Van nieuwsblog.burojansen.nl

Die Daten können Experten zufolge Hinweise für gezielte Tötungen liefern: Nach SPIEGEL-Informationen stammt ein beträchtlicher Teil der an die NSA übertragenen Daten aus der Funkzellenauswertung in Afghanistan. Der BND wiegelt ab.
Hamburg – Der Bundesnachrichtendienst (BND) übermittelt nach SPIEGEL-Informationen afghanische Funkzellendaten an den US-Geheimdienst NSA. Spionageprogramme wie XKeyscore erstellen daraus Bewegungsprofile. Sie zeigen mit nur wenigen Minuten Verzögerung an, wo sich Handy-Nutzer aufhalten – und spielten womöglich eine wichtige Rolle bei der gezielten Tötung von Qaida-Kämpfern durch US-Drohnen.
Der BND erklärte, Mobilfunkdaten seien für eine zielgenaue Lokalisierung eines Menschen nicht geeignet. Experten gehen aber davon aus, dass Funkzellendaten Hinweise für gezielte Tötungen liefern können. Auch die “Süddeutsche Zeitung” hatte am Samstag einen Experten zitiert, wonach die Daten des BND zur Ortung nützlich seien.
Der Bürgerrechtler Burkhard Hirsch (FDP) hält den Datentransfer, der offenbar jenseits der parlamentarischen Kontrolle stattfindet, für sehr problematisch. “Wenn der BND in solchem Umfang für einen anderen Geheimdienst tätig wird, dann ist das ein politischer Vorgang, der unter allen Umständen im zuständigen Bundestagsgremium hätte behandelt werden müssen”, sagte Hirsch dem SPIEGEL.
BND-Präsident Gerhard Schindler sagte der “Bild am Sonntag”, die Kooperation mit der NSA diene “auch dem unmittelbaren Schutz unserer in Afghanistan eingesetzten Soldatinnen und Soldaten”. Die durch die Fernmeldeaufklärung gewonnenen Erkenntnisse trügen dazu bei, Anschlagsplanungen von Terroristen rechtzeitig erkennen zu können. Dies gehöre zu den “prioritären Aufgaben” eines Auslandsnachrichtendiensts.
Gegenüber dem SPIEGEL erklärte der BND, er habe seit Januar 2011 “maßgebliche Hilfe” bei der Verhinderung von vier Anschlägen auf deutsche Soldaten in Afghanistan geleistet. Bei weiteren 15 verhinderten Anschlägen habe die Datenüberwachung “zu diesen Erfolgen beigetragen”.
11. August 2013, 14:12 Uhr
Find this story at 11 August 2013
© SPIEGEL ONLINE 2013

Van nieuwsblog.burojansen.nl

Edward Snowden papers unmask close technical cooperation and loose alliance between British, German, French, Spanish and Swedish spy agencies BND NSA GCHQ DGSE
The German, French, Spanish and Swedish intelligence services have all developed methods of mass surveillance of internet and phone traffic over the past five years in close partnership with Britain’s GCHQ eavesdropping agency.
The bulk monitoring is carried out through direct taps into fibre optic cables and the development of covert relationships with telecommunications companies. A loose but growing eavesdropping alliance has allowed intelligence agencies from one country to cultivate ties with corporations from another to facilitate the trawling of the web, according to GCHQ documents leaked by the former US intelligence contractor Edward Snowden.
The files also make clear that GCHQ played a leading role in advising its European counterparts how to work around national laws intended to restrict the surveillance power of intelligence agencies.
The German, French and Spanish governments have reacted angrily to reports based on National Security Agency (NSA) files leaked by Snowden since June, revealing the interception of communications by tens of millions of their citizens each month. US intelligence officials have insisted the mass monitoring was carried out by the security agencies in the countries involved and shared with the US.
The US director of national intelligence, James Clapper, suggested to Congress on Tuesday that European governments’ professed outrage at the reports was at least partly hypocritical. “Some of this reminds me of the classic movie Casablanca: ‘My God, there’s gambling going on here,’ ” he said.
Sweden, which passed a law in 2008 allowing its intelligence agency to monitor cross-border email and phone communications without a court order, has been relatively muted in its response.
The German government, however, has expressed disbelief and fury at the revelations from the Snowden documents, including the fact that the NSA monitored Angela Merkel’s mobile phone calls.
After the Guardian revealed the existence of GCHQ’s Tempora programme, in which the electronic intelligence agency tapped directly into the transatlantic fibre optic cables to carry out bulk surveillance, the German justice minister, Sabine Leutheusser-Schnarrenberger, said it sounded “like a Hollywood nightmare”, and warned the UK government that free and democratic societies could not flourish when states shielded their actions in “a veil of secrecy”.
‘Huge potential’
However, in a country-by-country survey of its European partners, GCHQ officials expressed admiration for the technical capabilities of German intelligence to do the same thing. The survey in 2008, when Tempora was being tested, said the Federal Intelligence Service (BND), had “huge technological potential and good access to the heart of the internet – they are already seeing some bearers running at 40Gbps and 100Gbps”.
Bearers is the GCHQ term for the fibre optic cables, and gigabits per second (Gbps) measures the speed at which data runs through them. Four years after that report, GCHQ was still only able to monitor 10 Gbps cables, but looked forward to tap new 100 Gbps bearers eventually. Hence the admiration for the BND.
The document also makes clear that British intelligence agencies were helping their German counterparts change or bypass laws that restricted their ability to use their advanced surveillance technology. “We have been assisting the BND (along with SIS [Secret Intelligence Service] and Security Service) in making the case for reform or reinterpretation of the very restrictive interception legislation in Germany,” it says.
The country-by-country survey, which in places reads somewhat like a school report, also hands out high marks to the GCHQ’s French partner, the General Directorate for External Security (DGSE). But in this case it is suggested that the DGSE’s comparative advantage is its relationship with an unnamed telecommunications company, a relationship GCHQ hoped to leverage for its own operations.
“DGSE are a highly motivated, technically competent partner, who have shown great willingness to engage on IP [internet protocol] issues, and to work with GCHQ on a “cooperate and share” basis.”
Noting that the Cheltenham-based electronic intelligence agency had trained DGSE technicians on “multi-disciplinary internet operations”, the document says: “We have made contact with the DGSE’s main industry partner, who has some innovative approaches to some internet challenges, raising the potential for GCHQ to make use of this company in the protocol development arena.”
GCHQ went on to host a major conference with its French partner on joint internet-monitoring initiatives in March 2009 and four months later reported on shared efforts on what had become by then GCHQ’s biggest challenge – continuing to carry out bulk surveillance, despite the spread of commercial online encryption, by breaking that encryption.
“Very friendly crypt meeting with DGSE in July,” British officials reported. The French were “clearly very keen to provide presentations on their work which included cipher detection in high-speed bearers. [GCHQ’s] challenge is to ensure that we have enough UK capability to support a longer term crypt relationship.”
Fresh opportunities
In the case of the Spanish intelligence agency, the National Intelligence Centre (CNI), the key to mass internet surveillance, at least back in 2008, was the Spaniards’ ties to a British telecommunications company (again unnamed. Corporate relations are among the most strictly guarded secrets in the intelligence community). That was giving them “fresh opportunities and uncovering some surprising results.
“GCHQ has not yet engaged with CNI formally on IP exploitation, but the CNI have been making great strides through their relationship with a UK commercial partner. GCHQ and the commercial partner have been able to coordinate their approach. The commercial partner has provided the CNI some equipment whilst keeping us informed, enabling us to invite the CNI across for IP-focused discussions this autumn,” the report said. It concluded that GCHQ “have found a very capable counterpart in CNI, particularly in the field of Covert Internet Ops”.
GCHQ was clearly delighted in 2008 when the Swedish parliament passed a bitterly contested law allowing the country’s National Defence Radio Establishment (FRA) to conduct Tempora-like operations on fibre optic cables. The British agency also claimed some credit for the success.
“FRA have obtained a … probe to use as a test-bed and we expect them to make rapid progress in IP exploitation following the law change,” the country assessment said. “GCHQ has already provided a lot of advice and guidance on these issues and we are standing by to assist the FRA further once they have developed a plan for taking the work forwards.”
The following year, GCHQ held a conference with its Swedish counterpart “for discussions on the implications of the new legislation being rolled out” and hailed as “a success in Sweden” the news that FRA “have finally found a pragmatic solution to enable release of intelligence to SAEPO [the internal Swedish security service.]”
GCHQ also maintains strong relations with the two main Dutch intelligence agencies, the external MIVD and the internal security service, the AIVD.
“Both agencies are small, by UK standards, but are technically competent and highly motivated,” British officials reported. Once again, GCHQ was on hand in 2008 for help in dealing with legal constraints. “The AIVD have just completed a review of how they intend to tackle the challenges posed by the internet – GCHQ has provided input and advice to this report,” the country assessment said.
“The Dutch have some legislative issues that they need to work through before their legal environment would allow them to operate in the way that GCHQ does. We are providing legal advice on how we have tackled some of these issues to Dutch lawyers.”
European allies
In the score-card of European allies, it appears to be the Italians who come off the worse. GCHQ expresses frustration with the internal friction between Italian agencies and the legal limits on their activities.
“GCHQ has had some CT [counter-terrorism] and internet-focused discussions with both the foreign intelligence agency (AISE) and the security service (AISI), but has found the Italian intelligence community to be fractured and unable/unwilling to cooperate with one another,” the report said.
A follow-up bulletin six months later noted that GCHQ was “awaiting a response from AISI on a recent proposal for cooperation – the Italians had seemed keen, but legal obstacles may have been hindering their ability to commit.”
It is clear from the Snowden documents that GCHQ has become Europe’s intelligence hub in the internet age, and not just because of its success in creating a legally permissive environment for its operations. Britain’s location as the European gateway for many transatlantic cables, and its privileged relationship with the NSA has made GCHQ an essential partner for European agencies. The documents show British officials frequently lobbying the NSA on sharing of data with the Europeans and haggling over its security classification so it can be more widely disseminated. In the intelligence world, far more than it managed in diplomacy, Britain has made itself an indispensable bridge between America and Europe’s spies.
Julian Borger
The Guardian, Friday 1 November 2013 17.02 GMT
Find this story at 1 November 2013
© 2014 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Van nieuwsblog.burojansen.nl

