espionage – ubisurv

Hot Air on the Surveillance Industry from the UK

Privacy International has produced a much-needed survey of the state of the surveillance industry, following its other excellent report on the use of development aid to push surveillance technologies on developing countries. The British government’s response, voiced by the Chair of the Parliamentary Committee on Arms Export Controls, Sir John Stanley, has been a typically limp one, largely concerned with the possibility of such systems being sold to ‘authoritarian regimes’ yet blustered and talked of ‘grey areas’ when it came to Britain’s responsibility for this trade.

But this is all way too little too late. I warned of the danger of the increased technological capabilities and decreasing costs of ‘surveillance-in-a-box’ systems as far back as 2008 (see my post here which refers to that). Instead of taking horizon-scanning and pre-emptive action to limit this, Britain, the USA and many other states have encouraged this trade with state aid – as they have with military and security industries more broadly – and, not least, encouraged the use of surveillance on a global scale themselves. Their own extensive breaches of human rights through programs like PRISM and TEMPEST give them no real moral high ground to talk about what authoritarian regimes might do, when they are already pursuing the same actions.

UofT Researchers uncover Chinese Internet espionage system

The Globe and Mail is reporting today that researchers based at the University of Toronto’s Munk Centre for International Studies, along with two private internet security consultancies, SecDev and the Shadowserver Foundation, have uncovered a worldwide network of automated intrusion programs (or botnet) based in China. The report called Shadows in the Cloud describes how over 1300 infected computers containing information related to all kinds of material from the Dalai Lama, the Indian government and US security were linked back to Chinese sources. The authors include Greg Walton who wrote the excellent early report on China’s ‘Golden Shield’ Internet surveillance and censorship system a few years ago. It can’t be said for certain that this was a Chinese state operation: as with the attacks on Estonia from Russian sources back in 2007, suspicions just as much centre on ‘patriotic hackers’, who are just doing this out of a sense of outrage at opposition to their country’s leadership. And no doubt, this is far from the only nationally-oriented botnet system.

SHADOWS IN THE CLOUD: Investigating Cyber Espionage 2.0

Federal judge rules against NSA

A US Federal Court judge has ruled that the National Security Agency’s secret domestic wiretapping program of internal terrorist suspects, was illegal according to the New York Times. The activity violated the 1978 Foreign Intelligence Surveillance Act (FISA) which was put into place after the various inquiries into the activities of the FBI and NSA in the late 1960s and early 1970s. As I’ve said before, that’s hardly a surprise and don’t think this has got a whole lot to do with George W. Bush in particular. Intelligence services might claim to operate under laws but in reality their priorities are not bound by them.But there’s a kind of cycle of collective amnesia that goes on with these inquiries and rulings. This time, the NSA was basically doing almost exactly the same thing as in the earlier period. Some minor superficial changes will occur. People will forget about it. The NSA will carry on. Then in 20 years time, there will be something else that will reveal again the same kinds of activities. Cue collective shock again. And so on. It would take a lot more continual public oversight and openness for them to be held properly to account, and if they were, they’d be very different entities. But that’s not to say that they shouldn’t be held to account: the fact that most democratic nations have what amounts to a secret state within the state that may have very different priorities than the official government or the people should be profoundly worrying. Yet it seems to be such an enormous breach of the democratic ideal that it goes largely unnoticed.

Does the expansion of surveillance make assassination harder? Not in a world of UAVs…

Following the killing of Mahmood Al-Mabhouh is Dubai, allegedly by Israeli Mossad agents, some people are starting to ask whether political assassination is being made more difficult by the proliferation of everyday surveillance. The Washington Post argues that it is, and they give three other cases, including that of Alexandr Litvinenko in London in 2006. But there’s a number of reasons to think that this is a superficial argument.

However the obvious thing about all of these is that they were successful assassinations. They were not prevented by any surveillance technologies. In the Dubai case, the much-trumpeted new international passport regime did not uncover a relatively simple set of photo-swaps – and anyone who has talked to airport security will know how slapdash most ID checks really are. Litvinenko is as dead as Georgi Markov, famously killed by the Bulgarian secret service with a poisoned-tipped umbrella in London in 1978, and we still don’t really have a clear idea of what was actually going on in the Markov case despite some high-profile charges being laid.

