6 August 2000. Thanks to OB.


http://www.theregister.co.uk/content/6/12294.html

1 August 2000
Update: 15:37 GMT

Echelon spy system wildly exaggerated - official

By: Thomas C Greene in Washington

Posted: 01/08/2000 at 10:44 GMT

By wireless...

The infamous Echelon satellite spy system, reportedly operated by the US National Security Agency (NSA), is largely a product of popular imagination and journalistic mythology, a US government official with ties to the intelligence community said during several sessions at Defcon.

"I wish we had something like that which was that good. I mean, it would make my life so much easier, but it just isn't there," the official, who asked not to be identified, told reporters during a press conference. "I don't really expect a lot of people having a great time with these Echelon stories to believe what I tell you, but just go back and do the math." 

The Echelon system is said to be capable of intercepting virtually all the world's electronic communications via fax, microwave and e-mail, and automatically filtering out the noise to get at the titbits of interest to the US national security apparatus - a miraculous feat which The Register has questioned on grounds of feasibility many times in the past.

"Get some of those articles that purport to describe the ability of the Echelon system to do marvellous things, and [think through] the engineering work," the official suggested. "Figure out how much  processing power it would require, the types of collaboration one would need with  people who build telecommunications systems, and the amount of  government employees you would need to read all the stuff that gets scooped out. We  just haven't got it."

"We're the government," he quipped. "Why would you reasonably expect us to be any more advanced than the private sector?"

Instead of the automated, science-fiction system generally imagined, the NSA and similar agencies rely on the old-fashioned method of developing sources and leads, and targeting them for further observation, he maintained. 

"The basic problem is someone giving us a hint to tell us where to look. Since we can't process anywhere near the volume of stuff that people generate, we have to have some clue that tells us to go after a particular place or a particular thing."

Conspiracy paranoiacs will be further disappointed to learn that the US government does not make a habit of targeting electronic communications simply because they happen to be encrypted, the official said, again illustrating his point by appeal to the common-sense argument that there simply is not an unlimited amount of time, money or personnel available.

"There has to be some association that makes us want to [conduct surveillance]. We do not have the resources, time, interest or attention spans to go after everyone who wants to use encryption."

Still, a great number of people believe that the NSA is conducting mass-scale, indiscriminate monitoring of encrypted traffic, and either breaking the code or relying on back doors implanted in commercial crypto products by compliant manufacturers.

The notion that the government either encourages, or as some believe, forces, software companies to put back doors in their encryption applications also fails to make sense, he said.

"If a [software] firm ever got caught doing that, they would  flat be out of business. And how often after that would a company want to co-operate with a government that asked them to do it? You don't set them up to where they're going to get wiped out in public... it's just bad business."

During an open session, he was questioned about US military preparations to defend against, and prosecute, information warfare, a capability which popular imagination also believes to be in an advanced state of development.

He indicated that America's cyberwar capabilities are as grossly overestimated as its spying capabilities. "I'm not even sure how we would determine that [an information attack] was happening," he observed.

"The biggest problem that we have in cyberspace is figuring out who's [attacking]. There are no fingerprints, no physical evidence; and if you don't know who did it, then you have a hard time figuring out  why it was done. Identification and intent are key elements in international law. If you want to go whack someone, you have to be able to make a plausible, provable case that Enemy X is the one that [attacked] you; and if you can't determine who they are, then you have a real problem."

And malicious hackers should beware, he said, as this uncertainty in identification could one day cause a great deal more harm than intended. "An individual conducting a [network attack] on US soil against a foreign state could conceivably be interpreted as an agent of the US government. And if that's the case, then you have a situation where an individual could cause an international incident."

As for the US military's offensive cyberwar capabilities, there is little real-world data to go on in assessing it. "We did not conduct any successful virus attacks during the Gulf War," the official noted. "We had a target identified that we thought it useful to knock out to support the air campaign. We were prepared to go against it, but in the complexities of that war, we inadvertently removed the access pathway to the target before we were able to attack it."

As for its defensive capabilities, at least some assessment can be inferred from its difficulties in protecting on-line systems from relatively unsophisticated attacks by script kiddies, and the increasing alarm among federal law enforcement agencies which are scrambling to obtain ever-expanding powers of surveillance and to impose ever-harsher penalties for such minor abuse.

The myth of invincibility doesn't stand up long when FBI Director Louis Freeh and Attorney General Janet Reno wring their hands in public, demanding a relaxation of on-line trap and trace laws and a lowering of the standards by which federal involvement in on-line crime is triggered.

Another obstacle to the defence of crucial US assets from cyber attack is the simple fact that many of them are privately owned, the official noted. "The government doesn't own a lot of the stuff that needs to be protected," he said. "We can't just walk in and tell people how to take care of their personal property."

Some private assets with serious public implications, like telecommunications, finance and non-nuclear energy, have co-operative agreements to harden their crucial assets from attack, but the government is in no position to dictate the particulars of how this is to be accomplished.

One can only hope that old-fashioned economic self-interest will inspire them to do a decent job of it. ®


Cryptome Note:

For some months there has been a series of news reports and Congressional testimony dismissing the threat of Echelon coupled with declarations on the NSA's diminished capabilities to cope with technologies of the digital era. The essentials of these reports and testimony are almost identical, as with the report above. Customarily, a charge is made that Echelon is a confabulation of journalism without credible bases, and that NSA could not perform the surveillance feats alleged.

Cryptome first heard such dismissive accounts in 1998 when it offered reports on Echelon, beginning with an non-response from the Public Affairs office of the US Defense Department when an inquiry was made about Echelon.

US Congressional public hearings on Echelon and assessment of latest NSA's surveillance capabilities have been promised, but not yet specifically scheduled. The only hearing so far held on the topics has produced testimony which matches the content of the press campaign to disparage Echelon and decry NSA's diminished capabilities.

We welcome for publication here reports on what could be seen as a sustained disinformation campaign about Echelon and NSA technological prowess. Or, conversely, credible evidence that Echelon does not exist and that the NSA does not possess capabilities to perform the alleged global surveillance associated with Echelon.

We have been unable to obtain such evidence against Echelon (or its successor(s)) during two years of inquiry, nor have we read of news reports and testimony that present reliable evidence. And we doubt, at the moment, Congressional hearings will ever produce more than unbelievable accounts so long as there is no challenge to the confabulations being dispensed -- not by Echelon investigators but by its growing number of apologists.

We note that this is the "Year of Intelligence," not only in the US, with a global campaign to reach out to tax-payers and potentates for enhanced high-technology surveillance funding, and to people and companies, around the world, as recruits to a secret mission too vile to be to told openly and truthfully, for example, Britain's dissimulative Regulation of Investigatory Powers Act 2000.

Wink, wink, the world's intel agencies/apologists SIGINT each other and their avid customers: camouflage our secret means and methods with cloaks of national security.