The NSA and the hypocrisis


Finally, the French governement is going to react to the NSA mass spying. Just after the first article published by Le Monde (there might be a paywall). Technically, it’s nothing really new since we’ve read the same for Mexico, England and Germany those last days – use your search-engine fu to find related articles.

Oddly enough, 6 month after the first revelations, the French Foreign Ministry has summoned immediatly the NSA^WUS ambassador to talk about it. AT the time I’m writing this, the results of the meetings are not yet public (and I don’t even know if the US Ambassador will answers at all) but, in the end, nothing will change.

Also, we currently have, in France, yet another debate around yet another expulsion of yet another school girl (directly from school) and a lot of discontent about or Ministry of Interior. I’m not thinking the summoning of the US ambassador is done only to try to heave people forgetting about this issue, but the timing is troubling.

First, the obvious – Why do the NSA is spying on French

This is the first time that a national newspaper of broad audience (Le Monde) is directly releasing and analysing Snowden’s document. Before today, it was only comment and translations of foreign newspaper and some analysis done by smaller press apparel.

Le Monde is used to do this kind of release since it was the partner of Wikileaks for the CableGate and, at least parts of, the Warlog. And they’ve got a lot of attention when they did that, so I suppose that this article, and the apparently starting collaboration between Snowden’s news agency and Le Monde, is starting to gather political momentum.

And the french governement is craving for achievments. There’s a lot of miscontent right now – not enough to pull people in the streets, but enough to increase the extrem right wings voter pool – and they might want to do something good. Political momentum from NSA scandal might be the good one to convert into good reputation.

However, they always seems to discover the fact that the NSA had spies on French citizens and officials. They know it since, at least, June and I won’t admit that they didn’t had strong suspicion before that. This is just something they’re doing to occupy the news space, and try to divert people from ongoing issues – hate speech, immigration, economic situation, jobs issues, pick one or many of them and you can even add to the list.

Friends and foes

NSA says they’re spying on anyone to find terrorists. So, it means that:

  1. They do not trust us and think that there’s a risk big enough to have a terrorist-strike on the US soil coming from the french soil. If that’s the case, it means they do not trust their allies. So why are we even part of NATO?
  2. They trust us, but they think our own spying services are lame. I can get it, but then, since we’re allies, they’re probably sharing intel with us. As they’re doing with the UK secret services: GCHQ (GCHQ seems to be the NSA’s reach in EU).
  3. It’s not about terrorism, or a risk of war. Then it’s mainly an economic issue and the NSA uses its powers to take over some market for the benfits of US companies – the ones who works with the NSA.

The economic angle

The economic angle is something interesting. In the french IT industries, we have mainly two actors favored by the state. Former State companies – France Telecom aka Orange, Bull but it was a failure, etc – and big names well established – and for the computer stuff it will be US companies.

One single example is quite interesting. Since France is part of NATO, we must comply to some interoperability on different levels such as ammunitions, information system and managemenbt and strategies.

I like the ammunition aprt, because it explains well what interoperability is. The NATO calibers are standards. And if you want to have your rifles, guns, rocket laucnhers, whatever approved and used on NATO battelfields, you must be able to fire them.

It doesn’t means you must use the Colt’s M16, just that you’re own rifle must be able o fire the NATO ammos. In France we use the FAMAS (French automatic Rifle), the US use the M-16. That’s interoperability.

For the information management, NATO requires the sale level of interoperability. You must be able to send and receives data to and from any NATO system. The US used their own version of Microsoft Windows Hardened for their specifid needs.

The France use the Bull system. No, it’s a joke. Mouhamar Khadafi use the Bull/AMESYS system we sold him. We prefer using the Microsoft system for our critical infrastructure whoch is the army. We’re able to manufactures great tools and weapons and we can even sold them to dictators without blinking, but for our own needs, we’d rather relies on the armed arm of the NSA: Microsoft. The Open Bar contract has been exposed in Avril 2013, just some month before the Snowden revelations.

And we now know that Microsoft is a big part of Prism since the 9/11/2007. The fact that the french military’s head didn’t even thought about it is an issue. And I would suspect Microsoft to have used the NSA to spy and influence the deal.

