Echelon and Espionage

Recent Events

Echelon is a NSA communications intercept system which has hit the news again recently, in spite of the US being very coy about admitting to its existence. The main difference between it and other electronic signals intelligence systems is its automation — it works by using voice recognition of key words and phrases, then passing on to human translators only those conversations and messages which are of interest. This allows it to start from an interception of potentially all communications worldwide.

From the Village Voice (thanks Miles):

The facts drawn out by these sources reveal ECHELON as a powerful electronic net–a net that snags from the millions of phone, fax, and modem signals traversing the globe at any moment selected communications of interest to a five-nation intelligence alliance. Once intercepted (based on the use of key words in exchanges), those communiqués are sent in real time to a central computer system run by the NSA; round-the-clock shifts of American, British, Australian, Canadian, and New Zealand analysts pour over them in search of . . . what?
Originally a Cold War tool aimed at the Soviets, ECHELON has been redirected at civilian targets worldwide. In fact, as the European Parliament report noted, political advocacy groups like Amnesty International and Greenpeace were amongst ECHELON’s targets.

There is renewed interest in it simply because, although no one in the administration is admitting it, George Bush’s order in 2001 to allow tapping of domestic US communications was effectively a warrant to start using Echelon within the US, not just for international and foreign domestic communications. Which means that the nation which has been listening in on everyone else for years must now face up to the civil liberties and privacy implications of its own policies.

There’s a lot of noise from some quarters about the inability of Echelon to monitor more than a limited portion of the world’s communications traffic, but that’s based entirely on the idea that the filtering process would not be efficient enough to limit the volume of traffic which humans had to monitor. It’s certainly not clear that this is the case, and in fact the opposite seems to be true. Storage systems have become orders of magnitude cheaper, and database systems orders of magnitude more effective in the last twenty years. This allows a degree of cross referencing which makes Echelon an extremely flexible and effective tool.

The EU and Industrial Espionage

Meanwhile the EU has had serious concerns with Echelon since 2001. It presented a paper on the matter — interestingly from the first draft to the second draft most of the material about industrial espionage was dropped.

It says:

whereas the situation becomes intolerable when intelligence services allow themselves to be used for purposes of gathering competitive intelligence by spying on foreign firms with the aim of securing a competitive advantage for firms in the home country, and whereas it is frequently maintained that the global interception system has been used in this way, although no such case has been substantiated.
and, further on explains in more detail:

Criticism is levelled when state intelligence services are misused to put firms within their territory at an advantage in international competition through espionage. A distinction has to be made here between two cases (Confidential statement to the rapporteur by a counter-intelligence service, source protected.)
10.5.2. 1. High-tech states
Highly-developed industrial states can indeed gain advantage from industrial espionage. By spying on the stage of development reached in a specific sector, it is possible to take foreign trade and subsidy measures either to make domestic industry more competitive or to save subsidies. Another focus of such activities may be efforts to obtain details of particularly valuable contracts (see 10.6).

The report specifies a large number of cases of industrial espionage by security services (all removed in final draft), which is at odds with its statement further on that “Any state caught red-handed comes under massive political pressure.”

The whole document was in fact an effort to put pressure on the US to desist from spying on EU firms which were competing with US firms for contracts. In many cases this spying resulted in the exposure of bribery and shady practises by the EU corporations, in a situation in which the US firms were ostensibly prevented by law from engaging in similar tactics. But in fact what was widely suspected was that the EU firms bids were passed on to US firms who could then bid slightly lower and get the contracts.

Much of the deleted part of the document constitutes a call on EU states to encourage the development of open source cryptography programs which can be used to protect private commercial communications from espionage by Echelon, and a call on EU companies and individuals to make use of cryptography in their private transactions. It’s a very interesting document if only because, in it’s early version at least, it doesn’t pull any punches.

