i am sorry

Be very, very quiet: Hayden Speaks

Big Brother?  Small fry.  Dr. Strangelove?  Amateur.  This interview in Der Spiegel reveals that the former chief of the NSA sees the world in a way most of us do not.  A few gems, if I might be allowed, Dear Reader?

Hayden: We Americans think of military doctrine and “domains” — land, sea, air, space. As part of our military thought, we now think of cyber as a domain. Let me define air dominance for you: Air dominance is the ability of the United States to use the air domain at times and places of its own choosing while denying its use to its adversaries at times and places when it is in our legitimate national interest to do so. It’s just a natural thing for him to transfer that to the cyber domain. I do not think it [the NSA] is a threat to world peace and commerce any more than the American Air Force is a threat to world peace and commerce.

Uhhh…okay.  The problem with analogies is, General, both parts have to be…awww…skip it.

Hayden: The whole question about the chancellor has made this much more difficult. Although I’m not prepared to apologize for conducting intelligence against another nation, I am prepared to apologize for embarrassing a good friend. I am prepared to apologize for the fact we couldn’t keep whatever it was we may or may not have been doing secret and therefore put a good friend in a very difficult position. Shame on us. That’s our fault.

Sooo…you’re sorry you did it?  Or sorry that you may or may not have done it?  Or sorry that someone found out?  But still…sorry, right?

Hayden: …to be perfectly candid with you and your readers, the president promised to not surveil Angela Merkel. This was not a promise in perpetuity that no head of the German government would be surveilled.

OK, so not that sorry then.

Enjoy the rest of the article.  Good stuff.


Snowden, 多谢 多谢

Snowden is the gift that keeps on giving — to the Chinese government.

The latest revelation has it that the NSA compromised Huawei, the world’s largest telecommunications and networking equipment maker. The agency had two objectives, according to The New York Times: first operation “Shotgiant” attempted to find links between Huawei and the People’s Liberation Army, according to a 2010 document. The NSA was concerned, not without justification, that “Huawei’s widespread infrastructure will provide the PRC with SIGINT capabilities.” The second objective is more creative: the NSA compromised Huawei because, as one document said, “many of our targets communicate over Huawei produced products, we want to make sure that we know how to exploit these products.”

How successful was the NSA in both respects?

Regarding the first, we don’t know for sure, but it seems unsuccessful. Shotgiant was remarkably high-profile: it involved the White House intelligence coordinator as well as the FBI. The operation started already in 2007. But a 2012 House Intelligence Committee report on Huawei and ZTE, another Chinese company, found no evidence confirming the suspicions links to the PLA (or at least it didn’t make anything public).

How about the second goal, exploiting Huawei themselves? We also don’t know. The New York Times and Der Spiegel articles so far aren’t very precise on the technical details (there’s more to come, says Der Spiegel). It appears the NSA got access to the source code of individual products. But it is unclear what kind of products. It is also unclear if the products were actually compromised for exfiltration to the NSA without Huawei noticing this (this isn’t trivial from an engineering perspective). And it is unclear if the NSA actually exploited targets this way.

But we do know something. Four points leap out at me:

First, there is now more publicly available evidence that the NSA exploited Huawei than there is public evidence that shows the PLA or other Chinese agencies did so. That is remarkable.

Second: if the US government has evidence that they didn’t publish in the 2012 report, they should do so now. If they don’t publish evidence, then Huawei’s case, that its products are not compromised by the Chinese government, will gain credibility. Huawei’s argument that they are clean always made complete sense from a business perspective. Their incentive to offer trustworthy products is the same as, say, Google’s incentive to offer trustworthy products to all its customers. (But then there is, of course, the possibility that the Chinese government has compromised Huawei without their acquiescence, sounds familiar?)

Third: if Huawei so far resisted pressure from the Chinese government to be exploited for intelligence collection, then it will become a good deal harder to continue to resist that pressure in the future. Because now the PLA has a great new trump card up its sleeve: if their modified code would ever get caught, say by the UK cell that evaluates Huawei products, they could simply say, “Well, that was the NSA, didn’t you read about that in The New York Times?” If that argument makes technical sense is difficult to say on the basis of what we know — but that rarely stopped people in the past.

