
Norwegian F-35 Sending Sensitive Data Back to Lockheed Martin (2018) - dsego
https://fighterjetsworld.com/air/norwegian-f-35-spy-on-its-owner-send-sensitive-data-back-to-u-s-a/4113/
======
ChuckNorris89
Apparently, in Austria, Eurofighter jets can't start until an NSA contractor
on base types in an ignition key[1].

[1]
[https://news.ycombinator.com/item?id=18642194](https://news.ycombinator.com/item?id=18642194)

>In order for the 15 Eurofighters to start, Austria's federal army paid 1.5
million euros over three years to a private US security company. Now, the
costs for those two "civilians" stationed at the Zeltweg airbase have been
confirmed, who have to allow every start with the current US-"Crypto-Keys" for
navigation and friend or foe identification.

The ministry of defense denies that the two Americans from a not named US
company are NSA contractors. They claim the jets would fly without the keys
but without encrypted navigation and communication. He also mentions the same
situation for Sweden and Switzerland.

~~~
_djo_
That article is not entirely accurate and is based on a misunderstanding of
what those contractors are doing. They're loading NATO MIDS/Link-16/IFF keys,
not 'starting' the aircraft.

The Austrian Eurofighters can fly and operate without those keys, they just
won't be able to join NATO Link-16 networks or other encrypted NATO
communications or navigation networks. This is standard practice for all
modern combat aircraft, incidentally, as encryption keys are rotated on a
regular basis and need to be loaded into the aircraft's onboard systems before
flight. The data can also include additional interoperability elements such as
TDMA slice allocations in the case of Link-16.

The reason it has to be done by the unnamed contractor is because Austria is
not a member of NATO, so it can't be given control over key handling. The same
is true for Sweden & Switzerland.

It's a logical tradeoff. Austria, Sweden, and Switzerland get access to
encrypted NATO networks and can therefore interoperate seamlessly with NATO
forces, but they're always free to opt-out. Sweden for instance has fall-backs
to national data links and communications networks to which only it has the
encryption keys.

~~~
platz
How does one know so much detailed info about this topic?

~~~
dogma1138
It’s not a secret, despite the MIL-STD-6016 doc technically being classified
one of my favorite documents on the subject is the Wireshark dissector the
Australian government wrote and then published the document of how they’ve
achieved it including pretty much the entire protocol:
[http://willrobertson.id.au/resources/wireshark/DSTO-
TN-1257....](http://willrobertson.id.au/resources/wireshark/DSTO-TN-1257.pdf)

~~~
PappaPatat
Well thank you, very nice.

------
strooper
I have seen the army in my country to emphasize on having total control on
each and every equipment they have. They boast on being able to completely
disassemble and reassemble all the mechanical war machines.

I wonder how that works for software heavy war equipment, such as F-35. Does
the seller provide full source code and control (and probably training?) over
modification of the software? Do they agree on the paper only that the buyer
can never get to use those weapons against the seller? Or, do they set those
policies right inside the control units of those weapons?

If the seller country have significant control on the control units of the war
instruments sold to another country, and if the seller country is able to
update/modify/ control/restrict devices over the air, won't that make the
buyer country just an outpost of the seller country?

~~~
nradov
F-35 source code is only available to a limited subset of trusted allies.
Mainly the UK, but it appears that a few other countries such as Israel have
at least partial source code and the ability to build custom branches.

~~~
no-dr-onboard
Doubtful.

DoD/DoE contractors and manufacturers retain a large portion of military
contracted IP material. For example, CNWDI in the nuclear world does not allow
a anyone in the military access/knowledge portions of bombs/warheads below the
maintenance plates. Sandia/LLNL/LANL keeps a (literal) tight lid on that
knowledge, much less the very physical appearance.

If the same schema were applied to airframes, it’s likely that Lockheed and NG
retain rights to the manufacturers specific IP, which would include the source
code to any avionics packages.

------
wil421
It probably does a lot more than that. It’s alway been rumored some US
military tech could suddenly be turned “off” in the event of a war.

