There’s a very interesting video-report from Sebastian Meyer here on the US military use of biometrics in Afghanistan to try to identify Taliban in what he calls ‘frontline anthropology’. Wired revealed last month that the NATO / US army operation is planned to be expanded into a nationwide biometric ID card scheme by next May. Wired says that there are only two biometric systems operating in Afghanistan but they don’t seem to have noticed that the UNHCR mission in the country is also using biometrics to identify returnees who have already claimed the financial assistance on offer and are making fraudulent claims, in conjunction with the Afghan government. Are these systems all connected? More investigation is needed…
Category: Asia
Backdoors for Spies in Mobile Devices
There’s been a lot of controversy over this summer about the threats made to several large western mobile technology providers mainly by Asian and Middle-Eastern governments to ban their products and services unless they made it easier for their internal intelligence services and political police to access the accounts of users. The arguments actually started way back in 2008 in India, when the country’s Home Ministry demanded access to all communications made through Research in Motion’s (RIM) famous Blackberry smartphone, which was starting to spread rapidly in the country’s business community. Not much came of this beyond RIM agreeing in principle to the demand. Then over this summer, the issue flared up again, both in India and most strongly in the United Arab Emirates (UAE) and Saudi Arabia. RIM’s data servers were located outside the countries and the UAE’s Telecommunications Regulatory Authority (TRA) said that RIM was providing an illegal service which was “causing serious social, judicial and national security repercussions”. Both countries have notorious internal police and employ torture against political opponents.RIM initially defended its encrypted services and its commitment to the privacy of its users in a full statement issued at the beginning of August. However, they soon caved in when they realised that this could cause a cascade of bans across the Middle-East, India and beyond and promised to place a data server in both nations, and now India is once again increasing the pressure on RIM to do the same for its internal security services. So instead of a cascade of bans, we now have a massive increase in corporate-facilitated state surveillance. It’s Google and China all over again, but RIM put up even less of a fight.
However, a lot of people in these increasingly intrusive and often authoritarian regimes are not happy with the new accord between states and technology-providers, and this may yet prove more powerful than what states want. In Iran, Isa Saharkhiz, a leading dissident journalist and member of the anti-government Green Movement is suing another manufacturer, Nokia Siemens Networks, in a US court for providing the Iranian regime with the means to monitor its mobile networks. NSN have washed their hand of this, saying it isn’t their fault what the Iranian government does with the technology, and insist that they have to provide “a lawful interception capability”, comparing this to the United States and Europe, and claiming that standardisation of their devices means that “it is unrealistic to demand… that wireless communications systems based on global technology standards be sold without that capability.”
There is an interesting point buried in all of this, which is that the same backdoors built into western communications systems (and long before 9/11 came along too) are now being exploited by countries with even fewer scruples about using this information to unjustly imprison and torture political opponents. But the companies concerned still have moral choices to make, they have Corporate Social Responsibility (CSR) which is not simply a superficial agreement with anyone who shouts ‘security’ but a duty to their customers and to the human community. Whatever they say, they are making a conscious choice to make it easier for violent and oppressive regimes to operate. This cannot be shrugged off by blaming it on ‘standards’ (especially in an era of the supposed personal service and ‘mass customization’ of which the very same companies boast), and if they are going to claim adherence to ‘standards’, what about those most important standards of all, as stated clearly in the Universal Declaration of Human Rights, Article 12 of which states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence,” and in Article 19: “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.”
UofT Researchers uncover Chinese Internet espionage system
The Globe and Mail is reporting today that researchers based at the University of Toronto’s Munk Centre for International Studies, along with two private internet security consultancies, SecDev and the Shadowserver Foundation, have uncovered a worldwide network of automated intrusion programs (or botnet) based in China. The report called Shadows in the Cloud describes how over 1300 infected computers containing information related to all kinds of material from the Dalai Lama, the Indian government and US security were linked back to Chinese sources. The authors include Greg Walton who wrote the excellent early report on China’s ‘Golden Shield’ Internet surveillance and censorship system a few years ago. It can’t be said for certain that this was a Chinese state operation: as with the attacks on Estonia from Russian sources back in 2007, suspicions just as much centre on ‘patriotic hackers’, who are just doing this out of a sense of outrage at opposition to their country’s leadership. And no doubt, this is far from the only nationally-oriented botnet system.
