Tag Archives: intelligence

With Politicians Like These, Who Needs Terrorists?

The text on the cover says: "Love is stronger than hate."

The text on the cover says: “Love is stronger than hate.”

Last week, on the 7th of January 2015, the satirical magazine Charlie Hebdo‘s office in Paris was attacked by Islamic fundamentalists. Charlie Hebdo is a French satirical magazine featuring jokes, cartoons, reports etcetera. that is stridently anti-conformist in nature. They make fun of politics, Judaism, Christianity and Islam and all other institutions. Like all of us they have every right to freedom of expression. But alas, fundamentalists did not agree, and opted to violently attack their office in Paris with assault rifles and rocket propelled grenades, leaving 12 people killed and 11 wounded. This was a terrible attack, and my heart goes out to the families and their colleagues and friends who have lost their loved ones.

After the attack, there was (rightly so) worldwide condemnation and the sentence “Je suis Charlie,” French for “I am Charlie,” became the slogan of millions. What I am afraid of however, is not the terrorists who perpetrate these attacks. What frightens me more, is the almost automatic response by politicians who immediately see reasons to implement ever more oppressive legislation, building the surveillance state. After all, the goal of terrorism is to change society by violent means. If we allow them to, the terrorists have already won. Their objective is completed by our own fear.

Hypocrites At The March

When I was watching footage of the march in Paris for freedom of expression I saw that a lot of government leaders were present, most of whom severely obstructed freedom of expression and freedom of the press in their home countries. Now they were were at the march, claiming the moral high ground and claiming to be the guardians of press freedom.

Here’s an overview of some of the leaders present at the march and what they did in relation to restricting press freedom in their own countries, courtesy of Daniel Wickham, who made this list and published it on his Twitter feed:

Politicians like the ones mentioned above, but also the likes of May (UK Home Secretary), Opstelten (the Netherlands’ Justice Minister) and many others are jumping on the bandwagon again to implement new oppressive laws limiting freedom of expression and the civil and human rights of their peoples. With leaders like these, who needs terrorists? Our leaders will happily implement legislation that will severely curtail our freedoms and civil liberties instead of handling the aftermath of tragic events like these as grown-ups. It would be better if they viewed participating in the march as a starting point to start improving the situation in the areas of freedom of expression and freedom of the press at home.

The Political Consequences Of Terrorist Attacks

What frightens me is the fact that people like Andrew Parker, head of MI5, the kind of person who normally never makes headlines, is given all the space he needed to explain to us “why we need them,” to put it in the words of High Chancellor Adam Sutler, the dictator from the film “V for Vendetta,” which is set in a near-future British dystopia. UK Chancellor George Osborne immediately said in response to the piece by Andrew Parker that MI5 will get an extra £100 million in funding for combating Islamic fundamentalism. David Cameron has confirmed this.

Politicians are using the tragic events in Paris as a way to demand more surveillance powers for the intelligence community in a brazen attempt to curtail our civil liberties in a similar way to what happened after the 9/11 attacks.

All the familiar rhetoric is used again, how it’s a “terrible reminder of the intentions of those who wish us harm,” how the threat level in Britain worsened and Islamic extremist groups in Syria and Iraq are trying to attack the UK, how the intelligence community needs more money to gather intelligence on these people, how our travel movements must be severely restricted and logged, the need for increased security at border checks, a European PNR (Passenger Name Record) (which, incidentally would mean the end of Schengen, one of the core founding principles on which the EU was founded — freedom of movement). The list goes on and on.

A trend can be seen here. UK Home Secretary Theresa May wants to ban extremist speech, and ban people deemed extremist from publicly speaking at universities and other venues. The problem with that is that the definition of extremist is very vague, and certainly up for debate. Is vehemently disagreeing with the government’s current course in a non-violent way extremist? I fear that May thinks that would fit the definition. This would severely curtail freedom of speech both on the internet and in real life, since there are many people who disagree with government policies, and are able to put forward their arguments in a constructive manner.

Before we can even begin to implement laws like these we need to discuss what extremism means, what vague concepts like “national security” mean. There are no clear definitions for these terms at this point, while the legislation that is being put into place since 9/11 is using these vague notions intentionally, giving the security apparatus way too much leeway to abuse their powers as they see fit.

I read that Cameron wants to ban all encrypted communications, since these cannot be decrypted by the intelligence community. This would mean that banks, corporations and individuals would leave themselves vulnerable to all kinds of security vulnerabilities, including identity theft among others, vulnerabilities which cryptographic technologies are meant to solve.

Cryptography is the practice of techniques for secure communication in the presence of adversaries. Without cryptography, you couldn’t communicate securely with your bank, or with companies that handle your data. You also couldn’t communicate securely with various government agencies, or health care institutions, etcetera. All these institutions and corporations handle sensitive information about your life that you wouldn’t want unauthorised people to have access to.  This discussion about banning cryptography strongly reminds me of the Crypto Wars of the 1990s.

Making technologies like these illegal only serves to hurt the security of law-abiding citizens. Criminals, like the people who committed the attacks at Charlie Hebdo, wouldn’t be deterred by it. They are already breaking the law anyway, so why worry? But for people who want to comply with the law, this is a serious barrier, and restricting cryptography only hurts our societies’ security.

Norwegians’ Response to Breivik

Instead of panicking, which is what these politicians are doing right now, we should instead treat this situation with much more sanity. Look for instance to how the Norwegians have handled the massacre of 77 people in Oslo and on the Norwegian island of Utøya by Anders Behring Breivik on July 22nd, 2011.

Breivik attacked the Norwegian government district in Oslo, and then subsequently went to Utøya, where a large Labour Party gathering was taking place. He murdered 77 people in total.

The response by the Norwegians was however, very different from what you would expect had the attack taken place in the UK, the US or The Netherlands, for instance. In these countries, the reaction would be the way it is now, with the government ever limiting civil liberties in an effort to build the surveillance state, taking away our liberties in a fit of fear. The Norwegians however, urged that Norway continued its tradition of openness and tolerance. Memorial services were held, the victims were mourned, and live went on. Breivik got a fair trial and is now serving his time in prison. This is the way to deal with crises like this.

Is Mass Surveillance Effective?

The problem with more surveillance legislation is the fact that it isn’t even certain that it would work. The effectiveness of the current (already quite oppressive) surveillance legislation has never been put to the test. Never was a research published that definitively said that, yes, storing all our communications in dragnet surveillance has stopped this many terrorist attacks and is a valuable contribution to society.

In fact, even the White House has released a review of the National Security Agency’s spy programmes in December 2013, months after the first revelations by Edward Snowden, and this report offered 46 recommendations for reform. The conclusion of the report was predictable, namely that even though the surveillance programmes have gone too far, that they should stay in place. But this report has undermined the NSA’s claims that the collection of meta-data and mass surveillance on billions of people is a necessary tool to combat terrorism.

The report says on page 104, and I quote:

“Our review suggests that the information contributed to terrorist investigations by the use of Section 215 telephony meta-data was not essential to preventing attacks and could readily have been obtained in a timely manner using conventional Section 215 orders.”

