I will not dwell on the authenticity of the alleged audio CD or of the incident itself; I will simply focus on technology.  Has anyone stopped to think what are possible and what are the impossible under the circumstances?  And what should we do about it as ordinary citizens?

First, let us examine how the alleged phone conversations can be recorded.  The easiest way is when one, or both, of the concerned parties in the conversation recorded it.  Mobile phones are now equipped with earphone output jacks which can be used for recording.  Another possibility is that the alleged call(s) was made from a mobile phone to a landline.  Landline tapping is a relatively easy thing to do given the right expertise and the right equipment.  Listening and recording devices can be installed within the Palace, COMELEC, or any place for that matter.  This is the easiest way to do it and also the cheapest; and it does not require too much technical knowledge or manpower.  The interesting question is who did it and why?

If the conversation(s) was done using mobile phones, one possibility is that the recording was made in a telecommunications center.  The Global System for Mobile communications (GSM) networks provide security using encryption algorithms but this is done only when the call or data is in transit and not when it passes through base stations.  A very reliable source told me that telecoms engineers can actually eavesdrop anytime they want to, can even select which numbers they want to monitor, and simply plug an earphone to the proper terminal to listen in.  Although this is possible, a telecoms company’s policies strictly prohibit this kind of an action.  Consequently, there are also legal impediments.  

But to be able to record a conversation as controversial as PGMA’s alleged phone calls, you need to monitor the phone's activity for a certain period of time (that’s 24/7) because you don't know when the important calls will be made.  This is indeed technically possible, but I think under the circumstances it is highly improbable.

The next possible scenario is that the operators’ back-bone system may have been compromised.  Hackers (internal/external) may have taken control of a given system and may have exploited it to monitor or record a call.  With the advances in technology, mobile systems will be able to determine how, where and when the call was made, who made the call and to whom the said call was made.  Once the back-bone networks are compromised, the possibilities are limitless, so to speak.  You can practically steal anything and do anything you want with it.  This again is technically possible but so far, no incident of such nature has been reported worldwide.

The last scenario has to do with over-the-air wiretapping.  Experts worldwide agree that over-the-air interception and real time decoding of a GSM call is still impossible.  GSM technology is probably the most secure of all the cell phone technologies.  It encrypts voice communications by default and has an authentication system that uses the built-in Subscriber Identity Module (SIM) chip in each phone.  But on the other hand, the GSM Association confirmed that GSM technology has security holes in it after an Israeli scientific team found a way to break into mobile phone calls on GSM networks, thus allowing them to listen in on conversations and even take on a caller's identity. 

A device called an "International Mobile Subscriber Identity (IMSI) catcher" can also be used for this illegal action.  An IMSI catcher pretends to be a legitimate base station of the mobile phone network.  While it's true that a mobile phone has to authenticate itself in the mobile telephone network, it does not work the other way around -- the network does not authenticate itself to the mobile phone.  And because of this intentional flaw, the IMSI catcher can then deactivate GSM encryption using a special flag. 

All calls made from the tapped mobile phone go through the IMSI-catcher (this is where the recording occurs) and are then passed on to the mobile network.  This activity can happen in a matter of seconds or even milliseconds.  Devices like this will cost around $250,000.00 US dollars.  Even if this is technically possible, only an individual or a group with enough resources (money and technical skills) and sufficient motives can resort to this kind of activity.  

So after going through all the possibilities, what do we do next?  

The National Telecommunications Commission (NTC) recently met with the telecoms operators and asked them to submit a report concerning their network security.  The NTC added that telecoms operators should be able to detect external attacks as part of their job to protect their subscribers.  I agree 100% with what the NTC is doing.  But it's unclear to me what the NTC meant by detecting external attacks.  Is the NTC referring to attacks on the respective operators’ networks or is the NTC concerned with making sure that all calls should be free from hackers, etc.?  If it's the latter, assuming it's technically possible, can we really monitor the millions or billions of calls made each day?  Perhaps we can ask all concerned government agencies to secure the mobile phone of one (1) important subscriber first before we start talking about monitoring the 25 million mobile subscribers that we have right now.

In a television interview, the NTC even said that the telecoms operators can be held liable if it finds that the calls in question pass through their respective networks.  Of course it passes through the telecoms networks; they're the carriers.  My advice to all government agencies investigating this issue is to think and plan their moves carefully before issuing any statements.  To me, the telecoms operators are their greatest allies to solve the problem at hand and not the other way around.  

We are in the digital era now where knowledge is king.  Find out first if the audio CD was tampered or not; determine how the recording was done to strengthen your defense; and find the culprits.  Do not blame the medium and put an end to your know it all attitude, my friends.  The telecoms owners are very much willing to cooperate with you because they are victims as well if indeed the calls were tapped.  Work with them.

Professor Lauri Pesonen of the Department of Computer Science and Engineering at Helsinki University of Technology offered three(3) possible security improvements which our operators can implement, namely: 1) to use another cryptographically secure algorithm which will require operators to issue new SIM-cards to all their subscribers and to update their Home Location Register (HLR) software; 2) employ a new A5 implementation with strong encryption so that a brute-force attack is not feasible in any case; and, 3) to encrypt the traffic on the operators’ backbone network (between the network components).  Professor Pesonen also added that his recommendations are easy to implement but will present new expenses mostly to the network operators.  Whether our operators will implement any or all of them is a test of their commitment as far as securing their respective systems are concerned.

Wiretappings are legal in other countries and these are being used to catch drug dealers, terrorists and other criminals.  In other words, the technology was made with the intention of doing some good.  Technology merely creates tools designed to help humans to do things easily and efficiently.  If technology is being used for something other than its intended purpose, then it's not a problem of technology, rather it’s a problem for us users.

I’m logging off for now.  God Bless us all!!!