India’s Biometric Census
A while back I was wondering how India was going to enrol 1.2 Billion people in its planned national Biometric ID card scheme. Well, I should have guessed that the answer was that it would combine it with a national census. This is apparently exactly what is going to happen, according to the BBC. The next Indian national census will be the first one not just to count and classify individuals with written answers, but will also take biometric details. These will then form the basis for the new ID database, with its 16-digit unique identifying number. And the process has already started – the only thing I can think of that will cause it significant problems is not any civil liberties opposition but rather the ongoing revolutionary movements often called ‘Maoist’ but really a lot of different loosely affiliated rural-based organisations…
Google does the right thing, but…
Google is, as I type this, closing down its Chinese site as the first stage of its withdrawal of service from mainland China, in response to numerous attacks on the company’s computers from hackers allegedly connected to the Chinese state and ongoing demands to provide a censored service with which they felt they could not comply. The company claims that Chinese users will still be able to use Google, only through the special Hong Kong website, http://www.google.com.hk, which for historical reasons falls outside the Chinese state’s Internet control regime. Whether this will mean that the site will actually be accessible to Chinese Net users is debateable. Some say they cannot access it already. There are also numerous ‘fake Google’ sites that have sprung up to try to make some fast cash out of the situation.
But there’s more to this of course. Google has been widely reported to have opened its doors to the US National Security Agency (NSA) in order, they say, to solve the hacking issue, but the NSA only get involved in matters of US national security – if Google is essentially saying it is effectively beholden to US intelligence policy and interests, I am not sure that this is a whole lot better than bowing to China. You can be sure as well, that once invited in, the NSA will insinuate themselves into the company. Having a proper official backdoor into Google would make things a lot easier for the NSA, especially in populating its shiny new data warehouse in Utah…
Mapping drone strikes
Via Boingboing, an analysis and map of US UAV drone strikes on the tribal regions of Pakistan from 2004. Some good stuff from NewAmerica. What is particularly interested, if not unpredictable, is the way that weaponized UAVs have in the course of just a few years become a ‘normal’ part of the US war machine, with deaths from drone strikes possibly doubling from 2008-9. We can’t be sure of the exact numbers.
Does the expansion of surveillance make assassination harder? Not in a world of UAVs…
Following the killing of Mahmood Al-Mabhouh is Dubai, allegedly by Israeli Mossad agents, some people are starting to ask whether political assassination is being made more difficult by the proliferation of everyday surveillance. The Washington Post argues that it is, and they give three other cases, including that of Alexandr Litvinenko in London in 2006. But there’s a number of reasons to think that this is a superficial argument.
However the obvious thing about all of these is that they were successful assassinations. They were not prevented by any surveillance technologies. In the Dubai case, the much-trumpeted new international passport regime did not uncover a relatively simple set of photo-swaps – and anyone who has talked to airport security will know how slapdash most ID checks really are. Litvinenko is as dead as Georgi Markov, famously killed by the Bulgarian secret service with a poisoned-tipped umbrella in London in 1978, and we still don’t really have a clear idea of what was actually going on in the Markov case despite some high-profile charges being laid.
Another thing is that there are several kinds of assassination: the first are those that are meant to be clearly noticed, so as to send a message to the followers or group associated with the deceased. Surveillance technologies, and particularly CCTV, help such causes by providing readily viewable pictures that contribute to a media PR-campaign that is as important as the killing itself. Mossad in this case, if it was Mossad, were hiding in plain sight – they weren’t really trying to do this in total secrecy. And, let’s not forget many of the operatives who carry out these kinds of actions are considered disposable and replaceable.
