Interview mit Edward Snowden; NSA liefert BND Werkzeuge für Lauschangriff

Welche Macht hat die US-Lauschbehörde NSA? Nach SPIEGEL-Recherchen ist die Zusammenarbeit zwischen Amerikanern und BND offenbar intensiver als bislang bekannt. Geheimdienst-Enthüller Edward Snowden sagt in einem Interview: Die NSA-Leute steckten “unter einer Decke mit den Deutschen”.

Hamburg – Die NSA kontrolliert das Internet, hat Edward Snowden enthüllt. Selbst die engen Verbündeten werden von den USA ausgespäht. Doch die Deutschen wollen davon nichts gewusst haben.

Die NSA-Leute steckten “unter einer Decke mit den Deutschen”, erklärt Edward Snowden in einem Interview, das der SPIEGEL in seiner neuen Ausgabe veröffentlicht. Nach Angaben des Geheimdienst-Enthüllers gebe es in der US-Lauschbehörde NSA das “Foreign Affairs Directorate”, das zuständig für Kooperationen mit anderen Ländern sei.

Die Zusammenarbeit werde so organisiert, dass Behörden anderer Länder “ihr politisches Führungspersonal vor dem ‘Backlash’ schützen” können, falls herauskommen sollte, wie “massiv die Privatsphäre von Menschen missachtet wird”, sagt der US-Amerikaner. Und weiter: Telekommunikationsfirmen würden mit der NSA kooperieren, Personen würden normalerweise “aufgrund etwa des Facebook-Profils oder der eigenen E-Mails als Zielobjekt markiert”.

Das Interview wurde von dem amerikanischen Chiffrier-Experten Jacob Appelbaum und der Dokumentarfilmerin Laura Poitras mit Hilfe verschlüsselter E-Mails geführt, kurz bevor Snowden als Whistleblower weltweit bekannt wurde.

Snowden sitzt wahrscheinlich noch immer im Transitbereich des Moskauer Flughafens fest. Inzwischen haben ihm Venezuela und Nicaragua Asyl angeboten. Doch seit der Offerte am Samstag habe man keinen Kontakt mit Snowden gehabt, sagte der Außenminister Venezuelas Elías Jaua.

BND-Chef bestätigt Zusammenarbeit mit der NSA

Nach SPIEGEL-Recherchen ist die Zusammenarbeit zwischen der NSA und dem Bundesnachrichtendienst (BND) offenbar deutlich intensiver als bislang bekannt. So lieferte die NSA die Analyse-Tools für den Lauschangriff des BND auf ausländische Datenströme, die durch Deutschland führen. Im Fokus des BND steht unter anderem die Nahost-Strecke, über die Datenpakete etwa aus Krisenregionen verlaufen.

Insgesamt zieht der BND nach SPIEGEL-Recherchen aus fünf digitalen Knotenpunkten Informationen, die in Pullach analysiert werden. BND-Chef Gerhard Schindler bestätigte den Mitgliedern des Parlamentarischen Kontrollgremiums die Zusammenarbeit mit der NSA.

Das Bundesamt für Verfassungsschutz, das für Spionageabwehr zuständig ist, untersucht derzeit, wo die NSA Zugriff auf den Internetverkehr nimmt, der durch Deutschland geht. Eine erste Analyse ergab keine Klarheit, sagte der Präsident des Bundesamts für Verfassungsschutz (BfV), Hans-Georg Maaßen. “Wir haben bislang keine Erkenntnisse, dass Internetknotenpunkte in Deutschland durch die NSA ausspioniert wurden”, sagte Maaßen dem SPIEGEL.

Neuer Stützpunkt in Wiesbaden

Ein neuer Stützpunkt der US-Armee auf dem Boden der Bundesrepublik, den auch die NSA nutzen soll, ist mit den deutschen Behörden abgesprochen. In Wiesbaden wird derzeit ein neues “Consolidated Intelligence Center” errichtet. Für 124 Millionen Dollar entstehen abhörsichere Büros und ein Hightech-Kontrollzentrum. Sobald die Anlage in Wiesbaden fertiggestellt ist, wird ein bislang genutzter Komplex bei Darmstadt geschlossen.

Die Amerikaner vertrauen bei dem Neubau in Wiesbaden nur auf Landsleute. Die Baufirmen müssen aus den USA stammen und sicherheitsüberprüft sein. Und selbst die Materialien sollen aus den Vereinigten Staaten importiert und auf ihrem Weg nach Deutschland überwacht werden.

07. Juli 2013, 08:17 Uhr

Find this story at 7 July 2013

© SPIEGEL ONLINE 2013

Answers to Frequently Asked Questions (FAQ) about Echelon

Q – What is Project ECHELON?

ECHELON is the term popularly used for an automated global interception and relay system operated by the intelligence agencies in five nations: the United States, the United Kingdom, Canada, Australia and New Zealand (it is believed that ECHELON is the code name for the portion of the system that intercepts satellite-based communications). While the United States National Security Agency (NSA) takes the lead, ECHELON works in conjunction with other intelligence agencies, including the Australian Defence Signals Directorate (DSD). It is believed that ECHELON also works with Britain’s Government Communications Headquarters (GCHQ) and the agencies of other allies of the United States, pursuant to various treaties. (1)

These countries coordinate their activities pursuant to the UKUSA agreement, which dates back to 1947. The original ECHELON dates back to 1971. However, its capabilities and priorities have expanded greatly since its formation. According to reports, it is capable of intercepting and processing many types of transmissions, throughout the globe. In fact, it has been suggested that ECHELON may intercept as many as 3 billion communications everyday, including phone calls, e-mail messages, Internet downloads, satellite transmissions, and so on. (2) The ECHELON system gathers all of these transmissions indiscriminately, then distills the information that is most heavily desired through artificial intelligence programs. Some sources have claimed that ECHELON sifts through an estimated 90 percent of all traffic that flows through the Internet. (3)

However, the exact capabilities and goals of ECHELON remain unclear. For example, it is unknown whether ECHELON actually targets domestic communications. Also, it is apparently very difficult for ECHELON to intercept certain types of transmissions, particularly fiber communications.

Q – How does ECHELON work?

ECHELON apparently collects data in several ways. Reports suggest it has massive ground based radio antennae to intercept satellite transmissions. In addition, some sites reputedly are tasked with tapping surface traffic. These antennae reportedly are in the United States, Italy, England, Turkey, New Zealand, Canada, Australia, and several other places. (4)

Similarly, it is believed that ECHELON uses numerous satellites to catch “spillover” data from transmissions between cities. These satellites then beam the information down to processing centers on the ground. The main centers are in the United States (near Denver), England (Menwith Hill), Australia, and Germany. (5)

According to various sources, ECHELON also routinely intercepts Internet transmissions. The organization allegedly has installed numerous “sniffer” devices. These “sniffers” collect information from data packets as they traverse the Internet via several key junctions. It also uses search software to scan for web sites that may be of interest. (6)

Furthermore, it is believed that ECHELON has even used special underwater devices which tap into cables that carry phone calls across the seas. According to published reports, American divers were able to install surveillance devices on to the underwater cables. One of these taps was discovered in 1982, but other devices apparently continued to function undetected. (7)
It is not known at this point whether ECHELON has been able to tap fiber optic phone cables.

Finally, if the aforementioned methods fail to garner the desired information, there is another alternative. Apparently, the nations that are involved with ECHELON also train special agents to install a variety of special data collection devices. One of these devices is reputed to be an information processing kit that is the size of a suitcase. Another such item is a sophisticated radio receiver that is as small as a credit card. (8)

After capturing this raw data, ECHELON sifts through them using DICTIONARY. DICTIONARY is actually a special system of computers which finds pertinent information by searching for key words, addresses, etc. These search programs help pare down the voluminous quantity of transmissions which pass through the ECHELON network every day. These programs also seem to enable users to focus on any specific subject upon which information is desired. (9)

Q – If ECHELON is so powerful, why haven’t I heard about it before?

The United States government has gone to extreme lengths to keep ECHELON a secret. To this day, the U.S. government refuses to admit that ECHELON even exists. We know it exists because both the governments of Australia (through its Defence Signals Directorate) and New Zealand have admitted to this fact. (10) However, even with this revelation, US officials have refused to comment.

This “wall of silence” is beginning to erode. The first report on ECHELON was published in 1988. (11) In addition, besides the revelations from Australia, the Scientific and Technical Options Assessment program office (STOA) of the European Parliament commissioned two reports which describe ECHELON’s activities. These reports unearthed a startling amount of evidence, which suggests that Echelon’s powers may have been underestimated. The first report, entitled “An Appraisal of Technologies of Political Control,” suggested that ECHELON primarily targeted civilians.

This report found that:

The ECHELON system forms part of the UKUSA system but unlike many of the electronic spy systems developed during the cold war, ECHELON is designed for primarily non-military targets: governments, organisations and businesses in virtually every country. The ECHELON system works by indiscriminately intercepting very large quantities of communications and then siphoning out what is valuable using artificial intelligence aids like Memex to find key words. Five nations share the results with the US as the senior partner under the UKUSA agreement of 1947, Britain, Canada, New Zealand and Australia are very much acting as subordinate information servicers.

Each of the five centres supply “dictionaries” to the other four of keywords, phrases, people and places to “tag” and the tagged intercept is forwarded straight to the requesting country. Whilst there is much information gathered about potential terrorists, there is a lot of economic intelligence, notably intensive monitoring of all the countries participating in the GATT negotiations. But Hager found that by far the main priorities of this system continued to be military and political intelligence applicable to their wider interests. Hager quotes from a “highly placed intelligence operatives” who spoke to the Observer in London. “We feel we can no longer remain silent regarding that which we regard to be gross malpractice and negligence within the establishment in which we operate.” They gave as examples. GCHQ interception of three charities, including Amnesty International and Christian Aid. “At any time GCHQ is able to home in on their communications for a routine target request,” the GCHQ source said. In the case of phone taps the procedure is known as Mantis. With telexes its called Mayfly. By keying in a code relating to third world aid, the source was able to demonstrate telex “fixes” on the three organisations. With no system of accountability, it is difficult to discover what criteria determine who is not a target. (12)

A more recent report, known as Interception Capabilities 2000, describes ECHELON capabilities in even more elaborate detail. (13) The release of the report sparked accusations from the French government that the United States was using ECHELON to give American companies an advantage over rival firms. (14) In response, R. James Woolsey, the former head of the US Central Intelligence Agency (CIA), charged that the French government was using bribes to get lucrative deals around the world, and that US surveillance networks were used simply to level the playing field. (15) However, experts have pointed out that Woolsey missed several key points. For example, Woolsey neglected to mention alleged instances of economic espionage (cited in Intelligence Capabilities 2000) that did not involve bribery. Furthermore, many observers expressed alarm with Woolsey’s apparent assertion that isolated incidents of bribery could justify the wholesale interception of the world’s communications. (16)

The European Parliament formed a temporary Committee of Enquiry to investigate ECHELON abuses. (17) In May 2001, members of this committee visited the United States in an attempt to discover more details about ECHELON. However, officials from both the NSA and the US Central Intelligence Agency (CIA) canceled meetings that they had previously scheduled with the European panel. The committee’s chairman, Carlos Coelho, said that his group was “very disappointed” with the apparent rebuffs; in protest, the Parliamentary representatives returned home a day early. (18)

Afterwards, the committee published a report stating that ECHELON does indeed exist and that individuals should strongly consider encrypting their emails and other Internet messages. (19) However, the panel was unable to confirm suspicions that ECHELON is used to conduct industrial espionage, due to a lack of evidence. (20) Ironically, the report also mentioned the idea that European government agents should be allowed greater powers to decrypt electronic communications, which was criticized by some observers (including several members of the committee) as giving further support to Europe’s own ECHELON-type system. (21) The European Parliament approved the report, but despite the apparent need for further investigation, the committee was disbanded. (22) Nevertheless, the European Commission plans to draft a “roadmap” for data protection that will address many of the concerns aired by the EP panel. (23)

Meanwhile, after years of denying the existence of ECHELON, the Dutch government issued a letter that stated: “Although the Dutch government does not have official confirmation of the existence of Echelon by the governments related to this system, it thinks it is plausible this network exists. The government believes not only the governments associated with Echelon are able to intercept communication systems, but that it is an activity of the investigative authorities and intelligence services of many countries with governments of different political signature.” (24)These revelations worried Dutch legislators, who had convened a special hearing on the subject. During the hearing, several experts argued that there must be tougher oversight of government surveillance activities. There was also considerable criticism of Dutch government efforts to protect individual privacy, particularly the fact that no information had been made available relating to Dutch intelligence service’s investigation of possible ECHELON abuses.(25)

In addition, an Italian government official has begun to investigate Echelon’s intelligence-gathering efforts, based on the belief that the organization may be spying on European citizens in violation of Italian or international law. (26)

Events in the United States have also indicated that the “wall of silence” might not last much longer. Exercising their Constitutionally created oversight authority, members of the House Select Committee on Intelligence started asking questions about the legal basis for NSA’s ECHELON activities. In particular, the Committee wanted to know if the communications of Americans were being intercepted and under what authority, since US law severely limits the ability of the intelligence agencies to engage in domestic surveillance. When asked about its legal authority, NSA invoked the attorney-client privilege and refused to disclose the legal standards by which ECHELON might have conducted its activities. (27)

President Clinton then signed into law a funding bill which required the NSA to report on the legal basis for ECHELON and similar activities. (28) However, the subsequent report (entitled Legal Standards for the Intelligence Community in Conducting Electronic Surveillance) gave few details about Echelon’s operations and legality. (29)

However, during these proceedings, Rep. Bob Barr (R-GA), who has taken the lead in Congressional efforts to ferret out the truth about ECHELON, stated that he had arranged for the House Government Reform and Oversight Committee to hold its own oversight hearings.(30)

Finally, the Electronic Privacy Information Center has sued the US Government, hoping to obtain documents which would describe the legal standards by which ECHELON operates.(31)

Q – What is being done with the information that ECHELON collects?

The original purpose of ECHELON was to protect national security. That purpose continues today. For example, we know that ECHELON is gathering information on North Korea. Sources from Australia’s DSD have disclosed this much because Australian officials help operate the facilities there which scan through transmissions, looking for pertinent material. (32) Similarly, the Spanish government has apparently signed a deal with the United States to receive information collected using ECHELON. The consummation of this agreement was confirmed by Spanish Foreign Minister Josep Pique, who tried to justify this arrangement on security grounds. (33)

However, national security is not Echelon’s only concern. Reports have indicated that industrial espionage has become a part of Echelon’s activities. While present information seems to suggest that only high-ranking government officials have direct control over Echelon’s tasks, the information that is gained may be passed along at the discretion of these very same officials. As a result, much of this information has been given to American companies, in apparent attempts to give these companies an edge over their less knowledgeable counterparts. (34)

In addition, there are concerns that Echelon’s actions may be used to stifle political dissent. Many of these concerns were voiced in a report commissioned by the European Parliament. What is more, there are no known safeguards to prevent such abuses of power. (35)

Q – Is there any evidence that ECHELON is doing anything improper or illegal with the spying resources at its disposal?

ECHELON is a highly classified operation, which is conducted with little or no oversight by national parliaments or courts. Most of what is known comes from whistleblowers and classified documents. The simple truth is that there is no way to know precisely what ECHELON is being used for.

But there is evidence, much of which is circumstantial, that ECHELON (along with its British counterpart) has been engaged in significant invasions of privacy. These alleged violations include secret surveillance of political organizations, such as Amnesty International. (36) It has also been reported that ECHELON has engaged in industrial espionage on various private companies such as Airbus Industries and Panavia, then has passed along the information to their American competitors. (37) It is unclear just how far Echelon’s activities have harmed private individuals.

However, the most sensational revelation was that Diana, Princess of Wales may have come under ECHELON surveillance before she died. As reported in the Washington Post, the NSA admitted that they possessed files on the Princess, partly composed of intercepted phone conversations. While one official from the NSA claimed that the Princess was never a direct target, this disclosure seems to indicates the intrusive, yet surreptitious manner by which ECHELON operates. (38)

What is even more disquieting is that, if these allegations are proven to be true, the NSA and its compatriot organizations may have circumvented countless laws in numerous countries. Many nations have laws in place to prevent such invasions of privacy. However, there are suspicions that ECHELON has engaged in subterfuge to avoid these legal restrictions. For example, it is rumored that nations would not use their own agents to spy on their own citizens, but assign the task to agents from other countries. (39) In addition, as mentioned earlier, it is unclear just what legal standards ECHELON follows, if any actually exist. Thus, it is difficult to say what could prevent ECHELON from abusing its remarkable capabilities.

Q – Is everyone else doing what ECHELON does?

Maybe not everyone else, but there are plenty of other countries that engage in the type of intelligence gathering that ECHELON performs. These countries apparently include Russia, France, Israel, India, Pakistan and many others. (40) Indeed, the excesses of these ECHELON-like operations are rumored to be similar in form to their American equivalents, including digging up information for private companies to give them a commercial advantage.

However, it is also known that ECHELON system is the largest of its kind. What is more, its considerable powers are enhanced through the efforts of America’s allies, including the United Kingdom, Canada, Australia, and New Zealand. Other countries don’t have the resources to engage in the massive garnering of information that the United States is carrying out.

Notes

1. Development of Surveillance Technology and Risk of Abuse of Economic Information (An appraisal of technologies for political control), Part 4/4: The state of the art in Communications Intelligence (COMINT) of automated processing for intelligence purposes of intercepted broadband multi-language leased or common carrier systems, and its applicability to COMINT targeting and selection, including speech recognition, Ch. 1, para. 5, PE 168.184 / Part 4/4 (April 1999). See Duncan Campbell, Interception Capabilities 2000 (April 1999) (http://www.iptvreports.mcmail.com/stoa_cover.htm).

2. Kevin Poulsen, Echelon Revealed, ZDTV (June 9, 1999).

3. Greg Lindsay, The Government Is Reading Your E-Mail, TIME DIGITAL DAILY (June 24, 1999).

4. PE 168.184 / Part 4/4, supra note 1, Ch. 2, para. 32-34, 45-46.

5. Id. Ch. 2, para. 42.

6. Id. Ch. 2, para. 60.

7. Id. Ch. 2, para. 50.

8. Id. Ch. 2, para. 62-63.

9. An Appraisal of Technologies for Political Control, at 20, PE 166.499 (January 6, 1998). See Steve Wright, An Appraisal of Technologies for Political Control (January 6, 1998) (http://cryptome.org/stoa-atpc.htm).

10.Letter from Martin Brady, Director, Defence Signals Directorate, to Ross Coulhart, Reporter, Nine Network Australia 2 (Mar. 16, 1999) (on file with the author); see also Calls for inquiry into spy bases, ONE NEWS New Zealand (Dec. 28, 1999).

11. Duncan Campbell, Somebody’s listening, NEW STATESMAN, 12 August 1988, Cover, pages 10-12. See Duncan Campbell, ECHELON: NSA’s Global Electronic Interception, (last visited October 12, 1999) (http://jya.com/echelon-dc.htm).

12. PE 166.499, supra note 9, at 19-20.

13. PE 168.184 / Part 4/4, supra note 1.

14. David Ruppe, Snooping on Friends?, ABCNews.com (US) (Feb. 25, 2000) (http://abcnews.go.com/sections/world/dailynews/echelon000224.html).

15. R. James Woolsey, Why We Spy on Our Allies, WALL ST. J., March 17, 2000. See also CRYPTOME, Ex-CIA Head: Why We Spy on Our Allies (last visited April 11, 2000) (http://cryptome.org/echelon-cia2.htm).

16. Letter from Duncan Campbell to the Wall Street Journal (March 20, 2000) (on file with the author). See also Kevin Poulsen, Echelon Reporter answers Ex-CIA Chief, SecurityFocus.com (March 23, 2000) (http://www.securityfocus.com/news/6).

17. Duncan Campbell, Flaw in Human Rights Uncovered, HEISE TELEPOLIS, April 8, 2000. See also HEISE ONLINE, Flaw in Human Rights Uncovered (April 8, 2000) (http://www.heise.de/tp/english/inhalt/co/6724/1.html).

18.Angus Roxburgh, EU investigators ‘snubbed’ in US, BBC News, May 11, 2001 (http://news.bbc.co.uk/hi/english/world/europe/newsid_1325000/1325186.stm).

19.Report on the existence of a global system for intercepting private and commercial communications (ECHELON interception system), PE 305.391 (July 11, 2001) (available in PDF or Word format at http://www2.europarl.eu.int).

20. Id.; see also E-mail users warned over spy network, BBC News, May 29, 2001 (http://news.bbc.co.uk/hi/english/world/europe/newsid_1357000/1357264.stm).

21. Steve Kettman, Echelon Furor Ends in a Whimper, Wired News, July 3, 2001 (http://www.wired.com/news/print/0,1294,44984,00.html).

22. European Parliament resolution on the existence of a global system for the interception of private and commercial communications (ECHELON interception system) (2001/2098(INI)), A5-0264/2001, PE 305.391/DEF (Sept. 5, 2001) (available at http://www3.europarl.eu.int); Christiane Schulzki-Haddouti, Europa-Parlament verabsciedet Echelon-Bericht, Heise Telepolis, Sept. 5, 2001 (available at http://www.heise.de/tp/); Steve Kettman, Echelon Panel Calls It a Day, Wired News, June 21, 2001 (http://www.wired.com/news/print/0,1294,44721,00.html).

23. European Commission member Erkki Liikanen, Speech regarding European Parliament motion for a resolution on the Echelon interception system (Sept. 5, 2001) (transcript available at http://europa.eu.int).

24. Jelle van Buuren, Dutch Government Says Echelon Exists, Heise Telepolis, Jan. 20, 2001 (available at http://www.heise.de/tp/).

25. Jelle van Buuren, Hearing On Echelon In Dutch Parliament, Heise Telepolis, Jan. 23, 2001 (available at http://www.heise.de/tp/).

26. Nicholas Rufford, Spy Station F83, SUNDAY TIMES (London), May 31, 1998. See Nicholas Rufford, Spy Station F83 (May 31, 1998) (http://www.sunday-times.co.uk/news/pages/sti/98/05/31/stifocnws01003.html?999).

27. H. Rep. No. 106-130 (1999). See Intelligence Authorization Act for Fiscal Year 2000, Additional Views of Chairman Porter J. Goss (http://www.echelonwatch.org/goss.htm).

28. Intelligence Authorization Act for Fiscal Year 2000, Pub. L. 106-120, Section 309, 113 Stat. 1605, 1613 (1999). See H.R. 1555 Intelligence Authorization Act for Fiscal Year 2000 (Enrolled Bill (Sent to President)) http://www.echelonwatch.org/hr1555c.htm).

29. UNITED STATES NATIONAL SECURITY AGENCY, LEGAL STANDARDS FOR THE INTELLIGENCE COMMUNITY IN CONDUCTING ELECTRONIC SURVEILLANCE (2000) (http://www.fas.org/irp/nsa/standards.html).

30. House Committee to Hold Privacy Hearings, (August 16, 1999) (http://www.house.gov/barr/p_081699.html).

31. ELECTRONIC PRIVACY INFORMATION CENTER, PRESS RELEASE: LAWSUIT SEEKS MEMOS ON SURVEILLANCE OF AMERICANS; EPIC LAUNCHES STUDY OF NSA INTERCEPTION ACTIVITIES (1999). See also Electronic Privacy Information Center, EPIC Sues for NSA Surveillance Memos (last visited December 17, 1999) (http://www.epic.org/open_gov/foia/nsa_suit_12_99.html).

32. Ross Coulhart, Echelon System: FAQs and website links, (May 23, 1999).

33. Isambard Wilkinson, US wins Spain’s favour with offer to share spy network material, Sydney Morning Herald, June 18, 2001 (http://www.smh.com.au/news/0106/18/text/world11.html).

34. PE 168.184 / Part 4/4, supra note 1, Ch. 5, para. 101-103.

35. PE 166.499, supra note 9, at 20.

36. Id.

37. PE 168.184 / Part 4/4, supra note 1, Ch. 5, para. 101-102; Brian Dooks, EU vice-president to claim US site spies on European business, YORKSHIRE POST, Jan. 30, 2002 (available at http://yorkshirepost.co.uk).

38. Vernon Loeb, NSA Admits to Spying on Princess Diana, WASHINGTON POST, December 12, 1998, at A13. See Vernon Loeb, NSA Admits to Spying on Princess Diana, WASHINGTON POST, A13 (December 12, 1998) (http://www.washingtonpost.com/wp-srv/national/daily/dec98/diana12.htm).

39. Ross Coulhart, Big Brother is listening, (May 23, 1999).

40. PE 168.184 / Part 4/4, supra note 1, Ch. 1, para. 7.

Find this story at 2000

© ACLU

24 February 2000: Link to Presentation and Analysis Volume 1/5, by Peggy Becker, October 1999. Volume 1 renumbers the reports below.

20 August 1999
Source: Hardcopy of 61 pages. Thanks to Sten Linnarsson.

Find this story at 2000 part 1
Find this story at 2000 part 2
Find this story at 2000 part 3
Find this story at 2000 part 4
Campbell’s report: http://cryptome.org/jya/ic2000.zip (981KB)
http://www.fas.org/irp/program/process/docs/98-14-01-2en.pdf

This is part 1 of 4 of “Development of Surveillance Technology and Risk of Abuse of Economic Information (an appraisal of technologies of political control).”

Part 2: “The legality of the interception of electronic communications: A concise survey of the principal legal issues and instruments under international, European and national law,” by Prof. Chris Elliott: http://cryptome.org/dst-2.htm

Part 3: “Encryption and cryptosystems in electronic surveillance: a survey of the technology assessment issues,” by Dr. Franck Leprévost: http://cryptome.org/dst-3.htm

Part 4: “The state of the art in Communications Intelligence (COMINT) of automated processing for intelligence purposes of intercepted broadband multi-language leased or common carrier systems, and its applicability to COMINT targeting and selection, including speech recognition,” by Duncan Campbell: http://www.iptvreports.mcmail.com/stoa_cover.htm [dead]

Campbell’s report: http://cryptome.org/jya/ic2000.zip (981KB)

EUROPEAN PARLIAMENT

SCIENTIFIC AND TECHNOLOGICAL OPTIONS ASSESSMENT
STOA
DEVELOPMENT OF SURVEILLANCE
TECHNOLOGY AND RISK OF ABUSE
OF ECONOMIC INFORMATION
(An appraisal of technologies of political control)

Part 1/4

The perception of economic risks arising from the potential vulnerability
of electronic commercial media to interception

Survey of opinions of experts
Interim Study

Working document for the STOA Panel

Luxembourg, May 1999 PE 168.184/Int.St./part 1/4
Directorate General for Research

Cataloguing data:

Title:

Part 1/4 of:
DEVELOPMENT OF SURVEILLANCE TECHNOLOGY AND
RISK OF ABUSE OF ECONOMIC INFORMATION
(An appraisal of technologies of political control)

Workplan Ref.: EP/IV/B/STOA/98/1401

Publisher: European Parliament
Directorate General for Research
Directorate A
The STOA Programme

Author: Mr Nikos BOGONIKOLOS – ZEUS E.E.I.G.

Editor: Mr Dick HOLDSWORTH, Head of STOA Unit

Date: May 1999

PE number: PE 168. 184/Int.St./1/4

This document is a working Document for the ‘STOA Panel’. It is not an official publication of STOA.

This document does not necessarily represent the views of the European Parliament.

CONTENTS
PART A: OPTIONS
Introduction
General overview of the outcome of the survey (interim stage)
Views on privacy collected from the survey
General privacy issue
The market for privacy
The role of industry
The need for European legislation

Options for action on surveillance and privacy
PART B: ARGUMENTS AND EVIDENCE
General
Examples of Abuse of Economic Information
PART C: TECHNICAL FILE
1. INTRODUCTION
Surveillance and Privacy
Dataveillance Techniques
Risks Inherent in Data Surveillance
Controls

2. SURVEILLANCE: TOOLS AND TECHNIQUES – Current technologies
1. Visual Surveillance
2. Audio Surveillance
3. Phone Tapping and Encryption
4. Voice and Word Pattern Recognition
5. Proximity Smart Cards
6. Transmitter Location
7. E-mail at Workplace
8. Electronic Databases
9. The Internet

3. THE USE OF SURVEILLANCE TECHNOLOGY SYSTEMS FOR THE TRANSMISSION AND COLLECTION OF ECONOMIC INFORMATION
3.1 CALEA System
3.2 ECHELON Connection
3.3 Inhabitant identification Schemes

4. THE NATURE OF ECONOMIC INFORMATION SELECTED BY SURVEILLANCE TECHNOLOGY SYSTEMS
A. From telecommunication systems
B. From new information technologies (Internet)
C. Some examples of data collection on the Internet

5. PROTECTION FROM ELECTRONIC SURVEILLANCE
A. Encryption (Cryptography)
Private sector initiatives

B. Key – recovery
Encryption and the global information infrastructure
Key-Recovery: Requirements and proposals

6. SURVEILLANCE TECHNOLOGY SYSTEMS IN LEGAL AND REGULATORY CONTEXT
A. Privacy regulation
Multinational data protection measures
Data protection directive in Europe
Privacy regulation in the United States

B. Protection of Privacy in the telecommunications sector

C. Cryptography
Cryptography policy in USA
Cryptography policy guidelines from OECD
E. U. cryptography policy
Other national and international activities related to cryptography policy

D. Key recovery

E. European Initiatives
DLM-FORUM- Electronic Records
Promoting Safe Use of Internet
REFERENCES

PART A: OPTIONS

Introduction

The present study, ‘Development of surveillance technology and risk of abuse of economic information’ presents the interim results from a survey of the opinions of experts, together with additional research and analytical material by the authors. It has been conducted by ZEUS E.E.I.G. as part of a technology assessment project on this theme initiated by STOA in 1998 at the request of the Committee on Civil Liberties and Internal Affairs of the European Parliament. This STOA project is a follow-up to an earlier one entitled: “An appraisal of technologies of political control” conducted for the same Committee. The earlier project resulted in an Interim Study (PE 166.499) written by OMEGA Foundation, Manchester, and published by STOA on January 1998 and later updated (September 1998).

In the earlier study it was reported that within Europe all fax, e-mail and telephone messages are routinely intercepted by means of what is called the ECHELON global surveillance system. The monitoring was said to be “routine and indiscriminate”. The ECHELON system formed part of the UKUSA system, but unlike many of the electronic spy systems developed during the cold war, ECHELON was said to be designed for primarily non-military targets: governments, organisations and businesses in virtually every country.

In the present study the authors were requested to investigate the use of surveillance technology systems, for the collection and possible abuse of sensitive economic information.

The principal method selected was a procedure of data collection and processing based on a modified DELPHI method (to be referred to here as “the survey”). Under this method, a list of potential sources of data was prepared. These were some 49 experts from universities, industrial and commercial undertakings in the informations and telecommunications technology sector, as well as a smaller number of persons in international or governmental organisations. The experts were drawn from 11 Member States of the European Union, plus Cyprus, Norway and Switzerland.

The next step was the collection of the data. This was mostly achieved by direct interviews of the experts, with the use of a questionnaire. The views (data) were processed and a convergence examination performed. The convergence procedure was based on a recursive approach for the exclusion of the non-reliable data. The last step was the drawing of the analytical results.

General overview of the outcome of the survey

The predominant view among the experts was that since nowadays almost all economic information is exchanged through electronic means (telephone, fax, e-mail), and, in addition, all digital telecommunication devices and switches have enhanced wiretapping capabilities, for these reasons they suggested that we must focus on the protection of the data when transmitted (using encryption products), on the use of government-approved encryption products and on the adoption of common standards concerning encryption and key-recovery products. The position could be summed up in the statement that ‘since it is difficult to prove that economic information has been captured by ECHELON system and passed on by the NSA, we have to consider privacy protection in a global international networked society’.

In summary, therefore, we see that two perceptions of this question emerge: (1) a concern about the possible threat to privacy and economic and civil rights potentially posed by global clandestine electronic surveillance systems operated by large and powerful secret government agencies, and (2) anxiety about the problems of commercial and personal privacy which arise now that so much commercial and other communications traffic is conducted over the Internet. Managers of businesses engaged in electronic commerce may perhaps be concerned about global clandestine surveillance systems: what is certain is that they are worried in a more familiar way about threats to commercial security posed by the nature of the new electronic business media and their possible vulnerability to interception by competitors and fraudsters.

Reflecting the feedback from the survey, the present study tends to reflect Perception 2, whereas the earlier one of 1998 tended to reflect Perception 1.

Advances in information and communication technologies have fostered the development of complex national and international networks which enable thousands of geographically dispersed users to distribute, transmit, gather and exchange all kinds of data. Transborder electronic exchanges — private, professional, industrial and commercial — have proliferated on a global scale and are bound to intensify among businesses and between businesses and consumers, as electronic commerce develops.

At the same time developments in digital computing have increased the capacity for accessing, gathering, recording, processing, sorting, comparing and linking alphanumeric, voice and image data. This substantial growth in international networks and the increase in economic data processing have arisen the need at securing privacy protection in transborder data flows.

Today, it is not necessary to define new principles for the protection of data (and privacy) in an expanding global electronic environment. It is necessary to define the appropriate means of putting the established principles into practice, particularly on the information and communication networks.

An active education strategy may be one of the ways to help achieve on-line and privacy protection and to give all actors the opportunities to understand their common interests.

Common technological solutions can assist in implementing privacy and data protection guidelines in global information networks. The general optimism about technological solutions, the pressure to collect economic information and the need for political and social policy decisions to ensure privacy must be considered.

The growth in international networks and the increase in economic data processing have arisen the need at securing privacy protection in transborder data flows and especially the use of contractual solutions. Global E-Commerce has changed the nature of retailing. There were great cultural and legal differences between countries affecting attitudes to the use of sensitive data (economic or personal) and the issue of applicable law in global transaction had tope resolved. Contracts might bridge the gab between those with legislation and the others.

Since Internet symbolised global commerce, faced with a rapid expansion in the numbers of transactions, there is a need to define a stable lasting framework for business. Internet is changing profound the markets and adjusting new contracts. To that reality is a complex problem.

Views on privacy collected from the survey

In this section the experts’ views on the various privacy issues are reported. The information was mostly collected by direct interviews of the experts, based on a predefined questionnaire.

General privacy issues

Privacy can be a contentious subject because it means different things to different people. The definition given is: “Privacy is the claim of individuals, groups, or institutions to determine for themselves how, when and to what extent information about them is communicated to others”
A clear problem expressed is that in an electronic environment, it becomes hard to differentiate between a private and public place and therefore what should be protected and what should not.
It was argued that is unreasonable for the society to subsidise the cost of individuals to maintain their privacy, pointing out that most people will choose utility over security (and consequently privacy)
It was suggested that privacy in many ways sacrifices other goods (time, effort and energy among them) in order to obtain it.
Three basic tools necessary for privacy protection were outlined: notice (to the data supplier), consent (to the consumer), and accountability.
Although accountability may be essential to ensuring privacy, it unfortunately conflicts with the anonymity, privacy implies. For any commerce to take place on the Internet, therefore, some level of anonymity and therefore privacy must be sacrificed. The question to be answered is ” how much and who will decide”.

The market for privacy

When the European Commission adopted the privacy directive (95/46/EC), it stated that privacy protection is a central precondition to consumers’ acceptance of electronic commerce. Accordingly, a critical issue experts argued, was whether there was a “market failure’ in the electronic environment that required some sort of government intervention to ensure data privacy.
Some experts responded that data privacy is not purely a public good, and so at some point someone will have a market incentive to protect it. Some corporations that have tried to market their strong privacy protection have yet to see any results and have concluded that: “privacy doesn’t sell”. Other industries have marketed privacy successfully (such as the cellular telephone industry) which could mean that the public demands for privacy are forthcoming and will eventually be profitable.
They feel that a question to be answered is: Who governs the responsibility of the information collector, or does society have to impose a sense of responsibility?”

The role of industry

Most experts expressed the view that the information industry should be primarily self-regulated: the industry is changing too rapidly for government legislative solutions, and most corporations are not simply looking at National or European but at global markets, which national governments cannot regulate.
Indeed several experts expressed the fear that any European attempt to allow USA to oversee (via global surveillance systems) data would lead to abuses by the government or other competitive companies.
They noted that many companies (such as Citibank) already inform consumers and clients that, unless told otherwise, they will disclose information to their affiliates. They suggested that a simple seal on the home page of a Web site, declaring that a company adheres to certain industry privacy standards might cease the fears of the public and offer some level of accountability.
Alternatively, they suggested that the media could act as an effective watchdog, informing consumers and companies of what information is being collected about them and how that information is being used.
They also noted that multinational companies could better negotiate for themselves across national boundaries than governments can. Electronic commerce is unlikely to gain popularity until the issues of notice, consent and recourse have been resolved. The market will force companies wishing to participate in this medium to address and solve these concerns.

The need for European legislation

Experts took the view that the European Parliament must now ask how, in a world of the Internet, one reconciles the objectives of protecting both: privacy and free flow of information.
In recent years there have been disclosures that unauthorised individuals have examined financial information from the Internal Revenue Service in USA. Several experts pointed to the flap over the decision by the Social Security Administration in USA to provide companies account information on-line. Each of these examples suggests that protecting data privacy may be a great challenge for the European Parliament.
Experts agreed that the European Parliament should play a role in creating a standard for disclosure. Several experts went further and argued the need of a privacy agency within the European Union to act as an ombudsman and to represent privacy interests, so that in debates between European Union and USA there is someone whose responsibility would be to protect privacy.
Whatever several experts believe the appropriate role for national governments to be in ensuring privacy in an electronic environment, some “private regulation” is already occurring on the Internet by the computer engines, who write code and decide computer standards. In fact experts suggested that when encryption software becomes ubiquitous it will push Internet commerce because it allows for potentially anonymous transactions, which will solve privacy issues by default.
It was pointed out that a group of high-tech companies in co-operation with standardisation organisations should agree on a web-based standard that would allow companies and consumers to interact with data collectors and inform them of what information they would be comfortable having disclosed to other parties.

Options for action on surveillance and privacy

The policy options for consideration by the committee on Civil Liberties and Internal Affairs of the European Parliament which emerged from the survey are:

Authorities in the EU and Member States should:

engage in a dialogue involving the private sector and individual users of networks in order to learn about their needs for implementing the privacy guidelines in the global network;

undertake an examination of private sector technical initiatives;

encourage the development of applications within global networks, of technological solutions that implement the privacy principles and uphold the right of users, businesses and consumers for protection of their privacy in the electronic environment.
Drafting methods for enforcing codes of conduct and privacy statements ranging from standardisation, labelling and certification in the global environment through third-party audit to formal enforcement by a regulatory body.
Definitions of the transactions which must remain anonymous, and technical capabilities for providing anonymity need to be specified.
Enforcement for the adoption of adequate standards (cryptography and key encryption) from all E.U. member states. Multilateral agreements with other countries could then be negotiated.
Drafting of common guidelines of credit information use (in each member state of the E.U. different restriction policies exist). It must be dear how those restrictions could apply to a globally operating credit reference agency.
Drafting of common specifications for cryptography systems and government access key recovery systems, which must be compatible with large scale, economical, secure cryptographic systems.
Enforcement for the adoption of special authorisation schemes for Information Society Services and supervision of their activities by National Authorisation Bodies.
Drafting of a common responsibilities framework for on-line service providers, who transmit and store third party information. This could be drafted and supervised by National PTTs.
The European Parliament should examine critically proposals from the US for the elimination of cryptography and the adoption of encryption controls supervised by US Agencies.
Annual statistics and reporting on abuse of economic information by any means must be reported to the Parliament of each member state of the E.U.
Measures for encouraging the formal education systems of each member state of the E.U. or the appropriate European Training Institute/Organisation to take up the general task of educating users in the technology and their rights.

PART B: ARGUMENTS AND EVIDENCE

General

Nowadays almost all economic information is exchanged through electronic means (telephone, fax, e-mail). In addition, all digital telecommunication devices and switches have enhanced wiretapping capabilities. As a conclusion we have to consider privacy protection in a global international networked society. And when we speak about electronic protection and privacy in the exchange of economic information, we actually speak for electronic commerce over the Internet.

The information society promises economic and social benefits for all: citizens, companies and governments. Advances in information and communication technologies have fostered the proliferation of private, professional, industrial and commercial transborder electronic exchanges on a global scale which are bound to intensify among businesses and between businesses and consumers as electronic commerce develops. New methods for processing the vast accumulation of data -such as data mining techniques- make it possible, on the basis of demographic data, credit information, details of on-line transactions etc, to identify new kinds of purchasing patterns or unusual relationships.

Indeed, compliance with rules governing the protection of privacy and personal data is crucial to establishing confidence in electronic transactions, and particularly in Europe, which has traditionally been heavily regulated in this area. The development of the global information society makes the convergence of government policies, the transparency of rules and regulations and their effective implementation on economic and social life. In particular, in the context of electronic commerce, the development of on-line commercial activities hinges to a large extent, not only on the faith consumers have in business in terms of guaranteed product delivery or security payment systems, but also on the confidence that users and consumers will have in the ways that businesses handle their personal data.

To operate with confidence on the global networks, most consumers need assurance that their on-line activities and electronic transactions will not be collected or used without their knowledge or made available to parties other than their initial correspondents. Neither linked to other data about them in order to compile behavioural profiles without their consent.

The importance of information and communication systems for society and the global economy is intensifying with the increasing value and quantity of data that is transmitted and stored on those systems. At the same time those systems and data are also increasingly vulnerable to a variety of threats such as unauthorised access and use, misappropriation, alteration and destruction. Proliferation of computers, increased computing power, interconnectivity, decentralisation, growth of networks and the number of users, as well as the convergence of information and communication technologies, while enhancing the utility of these systems, also increase system invulnerability.

Cryptography is an important component of secure information and communication systems and a variety of application have been developed that incorporate cryptographic methods to provide data security.

Although there are legitimate governmental, commercial and individual needs and uses for cryptography, it may also be used by individuals or entities for illegal activities, which can affect public safety, national security, the enforcement of laws, business interests, consumers interests or privacy. Governments together with industry and the general public, are challenged to develop balanced policies to address these issues.

Cryptography uses an algorithm to transform data in order to render it unintelligible to anyone who does not possess certain secret information (the cryptographic “key”), necessary for decryption of the data. Within the new concept of cryptography, rather than sharing one secret key, the new design uses two mathematically related keys for each communication party: a “public key” that is disclosed to the public and a corresponding “private key”, that is kept secret. A message that is encrypted with a public key can only be decrypted by the corresponding private key.

An important application for public key cryptography is “digital signature”, which can be used to verify the integrity of data or the authenticity of the sender of data. In this case, the private key is used to “sign” a message, while the corresponding public key is used to verify a “signed” message.

Public key cryptography plays an important role in developing information infrastructure. Much of the interest in information and communication networks and technologies centres on their potential to accommodate electronic commerce; however open networks such as the Internet present significant challenges for making enforceable electronic contracts and secure payments.

Since Electronic Commerce on one hand is one of the key strategies of the European Union and the privacy protection on the other hand, one of its main principles, E.U. in 1998 released three “key” working documents:

Proposal for a European Parliament and Council Directive on certain legal aspects of Electronic Commerce in the internal market [ COM(1998) 586 final].
Proposal for a European Parliament and Council directive on a common framework for electronic signatures [COM (1998)297 final].
Ensuring security and trust in electronic communication: “Towards a European framework for digital signatures and Encryption” [COM(1997) 503 final].

Increasing the number of people with authorised access to the critical infrastructure and to business data, will increase the likelihood of attack, whether through technical means, by exploitation of mistakes or through corruption. Further “key-recovery” requirements to the extent that they made encryption can have the effect of discouraging or delaying the deployment of cryptography in increasingly vulnerable computing and communication networks.

As the Internet and other communications systems reach further into everyday lives, national security, law enforcement and individual privacy have become perilously intertwined. Governments want to restrict the free flow of information; software producers are seeking ways to ensure consumers are not bugged from the very moment of purchase. The US is behind a world-wide effort to limit individual privacy and enhance the capability of its intelligence services to eavesdrop on personal conversations. The campaign has had two legal strategies: the first made it mandatory for all digital telephone switches, cellular and satellite phones and all developing communication technologies to build in surveillance capabilities; the second sought to limit the dissemination of software that contains encryption, a technique which allows people to scramble their communications and files to prevent others from reading them. The first effort to heighten surveillance opportunities was to force telecommunications companies to use equipment designed to include enhanced wiretapping capabilities. The end goal was to ensure that the US and its allied intelligence services could easily eavesdrop on telephone networks anywhere in the world. In the late 1980s, in a programme known internally as ‘Operation Root Canal’, US law enforcement officials demanded that telephone companies alta their equipment to facilitate the interception of messages. The companies refused but, after several years of lobbying, Congress enacted the Communications Assistance for Law Enforcement Act (CALEA) in 1994.

CALEA requires that terrestrial carriers, cellular phone services and other entities ensure that all their ‘ equipment, facilities or services’ are capable of expeditiously. . . enabling the government…to intercept… all wire and oral communications carried by the carrier…concurrently with their transmission.’ Communications must be interceptable in such a form that they could be transmitted to a remote government facility.

Manufacturers must work with industry and law enforcement officials to ensure that their equipment meets federal standards. A court can fine a company US$10,000 per day for each product that does not comply.

The passage of CALEA has been controversial but its provisions have yet to be enforced due to FBI efforts to include even more rigorous regulations under the law. These include the requirement that cellular phones allow for location-tracking on demand and that telephone companies provide capacity for up to 50,000 simultaneous wiretaps.

While the FBI lobbied Congress and pressured US companies into accepting a tougher CALEA, it also leaned on US allies to adopt it as an international standard. In 1991, the FBI held a series of secret meetings with EU member states to persuade them to incorporate CALEA into European law. The plan, according to an EU report, was to ‘call for the Western World (EU, US and allies) to agree to norms and procedures and then sell their products to Third World countries. Even if they do not agree to interception orders, they will find their telecommunications monitored by the UK-USA signals intelligence network the minute they use the equipment.’ The FBI’s efforts resulted in an EU Council of Ministers resolution that was quietly adopted in January 1995, but not publicly released until 20 months later. The resolution’s text is almost word for word identical to the FBI’s demands at home. The US government is now pressuring the International Telecommunications Union (ITU) to adopt the standards globally.

The second part of the strategy was to ensure that intelligence and police agencies could understand every communication they intercepted. They attempted to impede the development of cryptography and other security measures, fearing that these technologies would reduce their ability to monitor the emissions of foreign governments and to investigate crime.

These latter efforts have not been successful. A survey by the Global Internet Liberty Campaign (GILC) found that most countries have either rejected domestic controls or not addressed the issue at all. The GILC found that ‘many countries, large and small, industrialised and developing, seem to be ambivalent about the need to control encryption technologies’.

The FBI and the National Security Agency (NSA) have instigated efforts to restrict the availability of encryption world-wide. In the early 1970s, the NSA’s pretext was that encryption technology was ‘born classified’ and, therefore, its dissemination fell into the same category as the diffusion of A-bomb materials. The debate went underground until 1993 when the US launched the Clipper Chip, an encryption device designed for inclusion in consumer products. The Clipper Chip offered the required privacy, but the government would retain a ‘pass-key’ – anything encrypted with the chip could be read by government agencies.

Behind the scenes, law enforcement and intelligence agencies were pushing hard for a ban on other forms of encryption. In a February 1993 document, obtained by the Electronic Privacy Information Center (EPIC), they recommended ‘Technical solutions, such as they are, will only work if they are incorporated into all encryption products’.

To ensure that this occurs, legislation mandating the use of government-approved encryption products, or adherence to government encryption criteria, is required.’ The Clipper Chip was widely criticised by industry, public interest groups, scientific societies and the public and, though it was officially adopted, only a few were ever sold or used.

From 1994 onwards, Washington began to woo private companies to develop an encryption system that would provide access to keys by government agencies. Under the proposals – variously known as ‘key escrow’, ‘key recovery’ or ’trusted third parties’ – the keys would be held by a corporation, not a government agency, and would be designed by the private sector, not the NSA. The systems, however, still entailed the assumption of guaranteed access to the intelligence community and so proved as controversial as the Clipper Chip. The government used export incentives to encourage companies to adopt key escrow products: they could export stronger encryption, but only if they ensured that intelligence agencies had access to the keys.

Under US law, computer software and hardware cannot be exported if it contains encryption that the NSA cannot break. The regulations stymie the availability of encryption in the USA because companies are reluctant to develop two separate product lines — one, with strong encryption, for domestic use and another, with weak encryption, for the international market. Several cases are pending in the US courts on the constitutionality of export controls; a federal court recently ruled that they violate free speech rights under the First Amendment.
(… The NSA is one of the shadowiest of the US intelligence agencies. Until a few years ago, it existence was a secret and its charter and any mention of its duties are still classified. However, it does have a Web site (www.nsa.gov:8080) in which it describes itself as being responsible for the signals intelligence and communications security activities of the US government. One of its bases, Menwith Hill, was to become the biggest spy station in the world. Its ears — known as radomes — are capable of listening in to vast chunks of the communications spectrum throughout Europe and the old Soviet Union

In its first decade the base sucked data from cables and microwave links running through a nearby Post Office tower, but the communications revolutions of the Seventies and Eighties gave the base a capability that even its architects could scarcely have been able to imagine. With the creation of Intelsat and digital telecommunications, Menwith and other stations developed the capability to eavesdrop on an extensive scale on fax, telex and voice messages. Then, with the development of the Internet, electronic mail and electronic commerce, the listening posts were able to increase their monitoring capability to eavesdrop on an unprecedented spectrum of personal and business communications.

This activity has been all but ignored by the UK Parliament. When Labour MPs raised questions about the activities of the NSA, the Government invoked secrecy rules. It has been the same for 40years…. )

(Simon Davis report: http://www.telegraph.co.uk)

The FBI has not let up on efforts to ban products on which it cannot eavesdrop. In mid-1997, it introduced legislation to mandate that key-recovery systems be built into all computer systems. The amendment was adopted by several congressional Committees but the Senate preferred a weaker variant. A concerted campaign by computer, telephone and privacy groups finally stopped the proposal; it now appears that no legislation will be enacted in the current Congress.

While the key escrow approach was being pushed in the USA, Washington had approached foreign organisations and states. The linchpin for the campaign was David Aaron, US ambassador to the Organisation for Economic Co-operation and Development (OECD), who visited dozens of countries in what one analyst derided as a programme of ‘laundering failed US policy through international bodies to give it greater acceptance’.

Led by Germany and the Scandinavians, the EU has been generally distrustful of key escrow technology. In October 1997, the European Commission released a report which advised: ‘Restricting the use of encryption could well prevent law-abiding companies and citizens from protecting themselves against criminal attacks. It would not, however, totally prevent criminals from using these technologies.’ The report noted that ‘privacy considerations suggest limit the use of cryptography as a means to ensure data security and confidentiality’.

Some European countries have or are contemplating independent restrictions. France had a longstanding ban on the use of any cryptography to which the government does not have access. However, a 1996 law, modified the existing system, allowing a system of “tiers du confidence”, although it has not been implemented, because of EU opposition. In 1997, the Conservative government in the UK introduced a proposal creating a system of trusted third parties.

It was severely criticised at the time and by the new Labour government, which has not yet acted upon its predecessor’s recommendations. The debate over encryption and the conflicting demands of security and privacy are bound to continue. The commercial future of the Internet depends on a universally-accepted and foolproof method of on-line identification; as of now, the only means of providing it is through strong encryption. That put the US government and some of the world’s largest corporations, notably Microsoft, on a collision course. (Report of David Banisar, Deputy director of Privacy International and Simon Davies, Director General of Privacy International).

The issue of encryption divides the member states of the European Union. Last October the European Commission published a report entitled: “Ensuring security and Trust in Electronic Commerce”, which argued that the advantages of allowing law enforcement agencies access to encrypted messages are not clear and could cause considerable damage to the emerging electronic industry. It says that if citizens and companies “fear that their communications and transactions are being monitored with the help of key access or similar schemes unduly enlarging the general surveillance possibility of government agencies, they may prefer to remaining in the anonymous off-line world and electronic commerce will just not happen”.

However, Mr Straw said in Birmingham (JHA Informal JHA Ministers) that: “It would not be in the public interest to allow the improper use of encryption by criminals to be totally immune from the attention of law enforcement agencies”. The UK, along with France (which already has a law obliging individuals to use “crackable” software) and the USA, is out on a limb in the EU. “The UK presidency has a particular view and they are one of the access hard-liners. They want access: “them and the French”, commented an encryption expert. They are particularly about “confidential services” which ensure that a message can only be read by the person for whom it is intended who has a “key” to access it. The Commission’s report proposes “monitoring” Member States laws’ on “confidential services” to ensure they do not contravene the rules of the single market.

Examples of Abuse of Economic Information

In the course of collecting the data for and preparing this Interim Study various examples were cited of abuse of privacy via global surveillance telecommunication systems. A number of them is given in [54]. For the final version of the study, we shall see whether the experts have further comments to make on these examples, or whether they have new examples to suggest.

The consultation of experts in our survey so far yielded the following comments:

Since Internet has come to play a significant role in global commerce, then (as in Examples 1, 2, 3 and 4 cited below) Internet also became a tool of misleading information and a platform for deceitful advertisement.
On the positive side, Internet is a “golden highway” for those interested in the process of information.
However, apart from global surveillance technology systems, additional tools have been developed for surveillance. The additional tool used for information transferred via Internet or via Digital Global telecommunication systems is the capture of data with Taiga software. Taiga software has the possibility to capture, process and analyse multilingual information in a very short period of time (I billion characters per second), using key-words.

