EU Security Official Calls For Loopholes In 5G Standards

MobilityNetworksRegulationSecuritySoftwareWorkspace

Next-generation networks make it too difficult for security agencies to spy on targets, says EU counter-terrorism coordinator Gilles de Kerchove in leaked memo

The European Union’s counter-terrorism coordinator has called for security loopholes to be implanted in 5G standards to make them more suitable for state surveillance operators and criminal prosecutors.

The proposals by EU counter-terrorism coordinator Gilles de Kerchove come at a time when the US is, ironically, pushing allies to block Chinese suppliers from 5G networks due to an alleged risk that their equipment could be used to collect sensitive data and send it to Beijing.

But De Kerchove’s argument, made in an internal document at the EU Council of Ministers earlier this month and reported by Austrian broadcaster ORF over the weekend, paints a different picture, emphasising how difficult 5G networks make it for authorities to gather information on users’ conversations.

The hurdles include 5G networks’ use of decentralised data processing in order to reduce latency, and an authentication architecture that makes it difficult for police to make use of police-operated base stations.

Too much security

These base stations, known as IMSI catchers, pose as standard cell towers but are put into place by security agencies and monitor all communications passing through them.

De Kerchove’s 6 May memo, directed to police and security working groups and member state delegations, acknowledges that national legislation could be used to force telecoms operators to meet surveillance requirements.

But it says it would be preferable “for these requirements to be already implemented in the (5G) standards”.

De Kerchove proposes that it me made a “basic requirement” under law that for operators to offer 5G services they must first prove “that they can meet the needs of prosecutors”, such as providing full data on 5G communications, “even if they have to involve their partner companies abroad”.

ORF dubbed the proposed requirement “Surveillance-as-a-Service”.

For De Kerchove’s demands to have an effect, however, they would have to be formulated into a directive by the European Commission and approved by the European Parliament, before passing into the national laws of member states.

It is unclear how or if EU legislation could force international standards bodies to implement the proposed security backdoors.

Law enforcement authorities have previously criticised the difficulties created for surveillance work by technologies such as encypted communications and the locking mechanisms employed by Apple’s iOS and Google’s Android smartphones.

The Scottish Parliament recently suspended Police Scotland’s use of Israeli smartphone unlocking systems due to concerns about their legality.

Read also :
Click to read the authors bio  Click to hide the authors bio