Leveson Report

Saturday, 1 December 2012

I wrote this for openDemocracy.net -- a short reaction to the publication of the Leveson report into press standards in the UK:

It is looking right now like the crux of the Leveson report is going to be ignored. I can't see a situation where, if a draft bill is introduced into the House of Commons, statutory underpinning of a new regulator will gain majority support (though it could be a close call). Personally I am quite relieved the government is showing reluctance to bring in new legislation, as I am anxious about any direct government involvement in regulating the profession, even if that involvement would be at a distance. I share the concern expressed by legendary Watergate reporter Carl Bernstein, who told Channel 4 News during an interview last night that he thought any drastic new measures would "come back and bite British democracy in the ass."

Throughout the phone hacking scandal and the many moving witness testimonies during the Leveson inquiry, what struck me repeatedly was how in so many cases the actions of (mostly tabloid) reporters constituted violations of criminal or civil laws already in place. It is not clear to me how bringing in new legislation would address that problem, which was ultimately fuelled by a toxic, morally bankrupt web of corruption involving not only journalists but the police. Definitely there needs to be much stronger regulation and accountability of the press, but that regulation must be fully independent just as existing law needs to be vigorously enforced to prosecute those who cross the line.

I would also say that I don't think there has been enough focus or discussion on the importance of journalism training in all of this. I studied journalism, and the first proper writing course I ever went on was at the age of 18 (about nine years ago). I will never forget one of my tutors, a tabloid freelancer based on Scotland's east coast. He was a vile man, who would spend his classes spluttering drivel about how we should always carry a camera in order to capture secretive snapshots of celebrities in vulnerable situations and such like. His blasé attitude and complete failure to grasp the concept of dignity had a profound impact on me at that impressionable age: it put me off pursuing journalism as a career for a couple of years.

It took me a while to learn for myself that the tutor in question was a bad egg, and that there is a place, a much needed place, for decency and conscience in journalism. That is why I think if the Leveson report can achieve anything it will be to make tabloid practices like those espoused by my former tutor so taboo and shameful that young journalists coming into the profession today will be taught to shun them as a matter of basic instinct. We do need a culture shift in journalism, the slate needs to be wiped clean, and education is a good place to start. I don't expect that any great sea change will happen organically like magic; action will be needed. My hope is that universities, schools, colleges and organisations like the National Council for the Training of Journalists will be ready to take up the challenge.

Surveillance and Human Rights? Teliasonera's Business Model

Friday, 16 November 2012

Back in April I reported at Slate on how a Swedish telecommunications firm was linked to spy agencies in Azerbaijan, Kazakhstan, Uzbekistan, Tajikistan, and Georgia, facilitating crackdowns on dissident politicians and independent journalists.

Teliasonera, headquartered in Stockholm, was uncovered by a brilliant team of Swedish reporters to have allowed “black box” probes to be fitted within their telecommunications networks, which enabled security services and police to monitor, in real-time, all communications passing through, including texts, internet traffic and phone calls. The mass surveillance had reportedly been used in several instances, without any judicial oversight, to help track down protesters and political opponents.

The company came under huge criticism and pressure following the report, and subsequently issued a statement saying that it was launching "an action programme for handling issues related to protection of privacy and freedom of expression in non-democratic countries."

I noticed yesterday Teliasonera published a post on its website covering a recent conference it participated in about internet governance, held in Azerbaijan. It's quite interesting to see, for a company that was accused of such serious complicity in the most grave of human rights abuses, how Teliasonera is now presenting itself:

For Teliasonera, of course, providing access to telecommunications including the internet is the business model. This business model includes freedom of expression, so that our subscribers can communicate, and protection of privacy, so that our users feel trust in our services. [...]

Human rights are an area which is constantly evolving, and any measures against individuals must be based on the rule of law. Companies need to abide by local legislation whilst respecting human rights.

These two aspects show, that telecoms and human rights at times are in conflict and require difficult tradeoffs, both democratic and economic terms. This means working out and establishing processes based on firm principles. The way forward is not easy, the challenges must be met jointly by the industry, and national as well as international organizations...

It's a positive sign that Teliasonera is recognising that telecommunications companies need to respect human rights, and that a company providing access to telecommunications must respect freedom of expression and protect privacy. But what I would like to hear more about is the action Teliasonera has taken to put these principles into practice. I would be interested to hear from citizens in countries such as Azerbaijan, Kazakhstan, and Uzbekistan about whether or not there are still situations in which they find themselves called in for interrogations after saying things critical about the ruling government on a phone call or in an email or text message.

I can't imagine that Teliasonera has had much success trying to convince secret police in Azerbaijan, for instance, that they should start respecting privacy and stop using the "black boxes" to sift through emails and identify dissidents. Ultimately, if Teliasonera is still operating in these countries, then on some level it seems realistic to suggest that it will remain complicit in human rights violations — violations that will almost inevitably occur as a result of authoritarian governments abusing the power that they hold to spy on people.

At the internet governance conference I mentioned above, Neelie Kroes, the vice president of the European Commission, gave a stern speech in which she condemned Azerbaijan's human rights record: "In this very country, we see many arbitrary restrictions on the media," she said. "And we see activists spied on online, violating the privacy of journalists and their sources." What happened after Kroes speech was telling and indicative of the scale of the problem in a country like Azerbaijan: members of her team had their computers reportedly hacked. "I'm presuming it was some kind of surveillance," one said.

[To reiterate: I'd be keen to hear from any activists, journalists, telecom engineers, politicians, anyone in this region with more information about the current state of surveillance in the former Soviet Republics. Info on Teliasonera's continuing role would be especially welcome.]

UPDATE, 17.11.12: A kind gentleman has emailed me a link (.doc) to a very interesting full transcript of a meeting at the recent internet governance conference in Azerbaijan, which representatives from Teliasonera participated in.

Here are some notable snippets from speakers who identified themselves as representatives of Teliasonera or its subsidiary in Azerbaijan, Azercell (emphasis added):

...as a telecom company we do not participate in the decisions on proportionality between national security and human rights. That's something which is done by legislator and authorities.

and:

...the frequencies in this country [Azerbaijan] have been owned by the government, and we just lease them, so we just own the infrastructure, and the lease for those contracts are like for 20, 25 years, we lease the frequencies from the country, and then those -- and the government has the right to interfere in accordance with the different legislations, so whenever those defined cases are, they can take the information even without the notification to the company in accordance with the whole legislation so whatever Teliasonora operate in the local market they do operate in accordance with the legislation.

and:
...because the frequencies have been owned by the government, we don't even have to have this [secret "black box"] room or whatsoever. Because it is the property of the government.

The Teliasonera representatives also said that the company is trying to improve transparency in relation to its human rights efforts by publishing information on its website, and is working to "improve processes when it comes to government demands" such as by "maybe seeking judicial review."

