The NSA and the hypocrisis

Context

Finally, the French governement is going to react to the NSA mass spying. Just after the first article published by Le Monde (there might be a paywall). Technically, it’s nothing really new since we’ve read the same for Mexico, England and Germany those last days – use your search-engine fu to find related articles.

Oddly enough, 6 month after the first revelations, the French Foreign Ministry has summoned immediatly the NSA^WUS ambassador to talk about it. AT the time I’m writing this, the results of the meetings are not yet public (and I don’t even know if the US Ambassador will answers at all) but, in the end, nothing will change.

Also, we currently have, in France, yet another debate around yet another expulsion of yet another school girl (directly from school) and a lot of discontent about or Ministry of Interior. I’m not thinking the summoning of the US ambassador is done only to try to heave people forgetting about this issue, but the timing is troubling.

First, the obvious – Why do the NSA is spying on French

This is the first time that a national newspaper of broad audience (Le Monde) is directly releasing and analysing Snowden’s document. Before today, it was only comment and translations of foreign newspaper and some analysis done by smaller press apparel.

Le Monde is used to do this kind of release since it was the partner of Wikileaks for the CableGate and, at least parts of, the Warlog. And they’ve got a lot of attention when they did that, so I suppose that this article, and the apparently starting collaboration between Snowden’s news agency and Le Monde, is starting to gather political momentum.

And the french governement is craving for achievments. There’s a lot of miscontent right now – not enough to pull people in the streets, but enough to increase the extrem right wings voter pool – and they might want to do something good. Political momentum from NSA scandal might be the good one to convert into good reputation.

However, they always seems to discover the fact that the NSA had spies on French citizens and officials. They know it since, at least, June and I won’t admit that they didn’t had strong suspicion before that. This is just something they’re doing to occupy the news space, and try to divert people from ongoing issues – hate speech, immigration, economic situation, jobs issues, pick one or many of them and you can even add to the list.

Friends and foes

NSA says they’re spying on anyone to find terrorists. So, it means that:

  1. They do not trust us and think that there’s a risk big enough to have a terrorist-strike on the US soil coming from the french soil. If that’s the case, it means they do not trust their allies. So why are we even part of NATO?
  2. They trust us, but they think our own spying services are lame. I can get it, but then, since we’re allies, they’re probably sharing intel with us. As they’re doing with the UK secret services: GCHQ (GCHQ seems to be the NSA’s reach in EU).
  3. It’s not about terrorism, or a risk of war. Then it’s mainly an economic issue and the NSA uses its powers to take over some market for the benfits of US companies – the ones who works with the NSA.

The economic angle

The economic angle is something interesting. In the french IT industries, we have mainly two actors favored by the state. Former State companies – France Telecom aka Orange, Bull but it was a failure, etc – and big names well established – and for the computer stuff it will be US companies.

One single example is quite interesting. Since France is part of NATO, we must comply to some interoperability on different levels such as ammunitions, information system and managemenbt and strategies.

I like the ammunition aprt, because it explains well what interoperability is. The NATO calibers are standards. And if you want to have your rifles, guns, rocket laucnhers, whatever approved and used on NATO battelfields, you must be able to fire them.

It doesn’t means you must use the Colt’s M16, just that you’re own rifle must be able o fire the NATO ammos. In France we use the FAMAS (French automatic Rifle), the US use the M-16. That’s interoperability.

For the information management, NATO requires the sale level of interoperability. You must be able to send and receives data to and from any NATO system. The US used their own version of Microsoft Windows Hardened for their specifid needs.

The France use the Bull system. No, it’s a joke. Mouhamar Khadafi use the Bull/AMESYS system we sold him. We prefer using the Microsoft system for our critical infrastructure whoch is the army. We’re able to manufactures great tools and weapons and we can even sold them to dictators without blinking, but for our own needs, we’d rather relies on the armed arm of the NSA: Microsoft. The Open Bar contract has been exposed in Avril 2013, just some month before the Snowden revelations.

