December 20, 2013
The NSA's Economic Spying Slowly Comes Into View
The publishing of NSA secrets continues. The Guardian, Spiegel and the New York Times report on efforts to listen to new satellite connections. The tests were run against a (partitial) "target database" and their results reveal what targets that "target database" contains. These included international organizations like UNICEF, Non-Government-organizations like Médecins du Monde, high European Union functionaries, economic entities like the oil giant Total and the electronics and military producer Thales. They include many heads of states and state institutions as well as some alleged terrorists. Some of the target numbers were obtained from U.S. officials who share their rolodexes with the NSA.
The NSA spying on telephone data in the United States has decisively helped in zero terrorists cases instead of the 54 cases the NSA had claimed. The real international target list is likewise not primarily aimed at "terrorists" as the NSA claims. I also doubt that it is mainly just to target politicians or political entities. I believe that most of the targets will turn out to be economic entities and that this will be the real issue that brings up a storm against international NSA spying. Notice that the wording the NSA uses when asked about economic spying gets more elaborate and includes more caveats each time questions are asked. This from the NYT piece linked above:
In a statement, the N.S.A. denied that it had ever carried out espionage to benefit American businesses.
“We do not use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line,” said Vanee Vines, an N.S.A. spokeswoman.
But she added that some economic spying was justified by national security needs. “The intelligence community’s efforts to understand economic systems and policies, and monitor anomalous economic activities, are critical to providing policy makers with the information they need to make informed decisions that are in the best interest of our national security,” Ms. Vines said.
How can one detect "anomalous economic activities" when one does not observe the "normal" economic activities? One can not and that caveat thereby reveals the real activities.
There is also the history of the current spying activities:
The documents that were reviewed also suggest that the satellite dragnet is likely a continuation of the legendary global Echelon surveillance network, which was the subject of an investigation by a committee of the European Parliament in 2000.
In their 2001 final report, the EU politicians presented a wealth of convincing evidence of industrial espionage allegedly committed through Echelon ...
When the NSA spokesperson says "We do not ... give intelligence we collect to — U.S. companies" the next question must be who does the NSA give that "economic" intelligence to and to whom does that entity (likely the CIA as was the case with Echelon data) hand those secrets?
Pressure on non-U.S. politicians to build a really secure Internet communication systems will only come when the companies in their countries find out that their well-being depends on it. With many new revelations about the NSA still to come it is likely that we will soon see that the economic aspect of the spying scandal, and the response to it from parties that have real stakes in such issues, is a major if not the major part of the whole affair.
Posted by b on December 20, 2013 at 12:24 PM | Permalink
And one has to suppose that as the deflation/stagnation process increases the economic spying will intensify. The most probable reaction by non-US corporations will be to greatly innovate their spying on their US rivals. With the fusion of NSA spying with the Pentagon's Cyberwar programme the economic collapse will accelerate.
Posted by: JohnE | Dec 20, 2013 1:13:25 PM | 1
"never believe anything until it's been officially denied"...and it'll go on 'cause somebody's makin' a shitload of money off this...
Posted by: bfrakes | Dec 20, 2013 1:18:34 PM | 2
Marcy Wheeler was very struck by this recommendation: "Governments should abstain from penetrating the systems of financial institutions and changing the amounts held in accounts there." She thinks it probably means that they were doing just that. Mike Masnick also picked up on the same sentence.
Posted by: Rowan Berkeley | Dec 20, 2013 2:26:48 PM | 3
Mr. Rowan Berkeley found the real devastating scandal. I was on my way over here to post the same item.
Posted by: Maracatu | Dec 20, 2013 2:42:50 PM | 4
Here’s a potential point for the good guys:
Snowden v. Obama: The Game-Changing Decision
Judge Leon has published in Klayman v. Obama (12/16/2013) a persuasive (and occasionally exclamatory) 68 page legal opinion averaging more than one fine-print footnote per page holding that the dragnet data sweep by Obama's NSA “almost certainly does violate a reasonable expectation of privacy” by the American people. This satisfies the definition for the kind of “search” that falls within the prohibition of the Fourth Amendment. Judge Leon answers the second question, determining whether such a search could be justified under the Fourth Amendment's “reasonable” exception, by finding the search “unreasonable” when compared to the embarrassing absence of evidence that these searches have played any significant role in serving their purported purpose of detecting terrorists.
Posted by: juannie | Dec 20, 2013 4:22:36 PM | 6
Give the tools to everyman!
