SWIFT, the NSA and Glenn Greenwald

by Henry on September 9, 2013

The most recent Greenwald document release – of a Powerpoint suggesting strongly that the NSA has a backdoor into the SWIFT financial messaging system – may have some interesting political consequences. Abe Newman at Georgetown and I are in the throes of writing a book about the internationalization of homeland security. Roughly, our story is that domestic officials in both the EU and US, who prefer to prioritize homeland security over privacy and civil rights, have been able to use cross national networks and forums to push their agenda, weakening the previously existing privacy regime in the European Union. And SWIFT is a big part of this story. The US began secretly requiring SWIFT (which is based in Belgium) to share its data after September 11. When EU decision makers became aware of this (thanks to a New York Times story which the Bush administration tried to get spiked), there was political uproar, resulting in the negotiation of a framework under which the US agreed to impose limits and safeguards in return for continued access. If you don’t mind wading through some political science jargon, you can get the basic story from the relevant bits of this paper.

This is interesting for two reasons. First – the EU thought the US had signed onto a binding deal on access to SWIFT data. If,as appears likely at this point, the US was letting the EU see what it did when it came in through the front door, while retaining a backdoor key for the odd bit of opportunistic burglary, it will at the least be highly embarrassing. Second – there are people in the EU who never liked this deal in the first place, and have been looking for reasons to get rid of it. The allegations of the last couple of months have helped their case considerably – this, if it bears out, will do more than that. If the US has demonstrably lied to the EU about the circumstances under which it has been getting access to SWIFT, it will be hard for the EU to continue with the arrangement (and, possibly, a similar arrangement about sharing airline passenger data) without badly losing face. Even though the people who dominate the agenda (officials in the Council and European Commission) probably don’t want to abandon the agreement, even after this, they’ll have a bloody hard time explaining why they want to keep it. The EU-US homeland security relationship, which had been looking pretty cosy a few months ago, is now likely to be anything but.

{ 26 comments }

1

Foppe 09.09.13 at 7:41 pm

I certainly hope so.. One quibble, though: I certainly also hope that EU (or memberstate national) officials do not think about ‘homeland’ security; they might think about ‘national’ security, but that nationalist/borderline-fascist Orwellian term is only busied in the USA, and mostly by the government, for propaganda purposes. (It seems to have worked quite well…)

2

Straightwood 09.09.13 at 8:03 pm

I had thought that insane generals destroying the world was a forgotten Cold War nightmare. Now comes General Alexander of the NSA, who will stop at nothing short of the destruction of all trust in the political and business institutions of the United States. It is simply insane to attempt to record covertly all of the world’s telecommunications and copy all available data. The collapse of reason in America’s political leadership has reached catastrophic dimensions.

3

Cahokia 09.09.13 at 8:14 pm

“In a statement issued on Sunday night after the latest revelations aired in Brazil, the US director of national intelligence, James Clapper, said: “It is not a secret that the intelligence community collects information about economic and financial matters, and terrorist financing.

“We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries’ economic policy or behavior which could affect global markets.””
-Guardian

4

Henry 09.09.13 at 8:15 pm

They think about ‘justice and home affairs.’ Where there is a split (as in Germany) between Ministries of Justice and Ministries of the Interior, the former tend to be mildly pro-civil rights, the latter vehemently pro-homeland-or-whatever security. Where not, the security/home affairs people tend to overwhelm the justice people.

5

Chris Williams 09.09.13 at 8:32 pm

Henry, you might be able to get a useful concept or two – notably, ‘relative autonomy’ from the work of Mathieu Deflem on the history of police co-operation. Some of Ilsen About’s research might also be helpful.

6

Matt 09.09.13 at 8:50 pm

I’m going to make my usual pitch here: please enable HTTPS on Crooked Timber. It is no longer necessary to have a dedicated IP address: https://en.wikipedia.org/wiki/Server_Name_Indication

Also enable forward secrecy in the SSL/server configuration, as here: https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy

Forward secrecy means that even if the NSA steals a copy of your SSL certificate’s private key now or in the future, they have to break an additional public key exchange for each user session. The only way they can bypass that additional work is by active man-in-the-middle attacks on the connection rather than passive listening, and browsers with certificate pinning or equivalent extensions will be able to identify active attacks.

The NSA considers encrypted communications more suspicious and retains them at a higher rate. Their fig leaf about not keeping purely domestic communications is dropped when it comes to encrypted communications. Wonderful. Let’s choke their storage services with mundane information wrapped in high-grade secrecy. Not even an NSA-sized budget can store an appreciable fraction of Internet traffic for the long term.