I couldn’t imagine a situation that would put Norway and the US on opposite
sides. Since the military allows Norway to get F-35s they probably agree.

~~~
yasp
I've heard rumors of something similar about US anti aircraft systems, and
this being a motivating factor in Turkey buying S-400s.

~~~
m00dy
Turkey also wanted to have a technology transfer while having patriots. So,
Turkey can use it for its own missile defence system. Apparently, It didn't
happen.

~~~
yyyk
Yet ironically, Turkey didn't get a technology transfer from the S-400 either.
Once Putin got Erdogan committed, Putin knew he didn't have to offer much -
Erdogan couldn't suffer a reversal.

~~~
m00dy
[https://www.defenseworld.net/news/23561/Tech_Transfer__Local...](https://www.defenseworld.net/news/23561/Tech_Transfer__Local_Production_in_Turkey___s_S_400_Deal_With_Russia#.XQApMY8pDIU)

~~~
yyyk
Note that he doesn't have anything specific to point to - that's because he's
merely trying to justify Erdogan. He must know that Turkey is going to get
very few tech transfers:

[https://www.kommersant.ru/doc/3409158](https://www.kommersant.ru/doc/3409158)

~~~
m00dy
Turkey has already a rocket-missile company [0]. So, I'm pretty sure Turkey
does not need everything but only specific parts. What I think is that
Roketsan will be able to manufacture its own s400-capable Triumph missiles.
So, Everytime Turkey launches its own missile, It won't need Russia to replace
its stockpile.

[0]: [http://www.roketsan.com.tr/en/](http://www.roketsan.com.tr/en/)

~~~
yyyk
It's likely that Russia will allow Turkish missiles. However, that would not
be a significant technology transfer. Technically Russia could do this merely
by passing on protocols to 'talk' with the S-400, and letting the Turks create
their own missile.

Even if some missile tech were to be transferred (I rather doubt it), the key
part of S-400 is not the missiles - but the very sophisticated radar, control
and EW systems.

Either way, it doesn't get Turkey much ahead in designing their own missile
defence system, and leaves them dependent on a potential (even likely) enemy.

------
mrtksn
They only need to switch it to airplane mode!

Kidding aside, the concerns over the possibility for such actions were the
primary reasons why the Turkish public was totally O.K. with being expelled
from the F-35 program.

------
mytailorisrich
One has to do wonder why a country would even consider buying a foreign plane
that does this...

Data should be under the control and scrutiny of the owner of the plane, who
would pass on only what they are happy to.

~~~
pmart123
Norway is way too small of a country to develop its own weapons and airplanes.
It has 2% of the GDP that the United States has. The cost of the F-35 project
would deplete the entire Norweigan sovereign wealth fund. Secondly, what is
the likelihood that Norway gets into a war with the United States versus
Russia?

~~~
ptr
If Sweden can develop fighter airplanes, why can’t Norway?

~~~
nradov
Sweden can't develop a _fifth generation_ fighter airplane. It's just too
expensive.

~~~
secfirstmd
It will be interesting to see if France tries next time. The UK, Germany and
Italy certainly can't.

~~~
achamayou
The plan seems to be to do it in common with Germany and Spain:
[https://www.iiss.org/blogs/military-
balance/2019/06/franco-g...](https://www.iiss.org/blogs/military-
balance/2019/06/franco-german-next-generation-fighter)

------
est31
This reminds me of Windows 10 being used in countless non-US governments even
though it has telemetry enabled.

~~~
csomar
> you get calls from the US ambassador and it's not just economic reasons...

Do you have details/links about that.

