NSA Accused of Spying on EU; President of the European Parliament demands “Full Clarification” From the U.S.

BRUSSELS—Senior European politicians demanded explanations from Washington of allegations that the National Security Agency spied on European Union institutions, risking a corrosion of trust as the EU and U.S. embark on negotiations over a free-trade accord.

The German weekly magazine Der Spiegel reported over the weekend that the U.S. placed listening devices in EU offices in Washington, infiltrated computers there and electronically spied on EU bodies elsewhere. It cited secret documents obtained by former NSA contractor Edward Snowden as the basis for its report.

Reuters

A former NSA base in Germany. A German politician criticized allegations the U.S. spied on European officials.

The allegations come at a sensitive time. The EU in June gave the go-ahead for the start of trade negotiations with the U.S., which are likely to start soon. Though the talks are expected to take at least two years, the European Parliament, where many lawmakers are highly sensitive to privacy issues, will need to approve any accord.

“Partners do not spy on each other,” EU Justice Commissioner Viviane Reding said at a public forum in Luxembourg. “We cannot negotiate over a big trans-Atlantic market if there is the slightest doubt that our partners are carrying out spying activities on the offices of our negotiators. The American authorities should eliminate any such doubt swiftly.”

Snowden on the Run

U.S. authorities sought to catch Edward Snowden before he reached his next goal: political asylum in Ecuador.

French Foreign Minister Laurent Fabius said his country had formally requested clarification from Washington. “These facts, if confirmed, would be absolutely unacceptable,” he said.

Germany’s Justice Ministry also called for the U.S. to clarify the matter, and for European Commission President José Manuel Barroso to act. “If the media reports are true, it’s reminiscent of the approaches of enemies during the Cold War. It’s beyond any stretch of the imagination that our friends in the U.S.A. see the Europeans as enemies,” German Justice Minister Sabine Leutheusser-Schnarrenberger said in a statement.

“Comprehensive spying by the Americans on Europeans cannot be allowed,” she said, adding that it is unlikely the U.S. could justify bugging European diplomacy offices as part of the global fight on terrorism.

The European External Action Service, the foreign policy arm of the EU whose premises were an alleged target of U.S. surveillance, said the issue “is clearly a matter of concern.” It said the U.S. authorities “have told us they are checking on the accuracy of the information…and will come back to us as soon as possible.”

The U.S. Office of the Director of National Intelligence said the U.S. is responding to the European Union privately about the allegations.

The U. S. “will respond appropriately to the European Union through our diplomatic channels,” the office said. “We will also discuss these issues bilaterally with EU member states.”

The office’s statement didn’t address the specific allegations but said, “We have made clear that the United States gathers foreign intelligence of the type gathered by all nations.”

In a separate report Sunday, the Guardian newspaper in Britain said an NSA document lists 38 embassies and missions as “targets” for the agency’s spying, among them the French, Italian and Greek embassies. The article cited information leaked by Mr. Snowden as it source.

The allegations are the latest to emerge in U.S. and European media about surveillance activities by the U.S. and its closest allies based on Mr. Snowden’s disclosures. Mr. Snowden is at a Moscow airport, arriving there from Hong Kong in a bid to travel to Ecuador, where he has applied for political asylum.

The lead author of Der Spiegel’s report was Laura Poitras, an American documentary filmmaker who created a video interview with Mr. Snowden, distributed online, in which he described why he released information from some of the NSA documents.

Ms. Poitras also was co-author of an article in the Washington Post, based on Mr. Snowden’s leaks, about an NSA program to gain access to U.S. Internet companies’ computers in an effort to track online activities of foreigners suspected in terrorist activity.

Julian Assange, founder of the antisecrecy site WikiLeaks, said Sunday there would be no halting future disclosures from Mr. Snowden. “Look, there is no stopping the publishing process at this stage. Great care has been taken to make sure that Mr. Snowden can’t be pressured by any state to stop the publication process,” he said in an interview with the ABC network from the Ecuadorean embassy in London, where he is seeking refuge.

According to intelligence specialists, the activities alleged in Der Spiegel’s report are similar to previously reported spying efforts among friendly countries. While allies have no intention of attacking one another, they seek information on decision-making within each other’s governments, and as a way to tell whether those governments might be spying on them.

The NSA raised concerns in 2006 about the merger of French-owned phone-equipment company Alcatel with U.S.-based Lucent because U.S. officials feared the deal would provide the French extraordinary access to U.S. telecommunications systems.

The NSA raised similar issues more recently over Chinese telecom-gear company Huawei Technologies’ efforts to expand in the U.S.

The president of the European Parliament, Martin Schulz, said in a statement he was “deeply worried and shocked about the allegations of U.S. authorities spying on EU offices.”

The statement added: “If the allegations prove to be true, it would be an extremely serious matter which will have a severe impact on EU-U.S. relations…on behalf of the European Parliament, I demand full clarification and require further information speedily from the U.S. authorities with regard to these allegations.”

A spokesman for the German Foreign Ministry declined to comment on the allegations.

According to Der Spiegel, an NSA document dated September 2010 showed that the Washington embassy of the European Union was bugged and its computer network infiltrated. Similar measures were taken at the European mission to the United Nations in New York. The document described the Europeans as “targets.”

In addition, the U.S. bugged EU conversations in Brussels, spying on theJustus Lipsius building, headquarters of the Council of the European Union, according to the report.

The magazine reported that the NSA saves information on about a half billion phone or Internet connections from Germany every year through its “Boundless Informant” program.

Only a few countries labeled as close friends by the NSA are largely exempt from its monitoring: the U.K., Australia, Canada and New Zealand, the magazine said. An additional 30 countries are classified as “third party,” with an internal NSA presentation saying the agency is able to intercept signals from these countries and often does, Der Spiegel reported.

The controversy over the new allegations is reminiscent of the furor ignited in Europe in 2000 by disclosures about the NSA’s so-called Echelon project, which included commercial organizations among its alleged targets, prompting an investigation and report from the European Parliament.

The report drew a distinction between spying for national-security reasons and for commercial advantage, saying the latter could breach EU law.

European lawmakers have also expressed disquiet about the sharing of European financial data with U.S. authorities.

The reports about the NSA’s alleged activities already have prompted Ms. Reding, the EU justice commissioner, to organize, together with U.S. Attorney General Eric Holder, a panel of experts to find out how much data about Europeans was shared.
—Stacy Meichtry in Paris and Siobhan Gorman in Washington contributed to this article.

Write to Stephen Fidler at stephen.fidler@wsj.com, Frances Robinson at frances.robinson@dowjones.com and Laura Stevens at laura.stevens@wsj.com

A version of this article appeared July 1, 2013, on page A4 in the U.S. edition of The Wall Street Journal, with the headline: Officials Slam Alleged NSA Spying on the EU.

Updated June 30, 2013, 7:26 p.m. ET
By STEPHEN FIDLER, FRANCES ROBINSON and LAURA STEVENS

Find this story at 30 June 2013

Copyright 2012 Dow Jones & Company, Inc.

New NSA leaks show how US is bugging its European allies

Exclusive: Edward Snowden papers reveal 38 targets including EU, France and Italy

Berlin accuses Washington of cold war tactics

One of the bugging methods mentioned is codenamed Dropmire, which according to a 2007 document is ‘implanted on the Cryptofax at the EU embassy, DC’. Photograph: Guardian

US intelligence services are spying on the European Union mission in New York and its embassy in Washington, according to the latest top secret US National Security Agency documents leaked by the whistleblower Edward Snowden.

One document lists 38 embassies and missions, describing them as “targets”. It details an extraordinary range of spying methods used against each target, from bugs implanted in electronic communications gear to taps into cables to the collection of transmissions with specialised antennae.

Along with traditional ideological adversaries and sensitive Middle Eastern countries, the list of targets includes the EU missions and the French, Italian and Greek embassies, as well as a number of other American allies, including Japan, Mexico, South Korea, India and Turkey. The list in the September 2010 document does not mention the UK, Germany or other western European states.

One of the bugging methods mentioned is codenamed Dropmire, which, according to a 2007 document, is “implanted on the Cryptofax at the EU embassy, DC” – an apparent reference to a bug placed in a commercially available encrypted fax machine used at the mission. The NSA documents note the machine is used to send cables back to foreign affairs ministries in European capitals.