I had a quick scan through one of the key documents over at teliasonera.com, which is supposed to be an overview of Teliasonera's "action programme" related to telecommunications and human rights. One of the most striking passages, in a document (.pdf) headed "Freedom of expression and privacy – the international framework," is as follows (emphasis added):

The requirements generally imposed on a telecoms operator that are sensitive from the point of view of rights and freedoms are those allowing the police and national security services to intercept and monitor telecommunications traffic in secret, or to gain access to information on subscribers and historical information on telecommunications traffic and on the location of mobile phones. There may also be requirements to shut down all or part of a telecommunications network, block individual messages and block specific websites on the Internet.

One aspect that national regulations have in common is that the telecoms operators do not participate in public authorities' decisions to take a particular action. Local laws sometimes require decisions to be made by a court or by an individual public authority. The choice of decision-making body may be influenced by the nature or severity of the threat and how time-critical the measures are. One recurring feature of national regulations is that details concerning public authorities' decisions, requirements and work in these areas are strictly confidential and telecoms operators are not given any information on why a particular measure is to be adopted.

What these snippets illustrate is the deeply conflicted position Teliasonera has put itself in by doing business in countries such as Azerbaijan. The company says that it is committed to protecting human rights, freedom of expression and privacy, and yet in the same breath admits that it must adhere to "local laws" in these authoritarian countries and in some cases has no say in decisions about "proportionality between national security and human rights." It is definitely a good sign that Teliasonera has at least recognised that it must do more to address these problems, as I mentioned above. But any telecom company that chooses to continue operating in countries where crackdowns on activists and journalists are rife at the present time is still on some level taking a decision to put financial considerations first, while implicitly turning a blind eye to ongoing human rights violations facilitated with communications surveillance.

The Rise of Public Relations and The Great Wall of Obfuscation

It's a well established fact that the growing public relations industry is having a profound impact on journalism today. Last month I was reading about how global PR revenues are amounting to $10bn a year, and in the United States it is estimated that the ratio of American PR professionals to journalists grew from 1.2-1 in 1980 to 4-1 in 2010.

What this means in reality is not only that journalists are ceaselessly bombarded by a near-constant flow of emailed press releases. It has also contributed towards something far more damaging to the profession. That is, how public relations representatives and press officers increasingly function as a barrier or buffer between the journalist and the information he (or she) wants to obtain. They often seem trained to engage in evasiveness, less interested in helping reporters reveal information than they are in protecting the reputation of the organisation which pays their salary.

I'll cite a few routine examples just to illustrate the sort of thing I'm talking about.

1. I have been chasing a well-known US technology company for more than two months about an important story I have been working on concerning surveillance, and so far I have been passed between two separate public relations teams. Both have evaded answering my direct questions and declined to put me in direct contact with the people at the company I need to speak to. Why? "It's complicated," I have been repeatedly told.

2. Government organisations are just as bad. Only last week I discovered that the European Commission, the EU's executive body, has a rule in place that bars its officials from talking directly to any journalists. Any contact, one official told me, has to be approved by the press office, which functions as a sort of overlord, sanctioning any comments before they are released.

3. While pursuing a story last year about Bradley Manning, the US soldier accused of leaking US government documents to WikiLeaks, I contacted a police detective in Wales who I understood had some involvement in the Manning case. Manning is a joint UK-US citizen because his mother is Welsh and lives in Wales, and I wanted to find out more information about claims the Welsh force had assisted the FBI to search his mother's house. The detective refused point blank to speak with me when I called her on the phone; she sounded offended that I had even attempted to ask her a question directly and hung up on me seconds after I introduced myself. The press officer for the force swiftly emailed me a reprimand: "In future if you have a media query please observe the correct protocol and contact the press office and do not approach individual officers directly." I fired back: "Not every public body – police force, council, government office etc. – has a set in stone 'protocol' that must be blindly adhered to and never breached. May I remind you that it is not a against any law for a journalist to approach a police officer to ask for background comment."

The cold and arbitrary bureaucracy of it can be extremely frustrating. On some occasions, press officers can be helpful: assisting you by pointing out relevant information, or by arranging interviews with officials. But in other (most) cases there is no doubt that they function as corporate-style risk managers ready to erect a Great Wall of Obfuscation the moment they get a whiff of a controversial headline.

This also has a bearing on the UK's Freedom of Information Act, which is used to obtain information from public bodies. Specifically, take how London's Metropolitan Police has admitted handling Freedom of Information requests. FOI requests, according to the UK's Information Commissioner, are supposed to be "applicant and motive blind" because "it is about disclosure to the public, and public interests. It is not about specified individuals or private interests." The Met's policy, revealed during a government consultation on FOI law in February, contravenes the commissioner's principle because journalists' requests are treated differently and have to be pre-approved for release by the press office.

One thing I am glad to see is that the UK's Society of Editors appears to have recognised the impact all of this is having. On Monday in Belfast the Society hosted a discussion on the topic, described as follows:

Members of the public have a right to know, but journalists are finding it increasingly difficult to get answers to the simplest of questions on their behalf. A creeping control culture means that face-to-face contact, and even telephone calls being replaced by carefully managed email exchanges. De-humanised, sterile, and obstructive, this trend poses a serious threat to journalism and genuine transparency – at all levels.

It is definitley a threat – but I'm not sure how journalists collectively can respond. As the public relations industry grows, in stark contrast, journalism is struggling to survive. There are less and less publications out there able to invest in time-consuming, laborious investigative reporting, which is hugely detrimental to society and to the health of democracy.

One solution might be for the government to create a kind of investigative journalism fund to help reporters and media outlets finance important investigative projects. This has been supported by a House of Lords committee – but is probably unlikely to come to fruition at least in the near future due to the wider economic crisis. Yet it's not as if public funding for investigative reporting isn't financially viable, even in the grip of a recession. Recently, the government wasted an estimated £40 million on a botched rail contract. Yes, £40 million. Even a fraction of that amount could have funded valuable muckraking projects and helped to push back against the polluting culture of public relations.

Surveillance, Britain's Secret Agencies, and Drowning in Data

Thursday, 25 October 2012

I was speaking to someone today about this, and it occurred to me that it is a piece of information that is not widely known but should be.

Every year in Britain, there is an official report that comes out detailing the activities of the UK's spy agencies — MI5, MI6 and GCHQ. It is authored by a group of politicians who function as a kind of oversight authority, under the name the Intelligence and Security Committee.

In this year's report, published in July, I noticed a section of particular interest in light of new proposals for more surveillance powers in the UK. The second paragraph is what is important here — it is a comment made by Jonathan Evans, chief of domestic security agency MI5.

The Security Service is undertaking a number of major projects covering estates, business continuity, core IT systems and improving its digital investigative capabilities. A notable success during the reporting period was the completion of the Digital Intelligence (DIGINT) programme, which aimed to improve systems for the collection and analysis of intelligence material gathered electronically. The Director General explained:

"One of the things that really drove us on the investment of DIGINT was a discussion where the relevant directors explained that actually, of all the material that we’ve caught, over half was not being processed. Now, as an intelligence organisation, that’s a nightmare. I mean, quite frankly, I would rather not have the intelligence at all and miss something than have the intelligence and not actually having processed it… We have made real progress on that, and I’m very proud on DIGINT." (Emphasis added)

What this comment suggests, for the sake of clarity, is that the UK's spy agencies in recent years have been mining and storing quantities of electronic data — or "digital intelligence" — so large that they have not been able to analyse it. The data, most of it I would expect is mined from the internet, has probably been gathered and then left to sit and gather digital dust in a secret storeroom somewhere. The claim from Evans in the above quote is that MI5 has worked to address the problem as part of a new programme, which presumably involves a great deal of automated analysis. But the statement also illustrates how new surveillance powers currently being proposed in the UK could pose problems for the UK if the security services are already near a point where they are drowning in data.

