Tagged: NSA

Mathis Lohaus

Why the German Intelligence Community Infuriates Me

One and a half years ago, I wrote the following about the German (BND) and the U.S. (CIA, NSA…) intelligence services in comparison:

(…) I think there is a marked difference in self-perception between the two nations. I don’t think anyone in Germany even wishes to have an equally powerful and expensive intelligence apparatus. Maybe I’m extremely naive, but I doubt wiretapping foreign heads of state is high on the BND’s agenda. (…)

Of course this was written in the context of the revelations about NSA and CIA operations that infringe on civil rights around the world. I still believe that (i) German agencies probably are less intrusive than their “Five Eyes” counterparts, and (ii) that public opinion in Germany is more critical of surveillance than in the United States.

...
Sign at the BND construction site (2008), CC-BY-SA by Schmidt/Richter on Wikimedia Commons

Recent news, however, have led me to re-evaluate my standpoint. While I still wish for “my” intelligence agencies to respect civil rights and the rule of law, most importantly I would really appreciate more professionalism on their side. I mean, you really can’t make this stuff up:

  • The construction site for the new BND headquarters in the center of Berlin was vandalized: after thieves removed a couple of faucets (!!!) from the upper floor, water kept leaking for hours
  • …leading to millions of euros in property damage (FYI: the new HQ is expected to cost >1.3 billion)
  • Nobody noticed anything. And this is not the first incident: In 2011, the top-secret construction plans were stolen or “went missing”…

Ironically, there is a German figure of speech that refers to particularly tight security as “wasserdicht” (waterproof). Of course people on Twitter are having a lot of fun with this and other bad puns. Check out the #watergate and #BNDleaks hashtags. Another particularly fitting yet hard to translate one is #läuftbeimBND.

On a more serious note, I am deeply worried about what goes on in the German intelligence community.

  • Domestically, the investigation of the NSU terrorism against immigrants suggests that the “Verfassungsschutz” (homeland security) was paying informants who not only failed to prevent or investigate any of these terrible crimes, but were present at the scenes of murders and then lied about it at court.
  • Internationally, it seems clear now that there is no concerted effort to curtain U.S. activities on European soil, despite all the symbolic outrage. The “no-spy treaty” was hot air, which is not surprising. New revelations about the British GCHQ or the U.S. services violating the rights of European citizens have not led to any serious response as far as I can tell.
  • (My working hypothesis is that several past German governments owe a lot to U.S. support in Afghanistan, which makes it very difficult to criticize these agencies.)
  • The parliamentary investigative committee on NSA/CIA surveillance is under multiple lines of attack:
    • witnesses and experts are extremely tight-lipped, and the BND routinely “forgets” and “loses” documents
    • three members of the committee have stepped down for unclear reasons
    • everything is obscured by lawyers and engineers claiming ignorance of each others’ field, which leads to almost farcical Q&A sessions
    • the security of the committee’s internal lines of communications is questionable: someone intercepted the package carrying the encrypted phone used by the committee chairman on its way to be serviced.
    • (Netzpolitik.org offers very extensive coverage of these events [in German], often supported by leaked documents.)

I am no conspiracy theorist, I am not against intelligence services per se, and I also know that politics are complicated. But this combination of blatant negligence when it comes to civil rights (in the country that spawned both the Third Reich and the Stasi!) with strategic and operational incompetence is infuriating.

Mathis Lohaus

Links: New Blogs, New Crises, NSA Reform, Ethics in Academia

global-matters

Our colleagues from the Center for Global Politics (CGP) at Freie Universität Berlin have set up a blog called “Global Matters”. The idea is promising:

every two weeks the CGP posts a question related to an important topic in current affairs – and presents short but profound comments from distinguished International Relations experts and practitioners from all over the world

Good luck and have fun! The current post is on conflict in South-East Asia. (Also, there seems to be a tendency at our university to pretty grandiose names for blogging projects…)

Speaking of new blogs: Dan Nexon, of Duck of Minerva fame, now runs a personal blog called Hylaean Flow. Much of it will probably deal with insights from his role as editor for ISQ and the publishing process in general (via the Duck, where they also posted the new Game of Thrones trailer, just in case you missed it)

Tyler Cowen presents opinions from different people on “Which countries will have the next financial crisis?” If you’re a citizen, resident or investor in one of the following, now might be the time to worry: Denmark, Sweden or Norway (high private household debt), Singapore (a lot of loans), Malaysia or the Philippines (economic bubble), Ukraine (although Russia helped), Canada (real estate bubble), Thailand, Turkey, Greece, India or Indonesia (Tyler’s picks).

