Tag: espionage

Just browsing

Among the first orders of business for the Conservatives, now that they have a majority, is to increase their ability to spy on the general public — for only the most noble of reasons bien sûr:

That law, labelled a snooper’s charter, would have required internet and mobile phone companies to keep records of customers’ browsing activity, social media use, emails, voice calls, online gaming and text messages for a year. 

It occurred to me that a reasonably effective defense against government snooping on your browsing history (and, indeed, Google snooping on your browsing history) might be to have a browser that is constantly active, and searches for random search terms whenever it is not being actively used.

Some ideas:

  1. The random browsing should not be completely arbitrary. It should include sufficient numbers of securityphilic keywords to make it difficult to search through.
  2. You don’t want the real searches to stand out as topically coherent. You’d want the choice of search terms to crawl through topic space.
  3. You might want to embed the real searches in the crawl. Suppose I type “David Cameron smashed restaurant” into my search window, when the browser, on its own initiative, has just searched for “spurious GCHQ bomb plots”. Instead of carrying out my search immediately, it interpolates thematically. Maybe a dozen searches like “spurious David Cameron bomb plots” and “spurious David cameron bomb restaurant”.

Is it better if they spy accurately?

There’s a fascinating article in the Guardian about how Berlin has become a centre for “digital exiles”, people — mainly Americans — whose online activism has put them in the crosshairs of various security services, leading to low-level harassment, or occasionally high-level harassment, such as this frightening story

Anne Roth, a political scientist who’s now a researcher on the German NSA inquiry, tells me perhaps the most chilling story. How she and her husband and their two children – then aged two and four – were caught in a “data mesh”. How an algorithm identified her husband, an academic sociologist who specialises in issues such as gentrification, as a terrorist suspect on the basis of seven words he’d used in various academic papers.

Seven words? “Identification was one. Framework was another. Marxist-Leninist was another, but you know he’s a sociologist… ” It was enough for them to be placed under surveillance for a year. And then, at dawn, one day in 2007, armed police burst into their Berlin home and arrested him on suspicion of carrying out terrorist attacks.

But what was the evidence, I say? And Roth tells me. “It was his metadata. It was who he called. It was the fact that he was a political activist. That he used encryption techniques – this was seen as highly suspicious. That sometimes he would go out and not take his cellphone with him… ”

He was freed three weeks later after an international outcry, but the episode has left its marks. “Even in the bathroom, I’d be wondering: is there a camera in here?”

This highlights a dichotomy that I’ve never seen well formulated, that pertains to many legal questions concerning damage inflicted by publication or withholding of information: Are we worried about true information or false information? Is it more disturbing to think that governments are collecting vast amounts of private and intimate information about our lives, or that much of that information (or the inferences that also count as information) is wrong?

As long as the security services are still in their Keystone Cops phase, and haven’t really figured out how to deploy the information effectively, it’s easier to get aroused by the errors, as in the above. When they have learned to apply the information without conspicuous blunders, then the real damage will be done by the ruthless application of broadly correct knowledge of everyone’s private business, and the crushing certainty everyone has that we have no privacy.

It’s probably a theorem that there is a maximally awful level of inaccuracy. If the information is completely accurate, then at least we avoid the injustice of false accusation. If the information is all bogus, then people will ignore it. Somewhere in between people get used to trusting the information, and will act crushingly on the spurious as well as the accurate indications. What is that level? It’s actually amazing how much tolerance people have for errors in an information source before they will ignore it — cf., tabloid newspapers, astrology, economic forecasts — particularly if it’s a secret source that seems to give them some private inside knowledge.

On a somewhat related note, Chris Bertram at Crooked Timber has given concise expression to a reaction that I think many people have had to the revelations of pervasive electronic espionage by Western democratic governments against their own citizens:

 It isn’t long since the comprehensive surveillance of citizens… was emblematic of how communist states would trample on the inalienable rights of people in pursuit of state security. Today we know that our states do the same. I’m not making the argument that Western liberal democracies are “as bad” as those states were,… but I note that these kinds of violations were not seen back then as being impermissible because those states were so bad in other ways — undemocratic, dirigiste — but rather were portrayed to exemplify exactly why those regimes were unacceptable.

 

How Harold Wilson kept it together

One could spend the whole day and half the night recording the weird infelicities of expression that automatic spell-checking has wrought upon once-proud journalistic enterprises. But some are truly exceptional.

According tq The New Republic, his close associate Joseph Kagan (who was rumoured to be his KGB handler, by those who thought he was a Soviet mole) was a “clothing magnet”.

The New RepublicIt sounds like the kind of excuse a teenager caught shoplifting might use. “I don’t know how it got into my bag, your Honour. I seem to be a clothing magnet.”

