Tag Archives: surveillance

Why the German Intelligence Community Infuriates Me

One and a half years ago, I wrote the following about the German (BND) and the U.S. (CIA, NSA…) intelligence services in comparison:

(…) I think there is a marked difference in self-perception between the two nations. I don’t think anyone in Germany even wishes to have an equally powerful and expensive intelligence apparatus. Maybe I’m extremely naive, but I doubt wiretapping foreign heads of state is high on the BND’s agenda. (…)

Of course this was written in the context of the revelations about NSA and CIA operations that infringe on civil rights around the world. I still believe that (i) German agencies probably are less intrusive than their “Five Eyes” counterparts, and (ii) that public opinion in Germany is more critical of surveillance than in the United States.

...
Sign at the BND construction site (2008), CC-BY-SA by Schmidt/Richter on Wikimedia Commons

Recent news, however, have led me to re-evaluate my standpoint. While I still wish for “my” intelligence agencies to respect civil rights and the rule of law, most importantly I would really appreciate more professionalism on their side. I mean, you really can’t make this stuff up:

  • The construction site for the new BND headquarters in the center of Berlin was vandalized: after thieves removed a couple of faucets (!!!) from the upper floor, water kept leaking for hours
  • …leading to millions of euros in property damage (FYI: the new HQ is expected to cost >1.3 billion)
  • Nobody noticed anything. And this is not the first incident: In 2011, the top-secret construction plans were stolen or “went missing”…

Ironically, there is a German figure of speech that refers to particularly tight security as “wasserdicht” (waterproof). Of course people on Twitter are having a lot of fun with this and other bad puns. Check out the #watergate and #BNDleaks hashtags. Another particularly fitting yet hard to translate one is #läuftbeimBND.

On a more serious note, I am deeply worried about what goes on in the German intelligence community.

  • Domestically, the investigation of the NSU terrorism against immigrants suggests that the “Verfassungsschutz” (homeland security) was paying informants who not only failed to prevent or investigate any of these terrible crimes, but were present at the scenes of murders and then lied about it at court.
  • Internationally, it seems clear now that there is no concerted effort to curtain U.S. activities on European soil, despite all the symbolic outrage. The “no-spy treaty” was hot air, which is not surprising. New revelations about the British GCHQ or the U.S. services violating the rights of European citizens have not led to any serious response as far as I can tell.
  • (My working hypothesis is that several past German governments owe a lot to U.S. support in Afghanistan, which makes it very difficult to criticize these agencies.)
  • The parliamentary investigative committee on NSA/CIA surveillance is under multiple lines of attack:
    • witnesses and experts are extremely tight-lipped, and the BND routinely “forgets” and “loses” documents
    • three members of the committee have stepped down for unclear reasons
    • everything is obscured by lawyers and engineers claiming ignorance of each others’ field, which leads to almost farcical Q&A sessions
    • the security of the committee’s internal lines of communications is questionable: someone intercepted the package carrying the encrypted phone used by the committee chairman on its way to be serviced.
    • (Netzpolitik.org offers very extensive coverage of these events [in German], often supported by leaked documents.)

I am no conspiracy theorist, I am not against intelligence services per se, and I also know that politics are complicated. But this combination of blatant negligence when it comes to civil rights (in the country that spawned both the Third Reich and the Stasi!) with strategic and operational incompetence is infuriating.

Marginal Costs in Intl. Affairs

Zero Marginal Costs SocietyLast week, Jeremy Rifkin presented his current book here in Berlin. In The Zero Marginal Costs Society, he argues that the marginal costs of production in many sectors are moving (close) to zero, leading to economic shifts on the scale of the industrial revolution. Three forces make this possible according to Rifkin:

  • a truly integrated global internet (communication + logistics + sensors)
  • abundant renewable energy
  • 3D printing as extremely cost-efficient mode of producing physical goods

No matter how you think about the details of Rifkin’s predictions, he makes persuasive points on what very low marginal costs can entail. This is obviously true for the areas he addresses (the economics of production, welfare, labor, automation, consumption).

