Monday, November 25, 2013

China ADIZ: You Furnish the Hysterics, We’ll Furnish the Heightened Tensions

That guidance (to paraphrase Hearst’s famous admonition to Frederic Remington on the occasion of the Spanish-American War, “You furnish the pictures, I’ll furnish the war,”) pretty much sums up the interaction of the government of Japan and the Western media on the matter of the Chinese Air Defense Identification Zone or ADIZ.

I’m not going to engage in Fisking by bulk here, but Western outlets have unanimously spun the Chinese ADIZ as some reckless stunt to challenge Japan over the Senkaku airspace.


Basically, as I describe in an article for Asia Times Online, China's Defense Zone Creates a Flap, the Chinese ADIZ does tweak Japan on the matter of the Senkakus by extending the southeast corner of the envelope to cover the islands.

 However, the ADIZ covers all of the East China Sea between Japan and the PRC.  It is not an assertion of sovereignty.  It creates a zone in which unidentified aircraft are required to identify themselves to Chinese authorities.  It’s an early warning system meant to provide time cushion in an era of high speed warplanes.

America has an ADIZ. 

For aviation enthusiasts, here is a very interesting and somewhat technical description provided by the FAA on enforcement of the USADIZ.  

Spoiler: in principle, if not depth of detail, the implementation looks pretty much like the Chinese ADIZ—except it’s stricter, requires prefiling a flight plan, and specifies a rather onerous-looking tolerance of plus/minus 5 minutes and 20 nautical miles for deviations from the plan.

Guess what.  Japan also has an ADIZ.

The Chinese ADIZ directly parallels and overlaps the Japanese ADIZ—a fact that has escaped most of the press in its vaporings over the issue.  (From Taylor Fravel's tweet: yellow line = Chinese ADIZ; red line = Japanese ADIZ; red field = overlap.)

So, if properly implemented and respected by both sides, the Chinese ADIZ is stabilizing, not destabilizing.

Abe told a parliamentary session that China's declaration of the zone above the islands (known as the Senkaku in Japan and Diaoyu in China) altered the state of affairs in the East China Sea and escalated a tense situation.

"The measures by the Chinese side have no validity whatsoever on Japan, and we demand China revoke any measures that could infringe upon the freedom of flight in international airspace," Abe said during an upper house session. "It can invite an unexpected occurrence and it is a very dangerous thing as well."

I’m assuming Abe’s refusal to accept the Chinese ADIZ draws strength from US concerns about the PRC move voiced by Secretary of Defense Chuck Hagel and Secretary of State John Kerry.   In contrast to previous PRC-Japan jostling, the United States has clearly lined up with Japan and also went the extra mile to reaffirm that the mutual defense treaty covers the Senkakus.

The DoD statement reads:

"The United States is deeply concerned by the People's Republic of China announcement today that it is establishing an air defense identification zone in the East China Sea.  We view this development as a destabilizing attempt to alter the status quo in the region. This unilateral action increases the risk of misunderstanding and miscalculations.

"This announcement by the People's Republic of China will not in any way change how the United States conducts military operations in the region.

"The United States is conveying these concerns to China through diplomatic and military channels, and we are in close consultation with our allies and partners in the region, including Japan.

"We remain steadfast in our commitments to our allies and partners.   The United States reaffirms its longstanding policy that Article V of the U.S.-Japan Mutual Defense Treaty applies to the Senkaku Islands."

In my personal opinion, the US statement is not relating to China’s declaration of an ADIZ (after all, both the United States and Japan have them) but in the fact that the PRC declared the ADIZ unilaterally and, in its ambiguous wording of the regulations, conveyed the implication that US warplanes in the zone might be expected to obey the instructions of whoever was enforcing the Chinese ADIZ.