The strategic angle a.k.a they do not trust us

In the diplomatic game, you can’t really rely only on the good behavious of your allies. Especially since allies or your allies can be your ennemies. For instance, Turkey is an ally of the US since it’s part of NATO. But I’m not sure all the Turkey’s allies are allies of the US.

Same goes for Pakistan.

So, a paranoid and schyzophrenic state like the US is spying on its allies. That’s standard diplomatic procedures, and that’s what embassies are for. However, in this specific cases, the NSA is going way further than a simple state spying. They’re spying everyone – I mean, we’re talking of about 7M phone calls from France in a month – that’s a lot.

Also, France has been criticizing the US on some key political and foreign issues such as Iraqi intervention, and the US stance toward the whole Israel/Palestinian SNAFU. So, they might be interested on some data, and since we host some movment which threatens US interests, they woudl suspect that France can host the next team for a suicide bombing toward US interests. That’s why they would want to spy on the French citizens.

The interesting part of it is: did the French government benefited of it? Or any other governement. Or companies. For now, there’s nothing in the documents leaked by Snowden that would give us a solid proof for that.

They knew it

I really think that the french government knew it and benefited from the NSA mass surveillance program. But, before jumping to this conclusion, we need to ellaborate a little bit on how it works.

The presentation in Le Monde, highlight a fact a lot of people forget about. When routing on the internet, you’re not going through the physical shortest route, but through the most efficient one.

I’m going for an analogy for those of you who do not know what routing is. If I want to go from Lyon to Bordeau by car, I can take the shortest path, made of – at best – national roads. You’re going to go accross a ot of villages, and smallest road. Or you can go through the fast highway. It will cost you some kilometers (and money, but that’s not the point) because there’s some kind of mountain in between, but you’ll arrive faster.

That’s the same thing for internet. The physical shortes path, is probably not the one you’re going to use. For instance for going from Latin America to Africa, the direct route is to jump to Europe (5Gbps) then to Africa (343Gbps), but in fact, you’re probably gonna do one more hop through US & Canada
(2.918 Gbps), then Europe (4.972Gbps) and then Africa. Way more faster, way more efficient.

If you want more data, have a look at Telegeography it’s full of maps and data about the internet and telecomunication infrastructures.

Peer to beer?

Another thing are peering agreements. Peering agreements are what makes internet. It’s an agreement between two exchange node ran by companies or other organisations – let’s call them A and B. This agreement, determines how the traffic coming from the network A to the network B and vice-versa will be managed and paid. In most of the case, fair peering (which is: since traffic coming from A to B or from B to A are more or less equals or because both network will benefit from it, let’s peer for free), more info about Peering can be found on the Internet, but globally it’s an economic interest.

And it’s been, in France at least, a long-raging battle between all of the operators. For instance, France Telecom vs COGENT back in 2005 FT cut their peering with Cogent, in 2003 it’s a battle between France Telecom and Free, SFR and OVH battled around 2011 and a battle between Free vs Google is still raging as of today (and it’s standing for a long time).

Also, and a funnier part when you look at it with this NSA angle, is that we have here the ARCEP – an equivalent of the US FCC – which is in charge to regulate and document the Telecommunication infrastructure. In 2012, they tried to force each party involved with peering in France to document their formal agreement of peering – Owni did a great piece about it – and what’s fun was that, in fine, Verizon refused to collaborate with the state because it was too much of work. The very same Verizon who gave full access to its infrastructure to the NSA.

So, peering was done, back in the time, by private companies and by a public one. France Telecom (which then became Itineris, Wanadoo and Orange for its ISP part). They were building physical infrastructure with public money and were interconnecting it with US and UK infrastructure. I won’t believe that noone there suspected or saw anything like some weird and unauthorized traffic coming through their equipment, especially since the french intelligence services must have put some things in place to protect themselves and to spy on the people and other states.

Especially since most of the interconnexion toward Africa has been done by french industrial (such as Alcatel Lucent, a US-French consortium, but more on them later). There’s also a big road to middle-east going through Europe and Germany in particular (that’s why routing to and from Syria often transit through Germany Exchange node – Info from 2007)

However, the french net-isolationism (especillay the will of the local companies to push for their product and to refuse to peer with their US counterpart) has favored emergence of the Uk, DE and NL Exchange. Have a look at this map and you’ll note that France is quite low on the Exchange Node values, and datas found on Wikipedia don’t show the France as a big peering country.