The documents suggest the aim of the bugging exercise against the EU embassy in central Washington is to gather inside knowledge of policy disagreements on global issues and other rifts between member states.

The new revelations come at a time when there is already considerable anger across the EU over earlier evidence provided by Snowden of NSA eavesdropping on America’s European allies.

Germany’s justice minister, Sabine Leutheusser-Schnarrenberger, demanded an explanation from Washington, saying that if confirmed, US behaviour “was reminiscent of the actions of enemies during the cold war”.

The German magazine Der Spiegel reported at the weekend that some of the bugging operations in Brussels targeting the EU’s Justus Lipsius building – a venue for summit and ministerial meetings in the Belgian capital – were directed from within Nato headquarters nearby.

The US intelligence service codename for the bugging operation targeting the EU mission at the United Nations is “Perdido”. Among the documents leaked by Snowden is a floor plan of the mission in midtown Manhattan. The methods used against the mission include the collection of data transmitted by implants, or bugs, placed inside electronic devices, and another covert operation that appears to provide a copy of everything on a targeted computer’s hard drive.

The eavesdropping on the EU delegation to the US, on K Street in Washington, involved three different operations targeted on the embassy’s 90 staff. Two were electronic implants and one involved the use of antennas to collect transmissions.

Although the latest documents are part of an NSA haul leaked by Snowden, it is not clear in each case whether the surveillance was being exclusively done by the NSA – which is most probable as the embassies and missions are technically overseas – or by the FBI or the CIA, or a combination of them. The 2010 document describes the operation as “close access domestic collection”.

The operation against the French mission to the UN had the covername “Blackfoot” and the one against its embassy in Washington was “Wabash”. The Italian embassy in Washington was known to the NSA as both “Bruneau” and “Hemlock”.

The eavesdropping of the Greek UN mission was known as “Powell” and the operation against its embassy was referred to as “Klondyke”.

Snowden, the 30-year-old former NSA contractor and computer analyst whose leaks have ignited a global row over the extent of US and UK electronic surveillance, fled from his secret bolthole in Hong Kong a week ago. His plan seems to have been to travel to Ecuador via Moscow, but he is in limbo at Moscow airport after his US passport was cancelled, and without any official travel documents issued from any other country.

Ewen MacAskill in Rio de Janeiro and Julian Borger
The Guardian, Sunday 30 June 2013 21.28 BST

Find this story at 30 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

NSA-Spähprogramm in Deutschland; Dame, König, As, Spion

Europa und Deutschland sind Hauptziele der Überwachung durch den US-Geheimdienst NSA. Millionen von Daten werden hierzulande von Obamas Spionen gesammelt. Doch Angela Merkels Regierung wirkt erstaunlich passiv. Warum?

Berlin – Als Sabine Leutheusser-Schnarrenberger kürzlich am Brandenburger Tor der Rede von Barack Obama lauschte, sah man sie in bester Stimmung. Sie winkte mit einem US-Fähnchen, die Worte des Präsidenten zu Freiheit und Gerechtigkeit gefielen der Liberalen sehr.

Knapp zwei Wochen später ist von der guten Stimmung der Ministerin nichts mehr übrig. Selten hat man sie so verärgert vernommen wie an diesem Sonntag. “Es sprengt jede Vorstellung, dass unsere Freunde in den USA die Europäer als Feinde ansehen”, sagt sie. Sie fühle sich “an das Vorgehen unter Feinden während des Kalten Krieges” erinnert.

Anlass des Aufschreis der Justizministerin ist ein SPIEGEL-Bericht, der unter Berufung auf Dokumente des Whistleblowers Edward Snowden neue Details der Spähprogramme des US-Geheimdiensts NSA offenlegt. Ob Wanzen in EU-Vertretungen, Lauschangriffe auf Brüsseler Behörden oder das flächendeckende Abschöpfen deutscher Telekommunikationsdaten – der Geheimdienst scheint vor nichts zurückzuschrecken.

Unter Parlamentariern macht sich Entsetzen über das Ausmaß der Spähattacken aus Übersee breit. Als “Riesenskandal” bezeichnet der Präsident des Europaparlaments, Martin Schulz (SPD), die Vorwürfe. Von einer “unvorstellbar umfassenden Spionageaktion” spricht Grünen-Fraktionschefin Renate Künast, von einer “ernsthaften Erschütterung des Vertrauensverhältnisses” der FDP-Innenexperte Jimmy Schulz.

Innenminister Friedrich im Wartemodus

Kritik gibt es aber nicht nur an der Regierung in Washington. Auch das Agieren der Kanzlerin rückt plötzlich in den Fokus. Angela Merkel müsse “den Sachverhalt schnellstens klären”, fordert ihr Herausforderer Peer Steinbrück. Wenn die Kanzlerin nun noch immer behaupte, das Thema gehöre in bilaterale und geheime Gespräche, “dann gibt sie sich der Lächerlichkeit preis”, sagt Künast.

Es ist Wahlkampf, klar. Aber über die Kritik kann sich die Bundesregierung kaum beschweren. Mit Ausnahme der Justizministerin macht Merkels Mannschaft nicht den Eindruck, als habe das Thema oberste Priorität.

Vom CSU-Bundesinnenminister ist seit dem Auffliegen des ersten Spähprogramms vor einigen Wochen kaum etwas zu hören. Hans-Peter Friedrich hat kürzlich ein paar Fragen über den Atlantik geschickt und befindet sich seitdem im Wartemodus. Die Kanzlerin besprach das Thema mit dem US-Präsidenten bei dessen Besuch in Berlin. Aber viel mehr als ein paar mahnende Worte, bei modernen Überwachungstechniken stets die Verhältnismäßigkeit im Blick zu haben, sprang dabei nicht heraus.

Es ist – gerade in der Sicherheitspolitik – nicht ganz einfach, auf Konfrontation mit den USA zu gehen, deutsche Behörden haben zuletzt immer wieder von den Informationen ihrer amerikanischen Partner profitiert. Aber angesichts der neuen Enthüllungen stellt sich die Frage, wie viel Zurückhaltung sich die Bundesregierung eigentlich leisten kann.

Wie Verwanzungen und flächendeckende Lauschangriffe in Partnerländern noch mit Terrorabwehr rechtfertigt werden sollen, erscheint fraglich. Wenn von einem ausländischen Nachrichtendienst derart systematisch die Privatsphäre der Bürger unterlaufen wird, sind ein paar offene Worte sicher nicht zu viel erwartet. Manche sind man da weiter. Frankreichs Außenminister Laurent Fabius drängte die USA am Sonntag zu einer Stellungnahme, die Brüsseler Kommission ebenso, auch der Generalbundesanwalt schaltete sich in die Spähaffäre ein.

Wie lässt sich Druck auf die USA ausüben?

Fragen gibt es genug. Kann es wirklich sein, dass deutsche Dienste von der großflächigen Vorratsdatenspeicherung nichts wussten, wo doch gerade im Sicherheitsbereich zwischen Berlin und Washington ein reger Austausch herrscht? Werden deutsche Bürger aktuell überwacht, und welche Bereiche der Kommunikation sind betroffen? Und was tut die Bundesregierung eigentlich konkret, um das Recht auf informationelle Selbstbestimmung der Bürger hierzulande gegen Angriffe von außen zu schützen?

Die Zurückhaltung von Merkel und Co. macht inzwischen auch die eigenen Reihen ungeduldig. Als die Bundesregierung im Parlamentarischen Kontrollgremium kürzlich über die Details der US-Überwachung in Deutschland Bericht erstatten sollte, konnten dem Vernehmen nach dazu weder Friedrichs Staatssekretär etwas sagen noch Merkels Geheimdienstkoordinator. Man warte noch auf Antworten aus Washington, hieß es. Auch unter Abgeordneten von Union und FDP machte sich daraufhin Ärger breit. Bis Mitte August soll die Bundesregierung jetzt ihre Hausaufgaben nachholen. Dann tagt das geheime Gremium erneut.

