Talk at Logan Symposium 2014, London

A few weeks ago, I was in London at the Logan Symposium 2014, which was held at the Barbican Centre in London from 5 to 7 December 2014. During this event, I gave a talk entitled: “Security Dilemmas in Publishing Leaks.” (slides, PDF) The event was organised by the Centre for Investigative Journalism in London.

The audience was a switched-on crowd of journalists and hacktivists, bringing together key figures in the fight against invasive surveillance and secrecy. and it was great to be there and to be able to provide some insights and context from a technological perspective.

The Ukrainian Veto: Why The MH17 Report Will Not Reveal The Truth

On November 26, 2014 it was revealed by the Dutch news outlet RTL Nieuws that there exists a confidentiality agreement that was signed by the Netherlands, Belgium, Australia and the Kiev regime in Ukraine that gives each of the signatories a veto on any information that comes out of the investigation.

The existence of this confidentiality agreement is confirmed by the Australian Government, more specifically by Melissa Stenfors, Acting Director of the Crisis Management & Contingency Planning Section of the Department of Foreign Affairs and Trade:

Veto_Australia_Ukraine_MH17Later, the authenticity of this letter was confirmed by the Australian Ministry of Foreign Affairs and Trade in the following statement to RTL Nieuws:

“The letter to which you refer is authentic. Australia, The Netherlands, Belgium and Ukraine have signed a non-disclosure agreement with respect to the criminal investigation into the downing of Malaysian Airlines flight MH17.

This agreement requires consensus among the parties before information regarding the investigation can be released. The non-disclosure of information is important to avoid jeopardising the investigation or prejudicing a future judicial proceeding arising from the investigation.

The Joint Investigation Team non-disclosure agreement was communicated in confidence by foreign governments, and, as a result, cannot be made public.”

(emphasis mine)

An Elsevier magazine Freedom of Information Act (Wob) request to reveal the contents of the confidentiality agreement mentioned above, along with 16 other documents concerning the investigation was denied by the Dutch cabinet.


Unanswered Questions

So far, the investigation into the downing of Malaysian Airlines Flight MH17 is poorly done. The Dutch Safety Board (Onderzoeksraad voor Veiligheid) published a preliminary report about MH17 on 9 September 2014. This report was unsatisfactory for many parties. Basically it only says that the damage to the front section of the fuselage and the cockpit indicates that the plane was hit by a large number of high-energy projectiles coming from outside the aircraft, and that the damage pattern does not match with any damage one would expect in case of failure of the aircraft’s engines or other systems. In any case, there are no indications of any technical or operational problems with the aircraft or its crew prior to the CVR (Cockpit Voice Recorder) and FDR (Flight Data Recorder) stopping their recordings at 13:20:03 hours.

Important questions still remain unanswered, like whether the damage was caused by an air-to-air missile (which would support the Russians’ claims of a Ukrainian fighter jet near the Malaysian airliner), or surface-to-air (which supports the Buk weapons system theory). In the case of a surface-to-air missile, it still remains to be seen who fired the weapon at the time. Satellite pictures that claim that the Buk was operated by the rebels and then transported out of eastern Ukraine into the Russian Federation are very grainy, and one cannot discern any important details, let alone confirm their authenticity. These questions have not yet been answered, let alone asked by the investigation team (at least as far as we know).

The existence of the confidentiality agreement however, is very problematic. Especially if it contains, as sources seem to indicate, a veto right for all parties, including Ukraine. What if the investigation does reveal something that might point to the Ukrainians being behind the MH17 disaster? Would that ever get published? I think not, given the fact that they have a veto. Basically, the way this investigation was set-up, almost guarantees an outcome that will absolve the Ukrainians of any blame in the disaster. When the report does come out eventually, it will no doubt serve as new fuel on the pyre, with the West trying to blame Russia for the downing of MH17. Another reason why the investigation might be slow-going, besides the obvious difficulties in collecting all the evidence, is because the release of the final report might need to be carefully timed, released only when there’s a lull in the anti-Putin rhetoric, and this could then serve to ignite people’s anger and play on emotions to start a war with Russia. Which is a horrible thought, and I certainly do not hope things will play out this way.

But just as we have been stumbling into World War One, some of the signs are seen again nowadays. For instance, just look at the sheer level of propaganda found in the mainstream media, impervious to facts and reason. We are stumbling into another World War before we realise what happened. As the distinguished journalist John Pilger so brilliantly said during his speech at the Logan Symposium in London this month, “the most effective propaganda is not found in the Sun or on Fox News, but beneath a liberal halo.” We need to find the counter-narrative, figure out what is really going on to try and prevent this tragedy from happening.

It pains me to see how the U.S. is using Europe as its playground, themselves safely removed far away across the Atlantic Ocean, and we Europeans are allowing them to. Why should we be so subservient to a nation whose foreign policy in the past 70 years has only contributed to igniting crises and wars across the world? South America was ravaged by U.S. foreign policy, as was Vietnam, Cambodia, Laos, Afghanistan, Iraq, Syria, Pakistan, Yemen, Somalia, Cuba, and countless of other countries. Innocent citizens across the globe now have to live with the very real and daily fear of extra-judicial murder in the form of drone strikes, personally ordered and authorised by President Obama every Tuesday, extraordinary renditions (kidnapping) to “black sites” in countries like Poland and Romania where people are subject to CIA torture, as the executive summary of the Senate Select Committee on Intelligence Torture Report (PDF) recently revealed.

And the sad thing is, I’m not seeing any significant change in the US, where pundits the likes of Dick Cheney are still trumpeting torture (euphemistically called “enhanced interrogation”). When the Nazi’s were defeated after the Second World War, they were brought before the court during the Nuremberg trials, and some of the people deemed mainly responsible for the crimes against humanity and war crimes committed under Hitler’s regime were executed for their crimes. In the US, there isn’t even the slightest hint of a criminal investigation into the people responsible for the torture committed by CIA personnel and contractors, either directly or indirectly.

The Second Cold War

The coup in Ukraine was used to try and lure Russia into a second Cold War. A massive misinformation campaign was mounted in the Western press which totally ignored the real cause of the current crisis in Ukraine, namely the US putsch to oust the pro-Russian Yanukovich from power and install the pro-US Yatsenyuk. Yanukovich was democratically elected, Yastenyuk was not. On Maidan square, snipers attacked both the pro- and anti-Yanokovich protesters. The telephone conversation Victoria Nuland (Assistant Secretary of State) held with Geoffrey Pyatt (U.S. Ambassador to Ukraine) that was intercepted and posted to YouTube was blacked out from the mainstream media. This offered compelling evidence that the Ukrainian crisis was a U.S. led coup.

I have written extensively about the coup previously, explaining that NATO expansion after the Cold War ended has put Russia on edge, as they are obviously concerned about their national security. When the Soviets did a similar thing in Cuba, this led to Cuban Missile Crisis in October 1962. Why is it OK for the U.S. to respond by blockading Cuba, but when it’s Russia’s national security that is being threatened by NATO’s military bases, these legitimate concerns are hand-waved away and ignored? American exceptionalism has no place in the 21st century, or in fact, in any century.