And we now know that Microsoft is a big part of Prism since the 9/11/2007. The fact that the french military’s head didn’t even thought about it is an issue. And I would suspect Microsoft to have used the NSA to spy and influence the deal.

The strategic angle a.k.a they do not trust us

In the diplomatic game, you can’t really rely only on the good behavious of your allies. Especially since allies or your allies can be your ennemies. For instance, Turkey is an ally of the US since it’s part of NATO. But I’m not sure all the Turkey’s allies are allies of the US.

Same goes for Pakistan.

So, a paranoid and schyzophrenic state like the US is spying on its allies. That’s standard diplomatic procedures, and that’s what embassies are for. However, in this specific cases, the NSA is going way further than a simple state spying. They’re spying everyone – I mean, we’re talking of about 7M phone calls from France in a month – that’s a lot.

Also, France has been criticizing the US on some key political and foreign issues such as Iraqi intervention, and the US stance toward the whole Israel/Palestinian SNAFU. So, they might be interested on some data, and since we host some movment which threatens US interests, they woudl suspect that France can host the next team for a suicide bombing toward US interests. That’s why they would want to spy on the French citizens.

The interesting part of it is: did the French government benefited of it? Or any other governement. Or companies. For now, there’s nothing in the documents leaked by Snowden that would give us a solid proof for that.

They knew it

I really think that the french government knew it and benefited from the NSA mass surveillance program. But, before jumping to this conclusion, we need to ellaborate a little bit on how it works.

The presentation in Le Monde, highlight a fact a lot of people forget about. When routing on the internet, you’re not going through the physical shortest route, but through the most efficient one.

I’m going for an analogy for those of you who do not know what routing is. If I want to go from Lyon to Bordeau by car, I can take the shortest path, made of – at best – national roads. You’re going to go accross a ot of villages, and smallest road. Or you can go through the fast highway. It will cost you some kilometers (and money, but that’s not the point) because there’s some kind of mountain in between, but you’ll arrive faster.

That’s the same thing for internet. The physical shortes path, is probably not the one you’re going to use. For instance for going from Latin America to Africa, the direct route is to jump to Europe (5Gbps) then to Africa (343Gbps), but in fact, you’re probably gonna do one more hop through US & Canada (2.918 Gbps), then Europe (4.972Gbps) and then Africa. Way more faster, way more efficient.

If you want more data, have a look at Telegeography it’s full of maps and data about the internet and telecomunication infrastructures.

Peer to beer?

Another thing are peering agreements. Peering agreements are what makes internet. It’s an agreement between two exchange node ran by companies or other organisations – let’s call them A and B. This agreement, determines how the traffic coming from the network A to the network B and vice-versa will be managed and paid. In most of the case, fair peering (which is: since traffic coming from A to B or from B to A are more or less equals or because both network will benefit from it, let’s peer for free), more info about Peering can be found on the Internet, but globally it’s an economic interest.

And it’s been, in France at least, a long-raging battle between all of the operators. For instance, France Telecom vs COGENT back in 2005 FT cut their peering with Cogent, in 2003 it’s a battle between France Telecom and Free, SFR and OVH battled around 2011 and a battle between Free vs Google is still raging as of today (and it’s standing for a long time).

Also, and a funnier part when you look at it with this NSA angle, is that we have here the ARCEP – an equivalent of the US FCC – which is in charge to regulate and document the Telecommunication infrastructure. In 2012, they tried to force each party involved with peering in France to document their formal agreement of peering – Owni did a great piece about it – and what’s fun was that, in fine, Verizon refused to collaborate with the state because it was too much of work. The very same Verizon who gave full access to its infrastructure to the NSA.

