…sterreich am Weg zum †berwachungsstaat
Ort: Cafe Landtmann, UniversitŠtsweg 4, 1010 Wien,
Datum: 11.August 2017
- Thomas Lohninger, GeschŠftsfŸhrer epicenter.works (…sterreich)
- Bill Binney, ehemaliger technischer Direktor der NSA (USA)
- Max Schrems, Jurist "Europe vs. Facebook" (…sterreich)
Arjen Kamphuis, Sicherheitsexperte (Niederlande)
Transkript der Rede von
My sense of all of this is that this is a failed policy, supposedly for intelligence, it's supposed to stop terrorist attacks-, that's been the justification for it from the beginning. It's been a lie that they've been saying, in the US, anyway, where it started, that you have to give up privacy for security. In fact, what that meant was that you gave up privacy and you got no security. In fact, all the attacks that have been committed since 9/11 and even before 9/11 were involving people who were already known by either the police or the intelligence or both. So they should have been following them with a disciplined focused approach instead of doing this bulk acquisition on everybody. Then they would have had a chance to stop this. This is the main reason ..., this is a failed policy because they are dumping so much data on their intelligence analysts and police that they can't get through it to discover the threat in advance and therefore can't stop it. So the ultimate result is that people have to die first for terrorism. For other cases they have the opportunity to smuggle dope and weapons and all that and not being able to stop it before it happens. Again, it's the same issue, because they're buried in so much data they can't get through it.
If for example you took all of the intelligence agencies in the US, UK, Five Eyes, and other countries that are participating in this bulk acquisition of data gather all the analysts together, there are about 20 000 analysts. So you have to distribute them over the set of targets they are looking at, which is the whole population of the world - approximately 4 billion people who are using cell phones or any other electronic devices or credit cards, things like that - so if you divide that out each of those analysts has to look at 200 000 people. That's impossible, and that's why they are failing.
They're also not doing the right analytic approach on the data they do collect. They are using a word search type approach which simply goes across and produces some kind of Google approach, Google output. You know you get thousands, tens of thousands or even hundreds of thousands and sometimes a million or more returns. And if you get that kind of amount every day in the collection that's being done, you can't get through it. It's impossible!
The other part on the negative side, again, is it invades everybody's privacy. When you collect all of this data on everybody, this means you have information on everybody on the planet and invade their privacy in virtually every way possible.
Now, there is a positive side to that: That means you have leverage on everyone on the planet. You use it to get members of parliament, every government of the world, wherever you want, because you've got the dirt on them, you've got information on them. Or you can use it against the political parties - they did in the US against the Tea Party or against the Occupy Group or against any church organization trying to get politically active or you can use it anywhere in the world to do similar things. And you can use it against princes in the Arab states, when they go on the web and look at porn for example. That's a no-no in their societies, That gives you power over them. And that's true for everybody on the planet, because it's collecting all the data that you possibly can.
In other words: It gives them the power to control the population. And also they use that data in the United States. There they are already doing that for common crime inside the United States. They are using it to arrest people, and then they have to do a substitution for that data in the court of law, because that data is not admissible, because it was collected without a warrant. And so they're perjuring themselves in the courts of law.
They are spreading this around the world because all the countries that have relationships with the FBI, the DEA [Drug Enforcement Administration], they are getting this information from them also. But they don't get the raw data because they can't use them in a court of law. So it's perjury. They are committing perjury and destroy our entire intelligence and judicial process. The foundations of democracy are being destroyed here. Privacy is lost, any type of legal process is lost, because it's subverted at the foundation by this process.
It was started in the United States -basically for money, because it takes a lot of money to do this, and the military industrial complex needed a lot of money, they wanted to grow, get bigger, and have more control of the people, and this was the way to do it. And then they convinced other people, like the other Five Eyes, the Brits and others, to follow them, and they followed and then everybody else in the world started to say "well, we should follow the US because they know what they are doing" when in fact they don't. And so we all adopt this failed policy across the democracies of the world. I call this a "metastasizing malignancy" because it's spreading around, destroying democracies of the world. What they are doing adopting the process many countries don't realize what it entails. It entails a large expenditure of funds and also a large effort in terms of numbers of people. But it gives also central power to anyone government over their population and central power to the United States because they got power and knowledge on everybody in the world.