Posted by: Peter Hofmann | Dec 20, 2013 4:56:40 PM | 7
b. - I seem to remember a post you did a few years back where NSA helped a US company in a legal dispute over wind turbine technology. NSA obtained secret codes so so the US company could examine the German company's turbines.
Posted by: Dan | Dec 20, 2013 6:47:47 PM | 8
With nsa being a profoundly criminal organisation, no doubts, (but then, what was to expect from a profoundly criminal state?) I'm thinking that we are not well served focussing *only* (or almost exclusively) in the evil, evil nsa.
- pretty much every country *knew* how evil and dirty zusa plays. As for the western block countries they - or more precisely their politicians - *chose* to just go ahead anyway with their "zamerica is good and great and democratic" stance and with diverse "free trade" and other agreements.
- The PKI (Public Key Infrastructure) system, i.e. the very basis for https, ssl, etc. is rotten in the core. It (the certificate system) is not about security but about money. Any and every certificate from a myriad of "certificate agencies" will do and there is plain nothing to protect people and businesses.
For some strange reason though most countries feel it more important to regulate minutiae of peoples personal lives than to clean out the PKI mess.
- Most countries - and companies and people - *chose* to go for nist (zusa standards body with quite some major issues in the past) "approved" encryption. There *are* others; to name just two: Both japan and europe held competions similar to nist and both have examined, developed, solidly tested, and standardized other, more reliable and in some cases even more practical and economical encryption systems.
- Most people, incl. IT professionals, don't know the matter well; possibly this is intended. To be honest, it *is* a complex matter and one needs quite some know-how to chose wisely. But sure enough countries and major organizations do have the means necessary - yet they chose ignorance as their path.
- There is - widely unused - freedom to chose for oneself what is deemed acceptable and what not (openssl, ssl servers and clients (e.g. browsers), etc.) *can* be told what to use and what not to accept.
- Possibly the biggest problem: Lousy, really poor code quality and management. Openssl, for instance, probably being *the* most used encryption "tool set" used by software developers, has had serious weaknesses due to poor programming (and using "C", a language that doesn't have security in its mind and actually rather works against security).
The reason is simple. Most people a) want "security" and b) run with the mainstream. windows, linux, mac os offer some built-in "security" and that's what 99% of the users accept and use without ever having so much as a look at it.
Actually, we *can* - here, today, and now - encrypt our communication in a way that virtually excludes any chance for nsa to spy on us. But we need to use it and, more uncomfortable, we need to understand at least some basic principles.
Last but not least: If one buys or outsources security, one is bound to encounter ugly limits. What we experience now is not only some very bad players (nsa, ghcq, ...) but also the consequences of "comfortably" and lazily outsourcing core interests of ourselves. Accordingly, we should blame ouselves, or at least our governments, no less than we blame nsa, ghcq et al.
Ceterum censeo israel delendum esse.
Posted by: Mr. Pragma | Dec 20, 2013 7:08:11 PM | 11
If the US was genuinely interested in putting an end to terrorism it would bring home the troops it sends to other people's countries (to kill people who don't want them there), shut down the Pentagon and the State Dept, and stop telling porkies every day.
Posted by: Hoarsewhisperer | Dec 20, 2013 8:01:35 PM | 12
Critics: NSA agent co-chairing key crypto standards body should be removed - Ars Technica
Kevin Igoe, who in a 2011 e-mail announcing his appointment was listed as a senior cryptographer with the NSA's Commercial Solutions Center, is one of two co-chairs of the IETF's Crypto Forum Research Group (CFRG). The CFRG provides cryptographic guidance to IETF working groups that develop standards for a variety of crucial technologies that run and help secure the Internet. The transport layer security (TLS) protocol that underpins Web encryption and standards for secure shell (SSH) connections used to securely access servers are two examples. Igoe has been CFRG co-chair for about two years, along with David A. McGrew of Cisco Systems.
Igoe's leadership had largely gone unnoticed until reports surfaced in September that exposed the role NSA agents have played in "deliberately weakening the international encryption standards adopted by developers." Until now, most of the resulting attention has focused on cryptographic protocols endorsed by the separate National Institute for Standards and Technology. More specifically, scrutiny has centered on a random number generator that The New York Times, citing a document leaked by former NSA contractor Edward Snowden, reported may contain a backdoor engineered by the spy agency.
Also, @Mr. Pragma #11:
The C language is not inherently insecure. It's more a matter of the lazy standards implementation on the part of the compiler and library authors, and the resulting laziness that allows for programmers who use those compilers and libraries.