After the referendum on the status of the Crimea, where the vast majority of the (mostly ethnic Russian) population (96.77% in fact) voted to re-join the Russian Federation, after the separation of the Crimea from Russia by Nikita Khrushchev in 1954, the Russians were immediately blamed for annexing the area. However, there were no such outcries when Kosovo declared itself independent from Serbia (without a referendum, mind you). In the case of Kosovo, it suited the Western powers, in the case of the Crimea, it did not.

The Crimea is of strategic importance to the Russians, as their Black Sea Fleet is based in the Crimean city of Sevastopol. When the Ukrainian coup started, Russia was getting increasingly concerned about whether it would be able to continue its lease of the military base, which was set to expire in 2042. Losing access to the base would be difficult, as Sevastopol’s warm water port, its natural harbour and the extensive infrastructure already in place there currently makes it one of the best-outfitted naval bases in the Black Sea. Sevastopol also allows the Russians relatively quick and easy access to the Mediterranean. The Russian Mediterranean Task Force, which is based in Sevastopol, was previously used to remove Syrian chemical weapons and conduct anti-piracy operations near Somalia.

All I hope is that the current crisis will be resolved quickly, as the path we currently seem to be on (one almost inevitably leading to war), is a foolish endeavour, and we need to realise that talking and diplomacy will get us much further than empty threats and baseless allegations. We’ve previously seen what US interference does to countries, like in the 2003 invasion of Iraq, and the sanctions that were put in place before that. Millions of people have been displaced and killed in that conflict alone. We need to stop this madness and start the dialogue to understand and hear the valid concerns put forward. Only then can war be avoided.

Regin: The Trojan Horse From GCHQ

In 2010, Belgacom, the Belgian telecommunications company was hacked. This attack was discovered in September 2013, and has been going on for years. We know that this attack is the work of Western intelligence, more specifically, GCHQ, thanks to documents from Edward Snowden. This operation was called Operation Socialist. Now, however, we know a little bit more about how exactly this attack was done, and by what means. Internet connections from employees of Belgacom were sent to a fake LinkedIn page that was used to infect their computers with malware, called “implants” in GCHQ parlance. Now we know that Regin is the name given to the highly complex malware that seems to have been used during Operation Socialist.

Projekt 28Symantec recently reported on this malware (the full technical paper (PDF) can be found here), and it’s behaviour is highly complex. It is able to adapt to very specific missions and the authors have made tremendous effort to make it hard to detect. The malware is able to adapt and change, and since most of anti-virus detection relies on heuristics, or specific fingerprints of known malware, Regin was able to fool anti-virus software and stay undetected. However, Symantec put two and two together and has now revealed some of Regin’s inner workings.

fig3-countriesThe infections have ranged from telecoms and internet backbones (20% of infections), to hospitality (hotels, etc.), energy, the airlines, and research sectors but the vast majority of infections has been of private individuals or small businesses (48%). Also, the countries targeted are diverse, but the vast majority of attacks is directed against the Russian Federation (28%) and Saudi Arabia (24%).

The Regin malware works very much like a framework, which the attackers can use to inject various types of code, called “payloads” to do very specific things like capturing screen-shots, taking control of your mouse, stealing passwords, monitoring your network traffic and recovering files. Several Remote Access Trojans (also known as RATs) have been found, although even more complex payloads have also been found in the wild, like a Microsoft IIS web server traffic monitor (this makes it easy to spy on who visits a certain website etcetera). Another example of a highly complex payload that has been found is malware to sniff administration panels of mobile cellphone base station controllers.

How Regin Works

As mentioned above, Regin works as a modular framework, where the attackers can turn on/off certain elements and load specific code, called a “payload,” to create a Regin version that is specifically suited to a specific mission. Note that it is not certain whether all payloads have been discovered, and that there may be more than the ones specified in the report.

fig2-sectorsRegin does not appear to target any specific industrial sector, but infections have been found across the board, but mostly in telecom and private individuals and small businesses. Currently, it is not known what infection vectors can possibly be used to infect a specific target with the Regin malware, but one could for instance think of tricking the target into clicking on a certain link in an e-mail, visiting spoof websites, or maybe through a vulnerable application installed on the victim’s computer, which can be used to infect the target with Regin. In one instance, according to the Symantec report, a victim was infected through Yahoo! Instant Messenger. During Operation Socialist, GCHQ used a fake LinkedIn page to trick Belgacom engineers into installing the malware. So one can expect infection to take place along those lines, but other possibilities may of course exist.


The various stages of Regin.

Regin has six stages in its architecture, called Stage 0 to Stage 5 in the Symantec report. First, a dropper trojan horse will install the malware on the target’s computer (Stage 0), then it loads several drivers (Stage 1 and 2), loads compression, encryption, networking, and EVFS (encrypted file container) code (Stage 3), then it loads the encrypted file container and loads some additional kernel drivers, plus the payloads (Stage 4), and in the final stage (Stage 5) it loads the main payload and the necessary data files for it to operate.

The malware seems to be aimed primarily against computers running the Microsoft Windows operating system, as all of the files discussed in the Symantec report are highly Windows-specific. But there may be payloads out there which target GNU/Linux or OS X computers. The full extent of the malware has not been fully revealed, and it will be interesting to find out more about the exact capabilities of this malware. The capabilities mentioned in the report are already vast and can be used to spy on people’s computers for extended periods of time, but I’m sure that there must be more payloads out there, I’m certain that we’ve only scratched the surface of what is possible.

Regin is a highly-complex threat to computers around the world, and seems to be specifically suited towards large-scale data collection and intelligence gathering campaigns. The development would have required significant investments of time, money and resources, and might very well have taken a few years. Some components of Regin were traced back all the way to 2003.

Western Intelligence Origins?

In recent years, various governments, like the Chinese government, and the Russian government, have been implicated in various hacking attempts and attacks on Western infrastructure. In the article linked here, the FBI accuses the Russians of hacking for the purpose of economic espionage. However, Western governments also engage in digital warfare and espionage, not just for national security purposes (which is a term that has never been defined legally), but they also engage in economic espionage. In the early 1990s, as part of the ECHELON programme, the NSA intercepted communications between Airbus and the Saudi Arabian national airline. They were negotiating contracts with the Saudis, and the NSA passed information on to Boeing which was able to deliver a more competitive proposal, and due to this development, Airbus lost the $6 billion dollar contract to Boeing. This has been confirmed in the European Parliament Report on ECHELON from 2001. Regin also very clearly demonstrates that Western intelligence agencies are deeply involved in digital espionage and digital warfare.

Due to the highly-complex nature of the malware, and the significant amount of effort and time required to develop, test and deploy the Regin malware, together with the highly-specific nature of the various payloads and the modularity of the system, it is highly likely that a state actor was behind the Regin malware. Also, significant effort went into making the system very stealthy and hard for anti-virus software to detect. It was carefully engineered to circumvent anti-virus software’s heuristic detection algorithms and furthermore, some effort was put into making the Regin malware difficult to fingerprint (due to its modular nature)

Furthermore, when looking at the recently discovered attacks, and more especially where the victims are geographically located, it seems that the vast majority of attacks were aimed against the Russian Federation, and Saudi Arabia.

