Nicola Hahn writes: One of the Intercept's founding editors has momentarily stepped away from his outlet to publish an op-ed piece with the Los Angeles Times. During the course of his article he openly repeats a couple of widespread talking points. For example he presumes that the primary mission of our intelligence services is to "find and stop people who are plotting terrorist attacks". A notion that’s been challenged by the BBC documentary series The Power of Nightmares. Greenwald also espouses the idea that the basic relationship between the government and hi-tech companies is adversarial. The subtext being that Silicon Valley wants to defend user privacy against government surveillance. Yet Ed Snowden’s own documents cast doubt on this assertion. That Greenwald assumes this stance is extraordinary. But then again he's never presented himself as a radical critic, has he?
Nicola Hahn writes: For years a veritable procession of high-ranking Pentagon officials, apparatchiks like Mike McConnell, Leon Panetta, Keith Alexander, and Admiral Mike Rogers, have made ominous public statements about foreign governments hacking the power grid and sending the United States hurtling into darkness. A couple of days ago the American public got a comic reminder of which threat vectors actually represent a genuine risk when a military blimp cut loose from its mooring at a base in Maryland and floated north into Pennsylvania. Before being "contained" by authorities the blimp's tether broke power lines near a city named Bloomsburg resulting in a widespread power outage. This incident underscores a reality that both the energy industry and Department of Homeland Security confirm: the truly serious dangers that our power grid faces aren't cyber, they're physical in nature.
Nicola Hahn writes: The pluralist stance of American politics contends that true power in the United States has been constitutionally vested in "the people" through mechanisms like the electoral process, freedom of speech, and the ability to establish political parties. The traditional view is that these aspects of our political system result in a broad distribution of power that prevents any one faction from gaining an inordinate amount of influence.
And today the New York Times has revealed the shortcomings of this narrative by publishing the names of the 158 wealthy families that have donated almost half of the money spent towards the 2016 presidential race. This group of donors is primarily Republican and is dominated by interests in the banking industry. These facts lend credence to the idea that national policy making is influenced heavily by a relatively small group of people. That the American body politic is largely controlled by a deep state.
Nicola Hahn writes: German automaker Volkswagen has been pilloried in the media for installing an emission defeat device in millions of cars. And rightly so. The Guardian estimates that VW’s emission hack could translate into something like a million tons of toxic gas spewed into the atmosphere every year. Equivalent to “the UK’s combined emissions for all power stations, vehicles, industry and agriculture.”
Sadly the practice of installing hidden code is far more widespread than it might appear. And while FBI officials and tech CEOs quibble over key escrow encryption there’s a horde of spies currently relying on hidden code to break into networks all over the planet. An inconvenient truth that certain executives are desperate for us to overlook and which raises unsettling political issues. Hidden code is control, it’s power.
Nicola Hahn writes: "The topic of key escrow encryption has once again taken center stage as former Secretary of Homeland Security Michael Chertoff has spoken out against key escrow both at this year’s Aspen Security Forum and in an op-ed published recently by the Washington Post. However the debate over cryptographic back doors has a glaring blind spot. As the trove of leaks from Hacking Team highlights, most back doors are implemented using zero-day exploits. Keep in mind that the Snowden documents reveal cooperation across the tech industry, on behalf of the NSA, to make products that were "exploitable". Hence, there are people who question whether the whole discussion over key escrow includes an element of theater. Is it, among other things, a public relations gambit, in the wake of the PRISM scandal, intended to cast Silicon Valley companies as defenders of privacy?"
Nicola Hahn writes: Back in March of 2000, one of the 9/11 hijackers called Osama bin Laden’s operation center in Yemen from his apartment in San Diego. For some reason the call was never investigated. Former NSA director Michael Hayden, in an interview with Frontline, claimed that the NSA was unable to determine that the phone call had originated from San Diego. He used this same explanation to help justify the bulk phone record collection program that was implemented under Section 215 of the Patriot Act. Thanks to James Bamford and a handful of NSA whistleblowers we know that Hayden was lying. The NSA was well aware of the caller’s identity and his location. The fact that intelligence officials didn’t follow up on this raises all sorts of disturbing questions.
Nicola Hahn writes: As American lawmakers run a victory lap after passing the USA Freedom Act of 2015, Edward Snowden has published an op-ed piece which congratulates Washington on its "historic" reform. He also identifies Apple Inc. as a champion of user privacy. Snowden states:
"Basic technical safeguards such as encryption — once considered esoteric and unnecessary — are now enabled by default in the products of pioneering companies like Apple, ensuring that even if your phone is stolen, your private life remains private."
This sort of talking point encourages the perception that Apple has sided with users in the battle against mass surveillance. But there are those who question Snowden's public endorsement of hi tech monoliths. Given their behavior in the past is it wise to assume that corporate interests have turned over a new leaf and won't secretly collaborate with government spies?
Nicola Hahn writes: The journalist who broke the story of the CIA's MHCHAOS program back in 1974 has just dropped another bombshell in the London Review of Books. According to a retired senior intelligence officer the CIA's narrative about torture playing a key role in the capture of Osama bin Laden is a fabrication fed to the public with the assistance of Hollywood executives (Zero Dark Thirty). Here's an excerpt of assertions:
"That bin Laden had been a prisoner of the ISI at the Abbottabad compound since 2006; that Kayani and Pasha knew of the raid in advance and had made sure that the two helicopters delivering the Seals to Abbottabad could cross Pakistani airspace without triggering any alarms; that the CIA did not learn of bin Laden’s whereabouts by tracking his couriers, as the White House has claimed since May 2011, but from a former senior Pakistani intelligence officer who betrayed the secret in return for much of the $25 million reward offered by the US, and that, while Obama did order the raid and the Seal team did carry it out, many other aspects of the administration’s account were false."