A media report on Wednesday alleged that a NATO document proves the German military knew about the NSA’s Prism surveillance program in 2011. But both Berlin and the country’s foreign intelligence agency deny the account, saying there was a NATO program with the same name in Afghanistan.
The German government has so far claimed that it knew nothing of the United States’ Prism spying program, revealed by whistleblower Edward Snowden last month. But parts of a confidential NATO document published by daily Bild on Wednesday show that the German military, the Bundeswehr, may have already been aware of the National Security Agency’s operations in 2011, the paper alleged.
The document, reportedly sent on Sept. 1, 2011 to all regional commands by the joint NATO headquarters in Afghanistan, gives specific instructions for working together on a program called Prism, which the paper said was the same as that run by the NSA. According to Bild, the document was also sent to the regional command in northern Afghanistan, for which Germany was responsible at the time under General Major Markus Kneip.
Should the media report be confirmed, Berlin’s claims of ignorance will prove to have been false. But on Wednesday afternoon, Chancellor Angela Merkel’s spokesman Steffen Seibert denied the Bild story, saying that the document referred to a separate program that had been run by NATO troops, and not the US. The programs were “not identical,” he said.
The BND, Germany’s foreign intelligence agency, also weighed in with a statement, saying that the program had not been confidential and was also not the same as the NSA’s Prism operation. “The program called Prism by the Bild report today is a NATO/ISAF program that is not identical to the NSA’s program,” it said. “The BND had no knowledge of the name, range or scope of the NSA program.”
A Separate Prism Program?
According to the document cited by Bild, as of Sept. 15 that year, regional commands were instructed to apply for monitoring telephone calls and e-mails, according to the document, in which Prism is named at least three times. “Existing COMINT (communications intelligence) nominations submitted outside of PRISM must be resubmitted into PRISM IOT,” it reads.
It also states that access to the Prism program is regulated by the Joint Worldwide Intelligence Communications System (JWICS), which is used by various US intelligence services to transmit classified information.
“Coalition RCs (regional commands) will utilize the US military or civilian personnel assigned to their collection management shop ISRLO (Intelligence, Surveillance and Reconnaissance Liaison Officer),” it goes on. In Bild’s assessment, “military or civilian personnel” stands for US intelligence service staff.
Keeping Track of Terrorists
The purpose of all this was to “submit the telephone numbers and email addresses of terrorists into the surveillance system,” the paper reports.
It also claims to have seen documents indicating that the BND, Germany’s foreign intelligence agency, provided such telephone numbers to NATO, where they were ultimately fed into the surveillance system as well.
The reason for the NATO order was that the NSA’s director had tasked the US military with coordinating surveillance in Afghanistan, Bild reported.
The German Defense Ministry told the paper that it had “no information and knowledge of such an order,” but would be looking into the matter.
In response to the report, Green party parliamentarian and defense spokesman Omid Nouripour told SPIEGEL ONLINE that Defense Minister Thomas de Maizière must clarify the situation. “These circumstances destroy the government’s line of defense” on the NSA scandal, he said. Chancellor Angela Merkel’s center-right coalition can “no longer claim it didn’t know anything about Prism.”
As more details emerge about the scope of the NSA’s worldwide spying program and Germany’s alleged role in the surveillance, the scandal is becoming a central issue in the country’s campaign for the upcoming general election. Germans are particularly sensitive about data protection because of their history of state encroachment on civil liberties, first under the Nazis and then in communist East Germany. And if it turns out that Berlin knowingly tolerated and participated in the NSA activities, many would see it as a betrayal by the government.
07/17/2013 12:29 PM
Find this story at 17 July 2013
© SPIEGEL ONLINE 2013

Van nieuwsblog.burojansen.nl

Eine Kuppel der ehemaligen Abhörstation der NSA auf dem Teufelsberg in Berlin
Der BND und der US-Geheimdienst NSA arbeiten offenbar bereits 20 Jahre bei der Datenspionage zusammen. Einem Medienbericht zufolge wurden entsprechende Spähprogramme schon früher geteilt. Auch Kanzlerin Merkel könnte ausspioniert worden sein.
Die Zusammenarbeit des Bundesnachrichtendienstes BND und der amerikanischen National Security Agency (NSA) bei der Nutzung von Spähsoftware war offenbar schon in den 1990er-Jahren intensiver als bislang bekannt. In einem Gespräch mit dem Magazin „Stern“ sagte der langjährige NSA-Mitarbeiter William Binney, der BND habe neben „Xkeyscore“ noch ein weiteres NSA-Ausspähprogramm genutzt. Der Entschlüsselungsspezialist arbeitete mehr als 30 Jahre in leitender Funktion bei der NSA und war viele Jahre auch für die technische Zusammenarbeit mit dem BND zuständig.
Laut Binney soll die Zusammenarbeit im Bereich der Spähsoftware bereits Anfang der 1990er-Jahre begonnen haben. 1999 habe der BND von der NSA den Quellcode zum damals entwickelten Spähprogramm „Thin Thread“ erhalten. „Thin Thread“ sollte die Erfassung und Analyse von Verbindungsdaten wie Telefondaten, E-Mails oder Kreditkartenrechnungen weltweit ermöglichen. „Mein Ziel war es, den Datenverkehr der ganzen Welt zu erfassen“, sagte Binney dem „Stern“. Der BND sei „bis heute einer unserer wichtigsten Partner“.
Mindestens 50 Spähprogramm lieferten Daten
Auf der Basis von „Thin Thread“ sei eine Vielzahl von Abhör- und Spähprogrammen entwickelt worden. Eines der wichtigsten davon soll das Dachprogramm „Stellar Wind“ sein, dem nach Angaben von Binney mindestens 50 Spähprogramme Daten zugeliefert haben – auch die durch Edward Snowden bekannt gewordene Software „Prism“ zur direkten Erfassung von Telefon- und Internetdaten bei Telekommunikationsunternehmen.
„Stellar Wind“ sei mindestens bis 2009, möglicherweise auch bis 2011 im Einsatz gewesen. Es werde heute wahrscheinlich unter anderem Namen fortgeführt, so Binney gegenüber dem Magazin.
Nach Schätzungen von Binney speichert die NSA mittlerweile zwischen 40 und 50 Billionen Telefonate und E-Mails aus der ganzen Welt, vor allem Verbindungsdaten, aber auch Inhalte. Das von der NSA zurzeit gebaute Datenzentrum in Bluffdale im US-Bundesstaat Utah könne aufgrund seiner Kapazitäten „mindestens 100 Jahre der globalen Kommunikation speichern“, sagte Binney dem „Stern“. „Dieser Ort sollte uns endgültig in Angst und Schrecken versetzen. Die NSA will alles. Jederzeit.“ Er fügte hinzu: „Diese Macht gefährdet unsere Demokratie.“
Regierungskommunikation im Visier der NSA
Neben William Binney äußerten sich im „Stern“ zwei weitere ehemalige ranghohe NSA-Mitarbeiter, die zu Whistleblowern wurden: J. Kirk Wiebe, der für die Datenanalyse zuständig war, und Thomas Drake, der zur Führungsebene des Geheimdienstes gehörte. Binney trat im Oktober 2001 aus Protest gegen die NSA-Spähprogramme unter der Regierung von George W. Bush von seinem Posten zurück.
Die Ex-Geheimdienstler halten es für möglich, dass selbst Daten von Kanzlerin Angela Merkels Handy auf den Servern der NSA landen. „Prism ist nur die Spitze des Eisbergs“, so Drake gegenüber dem „Stern“. „Ihre Kanzlerin könnte sich einmal für das Programm „Ragtime“ interessieren. Es dient unter anderem der Abschöpfung von Regierungskommunikation durch die NSA“. Auch Binney hält das Ausspionieren von Merkels Verbindungsdaten für nicht ausgeschlossen. „Ich würde sogar sagen, dass es durchaus möglich ist“, sagte er dem Magazin.
Mittwoch, 24.07.2013, 16:59
Find this story at 24 July 2013
© FOCUS Online 1996-2013

Van nieuwsblog.burojansen.nl

BERLIN — When Edward J. Snowden disclosed the extent of the United States data mining operations in Germany, monitoring as many as 60 million of the country’s telephone and Internet connections in one day and bugging its embassy, politicians here, like others in Europe, were by turns appalled and indignant. But like the French before them, this week they found themselves backpedaling.
In an interview released this week Mr. Snowden said that Germany’s intelligence services are “in bed” with the National Security Agency, “the same as with most other Western countries.” The assertion has added to fresh scrutiny in the European news media of Berlin and other European governments that may have benefited from the enormous American snooping program known as Prism, or conducted wide-ranging surveillance operations of their own.
The outrage of European leaders notwithstanding, intelligence experts and historians say the most recent disclosures reflect the complicated nature of the relationship between the intelligence services of the United States and its allies, which have long quietly swapped information on each others’ citizens.
“The other services don’t ask us where our information is from and we don’t ask them,” Mr. Snowden said in the interview, conducted by the documentary filmmaker Laura Poitras and Jacob Appelbaum, a computer security researcher, and published this week in the German magazine Der Spiegel. “This way they can protect their political leaders from backlash, if it should become public how massively the private spheres of people around the globe are being violated.”
Britain, which has the closest intelligence relationship with the United States of any European country, has been implicated in several of the data operations described by Mr. Snowden, including claims that Britain’s agencies had access to the Prism computer network, which monitors data from a range of American Internet companies. Such sharing would have allowed British intelligence agencies to sidestep British legal restrictions on electronic snooping. Prime Minister David Cameron has insisted that its intelligence services operate within the law.
Another allegation, reported by The Guardian newspaper, is that the Government Communications Headquarters, the British surveillance center, tapped fiber-optic cables carrying international telephone and Internet traffic, then shared the information with the N.S.A. This program, known as Tempora, involved attaching intercept probes to trans-Atlantic cables when they land on British shores from North America, the report said.
President François Hollande of France was among the first European leaders to express outrage at the revelations of American spying, and especially at accusations that the Americans had spied on French diplomatic posts in Washington and New York.
There is no evidence to date that French intelligence services were granted access to information from the N.S.A., Le Monde reported last week, however, that France’s external intelligence agency maintains a broad telecommunications data collection system of its own, amassing metadata on most, if not all, telephone calls, e-mails and Internet activity coming in and out of France.
Mr. Hollande and other officials have been notably less vocal regarding the claims advanced by Le Monde, which authorities in France have neither confirmed nor denied.
Given their bad experiences with domestic spying, first under the Nazis and then the former the East German secret police, Germans are touchy when it comes to issues of personal privacy and protection of their personal data. Guarantees ensuring the privacy of mail and all forms of long-distance communications are enshrined in Article 10 of their Constitution.
When the extent of the American spying in Germany came to light the chancellor’s spokesman, Steffen Seibert, decried such behavior as “unacceptable,” insisting that, “We are no longer in the cold war.”
But experts say ties between the intelligence services remain rooted in agreements stemming from that era, when West Germany depended on the United States to protect it from the former Soviet Union and its allies in the East.
“Of course the German government is very deeply entwined with the American intelligence services,” said Josef Foschepoth, a German historian from Freiburg University. Mr. Foschepoth spent several years combing through Germany’s federal archives, including formerly classified documents from the 1950s and 1960s, in an effort to uncover the roots of the trans-Atlantic cooperation.
In 1965, Germany’s foreign intelligence service, known by the initials BND, was created. Three years later, the West Germans signed a cooperation agreement effectively binding the Germans to an intensive exchange of information that continues up to the present day, despite changes to the agreements.
The attacks on Sept. 11, 2001, in the United States saw a fresh commitment by the Germans to cooperate with the Americans in the global war against terror. Using technology developed by the Americans and used by the N.S.A., the BND monitors networks from the Middle East, filtering the information before sending it to Washington, said Erich Schmidt-Eenboom, an expert on secret services who runs the Research Institute for Peace Politics in Bavaria.
In exchange, Washington shares intelligence with Germany that authorities here say has been essential to preventing terror attacks similar to those in Madrid or London. It is a matter of pride among German authorities that they have been able to swoop in and detain suspects, preventing several plots from being carried out.
By focusing the current public debate in Germany on the issue of personal data, experts say Chancellor Angela Merkel is able to steer clear of the stickier questions about Germany’s own surveillance programs and a long history of intelligence sharing with the United States, which still makes many Germans deeply uncomfortable, more than two decades after the end of the cold war.
“Every postwar German government, at some point, has been confronted with this problem,” Mr. Foschepoth said of the surveillance scandal. “The way that the chancellor is handling it shows that she knows very well, she is very well informed and she wants the issue to fade away.”
Reporting contributed by Stephen Castle from London, Scott Sayare from Paris and Eric Schmitt from Washington.
July 9, 2013
By MELISSA EDDY
Find this story at 9 July 2013
© 2013 The New York Times Company

