Context
Finally, the French governement is going to react to the NSA mass spying. Just
after the first article published by Le
Monde
(there might be a paywall). Technically, it's nothing really new since we've read
the same for Mexico, England and Germany those last days - use your search-engine
fu to find related articles.
Oddly enough, 6 month after the first revelations, the French Foreign Ministry has
summoned immediatly the NSAWUS ambassador to talk about it. AT the time I'm
writing this, the results of the meetings are not yet public (and I don't even
know if the US Ambassador will answers at all) but, in the end, nothing will
change.
Also, we currently have, in France, yet another debate around yet another
expulsion of yet another school girl (directly from school) and a lot of
discontent about or Ministry of Interior. I'm not thinking the summoning of the US
ambassador is done only to try to heave people forgetting about this issue, but
the timing is troubling.
First, the obvious - Why do the NSA is spying on French
This is the first time that a national newspaper of broad audience (Le Monde) is
directly releasing and analysing Snowden's document. Before today, it was only
comment and translations of foreign newspaper and some analysis done by smaller
press apparel.
Le Monde is used to do this kind of release since it was the partner of Wikileaks
for the CableGate and, at least parts of, the Warlog. And they've got a lot of
attention when they did that, so I suppose that this article, and the apparently
starting collaboration between Snowden's news agency and Le Monde, is starting to
gather political momentum.
And the french governement is craving for achievments. There's a lot of miscontent
right now - not enough to pull people in the streets, but enough to increase the
extrem right wings voter pool - and they might want to do something good.
Political momentum from NSA scandal might be the good one to convert into good
reputation.
However, they always seems to discover the fact that the NSA had spies on French
citizens and officials. They know it since, at least, June and I won't admit that
they didn't had strong suspicion before that. This is just something they're doing
to occupy the news space, and try to divert people from ongoing issues - hate
speech, immigration, economic situation, jobs issues, pick one or many of them and
you can even add to the list.
Friends and foes
NSA says they're spying on anyone to find terrorists. So, it means that:
- They do not trust us and think that there's a risk big enough to have a
terrorist-strike on the US soil coming from the french soil. If that's the case,
it means they do not trust their allies. So why are we even part of NATO?
- They trust us, but they think our own spying services are lame. I can get it,
but then, since we're allies, they're probably sharing intel with us. As they're
doing with the UK secret services: GCHQ (GCHQ seems to be the NSA's reach in EU).
- It's not about terrorism, or a risk of war. Then it's mainly an economic
issue and the NSA uses its powers to take over some market for the benfits of US
companies - the ones who works with the NSA.
The economic angle
The economic angle is something interesting. In the french IT industries, we have
mainly two actors favored by the state. Former State companies - France Telecom
aka Orange, Bull but it was a failure, etc - and big names well established - and
for the computer stuff it will be US companies.
One single example is quite interesting. Since France is part of NATO, we must
comply to some interoperability on different levels such as ammunitions,
information system and managemenbt and strategies.
I like the ammunition aprt, because it explains well what interoperability is. The
NATO calibers are standards. And if you want to have your rifles, guns, rocket
laucnhers, whatever approved and used on NATO battelfields, you must be able to
fire them.
It doesn't means you must use the Colt's M16, just that you're own rifle must be
able o fire the NATO ammos. In France we use the FAMAS (French automatic Rifle),
the US use the M-16. That's interoperability.
For the information management, NATO requires the sale level of interoperability.
You must be able to send and receives data to and from any NATO system. The US
used their own version of Microsoft Windows Hardened for their specifid needs.
The France use the Bull system. No, it's a joke. Mouhamar Khadafi use the
Bull/AMESYS system we sold him. We prefer using the Microsoft system for our
critical infrastructure whoch is the army. We're able to manufactures great tools
and weapons and we can even sold them to dictators without blinking, but for our
own needs, we'd rather relies on the armed arm of the NSA: Microsoft. The Open
Bar
contract
has been exposed in Avril 2013, just some month before the Snowden revelations.
And we now know that Microsoft is a big part of Prism since the
9/11/2007. The fact that the
french military's head didn't even thought about it is an issue. And I would
suspect Microsoft to have used the NSA to spy and influence the deal.