There tends to be two main schools of thought within the intelligence community. Some believe that targeted surveillance of specific individuals and groups is the best method, because it provides information that can be dissected and acted upon fairly quickly by human analysts. The other school of thought, and the one which seems to be prevailing, is that a kind of dragnet surveillance is superior. What this entails is gathering huge quantities of data based on key words, locations, phrases, and then mining through it to find anything useful. From a rights and civil liberties perspective, targeted surveillance is clearly more attractive because it is likely to involve much less intrusion of innocent individuals' communications. But rights and civil liberties do not appear to be high on the agenda at our secret agencies, and so what we get is something closer to the dragnet option.

I should add that surveillance in the UK is not without regulation. To intercept domestic communications, police and security services require ministerial authorisation, and must show that any interception is in the interests of national security, safeguarding economic well being, or to prevent and detect serious crime. That said, these justifications are fairly broad, and there were 2,911 interception warrants granted in 2011 — but any one warrant can cover countless individuals, so we actually have little idea how many people had their communications snooped on. (Also, to monitor content posted on social networks and other "open source" websites, there are no laws or restrictions at all. So websites like Facebook, Twitter and Foursquare are all fair game for the likes of MI5's "DIGINT" team to gather data from.)

Groupthink in Illinois

Monday, 22 October 2012

In May 2003, shortly after the invasion of Iraq, the writer and journalist Chris Hedges was invited to give a speech at a graduation ceremony at Rockford College in the US state of Illinois. Hedges, a Pulitzer Prize winner who was at that time a reporter for the New York Times, used the occasion to share his assessment of the invasion and the implications of it. The reaction he received was nothing short of extraordinary. He was booed and subjected to a volley of abuse as people turned their backs on him in protest.

I had never heard about the incident until I was reading up about Hedges the other day. I managed to find a video recording of it (links below), and the footage is quite jawdropping — something I think future generations will be able to look back at in order to study the violent, jingoistic climate that polluted sections of American society following the terror attacks on New York in September, 2001.

Hedges' comments were not actually that controversial — it's just that they deviated from the kind of tub-thumping groupthink that dominated mainstream discourse particularly in the lead up to, and in the immediate aftermath of, the Iraq invasion. His speech was a prophetic, critical analysis of what the invasion, in his view, would lead to. He warned the crowd of Americans, young and old, that "we are embarking on an occupation that if history is any guide will be as damaging to our souls as it will be to our prestige and power and security." He said: "we have blundered into a nation we know little about, are caught between bitter rivalries and competing groups and leaders we do not understand," adding:

We are trying to transplant a modern system of politics invented in Europe — characterised among other things by the division of the Earth into the independent secular states based on national citizenship — in a land where the belief in a secular civil government is an alien creed. Iraq was a cesspool for the British when they occupied it in 1917. It will be a cesspool for us as well.
Within about two minutes Hedges was getting booed. People in the audience began shouting things like "moron" at him, and eventually large sections of the crowd stood up and turned their backs. The microphone plug was pulled on a couple of occasions, with a member of the college's staff having to step in to ask that people please give Hedges time to speak. He eventually managed to finish, but not before one or two people attempted to rush the stage as others shouted things like "USA! USA! USA!", "God bless America", and "get him off the stage!"

Astonishingly, in the days after the incident, the president of the college, Paul Pribbenow, issued an apology to the students (not to Hedges). He circulated a letter telling them that: "Unfortunately, our commencement address this past Saturday did not focus on your educational accomplishments and the challenges you will meet in the future ... Our speaker presented his ideas in a style that suggested the day was about him and not you. For this, I am very sorry." And Hedges' then-employer, the New York Times, accused him of breaching its "ethics code" because he had "engaged in public discourse concerning his political or personal views." (He ended up leaving the newspaper, largely due to the critical position he took on Iraq. Ironically, in 2004, the Times published an apology for its Iraq coverage, telling readers that some of its reporting on the threats allegedly posed by Iraq, used to justify the invasion, had been "insufficiently qualified or allowed to stand unchallenged ... we wish we had been more aggressive in re-examining the claims as new evidence emerged — or failed to emerge.")

Though the college's president told his students that Hedges' speech on that day was about "him and not you" and had no bearing on the "challenges you will meet in the future," saying so was myopic and wrong. Granted, the speech was hardly an uplifting one for a graduation day. But it was hardly a self-interested rant. It was clear to me that Hedges was attempting to communicate something meaningful and important to the students about the dark turn the US was taking into dangerous and tumultuous territory — which had a direct bearing on their future as young American graduates.

Despite the booing, the jeering, the back-turning and the microphone unplugging, most of what Hedges said on that day has turned out to be accurate. I reported earlier this year that the attempt to transplant a western-style democracy in Iraq has led to sectarian divisions, heightened violence and corruption — not to mention an appalling death toll of more than 100,000 civilian dead. Like Hedges predicted, Iraq did become a "cesspool" for the US and the allied forces, which is ultimately why Barack Obama's administration was forced to pull out last December. It has not brought peace to the region, and nor has it lessened the threat of terrorism or led to a world that is more stable and secure.

When it emerged that the case for the invasion of Iraq had been built on disinformation, I wonder what those people who turned their backs on Hedges thought about. When they read that an estimated 35,000 civilians died in the first three months, along with countless young American soldiers, I wonder if they regretted their actions. And I wonder if almost a decade on since the invasion they would today listen to Hedges' analysis and still decry him as a "moron." I doubt it.

Watch/read the speech here: part one; part two; part three; part four; transcript.

State Secrets Culture and Warrantless Wiretapping

Sunday, 30 September 2012

In the days following 11 September 2001, many things changed in the United States. The terrorist attacks that took place on that day quickly prompted tightened security and, crucially, heightened use of surveillance tactics.

It is now well documented how eavesdropping agency the National Security Agency (NSA) was given unprecedented authority to intercept communications flowing to and from the country after 9/11. As the New York Times reported in its 2005 exposé: "The international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible 'dirty numbers' linked to al Qaeda."

This revelation led to a lawsuit (Jewel v. National Security Agency) which alleged the US government was engaged in "the biggest fishing expedition ever devised, scanning millions of ordinary Americans' phone calls and emails for 'suspicious' patterns." The lawsuit was originally dismissed back in 2010 on the grounds that it didn't sufficiently allege "personal injury" was caused by the warrantless snooping. However, this decision was later reversed and now an appeals court is taking another look at the case.

As it has done previously, the US government is asserting its state secrets privilege as part of an attempt to stop the case moving forward. In a motion to dismiss submitted to the appeals court earlier this month, the government said that invoking the privilege was necessary "in order to prevent exceptionally grave damage to national security." It denied the allegation that it had "indiscriminately collected the content of millions of communications sent or received by people inside the United States." But added that it could not prove this before a court because doing so would "risk or require the disclosure of highly classified NSA intelligence sources and methods."