The examples given below are taken from the sources named:

Example 1

On January 15, 1990, the telephone network of AT&T company, in all the North-east part of USA faced serious difficulties. The network NuPrometheus had illegally owned and distributed the key-code of the operational system of AT&T Macintosh computer (Apple company).
J.P. Barlow: “A not terribly brief history of the Electronic Frontier Foundation,” 8 November 1990

Example 2

On January 24, 1990, the Electronic Frontier Foundation (EFF) in USA, accused a huge police operation under the encoded name “Sun Devil”, in which 40 computers and 23,000 diskettes were seized from teenagers, in 15 towns within USA. Teenager Craig Neidorf supported by EFF, not to be punished in 60 years prison and 120,000 USD penalty. Craig Neidorf had published in Phrack (a hackers magazine) part of the internal files of a telephone company.
M. Godwin: “The EFF and virtual communities,” 1991

Example 3

On June 25, 1998, in Absheim, an aircraft A-320 of the European Company “Airbus Industries” crashed during a demonstration flight. The accident was reportedly caused by dangerous manoeuvres. One person died and 20 were injured.

Very soon afterwards, and before the announcement of the official report, in the aerospace and transport Internet newsgroups there appeared many hostile messages against the Airbus undertaking and against the French company Aerospatiale as well, with which Airbus had close cooperation. Messages declared that the accident was to be expected because European engineers are not so highly qualified as American engineers. It was also clearly stated, that in the future similar accidents were to be expected.

Aerospatiale’s representatives took these hostile messages very seriously. They tried to discover the sources of messages and they finally realised that senders’ identification data, addresses and nodes were false. The source messages came from USA, from computers with misleading identification data and transferred from anonymous servers in Finland.
B. Martnet and Y.M. Marti: “L’intelligence econimique. Les yeux et les oreilles de 1′ enterprise, Editions d’organisation”. Paris 1995

Example 4

In October 31, 1994, in USA, an accident occurred to an ATR aircraft (of the European Consortium Aeritalia and Aerospatiale). Owing to this accident, a ban on ATR flights for two months was imposed. This decision became catastrophic on a commercial level for the company, because ATR was obliged to carry out test flights in fog conditions.

During this period, in Internet newsgroups (and especially in the AVSIG forum, supported by Compuserve), the exchange of messages was of vital significance. The messages supporting the European company were few, while the messages against ATR were many.

At the beginning of January 1995, there appeared a message from a journalist in this forum asking the following: “I have heard that ATR flights will begin soon. Can anybody confirm this information?” The answer came very soon. Three days after, unexpectedly, permission to continue ATR flights was given. The company learned this, as soon as the permission announced. But if they had actively participated in the newsgroups, they would have gained some days to inform their offices and their clients.
“Des langages pour analyser la poussiere d’ info”, Liberation, 9 June 1995

Example 5

The government of Brasil in 1994, announced its intention to assign an international contract (Amazonios). This procurement was of great interest since the total amount available for the contract was 1,4 billion USD. From Europe, the French companies Thomson and Alcatel expressed their interest and from USA, the huge weapon industry Raytheon. Although the offer of the French companies was technically excellent and allegedly better documented, the contract was eventually assigned to the USA company. It was reported in the press that this was achieved with a new offensive strategy used by USA. When the government of Brazil was about to assign the contract to the French companies, American Officials (allegedly with the personal involvement of President Bill Clinton) readjusted their offer, according to the offer of the European companies, and asserted that French companies influenced the committee, an accusation which was never proved. On the other hand, the European companies were reported to have indications that the intention of the government of Brazil to assign the contract to the European companies became known to Americans with the use of FBI’s surveillance technologies.
“La nouvelle machine de querre americaine”, LeMonde du reseingnement no 158, 16 February 1995

Example 6

In January 1994 Edouard Balladur, French Prime Minister, went to Ryadh (Saudi Arabia), feeling certain to bring back a historic contract for more than 30 million francs in sale of weapons and, especially, Airbus. He returned disappointed. The contract went to the McDonnell-Douglas American company, rival of Airbus. The French were report to believe that this was at least in part due to electronic surveillance by the ECHELON system, which had given to the Americans the financial conditions and incentives authorised by Airbus.

French press reports said the National Security Agency is the most secret and most significant of the thirteen secret agencies of the United States. It receives about a third of the appropriations allocated with clandestine intelligence: 8 of the 26,6 billion dollars (160 18 billion francs) registered appropriations in the 1997 budget. With its 20.000 employees in United States and some thousands of agents throughout the world, the NSA (which forms part of ministry for Defence since its creation in 1956) is more important than the CIA, even if the latter is better known to the public. Its site at Fort Meade contains, according to sources familiar with the place, the greatest concentration of data processing power and mathematicians in the world. They are employed to sort and analyse the flood of data acquired by ECHELON on the networks of international telecommunications.
“Echelon est au service des interets americains”, Liberation, 21 April 1998

PART C: TECHNICAL FILE
1. INTRODUCTION

Surveillance and Privacy

Surveillance is the systematic investigation or monitoring of the actions or communications of one or more persons. It has traditionally been undertaken by physical means (e.g. prison guards on towers). In recent decades it has been enhanced through image amplification devices such as binoculars and high-resolution satellite cameras.

The basic born [sic] physical surveillance comprises watching (visual surveillance) and listening (aural surveillance). Monitoring may be undertaken remotely in space, with the aid of image amplification devices like field glasses, infrared binoculars, light amplifiers and satellite cameras and sound amplification devices like directional microphones; and remotely in time with the aid of image and sound recording devices.

Electronic devices have been developed to augment physical surveillance and offer new possibilities such as closed-circuit TV (CCTV), VCR, telephone bugging, Proximity cards, Electronic Database, etc.

In addition to physical surveillance, several kinds of communications surveillance are practiced, including mail covers and telephone interception.

The popular term electronic surveillance refers to both augmentations to physical surveillance (such as directional microphones and audio bugs) and to communication surveillance, particularly telephone taps.

The recent years have seen the emergence and refinement of a new form of surveillance no longer of the real person, but of the person’s data shadow or digital persona. Data surveillance or Dataveillance is the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons. Dataveillance is significantly lees expensive than physical and electronic surveillance, because it can be automated. As a result, the economic constraints on surveillance are diminished and more individuals and larger populations are capable of being monitored. Like surveillance, more generally, Dataveillance is of two kinds: “personal Dataveillance”, where a particular person has been previously identified as being of interest, “mass Dataveillance”, where a group or large population is monitored, in order to detect individuals of interest, and / or to deter people from stepping out of line.

Surveillance technology systems are mechanisms, which can identify, monitor and track movements and data. During the last few decades since information technology has become immensely sophisticated real benefits have been achieved in the development of surveillance technology systems.

On the other hand, negative impacts have been considerable:
The application of IT to the surveillance of people through their data.

IT technology may have substantial implications in privacy.

People often think of privacy as some kind of right. Unfortunately, the concept of a “right” is a problematic way to start, became a right seems to be some kind of absolute standard. What’s worse, is very easy to get confused between legal rights on one hand and natural or moral rights on the other. It turns out to be much more useful to think about privacy as one kind of thing (among many kinds of things) that people like to have lots of.

Privacy the interest that individuals have in sustaining a “personal space” free from interference by other people and organizations.

To a deeper level privacy turns out not to be a single interest but rather has several dimensions:

privacy of the person
privacy of personal behavior
privacy of personal communications
privacy of personal data

With the close coupling that has occurred between computing and communications, particularly since the 1980’s the last two aspects have become closely linked, and are commonly referred as information privacy.

Information privacy is the interest an individual has in controlling, or at least significantly influencing the handling of data about themselves.

The term ‘data privacy’ is sometimes used in the same way. ‘Data’ refers to inert numbers, where information implies the use of data by humans to extract meaning; hence ‘information privacy’ is arguably the more descriptive way of the two alternatives.

‘Confidentiality’ is an incidental and wholly inadequate substitute for proper information privacy, protection, where:
‘Confidentiality is the legal duty of individuals who come into the procession of information about others, especially in the course of particular kinds of relationships with them’.

Dataveillance Techniques

A variety of Dataveillnce techniques exists. Front-end verification (FEV), for example, comprises the checking of data supplied by an applicant (e.g. for a loan or government benefit) against data from a variety of additional sources, in order to identify discrepancies.

FEV may be applied as a person dataveillance tool where responsible grounds exist for suspecting that the information the person has provided may be unreliable; where, on the other hand, it is applied to every applicant, mass dataveillance is being undertaken. Data matching is a facilitative mechanism of particular value in mass dataveillance. It involves trawling through large volumes of data collected for different purposes, searching for discrepancies and drawing influences from them.
Personal dataveillance of previously identified individuals

integration of data hitherto stored in various locations within a single organization
screening or authentication of transactions against internal norms
front-end verification of transactions that appear to be exceptional, against data relevant to the matter at hand. and sought from other databases or from third parties.
front-end audit of individuals who appear to be exceptional against data related to other databases or from third parties.
cross-system enforcement against individuals, where a third party reports that the individual has committed a transgression in his or her relationship with the third party.

Mass dataveillance of groups of people.

screening or authentication of all transactions, where or not they appear to be exceptional, against internal norms
front-end verification of all transactions, whether or not they appear to be exceptional against data relevant to the matter at hand, as sought from other internal databases or from third parties.
front-end audit of individuals, whether or not they appear to be exceptional against data relevant to the matter at hand, as sought from other internal databases or from third parties.
single-factor file analysis of all data held or able to be acquired, whether or not they appear to be exceptional, variously involving transaction data compared against a norm, permanent data or other transaction data.
profiling or multi-factor file analysis of all data held or able to acquire, whether or not they appear to be exceptional, variously involving singular profiling of data held at a point in time, or aggregative profiling of transaction trails over time.

Facilitative mechanisms could be:

computer data matching, in which personal data records relating to many people are compared in order to identify cases of interest
data concentration, homely the combination of personal data interchange networks and hub systems.

Risks inherent in Data Surveillance

Data surveillance’s broader social impacts can be grouped as follows:
In personal dataveillance

low data quickly decisions [sic]
lack of subject knowledge of, and consent to, data flows
blacklisting
denial of redemsion [sic]

In mass surveillance
a. Risks to the individuals:

arbitrariness
a contextual data merger
complexity and incomprehensibility of data
witch hunts
ex-ante discrimination and guilt prediction
selective advertising
inversion of the onus of proof
covert operations
unknown accusations and accusers
denial of due process

b. Risks to society:

prevailing climate of suspicion
adversarial relationships
focus of law enforcement on easily detectable and provable offences
inequitable application of the law
decreased respect for the law and low enforcers
reduction in the meaningfulness of individual actions
reduction in self-reliance and self-determination
stultification of originality
increased tendency to opt out of the official level of society
weakening of society’s moral fibre and cohesion
destabilization of the strategic balance of
power repressive potential for the totalitarian government.

By way of example, individuals can suffer as a result of misunderstandings about the meaning of data on the file, or because the file contains erroneous data, which the individual does not understand and against which he / she has little or not chance of arguing without the help of a specialized lawyer.

Such seemingly small, but potentially very frustrating and infuriating personal problems can escalate into widespread distrust by people of government agencies and the legal system as a whole

Of course, many of the risks referred are diffuse. On the other hand, there is a critical economic difference between conventional forms of surveillance and Dataveillance.

Physical surveillance is expensive because it requires the application of considerable resources. Although (with few exceptions), this expense has been sufficient to restrict the use of surveillance. Admittedly the selection criteria used by the surveillance agencies have not always accorded with what the citizenry might have preferred, but at least its extent was limited. The effect was that in most countries the abuses affected particular individuals who had attracted the attention of the state, but were not so pervasive that artistic and potential freedoms were widely constrained.

Dataveillance changes all that. Dataveillance is relatively very cheap and getting cheaper all the time, thanks to progress in information technology. The economic limitations are overcome and the digital persona can be monitored with thoroughness and frequency and surveillance extended to whole populations. Nowadays, a number of particular populations have attracted the bulk of the attention, because the state already processed substantial data – holdings about them. There are social welfare recipients and employers of the state. Now that techniques have been refined, they are being pressed into more general usage, in the private as well in the public sector.

Controls

If dataveillance is burgeoning, controls are needed to ensure that its use is not excessive or unfair. There is a variety of natural or intrinsic controls, such as self-restraint and morality. Unfortunately morality has been shown many times to be an entirely inadequate influence over people’s behaviour. There is also the economic constraint, whereby work that isn’t worth doing tends not to get done, because people perceive better things to do with the same scarce resources. Regrettably this too is largely ineffective. Cost/benefit analysis of dataveillance measures is seldom performed, and when it has been the quality has generally been appalling. This reflects the dominance of political over economic considerations — both politicians and public servants want action to be seen to be being taken, and are less concerned about its effectiveness than its visibility.

If intrinsic controls are inadequate, extrinsic measures are vital. For example, the codes of ethics of professional bodies and industry associations could be of assistance. Regrettably, these are generally years behind the problems, and largely statements of aspiration rather than operational guidelines and actionable statements of what is and is not acceptable behaviour. Over twenty years after the information privacy movement gathered steam, there are few and very limited laws which make dataveillance activities illegal, or which enable regulatory agencies or the public to sue transgressing organisations. A (limited) statute exists at national level, but none at all at the level of State Governments. In any case, statutory regimes are often weak due to the power of data-using lobbies, the lack of organisation of the public, and the lack of comprehension and interest by politicians. The public has demonstrated itself as being unable to focus on complex issues; public apathy is only overcome when a proposal is presented simply and starkly, such as ’the State is proposing to issue you with a plastic card. You will need to produce it whenever anyone asks you to demonstrate that you have Permission to breathe’.

There is a tendency for dataveillance tools to be developed in advanced nations, which have democratic traditions and processes (however imperfect). There is a further tendency for the technology to be exported to less developed countries.

Many of these have less well-developed democratic traditions, more authoritarian and even repressive regimes. The control mechanisms in advanced western democracies are inadequate to cope with sophisticated dataveillance technologies; in third world countries there is very little chance indeed of new extrinsic controls being established to ensure balance in their application. It appears that some third-world countries may be being used as test-beds for new dataveillance technologies.

2. SURVEILLANCE: TOOLS AND TECHNIQUES – Current technologies

Surveillance is using some of the most advanced and sophisticated technology to keep track of individuals; where they go, what they do and even what they say.

Visual and audio surveillance are almost everywhere, and, modern electronic technology gives the possibility of keeping track of individual’s moments without cameras or microphones, just with surveillance of their data (Dataveillance )

1. Visual Surveillance

Closed-circuit TV (CCTV) is the most common electronic visual surveillance technique.

Recording can be in two modes: real-time or time-lapse. Real-time is regular TV (at 30 frames (second) showing full motion). Time-lapse selects only a few frames per time period, perhaps one or two per second, to record. The advantage of time-lapse is that it allows one tape to record for a much longer time than real time recording

Video electronics can be very sophisticated indeed and the recent trend is digital video. This allows using the QUAD recording system, a method of compressing four separate camera images into a single frame, so that the guard could see all four views on the monitor screen and record them on a VCR (Video Cassette Recorder) at the same time. These systems allow detailed surveillance and plant monitoring, so that responsibles can observe everything happening within the facility.

In the previous years may be, only the entrance (or specific spaces) would be under video surveillance. Now it is possible to have surveillance everywhere. Using hard disks instead of videotape allows keeping a record of several month’s worth of time-lapse video.

Cameras also are much more sophisticated today than years ago. New circuits allow the camera to ignore bright, light-emitting objects within their fields of view. Miniaturization allows easier concealment, infra-red cameras allow surveillance in darkness. Video surveillance is portable as well. The old days of concealing a camcorder in a briefcase or duffel bag have given way to subminiature cameras concealed in neckties and other items. Decoy items (items containing the surveillance equipment) include baseball caps, belt buckles, briefcases, eyeglasses and wristwatches.

CCTV is very quickly becoming an internal part of crime control policy, social control theory and Community consciousness. It is promoted by police and politicians as primary solution for urban dysfunction.

They are now used in many areas, including roads, trains, railway platforms, car parks, loading docks, shopping centers, individual retail stores, banks, automatic teller machines, petrol stations, lifts, lobby areas, cash handling and storage areas and employee recreation rooms.

Within the aims of the contract, this study looks at its usage in five main industrial contexts: retail stores, financial services, manufacturing, warehousing and distribution, larger office buildings and leisure and entertainment complexes.

Video surveillance is used in these industries for several reasons:

to minimize the risk of theft, especially in the retail industry for purposes of deterring and detecting crime
protect premises from threats to property such as sabotage, arson and vandalism
to monitor individual employee work performance
to improve customer service by observing peak periods and planning the allocation of staff throughout the day
to assist in staff training
to enhance health and safety standards
to ensure that employees comply with legal obligations
to protect employers from liability claims
to monitor production processes.

Most surveillance systems are being installed to prevent theft, either by outsiders or employees, but, video surveillance systems often are used for a range of purposes beyond what was originally intended. Surveillance systems which are initially installed for the purpose of protecting property against an external security threat can be used for other purposes, such as to monitor employees’ productivity and work behavior.

The routine use of video surveillance has the potential to undermine employees’ sense of privacy and dignity in the workplace. Surveillance is associated with increased levels of stress, undermining morale and creating distrust and suspicion between employees and management. While it may be an effective instrument to protect an employer from external security threats, it is not appropriate as a means of monitoring individual employee performance.

Covert surveillance with a smaller number of hidden cameras may in fact be a much popular and at the same time cheaper option than a general security system.

Some of the justifications offered for covert video surveillance are:

employers have a right to protect their business interests
covert surveillance affect fewer employees than overt surveillance and is much cheaper
if employees are unaware of surveillance, there is less risk of individual disputation
covert surveillance is often the most effective means of detecting unlawful activity.

2. Audio Surveillance

Audio surveillance is no longer merely an arcane art practiced by spies and private detectives. Today, it’s common place and spreading. Tape recorders are a fact of life, and they’re often used to document a transaction. Trying to telephone some companies and some government agencies there is a recording sign says: “This transaction is being recorded to help us assure …”.

In some companies the real purpose of tape recording conversation is to check how may the handle an hour, and to have evidence in case the customer says something that can used against him.

In prisons, officials often use electronic equipment to record all telephone conversations. Some of these are between lawyer and client, but all they go onto tape. It depends on the ethics of the guards whether they listen or not.

They are “high tech voice recorders” that put every conversation on a CD disk. A model made for correctional use is the “Laser voice”, using optional disk voice recording.

“Tube mike” is an electric device for “bugging” a room, motor vehicle, or other premises. It is a plastic tube passed through a small hole in a wall to conduct sound from the room to a small microphone at the other end.

This could be characterized as “non- access surveillance”.

“Tube microphones” come in all sizes. Some are relatively large plastic tubes (about 1/2” in diameter), but for tight spaces or maximum concealment there are “needle microphones” pressed against a wall to hear sounds in the next room.

If there is access to a room, a bug could be planted almost anywhere, even in the subject’s clothing. “Radio mikes” transmit whatever they pick up to a nearby receiver eliminating the need for tell-tale wires. Their only drawback, if they’re totally self-contained, is battery life. Other models fit into wall plugs, and take their power from the house current

One type of portable radio mike is the size and shape of a credit card, with a range of several hundred feet and a 30-hour battery life. Placed into the beast pocket of the subjects jacket, it permits monitoring a conversation held outdoors. The value of this is that many people think its possible to overhear a conversation held on the street or in a park, and that walking will defeat any prospect of a bug planted nearby.

In the open market there are several models of “gimmicked telephones” that use in the built in microphone to pick up any conversation in the room even when the telephone is not in use.

All the types of audio surveillance with miscellaneous bugging devices described before, are used today mainly in police and internal security agencies (such as FBI, NSA etc) or in companies security departments.

Telephone tapping still exists, but with today’s Electronic Switching System (ESS) its no longer necessary to go out and physically tap a person’s telephone line.

3. Phone Tapping and Encryption

Whenever a telephone line is tapped the privacy of the persons at both ends of the line is invaded and all conversations between them upon any subject and although proper, confidential and privileged ma be overheard.

The phone tapping normally used for surveillance of communications to combat “serious crime” and to protect “national security”.

On the other hand often companies keep records of phone numbers calls and the duration of such calls. In some companies these records are used to gauge job performance, while in others it simply allows employees to review calls and reimburse the employer for calls of a purely personal nature.

4. Voice and Word Pattern Recognition

Since it is no possible for an Agency or organization to employ a staff large enough to listen to all telephone conversations, read all faxes, etc, word recognition has to be computerized.

In this case a central computer could monitor all (or a group) of telephone conversations and recognize those in which the agency had an interest by using voice patterns and key words.

A wide variety of techniques are used to perform speech recognition. Typically speech recognition starts with the digital sampling of speech. The next stage is acoustic signal processing. Most techniques include spectral analysis e.g. LPC (Linear Predictive Coding), MFCC (Mel Frequency Cepstral Coefficients) cochlea modeling and many more.

The next stage is recognition of phonemes, groups of phonemes and words. This stage can be achieved by many processes such as DTW (Dynamic Time Warping), HMM (Hidden Markov modeling), expert systems and combination of techniques.

Most systems utilize some knowledge of the language to aid the recognition process. Some systems try to “understand” speech. That is try to convert the words into a representation of what the speaker intended to mean or achieve by what they said.

Voice and pattern recognition used as an advanced tool and a helpful technique (thanks to the IT) for surveillance of communications to combat “serious crime” or to protect “national security”

5. Proximity Smart Cards

Originally, electronic cards were substitutes for keys, which were too easy to reproduce. A metal key blank and a file where all that were necessary to duplicate a key, but more sophisticated equipment is necessary to duplicate even the simplest sort of electronic card.

The first type of electronic card used barium ferrite as magnetic dots embedded in the magnetic layer. This was a significant advance over punched cards, that were relatively easy to duplicate.

In the early 1970s, magnetic stripe cards were produced (by IBM), which are still used in credit cards and are somewhat more secure. However, they’re still too easy to forge and should pass through a magnetic stripe reader.

In the early 1980s, the advent of Application Specific Integrated Circuit (ASIC) technology, resulted in what quickly become known as “smart card” which could hold a variety of codes and information to make misuse or duplication almost impossible. This was the first “proximity card”, which did not require direct contact through a card recorder.

The proximity card is basically a “transponder” an electronic device that replies to a radio signal that “interrogates” it. The extended range model doesn’t require even placing it near the card reader, as it transmits to a receiver several feet away.

Use of proximity smart card as Transport card / E-purse

Transportation companies use the proximity smart cards to replace metro, bus, train tickets and boarding cards, etc.
The proximity smart card results in considerable time saving by greatly increasing passenger flow without diminishing security
With the contact part of the card, the proximity smart card is perfectly suited to financial transactions involving small amounts of money: automatic vending cafeterias, local shops, parking fees, cinemas, recreation / amusement parks, cultural and sports centers etc.

Use of proximity smart card as Access control / ID card

The company Proximity smart card contains data used to identify cardholders, as well as his own different access rights. The contactless part of the card is used to access building and other protected areas.
The contact portion can be used for network access, such as the Internet. With the electronic purse function it can be used in the company restaurant, at automatic vending machines, just like a traditional multi-service card.

One application, although, extends the proximity card’s usefulness by turning it into a tracking device. Proximity readers installed along the walls of a building allow tracking each card within the facility. If somebody is carrying one of these cards within a building so equipped, the central computer can sense exactly where he (she is at all times). There is a record of which area the employee (or visitor) is in, when he leaves, and where else within the building he may go. If the employee goes to the cafeteria, the computer will log when he lefts his work station, how long it took him to get to the cafeteria, which root he took, how long he remained in the cafeteria, when he started back and by which route, and when he arrived back in his work area. Likewise if he went to the bathroom. The computer can record whether he/she went to the men’s room or the ladies’ room.

Many countries are actively considering adopting national ID cards for the variety of functions. These include the United States, United Kingdom and Canada.

There are ID cards (credit cards) used for digital cash service which is supposed to be “anonymous”. But, it appears that the bank and the merchants could find the identity of the users.

The customer is identified to the trader and ultimate to the bank by the 300 previous transactions. Each of these will soon be superseded by further transactions and drop off end of the list.

These can be monitored by the bank and could be used for marketing purposes. This is the audit trail and could be sold to business users for third party marketing.

6. Transmitter Location

When a telephone or mobile phone used, the location of the user could be identified. The science of location radio uses three methods of finding a transmitter. The oldest is triangulation, in which several receiving stations with directional antennas take bearing on a transmission and communicate the bearing to a central plotting room.

Technicians trace each bearing on a map of the area and the intersection of the bearing pinpoints the location of the transmitter.

The second method requires several receives as well, and works by measuring the relative strengths of signals received. A computer analyses the strengths and determines the location of the transmitter

The third method also requires a computer-controlled chain of receives and measures the minute differences in the time the signal arrives at each receiver.

Formerly classified, these techniques are now available on the civilian market for law enforcement and private security. One application is locating stolen cars by pinpointing radio transmitters installed in the vehicle for this purpose.

Location of cellular phones in another application. Police today are using (in some countries) this application to pinpoint the location of cellphone users. Purportedly, this is to speed emergency response when a citizen calls for help (at home or in the road). Once the equipment is in place, it can, and must, serve other purposes. Criminal investigators will be able to pinpoint a specific cellphone each time the caller uses it, this will help an investigation into a stolen cellphone, or help locate wanted persons unwise enough to use cellphone or mobile phone.

Another device, sold only to police, is the “cellphone ESN Reader”, which reads the numbers of the targeted cellphone. This detects and records the cellular phone number, called number and ESN of the target phone of a ranges of up to two miles.

Theoretically, the technology can locate every cellphone and every mobile phone in the country every time someone makes a call on it (for cellphones) or just open it (for mobile phones).

7. E-mail at workplace

Personal messages the employee sent over his company’s e-mail are not private. They are not, and court decisions have held that they’re not.

It is a safe assumption that companies will keep an increasingly watchful eye on their internal email, and scrutinize what employees are saying to each other. It is easy to see that some companies may find that scrutinising staff e-mail can have more than one advantage for a company management. Originally instigated to avoid liability, reading employee’s e-mail can also serve to alert management of dishonesty, disloyalty or even matters like union activity.

8. Electronic Databases

The computer age has brought surveillance into a new era in which information about almost anybody is available to almost anybody.

Databases from Human Identification

There are a lot of government databases containing information about almost every resident in United States and in many European Countries as well.

A variety of person identification techniques are available, which can assist in associating data with them. Important examples of these techniques are:

names (what the person is called by other people)
codes (what the person is called by the organization)
knowledge (what the person knows)
biometrics (what the person is, does, or looks like e.g. appearance, natural physiography, etc.)

Data bases for financial surveillance

Financial records are gathered privately by several giant companies that specialize in this sort of information. These “credit reporting bureaus” purportedly maintain credit records, but in fact keep far more than credit information in their databases.

Other databases for human identification

There exist specialized databases available mainly to private investigators. These call information from telephone directories, city directories, voter registration records and many other public and private records to provide a profile of the person being investigated.

9. The Internet

The Internet, which began as a Computer communication network between Universities and laboratories decades ago, has turned into a vast public forum accessible to anyone with a computer.

International organizations, Public authorities, Companies, Universities, Research centers and individuals have access and exploit the Internet.

On the other hand Internet became:

an entertainment tool
a huge Information source
an important marketing tool
a big virtual electronic market with a considerable number of economic transactions every second

IT technology at the same time, restricted the individuals’ right to privacy since they could be identified through their ID number or through their records or transactions.

The growing rift between the needs of Internet Commerce and the individual’s right to privacy gave rise to the development of new tools.

In January 1999 Intel announced its plans for the development of a microchip containing embedded electronic serial numbers that allow individual computers to be readily identified.

The identities, similar to the unique vehicle identification numbers on cars and trucks would be a caller ID technology for computer.

But critics see it is on an ominous development, ushering in a new period of electronic surveillance. Privacy experts fear the new Intel chip could mean the death of anonymity on the Internet.

But this would appear to really variously endanger privacy on the Internet by creating a permanent ID number for every Intel user on the Net.

3. THE USE OF SURVEILLANCE TECHNOLOGY SYSTEMS FOR THE TRANSMISSION AND COLLECTION OF ECONOMIC INFORMATION

As the Internet and other communication systems reach further into the everyday lives, national security, low enforcement and individual privacy have become perilously intertwined. Governments want to restrict the free flow of information and software producers are seeking ways to ensure consumers are not bugged from the moment of purchases.

All developing communication technologies, digital telephone switches cellular and satellite phones HAVE SURVEILLANCE CAPABILITIES. On the other hand the development of software that contains encryption, a telephone which allows people to scramble their communications and files to prevent others from reading them gourd earth [sic].

3.1 CALEA system

The first effort to heighten surveillance opportunities (made by USA) was to force telecommunication companies to use equipment desired to include enhanced wiretapping capabilities.

In the late 1980s in a program known internally as “Operation Root Canal” US low enforcement officials demanded that telephone companies alter their equipment to facilitate the interception of messages. The companies refused but, after several years of lobbying, Congress enacted the Communications Assistance for Law Enforcement ACT (CALEA) in 1994.

CALEA requires that terrestrial cellular phone services and other entities ensure that all their equipment, facilities or services are capable of expeditiously, enabling the government to intercept all wire and oral communications varied by the carrier concurrently with their transmission.

Communications must be interceptable in such a form that they could be transmitted to a remote government facility. Manufactures must work with industry and low enforcement officials to ensure that their equipment meets federal standards.

The passage of CALEA has been controversial, but its provisions have yet to be enforced due to FBI efforts to include even more rigorous regulations under the law. These include: the requirement, the cell phones allow for location – tracking on demand and that telephone companies provide capacity for up to 50.000 simultaneous wiretaps.

CALEA finally has been accepted as an International standard in US. In 1991 the FBI contacted EU member states in order to propose to them do incorporate CALEA into European Law. This plan according to an EU report, was to call for the Western World (EU, US and allies) to agree to norms and procedures and then sell their products to Third World countries. There is a council resolution that was adopted on 17 January 1997 on the lawful interception of communications (961C329/a). The US government is now in negotiations with the International Telecommunications Unit (ITU) to adopt the standards globally.

3.2 ECHELON Connection

The previous STOA Interim Study (PE 166.499) entitled “An Appraisal of technologies of political control” made certain statements concerning the ECHELON global surveillance system. This is reported to be a world-wide surveillance system designed and coordinated by the US NSA (National Security Agency) that intercepts e-mail, fax, telex and international telephone communications carried via satellites and has been operating since the early 1980s – it is part of the post Cold War developments based on the UK-USA agreement signed between the UK, USA, Canada, Australia and New Zealand in 1948.

The five agencies said to be involved are: the US National Security Agency (NSA), the Government Communications Security Bureau (GCSB) in New Zealand, Government Communications Headquarters Signals Directorate (DSD) in Australia. The system was brought to light by the author Nicky Hager in his 1996 book Secret Power: New Zealand’s role in the International Spy Network. For this, he interviewed more than 50 people who work or have worked in intelligence who are concerned at the uses of ECHELON. It is said that “The ECHELON system is not designed to eavesdrop on a particular individual’s e-mail or fax link. Rather, the system works by indiscriminately intercepting very large quantities of communications and using computers to identify and extract messages from the mass of unwanted ones”.

According to Interim Study (PE 166.499) of 1998, there are reported to be three components to ECHELON:
1. The monitoring of Intelsats, international telecommunications satellites used by phone companies In most countries. A key ECHELON station is at Morwenstow in Cornwall monitoring Europe, the Atlantic and the Indian Ocean.

2. ECHELON interception of non-Intelsat regional communication satellites. Key monitoring stations are Menwith Hill in Yorkshire and Bad Aibling in Germany.

3. The final element of the ECHELON system is the surveillance of land-based or under-sea systems, which use cables or microwave tower networks.

At present it is thought ECHELON’s effort is primarily directed at the “written form” (e-mails, fixes, and telexes) but new satellite telephones system which take over from old land-based ones will be as vulnerable as the “written word”.

Each of the five centres supply to the other four “Dictionaries” of keywords, phrases, people and places to ‘stag” and tagged intercept is forwarded straight to the requesting country.

It is the interface of the ECHELON system and its potential development on phone calls combined with the standardisation of”tappable” telecommunications centres and equipment being sponsored by the EU and the USA which presents a truly global threat over which there are no legal or democratic controls.

The earlier study (PE 166.499) identified a number of options for the European Union, centred round the proposition that:
“All surveillance technologies, operations and practices should be subject to procedures to ensure democratic accountability and there should be proper codes of practice to ensure redress if malpractice or abuse takes place. Explicit criteria should be agreed for deciding who should be targeted for surveillance and who should not, how such data is stored, processed and shared. Such criteria and associated codes of practice should be made publicly available.”

Other points included:
– All requisite codes of practice should ensure that new surveillance technologies are brought within the appropriate data protection legislation.

– Given that data from most digital monitoring systems can be seamlessly edited, new guidance should be provided on what constitutes admissible evidence. This concern is particularly relevant to automatic identification systems which will need to take cognizance of the provisions of Article 15, of the 1995 European Directive on the Protection of Individuals and Processing of Personal Data.

– Regulations should be developed covering the provision of electronic bugging and tapping devices to private citizens and companies, so that their sale is governed by legal permission rather than self regulation.

– Use of telephone interception by Member states should be subject to procedures of public accountability referred to in (1) above. Before any telephone interception takes place a warrant should be obtained in a manna prescribed by the relevant parliament. In most cases, law enforcement agencies will not be permitted to self-authorise interception except in the most unusual of circumstances which should be reported back to the authorising authority at the earliest opportunity.

– Annual statistics on interception should be reported to each member states’ parliament. These statistics should provide comprehensive details of the actual number of communication devices intercepted and data should be not be aggregated. (This is to avoid the statistics only identifying the number of warrants, issued whereas organisations under surveillance may have many hundreds of members, all of whose phones may be subject to interception).

– Technologies facilitating the automatic profiling and pattern analysis of telephone calls to establish friendship and contact networks should be subject to the same legal requirements as those for telephone interception and reported to the relevant member state parliament.

– The European Parliament should reject proposals from the United States for making private messages via the global communications network (Internet) accessible to US Intelligence Agencies. Nor should the Parliament agree to new expensive encryption controls without a wide ranging debate within the EU on the implications of such measures. These encompass the civil and human rights of European citizens and the commercial rights of companies to operate within the law, without unwarranted surveillance by intelligence agencies operating in conjunction with multinational competitors.

3. Inhabitant identification Schemes

Inhabitant identification schemes are schemes, which provide all, or most people in the country with a unique code and a token (generally a card) containing the code.

Such schemes are used in many European Countries for a defined set of purposes, typically the administration of taxation, natural superannuation and health insurance. In some countries, they are used for multiple additional purposes.

4. THE NATURE OF ECONOMIC INFORMATION SELECTED BY SURVEILLANCE TECHNOLOGY SYSTEMS

A. From telecommunication systems

Concerning public authorities and organizations:

secret telephone conversations, fax messages and electronic mail
sensitive information concerning taxation
information concerning various fund transfers especially from one service to the other and financial transactions
data used in the critical banking infrastructure systems

Concerning business:

private business communication, including telephone conversations, fax messages and electronic mail
order from fund transfers and other financial transactions (e.g. payments by credit cards by fax)
sensitive business information and trade secrets

Concerning individuals:

private conversations, fax messages, e-mail
payments by credit cards
secret information concerning taxation

B. From new information technologies (Internet)

Concerning public authorities and organizations:

sensitive information and state secrets
tele-banking
tax records and other financial information
data used in the operation of critical infrastructure systems
public contracts received by electronic mail

Concerning business:

contracts
invoices and other official documents
secret electronic transactions
risk of international property and license in secret transactions
payment orders by credit cards
payments received on-line

Concerning consumers and individuals:

payment by credit cards
payment on-line
contracts and agreements
electronic financial transactions (e.g. tele-banking).

C. Some examples of data collection on tSe Internet

Data can be collected over the Internet either directly or indirectly; in other words, it can be collected either at the time of contact with a correspondent or without the knowledge of the person concerned, often automatically. The nature of the data collected varies according to the protocol used on the network i.e. according to the type of service. In practice, different protocols are very often used in combination to augment the profitability or quality of exchanges. For example, a Web page may propose an exchange of correspondence or a transfer of documents via links with the e-mail protocol and the protocol used for transferring files, which is more powerful.

When electronic messaging is used (Simple Mail Transfer Protocol — SMTP, and Network News Transfer Protocol — NNTP), communication is established from one personal mailbox to another, or between a personal mailbox and a mailbox common to a number of correspondents. The information transmitted consists of the name and e-mail address, the server address and the signature file (sig.file) if created by the user of the machine. If a communication is addressed to a joint mailbox, this information is given out to an indeterminate number of correspondents, participation in a discussion group being theoretically free. As a result, any person listed on a distribution list can at the very least obtain the e-mail addresses of all other listed parties, since this information is provided automatically for purposes of communication on a given topic.

While most downloading (File Transfer Protocol — FTP) is done anonymously, with only the network’s Internet Protocol — IP — address being revealed, the same cannot be said for document presentation (World Wide Web — WWW, Hyper Text Transfer Protocol — HTTP). The minimum information revealed at each step in the Web is the name of the network machine making the request and the type of browser being used. Browsers contain an identification — ID — file which, is configured by the user or at the user’s request, stores various personal data such as the user’s name or e-mail address. If a Web server requests this information, it can be automatically given out.

A Web server can also send out information, which is stored by the user’s navigator (so-called ‘cookies’) and retrieved at a subsequent connection to the server. This system indicates that a visitor has been there before, but without revealing his identity: identification requires matching with other information. As a result, when linked to the ID file incorporated into the browser and transmitted to a server, the information recorded in cookies c-an yield valuable user profiles. It can be noted, however, that some navigations — to a varying and often inadequate extent — allow use of these cookies to be blocked.

5. PROTECTION FROM ELECTRONIC SURVEILLANCE

A. Encryption (Cryptography)

Finally, new information technologies include the privacy of individuals, the security of data in the computer or on the network, and the availability of encryption software to protect data in the event they are intercepted. In this context, privacy refers to controlling the dissemination and use of data, including information that are unintentionally revealed as a by-product of the use of the information technologies themselves.

Security refers to the integrity of the data storage, processing, and transmitting systems and includes concerns about the reliability of the hardware and software, the protections against intrusion into the theft of the computer equipment, and the resistance of computer systems to infiltration by unpermitted users, that is, “hacking”. Encryption is the practice of encoding data so that even if a computer or network is compromised, the data’s content will remain secret. Security and encryption issues are important because they are central to public confidence in networks and to the use of the systems for the sensitive or secret data, such as the processing of information touching on national security. These issues are surpassingly controversial because of governments’ interest in preventing digital information from being impervious to official interception and decoding for low enforcement and other purposes.

Private sector initiatives

A large number of private sector interests, in the United States in particular, are attempting, a view to fostering electronic commerce, to promote technological solutions that will provide a a1 practical response to consumers concerns while still preserving business interests. In other words, they are starting to explore ways and means of making privacy work in communication networks. These initiatives go in the right direction and it would be worthwhile for governments to engage in a dialogue on the basis.

As an example, Netscape joined by Microsoft, is leading an industry initiative (40 companies) to cope with privacy issues and proposes standard software intended to enable computer users to control what personal information is obtained when they visit Internet sites and how the information is used, as well as avoid unwanted e-mail. The proposal, called the OPS — Open Profiling Standard –, which has been submitted to the World Wide Web Consortium — W3C, provides the users with a way to pre-package the personal registration information Web sites may require. At the same time, OPS lets users control when and how much of their personal profiles can be passed to a third party. OPS would have users fill out profiles and preference information in a standard that could be identified by a digital certificate (that would give a guarantee from a trusted third party that the person is really who they say they are). The standardized format and brand names associated with the profile forms would be incorporated, in the case of Netscape, into the Communicator browser. According to some specialists, OPS is an addition to rather than replacement for the intrusive cookie method of tracking user information.

Another project is the new W3C Platform for Privacy Preferences (P3) Project developed by the W3C. The P3 Project is a platform on which other technological, market and regulatory solutions can interoperate and build. The P3 prototype allows Web sites to easily describe their privacy practices as well as users to set policies about the collection and use of their personal data. A flexible ‘negotiation’ between the Web site’s practices and the user’s preferences allows service to offer the preferred level of service and data protection to the user. If there is a match, access to the site is seamless; otherwise the user is notified of the difference and is offered other access options to proceed. With P3, users can download ‘recommended’ settings established by organizations such as industry associations and consumer advocacy groups. According to some privacy specialists, P3 requires users to disclose privacy preferences when good privacy policies should provide meaningful information for users about Web site practices and not require users to disclose personal information.

Techniques to provide users with more information about privacy practices are also being developed. For instance, a number of companies and service operators have a privacy Icon which appears either when the user enters a site, or when the user starts to provide information. The Icon can either lead by hyper-link to a sophisticated service providing details of the company’s (service operator) data protection policies and a tick box(es) allowing the user to opt out of having his/her data used foe specific purposes, or the icon can lead to page referring the user, for example, to an address from which further details are available.

Another example is the development of services and branding techniques, which intend to provide, dear meaningful designations for privacy practices such as TRUSTe, formerly eTRUST.

The TRUSTe program will focus on addressing privacy issues concerning data collection on the Internet. With an emphasis on analysing consumer fears surrounding electronic commerce, the program will utilise Web site icons (trustmarks) to alert online consumers to the uses of their personal information.

To further consumer privacy the TRUSTe program will utilise a standardised method of informed consent. A branded system of ’trustmarks’ or logos, representing the Web site’s information privacy policy for users’ personal information, will alert consumers to how the information they reveal online will be used.

The three trustmarks will be:

No Exchange – no personally identifiable information is used by the site.
One-to-one Exchange is collected only for the site owner’s use.
Third Party Exchange – data is collected and provided to specified third parties but only with the user’s knowledge and consent.

The TRUSTe initiative was launched in July 1996 by the Electronic Frontier Foundation (EFF) and a group of pioneering Internet companies. CommerceNet and the EFF then partnered in October 1996 to move forward in implementing the initiative.

TRUSTe is a global, non-profit initiative to establish trust and confidence in electronic communication by creating an infrastructure to address online privacy issues. Comprised of premier members from the electronic commerce industry, the program assures consumer privacy through a progressive policy of informed consent utilising a branded system of ’trustmarks’, which represent a company’s online information privacy policy.

Finally, systems for implementing on-line E-mail Preference Services (EPS) or ‘E-mail Robinson Lists’ are also under consideration (EPS allow consumers who do not wish to receive e-mails to be excluded from lists, the common database used to register opt out demands being then used to clean marketing lists). As an example, a software package is being developed in the USA which would allow consumers to register on-line; would be secure from intruders, and yet user-friendly for industry to clean their E-mail marketing lists; and which could be serviced easily by the operator (the Direct Marketing Association (DMA-US)). A similar system will be developed in the United Kingdom, and it is planned that these two countries would then spearhead a Global Convention on EPS inviting other DMSs to join. Another proposal, which has yet to be fully considered by industry, comes from the UK data protection Registrar, which has suggested a mechanism enabling the consumers to indicate if they do not wish to be contacted be e-mail in their e-mail address. A universally agreed character (a marker) would indicate that the user does not want to receive any marketing solicitations. The user would also be free to make different choices: i.e. to use the marker when visiting one site and not to use it when visiting another. This system should be combined with others, such as the proposed E-mail Preference Service.

B. Key-recovery

Cryptography is a complex area, with scientific, technical, political, social, business, and economic dimensions.

For the purpose of this report, ‘key recovery’ systems are characterized by the presence of some mechanism for obtaining exceptional access to the plain text of encrypted traffic. Key recovery might serve a wide spectrum of access requirements, from a backup mechanism that ensures a business’ continued access to its own encrypted archive in the event keys are lost, to providing covert law enforcement access to wiretapped encrypted telephone conversations. Many of the costs, risks, and complexities inherent in the design, implementation, and operation of key recovery systems depend on the access requirements around which the system is designed.

We focus specifically on key recovery systems designed to meet government access specifications. These specifications diverge in important ways from the needs of commercial or individual encryption users:

Access without end-user knowledge or consent — Few commercial users need (or want) covert mechanisms to recover keys or plain text data they protect. On the contrary, business access rules are usually well known, and audit is a very important safeguard against fraud and error. Government specifications require mechanisms that circumvent this important security practice.

Ubiquitous adoption — Government seeks the use of key recovery for all encryption, regardless of whether there is benefit to the end-user or whether it makes sense in context. In fact, there is little or no demand for key recovery for many applications and users. For example, the commercial demand for recovery of encrypted communications is extremely limited, and the design and analysis of key recovery for certain kinds of communications protocols is especially difficult.

Fast paths to plain text — Law enforcement demands fast (near real-time), 24-hour-a-day, 365-day-a-year access to plain text, making it impossible to employ the full range of safeguards that could ameliorate some of the risks inherent in commercial key recovery systems.

Encryption and the global information infrastructure

The Global Information Infrastructure promises to revolutionize electronic commerce, reinvigorate government, and provide new and open access to the information society. Yet this promise cannot be achieved without information security and privacy. Without a secure and trusted infrastructure, companies and individuals will become increasingly reluctant to move their private business or personal information online.

The need for information security is widespread and touches all of us, whether users of information technology or not. Sensitive information of all kinds is increasingly finding its way into electronic form. Examples include:

Private personal and business communications, including telephone conversations, fax messages, and electronic mail;
Electronic funds and other financial transactions;
Sensitive business information and trade secrets;
Data used in the operation of critical infrastructure systems such as air traffic control, the telephone network or the power grid; and
Health records, personnel files, and other personal information.

Electronically managed information touches almost every aspect of daily life in modern society. This rising tide of important yet unsecured electronic data leaves our society increasingly vulnerable to curious neighbors, industrial spies, rogue nations, organized crime, and terrorist organizations.

Paradoxically, although the technology for managing and communicating electronic information is improving at a remarkable rate, this progress generally comes at the expense of intrinsic security. In general, as information technology improves and becomes faster, cheaper, and easier to use, it becomes less possible to control (or even identify) where sensitive data flows, where documents originated, or who is at the other end of the telephone. The basic communication infrastructure of our techniques more and more frequently will become the only visible approach to assuring the privacy and safety of sensitive information as these trends continue.

Encryption is an essential tool in providing security in the information age. Encryption is based on the use of mathematical procedures to scramble data so that it is extremely difficult — if not virtually impossible — for anyone other than authorized recipients to recover the original ‘plain text’. Properly implemented encryption allows sensitive information to be stored on insecure computers or transmitted across insecure networks. Only parties with the correct decryption ‘key’ (or keys) are able to recover the plain text information.

Highly secure encryption can be deployed relatively cheaply, and it is widely believed that encryption will be broad}y adopted and embedded in most electronic and communications products and applications for handling potentially valuable data. Applications of cryptography include protecting files from theft or unauthorized access, securing communications from interception, and enabling secure business transactions. Other cryptographic techniques can be used to guarantee that the contents of a file or message have not been altered (integrity), to establish the identity of a party (authentication), or to make legal commitments (non-repudiation).

In making information secure from unwanted eavesdropping, interception, and theft, strong encryption has an ancillary effect: it becomes more difficult for law enforcement to conduct certain kinds of surreptitious electronic surveillance (particularly wiretapping) against suspected criminals without the knowledge and assistance of the target. This difficulty is at the core of the debate over key recovery.

Key-Recovery: Requirements and proposals

The United States and other national governments have sought to prevent widespread use of cryptography unless ‘key recovery’ mechanisms guaranteeing law enforcement access to plain text are built into these systems. The requirements imposed by such government-driven key recovery systems are different from the features sought by encryption users, and ultimately impose substantial new risks and costs.

Key recovery encryption systems provide some form of access to plain text outside of the normal channel of encryption and decryption. Key recovery is sometimes also called ‘key escrow’. The term ‘escrow’ became popular in connection with the U.S. government’s Clipper Chip initiative, in which a master key to each encryption device was held ‘in escrow’ for release to law enforcement. Today the term ‘key recovery’ is used as generic term for these systems, encompassing the various ‘key escrow’, ’trusted third party’, ‘exceptional access’, ‘data recovery’, and ‘key recovery’ encryption systems introduced in recent years. Although there are differences between these systems, the distinctions are not critical for our purposes. In this report, the general term ‘key recovery’ is used in a broad sense, to refer to any system for assuring third-party (government) access to encrypted data.

Key recovery encryption systems work in a variety of ways. Early ‘key escrow’ proposals relied on the storage of private keys by the U. S. government, and more recently by designated private entities .

Other systems have ‘escrow agents’ or ‘key recovery agents’ that maintain the ability to recover the keys for a particular encrypted communication session or stored file; these systems require that such ‘session keys’ be encrypted with the key known by a recovery agent and included with the data. Some systems split the ability to recover keys among several agents.

Many interested parties have sought to draw sharp distinctions among the various key recovery proposals. It is certainly true that several new key recovery systems have emerged that they can be distinguished from the original ‘Clipper’ proposal by their methods of storing and recovering keys. However, our discussion takes a higher-level view of the basic requirements of the problem rather than the details of any particular scheme; it does not require a distinction between ‘key escrow’, ’trusted third-party’, and ‘key recovery’. All these systems share the essential elements that concern us for the purposes of this study:

A mechanism, external to the primary means of encryption and decryption, by which a third party can obtain covert access to the plain text of encrypted data.
The existence of a highly sensitive secret key (or collection of keys) that must be secured for an extended period of time.

Taken together, these elements encompass a system of ‘ubiquitous key recovery’ designed to meet law enforcement specifications. While some specific details may change, the basic requirements most likely will not: they are the essential requirements for any system that meets the stated objective of guaranteeing law enforcement agencies timely access, without user notice, to the plain text of encrypted communications traffic.

6. SURVEILLANCE TECHNOLOGY SYSTEMS IN LEGAL AND REGULATORY CONTEXT

As a conclusion from this present Interim Study is the principle that WE HAVE TO CONSIDER PRIVACY PROTECTION IN THE CONTEXT OF A GLOBAL NETWORKED SOCIETY. And when we speak about electronic privacy in the exchange of economic information, we are speaking about one single thing above all others: Electronic Commerce over the Internet.

A. Privacy regulation

Multinational data protection measures

Enactment of data protection laws by individual European nations has been paralleled and, in some cases anticipated, by multinational actions. In 1980 the Committee of Ministers of the Organization for Economic Cooperation and Development (OECD) issued Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (guidelines). The guidelines outline basic principles for both data protection and the free flow of information among countries that have laws conforming with the protection principles. The guidelines, however, have no blinding force and permit broad variation in national implementation.

One year after the OECD issued its guidelines, the Council of Europe promulgated a convention, For the Protection of Individuals with Regard to Automatic Processing of Personal Data. The convention, which took effect in 1985, is similar to the guidelines, although it focuses more on the importance of data protection to protect personal privacy. The convention specifies that data must be obtained and processed fairly; used and stored only for legal purposes; adequate, relevant, and not excessive in relation to the purpose for which they are processed; accurate and up-to-date; and stored no longer than necessary. The document gives individuals the right to inquire about the existence of data files concerning them; obtain a copy of that data; and have false or improperly processed data corrected or erased.

The convention requires each of the member countries (now twenty-six) to enact conforming national laws. By 1992, however, when debate over the more detailed European Union data protection directive, discussed below, overtook the convention, only ten countries — Austria, Denmark France, Germany, Ireland, Luxembourg, Norway, Spain Sweden and the United Kingdom — had ratified the convention, while eight — Belgium, Cyprus, Greece, Island, Italy, Netherlands, Portugal and Turkey — had signed without ratification. The Council of Europe subsequently urged all European Union member states to ratify and implement the convention when it endorsed the European Commission’s proposal for a data protection directive. By 1997, all of the fifteen EU member states (except Greece, which is currently considering a privacy bill) and Switzerland have national legislation consistent with the convention.

Nevertheless, the resulting protection for personal privacy is far from uniform, for at least three reasons. First, some of the national data protection legislation existed before the adoption of the convention. Second, the convention was not self-executing and therefore permitted each country to implement its national laws conforming to the government’s terms in very different ways. Finally, the convention did not include definitions for important terms, such as what constitutes an ‘adequate’ level of data protection; as result, member countries were left free to adopt their own, inconsistent definitions in their national legislation.

Data protection directive in Europe

Although, legal protection for a ‘right of privacy’ originated in the United States, Europe was the site of the first privacy legislation and has been the source of most comprehensive privacy regulation.

Europe is the site of the first privacy legislation, the earliest national privacy statute, and now the most comprehensive protection for information privacy in the world. That protection reflects on apparent consensus within Europe that privacy is a fundamental human right which few in any other rights equal. In the context of European history and civil law culture, that consensus makes possible extensive, detailed regulation of virtually all activities concerning ‘any information relating to an identified or identifiable natural person’. It is difficult to imagine a regulatory regime offering any greater protection to information privacy, or greater contrast to U.S. law.

As a result of the variation and uneven application among national laws permitted by both the guidelines and the convention, in July 1990 the commission of the then-European Community (EC) published a draft Council Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on Free Movement of Such Data The draft directive was part of the ambitious program by the countries of the European Union to create not merely the ‘common market’ and ‘economic and monetary union’ contemplated by the Treaty of Rome, but also the potential union embodied in the Treaty on European Union signed in 1992 in Maastricht.

The shift from economic to broad-based political union brought with it new attention to the protection of information privacy. On March 1 1, 1992, the European Parliament amended the commission’s proposal to eliminate the distinction in the 1990 draft between public and private sector data protection and then overwhelmingly approved the draft directive. On October 15, 1992, the commission issued its amended proposal; on February 20, 1995, the Council of Ministers adopted a Common Position with a View to Adopting Directive 95/46/EC of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data. The directive was formally approved on October 24, 1995, and took effect three years later.

