Copyright © Shutterstock; All Rights Reserved

Five Misconceptions About US Cyber Espionage360°ANALYSIS

While evidence of US spying is clear, the interpretations are full of misconceptions.

The evidence is clear; thanks to former National Security Agency (NSA) contractor Edward Snowden’s meticulous gathering of largely uncontested documents before his effective defection from his employer and country in June 2013.

In that month, The Guardian published evidence for US collection of metadata on telephone and cyber communications passing through America and Britain. Other reports described bugging of the communications used by foreign officials visiting London for the G20 conference in 2009. Recent reports reveal collection of the metadata and sometimes the content of communications within France, Germany, Spain, Mexico, and Brazil. Both the NSA and Britain’s Government Communications Headquarters (GCHQ) have been implicated in this cyber espionage.

Unfortunately, the evidence has been technically and politically misrepresented.

Cyber intelligence is the newest and least familiar of the “technical intelligence” disciplines, such as interceptions of radio signals, distinct from the more familiar espionage properly categorized as “human intelligence” – using human eyes and ears.

As one Central Intelligence Agency (CIA) officer once told my students of intelligence and cyber security, few intelligence officers really understand technical collection, so what chance does the general public have?

Official sources tend to be apologists rather than critics — some are carefully briefed by their government before pretending to speak for themselves.

As an academic, I am most disappointed by the many academics pretending to have special insight into a topic that is narrow, deep, and practical compared to their generalizable knowledge about, for instance, international relations theory or constitutional law.

Too many American political scientists have claimed to know what the US government is really doing or how foreigners really feel about it. Rather, most American political scientists are too focused on theoretical paradigms to follow foreign news or the technical complexities of intelligence.

Meanwhile, in Britain, too many students of “War Studies” have pretended to have political or technical insight into the US government and its “special relationship” with the UK; War Studies is an unscientific, politicized departure from Britain’s empiricist and technicist traditions.

In the end, most commentators end up peddling misconceptions that are anchored in government spin, popular culture, and whatever the last commentator said.

1: “Everybody Does It”

On October 29, the director of National Intelligence, James Clapper, and the director of the NSA, Keith Alexander, testified to an open hearing of the House intelligence committee, whose chairman amicably invited them to agree with a consistent message from the US government since June: all governments are doing what we’re doing, so nobody should be surprised or outraged that the US is doing it.

Although all states collect intelligence, most states just don’t have the capacity to gather the sort of technical intelligence that the US is gathering. Are Mexico and Brazil tapping into the US president’s phone calls and emails, just as the NSA is tapping those of the Mexican and Brazilian presidents?

Few states could be so ambitious. US authorities, such as the Office of the National Counterintelligence Executive, conventionally refer to half a dozen “peer competitors,” such as Russia and China. Probably only these peer competitors could hope to bug a foreign premier’s phone, but even these peer competitors are disadvantaged.

More telecommunications pass through American-owned infrastructure than through any other national jurisdiction. For instance, a telephone call from Peru to Chile is likely to be routed through American infrastructure. The NSA is able to collect most of its digital data from traffic passing through American jurisdiction and on infrastructure owned by American companies, which were compelled, we now know, by secret warrants to share such data.

We have learned, too, that the NSA had made sure that cyber security standards and systems have backdoors for official exploitation. This is easier for Washington because the US is still home to most of the cyber standard-setting and service-providing corporations.

For traffic that is not routed through America, the NSA can use the so-called “Five-Eyes” alliance – agreements between the US, Canada, Britain, Australia, and New Zealand to share communications intelligence, dating back to the Second World War. Chances are that a digital communication passes through the jurisdictions or infrastructure owned by at least one of the Five Eyes.

Britain has been most useful because it is the largest node in the routing of traffic between Europe and America and within Europe. A telephone call from Spain to Norway could be routed through Britain. Even a call placed between two African countries could be routed through Europe.