If the US military has one absolute imperative in East Asia, it is its ability to sail where it wants and fly where it wants subject to some extremely limited and carefully parsed limits imposed by international law (for instance, by a judicious exploitation of loopholes in the Law of the Sea Treaty—which the US hasn’t even ratified—the US Navy has openly repudiated Chinese objections and affirmed the right to conduct military surveillance detrimental to the PRC’s national security within the PRC’s Exclusive Economic Zone). 

As for aircraft, the most famous incident relating to the PRC, of course, was the collision of a Chinese fighter jet with a US EP-3 surveillance plane over China’s EEZ off Hainan Island in April 2001.  Despite vociferous complaints by the PRC, the U.S. took an effective and convincing stand that it had the right to continue the surveillance flights.

Based on a quick survey of the literature, US armed forces assert the right to fly through any international airspace without restriction.  However, as a concession to the anxieties of other governments about unidentified aircraft near their borders, at least in the case of Peru, I did find that the US encouraged Peru to check the flight plans on file and approach the planes, rather gingerly I expect, to confirm their markings.  In other words, no radio chatter, no transponder stuff.

If the United States is going to initiate AirSea Battle, in other words, it isn’t going to tip its hand when it enters the Chinese ADIZ, or help out Chinese air defense by turning on its transponders. 

The PRC is not going to be able to challenge that freedom just by publishing some regulations.

Despite the US decision to tilt toward Japan on the ADIZ issue, I expect that this story will join the platter of mislabeled China-threat nothingburgers heaped up by the media, including but not limited to the “PRC Coast Guard regs allow China to stop ships transiting the South China Sea” canard and the “China claims Okinawa” BS.

Saturday, November 23, 2013

The NSA's Fatal Flaw

I’ve come up with a new coinage FUSMAL, “Fucked Up on So Many Levels” to describe the NSA follies.

I took note of the recent Washington Post poll which found that 60% of respondents believe that Edward Snowden’s revelations had “harmed U.S. security.”

This represented an 11% jump over July, when 49% thought his revelations had harmed U.S. security.
I suppose this increase, which came about equally from the minority who thought he didn’t harm U.S. security (37% in July; 32% now) and the undecided (down to 8% now, from 13%), can be attributed to the shift of the focus of releases from domestic privacy violations to espionage on foreign governments.

37% think he did “the right thing” and 55% think he did “the wrong thing”.

It is of course interesting that, as of now, Edward Snowden is doing “the nothing”.  He gave up his documents before he entered Russia and all the revelations, shocking and otherwise, are the responsibility of Glenn Greenwald, the Guardian, and, yes the Washington Post, which is perhaps anxiously waiting for some other pollster to ask the question, “Do you think the Washington Post is doing the ‘right thing’?”

I don’t believe that Edward Snowden “harmed U.S. security” in a practical sense.  
Snowden and his media collaborators have been sedulous in suppressing information that would be directly helpful to America’s enemies/competitors/China.  The revelations have, of course, created a political uproar in places like Brazil and Germany, which have some pretenses to independent foreign policies and now have to deal with domestic calls to decouple their internet communications from the U.S.

However, I have a feeling that Germany, which served as home base for a clutch of the 9/11 perpetrators and is anxious host of a lot of Muslim immigrants and guest workers, is going to find a way to maintain its surveillance and intelligence sharing regime with the United States even if it takes measures to get the NSA out of Andrea Merkel’s cell phone.

So I think that Mr. Snowden, as he tucks into his bowl of borscht with sour cream and watches his first Russian winter descend like a great icy hammer outside his window, can console himself with the confidence that he has not materially degraded the security of the citizens of the United States.
IMHO the NSA, on the other hand, has done a pretty good job of screwing up the Western world’s intelligence regime.

The root of the NSA’s problem is that it is committed to hegemony in the global information space.  Hegemony is an understandable ambition since U.S. technology, equipment, and infrastructure still dominate the global transmission of information.

I refer doubters about this objective to the homepage of IARPA.  

