It's no secret that German Chancellor Angela Merkel likes to use her mobile phone - or that she uses it often for government business. The secret is - or at least it has been presumed - the content and people involved in the calls, text messages and emails.
Merkel's mobile as well as those of other government officials were thought to be immune to surveillance, until accusations by the German newsmagazine "Der Spiegel" on Wednesday (23.10.2013) that the National Security Agency (NSA), a US intelligence agency, was listening in on the chancellor's phone.
Though government officials will not confirm the brand of phone, several photos show Merkel typing out many text messages on what appears to be a Nokia phone. But Merkel reportedly also had a second phone in addition to the one she keeps for official government business. The phone reportedly spied on by the US was not classified as tamper-proof, a spokesman for the Federal Office for Information Security told the daily "Süddeutsche Zeitung."
Easy to use, hard to tap?
Just weeks ago, Germany's cabinet-level ministers and other officials were outfitted with new government mobile phones, all of which were said to combine being impossible to tap with the ease-of-use expected of a modern smartphone. Leading politicians had been forced to carry three mobile phones: one for secure calls and text messages, one for secure email and a third for private use.
The new government mobiles, manufactured by the Canadian company BlackBerry, were delivered in September after being updated by the German company Secusmart. They contain a special encryption card that scrambles speech and data before transmitting it.
"The speech is encrypted by this card," said Secusmart founder Hans-Christoph Quelle. "That means transmissions from this card are encrypted bit by bit."
In addition to the encryption technology for official business, the phones can also be used as regular smartphones on consumer networks and can run publicly available applications via a second set of circuitry that is kept separate from the high-security data and encryption codes.
But there could be some holes in the encrypted devices, as their internal encryption only works when both parties to a conversation are using mobiles that support the technology - conversations to other devices are not specially encrypted. That makes conversations between members of government secure, but could leave conversations with others insecure.
The key to encryption
The encryption itself could pose an additional problem as whoever has the key can access all the data. "Anything that is encrypted can also be decrypted," said IT journalist Robin Cumpl. "It's just a question of time." The more computing power that applied to cracking a code, the faster it can be broken. Other means of spying, such as informants at manufacturing sites and security firms, however, can also provide access to encryption keys.
It's relatively simple to listen in on mobile phone calls using an old cell phone, Cumpl said. "Attach it to a laptop, remove the filter with programs that can be found on the Internet and it's possible to start listening in."
Listening in to calls made over landlines is more difficult, but ever since surveillance programs revealed by former NSA contractor Edward Snowden reached the public, it has become clear that the NSA can also access these communications.
Communications among government officials, however, is subject to special protection. "Security for government networks is much tighter than that of the regular Internet and makes use of much more expensive and better security mechanisms, and the systems are more closely observed," said Norbert Pohlmann, managing director of the Institute for Internet Security at the Westphalian University of Applied Sciences Gelsenkirchen.
The government's network is only connected to the Internet at two points and even if an absolute security guarantee does not exist for anyone, including the government, Pohlmann said, "There are a bunch of firewalls and other systems that spring into action as soon as an error is recognized."