Such claims from the NSA are not new. The agency has a track record of arguing it is entitled to avoid public scrutiny because doing so would pose some sort of grand danger. Back in 1998, for instance, the agency admitted it had spied on Princess Diana and was holding more than a thousand pages of documents in a "Diana file." But the NSA declined to disclose the information held about the Princess because it would reveal — you guessed it — "sources and methods."

The problem with the NSA's position is that it is questionable. The NSA seems to think that disclosing even the slightest detail about what it is doing would aid people who are engaged in plotting against the US. But organised terror groups or oppositional foreign government agents will already presume that every phone call they make and email they send can be intercepted by agencies like the NSA. And besides this, many of the NSA's clandestine methods can be learned by anyone with access to Google because of details made public by whistleblowers. A sworn 2006 declaration by a former engineer for the AT&T telecom firm, for example, stated the NSA was routing AT&T communications through a secret "secure room" where they could be intercepted. This, a former NSA employee said earlier this year in his own sworn declaration, involved the use of a "Semantic Traffic Analyser," which would allow the NSA to mine "addresses, locations, countries, and phone numbers, as well as watch-listed names, keywords, and phrases" from within the data flowing through communication networks.

So given that such detailed information is already in the public domain about the NSA's snooping activities, the "sources and methods" justification for secrecy seems at best naive, at worst disingenuous.

The knee-jerk reaction of governments and groups with power is often to resort to secrecy in order to avoid controversy, to protect reputations, and to ultimately avoid accountability. That's why the use of state secrets to protect the NSA's wiretapping program from public scrutiny in a court looks suspect — particularly as the US government has form abusing official secrecy to conceal scandals.

As was revealed by the British politician David Davis during an astonishing speech in the UK parliament in March this year, the very same state secrets privilege currently being put forward to protect the NSA from court was previously used as part of an extraordinary cover-up involving US intelligence agencies (including the NSA).

In the late 1990s, as part of a covert effort called Operation Foxden, the FBI, the NSA and the US Central Intelligence Agency (CIA) were working with three businessmen — one Afghan-American citizen, two British — to introduce telecommunications infrastructure into Afghanistan. They planned to rig it with extra circuits in order to listen live to every landline and mobile phone call across the whole of the country. But there was a turf war between the three US agencies, which led to Operation Foxden being delayed some 20 months. It is believed, had it been introduced earlier, it may have helped gather intelligence about the 9/11 terror plot — possibly preventing it from ever happening.

The businessmen involved in helping set up the Afghan network later had a dispute over money, which in 2002 ended up being taken to a court in New York. A year later, the case was suddenly shut down by a judge who cited the state secrets privilege. It turned out that the two British men involved in the deal — Stuart Bentham and Michael Cecil — were being defrauded by the Afghan-American, Ehsanollah Bayat. But they were not allowed to have their case heard in court because the US government did not want its secrets laid bare — in this case showing that a dispute between the intelligence agencies had delayed a massive spy project that might have helped prevent a catastrophic terrorist attack.

Last year, a Vanity Fair writer found out some details about Operation Foxden and approached the CIA for comment about it. Surprisingly, given the previous iron-fisted attempt to keep the story secret and out of courts, the CIA made no attempt to suppress Vanity Fair's report. Why? According to a US source quoted by David Davis in his speech to the British parliament on the subject: "Ten years have passed since 9/11, and the culpable people have moved on, so it’s no longer embarrassing."

The short remark was as shocking as it was revealing. As Davis noted:
This demonstrates only too clearly that although the aim of the American state secrets privilege is to protect national security, in practice it is often used to eliminate embarrassment — political, bureaucratic, organisational or individual embarrassment at past failures ... It also shows how giving a government agency an absolute right to secrecy encourages bad behaviour. The American agencies could easily have stopped the defrauding of British citizens without the matter going to court, given their enormous leverage in the matter. Instead, they chose to suppress justice.

Could the current attempt to stop the case against the NSA over the domestic surveillance programme be a similar bid to "suppress justice" and protect reputations? It is not a far-fetched possibility. One key figure in the warrantless wiretapping saga has even openly gloated about how he is pleased state secrets privilege is being used to shield him. General Michael Hayden, who was the director of the NSA between 1999 and 2005, said with a smirk a few weeks ago that he was "personally grateful to Obama for using the state secrets argument to stop some of these court proceedings — because I am personally named in some of these courts."

Perhaps most alarming, though, is the bigger picture at play here. When any democratic government repeatedly resorts to secrecy to protect the disclosure of information the public has a right to know, it has lost its way. It is broken, existentially fractured. In my own experience as a journalist, the US has a stronger culture of freedom of information than the UK does, but at the highest echelons of power there remains a definite absence of transparency and accountability. The ongoing surveillance case, and the aggressive bid to suppress it, is only the latest example.

Ex-US Spy Chief On Surveillance, Rendition, and Targeted Killings

Sunday, 9 September 2012

Secret black sites, illegal surveillance of American citizens' communications, waterboarding — General Michael Hayden overseen it all, and he doesn't have a single regret.

Between 1999–2005 Hayden was director of US eavesdropping agency the NSA, and between 2006-2009 he was director of US spy agency the CIA. He served under the presidencies of Bill Clinton, George W. Bush, and Barack Obama.

On Friday, Hayden, who is now retired, gave a speech at the Gerald R. Ford School of Public Policy in the state of Michigan. Over the course of about 60 minutes, he reflected at length on everything from extrajudicial killings of suspected terrorists to extraordinary renditions (or kidnapping) of suspected al-Qaeda members. It was an unapologetic speech that occasionally verged into sociopathic territory. It was also, at times, revelatory.

Here are a few highlights:

  • Approximately two hours after the first terror attack on New York in September 2001, Hayden used his authority as chief of the NSA to "dial things up" and get more "aggressive" with communications interception. This prompted a colleague at the CIA to tell him, jokingly, that he was "going to jail," and in turn led President George W. Bush to authorise the domestic wiretapping program that permitted the NSA to spy on emails and phone calls of Americans without a warrant.
  • Hayden is "personally grateful" to President Barack Obama for protecting him from being held to account in a court of law by invoking state secrets privilege.
  • A 2008 amendment to the Foreign Intelligence and Surveillance Act "legitimated" everything president Bush had authorised the NSA to do regarding the domestic wiretapping of communications and "gave the NSA a great deal more authority to do these kinds of things."
  • Hayden says there has been "powerful continuity" between the counter-terror tactics used by President Bush and President Obama, including on extraordinary rendition. However, he said one area of discontinuity is that Obama has a preference for killing terror suspects as opposed to capturing them — because it is now considered "so politically dangerous and so legally difficult" to capture.
  • On 11 September 2001, the day of the Twin Towers attacks, Hayden explained how he stood behind blacked out curtains at an NSA building in Washington and thought to himself, "things are going to be different around here tomorrow. We have entered into an entirely new era."