And shortly after Edward Snowden’s revelations about the existence of some of these programmes were published, former director of the NSA Keith Alexander testified to the Senate in defence of his agency’s surveillance programmes. He claimed that dozens of terrorist attacks were stopped because of the mass surveillance, both at home and abroad. This claim was also made by President Obama, who said that it was “over 50.” Often, 54 is the exact number quoted. Alexander’s claim was challenged by Senators Ron Wyden (D-OR) and Mark Udall (D-CO), who said that they “had not seen any evidence showing that the NSA’s dragnet collection of Americans’ phone records has produced any valuable intelligence.” The claim that the warrant-less global dragnet surveillance has stopped anywhere near that number of terrorist attacks is questionable to say the least, and much more likely entirely false.

More oppressive dragnet surveillance measures aren’t helping with making the intelligence community any more efficient at their job. In fact, the more intelligence gets scooped up in these dragnet surveillance programmes, the less likely it becomes that a terror plot is discovered before it occurs, so that these may be stopped in time. More data needs to be analysed, and there’s only so much automatic algorithms can do when tasked with filtering out the non-important stuff. In the end, the intel needs to be assessed by analysts in order to determine their value and if necessary act upon it. There is also the problem with false positives, as people get automatically flagged because their behaviour fits certain patterns programmed into the filtering software. This may lead to all sorts of consequences for the people involved, despite the fact that they have broken no laws.

Politicians can be a far greater danger to society than a bunch of Islamic terrorists. Because unlike the terrorists, politicians have the power to enact and change legislation, both for better and for worse. When we are being governed by fear, the terrorists have already won.

The objective of terrorism is not the act itself. It is to try and change society by violent means. If we allow them to change it, by implementing ever more oppressive mass surveillance legislation (in violation of Article 8 of the European Convention on Human Rights (ECHR)), or legislation that restricts the principles of freedom of the press and freedom of speech, enshrined in Article 10 of the ECHR, freedom of assembly and association enshrined in Article 11, or of freedom of movement which is one of the basic tenets on which the European Union was founded, the terrorists have already won.

Let’s use our brains and think before we act.

The Ukrainian Veto: Why The MH17 Report Will Not Reveal The Truth

On November 26, 2014 it was revealed by the Dutch news outlet RTL Nieuws that there exists a confidentiality agreement that was signed by the Netherlands, Belgium, Australia and the Kiev regime in Ukraine that gives each of the signatories a veto on any information that comes out of the investigation.

The existence of this confidentiality agreement is confirmed by the Australian Government, more specifically by Melissa Stenfors, Acting Director of the Crisis Management & Contingency Planning Section of the Department of Foreign Affairs and Trade:

Veto_Australia_Ukraine_MH17Later, the authenticity of this letter was confirmed by the Australian Ministry of Foreign Affairs and Trade in the following statement to RTL Nieuws:

“The letter to which you refer is authentic. Australia, The Netherlands, Belgium and Ukraine have signed a non-disclosure agreement with respect to the criminal investigation into the downing of Malaysian Airlines flight MH17.

This agreement requires consensus among the parties before information regarding the investigation can be released. The non-disclosure of information is important to avoid jeopardising the investigation or prejudicing a future judicial proceeding arising from the investigation.

The Joint Investigation Team non-disclosure agreement was communicated in confidence by foreign governments, and, as a result, cannot be made public.”

(emphasis mine)

An Elsevier magazine Freedom of Information Act (Wob) request to reveal the contents of the confidentiality agreement mentioned above, along with 16 other documents concerning the investigation was denied by the Dutch cabinet.

geweigerd

Unanswered Questions

So far, the investigation into the downing of Malaysian Airlines Flight MH17 is poorly done. The Dutch Safety Board (Onderzoeksraad voor Veiligheid) published a preliminary report about MH17 on 9 September 2014. This report was unsatisfactory for many parties. Basically it only says that the damage to the front section of the fuselage and the cockpit indicates that the plane was hit by a large number of high-energy projectiles coming from outside the aircraft, and that the damage pattern does not match with any damage one would expect in case of failure of the aircraft’s engines or other systems. In any case, there are no indications of any technical or operational problems with the aircraft or its crew prior to the CVR (Cockpit Voice Recorder) and FDR (Flight Data Recorder) stopping their recordings at 13:20:03 hours.

Important questions still remain unanswered, like whether the damage was caused by an air-to-air missile (which would support the Russians’ claims of a Ukrainian fighter jet near the Malaysian airliner), or surface-to-air (which supports the Buk weapons system theory). In the case of a surface-to-air missile, it still remains to be seen who fired the weapon at the time. Satellite pictures that claim that the Buk was operated by the rebels and then transported out of eastern Ukraine into the Russian Federation are very grainy, and one cannot discern any important details, let alone confirm their authenticity. These questions have not yet been answered, let alone asked by the investigation team (at least as far as we know).

The existence of the confidentiality agreement however, is very problematic. Especially if it contains, as sources seem to indicate, a veto right for all parties, including Ukraine. What if the investigation does reveal something that might point to the Ukrainians being behind the MH17 disaster? Would that ever get published? I think not, given the fact that they have a veto. Basically, the way this investigation was set-up, almost guarantees an outcome that will absolve the Ukrainians of any blame in the disaster. When the report does come out eventually, it will no doubt serve as new fuel on the pyre, with the West trying to blame Russia for the downing of MH17. Another reason why the investigation might be slow-going, besides the obvious difficulties in collecting all the evidence, is because the release of the final report might need to be carefully timed, released only when there’s a lull in the anti-Putin rhetoric, and this could then serve to ignite people’s anger and play on emotions to start a war with Russia. Which is a horrible thought, and I certainly do not hope things will play out this way.

But just as we have been stumbling into World War One, some of the signs are seen again nowadays. For instance, just look at the sheer level of propaganda found in the mainstream media, impervious to facts and reason. We are stumbling into another World War before we realise what happened. As the distinguished journalist John Pilger so brilliantly said during his speech at the Logan Symposium in London this month, “the most effective propaganda is not found in the Sun or on Fox News, but beneath a liberal halo.” We need to find the counter-narrative, figure out what is really going on to try and prevent this tragedy from happening.

It pains me to see how the U.S. is using Europe as its playground, themselves safely removed far away across the Atlantic Ocean, and we Europeans are allowing them to. Why should we be so subservient to a nation whose foreign policy in the past 70 years has only contributed to igniting crises and wars across the world? South America was ravaged by U.S. foreign policy, as was Vietnam, Cambodia, Laos, Afghanistan, Iraq, Syria, Pakistan, Yemen, Somalia, Cuba, and countless of other countries. Innocent citizens across the globe now have to live with the very real and daily fear of extra-judicial murder in the form of drone strikes, personally ordered and authorised by President Obama every Tuesday, extraordinary renditions (kidnapping) to “black sites” in countries like Poland and Romania where people are subject to CIA torture, as the executive summary of the Senate Select Committee on Intelligence Torture Report (PDF) recently revealed.

