The alleged hacking of Sim maker Gemalto by UK and US spy agencies to steal mobile communication encryption keys is not a huge surprise, according to a Europol adviser on cyber security. <\/p>\n
If it is true, it is plausible that they would do this, but then I suspect every other significant communications interception intelligence agency will be doing the same, said Alan Woodward, cyber security expert and visiting professor at Surrey University. <\/p>\n
But Woodward believes the journalists who first reported the hacking have their own political agenda. So one needs to calibrate the way it is written with that in mind, he told Computer Weekly. <\/p>\n
There appears to be a desire in some quarters to conflate the ability to listen in on mobile calls with mass surveillance.I don't see that as the case. <\/p>\n
If it is true, the joint GCHQ and NSA operation simply shows intelligence organisations adapting to new technologies as they come along to make sure they do not go blind, said Woodward. <\/p>\n
If the encryption keys were stored on a computer network that the spy agencies hacked into, and Gemalto had no idea it had been hacked prior to the report by The Intercept, Woodward believes this suggests many others may have been into that same network for the same purpose. <\/p>\n
I'm afraid it's what secret intelligence services do, and personally I'd rather my country was doing it where there is at least some oversight of such operations, he said. <\/p>\n
But this again raises the whole issue of whether the UK government should be conducting such surveillance, even if it is under various rules. <\/p>\n
Just like policing, it has to be done by consent, said Woodward. And, if the population were to turn to the government and say 'you must dismantle this capability', then it should be clearly understood that this will have security implications. <\/p>\n
Woodward does not see this as a trade-off between privacy and security. He believes that although mass surveillance is undesirable, it is possible to have both privacy and security if there are appropriate rules and oversight. <\/p>\n
<\/p>\n