Date: September 5th, 2013
Event: European Parliament Civil Liberties committee hearing on USA Spying
Venue: European Parliament, Brussels
Abstract: LIBE Committee Inquiry on Electronic Mass Surveillance of EU Citizens. Jacob Appelbaum answers questions and gives a further insight into the NSA / GCHQ / Government spying technologies and what they are capable of.
Alternate transcript: http://wp.me/p1to5g-bN
Video (Youtube, 240p, 3:25:46): https://www.youtube.com/watch?v=Cu6accTBjfs
Video (Youtube, 240p, 36:41): https://www.youtube.com/watch?v=SdLKje1IydQ
Video (Youtube, 240p, 22:16): https://www.youtube.com/watch?v=JQyw-ozLfas
Host: Mr. Appelbaum, you’ve got the floor!
Jacob Appelbaum: Thanks so much for having me. It’s quite an honor to be here. This is my first time in European Parliament. I want to take a broad view of someone who has some experience with this. I’ve spent the last decade working in a censorship resistance field. I work on the Tor Network. That’s an anonymity network that people can use so as to not be surveilled and to bypass censorship. It’s actually funded by the US State Department, the Swedish International Development Agency, and it’s a free software project.
However, I’m here more in my capacity as an independent journalist, as an investigative journalist, but also as a person who has been subject to extreme scrutiny under these types of surveillance programs.
With that said, I definitely want to talk about the NSA, and I will, but I want to have a broader view. Part of what we’ve learned from Snowden and his whistleblowing in the public interest is that the NSA has an all‑encompassing spy program.
But what is not really well described in public yet is that the FBI and the CIA of the United States also have similar access programs.
When people talk about these PRISM‑like programmes, or PRISM itself, what that name actually means is: a programme where people in corporations, or perhaps non‑profits of any kind, or simply organizations, are complicit in helping the government. [Partly] because they are forced under the FISA Amendments Act – FAA 702 I believe is the specific FISA Amendments Act that they are using in the United States.
In this case Google for example, or Yahoo, or Skype, or Microsoft. They have either systems inside of their networks, or attached to their networks, where they are willingly and knowingly assisting in secret interception. That would be the PRISM program.
Or there are significantly more serious business‑like records, legal instruments which don’t even have a name other than business records. For example, the FBI has a thing called the National Security Letter (which I believe I am actually a subject of, an interesting story for another time). These are generally considered to be unconstitutional in the United States. Judges have ruled that.
It appears that each branch, each agency has something like a National Security Letter. In the case of the business records, it seems to be significantly worse than a National Security Letter. It’s not just a matter of meta‑data, it's in fact whatever business records. Any record a business may create, or you may create with a business.
If we consider PRISM, if we consider the fact they have hardware inside of these networks, or are inside of these computer systems, it really is everything. Unless there is specific push back inside of companies.
This we could call PRISM. But it is actually more than just one program. PRISM is just one program, and there are many other programs like this.
There is another word which has been used for companies that maybe don’t fit exactly to that mold, and it’s been called UPSTREAM.
UPSTREAM is more of a description. It's rather how it is that they are doing it technologically. It suggests that there is a little bit less complicity with the people that are targeted. But if they can’t monitor someone directly, or can’t reach inside of an organization, they monitor any communication with that organization.
That is they are upstream of that company, of those entities, of those systems.
[4:02]
The Tempora system is the full take collection system running in the United Kingdom by GCHQ. It is a full take system in the sense that they [monitor] the entire Internet leaving and entering the UK. Any packet, any piece of data that flows through the UK, goes into Tempora and is stored for, as of the last time I heard, at least three full days.
That’s every single thing. Not just meta‑data. All data.
So that kind of system, combined with something like PRISM, is a surveillance apparatus that the world has never seen before.
When Duncan Campbell revealed ECHELON to the world, it was pretty terrifying. It was a very impactful thing for me. But when he revealed it to the world, I didn’t imagine it could become so much worse. But ECHELON by comparison is the kids’ stuff that hackers create these days.
These systems that we are seeing, Snowden having revealed through Glenn Greenwald and Laura Poitras, these systems are so advanced.
The way these systems work and the way these programs work, is a three phase approach:
- The first is through complicity either with legal instruments.
- The second is by normal surveillance and spying which is the UPSTREAM.