One key question is the relative worry weights you assign to private debt vs. bad institutions.

What about the rest of the world?  The eurozone is seeing ongoing credit contraction and perhaps deflation too.  Japan just announced a surprisingly large and apparently persistent current account deficit.  And the United States?  Things look pretty good, but in fact by the standards of historical timing we are soon due for another recession.

I’ll put my money on Turkey.

On cyber security and surveillance: Bruce Schneier has an excellent piece on how the NSA and other agencies threaten national (U.S.) security. The text is a commentary on the reform debate in the United States; let’s wait and see what President Obama will announce on Friday. Meanwhile, the tone in Germany gets angrier. As the “no spy” treaty seems to be canceled, now some people make the case for retaliation through the TTIP and other transatlantic negotiations.

PS. At the Monkey Cage, there’s a short interview with Peter Singer, whose book on cyber security and cyber war looks very interesting.

Last but not least, two items reflecting on academic practice. First, Megan MacKenzie has written on the ethics of adjunct professors and other “casual” posts in (U.S.) departments. She presents four reasons to be careful about taking these jobs and four ways for permanent staff to improve the situation. A lot of this probably also holds for the European context.

Second, Burcu Bayram on how to tell MA students that pursuing a PhD might not be the best option for them: Should you be the blunt “dream-crusher” or try a more empathetic approach?

Mathis Lohaus

“Tailored Access Operations” are exactly what I want the NSA to do

Happy New Year everyone! We’re back from our winter break. (Actually, some members of the IR Blog editorial board are still enjoying their time off, but I guess they will return to their desks eventually.)

At the 2013 Chaos Communication Congress in Hamburg, Jacob Applebaum gave a talk that summarized what is known about the NSA’s “Tailored Access Operations” unit. You can watch the video above. Basically, “tailored access” means that these are high-tech “hackers” that acquire intelligence on high-profile targets. Their arsenal includes tiny wireless chips inserted into hardware that is intercepted on the way to customers (!) as well as a special kind of bug that can be accessed by radar waves. Given that the information is from 2009, they probably have even more sophisticated tools now.

The related SPIEGEL story is here (in English). Bruce Schneier has collected a couple of links on the topic, and currently presents one of the exploits every day.

In the Guardian, Matt Blaze makes a very important point: “The NSA’s Tailored Access Operations show there’s a way to be safe and get good intelligence without mass surveillance”. The crucial difference is that between (A) civil-rights-abusing mass surveillance (as currently discussed, again, in the German cabinet) and (B) targeted surveillance of people that were chosen based on meaningful criteria. As Blaze puts it:

TAO is retail rather than wholesale.

That is, as well as TAO works (and it appears to work quite well indeed), they can’t deploy it against all of us – or even most of us. They must be installed on each individual target’s own equipment, sometimes remotely but sometimes through “supply chain interdiction” or “black bag jobs”. By their nature, targeted exploits must be used selectively. Of course, “selectively” at the scale of NSA might still be quite large, but it is still a tiny fraction of what they collect through mass collection.

For over a decade now, the NSA has been drowning in a sea of irrelevant data collected almost entirely about innocent people who would never be selected as targets or comprise part of any useful analysis. The implicit assumption has been that spying on everyone is the price we pay to be able to spy on the real bad guys. But the success of TAO demonstrates a viable alternative. And if the NSA has any legitimate role in intelligence gathering, targeted operations like TAO have the significant advantage that they leave the rest of us – and the systems we rely on – alone.

