An analysis of secret documents leaked by Edward Snowden demonstrates that the NSA is more active in Germany than anywhere else in Europe — and that data collected here may have helped kill suspected terrorists.
Just before Christmas 2005, an unexpected event disrupted the work of American spies in the south-central German city of Wiesbaden. During the installation of a fiber-optic cable near the Rhine River, local workers encountered a suspicious metal object, possibly an undetonated World War II explosive. It was certainly possible: Adolf Hitler’s military had once maintained a tank repair yard in the Wiesbaden neighborhood of Mainz-Kastel.
The Americans — who maintained what was officially known as a “Storage Station” on Ludwig Wolker Street — prepared an evacuation plan. And on Jan. 24, 2006, analysts with the National Security Agency (NSA) cleared out their offices, cutting off the intelligence agency’s access to important European data streams for an entire day, a painfully long time. The all-clear only came that night: The potential ordinance turned out to be nothing more than a pile of junk.
Residents in Mainz-Kastel knew nothing of the incident.
Of course, everybody living there knows of the 20-hectare (49-acre) US army compound. A beige wall topped with barbed wire protects the site from the outside world; a sign outside warns, “Beware, Firearms in Use!”
Americans in uniform have been part of the cityscape in Wiesbaden for decades, and local businesses have learned to cater to their customers from abroad. Used-car dealerships post their prices in dollars and many Americans are regulars at the local brewery. “It is a peaceful coexistence,” says Christa Gabriel, head of the Mainz-Kastel district council.
But until now, almost nobody in Wiesbaden knew that Building 4009 of the “Storage Station” houses one of the NSA’s most important European data collection centers. Its official name is the European Technical Center (ETC), and, as documents from the archive of whistleblower Edward Snowden show, it has been expanded in recent years. From an American perspective, the program to improve the center — which was known by the strange code name “GODLIKELESION” — was badly needed. In early 2010, for example, the NSA branch office lost power 150 times within the space just a few months — a serious handicap for a service that strives to monitor all of the world’s data traffic.
On Sept. 19, 2011, the Americans celebrated the reopening of the refurbished ETC, and since then, the building has been the NSA’s “primary communications hub” in Europe. From here, a Snowden document outlines, huge amounts of data are intercepted and forwarded to “NSAers, warfighters and foreign partners in Europe, Africa and the Middle East.” The hub, the document notes, ensures the reliable transfer of data for “the foreseeable future.”
Soon the NSA will have an even more powerful and modern facility at their disposal: Just five kilometers away, in the Clay Kaserne, a US military complex located in the Erbenheim district of Wiesbaden, the “Consolidated Intelligence Center” is under construction. It will house data-monitoring specialists from Mainz-Kastel. The project in southern Hesse comes with a price tag of $124 million (€91 million). When finished, the US government will be even better equipped to satisfy its vast hunger for data.
One year after Edward Snowden made the breadth of the NSA’s global data monitoring public, much remains unknown about the full scope of the intelligence service’s activities in Germany. We know that the Americans monitored the mobile phone of German Chancellor Angela Merkel and we know that there are listening posts in the US Embassy in Berlin and in the Consulate General in Frankfurt.
But much remains in the dark. The German government has sent lists of questions to the US government on several occasions, and a parliamentary investigative committee has begun looking into the subject in Berlin. Furthermore, Germany’s chief public prosecutor has initiated an investigation into the NSA — albeit one currently limited to its monitoring of the chancellor’s cell phone and not the broader allegation that it spied on the communications of the German public. Neither the government nor German lawmakers nor prosecutors believe they will receive answers from officials in the United States.
German Left Party politician Jan Korte recently asked just how much the German government knows about American spying activities in Germany. The answer: Nothing. The NSA’s promise to send a package including all relevant documents to re-establish transparency between the two governments has been quietly forgotten by the Americans.
In response, SPIEGEL has again reviewed the Snowden documents relating to Germany and compiled a Germany File of original documents pertaining to the NSA’s activities in the country that are now available for download here. SPIEGEL has reported on the contents of some of the documents over the course of the past year. The content of others is now being written about for the first time. Some passages of the documents have been redacted in order to remove sensitive information like the names of NSA employees or those of the German foreign intelligence service, the Bundesnachrichtendienst (BND). This week’s reports are also based on documents and information from other sources.