- The third is what has recently been talked about as the GENIE programme. This was recently revealed in the Washington Post.
GENIE is just one of many programmes for tactical exploitation. They want to know what it is that you’re doing. They can’t monitor you upstream, they can’t go to Google to get your information, so they break into your computer system.
According to what the Washington Post has recently revealed, there are tens of thousands of systems which have been compromised by the NSA in an active way under just the GENIE program.
There are other programs like that I am familiar with, which have not yet been revealed in public, which will be revealed in good time, where they are targeting specific pieces of software, where they are targeting specific types of people, and where they are specifically doing it for people that are not terrorists.
Some of the things that are clearly noted in some of these documents, is that the terrorist is the exception. If they have 30 cases, one of them might be a terrorist. This is something that’s very concerning because with a full‑take collection, it is necessarily the case that you have every single person surveilled. One or two of them may be terrorists. Accused, suspected, not even convicted, certainly not indicted. This is something which is also very important to keep in mind.
These people have not been formally charged in any way, and yet they are painted in this way. People that are targeted in this way and are under this surveillance – none of them are really terrorists. There are some special exceptions. But it’s important to recognize how these things tie together, because it’s very boring just to talk about technology. Since almost no one understands the technology, it’s a waste of time.
Instead what we can talk about is the things that people really do understand. Which is that, with the Five Eyes programme (that is to say the Defense Signals Directorate from Australia, CSE from Canada, the GCSB from New Zealand, the GCHQ from the United Kingdom, and the NSA from the United States) they have formed a partnership such that – despite the American Revolution against the British – GCHQ can query the NSA’s databases of America citizens, where they have similar full‑take collection systems.
How that’s legal is completely beyond me. How that for example is democratic, how it represents upholding my country, to me is quite a dumbfounding thing. I’m sure the British feel the same when the NSA queries their system. I would be quite upset about that as well.
Those are what are called first‑tier partners. GCHQ and NSA are first‑tier partners, the others are second‑tier partners. BND – that’s the Bundesnachrichtendienst of Germany – they are a third‑tier partner. My understanding is that it's not unlike bittorrent piracy sharing sites where you have a quota to fill. If you’re a third‑tier partner, you have to contribute some information to be able to query some information out. I’m not totally clear on how this works, but it is an interesting distinction between the different tiers.
[8:32]
This comes together to be used in egregious ways. For example, there exists signals emission databases and fingerprint or signature databases. You have a particular signature for your voice, you have a particular set of selector or selector‑like objects, that is your email address, your phone number, things like that.
Anytime you pick up a new device, and you enter these selector‑like objects into this new device, that new device becomes linked to you if it passes by one of these sensors. There exists an emergent pattern‑base‑entity system for the entire planet and every person that is on the planet.
This data is fed into geographic tracking systems. The NSA and the CIA have a system whereby they track people and the slogan is, "We Track ’Em, You Whack ’Em". This was published in the Washington Post most recently. The surveillance data is tied directly into flying robots that kill people without process.
The surveillance has a huge impact on people in a very literal sense, with rockets. In this case this is almost all passive. The first two parts of what I mentioned were passive. Tactical exploitation is not passive. I want to dispel the myth of the passive NSA which is they are just some guys, some really cute mathematicians with pocket protectors, and they’re just doing math and breaking codes, and they’re heroes in these world war movies.
There are people that are like that in the NSA, and there are some really incredible people that do work there, that are good people. Many of them actually have left to blow the whistle like Bill Binney, Thomas Drake, and Edward Snowden.
In actuality, though, these people are doing the active operations. For example, I’ve become familiar with a program, which has not yet been revealed in public, where they instruct agents of the NSA to be able to go to an urban area to penetrate people’s house networks, like their home wireless network.
This type of a program is like the modern black bag job of a digital era. To go and break into your house is the kind of stuff you would see in a cold war movie. They have training slides, in fact, for doing exactly that electronically when they can’t get in another way.
These kinds of systems and these kinds of programs are extremely terrifying. They are not democratic by their very nature. They’re secret. They are without oversight. Whatever oversight might exist is mostly meaningless because those people who are doing the oversight have so much trust and so little education.
