- Development & Aid
- Economy & Trade
- Human Rights
- Global Governance
- Civil Society
Monday, September 15, 2014
- The U.S. National Security Agency’s (NSA) surveillance and telephone data collection programme has come under heavy fire for violating privacy laws, even as the U.N.’s new telephone network appears vulnerable to hackers and eavesdroppers. A five-year, 2.1-billion-dollar refurbishment of the U.N. headquarters building was aimed at modernising the 39-storey infrastructure, making it more energy efficient and technologically advanced in order to keep pace with the global digital revolution.
As part of this process, however, the 63-year-old Secretariat has also been equipped with a sophisticated telephone network by Cisco Systems, which apparently has the capacity to collect phone data and track all incoming and outgoing calls made by staffers as well as diplomats, if they access U.N. phones in the delegates’ lounge or elsewhere in the building.
“If and when the U.N. administration wants to intercept communications, it will now have the capacity to do so in violation of one’s privacy,” a U.N. source familiar with the new network told IPS.
But that does not necessarily mean the current administration is already doing so, he added.
Barbara Tavora-Jainchill, president of the United Nations Staff Union, told IPS, “Yes, we have this new phone system but never heard that it has this capability.”
“If it does, I believe the U.N. Administration should immediately act so that the information exchanged through telephone and internet by staff and diplomats is fully protected and kept private,” Tavora-Jainchill added.
She pointed out that each extension holder in the new phone network has a personalised access code, and outside calls are allowed only after the code is punched in.
Staff members allowed to make long distance calls also have to specify whether the call is for personal or business purposes, with the former being paid for by the staff member. This was true in the old phone system as well, she said, but “the capability of the new system is news to me.”
Asked for his comments, U.N. spokesperson Martin Nesirky, told IPS, “The Secretariat has indeed upgraded its telephony system to a modern ‘IP telephony’ system that uses Cisco equipment and technology.” He said the upgraded system converges the data and voice communications infrastructure, resulting in cost savings and the ability to integrate the phone system into various information technology (IT) systems.
Nesirky insisted the system does not provide any additional “monitoring” features that were not already present in the old analog system, and it also does not provide a function to “monitor internet traffic”. However, he admitted, “the Secretariat already collects connection data about incoming and outgoing calls, in order to provide usage-based billing, and perform troubleshooting, diagnostics, statistical analysis and performance tuning.”
All such monitoring, he pointed out, is performed pursuant to a 2004 memo by then Secretary-General Kofi Annan (ST/SGB/2004/15) titled, “Use of information and communication technology resources and data”.
The U.N. source familiar with the workings of the network told IPS the phone logs are a treasure trove, with detailed history of all outgoing and incoming calls. “It’s an addition to logs on your entrances and exits…recorded at the turnstiles inside the building.” With these phones, he said, finding out about one’s calling activity is easy. He also said he does not know who has access to such logs and what confidentiality, if any, exists, and that calls could easily be recorded if someone is being investigated. “It is safe to assume all calls are monitored, and if you don’t want anybody to know that you are calling someone, it’s better not to use such phones, and use your cell phone or Skype,” he added.
The Germany-based Spiegel Online International reported last week that NSA technicians have managed to decrypt the U.N.’s internal video teleconferencing (VTC) system as part of its surveillance of the world body.
The combination of this new access to the U.N. and the cracked encryption code have led to “a dramatic improvement in VTC data quality and [the] ability to decrypt the VTC traffic,” the NSA agents have noted.
In the article, titled “How America Spies on Europe and the U.N.”, Spiegel said that within just under three weeks, the number of decrypted communications increased from 12 to 458. Meanwhile there have been published reports that Cisco Systems outside the U.N. have been hacked.
A January online article by Dan Goodin, information technologies editor at Ars Technica, says internet phones sold by Cisco Systems are vulnerable to stealthy hacks that turn them into remote bugging devices that eavesdrop on private calls and nearby conversations.
The networking giant warned of the vulnerability almost two weeks after a security expert demonstrated how people with physical access to the phones could cause them to execute malicious code.
Cisco has reportedly released a stop-gap software patch for the weakness, which affects several models in the CiscoUnified IP Phone 7900 series.
The vulnerability can also be exploited remotely over corporate networks, although Cisco has issued workarounds to make those hacks more difficult.
“Cisco recognises that while a number of network, device, and configuration based mitigations exist, there is no way to mitigate the physical attack vector on the affected devices,” the company’s advisory stated.
“To this end, Cisco will conduct a phased remediation approach and will be releasing an intermediate Engineering Special software release for affected devices to mitigate known attack vectors for the vulnerability documented in this advisory.”
The vulnerability is the latest reminder of privacy threat posed by today’s phones, computers, smartphones and other network-connected devices, according to the article.
Because the devices run on software that is susceptible to hacking, they can often surreptitiously be turned into listening and sometimes spying vehicles that capture business secrets or intimate moments, it added.
Spiegel said the NSA caught Chinese spying on the U.N. in 2011. And NSA agents succeeded in penetrating defences to “tap into Chinese SIGINT (signals intelligence) collection,” describing it as “how spies were spying on spies”.
Based on this source, the NSA has allegedly gained access to three reports on “high interest, high profile current events”. The internal NSA documents correspond to instructions from the State Department authorised by then-U.S. Secretary of State Hillary Clinton in Jul. 2009.
The 29-page report, “Reporting and Collection Needs: The United Nations”, called on its diplomats to collect information on key players at the United Nations. According to this document, the diplomats were asked to gather numbers for phones, mobiles, pagers and fax machines.
They were called on to amass phone and email directories, credit card and frequent-flier customer numbers, duty rosters, passwords and even biometric data.
When Spiegel reported on the confidential cable back in 2010, it said the State Department tried to deflect the criticism by saying it was merely helping out other agencies.
“In reality, though, as the NSA documents now clearly show, they served as the basis for various clandestine operations targeting the United Nations and other countries,” Spiegel added.