Archive | Intelligence

A closer look at Hacking Team

Here is an interesting piece in Foreign Policy: Fear this man »

It’s about the Italian firm Hacking Team and its founder and CEO, David Vincenzetti. The article gives an interesting and chilling glimpse into the commercial side of providing governments with IT tools for surveillance – that also is being used by authoritarian regimes for oppression and disinformation.

“Privacy is very important,” Vincenzetti says on a recent February morning in Milan, pausing to sip his espresso. “But national security is much more important.”

0

Germany, Snowden and Russia

Last Friday German magazine Focus ran an interview with the country’s two top spies — Gerhard Schindler, of the Bundesnachrichtendienstes (BND) and Hans-Georg Maaßen, of the Bundesamtes für Verfassungsschutz (BfV).

In short, they are annoyed that Edward Snowdens exposure of NSA mass surveillance puts Germany and the UK in an uncomfortable spot. They even implied that Snowden could have been acting under the influence of the Russian government.

“Leaking the secret service files is an attempt to drive a wedge between western Europe and the USA – the biggest since the Second World War,” Hans-Georg Maaßen, head of Germany’s domestic intelligence agency (Verfassungsschutz), told Focus in the double interview.

The translation above from The Local.de. This has gained some attention in the media and Western military circles. So, let’s take a step back and try to look at the wider picture.

Yes, it is a problem that very little is known about mass surveillance carried out by e.g. Russia and China. But you cannot blame Snowden for this. He worked for a contractor to the NSA and leaked what he found to be unacceptable violations of civil rights. Furthermore, the NSA is an intelligence organisation in a democratic country; that should be held responsible under the rule of law. It is not a level playing field. But our western democracies are better than authoritarian and totalitarian states – and our authorities should be held accountable according to a higher standard. Especially when they spy on their own citizens.

Yes, it is a problem that Edward Snowden is stranded in Russia. But that does not make him a Russian spy or mouthpiece. The reason he is in Moscow is: 1) When he arrived there for transit, the US had revoked his passport. 2) No western democracy is willing to grant Snowden asylum. If German authorities are willing to grant him shelter and protection – he can be in Berlin pretty quickly, where a parliamentary inquiry would love to meet with him. (However, I don’t think German intelligence services are all too keen about that prospect.)

And naturally Germany and the UK are being criticized. They deserve to. German intelligence has been spying on companies, businesspeople, and political figures in Germany and allied European nations on behalf of the NSA. And they have lied about it in front of German parliamentarians. In similar ways, the British GHCQ have been acting far beyond its mandate. Both countries are close allies with the US and both countries intelligence authorities have a close cooperation with the American NSA. So, it is not the least strange that German BND has come under scrutiny. But they can blame no one but them selves.

But OK, no one can tell for sure if Snowden is a (knowing or unknowing, willing or unwilling) Russian spy. But that does not alter the fact that his revelations have huge implications for how our democratic societies are run. It is extremely important that this information has come to the public’s knowledge. To defend a free and open society, we must stick to democratic principles, rules, and legal frameworks.

The best, easiest and most decent thing would be to grant Edward Snowden asylum in Germany – and let him testify in front of relevant parliament committees. But I guess that will never happen.

/ HAX

• The Local.de: German spies imply Snowden leaked files for Russia »
• Focus: Doppel-Interview mit Gerhard Schindler und Hans-Georg Maaßen: Kreml versucht den deutschen Bundestag zu infiltrieren – Russen treiben mit Hilfe des Whistleblowers Snowden einen Keil zwischen Westeuropa und den USA »

0

A European FBI? Really?

Somewhere on the Internet, someone wrote “The purpose of terrorism is to provoke the target government into curtailing civil liberties, so more people become radicalized.”

Close enough. Google “the purpose of terrorism”. The Internets is full of thought-provoking discussion about what the fuck is going on. Or at least, opinions about it.

Terrorism is a wide specter, in many ways. Now, we are waiting to find out how governments are going to react to the Brussels attacks. They will. They have to. That is what politicians do. But… how should they react?

It happens to be that national governments are catastrophically bad at sharing information with each other. At least, when it comes to information that might be a bit sensitive. They simply cannot let everyone else in on everything. They will not do that.

And the EU can do nothing. (I’m not saying that the EU should, absolutely not – but it is noteworthy that it can not. National security is strictly national competence. That’s the rule.)

So there is this bold idea floating around: A European FBI.