Readers may be familiar with DARPA—the Defense Advanced Research Project Agency.  It’s a government incubator that reaches out to the academic and private sector to develop technologies that the DoD find useful, like robotic trucks that can drive unmanned through war zones—and an idea to link computers on opposite sides of the country in order to efficiently utilize computing resources.  You may know this successful initiative as “the Internet”.

IARPA—the “Intelligence Advanced Research Project Activity”, pronounced “yarpa”—is DARPA for spooks.  It’s a research agency under the Director of National Intelligence and it pours a lot of money into things like quantum computing (the holy grail for cracking strong encryption) because…
…well, here’s the first sentence from the statement “About [IARPA]” on the IARPA website:

The Intelligence Advanced Research Projects Activity (IARPA) invests in high-risk, high-payoff research programs that have the potential to provide the United States with an overwhelming intelligence advantage over future adversaries. 

The NSA’s data greed, the desire to “have it all”, is not just a matter of organizational hubris and mission creep.  It’s built into US security policy strategy.  Leveraging US capabilities to dominate the information space is seen as the key U.S. advantage in 21st century strategic competition.

Domestically, the US government has bent and probably broken US laws and the will of the FISA court and colluded with service providers in order to collect US communications data.  And it has subverted the fundamental security and safety of the Internet in order to facilitate NSA access. 

Bad news is, the quest for “an overwhelming intelligence advantage” can’t stop at America’s borders.  Since even our closest allies shrink from openly surrendering their data sovereignty to US surveillance, the NSA has been forced to improvise a covert network of alliances and intrusions in order to get “it all”.

The most recent report on the NSA, by the NRC Handelsblad (a newspaper in the Netherlands) provided an interesting graphic showing the overseas data network penetration by the NSA.  It reported that the NSA had successfully infected 50,000 computers in non-ally jurisdictions with Computer Network Exploitation a.k.a. malware.
On the map, CNE hot spots are shown with yellow dots.  China, Russia, Central Asia, Middle East, India, Brazil, Venezuela (and Colombia!), Peru, Ecuador…lotsa dots.

I would also draw the inference that countries without yellow dots are jurisdictions that are probably knowingly cooperating with the NSA and therefore don’t need to be penetrated with malware.    

There don’t seem to be any yellow dots in the Five Eyes countries, for instance.  But there are also don’t seem to be any yellow dots in France, Germany, Spain, Italy, the Scandanavian countries, Central America, Japan, Indonesia, Argentina, or Chile.

But even our closest and most enthusiastic ally, Great Britain, was probably subjected to covert espionage in violation of the “Five Eyes” agreement that the telecommunications of the U.S., U.K., New Zealand, Australia, and Canada would be mutually respected.

No doubt the metastasizing network of yellow, red, and blue dots across the globe was regarded with joy by the NSA bigwigs.  But one could also look at the network and see each dot as an added security risk for an over-extended, undermanaged, and insecure intelligence initiative (note that this graphic was distributed to all of the "Five Eyes").

There were tens of thousands of potential Edward Snowdens with the necessary clearances inside the NSA and its subcontractor agencies.  There are probably thousands, if not tens of thousands more, in intelligence agencies and IT corporations and installations within the Five Eyes and our allies around the world.

A major breach is something not just the NSA is worrying about.  That’s undoubtedly what GCHQ and every other allied security service is worrying about.  And the risk becomes bigger as more and more dots pop up on the board and more foreign data is shoveled into the maw of the NSA.  

And I expect foreign governments are asking themselves whether the omnivorous U.S. demand for sigint is a matter of achieving joint security, or U.S. unilateral information hegemony.

So we have a covert, improvised unilateral intelligence gathering regime executed by to a significant extent by partners whose loyalty is less than absolute and whose actions we are unable to control.

On one level, the Snowden revelations were a remarkable one-off.

At a certain level US priorities will diverge from those of our willing and unwilling intelligence partners.

On another level, the emergence of Snowden may have simply been the inevitable product of a destabilizing, overextended covert operation that was teetering on the edge of collapse.

It’s a dismal situation.  It’s FUSMAL.

