Fisa court submissions show broad scope of procedures governing NSA’s surveillance of Americans’ communication

• Document one: procedures used by NSA to target non-US persons
• Document two: procedures used by NSA to minimise data collected from US persons

The documents show that discretion as to who is actually targeted lies directly with the NSA’s analysts. Photograph: Martin Rogers/Workbook Stock/Getty

Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information “inadvertently” collected from domestic US communications without a warrant.

The Guardian is publishing in full two documents submitted to the secret Foreign Intelligence Surveillance Court (known as the Fisa court), signed by Attorney General Eric Holder and stamped 29 July 2009. They detail the procedures the NSA is required to follow to target “non-US persons” under its foreign intelligence powers and what the agency does to minimize data collected on US citizens and residents in the course of that surveillance.

The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used.

The procedures cover only part of the NSA’s surveillance of domestic US communications. The bulk collection of domestic call records, as first revealed by the Guardian earlier this month, takes place under rolling court orders issued on the basis of a legal interpretation of a different authority, section 215 of the Patriot Act.

The Fisa court’s oversight role has been referenced many times by Barack Obama and senior intelligence officials as they have sought to reassure the public about surveillance, but the procedures approved by the court have never before been publicly disclosed.

The top secret documents published today detail the circumstances in which data collected on US persons under the foreign intelligence authority must be destroyed, extensive steps analysts must take to try to check targets are outside the US, and reveals how US call records are used to help remove US citizens and residents from data collection.

However, alongside those provisions, the Fisa court-approved policies allow the NSA to:

• Keep data that could potentially contain details of US persons for up to five years;

• Retain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;

• Preserve “foreign intelligence information” contained within attorney-client communications;

• Access the content of communications gathered from “U.S. based machine[s]” or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.

The broad scope of the court orders, and the nature of the procedures set out in the documents, appear to clash with assurances from President Obama and senior intelligence officials that the NSA could not access Americans’ call or email information without warrants.

The documents also show that discretion as to who is actually targeted under the NSA’s foreign surveillance powers lies directly with its own analysts, without recourse to courts or superiors – though a percentage of targeting decisions are reviewed by internal audit teams on a regular basis.

Since the Guardian first revealed the extent of the NSA’s collection of US communications, there have been repeated calls for the legal basis of the programs to be released. On Thursday, two US congressmen introduced a bill compelling the Obama administration to declassify the secret legal justifications for NSA surveillance.

The disclosure bill, sponsored by Adam Schiff, a California Democrat, and Todd Rokita, an Indiana Republican, is a complement to one proposed in the Senate last week. It would “increase the transparency of the Fisa Court and the state of the law in this area,” Schiff told the Guardian. “It would give the public a better understanding of the safeguards, as well as the scope of these programs.”

Section 702 of the Fisa Amendments Act (FAA), which was renewed for five years last December, is the authority under which the NSA is allowed to collect large-scale data, including foreign communications and also communications between the US and other countries, provided the target is overseas.

FAA warrants are issued by the Fisa court for up to 12 months at a time, and authorise the collection of bulk information – some of which can include communications of US citizens, or people inside the US. To intentionally target either of those groups requires an individual warrant.
One-paragraph order

One such warrant seen by the Guardian shows that they do not contain detailed legal rulings or explanation. Instead, the one-paragraph order, signed by a Fisa court judge in 2010, declares that the procedures submitted by the attorney general on behalf of the NSA are consistent with US law and the fourth amendment.

Those procedures state that the “NSA determines whether a person is a non-United States person reasonably believed to be outside the United States in light of the totality of the circumstances based on the information available with respect to that person, including information concerning the communications facility or facilities used by that person”.

It includes information that the NSA analyst uses to make this determination – including IP addresses, statements made by the potential target, and other information in the NSA databases, which can include public information and data collected by other agencies.

Where the NSA has no specific information on a person’s location, analysts are free to presume they are overseas, the document continues.

“In the absence of specific information regarding whether a target is a United States person,” it states “a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person can be positively identified as a United States person.”