According to The Intercept and Ronald Prins from Dutch security company Fox-IT, there is no doubt that GCHQ and NSA are behind the Regin malware. Der Spiegel revealed that NSA malware had infected the computer networks of the European Union. That might very well been the same malware.


symantic_virus_discovery.siA similar case of state-sponsored malware appeared in June 2010. In the case of Stuxnet, a disproportionate amount of Iranian industrial site were targeted. According to Symantec, which has published various reports on Stuxnet, Stuxnet was used in one instance to change the speed of about 1,000 gas-spinning centrifuges at the Iranian nuclear power plant at Natanz, thereby sabotaging the research done by Iranian scientists. This covert manipulation could have caused an explosion at this nuclear facility.

Given the fact that Israel and the United States are very much against Iran developing nuclear power for peaceful purposes, thinking Iran is developing nuclear weapons instead of power plants, together with Stuxnet’s purpose to attack industrial sites, amongst those, nuclear sites in Iran, strongly indicates that the US and/or Israeli governments are behind the Stuxnet malware. Both of these countries have the capabilities to develop it, and in fact, they started to think about this project way back in 2005, when the earliest variants of Stuxnet were created.

Dangers of State-Sponsored Malware

The dangers of this state-sponsored malware is of course that should it be discovered, it may very well prompt the companies, individuals or states that the surveillance is targeted against to take countermeasures, leading to a digital arms race. This may subsequently lead to war, especially when a nation’s critical infrastructure is targeted.

The dangers of states creating malware like this and letting it out in the wild is that it compromises not only security, but also our very safety. Security gets compromised when bugs are left unsolved and back doors built in to let the spies in, and let malware do its work. This affects the safety of all of us. Government back doors and malware is not guaranteed to be used only by governments. Others can get a hold of the malware as well, and security vulnerabilities can be used by others than just spies. Think criminals who are after credit card details, or steal identities which are subsequently used for nefarious purposes.

Governments hacking other nations’ critical infrastructure would constitute an act of war I think. Nowadays every nation worth its salt has set up a digital warfare branch, where exploits are bought, malware developed and deployed. Once you start causing millions of Euros worth of damage to other nations’ infrastructure, you are on a slippery slope. Other countries may “hack back” and this will inevitably lead to a digital arms race, the damage of which does not only affect government computers and infrastructure, but also citizens’ computers and systems, corporations, and in some cases, even our lives. The US attack on Iran’s nuclear installations with the Stuxnet malware was incredibly dangerous and could have caused severe accidents to happen. Think of what would happen had a nuclear meltdown occurred. But nuclear installations are not the only ones, there’s other facilities as well which may come under attacks, hospitals for instance.

Using malware to attack and hack other countries’ infrastructure is incredibly dangerous and can only lead to more problems. Nothing has ever been solved by it. It will cause a shady exploits market to flourish which will mean that less and less critical exploits get fixed. Clearly, these are worth a lot of money, and many people that were previously pointing out vulnerabilities and supplying patches to software vendors are now selling these security vulnerabilities off on the black market.

Security vulnerabilities need to be addressed across the board, so that all of us can be safer, instead of the spooks using software bugs, vulnerabilities and back doors against us, and deliberately leaving open gaping holes for criminals to use as well.

The Internet of Privacy-Infringing Things?

Let’s talk a little bit about the rapid proliferation of the so-called Internet of Things (IoT). The Internet of Things is a catch-all term for all sorts of embedded devices that are hooked up to the internet in order to make them “smarter,” able to react to certain circumstances, automate things etcetera. This can include many devices, such as thermostats, autonomous cars, etc. There’s a wide variety of possibilities, and some of them, like smart thermostats are already on the market, with autonomous cars following closely behind.

According to the manufacturers who are peddling this technology, the purpose of hooking these devices up to the internet is to be able to react better and provide more services that were previously impossible to execute. An example would be a thermostat that recognises when you are home, and subsequently raises the temperature of the house. There are also scenarios possible of linking various IoT devices together, like using your autonomous car to recognise when it is (close to) home and then letting the thermostat automatically increase the temperature, for instance.

There are myriad problems with this technology in its current form. Some of the most basic ones in my view are privacy and security considerations. In the case of cars, Ford knows exactly where you are at all times and knows when you are breaking the speed limit by using the highly-accurate GPS that’s built into modern Ford cars. This technology is already active, and if you drive one of these cars, this information (your whereabouts at all times, and certain metrics about the car, like the current speed, mileage, etc.) are stored and sent to Ford’s servers. Many people don’t realise this, but it was confirmed by Ford’s Global VP of Marketing and Sales, Jim Farley at a CES trade show in Las Vegas at the beginning of this year. Farley later retracted his statements after the public outrage, claiming that he left the wrong impression and that Ford does not track the locations of their cars without the owners’ consent.

Google’s $3.2 billion acquisition

google-nest-acquisition-1090406-TwoByOneNest Labs, Inc. used to be a separate company making thermostats and smoke detectors, until Google bought it for a whopping $3.2 billion dollars. The Nest thermostat is a programmable thermostat that has a little artificial intelligence inside of it that enables it to learn what temperatures you like, turns the temperature up when you’re at home and turns it down when you’re away. It can be controlled via WiFi from anywhere in the world via a web interface. Users can log in to their accounts to change temperature, schedules, and see energy usage.

Why did Google pay such an extraordinary large amount for a thermostat company? I think it will be the next battleground for Google to gather more data, the Internet of Things. Things like home automation and cars are markets that Google has recently stepped into. Technologies like Nest and Google’s driver-less car are generating massive amounts of data about users’ whereabouts and things like sleep/wake cycles, patterns of travel and usage of energy, for instance. And this is just for the two technologies that I have chosen to focus my attention on for this article. There are lots of different IoT devices out there, that eventually will all be connected somehow. Via the internet.

Privacy Concerns

One is left to wonder what is happening with all this data? Where is it stored, who has access to it, and most important of all: why is it collected in the first place? In most cases this collecting of data isn’t even necessary. In the case of Ford, we have to rely on Farley’s say-so that they are the only ones that have access to this data. And of course Google and every other company out there has the same defence. I don’t believe that for one second.

The data is being collected to support a business model that we see often in the tech industry, where profiles and sensitive data about the users of a service are valuable and either used to better target ads or directly sold on to other companies. There seems to be this conception that the modern internet user is used to not paying for services online, and this has caused many companies to implement the default ads-based and data and profiling-based business model. However, other business models, like the Humble Bundle in the gaming industry for instance, or online crowd-funding campaigns on Kickstarter or Indiegogo have shown that the internet user is perfectly willing to spend a little money or give a little donation if it’s a service or device that they care about. The problem with the default ads-based business model discussed above is that it leaves the users’ data to be vulnerable to exposure to third parties and others that have no business knowing it, and also causes companies to collect too much information about their users by default. It’s like there is some kind of recipe out there called “How to start a Silicon Valley start-up,” that has profiling and tracking of users and basically not caring about the users’ privacy as its central tenet. It doesn’t have to be this way.