Van nieuwsblog.burojansen.nl

Der deutsche Geheimdienst wusste mehr über die Umtriebe der NSA in Deutschland als bisher bekannt. “Die stecken unter einer Decke”, sagt Edward Snowden in einem Interview im SPIEGEL. Auch gegen die Briten erhebt der Whistleblower Vorwürfe.
Seit Wochen hält Edward Snowden die Geheimdienstwelt mit immer neuen Enthüllungen in Atem. Ob die amerikanische NSA oder die GCHQ aus Großbritannien, Systeme wie Prism oder Tempora: Der Whistleblower lässt wohldosiert Skandalöses über die internationalen Schnüffeldienste durchsickern. In einem Interview, das der SPIEGEL in seiner neuen Ausgabe veröffentlicht, beschreibt Snowden die Nähe zwischen US- und deutschem Geheimdienst – und die Datensammelwut der britischen Spione.
In Deutschland hatten die Berichte über die umfangreichen Spionage-Tätigkeiten der USA für Überraschung und Entsetzen gesorgt – auch unter Politkern. Die Version von der vollkommenen Unwissenheit der Deutschen will Snowden so nicht gelten lassen. Im Gegenteil: Die NSA-Leute steckten “unter einer Decke mit den Deutschen”, erklärte der Whistleblower dem amerikanischen Chiffrier-Experten Jacob Appelbaum und der Dokumentarfilmerin Laura Poitras mit Hilfe verschlüsselter E-Mails, kurz bevor er weltweit bekannt wurde.
Snowden beschreibt die Zusammenarbeit der Geheimdienste detailliert. In der NSA gebe es für solche Kooperationen mit anderen Ländern eine eigene Abteilung, das sogenannte Foreign Affairs Directorate. Dabei enthüllt er ein bemerkenswertes Detail zum Schutz von Entscheidungsträgern: Die Zusammenarbeit werde so organisiert, dass Behörden anderer Länder “ihr politisches Führungspersonal vor dem ‘Backlash’ schützen” können, falls herauskommen sollte, wie “massiv die Privatsphäre von Menschen missachtet wird”, sagt der US-Amerikaner.
Nach SPIEGEL-Recherchen ist die Zusammenarbeit zwischen der NSA und dem Bundesnachrichtendienst (BND) offenbar tatsächlich deutlich intensiver als bislang bekannt. So lieferte die NSA die Analyse-Tools für den Lauschangriff des BND auf ausländische Datenströme, die durch Deutschland führen. Im Fokus des BND steht unter anderem die Nahost-Strecke, über die Datenpakete etwa aus Krisenregionen verlaufen.
BND-Chef Gerhard Schindler hat den Mitgliedern des Parlamentarischen Kontrollgremiums die Zusammenarbeit mit der NSA bestätigt. (Mehr zum Thema finden Sie hier)
Doch nicht nur die Umtriebe des BND stehen im Fokus des Gesprächs mit Snowden. Auch über den britischen Geheimdienst Government Communications Headquarters (GCHQ) gibt der 30-Jährige weitere neue Details preis. So läuft in Großbritannien ein Versuch der Komplettdatenspeicherung. Das Tempora-System der Briten sei “der erste ‘ich speichere alles’-Ansatz (‘full take’) in der Geheimdienstwelt”, sagt Snowden.
Daten bleiben drei Tage im Pufferspeicher
Der Umfang dieses “Full Take”-Systems ist gewaltig. Im Rahmen von Tempora werden dem Whistleblower und dem “Guardian” zufolge Verbindungsdaten bis zu 30 Tage, aber auch alle Inhalte bis zu drei Tage lang gespeichert, in einem sogenannten Pufferspeicher. “Dieser Zwischenspeicher macht nachträgliche Überwachung möglich, ihm entgeht kein einziges Bit”.
Auf Rückfrage, ob man dieser Totalerfassung aller Internetkommunikation entgehen könne, antwortet er: “Na ja, wenn man die Wahl hat, sollte man niemals Informationen durch britische Leitungen oder über britische Server schicken.”
Entgehen könne man dem Zugriff durch die GCHQ nur, wenn man keine Informationen über britische Leitungen oder britische Server schicke, so Snowden. Deutsche Internet-Experten halten dies in der Praxis allerdings für kaum durchführbar.
Metadaten liefern Orientierung im Datenmeer
Der Versuch der Komplettdatenspeicherung ist bemerkenswert, war doch bisher im Zusammenhang mit den Abhörskandalen meist von Metadaten die Rede. Auch Snowden betont in der aktuellen Ausgabe des SPIEGEL noch einmal wie wichtig die Metadaten – etwa Telefonnummern, IP-Adressen und Verbindungszeiten – eigentlich sind. Und wie sie genutzt werden. Die Metadaten seien meist “wertvoller als der Inhalt der Kommunikation”, sagt Snowden.
Wer die Metadaten hat, weiß, wer wann mit wem kommuniziert hat. Auf dieser Basis lässt sich dann entscheiden, welche Datensätze, welche Kommunikationsinhalte man sich genauer ansehen möchte. “Die Metadaten sagen einem, was man vom breiten Datenstrom tatsächlich haben will”, so Snowden im SPIEGEL.
So wird nach und nach klar, wie die Überwachungsprogramme von NSA und GCHQ, Prism, Tempora und Boundless Informant zusammenwirken:
Die Metadaten-Abfrage gibt Analysten Hinweise, für welche Kommunikationen und Inhalte sie sich vielleicht interessieren könnten, dann, sagt Snowden sinngemäß, lässt sich per Knopfdruck festlegen, dass von einer Person oder einer Gruppe alle verfügbaren Inhalte im Volltext mitgeschnitten oder anderweitig erfasst werden. Zum Zielobjekt könne man aber auch “aufgrund des eigenen Facebook-Profils oder der eigenen E-Mails” werden.
07. Juli 2013, 19:31 Uhr
Find this story at 7 July 2013
© SPIEGEL ONLINE 2013

Van nieuwsblog.burojansen.nl

Germany, Hacking, Politics, Snowden, Terrorism, USA
US fugitive Edward Snowden has accused Germany and the US of partnering in spy intelligence operations, revealing that cooperation between the countries is closer than German indignation would indicate, Der Spiegel magazine reported.
“They are in bed with the Germans, just like with most other Western states,” the German magazine quotes Snowden as saying, adding that the NSA’s has a Foreign Affairs Directorate which is responsible for cooperation with other countries.
Partnerships are orchestrated in ways that allow other countries to “insulate their political leaders from the backlash,” according to Snowden, providing a buffer between politicians and the illegal methods of snooping. He accused the collaboration of grievously “violating global privacy.”
“Other agencies don’t ask us where we got the information from and we don’t ask them. That way they can protect their top politicians from the backlash in case it emerges how massively people’s privacy is abused worldwide,” he said.
Snowden gave the interview to a cipher expert and a documentary filmmaker with the help of encrypted emails shortly before he rose to global fame, Der Spiegel reported.
The publication recollected that the US Army is simultaneously in the process of building a base in Wiesbaden, southwest Germany, claiming it will be used as an intelligence center by the NSA.
The four-story bug-proof spying center is made from imported American materials and costs $119 million. Its construction will allow for the closure of over 40 existing sites across in Heidelberg, Mannheim and Darmstadt, US Army Garrison Wiesbaden spokeswoman Anemone Rueger told Stars and Stripes.
The Der Spiegel report also indicates that the German Federal Intelligence Service, the Bundesnachrichtendienst (BND) and NSA work very closely together.
It was revealed at the end of June that the US combs through half a billion of German phone calls, emails and text messages on a monthly basis.
A kite flies near antennas of Former National Security Agency (NSA) listening station at the Teufelsberg hill (German for Devil’s Mountain) in Berlin, June 30, 2013 (Reuters / Pawel Kopczynski)A kite flies near antennas of Former National Security Agency (NSA) listening station at the Teufelsberg hill (German for Devil’s Mountain) in Berlin, June 30, 2013 (Reuters / Pawel Kopczynski)
An earlier report by Der Spiegel, also based on revelations by Snowden, revealed that the NSA bugged EU diplomatic offices and gained access to EU internal computer networks.
Chancellor Merkel’s spokesman, Steffen Seibert said that this would constitute intolerable behavior if proven.
“If it is confirmed that diplomatic representations of the European Union and individual European countries have been spied upon, we will clearly say that bugging friends is unacceptable,” said Chancellor Angela Merkel’s spokesman, Steffen Seibert.
“We are no longer in the Cold War,” he said.
Merkel remained quiet regarding the Snowden PRISM leaks when Obama visited Berlin, diplomatically stating that, “the topic of commensurability is important.”
Germans are particularly sensitive about eavesdropping because of the hangover from the intrusive surveillance state which characterized the communist German Democratic Republic (GDR) and Nazi era totalitarianism.
The Der Spiegel report claims that the NSA provides the BND with analysis tools to monitor data passing through German territory. Opposition parties insisted when revelations were made about the extent of espionage that somebody in Merkel’s office, where the German intelligence agencies are coordinated, must have known what was going on.
BND head Gerhard Schindler confirmed the existence of the two country’s intelligence partnerships during a meeting with members of the German parliament’s control committee specifically for overseeing intelligence issues, according to Der Spiegel.
The BND is legally allowed to look through 20 percent of transnational communications, in addition to monitoring internet search terms and telecommunications, Deutsche Welle wrote on June 30, while the US can essentially capitalize on Germany’s data collection packets. The cooperation includes the passing of data over areas deemed crisis regions.
A supporter of German left-wing party Die Linke holds a placard in support of former US spy agency, NSA, contractor Edward Snowden in the village of Loewenberg, some 60 km (37 miles) north of Berlin, July 4, 2013 (Reuters / Thomas Peter)A supporter of German left-wing party Die Linke holds a placard in support of former US spy agency, NSA, contractor Edward Snowden in the village of Loewenberg, some 60 km (37 miles) north of Berlin, July 4, 2013 (Reuters / Thomas Peter)
The BND lacks the capacity to fully use its legally allowed monitoring. Der Spiegel reported that the agency is currently only monitoring only about 5 percent of data traffic, but is planning to expand its server, capacity and staffing in order to be more effective.
The Federal Office for the Protection of the Constitution, which overlooks domestic counter-espionage, is currently investigating whether the NSA has access to German Internet traffic. A preliminary analysis was inconclusive.
“So far, we have no information that Internet nodes in Germany have been spied on by the NSA,” said Hans-Georg Maassen, the president of the Office for the Protection of the Constitution.
NSA whistleblower Edward Snowden fled the US in May a few weeks before his first leaks were published by the Guardian. He is believed to have been holed up in Moscow airport since June 23 and initially made asylum requests to 20 countries, including Germany, followed by a further six.
Snowden was refused asylum in Germany on the grounds that asylum requests must be made on German soil.
A spokesman of the Interior Minister said, “the German right of residence principally entails the possibility of acceptance from abroad, if this seems necessary for international legal or urgent humanitarian reasons, or for the ensuring of political interests of the federal republic of Germany. This needs to be examined thoroughly in the case of Mr. Snowden.”
Published time: July 07, 2013 19:36 Get short URL
Find this story 7 July 2013
© Autonomous Nonprofit Organization “TV-Novosti”, 2005–2014.