This is the key thing. Most of the people in the U.S. Congress that I have become familiar with in any way, have other people print their email for them. They don’t really understand how the electronic world works. None of them can tell you what TCP/IP is. Very few of them understand what wiretapping is. What we are actually seeing here is that the architecture itself of these systems is left vulnerable on purpose.
There exists encrypted fax machines, for example. I believe it was the European Parliament that was intercepted, I think it was a Crypto AG encrypted fax machine MacAskill. It looks like they did what we would call a TEMPEST attack. They looked for electronic emissions from the encrypted device. From that, they were able to recover the actual pre‑encrypted fax data. They didn’t break the encryption. They went around the encryption.
What we see is that there are some architectural changes that change the type of attack that is possible. Which means, it changes the economic scale. It changes the ability to carry out the attack, in some cases.
In this case, when we have so‑called lawful interception programs, what we need to recognize is that the NSA is not bound by European laws, and they do not care what your laws say. When you say it will be proportionate and balanced to be able to wiretap people for the purposes of terrorism, you are also tacitly endorsing the NSA to wiretap everyone in your country without any judicial process‑without any proportionality, whatsoever.
This is what happened in Greece with the Athens Affair. Almost certainly, we don’t know that it was the NSA, but it was an actor with sufficient capabilities. They were able to wiretap the Prime Minister as well as members of Parliament.
It also moves the risk from a world where it was military, to a world where you have someone who operates a computer. They are the last line of defense between your Prime Minister being wire‑tapped, or not.
In the case of the Vodafone incident in Greece, the person in charge of that telephone switch was found hanged to death in his apartment. The reason is because he wasn’t trained to do these things or to defend an entire nation in that way. It changes the balance of power in a very serious fashion.
There exists a series of sensors around the entire planet. Think of the entire planet, visualize a globe of the world. Now, imagine there are electronic emissions from this globe. The NSA’s job is to capture all of it, including what goes into space – and they do. Where there are interesting communication satellites, there exist communication satellites behind those satellites. What do you suppose that those satellites do? Interesting things to look into.
[14:15]
If we look at the Internet and telephone systems, when the NSA is unable to actually get access to a system through complicity or some kind of data sharing program, they re‑purpose things that are already there. When we look at programs like XKeyScore, for example, we see that they have coverage in places where we know that state—whichever state that might be—would absolutely not give this data willingly. How is it that they have that?
The answer is that they implant, or they put a root kit, into these systems. They extract this data. When they do searches, they are actually able to do real time searches with selector and selector‑like objects to pull things out of that whole globe of electronic signals to feed it back to one of the massive data repositories. For example, the Bluffdale, Utah, facility is meant to store more than a hundred years of data.
If we think about these systems as a whole, we actually have a planetary surveillance system that is not accountable to the people, that is used for extra‑judicial assassination in addition to other things. One of the only hopes we have is to use encryption to change the way and to change the economic value of such interception. We can’t stop people from spying, but we can lower the value of that spying. I look forward to talking more about this. Thanks again so much for having me here. It’s quite an honor.
[interruption]
[15:45]
Host: Mr. Appelbaum, the floor is yours.
Jacob: Thanks, again, it’s a tough act to follow. That report on ECHELON that Duncan Campbell was involved in, is very influential for me in learning about cryptography. And also in considering that there was hope for resisting surveillance, or that actual legislators cared about the surveillance. Not every single person thought it was legitimate for it to be secret.
There is a ridiculous amount of questions to answer and I will try to sum up my answers as quickly as succinctly as possible. This topic is very dense. It requires what we had in the United States, the Church Committee. We require a Church Committee in the United States again, basically, because we need subpoena power. We need the ability to actually ask people who are in a position of power, who are not in a political position, to answer specific questions.
As an example, I would really encourage any of you that would like to help, to help myself or Duncan Campbell to get our dossiers from all of the relevant intelligence agencies in the world. If you’d like to see what the capabilities of these systems are, I assure you that between the two of us we have some files that are worth reading. He has to consent, but I consent. Feel free to put it on the Internet as well. That’s it.
Host: You mentioned the purpose.
Jacob: I think that the purpose is exactly as stated‑that is to say that the job of an intelligence agency is to assist with control. Slowing things down, as Alan said is, I think, one of the fundamental ways that this can help politicians. In general, it can help many different groups to have a kind of control. Slowing down the publication, so that you have more time to understand what’s coming, so that you can shred documents. So that you can change program names, so that you can find out if anybody inside that is planning to leak anything by giving them an extra polygraph and firing them or bringing them up on charges.