And the sad thing is, I’m not seeing any significant change in the US, where pundits the likes of Dick Cheney are still trumpeting torture (euphemistically called “enhanced interrogation”). When the Nazi’s were defeated after the Second World War, they were brought before the court during the Nuremberg trials, and some of the people deemed mainly responsible for the crimes against humanity and war crimes committed under Hitler’s regime were executed for their crimes. In the US, there isn’t even the slightest hint of a criminal investigation into the people responsible for the torture committed by CIA personnel and contractors, either directly or indirectly.

The Second Cold War

The coup in Ukraine was used to try and lure Russia into a second Cold War. A massive misinformation campaign was mounted in the Western press which totally ignored the real cause of the current crisis in Ukraine, namely the US putsch to oust the pro-Russian Yanukovich from power and install the pro-US Yatsenyuk. Yanukovich was democratically elected, Yastenyuk was not. On Maidan square, snipers attacked both the pro- and anti-Yanokovich protesters. The telephone conversation Victoria Nuland (Assistant Secretary of State) held with Geoffrey Pyatt (U.S. Ambassador to Ukraine) that was intercepted and posted to YouTube was blacked out from the mainstream media. This offered compelling evidence that the Ukrainian crisis was a U.S. led coup.

I have written extensively about the coup previously, explaining that NATO expansion after the Cold War ended has put Russia on edge, as they are obviously concerned about their national security. When the Soviets did a similar thing in Cuba, this led to Cuban Missile Crisis in October 1962. Why is it OK for the U.S. to respond by blockading Cuba, but when it’s Russia’s national security that is being threatened by NATO’s military bases, these legitimate concerns are hand-waved away and ignored? American exceptionalism has no place in the 21st century, or in fact, in any century.

After the referendum on the status of the Crimea, where the vast majority of the (mostly ethnic Russian) population (96.77% in fact) voted to re-join the Russian Federation, after the separation of the Crimea from Russia by Nikita Khrushchev in 1954, the Russians were immediately blamed for annexing the area. However, there were no such outcries when Kosovo declared itself independent from Serbia (without a referendum, mind you). In the case of Kosovo, it suited the Western powers, in the case of the Crimea, it did not.

The Crimea is of strategic importance to the Russians, as their Black Sea Fleet is based in the Crimean city of Sevastopol. When the Ukrainian coup started, Russia was getting increasingly concerned about whether it would be able to continue its lease of the military base, which was set to expire in 2042. Losing access to the base would be difficult, as Sevastopol’s warm water port, its natural harbour and the extensive infrastructure already in place there currently makes it one of the best-outfitted naval bases in the Black Sea. Sevastopol also allows the Russians relatively quick and easy access to the Mediterranean. The Russian Mediterranean Task Force, which is based in Sevastopol, was previously used to remove Syrian chemical weapons and conduct anti-piracy operations near Somalia.

All I hope is that the current crisis will be resolved quickly, as the path we currently seem to be on (one almost inevitably leading to war), is a foolish endeavour, and we need to realise that talking and diplomacy will get us much further than empty threats and baseless allegations. We’ve previously seen what US interference does to countries, like in the 2003 invasion of Iraq, and the sanctions that were put in place before that. Millions of people have been displaced and killed in that conflict alone. We need to stop this madness and start the dialogue to understand and hear the valid concerns put forward. Only then can war be avoided.

Regin: The Trojan Horse From GCHQ

In 2010, Belgacom, the Belgian telecommunications company was hacked. This attack was discovered in September 2013, and has been going on for years. We know that this attack is the work of Western intelligence, more specifically, GCHQ, thanks to documents from Edward Snowden. This operation was called Operation Socialist. Now, however, we know a little bit more about how exactly this attack was done, and by what means. Internet connections from employees of Belgacom were sent to a fake LinkedIn page that was used to infect their computers with malware, called “implants” in GCHQ parlance. Now we know that Regin is the name given to the highly complex malware that seems to have been used during Operation Socialist.

Projekt 28Symantec recently reported on this malware (the full technical paper (PDF) can be found here), and it’s behaviour is highly complex. It is able to adapt to very specific missions and the authors have made tremendous effort to make it hard to detect. The malware is able to adapt and change, and since most of anti-virus detection relies on heuristics, or specific fingerprints of known malware, Regin was able to fool anti-virus software and stay undetected. However, Symantec put two and two together and has now revealed some of Regin’s inner workings.

fig3-countriesThe infections have ranged from telecoms and internet backbones (20% of infections), to hospitality (hotels, etc.), energy, the airlines, and research sectors but the vast majority of infections has been of private individuals or small businesses (48%). Also, the countries targeted are diverse, but the vast majority of attacks is directed against the Russian Federation (28%) and Saudi Arabia (24%).

The Regin malware works very much like a framework, which the attackers can use to inject various types of code, called “payloads” to do very specific things like capturing screen-shots, taking control of your mouse, stealing passwords, monitoring your network traffic and recovering files. Several Remote Access Trojans (also known as RATs) have been found, although even more complex payloads have also been found in the wild, like a Microsoft IIS web server traffic monitor (this makes it easy to spy on who visits a certain website etcetera). Another example of a highly complex payload that has been found is malware to sniff administration panels of mobile cellphone base station controllers.

How Regin Works

As mentioned above, Regin works as a modular framework, where the attackers can turn on/off certain elements and load specific code, called a “payload,” to create a Regin version that is specifically suited to a specific mission. Note that it is not certain whether all payloads have been discovered, and that there may be more than the ones specified in the report.

fig2-sectorsRegin does not appear to target any specific industrial sector, but infections have been found across the board, but mostly in telecom and private individuals and small businesses. Currently, it is not known what infection vectors can possibly be used to infect a specific target with the Regin malware, but one could for instance think of tricking the target into clicking on a certain link in an e-mail, visiting spoof websites, or maybe through a vulnerable application installed on the victim’s computer, which can be used to infect the target with Regin. In one instance, according to the Symantec report, a victim was infected through Yahoo! Instant Messenger. During Operation Socialist, GCHQ used a fake LinkedIn page to trick Belgacom engineers into installing the malware. So one can expect infection to take place along those lines, but other possibilities may of course exist.

regin_stages

The various stages of Regin.

Regin has six stages in its architecture, called Stage 0 to Stage 5 in the Symantec report. First, a dropper trojan horse will install the malware on the target’s computer (Stage 0), then it loads several drivers (Stage 1 and 2), loads compression, encryption, networking, and EVFS (encrypted file container) code (Stage 3), then it loads the encrypted file container and loads some additional kernel drivers, plus the payloads (Stage 4), and in the final stage (Stage 5) it loads the main payload and the necessary data files for it to operate.

The malware seems to be aimed primarily against computers running the Microsoft Windows operating system, as all of the files discussed in the Symantec report are highly Windows-specific. But there may be payloads out there which target GNU/Linux or OS X computers. The full extent of the malware has not been fully revealed, and it will be interesting to find out more about the exact capabilities of this malware. The capabilities mentioned in the report are already vast and can be used to spy on people’s computers for extended periods of time, but I’m sure that there must be more payloads out there, I’m certain that we’ve only scratched the surface of what is possible.