But who’s building those system? It appears that the previously mentionned Alcatel Lucent company is a good one. Have a look at the BlueCabinet wiki to understand why. They’re providing submarines cables, infrastructures to 130 countries – including Burma and China – they’re a mix between french and US interests and they’re involved in a lot of French and European infrastructure.

So, if the NSA is collecting data going through France and given that a big part of the interconnection infrastructure in France uses at least a part of Alcatel-Lucent technology and that trans-atlantic cables are at least partially deployed by the US-French consortium, you really think the french secret services would have ignored that the NSA will use and deploy tools to spy on us? Especially when the states add shares into this Company? It’s exactly the same issue when Frecnh governement claims they didn’t knew about Amesys solding arms of mass surveillance to Lybia. They’re lying.

You would argue that those tools don’t need to be deployed on the french soil, they need to be deployed in main Exchange node like in UK, NL or DE. And US also. But it does not cover the landline wiretapping exposed by Le Monde today. So, they have a tap inside the network on the french soil – because the cheapest route on phone network between France and France is to route through France. And since most of it has been deployed by public companies, or subsides of french public companies, or subsides of governmental and military contractor, they know about it.

Because if they do not, it is extremely worrying. It means that any foreign power can come in, wiretap our whole infrastructure and uses it against us without our knowledge. And that’s something I can’t rationalize enough to admit it as true. It can be done – and it has probably be done – for some specific wiretap and people, but not on a scale of 7.4M of phone calls a month. At least the trafic generated by the leak of data must have been noticed.

Now, let’s admit that french secret servcies knew about it. Why keep it secret then? An international scandal could profit for the state and could have lead to a stronger foreign policy and a bit more of defiance toward the US. It would have help defeat things like ACTA or the incoming TIPP, just because EU governement would have been suspicious enough, and it would have increased the power of France and developped for a better diplomatic situation reagrding the rest of the world.

They knew it, and they didn’t used that knowledge to gain power over the US and to empower themselves? From people whose job is to use information to take over other interests, they would have done a poor job.

So, they might have something to gain by keeping it silent. I would go for access to the data. Our national intelligence backbone is not as good as the UK or the US ones (see the reports about Thalès interception platform) and is essentially directed toward phone calls – we have a long history of illegal wiretapping used as political scandal and it didn’t lead to any change in the way wiretapping has been done since then.

I really think there is both cooperation and defiance into this spying affair between the NSA and French intelligence services. I also suspect that most of the intelligence services works in defiance of there own governement and in cooperation with both foreign intelligence services and companies.

And now what?

Nothing. Since everyone except citizens is wining on this mutual sharing of mass surveillance system informel deal I do not except things to change in a short term.

However, there is some good news. First, peering deals, and a lot of the necessary system to maintain internet, are out of reach of the different governement. The informal way that governs them doesn’t helps for regulation and con
trols by governement (that’s why they seek for it). You still have to keep your data out of big datacenter, but that’s not that hard (have a look at yunohost for hosting most of your data) the social networking part is the biggest and hardest one I think – alongside with search engine, but at least you have duckduckgo.

Second, a lot of governement, starting by South American one are really upsets and are starting to act. The Internet Governance summit held recently in Brazil also gave some hopes about the Internet still staying out of control. I’m not sure it will be followed by impact, because the NSA spying is possible due to some key infrastructures issues, but it’s a start.

I’m quite disapointed that the EU didn’t follow the Brazil on this, since we have some good infrastructure and technologies to help. But then again, I do not think those US/EU commercial agreement will cease for the benefits of citizens or sovereignity they have too much industrial and bank pressure on them.

But as always, nothing will come from the politicians. They must knew about the NSA spying in France and they even collaborate or they’re dangerously incompetent. They benefit from it because it’s a coercion measure (the same way CCTV cams are) and industrial groups earns money doing it. Even if they o have gag orders. They would have been motivated for your privacy, they would have fight those gag orders.

And that’s why nothing new will emerge from this meeting between the french foreign ministry and the – currently in shutdown – US embassy.