Fundamentally the purpose of surveillance systems is control. That is exactly what we see these systems being used for, right? Surveillance is not an end toward totalitarianism. It is totalitarianism itself, limited in scope at the moment. But when the Golden Dawn in Greece has access to the interception systems, with their racist ideology, What will happen?
It will be very different with and without the surveillance system. In the history of Europe, we’ve seen this with the IBM punch card systems. Those punch card systems were the difference between millions of lives, technically, in France and Holland. So I think the purpose is clear, to control.
[18:22]
Now, what that control will be used for the United States is very different than what it will be used for by the German services, for example. Or by the British services. We know at least in the United States that this surveillance data is used towards illegal wars. We know that it’s used towards assassination of our own citizens without a trial. In this sense, it’s the ultimate kind of control, which includes the death penalty. That’s also a kind of censorship, if you will, in extreme form.
Then to the German, Herr Voss, I think is his name. He wanted to know some of the usage. From what I can tell, there is definitely economic espionage, which seems to be a key reason. The U.S. actually argues that it stops economic espionage using this, which I think is fascinating.
I’m not sure that that is true, and not exactly sure how to tell if that were true at all. I suppose the argument is essentially, "Your democratic process works really great for you, but it doesn’t work great for us. But trust us we’re helping you." It’s definitely used for war. It’s, in my experience, personal and professional and, with my colleagues, political persecution. It’s very clear.
What to do to find balance? I think a key thing to understand here is that we have a whole bunch of spies, which is to say generally criminals, who are saying that we need to use them as a vanguard for securing ourselves. The way that we do that is we leave ourselves intentionally insecure in hopes that they will protect us.
But in Germany in particular, what we’ve seen the government say is that German citizens, German businesses, they’re on their own to protect themselves. This is, I think, not the right balance. If the network itself is insecure—if all networks by design are insecure—we have some serious problems. That, I think, is not the right balance.
I think, in fact, when someone tells us that they are securing us, we should be secure. That’s actually a fundamental prerequisite of that being an honest thing. To that end, Albrecht had mentioned this question about collaboration between agencies. I think there’s a massive amount of collaboration between agencies, and I think it’s apparent in what has been said in public and from the documents that have been seen as well as in conversations that people have had with Snowden as well as with other journalists that are involved in writing about these things.
In the 20th century, we can say that intelligence services, generally speaking, were working for their state against the rest of the states, and there were obviously alignments. These days, it seems to be the case that all the intelligence agencies are collaborating together against us, which is terrifying to say the least. I was speaking with Laura Poitras a couple of days ago. She was suggesting to me that the number is something like 70 percent of the sig intake comes from collaboration with companies.
That means that we could secure 70 percent of our communications data if we incentivize. If we create protection in the way we actually communicate with businesses and with each other to reduce that collaboration.
It is not merely a question about whether or not the US government or a European government has access to this data. But what happens when the Chinese government compromises one of those companies? In the case of Google, they were able to compromise, as I understand it, the FISA wiretap system inside of Google. So the Chinese were able to find out who the foreign intelligence targets were in Google.
It’s not about whether or not we trust Google. It’s about whether we acknowledge that we don’t get to make that choice, someone else makes that choice, regardless of what the laws or policies say. Towards what we can actually do, I think we need to actually secure ourselves.
I have in my pocket here a cryptographic telephone which actually helpfully told me that there was some interception‑like capabilities in this building. Just a side note. It might be a bug, but maybe it’s a feature. This phone—short of breaking into it when I make a phone call—no one here, short of a mathematical breakthrough, is going to be able to intercept it. I have a couple different encrypted text messaging programs, I have the TOR projects, TOR Orbot program, Cryptophone, RedPhone, TextSecure, some other things.
Actually doing research into how to build decentralized distributed secure systems that are freely specified, openly specified, with no back doors, with no ability to coerce the developers into adding back doors; to actually embrace the idea of liberal democracy, and drive it home that we have the right to speak freely–that is something that I think which we really can do. It’s not like a pipe dream. It exists right here, and you don’t have it probably.