The strategic angle a.k.a they do not trust us
In the diplomatic game, you can't really rely only on the good behavious of your
allies. Especially since allies or your allies can be your ennemies. For instance,
Turkey is an ally of the US since it's part of NATO. But I'm not sure all the
Turkey's allies are allies of the US.
Same goes for Pakistan.
So, a paranoid and schyzophrenic state like the US is spying on its allies.
That's standard diplomatic procedures, and that's what embassies are for. However,
in this specific cases, the NSA is going way further than a simple state spying.
They're spying everyone - I mean, we're talking of about 7M phone calls from France
in a month - that's a lot.
Also, France has been criticizing the US on some key political and foreign issues
such as Iraqi intervention, and the US stance toward the whole Israel/Palestinian
SNAFU. So, they might be interested on some data, and since we host some movment
which threatens US interests, they woudl suspect that France can host the next
team for a suicide bombing toward US interests. That's why they would want to spy
on the French citizens.
The interesting part of it is: did the French government benefited of it? Or any
other governement. Or companies. For now, there's nothing in the documents leaked
by Snowden that would give us a solid proof for that.
They knew it
I really think that the french government knew it and benefited from the NSA mass
surveillance program. But, before jumping to this conclusion, we need to
ellaborate a little bit on how it works.
The presentation in Le Monde, highlight a fact a lot of people forget about. When
routing on the internet, you're not going through the physical shortest route, but
through the most efficient one.
I'm going for an analogy for those of you who do not know what routing is. If I
want to go from Lyon to Bordeau by car, I can take the shortest path, made of
- at best - national roads. You're going to go accross a ot of villages, and
smallest road. Or you can go through the fast highway. It will cost you some
kilometers (and money, but that's not the point) because there's some kind of
mountain in between, but you'll arrive faster.
That's the same thing for internet. The physical shortes path, is probably not the
one you're going to use. For instance for going from Latin America to Africa, the
direct route is to jump to Europe (5Gbps) then to Africa (343Gbps), but in fact,
you're probably gonna do one more hop through US & Canada (2.918 Gbps), then
Europe (4.972Gbps) and then Africa. Way more faster, way more efficient.
If you want more data, have a look at
Telegeography
it's full of maps and data about the internet and telecomunication
infrastructures.
Peer to beer?
Another thing are peering agreements. Peering agreements
are what makes internet. It's an agreement between two exchange node ran by
companies or other organisations - let's call them A and B. This agreement,
determines how the traffic coming from the network A to the network B and
vice-versa will be managed and paid. In most of the case, fair peering (which is:
since traffic coming from A to B or from B to A are more or less equals or because
both network will benefit from it, let's peer for free), more info about Peering
can be found on the
Internet, but globally it's an economic
interest.
And it's been, in France at least, a long-raging battle between all of the
operators. For instance, France Telecom vs
COGENT
back in 2005 FT cut their peering with Cogent, in 2003 it's a battle between
France Telecom and
Free,
SFR and
OVH
battled around 2011 and a battle between Free vs
Google is
still raging as of today (and it's standing for a long time).
Also, and a funnier part when you look at it with this NSA angle, is that we have
here the ARCEP - an equivalent of the US FCC - which is in charge to regulate and
document the Telecommunication infrastructure. In 2012, they tried to force each
party involved with peering in France to document their formal agreement of
peering - Owni did a great piece about
it - and what's
fun was that, in fine, Verizon refused to collaborate with the state because it
was too much of work. The very same Verizon who gave full access to its
infrastructure to the NSA.
So, peering was done, back in the time, by private companies and by a public one.
France Telecom (which then became Itineris, Wanadoo and Orange for its ISP part).
They were building physical infrastructure with public money and were
interconnecting it with US and UK infrastructure. I won't believe that noone there
suspected or saw anything like some weird and unauthorized traffic coming through
their equipment, especially since the french intelligence services must have put
some things in place to protect themselves and to spy on the people and other
states.
Especially since most of the interconnexion toward Africa has been done by french
industrial (such as Alcatel Lucent, a US-French consortium, but more on them
later). There's also a big road to middle-east going through Europe and Germany in
particular (that's why routing to and from Syria often transit through Germany
Exchange node - Info from
2007)
However, the french net-isolationism (especillay the will of the local companies to
push for their product and to refuse to peer with their US counterpart) has
favored emergence of the Uk, DE and NL Exchange. Have a look at this
map and you'll note that France is quite
low on the Exchange Node values, and datas found on
Wikipedia
don't show the France as a big peering country.