Regin is a highly-complex threat to computers around the world, and seems to be specifically suited towards large-scale data collection and intelligence gathering campaigns. The development would have required significant investments of time, money and resources, and might very well have taken a few years. Some components of Regin were traced back all the way to 2003.

Western Intelligence Origins?

In recent years, various governments, like the Chinese government, and the Russian government, have been implicated in various hacking attempts and attacks on Western infrastructure. In the article linked here, the FBI accuses the Russians of hacking for the purpose of economic espionage. However, Western governments also engage in digital warfare and espionage, not just for national security purposes (which is a term that has never been defined legally), but they also engage in economic espionage. In the early 1990s, as part of the ECHELON programme, the NSA intercepted communications between Airbus and the Saudi Arabian national airline. They were negotiating contracts with the Saudis, and the NSA passed information on to Boeing which was able to deliver a more competitive proposal, and due to this development, Airbus lost the $6 billion dollar contract to Boeing. This has been confirmed in the European Parliament Report on ECHELON from 2001. Regin also very clearly demonstrates that Western intelligence agencies are deeply involved in digital espionage and digital warfare.

Due to the highly-complex nature of the malware, and the significant amount of effort and time required to develop, test and deploy the Regin malware, together with the highly-specific nature of the various payloads and the modularity of the system, it is highly likely that a state actor was behind the Regin malware. Also, significant effort went into making the system very stealthy and hard for anti-virus software to detect. It was carefully engineered to circumvent anti-virus software’s heuristic detection algorithms and furthermore, some effort was put into making the Regin malware difficult to fingerprint (due to its modular nature)

Furthermore, when looking at the recently discovered attacks, and more especially where the victims are geographically located, it seems that the vast majority of attacks were aimed against the Russian Federation, and Saudi Arabia.

According to The Intercept and Ronald Prins from Dutch security company Fox-IT, there is no doubt that GCHQ and NSA are behind the Regin malware. Der Spiegel revealed that NSA malware had infected the computer networks of the European Union. That might very well been the same malware.

Stuxnet

symantic_virus_discovery.siA similar case of state-sponsored malware appeared in June 2010. In the case of Stuxnet, a disproportionate amount of Iranian industrial site were targeted. According to Symantec, which has published various reports on Stuxnet, Stuxnet was used in one instance to change the speed of about 1,000 gas-spinning centrifuges at the Iranian nuclear power plant at Natanz, thereby sabotaging the research done by Iranian scientists. This covert manipulation could have caused an explosion at this nuclear facility.

Given the fact that Israel and the United States are very much against Iran developing nuclear power for peaceful purposes, thinking Iran is developing nuclear weapons instead of power plants, together with Stuxnet’s purpose to attack industrial sites, amongst those, nuclear sites in Iran, strongly indicates that the US and/or Israeli governments are behind the Stuxnet malware. Both of these countries have the capabilities to develop it, and in fact, they started to think about this project way back in 2005, when the earliest variants of Stuxnet were created.

Dangers of State-Sponsored Malware

The dangers of this state-sponsored malware is of course that should it be discovered, it may very well prompt the companies, individuals or states that the surveillance is targeted against to take countermeasures, leading to a digital arms race. This may subsequently lead to war, especially when a nation’s critical infrastructure is targeted.

The dangers of states creating malware like this and letting it out in the wild is that it compromises not only security, but also our very safety. Security gets compromised when bugs are left unsolved and back doors built in to let the spies in, and let malware do its work. This affects the safety of all of us. Government back doors and malware is not guaranteed to be used only by governments. Others can get a hold of the malware as well, and security vulnerabilities can be used by others than just spies. Think criminals who are after credit card details, or steal identities which are subsequently used for nefarious purposes.

Governments hacking other nations’ critical infrastructure would constitute an act of war I think. Nowadays every nation worth its salt has set up a digital warfare branch, where exploits are bought, malware developed and deployed. Once you start causing millions of Euros worth of damage to other nations’ infrastructure, you are on a slippery slope. Other countries may “hack back” and this will inevitably lead to a digital arms race, the damage of which does not only affect government computers and infrastructure, but also citizens’ computers and systems, corporations, and in some cases, even our lives. The US attack on Iran’s nuclear installations with the Stuxnet malware was incredibly dangerous and could have caused severe accidents to happen. Think of what would happen had a nuclear meltdown occurred. But nuclear installations are not the only ones, there’s other facilities as well which may come under attacks, hospitals for instance.

Using malware to attack and hack other countries’ infrastructure is incredibly dangerous and can only lead to more problems. Nothing has ever been solved by it. It will cause a shady exploits market to flourish which will mean that less and less critical exploits get fixed. Clearly, these are worth a lot of money, and many people that were previously pointing out vulnerabilities and supplying patches to software vendors are now selling these security vulnerabilities off on the black market.

Security vulnerabilities need to be addressed across the board, so that all of us can be safer, instead of the spooks using software bugs, vulnerabilities and back doors against us, and deliberately leaving open gaping holes for criminals to use as well.

Dutch Intelligence Agencies AIVD/MIVD go TEMPORA

On November 21, 2014, the Dutch Ministry of the Interior and Relations within the Realm (Ministerie van Binnenlandse Zaken en Koninkrijksrelaties), sent a message to Parliament about the — in their view — necessary changes that need to be made to the Wet op de inlichtingen- en veiligheidsdiensten (Wiv) 2002 (Intelligence and Security Act 2002). The old law (Wiv 2002), differentiates between cable-bound and non-cable-bound (as in: satellite or radio) communications, and gives the intelligence agencies different powers for each of these two cases. In general, under the old law, according to Article 27, it’s legal for the AIVD and MIVD to bulk-intercept non-cable-bound communications. It isn’t legal for them to do so for cable-bound communications (as in: internet fibre optic cables, etc.) In this latter case, of cable-bound communications, it’s only legal for them to intercept the communications of specific intelligence targets (as put forward in Articles 25 and 26). In the case of targeted surveillance, the intercepted information can come from any source.

outline_dutch_intercept_network

An outline of the new Dutch interception framework. Click for larger version. Official document in Dutch can be found here.

The Dessens Committee concluded (PDF, on pages 10 and 11) that this distinction between the various sources of the communication (cable vs non-cable) is no longer appropriate in the modern day and age, where the largest chunk of the communications in the world travel via cables. The way the cabinet wants to solve this problem is by changing the law such that the AIVD and its military sister MIVD can lawfully intercept cable-bound communications in bulk, expanding their powers significantly. So, in other words, the Dutch government is planning to go full TEMPORA (original source PDF courtesy of Edward Snowden), and basically implement what GCHQ has done in the case of Britain: bulk intercept everything that goes across the internet.

Why does this matter?