So for all those reasons it's not good, either way you look at it: It doesn't work for the things they say it does, it fails and fails miserably. You can see this everytime there is an attack. And anytime they come up and say afterward that they knew who it was that did it. They should have been following them all along and didn't.
That's because they are not doing a focused targeted approach, which is the alternative to bulk acquisition. It does give you the oppertunity to see these threats in advance and have a chance to stop them. It saves lives. Instead of having an empire built with a lot of money and a lot of people, with the cost occasionally some people have to die.
Question: Is there technologically an alternative to surveillance and how does it look like?
William Binney: Yes, there is. Actually we invented it before 9/11, but the government rejected it because it didn't cost enough. It only cost us $3.2 million to develop and they wanted multi-billions to do the internet and move foreward in the digital age. I think, eventually they spent in the first 10 years something like $8 billion total on the programs they ran and all of them basically failed.
The approach we took was a targeted approach which included target development or development of new people participating in criminal activites or in government operations. It was basically built on behavior properties of people and what you could infer from the transactions they were operating on the internet and also the telephone network. What it simply meant was you followed people: If you knew somebody, basically in a de-ductive way, you looked up only two degrees of separation, like if I called you, Fritz, and you called somebody else, that is as far as you would go and that's the zone of suspicion around a known bad guy. That defines not the people that are guilty, and you encrypt these and hide their identity until you can show probable cause. You monitor them in their zone and if you can show probable cause on them then you can get a warrant. That's the de-ductive approach.
[deductive approach = derive a statement from a proven theory or a model (this is the way physicists argue),
inductive approach = derive a theory from observations (abstraction) - Wikipedia,
abductive = generalization of an observation into a hypothesis]
The in-ductive approach is: Where people are looking at pedophilia sites or multi-pedophilia sites or sites where people are advocating jihad or violence against the West. Those kinds of activities imply people are interested in those things and that puts them into the zone of suspicion and you need to monitor those. There are other things you can have, like people who geolocate with satellite phones in the mountains of Afghanistan or jungles of Peru, those kinds of things, where dope is smuggled or terrorists are operating. Those kinds of things mean people fall into that zone for that point, because of that basic fact that they are there. It means you simply have to look at them, it doesn't mean they are guilty, but you have to look at them. And in the abduct, it's a little more abstract. It says simply you've to look at geographic distributions of communities, of social networks and if you distribute what terrorists states -or states where terrorism is predominant, that what is being exported-, then you need to look at those communities to see if they are involved. It doesn't mean they are guilty either, they just fall into the zone of suspicion.
The first two, the de-ductive and in-ductive approach, would have gotten every terrorist involved in every terrorist attack from here to all the way back to even before 9/11.
That's the targeted approach, and it gives privacy to everybody because you don't take any of the rest of data in. All that data passes by. None of that data is stored by any government. It's actually succeeding against terrorists or any other targets, but my government started all this stuff because it didn't cost enough and they wanted to spend a lot of money.
Question: Do you know of any technology that does that with the same characteristics?
William Binney (WB): Yes, a couple of countries, one in the Netherlands and one here in Austria, who are involved in that and starting to develop programs with the targeted approach. I think they are going in the right direction. I don't know how much we want to say about it. I don't think they are operationally ready yet, but they are certainly going to be in the near future, I think so.
Question: So what you are saying is, there is a technology in place in Austria.
WB: Yes, and as well in the Netherlands, yes, both places.
Question: In the beginning, before, we spoke about the Eisenhower farewell speech, where he talked about the military-industrial complex. You told me also that Mohamed Atta was involved in 9/11, that Atta was trained by the US army. Are you 100 percent sure that some part, I speak about a small part inside the deep state, is responsible for the attacks?
WB: I'm quite sure they were responsible in the sense of negligence and incompetence, but not directly active in it.
Question: Are you sure?
WB: Yes Because we knew the entire Al-Qaeda network before 9/11, in fact going back to 1996. We've been following their entire worldwide network. ... We knew that that was part of their policy to do that kind af thing. Again, if you are incompetent, then you don't follow things and when you don't focus you don't see them. That's the fundamental problem with the intelligence community.