An Omnipotent American Authority
The German public has a right to know exactly what the NSA is doing in Germany, and should be given the ability to draw its own conclusions about the extent of the US intelligence agency’s activities in the country and the scope of its cooperation with German agencies when it comes to, for example, the monitoring of fiber-optic cables.
The German archive provides the basis for a critical discussion on the necessity and limits of secret service work as well as on the protection of privacy in the age of digital communication. The documents complement the debate over a trans-Atlantic relationship that has been severely damaged by the NSA affair.
They paint a picture of an all-powerful American intelligence agency that has developed an increasingly intimate relationship with Germany over the past 13 years while massively expanding its presence. No other country in Europe plays host to a secret NSA surveillance architecture comparable to the one in Germany. It is a web of sites defined as much by a thirst for total control as by the desire for security. In 2007, the NSA claimed to have at least a dozen active collection sites in Germany.
The documents indicate that the NSA uses its German sites to search for a potential target by analyzing a “Pattern of Life,” in the words of one Snowden file. And one classified report suggests that information collected in Germany is used for the “capture or kill” of alleged terrorists.
According to Paragraph 99 of Germany’s criminal code, spying is illegal on German territory, yet German officials would seem to know next to nothing about the NSA’s activity in their country. For quite some time, it appears, they didn’t even want to know. It wasn’t until Snowden went public with his knowledge that the German government became active.
On June 11, August 26 and October 24 of last year, Berlin sent a catalogue of questions to the US government. During a visit to NSA headquarters at Fort Meade, Maryland at the beginning of November, German intelligence heads Gerhard Schindler (of the BND) and Hans-Georg Maassen (of the domestic intelligence agency, known as the Office for the Protection of the Constitution or BfV) asked the most important questions in person and, for good measure, handed over a written list. No answers have been forthcoming. This leaves the Snowden documents as the best source for describing how the NSA has turned Germany into its most important base in Europe in the wake of the terrorist attacks of Sept. 11, 2001.
The NSA’s European Headquarters
On March 10, 2004, two US generals — Richard J. Quirk III of the NSA and John Kimmons, who was the US Army’s deputy chief of staff for intelligence — finalized an agreement to establish an operations center in Germany, the European Security Center (ESC), to be located on US Army property in the town of Griesheim near Darmstadt, Germany. That center is now the NSA’s most important listening station in Europe.
The NSA had already dispatched an initial team to southern Germany in early 2003. The agency stationed a half-dozen analysts at the its European headquarters in Stuttgart’s Vaihingen neighborhood, where their work focused largely on North Africa. The analysts’ aims, according to internal documents, included providing support to African governments in securing borders and ensuring that they didn’t offer safe havens to terrorist organizations or their accomplices.
The work quickly bore fruit. It became increasingly easy to track the movements of suspicious persons in Mali, Mauritania and Algeria through the surveillance of satellite telephones. NSA workers passed information on to the US military’s European Command, with some also being shared with individual governments in Africa. A US government document states that the intelligence insights have “been responsible for the capture or kill of over 40 terrorists and has helped achieve GWOT (Global War on Terror) and regional policy successes in Africa.”
Is Germany an NSA Beachhead?
The documents in Snowden’s archive raise the question of whether Germany has become a beachhead for America’s deadly operations against suspected terrorists — and whether the CIA and the American military use data collected in Germany in the deployment of its combat drones. When asked about this by SPIEGEL, the NSA declined to respond.
The operations of the NSA’s analysts in Stuttgart were so successful that the intelligence agency quickly moved to expand its presence. In 2004, the Americans obtained approximately 1,000 square meters (10,750 square feet) of office space in Griesheim to host 59 workers who monitored communications in an effort to “optimize support to Theater operations” of the US Armed Forces. Ten years later, the center, although largely used by the military, has become the NSA’s most important outpost in Europe — with a mandate that goes far beyond providing support for the US military.