Van nieuwsblog.burojansen.nl

What Facebook could know about you, and why you should care.
Facebook is a resource for opinions and hobbies, celebrities and love interests, friends and family, and all the activities that whirl them together in our daily lives. Much like other social networking sites, Facebook is free except for one thing that all users give up: a certain amount of personal information.
Facebook privacy policy provides extensive information about the use of personal data of registered users. It clearly specifies what personal information is collected, how it is used, parties to whom this information may be disclosed, and the security measures taken to protect the information.
By reading and understanding the privacy policy, a user is able to weigh the risks involved in trusting this popular Web site, before one enters any personal information into its pages or installs its applications.
Information Collected by Facebook
Facebook collects two types of information: personal details provided by a user and usage data collected automatically as the user spends time on the Web site clicking around.
Regarding personal information, the user willfully discloses it, such as name, email address, telephone number, address, gender and schools attended, for example. Facebook may request permission to use the user’s email address to send occasional notifications about the new services offered.
Facebook records Web site usage data, in terms of how users access the site, such as type of web browser they use, the user’s IP address, how long they spend logged into the site, and other statistics. Facebook compiles this data to understand trends for improving the site or making marketing decisions.
Facebook now has fine-grained privacy settings for its users. Users can decide which part of their information should be visible and to whom. Facebook categorizes members of the user’s network as “Friends” and “Friends of Friends,” or a broader group, such as a university or locality, and “Everyone,” which includes all users of the site. The categorization increases the granularity of the privacy settings in a user’s profile.
Children: No one under 13 is permitted to register. Children between 13 and 18 require parental permission before sending personal information over Internet. A policy alone, however, does not stop children from using the site, and parents must be watchful of their children’s online activities in order to enforce these policies.
Facebook stores users’ personal information on secure servers behind a firewall.
Sharing of Information with Third Parties
Facebook does not provide personal information to third parties without the user’s consent. Facebook also limits the information available to Internet search engines. Before accepting third-party services, Facebook makes the third party sign an agreement that holds it responsible for any misuse of personal information. However, advertising by third parties on Facebook can lead to their gaining access to user information, such as IP address or cookie-based web usage information that allows personalization of advertisements.
Precautions for Users
Facebook provides thousands of third-party applications for its users to download. Facebook further personalizes the advertisements of these applications on the user’s profiles. It does this by mining through other sources on the Internet to information about the likings and interests of these users. Sources for such mined data are newspapers, blogs and instant messaging to provide services customized according to the user’s personality. However, because these sources are not affiliated with Facebook, it raises a concern of data mining by these sources.
Facebook does not actually provide a mechanism for users to close their accounts, and thus raises the concern that private user data will remain indefinitely on Facebook’s servers.
Over time, the CEO and Board of Directors of a company change, or the company may even be sold. Under such circumstances, a concern arises about the private information held by the company. Deactivation without deletion of a user’s account implies that the data continue to be present on the servers. If a company is then sold, the data of those users who are currently deactivated may be subject to compromise.
Conclusion
Facebook has an explicitly stated privacy policy. It aims to enhance the social networking experience of users by reducing their concerns about the privacy of their data on the Web site. However, the more the Web site tries to incorporate open innovation by allowing third-party access and other such facilities, the more it puts personal information at risk, thereby increasing the probability of losing the trust of its users.
Find this story at 2014
Copyright © 2003–2012 Carnegie Mellon CyLab

Van nieuwsblog.burojansen.nl

Sometimes it’s hard to tell the difference.
“That social norm is just something that has evolved over time” is how Mark Zuckerberg justified hijacking your privacy in 2010, after Facebook imperiously reset everyone’s default settings to “public.” “People have really gotten comfortable sharing more information and different kinds.” Riiight. Little did we know that by that time, Facebook (along with Google, Microsoft, etc.) was already collaborating with the National Security Agency’s PRISM program that swept up personal data on vast numbers of internet users.
In light of what we know now, Zuckerberg’s high-hat act has a bit of a creepy feel, like that guy who told you he was a documentary photographer, but turned out to be a Peeping Tom. But perhaps we shouldn’t be surprised: At the core of Facebook’s business model is the notion that our personal information is not, well, ours. And much like the NSA, no matter how often it’s told to stop using data in ways we didn’t authorize, it just won’t quit. Not long after Zuckerberg’s “evolving norm” dodge, Facebook had to promise the feds it would stop doing things like putting your picture in ads targeted at your “friends”; that promise lasted only until this past summer, when it suddenly “clarified” its right to do with your (and your kids’) photos whatever it sees fit. And just this week, Facebook analytics chief Ken Rudin told the Wall Street Journal that the company is experimenting with new ways to suck up your data, such as “how long a user’s cursor hovers over a certain part of its website, or whether a user’s newsfeed is visible at a given moment on the screen of his or her mobile phone.”
There will be a lot of talk in coming months about the government surveillance golem assembled in the shadows of the internet. Good. But what about the pervasive claim the private sector has staked to our digital lives, from where we (and our phones) spend the night to how often we text our spouse or swipe our Visa at the liquor store? It’s not a stretch to say that there’s a corporate spy operation equal to the NSA—indeed, sometimes it’s hard to tell the difference.
In light of what we know now, Zuckerberg’s high-hat act has a bit of a creepy feel, like that guy who told you he was a documentary photographer, but turned out to be a Peeping Tom.
Yes, Silicon Valley libertarians, we know there is a difference: When we hand over information to Facebook, Google, Amazon, and PayPal, we click “I Agree.” We don’t clear our cookies. We recycle the opt-out notice. And let’s face it, that’s exactly what internet companies are trying to get us to do: hand over data without thinking of the transaction as a commercial one. It’s all so casual, cheery, intimate—like, like?
But beyond all the Friends and Hangouts and Favorites, there’s cold, hard cash, and, as they say on Sand Hill Road, when the product is free, you are the product. It’s your data that makes Facebook worth $100 billion and Google $300 billion. It’s your data that info-mining companies like Acxiom and Datalogix package, repackage, sift, and sell. And it’s your data that, as we’ve now learned, tech giants also pass along to the government. Let’s review: Companies have given the NSA access to the records of every phone call made in the United States. Companies have inserted NSA-designed “back doors” in security software, giving the government (and, potentially, hackers—or other governments) access to everything from bank records to medical data. And oh, yeah, companies also flat-out sell your data to the NSA and other agencies.
To be sure, no one should expect a bunch of engineers and their lawyers to turn into privacy warriors. What we could have done without was the industry’s pearl-clutching when the eavesdropping was finally revealed: the insistence (with eerily similar wording) that “we have never heard of PRISM”; the Captain Renault-like shock—shock!—to discover that data mining was going on here. Only after it became undeniably clear that they had known and had cooperated did they duly hurl indignation at the NSA and the FISA court that approved the data demands. Heartfelt? Maybe. But it also served a branding purpose: Wait! Don’t unfriend us! Kittens!
O hai, check out Mark Zuckerberg at this year’s TechCrunch conference: The NSA really “blew it,” he said, by insisting that its spying was mostly directed at foreigners. “Like, oh, wonderful, that’s really going to inspire confidence in American internet companies. I thought that was really bad.” Shorter: What matters is how quickly Facebook can achieve total world domination.
Maybe the biggest upside to l’affaire Snowden is that Americans are starting to wise up. “Advertisers” rank barely behind “hackers or criminals” on the list of entities that internet users say they don’t want to be tracked by (followed by “people from your past”). A solid majority say it’s very important to control access to their email, downloads, and location data. Perhaps that’s why, outside the more sycophantic crevices of the tech press, the new iPhone’s biometric capability was not greeted with the unadulterated exultation of the pre-PRISM era.
The truth is, for too long we’ve been content to play with our gadgets and let the geekpreneurs figure out the rest. But that’s not their job; change-the-world blather notwithstanding, their job is to make money. That leaves the hard stuff—like how much privacy we’ll trade for either convenience or security—in someone else’s hands: ours. It’s our responsibility to take charge of our online behavior (posting Carlos Dangerrific selfies? So long as you want your boss, and your high school nemesis, to see ’em), and, more urgently, it’s our job to prod our elected representatives to take on the intelligence agencies and their private-sector pals.
The NSA was able to do what it did because, post-9/11, “with us or against us” absolutism cowed any critics of its expanding dragnet. Facebook does what it does because, unlike Europe—where both privacy and the ability to know what companies have on you are codified as fundamental rights—we haven’t been conditioned to see Orwellian overreach in every algorithm. That is now changing, and both the NSA and Mark Zuckerberg will have to accept it. The social norm is evolving.
—By Monika Bauerlein and Clara Jeffery | November/December 2013 Issue
Find this story at November/December 2013
Copyright ©2014 Mother Jones and the Foundation for National Progress.