If it later appears that a target is in fact located in the US, analysts are permitted to look at the content of messages, or listen to phone calls, to establish if this is indeed the case.

Referring to steps taken to prevent intentional collection of telephone content of those inside the US, the document states: “NSA analysts may analyze content for indications that a foreign target has entered or intends to enter the United States. Such content analysis will be conducted according to analytic and intelligence requirements and priorities.”

Details set out in the “minimization procedures”, regularly referred to in House and Senate hearings, as well as public statements in recent weeks, also raise questions as to the extent of monitoring of US citizens and residents.

NSA minimization procedures signed by Holder in 2009 set out that once a target is confirmed to be within the US, interception must stop immediately. However, these circumstances do not apply to large-scale data where the NSA claims it is unable to filter US communications from non-US ones.

The NSA is empowered to retain data for up to five years and the policy states “communications which may be retained include electronic communications acquired because of limitations on the NSA’s ability to filter communications”.

Even if upon examination a communication is found to be domestic – entirely within the US – the NSA can appeal to its director to keep what it has found if it contains “significant foreign intelligence information”, “evidence of a crime”, “technical data base information” (such as encrypted communications), or “information pertaining to a threat of serious harm to life or property”.

Domestic communications containing none of the above must be destroyed. Communications in which one party was outside the US, but the other is a US-person, are permitted for retention under FAA rules.

The minimization procedure adds that these can be disseminated to other agencies or friendly governments if the US person is anonymised, or including the US person’s identity under certain criteria.
Holder’s ‘minimization procedure’ says once a target is confirmed to be in the US, interception of communication must stop. Photo: Nicholas Kamm/AFP/Getty Images

A separate section of the same document notes that as soon as any intercepted communications are determined to have been between someone under US criminal indictment and their attorney, surveillance must stop. However, the material collected can be retained, if it is useful, though in a segregated database:

“The relevant portion of the communication containing that conversation will be segregated and the National Security Division of the Department of Justice will be notified so that appropriate procedures may be established to protect such communications from review or use in any criminal prosecution, while preserving foreign intelligence information contained therein,” the document states.

In practice, much of the decision-making appears to lie with NSA analysts, rather than the Fisa court or senior officials.

A transcript of a 2008 briefing on FAA from the NSA’s general counsel sets out how much discretion NSA analysts possess when it comes to the specifics of targeting, and making decisions on who they believe is a non-US person. Referring to a situation where there has been a suggestion a target is within the US.

“Once again, the standard here is a reasonable belief that your target is outside the United States. What does that mean when you get information that might lead you to believe the contrary? It means you can’t ignore it. You can’t turn a blind eye to somebody saying: ‘Hey, I think so and so is in the United States.’ You can’t ignore that. Does it mean you have to completely turn off collection the minute you hear that? No, it means you have to do some sort of investigation: ‘Is that guy right? Is my target here?” he says.

“But, if everything else you have says ‘no’ (he talked yesterday, I saw him on TV yesterday, even, depending on the target, he was in Baghdad) you can still continue targeting but you have to keep that in mind. You can’t put it aside. You have to investigate it and, once again, with that new information in mind, what is your reasonable belief about your target’s location?”

The broad nature of the court’s oversight role, and the discretion given to NSA analysts, sheds light on responses from the administration and internet companies to the Guardian’s disclosure of the PRISM program. They have stated that the content of online communications is turned over to the NSA only pursuant to a court order. But except when a US citizen is specifically targeted, the court orders used by the NSA to obtain that information as part of Prism are these general FAA orders, not individualized warrants specific to any individual.

Once armed with these general orders, the NSA is empowered to compel telephone and internet companies to turn over to it the communications of any individual identified by the NSA. The Fisa court plays no role in the selection of those individuals, nor does it monitor who is selected by the NSA.

The NSA’s ability to collect and retain the communications of people in the US, even without a warrant, has fuelled congressional demands for an estimate of how many Americans have been caught up in surveillance.

Two US senators, Ron Wyden and Mark Udall – both members of the Senate intelligence committee – have been seeking this information since 2011, but senior White House and intelligence officials have repeatedly insisted that the agency is unable to gather such statistics.