In 2011, around 240 intelligence service analysts were working at the Griesheim facility, known as the Dagger Complex. It was a “diverse mix of military service members, Department of the Army civilians, NSA civilians, and contractors,” an internal document states. They were responsible for both collecting and analyzing international communication streams. One member of the NSA pointed out proudly that they were responsible for every step in the process: collection, processing, analyzing and distribution.
In May 2011, the installation was renamed the European Center for Cryptology (ECC) and the NSA integrated its Threat Operations Center, responsible for early danger identification, into the site. A total of 26 reconnaissance missions are managed from the Griesheim complex, which has since become the center of the “largest Analysis and Production activity in Europe,” with satellite stations in Mons, Belgium, and in Great Britain. Internal documents indicate that the ECC is the operative intelligence arm of the NSA’s European leadership in Stuttgart.
Targets in Africa, Targets in Europe
Much of what happens in Griesheim is classic intelligence work and threat identification, but a presentation dating from 2012 suggests that European data streams are also monitored on a broad scale. One internal document states there are targets in Africa as well as targets in Europe. The reason being that “most terrorists stop thru Europe.” For reconnaissance, the document mentions, the ECC relies on its own intelligence gathering as well as data and assistance from Britain’s Government Communications Headquarters (GCHQ) intelligence service.
The latter is likely a reference to the Tempora program, located in the British town of Bude, which collects all Internet data passing through several major fiber-optic cables. GCHQ, working together with the NSA, saves the data that travels through these major European network connections for at least three days. The ECC claims to have access to at least part of the GCHQ data.
NSA staff in Griesheim use the most modern equipment available for the analysis of the data streams, using programs like XKeyscore, which allows for the deep penetration of Internet traffic. Xkeyscore’s sheer power even awakened the interest of Germany’s BND foreign intelligence service as well as that of the Federal Office for the Protection of the Constitution, which is responsible for monitoring extremists and possible terrorists within Germany.
An internal NSA report suggests that XKeyscore was being used at Griesheim not only to collect metadata — e.g. the who, what, where, with whom and at what time — but also the content of actual communications. “Raw content” is saved for a period of between “3 days to a couple of weeks,” an ECC slide states. The metadata are stored for more than 90 days. The document states that XKeyscore also makes “complex analytics like ‘Pattern of Life'” possible.
The NSA said in a statement that XKeyscore is an element of its foreign intelligence gathering activities, but it was using the program lawfully and that it allows the agency to help “defend the nation and protect US and allied troops abroad.” The statement said it engages in “extensive, close consultations” with the German government. In a statement provided to SPIEGEL, NSA officials pointed to a policy directive Barack Obama issued in January in which the US president affirmed that all persons, regardless of nationality, have legitimate privacy interests, and that privacy and civil liberties “shall be integral considerations in the planning of US signals intelligence activities.”
The statement reveals the significant gap between Germany’s understanding of what surveillance means and that of the Americans. In overseas operations, the NSA does not consider searching through emails to be surveillance as long as they are only stored temporarily. It is only considered to be a deeper encroachment on privacy when this data is transferred to the agency’s databases and saved for a longer period of time. The US doesn’t see it as a contradiction when Obama ensures that people won’t be spied upon, even as the NSA continues monitoring email traffic. The NSA did not respond to SPIEGEL’s more detailed questions about the agency’s outposts in Germany.
‘The Endangered Habitat of the NSA Spies’
The bustling activity inside the Dagger Complex listening station at Griesheim stands in stark contrast to its outward appearance. Only a few buildings can be recognized above ground, secured by two fences and a gate made of steel girders and topped by barbed wire.
Activist Daniel Bangart would love to see what is on the other side of that fence. He’s rattled the fence a number of times over the past year, but so far no one has let him in. Instead, he’s often been visited by police.
