Update: Merkel’s “real” cellphone is secure

As Germany’s “Handygate” has become a mass phenomenon bordering on hysteria, one of the strangest aspects has been the fact, which I’ve noted previously, that Chancellor Angela Merkel was using a quite insecure cellphone to conduct government business. According to numerous media reports, the cellphone in question, said to have been intercepted by NSA for years, was used by Merkel for political party affairs, and was supposed to be used only to the classification level of VS-NfD, which is roughly equivalent to the U.S. category of For Official Use Only (FOUO), in other words, not actually classified at all.

Except the actual story is coming into focus now and it’s a rather different one than what Berlin’s been complaining so loudly about. While Merkel has indeed had a quite vulnerable cellphone, her “real” Chancellor-Phone, as the Germans call it, is quite secure from interception.

As reported in Frankfurter Allgemeine Zeitung, the manufacturer of Merkel’s “real” phone, a Düsseldorf firm called Secusmart, is the provider of choice to the German government as well as some private firms who worry about data security (at a cost of 2,500 Euros per handset, there aren’t many private buyers). Secusmart supplied Merkel  with a voice encryption solution four years ago, based on software and a cryptographic chip, which was updated this year and works on all new BlackBerry handsets. Secusmart’s CEO, Hans-Christoph Quelle, maintains that Merkel’s calls using his firm’s phone are quite secure, even against NSA.

As explained by Secusmart, their phone’s AES encryption with 128 bits makes it possible to generate 340 sextillion different keys, that is to say 340 followed by 36 zeros.  “Even with supercomputers, according to today’s technical standards it would theoretically take 149 billion years to crack this code” — in other words, 10,000 times longer than the age of the universe.  As CEO Quelle put it, “that should keep even the United States going for a while.”

And indeed it would. So what, again, is all this fuss about … ?

NSA, Germany and Handygate: A Reality Check

Right now Germany is in the midst of a full-fledged political storm, dubbed Handygate in the media, over alleged espionage by the National Security Agency against the German government, including Chancellor Angela Merkel, whose cellphone is said to have been intercepted by NSA for years. Given German sensitivities about privacy that linger from both the Nazi and Communist periods, as well as the well known national proclivity towards introspection – Nabelschau (navel-gazing) being a core German competency – the resulting scandal is verging on the obsessional among some Germans.

All this is of course being fanned by the media, especially the newsmagazine Der Spiegel, which has a long-standing reputation for sensationalism about espionage, particularly American; it has also been a regular conduit for stolen NSA materials from the defector Edward Snowden. What makes this interesting is that one need not be a seasoned counterintelligence hand to note that some of the newest materials could not have come from Snowden; a bigger game is now afoot, and it’s centered on Germany (where, let it be noted, key members of the Wikileaks apparat Jacob Appelbaum and Laura Poitras reside).

There are oddities abounding in this case. In the first place, due to the laws drawn up by the Federal Republic of Germany at its late 1940s founding, the alleged NSA activities that have caused this firestorm may actually be legal. Moreover, a great deal of what’s going on now is political theater which Chancellor Merkel has to be witting of at some level. If she’s not, one must question her basic fitness for dealing with any international affairs, though her longtime use of a fundamentally insecure cellphone to conduct government business boggles the mind of any intelligence veteran.

The heads of Germany’s intelligence services are now headed to Washington, DC, for meetings with the White House and NSA to smooth over the scandal. At bottom, Germany (like France), seeks not to shut down NSA espionage, rather to get closer to it. Berlin has long been jealous of London and the other Anglosphere members of the so-called Five Eyes community, the SIGINT alliance born in the Second World War which, to this day, constitutes the most successful international intelligence partnership in world history. Perhaps because they were on the wrong side when that alliance was created in the days of the ULTRA secret, German intelligence agencies have always wanted into the club and its privileged inner circle. Although Germany enjoys a tight spy relationship with the United States (and Britain too), Berlin knows its place, and it would like an upgrade.