Schon jetzt wünscht sich mancher aber, dass die Koalition mehr Druck auf die Amerikaner ausübt. Besonders im EU-Parlament gibt es dazu einen Strauß an Überlegungen. Die einen denken darüber nach, Whistleblower Snowden einen Preis zu verleihen. Die anderen wollen die Abkommen zur Übermittlung von Bank- und Fluggastdaten aufkündigen. Und dann ist da noch die Idee, die seit einiger Zeit laufenden Verhandlungen für eine gemeinsame Freihandelszone zwischen Brüssel und Washington zu überdenken.

Auch in der Union gibt es dafür Sympathien – wohlwissend, dass es sich dabei um ein Lieblingsprojekt der Kanzlerin handelt. “Wie soll man”, fragt Elmar Brok, Chef des Auswärtigen Ausschusses für Auswärtige Angelegenheiten des Europaparlaments, “noch verhandeln, wenn man Angst haben muss, dass die eigene Verhandlungsposition vorab abgehört wird?”

30. Juni 2013, 18:53 Uhr
Von Veit Medick

Find this story at 30 June 2013

© SPIEGEL ONLINE 2013

Germans intercept electronic data, too – but not much

Following public outrage about surveillance in other countries, Germans are asking how much access their own intelligence services have to private communications. Not as much as they would like, it seems.

In 2010 the German Federal Intelligence Service (BND) gathered around 37 million e-mails, text messages and other telecommunications data. According to a report by the parliamentary watchdog, around 10 million of these messages fell under the heading of “international terrorism.”

Since then, however, the number has dropped to a fraction of that amount. In 2011 the BND intercepted 2.9 million electronic messages; in 2012 this dropped again, to 900,000. The messages checked were not only those containing certain keywords: telephone numbers and IP addresses that fell under suspicion were also monitored.
The German Federal Intelligence Service is subject to strict controls

It is the BND’s job to acquire information in order to identify and ward off threats to Germany’s security. It investigates terrorist plots, the illegal arms trade, people smuggling and drug trafficking. The intelligence service has to abide by strict laws when conducting any kind of surveillance, and is subject to supervision by a special committee of the German parliament.

Michael Hartmann of the opposition Social Democrats, Gisela Piltz of the junior coalition partner, the Free Democrats, and Hans-Peter Uhl of the Bavarian sister party of the governing Christian Democrats, the Christian Social Union, are three of the 11 members of the parliamentary watchdog in the Bundestag. The three are keen to reassure the public that Germany is not turning into a “Big Brother” surveillance state.

In recent years the watchdog has been given greater authority. It is authorized to interview all secret service agents, has access to all files, and can intervene if things are not being done according to the rules.

The three members of the committee point to the dramatic decrease in the amount of telecommunications data collected since 2010 – a consequence of improvements in surveillance techniques.

Privacy protected by the constitution
Edward Snowden’s revelations led Germans to ask what their secret services were up to

Michael Hartmann admits that the BND still throws its digital net wide, but emphasizes that collection of data is neither random nor unlimited. “Messages or phone conversations are only analyzed if there is concrete suspicion of criminal activity,” he says. Hartmann insists that the BND would never spy or eavesdrop on countries that are Germany’s allies.

Hans-Peter Uhl points out that it is forbidden for the BND to tap the phones of German citizens, either at home or abroad, unless there are concrete grounds for suspicion. “Should they eavesdrop on a foreigner in conversation with a German citizen, they have to erase the conversation,” he says. This deletion process is documented, so the data protection supervisor is able to check it really was carried out.

The watchdog members highlight the fact that a court order is required before any phone tap can be instigated. They acknowledge that personal privacy is a highly-valued commodity for everyone living in Germany, and that it is enshrined as such in the constitution. Whenever there is a question of the German intelligence services being allowed to do something which might infringe on this fundamental right, control measures must be put in place by a supervisory committee, the so-called G10 Commission, which supervises all invasions of postal, telephone and Internet privacy.

According to the German parliament, in 2011 the G10 Commission authorized Germany’s three intelligence services – domestic, foreign and military – to carry out 156 such infringements, limited to a maximum of between three and six months each.

Making surveillance public

German law also states that once an operation has come to an end, the person who has been under surveillance, or the object of a wiretap, has to be informed. This can result in official complaints, which are dealt with in public proceedings. At the last count, administrative courts in Berlin and Cologne were dealing with 16 such cases.
The BND is not allowed to eavesdrop on German citizens without a special court order

“We have a list of these complaints and follow them up,” says Gisela Piltz. “I don’t have the impression that the intelligence services are in general doing things illegally.”

In the past, representatives of the intelligence services have repeatedly attempted to persuade successive governments to allow them more extensive access to Internet and telephone data. They argue that it is essential if they are to be effective in countering terrorists and criminals using modern methods.

However, many of these requests have been denied: as, for example, when they wanted to be allowed to stockpile large amounts of data for possible future use, even if there was no concrete suspicion at the time of collection. The Constitutional Court rejected the application, and a law allowing it that was briefly in effect between 2008 and 2010 had to be repealed as a result.

An EU Commission guideline would now permit Germany to store telecommunications data for up to six months. So far, however, the justice minister has refused to adopt this into German law. The EU has instigated legal proceedings. Requirements for telecommunications providers to save data for longer than six months so that they can be made available to the intelligence services have also, so far, not been implemented.

Limited effectiveness
Rolf Tophoven believes data interception is only of limited use in combating terrorism

Rolf Tophoven, director of the Institute for Crisis Prevention in Essen and an expert on terrorism, says the secret services should not rely too heavily on the technical analysis of telecommunications data. “The results that are relevant to the intelligence services are very modest compared with the mass of data in the information gathered,” he says.

The parliamentary watchdog has even put a figure on this. It reports that out of 2.5 million e-mails analyzed by the BND, only 300 contained material relevant to their investigations.

Tophoven believes that the BND needs to employ more specialists in analyzing data and assessing a situation – if possible, on the ground. “The modern terrorist is radicalized in secret. He slips under the radar of the intelligence services and their high-tech computers,” he explains, giving the perpetrators of the Boston marathon bombings as an example.

Since the recent revelations about the extent of the United States’ surveillance program, there have been fears that Germany’s intelligence services may also be spying on its citizens more than previously admitted. However, Tophoven believes this is unlikely – and not just because of strict regulation: “The Germans don’t collect data that extensively because they don’t have anything like the personnel or the technical and financial means to do so.”

Date 26.06.2013
Author Wolfgang Dick / cc
Editor Michael Lawton

Find this story at 26 June 2013

© 2013 Deutsche Welle

Privacy Problem? Road Shooter Found Via Mass Data Collection

Germans are apoplectic about the Internet spy programs Prism and Tempora. But police here this week announced the capture of a highway shooter using similar tactics. Privacy activists are concerned.

Germans are furious. Revelations that the United States and Britain — along with Canada, New Zealand and Australia, as part of the so-called “Five Eyes Alliance” — have spent recent years keeping a suffocatingly close watch on web and cellular communications have led politicians in Berlin to utter increasingly drastic condemnations. Over the weekend, for example, Justice Minister Sabine Leutheusser-Schnarrenberger referred to the British surveillance program Tempora as a “catastrophe” and said it was a “Hollywood-style nightmare.”

But is there not a time and a place for mass data collection? This, too, is a question Germany is grappling with this week after the capture of a truck driver who spent years shooting at other vehicles on the country’s autobahns. He was caught only after police set up a complicated surveillance system which was able to read the license plate numbers of tens of thousands of cars and trucks on the country’s highways.

The operation has unsettled data protection activists. But Jörg Ziercke, head of Germany’s Federal Criminal Police Office (BKA), praised the effort on Tuesday, telling journalists that “we have found the famous needle in a haystack.” He said there was “no alternative” to the intensive surveillance efforts the police used to capture the perpetrator.

The case involves a truck driver who fired at least 762 shots at cars and trucks on German highways and at buildings in a shooting spree that began in 2008. In several cases, his targets were only barely able to avoid accidents as a result of the shots. In 2009, one woman was hit in the neck with a bullet fired by the truck driver, identified on Tuesday only as a 57-year-old truck driver from North Rhine-Westphalia, but survived.