This matters because by bulk-intercepting everything that goes across the internet, the communications of people who aren’t legitimate intelligence targets get intercepted and analysed as well. By intercepting everything, no-one can have any expectation of privacy on the internet anymore, except when we all pro-actively take measures (like using strong encryption, Tor, OTR chat, VPNs, using free/open source software, etc.) to make sure that our privacy is not being surreptitiously invaded by the spooks. It is especially important to do this when there isn’t any proper democratic oversight in place, which could stop the AIVD or MIVD from breaking the law, and provide meaningful oversight and corrections to corrupting tendencies (after all, as we all know, power corrupts).

Also, the Netherlands is home to the second-largest internet exchange in the world, the Amsterdam Internet Exchange (Ams-IX), second only to the German exchange DE-CIX in Frankfurt. So a very large amount of data goes across Ams-IX’s cables, and this makes it interesting from an intelligence point of view to bulk-intercept everything that goes across it. This was previously not allowed in the Netherlands. Now, of course, if the AIVD wanted access to these bulk-intercepts, it could simply ask its sister organisation GCHQ in Britain. There is a lively market for sharing intelligence in the world. For instance, in many jurisdictions where it would be illegal for a domestic intelligence agency to spy on their own citizens, a foreign intelligence agency has no such limitations, and can then subsequently share the gained intel with the domestic intelligence agency. But now, they are building their own capacity to do this in Amsterdam on a massive scale.

In terms of intelligence targets, the AIVD currently focuses on jihadists, Islamic extremists, and due to their historical tendencies still left over from the BVD-era, left-wing activists. The BVD’s surveillance on the left-leaning portion of the Dutch population was legendary.

Legalising certain practices of intelligence agencies is something that we see more and more, which is what happens here.

Lawyer-client confidentiality routinely broken

A few weeks ago, I read on RT that MI5, MI6 and GHCQ routinely snoop on lawyers’ client communications. In the Netherlands, lawyer-client communications are routinely intercepted by police, prison administrations, and intelligence agencies. In a normal criminal case with the police or prisons doing the intercepting, this is illegal, and any intel gained isn’t supposed to end up in court documents. But in the case of intelligence agencies doing the intercepting, this is currently legal since there are no legal provisions prohibiting the Dutch intelligence community from not recording and analysing lawyer-client communications. But in a few occasions, these communications did end up in court documents. This strongly indicates that these communications are routinely intercepted and analysed. There is in fact a whole IT infrastructure in place to “exclude” these communications from the phone tap records, for instance. On this page, the Dutch Bar Association is explaining to their members how to submit their phone numbers into this system so that their conversations with their clients are (ostensibly) excluded from the taps (only the taps by Police though, the intelligence community is, as I’ve explained above, not affected by this.)

This trend is incredibly dangerous to the right to a fair trial. If one cannot honestly speak to one’s lawyer any more, where every word spoken to one’s lawyer is intercepted and analysed, suddenly the government holds all the cards, and will always be one step ahead. How can one build a defence based on that?

The Netherlands is by the way still the country with the dubious distinction of having the largest absolute number of wire-taps in the world, and that’s just gleaned from (partial) police records. We don’t even know how much the AIVD and MIVD tap, since that information is classified, and “threatens national security if released,” which in my opinion is spy-speak for: “We tap so much that you’d fall off your chair in outrage if we told you, so it’s better that we don’t.”

Instead of holding the intelligence community accountable for their actions for once, and make these practices stop at once, the government has always taken the position of legalising current practices instead, which, if you are the government minister responsible for the oversight on the intelligence community, sure is a lot easier than confronting a powerful intelligence agency, which maybe holds some dirt on you.

All of these developments are so dangerous to our way of living and any sane definition of a free and open, democratic society where government is accountable to the people that they claim to represent, that it makes me want to proclaim, as Cicero exasperatedly proclaimed in his first oration against Senator Catilina:

“O tempora! O mores!”

In the Roman case, Catilina conspired to overthrow the Republic & Senate, and Cicero was frustrated that, in spite of all the evidence presented, Catilina was still not sentenced for the coup, whereas in previous times in Roman history, Cicero noted, people have been executed based on far less evidence.

Maccari-CiceroNow we have the situation, that in spite of all the mountains of evidence we now have, thanks to Snowden, governments around the world still won’t take the prudent and necessary steps to hold the intelligence community to account. We need to take action, and start to encrypt. As soon as the vast majority of the world’s communications are encrypted using strong encryption (not the ones where the NSA “helpfully” gives NIST the special factor to use for calculations in their standardisation of a crypto algorithm, all for free), soon, blatantly collecting everything will be of no use.

The Age of the Gait-Recognising Cameras Is Here!

Schiphol_airport_Amsterdam2.cleaned

A few days ago I read an article (NRC, Dutch, published 11 September, interestingly) about how TNO (the Dutch Organisation for Applied Scientific Research, the largest research institute in the Netherlands) developed technology (PDF) for smart cameras for use at Amsterdam Schiphol Airport. These cameras were installed at Schiphol airport by the Qubit Visual Intelligence, a company from The Hague. These cameras are designed to recognise certain “suspicious behaviour,” such as running, waving your arms, or sweating.

Curiously enough, these are all things that are commonly found at the stressful environment an international airport is to many people. People need to get at the gate on time, which may require running (especially if you arrived at Schiphol by train, which in the Netherlands is notoriously unreliable), they may be afraid of flying and trying to get their nerves under control, and airports are also places where friends and family meet again after long times abroad, which (if you want to hug each other) requires arm waving.

I suspect that a lot of false positives are going to occur with this technology due to this. It’s the wrong technology at the wrong place. I fully understand the need for airport security, and we all want a safe environment for both passengers and crew. Flights need to operate under safe conditions. What I don’t understand is the mentality that every single risk in life needs to be minimised away by government agencies and combated with technology. More technology does not equal safer airports.

Security Theatre

A lot of the measures taken at airports constitute security theatre. This means that the measures are mostly ineffective against real threats, and serve mostly for show. The problem with automatic profiling, which is what this programme tries to do as well, is that it doesn’t work. Security expert Bruce Schneier has also written extensively about this, and I encourage you to read his 2010 essay Profiling Makes Us Less Safe about the specific case of air travel security.

The first problem is that terrorists don’t fit a specific profile, these systems can be circumvented once people figure out how, and because of the over-reliance on technology instead of common sense this can actually cause more insecurity. In “Little Brother”, Cory Doctorow wrote about how Marcus Yallow put gravel in his shoes to fool the gait-recognising cameras at his high school so he and his friends could sneak out to play a game outside. Similar things will be done to try and fool these “smart” cameras, but the consequences can be much greater. We are actually more secure when we randomly select people instead of relying on a specific threat profile or behavioural profile to select who to screen and who gets through security without secondary screening. The whole point of random screening is that it’s random. Therefore, a potential terrorist cannot in advance know what the criteria are that will make the system pick him out. If a system does use specific criteria, and the security of the system depends on the criteria themselves being secret, that would mean that someone would just have to observe the system for long enough to find out what the criteria are.