Another thing is that there are several kinds of assassination: the first are those that are meant to be clearly noticed, so as to send a message to the followers or group associated with the deceased. Surveillance technologies, and particularly CCTV, help such causes by providing readily viewable pictures that contribute to a media PR-campaign that is as important as the killing itself. Mossad in this case, if it was Mossad, were hiding in plain sight – they weren’t really trying to do this in total secrecy. And, let’s not forget many of the operatives who carry out these kinds of actions are considered disposable and replaceable.

The second kind are those where the killers simply don’t care one way or the other what anyone else knows or thinks (as in most of the missile attacks by Israel on the compounds of Hamas leaders within Gaza or the 2002 killing of Qaed Senyan al-Harthi by a remote-controlled USAF drone in the Yemen). The third kind are those that are not meant to be seen as a killing, but are disguised as accidents – in most of those cases, we will never know: conspiracy theories swirl around many such suspicious events, and this fog of unknowing only helps further disguise those probably quite small number of truly fake accidents and discredits their investigation. One could argue that such secret killings may be affected by widespread surveillance, but those involved in such cases are far more careful and more likely to use methods to leverage or get around conventional surveillance techniques.

Then of course, there is the fact that the techniques of assassination are becoming more high-tech and powerful too. The use of remote-control drones as in the al-Harthi case is now commonplace for the US military in Afghanistan and Pakistan, indeed the CIA chief, Leon Panetta, last year described UAVs as “the only game in town for stopping Al-Qaeda.” And now there are many more nations equipping themselves with UAVs – which, of course, can be both surveillance devices and weapons platforms. Just the other day, Israel announced the world’s largest drone – the Eltan from Heron Industries, which can apparently fly for 20 hours non-stop. India has already agreed to buy drones from the same company. And, even local police forces in many cities are now investing in micro-UAVs (MAVs): there’s plenty of potential for such devices to be weaponized – and modelled after (or disguised as) birds or animals too.

Finally, assassinations were not that common anyway, so it’s hard to see any statistically significant downward trends. If anything, if one considers many of the uses of drones and precision-targeted missile strikes on the leaders of terrorist and rebel groups as ‘assassinations’, then they may be increasing in number rather than declining, albeit more confined to those with wealth and resources…

(Thanks to Aaron Martin for pointing me to The Washington Post article)

New UAVs in Afghanistan

The USAF continues to use the Afghanistan / Pakistan conflict as a test bed for new military surveillance technologies and robotic weapons. The latest thing is apparently the RQ-170, codenamed Sentinel, which is a radar-evading UAV or drone aircraft.

This picture of the aircraft was apparently shot near Kandahar…

500x_kandahar_uav — The Sentinel (source unknown)

It seems that as this conflict drags on, more and more of these things will get wheeled out. Its only purpose seems to have become to field test all these black-project developed technologies that the US security-industrial complex has been churning out. It wasn’t that long after the Predator drone emerged that we saw a weaponized version. It is unclear whether there is any such version of the Sentinel yet, but no doubt there will be soon enough. The increasing reliance on remote-controlled and robotic weapons seems to be a new article of faith amongst the world’s wealthier militaries.

Where Will the Big Red Balloons Be Next?

The US Defence Advanced Research Projects Agency (DARPA) has launched a $40,000 competition ostensibly to see examine the way communication works in Web2.0. The competition will see whether disributed teams working together online can uncover the location of large red weather balloons moored across the USA.

The ‘DARPA Network Challenge’ “will explore the roles the Internet and social networking play in the timely communication, wide-area team-building, and urgent mobilization required to solve broad-scope, time-critical problems”.

