Tagged: espionage

Mathis Lohaus

Marginal Costs in Intl. Affairs

Zero Marginal Costs SocietyLast week, Jeremy Rifkin presented his current book here in Berlin. In The Zero Marginal Costs Society, he argues that the marginal costs of production in many sectors are moving (close) to zero, leading to economic shifts on the scale of the industrial revolution. Three forces make this possible according to Rifkin:

  • a truly integrated global internet (communication + logistics + sensors)
  • abundant renewable energy
  • 3D printing as extremely cost-efficient mode of producing physical goods

No matter how you think about the details of Rifkin’s predictions, he makes persuasive points on what very low marginal costs can entail. This is obviously true for the areas he addresses (the economics of production, welfare, labor, automation, consumption).

But in addition,  marginal costs are worth  attention when we think about international relations and and transnational political affairs more generally:

  • If we buy Rifkin’s arguments, IPE scholars and others who care about economic power and growth prospects will put less emphasis on traditional metrics of factor endowments. If the Netherlands are just much better at making use of renewables than Russia, size is a bad predictor of success. How do you model something like the political will to embrace the future?
  • The marginal cost of reaching one more pair of eyes applies to political mobilization. No matter how high your PR budget, you can reach millions of potential recruits if you’re willing to be excessively cruel and upload an execution video. And how does having a single “viral” idea (involving buckets of ice) measure up against having a more traditional structure of supporters?
  • I’ve covered intelligence activities here on the blog, in particular the  large-scale surveillance conducted by the NSA and other agencies. Consider the logic of technology-driven surveillance: The marginal cost of targeting one more person is virtually zero. Keeping that person’s data for one more unit of time is free. And there is no physical or technological limit in sight.
  • Similarly, I suspect that “cyber war” skills probably scale at close to zero marginal costs. Once you managed to infiltrate a crucial bit of IT infrastructure (and still have plausible deniability to mitigate political repercussions), deciding about the amount of damage you want to inflict will not be a matter of costs.

I’m sure there are many more examples. And if you’re willing to bear the cost of adding one more book to your reading list, consider Rifkin’s.

Mathis Lohaus

“Tailored Access Operations” are exactly what I want the NSA to do

Happy New Year everyone! We’re back from our winter break. (Actually, some members of the IR Blog editorial board are still enjoying their time off, but I guess they will return to their desks eventually.)

At the 2013 Chaos Communication Congress in Hamburg, Jacob Applebaum gave a talk that summarized what is known about the NSA’s “Tailored Access Operations” unit. You can watch the video above. Basically, “tailored access” means that these are high-tech “hackers” that acquire intelligence on high-profile targets. Their arsenal includes tiny wireless chips inserted into hardware that is intercepted on the way to customers (!) as well as a special kind of bug that can be accessed by radar waves. Given that the information is from 2009, they probably have even more sophisticated tools now.

The related SPIEGEL story is here (in English). Bruce Schneier has collected a couple of links on the topic, and currently presents one of the exploits every day.

In the Guardian, Matt Blaze makes a very important point: “The NSA’s Tailored Access Operations show there’s a way to be safe and get good intelligence without mass surveillance”. The crucial difference is that between (A) civil-rights-abusing mass surveillance (as currently discussed, again, in the German cabinet) and (B) targeted surveillance of people that were chosen based on meaningful criteria. As Blaze puts it:

TAO is retail rather than wholesale.

That is, as well as TAO works (and it appears to work quite well indeed), they can’t deploy it against all of us – or even most of us. They must be installed on each individual target’s own equipment, sometimes remotely but sometimes through “supply chain interdiction” or “black bag jobs”. By their nature, targeted exploits must be used selectively. Of course, “selectively” at the scale of NSA might still be quite large, but it is still a tiny fraction of what they collect through mass collection.

For over a decade now, the NSA has been drowning in a sea of irrelevant data collected almost entirely about innocent people who would never be selected as targets or comprise part of any useful analysis. The implicit assumption has been that spying on everyone is the price we pay to be able to spy on the real bad guys. But the success of TAO demonstrates a viable alternative. And if the NSA has any legitimate role in intelligence gathering, targeted operations like TAO have the significant advantage that they leave the rest of us – and the systems we rely on – alone.

When I wrote earlier that “we are genuinely shocked by the extent to which our friends feel the need to spy on us and don’t think twice about it”, I was mainly referring to mass surveillance. Wiretapping chancellor Merkel is disrespectful, but I expect her to expect this kind of thing as an occupational hazard. What I find unacceptable, on the other hand, is that systematically eroding the integrity of communications networks and the meaning of “privacy” should be the new normal.

In other words: I’m far more comfortable with the idea that U.S. operatives secretly plant a bug in some suspected terrorist’s computer in Berlin than with the fact that all kinds of “metadata” on German (and other) citizens are being collected non-stop.