Technology may fail, which is something people don’t always realise. Another TNO report entitled: “Afwijkend Gedrag” (PDF; Abnormal Behaviour) states under the (admittedly tiny) section that deals with privacy concerns that collecting data about abnormal behaviour of people is ethically just because the society as a whole can be made safer with this data and associated technology. It also states (and this is an argument I’ve read elsewhere as well), that “society has chosen that safety and security trumps privacy.”

Now, let’s say for the sake of the argument that this might be true in a general sense (although it can be debated whether this is always the case, personally I don’t think so, as sometimes the costs are just too high and we need to keep a free and democratic society after all). The problem here is that the way technology and security systems are implemented is usually not something we as a society get to first have a vote on before the (no doubt highly lucrative) contracts get signed. In this case, Qubit probably saw a way to make a quick buck by talking the Schiphol leadership and/or the government (as the Dutch state holds 69.77% of the Schiphol shares) into buying their technology. It’s not something the people had a conscious debate on, and then subsequently made a well-informed decision.

Major Privacy Issues

We have established that these systems are ineffective and can be circumvented (like any system can), and won’t improve overall security. But much more importantly, there are major privacy issues with this technology. What Schiphol (and Qubit) is doing here, is analysing and storing data on millions of passengers, the overwhelmingly vast majority of which is completely innocent. This is like shooting a mosquito with a bazooka.

What happens with this data? We don’t know, and we have to believe Qubit and Schiphol on their word that data about non-suspect members of the public gets deleted. However, in light of recent events where it seems convenient to collect and store as much data about people as possible, I highly doubt any deletions will actually happen.

And the sad thing is: in the Netherlands the Ministry of Security and Justice is now talking about implementing the above-mentioned behavioural analysis system at another (secret) location in the Netherlands. Are we all human guinea pigs ready to be tested and played around with?

What is (ab)normal?

There are also problems with the definitions. This is something I see again and again with privacy-infringing projects like this. What constitutes “abnormal behaviour”? Who gets to decide on that and who controls what is abnormal behaviour and what isn’t? Maybe, in the not-too-distant future, the meaning of the word “abnormal” begins to shift, and begins to mean “not like us,” for some definition of “us.” George Orwell mentioned this effect in his book Nineteen-eighty-four, where ubiquitous telescreens watch and analyse your every move and one can never be sure what are criminal thoughts and what aren’t.

In 2009, when the European research project INDECT got funded by the European Union, there were critical questions asked to the European Commission by the European Parliament. More precisely, this was asked:

Question from EP: How does the Commission define the term abnormal behaviour used in the programme?

Answer from EC: As to the precise questions, the Commission would like to clarify that the term behaviour or abnormal behaviour is not defined by the Commission. It is up to applying consortia to do so when submitting a proposal, where each of the different projects aims at improving the operational efficiency of law enforcement services, by providing novel technical assistance.

(Source: Europarl (Written questions by Alexander Alvaro (ALDE) to the Commission))

In other words: according to the European Commission it depends on the individual projects, which all happen to be vague about their exact definitions. And when you don’t pin down definitions like this (and anchor them in law so that powerful governments and corporations that oversee these systems can be held to account!), these can be changed over time when a new leadership comes to power, either within the corporation in control over the technology, or within government. This is a danger that is often overlooked. There is no guarantee that we will always live in a democratic and free society, and the best defence against abuse of power is to make sure that those in power have as little data about you as possible.

Keeping these definitions vague is a major tactic in scaring people into submission. This has the inherent danger of legislative feature creep. A measure that once was implemented for one specific purpose soon gets used for another if the opportunity presents itself. Once it is observed that people are getting arrested for seemingly innocent things, many people (sub)consciously adjust their own behaviour. It works similarly with free speech: once certain opinions and utterances are deemed against the law, and are acted upon by law enforcement, many people start thinking twice about what they say and write. They start to self-censor, and this erodes people’s freedom to the point where we slowly shift into a technocratic Orwellian nightmare. And when we wake up it will already be too late to turn the tide.

The Ukrainian Putsch: NATO’s Imperialistic Expansion and the Role of the Mainstream Media

As I’ve written earlier, the position the main stream media is taking seems to be one of being an extension of the powers that be. Rarely are the critical questions asked, and for the most part, with rare exceptions here and there, there is a significant bias to the reporting done.

An excellent example of this bias is when you look at the reporting done on the current crisis in Ukraine. This is a case that I want to look into in a bit more detail, now that several more things have become clear. In the Western media, the opinion seems to be that Vladimir Putin is bad, and NATO is good. They call the Russian position in this case imperialism, but forget their own role in creating and supporting this crisis in the first place.

In this article, I’ll explain some history about NATO expansion, and then go on trying to place the Ukrainian crisis into that historical framework, and subsequently I’ll take a look at the role the (Western) media have been playing so far, and what improvements can be made, to both our own governments’ positions relating to the U.S., and to media reporting.

Regime change and broken promises

As the phone call between Victoria Nuland (U.S. Assistant Secretary of State) and Geoffrey Pyatt (U.S. ambassador to Ukraine) reveals, the U.S. had made a plan of regime change for Ukraine. Nuland specifically mentioned Arseniy Yatsenyuk as Yanukovich’s successor and talk it through (“Yats is our man!”, “Have the UN help glue this thing”, “If it does gain altitude the Russians will be working behind the scenes to try to torpedo it.”, “Fuck the EU”). How convenient then, that when  Viktor Yanukovich is ousted, and the dust settles in Kiev, Yatsenyuk is suddenly prime minister? And what is the first thing he does? Instead of attending to the problems in Ukraine and finding a peaceful resolution to the crisis, he flies off to the very people who put him in power, and visits the United States. No doubt to thank them, I would presume.

Meanwhile, Western nations have been trying to punish Russia for annexing the Crimea (which, by the way, was originally part of the Russian SFSR, before it was transferred to the Ukrainian SSR by Nikita Khruchev in 1954). The sanctions don’t seem to have a big effect on Russia, and Russia has signed a new $400 billion 30-year gas deal with China on 21 May to try and make itself less dependent on Western gas customers. Russia is currently the biggest supplier of natural gas to Europe, and without the Russian gas, nations like Germany and Italy, as well as the Baltic states will get into trouble. There has been movement from these nations to try and become less dependent on Russia, and similarly, Russia has now signed a deal with China to become less dependent on the Western market, thereby significantly weakening any effect the sanctions were aimed at having.

NATO’s broken promiseNATO Expansion

NATO has been steadily expanding, despite the promise made in 1990 to the last Soviet president, Mikhail Gorbachev, who agreed that East- and West-Germany could be united and become a member of NATO, on the condition that NATO would not move one inch further east. Since then, NATO, mistakenly assuming that they had somehow “won” the Cold War, went on and happily incorporated 12  Eastern European nations into their fold, within Moscow’s sphere of influence, with the largest expansion eastwards taking place in 2004. Here’s an overview:

  • In 1999: Poland, the Czech Republic and Hungary were added to NATO,
  • In 2004: Bulgaria, Estonia, Latvia, Lithuania, Romania, Slovakia and Slovenia,
  • In 2009: Albania and Croatia.