    Within about two hours of the first plane striking the first World Trade Center tower that morning, Hayden said he had used his authority to "dial things up a little bit" at the NSA in order to give the agency "a higher probability we would intercept those kind of messages that would tell us about the next attack." Hayden didn't elaborate exactly on what it means to "dial things up," but I think it's safe to assume it means intercepting a much larger volume of communications. (Hayden said that because he had "dialed things up" then-CIA director George Tenet a few days later joked to him that he was "going to jail" but President Bush and Vice-President Dick Cheney said it was alright because they would "bail him out.")

    In the weeks ahead, President Bush gave Hayden more powers. This led to the domestic wiretapping scandal revealed by the New York Times in 2005, which exposed how the NSA had been granted authority to spy on "the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible 'dirty numbers' linked to al Qaeda."

    But that was just the start. And despite the controversy around the domestic wiretapping exposed by the New York Times, as Hayden said in his speech, a 2008 amendment to the Foreign Intelligence and Surveillance Act "not only legitimated almost everything President Bush had told me to do under his article two authorities as commander in chief but in fact gave the NSA a great deal more authority to do these kinds of things."

    Aside from the surveillance, Hayden also overseen a variety of other ghoulish new tactics brought in amid the terror fears. There was the kidnapping, or extraordinary rendition, of suspects from one country to the other — often to countries where they were allegedly subject to torture, like Egypt and Libya. There was also the secret black sites — hidden prisons in locations such as Poland and Thailand — where terror suspects were subjected to a variety of so-called 'enhanced interrogation techniques' like waterboarding, which makes a person feel like they are drowning. Not to mention the Guantanamo Bay prison, the indefinate detention of accused terrorists, and the birth of remote-controlled drone strikes as a method of 'targeted killing' or extrajudicial assassination — however you want to term it.

    None of this Hayden has any reservations about. In his speech he explained it was all about how America had to "take the fight to the enemy" wherever he (or she) may be. He even recounted a meeting in Germany during the spring of 2007, where he gave a speech to a room of about two dozen people including representatives from every country in the European Union. He spoke about extraordinary rendition and America's tactics in the War on Terror. Not one person present in the room, he said, agreed with any of the justifications he gave for the use of such tactics. But this didn't dissuade him. His essential position could be summarised as, "how could we possibly be wrong?" Perhaps a mindset that can be attributed to American exceptionalism, the belief that the US has a unique mission in the world to spread its ideals.

    Hayden was evidently not preoccupied at all with minor irritations like human rights obligations and international law. Rather, he explained how his main concern was in early 2009, when Barack Obama was sworn in to the White House. He was worried that Obama, a Democrat who had voiced strong criticism of George W. Bush's counter-terror policies, might seek to scale back efforts in the War on Terror. Hayden had at this point moved to the CIA, where he was director. But his fears about Obama being a soft touch were quickly alleviated.

    Obama continued almost all of Bush's policies, Hayden explained, because he realised "we are at war" with al-Qaeda and its affiliates. In the end, there was a "powerful continuity" between Bush and Obama, Hayden said.

    "Targeted killings have continued, in fact if you look at the statistics targeted killings have increased under Obama" ... "renditions, that's the extrajudicial movement of suspected terrorists from place A to place B — our policy is the same under President Obama as it was under President Bush and President Clinton."

    He went on: Obama "didn't shut Guantanamo" and he also took the same position as Bush on "indefinite detention and state secrets" ... "I am personally grateful to Obama for using the state secrets argument to stop some of these court proceedings — because I am personally named in some of these courts."

    Perhaps most revealing, the one discontinuity between Bush and Obama from a counter-terror perspective, Hayden said, was (and is) the difference between the presidents when it comes to killing or capturing terror suspects. Under Bush many suspected insurgents were captured, incarcerated and interrogated. Under Obama, according to Hayden, just one person has been held outside of Iraq and Afghanistan since January 2009. Obama has been accused of preferring to kill than capture, though this is something he has denied. He said in a recent interview that "our preference has always been to capture when we can because we can gather intelligence" but that it’s sometimes "very difficult to capture them."

    According to Hayden, however, the kill rather than capture policy is a political decision.

    "We have made it so politically dangerous and so legally difficult that we don't capture anyone anymore. We take another option. We kill them," he said. And in a thinly veiled criticism of Obama's aggressive killing policy, Hayden added: "We're losing the opportunity to interrogate and to learn about our enemy."

    When you weigh up Hayden's comments, the essence of what he is saying is quite extraordinary. This is a man who openly admits has has no qualms whatsoever about some of the most brutal and contentious tactics that have been used by the United States over the last decade or so. The wiretapping, the renditions that contravene international law, the interrogation techniques widely considered to constitute torture, the extrajudicial killings in countries like Pakistan, Yemen and Somalia, where there has been no formal declaration of war. And here he is applauding Barack Obama, a president elected on a platform oppositional to many of these tactics, for keeping up a "powerful continuity." In fact, his only criticism of Obama is that he is doing too much killing.

    The other thing that struck me about Hayden in this speech was his general demenour. The way he was making quips and smirking about how he was thankful Obama was protecting him from being held to account in American courts over the actions of the agencies he was in charge of. There was an arrogance about his comments, an air of impunity. Hayden came off as a man with an almost sociopathic disdain for the basic rule of law.

    His justification for the controversial tactics was simple: al-Qaeda and its affiliates constitute a "new threat to old institutions." Terror groups have no regard for laws like the Geneva Convention and blur the distinction between civilian and combatant. Therefore, and this is the core logic underpinning Hayden's remarks, America's security apparatus has to do the same. It has to evolve (or, rather, regress) and "take the fight to the enemy" using whatever means necessary.

    The problem is that there is no conclusive evidence anywhere to suggest that this is a successful method of combating the threat in the first place. Killing people and indefinitely detaining them, implementing secret systems of mass surveillance — these are things that have lowered America's standing in the world. If you flout the rule of law, if you sink to a level of legal nihilism, you immediately lose the moral high-ground. You also make more enemies than friends. As we are seeing with US drone strikes in Yemen, where many civilians have been killed by American missiles, the US may only be inspiring a new generation of Jihadists by spreading fear across entire regions of countries while pursuing small handfuls of men who have been deemed a threat through a process that is itself contentious and conceivably highly flawed. Hayden seems convinced that what he presided over at the NSA and CIA was right, just, and absolutley necessary to protect America. But he has not won the argument and I don't think he ever will.

    He told the audience at one point that they, as Americans, in reference to the CIA, were "blessed as a people with the talent and the morality of the folks who are in your chief espionage service." I couldn't help recall at this point the case of a Muslim cleric known as Abu Omar. He was accused of plotting terrorism and snatched by CIA agents from a street in Milan, Italy in broad daylight on 17 February, 2003. Omar was taken to Egypt where he was imprisoned in Tura, 20 miles south of Cairo, and handed over to Egyptian security services. He said he was twice raped, suffered electroshock treatment and lost the hearing in his left ear due to repeated beatings. He was eventually released by the Egyptian government in 2007, after a state security court ruled that his detention was unfounded. There are many cases similar to this. All of them call into question the morality of those involved, and that includes General Michael Hayden and the staff he commanded.