Abandoning the US-German intelligence partnership is simply not an option, no matter what politicians may say, and regardless of how much hysteria is created by the media. The reasons for this are well known to intelligence insiders, and are elaborated in a new report in the Berlin daily Die Welt. Its title, “Technically Backward and Helpless,” is painfully accurate. There can be no doubt that Germany’s intelligence and security services, preeminently the Federal Intelligence Service (BND, Germany’s CIA plus NSA equivalent) and the Federal Office for the Protection of the Constitution (BfV, equivalent to Britain’s Security Service), are indeed deeply dependent on American partners, and have been since the day of their creation.

The depths of that dependency are laid bare in Die Welt‘s account. Germany’s “helpless dependence” on the U.S. Intelligence Community is not new but it entered a complicated phase after the September 11, 2001 terrorist attacks on the United States which, lest we forget, were staged mostly out of Hamburg, a fact which the Die Welt piece notes: “The Americans did not want to rely exclusively on us after September 11th. That is understandable,” explained a German intelligence official.  Thus was born increased attention to Germany among U.S. spy agencies.

Additionally, Germany’s intelligence agencies are underfunded and lack the technical capabilities of other leading Western countries; in espionage, Germany has chosen to punch below its economic and political weight, and now bears the consequences, namely deep dependency on foreign partners such as NSA and CIA. As I recently reported, the BND head Gerhard Schindler recently called for more reliance on foreign partners, not less, and here he was simply reflecting budgetary and political realities in Germany, where there is scant appetite for more investment in security.

Even in domestic intelligence matters Germany is heavily dependent on American help, especially from NSA, whose SIGINT has been provided to the Germans in many cases, leading to the disruption of a number of planned terrorist attacks in Germany since 2001.  “Without information from the Americans, there would have been successful terrorist attacks in Germany in the past years,” explained a BfV official, truthfully.

For these reasons it’s unlikely that any big changes to German intelligence or its relationship to NSA and CIA will happen soon. Although the current political brouhaha is serious, even though some of the hand-wringing is obviously staged by politicos who know better, this, too, shall pass, unless Germany wants to spend significantly more money on its own security and intelligence. And, as yet, there is no sign of that.

Germany’s condition reflects the reality that too many European countries have underinvested in their own defense and security since the end of the Cold War, and are therefore deeply dependent on the United States for assistance. I would like the Germans and other European countries to take more responsibility for their own security and fund their militaries and intelligence agencies at higher levels.  They would be better partners then too. But I’m not optimistic on that front. Protesting, after all, is easier than reforming bureaucracies or finding more money in lean budgetary times.

It’s called the Second Oldest Profession for a reason

We’ve started the new week with more “shocking” revelations that the U.S. National Security Agency, a foreign intelligence agency, is actually conducting foreign intelligence operations.  And pretty effectively at that. Thanks to Edward Snowden and his motley ring of collaborators, the world is getting an idea of what NSA does as its main job. Which is seeing and listening to foreign communications.

Last week Snowden’s stolen information revealed that NSA spies on Mexico. This week it’s France. Which is “shocking” only to those who know nothing about the real world of intelligence, or those who have a preexisting hatred for the United States and its close allies (there is considerable overlap between those categories, as we’ve learned in recent months). Since France is famed in spy circles worldwide for its aggressive HUMINT and SIGINT operations against even close allies, the latest Snowden revelations have been met with the biggest of all Gallic shrugs behind closed doors, no matter what Paris may say publicly.

Countries spy on each other. Everybody with the mental functioning of an adult knows this. Or at least used to. Thanks to Snowden, the global media has grown accustomed to a drumbeat of vague assertions about what NSA is said to be doing abroad. Seasoned spy-watchers will notice that what’s appearing in the media is long on sensation and rather short on technological details, and derive their own conclusions.

