Nokia gives customer data to the US

Smartphone maker Nokia allowed its Lumia smartphones to act as listening devices for US spooks.

According to a long exposé penned by the Helsinki Times, in March Nokia advertised the data security of its smartphones to authorities deciding on government IT procurements and large amounts of Nokia’s Lumia phones were bought for the Finnish government.

At the same time, Nokia’s Lumia phones and their Windows Phone operating system started leaking data to the US.

The paper said that Lumia’s Windows operating system transmits the user’s private information to Microsoft in the United States where it is given to the United States Security Agency (NSA).

The data leak was discovered by Helsingin Sanomat who tested what Nokia’s Lumia phone and its Microsoft Windows Phone operating system did without the knowledge of the user.

Information received from the base station, the phone continuously “talks” with many servers located abroad and the Nokia user does not see any of it.

In the test, it became clear that if the Nokia phone is using settings suggested by the operating system, the phone circulates the browser’s data transfer through Microsoft’s proxy server located in the United States. Only after that can the phone get connected to a Finnish web address. In other words, Microsoft can, when it wants to, monitor what pages the Finnish user visited.

Of course, it is not just Finnish users, any European Nokia phone armed with a Volish operating system will do the same thing.

The only thing which was not headed to the US was an encrypted connection between the phone and banks. This means that if the US wanted to remove cash from your bank account it can’t.

Nokia told the paper that the mobile phone’s privacy policy states how the data is transmitted so everyone knows that their data can be sniffed. A Nokia spokesman said that it “respected the privacy of the user and strive in all our actions to ensure the user’s privacy protection. All devices equipped with an internet connection are connected to the global internet”,

It was just that the majority of the applications and Internet services are offered from outside of Finland.

Apparently, though, Finnish authorities began to suspect the security of Nokia’s smartphones last summer after the Snowden leaks.

Juhapekka Ristola, Director-General of the Communications Policy Department at Finland’s Ministry of Transport and Communications asked the Finnish Security Intelligence Service and the Finnish Communications Regulatory Authority to investigate.

This caused Nokia a few problems. The company had to tell the Finnish Communications Regulatory Authority the truth, but it had to be very careful not to cause harm to Microsoft. It seems to have attempted to avoid talking to the regulator.

Finally, it gave the following assurance:

“Nokia is not aware that those kinds of functionalities or components, which enable the revealing of the user’s private information to outsiders without the knowledge of the user, would have intentionally been installed into its products sold in Finland.”

Notice the words “functionalities and components”? That says that if it is the operating system’s fault it is nothing to do with Nokia.

So the situation is still a mess. With Nokia now becoming part of Microsoft, it might not be such a good idea for government departments and others who value their privacy, such as European corporations, to steer clear of Nokia until Microsoft agrees to stop making its phones call the NSA.