Why do I have it? Shouldn’t you have this? I think the answer is yes, you should. Most of you don’t, and most of you are without question targeted.
The point is not this specific device, because it’s some prototype. But rather the point is that every single person in the world should have that when they pick up their phone normally. Why is that not the case?
The answer is this fundamental tension between people that are supposed to keep us secure, and the way they keep us secure is by actually keeping us insecure. Literally and technically. In the case of GSM, there was a different version of GSM constructed for export so that intelligence services could spy on some of those nations that would deploy it.
[23:57]
"The Washington Post" [published a cost estimate][wp-cost-estimate]. It’s something along the lines of $52.6 billion a year. Since 9/11, more than half a trillion dollars for the intelligence budgets, the black budget. I don’t think that that encompasses, for example, all things that I might consider to be that. I don’t think, for example, the CIA torture and rendition flights were in that budget. There are so many terrifying aspects to the way some of the questions were asked, just as a sort of meta‑point.
For example, do FiveEyes countries—that is to say, the UK, USA, New Zealand, Canada, and United Kingdom—do they help each other out as a matter of circumventing national laws? The answer to that is very clear. It’s yes. There’s in fact even a place in Washington DC where some British and American intelligence services share a building, where they—I’ve been told, I haven’t been able to see it, I have some satellite photos of it—where it’s a retransmission of information between the two parties, so that one party can intercept on one side and the other party can intercept on the other. This would be something worth looking into. I hope Duncan will do that, in his spare time.
Has the NSA compromised European computers? I’ll just say “yes” to that. That’s totally, completely without question, the case. Now, I wouldn’t think of it so much in terms of computers. I would ask yourself about atomic power plants, hospitals, parliamentarians, and I think the answer to those is also “yes” in specific. I would be pretty upset. That’s very serious, because when these guy are messing around with control systems, for example, what happens when they accidentally do something to a control system and it fails? Who’s responsible for that? Does it count as an act of war? Do they have any economic responsibility for it?
There’s really serious consequences when we start to talk about that. There’s a lot of fear‑mongering about so‑called hacktivists or hackers, and not a lot of talking about how... If the Chinese are so terrible, for example, for having compromised a bunch of people and gotten caught, what are the NSA for having compromised basically everyone and gotten away with it?
If the Chinese are concerning, it seems to follow that the NSA’s total compromise of these systems is actually more concerning.
There’s a lot of psychological cost as well. I’ve been targeted by the US government for the last 4 years for my involvement with WikiLeaks. I’ve been targeted by 2703 D orders—those are administrative subpoenas. Sealed search warrants. Probably if I knew, I wouldn’t be allowed to tell you. Other legal processes that if they were to exist, I would not be able to tell you about their existence. An FBI agent once actually let me know that eventually I did become aware of a national security letter, thus accidentally leaking that there was one.
These kinds of legal instruments are terrifying, in particular because they use the language of terrorism about WikiLeaks, which is nonsense. WikiLeaks is not terrorism, it is effective journalism. In the case of indiscriminate document dumping, as the French journalist had mentioned, it’s important to note that it was actually "The Guardian" itself that made that mistake, not WikiLeaks. WikiLeaks took great steps to be able to redact names. In fact, they were criticized heavily by the free information world for taking the steps of redacting informants’ names in particular.
The State Department actually stopped using that talking point, after they accidentally leaked my name to some people (which is just kind of a side note we’re talking about later).
This kind of thing does not end with technology. It’s not just that my computers or cell phones have been compromised, or that my accounts has been targeted legally, but my family members have been targeted. My partner woke up in the middle of the night with men in night vision goggles watching her sleep in her own home.
These kinds of things are a part of press freedom in United States now, and they use the language of terrorism. So when detaining me and seizing my property, they have literally called me a terrorist, denied me access to a lawyer, denied me access to a bathroom, and threatened literally my life in various different ways.
There’s tons of legal action that’s going on. But as a result of that, I live in Germany now. Because it’s better to be an immigrant in Berlin than it is to be a citizen in United States. That should tell you about the situation.
You can look at Glenn, who lives in Rio right now, and Laura Poitras, who is my neighbor in Berlin as well. You can see that people who are working on these types of issues as journalists, their actions speak for themselves. Regardless of whether or not they are brave in public. None of us are really in a hurry to go back to the United States and end up like Chelsea Manning. Or to end up like, say, James Risen.
