China and Google are far away, but recent attacks on Google’s servers that were said to have originated in China do – or at least should – have a bearing on local politics in Bulgaria.

In Google’s initial announcement, the company said "only two Gmail accounts appear to have been accessed, and that activity was account information (such as the date the account was created) and subject line, rather than the content of emails".

According to an anonymous source quoted in an article in PC World, the reason for this was that the attackers did not access the email service itself, but a separate system, "used to help Google comply with search warrants".

On the Freedom to Tinker blog, published by Princeton’s Center for Information Technology Policy, Timothy B. Lee outlined a number of reasons why systems built to give law enforcement access to private communications are almost destined to be vulnerable to attacks. With the success of product being "both less technically interesting and less crucial to the company’s bottom line," any company designing and implementing such a system is "likely to assign a smaller team of less talented engineers to work on the law-enforcement interface," Lee said.

Secondly, the security model for a law enforcement interface was "likely to be more complex and less well specified than the user-facing parts of the service," Lee said.
"Determining which law enforcement officials are entitled to which information, and how those officials are to be authenticated, can become quite complex.

Greater complexity means a higher likelihood of mistakes," Lee concluded. Meanwhile, the Bulgarian Parliament is about to discuss changes to the Electronic Communications Act on second reading. Changes that are to either introduce a direct interface that would give the Interior Ministry permanent, direct access to private communications data, or force operators to set up and maintain such systems in order to, like Google, comply with court-signed search warrants.

Either way, whether after a public procurement where the lowest bidder will win, or as part of investments in "non-operation-critical systems" by privately owned communications operators, these systems are more than likely not going to get as much security attention as they should.

Apart from busting the occasional paedophile ring, the Interior Ministry so far has achieved its biggest successes by reducing its operational team to three - the Prime Minister, the Minister and the Chief Prosecutor - cutting the remaining nearly 70 000 employees, and subsequently the organised crime bosses, out of the loop.

Borissov’s admission that recently arrested organised crime gangs received information from inside the Interior Ministry did not surprise anyone in Bulgaria. On the contrary, many are convinced the Ministry’s involvement goes a lot further than the four or five that have been arrested so far.

The conclusion is clear; civil liberties, national security, the fight against organised crime and, last but not least, public opinion about the Ministry’s efficiency are all best served with granting the Ministry as little access to as little information as possible. Most efficiently that would be done by bringing the numbers of policemen in active service down to a European average; i.e. half the current level.