History, Security

Why Allies Spy on Each Other

Leave a comment

Blast from the past — The WSJ archive has some interesting perspectives on international espionage.

Why Is U.S. Spying on Friends? March 11, 1997

Germany’s discovery that an American diplomat was spying on its Economics Ministry raises an important question: Why is the U.S. spying on its friends?

The question is particularly pressing because the case is actually the third reported in two years.

In 1995, the U.S. Central Intelligence Agency had to suspend virtually all of its operations in France after four of its officers were accused of spying on French economic officials during world trade negotiations. Later that year, the administration of President Clinton again was embarrassed…

Obviously a string of incidents and controversy like this can give the US a bit of a reputation for spying on other countries. Much of the data was murky and accusations stood unanswered. A few years later, however,an ex-CIA director gave an in-your-face explanation:

Why We Spy on Our Allies, March 17, 2000

By R. James Woolsey, a Washington lawyer and a former director of central intelligence.

What is the recent flap regarding Echelon and U.S. spying on European industries all about? We’ll begin with some candor from the American side. Yes, my continental European friends, we have spied on you. And it’s true that we use computers to sort through data by using keywords. Have you stopped to ask yourselves what we’re looking for?

Victims of espionage are supposed to ask themselves whether the ends justify the means? He argues that we should consider his motive.

Why, then, have we spied on you? The answer is quite apparent from the Campbell report — in the discussion of the only two cases in which European companies have allegedly been targets of American secret intelligence collection. Of Thomson-CSF, the report says: “The company was alleged to have bribed members of the Brazilian government selection panel.” Of Airbus, it says that we found that “Airbus agents were offering bribes to a Saudi official.” These facts are inevitably left out of European press reports.

That’s right, my continental friends, we have spied on you because you bribe. Your companies’ products are often more costly, less technically advanced or both, than your American competitors’. As a result you bribe a lot. So complicit are your governments that in several European countries bribes still are tax-deductible.

Note the confidence in his second paragraph. When a competitor’s products were deemed more costly, less advanced or both then America’s intelligence agency was called in to look for bribes.

No, that’s not quite right. The intelligence agency was called in to document the bribes it knows it would find. What made America’s top intelligence agency so certain bribes would be found?

The European Parliament’s recent report on Echelon, written by British journalist Duncan Campbell, has sparked angry accusations from continental Europe that U.S. intelligence is stealing advanced technology from European companies so that we can — get this — give it to American companies and help them compete. My European friends, get real. True, in a handful of areas European technology surpasses American, but, to say this as gently as I can, the number of such areas is very, very, very small. Most European technology just isn’t worth our stealing.

[…]

Why do you bribe? It’s not because your companies are inherently more corrupt. Nor is it because you are inherently less talented at technology. It is because your economic patron saint is still Jean Baptiste Colbert, whereas ours is Adam Smith. In spite of a few recent reforms, your governments largely still dominate your economies, so you have much greater difficulty than we in innovating, encouraging labor mobility, reducing costs, attracting capital to fast-moving young businesses and adapting quickly to changing economic circumstances. You’d rather not go through the hassle of moving toward less dirigisme. It’s so much easier to keep paying bribes.

I’m not sure I understand this correctly…

A former official of the CIA says he justifies American spying on allies because the American economic model is superior; a model he believed was not dominated by government interference. What’s the best way he found to prove that superiority? He used American government interference.

That’s not the end of it, of course. He also has to take a swipe at the French.

The French government is forming a commission to look into all this. I hope the commissioners come to Washington. We should organize two seminars for them. One would cover our Foreign Corrupt Practices Act, and how we use it, quite effectively, to discourage U.S. companies from bribing foreign governments. A second would cover why Adam Smith is a better guide than Colbert for 21st-century economies. Then we could move on to industrial espionage, and our visitors could explain, if they can keep straight faces, that they don’t engage in it. Will the next commission pursue the issue of rude American maitre d’s?

Get serious, Europeans. Stop blaming us and reform your own statist economic policies. Then your companies can become more efficient and innovative, and they won’t need to resort to bribery to compete.

And then we won’t need to spy on you.

Need? I missed the need part.

Update Nov 17 2020: Danish whistle-blower exposes NSA spying on European countries to win economic competition in airplane sales.

The American intelligence service NSA used a top secret Danish-American spy collaboration to purposefully spy on central ministries and private companies in Denmark.