So, peering was done, back in the time, by private companies and by a public one. France Telecom (which then became Itineris, Wanadoo and Orange for its ISP part). They were building physical infrastructure with public money and were interconnecting it with US and UK infrastructure. I won’t believe that noone there suspected or saw anything like some weird and unauthorized traffic coming through their equipment, especially since the french intelligence services must have put some things in place to protect themselves and to spy on the people and other states.

Especially since most of the interconnexion toward Africa has been done by french industrial (such as Alcatel Lucent, a US-French consortium, but more on them later). There’s also a big road to middle-east going through Europe and Germany in particular (that’s why routing to and from Syria often transit through Germany Exchange node – Info from 2007)

However, the french net-isolationism (especillay the will of the local companies to push for their product and to refuse to peer with their US counterpart) has favored emergence of the Uk, DE and NL Exchange. Have a look at this map and you’ll note that France is quite low on the Exchange Node values, and datas found on Wikipedia don’t show the France as a big peering country.

Complacency

But who’s building those system? It appears that the previously mentionned Alcatel Lucent company is a good one. Have a look at the BlueCabinet wiki to understand why. They’re providing submarines cables, infrastructures to 130 countries – including Burma and China – they’re a mix between french and US interests and they’re involved in a lot of French and European infrastructure.

So, if the NSA is collecting data going through France and given that a big part of the interconnection infrastructure in France uses at least a part of Alcatel-Lucent technology and that trans-atlantic cables are at least partially deployed by the US-French consortium, you really think the french secret services would have ignored that the NSA will use and deploy tools to spy on us? Especially when the states add shares into this Company? It’s exactly the same issue when Frecnh governement claims they didn’t knew about Amesys solding arms of mass surveillance to Lybia. They’re lying.

You would argue that those tools don’t need to be deployed on the french soil, they need to be deployed in main Exchange node like in UK, NL or DE. And US also. But it does not cover the landline wiretapping exposed by Le Monde today. So, they have a tap inside the network on the french soil – because the cheapest route on phone network between France and France is to route through France. And since most of it has been deployed by public companies, or subsides of french public companies, or subsides of governmental and military contractor, they know about it.

Because if they do not, it is extremely worrying. It means that any foreign power can come in, wiretap our whole infrastructure and uses it against us without our knowledge. And that’s something I can’t rationalize enough to admit it as true. It can be done – and it has probably be done – for some specific wiretap and people, but not on a scale of 7.4M of phone calls a month. At least the trafic generated by the leak of data must have been noticed.

Now, let’s admit that french secret servcies knew about it. Why keep it secret then? An international scandal could profit for the state and could have lead to a stronger foreign policy and a bit more of defiance toward the US. It would have help defeat things like ACTA or the incoming TIPP, just because EU governement would have been suspicious enough, and it would have increased the power of France and developped for a better diplomatic situation reagrding the rest of the world.

They knew it, and they didn’t used that knowledge to gain power over the US and to empower themselves? From people whose job is to use information to take over other interests, they would have done a poor job.

So, they might have something to gain by keeping it silent. I would go for access to the data. Our national intelligence backbone is not as good as the UK or the US ones (see the reports about Thal├Ęs interception platform) and is essentially directed toward phone calls – we have a long history of illegal wiretapping used as political scandal and it didn’t lead to any change in the way wiretapping has been done since then.

I really think there is both cooperation and defiance into this spying affair between the NSA and French intelligence services. I also suspect that most of the intelligence services works in defiance of there own governement and in cooperation with both foreign intelligence services and companies.

And now what?

Nothing. Since everyone except citizens is wining on this mutual sharing of mass surveillance system informel deal I do not except things to change in a short term.

However, there is some good news. First, peering deals, and a lot of the necessary system to maintain internet, are out of reach of the different governement. The informal way that governs them doesn’t helps for regulation and controls by governement (that’s why they seek for it). You still have to keep your data out of big datacenter, but that’s not that hard (have a look at yunohost for hosting most of your data) the social networking part is the biggest and hardest one I think – alongside with search engine, but at least you have duckduckgo.

