[liberationtech] Exactly how are satellite transmissions tapped/intercepted, in Syria and elsewhere?

[Matt Mackall]

On Tue, 2011-11-29 at 16:43 +0000, Enrique Piraces wrote:
> Hi all, thanks for the detailed responses on this thread. 
> 
> I'm trying to understand how weak BGAN, Thuraya, Iridium encryption
> could be. For example one of them claims in its site that "Thuraya's
> integrated satellite communication solutions are rapidly deployable,
> employ the highest level of encryption, and are proven in meeting
> exacting security standards for use in the field."

A security self-evaluation by a company's marketing department isn't
worth much.

> Beyond the ability that some may have to detect the location of a
> call/connection and log their calls, how true is that their encryption
> can protect the contents of the information transmitted? Is the risk
> the same for each voice/data/text?

Thuraya is a telecom company, which means the default assumption should
be that they:

- use poorly-implemented crypto that can be defeated by sophisticated
  third parties
- have built-in "lawful intercept capability"
- have extensive logging and data retention
- will hand this data over to authorities at the slightest provocation

The past decade has shown us the above is true of basically all
terrestrial providers, and there's no good reason to think satellite is
different. And there's no reason to think they've done a better job with
their crypto tech than the industry groups that created WEP and GSM.

> Is part of the solution to use encryption modules like http://www.shoghicom.com/thuraya-encryption.html?

No. The first two bullet points above (at least!) probably apply. The
only way for a private citizen to get assurances that are better than
marketing copy is to use open source tools that have survived the close
public scrutiny of the security community.

-- 
Mathematics is the supreme nostalgia of our time.