In theory, a country like Germany, the largest and wealthiest European state, could develop the capacity to hack the White House; however, European intelligence communities are small and strictly controlled in comparison to the US intelligence community. For instance, the Office of the Director of National Intelligence in the US employs more staff than the whole of Britain’s foreign intelligence service (MI6).

European countries are stretched thin countering mostly Russian and Chinese espionage, and collecting intelligence on regional traffickers and terrorists. The countries that the US now lists as priorities or threats, such as Syria and Iran, do attack American targets, but almost always attack webpages; they have hijacked the president’s Twitter feed, but they have not bugged his telephone.

Washington has a self-interest in pretending that America is just following the norm, when the US can most exploit the norm and is conducting activities that are furthest outside the norm.

2: “All Espionage is Counterterrorism”

When Snowden’s first leaks were published in June, US President Barack Obama and British Prime Minister David Cameron each spoke to the press about their disappointment that journalists had published information which would harm counterterrorism. Obama also carefully described how metadata on communications might help to identify the recipients of known terrorist communications. On October 29, the NSA’s director credited cyber espionage for the absence of a repeat of the terrorist attacks of September 11, 2001, and suggested that most of the data were handed over voluntarily by foreign governments on the grounds of counterterrorism.

Yet, the US was not spying on European or South American premiers for counterterrorism. The US and Britain could not claim that their bugging of foreign attendees of the G20 conference in 2009 was counterterrorist. When the US and Britain intercept the personal communications of foreign leaders, or hack into the intranets inside foreign political executive offices, they are looking for insight into foreign politics, economics, and military capabilities — not terrorism.

Counterterrorism is not America’s only intelligence priority. One of the leaked documents published in August was the classified budget request for US intelligence activities in fiscal year 2012-2013, which had five priorities: countering terrorism; countering the spread of nuclear and other unconventional weapons; warning US leaders ahead of critical events overseas; countering foreign espionage; and developing cyber operations.

It went on to warn of under-supplied needs for collection on Iranian, Syrian, and North Korean weapons programs. Even interests as narrow as Russian countermeasures against chemical warfare were mentioned. Countering terrorism is important, but just one of many interests for US intelligence activities today.

In any case, cyber espionage is easily abused for purposes other than counterterrorism, as simple as spying on romantic interests (the NSA has admitted to investigating a few dozen cases of such “LOVEINT” by NSA employees). Where the US can hack into a political executive’s intranet, it could just as easily hack into commercially or economically interesting intranets.

Indeed, in September 2013, a Brazilian news outlet, citing documents leaked by Snowden, reported that the NSA was gathering metadata on billions of emails, phone calls, and other internet traffic flowing through Brazil, including the communications of Brazilian President Dilma Rousseff, officials in Brazil, and a state-run oil company (Petrobras). Similarly, the reported NSA collection of metadata on French communications included terrorist, political, and commercial targets.

3: “Foreigners are Exaggerating Their Outrage”

Too many Americans have peddled the message that Europeans knew all along that the US was spying on them, but are exaggerating their outrage to placate their ignorant electorates or to leverage concessions.

In fact, when foreign leaders say they are outraged about US espionage on supposed friends, they mean it. In the mid-2000s, most European countries turned a blind eye to, and even helped, US extra-judicial rendition of terrorists through airports and CIA “black sites” within European jurisdictions. Even though Europeans are more critical of extra-judicial rendition, detention, and killing, they expect the US to break international and domestic laws in pursuit of terrorists. They are also generally aware of foreign collection of economic and commercial intelligence. Some European governments are certainly complicit at the same time as they are outraged.

Yet, Europeans really don’t expect the US to collect intelligence on law-abiding citizens or their political representatives. On October 24, 2013, The Guardian reported on a document, dated October 2006, suggesting the NSA had collected telephone numbers used by foreign officials, including 35 premiers (as yet unidentified). Der Spiegel has published a document suggesting that such collection started in 2002.