[…]

The analysis of the data queries from 2015 reveals, according to DR News’ information, that the NSA at that time used the spy system to spy on targets in Denmark’s closest neighbors Sweden, Germany, France, Norway and the Netherlands.

According to the experts, the new information could strain Denmark’s relations with its closest neighbors .

“I would not like to be the political decision-maker who had to tell my colleagues in Germany or Sweden that ‘unfortunately, we have now learned that the Americans have used an access with us to spy on you'”, says Professor Jens Ringsmose from the University of Southern Denmark.

History, Poetry, Security

The Finnish Kalevala Runo

Leave a comment

Sweden began rule over Finland in the 13th century. As the ruling monarchy adopted Christianity in the 16th century they began to attack traditions in Finland and to destroy pagan rituals, as I also wrote last year.

Not all was lost. The following video is of Jussi Huovinen who is said to be one of the only people able to sing a traditional rune of Finland that could be as old as 1000 BCE.

National Geographic explains the significance

A collection of these runes, comparable to India’s Ramayana, or the Greek Odyssey, is known in Finland as the Kalevala, and those who sing its lyrical verses from memory are known as rune singers. These elders long carried in their minds the entire record of the Finnish language.

“In an oral tradition, the total richness of the language is no more than the vocabulary of the best storyteller,” Davis explains. “In other words, at any one point in time the boundaries of the language are being stretched according to the memory of the best storyteller.”

The video and the article both speak of how the information is written permanently to memory. It begs the question of the strength of controls in poetry and story-telling (alliteration, consonance, rhyme, rhythm, hymn, repetition).

Kalevala has eight syllables per line, stressing every other one (using rules similar to trochaic tetrametre).

Syllables fall into three types: strong, weak, and neutral. A long syllable (one that contains a long vowel or a diphthong, or ends in a consonant) with a main stress is metrically strong, and a short syllable with a main stress is metrically weak. All syllables without a main stress are metrically neutral. A strong syllable can only occur in the rising part of the second, third, and fourth foot of a line.

Amazing how we can have confidence in this data storage integrity method; that a story remains the same over thousands of years when no one but a few, or even just one, can remember them.

Energy, History, Security

Scofflaw Cycling and Multi-Tenancy

Leave a comment

The SF Bicycle Coalition has dedicated its latest journal to the issue of scofflaw. It makes a typical plea for everyone to be perfectly law-abiding in shared space.

We’ve been hearing from an increasing number of our own members, as well as political and community leaders, about this issue.

We know that most people are riding safely and courteously, but those who are not are making it less safe for all of us. Following the rules of the road and yielding to pedestrians is paramount to keeping our streets safe and inviting places for everyone.

A few tenants impact the safety of others and cause concern about all tenants. When enough tenants complain then law enforcement will step in to perform a typical show of force or a checkpoint or a sting. That seems like the usual cycle of things (pun not intended).

What is most interesting in the journal is the guidance to law enforcement by the SFBC:

The SF Bicycle Coalition is urging the SF Police Department (SFPD) to focus their efforts on the most dangerous behavior by road users at the known, most dangerous intersections. We know that drivers are responsible for the huge majority of injuries and fatalities to pedestrians on our streets, so this problem should receive the huge majority of enforcement attention.

We’ve heard troubling accounts of the SFPD setting up stings to catch people on bicycles rolling through stop signs on quiet streets where no one else is around. This isn’t focusing on dangerous behaviors at dangerous intersections, and these tickets are not prioritizing the actual goal of making our streets safer for everyone. We agree with your phone calls, e-mails, tweets, Facebook posts, etc, complaining that these tickets should not be prioritized at a time that limited enforcement resources should be aimed at actual dangerous behavior.

There should be an easier way to differentiate what is meant by “actual” dangerous behavior.

Data driven analysis is one way. The data on cars, in other words, shows a high rate of pedestrian accidents and fatalities treated as normal.

…none of these fatalities caused by people driving received even one-tenth of the attention that the high-profile Market/Castro incident involving a person biking fatally hitting a pedestrian last March drew. Why? Precisely because the latter is so rare. Equally tragic, absolutely heartbreaking, but undeniably rare.

Within just one week of that crash at Market and Castro Streets, there were two other pedestrian fatalities, both reportedly caused by people driving. Did you read anything about those?