This puts the CIA's stance on the torture report in a whole new light. Doesn't it? Also note the role played by the Saudis, and how worried they were that bin Laden might "start talking to us about what the Saudis had been doing with al-Qaida. And they were dropping money – lots of it."
Nicola Hahn writes: While congress considers the merits of the USA Freedom Act of 2015, a bill which revises the business records provisions of the Patriot Act, a panel of judges in a federal appeals court has just thrown a clump of sand into the gears of the global panopticon. Overturning an earlier ruling, where federal judges dismissed a lawsuit filed by the ACLU, the United States Court of Appeals for the Second Circuit has ruled that the NSA’s bulk collection of telephone metadata is illegal. Yet there are unnamed intelligence officials who would probably refer to this as “hardly a change” as there are other, more sweeping, surveillance mandates (e.g. Section 702 and Executive Order 12333) that are still legal.
Nicola Hahn writes: The RSA conference is underway in San Francisco this week and a myriad of vendors are extolling the virtues of encryption-based corporate security products. Yet a series of recently published documents detail how the DEA and U.S. Army used Hacking Team’s Remote Control System (RCS) technology to subvert encryption and make off with sensitive data.
There are high-profile experts who believe that this sort of clandestine subversion is “perfectly reasonable” just so long as spying campaigns are carefully targeted. Yet Hacking Team’s RCS product is designed for mass deployment against hundreds of thousands of people. Hardly what could be called “targeted.” This raises important questions about the role of the private sector in mass surveillance. Some researchers would argue that mass surveillance is fundamentally driven by corporate interests. As Ed Snowden put it, “these programs were never about terrorism: they're about economic spying, social control, and diplomatic manipulation.” Cui Bono?
“Both are brutally expensive and arguably un-winnable. And in both cases, use of the word ‘war’ is a deliberate and calculated language choice. Americans are taught that a war is something an entire nation must fight, and something that requires sacrifice for the greater good. Considered in the context of government surveillance, both ‘wars’ are euphemisms for a specific kind of government rationalization.”
Indeed it’s not surprising that the word “cyberwar” has likewise been conspicuously wielded by officials in a deliberate effort to both enhance government control and channel hundreds of billions of dollars to the patronage networks of the defense industry.
Nicola Hahn writes: NSA director Mike Rogers spoke to a Senate Committee yesterday, admonishing them that the United States should bolster its offensive cyber capabilities to deter attacks. Never mind that deterrence is problematic if you can’t identify the people who attacked you.
In the past a speech by a spymaster like Rogers would have been laced with hyperbolic intimations of the End Times. Indeed, for almost a decade mainstream news outlets have conveyed a litany of cyber doomsday scenarios on behalf of ostensibly credible public officials. So it’s interesting to note a recent statement by the U.S. intelligence community that pours a bucket of cold water over all of this. According to government spies the likelihood of a cyber Armageddon is “remote.” And this raises some unsettling questions about our ability to trust government officials and why they might be tempted to fall back on such blatant hyperbole.
Nicola Hahn writes: Yet another news report has emerged detailing how the CIA is actively subverting low-level encryption features in mainstream hi-tech products. Responding to the story, an unnamed intelligence official essentially shrugged his shoulders and commented that “there's a whole world of devices out there, and that's what we're going to do.” Perhaps this sort of cavalier dismissal isn’t surprising given that leaked classified documents indicate that government intelligence officers view iPhone users as ‘Zombies’ who pay for their own surveillance.
The past year or so of revelations paints a pretty damning portrait of the NSA and CIA. But if you read the Intercept’s coverage of the CIA’s subversion projects carefully you’ll notice mention of Lockheed Martin. And this raises a question that hasn’t received much attention: what role does corporate America play in all of this? Are American companies simply hapless pawns of a runaway national security state? Ed Snowden has stated that mass surveillance is “about economic spying, social control, and diplomatic manipulation. They're about power.” A sympathy which has been echoed by others. Who, then, stands to gain from mass surveillance?
Nicola Hahn writes: In light of a classified document regarding state-sponsored cyber ops the editorial board at the New York Times has suggested that the most constructive approach to reducing the spread of cyber threats would be to “accelerate international efforts to negotiate limits on the cyberarms race, akin to the arms-control treaties of the Cold War.”
While such advice is by all means well-intentioned there are significant differences between nuclear weapons and malware that would make treaty verification problematic. Not to mention that the history of the Cold War itself illustrates that certain countries viewed arms control treaties as an opportunity to secretly race ahead with their own covert weapons programs. Rather than take on the Sisyphean task of trying to limit the development of offensive cyber technology, why not shift national priorities towards creating robust, fault-tolerant, systems that render offensive tools ineffective?
Nicola Hahn writes: In the wake of the Snowden revelations strong encryption has been promoted by organizations like The Intercept and Freedom of the Press Foundation as a solution for safeguarding privacy against the encroachment of Big Brother. Even President Obama acknowledges that “there’s no scenario in which we don’t want really strong encryption.”
Yet the public record shows that over the years the NSA has honed its ability to steal encryption keys. Recent reports about the compromise of Gemalto’s network and sophisticated firmware manipulation programs by the Office of Tailored Access Operations underscore this reality.
The inconvenient truth is that the current cyber self-defense formulas being presented are conspicuously incomplete. Security tools can and will fail. And when they do, what then? It’s called Operational Security (OPSEC), a topic that hasn’t received much coverage. Until now.