Gendo

Category: espionage

Letter to Parliamentary Committee on Gov. IT projects

May 5, 2014

Author: arjen

Letter below has been submitted to the Temporary Committee on Government IT. This document is a translation from the Dutch original.

Dear Members of the Committee on ICT ,

On June 1st, 2012 I was invited by your predecessors to contribute to the expert meeting of the Parliamentary Working Group on ICT projects in government. The written submission that I made at that time is here, including a video of those hearings (in Dutch).

As an IT architect but also as a concerned citizen, I have been actively involved with the IT policy of the government since 2002, focusing on the areas of electronic health records, security and open standards / open source software. On the latter issue I was the initiator of the 2002 Parliamentary ‘Motion Vendrik’ that advocated greater independence from dominant software suppliers. Last year I also served as a technical expert on the Committee of Minister Plasterk who advised on the (im)possibilities of electronic support for the electoral process.

Although this motion Vendrik from 2002 was translated into the Heemskerk Action Plan in 2007, this policy was quietly killed in 2010/11 by the lobbying power of large software vendors and the U.S. government. Even the Court-of-Audit was pressured to *not* ask certain questions in its 2011 report on the policy. Since 2002, the Netherlands has spent about 60-90 billion on foreign software, for which in many cases free, equally good or better alternatives are available. Their use is, however, actively hindered by both the Ministries of Education and Interior, as well as the VNG supported by the lobbying apparatus of major suppliers and the U.S. government.

This despite Justice Minister Donner’s 2004 letter to Parliament in response to the Motion Vendrik where he admitted that:

  • the government’s dependence on Microsoft was very great;
  • that this was a problem ;
  • and that by introducing open standards and the use of open source that could be solved.

This dependence has since become much greater and more than one billion Euro was spent on Microsoft licenses over the last decade. That money would have paid for 10,000 man-years of expertise to migrate away from Microsoft products. A large part of the money spent would have remained in the Dutch economy and returned to the state through tax and VAT. Not that 10,000 man-years would have been needed. The Municipality of Ede did it against the odds for a fraction of the cost and now saves 92 % on software expenses (and 25% on overall budget). The rest of the government has yet to take steps. Why is an important question.

In addition to the huge amounts of money involved (the VAT ends up mostly in the Irish exchequer due to inter-EU trade to Irish headquarters of IT companies), it has also become clear in recent months thanks to Edward Snowden in particular that U.S. software is deployed as espionage infrastructure . This has practical implications. For example, the current semi-privatised infrastructure of the national Electronic Health Records system has been put under technical management of an American company and therefore falls under the Patriot Act. But the Windows PCs ( which are de facto mandatory in secondary schools) and Gmail accounts (which are necessary to follow a University course) are part of the global spy network. Similarly with the iPhones that some of you might use, about which NSA internal documents boast of the 100% success rate in automated monitoring at zero dollars cost per device.

All this means that even if IT projects according to any definition ‘succeed operationally’ these often still violate the basic rights of millions of Dutch citizens (article 12 NL – Constitution, Art 8 ECHR , Art 12 UNDHR). Examples include electronic heatth records, transportation smart cards and many information processing systems of governments that have been outsourced on foreign soil and/or to foreign companies (such as the database of fingerprints that for many years has been linked to the issue of passports).

Both the EU and the Dutch government have been aware of this problem since the summer of 2001, yet nothing has since been done in the Netherlands to ensure the privacy of citizens or the data security of Dutch public and private institutions. Indeed, much has been done by the government which has greatly exacerbated this problem.

The above points, in my view, mean that a purely ‘operational ‘ approach to project success simply does not cover all the obligations of a democratic government in its role as guardian of the rights of its citizens.

This past weekend, I have viewed the first five videos of hearings and was most impressed by the contribution of Mr. Swier Jan Miedema. He seemed to be the only person genuinely committed to getting to the heart of the problems and saying out loud what he thought (although Prof . Verhoef also make quite a few wise points). The most compelling aspect of his testimony was the obvious fear of specifically naming a commercial party. This seems to confirm what many in the Dutch IT world know: companies like Centric abuse their dominant position in local government for short-term gain including the exclusion of anyone who is a threat to those gains (here another example).

That an IT professional of such seniority has to beat around the bush with a trembling voice is typical of the situation in the ‘market’ for public ICT. Institutionalized corruption and abuse of power is more associated with a developing country than a democracy.