Complacency
But who's building those system? It appears that the previously mentionned Alcatel
Lucent company is a good one. Have a look at the
BlueCabinet wiki to
understand why. They're providing submarines cables, infrastructures to 130
countries - including Burma and China - they're a mix between french and US
interests and they're involved in a lot of French and European infrastructure.
So, if the NSA is collecting data going through France and given that a big part
of the interconnection infrastructure in France uses at least a part of
Alcatel-Lucent technology and that trans-atlantic cables are at least partially
deployed by the US-French consortium, you really think the french secret services
would have ignored that the NSA will use and deploy tools to spy on us? Especially
when the states add shares into this Company? It's exactly the same issue when
Frecnh governement claims they didn't knew about Amesys solding arms of mass
surveillance to Lybia. They're lying.
You would argue that those tools don't need to be deployed on the french soil,
they need to be deployed in main Exchange node like in UK, NL or DE. And US also.
But it does not cover the landline wiretapping exposed by Le Monde today. So,
they have a tap inside the network on the french soil - because the cheapest route
on phone network between France and France is to route through France. And since
most of it has been deployed by public companies, or subsides of french public
companies, or subsides of governmental and military contractor, they know about it.
Because if they do not, it is extremely worrying. It means that any foreign power
can come in, wiretap our whole infrastructure and uses it against us without our
knowledge. And that's something I can't rationalize enough to admit it as true. It
can be done - and it has probably be done - for some specific wiretap and people,
but not on a scale of 7.4M of phone calls a month. At least the trafic generated
by the leak of data must have been noticed.
Now, let's admit that french secret servcies knew about it. Why keep it secret
then? An international scandal could profit for the state and could have lead to a
stronger foreign policy and a bit more of defiance toward the US. It would have
help defeat things like ACTA or the incoming TIPP, just because EU governement
would have been suspicious enough, and it would have increased the power of France
and developped for a better diplomatic situation reagrding the rest of the world.
They knew it, and they didn't used that knowledge to gain power over the US and to
empower themselves? From people whose job is to use information to take over other
interests, they would have done a poor job.
So, they might have something to gain by keeping it silent. I would go for access
to the data. Our national intelligence backbone is not as good as the UK or the US
ones (see the reports about Thalès interception
platform) and is essentially
directed toward phone calls - we have a long history of illegal wiretapping used
as political
scandal
and it didn't lead to any change in the way wiretapping has been done since then.
I really think there is both cooperation and defiance into this spying affair
between the NSA and French intelligence services. I also suspect that most of the
intelligence services works in defiance of there own governement and in
cooperation with both foreign intelligence services and companies.
And now what?
Nothing. Since everyone except citizens is wining on this mutual sharing of mass
surveillance system informel deal I do not except things to change in a short
term.
However, there is some good news. First, peering deals, and a lot of the necessary
system to maintain internet, are out of reach of the different governement. The
informal way that governs them doesn't helps for regulation and controls by
governement (that's why they seek for it). You still have to keep your data out of
big datacenter, but that's not that hard (have a look at yunohost
for hosting most of your data) the social networking part is the biggest and
hardest one I think - alongside with search engine, but at least you have
duckduckgo.
Second, a lot of governement, starting by South American one are really upsets
and are starting to act. The Internet
Governance
summit held recently in Brazil also gave some hopes about the Internet still
staying out of control. I'm not sure it will be followed by impact, because the
NSA spying is possible due to some key infrastructures issues, but it's a start.
I'm quite disapointed that the EU didn't follow the Brazil on this, since we have
some good infrastructure and technologies to help. But then again, I do not think
those US/EU commercial agreement will cease for the benefits of citizens or
sovereignity they have too much industrial and bank pressure on them.
But as always, nothing will come from the politicians. They must knew about the
NSA spying in France and they even collaborate or they're dangerously incompetent.
They benefit from it because it's a coercion measure (the same way CCTV cams are)
and industrial groups earns money doing it. Even if they o have gag orders. They
would have been motivated for your privacy, they would have fight those gag orders.
And that's why nothing new will emerge from this meeting between the french
foreign ministry and the - currently in shutdown - US embassy.