Scofflaw Bus Rider
This is not to say that cyclists should kill more pedestrians to make people forget about the risk. No, it actually brings to light the classic dichotomy of civil disobedience during segregation. Those practicing scofflaw may increase resistance and fear, but at the same time open up a path to reform that is far less troubling than continuing down the same road. Perhaps scofflaw cyclists will be the catalyst that helps pedestrians throw off the shackles created by drivers. Did Martin Luther King practice “actual” dangerous behavior by dreaming? Was Rosa Parks “actually” a dangerous person when she resisted segregation?

[Kyra Phillips on CNN] asked Reverend Joseph Lowery, an African American civil rights advocate, how Parks’ memory made him feel about all the current-day commentators who are “always on the TV set complaining and shouting.” […] “It takes all approaches,” Lowery said. “I do not condone violence, but I do condone militancy.”

The bottom line is that stop-signs and stop-lights are not intelligent controls for segregation of traffic. They also were not designed with the best interests in mind for pedestrians or cyclists. In fact, red and green signals are a poorly thought-out adaptation from sailboats in the water (starboard and port). The colors operate smoothly when used on the water without stopping anyone; boats have no real brakes. Traffic signals should be about flow such that we can define “actual” dangerous behavior by harm (severity) but also obstruction (likelihood).

It would seem that cyclists are bringing to light (pun not intended) that relics of an endless-petroleum model of energy consumption can not last forever. Idling on empty streets with an engine that burns $5/gal gasoline in a new 10mpg engine seems like an incredibly bad idea today. Likewise, pushing pedals only to have to pull on the brakes and wait on an empty street makes little sense.

The modern round-a-bout was supposedly invented in America. Why not reconsider them with their modern improvements such as yield-at-entry?

The solution is undoubtedly in thinking about the purpose of signals and controlling movement. Avoiding collision is the goal, not re-enforcing wasteful and inefficient designs or in trying to develop an artificial and contrived definition of “good” behavior. I have personally watched the SFPD chase down and hand out tickets to cyclists that coast through stop signs yet they allow vehicles to run through the exact same signs without a reaction. At one point I approached the officers and asked about the inconsistency in enforcement. They simply said the department was responding to public concern about cyclists.

Security

Symantec “Proactive Threat Protection” BSOD

1 Comment
The Microsoft CEO preferred to call it the blue...of opportunity

I was asked by a reporter to comment on this issue so here are my comments.

There used to be a joke in security circles that the only way to secure Microsoft software was to pull the cables out of the back of a computer.

That was the first thing that came to mind when I read that “Proactive Threat Protection” software was the cause of a new rash of Blue Screen of Death (BSOD) in Windows XP. Nothing hurts the case for security like an outage caused by security.

The second thing that came to mind is related to the points I recently made about Windows XP file system decay. The fact that Microsoft is not maintaining the XP file system (NTFS) in the same manner as their newer OS might be the key to this issue. I could see how it might catch Symantec off-guard.

Details are still emerging but the official Symantec statement is in an article titled SEP 12.1 Win XP Users Experiencing Blue Screen when running Proactive Threat Protection Definitions July 11th 2012 rev 11.

In short, their Endpoint product released an update that was incompatible with other software trying to access the XP file system (including Symantec’s own PGP). There now should be low to no risk of a problem because the cause was isolated and removed from the update flow. The replacement update proved that it was fixed.

This incident may prompt some users to consider other vendors, yet Symantec is not the first anti-virus company to release an update that causes a major outage. I can think of at least two major international incidents related to bad updates by other large and well-known vendors. Some may also consider dumping proactive threat protection, but that’s a whole other post…

The problem affected numerous other products so it seems that this flaw was common enough to have been caught in QA, assuming they are testing for compatibility with the divergence between Windows 7 and Windows XP. Symantec needs to take a serious look at why PGP was in the list of affected systems, for example. Does Symantec even use in-house their Endpoint product with their PGP product on Windows XP?

Since the fix was to remove the bad update and replace it with one that is able to work with the other products it’s clear Symantec was at fault. Here is how they said it, three times over:

The compatibility testing part of the quality assurance process for SONAR signatures missed catching this compatibility issue. It is this part of our process that we will be improving to avoid future issues. We are currently restructuring our testing process to improve compatibility testing and will not be releasing new SONAR signatures until this new process is in place.

In other words, their proactive threat protection soon will protect you from them, which isn’t a bad thing to say. It also should be said they responded quickly with a fix.