Just imagine what would have happened had 12 South American nations joined the former Warsaw Pact? Now that would be something the U.S. would not accept. Similarly, Russia does not accept the continued expansion of NATO into their sphere of influence.

It looked like Ukraine was all set on becoming a future member of NATO. The prospect of Ukraine becoming a member state of the U.S.-led NATO is understandably a threat to Russian national security. They operate a major naval base in the Crimean city of Sevastopol, which is the main base of the Russian Black Sea Fleet, and from Sevastopol, the Russian fleet has quick access to the Mediterranean Sea. The Russians used to lease the base from the Ukrainians. However, the future of the lease might have been severely compromised if Ukraine would become part of NATO.

That the Russians feel threatened by the continued expansion of NATO is understandable given the fact that the U.S. military-industrial complex and their partners in Europe have been busy for many years expanding the “Star Wars” missile defense system in Eastern Europe, ostensibly to protect against a missile launch from Iran. The “Star Wars” program was established by President Reagan on 23 March 1983 as Strategic Defense Initiative (SDI), and renamed to Ballistic Missile Defense Organisation (BMDO) by the Clinton administration on 13 May 1993, then later renamed to Missile Defense Agency (MDA) in 2002 by the George W. Bush administration. I wonder why all the name changes were deemed necessary? To obfuscate and redirect unwanted media attention maybe? But I digress.antimissile

The hypocrisy of U.S. policy amazes me, because as some people still remember, when the Soviet Union did a similar thing in Cuba in 1962 (hint: supplying weapons to the Cubans to counter a possible future U.S. invasion attempt in Cuba after the failed CIA-sponsored Bay of Pigs invasion, and also sparked because the U.S. stationed nuclear weapons in Turkey), this in turn sparked anger from the United States and led to the Cuban Missile Crisis and subsequently, the Cuban Blockade.

A relic from the Cold War

In my opinion, NATO is a relic from the Cold War, which serves no purpose any longer and is now used as a way of furthering U.S. military hegemony in the world. With the revelations of Edward Snowden this last year, and hopefully with many more revelations to come, we should, as Europeans, ask whether we are still willing to continue to play the role of subservient lap dog of the U.S.. A role we’ve been playing since the end of the Second World War. We should start thinking about how we can safeguard the safety and security of European citizens, which by the way, is exactly what our governments, by definition, should worry about. Do we want to keep our own sovereignty? Because if we don’t, the game is up.

Instead, our governments seem more interested in giving our private data to U.S. corporations, and (by extension) their intelligence agencies. This in many cases significantly hurts European companies, for the powers of intelligence agencies are mostly used for industrial espionage purposes, not to combat terrorism. In fact, there has not been a single documented case of the NSA’s spying programs actually stopping any terrorists. President Obama claimed that 54 terrorist plots had been prevented (PDF, first page, 4th paragraph, published on 1 August 2013) thanks to the intel gathered by the NSAs metadata program, but this number is most likely pulled out of thin air, because there is no justification for this number, nor a way of checking that number independently.

The funny thing is, that the behaviour of the NSA is also significantly hurting U.S. companies, who see their European customers flee in droves for better alternatives that protect their privacy more. This is a negative economic effect the spying is having on the U.S. economy, as I’ve written about before, in November.

Our governments’ subservient attitude towards the U.S. is completely unjustified. For the people who claim that we would all be speaking German today had it not been for the Americans, they should retroactively get an F for history and re-take their history classes. For had it not been for the Soviets who suffered tremendous sacrifices combating Hitler (20 million Soviet civilians were killed during the war, not counting military personnel, more than 3 times the estimated 6 million Jews who died during the Holocaust), the Western allies would probably not have been able to land on the beaches of Normandy, as Hitler would not have to split his forces, and could then focus solely on the Western front.

America only got involved in the Second World War in 1941, after the Japanese attacked Pearl Harbour. Britain was left for years to fend for themselves, being bombed heavily by the German Luftwaffe. Massive kudos should be given to the Royal Air Force for keeping the British isles free of German occupation (with the notable exception of the Channel Islands just off the coast of France, as that was the only part of British soil occupied by the Germans during the war). To be clear, I don’t want to deny the American war effort, and I surely want to give credit where credit is due, but on the other hand, it wasn’t the “America saved the world” that many people think it is.

There simply is no further need for NATO to exist. The North-Atlantic Treaty Organisation was created on 4 April 1949 as a defensive alliance of Western countries to protect Western Europe from encroachment by the Soviet Union. However, the Soviet Union no longer exists, and modern-day Russia closely cooperates with Europe, despite the current diplomatic difficulties. With the increasing interdependence between Russia and Europe there’s less and less need for an organisation like NATO to continue to exist.

Nowadays, NATO’s only reason for existence seems to be to contain Russia, and further the U.S. military/industrial complex and the militarist hawks are trying to prove the necessity of NATO by means of the Ukrainian crisis. The United States sees the future of NATO increasingly as an offensive organisation that is meant to further U.S. interests, and will not only include former Soviet republics into their fold, but plans are already under way to expand NATO’s influence even further, and cooperate even more closely with the current “Partners across the globe,” namely Afghanistan, Australia, Iraq, Japan, South Korea, Mongolia, New Zealand and Pakistan. Why are we such willing accomplices in that scheme?

The Role of the Mainstream Media

What struck me when watching the Ukrainian crisis unfold was the total and utter complacency and subservient attitude towards the official Western “party line” when the mainstream media reported on the crisis. There were hardly any critical questions asked when the telephone conversation between Nuland and Pyatt become publicly available, and no questions were asked as to the legitimacy of the current Ukrainian coup-imposed government.

Dare to ask the critical questions!

I would gladly watch the mainstream media more if they start being a bit more critical to the establishment, and not always simply copy/paste press releases, and actually try to analyse the matter for themselves and dare to ask the tough questions to the people in power.

This is again so lacking when it comes to coverage of the Ukrainian crisis, where there seems to be a unanimous consensus in the West that Putin is an evil imperialist, and NATO/EU/US is good, without even considering what really happens in Ukraine and the strategic and national interests involved, let alone the role the U.S. played in organising the coup d’état.

Of course the media can be critical towards Russia as well, and in fact they should. Truth be told, Russia still has a lot of problems to deal with, as do Western countries. And the media’s job should be to keep people informed so that they can freely form their opinions about the world around them, not just blindly copy the official party line. As then I might start watching again, and the employees of these media organisations might one day earn the title of “journalist.”

Country X: The Country That Shall Not Be Named

On Monday, 19 May 2014, Glenn Greenwald published his report entitled Data Pirates of the Caribbean: The NSA is recording every cell call in the Bahamas, in which he reported about the NSA SOMALGET program, which is part of the larger MYSTIC program. MYSTIC has been used to intercept the communications of several countries, namely the Bahamas, Mexico, Kenya, the Phillipines, and thanks to Wikileaks we now know that the final country, redacted in Glenn Greenwalds original report on these programs, was Afghanistan.