There’s an old wag in SpookWorld about there being no friendly intelligence services, but that’s not entirely true. I get asked regularly by neophytes to explain how this works in the real world, but I’m not about to divulge secrets, so what I’ll say is this. Outside the Anglosphere SIGINT “Five Eyes” alliance, which dates to the Second World War, everybody really does spy on everybody, at least to some degree. Which is why counterintelligence is so important. On Planet Five Eyes, it’s different, and has been for a long time.

But even this most enduring of intelligence partnerships has not been around forever, and until its establishment in the dark days of 1940-41, when Britain was on the ropes and a German invasion seemed possible, even the Anglosphere spied on each other. It needs to be said that the British spied a lot more on the Americans than vice versa, since British capabilities in HUMINT and SIGINT were superior to what Washington, DC, then had in its espionage arsenal.

As during World War I, British intelligence in the early 1940s was spying on the United States and running covert action programs to get America into the war on Britain’s side, sensibly enough from London’s viewpoint. Indeed, British intelligence had a pretty significant role in securing U.S. entry into the Great War in April 1917, though the real story is even more cunning than Washington, DC, knew or even suspected at the time. It’s a great spy yarn with world-historical impacts.

Anyone even passingly familiar with intelligence history has heard of the Zimmermann Telegram, the infamous German own-goal that played a big role in pushing a reluctant President Woodrow Wilson into the war on the Allied side. Knowing that Germany was at serious and rising risk of losing the war, Berlin’s top diplomat, Arthur Zimmermann, wanted to try to get Mexico into the war on the side of the Central Powers; as Berlin at the beginning of 1917 had decided to recommence unrestricted submarine warfare, Germany’s military and political leadership accepted that the U.S. was eventually going to enter the war anyway, so why not make it as painful for the Americans as possible?

The secret, encrypted telegram from Berlin, with its explosive offer of giving Mexico large chunks of the United States – basically what the Mexicans lost in 1848 –  in exchange for entering the war on Germany’s side, pretty much guaranteed that America would enter the war, as it went to more than its intended recipients.

The course of the war shifted dramatically in Britain’s favor on January 17, 1917, when British codebreakers intercepted the soon-to-be-infamous telegram. From the beginning of the war, the Royal Navy’s SIGINT operation in London, known as Room 40, had done an excellent job, first breaking German naval codes and then moving into diplomatic decryption; by the midpoint of the war, Room 40 was able to read a high percentage of Berlin’s encrypted communications.

It soon became apparent to Admiral Reginald “Blinker” Hall, director of Naval intelligence, that he had a true bombshell on his hands. But what to do with it? He immediately ordered the decrypted and translated telegram compartmented and shared on a very limited, need-to-know basis only; few even in Room 40 knew of its existence. The few officials in London who were briefed about the telegram realized that the message had to be shared with the Americans, who were wavering on joining the Allied cause.

But there was a problem. A big problem. At the beginning of the war, the Royal Navy literally cut all the undersea telegraph cables that allowed Germany to communicate with the outside world. Berlin complained that this made it impossible for Germany to take part in any peace discussions that might end the war. President Woodrow Wilson – remember, he was a college professor by trade – kindly offered to let Berlin send its diplomatic messages via U.S. State Department’s encrypted systems.

In other words, Room 40 got a hold of the Zimmermann Telegram because the British were reading U.S. diplomatic traffic. This was something that London sensibly had no interest in letting the Americans in on. So Admiral Hall devised a cunning deception plan that included sending an intelligence agent in Mexico City to steal a copy of the Zimmermann message from the telegraph office. It worked perfectly as the operation was clever and tightly compartmented, and while Washington, DC, including President Wilson, reacted to the German offer to Mexico with appropriate outrage, the Americans never suspected the message’s true origins. (For the full story check out this NSA version of the saga.)

Indeed, the British kept on intercepting and decrypting U.S. diplomatic traffic for many years thereafter. It wasn’t until the eve of the Second World War that William Friedman, the father of modern American SIGINT, realized what the British had pulled off with the Zimmermann Telegram. By then, it was about two decades too late to matter.