In the conversations with both Mr. Miedema and other experts several members of the committee asked several times if these people could not suggest what would ‘solve’ all this. As if the problem was something that could be fixed with some trick. It is worryingly obvious that (two years and 8-12 billion after the start of the Commission) there is still the idea these problems can be solved by changing project-management methodology. Based on my experience, I believe that the problem is much more fundamental. I strongly urge you to look much more widely and more deeply at the problem and to not exclude your own role as parliamentarians in this. No questions or solutions should be taboo. Even if thereby the significant economic interests of above mentioned suppliers or the job security of groups of officials/civil servants must be called into question.

Both Mr. Miedema and Prof. Verhoef expressed the view that everything that happens can be broadly explained by the incompetence that exists in both the government and its suppliers. There are however, limits to the incompetence theory. Somewhere in the process the prolonged and appalling scale of wasting money, endangering the cyber security of the Netherlands and violating the privacy of millions of Dutch citizens has been allowed (or at least not considered an important subject). The fact that the Commission itself over the last 2 + years can spend a couple of hours a week on a problem that costs hundreds of millions of Euros monthly might also be an indication of some inexplicable non-priority. There are many officials, businesses, cybercriminals and intelligence services abroad that greatly benefit from the status quo. Look especially at those who do not come to your hearings.

In the 21st century laws are made reality by software. So it no longer befits a democracy to hand over control of that software to (often foreign) commercial parties. Executive parts of government must be accountable to you ultimately and without control over the technology that underpins their work this accountability is simply not possible.

Obviously I am willing to explain myself further as to above matters.

With kind Regards,

Arjen Kamphuis

June 9th 2014: In The other IT of another Europe I commemorate one year of the Snowden/NSA scandal by describing a scenario in wich other choices were made, choices that are still open to us today…

11-02-2014, the day we fight back

February 11, 2014

Author: arjen

Today is the 11th of Februrari 2014,“The Day We Fight Back”. We fight against out-of-control spying on our privacy as free citizens. We fight against Orwellian espionage because we know where it leads to in the end.

The text below is inspired by the speeches of Winston Churchill in during may and june 1940. While the nature of the opponents of democracy and freedom is different today the consequences of losing the fight are just as dire. Our society and the planetary eco-system is a great trouble. We need our democracies to function and our internet to be free so we can adress the great challenges of out time.

“What Cory Doctorow and Aaron Schwartz called the fight against SOPA & ACTA is over. The battle against TTP and global surveillance continues to rage on. Upon this battle depends the survival of the internet and our democracies. Upon it depends our own way of life and the long continuity of our institutions and our culture. Once again the whole fury and might of the enemies of freedom will very soon be turned on us now.

Those working towards a police state know that they will have to break us or lose this conflict. If we can stand up to them, all of the Internet may be free and the life of the world may move forward into broad, sunlit uplands. But if we fail, then the whole world, including the United States and Europe, including all that we have known and cared for, will sink into the abyss of a new corporatist Dark Age, made more sinister, and perhaps more protracted, by the lights of perverted technologies.

You ask, what is our policy? We can say: It is to hack, by server, laptop and phone, with all our might and with all the strength that Turing can give us; to wage lulz against a monstrous tyranny, rarely surpassed in the dark, lamentable catalogue of human crime. That is our policy. You ask, what is our aim? I can answer in one word: victory, victory at all cost, victory in spite of all the terror, corruption and lies.

I have, myself, full confidence that if all do their duty, if nothing is neglected, and if the best arrangements are made, as they are being made, we shall prove ourselves once more able to defend our networked homes. To ride out the storm of surveilance, and to outlive the menace of tyranny, if necessary for years, if necessary alone. At any rate, that is what we are going to try to do. That is the resolve of the hacktivists – every one of them. That is the will of free citizens, the technologists and the creatives, linked together in their cause and in their need, will defend their native internet, aiding each other like good comrades to the utmost of their strength. Victory, however long and hard the road may be; for without victory, there will be no free culture and no culture of freedom.

Therefore we shall go on to the end:
we shall fight in Europe,
we shall fight on our browsers and our operating systems,
we shall fight with stronger encryption, and secure hardware,
we shall fight with growing confidence and growing strength
we shall defend our networks, whatever the cost may be,

We shall never surrender.

Let us therefore brace ourselves to our duties, and so bear ourselves that, if the Internet and its hacker community last for a thousand years, they will still say, “This was their finest hour”.”

No go participate or organise a cryptoparty, support people developing better tools (mail, web, secure systems and all this Free-as-in-freedom Software) or ask other people if they value being able to read without being read at the same time. Privacy is a human right according to the UN Declaration of human rights and yes, you to have something to hide as well.

