Saudi's Mobily denies asking for help to spy on customers
DUBAI May 15 (Reuters) - Saudi Arabia's No. 2 telecom operator Mobily denied claims by a software engineer that the company had asked him to build surveillance tools to intercept customers' messages on Twitter and other services.
Matthew Rosenfield, who uses the pseudonym Moxie Marlinspike, published emails on his blog purporting to be from Mobily which included a request for help in intercepting traffic over applications such as Twitter, Whatsapp, Viber and Line.
Marlinspike said the company wanted to be able to monitor or block mobile data on these applications and that Mobily had provided him with design documents to produce computer code - known as SSL certificates - that the company could use for interception.
Marlinspike said on the blog he declined to help.
Mobily, formally known as Etihad Etisalat and an affiliate of the United Arab Emirates company Etisalat, said the contents of the blog post, which have whipped up a storm of comments on social media, were false.
"Mobily or its employees never communicated with the author of this blog," the company said. "Mobily communicates with information security companies only based on legal and lawful requirements. We never communicate with hackers. Moreover, it is not our job to spy on customers."
The Saudi telecom regulator issued a vaguely worded directive in March warning that many web-based communication tools such as Whatsapp, an instant messaging service and Viber, a phone and messaging service, broke local laws.
It ordered the kingdom's three operators Mobily, Saudi Telecom Co and Zain Saudi, to ensure they comply. The regulator, the Communications and Information Technology Commission (CITC), did not say which laws it was referring to.
CITC has not said how long operators would be given to adhere to the rules or what action would be taken if they failed to do so.
However, local media have reported that telecom companies had been asked to tell CITC whether they were able to monitor such applications.
CITC was not immediately available for comment on Wednesday.
Marlinspike is the co-founder of Whisper Systems, a company that makes software to improve security and privacy for smartphones and other mobile devices and which was acquired by Twitter in 2011.
In an email to Reuters, Marlinspike said he thought Mobily contacted him because of his expertise in SSL certificates.
He declined to provide copies of the emails purported to be from Mobily. His blog states he received emails from Yasser D. Alruhaily, Executive Manager of the Network & Information Security Department at Mobily.
A Yasser Alruhaily is listed on social networking website Yatedo with a similar job title. (Reporting by Matt Smith; Editing by Tom Pfeiffer and Erica Billingham)