MYSTICSOMALGET can be used to take in the entire audio stream (not just metadata) of all the calls in an entire country, and store this information for (at least) 30 days. This is capability the NSA developed, and was published by The Washington Post in March this year.

Why the Censorship?

The question however, is why Glenn Greenwald chose to censor the name of Afghanistan out of his report. He claims it has been done to protect lives, but I honestly can’t for the life of me figure out why lives would be at risk when it is revealed to the Afghani’s that their country is one of the most heavily surveilled on the planet? This information is not exactly a secret. Why is this knowledge that’s OK for the Bahamians to possess, but not the Afghani’s? The US effectively colonized Afghanistan and it seems that everyone with at least half a brain can figure out that calling someone in Afghanistan might have a very high risk of being recorded and analysed by NSA. Now we know for certain that the probability of this happening is 1.

Whistleblowers risk their lives and livelihoods to bring to the public’s attention, information that they deem to be in the gravest public interest. Now, whistleblowers carefully consider which information to publish and/or hand out to journalists, and in the case of intelligence whistleblowers, they are clearly more expert than most journalists when it comes to security and sensing which information has to be kept from the public in the interest of safety of lives and which information can be published in the public interest. After all, they have been doing exactly that for most of their professional lives, in a security-related context.

Now, it seems that Greenwald acts as a sort of filter between the information Edward Snowden gave him for publication, and the actual information the public is getting. Greenwald is sitting on an absolute treasure-trove of information and is clearly cherry picking which information to publish and which information to withhold. By what criteria I wonder? Spreading out the publication of data however, is a good strategy, given that about a year has passed since the first disclosures, and it’s still very much in the media, which is clearly a very good thing. I don’t think that would have happened if all the information was dumped at once.

But on the other hand: Snowden has risked his life and left his comfortable life on Hawaii behind him to make this information public, a very brave thing to do, and certainly not a decision to take lightly, and has personally selected Greenwald to receive this information. And here is a journalist who is openly cherry-picking and censoring the information given to him, already preselected by Snowden, and thereby withholding potentially critical information from the public?

So I would hereby like to ask: By what criteria is Greenwald selecting information for publication? Why the need to interfere with the whistleblower’s judgement regarding the information, who is clearly more expert at assessing the security-related issues surrounding publication?

Annie Machon, whistleblower and former MI5, has also done an interview on RT about this Afghanistan-censoring business of Greenwald, whistleblowers deserve full coverage. Do watch. Whistleblowers risk their lives to keep the public informed of government and corporate wrongdoing. They need our support.

Update: Mensoh has also written a good article (titled: The Deception) about Greenwald’s actions, also in relation to SOMALGET and other releases. A highly recommended read.

Persecution of whistleblowers and journalists

Chelsea ManningI was also honoured to be able to attend the Sam Adams Associates’ award ceremony in Oxford, United Kingdom last month, and Chelsea Manning is a truly worthy recipient of the Sam Adams Award for Integrity in Intelligence. Her leaking of the Collateral Murder video to WikiLeaks (a video showing how U.S. Air Force personnel shoots at several unarmed civilians, 2 Reuters journalists and a father with 2 small children) proved that the U.S. was committing war crimes in Iraq. It was incredibly brave of her to leak the footage to WikiLeaks. For obvious reasons, Manning sadly could not make it to the ceremony herself, so her friend Aaron Kirkhouse received the award and delivered her acceptance speech.

It is absolutely horrific that whistle-blowers are being persecuted (Manning received 35 years in prison) while the real war criminals (the crew who fired from the Apache attack helicopter, killing dozens of unarmed civilians) gets to live in freedom.

And this isn’t happening solely to Manning either, it happened to other whistle-blowers and the people who are brave enough speak truth to power as well. And now we’ve come to the point where journalists are prevented from doing their jobs, and are increasingly approached with hostility by the state. Especially the ones who ask the critical questions that need asking.

Julian Assange is still under what basically amounts to house arrest in the Ecuadorian Embassy in London, because the Swedish authorities want to prosecute him. Assange fears that the Swedes will hand him over to the U.S. authorities because of his work for WikiLeaks. I think this is a very real fear, and Assange has offered the Swedish authorities the opportunity to send investigators to the U.K. to question him in person inside the Embassy. They have refused.

Just last week I’ve read the news about how the Dutch authorities have made up lies about the Dutch investigative journalist Brenno de Winter, that he had hacked facilities/infrastructure or committed burglary, etcetera. They then shared his personal information, including his address to government departments and the police. When he was having a lunch meeting the receptionist was startled and said that they had a ‘protocol’ for Mr. De Winter. A security guard was then sent to accompany him and watch his every move as he ate his lunch.

These are all classic cases of the government shooting the messenger, instead of heeding to the message and making serious inroads in making sure that war crimes and crimes against humanity, corruption, and abuse of power are stopped.

Whistle-blowers are incredibly important for society to keep power in government and corporations accountable to the people, to let the people know about what is going on. Journalists, and a free press in general, are likewise very important as well, and the second we lose a free press, that’s the second we’ve lost our freedom. The media are being used by the powers that be to influence public opinion. After all, to quote Juice Rap News: “If it’s not on “the News”, it didn’t happen, right?”

Gave Privacy By Design Talk At eth0

eth0I gave my talk about privacy by design last Saturday at eth0 2014 winter edition, a small hacker get-together which was organised in Lievelde, The Netherlands this year. eth0 organizes conferences that aim at bringing people with different computer-related interests together. They organise two events per year, one during winter. I’ve previously given a very similar talk at the OHM2013 hacker conference which was held in August 2013.

Video

Here’s the footage of my talk:

Quick Synopsis

I talked about privacy by design, and what I did with relation to Annie Machon‘s site and recently, the Sam Adams Associates for Integrity in Intelligence site. The talk consists of 2 parts, in the first part I explained what we’re up against, and in the second part I explained the 2 sites in a more specific case study.

I talked about the revelations about the NSA, GCHQ and other intelligence agencies, about the revelations in December, which were explained eloquently by Jacob Applebaum at 30C3 in Hamburg in December. Then I moved on to the threats to website visitors, how profiles are being built up and sold, browser fingerprinting. The second part consists of the case studies of both Annie Machon’s website, and the Sam Adams Associates’ website.

I’ve mentioned the Sam Adams Associates for Integrity in Intelligence, for whom I had the honour to make their website so they could have a more public space where they could share things relating to the Sam Adams Award with the world, and also to provide a nice overview of previous laureates and what their stories are.

Swiss FlagOne of the things both sites have in common is the hosting on a Swiss domain, which provides for a safer haven where content may be hosted safely without fear of being taken down by the U.S. authorities. The U.S. claims jurisdiction on the average .com, .net, .org domains etc. and there have been cases where these have been brought down because it hosted content the U.S. government did not agree with. Case in point: Richard O’Dwyer, a U.K. citizen, was threatened with extradition to the United States for being the man behind TVShacks, which was a website that provided links to copyrighted content. MegaUpload, the file locker company started by Kim Dotcom, was given the same treatment, where if you would visit their domain, you were served an image from the FBI telling you the domain had been seized.