DUBAI May 15 Saudi Arabia's No. 2 telecom
operator Mobily denied claims by a software engineer
that the company had asked him to build surveillance tools to
intercept customers' messages on Twitter and other services.
Matthew Rosenfield, who uses the pseudonym Moxie
Marlinspike, published emails on his blog purporting to be from
Mobily which included a request for help in intercepting traffic
over applications such as Twitter, Whatsapp, Viber and Line.
Marlinspike said the company wanted to be able to monitor or
block mobile data on these applications and that Mobily had
provided him with design documents to produce computer code -
known as SSL certificates - that the company could use for
Marlinspike said on the blog he declined to help.
Mobily, formally known as Etihad Etisalat and an affiliate
of the United Arab Emirates company Etisalat, said the
contents of the blog post, which have whipped up a storm of
comments on social media, were false.
"Mobily or its employees never communicated with the author
of this blog," the company said. "Mobily communicates with
information security companies only based on legal and lawful
requirements. We never communicate with hackers. Moreover, it is
not our job to spy on customers."
The Saudi telecom regulator issued a vaguely worded
directive in March warning that many web-based communication
tools such as Whatsapp, an instant messaging service and Viber,
a phone and messaging service, broke local laws.
It ordered the kingdom's three operators Mobily, Saudi
Telecom Co and Zain Saudi, to ensure they
comply. The regulator, the Communications and Information
Technology Commission (CITC), did not say which laws it was
CITC has not said how long operators would be given to
adhere to the rules or what action would be taken if they failed
to do so.
However, local media have reported that telecom companies
had been asked to tell CITC whether they were able to monitor
CITC was not immediately available for comment on Wednesday.
Marlinspike is the co-founder of Whisper Systems, a company
that makes software to improve security and privacy for
smartphones and other mobile devices and which was acquired by
Twitter in 2011.
In an email to Reuters, Marlinspike said he thought Mobily
contacted him because of his expertise in SSL certificates.
He declined to provide copies of the emails purported to be
from Mobily. His blog states he received emails from Yasser D.
Alruhaily, Executive Manager of the Network & Information
Security Department at Mobily.
A Yasser Alruhaily is listed on social networking website
Yatedo with a similar job title.
(Reporting by Matt Smith; Editing by Tom Pfeiffer and Erica