State terrorism and other applications

When teamed with US cooperation with doubtful foreign regimes, and US military adventurism abroad, there are some frightening implications. Here is the Village Voice again:

On April 21, 1996, Chechnyen rebel leader Dzokhar Dudayev was killed when a Russian fighter fired two missiles into his headquarters. At the time of the attack, Dudayev had been talking on his cellular phone to Russian officials in Moscow about possible peace negotiations. According to electronics experts, getting a lock on Dudayev’s cell phone signal would not have been difficult, but as Martin Streetly, editor of Jane’s Radar and Electronic Warfare Systems, noted at the time, the Russian military was so under-equipped and poorly maintained, it was doubtful a radar intercept plane could have honed in on the signal without help.
Speaking at a conference on Information Warfare a month later, Madsen, one of the world’s leading SIGINT and computer security experts, explained that it was both politically and technically possible that the NSA helped the Russians kill Dudayev. Noting the West’s interest in preserving the Yeltsin presidency and in ensuring the safety of an oil consortium’s pipeline running through Chechnya, Madsen explained which NSA satellites could have been used to intercept Dudayev’s call and directionally locate its signal.
This wasn’t exactly a stunning revelation: Not only had reports recently been released in Australia and Switzerland about police tracking suspects by their cell phone signatures, but Reuters and Agence France-Press had written about the Dudayev scenario as technically plausible. Still, after his talk, Madsen was approached by an Air Force officer assigned to the NSA, who tore into him. “Don’t you realize that we have people on the ground over there?” Madsen recalled the officer seething. “You’re talking about things that could put them in harm’s way.” Asks Madsen, “If this was how Dudayev died, do you think it’s unreasonable the American people know about the technical aspects behind this kind of diplomacy?”

Given that Bin Laden had been of considerable interest to the US ever since before Clinton tried hit him with missiles in the 1990s, it begs the question exactly how much Echelon had been able to learn of his intentions before September 11 2001. It seems unreasonable to expect that Arabic would be a more difficult application of speech recognition algorithms than other languages, and we know he made extensive use of mobile phones and email even up to the time when the US invaded Afghanistan. Clearly there was no understanding on the part of Al Quaeda as to the effectiveness of Echelon even up to the point when a top lieutenant was nearly caught after tracking of his phone only a year ago.

Countermeasures

If you’d like to encrypt your communications, by the way, I’d encourage you to take a look at OpenSSL (maintained in the EU and illegal in the US), or PGP (likewise). This will protect you until the development of quantum computers, which is perhaps 5 to 10 years away. Beyond that there is nothing which can even effectively slow the spooks down. But in the mean time, if you need to encrypt anything to send to me, my public key is:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (Darwin)