Currently, a lot of this technology is developed and then brought to market without any consideration whatsoever about privacy of the customer or security and integrity of the data. Central questions that in my opinion should be answered immediately and during the initial design process of any technology impacting on privacy are left unanswered. First, if and what data should we collect? How easy is it to access this data? I’m sure it would be conceivable that unauthorized people would also be able to quite easily gain access to this data. What if it falls into the wrong hands? A smart thermostat like Google Nest is able to know when you’re home and knows all about your sleep/wake cycle. This is information that could be of interest to burglars, for instance. What if someone accesses your car’s firmware and changes it? What happens when driver-less cars mix with the regular cars on the road, controlled by people? This could lead to accidents.


And what to think of all those “convenient” dashboards and other web-based interfaces that are enabled and exposed to the world on all those “smart” IoT devices? I suspect that there will be a lot of security vulnerabilities to be found in that software. It’s all closed-source and not exposed to external code review. The budgets for the software development probably aren’t large enough to accommodate looking at the security and privacy implications of the software and implementing proper safeguards to protect users’ data. This is a recipe for disaster. Only when using free and open source software can proper code-review be implemented and code inspected for back-doors and other unwanted behaviour. And it generally leads to better quality software, since more people are able to see the code and have the incentives to fix bugs, etc. in an open and welcoming community.

Do we really want to live in a world where we can’t have privacy any more, where your whereabouts are at all times stored and analysed by god-knows who, and all technology is hooked up to each other, without privacy and security considerations? Look, I like technology. But I like technology to be open, so that smart people can look at the insides and determine whether what the tech is doing is really what it says on the tin, with no nasty side-effects. So that the community of users can expand upon the technology. It is about respecting the users’ freedom and rights, that’s what counts. Not enslaving them to closed-source technology that is controlled by commercial parties.

Dutch Intelligence Agencies AIVD/MIVD go TEMPORA

On November 21, 2014, the Dutch Ministry of the Interior and Relations within the Realm (Ministerie van Binnenlandse Zaken en Koninkrijksrelaties), sent a message to Parliament about the — in their view — necessary changes that need to be made to the Wet op de inlichtingen- en veiligheidsdiensten (Wiv) 2002 (Intelligence and Security Act 2002). The old law (Wiv 2002), differentiates between cable-bound and non-cable-bound (as in: satellite or radio) communications, and gives the intelligence agencies different powers for each of these two cases. In general, under the old law, according to Article 27, it’s legal for the AIVD and MIVD to bulk-intercept non-cable-bound communications. It isn’t legal for them to do so for cable-bound communications (as in: internet fibre optic cables, etc.) In this latter case, of cable-bound communications, it’s only legal for them to intercept the communications of specific intelligence targets (as put forward in Articles 25 and 26). In the case of targeted surveillance, the intercepted information can come from any source.


An outline of the new Dutch interception framework. Click for larger version. Official document in Dutch can be found here.

The Dessens Committee concluded (PDF, on pages 10 and 11) that this distinction between the various sources of the communication (cable vs non-cable) is no longer appropriate in the modern day and age, where the largest chunk of the communications in the world travel via cables. The way the cabinet wants to solve this problem is by changing the law such that the AIVD and its military sister MIVD can lawfully intercept cable-bound communications in bulk, expanding their powers significantly. So, in other words, the Dutch government is planning to go full TEMPORA (original source PDF courtesy of Edward Snowden), and basically implement what GCHQ has done in the case of Britain: bulk intercept everything that goes across the internet.

Why does this matter?

This matters because by bulk-intercepting everything that goes across the internet, the communications of people who aren’t legitimate intelligence targets get intercepted and analysed as well. By intercepting everything, no-one can have any expectation of privacy on the internet anymore, except when we all pro-actively take measures (like using strong encryption, Tor, OTR chat, VPNs, using free/open source software, etc.) to make sure that our privacy is not being surreptitiously invaded by the spooks. It is especially important to do this when there isn’t any proper democratic oversight in place, which could stop the AIVD or MIVD from breaking the law, and provide meaningful oversight and corrections to corrupting tendencies (after all, as we all know, power corrupts).

Also, the Netherlands is home to the second-largest internet exchange in the world, the Amsterdam Internet Exchange (Ams-IX), second only to the German exchange DE-CIX in Frankfurt. So a very large amount of data goes across Ams-IX’s cables, and this makes it interesting from an intelligence point of view to bulk-intercept everything that goes across it. This was previously not allowed in the Netherlands. Now, of course, if the AIVD wanted access to these bulk-intercepts, it could simply ask its sister organisation GCHQ in Britain. There is a lively market for sharing intelligence in the world. For instance, in many jurisdictions where it would be illegal for a domestic intelligence agency to spy on their own citizens, a foreign intelligence agency has no such limitations, and can then subsequently share the gained intel with the domestic intelligence agency. But now, they are building their own capacity to do this in Amsterdam on a massive scale.

In terms of intelligence targets, the AIVD currently focuses on jihadists, Islamic extremists, and due to their historical tendencies still left over from the BVD-era, left-wing activists. The BVD’s surveillance on the left-leaning portion of the Dutch population was legendary.

Legalising certain practices of intelligence agencies is something that we see more and more, which is what happens here.

Lawyer-client confidentiality routinely broken

A few weeks ago, I read on RT that MI5, MI6 and GHCQ routinely snoop on lawyers’ client communications. In the Netherlands, lawyer-client communications are routinely intercepted by police, prison administrations, and intelligence agencies. In a normal criminal case with the police or prisons doing the intercepting, this is illegal, and any intel gained isn’t supposed to end up in court documents. But in the case of intelligence agencies doing the intercepting, this is currently legal since there are no legal provisions prohibiting the Dutch intelligence community from not recording and analysing lawyer-client communications. But in a few occasions, these communications did end up in court documents. This strongly indicates that these communications are routinely intercepted and analysed. There is in fact a whole IT infrastructure in place to “exclude” these communications from the phone tap records, for instance. On this page, the Dutch Bar Association is explaining to their members how to submit their phone numbers into this system so that their conversations with their clients are (ostensibly) excluded from the taps (only the taps by Police though, the intelligence community is, as I’ve explained above, not affected by this.)

This trend is incredibly dangerous to the right to a fair trial. If one cannot honestly speak to one’s lawyer any more, where every word spoken to one’s lawyer is intercepted and analysed, suddenly the government holds all the cards, and will always be one step ahead. How can one build a defence based on that?

The Netherlands is by the way still the country with the dubious distinction of having the largest absolute number of wire-taps in the world, and that’s just gleaned from (partial) police records. We don’t even know how much the AIVD and MIVD tap, since that information is classified, and “threatens national security if released,” which in my opinion is spy-speak for: “We tap so much that you’d fall off your chair in outrage if we told you, so it’s better that we don’t.”

Instead of holding the intelligence community accountable for their actions for once, and make these practices stop at once, the government has always taken the position of legalising current practices instead, which, if you are the government minister responsible for the oversight on the intelligence community, sure is a lot easier than confronting a powerful intelligence agency, which maybe holds some dirt on you.

All of these developments are so dangerous to our way of living and any sane definition of a free and open, democratic society where government is accountable to the people that they claim to represent, that it makes me want to proclaim, as Cicero exasperatedly proclaimed in his first oration against Senator Catilina:

“O tempora! O mores!”