    Encroaching Constant Surveillance 'Scares' Senior Clinton Adviser

    Tuesday, 4 September 2012

    Some interesting remarks were made last week by Alec Ross, a senior adviser to US secretary of state Hillary Clinton. In an interview aired Thursday on C-SPAN, Ross spent a few minutes dealing with some of the big questions around surveillance technologies, control, and the Internet.

    Ross acknowledged the incremental advance of "near constant surveillance" was something that personally "scares" him. He also claimed the US restricts the sale of technologies that can be used "to oppress people in countries where we have sanctions," though admitted that stopping repressive nations getting their hands on surveillance tools was difficult: "There are a lot of vendors out there now... we can restrict the sale of exports from American companies... But then they [oppressive governments] are able to turn around and buy it from another country."

    He went on to add that a fundamental problem is that the surveillance industry has become a multi-billion dollar industry: "It's a very remunerative environment... Whenever you've got that much money at play, there are going to be people who are trying to make the money."

    Here's a transcript (plus audio):

    I think that as networking technologies become increasingly powerful and increasingly ubiquitous, their ability to oppress a people also grows. You know, you can't take a utopian view of the Internet and of network technologies. In fact, a government with malignant intent can bend these networks to infiltrate, monitor and manipulate what's happening there, and to surveil its citizens.

    This is something that, let me be blunt, it really scares me. I've got a five year old, a seven year old, and a nine year old, and the world that they grow up in is going to be a very different one that the world that I did, in terms of hyper-transparency and in terms of near constant surveillance.

    The responsibility of the State Department - there are a couple of things. First of all we restrict the sale of technologies which can be used to oppress people in countries where we have sanctions. In other cases there are export controls, where we can help inform the licensing of certain products and services.

    But in your question you made the right point. Certain of the use of these technologies are utterly benign. So the same thing which can be used to inspect a packet to determine whether people are organising a protest can also be used to reasonably filter out spam. So you've got to remember that the very same technologies that can be used for reasonable and benign purposes can also be used for malignant purposes.

    [What's an example of one of those technologies that might be restricted?]

    There are a variety of different technologies that governments - the Syrian government, the Iranian government, and others - have tried to access, either from the United States or from Europe. The problem is, just to be blunt, there are a lot of vendors out there now. You know, we can restrict the sale of exports from American companies. I'm really glad that the Europeans have joined us in similarly restricting sales of a lot of things from Europe, to certain of these oppressive environments. But then they are able to turn around and buy it from another country.

    You know, there are not two or three or four companies out there selling gear. And it's a very remunerative environment. I mean there are countries around the world who are spending billions - tens of billions of dollars – to try to monitor its information environment. Whenever you've got that much money at play, there are going to be people who are trying to make the money. And so this has been a big problem.

    No doubt some people will be quick to call out Ross for his remarks. Why? Well, for starters, US technology used to monitor and censor the Internet has made it into the hands of despots despite US trade embargoes. Several US companies also participate in ISS World, a series of international surveillance industry conferences organised by an American businessman, where governments from all corners of the globe come to purchase the latest spy tools and learn about new surveillance techniques. And the US itself is hardly a surveillance-free zone. Serious questions remain unanswered about a new National Security Agency data centre in Utah which it is alleged will intercept and store "complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital 'pocket litter'." Not to mention the role so-called 'Fusion Centres' play across the US, monitoring 'suspicious activity' and keeping tabs on social networks. I could go on...

    That said, Alec Ross is one of a tiny handful of political figures who appears to be clued up on the complex issues - political, moral, technological, legal - around surveillance and its rapid, incremental encroachment across the world. You will see few senior political figures in any country talking publicly on this topic as Ross does, and that in itself is worth something.

    Last year, for instance, I interviewed Jerry Lucas, the American who organises the ISS World surveillance conferences. During the interview, extracts from which were later published in an article for the Guardian, Lucas gave some freakishly blasé responses to my questions about surveillance tools being sold to repressive governments. He was dismissive of human rights concerns, compared mass surveillance tech to "cars and trucks," and said that "you can't stop the flow of surveillance equipment." Shortly after, Alec Ross issued a stern public condemnation of the businessman's comments, telling him he should "be more thoughtful about the consequences of his beliefs. With all due respect, Mr. Lucas, people are tortured + there can be life/death consequences to sales of these products."

    Of course, actions speak louder than words. More could certainly be done by legislators in the US to crack down on, and hold to account, companies exporting surveillance technology to places where it may be abused. And, as mentioned above, the US has its own serious, unresolved domestic issues regarding surveillance.

    However, at the very least it is somewhat reassuring to know that there is a senior adviser in the State Dept. who seems to have a grasp on the basic fact that there is a problem. In the UK that is far from the case, which is a cause for considerable concern. I can't name one senior British political figure - or an adviser to a senior figure - who has spoken out about the myriad problems heralded by the booming surveillance industry. Advisers in London could probably learn a thing or two from Ross by trying to engage with the subject in a public forum. But I won't be counting on that happening any time soon.

    Yemen: Drones, Death And Secrecy

    Saturday, 1 September 2012

    There have been a flurry of drone missile strikes conducted by the United States in Yemen over the the last week. Attacks on Tuesday, Wednesday and Friday resulted in up to 18 fatalities, according to London's Bureau of Investigative Journalism.

    The attack on Wednesday in particular caught my eye. It was reported that a vehicle was targeted while travelling on an inner city road in Hadramawt, eastern Yemen, killing five "suspected militants," the country's military officials said.

    However, Yemen's press were quick to report that among the dead were two civilians. One was a mosque caretaker and imam named Salim Ahmad Jaber, the other a police officer, Walid Abdullah bin Ali Jaber, according to details posted online by Yemini lawyer Haykal Bafana. Bafana wrote that the car was targeted as it was driving between houses, and the caretaker and policeman were in a house that was hit. Reuters reported local residents saying that "the car was struck by one of three missiles fired from a plane ... charred bodies were pulled from it afterwards." Pictures published by Yemeni news outlet Dammon purported to depict children playing in the mangled, burnt out and blackened remains of the car, a Suzuki Vitara.

    This strike stands out as an acute example of why drone attacks can be deeply problematic. In the immediate aftermath of Wednesday's attack it was widely reported that a number of suspected militants had been obliterated in a new drone strike. Yet it later transpired that among the "suspected militants" there may have been two civilians. The concern is that, seemingly by default, unnamed "military sources" have a tendency to promptly announce that "suspected insurgents" or "militants" were the victims in any given strike - but how can we know for sure? We can't, as Wednesday's incident illustrates, and that's why scepticism about claims made by anonymous military sources is always necessary.

    As is so often the case with drone strikes, it is almost impossible to confirm details for a number of reasons. 1) The bodies end up badly burnt and damaged, meaning identities of victims are hard to quickly establish; 2) the strikes can occur in dangerous and remote locations, in places where news outlets have a limited presence and facts are not forthcoming; and 3) the perpetrators of drone strikes in Yemen, the US CIA, conduct their actions and pick their targets behind a cloak of secrecy. (NB: Even the UK's Ministry of Defence has acknowledged there are "immense difficulty and risks" involved in verifying who has been hit in drone strikes. The MoD says it cannot tell exactly how many how many alleged insurgents it has killed using drones in Afghanistan.)