Glenn Greenwald and James Ball
guardian.co.uk, Thursday 20 June 2013 23.59 BST

Find this story at 20 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

WASHINGTON — When Max Kelly, the chief security officer for Facebook, left the social media company in 2010, he did not go to Google, Twitter or a similar Silicon Valley concern. Instead the man who was responsible for protecting the personal information of Facebook’s more than one billion users from outside attacks went to work for another giant institution that manages and analyzes large pools of data: the National Security Agency.

Mr. Kelly’s move to the spy agency, which has not previously been reported, underscores the increasingly deep connections between Silicon Valley and the agency and the degree to which they are now in the same business. Both hunt for ways to collect, analyze and exploit large pools of data about millions of Americans.

The only difference is that the N.S.A. does it for intelligence, and Silicon Valley does it to make money.

The disclosure of the spy agency’s program called Prism, which is said to collect the e-mails and other Web activity of foreigners using major Internet companies like Google, Yahoo and Facebook, has prompted the companies to deny that the agency has direct access to their computers, even as they acknowledge complying with secret N.S.A. court orders for specific data.

Yet technology experts and former intelligence officials say the convergence between Silicon Valley and the N.S.A. and the rise of data mining — both as an industry and as a crucial intelligence tool — have created a more complex reality.

Silicon Valley has what the spy agency wants: vast amounts of private data and the most sophisticated software available to analyze it. The agency in turn is one of Silicon Valley’s largest customers for what is known as data analytics, one of the valley’s fastest-growing markets. To get their hands on the latest software technology to manipulate and take advantage of large volumes of data, United States intelligence agencies invest in Silicon Valley start-ups, award classified contracts and recruit technology experts like Mr. Kelly.

“We are all in these Big Data business models,” said Ray Wang, a technology analyst and chief executive of Constellation Research, based in San Francisco. “There are a lot of connections now because the data scientists and the folks who are building these systems have a lot of common interests.”

Although Silicon Valley has sold equipment to the N.S.A. and other intelligence agencies for a generation, the interests of the two began to converge in new ways in the last few years as advances in computer storage technology drastically reduced the costs of storing enormous amounts of data — at the same time that the value of the data for use in consumer marketing began to rise. “These worlds overlap,” said Philipp S. Krüger, chief executive of Explorist, an Internet start-up in New York.

The sums the N.S.A. spends in Silicon Valley are classified, as is the agency’s total budget, which independent analysts say is $8 billion to $10 billion a year.

Despite the companies’ assertions that they cooperate with the agency only when legally compelled, current and former industry officials say the companies sometimes secretly put together teams of in-house experts to find ways to cooperate more completely with the N.S.A. and to make their customers’ information more accessible to the agency. The companies do so, the officials say, because they want to control the process themselves. They are also under subtle but powerful pressure from the N.S.A. to make access easier.

Skype, the Internet-based calling service, began its own secret program, Project Chess, to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials, according to people briefed on the program who asked not to be named to avoid trouble with the intelligence agencies.

Project Chess, which has never been previously disclosed, was small, limited to fewer than a dozen people inside Skype, and was developed as the company had sometimes contentious talks with the government over legal issues, said one of the people briefed on the project. The project began about five years ago, before most of the company was sold by its parent, eBay, to outside investors in 2009. Microsoft acquired Skype in an $8.5 billion deal that was completed in October 2011.

A Skype executive denied last year in a blog post that recent changes in the way Skype operated were made at the behest of Microsoft to make snooping easier for law enforcement. It appears, however, that Skype figured out how to cooperate with the intelligence community before Microsoft took over the company, according to documents leaked by Edward J. Snowden, a former contractor for the N.S.A. One of the documents about the Prism program made public by Mr. Snowden says Skype joined Prism on Feb. 6, 2011.

Microsoft executives are no longer willing to affirm statements, made by Skype several years ago, that Skype calls could not be wiretapped. Frank X. Shaw, a Microsoft spokesman, declined to comment.