And finally: many users seem to trust companies and equipment makers based on their national background. Think Schengen-routing or Norwegian email providers. That argument never made much sense. If the US can exploit Chinese products, why should Russia not be able to compromise German products? The idea that a re-nationalisation of products, services, and networks would increase security is simply laughable.

What matters is the quality of products, the quality of encryption, users’ security setups, and whether you live in an open democracy or not.


Shotgiant: NSA hacking ‘revelations’ undercut US strategic narrative (again)

Snowden keeps on rolling, much to the unease – and occasional disgust – of the US and its allies. As it does so, there’s a distinct sense of exasperation even amongst folks who really aren’t gunning for the US or the UK (in particular). Were they really acting in such a way that were their cover to be blown, they would be left with serious egg on their faces? Were they OK with that? Why the serious disconnect between policy and practice? Or, at the very least, why the apparent inability to minimise the visible gap between what the US and allies say they stand for, and what they actually do?

In a sense, there’s little new here: this is the stuff of political scandals ancient and modern. Iran-Contra springs to mind as a modern example of elements of the state apparatus acting in institutionally-condoned contravention of extant legislation and overt policy. There are many, many more and one should not point the finger at the US as the sole – or even worst – perpetrator of double-standards in state activities.

The US may, however, lay claim to being perhaps the most self-defeating. Partly this is due to its status as global hyperpower – anything it does must inevitably be viewed in light of its unique position amongst states. When the loudest voice in the room says one thing and does another, everybody heard it the first time around and remembers what it said. Moreover, opponents are usually only too keen to throw those words back in its face.

So, another exposure in The New York Times, another day. Another opportunity to say, wtf? Or, in conspiracy circles, ‘I told you so’, an utterance generally intended to justify past speculation rather than reasoned argument. This time, it seems that the National Security Agency (NSA) has been up to no good in the networks of Chinese telecoms giant, Huawei.

The problem is not so much that the NSA has been infiltrating a foreign company in the furtherance of the national interest – that much seems normal in a way unthinkable five years ago. The real issue is that Huawei is the company consistently identified in Congress and media as a national security threat to the US – on account of its unproven hacking activities with respect to US networks. Rather inevitably, the US ends up looking like a hypocrite at worst, or strategically incompetent at best.

I’ve written before that it might serve Huawei’s interests to be more open about its business practices, thereby allaying Western suspicions about its links to the Chinese military. In some ways, Huawei has done just that. For example, it has had to allow GCHQ a strong hand in the management of its UK facilities, surely not an easy pill for any private company to swallow. But while Huawei has seen that some compromise is necessary to further its interests, both the US and UK have continued to voice their concerns about the company, specifically framing it as a security threat and making it difficult for the company to do business, in the US particularly.

What the NYT report (also Der Spiegel) shows is that one NSA operation, Shotgiant, has been around since at least 2010. This was tasked with finding links between Huawei and the People’s Liberation Army (PLA), the conclusions of which enquiry we do not know. Over this same period, policy-makers and Congressional committees tore strips off Huawei for its alleged activities: hacking into sensitive private and public sector networks, copying data, impacting US competitiveness, and so on. This might be true – no evidence has been produced to support these arguments or to counter them – but what is apparent is that while Huawei has been accused of such things, the most technically competent agency in the US has actually been doing more-or-less the same.

We can argue about whether the NSA technical operations themselves were in the national interest, or if Huawei is ‘guilty’ or not, or whether the Snowden/NYT/Guardian/Greenwald axis is traitorous/etc, but none of these sideshows is particularly relevant to the main event: the US has been caught with its hand in the cookie jar again. Yes, you can condemn Huawei’s alleged activities as illegal corporate espionage and justify NSA actions as legitimate operations in the defence of the national interest but to the rest of the world that’s splitting hairs and an argument that won’t, for the most part, be heard. The Chinese are, for example, emphatically not blameless in this area but that’s not what people are likely to – or even want – to hear.