In the Roman case, Catilina conspired to overthrow the Republic & Senate, and Cicero was frustrated that, in spite of all the evidence presented, Catilina was still not sentenced for the coup, whereas in previous times in Roman history, Cicero noted, people have been executed based on far less evidence.

Maccari-CiceroNow we have the situation, that in spite of all the mountains of evidence we now have, thanks to Snowden, governments around the world still won’t take the prudent and necessary steps to hold the intelligence community to account. We need to take action, and start to encrypt. As soon as the vast majority of the world’s communications are encrypted using strong encryption (not the ones where the NSA “helpfully” gives NIST the special factor to use for calculations in their standardisation of a crypto algorithm, all for free), soon, blatantly collecting everything will be of no use.

Afraid of Contrary Opinions? Peace Activist and Former CIA Analyst Ray McGovern Brutally Arrested Before Attending Talk Petraeus in NYC

Ray McGovern

Ray McGovern

The NYPD brutally arrested the respectable former CIA analyst, veteran, and peace activist Ray McGovern today for trying to attend a talk in New York City by retired general David Petraeus, former CIA director from 2011 until his resignation on 9 November 2012.

Apparently, Petraeus is so afraid of a well-informed, contrary opinion or critical question from a former CIA analyst that the U.S. government thinks it is justified to brutally arrest McGovern. This is in gross violation of Mr McGovern’s constitutional rights, more specifically his First and Fourth Amendment rights

Ray has been serving as a CIA analyst from the Kennedy administration until that of George H.W. Bush. He chaired the National Intelligence Estimates and prepared the President’s Daily Brief for President Reagan from 1981 until 1985. When he retired, he received the Intelligence Commendation Medal for “especially meritorious service”, which he returned in 2006 because he does not want to be associated with torture.

Clinton Incident

Ray McGovern at GWU

Ray McGovern Heavy-Handedly Being Dragged Out Of Auditorium at GWU.

This isn’t the first time that the authorities have arrested the 75-year-old former analyst. Previously, on 16 February 2011, McGovern was brutally arrested by GWU campus police for turning his back to the Secretary of State, Hillary Clinton when she gave a talk at George Washington University. This led the State Department to issue a BOLO (Be On the Look Out) alert for Ray. They made it look like a “Wanted” poster, and that would be funny if it wasn’t so Orwellian.

Clearly, Clinton and Petraeus can’t take any criticism. It’s a childish move not to even allow people to freely speak their opinions and prevent them from exercising their constitutional rights, and clearly shows Clinton and in this case Petraeus have no arguments. Otherwise they would be able to answer a critical question or two?

In a world where policies are increasingly based on lies, dissident opinions are not welcomed by the powers-that-be. They would like you to just watch the evening news on your television, read a mainstream newspaper, being told only by the mainstream media what you need to think, not being challenged to satisfy your curiosity about the world around us and the forces that drive it. But policies based on lies have real impact on people’s lives. Tens of millions of Iraqis suffered because of the U.S. invasion in 2003, which was based on the lie that Saddam Hussein had weapons of mass destruction. He hadn’t. If you keep repeating the lie often enough, soon people will start to believe it. But you’ve got to get mad!

All charges have been dropped for the Clinton incident, and Ray has not engaged in any criminal activity. He went to court to sue the State Department, and won. He sought and won an injunction against the State Department to stop the BOLO-alert on him, and force the State Department to pro-actively advise other law enforcement agencies that it no longer stands. Apparently this hasn’t happened.

Land of the Free?

Increasingly, we see dissidents and activists who make use of their legal right to protest being actively harassed and bullied by the government. Without people rocking the boat and upsetting the status quo, universal suffrage would not exist, women still wouldn’t have the vote, black people still would need to sit in the back of the bus, and apartheid in South Africa would still be there. Freedom of speech is important and we cannot allow it to be stifled like this. Would revolutionary ideas ever materialise if every thought and form of speech is controlled and monitored and censored by thought police and spies and their goons?

So much for the land of the free. It was fun while it lasted, from 1776 until 2001. Arresting and harassing someone simply because you don’t agree with their opinions is outrageous and contrary to the values of any democratic society. It is something more befitting of dictators and despots.

It is, however, still the home of the brave. Brave people, like Ray McGovern, who dare to question authority, stand up for what they know is right and just, and don’t like seeing their country and fellow countrymen dragged into illegal wars based on false pretences and lies (as in the case of the Iraq war, where the weapons of mass destruction were nowhere to be found, and now we see similar lies in the case of the U.S.-led coup in Ukraine.)

The Problem with watch lists

The problem with the myriad of U.S. government watch lists, like the BOLO alerts, or the No-Fly list, is a hydra with many heads.

  • Firstly, you don’t know whether you’ve been put on any kind of watch list until you’re arbitrary detained or denied boarding on a flight.
  • Secondly, it’s incredibly difficult to fight your entry to the watch list, as the government holds all the cards, the watch list is usually classified, and it takes expert lawyers, a lot of patience and FOIA requests and potentially expensive lawsuits to clear your name. Rahinah Ibrahim, a Malaysian woman who attended Stanford University and ended up on the No-Fly List, successfully fought to have her name removed from the list.
  • Thirdly, watch lists often require no evidence, or anything proven beyond reasonably doubt to include you on a watch list. In the case of Ibrahim, it was a mistake by an FBI agent who ticked the wrong box on a form.
  • Fourthly, information included on the watch list may be incorrect or plainly false.
  • Fifthly, watch lists often proliferate, if you’re on one, it’s likely you’ll be added to others.

Watch lists are incredibly damaging to civil rights, precisely because it basically amounts to an arbitrary limitation to your freedom. It can be based on intel, but also on hearsay, or simply the grudge of a former Secretary of State.

Latest Information

Latest information has it that Ray McGovern is currently okay, but still being detained in an NYPD holding cell. He should be released immediately; America needs more heroes like him!

Update: Ray has been released!

Killing Counterfeit Chips: Parallels with DRM

Last week, The Scottish chip manufacturer FTDI pushed out an update to their Windows driver that deliberately killed counterfeit FT232 chips. The FTDI FT232 is a very popular chip, found in thousands of different electronic appliances, from Arduinos to consumer electronics. The FT232 converts USB to serial port, which is very useful, and this chip probably is the most cloned chip on the planet.

Of course, not supporting counterfeit chips is any chip manufacturer’s right, since they cannot guarantee that their products work when used in conjunction with counterfeit hardware, and because it is a strain on customer support to provide support for devices not made by the company. This case however, is slightly different in that the update contains code that is deliberately written to (soft)brick all counterfeit versions of the FT232. By doing this, FTDI was deliberately destroying other people’s equipment.

One could simply say: don’t use counterfeit chips, but in many cases you simply don’t know that some consumer electronic device you use contains a counterfeit FT232. Deliberately destroying other people’s equipment is a bad move, especially since FTDI doesn’t know what device that fake chip is used in. It could for instance be a medical device, on which flawless operation people’s lives depend.

Hard to tell the difference

FTDI Real vs FakeIn the case of FTDI, one cannot easily tell an original chip from a counterfeit one, only by actually closely looking at the silicon are the differences between a real or a fake chip revealed. In the image above, the left one is a genuine FTDI FT232 chip; the right one is counterfeit. Can you tell the difference?

