects to. For high-end phones with built-in GPS, a virus-like program could actually create a continuous, detailed log of where you are and where you’ve been.
There are already SIM-loaded devices that can be installed in cars and trucks to track their movements. Initially intended for trucking and distribution businesses, one pioneer tells me that installations of these vehicle-tracking devices have been highly popular on SUVs and high-end cars, particularly those used by wives or girlfriends.
Small electronic passes at expressways and train stations can keep tabs on your load balances. These wireless “ePasses” use RFID (Radio Frequency ID) technology that does not, as yet, store information on your actual identity but can be so used.
Next generation machine-readable passports can include RFID technology. RFID chips are so small that logistics and courier companies already use them to track packages around the world. Some universities have already embedded RFID chips in their student ID cards. Posh hotels use RFID in keycards as well as security and housekeeping systems. Fairly soon, I expect to find RFID in ATM and credit cards.
Will we soon be little moving dots in a video game? Will the powers that be watch us constantly and even perhaps influence our movements?
Currently the general consensus is that widespread (as opposed to specific, usually politically-targeted) surveillance of online and mobile communications is not yet the norm. Also, despite some sporadic and not very successful attempts by some telcos to limit the sites you visit to those within their “walled gardens,” Philippine Internet access still remains generally free and unfettered. At the moment, you are still free to wander, both online and in real life. Big Brother isn’t
watching too closely—YET.
print ed: 08/08