Privacy regulation in the United States

The protection for the information privacy in the United States is disjoined, inconsistent, and limited by conflicting interests. There is no explicit constitutional guarantee of a right to privacy in the United States. Although the Supreme Court has fashioned a variety of rights out of the Bill of Rights and the Fourteenth Amendment, ‘information privacy’ has received little protection, primarily based on the Fourth and Fourteenth Amendments. In the Fourth Amendment arena, the Court has found constitutional violations when the police have searched for or seized records without a warrant or meeting one of the exceptions to the warrant requirement. The Court, however, has written that the Fourth Amendment privacy right has little application outside of the context of the investigation and prosecution of criminal activity. Moreover, this protection against such searches does not extend to information controlled by a third person. Under the Fourteenth Amendment, the Court has recognized a constitutional right restricting the government from compelling individuals to disclose certain personal information. This right protects only the interest of an individual in not disclosing certain information, and that right is evaluated under intermediate scrutiny, as opposed to the strict scrutiny required when fundamental rights are at stake

As with all constitutional rights, these apply only against the government, not private actors. The requirement for state action and the ‘negative’ nature of constitutional rights require only that the government refrain from taking actions that impermissibly invaded individuals’ information privacy rights, not that the government take steps to affirmatively protect those rights. The Constitution also requires, however, that the government avoid actions that infringe other rights enumerated therein, such as the protection for expression in the Fifth Amendment, the government cannot take private property, whether by physical occupation or extensive regulation, without according due process and paying just compensation to the owner.

Outside of the constitutional arena, protection for information privacy relies on hundreds of federal and state laws and regulations, each of which applies only to a specific category of information user (such as the government or retailers of videotapes), context (applying for credit or subscribing to cable television), type of information (criminal records or financial information), or use for that information (computer matching or impermissible discrimination). PrivacY laws in 49 the United States most often prohibit certain disclosures, rather than collection, use, or storage, of personal information. When those protections extend to the use of personal information, it is often as a by-product of legislative commitment to another goal, such as eliminating discrimination. And the role provided for the government in most U. S. privacy laws is often limited to providing a judicial form for resolving disputes.

Passage of the privacy provisions in the Cable Communications Policy Act, and recent passage of the Consumer Credit Reporting Reform Act and the CPNI provision of the Telecommunications Act, demonstrate that Congress can enact serious privacy protection, even if limited to narrow sectoral environments. The later two acts and the expanding debate in Washington over the privacy evince the growing attention to the development of laws and regulations to protect privacy.

However, as the limits and exceptions within existing privacy laws indicate, privacy protection in the United States is fundamentally in tension with other cherished values. The legal regulation of privacy is significantly influenced by the importance placed by society on the prevention of crime and prosecution of criminals, free expression and an investigatory press, the acquisition and use of property, and a limited role for government involvement in daily life. A comparison of the legal regimes of the EU and the United States suggests that the Europe privacy is more valued and less in conflict with other widely shared values.

B. Protection of Privacy in the telecommunications sector

Directive 97/66/EC of the European Parliament and the Council of the 15 December 1997 concerns the processing of personal data and the protection of privacy in the telecommunications sector.

This directive provides for the harmonisation of the provisions of the member states required to ensure an equivalent level of protection of fundamental rights and freedom, and in particular the right to privacy, with respect to the processing of personal data in the telecommunications sector and to ensure the free movement of such data and telecommunications equipment and services in the Community.

The provision of this directive particularises and complements the directive 95/46/EC for the purpose mentioned above. Moreover they provide for protection and legitimate interests of subscribers who are legal persons.

This directive shall not apply to the activities which fall outside the scope of Community law, such as those provided for by titles V and VI of the treaty on European Union, and in any case to activities concerning public security, defence, state security (including the economic well being of the state when the activities relate to state security matters) and the activities of the state in areas of criminal law.

C. Cryptography

Cryptography policy in USA

It is part of the strategy to ensure that police and intelligence agencies could understand every communication they intercepted.

They attempted to impede the development of cryptography and other security measures, fearing that these technologies would reduce their ability to monitor the emissions of foreign governments and to investigate crime.

A survey by the Global Internet Liberty Campaign (GILC) found that most countries either rejected domestic controls or not addressed the issue at all. The GILC found that many countries, large and small, industrialised and developing, seem to be ambivalent about the need to control encryption technology.

The FBI and the National Security Agency (NSA) have instigated efforts to restrict the availability of encryption world-wide, in the early 1970s, the NSA’s pretext was that encryption technology was ‘born classified’ and, therefore, it dissemination fell into the same category as the diffusion of A-bomb materials. The debate went underground until 1993 when the US launched the Clipper Chip, an encryption device designed for inclusion in consumer products. The Clipper Chip offered the required privacy, but the government would remain a ‘pass- key’ — anything encrypted with the chip could be read by government agencies.

Behind the scenes, law enforcement and intelligence agencies were pushing hard for a ban on other forms of encryption. In a February 1993 document, obtained by the Electronic Privacy Information Centre (EPIC), recommended ‘Technical solutions, such as they are, will only work if they are incorporated into all encryption products. To ensure that this occurs, legislation mandating the use of government-approved encryption products, or adherence to government encryption criteria’. The Clipper Chip was widely criticised by industry, public interest groups, scientific societies and the public and, though it was officially adopted, only a few were ever sold or used.

From 1994 onwards, USA began to woo private companies to develop an encryption system that would provide access to keys by government agencies. Under the proposals — variously known as ‘key recovery’ or ’trusted third parties’ — the key would be held by a corporation, not a government agency, and would be designed by the private sector, not the NSA. The systems, however, still entitled the assumption of guaranteed access to the intelligence community and so proved as controversial used export incentives to encourage companies to adopt key escrow products: they could export stronger encryptions but only if they ensured that intelligence agencies had access to the keys.

Under US law, computer software and hardware cannot be exported if it contains encryption that the NSA cannot break. The regulations stymie the availability of encryption in the USA because companies are reluctant to develop two separate product lines – one, with strong encryption, for domestic use and another, with weak encryption, for the international market. Several cases are pending in the US courts on the constitutionality of export controls; a federal court recently ruled that they violate free speech rights under the First Amendment.

The FBI has not let up on efforts to ban products on which it cannot eavesdrop. In mid-1997, it introduced legislation to mandate that key-recovery systems be built into all computer systems. Several congressional committees adopted the amendment but the Senate preferred a weaker variant. A concerted campaign by computer, telephone and privacy groups finally stopped the proposal; it now appears that no legislation will be enacted in the current Congress.

Cryptography policy guidelines from OECD

The organisation for Economic Co-operation and Development in 1997 issued a report on cryptography policy entitled: CRYPTOGRAPHY POLICY: THE GUIDELINES AND THE ISSUES (OCOE / GD (97) 204). The basic principles (each of which addresses an important policy concern) are independent and should be considered as a whole so as to balance the various interests. The principles are:

Trust in cryptographic methods: Users should be trustworthy in order to generate confidence in the use of information and commercial data.
Choice of Cryptographic methods: Users should have a right to choose any cryptographic method, subject to applicable law.
Market driven development of cryptographic methods: Cryptographic methods should be developed in response to the needs, demands and responsibilities of individuals, business and governments.
Standards for cryptographic methods: Technical standards, criteria and protocols for cryptographic methods should be developed and promulgated at the national and international law.
Protection of privacy and Personal data: the fundamental rights of individuals, to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptographic methods.
Lawful access: National cryptography policies may allow lawful access to plain text, or cryptographic keys, of encrypted data. These policies must respect the other principles contained in the guidelines to the greatest extent possible.
Liability: whether established by contract on legislation, the liability of individuals and entities that offer cryptographic services or hold or access cryptographic keys should be clearly stated.
International co-operation: Governments should cooperate to coordinate cryptography policies. As part of this effort, governments should remove, or avoid creating in the name of cryptography policy, unjustified obstacles to trade.

Given the role of cryptography in the information and communications infrastructure and in developing electronic commerce, cryptography policy has the broader perspective to overlap with economic, legal and political aspects of a number of information systems, protection of privacy and personal data and intellectual property protection.

E.U. cryptography policy

Led by the Germany and the Scandinavians, the EU has been generally distrustful of key escrow technology. In October 1997, the European Commission released a report entitled: ‘Towards a European Framework of Digital Signatures and Encryption’, ensuring security and trust in electronic communications (COM (97)503 final) which advised: ‘Restricting the use of encryption could well prevent law-abiding companies and citizens from protecting themselves against criminal attacks. It would not, however, totally prevent criminals from using these technologies’. The report noted that ‘privacy considerations suggest limit the use of cryptography as a means to ensure data security and confidentiality’.

Some European countries have or are contemplating independent restrictions. France had a longstanding ban on the use of any cryptography to which the government does not have access. However, a 1996 law, modifying the existing system, allows a system of tiers du confidence, although it has not been implemented because of EU opposition. In 1997, the Conservative government in the UK introduced a proposal creating a system of trusted third parties. It was severely criticised at the time and by the new Labour government, which has not yet acted upon its predecessor’s recommendations.

0 The debate over encryption and the conflicting demands of security and privacy are bound to continue. The commercial future of the Internet depends on a universally-accepted and foolproof method of on-line identifications; as of now, the only means of providing it is through strong encryption. This put the US government and some of the world’s largest corporations, notably Microsoft, on a collision course.

Other national and international activities related to cryptography policy

Cryptographic products and technologies have historically been subject to export controls. The current basis for export controls in the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (agreed on 13 July 1996), which includes cryptography products on its control lists for export. The Agreement is implemented in national regulations. Regulation [(EC) 3381/94] and Decision [94/942/PESC] of the Council of the European Union of 19 December 1994 on the control of the export of dual-use goods are also applicable to the export of cryptographic products.

The Council of Europe has developed considerable resources to studying the subject of computer-related crime, issuing the Recommendation [R(95)13] of the Council of Europe of 11 September 1995 concerning problems of criminal procedural law connected with information technology, and is considering suggesting an international convention to address the issue. Such a convention could address matters such as exchange of information among government agencies in case involving the use of cryptography.

At the G7 Summit meeting on anti-terrorism in July 1996, G7 governments announced that consultations would be accelerated, ‘in appropriate bilateral or multilateral for a, on the use of encryption that allows, when necessary, lawful government access to data and communication in order, inter alia, to prevent or investigate acts of terrorism, while protecting the privacy of legitimate communications’.

In May 1996 the US National Research Council’s Computer Science and Telecommunications Board published the report ‘Cryptography’s Role in Securing the Information Society’. This interagency study assesses the effect of cryptographic technologies on US national security, law enforcement, commercial and privacy interests, and reviews the impact of export controls on cryptographic technologies. This authoritative report provides a comprehensive review of the cryptography policy issues faced by the US Government.

C. Key recovery

As of mid-1998 a wide range of government, industry, and academic efforts toward specifying, prototyping, and standardising key recovery system that meet government specifications have been implemented. Some of industry’s efforts were stimulated by U.S. government policies that offer more favorable export treatment to companies that commit to designing key recovery features into the future products, and by U.K. government moves to link the licensing of certification authorities to the use of key recovery software.

Yet despite these incentives, and the intense interest and effort by research and development teams, neither industry nor government has yet produced a key recovery architecture that universally satisfies both the demands of government and the security and cost requirements of encryption users.

The commercial key recovery products in existence today do not reconcile the conflict between commercial requirements and government specifications. In the absence of government pressure, commercial key recovery features are by their nature of interest primarily to business operations willing to pay a significant premium to ensure continued access to stored data maintained only in applications of encryption (such as communication traffic) are known in advance not to require recoverability and therefore would not be designed to use a key recovery system.

Another problem is that the most secure and economical commercial key recovery do not support the real-time, third-party, covert access sought by governments in order to support surveillance. In particular, ‘self-escrow’ by an individual does not meet government access demands. The third-party nature and global reach implied by these government demands make key recovery systems a much more difficult, expensive, and risky proposition than a facility for internal, off-line recovery in business enterprise. For example, most organizations keep backups in the form of plain text on magnetic media in physically protected premises. Similarly, organizations that keep encrypted data might naturally be best served by storing backup keys in a bank safe deposit box. A requirement for near-real-time access would preclude this approach, however prudent or appropriate.

Any access-time requirement carries with it special risks. In particular, some sort of network technology will generally be required. Such a network, which must link a large number of law enforcement agencies with different key recovery centers, would be extraordinarily difficult to secure. The current attention in the U.S. on the problem of securing critical infrastructure, such as telephone networks, power grids, national banking networks and air traffic control systems, underscores the problem of managing risk in key recovery. The system that support critical infrastructure, which are increasingly reliant on open networks and information systems, are among the most important current and future applications of cryptography. The complexity and increased risk introduced with key recovery would make critical infrastructure protected by cryptography more vulnerable to the kinds of sophisticated attackers that pose the most serious threats to these systems.

Government specifications for key recovery systems for export approval are focused on the easier problem of ensuring that keys are recoverable when authorized. They do not address or give techniques for the far harder problem of ensuring against unauthorized disclosure of data. The design and construction of prototype key recovery systems that satisfy government specifications for export, therefore, are not sufficient to demonstrate that these systems can be operated securely, in an economical manner, on a large scale, or without introducing unacceptable new risks. Any assessment of a proposed system must take into account a broad range of design, implementation, operation, and policy considerations.

As of mid-1998, we are aware of no key recovery proposals that have undergone analysis of the kind required. On the other hand, as our report notes, there are compelling reasons to believe that, given the state of the art in cryptography and secure systems engineering, government-access key recovery is not compatible with large scale, economical, secure cryptography systems.

D. European Initiatives

DLM-FORUM — Electronic Records

The first multidisciplinary European DLM-Forum (DLM-Forum’96) on electronic records which took place in Brussels between the 18th and 20th December 1996 was a major event in the investigation of possibilities for wider co-operation in this area both between Member States and at Community level. It was initiated by the experts’ report Archives in the European Union (Report of the Group of Experts on the Coordination of Archives. Brussels – Luxembourg: OPOCE 1994) and confirmed by the EU-Council Conclusions of June 1994 (94/C 235/03).

Organised by the European Commission in close co-operation with the EU member states it hosted more than 300 experts and decision-makers from public administration, archives, industry (hard- and software suppliers) and research. The multidisciplinary approach and the aim to publish guidelines on machine readable data as a concrete result as well as the high quality of the presentations were the attractions that turned this inaugural event into a European forum of international interest in the field of electronic records administration and storage. Participants came from all the EU member states, from other European countries (including the Russian Federation and Poland), as well as from Canada and the USA.

First reviews that have been published by specialised journals are unanimously enthusiastic. The forum’s success owed a lot to the Programme Committee’s preparations and should also be attributed to the undivided and continuous support of the Irish and Dutch presidencies of the EU-Council.

The forum was opened by the Secretary General of the European Commission, David Williamson who emphasised that archives, including increasingly electronic documents, are our collective memory and how important it is to retain that memory and to insure that it remains accessible in the future. In their keynote addresses the Deputy Director General of the Directorate General for Science, Research and Development, Hendrik Tent and the Permanent Representative of Ireland to the European Union, H.E. Ambassador Denis O’Leary laid out the political and technical framework of the DLM-Forum’96. Mr Tent described the importance of the forum with respect to innovation in the digital era and the Commission’s approach towards this challenge. Mr O’Leary stressed the role of archives in our society and the citizens’ right of access to information. In his closing speech the Head of Commissioner Bangemann’s Cabinet, Paul Weissenberg, pointed to the importance of electronic archives in the European Union’s concept of the Information Society as set out in the Bangemann report and subsequent documents. He stressed the necessity of concrete measures as an immediate consequence to the DLM-Forum.

The ‘life-cycle’-concept of electronic records guided the three parallel sessions. Thus the speakers in those sessions reflected on electronic documents in the different phases of their administrative life. The multitude of topics ranged from discussions of norms and standards for data interchange to the presentation of new electronic storage material. Surveys on the ‘state of the art’ in Europe completed this first interdisciplinary approach to retaining the collective memory of the Information Society.

It was the balance between working sessions and spontaneous and informal discussions outside those sessions that produced a most agreeable working atmosphere in which experts’ debates led to the kind of mutual understanding and the establishment of personal ties and relations needed to solve problems that concern all the disciplines represented at the forum. Thus the catalyst effect, which was hoped for, was achieved: experts from industry and research became sensitive to the concerns of archives and administrations.

The forum will lead, as foreseen, to amendments to the first draft of multidisciplinary guidelines Best practices for using Machine Readable Data which had been distributed to the participants.

Furthermore a document for follow-up measures, the so-called ’10 points’, was agreed on by the participants. One major topic for follow-up activities is the establishment of national focal points to improve co-ordination and networking and to establish functional requirements for electronic records management in the public and private sectors. Another topic concerns the urge for establishing training programmes for archivists and administrators.

In a world of continuous and rapid change modern archives services are an element of continuity, stability and a solid base for essential information and indispensable records. Modern management in public and private institutions has to be dynamic, active and innovative, and above all has to cover the entire continuum of the life of documents. ‘The DLM-Forum’96 demonstrated that the issues posed by the preservation and re-use of electronic records are central not only to the work of archivists, but also form the cornerstone of future economic growth and development within the European Union.’ as Seamus Ross points out in his presentation. In short: the problem of preserving electronic records concerns even more people and areas than have been covered by the forum’s participants. Further activities should include among others legal advisors, system designers and application developers, auditors and insurance providers. Contacts with existing working groups (e.g. the European Commission’s Legal Advisory Board for the information market) have to be established or intensified. A first step to co-ordinate these activities is the installation of the DLM-Monitoring Committee in April 1997.

Promoting safe Use of Internet

To prevent illegal and harmful content being distributed on the Internet the European Commission is promoting initiatives which are aimed at increasing the general awareness among parents, teachers, public sector and the information industry about how to deal with the issue in practical terms.

This action accompanies the Green Paper on Protection of Minors and Human Dignity in Audiovisual and Information Services, the Communication on Illegal and Harmful Content on the Internet, and the Action plan on promoting safe use of the Internet.

REFERENCES

1. STOA, PE 166499: “An appraisal of technologies of political control”, 1998.

2. R. Clarke: Dataveillance: Delivering “1984”, Xamax Consultancy Pty Ltd, February 1993.

3. R. Clarke: Introduction to Dataveillance and Information Privacy and Definitions of Terms, Xamax Consultancy Pty Ltd, October 1998.

4. R. Clarke: A Future Trace on Dataveillance: Trends in the Anti-Utopial Science Fiction Genre, Xamax Consultancy Pty Ltd. March 1993.

5. T. Dixon: Workplace video surveillance – controls sought, Privacy law and Policy Reporter, 2 PLPR 141, l995.

6. T. Dixon: Privacy charter sets new benchmark in privacy protection, Privacy law and Policy Reporter, 2 PLPR 41. 1995.

7. D. Banisar and S. Davies: The code war, Index online, News Analysis, issue 1998.

8. T. Lesce: They’re Watching You! The Age of Surveillance, Breakout Productions, 1998.

9. W.G. Staples: The Culture of Surveillance, St. Martin’s Press, 1997.

10. D. Lyon and E. Zureik: Computers, Surveillance and privacy, University of Minnesota Press, 1996.

11. D. Lyon: The Electronic Eye – The rise of Surveillance Society, University of Minnesota Press. 1994.

12. F.H. Cate: privacy in the Information Age, Brookings Institution Press, 1997.

13. P. Brookes: Electronic Surveillance Devices, Newnes, 1998.

14. O.E.C.D.: Privacy Protection in a Global Networked Society, DSTI/ICCPAREG(98)5/FINAL, July 1998.

15. O.E.C.D.: Implementing the OECD “Privacy Guidelines” in the Electronic Environment: Focus on the Internet, DSTI/ICCP/REG(97)6/FINAL, September 1998.

16. O.E.C.D.: Cryptography policy: The Guidelines and the issues, OCDE/GD(97)204, 1997.

17. Report By an Ad Hoc Group of Cryptographers and Computer Scientists: The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption, 1998.

18. COM(98) 586 final: Legal framework for the Development of electronic Commerce.

19. COM(98) 297 final: Proposal for a European Parliament and Council Directive on a common framework for electronic signatures, OJ C325, 23/10/98.

20. A. Troye-Walker, European Commission: Electronic Commerce: EU policies and SMEs, August 1998.

21. COM(97) 503 final: Ensuring security and trust in electronic communications – Towards a European Framework for Digital Signatures and Encryption.

22. Directive 97/7/EC of the European Parliament and the Council of May 1997 on the protection of Consumers in respect of Distance Contracts. OJ L 144. 14/6/1997.

23. ISPO: Electronic Commerce – Legal Aspects. http://www.ispo.cec.be .

24. Privacy International: http://www.privacy.org .

25. Newton and Mike: Picturing the future of CCTV, Security Management, November 1994.

26. Gips and A. Michael: Tie Spy, Security Management, November 1996.

27. Clarke and Barry: Get Carded With Confidence, Security Management, November 1994.

28. Horowitz and Richard: The Low Down on Dirty Money, Security Management, October 1997.

29. Cellular E-911 Technology Gets Passing Grade in NJ Tests, Law Enforcement News, July – August 1997.

30. Shannon and Elaine: Reach Out and Waste Someone, Time Digital, July August 1997.

31. Thompson, Army, Harowitz, and Sherry: Taking a Reading on E-mail Policy, Security Management, November 1996.

32. Trickey and L. Fried: E-mail Policy by the Letter, Security Management, April 1996.

33. Net Proceeds, Law Enforcement News, January 1997.

34. Burrell, and Cassandra: Lawmen Seek Key to Computer Criminals, Associated Press, July 10, 1997, Albuquerque Journal.

35. Gips and A. Michael: Security Anchors CNN, Security Management, September 1996.

36. Bowman and J. Eric: Security Tools up for the Future, Security Management, January 1996.

37. E. Alderman and C. Kennedy: The right to Privacy, Knopf 1995.

38. Bennet and J. Colin: Regulating Privacy — Data protection and public Policy in Europe and the United States, Cornell University Press, 1992

39. BeVier and R Lillian: Information about Individuals in the Hands of Government — Some reflections on Mechanisms for Privacy Protection, William and Mary Bill of Rights Journal 4, Winter 1995.

40. Branscomb and A. Well: Who owns Information? From Privacy to Public Access, Basic Books 1994

41. Branscomp: Global Governance of Global Networks, Indiana Journal of Global Legal studies, Spring 1994.

42. Network Wizards, Internet Domain Survey, January 1997, http://www.nw.com/zone/WWW/report.html .

43. Network Wizards, Internet Domain Survey, January 1997, http://nw.com/zone/WWW/lisybynum.html .

44. Simon Davis: report, December 1997, http://www.telegraph.co.uk .

45. Francis S. Chlapowski: The Constitutional Protection of Information Privacy: Boston University Law Review, January 1991.

46. Ibid., p. 35.

47. Ibid., p. 45.

48. Ibid., p. 48.

49. Ibid., p. 57

50. Ibid., p. 82.

51. Ibid., p. 276.

52. Ibid., p. 267.

53. J. Guisnel: Guerres dans le cyberspace, Editions la decouverte, 1995.

54. http://www.dis.org .

55. http://www.telegraph.co.uk .

STOA PROGRAMME

European Parliament
Directorate-General for Research
Directorate A
SCH 4/61

L-2929 Luxembourg

Tel: +352 4300 22511
Fax:+352 4300 22418
rholdsworth@europarl.eu.int

LEO 6 D46
Rue Wiertz 60
B-1047 Bruxelles

Tel: +32 2 284 3962
Fax:+32 2 284 9059
msosa@europarl.eu.int

Digitization and HTML by JYA/Urban Deadline.

FORMER CIA DIRECTOR WOOLSEY DELIVERS REMARKS AT FOREIGN PRESS CENTER

SPEAKER: JAMES WOOLSEY, FORMER DIRECTOR, CIA

(+)

WOOLSEY: Let me just informally say one or two things.

First of all, I am five years out of office, and so much of what I say is — indeed virtually all of it is heavily governed by my views and practices when I was DCI. I do continue to hold security clearances and confer with the government from time to time, but I am not up to speed on things like current intelligence operations, and if I were, I wouldn’t talk to you about them anyway.

I do have, however, a set of views about this set of issues and they were ones that I expressed in rather substantially the same terms when I was DCI that I’m going to express today. But in the context of the [European Parliament, Duncan] Campbell report and the current European interest, particularly in the overall subject of alleged American industrial espionage, I thought it was a perfectly reasonable thing to respond to the State Department’s request that I be available to answer your questions.

If you look at the Aspin-Brown Commission report of some four years ago, chaired by the late former secretary of defense and chairman of the House Armed Services Committee, Les Aspin, it states quite clearly that the United States does not engage in industrial espionage in the sense of collecting or even sorting intelligence that it collects overseas for the benefit of and to be given to American corporations. And although he does so with a double negative, Mr. Campbell essentially confirms that in his report.

In the Campbell report there are only two cases mentioned in which, allegedly, American intelligence some years — several years ago obtained information — secret information regarding foreign corporations. One deals with Thomson-CSF in Brazil, one deals with Airbus in Saudi Arabia.

Mr. Campbell’s summation of those issues in one case is five lines long, in the other case it’s six lines long, and he is intellectually honest enough that in both cases he devotes one line in each to the fact that the subject of American intelligence collection was bribery. That’s correct. Not technological capabilities, not how to design wing struts, but bribery. And it is impossible to understand American intelligence collection, for my period of time anyway, with respect to foreign corporations and foreign government who sometimes assist them without realizing that that issue is front and center.

Now, the Aspin-Brown Commission also said that approximately 95 percent of U.S. intelligence collection with respect to economic matters, which itself is only one of a reasonable number of U.S. intelligence targets — but with respect to economic matters, 95 percent of our intelligence collection is from open sources. Five percent is essentially secrets that we steal. We steal secrets with espionage, with communications, with reconnaissance satellites.

Why do we focus, even to that 5 percent degree, on foreign corporations and foreign governments’ assistance to them in the economic area? It is not to provide secrets — technological secrets to American industry.

In the first place, in a number of these areas, if I may be blunt, American industry is technologically the world leader. It is not universally true. There are some ares of technology where American industry is behind those of companies in other countries. But by and large American companies have no need nor interest in stealing foreign technology in order to stay ahead.

Why then do we or have we in the past from time to time targeted foreign corporations and government assistance to them?

WOOLSEY: There are really three main areas. One is that, with respect to countries that are under sanctions — Libya, Serbia, Iraq and the rest — important economic activity is sometimes hidden and it is important for the U.S. government to understand how sanctions are functioning, if they’re functioning successfully, whether Iraq is able to smuggle oil out and if so how much, how Mr. Milosevic does his country’s banking and so on.

Those types of sanctions-related subjects and economics are the subject of efforts by the United States to steal secrets by various methods — have been in the past.

Second, with respect to dual-use technology, there are some legitimate products, a number of types of chemicals that are useful in pharmaceuticals and in fertilizers and the like, super-computers are useful for predicting the weather and other purposes, that also have use in designing or producing weapons of mass destruction. So particularly where there are efforts around the world to hide the transportation and sale of certain types of materiel and products that can be used in the production of weapons of mass destruction, yes, there is a big incentive and an important reason why the United States government has in the past felt it important to steal secrets.

The third area is bribery. We have the Foreign Corrupt Practices Act. It is a statute under which I have practiced as a lawyer. I have done investigations of major American companies on behalf of their boards of directors to detect Foreign Corrupt Practices Act violations. I have sat as a board member of American publicly owned corporations and questioned management about whether there had been any foreign corrupt practices.

It is a vigorously enforced statute and an important one. And as a result of it, American industry is again not perfect, but as a general proposition it does not try and certainly does not succeed in winning contracts and international commerce by bribery.

This is not true of the practices of some of our friends and allies and some of our adversaries around the world. Some of our oldest friends and allies have a national culture and a national practice such that bribery is an important part of the way they try to do business in international commerce.

We have spied on that in the past. I hope, although I have no immediate verification, that the United States government continues to spy on bribery.

But whether it does or not, it seems to me that it should be understandable to anyone who reads the Campbell report, to anyone who thinks at all about whether American corporations need to steal technological secrets from foreign corporations, and anyone who is at all sophisticated about the way international trade and commerce works, that bribery is — or should be in any case and certainly was in my time at the heart of U.S. intelligence’s need to collect secret intelligence regarding foreign corporations and foreign governments’ assistance to them.

And with that I’m prepared to take your questions.

MODERATOR: OK, it’s fairly crowded today. Please wait for the microphone, identify yourself and your news organization. We will go right up here in the front.

Yes, we might as well start.

QUESTION: Then I take it that all the hubbub from Brussels and the European parliament with accusations that the NSA is being fed this information, all that is false?

WOOLSEY: Well, in far as the hubbub in Europe and in Brussels doesn’t mention that if there is any targeting of European corporations, if the past is any guide, it’s likely to be about bribery, then the journalists who are reporting it are hiding the ball. Because Mr. Campbell himself makes it quite clear, in both of the cases he mentions, that bribery is the issue.

So if people are inventing out of whole cloth in spite of what’s said in the Aspin-Brown report, in spite of what I said when I was DCI, as far as I know, I believe what is being said publicly and officially on the record by the U.S. government today, that the United States does not conduct industrial espionage, it doesn’t steal secrets of foreign companies to give them to American companies for purposes of competitions and so forth — if the hubbub in Brussels ignores that, then those who are creating the hubbub are intentionally looking away from the major issue.

WOOLSEY: If this were Shakespeare’s “Hamlet,” to discuss the issue without talking about bribery, is like talking about it without talking about the prince of Denmark. It’s the central thing.

QUESTION: Mr. Woolsey, in spite of all that you said, it seems to me that espionage per se was two kinds — the Cold War kind, which you do against your political and ideological adversaries, and the industrial kind that you’re talking about.

Now there’s a general feeling throughout the world, that this industrial espionage is sort of open house, and everybody does it to everybody else. And there have been some reports of American agents being expelled from Germany, or France, or somewhere.

So in spite of all that, you’re saying except for bribery, the United States is not doing it at all.

WOOLSEY: The other two areas — at least in my time — that we thought were quite important to follow, I did mention. One has to do with sanctions. If companies in countries that are friends and allies of the United States are busting sanctions by what they’re selling to a country like Libya or Iraq, that might be the subject of secret collection. If there are efforts to hide the sales of dual-use technology that can be used with respect to weapons of mass destruction.

But I generally — and I think most of us who talk about this issue — reserve the term industrial espionage to mean espionage for the direct benefit of an industry. That is, I don’t call it industrial espionage if the United States spies on a European corporation to find out if it is bribing its way to contracts in Asia or Latin America that it can’t win honestly.

I would — and especially when it is not the practice of the U.S. government — it certainly didn’t occur in my time, and I’m not aware that it ever has — that the U.S. government gives this information about bribery, when we find it, to an American company. That’s not what happens. The information about bribery is not given to the American corporation that may be the victim.

What happens is that the State Department is informed, and then an ambassador, or in some substantial cases perhaps a very senior official in the State Department, goes to the country where the government official is being bribed, and says, You know, we really don’t — we know about this, and we really don’t think this is the way you ought to make decisions about awarding contracts.

Now what then typically happens, is that the contract award either is made on the merits — sometimes an American company wins, sometimes not. Or sometimes the host government will split the contract. And the American company, if it wins all or a share of it, doesn’t know that the reason it won was because the U.S. government uncovered bribery and went to the host government, and said, We don’t think you should be engaged in awarding contracts this way. But I don’t call that industrial espionage.

So in the post-Cold War era, how big a focus is this sort of thing for the United States? I’d say it’s rather modest, in the overall model — at least in my time as DCI — of our intelligence — of our secret intelligence collection.

Economic intelligence is important, but as I said, it’s about 95 percent from open sources. What our major focus is, is on rogue states, weapons of mass destruction, whether Russia is going to turn into a non-democratic country. We focus on major issues that could directly affect the security of the whole country.

But there is some increased emphasis on economics — 95 percent of it from open sources. The part that’s from covert sources is as I described.

QUESTION: You answered part of my question with your statement just now that, if in fact, U.S. intelligence were to uncover attempts at bribery by a corporation from another country, they would not inform the U.S. corporation.

But while we’re on, sort of the issue of process, presumably U.S. intelligence inadvertently perhaps, runs across technologically interesting information — technologically valuable information — even in the course of investigations predicated on the three areas that you laid out — technologically valuable information that would be commercially useful. What happens to that information? Does it sit mouldering on a shelf, or is there a means by which that information does wind up in the hands, either of U.S. government corporations, or U.S. corporations?

WOOLSEY: I don’t think so, realistically. Given the fact that the problem for the U.S. intelligence community is that there’s a great deal of data that goes unanalyzed — the problem is sorting through all this material. It is a substantial commitment of time and effort to devote an able analyst to sorting something out. And in the important high-tech areas — computers, telecommunications, software, and the like — these are areas — again, I don’t want to sound nationalistic about this. But bluntly, these are areas in which the United States is the world leader.

And it is — it would be a substantial misuse, I think, of the time of valuable analysts to go through technological analysis of material from other trading countries, you know, that we have cordial relations with, and deal with all the time, and where there’s a great deal out in the open anyway, in order to do an analytical piece that can’t be given to anybody. I mean, it could not be given to an American corporation.

There’s a separate problem here, which is, what’s an American corporation? Is it a company that’s headquartered in New York, but does most of its manufacturing in Canada — an American corporation? Is it a Canadian corporation that manufactures largely in Kentucky? Who knows. We have a terrible time sorting this sort of thing out in trade issues, generally. And it’s just a morass that the U.S. intelligence community has no particular instinct or reason to get into.

And so, can one absolutely guarantee that nothing is ever leaked, that shouldn’t have leaked? I suppose one can never absolutely guarantee anything. But would, in the normal routine business, somebody do a technological analysis of something from a friendly country, which had no importance, other than a commercial use, and then let it sit on the shelf because it couldn’t be given to the American company? I think that would be a misuse of the community’s resources. I don’t think it would be done.

QUESTION: There was a specific case which involved a radar system that was installed in Brazil, and involving a European company and an American company. Both companies found out what the government had found out, that the European company was trying to bribe the Brazilian companies…

WOOLSEY: Is this the Thompsen C.S.F. case…

QUESTION: Yes.

WOOLSEY: … in the report?

QUESTION: Yes. I have two questions on that. One is, if you are spying on a company because you think it might be bribing its way to a contract, you can — in this case for example, everyone knew exactly what technology was being sold. So, it isn’t like that you have to get a special analyst to analyze the system, because everyone knew exactly it was radar system.

So going back to Paul’s question. In the case — knowing that you’re analyzing radars, if you did have some information that, let’s say the European company had a special system, or something, would that just sit on a shelf? That’s one thing.

And the other thing is, could you use that — if you pass some information to the State Department, but it could be used in commercial negotiations, like let’s say you’re spying on companies or something.

QUESTION: And then you find out that in a WTO negotiation or a WTO panel something will come up related to that that still is information that can be used by the government commercially or not.

WOOLSEY: I can’t exclude the possibility that at times in the past, information that would come to the attention of the U.S. intelligence community would be used in a circumstance like the second one you mentioned, for U.S. government purpose. Something like that would not be the focus of collection or the focus of even the sorting of intelligence. But it’s just too far down the food chain of interests, frankly.

But I think the — you can’t exclude the possibility that if a report including information about something technological were disseminated inside the United States government, it would be used for a government-wide purpose by someone who knew about it in the State Department or elsewhere.

What wouldn’t be done, is that it wouldn’t be given to the American company in question. But intelligence community’s main problem over the course of the last several years has been that as the Cold War has ended, it’s relatively speaking, its resources are insufficient in its eyes and in mine to do a lot of what is necessary. I’ve often said that it’s as if we were fighting with a dragon for some 45 years and slew the dragon and then found ourselves in a jungle full of a number of poisonous snakes. And that in many ways, the snakes are a lot harder to keep track of than the dragon ever was. The snakes are rogue states and terrorists and the like. We have now six or eight major issues we have to watch instead of just the workings of the Soviet Union and its various manifestations in the world.

And that has meant that on these crucial issues for U.S. intelligence, rogue states, weapons of mass destruction, terrorism, narcotics smuggling, the community has found itself very strapped. And you know, to spend time trying to figure out whether some technological fact about some friendly country’s part of their technology is relevant to some trade negotiation is — got to be something — I can’t believe anybody would be focusing on or spending any time on.

MODERATOR: OK, let’s start from the back and we’ll work our way forward.

QUESTION: I have a question about a definition. If the American company hires a local consultant in China, or Brazil or Afghanistan, who bribes at his own expense and his own account with or without knowledge of the American company, and he pays bribes. Is that as far as you are concerned, is that bribery or it is not?

WOOLSEY: It probably depends on the facts. But if the American employer had reason to believe from the past behavior of this individual or from the overall circumstances or from his expenses or from the fact that an award was given that didn’t seem understandable or justified by the bids, if for any reason, the American employer including a foreign individual who was directly employed by the United States, the gut (ph) company, had reason to believe that a bribe had occurred, it would be a violation of the Foreign Corrupt Practices Act. This is the sort of thing — there are things under the FCPA called red flags.

There’s a rather long list of behavior and circumstances which should raise suspicions. And the American companies and their boards of directors, are charged not just to report to the SEC or the Justice Department when they clearly and definitely know that someone overseas has been bribed. They are charged with conducting investigations and being on top of what all of their commercial agents and the like are doing. It’s a very demanding statute.

QUESTION: My question is not about industrial espionage specifically. I hope that’s all right. Sorry, Charlie.

There was a report in the New York Times a few weeks ago that said the Jordanian secret service had surpassed the Mossad, the Israeli Mossad in terms of how much they helped the U.S. in fighting terrorists and things like that. And I’m wondering if you could speak at all about how much — and that in fact, even in Jordan that the U.S. identifies its spies to the Jordanian government, a practice it doesn’t do in other places. So I was wondering if you would comment on that.

But also, if you could describe in any way how much the Israeli intelligence service and the U.S. intelligence service work together in terms of even finding out things about Iraq and weapons of mass destruction and those kinds of things.

WOOLSEY: Even if I were current — and I have not been current on this subject for the last five years since I left the government — I wouldn’t answer that question. I will say this. Both Jordan and Israel have very fine intelligence services. Both countries are friends of the United States. The countries under a lot of circumstances today are friends of one another. And a number of friendly countries in the Mideast cooperate with intelligence and otherwise, in dealing with rogue states and aggressive states in the Mideast. And I would certainly count Iraq as first and foremost in that later category.

MODERATOR: Far be it for me to ever try to control the topic of a conversation, but we are — I’ll go across the Sinai Peninsula to Thomas, if he’s on the economic topic?

OK, Thomas?

QUESTION: Trying to figure out what you said about (inaudible) and jungle of the snakes. Definitely, in the golden age of espionage there was spying and counter spying. And you cannot say that you are just a victim of the others and you don’t want to try to get information about the others. Definitely there is a kind of a spying, you know, to counter attack his espionage. This is my first question.

My second question is…

WOOLSEY: Let me see if I understand. Does the United States spy on countries that are trying to conduct industrial espionage against American corporations?

QUESTION: Yes.

WOOLSEY: In my time, yes. I don’t know whether we still do or not. But I would have considered it a useful, although not perhaps actually top priority for the United States to understand the workings of a foreign intelligence service that at the behest of its government was conducting espionage against American corporations to steal say technological secrets. What counter espionage it really is in the international context is essentially intelligence services spying abroad on foreign intelligence services that are in turn spying on their country.

And that is part of the warp and woof of international intelligence collection for the United States, for Egypt and for the countries represented by essentially everybody in this room.

QUESTION: My second part of the same question was that what about the privatized economic espionage?

QUESTION: I mean which is more than related to the industries and the firms and the — in general because always even the regular espionage were asking, for all of the human factor of intelligence collected. It’s important or just…

WOOLSEY: Well, with respect to some types of intelligence targets, particularly in the post-Cold War era — terrorism is one very good example — human intelligence, the human factor, espionage is distinct from technical intelligence collection, has really got to be first and foremost.

Terrorism is not something you learn a lot about from plants, to the contrary, notwithstanding from looking at terrorist camps through reconnaissance satellites. You need spies.

But with respect to you know economic espionage against the United States…

QUESTION: I mean in general from your perspective, economic espionage doesn’t get more human intelligence or rely on…

WOOLSEY: It’s hard to say. Again, these three areas that I mentioned that were salient in my time, again for this 5 percent of economic intelligence that’s secret, 95 percent being you pick up newspapers and surf the Web and whatever. But for the 5 percent that involves needing to steal secrets, I would say yes, that human intelligence if you’re talking about bribery, if you’re talking about finding out about companies that are shipping material around sanctions, if you’re talking about companies that are selling super computers to institutions in other countries, that can use them to design nuclear weapons, a lot of that, I would say a rather high proportion of it would typically have to come from human agents, from human sources.

QUESTION: With all of the other sources can you state why you’re failing and as dragon you mention the snakes? Secondly, recently it was deserved (ph) by India and the United States to cooperate more on international terrorism? Do you expect the intelligence agencies of the two countries to cooperate in order to track international terrorism and cooperate (ph)?

WOOLSEY: Well, the dragon was the Soviet Union and the last time I looked we won the Cold War. I don’t think we failed against the dragon. I would comment to your Mr. Matrokin (ph) and Mr. Andrews recent book, “The Sword and the Shield,” based on the KGB archives that Matrokin (ph) stole from essentially 1917 to 1985. And it’s a complicated story.

There were some things the KGB were very successful at such as technical intelligence collection against American corporations actually. But after the demise essentially of the American communist party’s vibrant life, right after the end of World War II and after the end of the American Soviet Alliance in ’45, beginning in ’47 or ’48, the playing field tended to move in an American direction. And Matrokin (ph) and Andrew would say that particularly in the ’60s and ’70s and into the ’80s, probably American intelligence collection against the Soviet Union across the board particularly against the government, was substantially superior to a rather dismal KGB performance against the United States.

QUESTION: (Inaudible) country?

WOOLSEY: The dragon that we fought for 45 years and slew, was the Soviet empire in my analogy.

QUESTION: That isn’t what I had in mind…

WOOLSEY: Well, but you — it was my analogy so I get to say what I had in mind.

(LAUGHTER)

Now with respect to the United States and India, India is a friendly country and we cooperate on a number of things and we’re — both diplomatically and from time to time in intelligence areas, and I would hope that it would continue.

At least that was true with I was DCI. For the last five years you would have to ask somebody else.

QUESTION: I know it’s hard to quantify, but what region of the world, if you can break it down, is most afflicted by this — if I can use the word — by this U.S. espionage, especially bribery?

Is it Middle East? Is it South Asia? Is it Europe? Is it…

WOOLSEY: Well, you have the bribers and the bribees. OK. Now in a number of parts of the world although some are struggling against it, there has been a tradition of public officials accepting bribes and it occurs in a number of places.

The part of the world that where this culture of getting contracts through bribery, that actually has a great deal of money, and is active in international contracting is to a first approximation Europe. And indeed if you look at the recent negotiations that deal with implementing the OECD convention on bribery that was signed, I think in late 1997, there have been a number of parliamentary acts passed.

WOOLSEY: The Germans, for example, have gotten rid of the provision of German tax law that permitted bribes to be deducted from income taxes. France is debating it; hasn’t gotten rid of it yet.

But there has been a general history — both because it’s been relatively prosperous, because it’s companies export — that I would say the principle offenders, from the point of view of paying bribes in major international contracts in the world, are Europe. And indeed, they are some of the very same companies — the companies are in some of the very same countries where the most recent flap has arisen about alleged American industrial espionage.

It leads me to wonder whether the next major international investigation on this sort of subject coming from Europe is going to be charging that there needs to be a major look at the problem of rude American maitre d’s.

I’ll leave it at that.

QUESTION: I have two questions, the first one regarding the peace process. In case of the peace process in the Middle East, do you believe the CIA will be able to change the way handling the cases in the region? And the second question regarding how did you handle the espionage against you, United States, from your allies, like Israel and the other famous cases in that?

WOOLSEY: Second one first. Certainly the United States, often for reasons for learning about technology, is the target of espionage from some very good friends and allies. It happens. Normally we try to work it out. We try not to make a major public fuss about it. But where prosecution is necessary and where it does occur, we are generally of the view that one should impose penalties consistent with the seriousness of the espionage and the amount of material that was turned over, not the degree of friendliness with the country.

I’m going to use a clear example, one that I’ve spoken on publicly a number of times, Jonathan Pollard. The question has come up, since Israel is a friend of the United States, shouldn’t the United States pardon Mr. Pollard? Both I, and I think almost anybody connected with the American intelligence community and law enforcement community has said no, because of the volume and seriousness of what he stole.

Now, you’re first question was about?

QUESTION: It was about the peace process…

(CROSSTALK).

WOOLSEY: The peace process, yes. CIA officers in a number of negotiating situations — and here we’re largely talking about analysts — are extremely helpful. I was an ambassador and arms control negotiator for the United States. I negotiated the CFE Treaty in Vienna in 1989 to ’91. And I had several CIA analysts on my delegation and they functioned very much like other U.S. government officials.

WOOLSEY: We didn’t formally call them CIA officials, but our Soviet and other counterparts knew that they worked for the CIA. And they chaired working groups for me on verification. They negotiated provisions with other countries, dealing with verification. They were valuable members of the team.

And they had very cordial relations with Soviet counterparts. Sometimes we would even have parties with the American CIA people, and the Soviet KGB people, you know. It was an odd time.

But nonetheless, this tradition of American intelligence officers being involved in negotiations is one that I think can be entirely positive. There is one aspect of the CIA officers’ involvement in the negotiations in the Mideast that I couldn’t tell from the public statements whether it was taking place or not, but I was concerned that it might, because it seemed to me it put the intelligence officers in the middle, between the negotiating parties, and led them to have to try to assess whether one party was violating the accords, and then explain it to the other party, going both ways. And I thought that was a bad position to put an intelligence officer in.

I thought the U.S. intelligence officers should collect intelligence for the United States. And if an American official had to go to one party or the other in the negotiations, and say, “You haven’t turned in all your weapons, and we know it,” or, “You haven’t done this, and we know it.” It ought to be a diplomat. It ought to be an official from the State Department, not an intelligence officer.

But with that footnote, with that, you know — and I can’t tell still, from the public statements, exactly what the role of the CIA officers in the Mid-Eastern — in the Palestinian-Israeli negotiations has been. With that footnote, I think that for the CIA, and for intelligence officers from other countries, there are a number of circumstances in which they can have a quasi-open, and professional, and very useful role on issues such as verifying agreements.

QUESTION: Mr. Woolsey, I understand that the U.S. is for — to promote democracies around the world, compared to dictatorships — number one. Number two — how much — and also CIA briefs president on a regular basis — on a daily basis on intelligence matters. How much president listen to the CIA reports, or their advice, including now, this report here in India Globe, and around the world in newspapers that he should not visit Pakistan? That’s according to the CIA intelligence reports. Should he visit Pakistan or not, in your guess?

WOOLSEY: Well, my — I’m not going to bite on that substantive recommendation. But I will say this. I think the CIA got a little bit spoiled in President Bush’s presidency, because having been a director of Central Intelligence himself, he was, and remains absolutely fascinated by intelligence, by the CIA. The CIA headquarters is now named after him. He had the intelligence briefer in every day, and so forth.

President Clinton is a speed reader. And he rather frequently reads the morning intelligence briefing, and annotates it, and sends it back with questions, rather than having the CIA briefer in. And if you’ll pardon me a moment of humor, when in 1994, in the autumn, after I’d been in the CIA job for a little over a year and a half, a small plane crashed into the south front of the White House. The White House staff joke, at the time, was, That must be Woolsey still trying to get an appointment.

(LAUGHTER)

So, I may not be the best individual to ask with respect to daily interactions of that sort. But whether a president absorbs information by a daily meeting, or by reading — as at least in my time, was principally President Clinton’s method of absorbing intelligence — presidents normally pay a great deal of attention to what U.S. intelligence as a whole — not just the CIA — communicates to them. And sometimes they discount it and do something else. And sometimes they have a right to discount it. And sometimes they were wrong. But on that particular issue, I’m going to stay away from that with a 10-foot pole.

QUESTION: Sir, you mentioned about the dual technology transfer. I believe, you know, that’s from the other side of the story. This is a — maybe that’s falling into the term of an FBI, but given your experience, I’d like to have your comment on that. That is, what are those countries involved the most, in terms of stealing U.S. industry secrets here?

When you’re talking about rogue states, I consider that — do you consider China as a rogue state, or what? I mean, according to a lot of report that it is China, it is Japan, Korea, Taiwan and Israel involved most in those case.

QUESTION: But maybe you can tell us what exactly…

WOOLSEY: I’m not going to get in the business of talking about individual countries that way.

I would say this. With respect to technology theft from American corporations especially, the Soviet Union and the KGB were very good at this. The Metrokin (ph) book explains how and why. Happily, the Soviet Union was unable to take advantage of much of the technology because of their incredibly decrepit and terribly inefficient economy. But they were very vigorously involved in this.

It has also been the case, because of American technological leadership in a number of high-technology areas, that some of our old friends and allies are in this business as well, not only by putting microphones in the head rests of their airliners which cross the Atlantic, in first class seats, but in other ways as well.

There are European countries where one wants to — if you leave your briefcase when you go to dinner, if you’re a businessman and there’s anything sensitive in it, you should have your head examined. There are a number of parts of the world where American companies and individuals when they travel where there’s intelligence collection against them. And there’s some in this country, including from some friends — old friends of the United States.

We try to discourage this. We work hard at it. We talk privately with the countries and companies involved. We exert a good deal of effort to try to keep this from happening. But it is something that is rather substantially, in this country, principally on the mind of the FBI not the CIA. Because the only way it comes up for U.S. intelligence is if we learn overseas, in conducting an intelligence operation or collection, that that foreign country’s intelligence service is going to be doing something inside the U.S. Anything that actually takes place here, 99.9 percent of the time the relevant people are the FBI not the CIA.

I don’t know what to say other than I don’t really want to get into accusing individual countries. This waxes and wanes. No one is as involved in it as deeply as the KGB used to be on the behalf of the Soviet Union. But a number of countries still do it.

MODERATOR: And on that note, I’d like to say thank you. Thank you ladies and gentlemen.

WOOLSEY: Thank you for having me.

8 March 2000. Thanks to anonymous.

TRANSCRIPT
March 07, 2000
NEWS BRIEFING
JAMES WOOLSEY
FORMER CIA DIRECTOR
WASHINGTON, D.C.
JAMES WOOLSEY HOLDS BRIEFING AT THE FOREIGN PRESS CENTER
EVENT DATE: 03-07

MARCH 7, 2000

Find this story at 8 March 2000

HTML by Cryptome.

Wie Geheimdienste spionieren; Amerikas Top-Spion aus der Tiefe – das mysteriöse Atom-U-Boot „USS Jimmy Carter“

Die jüngsten Enthüllungen zeigen, wie umfassend das weltweite Internet überwacht wird. Einer der erfolgreichsten Kundschafter soll ein geheimnisumwittertes Atom-U-Boot der US-Amerikaner sein – die „USS Jimmy Carter“.
Am Meeresboden entlang sausen gigantische Datenmengen in Glasfaserkabeln um die Welt. Doch sicher sind sie dort keineswegs. Einer der Gründe dafür: das Atom-U-Boot „USS Jimmy Carter“. Der 138 Meter lange Koloss soll in der Lage sein, die Leitungen in der Tiefe anzuzapfen. In allen Ozeanen dieser Erde – und damit in Gebieten, die außerhalb der Hoheit der Vereinigten Staaten liegen.

Das nach dem früheren US-Präsidenten Jimmy Carter benannte U-Boot unterliegt höchster Geheimhaltung. 140 Mann Besatzung steuern das Boot durch die Ozeane, daneben kann es noch bis zu 50 Spezialkräfte aufnehmen. Von einer Multi-Mission-Platform können Taucher und Mini-U-Boote starten. Seit Anfang 2005 ist die „USS Jimmy Carter“ in den Weltmeeren unterwegs.

Angriffe auf Unterseekabel
Wie aber kommt das U-Boot überhaupt an die Daten heran? Darüber gibt es nur Gerüchte, doch mehrere Szenarien sind denkbar. So könnten die Tiefseespione in Glasfaserleitungen so genannte „Splitter“ einklinken. Diese elektronischen Bauteile schicken Kopien aller erfassten Daten über eine eigene Leitung direkt zum US-Militärgeheimdienst NSA.

Bei einer anderen möglichen Variante müssen die Unterseekabel nicht einmal aufgetrennt werden: „Es genügt, die Kabel leicht zu biegen, um an die Daten zu kommen“, erklärt der IT-Journalist Peter Welchering. Spezielle „Biegekoppler“ fangen die Lichtsignale ab und lesen sie aus. „Moderne Lauschgeräte benötigen weniger als nur zwei Prozent der optischen Leistung der Glasfaser, um dann das komplette Signal abzugreifen und in Bits umzuwandeln“, fügt Welchering hinzu.

Radarkuppeln und Satellitenspäher
Wirklich neu ist die Tatsache, dass Amerikaner, Engländer und andere Staaten internationale Kommunikationswege ausspähen, allerdings nicht. „Ich verstehe die ganze Aufregung nicht“, sagt Welchering. „Mit Echelon verhält es sich doch nicht anders, nur dass die jetzt in den Fokus geratenen Lauschangriffe in digitaler Form stattfinden.“

„Echelon“ heißt ein weltweites Spionagenetz, das mutmaßlich weit in die Zeit des Kalten Krieges zurückreicht. Seit den 1970er-Jahren gab es Gerüchte über seine Existenz. Abhörstationen und Weltraumsatelliten überwachen angeblich Telefongespräche, Faxverbindungen und Internet-Daten, die über Satellit geleitet werden. Auch Handygespräche und Funkverbindungen sollen abgehört werden. Kugelförmige Radarkuppeln wölben sich über die Antennen, die die Signale erfassen. Eine wichtige Anlage stand im bayerischen Bad Aibling. 2004 wurde sie geschlossen, nachdem bekannt geworden war, dass sie nach Ende des Kalten Krieges vor allem europäische Unternehmen ausspioniert hatte.
Betrieben wird „Echelon“ von Nachrichtendiensten der USA, Großbritanniens, Kanadas, Australiens und Neuseelands. Genau die fünf Staaten also, die auch bei der digitalen Datenspionage zusammenarbeiten.
Feind und „Freund“ hören mit
Auch Computer und Telefone anzuzapfen ist für Geheimdienste kein Problem. Um an die Daten zu kommen, bedarf es einfach einer entsprechenden Spionagesoftware. Zwar lassen sich nicht derartige Informationsmengen wie an Unterseekabeln abschöpfen, doch die Spione können gezielter attackieren. Und zum Beispiel ein bestimmtes Unternehmen ins Visier nehmen.

