29 December 2009. GSM A5 Files Published on Cryptome
13 July 1998
Date: Mon, 13 Jul 1998 16:18:39 +0200 To: jy@jya.com From: Visiteur du cybercafé <visiteur@ii-mel.com>@demon.ii-mel.com Subject: scoop about GSMtrace scandal! Phil Karn [Qualcomm Scientist/Cryptographer]: "Cellular registration is one of the most problematical privacy issues in modern telecommunications." ______________________________________________________________ http://www.sonntagszeitung.ch/sz28/52996.HTM [see English below] http://www.letemps.ch/search/1998/07/07/com_2.htm [see English below] http://www.cybourse.be/interception [URL revised 24 March 1999] ______________________________________________________________ Message to Visiteur du cybercafé: We have been mandated by a law enforcement agency to identify and purchase a GSM intercept system (up to 10000 lines). Can you advice: Consultants, Suppliers, ... Thank you for any information. Regards, Bernard Metzger mcm@pobox.com ______________________________________________________________ http://www.sonntagszeitung.ch/sz28/52996.HTM Original in German. Translation by Babelfish http://babelfish.altavista.digital.com [Photo of intercept aerials] SonntagsZeitung Online, July 12, 1998: And there are it nevertheless, the movement profiles A confidential report of the data-security commissioner shows: The Swisscom collects all Natel data in the three-hour clock OF NIKLAUS RAMSEYER AND DENIS VON BURG BERNE - a secret report of data-security commissioner Odilo Guntern proves: The Swisscom locates every three hours all switched on Natels in Switzerland up to 100 meters exactly and stores these data during seven days. Everything not half so badly, everything legally and all no problem: Thus the Swiss federal data-security commissioner Odilo Guntern appeased the public on last Monday. The Swisscom AG has probably " the possibility of localizing at any time each switched on Natel ", admitted it. This however only up to the 50 kilometers of global so-called location AREAS - and surely not up to the few kilometers precise 2500 radio cells in the country, " as in the Sundays newspaper mentioned ", Guntern said. Which did not experience the public: Gunterns dry three-lateral paper is only the tip of the iceberg. Among them a strong secret report, which for Guntern only " the involved one ", as he says, hides itself 30 pages, set. the Swisscom, the responsible Departemente Leuenberger (communication) and vest (law and police) is " involved " as well as the business check delegation of the Swiss federal advice. Gunterns confidential report does not only contain the crucial information to Natel problems. It partly contradicts the public remarks and acknowledges the article of the Sundays newspaper from 28 December 1997 to a large extent. In particular Guntern concealed that the 800,000 Natel users in Switzerland can be located not only " ", but Updating (PLU) are exposed location to a permanent fully automated Periodic. PLU means: Every three hours announce themselves all switched on Natels to the next antenna, on which the Swisscom registers its location. That can determine each Natel owner: It is sufficient to put the switched on mobile telephone beside transistor radio on which this every three hours a clearly audible galloping gives to kneeling asterisk of itself. Partially transaction data are stored even over many weeks This standortmeldung enclosure not only " one for that only 30 location AREAS " in the country, like Guntern believe to make wanted, they descends up to " radio cell level ". In cities is few 100 meters exactly - in open, rural areas nevertheless still with precision of max. 10 kilometers. Specialists of a prominent Natel company insure that anyhow. The quite exact Natel location is thus registered in the three-hour clock. More still: The Swisscom stores appropriate " transaction data " all Handies lasts seven day - in individual cases during weeks and months. SVP national council Bernhard Seiler, which praesidiert the GPK delegation of the advice, acknowledges this circumstances to the Sundays newspaper. Also data-security commissioner Odilo Guntern admits: " the topic PLU is in detail stated in my report. " In " technical details " it may not get involved however. The calculation is made fast. Eight standortmeldungen stored by 800,000 Handies each day, during one week: The Swisscom has continuously 40 million data, how and where the 800,000 Natels in the country move. That serves only the connecting accommodation, is called it officially. Who has however access to these information, a " movement profile " can create immediately and experience by computer printout, where the Natel (and thus probably its owner) was exact in the last seven days. Guntern: " that is not impossible. " With the help of the Radiogoniometrie (see box) the Swisscom can besides