Posted by: Dr. Wellington Yueh | Dec 20, 2013 9:58:28 PM | 13
Here you go Rowan:
Do you know anything about NSA's use of unauthorized copyright infringing copies of Inslaw's PROMIS software for at least 25 years as the software it sold to banks in support of its "follow the money" SIGINT mission?
TD: I don't have any specific knowledge of it. I am certainly aware of the program. I was not part of it. I have heard about it and am aware, had become aware of it over the years, and ... I've had people who've had the history of that program who have actually contacted me over the last couple of years. Unfortunately, it is an example - though I don't have, I can't validate or verify it - not any of the allegations or assertions, any of the history that's been revealed and disclosed regarding PROMIS, none of it surprises me and here's why. It's unfortunate but it is, and I had the direct experience at NSA that NSA would either abscond with or would cast aside really powerful technology and then use it for their own purposes.
I'll give you the example that I'm intimately familiar with, that was ThinThread, the extraordinary program in which I was the executive program manager during late 2001 and 2002 before it met a summary death at the hands of NSA leadership and placed in the Indiana Jones digital warehouse never to be seen again, in direct violation of congressional legislation signed into law to deploy ThinThread to the 18 most critical counter-terrorism sites.
Well, there's one part of ThinThread that was actually used by the secret surveillance program called Stellar Wind, the very program that I blew the whistle on - they abused that program to by-pass the Fourth Amendment and the Foreign Intelligence Surveillance Act. There were many crypto-mathematician brains behind the algorithms of ThinThread and this one particular sub-program. He's actually apologized to the nation for it because he never intended that it be used in like manner. They stripped all of the protections off of it.
This pattern is unfortunate. You also have a pattern where large companies will do everything they can to ... let's say they have a company working for them, a sub-contractor. It will actually take intellectual property and then will re-package it for their own use and sell it to the government or in partnership with the government, so none of this surprises me. I just can't speak directly to the specifics of PROMIS, but I'm certainly well aware of program and what NSA did with it.
LS: Understood, but I would like to ask you, nevertheless one more question related to this. This would be, once NSA controlled the software used by banks to process wire transfers or money and letters of credit it could in theory add, delete and/or modify the amounts of funds in accounts because the funds are just data like any other kind of data. Have you ever heard that NSA or other intelligence agency exploited the banks surveillance version of PROMIS towards such an end?
Posted by: Mina | Dec 21, 2013 3:39:22 AM | 14
It gets clearer and clearer: while the world has watched, with bated breath and barely disguised contempt, the ever more extravagant “kinetic actions” of the US, its NATO satraps and its auxiliaries; counting the countless dead, noting the aerial massacres, following the death squads’ bloody trails and protesting the torture, the concentration camps and the kidnapping, the real campaign to establish full spectrum dominance has been concentrating on the internet, electronic communications and universal surveillance.
The success of this campaign, so far has consisted, it seems, of erecting the infrastructure of the Panopticon- to make it possible to see everything and record everything, because it is understood that to do so is to possess a key to great power. There is curiously little evidence that anything very much has been done with the information: a bit of petty political work, the killing of a few careers (Scott Ritter; Eliot Spitzer; John Edwards) and other maverick operations. Some industrial espionage, but little, one suspects, of great significance if only because nobody has a greater interest in undermining US manufacturing than the American ruling class, busily exporting jobs, capital and technologies to more profitable venues.
For this there are two reasons. The first is that the military elites running the NSA and the Corporations it employs to carry out many of its functions are not very bright. They are building the machinery for others to employ. It is one thing to collect data, it is another thing to collate and catalogue it, to run it through crude analyses, of the sort which has proved completely ineffective in tracking down ‘terrorists’, and to trace cell phones in order to aim missiles at them.
But the real work will be carried out by social scientists, psychologists, experts in behavioural patterns and mathematical formulae. I am unsure how it will work but I’m pretty certain that what is aimed at is the establishment of a regime in which dissent is subject to pre-emptive policing. Which was the purpose of the Panopticon when it was first conceived. To prevent ‘crime’ before it occurs. With the upsetting of social order or the breaching of communal peace being the ultimate crime. Isn’t that right General Sissi?