All the headlines for this story have been verging on the amused (even The Guardian). Words like ‘whimsical’ and ‘wacky’ have been common. But it seems to me that this project has many underlying aims apart from those outlined in these superficial write-ups, not least of which are: how easily people in a culture of immediate gratification can be mobilised to state aims and in particular to do mundane intelligence and surveillance tasks (following the failure of simple old style rewards to work in the tracking down of Osama Bin Laden and other such problems), and 2, the prospects for manipulating ‘open-source intelligence’ in a more convenient manner, i.e. distributing military work and leveraging (a word the military loves) a new set of assets – the online public, which is paradoxially characterised by both an often extreme scepticism and paranoia, but at the same time, a general superficiality and biddability.

DARPA, of course, was one of the originators of the Internet in the first place (as it continues to remind us), but the increasingly ‘open’ nature of emergent online cultures has meant that the US military now has a chronic anxiety about the security threats posed not so much by overt enemies as by the general loss of control – in fact, there’s been talk for a while of an ‘open-source insurgency’, a strategic notion that in one discursive twist elides terrorism and the open-source / open-access movement, and the CIA has recently bought into firms that specialize in Web 2.0 monitoring.

It seems rather reminiscent of both the post-WW2 remobilisation of US citizens in things like the 1950s ‘Skywatch’ programs (which Matt Farish from the University of Toronto has been studying) or more specifically, some of the brilliant novels of manipulation that emerged from that same climate, in particular Phillip K. Dick’s Time Out of Joint, in which unwitting dupe, Raggle Gumm, plots missile strikes for an oppressive government whilst thinking he’s winning a newspaper competition, ‘Where will the Little Green Man be Next?’

So, who’s going to be playing ‘Where Will the Big Red Balloons Be Next?’ then… ?

Balloon4 — DARPA's Big Red Balloons (DARPA website)

The Biggest Database in the World

James Bamford has a superb review of the new book by Matthew Aid about the US National Security Agency (NSA) in the New York Review of Books this month. What seems to be causing a stir around the intelligence research (and computing) community is the reference to a report by the MITRE corporation into a the information needs of the NSA in relation to new central NSA data repository being constructed in the deserts of Utah. The report, which is being rather speculative, says that IF the trend for increasing numbers of sensors collecting all kinds of information continues, then the kind of storage capacity required would be in the range of yottabytes by 2015 – as CrunchGear blog points out: there are “a thousand gigabytes in a terabyte, a thousand terabytes in a petabyte, a thousand petabytes in an exabyte, a thousand exabytes in a zettabyte, and a thousand zettabytes in a yottabyte. In other words, a yottabyte is 1,000,000,000,000,000GB.” However CrunchGear misses the ‘ifs’ in the report as some of the comments on the story point out. There is no doubt however, that the NSA will have some technical capabilities that are way beyond what the ordinary commercial market currently provides and it’s probably useless to speculate just how far beyond. Perhaps more important in any case, are the technologies and techniques required to sort such a huge amount of information into usable data and to create meaningful categories and profiles from it – that is where the cutting edge is. The size of storage units is not really even that interesting… The other interesting thing here is the hint of competition within US intelligence that never seems to stop: just a few months back, the FBI was revealed to have its Investigative Data Warehouse (IDW) plan. Data Warehouses or repositories seem to be the current fashion in intelligence: whilst the whole rest of the world moves more towards ‘cloud computing’ and more open systems, they collect it all and lock it down.

Canadian Internet Snooping Law

I’ve noted before that there seems to be a concerted push around the world by governments to introduce comprehensive new telecoms surveillance laws that force telecommunications and Internet Service Providers (ISPs) to record, store, and provide access to and/or share with state intelligence agencies, the traffic and/or communications data of their customers (in other words, users like us). What is noticeably here is that there is a particular logic that appears in the arguments of governments who are attempting to persuade their parliaments or people of the need for such laws. This logic that is firstly, circular and self-referential, in that it makes reference to the fact that other governments have passed such laws as if this in itself provides some compelling reason for the law to be passed in their own country. The second part of this is a king of competitive disadvantage arguments that flows from the first argument: if ‘we’ don’t have this law, then somehow we are falling behind in a never openly discussed intelligence-capability race that will hit national technological innovation too.