Cutting the Snowdian knot

All Five Eyes — really, all eyes in the democratic world — are on Australia, watching its ingenious solution to what seemed an insoluble problem: How to conform the needs of modern network surveillance for combatting crime and terrorism, with the demands of democratic governance. In their remarkably forthright way, they have recognised that there are two basic problems:

  1. Espionage agencies have an alarming tendency to involve themselves in illegal activity;
  2. Their activities tend to cause scandals, as citizens grow alarmed by hearing of what they consider to be threats to their privacy.

Their solutions are equally forthright. Rather than trying stopgaps of limiting the information collected, time periods for which it can be stored, purposes to which the information may be applied, and blah blah blah, which are completely arbitrary, and only end up forcing hard-working spies to spend their time thinking up ingenious subterfuges to evade the rules, they have attacked the problem at its roots. According to a recent news report, the Australian government plans to propose legislation under which

  1. ASIO (Australian Security Intelligence Organisation) will have the power to declare their activities to be “special intelligence operations”, in which intelligence officers receive immunity from liability for actions that would be “otherwise illegal”. Since requiring even the head of their own agency to sign off on unlimited warrants for lawbreaking would be too onerous, approval of ASIO’s deputy director general will suffice.
  2. To avoid scandals, all reporting on special intelligence operations will be banned, punishable by up to five years in prison. (And that’s only if the leaks are inconsequential; disclosing information that would “endanger the health or safety of any person or prejudice the effective conduct of a special intelligence operation” could get you 10 years.) The beauty of the system is that, since no one outside the organisation actually knows which operations are special, journalists — and academics, and pretty much everyone else — will have to stop talking about the security services altogether. And since the security services will have access to all of their electronic records in real time, there’s little risk of people deciding to hold these discussions in private.

Problem solved!

Once  Australians have stopped troubling their pretty little heads about espionage, all that redirected intellectual energy will help the Australian economy to better compete with China.

Security theatre review

The newspapers are full of the new rules, requiring that electronic devices be powered up at the security checkpoint before entering flights to the US. Apparently, this is in response to information that terrorists may be hiding explosives in smart phones.

Now, I am fully aware of the limitations of the usual common-sense criticisms of anti-terror and anti-crime measures. Most criminals are not masterminds, and the same is true of suicide bombers. But here we’re not talking about a bunch of crackpots with big ideas and a truck full of fertiliser. The whole premise is that a master bomb designer is packaging a bomb powerful enough to bring down a plane into a Samsung smartphone. Surely, with modern miniaturisation, he can also design it to include a reasonable simulacrum of an Android home screen. Maybe he just won’t think of it, but unless the intelligence agencies have some very specific design specs for this device, it seems like they’re targeting a very narrow gap of stupidity: Smart enough to design an ingeniously concealed bomb, not smart enough to make it behave, at least superficially, like a smart phone. (“Why has the email app been removed and replaced by the “Blow Up the Plane” app?”)

(And one more thought: If the phone is designed to explode immediately upon being powered up, then the effect of this measure will just be to kill a few dozen people at the security check, which is probably an improvement, but hardly counts as a solid win for our side.)

I am reminded of my favourite bit of security theatre, from about 2006. Passing through security in Montreal, the man ahead of me had a bag filled with small cans and jars of what looked like Jamaican delicacies. Solid food is permitted on the plane, but liquids are forbidden. But these were in sealed tins, and obviously you couldn’t open them all. So the security agent did what any reasonable person would do: He read the labels to determine the contents and quantity. All the cans and jars were cleared to be taken on the flight.

A very special relationship

Anyone interested in the technical details of US and British internal signals espionage, as practiced by NSA and GCHQ in the second half of the 20th century and beyond, should read James Bamford’s The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America. Some of the details are fascinating, many are disturbing, and some are just unimaginably bizarre. Like the fawning letter sent by Sir Leonard Hooper, director of GCHQ in the late 1960s, to his NSA counterpart Marshall “Pat” Carter, in which he suggested (perhaps tongue in cheek) he might like to name GCHQ’s two giant radio dishes after Carter and his deputy. After effusive thanks for the NSA’s support, and Carter’s personally, he goes on:

Between us, we have ensured that the blankets and sheets are more tightly tucked around the bed in which our two sets of people lie and, like you, I like it that way.

I’ve read this over multiple times, and I don’t think I can decipher it. Are the blankets and sheets wrapped around the two sets of people separately, or are they bound in a transatlantic conjugal embrace? Are the intelligence agencies the Mommy and Daddy, tucking us in for the night while they protect us from the bogeys (from whom they derive much of their power, while themselves knowing that they are mere figments). This talk of wrapping sheets “tightly” around two sets of people who passively “lie” makes me think of winding sheets wrapped around corpses.