When Bangert first began inviting people to take a “walk” at Griesheim to “explore together the endangered habitat of the NSA spies,” he intended it as a kind of subversive satirical act. But with each new revelation from the Snowden archive, the 29-year-old has taken the issue more seriously. These days, the heating engineer — who often wears a T-shirt emblazoned with “Team Edward” — and a small group of campaigners regularly attempt to provoke employees at the Dagger Complex. He has developed his own method of counter-espionage: He writes down the license plate numbers of suspected spies from Wiesbaden and Stuttgart.
At one point, the anti-surveillance activist even tried to initiate a dialogue with a few of the Americans. At a street fair in Griesheim, he convinced one to join him for a beer, but the man only answered Bangert’s questions with queries of his own. Bangert says another American told him: “What is your problem? We are watching you!”
Spying as They Please
It’s possible Bangert has also attracted the attention of another NSA site, located in the US Consulate General in Frankfurt, not far from Griesheim. The “Special Collection Service” (SCS) is a listening station that German public prosecutors have taken a particular interest in since announcing earlier this month that it was launching an investigation into the spying on Angela Merkel’s mobile phone. The trail leads from the Chancellery in Berlin via the US Embassy next to the Brandenburg Gate and continues all the way to Laurel, Maryland, north of Washington DC.
That’s where the SCS is headquartered. The service is operated together by the NSA and the CIA and has agents spread out across the globe. They are the eyes and ears of the US and, as one internal document notes, establish a “Home field advantage in adversary’s space.”
The SCS is like a two-parent household, says Ron Moultrie, formerly the service’s vice president. “We must be mindful of both ‘parents’.” Every two years, leadership is swapped between the NSA and the CIA. The SCS, says Moultrie, is “truly a hybrid.” It is divided into four departments, including the “Mission Support Office” and the “Field Operations Office,” which is made up of a Special Operations unit and a center for signal development. In Laurel, according to internal documents, the NSA has established a relay station for communications intercepted overseas and a site for training.
Employees are stationed in US embassies and consulates in crisis regions, but are also active in countries that are considered neutral, like Austria. The agents are protected by diplomatic accreditation, even though their job isn’t covered by the international agreements guaranteeing diplomatic immunity: They spy pretty much as they please. For many years, SCS agents claimed to be working for the ominous-sounding “Defense Communications Support Group.” Sometimes, they said they worked for something called the “Defense Information Systems Agency.”
Spying Stations, from Athens the Zagreb
According to an internal document from 2011, information related to the SCS and the sites it maintains was to be kept classified for at least 75 years. It argued that if the agency’s activities were ever revealed, it would hamper the “effectiveness of intelligence methods currently in use” and result in “serious harm” to relations between the US and foreign governments.
In 1979, there were just over 40 such SCS branch offices. During the chilliest days of the Cold War, the number reached a high point of 88 only to drop significantly after the fall of the Berlin Wall and the collapse of communism in Eastern Europe. But following the Sept. 11, 2001 terror attacks, the government established additional sites, bringing the number of SCS spy stations around the world up to a total of around 80 today. The documents indicate that the SCS maintains two sites in Germany: in the US Consulate General in Frankfurt and the US Embassy in Berlin, just a few hundred meters away from the Chancellery.
The German agencies responsible for defending against and pursuing espionage — the Office for the Protection of the Constitution and the office of the chief federal prosecutor — are particularly interested in the technology deployed by the SCS. The database entry relating to Merkel’s cell phone, which SPIEGEL first reported on in October 2013, shows that the SCS was responsible for its surveillance.
According to an internal presentation about the work done by the SCS, equipment includes an antenna rotator known as “Einstein,” a database for analysis of microwaves called “Interquake” and a program called “Sciatica” that allows for the collection of signals transmitted in gigahertz frequencies. A program called “Birdwatcher,” which intercepts encrypted signals and prepares them for analysis, can be remotely controlled from the SCS headquarters in Maryland. The tool allows the NSA to identify protected “Virtual Private Networks” or VPNs that might be of interest. VPNs are used by many companies and embassies for internal communication.
200 American Intelligence Workers in Germany
Following the revelations that Merkel’s mobile phone had been monitored, Hans-Georg Maassen of the domestic intelligence agency BfV, turned to US Ambassador to Germany John Emerson to learn more about the technology and the people behind it. Maassen also wanted to know what private contractors the NSA was working with in Germany. When Emerson said during a visit to the Chancellery that he assumed the questions had been straightened out, Maassen countered, in writing, that they remained pertinent.