This is fundamentally a huge problem, because Obama does not actually stick to his statement about protecting journalists, and in fact instead wiretaps them. The Department of Justice wiretaps them. When Clapper lies under oath about NSA surveillance, we see exactly this same problem. Total impunity for people, in some cases who are not even elected, and absolute ruthlessness for the people who are targeted by them as political enemies. That’s a very concerning aspect.
The only thing that I see that really seems to give me a lot of hope is that in Europe, there’s a huge debate about these things. There’s a really fantastically free press. Despite the fact that the First Amendment is very good, there are many American publications who literally run their articles by the CIA before they go to publish them. As part of their "not being persecuted or prosecuted" strategy. That's what I believe Bill Keller did with the WikiLeaks cables and the "New York Times." With all due respect to the "New York Times," none to Bill Keller, this is something that I think is totally offensive.
Working with "Der Spiegel," for example, you don’t see that kind of collaboration. You see people who are in service of the truth, who do verify these documents, who are caring about what is actually happening. I wouldn’t do this from the United States again, at least not for a long time.
We should also address the myth that this is a post‑9/11 issue. It is not. The NSA has been doing this kind of widespread collection, including on US citizens, for a long time. There’s a program called SHAMROCK, which I would really encourage you to look into. And another program which was actually the FBI, it’s called COINTELPRO, or the Counter‑Intelligence Programs. This is where they tried to blackmail Martin Luther King, Jr. This is where they went after a number of people.
The types of harassment that we see now—like, what my partner experienced with the night vision goggles, what I’ve experienced being detained at airports, or having black bag jobs where people break into my house, but don’t leave a note to even mention it—that kind of stuff is like COINTELPRO. Except it also happens electronically, and now unlike in the ’70s, the US government asserts that it is completely legal. In some cases, they might be correct, thanks to things like "The Patriot Act."
There’s far too much for me to answer every single other question, so I’ll just be brief here and say: when Obama says that, "We don’t need to be afraid..." First, it’s insulting to every single one of you in the room, because when he says to Americans, "Don’t worry, we don’t spy on Americans." What about every other human being on this planet? That to me is something, which is extremely upsetting. I apologize on behalf of my incredibly insulting President, for saying that about each and every one of you. Because that is not acceptable in a civilized world.
He is also wrong, because my experience with WikiLeaks, is that Americans have more to be afraid of. The reason is, because there is a system, and a culture of repression that in some cases is so total, there are people that will not pick up the phone to talk, for fear of the metadata alone linking them to my telephone.
In the United States, I basically don’t have a telephone that people know about. I have one for emergency, and it’s never powered on. Is it used for coercion? Is it used and is data passed for example to autocratic regimes? Is it used to study groups? Is it used to disrupt? Yes, yes, and yes.
Might they force or forge data? Absolutely. In fact, I’ve been detained at borders where they let me know how utterly in trouble I was going to be, but they could not arrest me, which is a very fascinating thing. I’m not allowed to see this file. I’m not allowed to correct this file. I’m not allowed to know it. They’ve accidentally let me see the file while holding me in interrogation cell. Their two‑way mirror wasn’t quite so good. In this case, I said, "Hey, that data’s wrong." They said, "Well, no, you can’t see it." I said, "But I already did." They said, "No, you didn’t." Clearly, someone makes mistakes. Whether it’s an intentional mistake is a good question.
How do we do this, to detect this kind of surveillance? It’s easy. Do you use a phone? You have a tracking device. You make a call? It’s probably intercepted. The metadata is almost certainly logged. In some cases, through outsourcing, the billing of your cell phone data is sent to Israeli billing companies where they are cut rate. Because the product is actually your social graph. They don’t care at all about what they’re actually doing billing wise.
Having some legislation where that kind of outsourcing isn’t possible would be a really useful thing to do.
Finally, the "WikiLeaks Spy Files Version Three" was just released yesterday, and is continuing to be released now. This shows the sort of techniques that corporations have, and the multibillion‑dollar market place for surveillance equipment. It shows the complicity with many of those executives. About 20 of them were investigated by the WikiLeaks Counter Intelligence Unit.