Der volkswirtschaftliche Schaden durch Industriespionage lässt sich schwer schätzen, weil die Dunkelziffern hoch sind. Das Beratungsunternehmen Corporate Trust geht von mindestens 4,2 Milliarden Euro pro Jahr allein in Deutschland aus.

Total verwanzt
Unter Verbündeten sollte das eigentlich ein Tabu sein: Trotzdem spähen US-Geheimdienstler auch die Europäische Union aus. Das berichtet zumindest das Nachrichtenmagazin „Der Spiegel“. Die diplomatischen Vertretungen der EU in Washington und bei den Vereinten Nationen in New York seien verwanzt worden, heißt es in dem Blatt unter Berufung auf Geheimdokumente des NSA-Enthüllers Edward Snowden. Darin würden die Europäer als „Angriffsziel“ benannt.

Die Methode, die Räume – angeblich oder tatsächlich – gegnerischer Nationen zu verwanzen, war schon im Kalten Krieg sehr beliebt. Der sowjetische Geheimdienst KGB entwickelte zum Beispiel so genannte passive Wanzen, die keine Batterie brauchten, sondern ihre Energie durch von außen eingestrahlte Mikrowellen erhielten. Die Sowjets konnten den US-Botschafter in Moskau auf diese Weise jahrelang abhören, ohne dass dies entdeckt wurde.

Der Mann mit dem Schlapphut hat noch nicht ausgedient
Trotz aller Hightech-Methoden, auf die Geheimdienste heute setzen: Nach wie vor ist der klassische Spion nicht aus der Mode gekommen. Für Aufsehen sorgt derzeit in Deutschland der Prozess gegen ein russisches Agentenehepaar, das 25 Jahre lang ein filmreifes Doppelleben geführt hatte. Jetzt müssen beide für mehrere Jahre hinter Gitter. Das Oberlandesgericht Stuttgart verurteilte den Ehemann zu sechseinhalb Jahren und seine Frau zu fünfeinhalb Jahren Haft.
Auch im Bereich der Wirtschaftsspionage sind Informanten ein wesentlicher Faktor. Denn in vielen Fällen sind es die eigenen Mitarbeiter einer Firma, die Betriebsgeheimnisse verkaufen.

Dienstag, 02.07.2013, 18:51 · von FOCUS-Online-Autor Harald Wiederschein

Find this story at 2 July 2013

© FOCUS Online 1996-2013

NSA-Abhörskandal; Die Datenräuber von der USS “Jimmy Carter”

Der US-Geheimdienst NSA überwacht den weltweiten Internetverkehr. Dafür zapfen die Schnüffler auch Glasfaserkabel an, die am Meeresboden zwischen den Kontinenten verlaufen. Eine Schlüsselrolle soll dabei das U-Boot “Jimmy Carter” spielen.

Berlin – Jimmy Carter inszeniert sich gern als Freiheitskämpfer. Mit seinem Carter Center für Menschenrechte vermittelt der ehemalige US-Präsident in internationalen Konflikten, beobachtet Wahlen und setzt sich für transparente Regierungsführung in Entwicklungsländern ein. Für seine Arbeit wurde er mehrfach ausgezeichnet: Unter anderem erhielt er 1998 den Menschenrechtspreis der Vereinten Nationen und 2002 den Friedensnobelpreis.

2005 wurde ihm eine besondere Ehre zuteil: Die US-Marine benannte ein U-Boot nach Carter. Es ist das erste amerikanische Militär-U-Boot, das nach einem lebenden Ex-Präsidenten benannt wurde – und es ist nicht irgendeines. Die 138 Meter lange “Jimmy Carter” ist für Spezialoperationen ausgerüstet und nach Einschätzung von Geheimdienstexperten in der Lage, Unterwasserkabel anzuzapfen. Ein Boot also, das ausgerechnet von Carter hochgehaltene bürgerliche Freiheiten wie das Post- und Fernmeldegeheimnis zu verletzen sucht.

Bau und Ausrüstung des knapp 2,5 Milliarden Euro teuren U-Boots unterlagen strengster Geheimhaltung. “Sie werden niemanden finden, der mit Ihnen darüber spricht”, sagte Marinesprecher Kevin Sykes, als die “Jimmy Carter” Anfang 2005 in Dienst gestellt wurde.

Nur wenige Monate zuvor, im August 2004, hatte das US-Militär die USS “Parche” eingemottet. Dieses U-Boot hatte während des Kalten Kriegs Unterseekabel angezapft und galt als eine der wichtigsten Waffen im Spionagekrieg. Die Besatzung des Boots ist bis heute die höchstdekorierte Einheit der Marine. Das Militär nimmt ein solches Schiff nur dauerhaft außer Betrieb, wenn ein Nachfolger bereitsteht.

Das am stärksten bewaffnete U-Boot

140 Mann Besatzung leisten auf der USS “Jimmy Carter” Dienst. Sie verfügt über eine sogenannte Multi-Missions-Plattform, die wie ein Unterwasser-Hangar funktioniert. Von dort aus können Mini-U-Boote und Kampftaucher ins Wasser gelassen werden. 50 Spezialkräfte, etwa Navy Seals, kann das Atom-U-Boot aufnehmen. Für feindliches Sonar ist es kaum zu orten, weil seine Motoren extrem leise sind und der Bootskörper kaum elektromagnetische Strahlung abgibt.

Das Schiff ist mit Torpedos sowie Flugkörpern der Typen “Harpoon” und “Tomahawk” ausgerüstet, die feindliche Ziele sowohl zu Wasser als auch an Land ausschalten können – auch mit Nuklearsprengköpfen. Außerdem ist die Besatzung in der Lage, Seeminen zu legen. Damit sei die “Jimmy Carter” das am stärksten bewaffnete U-Boot, das jemals gebaut wurde, jubelte “Undersea Warfare”, das offizielle Magazin der amerikanischen U-Boot-Flotte.

Seit die “Jimmy Carter” vom Stapel lief, haben US-Medien mehrfach darüber spekuliert, dass das Schiff Glasfaserkabel zwischen den Kontinenten anzapfen könnte. Das Pentagon hat diesen Berichten nie widersprochen. Im vom Whistleblower Edward Snowden enthüllten Prism-Spähprogramm bestätigt der US-Militärgeheimdienst NSA sogar die “Sammlung der Kommunikation über Glasfaserkabel, während die Daten hindurchfließen”. Die Marine teilt lediglich mit, dass das U-Boot mit “fortschrittlicher Technologie für spezielle Marinekriegsführung und taktische Überwachung” ausgestattet sei.

Unklar ist bislang jedoch, wie die so abgefangenen Daten dann zu den Analysten des US-Militärgeheimdienstes gelangen. In den siebziger Jahren mussten regelmäßig U-Boote zu den Kabeln herabtauchen, um die Bänder einzusammeln. Diese Mission wurde schließlich von einem sowjetischen Spion verraten – das Aufnahmegerät befindet sich seither im Moskauer KGB-Museum. Sollten auch heutzutage die Kommunikationsdaten aus den Unterseekabeln nur zeitversetzt bei den Geheimdienstlern ankommen, wären akute Warnungen vor Terrorwarnungen kaum möglich.

Wahrscheinlicher ist daher, dass die Besatzung der “Jimmy Carter” an den Glasfaserkabeln einen Splitter installiert und eine eigene Faserleitung in ein Rechenzentrum des Geheimdienstes gelegt hat. Peter Franck, Sprecher des Chaos Computer Clubs, hält es außerdem für möglich, dass IT-Experten an Bord des U-Boots die Daten bereits vor Ort vorfiltern und verdichten und über die normale Funkkommunikation zur Basisstation zurückfunken könnten.

In beiden Fällen würden die NSA-Agenten praktisch in Echtzeit den Internetverkehr überwachen können.

01. Juli 2013, 18:02 Uhr
Von Christoph Sydow

Find this story at 1 July 2013

© SPIEGEL ONLINE 2013

Interaktive Karte zum Überwachungsskandal; Kabel, die die Welt verbinden

Über 200 Tiefseekabel verbinden die Kontinente und machen moderne Kommunikation erst möglich. stern.de zeigt, wo die wichtigsten Leitungen liegen – und welches deutsche Kabel angezapft wurde. Von Alexander Sturm

Wenn Sie den Mauszeiger über die Kabel bewegen, öffnen sich Info-Kästen zu den jeweiligen Tiefseekabeln.

Gäbe es die vielen tausend Kilometer Tiefseekabel nicht, die auf dem Grund der Weltmeere liegen, unser Alltag wäre ein anderer: All die Telefongespräche, E-Mails oder Online-Bankgeschäfte über Kontinente hinweg wären nicht vorstellbar. Knapp 20 der wichtigsten Kabel sind in der Grafik abgebildet. Moderne Leitungen können gut ein Terabit Daten pro Sekunde übertragen; das entspricht dem Inhalt von rund 120 Stunden Spielfilm. Das einzige transatlantische Kabel, das in Deutschland landet, das TAT-14 (im Bild gefettet), schafft laut dem US-Marktforscher Telegeography 1,87 Terabit pro Sekunde – und wurde vom britischen Geheimdienst abgehört.
Verlegung dauert bis zu drei Jahren

Eigentümer der Kabel sind Konsortien aus internationalen Telekommunikationsfirmen, die die Leitungen gemeinsam verlegen und betreiben. Staaten haben keinen Anteil, kaufen aber oft Datenkapazitäten, um Botschaften oder Militäreinrichtungen zu verknüpfen. Die Verlegung von Tiefseekabeln ist aufwendig: Je nach Länge, Zahl der Landungspunkte und Wetter dauert es bis zu drei Jahren (etwa für die Strecke Kalifornien-Japan und zurück über Hawaii), denn auf hoher See können nur zehn Kilometer Kabel pro Stunde ins Meer gelassen werden. Wartung ist dagegen kaum nötig: “Wenn die Kabel einmal im Wasser liegen, werden sie in der Regel nicht mehr angefasst”, sagt Alan Mauldin, Forschungsdirektor beim Marktforscher Telegeography.

1858 gelang die Verlegung des ersten transatlantischen Kabels zwischen Großbritannien und Neufundland, damals ein Kupfer-Eisen-Draht. Moderne Seekabel aus Glasfasern gibt es erst seit 1988. Sie haben einen Durchmesser von rund sieben Zentimetern und bestehen aus Hunderttausenden hauchdünnen Fasern, die von einem Kupferrohr, Aluminium, Stahlseilen und mehreren Schichten Kunststoff geschützt werden. Viele Tiefseekabel enden an sechs großen Knotenpunkten: New York, Cornwall, Alexandria, Hongkong, Singapur und Tokio. Das längste Tiefseekabel der Welt könnte man übrigens beinahe um den Äquator legen. Das 36.500 Kilometer lange EAC-C2C verbindet China und Japan mit den Philippinen, Taiwan, Hongkong, Südkorea und Singapur.

6. Juli 2013, 14:11 Uhr

Find this story at 6 July 2013

© stern.de

Tapping the world’s fiber optic cables

Data surveillance: how much is too much?

Huge masses of data flash around the world along thousands of miles of fiber optic cables. They are regularly tapped – sometimes legally, mostly secretly. While this technology is simple, filtering is a huge challenge.

Almost all the countries in the world expect their foreign intelligence services to tap and sift through international telecommunications. For that reason, network operators whose lines cross international borders are legally obliged to make certain intersection points available to the authorities. Britain’s Tempora program, for instance, had perfectly legal access to the information it obtained – at least when it passed through British territory.

From electricity to light, and back

But fiber-optic cables can also be tapped secretly, without the knowledge of the operators – though this is not exactly easy. To understand how it works, one has to look more closely at how the data actually passes through the cables.

A standard fiber-optic cable laid across land consists of 144 individual glass fibers, while undersea cables consist of a maximum of eight individual fibers. Using laser technology, the electronic data is initially turned into ultra-short flashes of light. These flashes represent the zeros and ones that all digital information is comprised of. A photodiode at the end of the cable turns the light flashes back into electrical signals.

Around 10 billion such flashes of light run through these cables every second, and each one can also transfer between 1.2 and 5 gigabytes of data per second. But since the capacity of fiber optics is never completely used up, in practice the data flow is usually equivalent to between one and five standard CDs.

Fiber optics need amplifiers
Thousands of miles of fiber optic cables are laid across the ocean floor

But after a certain distance, the data signal drops. Every 80 kilometers or so, the signals have to be re-amplified, explained Klaus-Dieter Langer of the Fraunhofer Heinrich-Hertz-Institute in Berlin.

This is done with the help of a “regenerator.” Undersea cables also have regenerators, which are supplied with electricity by copper cables laid across the ocean floor, together with the fiber optics.

These regenerators are the system’s weak point. At these spots, the fiber optics can be more easily tapped, because they are no longer bundled together, rather laid out individually (since each fiber must be amplified separately). At these points, data piracy is not necessarily easy – but that, as Langer puts it, is “just a technical hurdle.”

A vigilant network operator can spot such hacking attempts. “You need very sensitive measuring instruments,” said Langer, “then you can see when the signal strength suddenly dips.”

Order in the data chaos

Once a spy has succeeded in hacking into a cable, the bigger challenge emerges – sifting through the immense mass of data. This needs to be done quickly. Even if a single glass cable is operating only at 50 percent capacity, it can still deliver 10 terabytes of data in an hour. “Since storage capacity is finite, the trick is to analyze these 10 terabytes within an hour, and filter out what you’re looking for,” said Langer.

A lot of the data needs to be decrypted – which also means being temporarily stored. At the same time, intelligence agencies must proceed very selectively so as not to get bogged down in the flood of data. Langer believes that agents probably concentrate on single fibers belonging to certain operators of particular interest. “It makes more sense to search for certain content, rather than, for example, email conversations, telephone connections and the like.

Wire-tapping contest under the ocean
Huge server capacity must be immediately available to sift data

Hacking a cable only makes sense if you have large server capacity immediately available, which is why Langer is skeptical of recent media speculation about the USS Jimmy Carter, a nuclear submarine said to be on a mission to tap underwater cables. “It seems bizarre,” said Langer.

But Peter Franck, spokesman for the Chaos Computer Club digital rights collective, considers the submarine reports “absolutely believable.” Though tapping underwater cables is so secret “that it would never be publicly talked about,” so far reports in the American media have not been denied by the government.

Franck can imagine a number of ways in which data could be moved from the submarine to servers on shore. He speculates, for instance, that the data could be pre-filtered on board and then broadcast to a base via the normal radio communication. Or a device that records the data could be left on the ocean floor. “An extra vehicle could then come and pick it up,” Franck suggested.

Such underwater cables are certainly of considerable interest to intelligence agencies, since a huge part of international communication travels through them. It could certainly be the case that a lot of the world’s fiber optic cables are being tapped – and not only in countries where respective intelligence agencies are based.

Date 30.06.2013
Author Fabian Schmidt / bk
Editor Sonya Diehn

Find this story at 30 June 2013

© 2013 Deutsche Welle

Germany fears NSA stole industrial secrets

The NSA espionage scandal has unsettled German companies. They are concerned that industrial secrets may have been stolen by US intelligence agencies.

Trust between Washington and Berlin has been shaken by the scandal over the alleged bugging of German government and EU buildings by US intelligence agencies. Reacting angrily to the apparent widespread surveillance of telephone and email communications, German politicians have demanded a speedy explanation from Washington. The EU and Germany do, after all, see themselves as partners of the US.

While the outrage may be exaggerated, there are legitimate, unanswered questions. For example: Why is the National Security Agency (NSA) collecting such large amounts of data, and for what end is that data being used?

The Trojan horse

The chairman of the conservative Christian Social Union’s small business group, Hans Michelbach, sees the surveillance of EU institutions by US intelligence agencies as a cause for alarm.

“The EU is not a supporter of terrorism, but is indeed a strong competitor in the global economy,” Michelbach said. He fears that not only European institutions, but also European and German firms may have been spied on, giving the US “dishonest advantages.”

Germany’s consumer protection minister, Ilse Aigner, warns that the joint fight against terrorism could be turned into a “Trojan horse” that “covers up espionage against governments and companies.”

Meanwhile, German companies have expressed both concern and astonishment at the extent of the spying.

“There was speculation in the past that conversations and Internet activity were being recorded by foreign intelligence agencies,” Volker Wagner, chairman of the Working Group for Economic Security, told DW. “But if the media reports are true, then the dimensions are alarming.”

Opportunity makes a thief

Other economic and industrial groups have reacted in a similar fashion. They want to know what kind of data was recorded and how it was used. At the moment, the European business community only has suspicions that industrial secrets were stolen by US intelligence agencies. Typically, stolen technologies and products show up in the hands of competitors or foreign countries years after they were originally taken.

But according to Wagner, the amount of data collected creates an incentive for abuse.

“One has to consider that American security services employ many freelancers, contractors and consultants,” Wagner said. “It’s estimated that in Washington alone, up to 1.5 million contractors work for the security services.”
Rösler said US espionage hurts prospects for a trade agreement

It’s uncertain whether all of these contractors respect the law. Rainer Glatz of the German Engineering Federation calls for the creation of an international treaty that clearly regulates data protection and intellectual property. Glatz believes that the private sector has to become more proactive and avoid relying on the state to protect corporate secrets. Countermeasures, such as firewalls, are being implemented by the companies the federation represents.

“In addition, we have to school the employees in the sales department and the service technicians on how to protect corporate information,” Glatz told DW.

EU-US trade agreement jeopardized

Germany’s IT small business association is pursuing a different approach. The group has suggested the creation of Europe-wide corporate consortiums as a counterbalance to the economic power of the US.

But the American and European economies are supposed to become even more integrated in the future. The EU and US hope to implement a free trade agreement. German Economy Minister Philipp Rösler has said that while Berlin still has an interest in such a partnership with the US, the espionage scandal has negatively impacted the project.

“The US now has to quickly clarify the allegations and provide transparency,” Rösler said.

Industrial espionage causes billions of euros in economic damage in Germany. The security consultancy Corporate Trust estimates that it cost 4.2 billion euros ($5.4 billion) in 2012.

Date 03.07.2013
Author Jennifer Fraczek / slk
Editor Andreas Illmer

Find this story at 3 July 2013

© 2013 Deutsche Welle

Germany, UK breaching human rights with NSA spy link-up

Echelon system identified as “legislation-free zone”

In a major report to be published this week, the Echelon committee of the European Parliament has found that the conduct of electronic surveillance activities by US intelligence breaches the European Convention of Human Rights even when conducted, allegedly, for law enforcement purposes. It concludes that if the British and German governments fail to prevent the improper use of surveillance stations sited on their territory to intercept private and commercial communications, they may be in breach both of community law and of human rights treaties.

Composite Signals Organisation Station Morwenstow, run by Britain’s GCHQ, was the first station built to intercept civil commercial satellite communications as part of the ECHELON system

Two drafts of the proposed EP report, prepared by rapporteur and MEP Gerhard Schmidt, were leaked earlier this month. The form and wording of the committee’s final report is due to be settled by the full committee in a meeting in Brussels on Tuesday 29 May.

Comparison of the two drafts shows that the committee was waiting to question American government and trade officials about their use of economic intelligence before making its final comments. But, two weeks ago, the American government decided to snub them after members had already arrived in Washington, abruptly cancelling a series of planned meetings.

The declared policy of the US government, as explained last year by former CIA director James Woolsey, is to use the U.S. intelligence system spy on European companies in order to gather evidence of bribery and unfair trade practices. Woolsey said “Yes, my continental European friends, we have spied on you. And it’s true that we use computers to sort through data by using keywords”. “We have spied on you because you bribe”, he wrote in the Wall Street Journal[1].

US economic intelligence policies in support of business and trade were exposed four months ago in a detailed new report to the Echelon committee. That report on “COMINT impact on international trade”[2] is published here exclusively for the first time today. The report traces in detail how U.S. intelligence gathering priorities shifted dramatically after the end of the Cold War, with the result that “about 40 percent of the requirements” of U.S. intelligence collection became “economic, either in part or in whole”.

Echelon committee vice-chairman Neil MacCormick (Scotland) wants to see legal changes to protect private communications; meanwhile “people should treat their e-mails like seaside postcards” that anyone else can read.

The new priorities for economic intelligence were approved by the first President Bush in a document called NSD-67 (National Security Directive 67), issued by the White House on 20 March 1992. By using the CIA and NSA to spy on foreign rivals of American companies, the declared U.S. objective was to “level the playing field” in foreign trade.

After the new policies came into force, the incoming Clinton administration set up a new Trade Promotion co-ordinating committee, with direct intelligence inputs from the CIA and direct links to U.S. business through a new “Advocacy Center”. Intelligence from NSA and CIA was supplied to the U.S. government department of Commerce through an “Office of Intelligence Liasion”, which was equipped to handle intercepted communications such as those supplied by the Echelon network.

According to documents provided to the Echelon Committee and now published here, the CIA team in the Commerce Department proposed gathering information on “primary competitors” of American business in a major Asian market. One document shows that, of 16 U.S. government officials attending a meeting on winning contracts in Indonesia, 5 were from the CIA (see Annexe 2-3[3]).

Two of the NSA’s largest electronic intelligence stations are located at Bad Aibling, Bavaria and Menwith Hill, in England. Both stations intercept satellite communications and use surveillance satellites to collect communications from the ground, anywhere in the western hemisphere.

The U.S. congress was recently told that, as a result of “levelling the playing field”, American companies gained $145 billion worth of business during the 1990s, after intelligence agencies claimed to have detected and defeated bribery or unfair conduct by foreign competitors. Many such contracts were listed in dossiers of cases publicised during the 1990s.

According to reports of “success stories” published by the Advocacy Center, European countries have lost out massively. France lost nearly $17 billion dollars worth of trade, and Germany $4 billion out of a total of about $40 billion. Sweden lost $386 million worth of business, the Netherlands $184 million. Not all “successes” necessarily involved allegations of bribery, but many did.

Despite the huge number of cases in which it claims to have detected bribery, the U.S. government has never published any evidence to substantiate its claims. Nor has it instigated any prosecutions. Equally hard to substantiate has been evidence in specific cases where secret interception activities are alleged to have affected a major contract. All of the specific accounts of European business losses, such as the lost of an $8 billion Airbus contract in 1994, were published by the American press, at a time when the Clinton administration wanted to publicise that it was doing its best for business.

The clear motive was to tell the Americans that their government and intelligence agencies were now helping with the economy. But when Europe became concerned about the Echelon system, such stories stopped appearing in the U.S. media, and information dried up.

The job of the US Department of Commerce’s Advocay Center is to “aggressively support U.S. bidders in global competitions where advocacy is in the national interest”.

Many MEPs suspect that the American claim only to use their secret listening systems, including the Echelon network, to prevent bribery are a smoke screen to cover straightforward spying for business and trade purposes.

The report on “COMINT impact on international trade” sets out, with many detailed sources, the case that from 1992 to date Europe is likely to have sustained significant employment and financial loss as a result of the U.S. government policy of “levelling the playing field”. The report does not address whether the U.S. position that such interventions were and are justified by corrupt and or unfair behaviour by foreign competitors or governments are reasonable or, in fact, are true.

But it is not necessary to show that intelligence information has been given directly to U.S. corporations for major economic damage to be assessed to have occurred. The boundaries of such estimates could lie between $13 billion and $145 billion. The only certain observation is that the exact figure will never be known.

Although failing to find new reports of European business losses beyond those appearing in the American media in 1994-1996, the Echelon committee has found that even if it were proven that bribery was involved, this does not make NSA activities of this kind legal in Europe. The draft report points out that:

“The American authorities have repeatedly tried to justify the interception of telecommunications by accusing the European authorities of corruption and taking bribes. It should be pointed out to the Americans that all EU Member States have properly functioning criminal justice systems. If there is evidence that crimes have been committed, the USA must leave the task of law enforcement to the host countries. If there is no such evidence, surveillance must be regarded as unproportional, a violation of human rights and thus inadmissible.”

Just a week ago, former CIA director Woolsey repeated his claims of European bribery at a meeting in New York. In the context of any such activities conducted at NSA’s British and German stations, this now appears to be an admission of unlawful conduct.

According to the draft report, “under the terms of the ECHR, interference in the exercise of the right to privacy must be proportional and, in addition, the least invasive methods must be chosen. As far as European citizens are concerned, an operation constituting interference carried out by a European intelligence service must be regarded as less serious than one conducted by an American intelligence service”.

Not least, this is because European citizens or companies could only get legal redress for such misconduct in national courts, not American courts.

“Operations constituting interference must therefore be carried out, as far as possible, by the German or UK authorities, particularly when investigations are being conducted for law enforcement.”

The draft committee report concludes that “there would seem to be good reason … to call on Germany and the United Kingdom to take their obligations under the ECHR seriously and to make the authorisation of further intelligence activities by the NSA on their territory contingent on compliance with the ECHR”.

The IC2001 papers

Four new studies on “Interception Capabilities – Impact and Exploitation” were commissioned by the Temporary Committee on the Echelon Interception System of the European Parliament in December 2000. The new studies update and extend the previous EP report, “Interception Capabilities 2000″[4], which was prepared in 1999. They cover the use of communications intelligence (COMINT) for economic purposes, legal and human rights issues, and recent political and technological developments. Among the key topics covered are the documentary and factual evidence for the existence of the COMSAT (communications satellite) intercept system known as “ECHELON”.

These studies were presented to the Echelon Committee at its Brussels meeting on 22 and 23 January 2001. The fourth study, on new political and technical developments, was presented only in the form of a slideshow. These studies are published with permission from the secretariat of the Echelon Committee.

ECHELON and its role in COMINT

IC2001, paper 1[5]

This paper summarises the evidence for the existence of ECHELON as a global interception system. It records official admissions about the secret UKUSA agreement that links English-speaking signals intelligence organisations. The paper also provides detailed answers to questions put by the Committee. It points out that very few media reports have provided original new information about Echelon, and that many press reports have enlarged on the nature of the interception systems and their capabilities, without evidence.

COMINT impact on international trade

IC2001, paper 2[6]

Paper 2 sets out, with detailed sources, the case that from 1992 to date Europe is likely to have sustained significant employment and financial loss as a result of the U.S. government policy of “levelling the playing field”, introduced in 1991. It also refers to:

Annexe 2-1[7] Background papers about the U.S. Trade Promotion Co-ordinating Committee (TPCC) and the Advocacy Center, including statements of purpose

Annexe 2-2[8] A questionaire for U.S. companies to answer in order to determine whether or not they are deemed “American” and thus qualify for official assistance. The questionnaire is also on the internet[9].

Annexe 2-3[10] Documents revealing the CIA’s role in U.S. trade promotion, obtained under the Freedom of Information Act.

Annexe 2-4[11] U.S. trade “Success stories” affecting Europe – financial and geographical analysis Many of the stories can be viewed online[12] For example, this report[13] concerns the controversial power plant at Dabhol, India.

COMINT, privacy and human rights

IC2001, paper 3[14]

This paper reveals that Britain undertakes to protect the rights of Americans, Canadians and Australians against interception that would not comply with their own domestic law, while offering no protection of any kind to other Europeans. This and other background papers provided to the Echelon committee have prompted them to observe that “possible threats to privacy and to businesses posed by a system of the ECHELON type arise not only from the fact that is a particularly powerful monitoring system, but also that it operates in a largely legislation-free area.”

Other Reports

The committee were also given copies of three key articles about US intelligence and economic activity:

“Why We Spy on Our Allies”[15], by James Woolsey, former director of the CIA, Wall Street Journal, 17 March 2000.

“It’s true that we use computers to sort through data by using keywords. Have you stopped to ask yourselves what we’re looking for?”

“U.S. spying pays off for business” by Bob Windrem, NBC News Online, 15 April 2000 Originally published at MSNBC[16] This link is broken, but an alternative copy is here[17] and on other sites.

“U.S. companies have benefited when U.S. intelligence redirected its Cold War assets towards economic intelligence.”

“U.S. steps up commercial spying[18] – Washington gives companies an advantage in information”, by Bob Windrem, NBC News Online, 7 May 2000. Again, the link has recently been broken, but an alternative copy is at www.gn.apc.org/cndyorks/caab/articles/spying.htm[19].

“Documents, all published during the Clinton administration, appear to confirm reports that America’s electronic eavesdropping apparatus was involved in commercial espionage.”

Duncan Campbell 27.05.2001

Find this story at 27 May 2001

Copyright © Telepolis, Heise Zeitschriften Verlag

How the NSA Targets Germany and Europe

Top secret documents detail the mass scope of efforts by the United States to spy on Germany and Europe. Each month, the NSA monitors a half a billion communications and EU buildings are bugged. The scandal poses a threat to trans-Atlantic relations.

At first glance, the story always appears to be the same. A needle has disappeared into the haystack — information lost in a sea of data.

For some time now, though, it appears America’s intelligence services have been trying to tackle the problem from a different angle. “If you’re looking for a needle in the haystack, you need a haystack,” says Jeremy Bash, the former chief of staff to ex-CIA head Leon Panetta.

An enormous haystack it turns out — one comprised of the billions of minutes of daily cross-border telephone traffic. Add to that digital streams from high-bandwidth Internet cables that transport data equivalent to that held in Washington’s Library of Congress around the world in the course of a few seconds. And then add to that the billions of emails sent to international destinations each day — a world of entirely uncontrolled communication. And also a world full of potential threats — at least from the intelligence services’ perspective. Those are the “challenges,” an internal statement at the National Security Agency (NSA), the American signals intelligence organization, claims.

Four-star General Keith Alexander — who is today the NSA director and America’s highest-ranking cyber warrior as the chief of the US Cyber Command — defined these challenges. Given the cumulative technological eavesdropping capacity, he asked during a 2008 visit to Menwith Hill, Britain’s largest listening station near Harrogate in Yorkshire, “Why can’t we collect all the signals all the time?”

All the signals all the time. Wouldn’t that be the NSA’s ideal haystack? So what would the needle be? A trail to al-Qaida, an industrial facility belonging to an enemy state, plans prepared by international drug dealers or even international summit preparations being made by leading politicians of friendly nations? Whatever the target, it would be determined on a case by case basis. What is certain, however, is that there would always be a haystack.

A Fiasco for the NSA

Just how close America’s NSA got to this dream in cozy cooperation with other Western intelligence services has been exposed in recent weeks by a young American who, going by outward appearances, doesn’t look much like the hero he is being celebrated as around the world by people who feel threatened by America’s enormous surveillance apparatus.

The whole episode is a fiasco for the NSA which, in contrast to the CIA, has long been able to conduct its spying without drawing much public attention. Snowden has done “irreversible and significant damage” to US national security, Alexander told ABC a week ago. Snowden’s NSA documents contain more than one or two scandals. They are a kind of digital snapshot of the world’s most powerful intelligence agency’s work over a period of around a decade. SPIEGEL has seen and reviewed a series of documents from the archive.

The documents prove that Germany played a central role in the NSA’s global surveillance network — and how the Germans have also become targets of US attacks. Each month, the US intelligence service saves data from around half a billion communications connections from Germany.

No one is safe from this mass spying — at least almost no one. Only one handpicked group of nations is excluded — countries that the NSA has defined as close friends, or “2nd party,” as one internal document indicates. They include the UK, Australia, Canada and New Zealand. A document classified as “top secret” states that, “The NSA does NOT target its 2nd party partners, nor request that 2nd parties do anything that is inherently illegal for NSA to do.”

‘We Can, and Often Do Target Signals’

For all other countries, including the group of around 30 nations that are considered to be 3rd party partners, however, this protection does not apply. “We can, and often do, target the signals of most 3rd party foreign partners,” the NSA boasts in an internal presentation.

According to the listing, Germany is among the countries that are the focus of surveillance. Thus, the documents confirm what had already been suspected for some time in government circles in Berlin — that the US intelligence service, with approval from the White House, is spying on the Germans — possibly right up to the level of the chancellor. So it comes as little surprise that the US has used every trick in the book to spy on the Washington offices of the European Union, as one document viewed by SPIEGEL indicates.

But the new aspect of the revelations isn’t that countries are trying to spy on each other, eavesdropping on ministers and conducting economic espionage. What is most important about the documents is that they reveal the possibility of the absolute surveillance of a country’s people and foreign citizens without any kind of effective controls or supervision. Among the intelligence agencies in the Western world, there appears to be a division of duties and at times extensive cooperation. And it appears that the principle that foreign intelligence agencies do not monitor the citizens of their own country, or that they only do so on the basis of individual court decisions, is obsolete in this world of globalized communication and surveillance. Britain’s GCHQ intelligence agency can spy on anyone but British nationals, the NSA can conduct surveillance on anyone but Americans, and Germany’s BND foreign intelligence agency can spy on anyone but Germans. That’s how a matrix is created of boundless surveillance in which each partner aids in a division of roles.

The documents show that, in this situation, the services did what is not only obvious, but also anchored in German law: They exchanged information. And they worked together extensively. That applies to the British and the Americans, but also to the BND, which assists the NSA in its Internet surveillance.

Unimaginable Dimensions

SPIEGEL has decided not to publish details it has seen about secret operations that could endanger the lives of NSA workers. Nor is it publishing the related internal code words. However, this does not apply to information about the general surveillance of communications. They don’t endanger any human lives — they simply describe a system whose dimensions go beyond the imaginable. This kind of global debate is actually precisely what Snowden intended and what motivated his breach of secrecy. “The public needs to decide whether these policies are right or wrong,” he says.

The facts, which are now a part of the public record thanks to Snowden, disprove the White House’s line of defense up until now, which has been that the surveillance is necessary to prevent terrorist attacks, as President Barack Obama said during his recent visit to Berlin. NSA chief Alexander has sought to justify himself by saying that the NSA has prevented 10 terrorist attacks in the United States alone. Globally, he says that 50 terrorist plots have been foiled with the NSA’s help. That may be true, but it is difficult to verify and at best only part of the truth.

Research in Berlin, Brussels and Washington, as well as the documents that have been reviewed by the journalists at this publication, reveal how overreaching the US surveillance has been.

Germany, for its part, has a central role in this global spying system. As the Guardian newspaper, which is working together with Snowden, recently revealed, the NSA has developed a program for the incoming streams of data called “Boundless Informant.” The program is intended to process connection data from all incoming telephone calls in “near real time,” as one document states. It doesn’t record the contents of the call, just the metadata — in other words, the phone numbers involved in the communication.

It is precisely the kind of data retention that has been the subject of bitter debate in Germany for years. In 2010, the Federal Constitutional Court in Karlsruhe even banned the practice.

“Boundless Informant” produces heat maps of countries in which the data collected by the NSA originates. The most closely monitored regions are located in the Middle East, followed by Afghanistan, Iran and Pakistan. The latter two are marked in red on the NSA’s map of the world. Germany, the only country in Europe on the map, is shown in yellow, a sign of considerable spying.

Spying on the European Union
An NSA table (see graphic), published for the first time here by SPIEGEL, documents the massive amount of information captured from the monitored data traffic. According to the graph, on an average day last December, the agency gathered metadata from some 15 million telephone connections and 10 million Internet datasets. On Dec. 24, it collected data on around 13 million phone calls and about half as many Internet connections.

On the busiest days, such as Jan. 7 of this year, the information gathered spiked to nearly 60 million communications processes under surveillance. The Americans are collecting metadata from up to half a billion communications a month in Germany — making the country one of the biggest sources of streams of information flowing into the agency’s gigantic sea of data.

Another look at the NSA’s data hoard shows how much less information the NSA is taking from countries like France and Italy. In the same period, the agency recorded data from an average of around 2 million connections, and about 7 million on Christmas Eve. In Poland, which is also under surveillance, the numbers varied between 2 million and 4 million in the first three weeks of December.

But the NSA’s work has little to do with classic eavesdropping. Instead, it’s closer to a complete structural acquisition of data. Believing that less can be extrapolated from such metadata than from intercepted communication content would be a mistake, though. It’s a gold mine for investigators, because it shows not only contact networks, but also enables the creation of movement profiles and even predictions about the possible behavior of the people participating in the communication under surveillance.

According to insiders familiar with the German portion of the NSA program, the main interest is in a number of large Internet hubs in western and southern Germany. The secret NSA documents show that Frankfurt plays an important role in the global network, and the city is named as a central base in the country. From there, the NSA has access to Internet connections that run not only to countries like Mali or Syria, but also to ones in Eastern Europe. Much suggests that the NSA gathers this data partly with and without Germany’s knowledge, although the individual settings by which the data is filtered and sorted have apparently been discussed. By comparison, the “Garlick” system, with which the NSA monitored satellite communication out of the Bavarian town of Bad Aibling for years, seems modest. The NSA listening station at Bad Aibling was at the center of the German debate over America’s controversial Echelon program and alleged industrial espionage during the 1990s.

“The US relationship with Germany has been about as close as you can get,”American journalist and NSA expert James Bamford recently told German weekly Die Zeit. “We probably put more listening posts in Germany than anyplace because of its proximity to the Soviet Union.”

Such foreign partnerships, one document states, provide “unique target access.”

‘Privacy of Telecommunications’ Is ‘Inviolable’

But the US does not share the results of the surveillance with all of these foreign partners, the document continues. In many cases, equipment and technical support are offered in exchange for the signals accessed. Often the agency will offer equipment, training and technical support to gain access to its desired targets. These “arrangements” are typically bilateral and made outside of any military and civil relationships the US might have with these countries, one top secret document shows. This international division of labor seems to violate Article 10 of Germany’s constitution, the Basic Law, which guarantees that “the privacy of correspondence, posts and telecommunications shall be inviolable” and can only be suspended in narrowly defined exceptions.

“Any analyst can target anyone anytime,” Edward Snowden said in his video interview, and that includes a federal judge or the president, if an email address is available, he added.

Just how unscrupulously the US government allows its intelligence agencies to act is documented by a number of surveillance operations that targeted the European Union in Brussels and Washington, for which it has now become clear that the NSA was responsible.

A little over five years ago, security experts discovered that a number of odd, aborted phone calls had been made around a certain extension within the Justus Lipsius building, the headquarters of the European Council, the powerful body representing the leaders of the EU’s 27 member states. The calls were all made to numbers close to the one used as the remote servicing line of the Siemens telephone system used in the building. Officials in Brussels asked the question: How likely is it that a technician or service computer would narrowly misdial the service extension a number of times? They traced the origin of the calls — and were greatly surprised by what they found. It had come from a connection just a few kilometers away in the direction of the Brussels airport, in the suburb of Evere, where NATO headquarters is located.

The EU security experts managed to pinpoint the line’s exact location — a building complex separated from the rest of the headquarters. From the street, it looks like a flat-roofed building with a brick facade and a large antenna on top. The structure is separated from the street by a high fence and a privacy shield, with security cameras placed all around. NATO telecommunications experts — and a whole troop of NSA agents — work inside. Within the intelligence community, this place is known as a sort of European headquarters for the NSA.

A review of calls made to the remote servicing line showed that it was reached several times from exactly this NATO complex — with potentially serious consequences. Every EU member state has rooms at the Justus Lipsius building for use by ministers, complete with telephone and Internet connections.

Unscrupulous in Washington

The NSA appears to be even more unscrupulous on its home turf. The EU’s diplomatic delegation to the United States is located in an elegant office building on Washington’s K Street. But the EU’s diplomatic protection apparently doesn’t apply in this case. As parts of one NSA document seen by SPIEGEL indicate, the NSA not only bugged the building, but also infiltrated its internal computer network. The same goes for the EU mission at the United Nations in New York. The Europeans are a “location target,” a document from Sept. 2010 states. Requests to discuss these matters with both the NSA and the White House went unanswered.

Now a high-level commission of experts, agreed upon by European Justice Commissioner Viviane Reding and US Attorney General Eric Holder, is to determine the full scope of the routine data snooping and discuss the legal protection possibilities for EU citizens. A final report is expected to be released in October.

The extent of the NSA’s systematic global surveillance network is highlighted in an overview from Fort Meade, the agency’s headquarters. It describes a number of secret operations involving the surveillance of Internet and international data traffic. “In the Information Age, (the) NSA aggressively exploits foreign signals traveling complex global networks,” an internal description states.

Details in a further, previously unpublished document reveal exactly what takes place there. It describes how the NSA received access to an entire bundle of fiber-optic cables, which have a data-transfer capacity of several gigabytes per second. It is one of the Internet’s larger superhighways. The paper indicates that access to the cables is a relatively recent development and includes Internet backbone circuits, “including several that service the Russian market.” Technicians in Fort Meade are able to access “thousands of trunk groups connected worldwide,” according to the document. In a further operation, the intelligence organization is able to monitor a cable that collects data flows from the Middle East, Europe, South America and Asia (see graphic).

But it is not just intelligence agencies from allied nations that have willingly aided the NSA. Revelations related to the Prism program make it clear that agents likewise access vast quantity of data from US Internet companies.

NSA ‘Alliances With Over 80 Major Global Corporations’
Heads of these companies have vociferously denied that the NSA has direct access to their data. But it would seem that, outside of the Prism program, dozens of companies have willingly worked together with the US intelligence agency.

According to the documents seen by SPIEGEL, a particularly valuable partner is a company which is active in the US and has access to information that crisscrosses America. At the same time, this company, by virtue of its contacts, offers “unique access to other telecoms and (Internet service providers).” The company is “aggressively involved in shaping traffic to run signals of interest past our monitors,” according to a secret NSA document. The cooperation has existed since 1985, the documents say.

Apparently, it’s not an isolated case, either. A further document clearly demonstrates the compliance of a number of different companies. There are “alliances with over 80 major global corporations supporting both missions,” according to a paper that is marked top secret. In NSA jargon, “both missions” refers to defending networks in the US, on the one hand, and monitoring networks abroad, on the other. The companies involved include telecommunications firms, producers of network infrastructure, software companies and security firms.

Such cooperation is an extremely delicate issue for the companies involved. Many have promised their customers data confidentiality in their terms and conditions. Furthermore, they are obliged to follow the laws of the countries in which they do business. As such, their cooperation deals with the NSA are top secret. Even in internal NSA documents, they are only referred to using code names.

“There has long been a very close and very secret relationship between a number of telecoms and the NSA,” Bamford, the expert on the NSA, told Die Zeit. “Every time it gets discovered it stops for a while and then starts up again.”

The importance of this rather peculiar form of public-private partnership was recently made clear by General Alexander, the NSA chief. At a technology symposium in a Washington, DC, suburb in May, he said that industry and government must work closely together. “As great as we have it up there, we cannot do it without your help,” he said. “You know, we can’t do our mission without the great help of all the great people here.” If one believes the documents, several experts were sitting in the audience from companies that had reached a cooperation deal with the NSA.

In the coming weeks, details relating to the collaboration between Germany’s BND and the NSA will be the focus of a parliamentary investigative committee in Berlin responsible for monitoring the intelligence services. The German government has sent letters to the US requesting additional information. The questions that need to be addressed are serious. Can a sovereign state tolerate a situation in which half a billion pieces of data are stolen on its territory each month from a foreign country? And can this be done especially when this country has identified the sovereign state as a “3rd party foreign partner” and, as such, one that can be spied on at any time, as has now become clear?

So far, the German government has made nothing more than polite inquiries. But facts that have now come to light will certainly increase pressure on Chancellor Angela Merkel and her government. Elections, after all, are only three months away, and Germans — as Merkel well knows — are particularly sensitive when it comes to data privacy.

The NSA’s Library of Babel

In a story written by the blind writer Jorge Luis Borges, the Library of Babel is introduced as perhaps the most secretive of all labyrinths: a universe full of bookshelves connected by a spiral staircase that has no beginning and no end. Those inside wander through the library looking for the book of books. They grow old inside without ever finding it.

If an actual building could really approach this imaginary library, it is the structure currently being erected in the Utah mountains near the city of Bluffdale. There, on Redwood Road, stands a sign with black letters on a white background next to a freshly paved road. Restricted area, no access, it reads. In Defense Department documents, form No. 1391, page 134, the buildings behind the sign are given the project No. 21078. It refers to the Utah Data Center, four huge warehouses full of servers costing a total of €1.2 billion ($1.56 billion).

Built by a total of 11,000 workers, the facility is to serve as a storage center for everything that is captured in the US data dragnet. It has a capacity that will soon have to be measured in yottabytes, which is 1 trillion terabytes or a quadrillion gigabytes. Standard external hard drives sold in stores have a capacity of about 1 terabyte. Fifteen such hard drives could store the entire contents of the Library of Congress.

The man who first made information about the Utah center public, and who likely knows the most about the NSA, is James Bamford. He says: “The NSA is the largest, most expensive and most powerful intelligence agency in the world.”

Since the 9/11 terror attacks, the NSA’s workforce has steadily grown and its budget has constantly increased. SPIEGEL was able to see confidential figures relating to the NSA that come from Snowden’s documents, though the statistics are from 2006. In that year, 15,986 members of the military and 19,335 civilians worked for the NSA, which had an annual budget of $6.115 billion. These numbers and more recent statistics are officially confidential.

In other words, there is a good reason why NSA head Keith Alexander is called “Emporer Alexander.” “Keith gets whatever he wants,” says Bamford.

Still, Bamford doesn’t believe that the NSA completely fulfills the mission it has been tasked with. “I’ve seen no indications that NSA’s vastly expanded surveillance has prevented any terrorist activities,” he says. There is, however, one thing that the NSA managed to predict with perfect accuracy: where the greatest danger to its secrecy lies. In internal documents, the agency identifies terrorists and hackers as being particularly threatening. Even more dangerous, however, the documents say, is if an insider decides to blow the whistle.

An insider like Edward Joseph Snowden.

07/01/2013 11:11 AM
By Laura Poitras, Marcel Rosenbach, Fidelius Schmid, Holger Stark and Jonathan Stock

Find this story at 1 July 2013

© SPIEGEL ONLINE 2013

NSA Accused of Spying on EU; President of the European Parliament demands “Full Clarification” From the U.S.

BRUSSELS—Senior European politicians demanded explanations from Washington of allegations that the National Security Agency spied on European Union institutions, risking a corrosion of trust as the EU and U.S. embark on negotiations over a free-trade accord.

The German weekly magazine Der Spiegel reported over the weekend that the U.S. placed listening devices in EU offices in Washington, infiltrated computers there and electronically spied on EU bodies elsewhere. It cited secret documents obtained by former NSA contractor Edward Snowden as the basis for its report.

Reuters

A former NSA base in Germany. A German politician criticized allegations the U.S. spied on European officials.

The allegations come at a sensitive time. The EU in June gave the go-ahead for the start of trade negotiations with the U.S., which are likely to start soon. Though the talks are expected to take at least two years, the European Parliament, where many lawmakers are highly sensitive to privacy issues, will need to approve any accord.

“Partners do not spy on each other,” EU Justice Commissioner Viviane Reding said at a public forum in Luxembourg. “We cannot negotiate over a big trans-Atlantic market if there is the slightest doubt that our partners are carrying out spying activities on the offices of our negotiators. The American authorities should eliminate any such doubt swiftly.”

Snowden on the Run

U.S. authorities sought to catch Edward Snowden before he reached his next goal: political asylum in Ecuador.

French Foreign Minister Laurent Fabius said his country had formally requested clarification from Washington. “These facts, if confirmed, would be absolutely unacceptable,” he said.

Germany’s Justice Ministry also called for the U.S. to clarify the matter, and for European Commission President José Manuel Barroso to act. “If the media reports are true, it’s reminiscent of the approaches of enemies during the Cold War. It’s beyond any stretch of the imagination that our friends in the U.S.A. see the Europeans as enemies,” German Justice Minister Sabine Leutheusser-Schnarrenberger said in a statement.

“Comprehensive spying by the Americans on Europeans cannot be allowed,” she said, adding that it is unlikely the U.S. could justify bugging European diplomacy offices as part of the global fight on terrorism.

The European External Action Service, the foreign policy arm of the EU whose premises were an alleged target of U.S. surveillance, said the issue “is clearly a matter of concern.” It said the U.S. authorities “have told us they are checking on the accuracy of the information…and will come back to us as soon as possible.”

The U.S. Office of the Director of National Intelligence said the U.S. is responding to the European Union privately about the allegations.

The U. S. “will respond appropriately to the European Union through our diplomatic channels,” the office said. “We will also discuss these issues bilaterally with EU member states.”

The office’s statement didn’t address the specific allegations but said, “We have made clear that the United States gathers foreign intelligence of the type gathered by all nations.”

In a separate report Sunday, the Guardian newspaper in Britain said an NSA document lists 38 embassies and missions as “targets” for the agency’s spying, among them the French, Italian and Greek embassies. The article cited information leaked by Mr. Snowden as it source.

The allegations are the latest to emerge in U.S. and European media about surveillance activities by the U.S. and its closest allies based on Mr. Snowden’s disclosures. Mr. Snowden is at a Moscow airport, arriving there from Hong Kong in a bid to travel to Ecuador, where he has applied for political asylum.

The lead author of Der Spiegel’s report was Laura Poitras, an American documentary filmmaker who created a video interview with Mr. Snowden, distributed online, in which he described why he released information from some of the NSA documents.

Ms. Poitras also was co-author of an article in the Washington Post, based on Mr. Snowden’s leaks, about an NSA program to gain access to U.S. Internet companies’ computers in an effort to track online activities of foreigners suspected in terrorist activity.

Julian Assange, founder of the antisecrecy site WikiLeaks, said Sunday there would be no halting future disclosures from Mr. Snowden. “Look, there is no stopping the publishing process at this stage. Great care has been taken to make sure that Mr. Snowden can’t be pressured by any state to stop the publication process,” he said in an interview with the ABC network from the Ecuadorean embassy in London, where he is seeking refuge.

According to intelligence specialists, the activities alleged in Der Spiegel’s report are similar to previously reported spying efforts among friendly countries. While allies have no intention of attacking one another, they seek information on decision-making within each other’s governments, and as a way to tell whether those governments might be spying on them.

The NSA raised concerns in 2006 about the merger of French-owned phone-equipment company Alcatel with U.S.-based Lucent because U.S. officials feared the deal would provide the French extraordinary access to U.S. telecommunications systems.

The NSA raised similar issues more recently over Chinese telecom-gear company Huawei Technologies’ efforts to expand in the U.S.

The president of the European Parliament, Martin Schulz, said in a statement he was “deeply worried and shocked about the allegations of U.S. authorities spying on EU offices.”

The statement added: “If the allegations prove to be true, it would be an extremely serious matter which will have a severe impact on EU-U.S. relations…on behalf of the European Parliament, I demand full clarification and require further information speedily from the U.S. authorities with regard to these allegations.”

A spokesman for the German Foreign Ministry declined to comment on the allegations.

According to Der Spiegel, an NSA document dated September 2010 showed that the Washington embassy of the European Union was bugged and its computer network infiltrated. Similar measures were taken at the European mission to the United Nations in New York. The document described the Europeans as “targets.”

In addition, the U.S. bugged EU conversations in Brussels, spying on theJustus Lipsius building, headquarters of the Council of the European Union, according to the report.

The magazine reported that the NSA saves information on about a half billion phone or Internet connections from Germany every year through its “Boundless Informant” program.

Only a few countries labeled as close friends by the NSA are largely exempt from its monitoring: the U.K., Australia, Canada and New Zealand, the magazine said. An additional 30 countries are classified as “third party,” with an internal NSA presentation saying the agency is able to intercept signals from these countries and often does, Der Spiegel reported.

The controversy over the new allegations is reminiscent of the furor ignited in Europe in 2000 by disclosures about the NSA’s so-called Echelon project, which included commercial organizations among its alleged targets, prompting an investigation and report from the European Parliament.

The report drew a distinction between spying for national-security reasons and for commercial advantage, saying the latter could breach EU law.

European lawmakers have also expressed disquiet about the sharing of European financial data with U.S. authorities.

The reports about the NSA’s alleged activities already have prompted Ms. Reding, the EU justice commissioner, to organize, together with U.S. Attorney General Eric Holder, a panel of experts to find out how much data about Europeans was shared.
—Stacy Meichtry in Paris and Siobhan Gorman in Washington contributed to this article.

Write to Stephen Fidler at stephen.fidler@wsj.com, Frances Robinson at frances.robinson@dowjones.com and Laura Stevens at laura.stevens@wsj.com

A version of this article appeared July 1, 2013, on page A4 in the U.S. edition of The Wall Street Journal, with the headline: Officials Slam Alleged NSA Spying on the EU.

Updated June 30, 2013, 7:26 p.m. ET
By STEPHEN FIDLER, FRANCES ROBINSON and LAURA STEVENS

Find this story at 30 June 2013

Copyright 2012 Dow Jones & Company, Inc.

New NSA leaks show how US is bugging its European allies

Exclusive: Edward Snowden papers reveal 38 targets including EU, France and Italy

Berlin accuses Washington of cold war tactics

One of the bugging methods mentioned is codenamed Dropmire, which according to a 2007 document is ‘implanted on the Cryptofax at the EU embassy, DC’. Photograph: Guardian

US intelligence services are spying on the European Union mission in New York and its embassy in Washington, according to the latest top secret US National Security Agency documents leaked by the whistleblower Edward Snowden.