Graphic from the NRC Handelsblad website

Wednesday, November 20, 2013

I Spy on the Five-Eye

Well, the guy who said this was full of crap:

David Skillicorn, a professor in the School of Computing at Queen’s University, says this is one piece of the data-sharing relationship "that has always been carefully constructed."

"The Americans will not use Canadians to collect data on U.S. persons, nor will any of the other Five Eyes countries," Skillicorn says.

"In fact, in practice, it’s as if the five countries’ citizens were one large, collective group, and their mutual communications are not intercepted by any in the Five Eyes community."

Actual situation, as per the Guardian today, the NSA honored its no-spy-on-five-eye pledge in the breach:

Britain and the US are the main two partners in the 'Five-Eyes' intelligence-sharing alliance, which also includes Australia, New Zealand and Canada. Until now, it had been generally understood that the citizens of each country were protected from surveillance by any of the others.

But the Snowden material reveals that:

• In 2007, the rules were changed to allow the NSA to analyse and retain any British citizens' mobile phone and fax numbers, emails and IP addresses swept up by its dragnet. Previously, this data had been stripped out of NSA databases – "minimized", in intelligence agency parlance – under rules agreed between the two countries.

• These communications were "incidentally collected" by the NSA, meaning the individuals were not the initial targets of surveillance operations and therefore were not suspected of wrongdoing.

• The NSA has been using the UK data to conduct so-called "pattern of life" or "contact-chaining" analyses, under which the agency can look up to three "hops" away from a target of interest – examining the communications of a friend of a friend of a friend. Guardian analysis suggests three hops for a typical Facebook user could pull the data of more than 5 million people into the dragnet.

• A separate draft memo, marked top-secret and dated from 2005, reveals a proposed NSA procedure for spying on the citizens of the UK and other Five-Eyes nations, even where the partner government has explicitly denied the US permission to do so. The memo makes clear that partner countries must not be informed about this surveillance, or even the procedure itself.

When intelligence community apologists get wrongfooted by these kinds of revelations, one is inclined to wonder: is the so-called security insider who is allaying (and in some cases ridiculing) the public’s anxieties over government surveillance practices a clueless dupe or a duplicitous shill? 

Inquiring minds want to know.

The most recent revelation is tantalizing as it relates to my own personal hobbyhorse, as discussed in a previous post with the theme Blame Canada: did the NSA diddle with traffic patterns through its corporate buddies on the North American backbone and route US persons’ data to Five Eyes partners—like maybe Canada--for storage, collection, and processing, and thereby receive its tittle-tattle on interesting Americans second hand via a foreign intelligence agency, thereby not violating the letter of the U.S. law prohibiting these kinds of interception without a warrant?

With this background, the most interesting element for me was one that the Guardian didn’t even bother to report on.  It only appears in the Guardian’s reproduction of the 2007 memo (click on the image at the head of the article for the full text) authorizing collection of UK persons’ info.  The memo baldly stated that “unmasked” UK data—if I understand it correctly, this simply means in this case “metadata that has been revealed as relating to a UK person” is not only fair game for review by NSA analysts; it may also be dumped into a database for access by GCHQ:

“[US Analysts] Are not required to forward unmasked UK contact identifiers to GCHQ unless specifically requested by GCHQ.  GCHQ should receive all unmasked UK contact identifiers via established or mutually agreed forwarding means or the contact identifiers should be available in the GCHQ-accessible five-eyes [deleted] database, the [deleted] access to [deleted], or other GCHQ-accessible metadata stores.”

Hmmm.  Certainly sounds like the NSA was not only collecting UK data; it was making it available to GCHQ.  If that was the case, one would assume it worked the other way around as well.
There’s probably more onion to be peeled.  Maybe a couple more layers down we’ll find out if we can really {drumroll} “blame Canada.”

If this scenario is determined, I reserve the right to name the illicit, escalating signint exchange with our neighbor in the Great White North "snowballing".  In honor of Kevin Smith, of course.