Second, a lot of governement, starting by South American one are really upsets and are starting to act. The Internet Governance summit held recently in Brazil also gave some hopes about the Internet still staying out of control. I’m not sure it will be followed by impact, because the NSA spying is possible due to some key infrastructures issues, but it’s a start.

I’m quite disapointed that the EU didn’t follow the Brazil on this, since we have some good infrastructure and technologies to help. But then again, I do not think those US/EU commercial agreement will cease for the benefits of citizens or sovereignity they have too much industrial and bank pressure on them.

But as always, nothing will come from the politicians. They must knew about the NSA spying in France and they even collaborate or they’re dangerously incompetent. They benefit from it because it’s a coercion measure (the same way CCTV cams are) and industrial groups earns money doing it. Even if they o have gag orders. They would have been motivated for your privacy, they would have fight those gag orders.

And that’s why nothing new will emerge from this meeting between the french foreign ministry and the – currently in shutdown – US embassy.

Internet is like punks, not dead. Yet.

[UPDATE: 2012/08/23 – Barbayellow translates their posts in english]

Context

Yesterday, I wrote this piece and Barbayellow, friend of mine and who happens to works for Reporters Without Borders, replied with this post

Basically he says that internet’s not dead, it’s just the hacktivists who are tired of fighting. I recommend you to read the whole posts, it’s probably a bit subtler than that.

So, now, I’ll answer and will do a less melodaramtic post I think.

Internet as we knew it

When I’m saying that internet is dying, it’s the internet as we knew it. The ones that grants people, corporations and states to communicate freely, without the fear to be harmed for their opinion.

It’s not the internet as it’s in China (which is not Internet by the way, it’s more a different network which some limited connectivity to the intertube) or in Iran or elsewhere.

The internet is just cables, with kittens inside carrying packets between computers. Basically, there’s nothing inside of it, no content save for the kittens and the packets they’re carrying around is inside the internet, it’s just on computers connected to the cat system.

The internt, as it used to be, is a multipeer to multipeer multidirecctional communication system. It grants all things connected to the Internet to exchange freely cats and packets at no costs (besides the facts that if we give you a kitten in transit and it’s not for you, you’ll pass along until it find it’s recipient).

The internet is then a wonderfull tool for news addict, trolls, kittens lovers, citizens who needs a way to organize themselves out of the street ( because the streets are monitored and a more dangerous place than the internet), social organisations of all kinds benefits from this.

This is internet. Internet is neither Google, nor Facebook, nor any other form of government. Those are just things connected onto the internet and who produces and eats a lot of kittens (yeah, kittens are eaten when they land on your computer).

All was good, kittens were purring into the internet, and we loived them and cares for them. The only thing we forgot at this time was that any who can stare at a kitten, can see the packet he’s carrying. And then decides to shot him death or not, depending on the content of the packet.

That’s when the net neutrality was endangered.

The answer was blatantly simple: math. Using math, we can do cryptography and, cryptography is just packing every packet in a Unicron suit. All the packet then looks the same and kittens are now carrying unicorn around.

The governement, who were not able to mass murder kittens, decided that cryptography was a tool that only good people – which means them – would be able to use, letting bad people – you – using old packet system while they were going to use kittens.

Cypehrpunks – big Unicorns fan – decided that the cryptofascism was to be fighted and opposed Exportation law on cryptosystems. Phil Zimmeerman wrote PGP at this time for this specific reason: grants anyone the possibility to benefits from cryptography and to protect it’s privacy – as well as sending cats carrying unicorns which is cool.

And that was the status-quo for a time. Governement and corporations benefited from the works written by cypherpunks, and were counting on the fact that few people likes unicorns and won’t use the cryptography.

The web 2.0 bullshit and the cyberthreats meme

What really threatens the internet is the web 2.0 bullshit. The meme around that over-centralisation of each pieces of data in few places to create a big data environnment with savvy web services are dangerous.