The second kind are those where the killers simply don’t care one way or the other what anyone else knows or thinks (as in most of the missile attacks by Israel on the compounds of Hamas leaders within Gaza or the 2002 killing of Qaed Senyan al-Harthi by a remote-controlled USAF drone in the Yemen). The third kind are those that are not meant to be seen as a killing, but are disguised as accidents – in most of those cases, we will never know: conspiracy theories swirl around many such suspicious events, and this fog of unknowing only helps further disguise those probably quite small number of truly fake accidents and discredits their investigation. One could argue that such secret killings may be affected by widespread surveillance, but those involved in such cases are far more careful and more likely to use methods to leverage or get around conventional surveillance techniques.
Then of course, there is the fact that the techniques of assassination are becoming more high-tech and powerful too. The use of remote-control drones as in the al-Harthi case is now commonplace for the US military in Afghanistan and Pakistan, indeed the CIA chief, Leon Panetta, last year described UAVs as “the only game in town for stopping Al-Qaeda.” And now there are many more nations equipping themselves with UAVs – which, of course, can be both surveillance devices and weapons platforms. Just the other day, Israel announced the world’s largest drone – the Eltan from Heron Industries, which can apparently fly for 20 hours non-stop. India has already agreed to buy drones from the same company. And, even local police forces in many cities are now investing in micro-UAVs (MAVs): there’s plenty of potential for such devices to be weaponized – and modelled after (or disguised as) birds or animals too.
Finally, assassinations were not that common anyway, so it’s hard to see any statistically significant downward trends. If anything, if one considers many of the uses of drones and precision-targeted missile strikes on the leaders of terrorist and rebel groups as ‘assassinations’, then they may be increasing in number rather than declining, albeit more confined to those with wealth and resources…
(Thanks to Aaron Martin for pointing me to The Washington Post article)
Indian surveillance build-up continues
India is investing massively in surveillance equipment both at national level and within the country, Video surveillance is expanding in cities, and it is also putting R&D and operational funds into major projects like a new mountain-top border radar system and now, a satellite platform that, it is claimed, will be “fitted with an intelligent sensor that will pick up conversations and communications across the borders.” Presumably this means a system rather like the US satellites that have been in operation since the 1980s that ‘vacuum’ up microwave communications signals from mobile telephones, rather than some kind of impossibly powerful microphone! Interestingly the story in the Hindu continually refers to the new devices, whether they be radar or satellites, as “network-centric”, and is peppered with references to “electronic warfare”, showing that Indian military planners have almost entirely swallowed US strategic doctrines that emerged from the 1990s. With the USA now operating openly in Pakistan, the source of recent terrorist raids into India, and tensions ratcheting up with China, it seems that the US is backing India as its major regional partner, or at least that India is aping US methods.
Iraqi resistance hacks US drones
According to the Wall Street Journal, US surveillance drones (you know, the future of military surveillance…) have allegedly been hacked by Iranian-backed Shi’ite forces in Iraq, using $26 off-the-shelf Russian software called Skygrabber – and they may have been compromised in Afghanistan too.
It is, as my informant, Aaron Martin, points out, amazing that the military surveillance systems of the world’s most resourced and technologically-developed military could be hacked so easily and for so long without notice. It also makes me wonder how many other networked surveillance systems would be vulnerable or are being hacked using the same or similar systems. If for example, organised criminal gangs could access the video surveillance systems of major cities, this would further call into question the effectiveness of these systems. Or alternatively, of course, it could point the way to a more accountable, open-access kind of surveillance – as Aaron and I are exploring in a paper we are currently writing.
New UAVs in Afghanistan
The USAF continues to use the Afghanistan / Pakistan conflict as a test bed for new military surveillance technologies and robotic weapons. The latest thing is apparently the RQ-170, codenamed Sentinel, which is a radar-evading UAV or drone aircraft.
This picture of the aircraft was apparently shot near Kandahar…
It seems that as this conflict drags on, more and more of these things will get wheeled out. Its only purpose seems to have become to field test all these black-project developed technologies that the US security-industrial complex has been churning out. It wasn’t that long after the Predator drone emerged that we saw a weaponized version. It is unclear whether there is any such version of the Sentinel yet, but no doubt there will be soon enough. The increasing reliance on remote-controlled and robotic weapons seems to be a new article of faith amongst the world’s wealthier militaries.
ubisurv 