German officials said on Tuesday that the driver would be charged with attempted murder in addition to weapons related charges. Ziercke said the man had confessed soon after he was arrested over the weekend and said that he had acted “out of anger and frustration with traffic.” He said that he saw the situation on Germany’s autobahns as a kind of “war” and that he had merely been trying to defend himself.

A Police Monitoring System

Yet as unique as the case is, the methods employed by the police to solve it have attracted more attention. Initially, officers sought to attract shots themselves, driving a truck on the autobahns between Cologne, Frankfurt, Nuremberg and Karlsruhe where most of the gunfire had been reported. The police vehicle, however, was never targeted.

Plan B is the one that has raised data protection concerns. Even though Germany has a toll system which collects information on the trucks plying the country’s highways, police are forbidden access to the data collected. So they essentially constructed one of their own. On seven sections of the autobahns in question, police erected equipment that was able recognize and store the license plate numbers of vehicles that drove by. Using that data, they were able to identify vehicles that passed a certain section of highway at roughly the same time as did a target vehicle.

In April, the system hit pay-dirt. In just five days, six drivers reported being shot at. Officers were able to reconstruct the likely route taken by the perpetrator and they then looked at the license plate data collected by cameras stationed along that route. By filtering through the information gathered, they were able to identify one truck that could have been at each site where shots were reported. They were then able to match up the route with the mobile phone data of the driver. “The correspondence” between the two data sets “was clear,” Zierke said on Tuesday.

But were the methods employed by the federal police legal? Data protection officials aren’t so sure. “Even if the search for the highway shooter was successful in the end, from a data protection perspective the preliminary verdict on the methods used is rather ambivalent,” Edgar Wagner, the top data protection official for the state of Rhineland-Palatinate, said in a statement. “There is not a sufficient legal basis for such a nationwide … investigative technique.”

‘A Price to Pay’

He said that by his calculations, “60 to 80 million sets of data from completely innocent people” were gathered during the course of the investigation “to catch a single suspect. We have (long) known that such a procedure can be effective. But there is also a price to pay.”

It is a sentiment that is shared by many in Germany. The country has had plenty of experience with state overreach, with both the Nazis and the East Germans being experts at keeping close tabs on their citizenry. That history manifests itself in an extreme sensitivity to data privacy issues and the country has been particularly watchful when it comes to the use of digital data by companies such as Google and Facebook. Indeed, government officials beyond the Justice Ministry have reacted to US and British digital spying with notable vehemence.

It is perhaps not surprising then, that Wagner is not alone with his concerns. While not directly criticizing the methods used by federal police to track down the autobahn shooter, Wagner’s data-protection counterpart in North Rhine-Westphalia, Ulrich Lepper, expressed serious reservations in a Wednesday interview with the Bonn daily General-Anzeiger.

Powerful Preventative Measure

“The freedom to move around in the public space without being monitored is one of our fundamental rights,” he said. “Data protection — the right to control information about your person — means that you can decide who knows what and when … about you. These rights can only be infringed upon on the basis of a law.”

Ziercke, not surprisingly, does not share such concerns. He believes that law enforcement should have access to the data collected by the truck toll system and also argued on Tuesday that data collection could be a powerful preventative measure. “I would like to meet a data protection activist who is able to convince someone with the argument that we should not have been allowed to use that data to prevent danger,” he said. “I don’t find such arguments to be credible.”

Ziercke’s argument is notably close to that used by US President Barack Obama in defending the National Security Agency’s online spying program Prism. The data gathered is useful, Obama has repeatedly insisted this month, for the prevention of terror attacks.

Germans have largely rejected that line of argumentation. Whether their scorn will be applied closer to home remains to be seen.

06/26/2013 05:08 PM
By Charles Hawley

Find this story at 26 June 2013

© SPIEGEL ONLINE 2013

Berlin accuses Washington of cold war tactics over snooping

Reports of NSA snooping on Europe go well beyond previous revelations of electronic spying

Sabine Leutheusser-Schnarrenberger: ‘If the media reports are true, it is reminiscent of the actions of enemies during the cold war’. Photograph: Ole Spata/Corbis

Transatlantic relations plunged at the weekend as Berlin, Brussels and Paris all demanded that Washington account promptly and fully for new disclosures on the scale of the US National Security Agency’s spying on its European allies.

As further details emerged of the huge reach of US electronic snooping on Europe, Berlin accused Washington of treating it like the Soviet Union, “like a cold war enemy”.

The European commission called on the US to clarify allegations that the NSA, operating from Nato headquarters a few miles away in Brussels, had infiltrated secure telephone and computer networks at the venue for EU summits in the Belgian capital. The fresh revelations in the Guardian and allegations in the German publication Der Spiegel triggered outrage in Germany and in the European parliament and threatened to overshadow negotiations on an ambitious transatlantic free-trade pact worth hundreds of billions due to open next week.

The reports of NSA snooping on Europe – and on Germany in particular – went well beyond previous revelations of electronic spying said to be focused on identifying suspected terrorists, extremists and organised criminals.

Der Spiegel reported that it had seen documents and slides from the NSA whistleblower Edward Snowden indicating that US agencies bugged the offices of the EU in Washington and at the UN in New York. They are also accused of directing an operation from Nato headquarters in Brussels to infiltrate the telephone and email networks at the EU’s Justus Lipsius building in the Belgian capital, the venue for EU summits and home of the European council.

Citing documents it said it had “partly seen”, the magazine reported that more than five years ago security officers at the EU had noticed several missed calls apparently targeting the remote maintenance system in the building that were traced to NSA offices within the Nato compound in Brussels.

Less than three months before a German general election, the impact of the fresh disclosures is likely to be strongest in Germany which, it emerged, is by far the biggest target in Europe for the NSA’s Prism programme scanning phone and internet traffic and capturing and storing the metadata.

The documents reviewed by Der Spiegel showed that Germany was treated in the same US spying category as China, Iraq or Saudi Arabia, while the UK, Canada, Australia, and New Zealand were deemed to be allies not subject to remotely the same level of surveillance.

Germany’s justice minister, Sabine Leutheusser-Schnarrenberger, called for an explanation from the US authorities. “If the media reports are true, it is reminiscent of the actions of enemies during the cold war,” she was quoted as saying in the German newspaper Bild. “It is beyond imagination that our friends in the US view Europeans as the enemy.”

France later also asked the US for an explanation. The foreign minister, Laurent Fabius, said: “These acts, if confirmed, would be completely unacceptable.

“We expect the American authorities to answer the legitimate concerns raised by these press revelations as quickly as possible.”

Washington and Brussels are scheduled to open ambitious free-trade talks next week after years of arduous preparation. Senior officials in Brussels are worried that the talks will be setback by the NSA scandal. “Obviously we will need to see what is the impact on the trade talks,” said a senior official in Brussels.

A second senior official said the allegations would cause a furore in the European parliament and could then hamper relations with the US.

However, Robert Madelin, one of Britain’s most senior officials in the European commission, tweeted that EU trade negotiators always operated on the assumption that their communications were listened to.

A spokesman for the European commission said: “We have immediately been in contact with the US authorities in Washington and in Brussels and have confronted them with the press reports. They have told us they are checking on the accuracy of the information released yesterday and will come back to us.”

There were calls from MEPs for Herman Van Rompuy, president of the European council – who has his office in the building allegedly targeted by the US – and José Manuel Barroso, president of the European commission, to urgently appear before the chamber to explain what steps they were taking in response to the growing body of evidence of US and British electronic surveillance of Europe through the Prism and Tempora operations.

Guy Verhofstadt, the former Belgian prime minister and leader of the liberals in the European parliament, said: “This is absolutely unacceptable and must be stopped immediately. The American data-collection mania has achieved another quality by spying on EU officials and their meetings. Our trust is at stake.”

Luxembourg’s foreign minister, Jean Asselborn, told Der Spiegel: “If these reports are true, it’s disgusting.” Asselborn called for guarantees from the highest level of the US government that the snooping and spying be halted immediately.

Martin Schulz, the head of the European parliament, said: “I am deeply worried and shocked about the allegations of US authorities spying on EU offices. If the allegations prove to be true, it would be an extremely serious matter which will have a severe impact on EU-US relations.

“On behalf of the European parliament, I demand full clarification and require further information speedily from the US authorities with regard to these allegations.”