When I wrote earlier that “we are genuinely shocked by the extent to which our friends feel the need to spy on us and don’t think twice about it”, I was mainly referring to mass surveillance. Wiretapping chancellor Merkel is disrespectful, but I expect her to expect this kind of thing as an occupational hazard. What I find unacceptable, on the other hand, is that systematically eroding the integrity of communications networks and the meaning of “privacy” should be the new normal.

In other words: I’m far more comfortable with the idea that U.S. operatives secretly plant a bug in some suspected terrorist’s computer in Berlin than with the fact that all kinds of “metadata” on German (and other) citizens are being collected non-stop.

Putting a stop to individual-level surveillance seems implausible to me, and also impossible seeing that U.S. legislators would have to decide to shut down pretty much all of what intellifence agencies are about. But is it really that far-fetched (or naive) to hope for some consensus in favor of civil rights? Even if you don’t care about somewhat lofty and abstract pro-privacy arguments, U.S. and European business is being hurt by the NSA’s horrible reputation, and then there’s always the risk that backdoors may be used by more than one party…

“Tailored access” is exactly what I want the NSA to do. But please leave my telecoms provider alone and stop tracking my mobile phone “just in case”.

Mathis Lohaus

Links: Cyber Attacks, Trade Negotiations, Combat Drones

A Siemens device used to control centrifuges (via Wikimedia commons)
A Siemens device used to control centrifuges (by “Ulli1105” via Wikimedia commons)

Small anniversary: Link post #25. By the way, do you find these useful?

On cyber attacks, I would like to recommend three pieces that might not be for everyone, but are interesting to get a more technical understanding of what is going:

  • Ralph Langner has written a fascinating account of “Stuxnet”. It turns out that the U.S./Israeli (?) attack on Iranian nuclear centrifuges consisted not of one, but two separate types of computer virus, with trade-offs between effectiveness, predictability and stealth. The newer version used a less sophisticated way to damage centrifuges, but a much more sophisticated way to gain access in the first place and then spread across systems.
  • Nicholas Weaver summarizes the steps taken by U.S. intelligence agencies to access/hijack communications through the Internet’s backbone. This discussion of the NSA QUANTUM program is not too technical, but introduces a couple of phrases you might hear more often in the future. (via Bruce Schneier)
  • Jim Cowie discusses a different form of attack, in which internet traffic is redirected to get access to sensitive information. Fascinating for laypeople: Since we’re talking about milliseconds, “[t]he recipient, perhaps sitting at home in a pleasant Virginia suburb drinking his morning coffee, has no idea that someone in Minsk has the ability to watch him surf the web”. (But keep in mind that this comes form a private IT security company and is phrased to maximize PR effects.)

Two items on free trade negotiations:

First, Philip Murphy, the former U.S. Ambassador to Germany, is very confident that President Obama will manage to get approval from Congress for the Transatlantic Trade and Investment Partnership TTIP (via AICGS / Tobias Bunde).

Second, regarding the other U.S. free trade effort currently under negotiation – the Trans-Pacific Partnership TPP – you’ve probably heard that the part dealing with intellectual property rights was leaked last week. GWU PhD candidate Gabriel J. Michael has analyzed the way in which different countries proposed changes to the document (which is visible in the leaked text) and offers the following summary:

  1. The U.S. and Japan are relatively isolated in their negotiating positions.
  2. There appears to be a strong negotiating network between Singapore, Chile, Malaysia and New Zealand.
  3. Canada is up to something!

Some commentators pointed out that he might be neglecting an alternative explanation: that the U.S. and Japan are simply happy with the current document, as they have had a bigger say in creating the draft.

Irrespective of the arguments about causality, Michael’s blog post is a great example of what can be done with leaked documents and visualization! (via The Monkey Cage, where you can find more comments).

Finally, a quick follow-up on last week’s post on combat drones, again by Charli Carpenter at the Duck:

The Campaign to Stop Killer Robots secured an important victory last week when delegates of States Parties to the Convention on Certain Conventional Weapons (CCW) voted unanimously to take up the issue (…).

