GSM stands for either "group special mobile" or "general system for mobile communications," a protocol or standard for digital cellular communications. GSM encryption is the means by which phone conversations on networks using GSM are scrambled, such that they cannot be descrambled and intercepted by others. Due to their potential uses by terrorist and hostile nations, intelligence agencies in the West are concerned about the dangers inherent in exporting such codes.
In 1982, the European Conference of Post and Telecommunications Administrations adopted the GSM standard, which 18 nations formalized in 1987 with the signing of the GSM Memorandum of Understanding. The first GSM networks began operations in 1991. By the end of the 1990s, some 230 million users worldwide—approximately 65% of the digital wireless market—used digital GSM phones made by companies that included Motorola, Ericsson, and Siemens.
Among the key features of GSM is its security technology, the methods of which reportedly make it the most secure cellular telecommunications standard in the world. Vital to this security is the use of sophisticated encryption algorithms. Conversations are encrypted using a temporary and randomly generated ciphering key, and for added security, the subscriber is identified by a temporary identity, which may change periodically.
Despite these and other advanced security measures, authorities have raised concerns about the safety of GSM codes, and these concerns have been justified by attempts to reveal or break into GSM codes. United States, British, French, and Dutch intelligence and law-enforcement agencies have called for restrictions on the export of encryption technology, which could be used by aggressor nations or terrorists. For example, if terrorists gained encryption codes for cellular telephone communications, they might be able to impede the abilities of law-enforcement authorities to track them and other criminals.
A 1993 compromise permitted the export of the strong A 5/1 encryption algorithm only to secure, fully industrialized countries, mostly in western Europe. The weaker A 5/2 algorithm would be exported to central and eastern Europe, while Russia and some other countries would have no encryption technology.
In April 1998, a group of what Time magazine described as "Silicon Valley cypherpunks" hacked into GSM encryption technology, and bragged that they could tap into calls and "clone" other users' cellular phones. A year and a half later, in December 1999, Israeli researchers Alex Biryukov and Adi Shamir announced that they had successfully attacked the A 5/1 algorithm, and claimed that with a modest-sized personal computer, they could penetrate an allegedly secure phone call or data transmission within less than a second. However, an official with the GSM Association noted that no hardware would allow a hacker to intercept calls on the GSM network.
█ FURTHER READING:
Carlson, Caron. "No Threat from GSM Hackers." Wireless Week 5, no. 50 (December 13, 1999): 3.
"Firms Are Lining up to See." Electronic Times (October 16, 2000): 40.
GSM Association. <http://www.gsmworld.com> (March 5, 2003).
Encryption of Data