Skip to content

Just trust ’em, they’re patriots.

Just trust ’em, they’re patriots.

by digby

Yeah, I’m going to guess the spying on allies is at least as much about this as it is about terrorism:

European businesses are likely to abandon the services of American internet providers because of the National Security Agency surveillance scandal, the European commission has warned.

Neelie Kroes, the commission vice-president who speaks on digital affairs, predicted that providers of cloud services, which allow users to store and access data on remote servers, could suffer significant loss of business if clients fear the security of their material is under threat.

The warning came as it appeared that the Americans and the Europeans were to start investigating alleged breaches of data privacy in the EU as well as US intelligence and espionage practices.

Despite threats from France to delay long-awaited EU-US negotiations on a new transatlantic free trade pact, scheduled to open in Washington on Monday, EU ambassadors in Brussels reached a consensus on Thursday to go ahead with the talks.

They could not yet agree, however, on how to respond to a US offer of parallel talks on the NSA scandal, the Prism and Tempora programmes and issues of more traditional espionage arising from reports of how US agencies bugged and tapped the offices and embassies of the EU and several member states.

Dalia Grybauskaitė, the president of Lithuania, said on Thursday that she was not seeking an apology from the Americans. Lithuania takes over the rotating six-month EU presidency this week.

While no decision had yet been taken, she said she hoped the EU-US talks on electronic surveillance would also be launched on Monday and run concurrently. Since much of the alleged US hoovering up of telephone and internet traffic in Europe is assumed to amount to commercial and industrial espionage, the two parallel sets of talks will affect one another.
[…]
Pointing to the potential fallout from the disclosures about the scale of NSA operations in Europe, Kroes, the European commissioner for digital matters, predicted that US internet providers of cloud services could suffer major business losses.

“If businesses or governments think they might be spied on, they will have less reason to trust cloud, and it will be cloud providers who ultimately miss out. Why would you pay someone else to hold your commercial or other secrets if you suspect or know they are being shared against your wishes?” she said.

You can’t blame them for thinking this is being done can you? After all, Keith Alexander, the big kahuna behind this spying and secrecy, thinks the whole world is his cyber-battlefield and that his responsibility is to “advance the national interest” however that’s defined. I’m going to guess that foreign business competitors are a little bit suspicious that in addition to US national security it might also mean — money. Why wouldn’t it?

Again, this is why I reacted so negatively to the “cyberwar” concept. The slides we saw did not talk about retaliation for a cyber attack from a foreign power. It talked about the US launching an offensive cyberattack. And the reasons for why they might do that were alarmingly elastic:

The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) “can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging”.

It says the government will “identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power”.

Maybe we could take their word that this is always going to be strictly applied to national security, but they didn’t say that. They’re talking about “advancing US national objectives” and “national importance” not talking strictly about threats.

And in any case, most of the work that’s being done on this is being done by commercial interests (also known as contractors) who can easily make this stuff work for them, since they’re the ones doing the work. Sure, they’re being paid by the taxpayers ostensibly to keep the boogeyman from destroying our way of life but that doesn’t mean they can’t take a little extra profit from what they are doing on the side. Amirite?

For instance, in this fascinating article about Keith Alexander, there was this:

Defense contractors have been eager to prove that they understand Alexander’s worldview. “Our Raytheon cyberwarriors play offense and defense,” says one help-wanted site. Consulting and engineering firms such as Invertix and Parsons are among dozens posting online want ads for “computer network exploitation specialists.” And many other companies, some unidentified, are seeking computer and network attackers. “Firm is seeking computer network attack specialists for long-term government contract in King George County, VA,” one recent ad read. Another, from Sunera, a Tampa, Florida, company, said it was hunting for “attack and penetration consultants.”

One of the most secretive of these contractors is Endgame Systems, a startup backed by VCs including Kleiner Perkins Caufield & Byers, Bessemer Venture Partners, and Paladin Capital Group. Established in Atlanta in 2008, Endgame is transparently antitransparent. “We’ve been very careful not to have a public face on our company,” former vice president John M. Farrell wrote to a business associate in an email that appeared in a WikiLeaks dump. “We don’t ever want to see our name in a press release,” added founder Christopher Rouland. True to form, the company declined Wired’s interview requests.
[…]
Bonesaw also contains targeting data on US allies, and it is soon to be upgraded with a new version codenamed Velocity, according to C4ISR Journal. It will allow Endgame’s clients to observe in real time as hardware and software connected to the Internet around the world is added, removed, or changed. But such access doesn’t come cheap. One leaked report indicated that annual subscriptions could run as high as $2.5 million for 25 zero-day exploits.

The buying and using of such a subscription by nation-states could be seen as an act of war. “If you are engaged in reconnaissance on an adversary’s systems, you are laying the electronic battlefield and preparing to use it,” wrote Mike Jacobs, a former NSA director for information assurance, in a McAfee report on cyberwarfare. “In my opinion, these activities constitute acts of war, or at least a prelude to future acts of war.”

The question is, who else is on the secretive company’s client list? Because there is as of yet no oversight or regulation of the cyberweapons trade, companies in the cyber-industrial complex are free to sell to whomever they wish. “It should be illegal,” says the former senior intelligence official involved in cyber­warfare. “I knew about Endgame when I was in intelligence. The intelligence community didn’t like it, but they’re the largest consumer of that business.”

Is this really ok? Do we believe these boys and their toys are doing something so harmless that we needn’t have any idea about what they’re doing? Just trust ’em, they’re patriots?

I can imagine dozens of scenarios that make this dangerous for people all over the planet. These cyber-cowboys are out of control. And yet nobody seems to think we even need to know about this much less rein them in. Just close your eyes and think of America, I guess.

.

Published inUncategorized