Van nieuwsblog.burojansen.nl

Government officials in the Bahamas want their U.S. counterparts to explain why the National Security Agency has been intercepting and recording every cell phone call taking place on the island nation.
Responding to a report published by The Intercept on Monday, which revealed that the NSA has been targeting the Bahamas’ entire mobile network and storing the audio of every phone call traversing the network for up to 30 days, Bahamian officials told the Nassau Guardian that they had contacted the U.S. and vowed to release a statement regarding the revelations.
In a front-page story published Tuesday, Bahamian Minister of Foreign Affairs Fred Mitchell told the Guardian that his government had reached out to the U.S. for an explanation. Mitchell said the cabinet was set to meet to discuss the matter and planned to issue a statement on the surveillance. The Bahamian minister of national security told the paper he intended to launch an inquiry into the NSA’s surveillance but did not provide a comment.
A source familiar with the situation told The Intercept that the cabinet meeting had indeed taken place, but an official in Mitchell’s office said there would be no comment Tuesday. “You’ll have to call back,” said the official, who did not identify herself.
Calls to the office of the prime minister went unanswered, as did a call to Bahamas Telecommunications Company, the Bahamas’ largest communications provider.
U.S. officials at the embassy in the Bahamian capital of Nassau, meanwhile, told the Guardian it would not comment on “every specific alleged intelligence activity.”
“The United States values its relationship with the Bahamas,” Neda Brown, a U.S. embassy spokesperson, told the paper. Contacted by The Intercept, Brown directed inquires to the State Department’s Bureau of Western Hemispheres. The bureau did not return a request for comment made late Tuesday.
In addition to the Bahamas, The Intercept‘s report also revealed NSA’s targeting of mobile networks in Mexico, Kenya and the Philippines. Calls and emails to the embassies of each country were not returned Tuesday.
By Ryan Devereaux20 May 2014, 5:58 PM EDT 151
Find this story at 20 May 2014
© 2014 First Look Productions, Inc.

Van nieuwsblog.burojansen.nl

Internet, Mass media, Security, USA, WikiLeaks
Despite warnings that doing so “could lead to increased violence” and potentially deaths, anti-secrecy group WikiLeaks says it plans to publish the name of a country targeted by a massive United States surveillance operation.
On Monday this week, journalists at The Intercept published a report based off of leaked US National Security Agency documents supplied by former contractor Edward Snowden which suggested that the NSA has been collecting in bulk the contents of all phone conversations made or received in two countries abroad.
Only one of those nations, however — the Bahamas — was named by The Intercept. The other, journalists Ryan Devereaux, Glenn Greenwald and Laura Poitras wrote this week, was withheld as a result of “credible concerns that doing so could lead to increased violence.”
WikiLeaks has since accused The Intercept and its parent company First Look Media of censorship and says they will publish the identity of the country if the name remains redacted in the original article. The Intercept’s Greenwald fired back over Twitter, though, and said his outlet chose to publish more details than the Washington Post, where journalists previously reported on a related call collection program but chose to redact more thoroughly.
“We condemn Firstlook for following the Washington Post into censoring the mass interception of an entire nation,” WikiLeaks tweeted on Monday.
“It is not the place of Firstlook or the Washington Post to deny the rights of an entire people to know they are being mass recorded,” WikiLeaks added. “It is not the place of Firstlook or WaPo to decide how a people will [choose] to act against mass breaches of their rights by the United States.”
When Greenwald defended his decision to publish the names of four countries where telephony metadata is collected by the NSA but withhold a fifth where content is recorded as well, WikiLeaks said it could be interpreted as meaning that the unknown country doesn’t deserve to know they’re being surveilled, but Greenwald said The Intercept was “very convinced” it could lead to deaths. Later, WikiLeaks equated this as an act of racism.
But as the conversation escalated, the WikiLeaks Twitter announced it would disclose the nation’s identify if The Intercept did not, despite requests from the US government to leave that information redact over fears of what the response could be.
“When has true published information harmed innocents?” WikiLeaks asked. “To repeat this false Pentagon talking point is to hurt all publishers.”
“We will reveal the name of the censored country whose population is being mass recorded in 72 hours,” WikiLeaks wrote at 6:35 p.m. EST Tuesday evening. If the organization intends to uphold that promise, that the identity of the country could be revealed before the weekend.
As RT reported earlier this week, The Intercept story made claims that the NSA has used a program codenamed MYSTIC to collect basic phone records in at least five countries, similar to the metadata that has been controversially collected in bulk domestically as revealed in one of the first documents released by Snowden last year. In the Bahamas and one more locale, though, The Intercept reported that NSA documents reveal another program, codenamed SOMALGET, is deployed in order to process “over 100 million call events per day.”
SOMALGET, the document reads, is a “program for embedded collection systems overtly installed on target networks, predominantly for the collection and processing of wireless/mobile communications networks.” According to The Intercept, the decision to wiretap all calls in and out of the Bahamas was made unilaterally and without the knowledge of the island’s government or its quarter-of-a-million people.
Published time: May 20, 2014 18:38
Edited time: May 22, 2014 11:17 Get short URL
Find this story at 20 May 2014
© Autonomous Nonprofit Organization “TV-Novosti”, 2005–2014