Even though they look very similar on the surface, the inner workings differ between the original chips and counterfeit ones. The driver update written by FTDI exploits these differences to create a driver that works as expected on original devices, but for counterfeit chips reprograms the USB PID to 0, which is a technical trick that Windows, OS X and GNU/Linux don’t like.

Parallels with Digital Rights Management (DRM)

Defective by Design I see some parallels with software DRM, which is aptly named Digital Restrictions Management by the Free Software Foundation. Because that is what it is. It isn’t about protecting rights of copyright holders, but restricting what people have always done since the early beginnings of humanity.

We copy. We get inspired by, modify and build upon other work, standing on the shoulders of the giants that came before us. That’s in our nature. Children copy and modify, which is  great for their creativity, artists copy and modify culture to make new culture, authors read books and articles and use the ideas and insights they gain to write new books and articles,  providing new insights which brings humanity as a whole forward. Musicians build upon foundations of others to make new music. Some, like the mashup-artists, even outright copy other people’s music and use them in their compositions as-is, making fresh and new compositions out of it. Copying and modifying is essential for human culture to thrive and survive and adapt.

According to the FSF definition, DRM is the practice to use technological restrictions to control what users can do with digital media, software, et cetera. Programs that prevent you from sharing songs, copying, reading ebooks on more than one device, etcetera, are forms of DRM. DRM is defective by design, as it damages the product you bought and has only one purpose: prevent what would be possible to do with the product or software had there not been a form of DRM imposed on you.

DRM serves no other purpose but to restrict possibilities in the interest of making you dependent on the publisher, creator or distributor (vendor lock-in), who, confronted with a rapidly changing market, chooses not to innovate and think of new business models and new ways of making money, and instead try to impose restrictions on you in an effort to cling on to outdated business models.

In the case of DRM, technical measures are put in place to prevent users from using software and media in a certain way. In the case of FTDI, technical measures are put in place to prevent users from using their own, legally-purchased hardware, effectively crippling it. One often does not know whether the FT232 chip that is embedded in a device is genuine or counterfeit, as you can see in the image near the top of this article, the differences are very tiny and hard to spot on the surface. FTDI wanted to protect their intellectual property, but doing so by sneakily exploiting differences between real and counterfeit chips and thereby deliberately damaging people’s equipment is not the way to go.

Luckily, a USB-to-serial-UART chip is easily replaced, but one is left to wonder what happens when other chip manufacturers, making chips that are not so easily replaced, start pulling tricks like these?

The Age of the Gait-Recognising Cameras Is Here!


A few days ago I read an article (NRC, Dutch, published 11 September, interestingly) about how TNO (the Dutch Organisation for Applied Scientific Research, the largest research institute in the Netherlands) developed technology (PDF) for smart cameras for use at Amsterdam Schiphol Airport. These cameras were installed at Schiphol airport by the Qubit Visual Intelligence, a company from The Hague. These cameras are designed to recognise certain “suspicious behaviour,” such as running, waving your arms, or sweating.

Curiously enough, these are all things that are commonly found at the stressful environment an international airport is to many people. People need to get at the gate on time, which may require running (especially if you arrived at Schiphol by train, which in the Netherlands is notoriously unreliable), they may be afraid of flying and trying to get their nerves under control, and airports are also places where friends and family meet again after long times abroad, which (if you want to hug each other) requires arm waving.

I suspect that a lot of false positives are going to occur with this technology due to this. It’s the wrong technology at the wrong place. I fully understand the need for airport security, and we all want a safe environment for both passengers and crew. Flights need to operate under safe conditions. What I don’t understand is the mentality that every single risk in life needs to be minimised away by government agencies and combated with technology. More technology does not equal safer airports.

Security Theatre

A lot of the measures taken at airports constitute security theatre. This means that the measures are mostly ineffective against real threats, and serve mostly for show. The problem with automatic profiling, which is what this programme tries to do as well, is that it doesn’t work. Security expert Bruce Schneier has also written extensively about this, and I encourage you to read his 2010 essay Profiling Makes Us Less Safe about the specific case of air travel security.

The first problem is that terrorists don’t fit a specific profile, these systems can be circumvented once people figure out how, and because of the over-reliance on technology instead of common sense this can actually cause more insecurity. In “Little Brother”, Cory Doctorow wrote about how Marcus Yallow put gravel in his shoes to fool the gait-recognising cameras at his high school so he and his friends could sneak out to play a game outside. Similar things will be done to try and fool these “smart” cameras, but the consequences can be much greater. We are actually more secure when we randomly select people instead of relying on a specific threat profile or behavioural profile to select who to screen and who gets through security without secondary screening. The whole point of random screening is that it’s random. Therefore, a potential terrorist cannot in advance know what the criteria are that will make the system pick him out. If a system does use specific criteria, and the security of the system depends on the criteria themselves being secret, that would mean that someone would just have to observe the system for long enough to find out what the criteria are.

Technology may fail, which is something people don’t always realise. Another TNO report entitled: “Afwijkend Gedrag” (PDF; Abnormal Behaviour) states under the (admittedly tiny) section that deals with privacy concerns that collecting data about abnormal behaviour of people is ethically just because the society as a whole can be made safer with this data and associated technology. It also states (and this is an argument I’ve read elsewhere as well), that “society has chosen that safety and security trumps privacy.”

Now, let’s say for the sake of the argument that this might be true in a general sense (although it can be debated whether this is always the case, personally I don’t think so, as sometimes the costs are just too high and we need to keep a free and democratic society after all). The problem here is that the way technology and security systems are implemented is usually not something we as a society get to first have a vote on before the (no doubt highly lucrative) contracts get signed. In this case, Qubit probably saw a way to make a quick buck by talking the Schiphol leadership and/or the government (as the Dutch state holds 69.77% of the Schiphol shares) into buying their technology. It’s not something the people had a conscious debate on, and then subsequently made a well-informed decision.

Major Privacy Issues

We have established that these systems are ineffective and can be circumvented (like any system can), and won’t improve overall security. But much more importantly, there are major privacy issues with this technology. What Schiphol (and Qubit) is doing here, is analysing and storing data on millions of passengers, the overwhelmingly vast majority of which is completely innocent. This is like shooting a mosquito with a bazooka.

What happens with this data? We don’t know, and we have to believe Qubit and Schiphol on their word that data about non-suspect members of the public gets deleted. However, in light of recent events where it seems convenient to collect and store as much data about people as possible, I highly doubt any deletions will actually happen.

And the sad thing is: in the Netherlands the Ministry of Security and Justice is now talking about implementing the above-mentioned behavioural analysis system at another (secret) location in the Netherlands. Are we all human guinea pigs ready to be tested and played around with?

What is (ab)normal?

There are also problems with the definitions. This is something I see again and again with privacy-infringing projects like this. What constitutes “abnormal behaviour”? Who gets to decide on that and who controls what is abnormal behaviour and what isn’t? Maybe, in the not-too-distant future, the meaning of the word “abnormal” begins to shift, and begins to mean “not like us,” for some definition of “us.” George Orwell mentioned this effect in his book Nineteen-eighty-four, where ubiquitous telescreens watch and analyse your every move and one can never be sure what are criminal thoughts and what aren’t.

