The Infowar Monitor first briefed ONI Asia partners on the NokiaSiemens‘ system in June 2008. The file has been open since that time. We began providing analysts and selected journalists with off-the-record, background briefings the day after the Iran elections. We fed the limited information we have into Psiphon Red Team gaming as soon as we began to propogate our Right2Know nodes in public channels – such as Twitter and Facebook. As the story unfolds, we felt it might be helpful to analysts for us to share what background information we have that’s already in the public domain.
Firstly, we were made aware of the case by a New Scientist journalist, Laura Margottini, who wanted us to verify and comment on the systems sold to Iran.
If you’re a NS subscriber you can read her report here: Surveillance made easy (20 August 2008)
[...]Now German electronics company Siemens has gone a step further,
developing a complete “surveillance in a box” system called the Intelligence Platform, designed for security services in Europe and the Middle and Far East. It has already sold the system to 60 countries.According to a document obtained by New Scientist, the system integrates tasks typically done by separate surveillance teams or machines, pooling data from sources such as telephone calls, email and internet activity, bank transactions and insurance records. It then
sorts through this mountain of information using software that Siemens dubs “intelligence modules”.This software is trained on a large number of sample documents to pick out items such as names, phone numbers and places from generic text. This means it can spot names or numbers that crop up alongside anyone
already of interest to the authorities, and then catalogue any documents that contain such associates.Once a person is being monitored, pattern-recognition software first identifies their typical behaviour, such as repeated calls to certain numbers over a period of a few months. The software can then identify any deviations from the norm and flag up unusual activities, such as
transactions with an exotic bank, or contact with someone who is also under surveillance, so that analysts can take a closer look.Included within the package is a phone call “monitoring center”, developed by the joint venture Nokia Siemens.
However, it is far from clear whether the technology will prove accurate. Security experts warn that data-fusion technologies tend to produce a huge number of false positives, flagging up perfectly innocent people as suspicious.
“Combining two different sources of data has the tendency to increase your false positive rate or your false negative rate,” says Ross
Anderson, a computer security engineer at the University of Cambridge.
“If you’re looking for burglars in a run-down district where 50 per cent of men have a criminal conviction, you may find plenty. But if you’re trying to find terrorists among airline passengers – where they
are extremely rare then almost all your hits will be false.”Computer security expert Bruce Schneier agrees. “Currently there are
no good patterns available to recognise terrorists, so it’s unlikely that those employed by Siemens are any good.”Whatever the level of accuracy, human rights advocates are concerned that the system could give surveillance-hungry repressive regimes a ready-made means of monitoring their citizens. Carole Samdup of the
organisation Rights and Democracy in Montreal, Canada, says the system bears a strong resemblance to the Chinese government’s “Golden Shield“
concept, a massive surveillance network encompassing internet and email monitoring as well as speech and facial-recognition technologies and closed-circuit TV.In 2001, Rights and Democracy raised concerns about the potential for governments to integrate huge information databases with real time analysis to track the activities of individuals. “Now in 2008 these
very characteristics are presented as value-added selling points in the company advertisement of its product,” Samdup says.In June, the EU-funded PRISE consortium of security technology and
human-rights experts, including Ian Brown of the Oxford Internet Institute at the University of Oxford, submitted a report to the European Commission asking for a moratorium on the development of
data-fusion technologies, referring explicitly to the Siemens Intelligence Platform. “The efficiency and reliability of such tools is as yet unknown,” says the report. “More surveillance does not necessarily lead to a higher level of societal security. Hence there
must be a thorough examination of whether the resulting massive constraints on human rights are proportionate and justified.”The company said 90 of the systems are already being used around the world, although it did not specify which countries are using it. “In all countries where we operate we do business according to the Nokia Siemens Networks standard code of conduct, based on UN & EU
recommendations,” they say.Samdup argues that such systems should fall under government controls that are imposed on “dual-use” goods – systems that could be used both
for civil and military purposes. Security technologies usually escape these controls. For example, the European regulation on the export and
transfer of dual-use technology does not include surveillance and intelligence technologies on the list of items that must be checked and authorised before they are exported to certain countries.The problem is that surveillance technologies have developed so rapidly that they have outpaced developments in export controls, says
Samdup. “In many cases politicians, policy-makers and human-rights organizations lack the technical expertise to adequately assess the impact that such technology could have when it is exported to repressive regimes.”
So what’s our source for this? Well, for now we would refer you to Quintessenz in Austria. These privacy researchers were referred to us by our friends at Privacy International. You’ll find a wealth of information there, including leaked documents from Nokia Siemens describing the capabilities of their system(s) and others like it being deployed around the world:
IT and telco surveillance equipment – data sheets and presentations
A collection of network monitoring and datamining suites made by Nokia Siemens, Ericsson, Verint and others. All systems are compliant to ETSI and CALEA “lawful interception” standards, the vendors themselves are involved in the standardization. While the official name of the game is still “lawful interception” the newer suites also perform “high speed government surveillance”. From Iran to China they are ab/used to track down the democratic opposition, dissidents, ethnic and religious minorities. The vendors are mostly European and US companies.