each Natel exactly on 50 meters locate and the discussions hear. That applies also to the disputed Natel D Easy: " also over these devices we have transaction data and operational data ", insure Odilo Guntern. It explains why the EJPD and federal attorney require Carla Del Ponte, who should buyers of such devices systematically are registered. The police would like to know if necessary, to which owner the movement profile of a certain Natels belongs. And why did Guntern thereport secretly remain? " took part " push over themselves the responsibility for the Geheimniskraemerei mutually. Guntern: " I did not ask those at all whether they would like to publish the report, and decided that it was not public. " To it the control instances of the Swiss federal advice do not want to resign themselves: " we were the opinion, the whole Guntern report publicly are presented ", say the Tessiner FR national council Werner Carobbio, which belongs also to the GPK delegation of the advice. " we the problem " movement profile of Natel carriers " again deepened to bring up for discussion ", promises it. --------------------------------------------------------------- http://www.letemps.ch/search/1998/07/07/com_2.htm Original in French. Translation by Babelfish: http://babelfish.altavista.digital.com Les Temps Online, July 7, 1998: COMMUNICATION TELECOMS. The federal employee with the data protection, presented his annual report yesterday Odilo Guntern: «The holder of Natel must be able to remain anonymous» By Gabriel Sigrist In Switzerland, any citizen can go in a store and acquire for 120 francs a smart card to be introduced into a portable telephone. The system Natel D easy of Swisscom does not require any subscription and the user can thus remain anonymous. This anonymity disturbs the Attorney General of the Confederation, Carla LED Bridges, who carried itself on several occasions against a system «used by all the criminals». According to the public ministry, the new ordinance on telecommunications imposed as of January 1 the identification of the users of Natel D easy. The investigation of the federal employee to the data protection contradicts this assertion completely. «The legal base to record the purchasers of Natel easy does not exist», concludes Odilo Guntern in its annual report. The employee with the data protection goes further: «In our company, the protection of the individual requires to be able to telephone without being card-indexed, it declared at Time. To record the purchasers of card «easy»does not make sense, because the criminals use other means to remain anonymous, like the foreign cards but also the services of call-back or simply the phone boxes.»In the close countries, the purchasers of such cards must however decline their identity. «They is that the laws are different, explains Odilo Guntern. In Switzerland, the identification is obligatory only when there is a relation customer-provider in the duration, which is not the case of a card to prépaiement.»The card easy is thus connected legally with a subscription CFF multicourse or a card telephones to use in the cabins. Goods which can be acquired anonymously. The debate is however not closed: «According to us, the legal base is sufficient to impose the recording of the users, explains Jürg Blaser, spokesman of the public Ministry. It is essential for the security of our country to be able to identify the holders of portable telephones.»The federal Office of the communication (Ofcom) will slice. According to Odilo Guntern, it remains for the hour «perfectly legal»to acquire a card easy without giving its name. Swisscom encourages the purchasers however to be identified: the operator offers a small gift to those which reveal their personal data. The employee was also interested in the possibilities of tracing of the mobile telephones. According to its investigation, Swisscom can locate a portable simply engaged in a relatively vast zone, but not to the cell (a ray of ten kilometers). There too, the opinions diverge. According to Christian Masson, enthusiastic activist of the freedom of circulation, system GSM used by Natel de Swisscom memorizes once every three hours the precise localization of the apparatuses, for questions of maintenance. Odilo Guntern does not mention such a process in its investigation. According to Swisscom, the positions of the users are unobtrusive progressively with their displacements. The report/ratio stresses also the cards fidelity like the Mr.-Cumulus of Migros. «Any holder of such a card must be informed of the various reductions of which it can profit, as well as data processing relating to it», indicates the report/ratio. On Internet: The full report of the employee to the data protection on www.edsb.ch The site of Mr. Masson on http://www.cybourse.be/interception [URL revised 24 March 1999]