    So the situation in Yemen is as follows: US forces are covertly bombing people in a country where no formal war has been declared. We do not know (with any certainty) who they are bombing or the justification for each bombing. We do not know exactly how many civilians have been killed in the process (the BFIJ estimates it could be up to 151), or how the pilots who remotely fly the drones from thousands of miles away are held accountable for their sometimes catastrophic errors. This can also be said in other countries that are being subjected the America's covert drone attacks, such as Pakistan and Somalia.

    Drone attacks of this kind self-evidently raise profound legal, moral and ethical questions. Unfortunately, the US government presently appears to have very little interest in addressing them.

    *****

    Incidentally, I put up a short post here the other day about the psychological impact drone strikes conducted by the United States are apparently having on residents of Manzer Khel, a tribal village in North Waziristan, Pakistan. The same can be said of certain communities within Yemen. As a sheikh from Bayhan district in Shabwaare told the Economist in a piece out today: "People are afraid to go to weddings because, whenever large groups of men gather, they are afraid a drone will hit them." And Yemeni news outlet Dammon reported that prior to Wednesday's attack targeting the car in Hadramawt, US drones were spotted, instilling "panic among the citizens of the region."

    There could well be blowback. While the strikes are intended to take out terror suspects, by spreading fear among villages and in some cases killing civilians, they may only be serving to recruit greater numbers of terrorists to fight and plot against America and its allies. As the Yemeni lawyer Haykal Bafana wrote on Twitter back in May: "Dear Obama, when a US drone missile kills a child in Yemen, the father will go to war with you, guaranteed. Nothing to do with Al Qaeda."

    UPDATE 4.09.12: CNN is reporting that a fresh suspected US drone strike in Yemen has killed 13 civilians, including three women. A senior Yemeni Defense Ministry official is quoted as saying the target was "completely missed. It was a mistake". CNN says that families of the victims closed main roads and vowed to retaliate. Nasr Abdullah, an activist from the district where the attack took place, in the al-Baitha province, told CNN: "I would not be surprised if a hundred tribesmen joined the lines of al Qaeda as a result of the latest drone mistake."

    Hacking Team: Mass Surveillance Made In Milan

    Monday, 27 August 2012

    Of all the companies I have encountered while working on stories about surveillance technology used by police and governments, Italy's Hacking Team is one of the most intriguing.

    The Milan-based "offensive security" firm manufactures a kind of spy software, called "Remote Control Systems" (RCS), that infects computers and mobile phones in order to secretly siphon data.

    RCS is designed to covertly record emails, text messages, phone (or Skype) calls, GPS location, and take screenshots - before sending this information back to law enforcement agencies for inspection. It can be used to target almost any device or platform - Windows, OSX (operating system that runs on Mac computers), iOS (used by iPhones and iPads), Android, Blackberry, Symbian, Linux - and can infect a computer or phone by tricking a user into opening an fake document file.

    The technology is controversial, not least because Hacking Team boasts in its own marketing materials that it can be deployed "country-wide" to spy on the communications of more than 100,000 people simultaneously.

    Human rights groups say that it could, in the wrong hands, easily be abused to target activists, political opponents, or anyone else deemed a worthy target - and these concerns certainly appear to be well founded. As I reported for Slate last week, the first instance of Hacking Team's spyware being used for nefarious purposes has purportedly been found in Morocco, where a team of award-winning citizen journalists (and prominent critics of Morocco's government) were targeted with what security experts say they are certain is a version of Hacking Team's RCS spyware.

    Due to the secretive nature of Hacking Team's work, there is much we still don't know about where and how this technology is being deployed. However, in the months ahead, I fully expect that more details about countries using Hacking Team's technology will inevitably emerge.

    In the meantime, I've decided to share here a summary of the main issues and things I've discovered so far. The information comes from a combination of sources: primarily an interview I conducted with Hacking Team's co-founder David Vincenzetti in October 2011 (a portion of which appeared later in the Guardian), along with marketing materials and documents published in the WikiLeaks Spy Files in December. If you have information you would like to add - or if you have source material related to Hacking Team which has not yet entered the public domain - please contact me.

    Who uses Hacking Team's spy technology?

    Hacking Team refuses to divulge details about specific customers and/or countries it deals with. However, the company's co-founder told me in 2011 that it had sold the RCS spyware to "approximately 50 clients in 30 countries in all five continents" since 2004. The company's website says it only sells its software to governments and law enforcement agencies.

    What is Hacking Team's technology used for and why?

    Hacking Team says its spy software is necessary in a world where terrorists and other serious criminals are constantly crossing borders, using various devices to communicate while sometimes using encryption. RCS allows law enforcement agencies to bypass encryption by recording data before it becomes encrypted. It also allows them to monitor targets across borders and gives them access to data that they might otherwise find very hard to otherwise obtain, such as photographs or document files stored on hard disks.

    Most western democracies have laws governing the use of surveillance technology of this kind, and will use it only when they believe it necessary to detect or prevent serious criminal activity. The fear held by human rights groups is that Hacking Team's technology may have been sold to countries that do not have strict laws governing its use, which could mean that it is being abused to target, for instance, pro-democracy activists.

    The fact that Hacking Team openly advertises that its software can be used to spy on hundreds of thousands of people's communications is a particular cause for concern, as it is difficult to conceive of any situation where the mass interception of communications on this scale could be justified.

    (Note: A French company that in 2007 sold Gaddafi's Libyan regime surveillance technology, used to spy on dissidents, is currently facing a judicial probe for alleged complicity in crimes against humanity.)

    What is Hacking Team's position on potential human rights violations?

    In the words of David Vincenzetti: "We pay the utmost attention to whom we are selling the product to. Our investors have set up a legal committee whose goal is to promptly and continuously advise us on the status of each country we are talking to. The committee takes into account UN resolutions, international treaties, Human Rights Watch and Amnesty International recommendations."

    What kinds of communications can RCS record?

    The short answer is: everything. RCS has the capacity to record emails, Skype chats, instant messenger conversations, and text messages. It can log keystrokes (and passwords), mine documents from a hard drive, and steal private encryption keys. The software also has a function called "remote audio spy" which can be used to turn on a laptop or mobile phone's microphone, recording audio from a device without its user's knowledge.

    Won't anti-virus software pick up RCS?

    Hacking Team boasts that its spyware is "stealth" and "is totally invisible to the target. Our software bypasses protection systems such as antivirus, antispyware and personal firewalls."

    How much do governments and LEAs pay for Hacking Team's technology?

    According to David Vincenzetti: "RCS is a complex system and its price varies greatly depending on the number of targets to be monitored and the features included in it. RCS can be used for monitoring just a few targets (tactical use) or for monitoring targets 'country-wide', that is, hundreds of thousands of targets. Just to provide you with a very approximate price figure, I can tell you that a medium-sided installation might cost 600k euros." (€600,000 = £475,000 or $751,000.)

    Who are the people that work at Hacking Team?