But in addition,  marginal costs are worth  attention when we think about international relations and and transnational political affairs more generally:

  • If we buy Rifkin’s arguments, IPE scholars and others who care about economic power and growth prospects will put less emphasis on traditional metrics of factor endowments. If the Netherlands are just much better at making use of renewables than Russia, size is a bad predictor of success. How do you model something like the political will to embrace the future?
  • The marginal cost of reaching one more pair of eyes applies to political mobilization. No matter how high your PR budget, you can reach millions of potential recruits if you’re willing to be excessively cruel and upload an execution video. And how does having a single “viral” idea (involving buckets of ice) measure up against having a more traditional structure of supporters?
  • I’ve covered intelligence activities here on the blog, in particular the  large-scale surveillance conducted by the NSA and other agencies. Consider the logic of technology-driven surveillance: The marginal cost of targeting one more person is virtually zero. Keeping that person’s data for one more unit of time is free. And there is no physical or technological limit in sight.
  • Similarly, I suspect that “cyber war” skills probably scale at close to zero marginal costs. Once you managed to infiltrate a crucial bit of IT infrastructure (and still have plausible deniability to mitigate political repercussions), deciding about the amount of damage you want to inflict will not be a matter of costs.

I’m sure there are many more examples. And if you’re willing to bear the cost of adding one more book to your reading list, consider Rifkin’s.

Steinmeier on Transatlantic Relations

steinmeier-brookings

This morning, I went to see German foreign minister Steinmeier’s speech at the Brookings Institution. Under the heading “Transatlantic Ties for a New Generation”, he argued that to be attractive for young people, the European-American partnership has to be based on shared values and standards of governance. The text is on the ministry’s website. In addition, Brookings published the audio and video recordings of the speech and the Q&A.

To be fair, this speech was more interesting and better prepared than the last foreign policy speech delivered by a Social Democrat that I have attended. Still, if you go beyond the personal anecdotes and jokes he made, Steinmeier said very little, let alone . The Q&A, regrettably, was hurt by the fact that Steinmeier – who had given the speech in English- answered in German. So a lot of time was spent on translation and we only covered four or five (pretty harmless) questions in total.

So, here are the few concrete things I took away from this event. (Plain English translation in italics.)

  • The “no spy” treaty is a non-starter. Instead, Steinmeier wants to have several rounds of talks between U.S. and European officials, which should cover both eavesdropping on government leaders and large-scale surveillance of general population. These talks should include civil society and academia. (We know that’s kind of embarrassing, but what are we gonna do? Nobody wants to kill TTIP because of civil rights.)
  • On the choice to spy: the U.S. government should realize that their surveillance/ spying practices are inappropriate in a setting of close partnership. It must be made clear that democratic bodies have the last words rather than corporate or intelligence interests. (Please be a little bit nicer, for old time’s sake, OK?)
  • Europeans and in particular Germans are committed to show more leadership in foreign policy (“expand the toolbox of diplomacy”). As head of the G8 group in 2015, Germany will push for climate change politics. (But please don’t mention Syria, because we really don’t know what to do.)
  • On Europe: Between Germany and the UK, fundamental disagreements remain about the general trajectory of EU integration. We might see more subsidiarity in select issue areas, but no reversal of integration. (Those ***** Brits! As if we didn’t have enough problems already. Oh, and maybe we should tweak those austerity policies in Southern countries, but please don’t ask about specifics).
  • While the Russian human rights ombudsman Vladimir Lukin played in a constructive role in the talks with German, French, Polish FMs last week, Steinmeier is just as puzzled about Crimea as everybody else. (Nobody knows what’s going on in Ukraine, and even if we knew, we probably couldn’t do much about it. It’s not like we’re a  superpower or anything.)

So, as you can see, no grand commitments or surprise announcements were made today. German foreign policy remains, ahem, underwhelming.

Links: ISA and Blogging, Munich Security Conference, and much more

isa-vs-wp

Last week, Steve Saideman kicked off a debate after the International Studies Association’s Executive Committee proposed to adopt a policy that would ban editors of the ISA’s official journals from blogging. Several people involved in blogging and/or official ISA business have commented at Steve’s blog. (Nobody called it “lex Nexon”, though.)

Here is another post on why banning blogs is a bad idea. Burcu Bayram has a post on how blogging is useful for young scholars in particular. As immediate reaction to the “ignorance about social media and its role in 21st century IR scholarship and teaching” expressed in the proposal, Steve and others are now planning to create the ISA Online Media Caucus.

Meanwhile, it seems that the ISA’s Governing Council will not implement a ban:

If a vote was held today on the initial proposal, I am pretty sure that we would win.  Of course, if I felt that there would be such a vote, I would do some more work to be sure of it.

The 50th Munich Security Conference is over now, but you can watch many videos of the panel discussions on the conference website (just scroll down past the “highlight” clips).

I agree with Tobias Bunde and Wolfgang Ischinger that U.S. and European members of parliament should cooperate to curtail NSA surveillance and other violations of civil liberties.

Our colleagues at Bretterblog have collected some links [in German] with critical comments on the MSC as well as new developments in German foreign policy.