American spying on friendly foreign premiers is unambiguously objectionable – the US president and other representatives have now said so. The Five Eyes agreements prohibit members from spying on each other. Other allies are seeking the same agreement.

4: “It Doesn’t Harm the US”

Many commentators have characterized foreign outrage as a storm in a teacup – a short-term news story that will blow over. In fact, the revelations have already delayed, if not capsized, some US-led international initiatives and stoked foreign characterizations of a self-centered and untrustworthy super power – characterizations that Obama’s election had mitigated.

Revelations in June of US activities directed against the Swiss banking system delayed Swiss ratification of legislation designed to help the US find American tax evaders with Swiss bank accounts.

Revelations in September of NSA spying in Brazil was followed immediately by Brazil’s cancellation of a state visit to the US. Brazil’s demands for explanation and redress have petrified America’s long-standing effort to develop its relationship with South America’s greatest power.

In October, NSA interception of French, German, Spanish, European Union, and Mexican official communications led to direct complaints by foreign premiers to the US president, who reassured them that it wouldn’t happen again. Obama made a public commitment to a change of policy or practice.

At the United Nations, Germany, France, Brazil, Mexico, and others started to negotiate a draft resolution that calls for extending the privacy rights contained in the International Covenant on Civil and Political Rights to cyber space. This challenges the US-led regime for the international regulation of information technology, which is challenged already by an alternative regime agreed upon earlier in 2013 by a slight majority of states, led by the major autocracies.

During the same week, Der Spiegel revealed that the NSA was monitoring an international bank transfer system (Swift), in response to which the European Parliament voted to suspend a transatlantic bank data sharing agreement. The European Commission backed proposals that would require US-based companies to seek permission before handing over EU citizens' data to US intelligence agencies. The European Commission also called on the US to establish a legal right for European citizens anywhere to sue for redress in American courts if they believe that their privacy rights have been violated.

In the following week, on October 28, the European Union sent a nine-member delegation to Washington DC, but first warned that the US must restore confidence or ruin negotiations about a transatlantic free-trade pact. The EU wants to reach a pact, but its grievances help it to leverage extra concessions.

5: “It’s All Adequately Controlled”

The final misconception is that US intelligence is adequately controlled by US laws and political oversight.

In reality, cyber espionage is barely covered by any of the laws that were enacted to control earlier forms of espionage. Even the Fourth Amendment, which protects against unnecessary searches and seizures, gives no effective protection against interception of cyber traffic.

At the time of the first leaks in June, the US president and Congress were keen to reassure that all the leaked activities were legal and known to political representatives. This confident unity has broken apart.

On October 28, 2013, anonymous officials at the White House claimed that the president was unaware of NSA espionage directed against foreign premiers, until a review in summer 2013 when he ordered the operation to end; the operation had been active since 2002.

On the same day, Senator Dianne Feinstein (Democrat from California), the head of the Senate Intelligence Committee, said that the Committee had not been properly informed of the activities most recently revealed.

“With respect to NSA collection of intelligence on leaders of US allies — including France, Spain, Mexico and Germany — let me state unequivocally: I am totally opposed… I do not believe the United States should be collecting phone calls or emails of friendly presidents and prime ministers. The president should be required to approve any collection of this sort.”

In June, Feinstein had declared herself satisfied with political oversight, but her statement of October 28 promised that the Committee would “initiate a major review into all intelligence collection programs.” Increased political oversight is always somewhat theatrical, but the clamp down has already begun.

In summary, contrary to the general misconceptions: the US is alone in the extent of its cyber espionage; only some of this cyber espionage is counterterrorist; foreign outrage is real; it does harm the US; and US laws and political oversight are tightening.

The views expressed in this article are the author's own and do not necessarily reflect Fair Observer’s editorial policy.

Image: Copyright © Shutterstock. All Rights Reserved