Maassen says he received a “satisfactory” answer from Emerson about intelligence employees. But that could be because the US government has officially accredited a number of the intelligence workers it has stationed in Germany. SPIEGEL research indicates more than 200 Americans are registered as diplomats in Germany. There are also employees with private firms who are contracted by the NSA but are not officially accredited.
The list of questions the German government sent to the US Embassy makes it clear that German intelligence badly needs help. “Are there Special Collection Services in Germany?” reads one question. “Do you conduct surveillance in Germany?” And: “Is this reconnaissance targeted against German interests? ” There are many questions, but no answers.
Ultimately, Maassen will have to explain to the parliamentary investigative committee what he has learned about US spying in Germany and how he intends to fulfill his legally mandated task of preventing espionage. The explanation provided by the BfV thus far — that it is uncertain whether the chancellor was spied on from the US Embassy in Berlin or remotely from the headquarters in Maryland, making it unclear whether German anti-espionage officials should get involved — is certainly an odd one. Germany’s domestic intelligence agency is responsible for every act of espionage targeting the country, no matter where it originates. Cyber-attacks from China are also viewed by the BfV as espionage, even if they are launched from Shanghai.
The order to monitor the chancellor was issued by the department S2C32, the NSA unit responsible for Europe. In 2009, Merkel was included in a list of 122 heads of state and government being spied on by the NSA. The NSA collects all citations relating to a specific person, including the different ways of referring to them, in a database called “Nymrod.”
The NSA introduced Nymrod in January 2008 and the entries refer to a kind of register of “intelligence reports from NSA, CIA, and DoD (Department of Defense) databases.” In Merkel’s case, there are more than 300 reports from the year 2009 in which the chancellor is mentioned. The content of these reports is not included in the documents, but according to a Nymrod description from 2008, the database is a collection of “SIGINT-Targets.” SIGINT stands for signals intelligence.
Collection Sites in Germany
Is it possible that the German government really knew nothing about all of these NSA activities within Germany? Are they really — as they claimed in August 2013 in response to a query from the center-left Social Democratic Party (SPD) — “unaware of the surveillance stations used by the NSA in Germany”?
That is difficult to believe, especially given that the NSA has been active in Germany for decades and has cooperated closely with the country’s foreign intelligence agency, the BND, which is overseen by the Chancellery. A top-secret NSA paper from January 2013 notes: “NSA established a relationship with its SIGINT counterpart in Germany, the BND-TA, in 1962, which includes extensive analytical, operational, and technical exchanges.”
When the cooperation with its junior partner from West Germany began, the NSA was just 10 years old and maintained stations in Augsburg and West Berlin in addition to its European headquarters in Stuttgart-Vaihingen.
American intelligence agencies, like those of the three other World War II victors, immediately began to monitor Germans within their zones of occupation, as confirmed by internal guidelines relating to the evaluation of reports stemming from the years 1946 to 1967.
In 1955, the British and French reduced their surveillance of Germans and focused on operations further to the east. The Americans, however, did not and continued to monitor telephone and other transmissions both within Germany and between the country and others in Western Europe. By the mid 1950s, US spies may have been listening in on some 5 million telephone conversations per year in Germany.
The easternmost NSA surveillance post in Europe during the Cold War was the Field Station Berlin, located on Teufelsberg (Devil’s Mountain) in West Berlin. The hill is made from the rubble left over from World War II — and the agents operating from its top were apparently extremely competent. They won the coveted Travis Trophy, awarded by the NSA each year to the best surveillance post worldwide, four times.
‘A Perpetual State of Domination’
Josef Foschepoth, a German historian, refers to German-American relations as “a perpetual state of domination.” He speaks of a “common law developed over the course of 60 years” allowing for uncontrolled US surveillance in Germany. Just how comprehensive this surveillance was — and remains — can be seen from the so-called SIGAD lists, which are part of the Snowden archive. SIGAD stands for “Signal Intelligence Activity Designator” and refers to intelligence sources that intercept radio or telephone signals. Every US monitoring facility carries a code name made up of letters and numbers.