In other news, I recommend the following items from the (IR) blogosphere:

Links: New Blogs, New Crises, NSA Reform, Ethics in Academia

global-matters

Our colleagues from the Center for Global Politics (CGP) at Freie Universität Berlin have set up a blog called “Global Matters”. The idea is promising:

every two weeks the CGP posts a question related to an important topic in current affairs – and presents short but profound comments from distinguished International Relations experts and practitioners from all over the world

Good luck and have fun! The current post is on conflict in South-East Asia. (Also, there seems to be a tendency at our university to pretty grandiose names for blogging projects…)

Speaking of new blogs: Dan Nexon, of Duck of Minerva fame, now runs a personal blog called Hylaean Flow. Much of it will probably deal with insights from his role as editor for ISQ and the publishing process in general (via the Duck, where they also posted the new Game of Thrones trailer, just in case you missed it)

Tyler Cowen presents opinions from different people on “Which countries will have the next financial crisis?” If you’re a citizen, resident or investor in one of the following, now might be the time to worry: Denmark, Sweden or Norway (high private household debt), Singapore (a lot of loans), Malaysia or the Philippines (economic bubble), Ukraine (although Russia helped), Canada (real estate bubble), Thailand, Turkey, Greece, India or Indonesia (Tyler’s picks).

One key question is the relative worry weights you assign to private debt vs. bad institutions.

What about the rest of the world?  The eurozone is seeing ongoing credit contraction and perhaps deflation too.  Japan just announced a surprisingly large and apparently persistent current account deficit.  And the United States?  Things look pretty good, but in fact by the standards of historical timing we are soon due for another recession.

I’ll put my money on Turkey.

On cyber security and surveillance: Bruce Schneier has an excellent piece on how the NSA and other agencies threaten national (U.S.) security. The text is a commentary on the reform debate in the United States; let’s wait and see what President Obama will announce on Friday. Meanwhile, the tone in Germany gets angrier. As the “no spy” treaty seems to be canceled, now some people make the case for retaliation through the TTIP and other transatlantic negotiations.

PS. At the Monkey Cage, there’s a short interview with Peter Singer, whose book on cyber security and cyber war looks very interesting.

Last but not least, two items reflecting on academic practice. First, Megan MacKenzie has written on the ethics of adjunct professors and other “casual” posts in (U.S.) departments. She presents four reasons to be careful about taking these jobs and four ways for permanent staff to improve the situation. A lot of this probably also holds for the European context.

Second, Burcu Bayram on how to tell MA students that pursuing a PhD might not be the best option for them: Should you be the blunt “dream-crusher” or try a more empathetic approach?

“Tailored Access Operations” are exactly what I want the NSA to do

Happy New Year everyone! We’re back from our winter break. (Actually, some members of the IR Blog editorial board are still enjoying their time off, but I guess they will return to their desks eventually.)

At the 2013 Chaos Communication Congress in Hamburg, Jacob Applebaum gave a talk that summarized what is known about the NSA’s “Tailored Access Operations” unit. You can watch the video above. Basically, “tailored access” means that these are high-tech “hackers” that acquire intelligence on high-profile targets. Their arsenal includes tiny wireless chips inserted into hardware that is intercepted on the way to customers (!) as well as a special kind of bug that can be accessed by radar waves. Given that the information is from 2009, they probably have even more sophisticated tools now.

The related SPIEGEL story is here (in English). Bruce Schneier has collected a couple of links on the topic, and currently presents one of the exploits every day.

In the Guardian, Matt Blaze makes a very important point: “The NSA’s Tailored Access Operations show there’s a way to be safe and get good intelligence without mass surveillance”. The crucial difference is that between (A) civil-rights-abusing mass surveillance (as currently discussed, again, in the German cabinet) and (B) targeted surveillance of people that were chosen based on meaningful criteria. As Blaze puts it:

TAO is retail rather than wholesale.

That is, as well as TAO works (and it appears to work quite well indeed), they can’t deploy it against all of us – or even most of us. They must be installed on each individual target’s own equipment, sometimes remotely but sometimes through “supply chain interdiction” or “black bag jobs”. By their nature, targeted exploits must be used selectively. Of course, “selectively” at the scale of NSA might still be quite large, but it is still a tiny fraction of what they collect through mass collection.

For over a decade now, the NSA has been drowning in a sea of irrelevant data collected almost entirely about innocent people who would never be selected as targets or comprise part of any useful analysis. The implicit assumption has been that spying on everyone is the price we pay to be able to spy on the real bad guys. But the success of TAO demonstrates a viable alternative. And if the NSA has any legitimate role in intelligence gathering, targeted operations like TAO have the significant advantage that they leave the rest of us – and the systems we rely on – alone.