mQGiBEOnm64RBAC7GjDyi1ubJ1OTtIjpOa/8SF3o9G48oB2G2Xa3vgagq904VlJE
VdOfhlY6n6vjs/aRlDsRG5Tjo1vRw5/EZGVvDOHq4c/fFjipWkB2gSFY7tVgaetU
34SsuoI+ksES+OJGoSFGx69l3YPwX4f4P3/QItYb0MaPHTC3ogyBKOocMwCgtmWj
Gj9+eniEz+v2kW/7vRq/uuED/j8cwRl5jJTYg3WU9DTYprvUHQGW5qb6xqFpRtDU
P9cE7vH0Jl+qtcgNM5VPhyuaPUgX5yCoswTixbHdLL8/vTfnyyOmq/ZM0yVjJXR3
yCfCbcmB/rax3yqWjbJ92ct8XJns1BezhWAd1NzNuhqTU4Cnz9yy7dkSr7vJrsh8
t2CiA/oDxJZNDggzKd42oxgBZ/t/A9KChlYO5hu2BF2SpglTt+aDj48xUHIRmPMZ
62vJmAvQ7tyouDnUwSV3swMchg5fQ7YgOJdaGxdilG/8Ey3woL+zlrxnEPufOClT
akS6ZVWKRXFM3QIyilu57wYEzC86qZPMDYRZ8xgsrRy2SvHBabQ3TWFydGluIEhh
eXdvb2QgKERqZWh1dHkpIDxtYXJ0aW5Ad3JpdGluZ3NvbnRoZXdhbGwubmV0Pohe
BBMRAgAeBQJDp5uuAhsDBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEBIYwsHh9/Hc
4OEAn36khhekSGGIM/VPUDth1ReNyWJ5AJ99Thp9A3njZUiiwNtunJgocxZutLkE
DQRDp5xVEBAAoqaRtwESWszTee9++fYAOd9538dNXXFOhzBpR5Sg2hXhCc8kIIrB
J170QGe+YdMwFCnBI18Y49fkXv9IJSwqCGWuqxZBRGEVg4sx49yH+SXichDR6/tV
t7r5hwXQBhNH380mnFnh4QHuqd/j/QjUPerAlzDlkj52V60hxnaAgl2XuJrBrx3u
MZ/sJuiaYBpzmnY1wfs0CIpa5mlUhyG9oQ6cktW3TjfSlCeEyLwXpP9p7Lr0DEPb
E+PxcmQYQIH8fHsDs0F4k+tI/TqKBbvluDA57xkbf3fNXafbYKoxEfTMralEeJrU
bTO5mMS70fm2XGm5QIByHr5fSXY958+yFqBimZsWlrOOrrH69y5wiT8wDMLjJHdJ
cLCsglxp7tY8LwPqGrr3saVryqJjgNZNHZajKrsmgXWWEQgUl8njx2nigGOor0UT
LylXwf5pec3ktBl7xc579KvM9UIPUC3TUfF/wJ4Ilia209gEKvJI1XREIuEa9giP
yKQaN7IT92+Sscygh5k1Yg4lDkAI44d9w5UJtpiXRY3u0kbKaus82WurarFG1czE
M+yhaYW3rCc7C6MTahka7ON3cXWrmWA9WrohonGgUiiRYVnbhH7WEqmovbqMT+w7
rbQLWUgzPxxYCCXo14PNQvxOai2CDi5YZ+o8GAjmt5oS2FTLSK3nrUsAAwUP/RUC
2nELosZslaxMbXEhrilB4KvvYVtG6P65n4a0WAOvPAtvMPX70L+8y0U5twAAFkdD
Oie7hHnBj/68bEaol1akK8YPHSa4h9dsq9QV+tPrspkJBV+/RgLDeNzjsOq2/wdb
4Tl5MaJwvvtHwlFDvzmKR52/CWQc9n182H7eptoPYD1msfEq2CmE5e2Uy7ck/YHc
z2Icr95yDwTZMm+BIboS8yluLxghkHtuwo+XMMzI61Rvm8D+e8+sHuO1THXw4l/K
pYrxYwvC0JIqESdvH40BXNvIYciUkhM8VJcsO/EeZ67ihe8nhlfcQZDrrm3uM7sU
BlHSk2FM316dfD3Nu1DG8ru0keo26Vzo2GSrmOeKtwY1uq0uWnEmvBHnLjU+Ntbz
nEsaQQvKhV9IRXJMQCvWaNQagGmrj1JBcjW3k195HzCuvQNJhNly3HvdZkgcVOTG
NQQHOSVOyuL8voM1F0L4bjQ1xdnY0IXMsCjqNugNq61fvOuD4w/RE6jNV0crVufM
rl0oxUb71VNanDqTCh4HCXx6257J1Ahb5WXo78mgKmBcnZboVHdU1TLtQxI/A63c
Z5pWRSj78pKAwhuRf30eqTjOE6yc2gXdmw0FlagYj3m5GOtE8LHl+Fz5txz/+8dr
uHmlXqRWivMGqoCkJr8bKk7znnixnCbd5HFPKj1NiEkEGBECAAkFAkOnnFUCGwwA
CgkQEhjCweH38dzTSACfbR13iB+cN3VNgzd4oMfYkI0mbXwAn27p/Jk7CtQlzwf5
NjDd9eFoU/yy
=Em2d
-----END PGP PUBLIC KEY BLOCK-----

This entry was posted in net, world. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>