What is – or perhaps should be – one of the chief lessons of Snowden and, to a certain extent, Manning/Wikileaks, is that justifying covert US military and intelligence operations post facto is a tricky business. When your private actions compromise your public words, you’re in trouble. We common folk have a name for this: hypocrisy.

When what you do damages your reputation because it undermines your strategic narrative, perhaps you either reconsider your narrative or think again about what you do. Preferably, both. Or does the US simply not care? Perhaps hypocrisy is the narrative.

Of course, that’s a naive view of the business of international relations. Or is it?

clausewitz webz

23 Reasons Why Cyber Strategy is Bunk

Well, that’s not quite what he said at all but Martin Libicki has some words of wisdom for anyone still looking for the ‘digital Clausewitz’, or any similar mould-breaking, genre-defining strategist for the ‘information age’.

In a new article for Strategic Studies Quarterly, Libicki suggests ‘Why Cyber War Will Not and Should Not Have Its Grand Strategist’ [pdf]. He makes three key points about why we should not be looking for a ‘cyber’ equivalent of the ‘classics’ of Mahan, Douhet or, indeed, Clausewitz:

First, the salutary effects of such classics are limited. Second, the basic facts of cyberspace, and hence cyber war, do not suggest that it would be nearly as revolutionary as airpower has been, or anything close. Third, more speculatively, if there were a classic on cyber war, it would likely be pernicious.

On the first, it’s not always a strategist’s fault if those who follow him misrepresent him somehow in word or deed. Basil Liddell Hart laying responsibility for the ‘progressive butchery’ of World War I at the feet of Clausewitz is a case in point. Libicki rightly notes, however, that the ‘classics’ of strategy – land, sea, or air – quite often serve greater heuristic functions than they do guides to action. The danger lies, writes Libicki, ‘when such thinkers are cited as authorities [and] their arguments are converted into answers, at least in the minds of their adherents’. We have to be careful, therefore, in transposing tenets of the classical strategic canon into ‘cyberspace’.

The second point is largely an explanation for the first. Libicki presents a nuanced argument for why cyber war/fare is significantly less revolutionary than it is often presented, a position also taken by several writers of this parish. I won’t rehearse those arguments here, except to say that Libicki is onto something fundamental here: success in the ‘fifth domain’ is often unpredictable, which makes it a very risky proposition, tactically, operationally and strategically. Says Libicki, ‘Everything appears contingent, in large part, because it is’. Hardly the basis for a grand theory of cyber war, he reasons.

The third point stems from the second. If information environments are currently evolving so fast, yet we get locked into ways of viewing them based on past classics of strategy, the effects could be distinctly ‘pernicious’. To summarise a subtle argument in brutal fashion, the strategic utility of cyber war is over-rated but its complexities are under-appreciated. Getting rail-roaded into traditional modalities is ‘misleading, even harmful’, especially if cyber war is sufficiently un-strategic to warrant such a treatment in the first place. The search for a ‘cyber Clausewitz’ is not only potentially counter-productive but essentially pointless.

Libicki’s not arguing for a non-strategic approach to ‘cyber’ but he does offer a compelling argument for why war-fighters and politicians should be wary of expecting too much of this novel medium. We should not await or desire, he argues, the emergence of a strategic colossus because, in the main, there’s no need.

In concluding, Libicki writes:

Furthermore, there are good reasons to believe that its contribution to warfare, while real, is likely to be modest, while its contribution to strategic war is a great deal easier to imagine than to substantiate.

What say you?



View from Tsar's Path, Yalta

Chess on the Crimean Riviera: What if Europe and the United States had been smart in the Ukraine?

It is very likely too late now, events are falling to sustain Putin’s actions in the Crimea. But what if we had been really quite smart about it? Made Putin an offer he could not refuse. Instead of trying to force him to capitulate, hold him to his word. He supported minority rights of the Ukrainian Russians in the Crimea? Then the US and Europe ought to have gotten on side and declared their agreement with him. Why wouldn’t we? My goodness, it is the right thing to do. The sad spectre of Yugoslavia is the analogy, not Munich. And that would have made for some great speech making material.

