Posts Tagged ‘cyber espionage’
The merit of a proposition can be judged by the strength of the argument in support or defense of it. In the case of the proposed changes to the GCSB and TICS Acts, the government’s argument has basically reduced to claims that terrorists will strike if the bills do not pass, perhaps even using weapons of mass destruction. More than an argument in favor of the bills, it is a sign of desperation on the part of a government unwilling to level with the public on its real intent.
To begin with, counter-terrorism is a very small part of what intelligence agencies do. Ninety percent of intelligence collection and analysis, to include its sub-set of electronic espionage and counterespionage, is focused on traditional corporate, diplomatic and military intelligence gathering. That is true for the Five Eyes/Echelon signals intelligence network and even more so for countries that are not on the front lines of the so-called War on Terrorism.
Yet countering “terrorism” has become the buzz word used by politicians to justify the expansion of the security apparatus in all its forms, to include the militarization of police functions and extension of powers of search and surveillance. It is the fig leaf that covers a multitude of sins perpetrated by the state in the name of national security.
This is an important point because as nasty as it is, terrorism is not an existential threat to any established state, much less a consolidated democracy. Viewed objectively, it can be properly seen is a crime of violence most often carried out as an irregular warfare tactic for ideological reasons. In the hands of non-state actors it is a weapon of the militarily weak that cannot be used regularly and systematically against a broad array of targets in the face of state enforced counter-measures. Although impossible to eliminate in its entirety, especially in its small cell or lone wolf application, this type of terrorism (i.e. in John Key’s airport bomb hypothetical) is a type of criminal violence best handled by the police using the intelligence made available by human as well as signals and technical intelligence agencies.
That may or may not involve electronic eavesdropping of a targeted sort. What is not needed to counter terrorism is blanket adoption of draconian security laws that restrict individual and collective freedoms, including the right to privacy. Oppressing the majority out of fear of an extremist few is counter-productive for no other reason than doing so plays into the hands of the aggressor.
In any event New Zealand is not on the front line of the War on Terrorism. Its threat environment is different than that of Australia, the UK and the US. It is more akin to (yet less than) that of Canada, and it is telling that Canada has resisted moves to closely align its domestic intelligence gathering powers with that of its Northern Hemisphere partners. The Canadians well understand the hierarchy of threats confronting them, and in light of that have shied away from the type of legislation currently being proposed in New Zealand.
If anything, the Canadian government knows that closer public alignment with the US and UK on security issues invites greater risk of attack from those engaged in armed conflict with them. It also understands that what irregular threats exist for Canada, they are more likely to be internal and related to domestic policy issues than external in origin or manifestation. New Zealand is similar in both regards.
What this means is that the specter of terrorism raised by John Key is a dark chimera that has little connection to New Zealand’s real threats, but which is used to defend the passing of security legislation that is more appropriate for the threat environment in Pakistan or Yemen than that of the South Pacific.
In recent years cyber espionage has become the predominant form of signals intelligence threat, to include that in New Zealand. The focus of attention of Five Eyes and other signals intelligence agencies is increasingly on fiber optic cables, routers, switches and the computers that use them, as opposed to radio and satellite intercepts (even if the latter remains a priority for Echelon). In pursuit of effective counter-measures, the Echelon partners have developed sophisticated labor-savings software such as PRISM and XKeyscore that filter the first cut on zillions of bytes of electronic data (the so-called meta-data), thereby making it easier for human analysts to target specific communications based upon keywords, phrases and usage patterns.
This mass trawling through personal as well as institutional electronic communications is indeed efficient, and not problematic for countries under non-democratic rule, but poses a problem for liberal democracies where the right to privacy and presumption of innocence go hand-in-hand as the bedrocks of citizenship.
Cyber espionage in New Zealand is mostly but not exclusively perpetrated by foreign state and non-state actors seeking to access sensitive corporate, political and security information. This includes back-door access via personal computers and electronic devices into work computers of targeted sectors. Since New Zealand has the most porous internet security of the Five Eyes partners and because its economic and political decison-making elite is relatively small in comparison, it is considered to be the weak link in the network by adversaries and allies alike.
Be it by groups such as Anonymous or by state agencies such as Chinese military intelligence (and there are many others), it is estimated that New Zealand computer networks are probed dozens of times a year (at least as far as what has been publicly admitted by the government). Thus the interest in increasing the GCSB’s cyber-securty function in order to bolster the defensive aspect of local cyber intelligence (targeted hacking of foreign networks being the offensive side).
The hard fact is that cyber espionage and counter-espionage is the newest and increasingly most pervasive form of spying and is here to stay, so New Zealand has to lift its game in that field of play.
This is the real reason why the Bills have been introduced. The trouble is that they contain a very strong offensive aspect to them, in part owing to the blurred nature of cyber espionage that does not conform easily to the foreign versus domestic dichotomy traditionally used to partition internal from foreign intelligence gathering. Threats now are seen as “glocal” or “intermestic,” and thus offensive cyber intelligence operations are run side-by-side with domestic counter-intelligence (defensive) work. That includes meta data mining on home soil, and the sharing of that data with Echelon partners.
Rather than honestly reveal the true reasons why the amendments to the GCSB and TICS Acts are being proposed, the National government has resorted to the old canard about terrorism. It may be doing so because it is undiplomatic to point out that its second largest trade partner has been accused by New Zealand’s strongest security and intelligence partners of being the source of most cyber attacks on their respective and shared computer networks. It may be doing so because it assumes that most people simply do not care about issues of security and intelligence, and it might be right. But whatever its rationale, its proposals are way over the top given the realities of New Zealand’s position in world affairs and its history as a democratic polity.
There is much more that is wrong with the New Zealand intelligence community–the lack of effective and independent oversight, the political manipulation of intelligence flows, the overly broad definition of national security and threats to it being foremost amongst them. It is therefore not surprising that in the very framing of the debate about the GCSB and TICS Bills, the government has resorted to bluster and fear-mongering rather than outline the real thrust of its changes.
That is a pity. Had it done so it might have been able to reach a compromise on cyber security more appropriate for a small liberal democracy on the periphery of the major conflicts of our times. However, as things stand New Zealand is about to be saddled with a cyber-security apparatus apparatus more similar to that of Singapore than those of Belgium, Norway or Uruguay.
That pretty much says it all about how National views the world.
Selwyn Manning has done a Q&A with three individuals who have different and at times conflicting views of the GCSB and TICS Bills, although all three are critically opposed to the bills in their present form. One is a strategic analyst, one is an internet entrepeneur and one is an IT lawyer. John Key may dismiss them as uninformed, politically motivated or holding some hidden agenda, but their differing takes on the issue may make for some food for thought for KP readers.
The Q&A can be found here.
It must be the season for espionage scandals and potential threats. The NZ media has taken an interest so I get to play talking head.