It appears that the NSA uses a combination of industrial sabotage, mathematical advances, and special purpose hardware that renders a large fraction of encrypted web traffic ~20 orders of magnitude less difficult to read than previously believed. Unfortunately we do not know which encryption is more-or-less still safe from the NSA’s prying eyes, though we know some part is. But even the flawed, easy-to-break encryption should still make communications 8 or more orders of magnitude slower to read than plain text communications. The United States does not have 8 orders of magnitude more money to fund the NSA with. By making encryption ubiquitous for even the most harmless and unsecretive applications, we can dramatically raise the cost and complexity of mass surveillance.

7

shah8 09.09.13 at 10:36 pm

Preventing any business to be done with Iran has done more severe damage to SWIFT credibility than backdoors. SWIFT is an international public service/good, and pretty much *has* to be neutral to contribute good to the world. Same with those polio doctors having to help get Osama. It’s times like these that makes me think that the US government, the shadier parts, is functionally insane. There just doesn’t seem to be much profit in maintaining backdoors–nobody walks across high bridges they don’t trust, except for the desperate. And this is likely to increase suspicion well beyond US software companies to any institution that might have close ties to Washington.

8

Random Lurker 09.09.13 at 10:43 pm

Do we (the EU) still have a face to lose on those matters ? Honest question .

Italy was born in its present incarnation after the defeat in ww2, and it is accepted by most people in Italy that we are essentially a tributary state of the USA on military matters . The only people questioning this are right wing nationalists or left wing antiamericans who in the cold war liked more the USSR.
Maybe people in other parts of europe have a different view but I doubt most people will be very surprised or outraged by this.

9

Straightwood 09.09.13 at 10:46 pm

Advocates of democracy never anticipated an era when issues affecting the broad public would be so complex that an apathy of ignorance would take hold. The general public can’t be bothered with learning about network communications and encryption, so rogue spy agencies like NSA are allowed to run wild. The only realistic hope we have for restraining the NSA is that monied interests that don’t want their secrets known will bring their political power to bear.

10

Bruce Wilder 09.09.13 at 10:59 pm

Does it matter that the SWIFT financial messaging system is clunky and error-prone?

11

Bruce Wilder 09.09.13 at 11:12 pm

Straightwood: The only realistic hope we have for restraining the NSA is that monied interests that don’t want their secrets known will bring their political power to bear.

I presume that the plutocracy prefers, and is working toward, extreme asymmetry in information: what they own, they own; what you own is negotiable, etc.

12

ChrisB 09.10.13 at 12:04 am

So all the information in the entire electronic communications system of the world is now being bugged and searched. We have what is by orders of magnitude the largest data bank ever conceived, giving us Laplacian knowledge about our society at every point in time. I’ve occasionally speculated on the kind of data cornucopia we could have if we weren’t obsessed with privacy – and now we’ve got it.

And what are we doing with it? If you believe the government, they’re looking for terrorists; if you listen to just-proven-correct paranoiacs, they’re looking for opposition; in any case, how terribly trivial.

We have a corpus that contains the answers to almost any question about human beings. We have the oracle in front of us. And all we can ask it is “Who is going to plant a bomb where?”
it’s been pointed out that this is expensive and inefficient – it would pay us to dismantle it unless it was stopping one 9/11 a month – but not much attention has been paid to the opportunity costs. We’re not asking how many people with prescriptions for drugs A and B and C but not Q visit emergency rooms, or what proportion of users of different mobile phones have convictions for domestic violence, or which mobile phones correspond to an unusual number of burgled houses, or (with SWIFT) if there are patterns in financial data that would predict crashes…. why isn’t there an industry (recruiting many CT personnel, ideally) for thinking up questions?

Privacy’s dead, and we’re not getting anything worthwhile out of it.

13

mud man 09.10.13 at 12:12 am

James Clapper, said: “… many important reasons: for one … early warning of international financial crises”

Some places that’s called Insider Trading.

14

Straightwood 09.10.13 at 1:38 am

I presume that the plutocracy prefers, and is working toward, extreme asymmetry in information: what they own, they own; what you own is negotiable, etc.

Not so. The plutocracy is not monolithic. Goldman Sachs competes with other financial giants. The Koch brothers have a different agenda from the Waltons. They are like feudal lords, and I don’t think they will let politicians peep through the windows of their castles.

15

bianca steele 09.10.13 at 1:45 am

Does it matter that the SWIFT financial messaging system is clunky and error-prone?

No more than it matters that “TFTP” was an unfortunate choice of acronym for a new classified networking application.

16

Al 09.10.13 at 4:38 am

Shah8 is correct. The neutrality of cooperative systems like SWIFT is essential to global economy, not only global finance. Impairing this neutrality with attempts to get data out of SWIFT outside of the already outrageous EU-US agreement is taking the risk of creating an even more unstable and less efficient financal and economical environment.
This always go down on people like you and me at the end.
Bruce, not sure what you are talking about.