    Hacking Team was founded in 2003 by self-described "serial entrepreneurs" David Vincenzetti and Valeriano Bedeschi. Valeriano and Vincenzetti say they have been working together in computer security for more than 20 years and Hacking Team is their fourth company. Their previous company was called Intesis srl, a software firm Vincenzetti describes "one of the most successful ventures in the Italian IT market." Since 2007 Hacking Team has had venture capital backing from two Italian funds: Innogest and Finlombarda.

    The company employs around 35 people, and as of August 2012 was recruiting a "Field Application Engineer" to "guide them [our customers] through the process of learning, testing and adopting our Solution." It added that prospective candidate must be "willing to travel all over the world!" (Screenshot, 27 August, 2012.)

    How does Hacking Team design its surveillance tools?

    An interesting insight into the type of software programming used by Hacking Team was offered by a job vacancy description posted on its website in 2012. Hacking Team said it was looking for a "hacker / developer" with knowledge of the following: "C++, Objective-C, some x86 or ARM Assembly, Ruby or Python, ActionScript or reversing skills. Design Patterns and Agile Programming are a must."

    In layman's terms, this means Hacking Team uses a series of programming languages used on different devices (Macs, PCs, mobile phones), and also works with code (Actionscript) primarily used with Adobe Flash Player. Many Trojan-style tools exploit security flaws in Adobe Flash Player to infect users with spyware.

    UPDATE I, 10 October 2012: A new report by Citizen Lab security researchers has found evidence suggesting Hacking Team's surveillance spyware was used to target a prominent activist in the United Arab Emirates. Similar to the tactic used against the Moroccan journalists (see above), an email was sent to the UAE activist that tricked him into downloading the spyware. The email claimed to be from "Arabic WikiLeaks" and included a link to an infected file purporting to be a .doc file named "veryimportant". Hacking Team has so far not issued comment. Read more details in my report for Slate, here.

    UPDATE II, 25 April 2013: In February, a detailed analysis by a researcher at Russia's Kaspersky Lab dissected Hacking Team's spy technology. Notably, the Kaspersky researcher claims to have found "about 50 incidents" in which Hacking Team's surveillance tool was used in countries including Italy, Mexico, Kazakhstan, Saudi Arabia, Turkey, Argentina, Algeria, Mali, Iran, India and Ethiopia. An updated Kaspersky analysis in April states that it has detected Hacking Team's technology in 37 countries. The highest number of attacks using the spy tool were found in Mexico, Italy, Vietnam and the United Arab Emirates. However, a small handful of attacks on users allegedly involving the Hacking Team technology were also detected in Iraq, Lebanon, Morocco, Panama, Tajikistan, India, Iran, Saudi Arabia, South Korea, Spain, Poland, Turkey, Argentina, Canada, Mali, Oman, China, the United States, Kazakhstan, Egypt, Ukraine, Uzbekistan, Colombia, Taiwan, Brazil, Russia, Kyrgyzstan, the United Kingdom, Bahrain, Ethiopia, Indonesia, Germany, and Libya.

    Constant Fear In Manzer Khel

    Saturday, 25 August 2012

    In the last few days I've been working on a piece about 'unmanned aerial vehicles', or 'drones' as most people call them. I was interested to discover that there is a company based in England that has manufactured technology sold and exported to the United States for use as part of drone systems. The US uses its drones for controversial covert attacks in places like Pakistan, Yemen and Somalia - attacks that many believe are being conducted in violation of international law.

    In a factory on a bland-looking industrial estate in Towcester, Northamptonshire, General Electrics Intelligence Platforms (GEIP) has produced single-board computers that it has acknowledged may be used on the ground stations that communicate with drones. The company says the parts are not used as part of "weapons systems" but are rather "used solely in connection with the operation of the aircraft itself." Nevertheless, human rights group Reprieve is demanding that the British government restrict exports of this technology for use in drones because it says it is "helping to kill, maim and terrify citizens."

    What's particularly interesting is that lawyers acting on behalf of a Pakistani elder named Malik Jalal have sent a letter to the UK government's Department for Business, Innovation and Skills (BIS) regarding technology exported by GEIP. Jalal lives in Manzer Khel, North Waziristan, a tribal village that has been hit by repeated strikes by US drones as part of a 'targeted killing' programme which has operated covertly in Pakistan since 2004. Jalal's lawyers, Tuckers, are requesting that BIS officials provide a series of answers about approvals of GEIP exports. The exports, they allege, are helping to facilitate strikes that are a violation of international law on armed conflict and a breach of human rights.

    Most striking about the letter is one passage that describes an aspect of drones I hadn't considered before: their psychological impact. It is hard imagine what it must be like to know that there are remote control aircraft soaring 20,000ft in the sky above your head every day, armed with deadly 'Hellfire' missiles and on the hunt for groups of suspected militants. But this particular paragraph goes some way to explaining the profound and alarming effect it is having on the people living in North Waziristan. It's something I think everyone should read:

    As a result of the UAV strikes, Malik Jalal and others residing in the area live in constant fear. There are very often UAVs hovering overhead. Members of Malik Jalal's tribe cannot tell whether they are intending to fire missiles or simply for surveillance, and the knowledge that any one of them at any time could launch a missile is unbearable. Malik Jalal as the tribal elder feels particularly helpless that he is unable to stop the UAVs and he fears for the physical safety of his family as well as the psychological effects, especially on the young, of the UAVs' presence. Even young children are aware of the UAVs and can see them and hear their buzzing overhead. The UAVs also affect the economy and daily life. People are scared to be out together in large groups or to travel with others in case they are mistaken for militants and targeted, and many parents are reluctant to send their children to school in case they are hit during the journey.

    You can read the full lawyers' letter here.

    It is estimated that up to 3,303 people have been killed in US drone strikes on Pakistan since 2004, including as many as 880 civilians. The issue is causing huge tension in the country and politicians have repeatedly called for America to stop its attacks - to no avail.

    The BIS told me that it "takes is export licensing responsibilities seriously" but said that "we do not comment on individual licence requests, the application or the end user." Of more interest was what a spokesman for the Ministry of Defence (MoD) told me when I called to query how the Royal Air Force uses drones. In an apparent attempt to distance the MoD from the increasingly controversial US bombings in places like Pakistan, the spokesman said: "I wouldn’t want you to confuse the way we operate drones with the way the Americans operate drones. They use them for wholly different missions."

    A Space For Notes

    I've been meaning to get round to this for quite some time. I'm starting a 'notes' section here, which I'm going to use to post bits and pieces - interesting scraps of information I find that don't make it into articles I write, short reflections, thoughts, and any other miscellaneous ramblings, missives, screeds.

    I've long needed a space for this, but for some reason I've never made it happen. How frequently I will post I'm not sure, but certainly the intention is to make it quite regular and habitual. I think it will help with the writing process and will also allow me to document things that often end up forgotten somewhere: the little scribbles and quotes and descriptions I often jot down, which at the time seem important, but before long end up gathering dust in the ever-growing pile of notebooks that clutter up my flat.

    So here we are. notes.rjgallagher.co.uk. Born on a rainy day in August, 2012.