In other words, a federal and centralized European police. All information would belong to an EU institution in some Belgian suburb. It would have its nose in everything. Like they say in American crimis… “Oh, shit. The Feds are here.”

Newer the less, it would be a radical way to get all of the European police in line, I guess. And think about all the money they can save by having a common European police uniform.

On the one hand, it is obvious that someone must make national government’s security agencies share relevant information — about common enemies, at least.

On the other hand, who should handle this? Not the Commission itself, I hope. So, give it to Europol, they will say. And right there we also need to give Europol full operative authority in all EU member states.

Europol is the European Union’s law enforcement agency whose main goal is to help achieve a safer Europe for the benefit of all EU citizens. We do this by assisting the European Union’s Member States in their fight against serious international crime and terrorism.
— Europols boilerplate

Europol is largely a post-macho bureaucracy, with some support for member states in need to coordinate specific work and operations. But it’s not very operative in itself. (Europol didn’t even bother to look into the possibility that the NSA hacked the SWIFT bank transaction system, mentioned in the Snowden files. Not even after being asked about it by media and in the European Parliament.)

Should we put these people in charge of running European police? I’m not even sure that Europol would like to. They lack the ambition.

Maybe something… new! And there you have it: Europolice. The only police you will ever need.

Then anything can happen. There will be disasters like a centralized procurement process for toilet paper to all European police stations. There will be a federal authority running its own investigations parallel to local law enforcement. And federal crimes must be handled in a unified way across all of the EU — how do you make that happen?

There will have to be field offices in cities all over the continent, with a partly international crew.

Europolice: Keeper of all information. Online with all national records. Connected to the mass surveillance network. Bureaucracy with operative authority. A single point for failure. Under at best vague democratic oversight.

Are you really sure about doing this?

/ HAX

0

What to expect after the Brussels attacks. And why it will not work.

Once again terrorists have struck.

No doubt, this will be followed by new calls for mass surveillance.

But mass surveillance doesn’t really work. It’s rather draining the police and intelligence services of resources – making us all less safe.

Not even a system with 99% accuracy would be useful. It would give 10,000 false positives per million people’s communications scanned. That’s simply not workable. (And it would lead to dramatic consequences for totally innocent people.) Also, there are no systems even close to being 99% accurate.

After the Paris attacks Waldemar Ingdahl wrote in Spiked:

And yet, despite the vast array of new powers granted to security agencies over the past 15 years, they still find it difficult to connect the dots in the lead-up to a terrorist attack. In fact, the Madrid train bombings in 2004 and the London bombings in 2005 were undertaken despite the fact that some of the perpetrators were already under surveillance.

What we need is more traditional police and intelligence work — not security bureaucrats behind computer screens, trying to find suspicious patterns in ordinary people’s communications.

Human intelligence is hard, often dangerous and expensive. But that is what it takes. Everything else is part of a counter-productive security theatre.

But then again, fighting terrorism might just be a pretext for mass surveillance of the general public.

/ HAX

Spiked, November 2015: Why mass surveillance misses terrorists »

0

Internets imprisoned and fallen

I feel that I ought to pay tribute to Ian Murdock, father of Linux Debian, former Sun VP and Linux Foundation CTO. And I do, by linking to this piece at ArsTechnica, painting a much better picture than I ever could:

Ian Murdock, father of Debian, dead at 42 — Former Sun VP and Linux Foundation CTO died under suspicious circumstances »

As this, according to Murdock’s tweets appears to be a suicide and me not knowing anything much about the circumstances, my first thought was to leave it there. But the Internet led me on. Apparently there had been some confrontation with the police. (Murdock’s tweets ») And that is a red flag.

Back to Ars Technica:

On Monday at 2:13pm Eastern Time, Murdock apparently posted that he was going to kill himself:

» I’m committing suicide tonight…do not intervene as I have many stories to tell and do not want them to die with me #debian #runnerkrysty67 «

Also on Monday, Murdock wrote a string of posts that indicate he had a confrontation with police. Inquiries to the San Francisco Police Department by Ars went unanswered. Update: Public records indicate Murdock was arrested in San Francisco on December 27 and released on bail, but no details were available on the charges.

Of course, I know nothing about the circumstances. And I shouldn’t speculate. But the story of Aaron Swartz falls into one’s mind. He was a champion for a free and open internet, who actually managed to accomplish things and who stopped harmful political bills. He was prosecuted in a very strange federal case of possible copyright infringements and faced $1 million in fines and 35 years in prison. He declined a plea bargain and shortly after that he killed himself. (Also see the documentary: The Internet’s Own Boy The Story of Aaron Swartz ») There are some disturbing similarities with the Murdock case.

