Maintenance. We are currently updating the site. Please check back shortly
Members login
  • TrustLaw
  • Members Portal
Subscribe Donate

Saudi's Mobily denies asking for help to spy on customers

Source: Reuters - Wed, 15 May 2013 15:34 GMT
Author: Reuters
cli-wea med-dev
Tweet Recommend Google + LinkedIn Email Print
Leave us a comment

By Matt Smith

DUBAI, May 15 (Reuters) - Saudi Arabia's No. 2 telecom operator Mobily denied claims by a software engineer that the company had asked him to build surveillance tools to intercept customers' messages on Twitter and other services.

Matthew Rosenfield, who uses the pseudonym Moxie Marlinspike, published emails on his blog purporting to be from Mobily which included a request for help in intercepting traffic over applications such as Twitter, Whatsapp, Viber and Line.

Marlinspike said the company wanted to be able to monitor or block mobile data on these applications and that Mobily had provided him with design documents to produce computer code - known as SSL certificates - that the company could use for interception.

Marlinspike said on the blog he declined to help.

Mobily, formally known as Etihad Etisalat and an affiliate of the United Arab Emirates company Etisalat, said the contents of the blog post, which have whipped up a storm of comments on social media, were false.

"Mobily or its employees never communicated with the author of this blog," the company said. "Mobily communicates with information security companies only based on legal and lawful requirements. We never communicate with hackers. Moreover, it is not our job to spy on customers."

The Saudi telecom regulator issued a vaguely worded directive in March warning that many web-based communication tools such as Whatsapp, an instant messaging service and Viber, a phone and messaging service, broke local laws.

It ordered the kingdom's three operators Mobily, Saudi Telecom Co and Zain Saudi, to ensure they comply. The regulator, the Communications and Information Technology Commission (CITC), did not say which laws it was referring to.

CITC has not said how long operators would be given to adhere to the rules or what action would be taken if they failed to do so.

However, local media have reported that telecom companies had been asked to tell CITC whether they were able to monitor such applications.

CITC was not immediately available for comment on Wednesday.

Marlinspike is the co-founder of Whisper Systems, a company that makes software to improve security and privacy for smartphones and other mobile devices and which was acquired by Twitter in 2011.

In an email to Reuters, Marlinspike said he thought Mobily contacted him because of his expertise in SSL certificates.

He declined to provide copies of the emails purported to be from Mobily. His blog states he received emails from Yasser D. Alruhaily, Executive Manager of the Network & Information Security Department at Mobily.

A Yasser Alruhaily is listed on social networking website Yatedo with a similar job title. (Reporting by Matt Smith; Editing by Tom Pfeiffer and Erica Billingham)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of the Thomson Reuters Foundation. For more information see our Acceptable Use Policy.

comments powered by Disqus