Van nieuwsblog.burojansen.nl

The National Security Agency is secretly intercepting, recording, and archiving the audio of virtually every cell phone conversation on the island nation of the Bahamas.
According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country’s cellular telephone network, enabling it to covertly record and store the “full-take audio” of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month.
SOMALGET is part of a broader NSA program called MYSTIC, which The Intercept has learned is being used to secretly monitor the telecommunications systems of the Bahamas and several other countries, including Mexico, the Philippines, and Kenya. But while MYSTIC scrapes mobile networks for so-called “metadata” – information that reveals the time, source, and destination of calls – SOMALGET is a cutting-edge tool that enables the NSA to vacuum up and store the actual content of every conversation in an entire country.
All told, the NSA is using MYSTIC to gather personal data on mobile calls placed in countries with a combined population of more than 250 million people. And according to classified documents, the agency is seeking funding to export the sweeping surveillance capability elsewhere.
The program raises profound questions about the nature and extent of American surveillance abroad. The U.S. intelligence community routinely justifies its massive spying efforts by citing the threats to national security posed by global terrorism and unpredictable rival nations like Russia and Iran. But the NSA documents indicate that SOMALGET has been deployed in the Bahamas to locate “international narcotics traffickers and special-interest alien smugglers” – traditional law-enforcement concerns, but a far cry from derailing terror plots or intercepting weapons of mass destruction.
“The Bahamas is a stable democracy that shares democratic principles, personal freedoms, and rule of law with the United States,” the State Department concluded in a crime and safety report published last year. “There is little to no threat facing Americans from domestic (Bahamian) terrorism, war, or civil unrest.”
By targeting the Bahamas’ entire mobile network, the NSA is intentionally collecting and retaining intelligence on millions of people who have not been accused of any crime or terrorist activity. Nearly five million Americans visit the country each year, and many prominent U.S. citizens keep homes there, including Sen. Tom Harkin (D-Iowa), Bill Gates, and Oprah Winfrey.
In addition, the program is a serious – and perhaps illegal – abuse of the access to international phone networks that other countries willingly grant the United States for legitimate law-enforcement surveillance. If the NSA is using the Drug Enforcement Administration’s relationship to the Bahamas as a cover for secretly recording the entire country’s mobile phone calls, it could imperil the longstanding tradition of international law enforcement cooperation that the United States enjoys with its allies.
“It’s surprising, the short-sightedness of the government,” says Michael German, a fellow at New York University’s Brennan Center for Justice who spent 16 years as an FBI agent conducting undercover investigations. “That they couldn’t see how exploiting a lawful mechanism to such a degree that you might lose that justifiable access – that’s where the intelligence community is acting in a way that harms its long-term interests, and clearly the long-term national security interests of the United States.”
The NSA refused to comment on the program, but said in a statement that “the implication that NSA’s foreign intelligence collection is arbitrary and unconstrained is false.” The agency also insisted that it follows procedures to “protect the privacy of U.S. persons” whose communications are “incidentally collected.”
Informed about the NSA’s spying, neither the Bahamian prime minister’s office nor the country’s national security minister had any comment. The embassies of Mexico, Kenya, and the Philippines did not respond to phone messages and emails.
In March, The Washington Post revealed that the NSA had developed the capability to record and store an entire nation’s phone traffic for 30 days. The Post reported that the capacity was a feature of MYSTIC, which it described as a “voice interception program” that is fully operational in one country and proposed for activation in six others. (The Post also referred to NSA documents suggesting that MYSTIC was pulling metadata in some of those countries.) Citing government requests, the paper declined to name any of those countries.
The Intercept has confirmed that as of 2013, the NSA was actively using MYSTIC to gather cell-phone metadata in five countries, and was intercepting voice data in two of them. Documents show that the NSA has been generating intelligence reports from MYSTIC surveillance in the Bahamas, Mexico, Kenya, the Philippines, and one other country, which The Intercept is not naming in response to specific, credible concerns that doing so could lead to increased violence. The more expansive full-take recording capability has been deployed in both the Bahamas and the unnamed country.
MYSTIC was established in 2009 by the NSA’s Special Source Operations division, which works with corporate partners to conduct surveillance. Documents in the Snowden archive describe it as a “program for embedded collection systems overtly installed on target networks, predominantly for the collection and processing of wireless/mobile communications networks.”
1
A top-secret description of the MYSTIC program written by the NSA’s Special Source Operations division
If an entire nation’s cell-phone calls were a menu of TV shows, MYSTIC would be a cable programming guide showing which channels offer which shows, and when. SOMALGET would be the DVR that automatically records every show on every channel and stores them for a month. MYSTIC provides the access; SOMALGET provides the massive amounts of storage needed to archive all those calls so that analysts can listen to them at will after the fact. According to one NSA document, SOMALGET is “deployed against entire networks” in the Bahamas and the second country, and processes “over 100 million call events per day.”
SOMALGET’s capabilities are further detailed in a May 2012 memo written by an official in the NSA’s International Crime and Narcotics division. The memo hails the “great success” the NSA’s drugs and crime unit has enjoyed through its use of the program, and boasts about how “beneficial” the collection and recording of every phone call in a given nation can be to intelligence analysts.
Rather than simply making “tentative analytic conclusions derived from metadata,” the memo notes, analysts can follow up on hunches by going back in time and listening to phone calls recorded during the previous month. Such “retrospective retrieval” means that analysts can figure out what targets were saying even when the calls occurred before the targets were identified. “[W]e buffer certain calls that MAY be of foreign intelligence value for a sufficient period to permit a well-informed decision on whether to retrieve and return specific audio content,” the NSA official reported.
“There is little reason,” the official added, that SOMALGET could not be expanded to more countries, as long as the agency provided adequate engineering, coordination and hardware. There is no indication in the documents that the NSA followed up on the official’s enthusiasm.
2
A 2012 memo written by the NSA’s International Crime & Narcotics division
The documents don’t spell out how the NSA has been able to tap the phone calls of an entire country. But one memo indicates that SOMALGET data is covertly acquired under the auspices of “lawful intercepts” made through Drug Enforcement Administration “accesses”– legal wiretaps of foreign phone networks that the DEA requests as part of international law enforcement cooperation.
When U.S. drug agents need to tap a phone of a suspected drug kingpin in another country, they call up their counterparts and ask them set up an intercept. To facilitate those taps, many nations – including the Bahamas – have hired contractors who install and maintain so-called lawful intercept equipment on their telecommunications. With SOMALGET, it appears that the NSA has used the access those contractors developed to secretly mine the country’s entire phone system for “signals intelligence” –recording every mobile call in the country. “Host countries,” the document notes, “are not aware of NSA’s SIGINT collection.”
“Lawful intercept systems engineer communications vulnerabilities into networks, forcing the carriers to weaken,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “Host governments really should be thinking twice before they accept one of these Trojan horses.”
The DEA has long been in a unique position to help the NSA gain backdoor access to foreign phone networks. “DEA has close relationships with foreign government counterparts and vetted foreign partners,” the manager of the NSA’s drug-war efforts reported in a 2004 memo. Indeed, with more than 80 international offices, the DEA is one of the most widely deployed U.S. agencies around the globe.
But what many foreign governments fail to realize is that U.S. drug agents don’t confine themselves to simply fighting narcotics traffickers. “DEA is actually one of the biggest spy operations there is,” says Finn Selander, a former DEA special agent who works with the drug-reform advocacy group Law Enforcement Against Prohibition. “Our mandate is not just drugs. We collect intelligence.”
What’s more, Selander adds, the NSA has aided the DEA for years on surveillance operations. “On our reports, there’s drug information and then there’s non-drug information,” he says. “So countries let us in because they don’t view us, really, as a spy organization.”
Selander’s first-hand experience is echoed in the 2004 memo by the manager of the NSA’s drug-war efforts, which was titled “DEA: The Other Warfighter.” The DEA and the NSA “enjoy a vibrant two-way information-sharing relationship,” the memo observes, and cooperate so closely on counternarcotics and counterterrorism that there is a risk of “blurring the lines between the two missions.”
Still, the ability to record and replay the phone calls of an entire country appears to be a relatively new weapon in the NSA’s arsenal. None of the half-dozen former U.S. law enforcement officials interviewed by The Intercept said they had ever heard of a surveillance operation quite like the NSA’s Bahamas collection.
“I’m completely unfamiliar with the program,” says Joel Margolis, a former DEA official who is now executive vice president of government affairs for Subsentio, a Colorado-based company that installs lawful intercepts for telecommunications providers. “I used to work in DEA’s office of chief counsel, and I was their lead specialist on lawful surveillance matters. I wasn’t aware of anything like this.”
3
A 2012 memo written by the NSA’s International Crime & Narcotics division
For nearly two decades, telecom providers in the United States have been legally obligated under the 1994 Communications Assistance for Law Enforcement Act to build their networks with wiretapping capabilities, providing law enforcement agencies with access to more efficient, centrally managed surveillance.
Since CALEA’s passage, many countries have adopted similar measures, making it easier to gather telecommunications intelligence for international investigations. A 2001 working group for the United Nations Office on Drugs and Crime went so far as to urge countries to consider permitting foreign law enforcement agencies to initiate international wiretaps directly from within their own territories.
The process for setting up lawful intercepts in foreign countries is largely the same as in the United States. “Law enforcement issues a warrant or other authorization, a carrier or a carrier’s agent responds to the warrant by provisioning the intercept, and the information is sent in sort of a one-way path to the law enforcement agency,” says Marcus Thomas, a former FBI assistant director who now serves as chief technology officer for Subsentio.
When U.S. drug agents wiretap a country’s phone networks, they must comply with the host country’s laws and work alongside their law enforcement counterparts. “The way DEA works with our allies – it could be Bahamas or Jamaica or anywhere – the host country has to invite us,” says Margolis. “We come in and provide the support, but they do the intercept themselves.”
The Bahamas’ Listening Devices Act requires all wiretaps to be authorized in writing either by the minister of national security or the police commissioner in consultation with the attorney general. The individuals to be targeted must be named. Under the nation’s Data Protection Act, personal data may only be “collected by means which are both lawful and fair in the circumstances of the case.” The office of the Bahamian data protection commissioner, which administers the act, said in a statement that it “was not aware of the matter you raise.”
Countries like the Bahamas don’t install lawful intercepts on their own. With the adoption of international standards, a thriving market has emerged for private firms that are contracted by foreign governments to install and maintain lawful intercept equipment. Currently valued at more than $128 million, the global market for private interception services is expected to skyrocket to more than $970 million within the next four years, according to a 2013 report from the research firm Markets and Markets.
“Most telecom hardware vendors will have some solutions for legal interception,” says a former mobile telecommunications engineer who asked not to be named because he is currently working for the British government. “That’s pretty much because legal interception is a requirement if you’re going to operate a mobile phone network.”
The proliferation of private contractors has apparently provided the NSA with direct access to foreign phone networks. According to the documents, MYSTIC draws its data from “collection systems” that were overtly installed on the telecommunications systems of targeted countries, apparently by corporate “partners” cooperating with the NSA.
One NSA document spells out that “the overt purpose” given for accessing foreign telecommunications systems is “for legitimate commercial service for the Telco’s themselves.” But the same document adds: “Our covert mission is the provision of SIGINT,” or signals intelligence.
The classified 2013 intelligence budget also describes MYSTIC as using “partner-enabled” access to both cellular and landline phone networks. The goal of the access, the budget says, is to “provide comprehensive metadata access and content against targeted communications” in the Caribbean, Mexico, Kenya, the Philippines, and the unnamed country. The budget adds that in the Bahamas, Mexico, and the Philippines, MYSTIC requires “contracted services” for its “operational sustainment.”
SSO_Dictionary_Excerpt
Definitions of terms related to the MYSTIC program, drawn from an NSA glossary
The NSA documents don’t specify who is providing access in the Bahamas. But they do describe SOMALGET as an “umbrella term” for systems provided by a private firm, which is described elsewhere in the documents as a “MYSTIC access provider.” (The documents don’t name the firm, but rather refer to a cover name that The Intercept has agreed not to publish in response to a specific, credible concern that doing so could lead to violence.) Communications experts consulted by The Intercept say the descriptions in the documents suggest a company able to install lawful intercept equipment on phone networks.
Though it is not the “access provider,” the behemoth NSA contractor General Dynamics is directly involved in both MYSTIC and SOMALGET. According to documents, the firm has an eight-year, $51 million contract to process “all MYSTIC data and data for other NSA accesses” at a facility in Annapolis Junction, Maryland, down the road from NSA’s headquarters. NSA logs of SOMALGET collection activity – communications between analysts about issues such as outages and performance problems – contain references to a technician at a “SOMALGET processing facility” who bears the same name as a LinkedIn user listing General Dynamics as his employer. Reached for comment, a General Dynamics spokesperson referred questions to the NSA.
According to the NSA documents, MYSTIC targets calls and other data transmitted on Global System for Mobile Communications networks – the primary framework used for cell phone calls worldwide. In the Philippines, MYSTIC collects “GSM, Short Message Service (SMS) and Call Detail Records” via access provided by a “DSD asset in a Philippine provider site.” (The DSD refers to the Defence Signals Directorate, an arm of Australian intelligence. The Australian consulate in New York declined to comment.) The operation in Kenya is “sponsored” by the CIA, according to the documents, and collects “GSM metadata with the potential for content at a later date.” The Mexican operation is likewise sponsored by the CIA. The documents don’t say how or under what pretenses the agency is gathering call data in those countries.
In the Bahamas, the documents say, the NSA intercepts GSM data that is transmitted over what is known as the “A link”–or “A interface”–a core component of many mobile networks. The A link transfers data between two crucial parts of GSM networks – the base station subsystem, where phones in the field communicate with cell towers, and the network subsystem, which routes calls and text messages to the appropriate destination. “It’s where all of the telephone traffic goes,” says the former engineer.
Punching into this portion of a county’s mobile network would give the NSA access to a virtually non-stop stream of communications. It would also require powerful technology.
“I seriously don’t think that would be your run-of-the-mill legal interception equipment,” says the former engineer, who worked with hardware and software that typically maxed out at 1,000 intercepts. The NSA, by contrast, is recording and storing tens of millions of calls – “mass surveillance,” he observes, that goes far beyond the standard practices for lawful interception recognized around the world.
The Bahamas Telecommunications Company did not respond to repeated phone calls and emails.
If the U.S. government wanted to make a case for surveillance in the Bahamas, it could point to the country’s status as a leading haven for tax cheats, corporate shell games, and a wide array of black-market traffickers. The State Department considers the Bahamas both a “major drug-transit country” and a “major money laundering country” (a designation it shares with more than 60 other nations, including the U.S.). According to the International Monetary Fund, as of 2011 the Bahamas was home to 271 banks and trust companies with active licenses. At the time, the Bahamian banks held $595 billion in U.S. assets.
But the NSA documents don’t reflect a concerted focus on the money launderers and powerful financial institutions – including numerous Western banks – that underpin the black market for narcotics in the Bahamas. Instead, an internal NSA presentation from 2013 recounts with pride how analysts used SOMALGET to locate an individual who “arranged Mexico-to-United States marijuana shipments” through the U.S. Postal Service.
marijauna
A slide from a 2013 NSA Special Source Operations presentation
The presentation doesn’t say whether the NSA shared the information with the DEA. But the drug agency’s Special Operations Divison has come under fire for improperly using classified information obtained by the NSA to launch criminal investigations – and then creating false narratives to mislead courts about how the investigations began. The tactic – known as parallel construction – was first reported by Reuters last year, and is now under investigation by the Justice Department’s inspector general.
So: Beyond a desire to bust island pot dealers, why would the NSA choose to apply a powerful collection tool such as SOMALGET against the Bahamas, which poses virtually no threat to the United States?
The answer may lie in a document that characterizes the Bahamas operation as a “test bed for system deployments, capabilities, and improvements” to SOMALGET. The country’s small population – fewer than 400,000 residents – provides a manageable sample to try out the surveillance system’s features. Since SOMALGET is also operational in one other country, the Bahamas may be used as a sort of guinea pig to beta-test improvements and alterations without impacting the system’s operations elsewhere.
“From an engineering point of view it makes perfect sense,” says the former engineer. “Absolutely.”
Beyond the Bahamas, the other countries being targeted by MYSTIC are more in line with the NSA’s more commonly touted priorities. In Kenya, the U.S. works closely with local security forces in combating the militant fundamentalist group Al-Shabab, based in neighboring Somalia. In the Philippines, the U.S. continues to support a bloody shadow war against Islamist extremists launched by the Bush administration in 2002. Last month, President Barack Obama visited Manila to sign a military pact guaranteeing that U.S. operations in Southeast Asia will continue and expand for at least another decade.
Mexico, another country targeted by MYSTIC, has received billions of dollars in police, military, and intelligence aid from the U.S. government over the past seven years to fight the war on drugs, a conflict that has left more than 70,000 Mexicans dead by some estimates. Attorney General Eric Holder has described Mexican drug cartels as a U.S. “national security threat,” and in 2009, then-CIA director Michael Hayden said the violence and chaos in Mexico would soon be the second greatest security threat facing the U.S. behind Al Qaeda.
Photo credit: Marcelo A. Salinas/MCT/Zumapress.com
Photo credit: Marcelo A. Salinas/MCT/Zumapress.com
The legality of the NSA’s sweeping surveillance in the Bahamas is unclear, given the permissive laws under which the U.S intelligence community operates. Earlier this year, President Obama issued a policy directive imposing “new limits” on the U.S. intelligence community’s use of “signals intelligence collected in bulk.” In addition to threats against military or allied personnel, the directive lists five broad conditions under which the agency would be permitted to trawl for data in unrestricted dragnets: threats posed by foreign powers, terrorism, weapons of mass destruction, cybersecurity, and “transnational criminal threats, including illicit finance and sanctions evasion.”
SOMALGET operates under Executive Order 12333, a Reagan-era rule establishing wide latitude for the NSA and other intelligence agencies to spy on other countries, as long as the attorney general is convinced the efforts are aimed at gathering foreign intelligence. In 2000, the NSA assured Congress that all electronic surveillance performed under 12333 “must be conducted in a manner that minimizes the acquisition, retention, and dissemination of information about unconsenting U.S. persons.” In reality, many legal experts point out, the lack of judicial oversight or criminal penalties for violating the order render the guidelines meaningless.
“I think it would be open, whether it was legal or not,” says German, the former FBI agent. “Because we don’t have all the facts about how they’re doing it. For a long time, the NSA has been interpreting their authority in the broadest possible way, even beyond what an objective observer would say was reasonable.”
“An American citizen has Fourth Amendment rights wherever they are,” adds Kurt Opsahl, an attorney with the Electronic Frontier Foundation. “Nevertheless, there have certainly been a number of things published over the last year which suggest that there are broad, sweeping programs that the NSA and other government agencies are doing abroad that sweep up the communications of Americans.”
Legal or not, the NSA’s covert surveillance of an entire nation suggests that it will take more than the president’s tepid “limits” to rein in the ambitions of the intelligence community. “It’s almost like they have this mentality – if we can, we will,” says German. “There’s no analysis of the long-term risks of doing it, no analysis of whether it’s actually worth the effort, no analysis of whether we couldn’t take those resources and actually put them on real threats and do more good.”
It’s not surprising, German adds, that the government’s covert program in the Bahamas didn’t remain covert. “The undermining of international law and international cooperation is such a long-term negative result of these programs that they had to know would eventually be exposed, whether through a leak, whether through a spy, whether through an accident,” he says. “Nothing stays secret forever. It really shows the arrogance of these agencies – they were just going to do what they were going to do, and they weren’t really going to consider any other important aspects of how our long-term security needs to be addressed.”
Documents published with this article:
SOMALGET memo
SIDToday: DEA – The “Other” Warfighter
SSO Dictionary Excerpt
MYSTIC
SSO March 14, 2013
SSO April 18, 2013 – What’s New
SSO May 2, 2013
SSO May 3, 2013 – MYSTIC
SSO May 3, 2012
Black Budget
By Ryan Devereaux, Glenn Greenwald and Laura Poitras19 May 2014, 12:37 PM EDT 395
Find this story at 19 May 2014
© 2014 First Look Productions, Inc