In 2009, when the European research project INDECT got funded by the European Union, there were critical questions asked to the European Commission by the European Parliament. More precisely, this was asked:

Question from EP: How does the Commission define the term abnormal behaviour used in the programme?

Answer from EC: As to the precise questions, the Commission would like to clarify that the term behaviour or abnormal behaviour is not defined by the Commission. It is up to applying consortia to do so when submitting a proposal, where each of the different projects aims at improving the operational efficiency of law enforcement services, by providing novel technical assistance.

(Source: Europarl (Written questions by Alexander Alvaro (ALDE) to the Commission))

In other words: according to the European Commission it depends on the individual projects, which all happen to be vague about their exact definitions. And when you don’t pin down definitions like this (and anchor them in law so that powerful governments and corporations that oversee these systems can be held to account!), these can be changed over time when a new leadership comes to power, either within the corporation in control over the technology, or within government. This is a danger that is often overlooked. There is no guarantee that we will always live in a democratic and free society, and the best defence against abuse of power is to make sure that those in power have as little data about you as possible.

Keeping these definitions vague is a major tactic in scaring people into submission. This has the inherent danger of legislative feature creep. A measure that once was implemented for one specific purpose soon gets used for another if the opportunity presents itself. Once it is observed that people are getting arrested for seemingly innocent things, many people (sub)consciously adjust their own behaviour. It works similarly with free speech: once certain opinions and utterances are deemed against the law, and are acted upon by law enforcement, many people start thinking twice about what they say and write. They start to self-censor, and this erodes people’s freedom to the point where we slowly shift into a technocratic Orwellian nightmare. And when we wake up it will already be too late to turn the tide.

The Ukrainian Putsch: NATO’s Imperialistic Expansion and the Role of the Mainstream Media

As I’ve written earlier, the position the main stream media is taking seems to be one of being an extension of the powers that be. Rarely are the critical questions asked, and for the most part, with rare exceptions here and there, there is a significant bias to the reporting done.

An excellent example of this bias is when you look at the reporting done on the current crisis in Ukraine. This is a case that I want to look into in a bit more detail, now that several more things have become clear. In the Western media, the opinion seems to be that Vladimir Putin is bad, and NATO is good. They call the Russian position in this case imperialism, but forget their own role in creating and supporting this crisis in the first place.

In this article, I’ll explain some history about NATO expansion, and then go on trying to place the Ukrainian crisis into that historical framework, and subsequently I’ll take a look at the role the (Western) media have been playing so far, and what improvements can be made, to both our own governments’ positions relating to the U.S., and to media reporting.

Regime change and broken promises

As the phone call between Victoria Nuland (U.S. Assistant Secretary of State) and Geoffrey Pyatt (U.S. ambassador to Ukraine) reveals, the U.S. had made a plan of regime change for Ukraine. Nuland specifically mentioned Arseniy Yatsenyuk as Yanukovich’s successor and talk it through (“Yats is our man!”, “Have the UN help glue this thing”, “If it does gain altitude the Russians will be working behind the scenes to try to torpedo it.”, “Fuck the EU”). How convenient then, that when  Viktor Yanukovich is ousted, and the dust settles in Kiev, Yatsenyuk is suddenly prime minister? And what is the first thing he does? Instead of attending to the problems in Ukraine and finding a peaceful resolution to the crisis, he flies off to the very people who put him in power, and visits the United States. No doubt to thank them, I would presume.

Meanwhile, Western nations have been trying to punish Russia for annexing the Crimea (which, by the way, was originally part of the Russian SFSR, before it was transferred to the Ukrainian SSR by Nikita Khruchev in 1954). The sanctions don’t seem to have a big effect on Russia, and Russia has signed a new $400 billion 30-year gas deal with China on 21 May to try and make itself less dependent on Western gas customers. Russia is currently the biggest supplier of natural gas to Europe, and without the Russian gas, nations like Germany and Italy, as well as the Baltic states will get into trouble. There has been movement from these nations to try and become less dependent on Russia, and similarly, Russia has now signed a deal with China to become less dependent on the Western market, thereby significantly weakening any effect the sanctions were aimed at having.

NATO’s broken promiseNATO Expansion

NATO has been steadily expanding, despite the promise made in 1990 to the last Soviet president, Mikhail Gorbachev, who agreed that East- and West-Germany could be united and become a member of NATO, on the condition that NATO would not move one inch further east. Since then, NATO, mistakenly assuming that they had somehow “won” the Cold War, went on and happily incorporated 12  Eastern European nations into their fold, within Moscow’s sphere of influence, with the largest expansion eastwards taking place in 2004. Here’s an overview:

  • In 1999: Poland, the Czech Republic and Hungary were added to NATO,
  • In 2004: Bulgaria, Estonia, Latvia, Lithuania, Romania, Slovakia and Slovenia,
  • In 2009: Albania and Croatia.

Just imagine what would have happened had 12 South American nations joined the former Warsaw Pact? Now that would be something the U.S. would not accept. Similarly, Russia does not accept the continued expansion of NATO into their sphere of influence.

It looked like Ukraine was all set on becoming a future member of NATO. The prospect of Ukraine becoming a member state of the U.S.-led NATO is understandably a threat to Russian national security. They operate a major naval base in the Crimean city of Sevastopol, which is the main base of the Russian Black Sea Fleet, and from Sevastopol, the Russian fleet has quick access to the Mediterranean Sea. The Russians used to lease the base from the Ukrainians. However, the future of the lease might have been severely compromised if Ukraine would become part of NATO.

That the Russians feel threatened by the continued expansion of NATO is understandable given the fact that the U.S. military-industrial complex and their partners in Europe have been busy for many years expanding the “Star Wars” missile defense system in Eastern Europe, ostensibly to protect against a missile launch from Iran. The “Star Wars” program was established by President Reagan on 23 March 1983 as Strategic Defense Initiative (SDI), and renamed to Ballistic Missile Defense Organisation (BMDO) by the Clinton administration on 13 May 1993, then later renamed to Missile Defense Agency (MDA) in 2002 by the George W. Bush administration. I wonder why all the name changes were deemed necessary? To obfuscate and redirect unwanted media attention maybe? But I digress.antimissile

The hypocrisy of U.S. policy amazes me, because as some people still remember, when the Soviet Union did a similar thing in Cuba in 1962 (hint: supplying weapons to the Cubans to counter a possible future U.S. invasion attempt in Cuba after the failed CIA-sponsored Bay of Pigs invasion, and also sparked because the U.S. stationed nuclear weapons in Turkey), this in turn sparked anger from the United States and led to the Cuban Missile Crisis and subsequently, the Cuban Blockade.

A relic from the Cold War

In my opinion, NATO is a relic from the Cold War, which serves no purpose any longer and is now used as a way of furthering U.S. military hegemony in the world. With the revelations of Edward Snowden this last year, and hopefully with many more revelations to come, we should, as Europeans, ask whether we are still willing to continue to play the role of subservient lap dog of the U.S.. A role we’ve been playing since the end of the Second World War. We should start thinking about how we can safeguard the safety and security of European citizens, which by the way, is exactly what our governments, by definition, should worry about. Do we want to keep our own sovereignty? Because if we don’t, the game is up.