But it might just be similarities. And people do fall over the edge sometimes. But standing eye to eye with the judicial system and the police definitely can push someone over that edge. Trust me on that one.

Do you remember Michael Hastings, the successful investigative reporter? His car mysteriously ran into a palm tree and exploded in LA, shortly after he had told his associates that he was on to something big, once again. And his targets were usually the darker side of government and its functionaries.

Journalist and internet activist Barrett Brown clearly was pushed into a corner by the authorities, resulting in him currently spending 63 months in federal prison. It all happened when he was working on ProjectPM, investigating outsourcing of government intelligence operations to private contractors — and the inner workings of the cyber-military-industrial complex.

Chelsea Manning is spending 35 years in prison, basically for having exposed the truth about the government’s politics and actions to the public. This imprisonment is right out offensive.

Wikileaks editor in chief Julian Assange is confined to the Embassy of Ecuador in London, where his freedom of action is quite limited. This following a European Arrest Warrant after some rather vague accusations about sexual misconduct in Sweden. And NSA whistleblower Edward Snowden is stuck in Russia, after the US retracted his passport. In both these cases it’s about people who have made information public — that the people in a democracy ought to have the right to know about anyhow.

There is a disturbing pattern emerging. If you push the envelope too far, bad things happen to you.

No, I am not a conspiracy theorist. Clearly Brown, Manning, Assange and Snowden had it coming. Murdock and Swartz obviously were under harrowing pressure. And there is no hard evidence of foul play in the Hastings case, just strange circumstances. But still, it’s all very troublesome and sad.

Are journalists, internet activists and whistleblowers the imprisoned and fallen political dissidents of our time? Is the truth and a free flow of information really that dangerous to the Establishment? If so, what kind of a society is this?

Our thoughts are with Ian Murdock’s family and friends.

/ HAX

0

The normalisation of mass surveillance

Once upon a time, there were rumors about a global surveillance network — Echelon. When the European Parliament decided to look into the matter, it turned out it did indeed exist. For years to follow there were rumors about US intelligence organisation NSA and its new capabilities to “collect it all”. And a few years ago, the Snowden documents exposed exactly that.

Then followed a state of resignation.

In 2013/14, it was brought to light that the NSA might have compromised the international clearing system for bank transfers, European run SWIFT. It’s a bit odd, as the US can have as much information about European bank transfers as they want, in accordance with the EU-US TFTP agreement. Newer the less, there were strong indications of something going on. This time the European police agency, Europol, didn’t even bother to look into the matter. In a European Parliament hearing Europol director Bob Wainwright explicitly said so. (The hearing is quite surreal. It’s all on video here. »)

In Germany, politicians softened their tone against the US/NSA when threatened with limited access to US intelligence. It also turned out that under the level of political polemic, the BND had been working very closely with the NSA all the time. And in Sweden, according to the Snowden files, SIGINT organisation FRA has access to NSA superdatabase XKeyscore. Swedish politicians (including the Greens, who are now in government) will not even comment on the legality of this.

The European Court of Justice has invalidated the EU data retention directive, finding it in breach of fundamental human rights. Never the less most EU member states are upholding (and in some cases implementing) data retention, leading national constitutional courts to object. But data retention fits well with US surveillance systems, so it seems to be less important if it is legal or not.

I could go on, but I better get to my point.

Politicians and intelligence bureaucrats are sending some pretty clear signals these days. They do not care about what is legal or not legal. They do not care if being exposed. They do not even comment on issues that ought to be fundamental in a democracy. The message is: This is the way it is. Live with it.

If there was ever need for a broad political movement against mass surveillance, it is now.

/ HAX

1

EU to coordinate member state intelligence?

(EU Counter-Terrorism Coordinator) De Kerchove, who stressed in front of the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) earlier this year to “never let a serious crisis go to waste”, now told the European Observer that “[y]ou don’t want people to know (…) that you have Big Brother interception by satellite or that you have people infiltrating computers”.

EDRi: EU encourages cooperation between intelligence agencies »

0

Mass surveillance makes us less safe

BanksyParis

Our thoughts are with the victims of the terror attacks in Paris.

But we should not allow ourselves to react in a thoughtless way. Terrorists want to impose fear –leading us away from a free, open and democratic society.

France already has one of the most intrusive regimes of mass surveillance in the western world. Apparently, this did not stop the terrorists.