One document lists 38 embassies and missions, describing them as “targets”. It details an extraordinary range of spying methods used against each target, from bugs implanted in electronic communications gear to taps into cables to the collection of transmissions with specialised antennae.

Along with traditional ideological adversaries and sensitive Middle Eastern countries, the list of targets includes the EU missions and the French, Italian and Greek embassies, as well as a number of other American allies, including Japan, Mexico, South Korea, India and Turkey. The list in the September 2010 document does not mention the UK, Germany or other western European states.

One of the bugging methods mentioned is codenamed Dropmire, which, according to a 2007 document, is “implanted on the Cryptofax at the EU embassy, DC” – an apparent reference to a bug placed in a commercially available encrypted fax machine used at the mission. The NSA documents note the machine is used to send cables back to foreign affairs ministries in European capitals.

The documents suggest the aim of the bugging exercise against the EU embassy in central Washington is to gather inside knowledge of policy disagreements on global issues and other rifts between member states.

The new revelations come at a time when there is already considerable anger across the EU over earlier evidence provided by Snowden of NSA eavesdropping on America’s European allies.

Germany’s justice minister, Sabine Leutheusser-Schnarrenberger, demanded an explanation from Washington, saying that if confirmed, US behaviour “was reminiscent of the actions of enemies during the cold war”.

The German magazine Der Spiegel reported at the weekend that some of the bugging operations in Brussels targeting the EU’s Justus Lipsius building – a venue for summit and ministerial meetings in the Belgian capital – were directed from within Nato headquarters nearby.

The US intelligence service codename for the bugging operation targeting the EU mission at the United Nations is “Perdido”. Among the documents leaked by Snowden is a floor plan of the mission in midtown Manhattan. The methods used against the mission include the collection of data transmitted by implants, or bugs, placed inside electronic devices, and another covert operation that appears to provide a copy of everything on a targeted computer’s hard drive.

The eavesdropping on the EU delegation to the US, on K Street in Washington, involved three different operations targeted on the embassy’s 90 staff. Two were electronic implants and one involved the use of antennas to collect transmissions.

Although the latest documents are part of an NSA haul leaked by Snowden, it is not clear in each case whether the surveillance was being exclusively done by the NSA – which is most probable as the embassies and missions are technically overseas – or by the FBI or the CIA, or a combination of them. The 2010 document describes the operation as “close access domestic collection”.

The operation against the French mission to the UN had the covername “Blackfoot” and the one against its embassy in Washington was “Wabash”. The Italian embassy in Washington was known to the NSA as both “Bruneau” and “Hemlock”.

The eavesdropping of the Greek UN mission was known as “Powell” and the operation against its embassy was referred to as “Klondyke”.

Snowden, the 30-year-old former NSA contractor and computer analyst whose leaks have ignited a global row over the extent of US and UK electronic surveillance, fled from his secret bolthole in Hong Kong a week ago. His plan seems to have been to travel to Ecuador via Moscow, but he is in limbo at Moscow airport after his US passport was cancelled, and without any official travel documents issued from any other country.

Ewen MacAskill in Rio de Janeiro and Julian Borger
The Guardian, Sunday 30 June 2013 21.28 BST

Find this story at 30 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

NSA-Spähprogramm in Deutschland; Dame, König, As, Spion

Europa und Deutschland sind Hauptziele der Überwachung durch den US-Geheimdienst NSA. Millionen von Daten werden hierzulande von Obamas Spionen gesammelt. Doch Angela Merkels Regierung wirkt erstaunlich passiv. Warum?

Berlin – Als Sabine Leutheusser-Schnarrenberger kürzlich am Brandenburger Tor der Rede von Barack Obama lauschte, sah man sie in bester Stimmung. Sie winkte mit einem US-Fähnchen, die Worte des Präsidenten zu Freiheit und Gerechtigkeit gefielen der Liberalen sehr.

Knapp zwei Wochen später ist von der guten Stimmung der Ministerin nichts mehr übrig. Selten hat man sie so verärgert vernommen wie an diesem Sonntag. “Es sprengt jede Vorstellung, dass unsere Freunde in den USA die Europäer als Feinde ansehen”, sagt sie. Sie fühle sich “an das Vorgehen unter Feinden während des Kalten Krieges” erinnert.

Anlass des Aufschreis der Justizministerin ist ein SPIEGEL-Bericht, der unter Berufung auf Dokumente des Whistleblowers Edward Snowden neue Details der Spähprogramme des US-Geheimdiensts NSA offenlegt. Ob Wanzen in EU-Vertretungen, Lauschangriffe auf Brüsseler Behörden oder das flächendeckende Abschöpfen deutscher Telekommunikationsdaten – der Geheimdienst scheint vor nichts zurückzuschrecken.

Unter Parlamentariern macht sich Entsetzen über das Ausmaß der Spähattacken aus Übersee breit. Als “Riesenskandal” bezeichnet der Präsident des Europaparlaments, Martin Schulz (SPD), die Vorwürfe. Von einer “unvorstellbar umfassenden Spionageaktion” spricht Grünen-Fraktionschefin Renate Künast, von einer “ernsthaften Erschütterung des Vertrauensverhältnisses” der FDP-Innenexperte Jimmy Schulz.

Innenminister Friedrich im Wartemodus

Kritik gibt es aber nicht nur an der Regierung in Washington. Auch das Agieren der Kanzlerin rückt plötzlich in den Fokus. Angela Merkel müsse “den Sachverhalt schnellstens klären”, fordert ihr Herausforderer Peer Steinbrück. Wenn die Kanzlerin nun noch immer behaupte, das Thema gehöre in bilaterale und geheime Gespräche, “dann gibt sie sich der Lächerlichkeit preis”, sagt Künast.

Es ist Wahlkampf, klar. Aber über die Kritik kann sich die Bundesregierung kaum beschweren. Mit Ausnahme der Justizministerin macht Merkels Mannschaft nicht den Eindruck, als habe das Thema oberste Priorität.

Vom CSU-Bundesinnenminister ist seit dem Auffliegen des ersten Spähprogramms vor einigen Wochen kaum etwas zu hören. Hans-Peter Friedrich hat kürzlich ein paar Fragen über den Atlantik geschickt und befindet sich seitdem im Wartemodus. Die Kanzlerin besprach das Thema mit dem US-Präsidenten bei dessen Besuch in Berlin. Aber viel mehr als ein paar mahnende Worte, bei modernen Überwachungstechniken stets die Verhältnismäßigkeit im Blick zu haben, sprang dabei nicht heraus.

Es ist – gerade in der Sicherheitspolitik – nicht ganz einfach, auf Konfrontation mit den USA zu gehen, deutsche Behörden haben zuletzt immer wieder von den Informationen ihrer amerikanischen Partner profitiert. Aber angesichts der neuen Enthüllungen stellt sich die Frage, wie viel Zurückhaltung sich die Bundesregierung eigentlich leisten kann.

Wie Verwanzungen und flächendeckende Lauschangriffe in Partnerländern noch mit Terrorabwehr rechtfertigt werden sollen, erscheint fraglich. Wenn von einem ausländischen Nachrichtendienst derart systematisch die Privatsphäre der Bürger unterlaufen wird, sind ein paar offene Worte sicher nicht zu viel erwartet. Manche sind man da weiter. Frankreichs Außenminister Laurent Fabius drängte die USA am Sonntag zu einer Stellungnahme, die Brüsseler Kommission ebenso, auch der Generalbundesanwalt schaltete sich in die Spähaffäre ein.

Wie lässt sich Druck auf die USA ausüben?

Fragen gibt es genug. Kann es wirklich sein, dass deutsche Dienste von der großflächigen Vorratsdatenspeicherung nichts wussten, wo doch gerade im Sicherheitsbereich zwischen Berlin und Washington ein reger Austausch herrscht? Werden deutsche Bürger aktuell überwacht, und welche Bereiche der Kommunikation sind betroffen? Und was tut die Bundesregierung eigentlich konkret, um das Recht auf informationelle Selbstbestimmung der Bürger hierzulande gegen Angriffe von außen zu schützen?

Die Zurückhaltung von Merkel und Co. macht inzwischen auch die eigenen Reihen ungeduldig. Als die Bundesregierung im Parlamentarischen Kontrollgremium kürzlich über die Details der US-Überwachung in Deutschland Bericht erstatten sollte, konnten dem Vernehmen nach dazu weder Friedrichs Staatssekretär etwas sagen noch Merkels Geheimdienstkoordinator. Man warte noch auf Antworten aus Washington, hieß es. Auch unter Abgeordneten von Union und FDP machte sich daraufhin Ärger breit. Bis Mitte August soll die Bundesregierung jetzt ihre Hausaufgaben nachholen. Dann tagt das geheime Gremium erneut.

Schon jetzt wünscht sich mancher aber, dass die Koalition mehr Druck auf die Amerikaner ausübt. Besonders im EU-Parlament gibt es dazu einen Strauß an Überlegungen. Die einen denken darüber nach, Whistleblower Snowden einen Preis zu verleihen. Die anderen wollen die Abkommen zur Übermittlung von Bank- und Fluggastdaten aufkündigen. Und dann ist da noch die Idee, die seit einiger Zeit laufenden Verhandlungen für eine gemeinsame Freihandelszone zwischen Brüssel und Washington zu überdenken.

Auch in der Union gibt es dafür Sympathien – wohlwissend, dass es sich dabei um ein Lieblingsprojekt der Kanzlerin handelt. “Wie soll man”, fragt Elmar Brok, Chef des Auswärtigen Ausschusses für Auswärtige Angelegenheiten des Europaparlaments, “noch verhandeln, wenn man Angst haben muss, dass die eigene Verhandlungsposition vorab abgehört wird?”

30. Juni 2013, 18:53 Uhr
Von Veit Medick

Find this story at 30 June 2013

© SPIEGEL ONLINE 2013

Snowden case not the first embarrassment for Booz Allen, or D.C. contracting industry

When allegations of improper contracting behavior hit Booz Allen Hamilton, the national security consulting firm in McLean bounced back stronger than ever.

In 2008, a Booz Allen employee at MacDill Air Force Base in Florida was granted the highest-level “top secret” security clearance even though he had been convicted a few months earlier of lying to government officials in order to sneak a South African woman he had met on the Internet into the country.

Last year, the Air Force temporarily suspended the San Antonio division of the company from future contracts because it had obtained and distributed confidential Pentagon bidding data for its own competitive advantage. In 2006, the Justice Department said the company overbilled travel expenses, and the agency initially recommended that Booz Allen be barred from federal contracting.

Those incidents had little or no impact on Booz Allen’s success in recent years or on its ability to compete for federal contracts, which last year provided 99 percent of the company’s $5.8 billion in revenue.

Booz Allen now faces a greater test: Lawmakers and other officials are asking whether the company should be held to account for Edward Snowden, a former employee who had obtained national security documents and leaked them to the news media while at the firm.

But if the past is a guide, the government is not likely to scale back its reliance on Booz Allen or other large contractors soon, industry officials and policymakers agree. Although intelligence agency reliance on outside firms has declined some in recent years, the latest available estimates still show that about 70 percent of the U.S. intelligence budget is spent on contractors. And big, well-established companies continue to have outsize influence.

That is particularly true for Booz Allen, one of the most powerful firms within the government’s defense and national security structure. Nearly half of the company’s 24,500 workers have top-secret clearance.

The company also has deep connections within the defense and intelligence communities, including James R. Clapper Jr., a former Booz Allen executive who is the director of national intelligence, and R. James Woolsey, a former CIA director who was a senior vice president at the firm until 2008.

The man now heading Booz Allen’s intelligence operations, retired Vice Adm. John Michael McConnell, was the head of the National Security Agency in the mid-1990s and was appointed in 2007 by President George W. Bush to lead the government’s newly established Office of the Director of National Intelligence, which was set up to coordinate domestic and foreign intelligence gathering.

Those relationships and the sheer volume of work Booz Allen does for the federal government may have given the firm and others like it leverage when they face disciplinary actions, watchdog groups say.

The Project on Government Oversight testified in June that since 2000, there have been tens of thousands of suspension and debarment actions levied against companies and individuals. But its chief counsel said the number of large name-brand contractors, such as Booz Allen, that have been sanctioned can be counted on two hands.

“The government’s reliance on large contractors is often difficult to overcome,” said Scott Amey, general counsel to the nonprofit watchdog group, which maintains a contractor misconduct database. “Therefore, large contractors are in a powerful position to avoid suspension or debarment actions.”

There is no indication that Booz Allen faced penalties when its employee at MacDill received top-secret clearance despite his criminal record. The travel-overbilling case was settled with the payment of a fine.

Only the case concerning the San Antonio office resulted in an actual suspension. That action, taken by the Air Force, did not affect ongoing work and lasted two months.

The company declined comment on the past cases. But a spokesman, James Fisher, said, “Booz Allen is proud of our reputation for the highest ethical standards, built over nearly 100 years of service to our government and commercial clients.”

As the Snowden story continued to generate front-page news, Booz Allen chief executive Ralph Shrader predicted that his company would overcome the bad publicity from the Snowden leaks.

In remarks to employees at a “town hall” meeting late last month, Shrader said, “I think the important thing to understand is we cannot and will not let Snowden define us.”

“You define us. The work we do for our clients defines us, not the occasional aberrant in our midst,” he added. “There is nothing here for us to hang our heads about. We are a fine, fine firm. We stand on the list of Fortune’s Most Admired Companies. I plan to be on the list year after year.”

Past complaints

The disclosures by Snowden represent one of the most grievous breaches of security in the history of the super-secret NSA. Snowden, 30, who worked for just three months at Booz Allen, managed to obtain top-secret documents detailing broad government surveillance of telephone records and Internet traffic.

Little is known about how Snowden, a former security guard without a college degree, was able to get top-secret clearance and position himself at Booz Allen to obtain national security secrets.

“My position with Booz Allen Hamilton granted me access to lists of machines all over the world the NSA hacked,” he told the South China Morning Post on June 12. “That is why I accepted that position about three months ago.”

Booz Allen has accepted responsibility for past complaints of wrongdoing but continued to win contracts.

In 2006, the Justice Department proposed barring the company, along with four other major consultants, from participating in contracts for having received rebates from airlines, credit card companies and hotel chains while billing the government for the full undiscounted cost of the travel. The government dropped its lawsuits against the firms after they agreed to monetary settlements, with Booz Allen submitting nearly $3.4 million to the Treasury.

A few years later, the company received unwanted attention in a federal court prosecution of the MacDill employee working as a “counter threat analyst” at U.S. Central Command’s Joint Intelligence Operation Center in Tampa.

The employee, Scott Allan Bennett, had received one of the highest-level security clearances available in late 2008, even though a few months earlier he had been convicted of making “willful false and misleading representations” to the U.S. government.

The case, raised in Senate correspondence last week by Sen. Bill Nelson (D-Fla.), concerned an effort Bennett made on behalf of a South African woman he had met on the Internet who wanted to visit the United States. According to court documents, Bennett sought to get her a visa by falsely claiming that she would be working with the White House and the State Department while in the United States. He was sentenced to three years of probation.

In 2010, Bennett was arrested again after appearing intoxicated at the gate to MacDill Air Force Base, home to U.S. Central Command. He was subsequently charged and convicted on weapons charges and charges of making additional false statements to the government.

At the trial in Tampa, U.S. District Court Judge Virginia M. Hernandez Covington asked how Bennett could receive a top-secret clearance after his conviction. The U.S. attorney’s office in Florida was unable to answer the question, according to news reports.

The judge’s concern was echoed in a letter written by Nelson to the Senate Intelligence Committee Chair Dianne Feinstein (D-Calif.) in June. “Serious quality-control questions have been raised here,” Nelson wrote, asking that the committee investigate such cases. “We may need legislation to limit or prevent certain contractors from handling highly classified and technical data.”

Now in prison at the Schuylkill Federal Correctional Institution in Minersville, Pa., Bennett could not be reached for comment. His Washington attorney, Jeffrey O’Toole, declined to comment.

In 2012, the Air Force proposed barring the San Antonio office of Booz Allen from bidding on future contracts. The division had hired a Pentagon official who brought with him on his first day of work “non-public information,” which he shared with the company to help it win an information technology contract.

The Air Force lifted a temporary suspension on Booz Allen in April 2012 when the firm agreed to implement ethics and other reforms and pay $65,000. At the time, Booz Allen issued a statement saying that the company “accepts responsibility for that incident and related matters and agrees to implement firm-wide enhancements to its ethics and compliance program.”

Although the 2006 and 2012 requests for barring the company from bidding for certain contracts surprised those who follow intelligence contracting, those cases did not seem to damage the firm’s overall reputation.

“The company did have a few instances of misconduct,” said Steven Aftergood, who follows intelligence contracting for the Federation of American Scientists. “But that number is not terribly surprising for a company of that size.”

Yet the problems, in particular those raised by Snowden and other employees with improper access to confidential materials, suggests a broader systemic problem, Aftergood said.

“The current situation didn’t come about by accident,” he said. “It is the product of economic and political incentives that favor it. Those incentives continue to exist, so there is a serious question about how much it is going to change.”

Future of contracting

Booz Allen is hardly the only company touched by allegations of mishandled government contracts. In 2011, 1,094 individual and corporate contractors were suspended or barred by the departments of Defense and Homeland Security alone, according the latest available federal data. There were probably more, but transgressions by firms that contract intelligence work are not released publicly by the federal government.

Michael Birmingham, a spokesman for the Office of the Director of National Intelligence, said the intelligence community has lessened its reliance on private-sector contractors.

In 2008, about 27 percent of intelligence-community security clearances had been granted to private-sector workers, he said. Today, that number has declined to about 18 percent.Overall, as of late 2012, 4.9 million people have been granted security clearances, about one-fifth of them work in the private sector, according to data made public by the Office of the Director of National Intelligence.

But the growth in contracting in defense and homeland security work continues. That has been fueled by several factors — ongoing public worry about terrorism, antipathy toward big government and an evolution in Washington’s revolving-door culture that provides extraordinary rewards to top government officials who go private, experts say.

Yet even outsourcing’s most vocal skeptics agree contractors are here to stay, despite what they contend are illusory savings.

“Curbing the use of contractors would be difficult or impossible,” said Chuck Alsup, a retired Army intelligence officer and vice president of the Intelligence and National Security Alliance, an Arlington County-based association of private companies and individual experts. “It would be, frankly, unwise.”

By Tom Hamburger and Robert O’Harrow Jr., Published: July 8
Alice Crites contributed to this report.

Find this story at 8 July 2013

© The Washington Post Company

Company allegedly misled government about security clearance checks

Federal investigators have told lawmakers they have evidence that USIS, the contractor that screened Edward Snowden for his top-secret clearance, repeatedly misled the government about the thoroughness of its background checks, according to people familiar with the matter.

The alleged transgressions are so serious that a federal watchdog indicated he plans to recommend that the Office of Personnel Management, which oversees most background checks, end ties with USIS unless it can show it is performing responsibly, the people said.

Cutting off USIS could present a major logistical quagmire for the nation’s already-jammed security clearance process. The federal government relies heavily on contractors to approve workers for some of its most sensitive jobs in defense and intelligence. Falls Church-based USIS is the largest single private provider for government background checks.

The inspector general of OPM, working with the Justice Department, is examining whether USIS failed to meet a contractual obligation that it would conduct reviews of all background checks the company performed on behalf of government agencies, the people familiar with the matter said, speaking on the condition of anonymity because the investigation has not yet been resolved.

After conducting an initial background check of a candidate for employment, USIS was required to perform a second review to make sure no important details had been missed. From 2008 through 2011, USIS allegedly skipped this second review in up to 50 percent of the cases. But it conveyed to federal officials that these reviews had, in fact, been performed.

The shortcut made it appear that USIS was more efficient than it actually was and may have triggered incentive awards for the company, the people briefed on the matter said. Investigators, who have briefed lawmakers on the allegations, think the strategy may have originated with senior executives, the people said.

Ray Howell, director of corporate communications at USIS, declined to comment on Thursday.

In a statement last week, USIS said it received a subpoena from the inspector general of OPM in January 2012. “USIS complied with that subpoena and has cooperated fully with the government’s civil investigative efforts,” the statement said. The company would not comment on the Snowden case.

It is not known whether USIS did anything improper on its 2011 background check of Snowden, the 30-year-old who leaked documents about the inner workings of the NSA and is now the subject of a global drama. He gained access to those documents after he was cleared to work at NSA contractor Booz Allen Hamilton.

Last week, Patrick E. McFarland, the inspector general of OPM, said he has concerns about Snowden’s background check. “We do believe that there may be some problems,” he said.

The broader concerns about background checks are not limited to USIS. McFarland’s office has 47 open investigations into alleged wrongdoing by individuals in the background checks industry, according to a statement from the inspector general’s office. Separately, since 2006, the watchdog has won convictions in 18 cases in which employees claimed to have verified information that ultimately turned out to be false or not even checked.

“There is an alarmingly insufficient level of oversight of the federal investigative-services program,” McFarland said last week in congressional testimony. “A lack of independent verification of the organization that conducts these important background investigations is a clear threat to national security.”

McFarland’s office declined to comment on the details of the investigation. “We have never indicated whether the case was criminal, civil, or administrative,” a statement from the office said.

Last week, Sen. Claire McCaskill (D-Mo.) said USIS is the subject of a criminal probe as a result of a “systematic failure” to conduct background checks. She did not elaborate. A spokesperson said Thursday that the senator stands by her statement.

Sen. Jon Tester (D-Mont.), who chairs a Homeland Security subcommittee, said he plans to introduce legislation within two weeks to increase oversight of the security clearance process, including giving inspectors general more power to audit funding and other aspects of the massive effort to provide 4.9 million Americans with authorized access to classified and other sensitive government information.

“I cannot believe that this is handled in such a shoddy and cavalier manner,” Tester said in an interview Thursday. “I personally believe that if you are under criminal investigation, you should be suspended from the process until it is resolved.”

Tester added: “We have spent hundreds of billions in this country trying to keep classified information classified and to keep people from outside coming in. And what we see here is that we have a problem from the inside.”

USIS, which was spun off from the federal government in the 1990s, has become the dominant player in the background checks business. It does about 45 percent of all background checks for OPM, according to congressional staffers. USIS has 7,000 employees.

USIS has been under financial pressure in recent years because of federal cutbacks and less generous contracts from the government, according to financial analysts working at Moody’s and Standard & Poor’s. The firm’s parent company, Altegrity, is owned by Providence Equity Partners, a private equity firm. USIS has two main competitors, KeyPoint Government Solutions and CACI.

By Tom Hamburger and Zachary A. Goldfarb, Published: June 28

Find this story at 28 June 2013

© The Washington Post Company

Anti-War Activists Targeted as ‘Domestic Terrorists’; Shocking new revelations come as activists prepare to sue the U.S. military for unlawful spying

Anti-war activists who were infiltrated and spied on by the military for years have now been placed on the domestic terrorist list, they announced Monday. The shocking revelation comes as the activists prepare to sue the U.S. military for unlawful spying.

“The fact that a peaceful activist such as myself is on this domestic terrorist list should be cause for concern for other people in the US,” declared Brendan Maslauskas Dunn, plaintiff in the lawsuit. “We’ve seen an increase in the buildup of a mass surveillance state under the Obama and Bush Administrations.”

The discovery is the latest development in a stunning saga that exposes vast post-9/11 spying networks in which military, police, and federal agencies appear to be in cahoots.

Documents declassified in 2009 reveal that military informant John Towery, going by the name ‘John Jacob,’ spent over two years infiltrating and spying on Olympia, Washington anti-war and social justice groups, including Port Militarization Resistance, Students for a Democratic Society, the Industrial Workers of the World, and Iraq Veterans Against the War.

Towery admitted to the spying and revealed that he shared information with not only the military, but also the police and federal agencies. He claimed that he was not the only spy.

The activists, who blast the snooping as a violation of their First and Fourth Amendment rights, levied a lawsuit against the military in 2009.

“The spying resulted in plaintiffs and others being targeted for repeated harassment, preemptive and false arrest, excessive use of force, and malicious prosecution,” reads a statement by the plaintiffs.

The Obama Administration attempted to throw out the litigation, but in December 2012 the 9th Circuit Court ruled that the case could continue.

When the plaintiffs were preparing their deposition for the courts two weeks ago, they were shocked to discover that several Olympia anti-war activists were listed on the domestic terrorist list, including at least two plaintiffs in the case.

The revelations prompted them to amend their lawsuit to include charges that the nonviolent activists were unlawfully targeted as domestic terrorists.

“The breadth and intensity of the spying by U.S. Army officials and other law enforcement agents is staggering,” said Larry Hildes, National Lawyers Guild attorney who filed the lawsuit in 2009. “If nonviolent protest is now labeled and treated as terrorism, then democracy and the First Amendment are in critical danger.”

Plaintiffs say this case takes on a new revelevance as vast NSA dragnet spying sparks widespread outrage.

“I think that there is a huge potential for the case to set precedent,” declared plaintiff Julianne Panagacos. “This could have a big impact on how the U.S. military and police are able to work together.”

She added, “I am hopeful we will win.”

Published on Monday, June 24, 2013 by Common Dreams
– Sarah Lazare, staff writer

Find this story at 24 June 2013

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License

Revealed: The Story Behind the “NATO 3” Domestic Terrorism Arrests

(Image: Jared Rodriguez / Truthout)Accused of domestic terrorism in the course of the Chicago NATO summit,
Brian Church, Brent Betterly and Jared Chase were arguably victims of police entrapment and the use of “Red Squad” tactics the Chicago police were formerly enjoined from employing.

When local and federal police conducted a no-knock, midnight search warrant raid in May 2012 at an apartment in Chicago’s Bridgeport neighborhood, it looked at first like a failed mission.

Yes, police seized a group of 11 political activists in Chicago to protest an international summit of the North Atlantic Treaty Organization (NATO). But most of the arrestees were released without charge, and rumors soon began to swirl.

Police chained protesters to benches for 18 hours, one television station reported. Chicago Police Department (CPD) sources told Truthout the raid would unearth Molotov cocktails – homemade firebombs made of breakable glass bottles and gasoline. But they found beer brewing equipment instead.

“If anybody would like some,” one Bridgeport tenant told Truthout, “I would like to offer them a sip of my beer.”

Then things turned.

Of the 11 Bridgeport arrestees, it turned out, two were undercover cops. And beer-brewing equipment wasn’t the only thing the authorities found.

Mo and Nadia at Woodlawn (Photo Courtesy of Occupy Chicago)

They found four dark beer bottles “containing a clear liquid” implied to be gasoline. They found a pint can containing four presumably gas-soaked cloths. They found another pint can containing four glass vials each containing saturated cotton, along with four gas-soaked pieces of cloth, an empty gas can, a black tactical vest and a black gas mask. They found a compound bow and nine arrows.

They found two knives in sheaths, two swords in sheaths, and a set of handcuffs. They found a metal throwing star (a sharp, hand-held blade). They found a PVC pipe with a black flag attached. Authorities also found a printed photo of the female undercover officer who led SWAT teams to Bridgeport in the first place.

This litany of materials, police told Truthout, belonged to three men visiting Chicago from Florida to protest the NATO Summit – and, allegedly, to set parts of the Windy City aflame.

Dubbed the “NATO 3” in media reports, they face maximum sentences of 85 years in prison apiece if convicted, under a decade-old Illinois law that had never been used before. And that was without ever carrying out an attack.

Mug shots taken of the “NATO 3” after their arrests (From Left to Right: Brian Church, Brent Betterly, Jared Chase)

Their arrests may paint a picture of what federal authorities wish they had done to stop the bombings in Boston, or the Fort Hood shootings, or any actual terrorist attack carried out by suspects who had aroused suspicion from authorities.

Unlike the Boston bombers, the NATO 3 hadn’t set off any bombs prior to their arrests. Unlike the Fort Hood shooter, they hadn’t shot anyone. They hadn’t thrown molotov cocktails. They hadn’t even pressed dummy detonators, as was the case with five Cleveland activists in a similar domestic terrorism investigation last year.

They just ran their mouths. They just talked about revolution. And they went far enough into a conspiracy to elicit major charges.

To this day, more than a year after their arrest in Bridgeport, the NATO 3 are still sitting in Chicago’s Cook County Jail, awaiting their trial, which is set to begin on September 16, one day before the two-year anniversary of the Sept. 17, 2011, launch of Occupy Wall Street.

Their case is a big one. It’s the new face of US counterterrorism investigations – a template for pre-crime arrests, performed through entrapment by police – to stop supposedly dangerous political acts before they happen.

And if the “3” are convicted in September, it could set a troubling precedent far beyond the borders of Illinois.

Who are the NATO 3?

While Occupy Wall Street helped to ramp up the possibility for major protest action in cities such as Chicago, it also brought together young activists who would’ve never met otherwise. Case in point: Chase and Betterly.

The duo met in Washington DC at an Occupy protest. They were arrested, arm in arm, in front of the White House, while protesting the National Defense Authorization Act.

It wasn’t the first arrest for either man.

Years ago, when Chase was 18 and living with his folks in Keene, N.H., he was charged with “attempt to commit an assault and reckless endangerment after allegedly pulling a knife on another man,” according to the New Hampshire Union-Leader.

A month later, Chase received more charges, this time for first-degree assault and conduct after an accident, which earned him nine months in jail.

“In that incident, Chase was found guilty of hitting a man with a car after the two had a fist fight,” said the Union-Leader article. “The victim’s impact with the car damaged the windshield, but the man was not seriously injured. . . .The conduct after an accident charge was added because Chase drove off after striking the man.”

He spent six months in jail. He had trouble with drugs when he got out. He violated his probation three times and then eventually moved to Boston, where he stayed for years and worked as a cook at a P.F. Chang’s.

A photo from Jared Chase’s Facebook

Late last year, Chase left his life in Boston. A drifter, he headed to Rhode Island briefly and then to Washington, D.C.

After Chase and Betterly were arrested outside the White House, they headed toward Oakland Park, Florida, just north of Fort Lauderdale, where Betterly’s from, before heading to Miami.

Chase was arrested again as part of a group during Occupy Miami before heading off to Chicago. That group was found with bolt cutters, a baseball bat and a sledgehammer, but they were not charged.

The Miami New Times described Betterly, “with his good looks and dreadlocks,” as “a hippie who attended rainbow gatherings.” He had a criminal record in Florida, but nothing violent: Last September, he and a friend were drunk when they broke into a high school, did some after-hours swimming and broke a cafeteria window. Police picked them up. Betterly was released, but he still faces a pending burglary charge.

A photo from Brent Bettery’s Facebook

New Times reported that Betterly was known among those at Occupy Miami “for his creativity and commitment to fighting foreclosures,” while Chase was seen as more “enigmatic”: “The chain-smoker was a computer whiz who . . . spent days wandering around downtown and talking to homeless people.”

On March 14, 2012, Occupy Miami was raided by police, and Chase was there when it happened. It was depicted on Chase’s Facebook page, in fact, underneath a picture of a SWAT team outside an apartment complex housing members of Occupy Miami.

Church (aka “Sum Wun”) joked – ominously with the benefit of hindsight – that the raid was the result of a “terrorist meeting.”

Occupy’s Open Door for Infiltration: Enter “Mo” and “Nadia”

When it comes to protecting itself from prosecution, one of the Occupy movement’s truest merits – the inclusion of “the 99 percent” and acceptance of anyone willing to lend a hand – is also its fatal flaw.

CPD undercover officers began their investigation in February 2012 as part of a temporary 90-day assignment to monitor NATO protests. Undercover officers soon entered Occupy Chicago posing as activists and did so with ease.

Occupy Chicago organizer Matthew McLoughlin explained the hectic nature of preparations in the months leading up to the NATO Summit protests.

“Every day of the week . . . we had an action going on. So we were making sure that went off without a hitch,” he told us. “And then we had out-of-towners pouring in, so we had to take care of that

“We weren’t really prepared” to deal with undercover police officers, he continued.

That’s how two undercover officers, going by the names “Mo” and “Nadia,” would soon become the NATO 3’s downfall.

In early March, an undercover officer – a big man, a little over 6 feet tall, bearded and dark-featured, in his mid-30s with broad shoulders, wearing jeans, a black hoodie and a black winter cap – was first spotted by central organizers of the NATO Summit protests at a planning meeting.

He went by “Mo.”

A photo of “Mo,” the pseudonym for the undercover informant agent responsible for the entrapment-created arrests of the “NATO 3” and now two others taken by an activist and submitted to the National Lawyer’s Guild Chicago. (Photo Courtesy: National Lawyers Guild)

During small group introductions, Mo said he became an activist because he had been laid off from a job. “Shit blew up,” he said, and Occupy Chicago started. No further explanation was needed.

Mo would show up at a public Occupy event later in March with a woman who would always be by his side: a young woman who went by “Nadia Youkhana.”

Nadia was tall, with tanned skin. Some Occupy sources told Truthout she claimed to be Syrian. Many activists said she was charming and bubbly. They were attracted to her seeming genuine excitement to get involved with activism. If “Mo” was the brawn of the two-person team, “Nadia” was the brains.

Photo of “Nadia” released by Occupy Chicago

Nadia showed up alongside Mo at an Occupy General Assembly – a completely open meeting for anyone new to the movement – to introduce themselves, saying they were cousins. She talked with an Occupy Chicago organizer who oversaw a number of list-serves and who generally passed information about meetings to anyone who needed it.

Nadia seemingly saw this organizer as un-dangerous and useful; she kept in touch with him to monitor when various meetings were taking place and rallies were being planned, as well as to get email addresses of everyone involved in Occupy Chicago.

Mo and Nadia were on a 90-day temporary duty undercover assignment as part of CPD Field Intelligence Team 7150 (FIT 7150). The team was tasked with “attend[ing] Occupy Chicago and anarchist movement events for the purpose of observing and listening to reports of any planned criminal activity” in the run-up to the NATO Summit, according to pre-trial court documents.

Truthout visited the apartments of both Mo and Gloves, but both denied comment.

Woodlawn

The Woodlawn Mental Health Clinic on Chicago’s south side was one of six city-operated facilities scheduled for closure in April 2012. Occupy Chicago activists planned to protest on a daily basis.

Occupy Chicago activists link arms to form a human chain outside the occupied Woodlawn Clinic on the night of Thursday, April 12 2012. (Photo: Marcus Demery / Flickr)

At one of these protests in early April, 23 were arrested. Mo and Nadia thought a second protest – and an inevitable series of arrests – might cause some protesters to plan something violent, according to sources.

So when 10 protesters were arrested on April 23, Mo and Nadia were there.

“At the time, I couldn’t figure out why we were under such close surveillance this particular night,” recalled Rachel Unterman, press liaison for Occupy Chicago. “I thought they were overreacting to a few tents and a handful of expected arrests. Now I know that they had undercover officers in the field, which raised the stakes.”

The 10 spent the night in a Cook County Jail facility together. Some of them found “Mo” and “Nadia” to be a bit odd.

“When she walked into the police van was the first time I had ever seen her,” Christina Pillsbury told Truthout, a University of Chicago student who was arrested with Nadia that day. “It didn’t really make sense because I had seen everyone else arrested with me that day before, but I didn’t really have time to think about it at the time, either.”

Pillsbury recalls her being “really funny” and “really liking her at first.” Nadia also told Pillsbury and her fellow arrested activists “really intense stories about her sister’s mental illness.”

But she also recalls Nadia trying to rile up her and the other women arrested that day in jail. Pillsbury says Nadia started to “freak out” when the police were giving her stuff back to her and they only gave her one of her two cell phones – in hindsight, the two phones being another telltale sign that something was off, she noted.

“It seemed as if she was trying to get us in the whole ‘fuck the police’ mentality, but she was barking up the wrong tree,” noted Pillsbury. “We didn’t even do anything violent to be in jail in the first place; we just stood our ground across the street from Woodlawn in an act of nonviolent civil disobedience.”

Mo had told a story paralleling Nadia’s at Woodlawn Clinic prayer vigil earlier that day, shared by Mental Health Clinic activist Matt Ginsberg-Jaeckle. Mo said he had a “cousin struggling with mental health issues” and that was why he felt strongly about the events unfolding at Woodlawn, compelling him to take part in them.

Mo also played the violence game. While in lockup, he approached one of the arrested activists. “What’s our next step?” he asked Ginsberg-Jaeckle. “We need to step this up a notch.”

Another Woodlawn activist, James Arentz, locked up with Mo, recalled him saying he was once arrested for “violence,” as if to gauge if his compatriots in jail were also interested in participating in illegal violent acts.

Arentz said he showed little interest in taking this route, and it was a route he had never gone down before as a veteran, middle-aged activist and father. Mo soon lost interest in him after a round of intrusive questioning.

Roger Shuy, an emeritus professor of linguistics at Georgetown University, refers to tactics utilized in jail by Mo and Nadia as the “hit-and-run” strategy for undercover cops.

“If the target does not say anything that seems to point to his guilt, many undercover operators begin to ‘drop in’ hints about illegality, sometimes clear and sometimes not,” he writes in his book Creating Language Crimes: How Law Enforcement Uses (and Misuses) Language. “It is commonplace that when they drop these hints into the conversation and are unsure how their targets might react, they often quickly change the subject to something benign before they give up their turn.”

May Day, May Day

If anyone at the Chicago NATO Summit was going to “step this up a notch,” it was Jared Chase, Brent Betterly and Brian Church – the NATO 3.

In south Florida, Betterly and Church – court records reveal – made plans over Facebook, in private messages, to visit Chicago for NATO. That was April 19, the date the “conspiracy to commit an act of domestic terrorism” began, according to Illinois state prosecutors.

In those messages, Church said he wanted to “get on the front lines” of the protests. Betterly agreed, writing that the Chicago NATO “protests are gonna get ugly.” During that same interaction, Betterly asked if Chase would also make the trip to Chicago.

On April 24, Betterly discussed molotov cocktails with a female acquaintance on Facebook after asking that acquaintance to come to Chicago and then typing, “riot!!” Betterly responded: “u cant apologize after throwing a molotov cocktail.” Betterly wrote that he might “catch some charges” in Chicago.

Official accounts suggest the “NATO 3” domestic terrorism plot began on May 1, known by leftist activists as “May Day.” Chase, Betterly and Church were part of the “black bloc” for a large march planned for that day.

Betterly in blue jeans and blonde hair with bandana over his face, Chase on far right in all black and black bandana over face (Photo Courtesy of Occupy Chicago)

Black bloc is a protest tactic in which activists dress in all black, often wearing bandanas, ski masks and other clothing to conceal their faces and identities and to appear as one group in solidarity. On May Day, Nadia and Mo were there, posing as members of the bloc.

Photo obtained from video of May Day rally shot by member of Occupy Chicago. “Nadia” in white shoes, Church in red bandana, Chase to his right and Betterly to far right.

Occupy sources said Nadia was pushing for militant violence within the black bloc, which can be seen on a YouTube video, as well.

Church in red bandana, Nadia in white shoes and Mo to the right with anarchist black flag (Photo Courtesy of Occupy Chicago)

Later that night, Church told “Mo” and “Nadia” that he wanted to find “targets” for the NATO Summit. Occupy sources said Nadia actively attempted to provoke violence that night, asking people if they wanted to go out into the streets and light dumpsters on fire. That never panned out.

On May 2, Church met up with Mo and Nadia in Chicago’s financial district. According to court records, “Church immediately told the undercover officers to remove the batteries from their [cellphones] so that the conversations could not be subject to government eavesdropping.”

Church had come there with an assault vest he told Mo and Nadia he would like to fill with foam for more cushioning. On that day, he also allegedly asked Mo and Nadia where he could purchase a filter from an Army Plus store (aka a gas mask) and where he could buy three assault rifles, plus a long rifle.

Mo and Nadia said Church told them, “If a cop is going to be pointing an AR at me, I’ll be pointing one back at them.” He also said he wanted to make smoke bombs to throw during the NATO Summit and that he owned a bow and arrow that could shatter a window.

Church allegedly formulated a grand plan that day with Mo and Nadia to attack four police districts and destroy as many police vehicles as possible. He’d do the latter by bringing together groups to destroy police vehicles days before the NATO Summit. Church also said he wanted to “hit” a Chase Bank and shoot an arrow through Mayor Emanuel’s window.

“If everything goes according to plans, I am leaving right after NATO,” he allegedly told Mo and Nadia during this meeting. “The city doesn’t know what it’s in for, and after NATO, the city will never be the same,” he reportedly told Mo and Nadia.

On May 4, Brian Church and Jared Chase met with Mo and Nadia at a park in Chicago’s Bridgeport neighborhood. At this meeting, according CPD search warrant documents, they discussed destroying police vehicles parked in police parking lots during the NATO Summit to damage and disrupt their response to protesters.

Two days later, Mo and Nadia met with Chase and Church again to discuss using sling shots to destroy the windows of President Obama’s campaign headquarters. Church allegedly asked the two undercover officers where he could go to buy metal pipes to break windows.

On May 8, Mo and Nadia were invited into the Bridgeport apartment for the very first time.

While there, CPD search warrant documents allege, Brian Church invited them into a bedroom and showed them a bow and arrow with 10 arrows, two metal swords, one silver Chinese throwing star, two knives with brass knuckle handles, a black gas mask, knee/shin pads and arm pads. He also told Mo and Nadia he had a homemade mortar.

Chase allegedly asked the two undercover officers where he could buy cocaine or heroin.

On May 14, the use of molotov cocktails during the NATO Summit was first mentioned by Church to Mo and Nadia. According to CPD search warrant documents, Church also said at the May 14 meeting that he had built a mortar gun with PVC pipe and a piece of wood and that he had filled the mortar gun with bottle rockets, further noting that it was operational.

Church also told Mo and Nadia that they seemed like two “anarchists in a pod,” and he would like for them to travel with him to other states during his activist journey. Church allegedly offered them the opportunity to travel with him if they were willing to shoot a rifle, point it, and shoot someone with it.

On May 16, the day of the raid, Mo and Nadia met the “NATO 3” for a protest and convened at the Bridgeport apartment later that night, according to CPD search warrant documents.

Once inside, they discussed how to make and then constructed four molotov cocktails for use at the NATO Summit. Mo and Jared left for BP to buy the gasoline for the molotovs, the last necessary ingredient for the cocktails.

Truthout has obtained the video of Jared Chase purchasing the gasoline from the BP Station, published here from multiple angles for the first time.

“Church handed one of the officers a knife and advised him to cut a bandana in strips for use as fuses for the molotov cocktails,” a Feb. 15, 2013, court document states. “Betterly cautioned that gasoline should not be poured directly on the cloth; the cloth should be soaked in the bottles. Chase poured the gasoline into the bottles and then turned the bottles over so the strips could be soaked.”

While making the cocktails, Church allegedly asked Nadia if she were “ready to see a police officer on fire.” That’s when the police decided to act. That night, officers from the CPD and the FBI raided the Bridgeport apartment.

Nowhere in the search warrant – or in any of the hundreds of pages of discovery documents later made public – does the prosecution mention one pivotal point: Two aggressive undercover cops helped along – and possibly even incited – the plot.

Mapping the Chicago Activist Community’s “Human Terrain”

It should go without saying that the NATO 3 are not being represented by high-priced attorneys. They are, however, being represented at no charge by attorneys at the People’s Law Office of Chicago (PLO), which specializes in high-profile civil rights cases involving law enforcement.

On April 30, the office filed court papers arguing that under a recent consent decree – an agreement dissolved in 2009 that limited undercover police activities by the City’s notorious Red Squad, a unit that spied on the political and social activities of Chicagoans during the 1950s and 1960s – CPD’s undercover operation in the NATO 3 case would have been illegal.

“At its heart, the consent decree prohibited precisely the type of undercover activities that CPD engaged in here,” PLO argued. “[It] appears to be the broadest foray into undercover activities implicating the First Amendment.”

PLO also argued that the spying and entrapment attempts were motivated by the ideology of the activists, not an imminent threat to public safety.

“The state has acknowledged a . . . broader investigation of Occupy Chicago . . . and political organizing surrounding the NATO Summit,” the PLO stated in a court motion. “This large, overarching operation began by March 2012 and was . . . based in part by political affiliations and beliefs.”

The Booz Allen Hamilton Connection

Court records also show that members of the FBI’s Chicago Regional Computer Forensic Laboratory (RCFL) may be called to testify if the case goes to trial.

A domain name search for Chicago RCFL’s web site shows that it was registered by military and intelligence contractor Booz Allen Hamilton (BAH).

BAH is a major US Central Intelligence Agency (CIA) and US National Security Agency (NSA) contractor abroad. Former CIA Director R. James Woosley once served as BAH Vice President, while Director of National Intelligence James Clapper once served as a BAH executive and current BAH Vice Chairman John “Mike” McConnell held Clapper’s position under former President George W. Bush.

Edward Snowden – the NSA whistleblower who revealed classified NSA spy program to The Guardian and The Washington Post – was a contractor for BAH at the time of the leak.

Michael Hayden, the former head of the NSA and CIA, as well as the deputy director of National Intelligence has referred to BAH as a “Digital Blackwater,” a reference to Blackwater USA – now known as Academi – the “world’s most powerful mercenary army.”

“[BAH] is one of the NSA’s most important and trusted contractors. It’s involved in virtually every aspect of intelligence and surveillance,” writes investigative journalist Tim Shorrock in a recent article. “Among other secret projects, Booz was deeply involved in ‘Total Information Awareness,’ the controversial data-mining project run for the Bush administration.”

Photo Credit: Wikimedia Commons

Missed in Shorrock’s analysis: BAH also provides IT and logistical support for the Pentagon’s Human Terrain System and its Human Terrain Teams, which “map the human terrain” of communities abroad for the military and CIA.

A career New York cop, Chicago Police Department (CPD) superintendent Garry McCarthy is no stranger to the Human Terrain System.

It wasn’t long he after formally assumed the mantle of CPD superintendent in 2011 that McCarthy drew fire for having allowed a spy ring tasked to “map the human terrain” of Newark, N.J.,’s Islamic community to operate there, where he served as police chief before taking the position as CPD’s top dog.

McCarthy also served as an NYPD commander when the police set up spy rings before the 2004 Republican National Convention in New York City and during “CIA on the Hudson,” the joint NYPD/CIA project that was set up and run by former CIA Deputy Director for Operations David Cohen to “map the human terrain” of New York City’s Islamic community.

Shortcomings of “Mapping Human Terrain”

The problem with “mapping the human terrain”: It relies on overly-simplistic stereotypes. Case in point: FBI Special Agent Maureen Mazzola.

Mazzola is designated in court records as one of the people the state of Illinois may call to testify if the “NATO 3” case goes to trial. She’s also infamous for an incident based on stereotypes that unfolded before the 2008 Republican National Convention (RNC).

In a nutshell, Mazzola attempted to recruit a University of Minnesota (U of M) student in spring 2008 to join the FBI’s ranks as an informant. Conned into the meeting by U of M’s police sergeant, the student was displeased and came to the press to tell his story.

“She told me that I had the perfect ‘look,'” recalled the student after the incident. “And that I had the perfect personality – they kept saying I was friendly and personable – for what they were looking for.”

Stereotypes were the name of the game for the FBI and Mazzola, as an account in the Minneapolis/St. Paul’s City Pages said.

“What they were looking for [was] someone to show up at ‘vegan potlucks’ throughout the Twin Cities and rub shoulders with RNC protesters, schmoozing his way into their inner circles, then reporting back to the FBI’s Joint Terrorism Task Force, a partnership between multiple federal agencies and state and local law enforcement,” reads City Pages’ rare inside look into the recruitment of an informant.

The days leading up to the 2008 RNC saw the arrest of Scott DeMuth, an animal rights activist and member of the Animal Liberation Front (ALF). His charges: an “animal enterprise terrorism” plot that took place in a University of Iowa lab dating back to 2004.

This fishing expedition was lead by Mazzola and ended with DeMuth pleading guilty and serving six months in jail.

“As Special Agent Maureen Mazzola testified to on the stand in Scott’s pre-trial hearing, the FBI used the pretext of this raid as a fishing expedition, searching Scott’s room for anything linking him to ‘criminal activities’ that fell well outside of the scope of the search warrant being executed,” his support committee explained. “In this process, Mazzola came across a journal that she mistakenly believed linked him to the 2004 ALF raid at the University of Iowa.”

Court documents for that case show that Mazzola – unsurprisingly, given the backdrop – was working with an informant leading up to DeMuth’s eventual arrest. Mazzola was one of the people the US government called to testify as a witness during the DeMuth trial.

One Man’s Terrorist, Another Man’s Language Criminal

Digging deeper, there’s also the question of “Why ’terrorism’?” Why not just leave the NATO 3’s charges at the several felony counts?

PLO tackled the issue of terrorism head-on.

PLO made the legal argument in Jan. 2013 that the language in Illinois’ terrorism statute may be overly broad and unconstitutional. Judge Wilson, though, denied this constitutional challenge two months later, saying the law under which the three were charged is constitutional on its face and as applied.

It all boils down to politics, and a May 2012 Chicago Tribune story demonstrates the political nature of the charges, which were decided on at the proverbial 11th hour the night before the May 19, 2012, bail bond proffer hearing.

“[Cook County Attorney General Anita] Alvarez and seven of her prosecutors spent Friday evening analyzing the statute and weighing whether their case rose to the level of domestic terrorism,” reported the Tribune. “It was a marathon meeting with lawyers reading the statute out loud at times. Others ran in and out of the room to look up case law on other potential charges, such as conspiracy to commit arson. After four hours of debate, Alvarez polled those in the room and had a clear consensus that the terrorism statutes offered the toughest penalties and sent the strongest message.”

As an important parallel, a 2009 Neo-Nazi and right-wing terrorism threat report done by the US Dept. of Homeland Security (DHS) went unpublished and censored, showing the truly political nature of “terrorism” charges. The author of the report, a former DHS analyst, has asserted that he warned of the right-wing “terrorist” elements that fueled the 2012 attack on a Sikh temple in Wisconsin – and that his warnings were ignored.

Another example: In Boston, local police in conjunction with federal law enforcement, focused attention on the political activism of local Occupy activists at the same time they missed the actual threat posed by the Boston Marathon bombers.

Contentious political events are, in many ways, a trap set to capture those who even insinuate the wrong kind of political language – “creating language crimes” – as Shuy put it in his eponymous book.

“The persons wearing the undercover mike . . . begin their work with a distinct power advantage over those they talk with,” Shuy writes in his book. “In undercover conversations, when the targets think they are simply engaged in everyday conversations, they are less on alert and are frequently less careful about how they say things. The persons doing the taping, in contrast, have the power to decide when to tape, who to tape, when to start the taping, when to stop, and even how to slant the conversation to serve their own ends.”

Shuy refers to this as “manipulative seduction.”

“When being seduced,” Shuy adds, “the listener does not understand the hidden intent of the seducer.”

The overall message is clear: Whatever your political stripe in the United States, the authorities are watching. That’s no longer a conspiracy theory. It’s policy and now just a question of what the authorities do with that intelligence.

And that decision is by-and-large a political one.

If any case in the last decade has shown that reality, it’s the case of the NATO 3.

Their case revealed authorities watching anarchists and the Occupy movement – specifically designated as the reason for the creation of Field Intelligence Team 7150 – with an all-seeing eye.

These young men fit the stereotypical profile of what a homegrown terrorist is “supposed” to look like. They’re politically active and angry with their country’s direction, burdened with nothing to lose but their freedom, and maybe, their lives.

The CPD and state of Illinois would like you to believe that makes them dangerous – unhinged and ready to strike out and hurt people with impunity, at any moment.

But perhaps they weren’t. The burden of proof falls on the prosecutors to make the case that they were.

Steve Horn

Steve Horn is a freelance investigative journalist, and a researcher and writer at DeSmogBlog.
Matt Stroud

Matt Stroud is a contributing writer at tech website TheVerge.com, where he writes about policy and law. Follow him on Twitter@ssttrroouudd.

Friday, 21 June 2013 00:00
By Matt Stroud and Steve Horn, Truthout | Report

Find this story at 21 June 2013

© 2013 Truthout

‘NATO 3’ Near Trial: South Florida Men To Face Terrorism Charges In Chicago

After Brian Church completed a course in emergency medicine at Broward College, he told his mother he was headed to Chicago for hands-on experience he hoped would boost his chances of becoming a paramedic.

“He was very proud of the fact that he was helping set up the first-aid tents,” said Elizabeth Ennis of her son’s participation in the NATO summit protest movement.

It has been a year since Church and two others from South Florida arrived in the Windy City and were arrested in a raid of an apartment just before the May 2012 summit.

Prosecutors allege the trio — now known by a cadre of supporters as the “Nato 3” — planned to use Molotov cocktails to blow up political targets, including Chicago Mayor Rahm Emanuel’s home and President Barack Obama’s downtown re-election campaign headquarters last year.

Yet, with the terrorism trial set to begin Sept. 16, defense attorneys for the men, along with Church’s mother, are calling the charges absurd.

“The whole terrorism thing just blows my mind,” said Ennis, a physician’s assistant and former Pembroke Pines resident who now lives in Central Florida. “This is a kid who made sandwiches to hand out to the homeless.”

Church, 21, Brent Betterly, 25, of Oakland Park, and Jared Chase, 29, a New Hampshire man who had been living in Miami, each are charged in an 11-count indictment with conspiracy to commit terrorism, possession of explosives and attempted arson.

In Illinois, they remain in custody on $1.5 million bond.

Church’s lawyer, Michael Deutsch, tried to get the charges thrown out, arguing that the law passed by the Illinois Legislature in the wake of 911 and used only once before is unconstitutional and being used politically.

“This is an attempt to take the acts of young people who are talking about criminal vandalism and convert it into terrorism in order to chill all militant activity in protest,” Deutsch said.

In a March 27 ruling, County Judge Thaddeus Wilson upheld the statute, saying, “The concept of domestic terrorism is not any more remote in contemporary society than the ‘international terrorism’ U.S. citizens were exposed to in September 2001.”

