State-sponsored espionage whether Chinese or American puts us all at risk

Cyber espionage and the real problem with 5G Technologies

To put things in a nutshell, the United States has won its all-in war against Huawei.

Those words were written by Wesley Wark, one of Canada’s foremost national security experts, in a commentary we highlighted in our 20 July 2020 blog entitled Canada, Huawei and the role of intelligence agencies in a modern democracy.

Recall also Professor Wark’s assessment that

the U.S. had failed to provide any “meaningful evidence” that Huawei represented any kind of security threat as a spy proxy for the Chinese government.

For an in-depth, extensively sourced, examination of just what the war on Huawei entails and the reasons behind it, see The US War to Destroy China’s Crown Jewel and Secure US Cyber Supremacy (Stephen Gowans, gowansblog.org, 6 July 2021).

Gowans explores the “multidimensional” American campaign against Huawei, arguing that trying to block China from achieving success in key emerging technologies is just one impetus.

In Gowan’s view, America also seeks to forestall the negative impact Huawei’s inclusion in 5G networks would have on its own spying:

As a Chinese company, Huawei is far less likely to cooperate with US intelligence than equipment manufacturers based in countries under US influence. The latter can be expected to accede to Washington’s demands to comply with US intelligence community requests for cooperation; not so Huawei.

Huawei Canada and 5 G – the real vulnerabilities

The solution to Canada’s 5G problems will not be found in policies that principally address one company. Instead, a robust and vendor-neutral approach is required.

We will return to the larger issue of state espionage later in the blog. First it is necessary to examine the true nature of the vulnerabilities in the inclusion of Huawei Canada technology  in our 5G networks.

Chris Parsons of the acclaimed University of Toronto-based Citizen Lab, the author of the quotation opening this section of the blog, has published a report entitled Huawei & 5G: Clarifying the Canadian Equities and Charting a Strategic Path Forward (8 December 2020). He writes:

the report asserts that Canada does not have a ‘Huawei problem’ per se. Instead, Canada has a 5G strategy problem that is linked to the Government of Canada lacking a principle-driven set of integrated industrial, cyber security, and foreign policy strategies that directly and meaningfully address the challenges raised by the current and expected 5G landscape.

In essence, the Huawei problem should really be reframed as a problem about the Government of Canada’s ongoing failure to coordinate across and outside of government to develop a cohesive approach to secure communications infrastructures regardless of whether the vendors powering those infrastructures are based in China, Korea, Norway, or Sweden.

In his March 2021 testimony before the Senate Special Committee on Canada-China Relations, Parsons went on to say:

Given the current state of manufacturing of products and delivering services, we recommend that any policies which are adopted to enhance trust in products and services remain vendor-agnostic, and be designed to recognize that obvious competitor nations and allied nations alike may be motivated to compel companies to adjust their products to achieve national aims.

For more background information, see Huawei and 5 G Explained (Citizenlab.ca, 8 December 2020).

And for another analysis by Christopher Parsons, this time on the dangers lurking in mandatory national security assessments of academic research, see Canadian National Security Assessment Rules Endanger Scholarly Research, an article that first appeared in the Globe and Mail on 14 July.

In the view of the Rideau Institute:

The common thread and problem with all these stories is the serious distortions in policy resulting from indiscriminately hyping the China “threat”.

State-sponsored espionage and the spyware trade: the larger context

The Pegasus Project is a collaborative investigation that involves more than 80 journalists from 17 news organisations in 10 countries coordinated by Forbidden Stories with the technical support of Amnesty International’s Security Lab.

The focus of the project is the NSO Group, an Israeli technology firm, and its clients. The company sells surveillance technology to governments worldwide.

Its flagship product is Pegasus, spying software — or spyware — that targets iPhones and Android devices. Once a phone is infected, a Pegasus operator can secretly extract chats, photos, emails and location data, or activate microphones and cameras without a user knowing.

In a recent Guardian.com article entitled Revealed: leak uncovers global abuse of cyber-surveillance weapon (18 July 2021), the sub-head reads:

Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests

Canadians should recall that this same spyware was used by the Saudi regime to infect the cell phone of Canadian permanent resident and Saudi dissident Omar Abdulaziz. He in turn had been in regular communication with journalist and friend Jamal Khashoggi, who was assassinated by the Saudi regime in October 2018.

These latest revelations by the Pegasus Project have spurred calls for government action, with NSA whistleblower Edward Snowden warning:

Governments must impose a global moratorium on the international spyware trade or face a world in which no mobile phone is safe from state-sponsored hackers.