(…)

While this is an important and promising moment, the shape and trajectory of norm-building efforts will depend a great deal on the tenor and outcome of next May’s CCW meeting. And one thing is sure: if that meeting results in weaker norms that hoped for my human security advocates, NGOs may simply take their cause elsewhere.

Mathis Lohaus

Espionage, Surveillance, and Transatlantic Relations

snowdenletterOK, the NSA was bugging German chancellor Angela Merkel’s cell phone for ten years, and a well-known German member of parliament has just met with whistleblower Edward Snowden in Russia. Snowden has written a letter and offered “to testify to a public prosecutor or an investigating committee of Germany’s lower house of parliament, the Bundestag”, as the SPIEGEL reports.

So I guess it’s time for some quick reflections on two of our favorite topics, Transatlantic relations and surveillance / espionage:

Continue reading

Mathis Lohaus

Links: Coase; End of IR Theory; Spying and Leaks; Twerking and Colonialism

endofhteory

Transaction Costs

  • Ronald Coase passed away on September 2. Here is a brief discussion of his most famous contributions, of which “transaction costs” matter most for political scientists.

The End of IR Theory?

  • In case you somehow missed it: The Duck of Minerva is running a symposium called “The End of IR Theory?” together with the European Journal of International Relations. It spans “twenty-five planned posts consisting mostly of teasers of articles in the special issues and responses to those articles”. Here is an overview of all blog posts, and you can find the special issue here.
  • Steve Saideman offers a related post, looking at the types of theorizing and hypothesis testing that are being published in IR journals. (Also see Wiebke’s posts in this blog.)

Spying and Leaking

“If the US has demonstrably lied to the EU about the circumstances under which it has been getting access to SWIFT, it will be hard for the EU to continue with the arrangement (and, possibly, a similar arrangement about sharing airline passenger data) without badly losing face.”

Twerking and Colonialism

Mathis Lohaus

Links: NSA, Brazil, Tenure, MOOCs

Plötzensee, Berlin (Wikipedia)
Plötzensee, Berlin (Public Domain, Wikipedia)

Over at Bretterblog, a colleague has noted (in German) that many IR blogs seem to take a summer break. Might that have been directed at us? Well, here are some links to prove that not all of us are swimming in a lake right now… (I wish!)

PRISM / NSA surveillance, even though you’re sick and tired of it:

In other news:

  • Nauro F. Campos analyzes why people are protesting in Brazil, using a dataset from 1870 to 2003. The list of factors he and his colleagues have identified for the current wave of protest doesn’t sound too surprising: “corruption and inefficiency in public services delivery, political ineptitude and the electoral cycle.” Another interesting finding: The number of riots is decreasing over time, but there are more peaceful protests.
  • There’s a great post at Scientific American by computer scientist Radhika Nagpal, who decided not to stress too much about tenure and instead treat her job as a “seven-year postdoc”. This means: don’t spend all your energy networking and sucking up to important people, but rather enjoy life and get good work done. Probably works best if you’re very smart and hard-working anyway; she’s now a professor at Harvard. Steven Saideman offers his comments at the Duck of Minerva.
  • Are MOOCs (massive open online courses) a game-changer, or are we just being fooled by the “hype cycle”? Dan Drezner contrasts the two perspectives and ends up in the skeptical camp [Foreign Policy account needed].
Mathis Lohaus

Links: Voting reform, Forecasting, PRISM, Germany

gerrymandering-smbc
Detail from “A Simple Proposal to Stop Gerrymandering”, Saturday Morning Breakfast Cereal

Summer break has begun in Germany. Wherever you are, enjoy your time in the sun! In case you’re stuck inside (or using a handheld device instead of just relaxing in the park), here are some links:

  • One of my favorite web comics has an episode on how to reform voting disctricts; it involves strict rules, is based on incentives and public scrutiny, and leaves little room for corruption.
  • The forecasting competition in which I take part (Good Judgment Project) is about to kick off season 3. I plan to cover the next steps here on the blog, in particular because I have now been promoted to “super forecaster” status. Please consider reading part 1 and part 2 of my coverage so far.
  • Edward Snowden’s fate is still undecided and the news about U.S./UK surveillance will probably keep going. For Germany, there is a new angle to the whole story in the aftermath of interior minister Friedrich’s visit to Washington: “many were critical of his trip, saying he was given little information and came across like an obedient school boy” (SPIEGEL).
  • Friedrich is now under fire for suggesting that several terrorist attacks on German soil have been avoided thanks to PRISM; a statement that was not backed up by facts. He also neatly summarized the ‘let’s give up civil liberties for counter-terrorism’ logic: “The noble intention of saving lives in Germany justifies working with our American friends and partners …” (my translation; via law blog)
  • Chancellor Merkel, on the other, is extremely careful not to say anything at all in her recent interviews on the topic.
Mathis Lohaus

FAQ: The PRISM leak & Edward Snowden

PRISM slide 4

OK, now that some of the dust has settled: What exactly is this PRISM program? Apparently, the idea is to collect information on patterns of communication (who talked to whom), and then look at potentially interesting contents (who said what). For metadata you only need a subpoena, for the contents you need a court order. The features look very impressive / scary:

With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”

According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms. (Washington Post)

What I don’t fully understand is the targeting: In theory, this is aimed at non-U.S. citizens suspected of terrorism, nuclear proliferation and the like. But “incidental” collection of information about Americans is tolerated. And what about data protection treaties with other nations? The EU and Germany are not amused – but might have been informed and compliant to some degree.

A piece by ProPublica suggests that a lot of details are “unclear”:

Has the NSA been collecting all Americans’ phone records, and for how long? It’s not entirely clear. (…)

What surveillance powers does the government believe it has under the Patriot Act? That’s classified. (…)

Has the NSA’s massive collection of metadata thwarted any terrorist attacks? It depends which senator you ask. And evidence that would help settle the matter is, yes, classified. (…)

How much information, and from whom, is the government sweeping up through Prism? It’s not clear. (…)

So, how does Prism work? (…) The Post quotes a classified NSA report saying that Prism allows “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” not the company servers themselves. So what does any of that mean? We don’t know.

Please do read the whole article. Dan Drezner’s initial response from last week puts the leaks in perspective: What the NSA does is probably legal and backed by both Republicans and Democrats. So what we should really worry about is the U.S. Congress, not the NSA: More and more secret laws have been created and cannot be publicly debated.

So much for legal details and party politics. But there are even broader things to consider: For one, (perceptions of a) surveillance state undermines trust in the government as a whole, which is an issue for leaders of any political affiliation. Second, secret organizations per definition work very differently from those that rely on accountability, transparency and oversight. Putting ever more competencies in the hands of, well, spies is problematic because these mechanisms don’t work for them. A functional equivalent might be “a strong organizational culture and powerful professional norms”, but in his latest post on the issue Dan Drezner suggests that we should not rely on these in the case of the NSA.

OK, enough of this complicated stuff – what about Edward Snowden, the PRISM whistle-blower?  Continue reading

Sören Stapel

Links: European floods, Middle East, NSA, Game of Thrones

Flood disaster in Central Europe

Central Europe has to bear with a lot of water as the rivers Danube, Elbe, Saale, Inn, Mulde, and several more tributaries are swollen up to the upper limit. The video* above shows dyke watches in Central Germany (in the city of Schönebeck). That’s how pretty much every place around these rivers looks like while the dams are about to burst – and if they have burst, it’s just worse. Railways hat to be closed and thousands of people are evacuated from these masses of waters. While in some places the clearing work has started by now, the worst is yet to come for Northern Germany and Hungary. The Danube river alone affects 10 countries.

This has happened before, of course, but those record surges are unknown of and they happen at the same time in several countries across Europe (for instance, Germany, the Czeach Republic, Slovakia, Austria and Hungary are flood-affected). Some people link the floods to consequences of climate change and sealed surfaces. I am wondering just why the dyke building has not advanced as much as it should have after the 2002 and 2005 floods in Germany. And, what about transnational cooperation in river management / flood control / disaster management? Has anyone come across some piece that is taking up the coordination between e.g. Czech and German officials?

* The video is from a small local newspaper in Saxony-Anhalt and I wanted to promote it here. Continue reading