Actually, it might very well be that mass surveillance makes us all less safe. The number of “false positives” makes serious police work more difficult. Dependence on electronic surveillance systems also directs resources away from old fashion police activites, intelligence operations, informed analysis and “HUMINT” (Human Intelligence).

Naturally, there is a place for advanced forms of electronic surveillance. But it should be focused on individuals and groups who are suspected to prepare for criminal activities. And to identify such targets, HUMINT is essential.

Time and time again it has been revealed that terrorists have been on the security services radar before striking. But the what, where and when is normally never communicated in ways that can be intercepted by mass surveillance. Here you need targeted surveillance, old-fashioned spies and qualified intelligence analysis. This is hard work, it takes time, it is costly and it can be dangerous. But it is what is effective to keep us reasonably safe from terrorism. (If at all possible.)

And given that the whole point of fighting terrorism is to defend our free, open and democratic society — it would be counter-productive to treat all citizens as potential terrorists and criminals. The people is not the problem.

/ HAX

1

EU & mass surveillance: Business as usual

I took some time looking trough some of my Youtube-clips on the European Parliaments hearings om mass surveillance during the last legislature (2009-14).

It’s amazing. Everything was laid out in front of the MEP:s. But all the EP could come up with was some half-lame resolution (an opinion, not legislation). And thats it. The new parliament (2014-19) has so far done nothing to follow up on this.

You really should look trough this hearing, with the late Caspar Bowden. He served the MEP:s everything on a silver plate. (If you don’t have the time, give it at least ten minutes.)

Youtube »

Did they read the paper? Nah. Did they act on the information? Not really. Did they care? I don’t think so.

Today it’s business as usual. Nothing of substance has been done when it comes to the EU acting on US mass surveillance. The British and the French (and many others) have — if anything — learned from NSA, now collecting everything. NSA partners (such as the Swedish FRA) carries on as usual. And the European Commission has failed to act on the few recommendations the EP actually gave.

Somehow, I get the impression that our political leaders don’t care. Or don’t want to know. Or maybe… they are not on our side.

We really should elect better politicians.

/ HAX

0

Is the German government on Germanys side?

The news that the American spy organisation NSA has targeted the major German magazine Der Spiegel are serious and disturbing. But it is just the tip of the iceberg.

As it turns out the German government knew. But it did nothing to stop it. It didn’t report the issue to relevant democratic oversight bodies. And even worse — it lied about the matter to the German parliament.

To make things even worse it’s still unclear if the NSA obtained it’s information by spying on the newspaper, the Chancellors Office or the entire German political apparatus.

Der Spiegel writes…

“It remains unclear just who US intelligence originally had in its scopes. The question is also unlikely to be answered by the parliamentary investigative committee, because the US appears to have withheld this information from the Chancellery. Theoretically, at least, there are three possibilities: The Chancellery — at least in the person of Hans Josef Vorbeck. SPIEGEL journalists. Or blanket surveillance of Berlin’s entire government quarter. The NSA is capable of any of the three options. And it is important to note that each of these acts would represent a violation of German law.”

In Germany the constitution and the freedom of the press is taken seriously. What has been going on is in direct conflict with principles clearly laid out by the German Constitutional Court in Karlsruhe.

“If it is true that a foreign intelligence agency spied on journalists as they conducted their reporting in Germany and then informed the Chancellery about it, then these actions would place a huge question mark over the notion of a free press in this country. Germany’s highest court ruled in 2007 that press freedom is a “constituent part of a free and democratic order.” The court held that reporting can no longer be considered free if it entails a risk that journalists will be spied on during their reporting and that the federal government will be informed of the people they speak to.”

This affair is now snowballing, putting the Chancellors Office under serious pressure. In a special editors note, Der Spiegel notes…

“The fact that the press no longer has a special protected status and can be spied upon in the same way as corporations, associations or government ministries, lends a new quality to the spying scandal. That the press appears to have been betrayed by its own government is outrageous. For this reason, SPIEGEL decided this week to file a complaint with the Federal Prosecutor’s Office on suspicion of intelligence agency activity.”

It seems that the German intelligence services and the Chancellors Office have neglected both democratic and judicial requirements to keep good working relations with the Americans.

This leading up to a situation where leading German officials appears to have sided with US intelligence services — rather than with the German constitution, German law, the German parliament and the German people.

Read more: An Attack on Press Freedom: SPIEGEL Targeted by US Intelligence »

/ HAX

1