15 January 2014 — Moon of Alabama

The still ongoing revelations about aggressive NSA spying on the world have led to hopes that some restrictions would be introduced to it. But that is not going to happen. All President Obama is going to do about it is holding a nice speech that promises to mostly kick the can over to Congress where any reform is bound to die. The NYT previews that speech under the somewhat misleading headline: Obama to Place Some Restraints on Surveillance:

President Obama will issue new guidelines on Friday to curtail government surveillance, but will not embrace the most far-reaching proposals of his own advisers and will ask Congress to help decide some of the toughest issues, according to people briefed on his thinking.
…
The result seems to be a speech that leaves in place many current programs, but embraces the spirit of reform and keeps the door open to changes later.

Rejecting most of the advice of his own hand selected review committee will reinforce the impression that it is not the president that has upper hand over the security services but that the NSA itself is the one that sets the policies. Even the NSA collection of U.S. phone metadata, which in over a decade has not helped in even one terrorism case, will be kept in its current form.

The latest report on NSA hardware implants in computers and network devices claims that nearly 100,000 pieces of such equipment have been manipulated with NSA hardware devices. A number this high can not have been reached by snitching parcels from delivery services and manipulating those. Many of these implants will have been done at the factory level. U.S. hardware manufacturers will be the first ones to be hurt by this new information. The number also makes clear that this effort has mostly nothing to do with spying on “terrorists” or foreign politicians. There is no way that the throughput of so many devices could somehow be analyzed or even supervised by human beings. These implants are thereby not of defensive nature. Yes, some of them will be used for spying but most of these implents must be for outward aggressive action:

The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level. 
…
[T]he program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”

The European Union (ex Britain) should wake up and understand the currently U.S. dominated form of the Internet is a weapon against it. The German government’s failure in its attempt to arrange for some deeper cooperation and a no-spying agreement with the U.S. showed that the U.S. can not be trusted:

“We are not getting anything,” the newspaper quotes a source from within the German foreign intelligence agency. “The Americans have lied to us,” said another source.

The NSA efforts to weaken encryption and to abuse software and hardware bugs instead of fixing them is endangering everyone’s security, including that of the U.S. itself.

There is need for a new Internet based on open source and publicly reviewed hardware and software. Proprietary systems can not be trusted. The EU (ex-Britain) could launch a program to develop such a network. This would be a decade long public effort comparable to the development of the Ariane rockets and the Airbus industry. Both these projects succeeded despite U.S. efforts to sabotage them. A precondition of such a new program are EU laws for strict privacy and laws that forbid its own security services to preemptively try to manipulate the development of the new network systems. Only with such laws, and severe penalties in place, could such a development create the trust that has been lost in the Internet in its current form.