‘Tinfoil Is The New Black’, Keiser Report interview

January 17, 2014

Author: arjen

I was a guest on Max Keiser’s programme ‘The Keiser Report‘ last Thursday jan. 16th for the second time. Max is a former Wall Street trader who foresaw the current economic crisis a decade ago.

Full Keiserreport episode here on RT site and here on Youtube.

Max caught me be susprise by asking about the NSA TURMOIL and TURBINE programs. I confused them with other programs (there are many). The TURMOIL and TURBINE programs are part of the ‘Targeted Acces Operations’ family (see this Spiegel article). These are programs for gaining acces to systems by other means than abusing their built-in weaknesses over internet connections (the NSA’s favourite method because it can be automated to spy on everyone at very low cost). Targeted Accces Operations (TAO) deals with everything from intercepting & modifying electronic devices that people order online to the use of microwave beam weapons to identify, hack, break and manipulate computer systems from great distance. The latter method has also been used for targeting drone strikes. The talk by Jacob Appelbaum I mention in the beginning of the interview is here. Many more talks from the 2013 CCC conference in Hamburg can be found here.

The US Declaration Of Independence is one of the greatest political writings in history and can be re-written for more contemporary political problems as I did here. Accoring to US academics the US declaration was inspired by the Dutch declaration that preceded it by almost two centuries.

Blogpost on a previous interview last year.

NSA intell goldmine, who else has access?

September 15, 2013

Author: arjen

<also on HuffPo UK>

The War Room, Dr. Strangelove - 1965 Shortly after the initial release of some documents from whistleblower Edward Snowden I wrote a little summary about the IT-policy implications for Europe based on earlier columns. A lot of additional documents have come out since then and we can basically conclude that almost every computer system on the planet is fully broken or at least very vulnerable to NSA interference or manipulation.

Nobody, including the NSA, Edward Snowden, Glenn Greenwald has a total oversight of all the in the tens of thousands of documents let alone the political or strategic implications of the info contained in them. Most of the news keeps focusing on the ‘scandal’ aspect and/or the person of Snowden. Being angry at the US government (practised by most opponents) and attacking the person of Snowden (a favorite of apologists of the US regime) distracts from defining adequate policy responses and so far there have been precisely none in Europe. This constitutes a massive failure of the various EU governments to protect their citizens’ rights and the economic sovereignty of their nations. It is also strange in light of the fact that an adequate policy response had already been formulated in July 2001 and really just needs to be implemented.

But every now and them the disinfo spread by some apologists for the behaviors of the NSA is useful for understanding how much worse the situation may just turn out to be. This article by a former NSA employee is a nice example of an attempt at smearing the whistleblower while actually digging the hole the NSA (and the US regime) is in much, much deeper. The piece claims Snowden secretly worked for Russian intelligence all along. While I do not share the authors views on Snowden’s motivations or allegiances the suggestion that outside organisations could have agents inside the NSA has some interesting implications.

If I understand the gist of this post correctly there is a much bigger breach than one would conclude based on the mainstream news from the Guardian. Not only can (and does) the NSA collect pretty much everything anyone does in the digital realm by breaking systems and breaking into systems. They then are unable to protect this sigint goldmine from falling into the hands the agents of foreign intelligence organisations. So now all our data is in the hands of both the US and Russian governments. This begs the question what other organisations have deep-cover moles inside the NSA using its infrastructure to do the hard works of global sigint for them? The Chinese government? A South-American drugs Cartel? Private Military Companies? Journalists-activist-terrorists? Goldman Sachs? The implications are astounding.

If what this academic-with-the-columnist-style says it true the disaster is exponentially much bigger than it would initially appear to be and this has very little to do with any ‘damage’ to the US image (it’s got nowhere to go but up by now) or its ability to ‘do’ intelligence. First America gave the world the Internet as a global comms infrastructure and now it has given an unknown number of completely unaccountable actors the keys to this infrastructure to do with as they please.

A Russian/Chinese/Israeli/Iranian spy will benefit both from the sigint collected by the NSA systems and even more from the info about what the US Intelligence community is (and is not) looking at. They could maybe also manipulate the collection process to steer the NSA away from things they would like to remain unseen. Any serious spy organisation would spend a lot of resources on creating that ability since the US has made itself totally dependent on signals intelligence as opposed to humans in the field who speak languages and understand cultures.

If the NSA has created a global spying machine whose output they cannot control perhaps it would be best to shut the whole thing down today. This would also have the additional benefit of respecting the human right of privacy (as described in Article 12 of the universal declaration of human rights) for most of humanity.