Putting a stop to individual-level surveillance seems implausible to me, and also impossible seeing that U.S. legislators would have to decide to shut down pretty much all of what intellifence agencies are about. But is it really that far-fetched (or naive) to hope for some consensus in favor of civil rights? Even if you don’t care about somewhat lofty and abstract pro-privacy arguments, U.S. and European business is being hurt by the NSA’s horrible reputation, and then there’s always the risk that backdoors may be used by more than one party…

“Tailored access” is exactly what I want the NSA to do. But please leave my telecoms provider alone and stop tracking my mobile phone “just in case”.

Mathis Lohaus

Espionage, Surveillance, and Transatlantic Relations

snowdenletterOK, the NSA was bugging German chancellor Angela Merkel’s cell phone for ten years, and a well-known German member of parliament has just met with whistleblower Edward Snowden in Russia. Snowden has written a letter and offered “to testify to a public prosecutor or an investigating committee of Germany’s lower house of parliament, the Bundestag”, as the SPIEGEL reports.

So I guess it’s time for some quick reflections on two of our favorite topics, Transatlantic relations and surveillance / espionage:

Continue reading

Mathis Lohaus

Links: Coase; End of IR Theory; Spying and Leaks; Twerking and Colonialism

endofhteory

Transaction Costs

  • Ronald Coase passed away on September 2. Here is a brief discussion of his most famous contributions, of which “transaction costs” matter most for political scientists.

The End of IR Theory?

  • In case you somehow missed it: The Duck of Minerva is running a symposium called “The End of IR Theory?” together with the European Journal of International Relations. It spans “twenty-five planned posts consisting mostly of teasers of articles in the special issues and responses to those articles”. Here is an overview of all blog posts, and you can find the special issue here.
  • Steve Saideman offers a related post, looking at the types of theorizing and hypothesis testing that are being published in IR journals. (Also see Wiebke’s posts in this blog.)

Spying and Leaking

“If the US has demonstrably lied to the EU about the circumstances under which it has been getting access to SWIFT, it will be hard for the EU to continue with the arrangement (and, possibly, a similar arrangement about sharing airline passenger data) without badly losing face.”

Twerking and Colonialism

Mathis Lohaus

Links: NSA, Brazil, Tenure, MOOCs

Plötzensee, Berlin (Wikipedia)
Plötzensee, Berlin (Public Domain, Wikipedia)

Over at Bretterblog, a colleague has noted (in German) that many IR blogs seem to take a summer break. Might that have been directed at us? Well, here are some links to prove that not all of us are swimming in a lake right now… (I wish!)

PRISM / NSA surveillance, even though you’re sick and tired of it:

In other news:

  • Nauro F. Campos analyzes why people are protesting in Brazil, using a dataset from 1870 to 2003. The list of factors he and his colleagues have identified for the current wave of protest doesn’t sound too surprising: “corruption and inefficiency in public services delivery, political ineptitude and the electoral cycle.” Another interesting finding: The number of riots is decreasing over time, but there are more peaceful protests.
  • There’s a great post at Scientific American by computer scientist Radhika Nagpal, who decided not to stress too much about tenure and instead treat her job as a “seven-year postdoc”. This means: don’t spend all your energy networking and sucking up to important people, but rather enjoy life and get good work done. Probably works best if you’re very smart and hard-working anyway; she’s now a professor at Harvard. Steven Saideman offers his comments at the Duck of Minerva.
  • Are MOOCs (massive open online courses) a game-changer, or are we just being fooled by the “hype cycle”? Dan Drezner contrasts the two perspectives and ends up in the skeptical camp [Foreign Policy account needed].
Mathis Lohaus and Christian Kreuder-Sonnen

There’s No Balance of Cyber Threats

Map of APT1 activities
Map of APT1 activities (image taken from the Mandiant APT1 report)

In February, the American cyber security company Mandiant released a report “exposing one of China’s cyber espionage units” (PDF here). A large chunk of it boils down to three findings: The attacks on US infrastructures originated in China, they were orchestrated by a large and resourceful group, and Mandiant has studied that group to the extent where they can tell individual members apart.

Finally the authors point out that the activities of this “Advanced Persistent Threat #1” (APT1) have been tracked to a certain location in Shanghai, which also happens to host the headquarters of a Chinese military unit (PLA Unit 61398) dealing with cyber security. So Mandiant claims to be able to trace breaches into private U.S. security systems back to a unit of the People’s Liberation Army.

Cyber security analyst Jeffrey Carr has pointed out that the report leaves a lot to be desired, and that some of the claims about linking APT-1 to the PLA Unit 61398 appear to be wrong. There’s no reason to suspect that Carr naively wants to protect China. His comments rather illustrate the difficulty of attributing cyber “attacks” or “espionage” to particular actors.

Yet establishing such a chain of evidence is the whole point of the Mandiant report and the reason it got so much attention!

Continue reading