Van nieuwsblog.burojansen.nl

It’s been a couple of months since the Washington Post published a scoop on the extraordinary overseas eavesdropping capabilities of the U.S. government. Under the bylines of Barton Gellman and Ashkan Soltani, the paper revealed that the National Security Agency (NSA) had amassed a system — known as “MYSTIC” — enabling it to “rewind and review” all of the telephone conversations of a foreign country.
From the story: “A senior manager for the program compares it to a time machine — one that can replay the voices from any call without requiring that a person be identified in advance for surveillance.” Details on the program came from documents supplied by NSA whistleblower Edward Snowden as well as from sources familiar with the program.
A really juicy scoop, with one desiccating caveat: The Post withheld a detail critical to understanding the scope and capabilities of the program:
At the request of U.S. officials, The Washington Post is withholding details that could be used to identify the country where the system is being employed or other countries where its use was envisioned.
Ah, a legacy media outlet acceding to a request from the U.S. government. Or, in other words, the raison d’etre of Glenn Greenwald, the former Guardian columnist and current First Look Media talent who has long criticized American media outlets for wimping out on disclosure of sensitive information. In a recent interview with Amy Goodman of Democracy Now, Greenwald riffed, “[t]he editors at The Washington Post are very much old-style, old-media, pro-government journalists, the kind who have essentially made journalism in the U.S. neutered and impotent and obsolete.”
Following the Post’s story on MYSTIC, the Erik Wemple Blog waited a couple of weeks and then asked Greenwald, essentially, where’s your story on this thing? He responded, “I can’t comment on that yet, except to say that, obviously, if we were to publish something that the WashPost has announced it thinks shouldn’t be published, it would take work (and thus time) with editors, lawyers and the like.”
Time, indeed. Yesterday, The Intercept, First Look Media’s magazine on national security matters, published its version of the Post’s MYSTIC story. In the very headline of the piece, it drew a distinction between its piece and that of the Washington Post: “Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas.”
The Bahamas? The what?
Under the bylines of Ryan Devereaux, Greenwald and Laura Poitras, The Intercept reports that the NSA worked with the Drug Enforcement Agency (DEA) to secure a “backdoor” to the cell phone network of the island nation, “without the knowledge or consent of the Bahamian government.” Noting that the agency commonly cites such life-and-death imperatives as anti-terrorism to justify its eavesdropping program, in this case it’s going after drug traffickers and smugglers, “a far cry from derailing terror plots or intercepting weapons of mass destruction,” notes the story.
If the Bahamas sounds like an odd place on which to focus such a spy initiative, that’s perhaps by design, notes the story: It could well be a “sort of guinea pig to beta-test improvements and alterations without impacting the system’s operations elsewhere.”
As for the “elsewhere,” Greenwald and The Intercept go there, to a point. Here’s the big reveal of the story: “Documents show that the NSA has been generating intelligence reports from MYSTIC surveillance in the Bahamas, Mexico, Kenya, the Philippines and one other country, which The Intercept is not naming in response to specific, credible concerns that doing so could lead to increased violence. The more expansive full-take recording capability has been deployed in both the Bahamas and the unnamed country.”
John Cook, The Intercept’s editor-in-chief, declined an interview request about the decisions behind the story, instead leaving the matter to Twitter. Which provides a rich back-and-forth for this case.
Following publication of the story, Wikileaks ripped The Intercept for failing to embrace a more radical form of transparency:
The principals then went off to the races:
And then some input from The Intercept’s priest of adversarial press-government relations:
Compare that sentiment with what Greenwald tweeted the day the Washington Post published its MYSTIC story:
As part of the back-and-forth Wikileaks made a bid for renewed relevance with this boast:
The exchange proves that in the world of radical media-government adversarialists, purity is a prerequisite. Here, Greenwald apparently thought his publication was sticking to its governing principles in publishing the names of four countries, only to get shouted down by Wikileaks for not going far enough (Greenwald couldn’t be reached for comment). In a previous post, Greenwald has criticized the NSA for allegedly spilling details of top-secret programs when it suits its propaganda mission, only to turn around and insist to media outlets that lives will be endangered if they publish sensitive information.
The Intercept’s partial defiance of the NSA in publishing the names of four countries surely adds contour to the story of MYSTIC — the example of the Bahamas alone fleshes out various legal and diplomatic considerations involved in foreign surveillance. The more careful Washington Post version of the story was interesting yet unsatisfying: Absent a specific country, it was more difficult to reach hard conclusions on the program’s legitimacy, legality and efficacy. Those are the dangers of scaling back detail in consideration of security concerns. When asked if naming just the Bahamas as a way of explaining NSA capabilities would have been a tolerably cautious approach, Washington Post Executive Editor Martin Baron replied, “You make some assumptions here, but I’m not going to address them.”
There are also perils to The Intercept’s approach. It may have touched off a macho-transparentist scramble to out that one country whose secretness The Intercept genuinely wants to protect.
Whatever the outcome, each outlet apparently got the same pitch from the government: “We shared with both news outlets the very same concerns about risks to human life and national security,” says NSA spokeswoman Vanee’ Vines in a statement to this blog. She also sent along this statement:
Every day, NSA provides valuable intelligence on issues of concern to all Americans – such as international terrorism, cyber crime, international narcotics trafficking, and the proliferation of weapons of mass destruction. The fact that the U.S. government works with other nations, under specific and regulated conditions, mutually strengthens the security of all.
NSA’s efforts are focused on ensuring the protection of the national security of the United States, its citizens, and our allies through the pursuit of valid foreign intelligence targets. Moreover, all of NSA’s efforts are strictly conducted under the rule of law and provide appropriate protection for privacy rights.
The Agency collects data to meet specific security and intelligence requirements such as counterintelligence, counterterrorism, counterproliferation, cyber security, force protection for U.S. troops and allies, and combating transnational crime.
Erik Wemple writes the Erik Wemple blog, where he reports and opines on media organizations of all sorts.
BY ERIK WEMPLE May 20
Find this story at 20 May 2014
© 1996-2014 The Washington Post