But all this is in the future. The immediate, rather sordid, object is to lift the US one more level from effective international arbiter to complete dominance. This is to be done by solidifying the, now notorious, International Community which thinks what Washington thinks and does what Washington wants. This is the International Community that pretends to be shocked by Syria’s government, that pretended to live in fear of Ghadaffi bombing Benghazi, that pretends that there is evidence that Iran has a nuclear arms programme, just as it expressed alarm at Saddam’s WMD. It isn’t really either International or a Community, it’s a film set on a propagandist’s lot, a Potemkin Village run up to impress the embedded Press Corps as it passes by on its way to another war.
And that is what the current comprehensive “Free Trade” agreements are all about, the erection of a new system of commercial law, complete with a robust sanctions regime, under the direct control of the US Corporatist system, which will reduce national sovereignties to the right to design flags and, provided they don’t impinge upon employers’ rights, designate national holidays.
Blogs like this, using English as a universal language and bringing together the views of people all over the world are great. But they are also symptomatic of the underlying problem, which is the enthusiastic surrender of much of the world to the creole culture of anglo-America, the Imperium.
Posted by: bevin | Dec 21, 2013 11:00:16 AM | 15
Interesting, Mina, thank you. I also just watched a video discussion by Sibel Edmonds, who whatever you think of her, is still chair of the self-described Whistleblowers Association, which Thomas Drake still belongs to. I just watched this Sibel thing, and she is doing what she always does. I listened to it, or watched it, whichever you do with these things, which don’t really need to be videos at all, since they’re just talking heads, but anyway, I don’t think Greenwald will be much bothered by this level of criticism. Obviously, Greenwald is following a strategy inside the establishment or at least a part of it, the part that thinks of itself as ‘more progressive than’ other parts, but they still have establishment values, the most important of which is that they are the elite, and Greenwald wants to be part of that. It isn’t really a mystery.
But they differ on fairly fundamental issues from the neocons and the neocons lite who form Obama’s loyal core. They are equally ‘establishment’ types, that is to say, elitists, but they are ‘progressive’ elitists. We should be thoroughly used to this, because it is the essence of the two-party system: you have ‘conservatives’ versus ‘liberals’, within the peculiar meaning they give to those two terms, and they are all elitists, and in some respects they maintain a sort of overall elite solidarity with one another; they will unite to fight of anything that looks remotely ‘anti-establishment’, let alone ‘revolutionary’, because they all enjoy the advantages of bourgeois elitism, and often you find that the core of the ‘progressive’ complaint is that the ‘conservatives’ are heading in a direction that will upset the bourgeois applecart, for instance they will end up handing the country over to a military junta, and the NSA is in a way exactly that, the basis for a military junta.
So it’s quite futile to expect Greenwald to leave the establishment camp and join the hairies outside the fence, he has not the remotest intention of doing that, quite the opposite. Even if, as on Tarpley’s scenario, the ‘progressives’ ended up splitting the Democratic Party in two (Wall Street Democrats vs ‘progressive’ Democrats), the whole thing would still remain on the elite level, because that’s what bourgeois parties are all about, and only a real revolutionary party with a mass base in the working class could ever challenge that in any significant way. And all Sibel’s remarks about how people think Greenwald is Jesus, just the way they thought Obama was Jesus, are pointless shadow-boxing. People who think or ever thought that Greenwald was Jesus, are too naive to be worth even talking about. I think that an audience which is impressed by amateur psychology of this sort is just like the audience of Fox ‘News’, too stupid to be worth bothering with. So I am really turned off by Sibel’s big rave about how people think Greenwald is Jesus. I mean, on the level of tactics, I object to this. Whereas what I said in the previous paragraphs was about the big picture, not about Sibel’s tactics.
Posted by: Rowan Berkeley | Dec 21, 2013 11:02:46 AM | 16
PROMIS might not even exist - other than some woman called Indira Singh running about talking about it, there's little evidence that it's anything other than a good yarn
I think it probably does exist - but I'm aware there's little evidence for it's existence other than a few stories told by possible Spook-connected individuals such as Indira Singh.
Merely making everyone think that the Gov't can do what PROMIS is claimed to be able to do, is a cheap and somewhat effective substitute for them actually having the ability to do so. Given all the easy, access the Internet Co's give the US Gov't, they probably don't even need something like PROMIS -
Maybe people like Indira Singh talk about Promis to distract from what intelligent people worked out for themselves years ago (No need at all for celebrity Journos paid by Rich men to tell us what to think, which obviously will disappoint several pseuds/"revolutionaries" here ;-)) the obvious conclusion is that (almost) ALL the Internet Co's have all along willingly co-operating with the US Gov and consequently the US Gov does not need PROMIS?
Posted by: foff | Dec 21, 2013 11:03:05 AM | 17