Church, Betterly and Chase were active in South Florida’s Occupy movement. Betterly was a familiar face around Fort Lauderdale City Hall during a brief encampment that took place there in late 2011 and early 2012.

But when the local Occupy movement began to sputter, all three looked for action elsewhere, friends said.

“He had specifically gone up there [to Chicago] to be a participant,” Ennis said of her son. “He wanted to be part of a bigger cause. At 20 years old, we all want to be part of a bigger cause.”

In the months before he left for Chicago, Church dated Danielle Hiller, then a West Park High School senior. “He always told me he wanted to peacefully protest,” said Hiller, 19. “He never seemed violent. He was really into helping people.”

The government case relies on two informants, undercover police officers nicknamed Mo and Nadia, who infiltrated the group and recorded the men talking about the plots and making four Molotov cocktails that were recovered inside the apartment during the raid. According to prosecutors, police also found swords, a bow and arrows, a slingshot and knives.

In a filing in March, prosecutors said the three allegedly obtained or planned to obtain “other improvised explosive devices, napalm, instructions for producing a pipe bomb, instructions for making potassium nitrate, a mortar … assault rifles and a long rifle.”

The three also constructed a wooden shield with sharp metal screws protruding from its front and hid it in an alley, “where they intended to violently confront police officers” during the summit protests, the filing alleged.

Deutsch acknowledges that Molotov cocktails were found in the apartment. But, he said, they were made at the urging of the police agents.

“When [police] didn’t get them to do anything, they got them to make these Molotov cocktails, with their money and expertise, and created a crime that never would have occurred,” he said.

Ellis said she has visited her son in jail, and talks to him regularly.

“It is starting to sink in, the magnitude of this,” she said. “He wants to be a flight medic, but the FAA has revoked his student’s pilot’s license. Even if these charges get thrown out, he has fears of never getting a job as an EMT.”

Ennis said her son, who is housed apart from the general jail population in semi-isolation, spends his time reading.

“He has his good days and bad,” she said. “He tries not to let the gloom set in.”

Sun Sentinel | By Mike Clary Posted: 06/16/2013 10:11 am EDT | Updated: 06/17/2013 9:11 am EDT

Find this story at 17 June 2013

© 2013 the Sun Sentinel (Fort Lauderdale, Fla.)

NSU-Untersuchungsausschuss: “Wir haben die Arbeit der Polizei gemacht”

Bis zuletzt hatte der baden-württembergische Verfassungsschutz versucht, seinen Auftritt zu verhindern – allerdings vergeblich: Vor dem Berliner NSU-Untersuchungsausschuss sagte nun ein ehemaliger V-Mann-Führer aus, dessen Quelle ihm Vertuschung vorwirft.

Wäre der Anlass nicht so furchtbar, man hätte laut auflachen können, als Rainer Oettinger am Montag im Saal 400 des Deutschen Bundestages hinter einem improvisierten Paravent sitzt, während der Öffentlichkeit Eintritt gewährt wird. Bis zuletzt hatte das baden-württembergische Landesamt für Verfassungsschutz versucht zu verhindern, dass Oettinger öffentlich vor dem Berliner NSU-Untersuchungsausschuss befragt wird. Doch die Abgeordneten blieben hartnäckig, bestanden auf Transparenz, zu viel ist in der Causa NSU noch immer im Verborgenen.

Oettinger heißt in Wirklichkeit anders, ist 60 Jahre und seit Januar im Ruhestand. Er war Mitarbeiter des Stuttgarter Verfassungsschutzes und schöpfte laut Behörde zwischen 2007 und 2011 eine Quelle namens “Krokus” ab: Petra S., die inzwischen im irischen Nirgendwo in einem garagengroßen Häuschen lebt – nach eigener Aussage voller Angst vor gewaltbereiten Neonazis, die auf Rache sinnen. Denn Petra S. behauptet, Oettinger im Mai 2007 – kurz nach Ermordung der Polizistin Michèle Kiesewetter – Hinweise auf eine Verstrickung mehrerer Rechtsextremisten in dem Fall gegeben zu haben.

V-Frau “Krokus” selbst war weder eine Rechtsextremistin noch Mitglied in einer politischen Partei oder Organisation, sie hatte zwei Informationsquellen, die sie anzapfte: ihre Freundin, die mit einem NPD-Funktionär liiert war, und eine rechtsextremistische Friseurin, die bei der Landtagswahl 2011 für die NPD kandidierte und bei der sie alle zwei Wochen auf dem Frisierstuhl saß. Die Friseurin Nelly R. habe auch Kontakt zu Freien Kräften gehabt und Skin-Konzerte besucht. Er habe sich von “Krokus” Informationen über Veranstaltungsorte, Treffpunkte und Termine sowie die Beschaffung von Publikationen, beispielsweise vom Grabert-Verlag, erhofft, sagt Oettinger vor dem Ausschuss.

“Die geborene Quelle”

Alles in allem sei “Krokus” eine “aufgeschlossene, intelligente, verschwiegene und zuverlässige” Quelle gewesen, um nicht zu sagen: “die geborene Quelle”. Das belegen auch die Akten, die dem NSU-Untersuchungsausschuss Ende Mai geschickt wurden und die dem SPIEGEL vorliegen. Die V-Frau wurde intern stetig besser beurteilt, von Glaubwürdigkeitsstufe F bis hinauf zur zweitbesten Bewertung B.

Er habe die Informationen meist prompt “materiell umgesetzt”, wie es bei den Verfassungsschützern heiße, sagt Oettinger. Selbst solche wie den Besuch in der Wohnung der rechtextremistischen Friseurin nach dem Haareschneiden, in der sie stolz eine Hitler-Büste und andere Devotionalien präsentierte. Aber alles in allem sei “extrem wenig rübergekommen”.

Krokus selbst muss es anders gesehen haben. “Ich tue ja nicht so viel für Sie, ich würde meine Arbeit gern intensivieren”, soll sie Oettinger vorgeschlagen und ihre Dienste auch für Recherchen im Linksextremismus angeboten haben. “Sie erweiterte also ihr Repertoire?”, hakt Ausschussvorsitzender Sebastian Edathy süffisant nach. Heraus kamen Informationen wie diese im August 2008: “Linkspartei will wie die CDU für Wahlkampf T-Shirts drucken.”

V-Frau soll sich krass gewandelt haben

Als sich “Krokus” in einen vorbestraften Kriminellen verliebt habe, der als Waffennarr gilt, für die IRA gekämpft und sich früher Zypern und der Türkei als Spion angeboten haben will, habe sie allerdings einen “krassen Persönlichkeitswandel” vollzogen, sagt der ehemalige Verfassungsschützer. So sehr, dass er die Zusammenarbeit im Februar 2011 schleunigst beendet habe. “Sie war wie eine Marionette von ihm. Wir merkten, diese Frau ist nicht mehr bei Sinnen”, konstatiert Oettinger. Eine Erfahrung, die auch einige Ausschussmitglieder in den vergangenen Wochen und Monaten gemacht und “wirre Mails” bekommen haben, wie einige sagen.

Ob er ihre Meinung teile, dass es sich bei V-Frau “Krokus” um die Kategorie “Spinner” handele, fragt SPD-Ausschussmitglied Eva Högl den pensionierten V-Mann-Führer. Das könne er “voll und ganz unterschreiben”, sagt Oettinger, müsse aber sagen: Bis sie “die Inkarnation des Bösen” – nämlich den Lebensgefährten – kennengelernt und dem Verfassungsschutz gedient habe, sei sie eine “gute Quelle” gewesen.

Petra S. bleibt jedoch bei ihrer Version: Die Friseurin habe ihr im Frühjahr 2007 bei einem Salonbesuch berichtet, Rechtsextremisten würden über eine Krankenschwester den zum damaligen Zeitpunkt schwer verletzten Kollegen der getöteten Polizistin Kiesewetter ausspähen. Sie wollten demnach herausbekommen, wann er aufwache und ob er sich an etwas erinnere. Wenn dem so sei, werde unter den Rechtsextremisten überlegt, “ob etwas zu tun sei”.

“Krokus” wirft dem Geheimdienst Vertuschung vor

Die Information, sagte “Krokus” dem SPIEGEL, habe sie unmittelbar an den Verfassungsschützer Oettinger weitergegeben. Mehrere Namen bekannter Neonazis will sie dabei genannt haben. Oettinger jedoch habe sie aufgefordert, sich aus der Sache herauszuhalten, und sie eindringlich daran erinnert, dass sie eine Geheimhaltungsverpflichtung unterschrieben habe.

In den umfangreichen “Krokus”-Akten findet sich allerdings zum fraglichen Zeitpunkt kein Hinweis auf eine entsprechende Quellen-Information. Folgt man dem Dossier, wäre das auch unmöglich. Nach Aktenlage nämlich wurde “Krokus” erst von Juni oder Juli 2007 an als Quelle des Landesamts geführt – mithin zwei oder drei Monate nach dem Mordanschlag auf die beiden Polizisten. “Krokus” dagegen schwört, seit Herbst 2006 regelmäßig an Oettinger berichtet zu haben, und wirft dem Geheimdienst Vertuschung vor.

Wenn eine “Information dieser Art” an ihn herangetragen worden wäre, hätte es ihn schon damals – nicht erst mit dem Wissen heute – “elektrisiert”, sagt Oettinger. Er sei selbst Polizist gewesen, und solch ein Hinweis hätte bedeutet, dass ein Kollege gefährdet sei. “So eine Information gab es nicht einmal ansatzweise.”

“Untersuchungsausschuss hat Arbeit der Polizei gemacht”

Der Unmut der Ausschussmitglieder über das Landeskriminalamt Baden-Württemberg (LKA) war groß am Montag. “Es steht nicht Aussage gegen Aussage”, wetterte Grünen-Obmann Wolfgang Wieland nach der Zeugenvernehmung. “Frau ‘Krokus’ sagt heute hü und morgen hott, je nachdem wie eng sie mit ihrem Lebensgefährten liiert ist.”

Die Vernehmung habe leider nicht weitergeholfen, sagte SPD-Obfrau Högl. Oettinger sei ein glaubwürdiger Zeuge, man hätte sich die Zeit sparen können, wenn das LKA ihn vernommen hätte. “Der Untersuchungsausschuss hat heute die Arbeit der Polizei gemacht”, fasste es CDU-Obmann Clemens Binninger zusammen. “Nicht, weil sie nicht wollte, sondern weil sie nicht durfte!”

Ermittler des LKA hatten nicht nur versucht, das Gremium von einer Befragung abzubringen, sondern auch verlautbaren lassen, dass es aus rechtlichen Gründen nicht möglich gewesen sei, den V-Mann-Führer selbst zu vernehmen.

24. Juni 2013, 19:38 Uhr
Von Julia Jüttner und Jörg Schindler, Berlin

Find this story at 24 June 2013

© SPIEGEL ONLINE 2013

Germans intercept electronic data, too – but not much

Following public outrage about surveillance in other countries, Germans are asking how much access their own intelligence services have to private communications. Not as much as they would like, it seems.

In 2010 the German Federal Intelligence Service (BND) gathered around 37 million e-mails, text messages and other telecommunications data. According to a report by the parliamentary watchdog, around 10 million of these messages fell under the heading of “international terrorism.”

Since then, however, the number has dropped to a fraction of that amount. In 2011 the BND intercepted 2.9 million electronic messages; in 2012 this dropped again, to 900,000. The messages checked were not only those containing certain keywords: telephone numbers and IP addresses that fell under suspicion were also monitored.
The German Federal Intelligence Service is subject to strict controls

It is the BND’s job to acquire information in order to identify and ward off threats to Germany’s security. It investigates terrorist plots, the illegal arms trade, people smuggling and drug trafficking. The intelligence service has to abide by strict laws when conducting any kind of surveillance, and is subject to supervision by a special committee of the German parliament.

Michael Hartmann of the opposition Social Democrats, Gisela Piltz of the junior coalition partner, the Free Democrats, and Hans-Peter Uhl of the Bavarian sister party of the governing Christian Democrats, the Christian Social Union, are three of the 11 members of the parliamentary watchdog in the Bundestag. The three are keen to reassure the public that Germany is not turning into a “Big Brother” surveillance state.

In recent years the watchdog has been given greater authority. It is authorized to interview all secret service agents, has access to all files, and can intervene if things are not being done according to the rules.

The three members of the committee point to the dramatic decrease in the amount of telecommunications data collected since 2010 – a consequence of improvements in surveillance techniques.

Privacy protected by the constitution
Edward Snowden’s revelations led Germans to ask what their secret services were up to

Michael Hartmann admits that the BND still throws its digital net wide, but emphasizes that collection of data is neither random nor unlimited. “Messages or phone conversations are only analyzed if there is concrete suspicion of criminal activity,” he says. Hartmann insists that the BND would never spy or eavesdrop on countries that are Germany’s allies.

Hans-Peter Uhl points out that it is forbidden for the BND to tap the phones of German citizens, either at home or abroad, unless there are concrete grounds for suspicion. “Should they eavesdrop on a foreigner in conversation with a German citizen, they have to erase the conversation,” he says. This deletion process is documented, so the data protection supervisor is able to check it really was carried out.

The watchdog members highlight the fact that a court order is required before any phone tap can be instigated. They acknowledge that personal privacy is a highly-valued commodity for everyone living in Germany, and that it is enshrined as such in the constitution. Whenever there is a question of the German intelligence services being allowed to do something which might infringe on this fundamental right, control measures must be put in place by a supervisory committee, the so-called G10 Commission, which supervises all invasions of postal, telephone and Internet privacy.

According to the German parliament, in 2011 the G10 Commission authorized Germany’s three intelligence services – domestic, foreign and military – to carry out 156 such infringements, limited to a maximum of between three and six months each.

Making surveillance public

German law also states that once an operation has come to an end, the person who has been under surveillance, or the object of a wiretap, has to be informed. This can result in official complaints, which are dealt with in public proceedings. At the last count, administrative courts in Berlin and Cologne were dealing with 16 such cases.
The BND is not allowed to eavesdrop on German citizens without a special court order

“We have a list of these complaints and follow them up,” says Gisela Piltz. “I don’t have the impression that the intelligence services are in general doing things illegally.”

In the past, representatives of the intelligence services have repeatedly attempted to persuade successive governments to allow them more extensive access to Internet and telephone data. They argue that it is essential if they are to be effective in countering terrorists and criminals using modern methods.

However, many of these requests have been denied: as, for example, when they wanted to be allowed to stockpile large amounts of data for possible future use, even if there was no concrete suspicion at the time of collection. The Constitutional Court rejected the application, and a law allowing it that was briefly in effect between 2008 and 2010 had to be repealed as a result.

An EU Commission guideline would now permit Germany to store telecommunications data for up to six months. So far, however, the justice minister has refused to adopt this into German law. The EU has instigated legal proceedings. Requirements for telecommunications providers to save data for longer than six months so that they can be made available to the intelligence services have also, so far, not been implemented.

Limited effectiveness
Rolf Tophoven believes data interception is only of limited use in combating terrorism

Rolf Tophoven, director of the Institute for Crisis Prevention in Essen and an expert on terrorism, says the secret services should not rely too heavily on the technical analysis of telecommunications data. “The results that are relevant to the intelligence services are very modest compared with the mass of data in the information gathered,” he says.

The parliamentary watchdog has even put a figure on this. It reports that out of 2.5 million e-mails analyzed by the BND, only 300 contained material relevant to their investigations.

Tophoven believes that the BND needs to employ more specialists in analyzing data and assessing a situation – if possible, on the ground. “The modern terrorist is radicalized in secret. He slips under the radar of the intelligence services and their high-tech computers,” he explains, giving the perpetrators of the Boston marathon bombings as an example.

Since the recent revelations about the extent of the United States’ surveillance program, there have been fears that Germany’s intelligence services may also be spying on its citizens more than previously admitted. However, Tophoven believes this is unlikely – and not just because of strict regulation: “The Germans don’t collect data that extensively because they don’t have anything like the personnel or the technical and financial means to do so.”

Date 26.06.2013
Author Wolfgang Dick / cc
Editor Michael Lawton

Find this story at 26 June 2013

© 2013 Deutsche Welle

Privacy Problem? Road Shooter Found Via Mass Data Collection

Germans are apoplectic about the Internet spy programs Prism and Tempora. But police here this week announced the capture of a highway shooter using similar tactics. Privacy activists are concerned.

Germans are furious. Revelations that the United States and Britain — along with Canada, New Zealand and Australia, as part of the so-called “Five Eyes Alliance” — have spent recent years keeping a suffocatingly close watch on web and cellular communications have led politicians in Berlin to utter increasingly drastic condemnations. Over the weekend, for example, Justice Minister Sabine Leutheusser-Schnarrenberger referred to the British surveillance program Tempora as a “catastrophe” and said it was a “Hollywood-style nightmare.”

But is there not a time and a place for mass data collection? This, too, is a question Germany is grappling with this week after the capture of a truck driver who spent years shooting at other vehicles on the country’s autobahns. He was caught only after police set up a complicated surveillance system which was able to read the license plate numbers of tens of thousands of cars and trucks on the country’s highways.

The operation has unsettled data protection activists. But Jörg Ziercke, head of Germany’s Federal Criminal Police Office (BKA), praised the effort on Tuesday, telling journalists that “we have found the famous needle in a haystack.” He said there was “no alternative” to the intensive surveillance efforts the police used to capture the perpetrator.

The case involves a truck driver who fired at least 762 shots at cars and trucks on German highways and at buildings in a shooting spree that began in 2008. In several cases, his targets were only barely able to avoid accidents as a result of the shots. In 2009, one woman was hit in the neck with a bullet fired by the truck driver, identified on Tuesday only as a 57-year-old truck driver from North Rhine-Westphalia, but survived.

German officials said on Tuesday that the driver would be charged with attempted murder in addition to weapons related charges. Ziercke said the man had confessed soon after he was arrested over the weekend and said that he had acted “out of anger and frustration with traffic.” He said that he saw the situation on Germany’s autobahns as a kind of “war” and that he had merely been trying to defend himself.

A Police Monitoring System

Yet as unique as the case is, the methods employed by the police to solve it have attracted more attention. Initially, officers sought to attract shots themselves, driving a truck on the autobahns between Cologne, Frankfurt, Nuremberg and Karlsruhe where most of the gunfire had been reported. The police vehicle, however, was never targeted.

Plan B is the one that has raised data protection concerns. Even though Germany has a toll system which collects information on the trucks plying the country’s highways, police are forbidden access to the data collected. So they essentially constructed one of their own. On seven sections of the autobahns in question, police erected equipment that was able recognize and store the license plate numbers of vehicles that drove by. Using that data, they were able to identify vehicles that passed a certain section of highway at roughly the same time as did a target vehicle.

In April, the system hit pay-dirt. In just five days, six drivers reported being shot at. Officers were able to reconstruct the likely route taken by the perpetrator and they then looked at the license plate data collected by cameras stationed along that route. By filtering through the information gathered, they were able to identify one truck that could have been at each site where shots were reported. They were then able to match up the route with the mobile phone data of the driver. “The correspondence” between the two data sets “was clear,” Zierke said on Tuesday.

But were the methods employed by the federal police legal? Data protection officials aren’t so sure. “Even if the search for the highway shooter was successful in the end, from a data protection perspective the preliminary verdict on the methods used is rather ambivalent,” Edgar Wagner, the top data protection official for the state of Rhineland-Palatinate, said in a statement. “There is not a sufficient legal basis for such a nationwide … investigative technique.”

‘A Price to Pay’

He said that by his calculations, “60 to 80 million sets of data from completely innocent people” were gathered during the course of the investigation “to catch a single suspect. We have (long) known that such a procedure can be effective. But there is also a price to pay.”

It is a sentiment that is shared by many in Germany. The country has had plenty of experience with state overreach, with both the Nazis and the East Germans being experts at keeping close tabs on their citizenry. That history manifests itself in an extreme sensitivity to data privacy issues and the country has been particularly watchful when it comes to the use of digital data by companies such as Google and Facebook. Indeed, government officials beyond the Justice Ministry have reacted to US and British digital spying with notable vehemence.

It is perhaps not surprising then, that Wagner is not alone with his concerns. While not directly criticizing the methods used by federal police to track down the autobahn shooter, Wagner’s data-protection counterpart in North Rhine-Westphalia, Ulrich Lepper, expressed serious reservations in a Wednesday interview with the Bonn daily General-Anzeiger.

Powerful Preventative Measure

“The freedom to move around in the public space without being monitored is one of our fundamental rights,” he said. “Data protection — the right to control information about your person — means that you can decide who knows what and when … about you. These rights can only be infringed upon on the basis of a law.”

Ziercke, not surprisingly, does not share such concerns. He believes that law enforcement should have access to the data collected by the truck toll system and also argued on Tuesday that data collection could be a powerful preventative measure. “I would like to meet a data protection activist who is able to convince someone with the argument that we should not have been allowed to use that data to prevent danger,” he said. “I don’t find such arguments to be credible.”

Ziercke’s argument is notably close to that used by US President Barack Obama in defending the National Security Agency’s online spying program Prism. The data gathered is useful, Obama has repeatedly insisted this month, for the prevention of terror attacks.

Germans have largely rejected that line of argumentation. Whether their scorn will be applied closer to home remains to be seen.

06/26/2013 05:08 PM
By Charles Hawley

Find this story at 26 June 2013

© SPIEGEL ONLINE 2013

Berlin accuses Washington of cold war tactics over snooping

Reports of NSA snooping on Europe go well beyond previous revelations of electronic spying

Sabine Leutheusser-Schnarrenberger: ‘If the media reports are true, it is reminiscent of the actions of enemies during the cold war’. Photograph: Ole Spata/Corbis

Transatlantic relations plunged at the weekend as Berlin, Brussels and Paris all demanded that Washington account promptly and fully for new disclosures on the scale of the US National Security Agency’s spying on its European allies.

As further details emerged of the huge reach of US electronic snooping on Europe, Berlin accused Washington of treating it like the Soviet Union, “like a cold war enemy”.

The European commission called on the US to clarify allegations that the NSA, operating from Nato headquarters a few miles away in Brussels, had infiltrated secure telephone and computer networks at the venue for EU summits in the Belgian capital. The fresh revelations in the Guardian and allegations in the German publication Der Spiegel triggered outrage in Germany and in the European parliament and threatened to overshadow negotiations on an ambitious transatlantic free-trade pact worth hundreds of billions due to open next week.

The reports of NSA snooping on Europe – and on Germany in particular – went well beyond previous revelations of electronic spying said to be focused on identifying suspected terrorists, extremists and organised criminals.

Der Spiegel reported that it had seen documents and slides from the NSA whistleblower Edward Snowden indicating that US agencies bugged the offices of the EU in Washington and at the UN in New York. They are also accused of directing an operation from Nato headquarters in Brussels to infiltrate the telephone and email networks at the EU’s Justus Lipsius building in the Belgian capital, the venue for EU summits and home of the European council.

Citing documents it said it had “partly seen”, the magazine reported that more than five years ago security officers at the EU had noticed several missed calls apparently targeting the remote maintenance system in the building that were traced to NSA offices within the Nato compound in Brussels.

Less than three months before a German general election, the impact of the fresh disclosures is likely to be strongest in Germany which, it emerged, is by far the biggest target in Europe for the NSA’s Prism programme scanning phone and internet traffic and capturing and storing the metadata.

The documents reviewed by Der Spiegel showed that Germany was treated in the same US spying category as China, Iraq or Saudi Arabia, while the UK, Canada, Australia, and New Zealand were deemed to be allies not subject to remotely the same level of surveillance.

Germany’s justice minister, Sabine Leutheusser-Schnarrenberger, called for an explanation from the US authorities. “If the media reports are true, it is reminiscent of the actions of enemies during the cold war,” she was quoted as saying in the German newspaper Bild. “It is beyond imagination that our friends in the US view Europeans as the enemy.”

France later also asked the US for an explanation. The foreign minister, Laurent Fabius, said: “These acts, if confirmed, would be completely unacceptable.

“We expect the American authorities to answer the legitimate concerns raised by these press revelations as quickly as possible.”

Washington and Brussels are scheduled to open ambitious free-trade talks next week after years of arduous preparation. Senior officials in Brussels are worried that the talks will be setback by the NSA scandal. “Obviously we will need to see what is the impact on the trade talks,” said a senior official in Brussels.

A second senior official said the allegations would cause a furore in the European parliament and could then hamper relations with the US.

However, Robert Madelin, one of Britain’s most senior officials in the European commission, tweeted that EU trade negotiators always operated on the assumption that their communications were listened to.

A spokesman for the European commission said: “We have immediately been in contact with the US authorities in Washington and in Brussels and have confronted them with the press reports. They have told us they are checking on the accuracy of the information released yesterday and will come back to us.”

There were calls from MEPs for Herman Van Rompuy, president of the European council – who has his office in the building allegedly targeted by the US – and José Manuel Barroso, president of the European commission, to urgently appear before the chamber to explain what steps they were taking in response to the growing body of evidence of US and British electronic surveillance of Europe through the Prism and Tempora operations.

Guy Verhofstadt, the former Belgian prime minister and leader of the liberals in the European parliament, said: “This is absolutely unacceptable and must be stopped immediately. The American data-collection mania has achieved another quality by spying on EU officials and their meetings. Our trust is at stake.”

Luxembourg’s foreign minister, Jean Asselborn, told Der Spiegel: “If these reports are true, it’s disgusting.” Asselborn called for guarantees from the highest level of the US government that the snooping and spying be halted immediately.

Martin Schulz, the head of the European parliament, said: “I am deeply worried and shocked about the allegations of US authorities spying on EU offices. If the allegations prove to be true, it would be an extremely serious matter which will have a severe impact on EU-US relations.

“On behalf of the European parliament, I demand full clarification and require further information speedily from the US authorities with regard to these allegations.”

There were also calls for John Kerry, the US secretary of state on his way back from the Middle East, to make a detour to Brussels to explain US activities.

“We need to get clarifications and transparency at the highest level,” said Marietje Schaake, a Dutch liberal MEP. “Kerry should come to Brussels on his way back from the Middle East. This is essential for the transatlantic alliance.”

The documents suggesting the clandestine bugging operations were from September 2010, Der Spiegel said.

Der Spiegel quoted the Snowden documents as revealing that the US taps half a billion phone calls, emails and text messages in Germany a month. “We can attack the signals of most foreign third-class partners, and we do,” Der Spiegel quoted a passage in the NSA document as saying.

It quoted the document from 2010 as stating that “the European Union is an attack target”.

On an average day, the NSA monitored about 15m German phone connections and 10m internet datasets, rising to 60m phone connections on busy days, the report said.

Officials in Brussels said this reflected Germany’s weight in the EU and probably also entailed elements of industrial and trade espionage. “The Americans are more interested in what governments think than the European commission. And they make take the view that Germany determines European policy,” said one of the senior officials.

Jan Philipp Albrecht, a German Green party MEP and a specialist in data protection, told the Guardian the revelations were outrageous. “It’s not about political answers now, but rule of law, fundamental constitutional principles and rights of European citizens,” he said.

“We now need a debate on surveillance measures as a whole looking at underlying technical agreements. I think what we can do as European politicians now is to protect the rights of citizens and their rights to control their own personal data.”

Germany has some of the toughest data privacy laws in Europe, with the issue highly sensitive not least because of the comprehensive surveillance by the Stasi in former communist east Germany as well as the wartime experience with the Gestapo under the Nazis.

Der Spiegel noted that so far in the NSA debacle, the chancellor, Angela Merkel, had asked only “polite” questions of the Americans but that the new disclosures on the sweeping scale of the surveillance of Germany could complicate her bid for a third term in September.

Ian Traynor in Brussels
The Guardian, Sunday 30 June 2013 21.55 BST

Find this story at 30 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Anglo-Saxon Spies; German National Security Is at Stake

Overzealous data collectors in the US and Great Britain have no right to investigate German citizens. The German government must protect people from unauthorized access by foreign intelligence agencies, and it must act now. This is a matter of national security.

“Germany’s security is also being defended in the Hindu Kush, too,” Peter Struck, who was Germany’s defense minister at the time, said in 2002. If that’s true, then the government should also be expected to defend the security of its people at their own doorstep. Because the massive sniffing out and saving of data of all kinds — that of citizens and businesses, newspapers, political parties, government agencies — is in the end just that: a question of security. It is about the principles of the rule of law. And it is a matter of national security.

We live in changing times. At the beginning of last week, we thought after the announcement of the American Prism program, that US President Barack Obama was the sole boss of the largest and most extensive control system in human history. That was an error.

Since Friday, we have known that the British intelligence agency GCHQ is “worse than the United States.” Those are the words of Edward Snowden, the IT expert who uncovered the most serious surveillance scandal of all time. American and British intelligence agencies are monitoring all communication data. And what does our chancellor do? She says: “The Internet is uncharted territory for us all.”

That’s not enough. In the coming weeks, the German government needs to show that it is bound to its citizens and not to an intelligence-industrial complex that abuses our entire lives as some kind of data mine. Justice Minister Sabine Leutheusser-Schnarrenberger hit the right note when she said she was shocked by this “Hollywood-style nightmare.”

An Uncanny Alliance

We have Edward Snowden to thank for this insight into the interaction of an uncanny club, the Alliance of Five Eyes. Since World War II, the five Anglo-Saxon countries of Great Britain, the United States, Australia, New Zealand and Canada have maintained close intelligence cooperation, which apparently has gotten completely out of control.

It may be up to the Americans and the British to decide how they handle questions of freedom and the protection of their citizens from government intrusion. But they have no right to subject the citizens of other countries to their control. The shoulder-shrugging explanation by Washington and London that they have operated within the law is absurd. They are not our laws. We didn’t make them. We shouldn’t be subject to them.

The totalitarianism of the security mindset protects itself with a sentence: If you have nothing to hide, you have nothing to fear. But firstly, that contains a presumption: We have not asked the NSA and GCHQ to “protect” us. And secondly, the sentence is a stupid one: Because we all have something to hide, whether it pertains to our private lives or to our business secrets.

No Agency Should Collect So Much Data

Thus the data scandal doesn’t pertain just to our legal principles, but to our security as well. We were lucky that Edward Snowden, who revealed the spying to the entire world, is not a criminal, but an idealist. He wanted to warn the world, not blackmail it. But he could have used his information for criminal purposes, as well. His case proves that no agency in the world can guarantee the security of the data it collects — which is why no agency should collect data in such abundance in the first place.

That is the well-known paradox of totalitarian security policy. Our security is jeopardized by the very actions that are supposed to protect it.

So what should happen now? European institutions must take control of the data infrastructure and ensure its protection. The freedom of data traffic is just as important as the European freedom of exchange in goods, services and money. But above all, the practices of the Americans and British must come to an end. Immediately.

It is the responsibility of the German government to see to it that the programs of the NSA and GCHQ no longer process the data of German citizens and companies without giving them the opportunity for legal defense. A government that cannot make that assurance is failing in one of its fundamental obligations: to protect its own citizens from the grasp of foreign powers.

Germans should closely observe how Angela Merkel now behaves. And if the opposition Social Democrats and Green Party are still looking for a campaign issue, they need look no further.

06/24/2013 05:07 PM

A Commentary by Jakob Augstein

Find this story at 24 June 2013

© SPIEGEL ONLINE 2013

Schnüffelprogramm Tempora; Justizministerin schickt Brandbriefe an britische Regierung

Berlin drängt auf Antworten aus London: Justizministerin Leutheusser-Schnarrenberger hat zwei britische Kabinettsmitglieder per Brief aufgefordert, mehr Details über das Spähprogramm Tempora zu veröffentlichen. In den Schreiben übt die FDP-Politikerin indirekt Kritik an der Cameron-Regierung.

Berlin – Jetzt schaltet sich die Bundesjustizministerin ein: Sabine Leutheusser-Schnarrenberger (FDP) hat den britischen Justizminister Christopher Grayling und die britische Innenministerin Theresa May aufgefordert, mehr Informationen über das Geheimdienstprogramm Tempora offenzulegen. Am Dienstag wandte sich Leutheusser-Schnarrenberger schriftlich an die beiden Kabinettsmitglieder von Großbritanniens Premier David Cameron. Die Briefe liegen SPIEGEL ONLINE vor.

In den beiden Schreiben identischen Inhalts, die am Vormittag parallel an die Minister verschickt wurden, äußerte sich die Ministerin sehr besorgt über die jüngsten Berichte über das gigantische Spähprogramm. Der Verdacht, durch digitale Überwachungsmethoden “riesige Mengen an Daten, E-Mails, Facebook-Nachrichten und Anrufe zu sammeln, zu speichern und zu verarbeiten”, hätte in Deutschland erhebliche Bedenken ausgelöst, heißt es in den Briefen.

Leutheusser-Schnarrenberger forderte Aufklärung in folgenden Punkten:

Auf welcher Rechtsgrundlage das Spähprogramm ausgeführt worden sei,
ob auf konkreten Verdacht ausgespäht oder die Daten allgemein ohne Anlass gesammelt worden seien,
ob die Überwachungsmaßnahmen von Richtern hätten abgesegnet werden müssen,
wie die Abhöraktionen konkret funktioniert hätten, welche Daten genau gespeichert und ob deutsche Bürger betroffen seien.

Auch übte sie indirekt Kritik an der Informationspolitik der Cameron-Regierung. “Die Kontrollfunktion von Parlament und Justiz zeichnet einen freien und demokratischen Staat aus. Sie kann aber nicht ihre Wirkung entfalten, wenn Regierungen bestimmte Maßnahmen in Schweigen hüllen”, hieß es weiter.

Leutheusser-Schnarrenberger appellierte an Grayling und May, die Grundsätze der Bürgerrechte nicht aus den Augen zu verlieren und mahnte Aufklärung an. “In unserer modernen Welt bieten die neuen Medien den Rahmen für einen freien Austausch von Meinungen und Informationen. Ein transparentes Regierungshandeln ist eine der wichtigsten Voraussetzungen für das Funktionieren eines demokratischen Staates und bedingt die Rechtsstaatlichkeit”, so die Ministerin.

Die FDP-Politikerin hatte sich bereits im Zusammenhang mit dem amerikanischen Spähprogramm Prism schriftlich an ihren US-Kollegen gewandt. Sie regte zudem an, im schwarz-gelben Kabinett eine Internet-Task-Force aus den beteiligten Ministerien zu bilden.

Die Ministerin beendete ihre Schreiben mit der Forderung nach strengeren Datenschutzstandards in der EU. Das Thema müsse beim nächsten Treffen der EU-Justizminister im Juli auf die Tagesordnung, so Leutheusser-Schnarrenberger.

Am Montag hat die Bundesregierung von Großbritannien offiziell Auskunft über das massenhafte Anzapfen von Telefon- und Internetverbindungen verlangt. Dazu sandte das Innenministerium eine Reihe von Fragen an den britischen Botschafter. Zur europäischen Chefsache will Kanzlerin Angela Merkel den Fall Tempora allerdings vorerst nicht machen. Beim EU-Gipfel Ende der Woche wolle Merkel keine Debatte über das britische Spionageprogramm forcieren, hieß es zu Beginn der Woche.

25. Juni 2013, 11:40 Uhr

Find this story at 25 June 2013

© SPIEGEL ONLINE 2013

So schöpfen die Spione Ihrer Majestät deutsche Daten ab

An einem einzigen Tag soll der britische Geheimdienst GCHQ Zugriff auf 21.600 Terabyte gehabt haben – wozu, weiß nicht einmal der BND. Sicher ist nur: Die Überwacher bekommen Hilfe von großen Telekommunikationskonzernen.

Das amerikanische Außenministerium hat vor Jahren einen kleinen Flecken in Ostfriesland auf eine Liste der weltweit schützenswürdigen Einrichtungen gesetzt. Ein Angriff auf das Städtchen Norden könnte angeblich die nationale Sicherheit der USA bedrohen. Sogar der Chef des US-Geheimdienstes NSA, General Keith B. Alexander, hat vor terroristischen Attacken gewarnt.

Norden ist ein heimliches Zentrum der neuen virtuellen Welt. Das TAT-14 (Trans Atlantic Telephone Cable No 14) ist am Hilgenrieder Siel bei Norden verbuddelt. Die meisten Internetverbindungen zwischen Deutschland und Amerika laufen dort durch mehrere Glasfaserleitungen; auch Frankreich, die Niederlande, Dänemark und Großbritannien sind durch TAT-14 miteinander verbunden. Etwa 50 internationale Telekommunikationsfirmen, darunter die Deutsche Telekom, betreiben ein eigenes Konsortium für dieses Kabel.

Manchmal fließen pro Sekunde Hunderte Gigabyte an Daten durch die Leitungen. Es ist ein gigantischer Datenrausch: Millionen Telefonate und E-Mails schießen durch das Netz. Auch deshalb hat der deutsche Verfassungsschutz stets nachgeschaut, ob in Norden alles in Ordnung ist. Keine Sabotage. Keine Terroristen. Kein Problem?

Für die über die “Seekabelendstelle” Norden, wie die offizielle Bezeichnung der Einrichtung lautet, vermittelten Daten hat sich offenbar der britische Geheimdienst Government Communications Headquarters (GCHQ) brennend interessiert. Aus Unterlagen des Whistleblowers Edward Snowden jedenfalls soll hervorgehen, dass die Briten im Rahmen der Operation “Tempora” die Daten abgegriffen haben. Es soll sich um unzählige Daten handeln, die aus Deutschland kamen oder nach Deutschland geschickt wurden.

Das ist nicht der Cyberkrieg, vor dem die amerikanische NSA immer gewarnt hat, sondern ein heimlicher umfassender Big-Data-Angriff auf die Bevölkerung eines befreundeten Landes. Die alte Formel: “Freund hört mit” umfasst das Problem nicht mal ungefähr. Großbritanniens Geheimdienst hat einen Lauschangriff auf Deutschland gestartet.

Die Menge der abgefangenen Daten ist noch Spekulation, und unklar ist auch, wo der Angriff genau erfolgt sein soll. Sicher nicht in Norden, das früher durch sein Seeheilbad bekannt wurde. Das würde sich kein Nachrichtendienstler trauen. Schon gar nicht in freundlicher Absicht.

Wahrscheinlich erfolgte der Angriff in dem kleinen Küstenstädtchen Bude im Südwesten Englands, das 858 Kilometer Luftlinie von Norden entfernt liegt. Dort macht das Kabel Zwischenstation – das Ende der Strecke ist New Jersey.

Dass ein britischer Geheimdienst auf diese Weise und so umfassend E-Mails deutscher Bürger abfängt oder Telefonate abhört, war vor Snowdens Enthüllungen für undenkbar gehalten worden. Der Bundesnachrichtendienst erklärt seit Tagen, dass er von den Aktivitäten der Amerikaner oder der Briten nichts wusste und selbst nur Zeitungswissen habe. Das klingt glaubhaft. Die beiden befreundeten Nationen, heißt es in Berlin, hätten offenbar ihr eigenes nationales Sicherheitsprogramm gefahren.

So viel Sicherheit war sicherlich nur mithilfe von Kommunikationsgesellschaften möglich. Angeblich sollen die beiden britischen Unternehmen Vodafone und British Telecommunications (BT) den Geheimen behilflich gewesen sein.

Jeder Eingriff, das erklärt eine Telekom-Sprecherin, müsste von dem internationalen Konsortium genehmigt werden, aber eine solche Genehmigung liegt nicht vor. Ein Sprecher der britischen Vodafone erklärte auf Anfrage, dass sich das Unternehmen an die Gesetze in den jeweiligen Ländern halte und Angelegenheiten, die mit der nationalen Sicherheit zusammenhingen, nicht kommentiere. Diese Formel klingt in diesen Tagen sehr vertraut.

Rechtsgrundlage für die Aktion “Tempora” ist ein sehr weit gefasstes Gesetz aus dem Jahr 2000. Danach kann die Kommunikation mit dem Ausland abgefangen und gespeichert werden. Die privaten Betreiber der Datenkabel, die beim Abhören mitmachen, sind zum Stillschweigen verpflichtet.

Nordengate macht klar, wie unterschiedlich Gesetze und Regeln in dieser Welt angewandt werden, es symbolisiert aber auch den Wandel der Geheimdienstarbeit. Ganz früher haben Nachrichtendienste Telefonate über relativ simple Horchposten abgehört. Glasfaserleitungen stellten die Dienste vor neue Herausforderungen. Telefonate werden seitdem in optische Signale umgewandelt. Da die Leitungen vor allem am Meeresboden verlaufen, gerieten Nachrichtendienste für kurze Zeit an ihre Grenzen.

Bereits um die Jahrtausendwende berichteten amerikanische Blätter, dass die NSA mithilfe von U-Booten an die Daten gelangen wollte. So wurde das Atom-U-Boot Jimmy Carter umgerüstet, um Glasfaserkabel aufzuschlitzen und dann abzuhören. Vorher hatten die Dienste auf anderem Weg regelmäßig Seekabel angezapft. Bei früheren Kupferkabeln reichte ein Induktions-Mikrofon, um die Gespräche abzugreifen. Glasfaserkabel hingegen müssen gebogen werden, um die optisch vermittelten Signale auslesen zu können. Am verwundbarsten sind die Kabel freilich an Land.

Was die Briten mit den vielen deutschen Daten machen und gemacht haben, erschließt sich selbst dem BND nicht so ganz. An einem einzigen Tag soll der britische Geheimdienst insgesamt Zugriff auf 21.600 Terabyte gehabt haben. Dank Snowden ist bekannt, dass die abgefangenen Inhalte drei Tage vorgehalten wurden und Benutzerdaten 30 Tage. In der Zwischenzeit wurden die Daten mit speziellen Programmen gefiltert. Selbst dem Briten George Orwell wäre ein solches Überwachungsprogramm im Leben nicht eingefallen.

25. Juni 2013 05:10 Großbritanniens Abhördienst GCHQ
Von John Goetz, Hans Leyendecker und Frederik Obermaier

Find this story at 25 June 2013

Copyright: Süddeutsche Zeitung Digitale Medien GmbH / Süddeutsche Zeitung GmbH

Elusive Snowden Could Cause New Hitch in U.S.-Russia Ties

Ecuador’s flag flying above its coat of arms at the country’s embassy in Moscow on Monday. Snowden is seeking asylum in the South American nation.

Journalists flocked to Moscow’s Sheremetyevo Airport on Monday to board a flight to Cuba that supposedly would also contain fugitive Edward Snowden, who is attempting to escape arrest by U.S. authorities for revealing highly classified surveillance programs.

According to a widely distributed statement by an unidentified Aeroflot employee, Snowden should have been on flight SU150 direct to Havana leaving Moscow on Monday afternoon. The Aeroflot employee even said which seat he was to occupy, 17A.

But reporters, whose news organizations shelled out about $2,000 per ticket to get them on board at the last minute, found no Snowden anywhere on board — increasing suspicions that Russia could be helping to stymie U.S. efforts to catch him amid a low point in bilateral relations.

After Snowden supposedly arrived at Sheremetyevo from Hong Kong on Sunday, Washington pressured Moscow to detain him, apparently to no avail. Russian officials said that given poor ties between the countries, which have split in recent months over issues including the civil war in Syria and the U.S. Magnitsky Act, they are in no rush to help their former Cold War foes.

“Ties are in a rather complicated phase, and when ties are in such a phase, when one country undertakes hostile action against another, why should the United States expect restraint and understanding from Russia?” Alexei Pushkov, the head of the State Duma’s International Affairs Committee, repeated Reuters.

A former technical contractor with the U.S. National Security Agency, Snowden is reportedly seeking to travel to Ecuador, which is considering his asylum request. His current whereabouts are unknown.

Ecuador has already equipped Snowden with refugee papers that could allow him safe passage to his destination, according to WikiLeaks founder Julian Assange, whose organization has assisted Snowden. The U.S. government said earlier that Snowden’s American passport had been revoked.

Assange told the Guardian on Monday that he was aware of Snowden’s whereabouts but that he was unable to reveal them due to “bellicose threats coming from the U.S. administration.”

U.S. Secretary of State John Kerry, speaking on Monday at a news conference in New Delhi, implored Russia to assist in efforts to apprehend Snowden, recalling that over the last two years, the U.S. had extradited seven prisoners requested by Russia. “Reciprocity and the enforcement of the law is pretty important,” he said.

“I suppose there is no small irony here. I mean, I wonder if Mr. Snowden chose China and Russia’s assistance in his flight from justice because they are such powerful bastions of Internet freedom, and I wonder if while he was in either of those countries he raised the question of Internet freedom, since that seems to be what he champions,” Kerry said.

The cooperation described by Kerry is a drop in the bucket compared to the disputes between the countries, however.

Following some successes during a “reset” in ties kicked off in 2009 at the behest of U.S. President Barack Obama, relations took a sharp downward turn with the return of Vladimir Putin to the Kremlin last year.

Under Putin, the Russian government has undertaken what critics call a harsh crackdown on the opposition and on civil society, including kicking out the U.S. Agency for International Development, while the U.S. last year passed the Magnitsky Act, which imposes economic and travel restrictions on Russian officials implicated in human rights abuses. Russia retaliated by outlawing U.S. adoptions of Russian orphans.

More recently, the two nations have argued bitterly over what tack to take in seeking a solution to the civil war in Syria, with Russia backing President Bashar Assad and the U.S. supporting the rebels.

Now, the fate of Snowden, a 30-year-old former employee of a U.S. security contractor whose exposure of government phone and Internet surveillance has provoked public outrage, is becoming another point of contention.

According to Andrei Soldatov, a leading expert in Russia’s security agencies, the Russian government itself has an extensive system to monitor almost any kind of communication between its citizens.

Pushkov said Russia had no obligation to help the U.S. in this situation, given the recently passed Magnitsky Act. It was unclear whether Russian authorities had had contact with Snowden — Putin’s spokesman said Monday that the Kremlin was unaware of any such contact — but it seemed unlikely that the government could be unaware of Snowden’s whereabouts if he had entered Russia.

“All these flights carried out by Aeroflot via Moscow, as though there is no other route, are emblematic of Russia’s involvement in the process,” said Valery Garbuzov, deputy director of the Institute for U.S. and Canadian Studies in Moscow.

Ecuador’s foreign minister also said his government was in “respectful” contact with Russia over Snowden’s asylum application.

Nonetheless, Washington appears to be holding out hope for assistance from Moscow.

Caitlin Hayden, a spokeswoman for the U.S. National Security Council, mentioned “intensified cooperation after the Boston marathon bombings and our history of working with Russia on law enforcement matters” as grounds for Russia “to look at all options available to expel Mr. Snowden back to the U.S. to face justice for the crimes with which he is charged.”

25 June 2013 | Issue 5154
By Ivan Nechepurenko

Nikolay Asmolovskiy / Reuters

Find this story at 25 June 2013

© Copyright 1992-2013. The Moscow Times

The Strange Case of Barrett Brown

In early 2010, journalist and satirist Barrett Brown was working on a book on political pundits, when the hacktivist collective Anonymous caught his attention. He soon began writing about its activities and potential. In a defense [2] of the group’s anti-censorship operations in Australia published on February 10, Brown declared, “I am now certain that this phenomenon is among the most important and under-reported social developments to have occurred in decades, and that the development in question promises to threaten the institution of the nation-state and perhaps even someday replace it as the world’s most fundamental and relevant method of human organization.”

By then, Brown was already considered by his fans to be the Hunter S. Thompson of his generation. In point of fact he wasn’t like Hunter S. Thompson, but was more of a throwback—a sharp-witted, irreverent journalist and satirist in the mold of Ambrose Bierce or Dorothy Parker. His acid tongue was on display in his co-authored 2007 book, Flock of Dodos: Behind Modern Creationism, Intelligent Design and the Easter Bunny, in which he declared: “This will not be a polite book. Politeness is wasted on the dishonest, who will always take advantage of any well-intended concession.”

But it wasn’t Brown’s acid tongue so much as his love of minutia (and ability to organize and explain minutia) that would ultimately land him in trouble. Abandoning his book on pundits in favor of a book on Anonymous, he could not have known that delving into the territory of hackers and leaks would ultimately lead to his facing the prospect of spending the rest of his life in prison. In light of the bombshell revelations published by Glenn Greenwald and Barton Gellman about government and corporate spying, Brown’s case is a good—and underreported—reminder of the considerable risk faced by reporters who report on leaks.

In February 2011, a year after Brown penned his defense of Anonymous, and against the background of its actions during the Arab Spring, Aaron Barr, CEO of the private intelligence company HBGary, claimed to have identified the leadership of the hacktivist colletive. (In fact he only had screen names of a few members). Barr’s boasting provoked a brutal hack of HBGary by a related group called Internet Feds (it would soon change its name to “LulzSec”). Splashy enough to attract the attention of The Colbert Report [3], the hack defaced and destroyed servers and websites belonging to HBGary. Some 70,000 company emails were downloaded and posted online. As a final insult to injury, even the contents of Aaron Barr’s iPad were remotely wiped.

The HBGary hack may have been designed to humiliate the company, but it had the collateral effect of dropping a gold mine of information into Brown’s lap. One of the first things he discovered was a plan to neutralize Glenn Greenwald’s defense of Wikileaks by undermining them both. (“Without the support of people like Glenn, wikileaks would fold,” read one slide.) The plan called for “disinformation,” exploiting strife within the organization and fomenting external rivalries—“creating messages around actions to sabotage or discredit the opposing organization,” as well as a plan to submit fake documents and then call out the error.” Greenwald, it was argued, “if pushed,” would “choose professional preservation over cause.”

Other plans targeted social organizations and advocacy groups. Separate from the plan to target Greenwald and WikiLeaks, HBGary was part of a consortia that submitted a proposal to develop a “persona management [4]” system for the United States Air Force, that would allow one user to control multiple online identities for commenting in social media spaces, thus giving the appearance of grassroots support or opposition to certain policies.

The data dump from the HBGary hack was so vast that no one person could sort through it alone. So Brown decided to crowdsource the effort. He created a wiki page, called it ProjectPM [5], and invited other investigative journalists to join in. Under Brown’s leadership, the initiative began to slowly untangle a web of connections between the US government, corporations, lobbyists, and a shadowy group of private military and information security consultants.

One connection was between Bank of America and the Chamber of Commerce. WikiLeaks had claimed to possess a large cache of documents belonging to Bank of America. Concerned about this, Bank of America approached the United States Department of Justice. The DOJ directed it to the law and lobbying firm Hunton and Williams [6], which does legal work for Wells Fargo and General Dynamics and also lobbies for Koch Industries, Americans for Affordable Climate Policy, Gas Processors Association, Entergy among many other firms. The DoJ recommended that Bank of America hire Hunton and Williams, explicitly suggesting Richard Wyatt [7] as the person to work with. Wyatt, famously, was the lead attorney in the Chamber of Commerce’s lawsuit against the Yes Men.

In November 2010, Hunton and Williams organized a number of private intelligence, technology development and security contractors—HBGary, plus Palantir Technologies, Berico Technologies, and, according to Brown, a secretive corporation with the ominous name Endgame Systems—to form “Team Themis” —‘themis’ being a Greek word meaning “divine law.” Its main objective was to discredit critics of the Chamber of Commerce, like Chamber Watch [8] using such tactics as creating a “false document, perhaps highlighting periodical financial information,” giving it to a progressive group opposing the Chamber, and then subsequently exposing the document as a fake to “prove that US Chamber Watch cannot be trusted with information and/or tell the truth.” In addition, the group proposed creating a “fake insider persona” to infiltrate Chamber Watch. They would “create two fake insider personas, using one as leverage to discredit the other while confirming the legitimacy of the second.” The leaked emails showed that similar disinformation campaigns were being planned against WikiLeaks and Glenn Greenwald.

It was clear to Brown that these were actions of questionable legality, but beyond that, government contractors were attempting to undermine Americans’ free speech—with the apparent blessing of the DOJ. A group of Democratic Congressmen asked for an investigation [9] into this arrangement, to no avail.

By June 2011, the plot had thickened further. The FBI had the goods on the leader of LulzSec, one Hector Xavier Monsegur, who went under the nom de guerre Sabu. The FBI arrested him on June 7, 2011 and (according to court documents) turned him into an informant the following day. Just three days before his arrest, Sabu had been central to the formation of a new group called AntiSec, which comprised his former LulzSec crew members, as well as members as Anonymous. In early December AntiSec hacked the website of a private security company called Stratfor Global Intelligence. On Christmas Eve, it released a trove of some five million internal compnay emails. AntiSec member and Chicago activist Jeremy Hammond [10], has pled guilty to the attack and is currently facing ten years in prison for it.

The contents of the Stratfor leak were even more outrageous than those of the HBGary hack. They included discussion of opportunities for renditions and assassinations. For example, in one video, Statfor’s Vice President of Intelligence, Fred Burton, suggested taking advantage of the chaos in Libya to render Lockerbie bomber Abdelbaset al-Megrahi, who had been released from prison on compassionate grounds due to his terminal illness. Burton said that the case “was personal.” When someone pointed out in an email that such a move would almost certainly be illegal—“This man has already been tried, found guilty, sentenced…and served time”—another Stratfor employee responded that this was just an argument for a more efficient solution: “One more reason to just bugzap him with a hellfire. :-)”

(Stratfor employees also seemed to take a keen interest in Jeremy Scahill’s writings about Blackwater in The Nation, copying and circulating entire articles, with comments suggesting a principle interest was in the question of whether Blackwater was setting up a competing intelligence operation. Emails also showed grudging respect for Scahill: “Like or dislike Scahill’s position (or what comes of his work), he does an amazing job outing [Blackwater].”)

When the contents of the Stratfor leak became available, Brown decided to put ProjectPM on it. A link to the Stratfor dump appeared in an Anonymous chat channel; Brown copied it and pasted it into the private chat channel for ProjectPM, bringing the dump to the attention of the editors.

