Wireless carrier T-Mobile US has been quietly upgrading its network in a way that makes it harder for surveillance equipment to eavesdrop on calls and monitor texts, even on the company’s legacy system.
The upgrade involves switching to a new encryption standard, called A5/3, that is harder to crack than older forms of encryption. Testing by The Washington Post has found T-Mobile networks using A5/3 in New York, Washington and Boulder, Colorado, instead of the older A5/1 that long has been standard for second-generation (2G) GSM networks in the United States. More advanced technologies, such as 3G and 4G, already use stronger encryption.
T-Mobile, the fourth-largest wireless carrier in the United States, declined to describe the extent of its network upgrades, saying in a statement, “T-Mobile is continuously implementing advanced security technologies in accordance with worldwide recognized and trusted standards.”
Deutsche Telekom, the majority shareholder of T-Mobile, last year announced plans to make A5/3 standard on all of its 2G networks in Germany. That came after news reports, based on documents provided by former National Security Agency contractor Edward Snowden, that the NSA was eavesdropping on phone calls by German Chancellor Angela Merkel, causing massive backlash in Germany. (The Post reported in December that the NSA can decode texts and conversations using A5/1 encryption.)
In places where T-Mobile is using A5/3 encryption, mass surveillance becomes more difficult because equipment that passively collects cellular signals from the air often cannot decode calls. Active attacks, involving a device called an “IMSI catcher,” may still be able to eavesdrop on individual calls by manipulating a phone’s security settings directly, without having to crack the encryption.
AT&T, the largest provider of GSM cell phone services in the country, said last year that it was deploying A5/3 encryption for parts of its network. “AT&T always protects its customers with the best encryption possible in line with what their device will support,” the company said in a statement.