Sunday, October 09, 2011

Liam Fox: Not Fit For Purpose

OK, so "Not All That" Foxy Liam Fox is in trouble.
"He is an odd bloke," said one fellow minister. "He has fingers in so many pies that you kind of think one of them will land him in trouble somewhere along the line."

Another Tory MP said Fox's tendency to name-drop and brag about his close friendships with Republicans in the US, media magnates such as David and Frederick Barclay (owners of the Daily Telegraph), and his endless globe-trotting, even before he entered the cabinet, has made many bristle and help explain why he has plenty of enemies in the Tory party and in Whitehall. "I think you either roll with the bluster or find it repellent," said a Tory MP.

Ah, one of them. Anyway. Part of the problem is this famous meeting where his bestie Adam Werritty just happened to turn up. What was on offer? Well, a product called Cellcrypt, whose makers were trying to sell it to the MoD to stop evilly-disposed persons from eavesdropping on British soldiers' phone calls back to the UK. (Note: this is going to be long. Technical summary: voice encryption apps for GSM-style mobile networks can guarantee that your call will not be overheard, but not that your presence cannot be monitored, and not necessarily that the parties to your calls cannot be identified.)

Back in the early days of Iraq, the CPA permitted one mobile phone operator in each of its three zones to set up. The British zone, CPA-South/Multinational Division South-East, let the Kuwaiti national telco, MTC (now Zain and busy running Mo Ibrahim's old Celtel business into the ground) set up there with a partner some of us may have heard of. It's from Newbury and it's not a pub or an estate agency and its logo is a big red comma...funny how Vodafone never talked that particular investment up, innit? Anyway. Later the Iraqi government did a major tender for permanent licences and Orascom got most of it, but that's another story.

One thing that did happen was that soldiers took their mobiles with them to Iraq, and some of them pretty soon realised that buying a local SIM card in the bazaar was much cheaper than making roaming calls back to the UK. Either way, lots of +44 numbers started showing up in their VLR, the big database that keeps track of where phones are in a GSM network so it can route incoming calls.

Pretty soon someone who - presumably - worked for the MTC-Voda affiliate and whose purposes were not entirely aligned with Iraq The Model realised that you could use the VLR to follow the Brits (and the Yanks and the Danes and the Dutchmen and Kiwis and all sorts of contractors) around. Not only that, you could ring up their families in the UK and make threats with the benefit of apparently supernatural knowledge.

This obviously wasn't ideal. Efforts were made to mitigate the problem; soldiers were discouraged from using local GSM networks, more computers and public phones were made available. The eventual solution, though, was to get some nice new ruggedised small-cell systems from companies like Private Mobile Networks Ltd., which basically pack a small base station and a base station controller and a satellite backhaul terminal into a tough plastic box of a suitably military colour. You open it up, unfold the antenna, turn on the power, and complete some configuration options. It logs into the mobile operator who's providing service to you via the satellite link.

Now, because radio signals like all radiation lose intensity with the inverse square of the distance, you'll be vastly louder than everyone else. So any mobile phone nearby will roam onto your private mobile network and will be in the UK for mobile phone purposes, a bit like the shipping container that's technically in Egypt at the end of Four Lions. And none of this will touch any other mobile network that might be operating in your area. Obviously you can also use these powers for evil, by snarfing up everyone else's traffic, and don't for a moment think this isn't also done by so-called IMSI catchers.

You're not meant to do this, normally, because you probably don't have a licence to use the GSM, GSM/PCS, or UMTS frequencies. But, as the founder of PMN Ltd. told a colleague of mine, the answer to that is "we've got bigger tanks".

So, where were we? Well, the problem with trying to do...something...with Cellcrypt is that it doesn't actually solve this problem, because the problem wasn't originally that the other side could listen to the content of voice calls. Like all telecoms interception stories, it was about the traffic analysis, not the content. Actually, they probably could listen in as well because some of the Iraqi and Afghan operators may not have been using up-to-date or even *any* air interface encryption.

But if you're going to fix this with an encryption app like Cellcrypt, you've got to make sure that every soldier (and sailor and diplomat and journo and MoD civilian) installs it, it works on all the phones, and you absolutely can't make calls without it. Also, you've got to make sure all the people they talk to install it.

And the enemy can still follow you because the phones are still registering in the VLRs!

So, there's not much point relying on OTA voice encryption to solve a problem that's got nothing to do with the voice bearer channel. However, bringing your own small cell network certainly does solve the problem, elegantly, and without needing to worry about what kind of phones people bring along or buy locally.

And the military surely understand this, as by the time of the famous meeting, they'd already started deploying them. Also, back when this was a big problem, 19 year-old riflemen usually didn't have the sort of phones that would run a big hefty application like Cellcrypt, which also uses the mobile data link and therefore would give them four figure phone bills.

To sum up, Werritty was helping someone market gear that the MoD didn't need, that was hopelessly unfit for purpose, wouldn't actually do what the MoD wanted, and would cost individual soldiers a fortune, by providing privileged access to the Secretary of State for Defence.

1 comment:

Anonymous said...

And thanks to the Dunning–Kruger model of defence procurement, the people selling it probably don't see the problem, while quite a few modern Tories would see this as the free market in action, rather than a problem.

kostenloser Counter