Brown began looking into Endgame Systems [11], an information security firm that seemed particularly concerned about staying in the shadows. “Please let HBGary know we don’t ever want to see our name in a press release,” one leaked email read. One of its products, available for a $2.5 million annual subscription, gave customers access to “zero-day exploits”—security vulnerabilities unknown to software companies—for computer systems all over the world. Business Week [12] published a story on Endgame in 2011, reporting that “Endgame executives will bring up maps of airports, parliament buildings, and corporate offices. The executives then create a list of the computers running inside the facilities, including what software the computers run, and a menu of attacks that could work against those particular systems.” For Brown, this raised the question of whether Endgame was selling these exploits to foreign actors and whether they would be used against computer systems in the United States. Shortly thereafter, the hammer came down.

The FBI acquired a warrant [13] for Brown’s laptop, gaining the authority to seize any information related to HBGary, Endgame Systems, Anonymous, and, most ominously, “email, email contacts, ‘chat’, instant messaging logs, photographs, and correspondence.” In other words, the FBI wanted his sources.

When the FBI went to serve Brown he was at his mother’s house. Agents returned with a warrant to search his mother’s house, retrieving his laptop. To turn up the heat on Brown, the FBI initiated charges against his mother for obstruction of justice for concealing his laptop computer in her house. (Facing criminal charges, on March 22, 2013, his mother, Karen McCutchin, pled guilty to one count of obstructing the execution of a search warrant. She faces up to twelve months in jail. Brown maintains that she did not know the laptop was in her home.)

By his own admission, the FBI’s targeting of his mother made Brown snap. In September 2012, he uploaded an incoherent YouTube video [14], in which he explained that he had been in treatment for an addiction to heroin, taking the medication Suboxone, but had gone off his meds and now was in withdrawal. He threatened the FBI agent that was harassing his mother, by name, warming:

“I know what’s legal, I know what’s been done to me… And if it’s legal when it’s done to me, it’s going to be legal when it’s done to FBI Agent Robert Smith—who is a criminal.”

“That’s why [FBI special agent] Robert Smith’s life is over. And when I say his life is over, I’m not saying I’m going to kill him, but I am going to ruin his life and look into his fucking kids… How do you like them apples?”

Please support our journalism. Get a digital subscription for just $9.50! [15]

The media narrative was immediately derailed. No longer would this be a story about the secretive information-military-industrial complex; now it was the sordid tale of a crazy drug addict threatening an FBI agent and his (grown) children. Actual death threats against agents are often punishable by a few years in jail. But Brown’s actions made it easier for the FBI to sell some other pretext to put him away for life.

The Stratfor data included a number of unencrypted credit card numbers and validation codes. On this basis, the DOJ accused Brown of credit card fraud for having shared that link with the editorial board of ProjectPM. Specifically, the FBI charged him with Traffic in Stolen Authentication Features, Access Device Fraud, Aggravated Identity Theft, as well as an Obstruction of Justice charge (for being at his mother’s when the initial warrant was served) and charges stemming from his threats against the FBI agent. All told, Brown is looking at century of jail time: 105 years in federal prison if served sequentially. He has been denied bail.

Considering that the person who carried out the actual Stratfor hack had several priors and is facing a maximum of ten years, the inescapable conclusion is that the problem is not with the hack itself, but with Brown’s journalism. As Glenn Greenwald remarked in the Guardian: “it is virtually impossible to conclude that the obscenely excessive prosecution he now faces is unrelated to that journalism and his related activism.”

Today, Brown is in prison and ProjectPM is under increased scrutiny by the DOJ, even as its work has ground to a halt. In March, the DOJ served the domain hosting service CloudFlare with a subpoena [16] for all records on the ProjectPM website, and in particular asked for the IP addresses of everyone who had accessed and contributed to ProjectPM, describing it as a “forum” through which Brown and others would “engage in, encourage, or facilitate the commission of criminal conduct online.” The message was clear: Anyone else who looks into this matter does so at their grave peril.

Some journalists are now understandably afraid to go near the Stratfor files. The broader implications of this go beyond Brown; one might think that what we are looking at is Cointelpro 2.0—an outsourced surveillance state—but in fact it’s worse. One can’t help but infer that the US Department of Justice has become just another security contractor, working alongside the HBGarys and Stratfors on behalf of corporate bidders, with no sense at all for the justness of their actions; they are working to protect corporations and private security contractors and give them license to engage in disinformation campaigns against ordinary citizens and their advocacy groups. The mere fact that the FBI’s senior cybersecurity advisor has recently moved to Hunton and Williams shows just how incestuous this relationship has become. Meanwhile the Department of Justice is also using its power and force to trample on the rights of citizens like Barrett Brown who are trying to shed light on these nefarious relationships. In order to neutralize those who question or investigate the system, laws are being reinterpreted or extended or otherwise misappropriated in ways that are laughable—or would be if the consequences weren’t so dire.

While the media and much of the world have been understandably outraged by the revelation of the NSA’s spying programs, Barrett Brown’s work was pointing to a much deeper problem. It isn’t the sort of problem that can be fixed by trying to tweak a few laws or by removing a few prosecutors. The problem is not with bad laws or bad prosecutors. What the case of Barrett Brown has exposed is that we confronting a different problem altogether. It is a systemic problem. It is the failure of the rule of law.

Links:
[1] http://www.youtube.com/watch?v=TOW7GOrXNZI
[2] http://www.huffingtonpost.com/barrett-brown/anonymous-australia-and-t_b_457776.html
[3] http://www.colbertnation.com/the-colbert-report-videos/426198/may-09-2013/colbert-s-book-club—learning–the-great-gatsby-
[4] http://boingboing.net/2011/02/18/hbgarys-high-volume.html
[5] http://wiki.echelon2.org/wiki/Main_Page
[6] http://www.hunton.com/
[7] http://www.huffingtonpost.com/2010/10/19/chamber-of-commerce-still_n_768076.html
[8] http://images2.americanprogress.org/ThinkProgress/ProposalForTheChamber.pdf
[9] http://www.washingtonpost.com/wp-dyn/content/article/2011/02/28/AR2011022805810.html
[10] http://www.dailydot.com/news/lulzsec-jeremy-hammond-bail-denied-hacker/
[11] http://wiki.echelon2.org/wiki/Endgame_Systems
[12] http://www.businessweek.com/magazine/cyber-weapons-the-new-arms-race-07212011.html
[13] http://www.buzzfeed.com/mhastings/exclusive-fbi-escalates-war-on-anonymous
[14] https://www.youtube.com/watch?v=TOW7GOrXNZI
[15] https://subscribe.thenation.com/servlet/OrdersGateway?cds_mag_code=NAN&cds_page_id=122425&cds_response_key=I12SART1
[16] http://leaksource.wordpress.com/2013/04/05/doj-issues-subpoena-for-info-on-barrett-browns-project-pm-site/

Peter Ludlow | June 18, 2013

Find this story at 18 June 2013

© 2012 The Nation

Jeremy Hammond Pleads Guilty to Stratfor Hack Cyber-activist faces up to 10 years in federal prison

Jeremy Hammond pleaded guilty today to the infamous Stratfor hack, as well as taking responsibility for eight additional hacks of law enforcement and defense contractor websites in 2011 and 2012. As a condition of the plea, the radical hacker will face a maximum of 10 years in federal prison, and restitution costs of up to $2.5 million. After Hammond entered his plea, his legal team framed his prosecution as part of the government’s larger attempt to control the flow of information and punish those who seek to distribute it to journalists and the public.

“There’s a war going on about corporate spying and access to information,” said defense attorney Sarah Kunstler at a press conference immediately following the hearing. “Jeremy is someone who worked toward making information public.”

In a statement posted online after the plea deal, Hammond echoed this point. “I did this because I believe people have a right to know what governments and corporations are doing behind closed doors,” Hammond wrote. “I did what I believe is right.”

The Rise and Fall of Jeremy Hammond: Enemy of the State

Hammond entered his plea – admitting to one count of conspiracy to engage in computer hacking – in a federal courtroom in lower Manhattan, surrounded by observers and supporters. One of those in attendance was his twin brother, Jason, who had just flown in from Chicago. When Hammond initially addressed the judge, he raised his right hand to be sworn in, and clenched his fist in a symbol of defiance.

The hack Hammond pleaded guilty to involved accessing information from the servers of Stratfor, a private intelligence company, and providing it to Wikileaks, who then published some of the information. Hammond was charged under the controversial 1984 Computer Fraud and Abuse Act, the same law used to charge the late Aaron Swartz and other cyber-activists. “Included among the leaked internal documents were millions of emails that exposed Stratfor’s wide-ranging spying activities, including surveillance of Bhopal activists at the behest of Dow Chemical, of PETA on behalf of Coca-Cola, and of Occupy Wall Street under contract to the U.S. Department of Homeland Security,” supporters said in a statement.

Beyond Stratfor, Hammond took responsibility for eight other hacks, all of which involved either law enforcement, intelligence firms or defense contractor websites. From June 2011 to February 2012, Hammond obtained unauthorized information from the Arizona Department of Public Safety, the FBI virtual academy, a marketing firm that builds websites for law enforcement called Brooks Jeffreys, Special Forces Gear, Vanguard Defense Industries, the Jefferson County sheriffs department, the Boston Police Patrolman’s Institute and a Pennsylvania firm called Combined Systems that makes tear gas. Hammond was granted immunity from federal prosecution for any of those hacks in exchange for taking responsibility for them. Kunstler said he could potentially face charges at the state level, though she said there may be some double jeopardy protection.

The New Political Prisoners: Leakers, Hackers and Whistleblowers

Michael Ratner, president emeritus of the Center For Constitutional Rights and lawyer for Wikileaks founder Julian Assange, said that journalists should stand up for Hammond. “He should be looked at as a source, as a whistle-blower,” Ratner said after the plea deal. “He, like other whistle-blowers in this country, ought to be protected, because they’re the only thing that let us know what our government and our private security companies are doing and they’re the only things that can keep this government even close to honest.”

Earlier in the case, Hammond’s legal team made a motion for Judge Loretta Preska to recuse herself because her husband was a victim of the Stratfor leak. That motion was denied. (Full disclosure: This reporter previously spoke at a rally that called for Preska to recuse herself.)

Other hackers in the Anonymous-affiliated group called Lulzsec who were charged in similar leaks – but were tried in the U.K. – have received much lighter sentences, from 20 to 32 months. Jason Hammond has asked supporters to sign a Change.org petition on his brother’s behalf calling for Judge Preska to sentence Hammond to time served. Jeremy Hammond’s sentencing hearing is scheduled for September 6th.

by John Knefel
MAY 28, 2013

Find this story at 28 May 2013

©2013 Rolling Stone

The Global Intelligence Files

LONDON—Today, Monday 27 February, WikiLeaks began publishing The Global Intelligence Files – more than five million emails from the Texas-headquartered “global intelligence” company Stratfor. The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency. The emails show Stratfor’s web of informers, pay-off structure, payment-laundering techniques and psychological methods, for example :

“[Y]ou have to take control of him. Control means financial, sexual or psychological control… This is intended to start our conversation on your next phase” – CEO George Friedman to Stratfor analyst Reva Bhalla on 6 December 2011, on how to exploit an Israeli intelligence informant providing information on the medical condition of the President of Venezuala, Hugo Chavez.

The material contains privileged information about the US government’s attacks against Julian Assange and WikiLeaks and Stratfor’s own attempts to subvert WikiLeaks. There are more than 4,000 emails mentioning WikiLeaks or Julian Assange. The emails also expose the revolving door that operates in private intelligence companies in the United States. Government and diplomatic sources from around the world give Stratfor advance knowledge of global politics and events in exchange for money. The Global Intelligence Files exposes how Stratfor has recruited a global network of informants who are paid via Swiss banks accounts and pre-paid credit cards. Stratfor has a mix of covert and overt informants, which includes government employees, embassy staff and journalists around the world.

The material shows how a private intelligence agency works, and how they target individuals for their corporate and government clients. For example, Stratfor monitored and analysed the online activities of Bhopal activists, including the “Yes Men”, for the US chemical giant Dow Chemical. The activists seek redress for the 1984 Dow Chemical/Union Carbide gas disaster in Bhopal, India. The disaster led to thousands of deaths, injuries in more than half a million people, and lasting environmental damage.

Stratfor has realised that its routine use of secret cash bribes to get information from insiders is risky. In August 2011, Stratfor CEO George Friedman confidentially told his employees : “We are retaining a law firm to create a policy for Stratfor on the Foreign Corrupt Practices Act. I don’t plan to do the perp walk and I don’t want anyone here doing it either.”

Stratfor’s use of insiders for intelligence soon turned into a money-making scheme of questionable legality. The emails show that in 2009 then-Goldman Sachs Managing Director Shea Morenz and Stratfor CEO George Friedman hatched an idea to “utilise the intelligence” it was pulling in from its insider network to start up a captive strategic investment fund. CEO George Friedman explained in a confidential August 2011 document, marked DO NOT SHARE OR DISCUSS : “What StratCap will do is use our Stratfor’s intelligence and analysis to trade in a range of geopolitical instruments, particularly government bonds, currencies and the like”. The emails show that in 2011 Goldman Sach’s Morenz invested “substantially” more than $4million and joined Stratfor’s board of directors. Throughout 2011, a complex offshore share structure extending as far as South Africa was erected, designed to make StratCap appear to be legally independent. But, confidentially, Friedman told StratFor staff : “Do not think of StratCap as an outside organisation. It will be integral… It will be useful to you if, for the sake of convenience, you think of it as another aspect of Stratfor and Shea as another executive in Stratfor… we are already working on mock portfolios and trades”. StratCap is due to launch in 2012.

The Stratfor emails reveal a company that cultivates close ties with US government agencies and employs former US government staff. It is preparing the 3-year Forecast for the Commandant of the US Marine Corps, and it trains US marines and “other government intelligence agencies” in “becoming government Stratfors”. Stratfor’s Vice-President for Intelligence, Fred Burton, was formerly a special agent with the US State Department’s Diplomatic Security Service and was their Deputy Chief of the counterterrorism division. Despite the governmental ties, Stratfor and similar companies operate in complete secrecy with no political oversight or accountability. Stratfor claims that it operates “without ideology, agenda or national bias”, yet the emails reveal private intelligence staff who align themselves closely with US government policies and channel tips to the Mossad – including through an information mule in the Israeli newspaper Haaretz, Yossi Melman, who conspired with Guardian journalist David Leigh to secretly, and in violation of WikiLeaks’ contract with the Guardian, move WikiLeaks US diplomatic cables to Israel.

Ironically, considering the present circumstances, Stratfor was trying to get into what it called the leak-focused “gravy train” that sprung up after WikiLeaks’ Afghanistan disclosures :

“[Is it] possible for us to get some of that ’leak-focused’ gravy train ? This is an obvious fear sale, so that’s a good thing. And we have something to offer that the IT security companies don’t, mainly our focus on counter-intelligence and surveillance that Fred and Stick know better than anyone on the planet… Could we develop some ideas and procedures on the idea of ´leak-focused’ network security that focuses on preventing one’s own employees from leaking sensitive information… In fact, I’m not so sure this is an IT problem that requires an IT solution.”

Like WikiLeaks’ diplomatic cables, much of the significance of the emails will be revealed over the coming weeks, as our coalition and the public search through them and discover connections. Readers will find that whereas large numbers of Stratfor’s subscribers and clients work in the US military and intelligence agencies, Stratfor gave a complimentary membership to the controversial Pakistan general Hamid Gul, former head of Pakistan’s ISI intelligence service, who, according to US diplomatic cables, planned an IED attack on international forces in Afghanistan in 2006. Readers will discover Stratfor’s internal email classification system that codes correspondence according to categories such as ’alpha’, ’tactical’ and ’secure’. The correspondence also contains code names for people of particular interest such as ’Hizzies’ (members of Hezbollah), or ’Adogg’ (Mahmoud Ahmedinejad).

Stratfor did secret deals with dozens of media organisations and journalists – from Reuters to the Kiev Post. The list of Stratfor’s “Confederation Partners”, whom Stratfor internally referred to as its “Confed Fuck House” are included in the release. While it is acceptable for journalists to swap information or be paid by other media organisations, because Stratfor is a private intelligence organisation that services governments and private clients these relationships are corrupt or corrupting.

WikiLeaks has also obtained Stratfor’s list of informants and, in many cases, records of its payoffs, including $1,200 a month paid to the informant “Geronimo” , handled by Stratfor’s Former State Department agent Fred Burton.

WikiLeaks has built an investigative partnership with more than 25 media organisations and activists to inform the public about this huge body of documents. The organisations were provided access to a sophisticated investigative database developed by WikiLeaks and together with WikiLeaks are conducting journalistic evaluations of these emails. Important revelations discovered using this system will appear in the media in the coming weeks, together with the gradual release of the source documents.

END

Public partners in the investigation
Comment
Current WikiLeaks status
How to read the data
Public partners in the investigation:

More than 25 media partners (others will be disclosed after their first publication) :

Al Akhbar – Lebanon – http://english.al-akhbar.com
Al Masry Al Youm – Egypt – http://www.almasry-alyoum.com
Bivol – Bulgaria – http://bivol.bg
CIPER – Chile – http://ciperchile.cl
Dawn Media – Pakistan – http://www.dawn.com
L’Espresso – Italy – http://espresso.repubblica.it
La Repubblica – Italy – http://www.repubblica.it
La Jornada – Mexico – www.jornada.unam.mx/
La Nacion – Costa Rica – http://www.nacion.com
Malaysia Today – Malaysia – www.malaysia-today.net
McClatchy – United States – http://www.mcclatchydc.com
Nawaat – Tunisia – http://nawaat.org
NDR/ARD – Germany – http://www.ndr.de
Owni – France – http://owni.fr
Pagina 12 – Argentina – www.pagina12.com.ar
Plaza Publica – Guatemala – http://plazapublica.com.gt
Publico.es – Spain – www.publico.es
Rolling Stone – United States – http://www.rollingstone.com
Russian Reporter – Russia – http://rusrep.ru
Sunday Star-Times – New Zealand – www.star-times.co.nz
Ta Nea – Greece –- http://www.tanea.gr
Taraf – Turkey – http://www.taraf.com.tr
The Hindu – India – www.thehindu.com
The Yes Men – Bhopal Activists – Global http://theyesmen.org
Comment:

WikiLeaks – Kristinn Hrafnsson, Official WikiLeaks representative, +35 4821 7121

Other comment :
Bhopal Medical Appeal (in UK) – Colin Toogood : colintoogood@bhopal.org / +44 (0) 1273 603278/ +44 (0) 7798 845074
International Campaign for Justice in Bhopal (in India) – Rachna Dhingra : rachnya@gmail.com, +91 98 261 67369
Yes Men – mike@theyesmen.org / +44 (0) 7578 682321 – andy@theyesmen.org, +1-718-208-0684
Privacy International – +44 (0) 20 7242 2836

Twitter tag : #gifiles
CURRENT WIKILEAKS STATUS:

An extrajudicial blockade imposed by VISA, MasterCard, PayPal, Bank of America, and Western Union that is designed to destroy WikiLeaks has been in place since December 2010. The EU Commission is considering whether it will open a formal investigation, but two lawsuits have been filed (http://wikileaks.org/Banking-Blocka…). There are also other ways to donate (https://shop.wikileaks.org/donate). It is legal to donate, including in the United States. The US Treasury has publicly stated that that there are no grounds to place WikiLeaks on a US government blacklist.

WikiLeaks Founder and Publisher Julian Assange has not been charged with any crime in any country. Four prosecutors are currently trying to charge him under the Espionage Act of 1917 before a closed Grand Jury in Virginia, in the United States. Julian Assange has been detained for 447 days (10,728 hours) since Dec 7, 2010, without charge, and he is currently awaiting a decision from the UK Supreme Court on extradition to Sweden (http://www.justiceforassange.com/Su…). The decision is expected in March. The decision on whether he will be onwardly extradited to the US lies in the hands of the Swedish Executive, but Sweden’s Prime Minister Fredrik Reinfeldt has refused to state whether he will protect Assange from a politically motivated extradition to the United States (http://justice4assange.com/US-Extra… ).

The Swedish Foreign Minister Carl Bildt has repeatedly attacked WikiLeaks this week in a bizarre manner (http://ferrada-noli.blogspot.com/20… ).

An alleged WikiLeaks US military source, Bradley Manning, has been in pre-trial detention for 639 days (http://bradleymanning.org/ ). His arraignment took place on 24 February 2012. In December 2011, Manning’s attorney revealed in the preliminary hearing that the US government is attempting to enter a plea deal with Manning in order to “go after” Assange. Manning has 22 charges against him, including violating the Espionage Act of 1917 and aiding the enemy. Manning has deferred entering a plea. Julian Assange and WikiLeaks are legally represented in the Manning hearings by the US Centre for Constitutional Rights (http://ccrjustice.org/ ). WikiLeaks was denied full access to Manning’s hearing after appeal (http://ccrjustice.org/newsroom/pres… ). WikiLeaks put out a statement relating to Manning’s trial ahead of the Article 32 Hearing : (http://www.wikileaks.org/Statement-… ).

The alleged WikiLeaks-supporting hacktivists known as the “PayPal 14” were arrested in 2011 following co-ordinated online demonstrations against the financial services companies that are carrying out the unlawful financial blockade on WikiLeaks (VISA, MasterCard, Paypal, Western Union, Bank of America). They are represented by attorney Stanley Cohen and will go before court in May 2012 (http://www.cyberguerrilla.org/?p=4644 ).

WikiLeaks is about to launch a distributed, encrypted “Facebook for revolutionaries” (https://wlfriends.org/ ).

Julian Assange is currently directing interviews, from house arrest, for a programme on the future of the world that is syndicated to various broadcasters. The first show will be broadcast in March (http://www.wikileaks.org/New-Assang… )
HOW TO READ THE DATA

This is a glossary and information on how to understand the internal terms and codes used by Stratfor in their emails. It is not a complete list. We call on the public to add to this list by tweeting #gifind

To see a list of the terms George Friedman considers useful for his staff to know please download this PDF : The Stratfor Glossary of Useful, Baffling and Strange Intelligence Terms.

OPEN SOURCE VS. “COVERT”

As you browse through the content, you will notice that a large set of it is what is classified as “open source” (subject lines which include [OS]). These are basically email threads that start with someone posting a published and accessible source, such as news sites, and follow with commentary by the staff. In one of the emails, Joseph Nye is referenced saying :

“Open source intelligence is the outer pieces of the jigsaw puzzle, without which one can neither begin nor complete the puzzle”

CODES IN SUBJECT LINES

Many of the emails have codes in the subject lines as well as in the body, to make it easier for the staff to “quickly identify when we need to go back and have a look-see.” [*] :

Examples : INSIGHT – COUNTRY – Subject – SOURCE CODE INSIGHT – CHINA – Trains and planes – CN1000

Please refer to the glossary for the code names of subject and country tags, as well as mailing list names.

SOURCE CODES

A lot of interesting stuff comes from “sources”. Sources are either informal contacts or people they have a formal relationship with. The IDs for sources have the format of CN120 or ME001. In terms of the character part, it refers to a region or a country :

A) Regions ME – Middle East region EU – European Union EE – Eastern Europe LA- South America SA- South Asia

B) Countries or Orgs CN – China PK – Pakistan IN- India ML – Malaysia VN – Vietnam NP- Nepal

US – United States VZ – Venezuela CO- Colombia BR-Brazil NC- Nicaragua MX- Mexico CL/CH- Chile AR- Argentina PY- Paraguay BOL- Bolivia

RU – Russia UA – Ukraine GE – Georgia TJ – Tajikstan MD – Moldova BG -Bulgaria CR/CZ- Czech Republic PT- Portugal

ZA – South Africa AO – Angola SO – Somalia NG- Nigeria CD- DR Congo CI- Cote D’Ivoire ZW- Zimbabwe ZM- Zambia RW- Rwanda KE- Kenya ET- Ethiopia SD -Sudan MA- Morocco SN- Senegal GN- Guinea SL- Sierra Leone

IR – Iran IQ- Iraq IL or IS- Israel SA- Saudi Arabia SY- Syria KU- Kuwait Y or YN – Yemen HZ – Hizbollah TK – Turkey LN- Lebanon LY- Libya UAE- UAE EG- Egypt (etc.)

C) Odd codes OCH – Old China hand, a finance insider. Stick – Scott Stewart, high level employee Z’s – Zetas, Mexican drug gang

INSIGHTS FORMAT

When “insights” are sent, they usually have the following header information :

SOURCE : The ID of the source, say CN123. Sometimes this is left “no source ID” when it’s a new source.

ATTRIBUTION : How the source is to be attributed, i.e. “Source in the pharma distribution industry in China”, Stratfor source, etc.

SOURCE DESCRIPTION : Describes the source, for example : “Source works with Mercator Pharmaceutical Solutions, distributing pharma to developing countries.” These include concrete details on the source for internal consumption so that there’s a better understanding on the source’s background and ability to make assessments on the ground.

PUBLICATION : Yes or No. If the option is yes it doesn’t mean that it would be published, but rather that it _can_ be published.

SOURCE RELIABILITY : A/B

SOURCE RELIABILITY : A-F, A being the best and F being the worst. This grades the turnaround time of this source in responding to requests.

ITEM CREDIBILITY : 1-10, 1 being the best and 10 being the worst (we may change the range here in the future). this changes a lot based on the info provided. 1 is “you can take this to the bank” and 10 would be an example of maybe – “this is a totally ridiculous rumor but something that is spreading on the ground”

SPECIAL HANDLING : often this is “none” but it may be something like, “if you use this we need to be sure not to mention the part about XXX in the publication” or any other special notes

SOURCE HANDLER : the person who can take follow-up questions and communicate with the source.

MAILING LISTS

alpha@stratfor.com Discussions circulated exclusively among analysts, writers and higher-ups, including ’insights’ and discussions about sources and source meetings. secure@stratfor.com Discussions circulated exclusively among analysts and higher-ups, and only for use within continental US (analysts traveling ’overseas’ are removed from the list for the duration of their journey). analysts@stratfor.com – Discussion among analysts only, who manage sources, gather and analyze intelligence. ct@stratfor.com Ongoing discussions to collect and analyze counterterrorism intelligence, circulated among select group of analysts. tactical@statfor.com Non-time sensitive discussions for internal training on technical and tactical matters within field of counterterrorism. intelligence@stratfor.com gvalerts@stratfor.com – Related to Gas ventures clients military@stratfor.com Military list for pre-approved staff africa@stratfor.com eastasia@stratfor.com mesa@stratfor.com Middle East/South Asia list for pre-approved staff. eurasia@stratfor.com os@stratfor.com List with information from the public domain circulated and discussed among all employees. adp@stratfor.com List for ADPs. See Glossary. translations@stratfor.com alerts@stratfor.com responses@stratfor.com dialog-list@stratfor.com

GLOSSARY

a) Industry and other misc. tags :

HUMINT – Human intelligence OSINT- Open source intelligence DATA FLU BIRDFLU ECON TECH ENERGY MINING GV – Gas Venture CT – Counterterrorism G1-G4 B2-B4 S1-S4 MILITARY or MIL PENTAGON AQ- Al Qaeda AQAP – Al Qaeda in the Arabia Peninsula SF- Special Forces CONUS- Continental US

b) Special internal codewords :

Hizzies or HZ – Hizbollah Izzies or IZ – Israel A-dogg – Mahmoud Ahmadinajad, Iranian President Baby bashar – Bashar Al-Assad, Syrian President Uncle Mo – Moammar Gaddhafi ADP- Analyst Development Program. Four-month program at STRATFOR from which candidates— mostly recent college graduates— are selected for hire. Strictly protect and protect – Often mentioned in the ’subject’, means that the source is protected. Played- A term used for procuring sensitive information from sources. E.g. from one of the secure list messages circulating the ’complete scenario for the Israeli team in Centcom’s war game,’ the analyst who procured the data wrote : “I played the head of the Mossad which was great fun.” Excomm- Appears to be ’executive committee’ of STRATFOR.

c) Regions and Orgs

AFRICOM – African countries LATAM – Latin American MERCOSUR NATFA ASEAN APEC FSU – Former Soviet Union countries MESA or MIDDLEEAST – Middle East EASTASIA OPEC EURASIA SA – South Asia FSB- Federal Security Service (Russia)

ATTACHED DOCUMENTS

Attached documents can be searched by Filename or part of the file name. Preliminary searches for filenames using the terms ’lists’, ’source lists’ or ’insight lists’, coupled with the names of source handlers (e.g. Reva for Turkey, Brazil or Venezuela) produced Excel lists of the source names, contact info and source descriptions which correspond to the source codes (e.g. ME1315).

Sourcing Criteria

The following are the proposed criteria for analyzing both sources and insight.

1. Source Timeliness 2. Source Accessibility/Position 3. Source Availability 4. Insight Credibility 5. Insight Uniqueness

Source Timeliness : This is the average grade on how long this particular source turns around tasks and replies to inquiries. It may change but is more of a static indicator.

Source Accessibility : Accessibility weighs the source’s position to have certain knowledge in a particular field. So, for example, if we are looking for energy insight and the source is an official in an energy agency, his or her Accessibility would be ranked higher than if s/he was a banker giving insight on energy. While we would welcome a banker giving his/her insight, a good source may not have a high accessibility ranking if they aren’t in a position to offer reliable insight on a certain topic. The source’s access to decision makers, specific training or education in the desired topic area, specific knowledge of events/situations/incidents can also be considered.

Source Availability : How often can we go to this source ? Are they someone we can tap daily, weekly, monthly, yearly ?

Insight Credibility : This is our assessment of the veracity of the insight offered. Here we need to consider whether or not this is disinformation, speculation, correct data or knowledgeable interpretation. Any bias that the source is displaying or any specific viewpoints or personal background the source is using in the assessment provided should also be considered.

Insight Uniqueness : Is this insight something that could be found in OS ? If it is but the analysis of the information is unique, it would still have a high uniqueness ranking. Or, if it is concrete data, but is something that is only offered to industry insiders, i.e. stats that aren’t published but that aren’t secret, it would still have a high uniqueness score.

Scoring

All of the above factors will be scored on an A-F scale, with A being exemplary and F being useless.

Source Timeliness : A = turnaround within 24 hours B = turnaround within 48 hours C = turnaround within a week D = turnaround within a month F = lucky to receive a reply at all

Source Accessibility : A = Someone with intimate knowledge of the particular insight B = Someone within the industry but whose knowledge of the topic is not exact (e.g. if we were asking someone in the oil industry about natural gas) C = Someone working close to the industry who doesn’t have intimate knowledge of a particular topic but can speak to it intelligently (e.g. a financial consultant asked to gauge the movement of the stock market) D = Someone who may know a country but doesn’t have any concrete insight into a particular topic but can offer rumors and discussions heard on the topic F = Someone who has no knowledge of a particular industry at all

Source Availability : A = Available pretty much whenever B = Can tap around once a week C = Can tap about once a month D = Can tap only several times a year F = Very limited availability

Insight Credibility : A = We can take this information to the bank B = Good insight but maybe not entirely precise C = Insight is only partially true D = There may be some interest in the insight, but it is mostly false or just pure speculation. F = Likely to be disinformation

Insight Uniqueness : A = Can’t be found anywhere else B = Can only be found in limited circles C = Insight can be found in OS, but the source has an interesting take/analysis D = Insight can be found in OS, but still may not be common knowledge F = Insight is accessible in numerous locations

Daily Insight Scoring

SOURCE : code ATTRIBUTION : this is what we should say if we use this info in a publication, e.g. STRATFOR source/source in the medical industry/source on the ground, etc SOURCE DESCRIPTION : this is where we put the more concrete details of the source for our internal consumption so we can better understand the source’s background and ability to make the assessments in the insight. PUBLICATION : Yes or no. If you put yes it doesn’t mean that we will publish it, but only that we can publish it. SOURCE RELIABILITY : A-F. A being the best and F being the worst. This grades the source overall – access to information, timeliness, availability, etc. In short, how good is this source ? ITEM CREDIBILITY : A-F. A = we can take this info to the bank ; B = Good insight but maybe not entirely precise ; C = Insight is only partially true ; D = There may be some interest in the insight, but it is mostly false or just pure speculation ; F = Likely to be disinformation. SPECIAL HANDLING : often this is “none” but it may be something like, “if you use this we need to be sure not to mention the part about XXX in thepublication” or any other special notes SOURCE HANDLER : the person who can take follow-up questions and communicate with the source.

Find this story at 27 February 2012

The legal loopholes that allow GCHQ to spy on the world

William Hague has hailed GCHQ’s ‘democratic accountability’, but legislation drafted before a huge expansion of internet traffic appears to offer flexibility

GCHQ – the government’s communications headquarters. Does it have the strongest checks and balances in the world? Photograph: Reuters

William Hague was adamant when he addressed MPs on Monday last week. In an emergency statement (video) forced by the Guardian’s disclosures about GCHQ involvement with the Prism programme, the foreign secretary insisted the agency operated within a “strong framework of democratic accountability and oversight”.

The laws governing the intelligence agencies provide “the strongest systems of checks and balances for secret intelligence anywhere in the world”, he said.

Leaked documents seen by the Guardian give the impression some high-ranking officials at GCHQ have a different view.

In confidential briefings, one of Cheltenham’s senior legal advisers, whom the Guardian will not name, made a note to tell his guests: “We have a light oversight regime compared with the US”.

The parliamentary intelligence and security committee, which scrutinises the work of the agencies, was sympathetic to the agencies’ difficulties, he suggested.

“They have always been exceptionally good at understanding the need to keep our work secret,” the legal adviser said.

Complaints against the agencies, undertaken by the interception commissioner, are conducted under “the veil of secrecy”. And the investigatory powers tribunal, which assesses complaints against the agencies, has “so far always found in our favour”.

The briefings offer important glimpses into the GCHQ’s view of itself, the legal framework in which it works, and, it would seem, the necessity for reassuring the UK’s most important intelligence partner, the United States, that sensitive information can be shared without raising anxiety in Washington.

None of the documents advocates law-breaking – quite the opposite. But critics will say they highlight the limitations of the three pieces of legislation that underpin the activities of GCHQ, MI5 and MI6 – which were repeatedly mentioned by Hague as pillars of the regulatory and oversight regime during his statement to the Commons.

The foreign secretary said GCHQ “complied fully” with the Regulation of Investigatory Powers Act (Ripa), the Human Rights Act (HRA) and the Intelligence Services Act (Isa).

Privacy campaigners argue the laws have one important thing in common: they were drafted in the last century, and nobody involved in writing them, or passing them, could possibly have envisaged the exponential growth of traffic from telecoms and internet service providers over the past decade.

Nor could they have imagined that GCHQ could have found a way of storing and analysing so much of that information as part of its overarching Mastering the Internet project.

The Tempora programme appears to have given Britain’s spymasters that resource, with documents seen by the Guardian showing Britain can retain for up to 30 days an astronomical amount of unfiltered data garnered from cables carrying internet traffic.

This raises a number of questions about the way GCHQ officials and ministers have legitimised the programme.

The briefings, which are entitled UK Operational Legalities, stress that GCHQ “is an organisation with a highly responsible approach to compliance with the law”.

GCHQ also has a well staffed legal team, known as OPP-LEG, to help staff navigate their way through the complexities of the law.

But there appears to be some nervousness about Tempora. In a paper written for National Security Agency (NSA) analysts entitled A Guide to Using Internet Buffers at GCHQ, the author notes: “[Tempora] represents an exciting opportunity to get direct access to enormous amounts of GCHQ’s special source data.

“As large-scale buffering of metadata and content represent a new concept for GCHQ’s exploitation of the internet, GCHQ’s legal and policy officers are understandably taking a careful approach to their access and use.”

So how did GCHQ secure the legal authority for setting up Tempora, and what safeguards are in place for sharing the intelligence with the Americans? According to the documents, the British government used Ripa to get taps on to the fibre-optic cables.

These cables carry internet traffic in and out of the country and contain details of millions of emails and web searches. The information from these cables went straight into the Tempora storage programme.

In one presentation, which appeared to be for US analysts from the NSA, GCHQ explained: “Direct access to large volumes of unselected SSE data [is] collected under a Ripa warrant.”

The precise arrangement between the firms is unclear, as are the legal justifications put before ministers. Isa gives GCHQ some powers for the “passive collection” of data, including from computer networks.

But it appears GCHQ has relied on paragraph four of section 8 of Ripa to gain “external warrants” for its programmes.

They allow the agency to intercept external communications where, for instance, one of the people being targeted is outside Britain.

In most Ripa cases, a minister has to be told the name of an individual or company being targeted before a warrant is granted.

But section 8 permits GCHQ to perform more sweeping and indiscriminate trawls of external data if a minister issues a “certificate” along with the warrant.

According to the documents, the certificate authorises GCHQ to search for material under a number of themes, including: intelligence on the political intentions of foreign governments; military postures of foreign countries; terrorism, international drug trafficking and fraud.

The briefing document says such sweeping certificates, which have to be signed off by a minister, “cover the entire range of GCHQ’s intelligence production”.

“The certificate is issued with the warrant and signed by the secretary of state and sets out [the] class of work we can do under it … cannot list numbers or individuals as this would be an infinite list which we couldn’t manage.”

Lawyers at GCHQ speak of having 10 basic certificates, including a “global” one that covers the agency’s support station at Bude in Cornwall, Menwith Hill in North Yorkshire, and Cyprus.

Other certificates have been used for “special source accesses” – a reference, perhaps, to the cables carrying web traffic. All certificates have to be renewed by the foreign secretary every six months.

A source with knowledge of intelligence confirmed: “Overall exercise of collection and analysis [is] done under a broad, overall legal authority which has to be renewed at intervals, and is signed off at a senior political level.”

The source said the interception commissioner was able to “conclude that [the process] was not appropriate”, and that the companies involved were not giving up the information voluntarily.

“We have overriding authority to compel [them] to do this,” the source said. “There’s an overarching condition of the licensing of the companies that they have to co-operate in this.

“Should they decline, we can compel them to do so. They have no choice. They can’t talk about the warrant, they can’t reveal the existence of it.”

GCHQ says it can also seek a sensitive targeting authority (STA), which allows it snoop on any Briton “anywhere in the world” or any foreign national located in the UK.

It is unclear how the STA system works, and who has authority over it.

The intelligence agencies also have to take note of the HRA, which demands any interception is “necessary and proportionate”.

But the documents show GCHQ believes these terms are open to interpretation – which “creates flexibility”. When Tempora became fully functional in around 2011, GCHQ gave the NSA access to the programme on a three-month trial – and the NSA was keen to impress.

The US agency sent a briefing to some of its analysts urging them to show they could behave responsibly with the data. Under a heading – “The need to be successful!” – the author wrote: “As the first NSA users to receive operational access [to Tempora], we’re depending on you to provide the business case required to justify expanded access. Most importantly we need to prove that NSA users can utilise the internet buffers in ways that are consistent with GCHQ’s legal and policy rules.

“In addition, we need to prove that NSA’s access … is necessary to prosecute our mission and will greatly enhance the production of the intelligence … success of this three-month trial will determine expanded NSA access to internet buffers in the future.”

The NSA appears to have made a successful case. In May last year, an internal GCHQ memo said it had 300 analysts working on intelligence from Tempora, and the NSA had 250. The teams were supporting “the target discovery mission”.

But the safeguards for the sharing of this information are unclear.

Though GCHQ says it only keeps the content of messages for three working days, and the metadata for up to 30 days, privacy campaigners here and in the US will want to know if the NSA is adhering to the same self-imposed rules. One concern for privacy campaigners is that GCHQ and the NSA could conduct intercepts for each other, and then offer to share the information – a manoeuvre that could bypass the domestic rules they have to abide by.

This was raised by MPs during last week’s statement, with the former Labour home secretary David Blunkett calling for clarification on this potential loophole.

Last week, the Guardian sent a series of questions to the Foreign Office about this issue, but the department said it would not be drawn on it.

“It is a longstanding policy not to comment on intelligence matters; this includes our intelligence co-operation with the United States.

“The intelligence and security committee is looking into this, which is the proper channel for such matters.”

Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball
The Guardian, Friday 21 June 2013 17.23 BST

Find this story at 21 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

The top secret rules that allow NSA to use US data without a warrant

Fisa court submissions show broad scope of procedures governing NSA’s surveillance of Americans’ communication

• Document one: procedures used by NSA to target non-US persons
• Document two: procedures used by NSA to minimise data collected from US persons

The documents show that discretion as to who is actually targeted lies directly with the NSA’s analysts. Photograph: Martin Rogers/Workbook Stock/Getty

Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information “inadvertently” collected from domestic US communications without a warrant.

The Guardian is publishing in full two documents submitted to the secret Foreign Intelligence Surveillance Court (known as the Fisa court), signed by Attorney General Eric Holder and stamped 29 July 2009. They detail the procedures the NSA is required to follow to target “non-US persons” under its foreign intelligence powers and what the agency does to minimize data collected on US citizens and residents in the course of that surveillance.

The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used.

The procedures cover only part of the NSA’s surveillance of domestic US communications. The bulk collection of domestic call records, as first revealed by the Guardian earlier this month, takes place under rolling court orders issued on the basis of a legal interpretation of a different authority, section 215 of the Patriot Act.

The Fisa court’s oversight role has been referenced many times by Barack Obama and senior intelligence officials as they have sought to reassure the public about surveillance, but the procedures approved by the court have never before been publicly disclosed.

The top secret documents published today detail the circumstances in which data collected on US persons under the foreign intelligence authority must be destroyed, extensive steps analysts must take to try to check targets are outside the US, and reveals how US call records are used to help remove US citizens and residents from data collection.

However, alongside those provisions, the Fisa court-approved policies allow the NSA to:

• Keep data that could potentially contain details of US persons for up to five years;

• Retain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;

• Preserve “foreign intelligence information” contained within attorney-client communications;

• Access the content of communications gathered from “U.S. based machine[s]” or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.

The broad scope of the court orders, and the nature of the procedures set out in the documents, appear to clash with assurances from President Obama and senior intelligence officials that the NSA could not access Americans’ call or email information without warrants.

The documents also show that discretion as to who is actually targeted under the NSA’s foreign surveillance powers lies directly with its own analysts, without recourse to courts or superiors – though a percentage of targeting decisions are reviewed by internal audit teams on a regular basis.

Since the Guardian first revealed the extent of the NSA’s collection of US communications, there have been repeated calls for the legal basis of the programs to be released. On Thursday, two US congressmen introduced a bill compelling the Obama administration to declassify the secret legal justifications for NSA surveillance.

The disclosure bill, sponsored by Adam Schiff, a California Democrat, and Todd Rokita, an Indiana Republican, is a complement to one proposed in the Senate last week. It would “increase the transparency of the Fisa Court and the state of the law in this area,” Schiff told the Guardian. “It would give the public a better understanding of the safeguards, as well as the scope of these programs.”

Section 702 of the Fisa Amendments Act (FAA), which was renewed for five years last December, is the authority under which the NSA is allowed to collect large-scale data, including foreign communications and also communications between the US and other countries, provided the target is overseas.

FAA warrants are issued by the Fisa court for up to 12 months at a time, and authorise the collection of bulk information – some of which can include communications of US citizens, or people inside the US. To intentionally target either of those groups requires an individual warrant.
One-paragraph order

One such warrant seen by the Guardian shows that they do not contain detailed legal rulings or explanation. Instead, the one-paragraph order, signed by a Fisa court judge in 2010, declares that the procedures submitted by the attorney general on behalf of the NSA are consistent with US law and the fourth amendment.

Those procedures state that the “NSA determines whether a person is a non-United States person reasonably believed to be outside the United States in light of the totality of the circumstances based on the information available with respect to that person, including information concerning the communications facility or facilities used by that person”.

It includes information that the NSA analyst uses to make this determination – including IP addresses, statements made by the potential target, and other information in the NSA databases, which can include public information and data collected by other agencies.

Where the NSA has no specific information on a person’s location, analysts are free to presume they are overseas, the document continues.

“In the absence of specific information regarding whether a target is a United States person,” it states “a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person can be positively identified as a United States person.”

If it later appears that a target is in fact located in the US, analysts are permitted to look at the content of messages, or listen to phone calls, to establish if this is indeed the case.

Referring to steps taken to prevent intentional collection of telephone content of those inside the US, the document states: “NSA analysts may analyze content for indications that a foreign target has entered or intends to enter the United States. Such content analysis will be conducted according to analytic and intelligence requirements and priorities.”

Details set out in the “minimization procedures”, regularly referred to in House and Senate hearings, as well as public statements in recent weeks, also raise questions as to the extent of monitoring of US citizens and residents.

NSA minimization procedures signed by Holder in 2009 set out that once a target is confirmed to be within the US, interception must stop immediately. However, these circumstances do not apply to large-scale data where the NSA claims it is unable to filter US communications from non-US ones.

The NSA is empowered to retain data for up to five years and the policy states “communications which may be retained include electronic communications acquired because of limitations on the NSA’s ability to filter communications”.

Even if upon examination a communication is found to be domestic – entirely within the US – the NSA can appeal to its director to keep what it has found if it contains “significant foreign intelligence information”, “evidence of a crime”, “technical data base information” (such as encrypted communications), or “information pertaining to a threat of serious harm to life or property”.

Domestic communications containing none of the above must be destroyed. Communications in which one party was outside the US, but the other is a US-person, are permitted for retention under FAA rules.

The minimization procedure adds that these can be disseminated to other agencies or friendly governments if the US person is anonymised, or including the US person’s identity under certain criteria.
Holder’s ‘minimization procedure’ says once a target is confirmed to be in the US, interception of communication must stop. Photo: Nicholas Kamm/AFP/Getty Images

A separate section of the same document notes that as soon as any intercepted communications are determined to have been between someone under US criminal indictment and their attorney, surveillance must stop. However, the material collected can be retained, if it is useful, though in a segregated database:

“The relevant portion of the communication containing that conversation will be segregated and the National Security Division of the Department of Justice will be notified so that appropriate procedures may be established to protect such communications from review or use in any criminal prosecution, while preserving foreign intelligence information contained therein,” the document states.

In practice, much of the decision-making appears to lie with NSA analysts, rather than the Fisa court or senior officials.

A transcript of a 2008 briefing on FAA from the NSA’s general counsel sets out how much discretion NSA analysts possess when it comes to the specifics of targeting, and making decisions on who they believe is a non-US person. Referring to a situation where there has been a suggestion a target is within the US.

“Once again, the standard here is a reasonable belief that your target is outside the United States. What does that mean when you get information that might lead you to believe the contrary? It means you can’t ignore it. You can’t turn a blind eye to somebody saying: ‘Hey, I think so and so is in the United States.’ You can’t ignore that. Does it mean you have to completely turn off collection the minute you hear that? No, it means you have to do some sort of investigation: ‘Is that guy right? Is my target here?” he says.

“But, if everything else you have says ‘no’ (he talked yesterday, I saw him on TV yesterday, even, depending on the target, he was in Baghdad) you can still continue targeting but you have to keep that in mind. You can’t put it aside. You have to investigate it and, once again, with that new information in mind, what is your reasonable belief about your target’s location?”

The broad nature of the court’s oversight role, and the discretion given to NSA analysts, sheds light on responses from the administration and internet companies to the Guardian’s disclosure of the PRISM program. They have stated that the content of online communications is turned over to the NSA only pursuant to a court order. But except when a US citizen is specifically targeted, the court orders used by the NSA to obtain that information as part of Prism are these general FAA orders, not individualized warrants specific to any individual.

Once armed with these general orders, the NSA is empowered to compel telephone and internet companies to turn over to it the communications of any individual identified by the NSA. The Fisa court plays no role in the selection of those individuals, nor does it monitor who is selected by the NSA.

The NSA’s ability to collect and retain the communications of people in the US, even without a warrant, has fuelled congressional demands for an estimate of how many Americans have been caught up in surveillance.

Two US senators, Ron Wyden and Mark Udall – both members of the Senate intelligence committee – have been seeking this information since 2011, but senior White House and intelligence officials have repeatedly insisted that the agency is unable to gather such statistics.

Glenn Greenwald and James Ball
guardian.co.uk, Thursday 20 June 2013 23.59 BST

Find this story at 20 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Web’s Reach Binds N.S.A. and Silicon Valley Leaders

WASHINGTON — When Max Kelly, the chief security officer for Facebook, left the social media company in 2010, he did not go to Google, Twitter or a similar Silicon Valley concern. Instead the man who was responsible for protecting the personal information of Facebook’s more than one billion users from outside attacks went to work for another giant institution that manages and analyzes large pools of data: the National Security Agency.

Mr. Kelly’s move to the spy agency, which has not previously been reported, underscores the increasingly deep connections between Silicon Valley and the agency and the degree to which they are now in the same business. Both hunt for ways to collect, analyze and exploit large pools of data about millions of Americans.

The only difference is that the N.S.A. does it for intelligence, and Silicon Valley does it to make money.

The disclosure of the spy agency’s program called Prism, which is said to collect the e-mails and other Web activity of foreigners using major Internet companies like Google, Yahoo and Facebook, has prompted the companies to deny that the agency has direct access to their computers, even as they acknowledge complying with secret N.S.A. court orders for specific data.

Yet technology experts and former intelligence officials say the convergence between Silicon Valley and the N.S.A. and the rise of data mining — both as an industry and as a crucial intelligence tool — have created a more complex reality.

Silicon Valley has what the spy agency wants: vast amounts of private data and the most sophisticated software available to analyze it. The agency in turn is one of Silicon Valley’s largest customers for what is known as data analytics, one of the valley’s fastest-growing markets. To get their hands on the latest software technology to manipulate and take advantage of large volumes of data, United States intelligence agencies invest in Silicon Valley start-ups, award classified contracts and recruit technology experts like Mr. Kelly.

“We are all in these Big Data business models,” said Ray Wang, a technology analyst and chief executive of Constellation Research, based in San Francisco. “There are a lot of connections now because the data scientists and the folks who are building these systems have a lot of common interests.”

Although Silicon Valley has sold equipment to the N.S.A. and other intelligence agencies for a generation, the interests of the two began to converge in new ways in the last few years as advances in computer storage technology drastically reduced the costs of storing enormous amounts of data — at the same time that the value of the data for use in consumer marketing began to rise. “These worlds overlap,” said Philipp S. Krüger, chief executive of Explorist, an Internet start-up in New York.

The sums the N.S.A. spends in Silicon Valley are classified, as is the agency’s total budget, which independent analysts say is $8 billion to $10 billion a year.

Despite the companies’ assertions that they cooperate with the agency only when legally compelled, current and former industry officials say the companies sometimes secretly put together teams of in-house experts to find ways to cooperate more completely with the N.S.A. and to make their customers’ information more accessible to the agency. The companies do so, the officials say, because they want to control the process themselves. They are also under subtle but powerful pressure from the N.S.A. to make access easier.

Skype, the Internet-based calling service, began its own secret program, Project Chess, to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials, according to people briefed on the program who asked not to be named to avoid trouble with the intelligence agencies.

Project Chess, which has never been previously disclosed, was small, limited to fewer than a dozen people inside Skype, and was developed as the company had sometimes contentious talks with the government over legal issues, said one of the people briefed on the project. The project began about five years ago, before most of the company was sold by its parent, eBay, to outside investors in 2009. Microsoft acquired Skype in an $8.5 billion deal that was completed in October 2011.

A Skype executive denied last year in a blog post that recent changes in the way Skype operated were made at the behest of Microsoft to make snooping easier for law enforcement. It appears, however, that Skype figured out how to cooperate with the intelligence community before Microsoft took over the company, according to documents leaked by Edward J. Snowden, a former contractor for the N.S.A. One of the documents about the Prism program made public by Mr. Snowden says Skype joined Prism on Feb. 6, 2011.

Microsoft executives are no longer willing to affirm statements, made by Skype several years ago, that Skype calls could not be wiretapped. Frank X. Shaw, a Microsoft spokesman, declined to comment.

In its recruiting in Silicon Valley, the N.S.A. sends some of its most senior officials to lure the best of the best. No less than Gen. Keith B. Alexander, the agency’s director and the chief of the Pentagon’s Cyber Command, showed up at one of the world’s largest hacker conferences in Las Vegas last summer, looking stiff in an uncharacteristic T-shirt and jeans, to give the keynote speech. His main purpose at Defcon, the conference, was to recruit hackers for his spy agency.

N.S.A. badges are often seen on the lapels of officials at other technology and information security conferences. “They’re very open about their interest in recruiting from the hacker community,” said Jennifer Granick, the director of civil liberties at Stanford Law School’s Center for Internet and Society.

But perhaps no one embodies the tightening relationship between the N.S.A. and the valley more than Kenneth A. Minihan.

A career Air Force intelligence officer, Mr. Minihan was the director of the N.S.A. during the Clinton administration until his retirement in the late 1990s, and then he ran the agency’s outside professional networking organization. Today he is managing director of Paladin Capital Group, a venture capital firm based in Washington that in part specializes in financing start-ups that offer high-tech solutions for the N.S.A. and other intelligence agencies. In effect, Mr. Minihan is an advanced scout for the N.S.A. as it tries to capitalize on the latest technology to analyze and exploit the vast amounts of data flowing around the world and inside the United States.

The members of Paladin’s strategic advisory board include Richard C. Schaeffer Jr., a former N.S.A. executive. While Paladin is a private firm, the American intelligence community has its own in-house venture capital company, In-Q-Tel, financed by the Central Intelligence Agency to invest in high-tech start-ups.

Many software technology firms involved in data analytics are open about their connections to intelligence agencies. Gary King, a co-founder and chief scientist at Crimson Hexagon, a start-up in Boston, said in an interview that he had given talks at C.I.A. headquarters in Langley, Va., about his company’s social media analytics tools.

The future holds the prospect of ever greater cooperation between Silicon Valley and the N.S.A. because data storage is expected to increase at an annual compound rate of 53 percent through 2016, according to the International Data Corporation.