The media often seem oblivious to what seems obvious, and hence the story on the CTV news site today with reference to Canada’s currently proposed communications law that would allow the Canadian Security and Intelligence Service (CSIS) warrantless access to such the data from Internet and telecoms providers. They consider it to be ‘unexpected’ that the parliamentary Security Intelligence Review Committee has come out in support of the bill. Looking at the reasons why though, they are exactly what one would expect if one has been following the debates around the world and contain exactly the logics I have outlined. The story notes that the committee “points out that governments in the United States and Europe have already passed laws requiring co-operation between security agencies and online service providers” (without, incidentally, pointing out that these remain enormously controversial, or that other governments have abandoned some of their attempts) and later that “intelligence technology… requires continued access to new talent and innovative research.” However they won’t go into details as it is a “very sensitive matter.”

And absent from this debate as usual is the fact that this is not just a question of ‘national security’ if you set up these systems, you feed the US National Security Agency too. Canadian intelligence is still bound by agreements made after WW2, particularly the CANUSA agreement on Signals Intelligence (SIGINT), later incorporated into the UKUSA structure. And as we all know, right now, the USA does not always have the same strategic interests as Canada (the issue of arctic sovereignty is just one example). If this bill is passed, it’s a license for US spies, not just Canadian ones.

UK state spy program targets innocent

The headline may not come as any surprise but a damning report has been released on a key strand of the British government’s counterterrrorism strategy, Preventing Violent Extremism (or just ‘Prevent’). £140m (around $200m US) has been allocated to this program but much of it seems to have been devoted not to combatting nascent Islamic extremism (which is the stated aim) but MI5 simply collecting masses of information on entirely innocent British Muslims – information that will be kept until they are 100 years old! Part of this is because of the tenuous nature of the strategy in the first place: how would one define or identify those who are not terrorists but might become so? Will it be, as in cases reported by The Guardian, the student who attends a lecture on the conditions in Gaza or Muslim men with mental health problems? And much of this depends on teachers and lecturers reporting students. Therefore the program would seem inevitably to encourage suspicion and distrust, as Arun Kundnani writes and as the general tone of left and civil liberties critique has reinforced. But opposition has come from all sides: Pauline Neville-Jones, the Conservative shadow security minister, but also former chair of the Joint Intelligence Committee and political director of the Foreign Office, has also condemned the whole approach of New Labour, which she argues is rooted in the identification of discrete ‘communities’ who share similar characteristics. This can of course be the basis of a form of multiculturalism, but at times of increased security and suspicion it seems all to easy for it to morph into what is effectively racial profiling…

US cameras to see the whole of the moon…

There’s been a story developing for a while now on the US-Canadian border. This used to be one of the most casual and friendly of borders, indeed there are families stretched across both sides and in many places the border meant only slight differences in the price of some goods…

But no more. There might be a new president, but Obama seems to be allowing the Bush-era plans for strengthening the border with Canada to continue. There are now CCTV towers being erected, Unmanned Aerial Vehicles (UAVs) patrolling, and new much stricter passport regulations and customs and immigration checks. As usual this seems to be being done with a kind of macho indifference to the opinions of the Canadians that is making the US actions doubly unpopular.

If this seems like some kind of sci-fi nightmare then then most crazy, Philip K. Dick-style element is to be found on the Michigan-Ontario border at Port Huron, where the Sierra Nevada Corporation, a US military aerospace company, has launched a tethered balloon camera (the company calls it an MAA (medium altitude airship) pointed at the town of Sarnia across the border. This isn’t even an official scheme, it’s a private company trying to sell this insanity to the Department of Homeland Security, and naturally the Mayor and citizens of Sarnia are angry about this international violation of their privacy, and many of both sides of this border think that this intensified security as an attack on the trust that exists between Americans and Canadians.

So what are Sarnians doing? They are giving the cameras something to look at, that’s what. More specifically they are planning to drop their pants for a mass ‘moon the balloon’, which in these days of ever more insane surveillance schemes seems just about the only possible response.