From: amzoti on
http://news.yahoo.com/s/ap/20091230/ap_on_hi_te/eu_germany_phone_code

The article is the typical mumbo-jumbo one would expect - but
interesting nonetheless.

Can this guy get in trouble in Europe for this - like jail and huge
fines?
From: Peter Fairbrother on
amzoti wrote:
> http://news.yahoo.com/s/ap/20091230/ap_on_hi_te/eu_germany_phone_code
>
> The article is the typical mumbo-jumbo one would expect - but
> interesting nonetheless.
>
> Can this guy get in trouble in Europe for this - like jail and huge
> fines?

[>
Claire Cranton, a spokeswoman for the London-based group, said that
"this activity is highly illegal in the UK and would be a serious RIPA
offense as it probably is in most countries."
>]

Using it in anger *would* be an offense under RIPA, which covers
interception in the UK, and would be an offense in most other countries
(duh), but developing it?

If done correctly, ie not intercepting calls without the permission of
sender and intended recipient, and not transmitting outside the lab,
developing the crack wouldn't be an offense under RIPA or the Wireless
Telegraphy Act, and I'm pretty sure it wouldn't be an offense under any
other UK statutes.

Karsten planned a demo for today, but I think that the demo he planned
would be an offense under UK and German law, as he invited people to
submit calls tweaked from the ether - however if he set up some calls
and then broke them, it probably would be legal (though there are some
technical difficulties about time slot allocation in the TDMA scheme GSM
uses which might make it a little tricky, but most likely not impossible
to do legally).

I don't know whether the demo went ahead, he was consulting lawyers last
I heard.


BTW, it's a crack of A5/1, the encryption used in GSM and some G3 phones
(sort-of) using a rainbow table, and he has identified some more
protocol-related plaintext in the signals which should make it easier,
though I don't have full details.


-- Peter Fairbrother



From: unruh on
On 2009-12-30, Peter Fairbrother <zenadsl6186(a)zen.co.uk> wrote:
> amzoti wrote:
>> http://news.yahoo.com/s/ap/20091230/ap_on_hi_te/eu_germany_phone_code
>>
>> The article is the typical mumbo-jumbo one would expect - but
>> interesting nonetheless.
>>
>> Can this guy get in trouble in Europe for this - like jail and huge
>> fines?
>
> [>
> Claire Cranton, a spokeswoman for the London-based group, said that
> "this activity is highly illegal in the UK and would be a serious RIPA
> offense as it probably is in most countries."
> >]

Ah, yes, the UK, the country who have made a national obsession through
security by obscurity. The country where a person was thrown in jail for
fraud simply for claiming that someone had taken money out of his bank
account. The country that passed a law making it compulsory to a) hand
over your private encryption keys, and b) made it illegal to tell anyone
that you had done so.

>
> Using it in anger *would* be an offense under RIPA, which covers
> interception in the UK, and would be an offense in most other countries
> (duh), but developing it?
>
> If done correctly, ie not intercepting calls without the permission of
> sender and intended recipient, and not transmitting outside the lab,
> developing the crack wouldn't be an offense under RIPA or the Wireless
> Telegraphy Act, and I'm pretty sure it wouldn't be an offense under any
> other UK statutes.
>
> Karsten planned a demo for today, but I think that the demo he planned
> would be an offense under UK and German law, as he invited people to
> submit calls tweaked from the ether - however if he set up some calls
> and then broke them, it probably would be legal (though there are some
> technical difficulties about time slot allocation in the TDMA scheme GSM
> uses which might make it a little tricky, but most likely not impossible
> to do legally).
>
> I don't know whether the demo went ahead, he was consulting lawyers last
> I heard.
>
>
> BTW, it's a crack of A5/1, the encryption used in GSM and some G3 phones
> (sort-of) using a rainbow table, and he has identified some more
> protocol-related plaintext in the signals which should make it easier,
> though I don't have full details.
>
>
> -- Peter Fairbrother
>
>
>
From: Mok-Kong Shen on
amzoti wrote:
> http://news.yahoo.com/s/ap/20091230/ap_on_hi_te/eu_germany_phone_code

From a link there to a web page of a firm Cellcrypt one reads the
following which I suppose is interesting, as it shows that all such
relatively high performance computing work can nowadays be done on
such a tiny device as a mobile phone:

Cellcrypt's cryptography includes industry-standard high-strength
algorithms including 2048-bit RSA for authentication, Elliptic
Curve Diffie-Hellman and RSA protocols for key exchange, and 256-bit
AES for voice encryption. For added security, the data is encrypted
twice using 256-bit RC4 and AES.

M. K. Shen
From: Mok-Kong Shen on
unruh wrote:
> Peter Fairbrother wrote:

>> [>
>> Claire Cranton, a spokeswoman for the London-based group, said that
>> "this activity is highly illegal in the UK and would be a serious RIPA
>> offense as it probably is in most countries."
>>> ]
>
> Ah, yes, the UK, the country who have made a national obsession through
> security by obscurity. The country where a person was thrown in jail for
> fraud simply for claiming that someone had taken money out of his bank
> account. The country that passed a law making it compulsory to a) hand
> over your private encryption keys, and b) made it illegal to tell anyone
> that you had done so.

I don't know but I should be surprised if there weren't countries worse
than UK in that matter (practically at least).

M. K. Shen