Follow quickly with a resolution in the UN, properly worded to describe the mission as one of a protective detail. Throw Putin a bone and let the Russians take the military lead, we are just happy to be there to help. Then you would have had a coalition of international forces in the country, there to protect the ethnic Russians.

In recognition of the favourability of self-determination, you can also recommend a delegation of Scots to discuss responsible plans to decide whether to dissolve political ties between the Crimea and Ukraine and establish those with Russia. This is not a decision to be taken or implemented at short notice. 

Simultaneously, you get the Ukrainians to awaken to the fact that lest they dissolve to pieces they need to get on the side of righteousness and light with respect to its ethnic minorities. The great lesson of the US and the UK is that immigrants and minorities are happy to support the home team if you only just let them feel at home. It really is that simple.

To those who will want to quickly dismiss the idea because Putin would block any action by the UN Security Council, please do consider how he would manage to explain his rejection of international support. And even if he did object, did resist, that decision would put Putin in a terrible diplomatic position in the world.  No, you must accept that he would have found himself on the horns of a dilemma. The only smart move would have been to smile and play ball, that being the lesser bad of the options.

I am weary of the same stale formulas to deal with crises. Too much is about seeming strong according to some hyped up highly kinetic standard. I, for one, would prefer smart. Forcing the territorial integrity side was the club. The issue of minority rights was the lever. We all know which choice is the better, for being strong by being smart. 

It is time for people to remember that strategy does not necessarily mean breaking things. And if we want to be historical about it, the reliance upon attrition as the strategic theme since WWI is to blame and needs to be dropped. Armed forces are too expensive, capabilities too destructive, and people too critical for this approach to be effective any longer. We need more Bismarck, less Moltke.


Beware ‘experts’

What is the point of expertise in foreign affairs? A recent study of expert judgment on Ukraine confirms that being an expert is of no great utility in predicting social behaviour. In fact, working at a top university made you comparatively worse than other ‘experts’.

Oh dear. And yet, I’m constantly asked by friends outside the discipline, ‘Ken, what do you think is happening in the Ukraine?’ What we have here is an illusion of knowledge, or an argument from authority. Give someone a title, an office in an ivory tower, some knowledge of history, maybe some language skills, and you create an illusion of understanding. A confident manner, bold, snappy, authoritative statements, all boost credibility.

So much for prediction, what about understanding? Surely expertise helps us here? Plenty of tenured posts depend on it.

But I think not. ‘Hindsight bias’ describes our tendency to find causal relationships when looking backwards into the past. My students do so frequently when asked to judge whether or not someone was a good general. With the exception of German panzer generals (for reasons I don’t quite fathom), good generals tend to be those that won – the outcome explaining the quality of their generalship, quite aside from the myriad other factors that might actually have been involved.

Experts are often no better, I am sure. One thing we are very good at is storytelling – finding meaning, pattern and causal relationships amidst the clutter of complex social affairs. We underplay the random and blind chance.

You think then that we’d be more modest about it all, but then one suspects that ‘experts’ are as susceptible to a final bias as the rest of us – the optimism bias: assuming that we ourselves perform better than everyone else.

civ mil rels

Teaching Civil-Military Relations: Top Fiction Readings/Films?

Dear Readers, although I am the quintessential bureaucrat (Balzac is my middle name, after all), I also dabble in teaching from time to time.  I am looking to refresh a course on civil-military relations and, as part of that process, to spruce up the fictional offerings with which I pepper my syllabus.  So, given that crowdsourcing is the new analogue for wisdom, I am seeking your suggestions.

Of course, there are the usual canonical choices. For books, there are Starship Troopers and 1984.  For films there is Dr. Strangelove.   I am not looking at ‘war’ more generally (Christopher Coker’s wonderful new book Men at War from Hurst ploughs this fertile ground with effortless aplomb); I very much want to focus on allowing students to examine civil-military relations in an applied setting, albeit a fictional one.  The works can highlight the relationship between the political executive and the military and/or between the military and society.  While I am sure there will be a number of pieces set in America, other milieux would be more than welcome.  Past, present, future; literal, allegorical…bring them on!