When I wrote earlier that “we are genuinely shocked by the extent to which our friends feel the need to spy on us and don’t think twice about it”, I was mainly referring to mass surveillance. Wiretapping chancellor Merkel is disrespectful, but I expect her to expect this kind of thing as an occupational hazard. What I find unacceptable, on the other hand, is that systematically eroding the integrity of communications networks and the meaning of “privacy” should be the new normal.

In other words: I’m far more comfortable with the idea that U.S. operatives secretly plant a bug in some suspected terrorist’s computer in Berlin than with the fact that all kinds of “metadata” on German (and other) citizens are being collected non-stop.

Putting a stop to individual-level surveillance seems implausible to me, and also impossible seeing that U.S. legislators would have to decide to shut down pretty much all of what intellifence agencies are about. But is it really that far-fetched (or naive) to hope for some consensus in favor of civil rights? Even if you don’t care about somewhat lofty and abstract pro-privacy arguments, U.S. and European business is being hurt by the NSA’s horrible reputation, and then there’s always the risk that backdoors may be used by more than one party…

“Tailored access” is exactly what I want the NSA to do. But please leave my telecoms provider alone and stop tracking my mobile phone “just in case”.

Links: Cyber Attacks, Trade Negotiations, Combat Drones

A Siemens device used to control centrifuges (via Wikimedia commons)
A Siemens device used to control centrifuges (by “Ulli1105” via Wikimedia commons)

Small anniversary: Link post #25. By the way, do you find these useful?

On cyber attacks, I would like to recommend three pieces that might not be for everyone, but are interesting to get a more technical understanding of what is going:

  • Ralph Langner has written a fascinating account of “Stuxnet”. It turns out that the U.S./Israeli (?) attack on Iranian nuclear centrifuges consisted not of one, but two separate types of computer virus, with trade-offs between effectiveness, predictability and stealth. The newer version used a less sophisticated way to damage centrifuges, but a much more sophisticated way to gain access in the first place and then spread across systems.
  • Nicholas Weaver summarizes the steps taken by U.S. intelligence agencies to access/hijack communications through the Internet’s backbone. This discussion of the NSA QUANTUM program is not too technical, but introduces a couple of phrases you might hear more often in the future. (via Bruce Schneier)
  • Jim Cowie discusses a different form of attack, in which internet traffic is redirected to get access to sensitive information. Fascinating for laypeople: Since we’re talking about milliseconds, “[t]he recipient, perhaps sitting at home in a pleasant Virginia suburb drinking his morning coffee, has no idea that someone in Minsk has the ability to watch him surf the web”. (But keep in mind that this comes form a private IT security company and is phrased to maximize PR effects.)

Two items on free trade negotiations:

First, Philip Murphy, the former U.S. Ambassador to Germany, is very confident that President Obama will manage to get approval from Congress for the Transatlantic Trade and Investment Partnership TTIP (via AICGS / Tobias Bunde).

Second, regarding the other U.S. free trade effort currently under negotiation – the Trans-Pacific Partnership TPP – you’ve probably heard that the part dealing with intellectual property rights was leaked last week. GWU PhD candidate Gabriel J. Michael has analyzed the way in which different countries proposed changes to the document (which is visible in the leaked text) and offers the following summary:

  1. The U.S. and Japan are relatively isolated in their negotiating positions.
  2. There appears to be a strong negotiating network between Singapore, Chile, Malaysia and New Zealand.
  3. Canada is up to something!

Some commentators pointed out that he might be neglecting an alternative explanation: that the U.S. and Japan are simply happy with the current document, as they have had a bigger say in creating the draft.

Irrespective of the arguments about causality, Michael’s blog post is a great example of what can be done with leaked documents and visualization! (via The Monkey Cage, where you can find more comments).

Finally, a quick follow-up on last week’s post on combat drones, again by Charli Carpenter at the Duck:

The Campaign to Stop Killer Robots secured an important victory last week when delegates of States Parties to the Convention on Certain Conventional Weapons (CCW) voted unanimously to take up the issue (…).

(…)

While this is an important and promising moment, the shape and trajectory of norm-building efforts will depend a great deal on the tenor and outcome of next May’s CCW meeting. And one thing is sure: if that meeting results in weaker norms that hoped for my human security advocates, NGOs may simply take their cause elsewhere.