There were also calls for John Kerry, the US secretary of state on his way back from the Middle East, to make a detour to Brussels to explain US activities.

“We need to get clarifications and transparency at the highest level,” said Marietje Schaake, a Dutch liberal MEP. “Kerry should come to Brussels on his way back from the Middle East. This is essential for the transatlantic alliance.”

The documents suggesting the clandestine bugging operations were from September 2010, Der Spiegel said.

Der Spiegel quoted the Snowden documents as revealing that the US taps half a billion phone calls, emails and text messages in Germany a month. “We can attack the signals of most foreign third-class partners, and we do,” Der Spiegel quoted a passage in the NSA document as saying.

It quoted the document from 2010 as stating that “the European Union is an attack target”.

On an average day, the NSA monitored about 15m German phone connections and 10m internet datasets, rising to 60m phone connections on busy days, the report said.

Officials in Brussels said this reflected Germany’s weight in the EU and probably also entailed elements of industrial and trade espionage. “The Americans are more interested in what governments think than the European commission. And they make take the view that Germany determines European policy,” said one of the senior officials.

Jan Philipp Albrecht, a German Green party MEP and a specialist in data protection, told the Guardian the revelations were outrageous. “It’s not about political answers now, but rule of law, fundamental constitutional principles and rights of European citizens,” he said.

“We now need a debate on surveillance measures as a whole looking at underlying technical agreements. I think what we can do as European politicians now is to protect the rights of citizens and their rights to control their own personal data.”

Germany has some of the toughest data privacy laws in Europe, with the issue highly sensitive not least because of the comprehensive surveillance by the Stasi in former communist east Germany as well as the wartime experience with the Gestapo under the Nazis.

Der Spiegel noted that so far in the NSA debacle, the chancellor, Angela Merkel, had asked only “polite” questions of the Americans but that the new disclosures on the sweeping scale of the surveillance of Germany could complicate her bid for a third term in September.

Ian Traynor in Brussels
The Guardian, Sunday 30 June 2013 21.55 BST

Find this story at 30 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Anglo-Saxon Spies; German National Security Is at Stake

Overzealous data collectors in the US and Great Britain have no right to investigate German citizens. The German government must protect people from unauthorized access by foreign intelligence agencies, and it must act now. This is a matter of national security.

“Germany’s security is also being defended in the Hindu Kush, too,” Peter Struck, who was Germany’s defense minister at the time, said in 2002. If that’s true, then the government should also be expected to defend the security of its people at their own doorstep. Because the massive sniffing out and saving of data of all kinds — that of citizens and businesses, newspapers, political parties, government agencies — is in the end just that: a question of security. It is about the principles of the rule of law. And it is a matter of national security.

We live in changing times. At the beginning of last week, we thought after the announcement of the American Prism program, that US President Barack Obama was the sole boss of the largest and most extensive control system in human history. That was an error.

Since Friday, we have known that the British intelligence agency GCHQ is “worse than the United States.” Those are the words of Edward Snowden, the IT expert who uncovered the most serious surveillance scandal of all time. American and British intelligence agencies are monitoring all communication data. And what does our chancellor do? She says: “The Internet is uncharted territory for us all.”

That’s not enough. In the coming weeks, the German government needs to show that it is bound to its citizens and not to an intelligence-industrial complex that abuses our entire lives as some kind of data mine. Justice Minister Sabine Leutheusser-Schnarrenberger hit the right note when she said she was shocked by this “Hollywood-style nightmare.”

An Uncanny Alliance

We have Edward Snowden to thank for this insight into the interaction of an uncanny club, the Alliance of Five Eyes. Since World War II, the five Anglo-Saxon countries of Great Britain, the United States, Australia, New Zealand and Canada have maintained close intelligence cooperation, which apparently has gotten completely out of control.

It may be up to the Americans and the British to decide how they handle questions of freedom and the protection of their citizens from government intrusion. But they have no right to subject the citizens of other countries to their control. The shoulder-shrugging explanation by Washington and London that they have operated within the law is absurd. They are not our laws. We didn’t make them. We shouldn’t be subject to them.

The totalitarianism of the security mindset protects itself with a sentence: If you have nothing to hide, you have nothing to fear. But firstly, that contains a presumption: We have not asked the NSA and GCHQ to “protect” us. And secondly, the sentence is a stupid one: Because we all have something to hide, whether it pertains to our private lives or to our business secrets.

No Agency Should Collect So Much Data

Thus the data scandal doesn’t pertain just to our legal principles, but to our security as well. We were lucky that Edward Snowden, who revealed the spying to the entire world, is not a criminal, but an idealist. He wanted to warn the world, not blackmail it. But he could have used his information for criminal purposes, as well. His case proves that no agency in the world can guarantee the security of the data it collects — which is why no agency should collect data in such abundance in the first place.

That is the well-known paradox of totalitarian security policy. Our security is jeopardized by the very actions that are supposed to protect it.

So what should happen now? European institutions must take control of the data infrastructure and ensure its protection. The freedom of data traffic is just as important as the European freedom of exchange in goods, services and money. But above all, the practices of the Americans and British must come to an end. Immediately.

It is the responsibility of the German government to see to it that the programs of the NSA and GCHQ no longer process the data of German citizens and companies without giving them the opportunity for legal defense. A government that cannot make that assurance is failing in one of its fundamental obligations: to protect its own citizens from the grasp of foreign powers.

Germans should closely observe how Angela Merkel now behaves. And if the opposition Social Democrats and Green Party are still looking for a campaign issue, they need look no further.

06/24/2013 05:07 PM

A Commentary by Jakob Augstein

Find this story at 24 June 2013

© SPIEGEL ONLINE 2013

Schnüffelprogramm Tempora; Justizministerin schickt Brandbriefe an britische Regierung

Berlin drängt auf Antworten aus London: Justizministerin Leutheusser-Schnarrenberger hat zwei britische Kabinettsmitglieder per Brief aufgefordert, mehr Details über das Spähprogramm Tempora zu veröffentlichen. In den Schreiben übt die FDP-Politikerin indirekt Kritik an der Cameron-Regierung.

Berlin – Jetzt schaltet sich die Bundesjustizministerin ein: Sabine Leutheusser-Schnarrenberger (FDP) hat den britischen Justizminister Christopher Grayling und die britische Innenministerin Theresa May aufgefordert, mehr Informationen über das Geheimdienstprogramm Tempora offenzulegen. Am Dienstag wandte sich Leutheusser-Schnarrenberger schriftlich an die beiden Kabinettsmitglieder von Großbritanniens Premier David Cameron. Die Briefe liegen SPIEGEL ONLINE vor.

In den beiden Schreiben identischen Inhalts, die am Vormittag parallel an die Minister verschickt wurden, äußerte sich die Ministerin sehr besorgt über die jüngsten Berichte über das gigantische Spähprogramm. Der Verdacht, durch digitale Überwachungsmethoden “riesige Mengen an Daten, E-Mails, Facebook-Nachrichten und Anrufe zu sammeln, zu speichern und zu verarbeiten”, hätte in Deutschland erhebliche Bedenken ausgelöst, heißt es in den Briefen.

Leutheusser-Schnarrenberger forderte Aufklärung in folgenden Punkten:

Auf welcher Rechtsgrundlage das Spähprogramm ausgeführt worden sei,
ob auf konkreten Verdacht ausgespäht oder die Daten allgemein ohne Anlass gesammelt worden seien,
ob die Überwachungsmaßnahmen von Richtern hätten abgesegnet werden müssen,
wie die Abhöraktionen konkret funktioniert hätten, welche Daten genau gespeichert und ob deutsche Bürger betroffen seien.

Auch übte sie indirekt Kritik an der Informationspolitik der Cameron-Regierung. “Die Kontrollfunktion von Parlament und Justiz zeichnet einen freien und demokratischen Staat aus. Sie kann aber nicht ihre Wirkung entfalten, wenn Regierungen bestimmte Maßnahmen in Schweigen hüllen”, hieß es weiter.

