Tag: keith alexander

February 11th – The Day We Fight Back

government-surveillanceGood morning all! For those who are unaware, as I was until very recently, this February 11th marks a special day, one which may become a regular thing for people in this day and age. It’s known as “The Day We Fight Back”, an international movement that embraces 360 organizations in 70 countries that are dedicated to ending mass surveillance, like that conducted by the NSA.

At the heart of this cause is the Thirteen Principles, a series of human rights obligations designed to compel all states to stop the mass spying, be it through direct observation with cameras and drones, to digital surveillance involving metadata-mining algorithms. The Principles are already being used in national campaigns and international pressure to reign in organizations like the NSA.

nsasecurity_primary-100041064-largeThese principles include:

1. Legality: In the absence of legislation, no violation of privacy should be considered permissible and this legislative process must meet a standard of clarity and precision that is sufficient to ensure that individuals have advance notice of and can foresee its application. Also, these laws should be subject to period review.

2. Legitimate Aim: No security measures or surveillance should be conducted on the basis of race, color, sex, language, religion, political or other opinion, national or social origin, property, birth or other status.

3. Necessity: Laws which permit surveillance should be limited to that which can be shown to be permissible by, and consistent with, a legitimate security aim. It should also only be permitted when no other means exist.

4. Adequacy: Any instance of communications surveillance authorized by law must be appropriate to fulfill the specific legitimate aim identified.

gavel5. Proportionality: Decisions about communications surveillance must be made by weighing the benefit of that surveillance against the potential for harm that would be caused to the individual’s or others rights, and then demonstrating the benefit-cost ratio is favorable and justifiable.

6. Competent Judicial Authority: Decisions relating to the authorization of communication surveillance must be made by an independent and impartial judicial authority.

7. Due Process: The State must ensure that lawful procedures that govern any interference with human rights are properly enumerated in law. This means that, except in cases of emergency, every individual is entitled to legislative process by an independent judiciary.

8. User Notification: With few exceptions, individuals should be notified of a decision authorizing communications surveillance with enough time and information to enable them to appeal the decision, and should have access to the materials presented in support of the application for authorization.

9. Transparency: Where applied, the State – and those service providers involved – should provide individuals with sufficient information to enable them to fully comprehend the scope, nature and application of the laws permitting communications surveillance.

cyber_security10. Public Oversight: States should establish independent oversight mechanisms to ensure transparency and accountability and these mechanisms should have the authority to access all potentially relevant information about actions taken in order to assess their legitimacy.

11. Integrity of communications and systems: States should not compel service providers, hardware or software vendors to build surveillance or monitoring capability into their systems, or to collect or retain particular information purely for State surveillance purposes.

12. Safeguards for international cooperation: The mutual legal assistance treaties (MLATs) and other agreements entered into by states should ensure that, where the laws of more than one state could apply to communications surveillance, the available standard with the higher level of protection for individual rights is applied.

13. Safeguards against illegitimate access: States should enact legislation that provides significant civil and criminal penalties for public and private organizations that conduct illegal communications surveillance, as well as legal protection for whistle blowers, and avenues for redress by affected individuals.

hackers_securityAll of these principles speak directly to the recent revelations made about domestic and online surveillance by the NSA and other security agencies in the past decade or so. They also embrace numerous suggestions that have been made since the issue first broke in the mid 2000’s about way it could be redressed. These have only become more relevant since, thanks to the expansions that have taken place.

Already, many of them are being seriously considered by the Obama administration as a means of making PRISM and other NSA surveillance programs acceptable. By spelling them out to this degree, the public has the opportunity to make it clear that any surveillance is conditional, and until such time as these conditions are met, the issue will not be closed. I have signed on, and hope that others will as well.

If there’s one thing I have learned in the course of Snowden’s revelations about NSA surveillance, and the nature of what Keith Alexander and his minions do over at Fort Meade, it is that cyber surveillance is this age is an evolving thing. If the law is expected to evolve with it, and we are to avoid passive acceptance of these intrusions in our lives, then we must play an active role in how that law is written and implemented.

Click on the image below to find out more about this campaign, or to sign on:

TDWFB2

Cyberwars: America’s Secret Cyber Command

Cyber-WarRecent revelations provided by Edward Snowden have set many people’s teeth on edge. After years of controversy surrounding the use of domestic, warrantless surveillance, things have only gotten worse with the revelation of PRISM and the NSA’s collection of metadata. But as with all things relating to espionage and government secrets, plumbing the depths only seems to reveal greater depths and bigger secrets.