Transkript der Rede von
I work on information security which used to be a very specialized thing in the corner of an IT department. ... Mass surveillance is wrong in many legal and moral terms. It's against the principles of democracy. It's against the United Nations' Declaration of Human Rights, and many other basic legal frameworks that we have. But if these things don't work [as an argument against it] you can point out that it doesn't work. You can pick either one of these two arguments and these are two good reasons to not do it.
The funny thing is, in this country and many other countries the governments keep proposing these things. So, for instance after the Paris attacks in late 2015 before the blood on the sidewalk was even dry, already politicians were screaming that we now needed to ban all forms o encrypted communications between citizens. The funny thing was that encrypted communications played no role whatever in the preparations of these attacks. In fact the attackers were all individually known, many had posted their weapons training in Syria on their facebook pages. They were all using phones that were running on their own names. They were using their own credit cards to rent the cars to go to Paris.
So, the measures proposed after the events would have had no impact on the ability to prevent the event. And that then backs the question to these governments "Why are you proposing things that anybody would have the brain to figure out that they don't solve the problem?" So it's also up to the citizens of Austria to ask their government in this case "Are you merely incompetent or is there some other agenda going on here?" Because it's very clear that mass surveillance is completely unsuitable to prevent terrorism, and we've seen this in Europe again and again and again. So it's not even in discussion.
It is also a fact that mass surveillance is very suitable for repressing all kinds of democratically legitimate activites in society, e.g. journalism.
Another problem with mass surveillance is that your government will be creating giant new databases of the private lives of the citizens whose job it is to serve for them. The question is: can they protect those data mountains? And any government that thinks that it can protect such a data mountain I would like to remind of the fact that the National Security Agency, the world's largest intelligence agency with a budget the size of some smaller country, was not able to prevent Edward Snowden walking out the door with tens of thousands secret documents. And to this day they don't know exactly know what he took with him. So, if the NSA cannot protect their database, do you think the Austrian government can protect a database with the lives of Austrian citizens from the 20 or 30 intelligence agencies in this world? Or dozens of advanced criminal organizations that might go after this data? Of course not. So the best way to prevent this problem is to not create this database in the first place, particularly given the fact that it doesn't do any good for the stated problem anyway. This is aside from the fact that it costs a pile of money which could be used for other stuff.
Also, thanks to Bill and even before Bill Duncan Campbell's basic journalistic work we know -and since Snowden for absolute sure- that all United States information technology products and services have backdoors by various intelligence agencies including the NSA and CIA. The "kill switches" in those products are actively being used to be able to switch off countries. And that's not just countries like Iran or may be North Korea, but it's also countries like Austria [and Japan, Brazil, Germany, Mexico, Iran, Venezuela - source: Oliver Stone, Snowden"]. All modern countries using American information technology products are under an American kill switch. Everything in your society runs on chips, from the logisitcs in your supermarkets to the energy infrastructure, to hospitals, to everything your government does. If somebody foreign can switch that off, -it's now the Orange King in Washington who controls the off switch, he tends to have some impulse control problems and may be this is worrisome- but then it's not just (?), because since the secrets of those backdoor are now out on Wikileaks and are now in the hands of dozens of other parties including again criminal organizations, you can now switch off countries at will if they so desire. ... (?) it's better to thieve a country empty than crash its economy.
Running on these kinds of technologies is a big strategic risk to the basic physical and economic well-being of Austrian citizens. So again, the question to the government should be four years after Snowden gave us very clear and documented proof of these problems: why are we continuing to do this? Why do we continue spending 15 - 20 billion Euros of our money to buy foreign spyware that can destroy our societies, instead of using that [money] for creating 350 000 IT jobs in Austria and build our own technology and then be in charge of our deciding, as a soverign society should be?
So these are some policy implications, and then it's not for journalists to ask all the fine technical details, but it is for journalists and for citizens to ask their governement "Why aren't you doing this? Come up with a good answer, and then we're going to ask some follow-up questions, as well."
[At the end of his speech he mentions his free 2014 book "Information Security for Journalists". It's available in many formats. Here is the pdf-format.]
Speculation over fate of missing Dutchman linked to WikiLeaks - Arjen KamphuisÕ effects found in the sea but his phones were turned on 1,000 miles away, The Guardian, 14 Sept 2018 (in cache)
Address of this page