Van nieuwsblog.burojansen.nl

The NSA has been covertly implanting interception tools in US servers heading overseas – even though the US government has warned against using Chinese technology for the same reasons, says Glenn Greenwald, in an extract from his new book about the Snowden affair, No Place to Hide
For years, the US government loudly warned the world that Chinese routers and other internet devices pose a “threat” because they are built with backdoor surveillance functionality that gives the Chinese government the ability to spy on anyone using them. Yet what the NSA’s documents show is that Americans have been engaged in precisely the activity that the US accused the Chinese of doing.
Tell us what you think: Star-rate and review this book
The drumbeat of American accusations against Chinese internet device manufacturers was unrelenting. In 2012, for example, a report from the House Intelligence Committee, headed by Mike Rogers, claimed that Huawei and ZTE, the top two Chinese telecommunications equipment companies, “may be violating United States laws” and have “not followed United States legal obligations or international standards of business behaviour”. The committee recommended that “the United States should view with suspicion the continued penetration of the US telecommunications market by Chinese telecommunications companies”.
The Rogers committee voiced fears that the two companies were enabling Chinese state surveillance, although it acknowledged that it had obtained no actual evidence that the firms had implanted their routers and other systems with surveillance devices. Nonetheless, it cited the failure of those companies to cooperate and urged US firms to avoid purchasing their products: “Private-sector entities in the United States are strongly encouraged to consider the long-term security risks associated with doing business with either ZTE or Huawei for equipment or services. US network providers and systems developers are strongly encouraged to seek other vendors for their projects. Based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems.”
The constant accusations became such a burden that Ren Zhengfei, the 69-year-old founder and CEO of Huawei, announced in November 2013 that the company was abandoning the US market. As Foreign Policy reported, Zhengfei told a French newspaper: “‘If Huawei gets in the middle of US-China relations,’ and causes problems, ‘it’s not worth it’.”
But while American companies were being warned away from supposedly untrustworthy Chinese routers, foreign organisations would have been well advised to beware of American-made ones. A June 2010 report from the head of the NSA’s Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers.
The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some “SIGINT tradecraft … is very hands-on (literally!)”.
Eventually, the implanted device connects back to the NSA. The report continues: “In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network.”
It is quite possible that Chinese firms are implanting surveillance mechanisms in their network devices. But the US is certainly doing the same.
Warning the world about Chinese surveillance could have been one of the motives behind the US government’s claims that Chinese devices cannot be trusted. But an equally important motive seems to have been preventing Chinese devices from supplanting American-made ones, which would have limited the NSA’s own reach. In other words, Chinese routers and servers represent not only economic competition but also surveillance competition.
The Guardian, Monday 12 May 2014 22.39 BST
Find this story at 12 May 2014
© 2014 Guardian News and Media Limited or its affiliated companies. All rights reserved.

National Security Agency head and Internet giant’s executives have coordinated through high-level policy discussions

Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. government than was implied by Silicon Valley brass after last year’s revelations about NSA spying.

Disclosures by former NSA contractor Edward Snowden about the agency’s vast capability for spying on Americans’ electronic communications prompted a number of tech executives whose firms cooperated with the government to insist they had done so only when compelled by a court of law.

But Al Jazeera has obtained two sets of email communications dating from a year before Snowden became a household name that suggest not all cooperation was under pressure.

On the morning of June 28, 2012, an email from Alexander invited Schmidt to attend a four-hour-long “classified threat briefing” on Aug. 8 at a “secure facility in proximity to the San Jose, CA airport.”

“The meeting discussion will be topic-specific, and decision-oriented, with a focus on Mobility Threats and Security,” Alexander wrote in the email, obtained under a Freedom of Information Act (FOIA) request, the first of dozens of communications between the NSA chief and Silicon Valley executives that the agency plans to turn over.

Alexander, Schmidt and other industry executives met earlier in the month, according to the email. But Alexander wanted another meeting with Schmidt and “a small group of CEOs” later that summer because the government needed Silicon Valley’s help.

“About six months ago, we began focusing on the security of mobility devices,” Alexander wrote. “A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the CEOs of key companies to provide them a brief on the specific threats we believe can be mitigated and to seek their commitment for their organization to move ahead … Google’s participation in refinement, engineering and deployment of the solutions will be essential.”

Jennifer Granick, director of civil liberties at Stanford Law School’s Center for Internet and Society, said she believes information sharing between industry and the government is “absolutely essential” but “at the same time, there is some risk to user privacy and to user security from the way the vulnerability disclosure is done.”

The challenge facing government and industry was to enhance security without compromising privacy, Granick said. The emails between Alexander and Google executives, she said, show “how informal information sharing has been happening within this vacuum where there hasn’t been a known, transparent, concrete, established methodology for getting security information into the right hands.”

The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identities of some participant tech firms and the threats they discussed.

The classified briefing cited by Alexander was part of a secretive government initiative known as the Enduring Security Framework (ESF), and his email provides some rare information about what the ESF entails, the identity of some participant tech firms and the threats they discussed.
Alexander explained that the deputy secretaries of the Department of Defense, Homeland Security and “18 US CEOs” launched the ESF in 2009 to “coordinate government/industry actions on important (generally classified) security issues that couldn’t be solved by individual actors alone.”

“For example, over the last 18 months, we (primarily Intel, AMD [Advanced Micro Devices], HP [Hewlett-Packard], Dell and Microsoft on the industry side) completed an effort to secure the BIOS of enterprise platforms to address a threat in that area.”

“BIOS” is an acronym for “basic input/output system,” the system software that initializes the hardware in a personal computer before the operating system starts up. NSA cyberdefense chief Debora Plunkett in December disclosed that the agency had thwarted a “BIOS plot” by a “nation-state,” identified as China, to brick U.S. computers. That plot, she said, could have destroyed the U.S. economy. “60 Minutes,” which broke the story, reported that the NSA worked with unnamed “computer manufacturers” to address the BIOS software vulnerability.

But some cybersecurity experts questioned the scenario outlined by Plunkett.

“There is probably some real event behind this, but it’s hard to tell, because we don’t have any details,” wrote Robert Graham, CEO of the penetration-testing firm Errata Security in Atlanta, on his blog in December. “It”s completely false in the message it is trying to convey. What comes out is gibberish, as any technical person can confirm.”

And by enlisting the NSA to shore up their defenses, those companies may have made themselves more vulnerable to the agency’s efforts to breach them for surveillance purposes.

“I think the public should be concerned about whether the NSA was really making its best efforts, as the emails claim, to help secure enterprise BIOS and mobile devices and not holding the best vulnerabilities close to their chest,” said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation’s digital civil liberties team.

He doesn’t doubt that the NSA was trying to secure enterprise BIOS, but he suggested that the agency, for its own purposes, was “looking for weaknesses in the exact same products they’re trying to secure.”

The NSA “has no business helping Google secure its facilities from the Chinese and at the same time hacking in through the back doors and tapping the fiber connections between Google base centers,” Cardozo said. “The fact that it’s the same agency doing both of those things is in obvious contradiction and ridiculous.” He recommended dividing offensive and defensive functions between two agencies.

Google, NSA
The government has asked for Silicon Valley’s help. Adam Berry / Getty Images
Two weeks after the “60 Minutes” broadcast, the German magazine Der Spiegel, citing documents obtained by Snowden, reported that the NSA inserted back doors into BIOS, doing exactly what Plunkett accused a nation-state of doing during her interview.

Google’s Schmidt was unable to attend to the mobility security meeting in San Jose in August 2012.

“General Keith.. so great to see you.. !” Schmidt wrote. “I’m unlikely to be in California that week so I’m sorry I can’t attend (will be on the east coast). Would love to see you another time. Thank you !” Since the Snowden disclosures, Schmidt has been critical of the NSA and said its surveillance programs may be illegal.

Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, did attend that briefing. Foreign Policy reported a month later that Dempsey and other government officials — no mention of Alexander — were in Silicon Valley “picking the brains of leaders throughout the valley and discussing the need to quickly share information on cyber threats.” Foreign Policy noted that the Silicon Valley executives in attendance belonged to the ESF. The story did not say mobility threats and security was the top agenda item along with a classified threat briefing.

A week after the gathering, Dempsey said during a Pentagon press briefing, “I was in Silicon Valley recently, for about a week, to discuss vulnerabilities and opportunities in cyber with industry leaders … They agreed — we all agreed on the need to share threat information at network speed.”

Google co-founder Sergey Brin attended previous meetings of the ESF group but because of a scheduling conflict, according to Alexander’s email, he also could not attend the Aug. 8 briefing in San Jose, and it’s unknown if someone else from Google was sent.

A few months earlier, Alexander had emailed Brin to thank him for Google’s participation in the ESF.

“I see ESF’s work as critical to the nation’s progress against the threat in cyberspace and really appreciate Vint Cerf [Google’s vice president and chief Internet evangelist], Eric Grosse [vice president of security engineering] and Adrian Ludwig’s [lead engineer for Android security] contributions to these efforts during the past year,” Alexander wrote in a Jan. 13, 2012, email.

“You recently received an invitation to the ESF Executive Steering Group meeting, which will be held on January 19, 2012. The meeting is an opportunity to recognize our 2012 accomplishments and set direction for the year to come. We will be discussing ESF’s goals and specific targets for 2012. We will also discuss some of the threats we see and what we are doing to mitigate those threats … Your insights, as a key member of the Defense Industrial Base, are valuable to ensure ESF’s efforts have measurable impact.”

A Google representative declined to answer specific questions about Brin’s and Schmidt’s relationship with Alexander or about Google’s work with the government.

“We work really hard to protect our users from cyberattacks, and we always talk to experts — including in the U.S. government — so we stay ahead of the game,” the representative said in a statement to Al Jazeera. “It’s why Sergey attended this NSA conference.”

Brin responded to Alexander the following day even though the head of the NSA didn’t use the appropriate email address when contacting the co-chairman.

“Hi Keith, looking forward to seeing you next week. FYI, my best email address to use is [redacted],” Brin wrote. “The one your email went to — sergey.brin@google.com — I don’t really check.”

May 6, 2014 5:00AM ET
by Jason Leopold @JasonLeopold

Find this story at 6 May 2014

© 2014 Al Jazeera America, LLC.