17

Pete 09.10.13 at 10:20 am

@Straightwood : how do we know that the billionaires haven’t compromised the security agencies? In the UK we’re still slowly unravelling the connections between News International and the Metropolitan Police.

Snowden leaked on principle. What’s to stop someone in his position leaking for a vast amount of money?

The SWIFT business is going to be used as ammunition by Bitcoin advocates, but how do we know bitcoin isn’t an NSA plant intended to waste time of people who understand crypto and lure them into a situation where they can be rolled up on money laundering charges?

In the case of EU data protection/safe harbour, I think that either the surveillance has to be legitimised or the agreement ended. The current situation where companies are obliged to disclose EU data to the US government and then lie about it is not tenable. However, I don’t think the EU has that much of an appetite for a fight. The parliament does: http://www.pcworld.com/article/2048424/eu-politicians-call-for-suspension-of-datasharing-deal-amid-new-nsa-spying-allegations.html but its influence is very limited; the EU is not a properly democratic institution.

18

NR 09.10.13 at 10:59 am

Random Lurker @8 Do we (the EU) still have a face to lose on those matters ? Honest question.

And let us not forget the forced grounding of a Latin American head of state’s flight, assumedly on US orders. When I hear that EU leaders are very upset at NSA’s spying on them, and strongly worded statements hinting that they will do something about it, I am reminded of the schoolyard taunt, “oh yeah? you and what army?” But this time it is literal.

European leaders have no face internationally. Their main interest now is to somehow maintain face before their own populations, and this is getting harder and harder to do. The US has essentially “bitch slapped” them, sending the message that it does not need to help them save face domestically.

19

Random Lurker 09.10.13 at 2:19 pm

@NR 18
“Their main interest now is to somehow maintain face before their own populations, and this is getting harder and harder to do.”

I certainly agree with you about the international face, but my question is, do the european leaders really feel the need to mantain face before their own populations?
I ask this because I’m quite certain that Italian leaders wouldn’t even try to, since the idea that Italy has to follow the USA wherever the USA goes is commonplace and accepted by most people, because it is seen as a natural consequence of italian defeat in WW2. I think that most italians would agree that, on balance, this was a positive fact for Italy. However, maybe other european nations have a different self-perception.

So I ask to other european commenters: do people in your nation actually expect your government to have some indipendence from the USA, or is “poodleness” accepted as a natural fact?

20

ajay 09.10.13 at 2:20 pm

13: it’s only insider trading if you trade on it…

21

central texas 09.10.13 at 2:42 pm

“mud man 09.10.13 at 12:12 am

James Clapper, said: “… many important reasons: for one … early warning of international financial crises”

Some places that’s called Insider Trading.
14″

As observed by emptywheel, we ran this experiment and the Gen and his minions failed absymally to detect, let alone respond to, just such a crisis.

They snoop and collect and threaten and threaten and rationalize because they can, not because they must. The point is power, not effectiveness or utility.

22

Zamfir 09.10.13 at 4:01 pm

[i]So I ask to other european commenters: do people in your nation actually expect your government to have some indipendence from the USA, or is “poodleness” accepted as a natural fact?[/i]

For the Netherlands: I think most people accept that we would be following someone’s line anyway. Our armed forces and secret services are very Atlanticist, many of them probably prefer working with the US over a more independent line. I am personally highly uncomfortable with their good relations with the US, but I am not sure if that discomfort is widely shared.

If Germany were to strongly push for a more independent military Europe, I suspect the Netherlands would follow. But such impulses tend to come primarily from France, and France is not more popular than the US. Less so, probably. The same arrogance, but then in French which we do not speak.

Swiss or swedish quasi-neutrality doesn’t have a noticeable support. I don’t know why exactly, it worked in WW1. Perhaps after WW2, no one believed it could work again.

23

Martin Bento 09.10.13 at 7:28 pm

Here’s an example of what Bruce means by information asymmetry. Google hacked into all kinds of people’s personal networks when they were out photographing for Google Earth. Not clear why or what they did. They blew off a Congressional investigation and got fined 25K.

If I hacked into one of Google’s networks, what do you think would happen? It wouldn’t matter if they had been careless and left it poorly secured. It wouldn’t matter if I didn’t actually take or alter any data. A “private” network owned by me and one owned by Google are not “private” in the same sense, even in the law as applied.

Now one could say that’s a corporation, not a rich individual, but corporations are the primary means through which the power of the rich is exercised.

24

Random Lurker 09.11.13 at 8:32 am

@Zamfir 22

Thanks, unforunately my survey wasn’t all that succesfull, however I’ll count it as a 2 to 0 in favor of poodleness.

25

hix 09.11.13 at 12:30 pm

Same in Germany id say. A little better than 10 or 20 years ago.

26

Billikin 09.12.13 at 2:01 am

James Clapper: “it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy.”

And how is that working out for us?

Comments on this entry are closed.