Westminster, London

No, You Can Trust the Police: Thoughts on the Ellison Report and Policing

The easy response to the findings of the Ellison Inquiry is that it proves a general negative about the police generally or the Metropolitan Police Service specifically.

I get the emotional responses. Nevertheless, these events in fact demonstrate the opposite. This is not to say that the errors did not occur and problems did not exist. Neither do I mean to suggest that they do not require redress. Of course that must happen. But none of this sustains a position of universal distrust. Furthermore and crucially, these events can inspire the opposite response and be the means to progress.

Turning first to the new information, to be fair a close reading of even the Summary of Findings suggests a more nuanced picture than is portrayed in the news. It is enough to point out, for example, that the issue of corruption covered in the report went only to a specific and somewhat rarefied portion of the Met or its work, not the force as a whole. But for the moment we will take the report’s findings as reasonable and mostly correct.

First, the findings demand perspective. It must be accepted that in any given population there will be bad eggs. (Crassly put, it is the Jackass Rule.) Furthermore, there is no escaping Murphy’s Law or that for every so many events there will be mistakes and bad action. This state of things is inevitable, but does not define the whole. The individuals who comprise the vast majority in any given population (including the police services) are decent to good and even often excellent, and most of their efforts are well within the limits of what society can tolerate. Thus, Ellison can stand and the Met can still deserve the trust of the people.

Next, given the first point, although it may seem as though there are many problems with policing, this is due to the oversight and public relations functions and not to a greater rate or intensity of occurrence. This process of review and revelation is a very good thing for society and a very necessary thing for policing by consent. Bear in mind, however, that if any segment of society were held to such account the results would not differ. Thus, if policing must be (and is) rigorously policed, then we also must be realistic about the fact that the bad will be found and made public. A “zero defects” requirement is not a viable option.

Accepting, then, that there will always be some bad news (within a vast sea of good and proper behavior and success), it is not fair, correct or productive to use that fact as a club with which to bludgeon all officers or sully entire institutions. The alienation of the individuals who serve and serve well is the consequence and is to the detriment of all. The title for this piece was inspired by The Times headline of the opposite meaning, a blanket indictment of all, which shouted to me early Friday morning. I further noted in the television coverage that the stock footage for this story prominently featured images of uniformed officers walking the streets, entirely unrepresentative of the actual story but unequivocally indicative of the vast bulk of the force. Imagine the furore if the criminal activities of a small percentage were used to sully an entire group? Ah yes, no imagination is necessary. We know that racial profiling for criminality is odious – upon reflection it ought to be clear that the approach is similarly tainted when used against any population.

More importantly, where the desired behaviour by members is to self police, protecting the whole against the sins of the few is necessary. Retribution for whistle blowing is the obvious usual obstacle to the act. And yet, equally as chilling to the proclivity of good people to step forward to speak out when wrong has occurred is the fear that such revelations will be used to taint the efforts or reputations of all. To encourage police officers to do the right thing in the face of wrongdoing, not only must they be protected from the wrath of the institution, but also the institution and its people beyond the wrongdoing must be protected from the undue wrath of the public and government. Taking recent revelations on their own would suggest major problems. However, pitting them against the millions of man hours of policing work done annually shifts the perspective. Police officers must be able to trust that the majority will be protected and not tainted on the way to rooting out problems.

And so, as I view the meaning of the independent review it is very important that it delivers on a mighty promise of civil society governed by laws. In this case, even after the passage of decades, the institution and its personnel remain responsible for their actions. To be held to such account is more than most could withstand. Whether the path from here is progress and reform or alienation and mistrust on both sides depends as much upon the willingness of the public and government to moderate the wholesale condemnation of all as on the willingness of the police and its organizations to accept the need for change. If not as easy, then, the better response is to regret the bad but value its identification. Such a stance can open the door to a healthier dialogue between policing and society to the improvement of the former, comfort of the latter and respect of all. A virtuous cycle.

It is right and proper to keep a watchful eye upon the organs of the state and government. They must necessarily exist, but whether they serve or distress society is dependent upon both vigilance and tolerance.

