EuroParl Report - NSA, Crypto, Liberty & Trade

Vin McLellan (vin@shore.net)
Wed, 28 Jan 1998 12:15:02 -0500


A draft ("consultation version") of a report by the European
Parliament's Office for Scientific and Technological Option Assessment
(STOA) entitled "AN APPRAISAL OF TECHNOLOGIES OF POLITICAL CONTROL" has
been submitted to the EuroParl's Civil Liberties and Interior Committee.
Several IT-relevant excerpts are now available at John Young's widely
respected crypto-politics website: <http://www.jya.com/atpc.htm>

(STOA regs apparently require a document to be distributed only on
paper while it is a "working document." A hardcopy can be ordered by
e-mail with a request to the office of British MEP Glyn Ford
<jford@europarl.eu.int> or with a fax to STOA in Luxembourg at:
352-4300-22418)

According to Mr. Young's correspondents, the report covers:

- The Role & Function of Political Control Technologies
- Recent Trends and Innovations
- Developments in Surveillance Technologies
- Innovations in Crowd Control Weapons
- New Prison Control Systems
- Interrogation, Torture Techniques and Technologies
- Regulation of Horizontal Proliferation
- Further Research

As expected, the report highlight's the NSA's Echelon surveillance
system, developed and managed in conjunction with its sister SigIntel
agencies from the UK, Australia, New Zealand, and Canada. Snippets:

"[...] unlike many of the electronic spy systems developed during the cold
war, ECHELON is designed for primarily non- military targets: governments,
organisations and businesses in virtually every country. The ECHELON system
works by indiscriminately intercepting very large quantities of
communications and then siphoning out what is valuable using artificial
intelligence aids like Memex to find key words."

"[...] Within Europe, all email, telephone and fax communications are
routinely intercepted by the United States National Security Agency,
transferring all target information from the European mainland via the
strategic hub of London then by satellite to Fort Meade in Maryland via the
crucial hub at Menwith Hill in the North York Moors of the UK."

The priority targets of this surveillance system are selected by
the participating intelligence agencies -- only one of which is European --
on the basis of their individual military and political interests, notes
STOA. "Whilst there is much information gathered about potential terrorists,
there is a lot of economic intelligence, notably intensive monitoring of
all the countries participating in the GATT negotiations...."

The report seems to briefly summarize a wealth of earlier media
reports on the Echelon network, but offers no apparent evidence of an
independent inquiry. The report seems to suggest that these intelligence
agencies have become a law unto themselves, and operate in a context where
all presumably-private communications are effectively transparent and
accessible to them. "With no system of accountability, it is difficult to
discover what criteria determine who is not a target," the STOA adds in a
dry summary.

There were some startling revelations about technology that already
seems familar, useful, and tame:

"[...] Some systems even lend themselves to a dual role as a national
interceptions network. For example the message switching system used
on digital exchanges like System X in the UK supports an Integrated
Services Digital Network (ISDN) Protocol. This allows digital
devices, e.g. fax to share the system with existing lines. The ISDN
subset is defined in their documents as "Signalling CCITT1-series
interface for ISDN access". What is not widely known is that built
in to the international CCITT protocol is the ability to take phones
'off hook' and listen into conversations occurring near the phone,
without the user being aware that it is happening."

STOA recommends a new European Parliament study of the
"constitutional issues" raised by the American eavesdropping practices, and
of the impact of Echelon upon (a) the "constitutional safeguards" of the
individual European states, and (b) "the political, cultural and economic
autonomy" of EU's nation states.

The report also recommends that the European Parliament should
address and explicitly reject "proposals from the United States for making
private messages via the global communications network (Internet)
accessible to US Intelligence Agencies. Nor should the Parliament agree to
new expensive encryption controls without a wide ranging debate within the
EU on the implications of such measures."

The "implications" of the proposed controls over free access to
strong cryptography -- declares STOA -- "encompass the civil and human
rights of European citizens and the commercial rights of companies to
operate within the law, without unwarranted surveillance by intelligence
agencies operating in conjunction with multinational competitors..."

That last phrase -- with its explicit reference to the commercial
or economic intelligence which can be gleened from unversal surveillance
(and the value of such intelligence to "multinational" corporations aligned
with each of the intelligence agencies cooperating in Echelon) -- lies in
the dense gray text of the report like an unlit fuse.

One of the inevitable problems for a nation which fosters both
intelligence prowess and commercial prowess is that success in the former
can undermine the legitimacy of whatever success it achieves in commerce
and industry. International finance and trade rely, in some measure, upon
a general acceptance that the terms of such trade are overt, if not
necessarily "fair." Without that minimal trust, the successful competitor
is viewed not with respect, or even jealousy; but with scorn and
bitterness. Commercial failures will inevitably attribute their losses not
to the skill or ingenuity of their international competitors, but rather to
the competence and bias of the mysterious cyberspooks who, all acknowledge,
probably watched the deal unfold.

The MEPs wouldn't be European if they didn't consider the
possibility of that sort of frustration fueling a backlash against the
European Union and EU governments which appear either unable or unwilling
to protect the integrity of their economic infrastructure.

Americans worry about future InfoWar: the corruption of the American
economic infrastructure by tech-savvy foreigners. A Presidential
Commission studies the threat today, and generates headlines by the ream.

Europeans might fairly ask if they are not already the victims of
such malovelent prowess. And what guarantees could they be offered that
this is not the case?

Suerte,
_Vin

"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.

* Vin McLellan + The Privacy Guild + <vin@shore.net> *
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548

For help on using this list (especially unsubscribing), send a message to
"dcsb-request@ai.mit.edu" with one line of text: "help".