Links: Drones; Forecasting; Ranking Researchers; Surveillance Logic

A combat drone, via Wikimedia commons
A combat drone, because that’s the most photogenic of all topics covered here today… (Wikimedia commons)

I hope you’re having a great week so far! My fellow bloggers have other obligations, so you’ll have to tolerate my incoherent link lists for the time being…

At the Duck of Minerva, Charli Carpenter makes a crucial point regarding the debate on military drones (emphasis added):

In my view, all these arguments have some merit but the most important thing to focus on is the issue of extrajudicial killing, rather than the means used to do it, for two reasons. First, if the US ended its targeted killings policy this would effectively stop the use of weaponized drones in the war on terror, whereas the opposite is not the case; and it would effectively remove the CIA from involvement with drones. It would thus limit weaponized drones to use in regular armed conflicts that might arise in the future, and only at the hands of trained military personnel. If Holewinski and Lewis are right, this will drastically reduce civilian casualties from drones.

I’d like to recommend a couple of links on attempts to forecast political events. First, the always excellent Jay Ulfelder has put together some links on prediction markets, including a long story in the Pacific Standard on the now defunct platform Intrade. Ulfelder also comments on “why it is important to quantify our beliefs”.

Second (also via Ulfelder), I highly recommend the Predictive Heuristics blog, which is run by the Ward Lab at Duke University. Their most recent post covers a dataset on political conflict called ICEWS and its use in the Good Judgment Project, a forecasting tournament that I have covered here on the blog as well. (#4 of my series should follow soon-ish.)

A post by Daniel Sgroi at VoxEU suggests a way for panelists in the UK Research Excellence Framework (REF) to judge the quality of research output. Apparently, there is a huge effort underway to rank scholars based on their output (i.e., publications) — and the judges have been explicitly told not to consider the journals in which articles were published. Sgroi doesn’t think that’s a good idea:

Of course, economists are experts at decision-making under uncertainty, so we are uniquely well-placed to handle this. However, there is a roadblock that has been thrown up that makes that task a bit harder – the REF guidelines insist that the panel cannot make use of journal impact factors or any hierarchy of journals as part of the assessment process. It seems perplexing that any information should be ignored in this process, especially when it seems so pertinent. Here I will argue that journal quality is important and should be used, but only in combination with other relevant data. Since we teach our own students a particular method (courtesy of the Reverend Thomas Bayes) for making such decisions, why not practise what we preach?

This resonates with earlier debates here and elsewhere on how to assess academic work. There’s a slippery slope if you rely on publications: in the end, are you just going to count the number of peer-reviewed articles in a CV without ever reading any of them? However, Sgroi is probably right to point out that it’s absurd to disregard entirely the most important mechanism of quality control this profession has to offer, despite all its flaws.

Next week, the Körber-Stiftung will hold the 3rd Berlin Foreign Policy Forum. One of the panels deals with transatlantic relations. I’m wonder if any interesting news on the spying scandal will pop up in time. Meanwhile, this talk by Dan Geer on “tradeoffs in cyber security” illustrates the self-reinforcing logic of surveillance (via Bruce Schneier):

Unless you fully instrument your data handling, it is not possible for you to say what did not happen. With total surveillance, and total surveillance alone, it is possible to treat the absence of evidence as the evidence of absence. Only when you know everything that *did* happen with your data can you say what did *not* happen with your data.

Espionage, Surveillance, and Transatlantic Relations

snowdenletterOK, the NSA was bugging German chancellor Angela Merkel’s cell phone for ten years, and a well-known German member of parliament has just met with whistleblower Edward Snowden in Russia. Snowden has written a letter and offered “to testify to a public prosecutor or an investigating committee of Germany’s lower house of parliament, the Bundestag”, as the SPIEGEL reports.

So I guess it’s time for some quick reflections on two of our favorite topics, Transatlantic relations and surveillance / espionage:

Continue reading Espionage, Surveillance, and Transatlantic Relations

Links: Coase; End of IR Theory; Spying and Leaks; Twerking and Colonialism

endofhteory

Transaction Costs

  • Ronald Coase passed away on September 2. Here is a brief discussion of his most famous contributions, of which “transaction costs” matter most for political scientists.

The End of IR Theory?

  • In case you somehow missed it: The Duck of Minerva is running a symposium called “The End of IR Theory?” together with the European Journal of International Relations. It spans “twenty-five planned posts consisting mostly of teasers of articles in the special issues and responses to those articles”. Here is an overview of all blog posts, and you can find the special issue here.
  • Steve Saideman offers a related post, looking at the types of theorizing and hypothesis testing that are being published in IR journals. (Also see Wiebke’s posts in this blog.)

Spying and Leaking

“If the US has demonstrably lied to the EU about the circumstances under which it has been getting access to SWIFT, it will be hard for the EU to continue with the arrangement (and, possibly, a similar arrangement about sharing airline passenger data) without badly losing face.”

Twerking and Colonialism