Leutheusser-Schnarrenberger appellierte an Grayling und May, die Grundsätze der Bürgerrechte nicht aus den Augen zu verlieren und mahnte Aufklärung an. “In unserer modernen Welt bieten die neuen Medien den Rahmen für einen freien Austausch von Meinungen und Informationen. Ein transparentes Regierungshandeln ist eine der wichtigsten Voraussetzungen für das Funktionieren eines demokratischen Staates und bedingt die Rechtsstaatlichkeit”, so die Ministerin.

Die FDP-Politikerin hatte sich bereits im Zusammenhang mit dem amerikanischen Spähprogramm Prism schriftlich an ihren US-Kollegen gewandt. Sie regte zudem an, im schwarz-gelben Kabinett eine Internet-Task-Force aus den beteiligten Ministerien zu bilden.

Die Ministerin beendete ihre Schreiben mit der Forderung nach strengeren Datenschutzstandards in der EU. Das Thema müsse beim nächsten Treffen der EU-Justizminister im Juli auf die Tagesordnung, so Leutheusser-Schnarrenberger.

Am Montag hat die Bundesregierung von Großbritannien offiziell Auskunft über das massenhafte Anzapfen von Telefon- und Internetverbindungen verlangt. Dazu sandte das Innenministerium eine Reihe von Fragen an den britischen Botschafter. Zur europäischen Chefsache will Kanzlerin Angela Merkel den Fall Tempora allerdings vorerst nicht machen. Beim EU-Gipfel Ende der Woche wolle Merkel keine Debatte über das britische Spionageprogramm forcieren, hieß es zu Beginn der Woche.

25. Juni 2013, 11:40 Uhr

Find this story at 25 June 2013

© SPIEGEL ONLINE 2013

So schöpfen die Spione Ihrer Majestät deutsche Daten ab

An einem einzigen Tag soll der britische Geheimdienst GCHQ Zugriff auf 21.600 Terabyte gehabt haben – wozu, weiß nicht einmal der BND. Sicher ist nur: Die Überwacher bekommen Hilfe von großen Telekommunikationskonzernen.

Das amerikanische Außenministerium hat vor Jahren einen kleinen Flecken in Ostfriesland auf eine Liste der weltweit schützenswürdigen Einrichtungen gesetzt. Ein Angriff auf das Städtchen Norden könnte angeblich die nationale Sicherheit der USA bedrohen. Sogar der Chef des US-Geheimdienstes NSA, General Keith B. Alexander, hat vor terroristischen Attacken gewarnt.

Norden ist ein heimliches Zentrum der neuen virtuellen Welt. Das TAT-14 (Trans Atlantic Telephone Cable No 14) ist am Hilgenrieder Siel bei Norden verbuddelt. Die meisten Internetverbindungen zwischen Deutschland und Amerika laufen dort durch mehrere Glasfaserleitungen; auch Frankreich, die Niederlande, Dänemark und Großbritannien sind durch TAT-14 miteinander verbunden. Etwa 50 internationale Telekommunikationsfirmen, darunter die Deutsche Telekom, betreiben ein eigenes Konsortium für dieses Kabel.

Manchmal fließen pro Sekunde Hunderte Gigabyte an Daten durch die Leitungen. Es ist ein gigantischer Datenrausch: Millionen Telefonate und E-Mails schießen durch das Netz. Auch deshalb hat der deutsche Verfassungsschutz stets nachgeschaut, ob in Norden alles in Ordnung ist. Keine Sabotage. Keine Terroristen. Kein Problem?

Für die über die “Seekabelendstelle” Norden, wie die offizielle Bezeichnung der Einrichtung lautet, vermittelten Daten hat sich offenbar der britische Geheimdienst Government Communications Headquarters (GCHQ) brennend interessiert. Aus Unterlagen des Whistleblowers Edward Snowden jedenfalls soll hervorgehen, dass die Briten im Rahmen der Operation “Tempora” die Daten abgegriffen haben. Es soll sich um unzählige Daten handeln, die aus Deutschland kamen oder nach Deutschland geschickt wurden.

Das ist nicht der Cyberkrieg, vor dem die amerikanische NSA immer gewarnt hat, sondern ein heimlicher umfassender Big-Data-Angriff auf die Bevölkerung eines befreundeten Landes. Die alte Formel: “Freund hört mit” umfasst das Problem nicht mal ungefähr. Großbritanniens Geheimdienst hat einen Lauschangriff auf Deutschland gestartet.

Die Menge der abgefangenen Daten ist noch Spekulation, und unklar ist auch, wo der Angriff genau erfolgt sein soll. Sicher nicht in Norden, das früher durch sein Seeheilbad bekannt wurde. Das würde sich kein Nachrichtendienstler trauen. Schon gar nicht in freundlicher Absicht.

Wahrscheinlich erfolgte der Angriff in dem kleinen Küstenstädtchen Bude im Südwesten Englands, das 858 Kilometer Luftlinie von Norden entfernt liegt. Dort macht das Kabel Zwischenstation – das Ende der Strecke ist New Jersey.

Dass ein britischer Geheimdienst auf diese Weise und so umfassend E-Mails deutscher Bürger abfängt oder Telefonate abhört, war vor Snowdens Enthüllungen für undenkbar gehalten worden. Der Bundesnachrichtendienst erklärt seit Tagen, dass er von den Aktivitäten der Amerikaner oder der Briten nichts wusste und selbst nur Zeitungswissen habe. Das klingt glaubhaft. Die beiden befreundeten Nationen, heißt es in Berlin, hätten offenbar ihr eigenes nationales Sicherheitsprogramm gefahren.

So viel Sicherheit war sicherlich nur mithilfe von Kommunikationsgesellschaften möglich. Angeblich sollen die beiden britischen Unternehmen Vodafone und British Telecommunications (BT) den Geheimen behilflich gewesen sein.

Jeder Eingriff, das erklärt eine Telekom-Sprecherin, müsste von dem internationalen Konsortium genehmigt werden, aber eine solche Genehmigung liegt nicht vor. Ein Sprecher der britischen Vodafone erklärte auf Anfrage, dass sich das Unternehmen an die Gesetze in den jeweiligen Ländern halte und Angelegenheiten, die mit der nationalen Sicherheit zusammenhingen, nicht kommentiere. Diese Formel klingt in diesen Tagen sehr vertraut.

Rechtsgrundlage für die Aktion “Tempora” ist ein sehr weit gefasstes Gesetz aus dem Jahr 2000. Danach kann die Kommunikation mit dem Ausland abgefangen und gespeichert werden. Die privaten Betreiber der Datenkabel, die beim Abhören mitmachen, sind zum Stillschweigen verpflichtet.

Nordengate macht klar, wie unterschiedlich Gesetze und Regeln in dieser Welt angewandt werden, es symbolisiert aber auch den Wandel der Geheimdienstarbeit. Ganz früher haben Nachrichtendienste Telefonate über relativ simple Horchposten abgehört. Glasfaserleitungen stellten die Dienste vor neue Herausforderungen. Telefonate werden seitdem in optische Signale umgewandelt. Da die Leitungen vor allem am Meeresboden verlaufen, gerieten Nachrichtendienste für kurze Zeit an ihre Grenzen.

Bereits um die Jahrtausendwende berichteten amerikanische Blätter, dass die NSA mithilfe von U-Booten an die Daten gelangen wollte. So wurde das Atom-U-Boot Jimmy Carter umgerüstet, um Glasfaserkabel aufzuschlitzen und dann abzuhören. Vorher hatten die Dienste auf anderem Weg regelmäßig Seekabel angezapft. Bei früheren Kupferkabeln reichte ein Induktions-Mikrofon, um die Gespräche abzugreifen. Glasfaserkabel hingegen müssen gebogen werden, um die optisch vermittelten Signale auslesen zu können. Am verwundbarsten sind die Kabel freilich an Land.

Was die Briten mit den vielen deutschen Daten machen und gemacht haben, erschließt sich selbst dem BND nicht so ganz. An einem einzigen Tag soll der britische Geheimdienst insgesamt Zugriff auf 21.600 Terabyte gehabt haben. Dank Snowden ist bekannt, dass die abgefangenen Inhalte drei Tage vorgehalten wurden und Benutzerdaten 30 Tage. In der Zwischenzeit wurden die Daten mit speziellen Programmen gefiltert. Selbst dem Briten George Orwell wäre ein solches Überwachungsprogramm im Leben nicht eingefallen.