Case in point: the life and times of General Keith Alexander, the undisputed master of America’s cyberwars and intelligence gathering operations. A four-star Army general with active units under his command, he is also a member of the National Security Agency, chief of the Central Security Service, and commander of the US Cyber Command.

When discussing his reasons for going public, Snowden indicated that he was appalled by:

[The] hypocrisy of the U.S. government when it claims that it does not target civilian infrastructure, unlike its adversaries.

cyberwarfare2What he was referring to was ongoing accusations by the US government that sources within China – particularly Unit 61398, a hacking force within the PLA that is located in Shanghai – had been stealing terabytes from data from the US since 2006. As it turns out, the US has its own super-secret cyberwarfare division, one which exists as nominally independent from the NSA.

Located inside Fort Meade, Maryland, this top-secret installation is more of a self-contained city. Tens of thousands of people live here, a city of 50 buildings with its own post office, fire department, and police force and is surrounded by electrified fences and heavily armed guards, protected by antitank barriers, monitored by sensitive motion detectors, and watched by rotating cameras.

To block any telltale electromagnetic signals from escaping, the inner walls of the buildings are wrapped in protective copper shielding and the one-way windows are embedded with a fine copper mesh. Keith Alexander is responsible for building this place up for the past eight years, insisting that the US’s inherent vulnerability to digital attacks required that he and those like him assume more authority over the data zipping around the globe.

NSA_fort_meadeTo hear him tell it, the threat is so paramount that it only makes sense that all power to control the flow of information should be concentrated in as few hands as possible, namely his. In a recent security conference held in Canada, Alexander expressed the threat in the following, cryptic way:

What we see is an increasing level of activity on the networks. I am concerned that this is going to break a threshold where the private sector can no longer handle it and the government is going to have to step in.

If this alone were not reason enough to put people on edge, there are also voices within the NSA who view Alexander as a quintessential larger-than-life personality. One former senior CIA official who agreed to speak on condition of anonymity, claimed:

We jokingly referred to him as Emperor Alexander—with good cause, because whatever Keith wants, Keith gets. We would sit back literally in awe of what he was able to get from Congress, from the White House, and at the expense of everybody else.

In this respect, he is not unlike Herbert Hoover, the overbearing bureaucrat who established the FBI and maintained a stranglehold over the nation’s law enforcement for years, even go so far as to blackmail multiple presidents.

cyberwarfareIn its tightly-controlled PR, the NSA has focused attention on the threat of cyberattack against the US, particularly against critical infrastructure like power plants and water systems, the susceptibility of the military’s command and control structure, the dependence of the economy on the internet. Defense against these threats is cited as the very reason for the NSA’s ongoing efforts and everything they do towards that end.

But there is a flip side to this equation that is rarely mentioned: which is the offensive capabilities the US military has been developing offensive capabilities. Using so-called cyber-kinetic attacks, Alexander and his forces now have the capability to physically destroy an adversary’s equipment and infrastructure, measures which he claims are crucial to 21st-century warfare as nuclear arms were in the 20th.

Their first attack was launched in the mid-2000s under the name of Stuxnet, a piece of malware that was created by the NSA, CIA and Israeli intelligence. According to Snowden, this virus – the first ever to be designed to destroy physical equipment – was aimed at Iran’s nuclear facility in Natanz. Once unleashed, this worm was able to damage about a thousand centrifuges used to enrich nuclear material.

stuxnet.schemeThe success of this sabotage came to light only in June 2010, when the malware spread to outside computers and spotted by independent security researchers. Despite headlines around the globe, officials in Washington have never openly acknowledged that the US was behind the attack. It wasn’t until 2012 that anonymous sources within the Obama administration took credit for it in interviews with The New York Times.

But of course, Stuxnet was only the beginning. Alexander’s agency has recruited thousands of computer experts, hackers, and engineering PhDs to expand US offensive capabilities in the digital realm over the years. And at a time when the CIA and other intelligence agencies are dealing with up to $4.4 billion in budget cuts, the Pentagon has requested $4.7 billion for “cyberspace operations”. In short, more attacks are likely in the works.

As Chris Cooper said in the seminal movie Syriana: “You dig a 6-foot hole, you’ll find three bodies. But you dig 12, and maybe you’ll find 40.” Eventually, you have to wonder if its time to ditch the shovel. The truth is so often an ugly, frightful, shocking and disturbing thing. And personally, I’ve always felt that rather than turn away, we should hold the people who make it so in strong contempt.

Source: wired.com