Documents indicate that the Americans often opened new SIGAD facilities and closed old ones over the decades, with a total of around 150 prior to the fall of the Wall. The technology used for such surveillance operations has advanced tremendously since then, with modern fiber-optic cables largely supplanting satellite communications. Data has become digital, making the capture of large quantities of it far easier.
The Snowden documents include a 2007 list that goes all the way back to 1917 and includes the names of many former and still active US military installations as well as other US facilities that are indicated as sites of data collection. It notes that a number of the codes listed are no longer in operation, and a deactivation date is included for at least a dozen. In other instances, the document states that the closing date is either unknown or that the SIGADs in question are still in operation. These latter codes include sites in Frankfurt, Berlin, Bad Aibling and Stuttgart — all places still known to have an active NSA presence.
Because Americans tended to monitor their targets themselves, Germany’s BND long had little to offer, creating a largely one-sided relationship in which the Germans played the subservient role. Only at the beginning of the last decade did the nature of the cooperation begin to change, partially as a result of the BND’s successful effort to massively upgrade its technical abilities, as an internal NSA document notes approvingly. But the pecking order in the relationship has remained constant.
The former East Germany appears to have been better informed about the NSA’s spying activities than Berlin currently claims to be. The NSA’s work was known to the Hauptverwaltung Aufklärung (HVA), East Germany’s foreign intelligence agency, a unit of the Ministry for State Security, the secret police more commonly known as the “Stasi.” One internal Stasi document noted of the NSA: “This secret intelligence service of the USA saves all radio signals, conversations, etc., around the globe from friends and foes.”
At the beginning of 1990, right after the Berlin Wall fell, HVA officers delivered around 40 binders with copies of NSA documents — obtained by two spies — to the Stasi’s central archive. The HVA officers wanted to preserve the highly controversial material for historians and others who might be interested in it.
Not Enough for the USA
After US diplomats were informed by the German Federal Prosecutor of the documents’ existence, Washington began applying pressure on the German government to hand over the NSA files. Finally, in July 1992, employees of the German agency responsible for executing the Stasi archive handed “two sealed containers with US documents” over to the German Federal Border Guard, which in turn delivered them to the Interior Ministry. Once in possession of them, the Americans used the files as evidence in the trial against a former NSA employee who had spied for East Germany.
Apparently the first haul of documents wasn’t enough for the NSA. In 2008, during Merkel’s first term in office, several NSA employees visited the Stasi archives to view all the remaining documents — from the Stasi’s Main Department III, which was responsible for signals intelligence — containing information about US facilities.
The German Interior Ministry classified and blocked access to most of the material and they are no longer viewable by journalists or researchers. By the time Edward Snowden began publishing the NSA documents last year, only two files pertaining to the NSA remained available for viewing, and both were filled with harmless material. It is unlikely the remaining historical documents will be much help to the federal prosecutors now investigating the NSA.
But one person who could potentially contribute to clarifying the NSA’s role in Germany was in Munich this week. General Keith Alexander, who recently left his position as NSA chief, spoke at a conference organized by Deutsche Telekom on Monday night. When officials at the Federal Prosecutor’s Office were asked days before his keynote speech whether they would try to question Alexander as a witness, they, responded by saying, “We do not conduct criminal investigative proceedings publicly.”
It seems Germany’s chief federal investigator may ultimately follow the dictum given by Foschepoth: “The German government is more concerned about keeping the Americans happy than it is about our constitution.”
By Sven Becker, Hubert Gude, Judith Horchert, Andy Müller-Maguhn, Laura Poitras, Ole Reißmann, Marcel Rosenbach, Jörg Schindler, Fidelius Schmid, Michael Sontheimer and Holger Stark
Translated from the German by Charles Hawley and Daryl Lindsey
06/18/2014 04:20 PM
By SPIEGEL Staff
© SPIEGEL ONLINE 2014