The WikiLeaks Counter Intelligence Unit found that many of them were traveling from Europe to repressive regimes to sell to repressive regimes surveillance software. Including targeting people that I personally know, who are journalists in Morocco. Targeting people in places like Ethiopia and Egypt.
This is something that I think Europe can do a lot with, by actually stopping these types of exports. Or at lease insuring that there’s a right of private action for anyone who is affected by it.
When Hacking Team, or FinFisher, or any of these people comes to such a country, and then innocent people are armed, that they have a chance of having justice here, if it is not presented there.
Finally, privacy versus security is one of these points I keep hearing people touch upon. It’s absolutely critical to do away with this talking point, because with all due respect, it’s the wrong one. The reason is because privacy is a function of actually having security. It is not the case that we will have privacy by having no privacy. It does not make sense.
By having a total surveillance state, we can’t say that our data is private when we have things like, "Loveint." If you’re not familiar with this, this is the NSA term for surveilling your love interests. It’s so frequent that they call it like, "SIGINT, Signals intelligence," "Love Intelligence." Unfortunately, it’s not funny if you’ve ever had somebody do something like that to you.
I would say that this is actually a question about dignity, agency, and liberty. These concepts rest on the concepts of confidentiality, integrity, and authenticity, but most of all: consent. This is something, which is not actually present in any of these systems. We’re offered security, but we’re actually given intentionally weakened systems that are exploited and used against us.
This creates a horrible chilling effect. Maybe not horrible for Europe, because many investigative journalists from America are moving here. But in general, it’s horrible for their families and their friends. There’s a lot to be done about it.
Research and development in the European context to decentralize and secure these systems, and to recognize that it’s not the exception that we need the security issue—it should be the rule that we need this. That will really move us forward in a very positive way. We can start to change these things and to right these wrongs. Thank you very much.
Host: We thank you, Jacob Appelbaum. We thank you.
LoGiurato, Brett (June 7, 2013). "Here's The Law The Obama Administration Is Using As Legal Justification For Broad Surveillance". Business Insider. Retrieved July 14, 2013. http://www.businessinsider.com/fisa-amendments-act-how-prism-nsa-phone-collection-is-it-legal-2013-6 http://goo.gl/HpCGls
Dana Priest (July 21, 2013). "NSA growth fueled by need to target terrorists". The Washington Post. http://articles.washingtonpost.com/2013-07-21/world/40713603_1_national-security-agency-former-senior-agency-official-intelligence http://goo.gl/cfUP3j
Barton Gellman, Ellen Nakashima (August 30, 2013). "U.S. spy agencies mounted 231 offensive cyber-operations in 2011, documents show". The Washington Post. http://articles.washingtonpost.com/2013-08-30/world/41620705_1_computer-worm-former-u-s-officials-obama-administration http://goo.gl/0VgKCY
Ewen MacAskill, Julian Borger (30 June 2013). "New NSA leaks show how US is bugging its European allies". The Guardian. http://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies
Unsigned (July 01, 2013). "New Snowden leak: US bugged dozens of foreign embassies". RT (formerly Russia Today). http://rt.com/news/snowden-leak-us-bugged-embassies-480/ http://goo.gl/Bse3Fv
On the Athens Affair:
Vassilis Prevelakis, Diomidis Spinellis (June 29, 2007). "The Athens Affair: How some extremely smart hackers pulled off the most audacious cell-network break-in ever". IEEE Spectrum. http://spectrum.ieee.org/telecom/security/the-athens-affair http://goo.gl/V4npjC
On XKeyScore:
theguardian.com (July 31, 2013). "XKeyscore presentation from 2008 – read in full". The Guardian. http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-program-full-presentation http://goo.gl/4dVHiq
On Bluffdale Datacenter:
James Bamford (March 15, 2012). "The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)". WIRED.com. http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/ http://goo.gl/xA6bih
On NSA Budget:
[wp-cost-estimate] http://articles.washingtonpost.com/2013-08-29/world/41709796_1_intelligence-community-intelligence-spending-national-intelligence-program
Barton Gellman, Greg Miller (August 29, 2013). "U.S. spy network’s successes, failures and objectives detailed in ‘black budget’ summary". The Washington Post. http://articles.washingtonpost.com/2013-08-29/world/41709796_1_intelligence-community-intelligence-spending-national-intelligence-program http://goo.gl/SzBxFA