Instead, our governments seem more interested in giving our private data to U.S. corporations, and (by extension) their intelligence agencies. This in many cases significantly hurts European companies, for the powers of intelligence agencies are mostly used for industrial espionage purposes, not to combat terrorism. In fact, there has not been a single documented case of the NSA’s spying programs actually stopping any terrorists. President Obama claimed that 54 terrorist plots had been prevented (PDF, first page, 4th paragraph, published on 1 August 2013) thanks to the intel gathered by the NSAs metadata program, but this number is most likely pulled out of thin air, because there is no justification for this number, nor a way of checking that number independently.

The funny thing is, that the behaviour of the NSA is also significantly hurting U.S. companies, who see their European customers flee in droves for better alternatives that protect their privacy more. This is a negative economic effect the spying is having on the U.S. economy, as I’ve written about before, in November.

Our governments’ subservient attitude towards the U.S. is completely unjustified. For the people who claim that we would all be speaking German today had it not been for the Americans, they should retroactively get an F for history and re-take their history classes. For had it not been for the Soviets who suffered tremendous sacrifices combating Hitler (20 million Soviet civilians were killed during the war, not counting military personnel, more than 3 times the estimated 6 million Jews who died during the Holocaust), the Western allies would probably not have been able to land on the beaches of Normandy, as Hitler would not have to split his forces, and could then focus solely on the Western front.

America only got involved in the Second World War in 1941, after the Japanese attacked Pearl Harbour. Britain was left for years to fend for themselves, being bombed heavily by the German Luftwaffe. Massive kudos should be given to the Royal Air Force for keeping the British isles free of German occupation (with the notable exception of the Channel Islands just off the coast of France, as that was the only part of British soil occupied by the Germans during the war). To be clear, I don’t want to deny the American war effort, and I surely want to give credit where credit is due, but on the other hand, it wasn’t the “America saved the world” that many people think it is.

There simply is no further need for NATO to exist. The North-Atlantic Treaty Organisation was created on 4 April 1949 as a defensive alliance of Western countries to protect Western Europe from encroachment by the Soviet Union. However, the Soviet Union no longer exists, and modern-day Russia closely cooperates with Europe, despite the current diplomatic difficulties. With the increasing interdependence between Russia and Europe there’s less and less need for an organisation like NATO to continue to exist.

Nowadays, NATO’s only reason for existence seems to be to contain Russia, and further the U.S. military/industrial complex and the militarist hawks are trying to prove the necessity of NATO by means of the Ukrainian crisis. The United States sees the future of NATO increasingly as an offensive organisation that is meant to further U.S. interests, and will not only include former Soviet republics into their fold, but plans are already under way to expand NATO’s influence even further, and cooperate even more closely with the current “Partners across the globe,” namely Afghanistan, Australia, Iraq, Japan, South Korea, Mongolia, New Zealand and Pakistan. Why are we such willing accomplices in that scheme?

The Role of the Mainstream Media

What struck me when watching the Ukrainian crisis unfold was the total and utter complacency and subservient attitude towards the official Western “party line” when the mainstream media reported on the crisis. There were hardly any critical questions asked when the telephone conversation between Nuland and Pyatt become publicly available, and no questions were asked as to the legitimacy of the current Ukrainian coup-imposed government.

Dare to ask the critical questions!

I would gladly watch the mainstream media more if they start being a bit more critical to the establishment, and not always simply copy/paste press releases, and actually try to analyse the matter for themselves and dare to ask the tough questions to the people in power.

This is again so lacking when it comes to coverage of the Ukrainian crisis, where there seems to be a unanimous consensus in the West that Putin is an evil imperialist, and NATO/EU/US is good, without even considering what really happens in Ukraine and the strategic and national interests involved, let alone the role the U.S. played in organising the coup d’état.

Of course the media can be critical towards Russia as well, and in fact they should. Truth be told, Russia still has a lot of problems to deal with, as do Western countries. And the media’s job should be to keep people informed so that they can freely form their opinions about the world around them, not just blindly copy the official party line. As then I might start watching again, and the employees of these media organisations might one day earn the title of “journalist.”

Country X: The Country That Shall Not Be Named

On Monday, 19 May 2014, Glenn Greenwald published his report entitled Data Pirates of the Caribbean: The NSA is recording every cell call in the Bahamas, in which he reported about the NSA SOMALGET program, which is part of the larger MYSTIC program. MYSTIC has been used to intercept the communications of several countries, namely the Bahamas, Mexico, Kenya, the Phillipines, and thanks to Wikileaks we now know that the final country, redacted in Glenn Greenwalds original report on these programs, was Afghanistan.

MYSTICSOMALGET can be used to take in the entire audio stream (not just metadata) of all the calls in an entire country, and store this information for (at least) 30 days. This is capability the NSA developed, and was published by The Washington Post in March this year.

Why the Censorship?

The question however, is why Glenn Greenwald chose to censor the name of Afghanistan out of his report. He claims it has been done to protect lives, but I honestly can’t for the life of me figure out why lives would be at risk when it is revealed to the Afghani’s that their country is one of the most heavily surveilled on the planet? This information is not exactly a secret. Why is this knowledge that’s OK for the Bahamians to possess, but not the Afghani’s? The US effectively colonized Afghanistan and it seems that everyone with at least half a brain can figure out that calling someone in Afghanistan might have a very high risk of being recorded and analysed by NSA. Now we know for certain that the probability of this happening is 1.

Whistleblowers risk their lives and livelihoods to bring to the public’s attention, information that they deem to be in the gravest public interest. Now, whistleblowers carefully consider which information to publish and/or hand out to journalists, and in the case of intelligence whistleblowers, they are clearly more expert than most journalists when it comes to security and sensing which information has to be kept from the public in the interest of safety of lives and which information can be published in the public interest. After all, they have been doing exactly that for most of their professional lives, in a security-related context.

Now, it seems that Greenwald acts as a sort of filter between the information Edward Snowden gave him for publication, and the actual information the public is getting. Greenwald is sitting on an absolute treasure-trove of information and is clearly cherry picking which information to publish and which information to withhold. By what criteria I wonder? Spreading out the publication of data however, is a good strategy, given that about a year has passed since the first disclosures, and it’s still very much in the media, which is clearly a very good thing. I don’t think that would have happened if all the information was dumped at once.

But on the other hand: Snowden has risked his life and left his comfortable life on Hawaii behind him to make this information public, a very brave thing to do, and certainly not a decision to take lightly, and has personally selected Greenwald to receive this information. And here is a journalist who is openly cherry-picking and censoring the information given to him, already preselected by Snowden, and thereby withholding potentially critical information from the public?

So I would hereby like to ask: By what criteria is Greenwald selecting information for publication? Why the need to interfere with the whistleblower’s judgement regarding the information, who is clearly more expert at assessing the security-related issues surrounding publication?

Annie Machon, whistleblower and former MI5, has also done an interview on RT about this Afghanistan-censoring business of Greenwald, whistleblowers deserve full coverage. Do watch. Whistleblowers risk their lives to keep the public informed of government and corporate wrongdoing. They need our support.

Update: Mensoh has also written a good article (titled: The Deception) about Greenwald’s actions, also in relation to SOMALGET and other releases. A highly recommended read.