Screen Shot 2014-03-07 at 10.13.22

Film screening: The Unknown Known

London-based KOW readers may enjoy this new documentary film by Errol Morris on Donald Rumsfeld, The Unknown Known.

In The Unknown Known, Academy Award-winning director Errol Morris offers a mesmerizing portrait of Donald Rumsfeld, the larger-than-life figure who served as George W. Bush’s secretary of defense and as the principal architect of the Iraq War. Rather than conducting a conventional interview, Morris has Rumsfeld perform and explain his “snowflakes” — the enormous archive of memos he wrote across almost fifty years in Congress, the White House, in business, and twice at the Pentagon. The memos provide a window into history — not as it actually happened, but as Rumsfeld wants us to see it. By focusing on the “snowflakes,” with their conundrums and their contradictions, Morris takes us where few have ever been — beyond the web of words into the unfamiliar terrain of Rumsfeld’s mind. The Unknown Known presents history from the inside out. It shows how the ideas, the fears, and the certainties of one man, written out on paper, transformed America, changed the course of history — and led to war.

Screening times followed by Q&A with the filmmaker and venues may be found at the link above. Prof Theo Farrell, head of department here, who has seen the film (I have not) describes it as ‘very clever and compelling…riveting to watch’.



Louis CK Does the SDSR

Yesterday saw some good pieces expressing discontent at budgets presented as strategy documents both here at home (in both senses of the word!) and in America, over at War on the Rocks. In national security terms, democracies seem to have lumped for a security/freedom balance which involves the secret conduct of military operations, backed by public strategy documents to give the public an inkling of what is going on in terms of defence planning. We (the public) don’t get to know the ins and outs of military affairs, but it is expected that the government tells us what is going on, what it is planning for, and, perhaps, a reason for shelling out mind-bending sums of money on aircraft carriers, next generation planes and so on. Unfortunately, as both articles point out, we now get budget documents dressed up as strategy documents. Time after time, the public is proffered a list of threats, and then ‘sold’ defence reforms as means of preparing for those threats, when in reality, the disconnect between the ‘strategy’ and the ‘solution’ is clear for most to see.

Last night I also happened to re-watch Louis CK’s most recent set, Oh My God, which I was lucky enough to see in person at the O2 a year or two back (you can purchase a copy for $5 direct from the man himself here). For those unwilling to watch the full thing, let’s cut to the chase, Louie’s “of course, but maybe…” skit. You can watch the full clip here, but some might consider the later bits offensive, so let’s stick to the, uh, least offensive piece of comedy gold:

Everybody has a competition in their brain of good thoughts and bad thoughts. Hopefully, the good thoughts win. For me, I always have both. I have like, the thing, I believe the good thing, that’s the thing I believe and than there is this thing. And I don’t believe it, but it is there. It’s always this thing and then this thing. It’s become a category in my brain that I call “of course but maybe”.

I’ll give you an example, okay? Like of course, of course, children who have nut allergies need to be protected, of course. We have to segregate their food from nuts, have their medication available at all times, and anybody who manufactures or serves food needs to be aware of deadly nut allergies, of course, but maybe.

Maybe if touching a nut kills you, you’re supposed to die.

So that had me thinking about the “of course but maybe” of public strategy documents:

Of course governments need to tell the public about the threats that they face. Of course. In any democracy accountable to its people it would be fundamentally wrong for a government to make plans about life and death without giving the public an outline of what is threatening them. War is such a terrible thing that it would be fundamentally wrong for a democratic government to plan for it in secret, of course, that is so plain it doesn’t need explanation. And of course, the government needs to explain why it is spending money on tanks, planes and ships instead of hospitals. In an open society the public deserves to be spoon fed information at every step of this process, of course, but maybe.

Maybe if governments can’t admit their weaknesses in public, they should admit that, and do strategy in private. Maybe the spectacle of Western governments publishing report after report of half-squared circles is a sign of weakness to people that still treat international politics as a zero-sum game. Maybe if all the above is untenable, governments should make a stock front cover for future defence reforms: “The best we can afford, given current market conditions.”