Commercial spyware has made it cost-efficient for targeted surveillance against vastly more people. In Snowden’s view:

Their only products are infection vectors. They’re not security products. They’re not providing any kind of protection, any kind of prophylactic. They don’t make vaccines – the only thing they sell is the virus.

For more on the interview with Edward Snowden, click here.

Why isn’t there a global moratorium on the spyware trade?

Government action is not going to happen because governments all have a stake in this industry.

An Al Jazeera Inside Story entitled How vulnerable are we to spying technology (21 July 2021) provides a possible reason for the lack of effort to rein in this malware.

Panelists for this programme included the Canadian founder and director of the Citizen Lab at the University of Toronto’s Munk School, Ronald Deibert, who was asked the direct question:

Why is nothing being done?

He answers:

First of all, we need governments to move on this. Colleagues at the UN and others are calling for a moratorium on the sale and transfer of this type of technology until abuses can be fixed.

He continues:

[Government action] is not going to happen because governments all have a stake in this industry [in support of] their foreign espionage efforts.

The NSO Group offers them “off the shelf signals intelligence”, or what can aptly be called  “mercenary spyware”.

Deibert is calling for a “global coalition” of governments to champion effective regulation of an industry which clearly has become a global national security threat.

In the view of the Rideau Institute:

We have a fundamental problem here. States, in their pursuit of methods to enhance their own espionage capacity and downgrade that of their adversaries, are endangering the general security of the entire cyber infrastructure on which we all depend.

Whither Canada?

We join in the Citizen Lab call for Canada to develop rigorous, vendor-neutral standards for 5G technology providers and beyond.

Given the extreme risk posed by NSO spyware, we urge Canada to champion ongoing UN-based efforts to achieve a global moratorium and, in any event, to ensure this technology is subject to a Canadian import ban.

For another dimension of the problem of foreign espionage that puts us all at risk, see the Al Jazeera Inside Story from 20 July entitled How will China face hacking accusations? The focus is on recent allegations of “Beijing-affiliated” cyberattacks on Microsoft servers levied by the USA in concert with allies including Canada.

RI President Peggy Mason comments:

A key distinction is made by panellist Professor James Shires. The initial intrusion into the Microsoft servers he describes as espionage in which many states, and certainly the USA, engage.

The problem was that, when caught, the intruders engaged in “reckless behaviour”, spreading the attack to many more computers and opening the way to criminal hackers.

China denies the allegations.

One thing is clear. The murky world of espionage is inhibiting urgently needed efforts to develop broadly agreed multilateral rules and norms eschewing cyber activity that puts us all at risk.

Economic sanctions and the laws of war

Sanctions… are not a humane alternative to war. In reality they routinely imposed indiscriminate harms on civilian populations in ways that far exceed what would be permissible in the battlefield.

In the context of Iran, Venezuela and most recently Cuba, past blogs have highlighted the cruel and counterproductive impacts of broad-based non-UN-authorized economic sanctions.

Two leading international lawyers, the authors of the above quotation, deepen those arguments in a riveting article as pertinent today as when published in March 2020. See Sanctions Are Inhumane—Now, and Always (Asli Bâli and Aziz Rana, bostonreview.net).

For an up-to-the minute podcast featuring one of the authors, Asli Bâli, click on the arrow below:

 

NOTABLE NOTES

Iran after the election

For an illuminating and sobering analysis of what to expect from the new hardline Iranian government, see The West Must Expect Strategic Continuity from Ebrahim Raisi’s Iran (Bijan Ahmadi, Younes Zangiabadi and Arta Moeini, nationalinterest.org, 15 July 2021).

All three authors are key actors at the Canadian-based Institute for Peace and Diplomacy.

An essay on avoiding the robot apocalypse

For a wide-ranging rumination on the implications of artificial intelligence, see the latest “Tomgram” featuring dystopian trilogy author John Feffer, entitled Artificial Intelligence Wants You (and Your Job): We’d Better Control Machines Before They Control Us (tomdispatch.com, 22 July 2021).

Parliamentarians for Nuclear Non-proliferation and Disarmament  (PNND) and the US Nuclear Posture Review

A recent joint congressional letter to President Biden from PNND Co-President Senator Ed Markey and 20 other members of the Nuclear Weapons and Arms Control (NWAC) Working Group outlines some really good ideas, summarized here, to guide the recently started US Nuclear Posture Review process.

We end today’s blog with the letter’s conclusion:

We respectfully ask that you directly guide the NPR process to reduce the role of U.S. nuclear weapons in our national security strategy, forgo development of new nuclear weapons, and develop a saner declaratory policy on nuclear weapons use.

We stand ready to work with you to accomplish that critical mission.

Photo credit: Amnesty International (The Pegasus Project)