~~~
est31
I can't find any sources about it any more but I vaguely remember reading
about it. I'm sorry. As I can't find it, it certainly wasn't covered by big
press. I'll remove that part of the comment to be on the safe side. It's not
what my comment was supposed to be mainly about anyway. The main part of my
comment was more to point out that this is a pattern: the USA is supplier of a
major amount of technology that lends itself very well to mass surveillance
and the western world uses it. The US got the unique chance to make the
technology spy onto the customer nations.

~~~
taneq
> The US got the unique chance to make the technology spy onto the customer
> nations.

I dunno how unique that chance is any more. The whole world runs so on
hardware made in China which could be compromised to do pretty much anything.

------
stunt
> “Due to national considerations, there is a need for a filter where the user
> nations can exclude sensitive data from the data stream that is shared by
> the system with the manufacturer Lockheed Martin,” Gjemble ter.

> “Norway has entered into a partnership with Italy to jointly finance the
> procurement and operation of a laboratory where we can enter nationally
> sensitive data, as we currently do on F-16,” Gjemble said.

------
asaddhamani
Why do these sites have to implement smooth scrolling - for a blog of all
things? I don't understand what goes through their heads

~~~
dvfjsdhgfv
It's annoying, but there was this fad a few years ago and many websites did
it, and probably this one was designed at that time.

------
otakucode
I'm curious about the actual communication here. Does each plane have a
satellite uplink or something? If they do, I would expect that they would be
configured to use Norways military satellite comms network. I'm not sure how
or why that network would be able to contact Lockheed. So are there multiple
communications systems? What portion of them are military and what portion, if
any, transit the public Internet? Lockheed might own their own communication
satellites, I'm not sure, but I really don't think they have carte blanche to
use the US military communications networks for their own products. Details
might be sensitive or classified so I'll probably just be kept wondering, but
the mechanics of the actual physical communication of data aren't clear to me.

~~~
p_l
A horribly shitty software package called ALIS is required to operate
F-35,this software communicates from ground facilities to Lockheed servers.

Having dealt with the output of the part of Lockheed that makes logistical
software, I say run for the hills.

------
kebman
This article is over a year old. June 4th 2018. Norwegian blogs and press
wrote about similar conserns already back in 2017. Not sure why this is pushed
to the top at HN now :p

------
a3n
We've been carrying spy devices in our pockets. Now spy devices carry us.

------
kwhitefoot
Is anyone genuinely surprised at this?

------
darkhorn
I think Patriots do the same thing. But not S-400s.

~~~
JohnStrangeII
That sounds overly optimistic.

------
tandem_bike
The title makes the data collection sounds sinister, but this is just a case
of a company wanting to make the best product possible. It's necessary to
collect data to improve systems.

Norway (and all of Europe) has outsourced much of its collective defense to
the United States, so if Norway and the Europeans are comfortable with the
entire US military apparatus protecting them, it is quite surprising that
Norway would have a problem with something as comparatively insignificant as
flight data being sent back to Lockheed.

In fact, given the protective relationship the US has with Europe, wouldn't
Norway want to provide as much data as possible to help improve Lockheed's
technology and hence the West's future defensive capabilities?

~~~
close04
Now say the exact same thing but referring to Huawei. How did that sound to
the whole world, and especially to the US?

This isn't your thermostat sending temperature data to the manufacturer, it's
a war plane sending critical information that the owner of the plane wants to
keep secret.

~~~
tandem_bike
The difference is that Norway and the US are liberal democracies and allies.
China, quite the opposite.

In fact, Norway (and all of Europe) has outsourced much of its collective
defense to the United States, so if Norway and the Europeans are comfortable
with the entire US military apparatus protecting them, it is quite surprising
that Norway would have a problem with something as comparatively insignificant
as flight data being sent back to Lockheed.

In fact, given the protective relationship the US has with Europe, wouldn't
Norway want to provide as much data as possible to help improve Lockheed's
technology and hence the West's future defensive capabilities?

~~~
inflatableDodo
>"wouldn't Norway want to provide as much data as possible to help improve
Lockheed's technology"

Given the article, I'd say that we know the answer to this and it is something
of a resounding 'no' -

 _" Norway says it has become impatient with continued delays in the promised
provision of a data “filter” by Lockheed Martin. So it’s started its own
project to find ways to block its new F-35s from reporting back to their
former US masters._

 _It’s also worried that it won’t be able to optimize — or protect — the
extremely sensitive Mission Data Files. These data packs optimize aircraft
performance under different conditions, as well as provide a database of
regional challenges and conditions._

 _Again, Norway wants Lockheed Martin out of the loop. "_