25. Juni 2013 05:10 Großbritanniens Abhördienst GCHQ
Von John Goetz, Hans Leyendecker und Frederik Obermaier

Find this story at 25 June 2013

Copyright: Süddeutsche Zeitung Digitale Medien GmbH / Süddeutsche Zeitung GmbH

The legal loopholes that allow GCHQ to spy on the world

William Hague has hailed GCHQ’s ‘democratic accountability’, but legislation drafted before a huge expansion of internet traffic appears to offer flexibility

GCHQ – the government’s communications headquarters. Does it have the strongest checks and balances in the world? Photograph: Reuters

William Hague was adamant when he addressed MPs on Monday last week. In an emergency statement (video) forced by the Guardian’s disclosures about GCHQ involvement with the Prism programme, the foreign secretary insisted the agency operated within a “strong framework of democratic accountability and oversight”.

The laws governing the intelligence agencies provide “the strongest systems of checks and balances for secret intelligence anywhere in the world”, he said.

Leaked documents seen by the Guardian give the impression some high-ranking officials at GCHQ have a different view.

In confidential briefings, one of Cheltenham’s senior legal advisers, whom the Guardian will not name, made a note to tell his guests: “We have a light oversight regime compared with the US”.

The parliamentary intelligence and security committee, which scrutinises the work of the agencies, was sympathetic to the agencies’ difficulties, he suggested.

“They have always been exceptionally good at understanding the need to keep our work secret,” the legal adviser said.

Complaints against the agencies, undertaken by the interception commissioner, are conducted under “the veil of secrecy”. And the investigatory powers tribunal, which assesses complaints against the agencies, has “so far always found in our favour”.

The briefings offer important glimpses into the GCHQ’s view of itself, the legal framework in which it works, and, it would seem, the necessity for reassuring the UK’s most important intelligence partner, the United States, that sensitive information can be shared without raising anxiety in Washington.

None of the documents advocates law-breaking – quite the opposite. But critics will say they highlight the limitations of the three pieces of legislation that underpin the activities of GCHQ, MI5 and MI6 – which were repeatedly mentioned by Hague as pillars of the regulatory and oversight regime during his statement to the Commons.

The foreign secretary said GCHQ “complied fully” with the Regulation of Investigatory Powers Act (Ripa), the Human Rights Act (HRA) and the Intelligence Services Act (Isa).

Privacy campaigners argue the laws have one important thing in common: they were drafted in the last century, and nobody involved in writing them, or passing them, could possibly have envisaged the exponential growth of traffic from telecoms and internet service providers over the past decade.

Nor could they have imagined that GCHQ could have found a way of storing and analysing so much of that information as part of its overarching Mastering the Internet project.

The Tempora programme appears to have given Britain’s spymasters that resource, with documents seen by the Guardian showing Britain can retain for up to 30 days an astronomical amount of unfiltered data garnered from cables carrying internet traffic.

This raises a number of questions about the way GCHQ officials and ministers have legitimised the programme.

The briefings, which are entitled UK Operational Legalities, stress that GCHQ “is an organisation with a highly responsible approach to compliance with the law”.

GCHQ also has a well staffed legal team, known as OPP-LEG, to help staff navigate their way through the complexities of the law.

But there appears to be some nervousness about Tempora. In a paper written for National Security Agency (NSA) analysts entitled A Guide to Using Internet Buffers at GCHQ, the author notes: “[Tempora] represents an exciting opportunity to get direct access to enormous amounts of GCHQ’s special source data.

“As large-scale buffering of metadata and content represent a new concept for GCHQ’s exploitation of the internet, GCHQ’s legal and policy officers are understandably taking a careful approach to their access and use.”

So how did GCHQ secure the legal authority for setting up Tempora, and what safeguards are in place for sharing the intelligence with the Americans? According to the documents, the British government used Ripa to get taps on to the fibre-optic cables.

These cables carry internet traffic in and out of the country and contain details of millions of emails and web searches. The information from these cables went straight into the Tempora storage programme.

In one presentation, which appeared to be for US analysts from the NSA, GCHQ explained: “Direct access to large volumes of unselected SSE data [is] collected under a Ripa warrant.”

The precise arrangement between the firms is unclear, as are the legal justifications put before ministers. Isa gives GCHQ some powers for the “passive collection” of data, including from computer networks.

But it appears GCHQ has relied on paragraph four of section 8 of Ripa to gain “external warrants” for its programmes.

They allow the agency to intercept external communications where, for instance, one of the people being targeted is outside Britain.

In most Ripa cases, a minister has to be told the name of an individual or company being targeted before a warrant is granted.

But section 8 permits GCHQ to perform more sweeping and indiscriminate trawls of external data if a minister issues a “certificate” along with the warrant.

According to the documents, the certificate authorises GCHQ to search for material under a number of themes, including: intelligence on the political intentions of foreign governments; military postures of foreign countries; terrorism, international drug trafficking and fraud.

The briefing document says such sweeping certificates, which have to be signed off by a minister, “cover the entire range of GCHQ’s intelligence production”.

“The certificate is issued with the warrant and signed by the secretary of state and sets out [the] class of work we can do under it … cannot list numbers or individuals as this would be an infinite list which we couldn’t manage.”

Lawyers at GCHQ speak of having 10 basic certificates, including a “global” one that covers the agency’s support station at Bude in Cornwall, Menwith Hill in North Yorkshire, and Cyprus.

Other certificates have been used for “special source accesses” – a reference, perhaps, to the cables carrying web traffic. All certificates have to be renewed by the foreign secretary every six months.

A source with knowledge of intelligence confirmed: “Overall exercise of collection and analysis [is] done under a broad, overall legal authority which has to be renewed at intervals, and is signed off at a senior political level.”

The source said the interception commissioner was able to “conclude that [the process] was not appropriate”, and that the companies involved were not giving up the information voluntarily.

“We have overriding authority to compel [them] to do this,” the source said. “There’s an overarching condition of the licensing of the companies that they have to co-operate in this.

“Should they decline, we can compel them to do so. They have no choice. They can’t talk about the warrant, they can’t reveal the existence of it.”

GCHQ says it can also seek a sensitive targeting authority (STA), which allows it snoop on any Briton “anywhere in the world” or any foreign national located in the UK.

It is unclear how the STA system works, and who has authority over it.

The intelligence agencies also have to take note of the HRA, which demands any interception is “necessary and proportionate”.

But the documents show GCHQ believes these terms are open to interpretation – which “creates flexibility”. When Tempora became fully functional in around 2011, GCHQ gave the NSA access to the programme on a three-month trial – and the NSA was keen to impress.

The US agency sent a briefing to some of its analysts urging them to show they could behave responsibly with the data. Under a heading – “The need to be successful!” – the author wrote: “As the first NSA users to receive operational access [to Tempora], we’re depending on you to provide the business case required to justify expanded access. Most importantly we need to prove that NSA users can utilise the internet buffers in ways that are consistent with GCHQ’s legal and policy rules.

“In addition, we need to prove that NSA’s access … is necessary to prosecute our mission and will greatly enhance the production of the intelligence … success of this three-month trial will determine expanded NSA access to internet buffers in the future.”

The NSA appears to have made a successful case. In May last year, an internal GCHQ memo said it had 300 analysts working on intelligence from Tempora, and the NSA had 250. The teams were supporting “the target discovery mission”.

But the safeguards for the sharing of this information are unclear.

Though GCHQ says it only keeps the content of messages for three working days, and the metadata for up to 30 days, privacy campaigners here and in the US will want to know if the NSA is adhering to the same self-imposed rules. One concern for privacy campaigners is that GCHQ and the NSA could conduct intercepts for each other, and then offer to share the information – a manoeuvre that could bypass the domestic rules they have to abide by.

This was raised by MPs during last week’s statement, with the former Labour home secretary David Blunkett calling for clarification on this potential loophole.

Last week, the Guardian sent a series of questions to the Foreign Office about this issue, but the department said it would not be drawn on it.

“It is a longstanding policy not to comment on intelligence matters; this includes our intelligence co-operation with the United States.