And then, there’s the closing: “like you, I like it that way”. Is he still speaking metaphorically here? Was he ever? Or is he proposing or recalling a secret tryst? Is that the sort of pillow talk that deeply closeted military types engaged in half a century ago?

Ironic headlines: Espionage edition

From a recent front page of the Guardian:

MPs condemn oversight of spy agencies

In fact, the article says that some MPs have recently been criticising the laxity of oversight of spy agencies. But even post-Snowden I think most of them are more inclined to condemn the very notion that mere mortals should have the effrontery to meddle with the security services. I mean, it’s not as though they couldn’t have been asking questions before Snowden had to sacrifice all comforts in his life by forcing this into everyone’s face.

The death of irony: Snowden edition

I have commented before on the self-contradictions in the attempts by the US to portray Edward Snowden as a common criminal, while themselves taking an “everybody does it” approach to flouting other countries’ laws, and, indeed, its own Constitution.

Now comes a report in Der Spiegel, on a legal opinion presented by the US to a German parliamentary investigatory committee that is considering inviting testimony from Snowden:

Es sei bereits eine “strafbare Handlung”, so der US-Jurist, wenn der “Haupttäter” (gemeint ist Snowden, Anm. Redaktion) etwa durch deutsche Parlamentarier veranlasst werde, geheime Informationen preiszugeben. Gegebenenfalls könne das als “Diebstahl staatlichen Eigentums” gewertet werden. Je nach Faktenlagen könnten Strafverfolger gar von einer “Verschwörung” (conspiracy) ausgehen.

It would be in itself a “criminal offence”, according to the US lawyer, if the “offender” (meaning Snowden) were induced by, for example, German members of Parliament, to reveal secret information. This could be considered “theft of state property”. Depending on the exact circumstances, it could even be prosecuted as a “conspiracy”.

Are US intelligence services really advocating the principle that acquiring secret information from other governments is a criminal offence, one for which individual legislators or indeed an entire parliamentary committee (and why not the whole German Bundestag, and the government to boot?) could be prosecuted? I think it shows the extent to which the US government is, in the Age of Obama, sees international law as a set of rhetorical tricks for expressing the hopelessness of any resistance to US government interests, rather than any set of rules and principles to which all might be subject.

But maybe they really mean to establish the principle that asking for information is illegal. The only valid way to obtain information is theft or torture.

Identifiability

A hot topic in statistics is the problem of anonymisation of data. Medical records clearly contain highly sensitive, private information. But if I extract just the blood pressure measurements for purposes of studying variations in blood pressure over time, it’s hard to see any reason for keeping those data confidential.

But what happens when you want to link up the blood pressure with some sensitive data (current medications, say), and look at the impact of local pollution, so you need at least some sort of address information? You strip out the names, of course, but is that enough? There may be only one 68-year-old man living in a certain postcode. It could turn into one of those logic puzzles where you are told that Mary likes cantelope and has three tattoos, while John takes cold baths and dances samba, along with a bunch of other clues, and by putting it all together in an appropriate grid you can determine that Henry is adopted and it’s Sarah’s birthday. Some sophisticated statistical work, particularly in the peculiar field of algebraic statistics, has gone into defining the conditions under which there can be hidden relations among the data that would allow individuals to be identified with high probability.

I thought of this careful and subtle body of work when I read this article about private-sector mass surveillance of automobile license plates — another step in the Cthulhu-ised correlations of otherwise innocuous information that modern information technology is enabling. Two companies are suing the state of Utah to block a law that prevents them from using their own networks of cameras to record who is travelling where when, and use that information for blackmail market research.

The Wall Street Journal reports that DRN’s own website boasted to its corporate clients that it can “combine automotive data such as where millions of people drive their cars … with household income and other valuable information” so companies can “pinpoint consumers more effectively.” Yet, in announcing its lawsuit, DRN and Vigilant argue that their methods do not violate individual privacy because the “data collected, stored or provided to private companies (and) to law enforcement … is anonymous, in the sense that it does not contain personally identifiable information.”

They’re only recording information about  So, in their representation, data are suitably anonymised if they don’t actually include the name and address. We’re just tracking vehicles. Could be anyone inside… We’re just linking it up with those vehicles’ household incomes. Presumably they’re going to target ads for high-grade oil and new tires at those cars, or something.

 

NSA and NRA

So, they only differ by one letter (in fact, just one step in the alphabet), but what else do they have in common? It occurs to me that the NSA’s weird Schrödinger’s-cat defence of its mass collection of phone records — it’s not spying until someone actually looks at the records — is reminiscent of the NRA’s famous anti-gun-control slogan. We could write it this way:

Computers don’t spy on people. People spy on people.