Not because of the creation of those data (rememebre, more data, more kittens and kittens are cool), it was the centralisation of those data. It started slowly, with the homepage trand and then the blogosphere thing. Search engine and the host anything in da kloug.

A lot of money has been spent on this, not overnight but over a decade (and this is a small amountg of time for a slow moving thing that are governement). New buildings has been built, we have been sold assymetric access to the internet, to avoid citizens to hosts themselves the content, zetabytes storage systems now exists and dreamers and cypherpunks has been painted as bad people – antisocial peopl who will destroy the world just because they can.

Which is weird because cypherpunks are free software adept, they wnat to share as most as they can and this is specifically what a society is about (exchange). And that’s what internet could have been.

The other worrying meme, and a little more recent one, is the cyberwarfare one. It’s a meme stating that it’s perfectly normal that criticial systems such as nuclear power plant be connected to internet and that, given that fact, there is a riskq that someone find a flaw and exploit it to destroy the power plant (the flaw exist, each and every system have at least one).

So, everything on the web 2.0 is now centralised, authentified and must be monitored becasue, you know, someone might destroy the world using it’s knowledge.

This is where we are now. The leaks about NSA aren’t new, we knew that – and assumes that was true – for a while (Echelon, Karnivor, stuff like that already leaked in public). There’s some computers who copy every kittens they foudn and store the packet if there’s no unicorn.

And, if there’s a unicorn, they keep it for a later use, when math will advance and makes all those unicorn suits vulnerable (believe me, this day will come, have a look over here if you want).

They also tortures kittens to have access to metadata (where the kitten where born, where it would have dies, at which time, does he have siblings, stuff like that).

Some governement tooks extra steps and shots kittens who embed unicrons on sight (that’s why we can disguise unicorn as a regular packet, that’s steganography).

Governement founds that this kittens torture business is good for them, they secretly deployed it and are using it since then, trying to sorts the good citizens from the bad ones.

Cryptoanarchy in the tubes

The thing about Internet being dead is just that. The old internet, decentralized, neutral, with cryptograpohy everywhere is now dead. Transit operators works with governement who tries to protect themselves from the citizens (instead of protecting the citizens).

Yes, you can use strong cryptography. You should do it. But it will be efficient until a certain point. As long as you crave for centralised services, the strong cryptography is useless – you just need to asks Facebook your lifestream to see that.

Yes, some organisation, and some people who are aware of those issues can use the strong encryption systems but, teh governements keeps those data, waiting for a breakthrough that would makes it useless and will grant the governement way of using what you then wrote against you.

Yes, some people still maintain strong crypto aware servcies for activists, and you should try to set some up. It will takes you time and money to get it done. Also, government will prosecute and intimidates you, trying to send you in jail for a long time.

So yes, the free and neutral internet is dying. We now have a neo feudal system that looks like internet. Yes, people with special needs are still able to use internet with huge cryptosystems. Unicorn haven’t disappearred and kittens do flow, but it’s still costly. And it’s a cost that few people will pay. And the wealth and interest of Internet lies in the user, their differences, the thing they share. If there’s no one on internet, then you have no internet.

And with the social stigma of not being on Facebook (for instance), it’s harder to have people using alternatives – and there’s plenty of good and functionnal alternatives out there.

So yes Barbayellow, the Internet has we knew it is dead. And yes, activists will be able to communicate more or less freely. But that’s not the point. Internet is dead because people won’t pay the necessary costs to be free.

Yes, I agreee, it’s a political struggle. You know me, we disagree on the means to fight this struggle, especially when you have to face economics giant and security fanatics hiding in secret part of the governement.

The only way to get back a free, neutral and decentralised internet is to implement accountability and transparency. It’s by destroying the centralisation memes and the cyberthreats one. It’s by destroying Secrecy and to enforce Privacy by default. But that’s not something cypehrpunks can solve, it’s smething citizens should implement.

And yes, I’ll fight until we have that. But Internet is dead.