“The intelligence and security committee is looking into this, which is the proper channel for such matters.”

Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball
The Guardian, Friday 21 June 2013 17.23 BST

Find this story at 21 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

GCHQ taps fibre-optic cables for secret access to world’s communications

Exclusive: British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA, latest documents from Edward Snowden reveal

Secret document detailing GCHQ’s ambition to ‘master the internet’

Britain’s spy agency GCHQ has secretly gained access to the network of cables which carry the world’s phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).

The sheer scale of the agency’s ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.

One key innovation has been GCHQ’s ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.

GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.

This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user’s access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.

The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called “the largest programme of suspicionless surveillance in human history”.

“It’s not just a US problem. The UK has a huge dog in this fight,” Snowden told the Guardian. “They [GCHQ] are worse than the US.”

However, on Friday a source with knowledge of intelligence argued that the data was collected legally under a system of safeguards, and had provided material that had led to significant breakthroughs in detecting and preventing serious crime.

Britain’s technical capacity to tap into the cables that carry the world’s communications – referred to in the documents as special source exploitation – has made GCHQ an intelligence superpower.

By 2010, two years after the project was first trialled, it was able to boast it had the “biggest internet access” of any member of the Five Eyes electronic eavesdropping alliance, comprising the US, UK, Canada, Australia and New Zealand.

UK officials could also claim GCHQ “produces larger amounts of metadata than NSA”. (Metadata describes basic information on who has been contacting whom, without detailing the content.)

By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.

The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: “We have a light oversight regime compared with the US”.

When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was “your call”.

The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.

The documents reveal that by last year GCHQ was handling 600m “telephone events” each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time.
Document quoting Lt Gen Keith Alexander, head of the NSA, during a visit to Britain

Each of the cables carries data at a rate of 10 gigabits per second, so the tapped cables had the capacity, in theory, to deliver more than 21 petabytes a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours.

And the scale of the programme is constantly increasing as more cables are tapped and GCHQ data storage facilities in the UK and abroad are expanded with the aim of processing terabits (thousands of gigabits) of data at a time.

For the 2 billion users of the world wide web, Tempora represents a window on to their everyday lives, sucking up every form of communication from the fibre-optic cables that ring the world.

The NSA has meanwhile opened a second window, in the form of the Prism operation, revealed earlier this month by the Guardian, from which it secured access to the internal systems of global companies that service the internet.

The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.

This was done under secret agreements with commercial companies, described in one document as “intercept partners”.

The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned “sensitive relationship teams” and staff were urged in one internal guidance paper to disguise the origin of “special source” material in their reports for fear that the role of the companies as intercept partners would cause “high-level political fallout”.

The source with knowledge of intelligence said on Friday the companies were obliged to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.

“There’s an overarching condition of the licensing of the companies that they have to co-operate in this. Should they decline, we can compel them to do so. They have no choice.”

The source said that although GCHQ was collecting a “vast haystack of data” what they were looking for was “needles”.

“Essentially, we have a process that allows us to select a small number of needles in a haystack. We are not looking at every piece of straw. There are certain triggers that allow you to discard or not examine a lot of data so you are just looking at needles. If you had the impression we are reading millions of emails, we are not. There is no intention in this whole programme to use it for looking at UK domestic traffic – British people talking to each other,” the source said.

He explained that when such “needles” were found a log was made and the interception commissioner could see that log.

“The criteria are security, terror, organised crime. And economic well-being. There’s an auditing process to go back through the logs and see if it was justified or not. The vast majority of the data is discarded without being looked at … we simply don’t have the resources.”

However, the legitimacy of the operation is in doubt. According to GCHQ’s legal advice, it was given the go-ahead by applying old law to new technology. The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.

However, an obscure clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad. But the nature of modern fibre-optic communications means that a proportion of internal UK traffic is relayed abroad and then returns through the cables.

Parliament passed the Ripa law to allow GCHQ to trawl for information, but it did so 13 years ago with no inkling of the scale on which GCHQ would attempt to exploit the certificates, enabling it to gather and process data regardless of whether it belongs to identified targets.

The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ’s compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.

An indication of how broad the dragnet can be was laid bare in advice from GCHQ’s lawyers, who said it would be impossible to list the total number of people targeted because “this would be an infinite list which we couldn’t manage”.

There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: “So far they have always found in our favour”.

Historically, the spy agencies have intercepted international communications by focusing on microwave towers and satellites. The NSA’s intercept station at Menwith Hill in North Yorkshire played a leading role in this. One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: “Why can’t we collect all the signals all the time? Sounds like a good summer project for Menwith.”

By then, however, satellite interception accounted for only a small part of the network traffic. Most of it now travels on fibre-optic cables, and the UK’s position on the western edge of Europe gave it natural access to cables emerging from the Atlantic.

The data collected provides a powerful tool in the hands of the security agencies, enabling them to sift for evidence of serious crime. According to the source, it has allowed them to discover new techniques used by terrorists to avoid security checks and to identify terrorists planning atrocities. It has also been used against child exploitation networks and in the field of cyberdefence.

It was claimed on Friday that it directly led to the arrest and imprisonment of a cell in the Midlands who were planning co-ordinated attacks; to the arrest of five Luton-based individuals preparing acts of terror, and to the arrest of three London-based people planning attacks prior to the Olympics.

As the probes began to generate data, GCHQ set up a three-year trial at the GCHQ station in Bude, Cornwall. By the summer of 2011, GCHQ had probes attached to more than 200 internet links, each carrying data at 10 gigabits a second. “This is a massive amount of data!” as one internal slideshow put it. That summer, it brought NSA analysts into the Bude trials. In the autumn of 2011, it launched Tempora as a mainstream programme, shared with the Americans.

The intercept probes on the transatlantic cables gave GCHQ access to its special source exploitation. Tempora allowed the agency to set up internet buffers so it could not simply watch the data live but also store it – for three days in the case of content and 30 days for metadata.

“Internet buffers represent an exciting opportunity to get direct access to enormous amounts of GCHQ’s special source data,” one document explained.

The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to “selectors” – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is “content”, such as recordings of phone calls or the substance of email messages. The rest is metadata.

The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location, as well a search for ways to maintain the agency’s comparative advantage as the world’s leading communications companies increasingly route their cables through Asia to cut costs. Meanwhile, technical work is ongoing to expand GCHQ’s capacity to ingest data from new super cables carrying data at 100 gigabits a second. As one training slide told new users: “You are in an enviable position – have fun and make the most of it.”

Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball
The Guardian, Friday 21 June 2013 17.23 BST

Find this story at 21 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Operation Tempora: GCHQ in fresh snooping row as it eavesdrops on phones and the internet

Data includes recordings of telephone calls, contents of emails, details of messages on social media and the history of internet use

Britain’s electronic eavesdropping centre, GCHQ, has started collecting data from the network of fibre-optic cables carrying the world’s telephone calls and internet traffic, it was reported tonight.

The massive programme of surveillance allows the agency to store vast volumes of information for up to 30 days which it can then study for evidence of terrorist and criminal activity.

The claims, in The Guardian, will provoke a fresh civil liberties storm following recent allegations that thousands of Britons could have been spied on by GCHQ through a covert link with the US National Security Agency (NSA).

According to the paper, the agency has been running Operation Tempora for 18 months under which it gains access to transatlantic cables carrying data about phone calls and internet use. It is said to share information gleaned from it with the NSA.

The data includes recordings of telephone calls, contents of emails, details of messages on social media and the history of internet use.

Documents seen by the paper suggest that by last year GCHQ was handling 600m “telephone events” each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 at a time.

A source told The Guardian that the eavesdropping allowed the security services to arrest three people planning attacks on last year’s London Olympics, as well as terrorist cells in the Midlands and Luton. It has also been used against child exploitation networks and to boost cyberdefence.

A GCHQ spokesman said: “It is longstanding practice that we do not comment on intelligence matters.”

He added: “GCHQ takes its obligations under the law very seriously. Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Intelligence and Security Committee.”

* Edward Snowden has been charged in his absence by US prosecutors with spying and theft of government property. The charges are included in sealed documents filed by prosecutors.

Nigel Morris
Saturday, 22 June 2013

Find this story at 22 June 2013

© independent.co.uk