UK: Channel Islands must not allow spy firms 'Wild West' access to phone networks

In response to an investigation by The Bureau of Investigation Journalism (TBIJ) and The Guardian that found surveillance companies are working with telecoms companies in the Channel Islands in an attempt to spy on people around the world, Claudio Guarnieri, Head of Amnesty International’s Security Lab, said:

“These alarming revelations must act as a wake-up call to governments to rein in the surveillance industry which is clearly out of control.

“It can’t be right that the Channel Islands offer this Wild West access out of the purview of normal regulations.

“Unscrupulous surveillance and telecom firms that exploit vulnerabilities in mobile networks pose a great threat to everyone’s privacy, security and other human rights.

“Telecoms providers selling such illegitimate access to these privileged mobile networks betray their customers' trust, jeopardise everyone’s privacy and security, and potentially enable widespread human rights abuses. 

“It doesn’t take a huge leap of imagination to think of ways that governments or other sinister customers of these surveillance companies might want to use this sort of access to track activists who have left the country or intercept their messages.

“How many more activists or journalists will be targets of unlawful surveillance before all governments are prepared to step up and end this abuse?”

SS7 allows messages to be intercepted

The TBIJ and The Guardian investigation revealed how telecom operators Sure Guernsey and Jersey Airtel are selling access to a component of the cellular network called “SS7” to private surveillance firms, allowing them to locate and intercept the communications of unwitting targets.

SS7 is a signaling protocol which mobile operators use for essential services, including billing and other operations while subscribers are connected from abroad. However, due to its inherent vulnerabilities, SS7 is also being used maliciously by those seeking to subvert the regular functioning of mobile networks in order to conduct cyber-attacks. Through this protocol an attacker may be able to locate a mobile device, intercept SMS messages and re-route phone calls. Those mounting attacks via SS7 may also be able to recover verification codes for many online services, such as social media and instant messaging platforms, and infiltrate activists’ accounts. 

SS7 has become a valuable resource with numerous companies in the secretive surveillance industry trying to gain access. For example, Israeli surveillance vendor NSO Group, whose products were repeatedly used against journalists and human rights defenders, became an affiliate of SS7 interception company Circles - the two companies now sharing common corporate ownership. Recent research has identified several countries, including some with poor human rights records, as potential customers of Circles.

Journalists, human rights defenders and other vulnerable groups are at heightened risk of such abuse. Attempts to curtail abuses through SS7 - for example through the introduction of Diameter, a newer and supposedly more secure protocol - have so far proven unsuccessful.

Amnesty is calling on legislators to move swiftly to ensure security requirements are adequately introduced in national telecommunication law and calls on mobile operators to immediately revoke illegitimate access to SS7 and other privileged networks to surveillance vendors. Human rights defenders should use encrypted communication platforms and avoid regular SMS and phone calls. Securing online accounts with security keys also helps mitigate the risk of accounts being compromised.