“We reached a tipping point, where the value of having user data rose beyond the cost of storing it,” said Dan Auerbach, a technology analyst with the Electronic Frontier Foundation, an electronic privacy group in San Francisco. “Now we have an incentive to keep it forever.”

Social media sites in the meantime are growing as voluntary data mining operations on a scale that rivals or exceeds anything the government could attempt on its own. “You willingly hand over data to Facebook that you would never give voluntarily to the government,” said Bruce Schneier, a technologist and an author.

James Risen reported from Washington, and Nick Wingfield from Seattle. Kitty Bennett contributed reporting.

June 19, 2013
By JAMES RISEN and NICK WINGFIELD

Find this story at 19 June 2013

© 2013 The New York Times Company

Skype’s secret Project Chess reportedly helped NSA access customers’ data

Scheme – set up before firm was purchased by Microsoft – allegedly eased access for US law enforcement agencies

Prosecutors in Zhu Yufu’s trial for subversion cited text messages that he sent using Skype. Photograph: Mario Tama/Getty Images

Skype, the web-based communications company, reportedly set up a secret programme to make it easier for US surveillance agencies to access customers’ information.

The programme, called Project Chess and first revealed by the New York Times on Thursday, was said to have been established before Skype was bought by Microsoft in 2011. Microsoft’s links with US security are under intense scrutiny following the Guardian’s revelation of Prism, a surveillance program run by the National Security Agency (NSA), that claimed “direct” access to its servers and those of rivals including Apple, Facebook and Google.

Project Chess was set up to explore the legal and technical issues involved in making Skype’s communications more readily available to law enforcement and security officials, according to the Times. Only a handful of executives were aware of the plan. The company did not immediately return a call for comment.

Last year Skype denied reports that it had changed its software following the Microsoft acquisition in order to allow law enforcement easier access to communications. “Nothing could be more contrary to the Skype philosophy,” Mark Gillett, vice president of Microsoft’s Skype division, said in a blog post.

According to the Prism documents, Skype had been co-operating with the NSA’s scheme since February 2011, eight months before the software giant took it over. The document gives little detail on the technical nature of that cooperation. Microsoft declined to comment.

The news comes as the tech firms are attempting to distance themselves from the Prism revelations. All the firm’s listed as participating in the Prism scheme have denied that they give the NSA “direct” access to their servers, as claimed by the slide presentation, and said that they only comply with legal requests made through the courts.

But since the story broke a more nuanced picture of how the tech firms work with the surveillance authorities has emerged. The US authorities have become increasingly interested in tech firms and its employees after initially struggling to keep up with the shift to digital communications. NSA officials have held high level talks with executives in the tech firms and are actively recruiting in the tech community.
‘That information is how they make their money’

Shane Harris, author of The Watchers: The Rise of America’s Surveillance State, said the NSA had a crisis in the late 1990s when it realised communication was increasingly digital and it was falling behind in its powers to track that data. “You can not overstate that without this data the NSA would be blind,” he said.

The NSA employs former valley executives, including Max Kelly, the former chief security officer for Facebook, and has increasingly sought to hire people in the hacker community. Former NSA director lieutenant general Kenneth Minihan has taken the opposite tack and is helping create the next generation of tech security firms. Minihan is managing director of Paladin Capital, a private equity firm that has a fund dedicated to investing in homeland security. Paladin also employs Dr Alf Andreassen, a former technical adviser for naval warfare who was also for classified national programmes at AT&T and Bell Laboratories.

Harris said the ties were only likely to deepen as technology moves ever more of our communications on line. He warned the move was likely to present more problems for the tech firms as their consumers worry about their privacy. “It’s been fascinating for me listening to the push back from the tech companies,” said Harris.

Christopher Soghoian, a senior policy analyst studying technological surveillance at the American Civil Liberties Union, said the relationship between the tech giants and the NSA has a fundamental – and ironic – flaw that guarantees the Prism scandal is unlikely to be the last time tensions surface between the two.

The US spying apparatus and Silicon Valley’s top tech firms are basically in the same business, collecting information on people, he said. “It’s a weird symbiotic relationship. It’s not that Facebook and Google are trying to build a surveillance system but they effectively have,” he said. “If they wanted to, Google and Facebook could use technology to tackle the issue, anonymizing and deleting their customers’ information. But that information is how they make their money, so that is never going to happen.”

Dominic Rushe in New York
guardian.co.uk, Thursday 20 June 2013 17.37 BST

Find this story at 20 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Skype calls’ immunity to police phone tapping threatened

Skype calls’ immunity to police phone tapping threatened
Suspicious phone conversations on Skype could be targeted for tapping as part of a pan-European crackdown.

Suspicious phone conversations on Skype could be targeted for tapping as part of a pan-European crackdown on what law authorities believe is a massive technical loophole in current wiretapping laws, allowing criminals to communicate without fear of being overheard by the police.

The European investigation could also help U.S. law enforcement authorities gain access to Internet calls. The National Security Agency (NSA) is understood to believe that suspected terrorists use Skype to circumvent detection.

While the police can get a court order to tap a suspect’s land line and mobile phone, it is currently impossible to get a similar order for Internet calls on both sides of the Atlantic.

Skype insisted that it does cooperate with law enforcement authorities, “where legally and technically possible,” the company said in a statement.

“Skype has extensively debriefed Eurojust on our law enforcement program and capabilities,” Skype said.

Eurojust, a European Union agency responsible for coordinating judicial investigations across different jurisdictions announced Friday the opening of an investigation involving all 27 countries of the European Union.

“We will bring investigators from all 27 member states together to find a common approach to this problem,” said Joannes Thuy, a spokesman for Eurojust based in The Hague in the Netherlands.

The purpose of Eurojust’s coordination role is to overcome “the technical and judicial obstacles to the interception of Internet telephony systems”, Eurojust said.

The main judicial obstacles are the differing approaches to data protection in the various E.U. member states, Thuy said.

The investigation is being headed by Eurojust’s Italian representative, Carmen Manfredda.

Criminals in Italy are increasingly making phone calls over the Internet in order to avoid getting caught through mobile phone intercepts, according to Direzione Nazionale Antimafia, the anti-Mafia office in Rome.

Police officers in Milan say organized crime, arms and drugs traffickers, and prostitution rings are turning to Skype and other systems of VOIP (voice over Internet Protocol) telephony in order to frustrate investigators.

While telecommunications companies are obliged to comply with court orders to monitor calls on land lines and mobile phones, “Skype’ refuses to cooperate with the authorities,” Thuy said.

In addition to the issue of cooperation, there are technical obstacles to tapping Skype calls. The way calls are set up and carried between computers is proprietary, and the encryption system used is strong. It could be possible to monitor the call on the originating or receiving computer using a specially written program, or perhaps to divert the traffic through a proxy server, but these are all far more difficult than tapping a normal phone. Calls between a PC and a regular telephone via the SkypeIn or SkypeOut service, however, could fall under existing wiretapping regulations and capabilities at the point where they meet the public telephone network.

The pan-European response to the problem may open the door for the U.S. to take similar action, Thuy said.

“We have very good cooperation with the U.S.,” he said, pointing out that a U.S. prosecutor, Marylee Warren, is based in The Hague in order to liaise between U.S. and European judicial authorities.

The NSA (National Security Agency) is so concerned by Skype that it is offering hackers large sums of money to break its encryption, according to unsourced reports in the U.S.

Italian investigators have become increasingly reliant on wiretaps, Eurojust said, giving a recent example of customs and tax police in Milan, who overheard a suspected cocaine trafficker telling an accomplice to switch to Skype in order to get details of a 2kg drug consignment.

“Investigators are convinced that the interception of telephone calls have become an essential tool of the police, who spend millions of euros each year tracking down crime through wiretaps of land lines and mobile phones,” Eurojust said.

The first meeting of Eurojust’s 27 national representatives is planned in the coming weeks but precise details of its timing and the location of the meeting remain secret, Thuy said.

“They will exchange information and then we will give advice on how to proceed,” he said. Bringing Internet telephony into line with calls on land lines and mobile phones “could be the price we have to pay for our security,” he said.

Paul Meller (IDG News Service)
— 23 February, 2009 09:47

Find this story at 23 February 2009

Copyright 2013 IDG Communications

Random afluisteren in India

In het voorjaar van 2010 was India een paar weken in de ban van een afluisterschandaal, maar vervolgens verdween dat in de vergetelheid. Dit is opmerkelijk gezien de staat van dienst van de inlichtingenwereld in India. Schandalen die gewone Indiërs raken, maar ook corruptie, slecht management, verkeerde technologie en apparatuur en bovenal incompetentie lijken de boventoon te voeren bij de NTRO, die verantwoordelijk wordt gehouden voor het schandaal. NTRO, National Technical Research Organisation, gebruikt IMSI Catchers om voor lange tijd en op grote schaal politici, ambtenaren, zakenmensen, beroemdheden en gewone Indiërs af te luisteren.

Het gebruik van een IMSI catcher moet nauwlettend gecontroleerd worden. Het afluisterschandaal in India laat zien wat de gevaren zijn van het toelaten van het apparaat in een veiligheidsstelsel. Een IMSI catcher is een mobiele zendmast. Het International Mobile Subscriber Identity nummer is een uniek nummer dat aan een SIM kaart voor een mobiele telefoon is gekoppeld. Aan het IMSI nummer zit tevens een uniek telefoonnummer. Het IMSI nummer bestaat uit drie groepen getallen, 111/22/3333333333. Aan het nummer is te zien uit welk land de SIM kaart komt. De eerste cijfers (111) staan voor het land, Nederland heeft bijvoorbeeld 204 als code. De tweede set cijfers (22) onthullen de provider, KPN heeft bijvoorbeeld 08 en Vodafone 04. De laatste cijfers, maximaal tien cijfers, zijn het unieke abonnementsnummer. Dit is niet hetzelfde als het telefoonnummer. Telefoons waar twee SIM kaarten in zitten, hebben ook twee IMSI nummers.
De IMSI catcher fungeert als mobiele antenne die het gsm verkeer in de buurt opvangt, hierbij gaat het alleen om uitgaande gesprekken. Bij gewone mobiele telefoons vindt de versleuteling van de conversaties plaats in de dichtstbijzijnde mast. De IMSI catcher hoeft de informatie dus niet te kraken, maar kan simpelweg de gesproken of geschreven data lezen. De catcher moet het telefoonverkeer wel doorgeleiden naar een reguliere mast anders kan er geen contact worden gemaakt met de persoon die door de gsm wordt gebeld. De catcher fungeert als tussenstation om de data ofwel direct af te vangen ofwel niet versleuteld door te geleiden. Het doel van de catcher is natuurlijk ook? om het telefoonnummer van een beller te achterhalen. Voor opsporingsinstanties die het gsm nummer van een verdachte niet kunnen traceren is dit een handig middel. Men plaatst een catcher in de buurt van de persoon in kwestie, vangt de nummers allemaal af en kan nagaan welk nummer men moet hebben. Bij politie-invallen kan het apparaat ook zijn dienst bewijzen door op locatie het telefoonverkeer te monitoren, vooral als binnen een onderzoek niet alle gsm-nummers bekend zijn. Tevens kan de catcher worden gebruikt voor spionage doeleinden, vooral spionage die de overheid niet aan de grote klok wil hangen. Bij het afluisteren met een IMSI catcher heeft men namelijk geen medewerking van een Telecom provider nodig. De IMSI catcher laat echter wel een spoor achter die een gebruiker kan wijzen op onregelmatigheden in de transmissie en het apparaat is niet altijd succesvol. De IMSI catcher was tot begin 2011 ook te koop door particulieren. Verschillende bedrijven in New Delhi, Gurgaon en Noida boden de ‘off-the-air-monitoring’ systemen aan. In 2011 besloot de regering de handel van de apparaten aan banden te leggen. Private ondernemingen bleken namelijk gebruik te maken van de catcher.

NTRO
In India is de IMSI Catcher op grote schaal ingezet voor spionage doeleinden, zo onthulde het weekblad Outlook in het voorjaar van 2010. Vanaf waarschijnlijk eind 2006 tot en met april 2010 werden politieke tegenstanders, mensen die promotie zouden maken, leden van het kabinet en allerlei andere politieke en niet politieke figuren door één van de Indiase geheime diensten afgeluisterd. De gesprekken werden afgeluisterd, opgenomen en bewaard. De dienst die verantwoordelijk is voor het afluisteren is de National Technical Research Organisation, de NTRO. De NTRO werd na de Kargil oorlog in 1999 opgezet. Dit conflict ontstond toen het Pakistaanse leger posities in het district Kargil, in de regio Kashmir innam. India reageerde furieus en verdreef de Pakistanen uit een groot deel van Kargil. De laatste posities werden door Pakistan verlaten na diplomatieke druk. De Kargil Review Committee concludeerde in 1999 dat een van de redenen van het uit de hand lopen van het conflict gebrekkige inlichtingen was. De Defence Intelligence Agency (DIA) en de National Technical Facilities Organization (NTFO) die al snel NTRO werd gedoopt, werden opgezet.
De NTRO begon zijn werkzaamheden in april 2004. De NTRO is de Indiase stofzuiger van data, zowel internet als telecommunicatie data, en monitort het Indiase grondgebied en luchtruim. De NTRO gebruikt hiervoor allerlei technische hulpmiddelen, van satellieten tot IMSI catchers. De Technology Experiment Satellite (TES), een satelliet die is uitgerust met een camera die foto’s kan maken van voorwerpen van een meter, is een van de hulpmiddelen. De satelliet werd in oktober 2001 gelanceerd en de beelden worden beheerd door de Indian Space Research Organisation (ISRO). Beelden worden ook commercieel verhandeld door een bedrijf dat verbonden is aan de ISRO, Antrix Corporation. BBC News rapporteerde dat India door TES ook beelden bezit van de oorlog in Afghanistan. In 2001 was India het tweede land naast de Verenigde Staten dat een satelliet bezit die beelden kan genereren van voorwerpen van een meter groot. Een van de functionarissen die centraal staat in de introductie van de afluister praktijken door de NTRO is dhr. Narayanan. Narayanan heeft decennia lang een centrale rol gespeeld in de Indiase inlichtingenwereld. Hij was hoofd van het Intelligence Bureau van 1988 tot 1992, en diende daarbij onder vijf verschillende minister-presidenten. Daarna nam hij een adviserende rol op zich onder de directe verantwoordelijkheid van de minister-president van India. In zijn rol als National Security Advisor (NSA) introduceerde hij de nieuwe afluistertechnologie in India in 2005. Narayanan wordt wel de ‘super spook’ van India genoemd, omdat hij zijn gehele wat? leven? al in de kringen van de Research and Analysis Wing (R&AW), het Intelligence Bureau en de NSA heeft bewogen. Zijn verhouding met minister-president Manmohan Singh was toen hij National Security Advisor niet close. Hij had bezwaren tegen de nucleaire samenwerking tussen Amerika en India en de toenadering van India en Pakistan. In de Wikileaks Cables over India die begin 2011 zijn vrijgegeven door The Hindu wordt Narayanan echter wel omschreven als een belangenbehartiger van de relatie met de Verenigde Staten. In een van de berichten wordt hij omschreven als de smeerolie voor zaken die voor de Amerikanen interessant zijn.
De NTRO valt onder de verantwoordelijkheid van de inlichtingendienst buitenland van India, de Research and Analysis Wing (R&AW), hoewel het een zekere mate van onafhankelijkheid heeft. De NTRO faciliteit waar het afluisteren van de communicatie met het buitenland wordt gedaan ligt in de buurt van Kala Ghoda, zuidelijk Mumbai. Bij Malad, dat in de buurt ligt van Kala Ghoda, komen de datakabels die internet- en telecommunicatie tussen continenten mogelijk maken het Indiase vasteland binnen. De NTRO zit er letterlijk boven op. Hierbij gaat het om communicatie tussen India en het buitenland. De inlichtingendiensten van India hebben daarnaast genoeg binnenlandse capaciteit om de iedere Indiase burger af te luisteren.

Afluisteren
Het afluisterschandaal van de NTRO werd eind april 2010 door het weekblad Outlook onthuld. In de editie van 3 mei van dat jaar zegt een senior inlichtingenofficier dat de NTRO geen toestemming nodig heeft om een telefoon te tappen. Het gaat volgens hem om het onderscheppen van een signaal tussen de gsm en de antenne. Volgens de officier gaat het daarom niet om het afluisteren van een telefoonnummer. Het apparaat zou signalen binnen een cirkel van twee kilometer kunnen onderscheppen. De medewerker van de NTRO lijkt te suggereren dat er helemaal niets mis is met het afluisteren met behulp van een IMSI catcher, het signaal wordt gewoon opgevangen en bewaard. Op dezelfde wijze lijkt de minister van Binnenlandse Zaken van India, P. Chidambaram, de storm rond het afluisterschandaal te willen sussen. In een van de eerste reacties verklaarden bronnen binnen de regering dat het ging om een proef van de NTRO. De regering had geen opdracht gegeven, dus is zij niet verantwoordelijk, en er hoeft geen onderzoek te komen. Volgens de minister waren in de bestanden van de NTRO ook geen bewijzen gevonden van het afluisteren van politici. Tevens wees de regering erop dat de NTRO niet zelfstandig operaties uitvoert, maar werkt onder auspiciën van andere diensten. Bij deze diensten zou het gaan om zeven inlichtingendiensten: het Intelligence Bureau, de Research and Analysis Wing, de Directorate of Revenue Intelligence, Enforcement Directorate, Narcotics Control Bureau, Economic Intelligence Unit and Directorate-General of Investigations, Income-Tax (CBDT). Een oud medewerker van de NTRO voegde daar in de Economic Times van 24 april 2010 nog aan toe dat de dienst slechts onderzoek doet naar technische hulpmiddelen. Volgens hem luistert de dienst geen individuen af en wordt het NTRO in diskrediet gebracht door verongelijkte werknemers.
Ook de politie heeft de bevoegdheid om af te luisteren. De minister van Binnenlandse Zaken stelde dat ruim dertig instanties in de verschillende Indiase deelstaten de mogelijkheid hebben om te tappen en af te luisteren. Volgens minister Chidambaram ligt daarom de macht tot het uitvoeren van deze observaties niet alleen op nationaal niveau, maar ook op deelstaatniveau. Dat dit ook daadwerkelijk aan de hand is werd in dezelfde periode geïllustreerd door een afluisterschandaal van de CBDT. Deze dienst had lobbyisten van de telecommunicatie industrie afgeluisterd ten tijde van de toewijzing van mobiele breedband netwerken met de 2G technologie. Bij deze onthulling werd niet de CBDT beschuldigd van illegale taps, maar kregen de bedrijven het te verduren. De afgeluisterde gesprekken onthulden de grote invloed van de industrie op de besluitvorming van de regering. De CBDT luisterde de lobbyisten af in het kader van een onderzoek naar belastingfraude. Zowel politiek als binnen de juridische wereld worden er vraagtekens gezet bij het afluisteren van mensen die worden verdacht van belastingfraude.
Hoewel de onthulling in de Outlook erg gedetailleerd was, was het antwoord van de minister en de dienst dat er niets aan de hand is. Er wordt niet afgeluisterd en er is geen bewijs gevonden dat het is gebeurd, luidde het officiële regeringsstandpunt. De Indiase Telecomwet van 1885 en de toegevoegde wijziging van 2008 maken afluisteren echter wel mogelijk. Bij het afluisteren gaat het om uitzonderlijke situaties en niet om een standaard regel. Het was dus wel degelijk een schending van wettelijke regels. In de week erna bevestigden enkele inlichtingenofficieren anoniem dat er op grote schaal afgeluisterd wordt. Naast de vier politici waarover Outlook in het nummer van 3 mei 2010 publiceerde bleken er veel meer mensen te zijn afgeluisterd. Het gaat daarbij naast politici om ambtenaren, zakenmensen, gewone Indiërs en beroemdheden. Volgens de anonieme officieren werden de gesprekken zonder wettelijke toestemming afgeluisterd . De officieren vertellen in de Outlook van 10 mei 2010 dat zij de opdrachten mondeling kregen of soms op een geel memo papiertje. Volgens de officieren waren de afluisteroperaties allemaal illegaal , zonder toestemming van de NSA of het kabinet van de minister-president. Er mocht ook geen administratie van worden bijgehouden. De IMSI catchers werden ingezet om bijvoorbeeld in Delhi, de hoofdstad van India, rond te rijden om gsm verkeer op te vangen. Eigenlijk waren het ‘fishing operaties’ op zoek naar dat ene gesprek dat mogelijk een gevaar kan zijn voor de nationale veiligheid. Het systeem scant alle nummers zonder onderscheid te maken en kan alles opnemen. Op elk willekeurig moment kan het apparaat dat in India is gebruikt maximaal 64 gesprekken opnemen. Sommige gesprekken werden vernietigd, andere werden bewaard. Het wordt uit het interview met de medewerkers niet duidelijk wie er verantwoordelijk was voor het besluit om gesprekken al dan niet te vernietigen. In The Times of India worden anonieme bronnen aangehaald die zeggen dat het afluisteren van de politici was uitgevoerd door “junior officials”, maar dat hun werk deel uitmaakt van een grotere operatie.
Volgens de medewerkers van de inlichtingendiensten gaat het om in totaal vijf apparaten die door de NTRO gebruikt worden. Van de ritten van de auto met de IMSI Catcher worden twee logboeken bijgehouden. Het ene logboek bevat geen enkel detail van de operatie. Het andere logboek is “top secret” en bevat gedetailleerde informatie over de locatie waar het apparaat heeft afgeluisterd. De precieze route, bestemmingen, data en tijden zijn in dat logboek te vinden. Medewerkers van de inlichtingendienst vertelden dat het niet alleen de NTRO hoeft te zijn die verantwoordelijk is voor het tappen. Verschillende van de zeven inlichtingendiensten en zelfs de politie hebben een IMSI catcher. Bronnen in de inlichtingenwereld hebben het weekblad Outlook aangegeven dat er in totaal 90 apparaten zijn aangeschaft door de verschillende instanties. Vooral in regio’s waar veel moslims wonen gebeurt dit volgens de officier. De inlichtingenofficieren die in Outlook worden geïnterviewd worden ondersteund in hun verhalen door een oud- directeur van het Intelligence Bureau (IB), dhr. Dhar. Hij vertelde het Indiase weekblad Tehelka dat de NTRO namen moet hebben gekregen om af te luisteren. Tevens verklaart hij dat politieke leiders regelmatig inlichtingendiensten de opdracht geven om mensen af te luisteren zonder schriftelijke toestemming. Medewerkers van diensten die weigeren aan deze afluisterpraktijken mee te doen, worden ontslagen volgens de oud-directeur van het Intelligence Bureau.

Iedereen is verdacht
Het is onduidelijk wat het doel is van de afluisteroperatie die zeker vier jaar heeft geduurd. Hoewel de verantwoordelijk minister in zijn eerste reactie had aangegeven niets van het afluisteren af te weten, gaven regeringsbronnen aan de The Times of India toe dat de NTRO wel toezicht uitvoerde. Welk toezicht wordt door de Times niet vermeld. Volgens de bronnen staan die activiteiten onder directe verantwoordelijkheid van de National Security Advisor of het kabinet van de minister-president waaronder de Research and Analysis Wing en de NTRO valt. Bij de NSA zou het gaan om dhr. Narayanan, de man die aan de wieg stond van het afluisteren in 2005. In de Indiase media worden ook verbanden gelegd met de lange traditie van de Indian National Congress (INC), een regeringspartij, om de oppositie in diskrediet te brengen door het verzamelen van politiek gevoelige informatie door het inzetten van inlichtingendiensten. Het dagblad The Pioneer vergelijkt het met de werkwijze van de Indiase roddelpers, maar dan veel serieuzer. Volgens de krant gaat het er bij het afluisteren om om te achterhalen wie elkaar ontmoeten, met wie iemand contact heeft, met wie personen van de elite slapen en vergelijkbare vragen uit de roddelbladen. Het lijkt er volgens de krant op dat de inlichtingendiensten de levens van politieke spelers in kaart probeert te brengen.
De Indian National Congress (INC) is echter niet de enige politieke partij die deze middelen inzet. Het lijkt erop dat het binnen de Indiase democratie de gewoonte is om de oppositie op allerlei manieren in de gaten te houden. De wijze waarop de oppositie het schandaal gebruikte om de regering onder druk te zetten, lijkt deze stelling ook te ondersteunen. De oppositie is geschokt en wil uitleg van de minister-president, maar daadwerkelijke wettelijke hervormingen werden niet met zoveel woorden geëist.
De verantwoordelijk minister voor de afluisteroperatie is Chidambaram. Chidambaram is lid van de Indian National Congress (INC). Onder de afgeluisterde politici bevond zich ook de minister voor Consumentenzaken, voedsel en distributie, Sharad Pawar van de Nationalist Congress Party (NCP), een afsplitsing van de INC. De NCP neemt op dit moment ook deel aan de regering samen met het INC. Ook leden van de partij van de minister van Binnenlandse Zaken zoals dhr. Digvijay Singh werden afgeluisterd, evenals leden van de oppositie, zoals het hoofd van de Communistische Partij India, dhr. Karat. Het afluisteren vond niet alleen nationaal plaats, ook in deelstaten van India zoals in Bihar werden hoge politici afgeluisterd, zoals de premier van Bihar, dhr. Kumar.
De onderwerpen van de gesprekken die Outlook in haar bezit heeft, zijn uiteenlopend. Bij de gesprekken van de minister van Consumentenzaken ging het om het grote schandaal rond de Indian Premier League (IPL), de Indiase cricket competitie, IPL-gate, waar sprake was van witwassen van geld en het vooraf bepalen van de winnaar van een wedstrijd. De premier van Bihar belde een collega om te lobbyen voor meer geld voor zijn deelstaat. En van de communistische partij zijn gesprekken bewaard uit 2008 toen er oppositie werd gevoerd tegen de aankoop van nucleaire technologie van de Verenigde Staten. Hoewel Karat tegenstander was van de overeenkomst tussen India en de Verenigde Staten stond hij onderhandelingen met minister-president Singh niet in weg. Hij fungeerde ook als een belangrijke exponent van de oppositie in India tegen de overeenkomst. De gegevens over de afluisterpraktijk van de NTRO geven nu aan dat dhr. Karat toen is afgeluisterd. Uiteindelijk bleef de Communistische Partij bij haar standpunt om tegen te stemmen, maar de regering behaalde toch een nipte overwinning. De Samajwadi Party (SP) en tien leden van de BJP, beide oppositie partijen, hielpen de regering aan haar meerderheid. De overeenkomst met de Amerikanen kon doorgaan. Naar nu blijkt werden er tijdens de onderhandelingen over het akkoord met de Amerikanen parlementariërs omgekocht. In documenten van de Amerikaanse vertegenwoordiging in India die door Wikileaks zijn buitgemaakt, blijkt dat de Amerikanen op de hoogte waren van de steekpenningen die parlementariërs ontvingen om voor te stemmen. Of de afgeluisterde gesprekken hebben bijgedragen aan het omkopen van leden van het parlement is niet duidelijk.

DE NTRO als schandaal
De NTRO heeft absoluut geen schoon blazoen. De korte historie van de dienst kent al vele schandalen, gebrekkig functioneren, politieke benoemingen en tekenen van corruptie. India kent geen Commissie van Toezicht op de Inlichtingen en Veiligheidsdiensten, wel een algemene controledienst, te vergelijken met de algemene Rekenkamer. De regering stelde dhr. P.V. Kumar van de Comptroller and Auditor General of India (CAG) aan om de misstanden bij de NTRO te onderzoeken. Kumar is een oud medewerker van de Research and Analysis Wing en werd na zijn onderzoek begin 2011 aangesteld om de NTRO te leiden. In hoeverre er een einde is gekomen aan de misstappen is dan ook niet duidelijk. Een van de schandalen naast het afluisteren van politici is de benoeming van de tweede man van de dienst, dhr. Vijararaghavan, en zijn betrokkenheid bij een deal met het Amerikaanse bedrijf CISCO. Na de deal met CISCO werd de dochter van Vijararaghavan door CISCO in dienst genomen. De positie van de tweede man staat ook ter discussie omdat hij naast zijn functie bij de NTRO ook nog zijn oude functie als hoofd van Defence Research and Development Organisation (DRDO) vervult en tevens directeur is van een lobbygroep van de elektronica-industrie. Ook diverse andere benoemingen worden door de CAG onderzocht op hun onvolkomenheden. Het gerechtshof in Delhi oordeelde verder dat er een onderzoek moet komen naar administratieve en financiële onregelmatigheden bij de aanstelling van ruim zeventig werknemers. Vacatures zouden zijn opgevuld met niet capabele mensen zonder de juiste opleiding en voor sommige functies is zelfs geen vacature uitgeschreven, maar die zijn onderhands opgevuld.
Naast het personeelsbeleid zijn er ook vragen gerezen over de aankoop van apparatuur door de dienst. Een medewerker schafte zonder overleg met het agentschap dat over de aankopen van gevoelige apparatuur gaat, computers aan die vitale Chinese onderdelen bevat. De spanningen tussen India en China fluctueren al decennia lang tussen gespannen en vriendschappelijk. De laatste jaren gaat het beter, maar tien jaar geleden had de verhouding tussen de twee landen een nieuw dieptepunt bereikt na Indiase kernproeven. En dat de relatie verre van close is maakten Canadese onderzoekers van de Information Warfare Monitor (IWM) duidelijk toen zij India erop wezen dat begin 2010 Chinese hackers zich de toegang hadden verschaft tot computers van het Indiase leger. IWM had de Indiase overheid er een jaar eerder al op gewezen dat haar computers en servers kwetsbaar waren voor aanvallen uit vooral China. Op de computers die in 2010 gehackt zijn, zou informatie staan over het raketprogramma van India, de artillerie-brigades van Assam, luchtmachtbases en andere militaire informatie. De Canadese onderzoekers produceerden een rapport over de Chinese elektronische infiltratie, ‘Shadow in the Cloud’. In mei 2010 bleek dat de schade van de Chinese spionage operatie aanzienlijk is. Computers en servers van diplomatieke vestigingen van India in Kabul, Moskou, Dubai, Abuja, in de Verenigde Staten, Servië, België, Duitsland, Cyprus, het Verenigd Koninkrijk en Zimbabwe waren door de Chinezen overgenomen. Ook het kantoor van de National Security Advisor was besmet en zelfs bedrijven als Tata, YKK India en DLF Limited. Naast deze militair en economisch strategische spionage hadden de Chinezen het ook gemunt op de Tibetaanse gemeenschap in Dharamshala.
Een andere medewerker kocht satelliet communicatiemiddelen van een bedrijf uit Singapore (Singapore Technologies), een bedrijf dat door de Indiase overheid op een zwarte lijst was geplaatst. Bij de aanbesteding van de satelliet communicatie apparatuur kwamen de specificaties van de NTRO precies overeen met het product van Singapore Technologies. In andere gevallen, zoals bij de aanschaf van onbemande vliegtuigen van het Israëlische bedrijf Israel Aerospace Industries (IAI) is door het NTRO geen aanbesteding uitgeschreven volgens de onderzoekers van CAG. De onbemande vliegtuigen moesten in januari 2010 aan de grond worden gehouden, omdat bleek dat de NTRO onveilige en open radiofrequenties gebruikte voor de besturing van de vliegtuigen. Volgens de India Today zouden ook de onbemande vliegtuigen van het Indiase leger op deze manier worden bediend. Bij grote uitgaven dient de NTRO een aanbesteding te doen en toestemming te vragen aan de National Security Advisor en uiteindelijk de minister-president. Ook dit laatste is bij diverse aankopen door de dienst niet gebeurd.
Naast deze personele en technische misstappen wordt de kwaliteit van het werk van de dienst in het publieke debat in India in twijfel getrokken. Hoewel haar taak het verzamelen van informatie over mogelijke terroristische aanslagen, cyber crime, opstanden en illegale grensoverschrijdingen is, heeft de dienst geen enkel duidelijk succes geboekt. De aanslagen van 26 november 2008 in Mumbai worden gezien als het bewijs van de mislukking van de dienst. Toch lijkt de dienst onaantastbaar, zoals zoveel inlichtingendiensten. Twee jaar later was het opnieuw raak. Op basis van informatie van de inlichtingendiensten werd een man gearresteerd die verantwoordelijk werd gehouden van de aanslag op de “Duitse bakkerij”, een populaire uitgaansgelegenheid voor toeristen in Pune. Minister Chidambaram feliciteerde de inlichtingendiensten, maar ze bleken het bij het verkeerde eind te hebben. De man moest worden vrijgelaten wegens ontlastend bewijs.
En hoewel de NTRO de stofzuiger is van data van Indiase burgers staat zij net als de andere spelers in de Indiase inlichtingenwereld bekend om het ‘kwijtraken’ van gevoelige data. In 2003 was de Defence Research and Development Organisation (DRDO) plotseling 53 computers kwijt. Toen zij werden teruggevonden, ontbraken de harde schijven. Op de harde schijven stonden geheime codes voor communicatie met inlichtingendiensten en het leger. In 2006 raakte een belangrijke wetenschapper van de DRDO zijn laptop kwijt op het vliegveld van Delhi. Op de laptop bewaarde de wetenschapper geheime informatie over het Indiase kernwapenarsenaal en raketsystemen. En in 2008 raakte een directeur van de NTRO zijn laptop met geheime informatie over de kernwapenprogramma’s in Pakistan, China en Noord Korea kwijt in Washington DC.

Het schandaal staat niet op zich
De NTRO is niet de enige dienst die tekenen vertoont van verval. Ook de dienst waaruit zij is voortgekomen, de Research and Analysis Wing, wordt geteisterd door technische, personele, administratieve en financiële schandalen. Eigenlijk is het niet onlogisch dat er schandalen optreden binnen de Indiase inlichtingenwereld. Met zoveel onregelmatigheden is het bijna vanzelfsprekend dat er schandalen plaatsvinden die ook Indiase burgers raken. Het NTRO schandaal staat dan ook niet op zich. Vergelijkbare afluisterpraktijken zijn de afgelopen decennia aan het licht gekomen. In de jaren tachtig kwam aan het licht dat de Indiase overheid politieke leiders afluisterde. Daarnaast werden ook toen toonaangevende journalisten in de gaten gehouden. In 1990 – 1991 was het opnieuw raak met een nieuw afluisterschandaal. De Peoples Union for Civil Liberties (PUCL), een burgerrechtenbeweging, bracht de zaak voor de rechter. Tijdens de rechtzaak gaf de CBI, Central Bureau of Investigation, toe dat op grote schaal journalisten, parlementariërs en leden van het kabinet zowel op nationaal als op deelstaatniveau waren afgeluisterd. Het CBI gaf toe dat deze afluisterpartij onwettig was.
En is er wat veranderd na het schandaal in het voorjaar van 2010 dat de Indiase politiek enkele weken bezig hield? Nee, in juli van hetzelfde jaar werd de IMSI Catcher als nieuw gepresenteerd in een operatie met de codenaam Fox, alsof het om een nieuwe strijd ging tegen terrorisme en criminele bendes. De media waren het schandaal van twee maanden eerder al weer vergeten.

Buro Jansen & Janssen

Find this story at 20 April 2011

Mumbai Terrorists Relied on New Technology for Attacks

MUMBAI, India — The terrorists who struck this city last month stunned authorities not only with their use of sophisticated weaponry but also with their comfort with modern technology.

The terrorists navigated across the Arabian Sea to Mumbai from Karachi, Pakistan, with the help of a global positioning system handset. While under way, they communicated using a satellite phone with those in Pakistan believed to have coordinated the attacks. They recognized their targets and knew the most direct routes to reach them in part because they had studied satellite photos from Google Earth.

And, perhaps most significantly, throughout the three-day siege at two luxury hotels and a Jewish center, the Pakistani-based handlers communicated with the attackers using Internet phones that complicate efforts to trace and intercept calls.

Those handlers, who were apparently watching the attacks unfold live on television, were able to inform the attackers of the movement of security forces from news accounts and provide the gunmen with instructions and encouragement, authorities said.

Hasan Gafoor, Mumbai’s police commissioner, said Monday that as once complicated technologies — including global positioning systems and satellite phones — have become simpler to operate, terrorists, like everyone else, have become adept at using them. “Well, whether terrorists or common criminals, they do try to be a step ahead in terms of technology,” he said.

Indian security forces surrounding the buildings were able to monitor the terrorists’ outgoing calls by intercepting their cellphone signals. But Indian police officials said those directing the attacks, who are believed to be from Lashkar-e-Taiba, a militant group based in Pakistan, were using a Voice over Internet Protocol (VoIP) phone service, which has complicated efforts to determine their whereabouts and identities.

VoIP services, in which conversations are carried over the Internet as opposed to conventional phone lines or cellphone towers, are increasingly popular with people looking to save money on long distance and international calls. Many such services, like Skype and Vonage, allow a user to call another VoIP-enabled device anywhere in the world free of charge, or to call a standard telephone or cellphone at a deeply discounted rate.

But the same services are also increasingly popular with criminals and terrorists, a trend that worries some law enforcement and intelligence agencies. “It’s a concern,” said one Indian security official, who spoke anonymously because the investigation was continuing. “It’s not something we have seen before.”

In mid-October, a draft United States Army intelligence report highlighted the growing interest of Islamic militants in using VoIP, noting recent news reports of Taliban insurgents using Skype to communicate. The unclassified report, which examined discussions of emerging technologies on jihadi Web sites, was obtained by the Federation of American Scientists, a Washington-based nonprofit group that monitors the impact of science on national security.

VoIP calls pose an array of difficulties for intelligence and law enforcement services, according to communications experts. “It means the phone-tapping techniques that work for old traditional interception don’t work,” said Matt Blaze, a professor and computer security expert at the University of Pennsylvania.

An agency using conventional tracing techniques to track a call from a land line or cellphone to a VoIP subscriber would be able to get only as far as the switching station that converts the voice call into Internet data, communications experts said. The switch, usually owned and operated by the company providing the VoIP service, could be located thousands of miles from the subscriber.

The subscriber’s phone number would also likely reveal no information about his location. For instance, someone in New York could dial a local phone number but actually be connected via the Internet to a person in Thailand.

In Mumbai, authorities have declined to disclose the names of the VoIP companies whose services the Lashkar-e-Taiba handlers used, but reports in Indian news media have said the calls have been traced to companies in New Jersey and Austria. Yet investigators have said they are convinced that the handlers who directed the attacks were actually sitting somewhere in Pakistan during the calls.

One senior Lashkar-e-Taiba leader who American officials believe may have played a key role in planning the Mumbai attacks is Zarrar Shah. Mr. Shah, known to be a specialist in communications technology, may have been aware of the difficulties in tracing VoIP.

To determine the location of a VoIP caller, an investigating agency has to access a database kept by the service provider. The database logs the unique numerical identifier, known as an Internet Protocol (I.P.) address, of whatever device the subscriber was using to connect to the Internet. This could be a computer equipped with a microphone, a special VoIP phone, or even a cellphone with software that routes calls over the Internet using wireless connections as opposed to cellular signals.

It would then take additional electronic sleuthing to determine where the device was located. The customer’s identity could be obtained from the service provider as well, but might prove fraudulent, experts said.

Getting the I.P. address and then determining its location can take days longer than a standard phone trace, particularly if service providers involved are in a foreign country.

“Ultimately, we can trace them,” said Mr. Gafoor, referring to VoIP calls. “It takes a little longer, but we will trace them.”

Washington is assisting the Indian authorities in obtaining this information, according to another Indian police official who also spoke anonymously because of the continuing investigation.

Further complicating this task is the fact that I.P. addresses change frequently and are less tied to a specific location than phone numbers.

Computer experts said that while these challenges were formidable, none were insurmountable. And they cautioned that security services and police forces might be disingenuous when they complain about terrorists’ use of new technologies, including VoIP.

The experts said that VoIP calls left a far richer data trail for investigators to mine than someone calling from an old-fashioned pay phone. Mr. Blaze, the computer security expert at the University of Pennsylvania, also noted that 15 years ago the Mumbai attackers would probably not have had the capacity to make calls to their handlers during the course of their attacks, depriving investigators of vital clues to their identities. “As one door closes — traditional wire line tapping — all these other doors have opened,” Mr. Blaze said.

December 9, 2008
By JEREMY KAHN

Find this story at 9 December 2008

Copyright 2008 The New York Times Company

GCHQ taps fibre-optic cables for secret access to world’s communications

Exclusive: British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA, latest documents from Edward Snowden reveal

Secret document detailing GCHQ’s ambition to ‘master the internet’

Britain’s spy agency GCHQ has secretly gained access to the network of cables which carry the world’s phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).

The sheer scale of the agency’s ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.

One key innovation has been GCHQ’s ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.

GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.

This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user’s access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.

The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called “the largest programme of suspicionless surveillance in human history”.

“It’s not just a US problem. The UK has a huge dog in this fight,” Snowden told the Guardian. “They [GCHQ] are worse than the US.”

However, on Friday a source with knowledge of intelligence argued that the data was collected legally under a system of safeguards, and had provided material that had led to significant breakthroughs in detecting and preventing serious crime.

Britain’s technical capacity to tap into the cables that carry the world’s communications – referred to in the documents as special source exploitation – has made GCHQ an intelligence superpower.

By 2010, two years after the project was first trialled, it was able to boast it had the “biggest internet access” of any member of the Five Eyes electronic eavesdropping alliance, comprising the US, UK, Canada, Australia and New Zealand.

UK officials could also claim GCHQ “produces larger amounts of metadata than NSA”. (Metadata describes basic information on who has been contacting whom, without detailing the content.)

By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.

The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: “We have a light oversight regime compared with the US”.

When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was “your call”.

The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.

The documents reveal that by last year GCHQ was handling 600m “telephone events” each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time.
Document quoting Lt Gen Keith Alexander, head of the NSA, during a visit to Britain

Each of the cables carries data at a rate of 10 gigabits per second, so the tapped cables had the capacity, in theory, to deliver more than 21 petabytes a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours.

And the scale of the programme is constantly increasing as more cables are tapped and GCHQ data storage facilities in the UK and abroad are expanded with the aim of processing terabits (thousands of gigabits) of data at a time.

For the 2 billion users of the world wide web, Tempora represents a window on to their everyday lives, sucking up every form of communication from the fibre-optic cables that ring the world.

The NSA has meanwhile opened a second window, in the form of the Prism operation, revealed earlier this month by the Guardian, from which it secured access to the internal systems of global companies that service the internet.

The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.

This was done under secret agreements with commercial companies, described in one document as “intercept partners”.

The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned “sensitive relationship teams” and staff were urged in one internal guidance paper to disguise the origin of “special source” material in their reports for fear that the role of the companies as intercept partners would cause “high-level political fallout”.

The source with knowledge of intelligence said on Friday the companies were obliged to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.

“There’s an overarching condition of the licensing of the companies that they have to co-operate in this. Should they decline, we can compel them to do so. They have no choice.”

The source said that although GCHQ was collecting a “vast haystack of data” what they were looking for was “needles”.

“Essentially, we have a process that allows us to select a small number of needles in a haystack. We are not looking at every piece of straw. There are certain triggers that allow you to discard or not examine a lot of data so you are just looking at needles. If you had the impression we are reading millions of emails, we are not. There is no intention in this whole programme to use it for looking at UK domestic traffic – British people talking to each other,” the source said.

He explained that when such “needles” were found a log was made and the interception commissioner could see that log.

“The criteria are security, terror, organised crime. And economic well-being. There’s an auditing process to go back through the logs and see if it was justified or not. The vast majority of the data is discarded without being looked at … we simply don’t have the resources.”

However, the legitimacy of the operation is in doubt. According to GCHQ’s legal advice, it was given the go-ahead by applying old law to new technology. The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.

However, an obscure clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad. But the nature of modern fibre-optic communications means that a proportion of internal UK traffic is relayed abroad and then returns through the cables.

Parliament passed the Ripa law to allow GCHQ to trawl for information, but it did so 13 years ago with no inkling of the scale on which GCHQ would attempt to exploit the certificates, enabling it to gather and process data regardless of whether it belongs to identified targets.

The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ’s compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.

An indication of how broad the dragnet can be was laid bare in advice from GCHQ’s lawyers, who said it would be impossible to list the total number of people targeted because “this would be an infinite list which we couldn’t manage”.

There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: “So far they have always found in our favour”.

Historically, the spy agencies have intercepted international communications by focusing on microwave towers and satellites. The NSA’s intercept station at Menwith Hill in North Yorkshire played a leading role in this. One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: “Why can’t we collect all the signals all the time? Sounds like a good summer project for Menwith.”

By then, however, satellite interception accounted for only a small part of the network traffic. Most of it now travels on fibre-optic cables, and the UK’s position on the western edge of Europe gave it natural access to cables emerging from the Atlantic.

The data collected provides a powerful tool in the hands of the security agencies, enabling them to sift for evidence of serious crime. According to the source, it has allowed them to discover new techniques used by terrorists to avoid security checks and to identify terrorists planning atrocities. It has also been used against child exploitation networks and in the field of cyberdefence.

It was claimed on Friday that it directly led to the arrest and imprisonment of a cell in the Midlands who were planning co-ordinated attacks; to the arrest of five Luton-based individuals preparing acts of terror, and to the arrest of three London-based people planning attacks prior to the Olympics.

As the probes began to generate data, GCHQ set up a three-year trial at the GCHQ station in Bude, Cornwall. By the summer of 2011, GCHQ had probes attached to more than 200 internet links, each carrying data at 10 gigabits a second. “This is a massive amount of data!” as one internal slideshow put it. That summer, it brought NSA analysts into the Bude trials. In the autumn of 2011, it launched Tempora as a mainstream programme, shared with the Americans.

The intercept probes on the transatlantic cables gave GCHQ access to its special source exploitation. Tempora allowed the agency to set up internet buffers so it could not simply watch the data live but also store it – for three days in the case of content and 30 days for metadata.

“Internet buffers represent an exciting opportunity to get direct access to enormous amounts of GCHQ’s special source data,” one document explained.

The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to “selectors” – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is “content”, such as recordings of phone calls or the substance of email messages. The rest is metadata.

The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location, as well a search for ways to maintain the agency’s comparative advantage as the world’s leading communications companies increasingly route their cables through Asia to cut costs. Meanwhile, technical work is ongoing to expand GCHQ’s capacity to ingest data from new super cables carrying data at 100 gigabits a second. As one training slide told new users: “You are in an enviable position – have fun and make the most of it.”

Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball
The Guardian, Friday 21 June 2013 17.23 BST

Find this story at 21 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Operation Tempora: GCHQ in fresh snooping row as it eavesdrops on phones and the internet

Data includes recordings of telephone calls, contents of emails, details of messages on social media and the history of internet use

Britain’s electronic eavesdropping centre, GCHQ, has started collecting data from the network of fibre-optic cables carrying the world’s telephone calls and internet traffic, it was reported tonight.

The massive programme of surveillance allows the agency to store vast volumes of information for up to 30 days which it can then study for evidence of terrorist and criminal activity.

The claims, in The Guardian, will provoke a fresh civil liberties storm following recent allegations that thousands of Britons could have been spied on by GCHQ through a covert link with the US National Security Agency (NSA).

According to the paper, the agency has been running Operation Tempora for 18 months under which it gains access to transatlantic cables carrying data about phone calls and internet use. It is said to share information gleaned from it with the NSA.

The data includes recordings of telephone calls, contents of emails, details of messages on social media and the history of internet use.

Documents seen by the paper suggest that by last year GCHQ was handling 600m “telephone events” each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 at a time.

A source told The Guardian that the eavesdropping allowed the security services to arrest three people planning attacks on last year’s London Olympics, as well as terrorist cells in the Midlands and Luton. It has also been used against child exploitation networks and to boost cyberdefence.

A GCHQ spokesman said: “It is longstanding practice that we do not comment on intelligence matters.”

He added: “GCHQ takes its obligations under the law very seriously. Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Intelligence and Security Committee.”

* Edward Snowden has been charged in his absence by US prosecutors with spying and theft of government property. The charges are included in sealed documents filed by prosecutors.

Nigel Morris
Saturday, 22 June 2013

Find this story at 22 June 2013

© independent.co.uk

MI5 feared GCHQ went ’too far’ over phone and internet monitoring

Amid leaks from NSA whistleblower Edward Snowden, senior intelligence source reveals worries were voiced in 2008

GCHQ taps can intercept UK and US phone and internet traffic. Photograph: EPA

Senior figures inside British intelligence have been alarmed by GCHQ’s secret decision to tap into transatlantic cables in order to engage in the bulk interception of phone calls and internet traffic.

According to one source who has been directly involved in GCHQ operations, concerns were expressed when the project was being discussed internally in 2008: “We felt we were starting to overstep the mark with some of it. People from MI5 were complaining that they were going too far from a civil liberties perspective … We all had reservations about it, because we all thought: ‘If this was used against us, we wouldn’t stand a chance’.”

The Guardian revealed on Friday that GCHQ has placed more than 200 probes on transatlantic cables and is processing 600m “telephone events” a day as well as up to 39m gigabytes of internet traffic. Using a programme codenamed Tempora, it can store and analyse voice recordings, the content of emails, entries on Facebook, the use of websites as well as the “metadata” which records who has contacted who. The programme is shared with GCHQ’s American partner, the National Security Agency.

Interviews with the UK source and the NSA whistleblower Edward Snowden raise questions about whether the programme:

■ Exploits existing law which was passed by parliament without any anticipation that it would be used for this purpose.

■ For the first time allows GCHQ to process bulk internal UK traffic which is routed overseas via these cables.

■ Allows the NSA to engage in bulk intercepts of internal US traffic which would be forbidden in its own territory.

■ Functions with no effective oversight.

The key law is the Regulation of Investigatory Powers Act 2000, Ripa, which requires the home secretary or foreign secretary to sign warrants for the interception of the communications of defined targets. But the law also allows the foreign secretary to sign certificates that authorise GCHQ to trawl for broad categories of information on condition that one end of the communication is outside the UK.

According to the UK source: “Not so long ago, this was all about attaching crocodile clips to copper wires. And it was all about voice. Now, it’s about the internet – massive scale – but still using the same law that was devised for crocodile clips. Ripa was primarily designed for voice, not for this level of interception. They are going round Ripa. The legislation doesn’t exist for this. They are using old legislation and adapting it.”

The source claimed that even the conventional warrant system has been distorted – whereas police used to ask for a warrant before intercepting a target’s communications, they will now ask GCHQ to intercept the target’s communications and then use that information to seek a warrant.

There is a particular concern that the programme allows GCHQ to break the boundary which stopped it engaging in the bulk interception of internal UK communications. The Ripa requirement that one end of a communication must be outside the UK was a significant restriction when it was applied to phone calls using satellites, but it is no longer effective in the world of fibre-optic cables. “The point is that this is an island,” the source said. “Everything comes and goes – nearly everything – down fibre-optic cables. You make a mobile phone call, it goes to a mast and then down into a fibre-optic cable, under the ground and away. And even if the call is UK to UK, it’s very likely – because of the way the system is structured – to go out of the UK and come back in through these fibre-optic channels.”

Internet traffic is also liable to be routed internationally even if the message is exchanged between two people within the UK. “At one point, I was told that we were getting 85% of all UK domestic traffic – voice, internet, all of it – via these international cables.”

Last year, the government was mired in difficulty when it tried to pass a communications bill that became known as the “snoopers’ charter”, and would have allowed the bulk interception and storage of UK voice calls and internet traffic. The source says this debate was treated with some scepticism inside the intelligence community – “We’re sitting there, watching them debate the snoopers’ charter, thinking: ‘Well, GCHQ have been doing this for years’.”

There are similar concerns about the role of the NSA. It could have chosen to attach probes to the North American end of the cables and documents shown to the Guardian by Edward Snowden suggest that key elements of the Tempora filtering process were designed by the NSA. Instead, the NSA agency has exported its computer programs and 250 of its analysts to operate the system from the UK.

Initial inquiries by the Guardian have failed to explain why this has happened, but US legislators are likely to want to check whether the NSA has sought to bypass legal or policy requirements which restrict its activity in the US. This will be particularly sensitive if it is confirmed that Tempora is also analysing internal US traffic.

The UK source challenges the official justification for the programme; that it is necessary for the fight against terrorism and serious crime: “This is not scoring very high against those targets, because they are wise to the monitoring of their communications. If the terrorists are wise to it, why are we increasing the capability?

“The answer is that you can’t stop it. It is a self-fulfilling prophecy. The more we develop communications technology, the more they develop technology to intercept it. There was MS Chat – easy. Then Yahoo chat – did that, too. Then Facebook. Then Skype. Then Twitter. They keep catching up. It is good for us, but it is bad for us.”

It is clear from internal paperwork that GCHQ has created systems to restrain the use of this powerful tool and to ensure that its use complies not only with Ripa but also with the 1998 Human Rights Act, which requires essentially that the use of the data must be proportional to the crime or threat investigated. Defenders insist that the mass of data is heavily filtered by the programme so that only that relating to legitimate targets is analysed.

However, there are doubts about the effectiveness of this. First, according to the UK source, “written definitions for targeting and filtering are very elastic. They are wide open to interpretation.” The target areas defined by the Ripa certificates are secret.

Second, there is further room for interpretation when human analysts become involved in using the filtered intelligence to produce what are known as “contact chains”. “Here is target A. But who is A talking to? Now we’re into B and C and D.” If analysts believe it is proportional, they can look at all the traffic – content and metadata – relating to all of the target’s contact.” GCHQ audits a sample of its analysts’ work – believed to be 5% every six months – but even the statistical results of these audits are also secret.

Beyond the detail of the operation of the programme, there is a larger, long-term anxiety, clearly expressed by the UK source: “If there was the wrong political change, it could be very dangerous. All you need is to have the wrong government in place. It is capable of abuse because there is no independent scrutiny.”

Nick Davies
The Observer, Saturday 22 June 2013 20.18 BST

Find this story at 22 June 2013
© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.