In its recruiting in Silicon Valley, the N.S.A. sends some of its most senior officials to lure the best of the best. No less than Gen. Keith B. Alexander, the agency’s director and the chief of the Pentagon’s Cyber Command, showed up at one of the world’s largest hacker conferences in Las Vegas last summer, looking stiff in an uncharacteristic T-shirt and jeans, to give the keynote speech. His main purpose at Defcon, the conference, was to recruit hackers for his spy agency.

N.S.A. badges are often seen on the lapels of officials at other technology and information security conferences. “They’re very open about their interest in recruiting from the hacker community,” said Jennifer Granick, the director of civil liberties at Stanford Law School’s Center for Internet and Society.

But perhaps no one embodies the tightening relationship between the N.S.A. and the valley more than Kenneth A. Minihan.

A career Air Force intelligence officer, Mr. Minihan was the director of the N.S.A. during the Clinton administration until his retirement in the late 1990s, and then he ran the agency’s outside professional networking organization. Today he is managing director of Paladin Capital Group, a venture capital firm based in Washington that in part specializes in financing start-ups that offer high-tech solutions for the N.S.A. and other intelligence agencies. In effect, Mr. Minihan is an advanced scout for the N.S.A. as it tries to capitalize on the latest technology to analyze and exploit the vast amounts of data flowing around the world and inside the United States.

The members of Paladin’s strategic advisory board include Richard C. Schaeffer Jr., a former N.S.A. executive. While Paladin is a private firm, the American intelligence community has its own in-house venture capital company, In-Q-Tel, financed by the Central Intelligence Agency to invest in high-tech start-ups.

Many software technology firms involved in data analytics are open about their connections to intelligence agencies. Gary King, a co-founder and chief scientist at Crimson Hexagon, a start-up in Boston, said in an interview that he had given talks at C.I.A. headquarters in Langley, Va., about his company’s social media analytics tools.

The future holds the prospect of ever greater cooperation between Silicon Valley and the N.S.A. because data storage is expected to increase at an annual compound rate of 53 percent through 2016, according to the International Data Corporation.

“We reached a tipping point, where the value of having user data rose beyond the cost of storing it,” said Dan Auerbach, a technology analyst with the Electronic Frontier Foundation, an electronic privacy group in San Francisco. “Now we have an incentive to keep it forever.”

Social media sites in the meantime are growing as voluntary data mining operations on a scale that rivals or exceeds anything the government could attempt on its own. “You willingly hand over data to Facebook that you would never give voluntarily to the government,” said Bruce Schneier, a technologist and an author.

James Risen reported from Washington, and Nick Wingfield from Seattle. Kitty Bennett contributed reporting.

June 19, 2013
By JAMES RISEN and NICK WINGFIELD

Find this story at 19 June 2013

© 2013 The New York Times Company

Scheme – set up before firm was purchased by Microsoft – allegedly eased access for US law enforcement agencies

Prosecutors in Zhu Yufu’s trial for subversion cited text messages that he sent using Skype. Photograph: Mario Tama/Getty Images

Skype, the web-based communications company, reportedly set up a secret programme to make it easier for US surveillance agencies to access customers’ information.

The programme, called Project Chess and first revealed by the New York Times on Thursday, was said to have been established before Skype was bought by Microsoft in 2011. Microsoft’s links with US security are under intense scrutiny following the Guardian’s revelation of Prism, a surveillance program run by the National Security Agency (NSA), that claimed “direct” access to its servers and those of rivals including Apple, Facebook and Google.

Project Chess was set up to explore the legal and technical issues involved in making Skype’s communications more readily available to law enforcement and security officials, according to the Times. Only a handful of executives were aware of the plan. The company did not immediately return a call for comment.

Last year Skype denied reports that it had changed its software following the Microsoft acquisition in order to allow law enforcement easier access to communications. “Nothing could be more contrary to the Skype philosophy,” Mark Gillett, vice president of Microsoft’s Skype division, said in a blog post.

According to the Prism documents, Skype had been co-operating with the NSA’s scheme since February 2011, eight months before the software giant took it over. The document gives little detail on the technical nature of that cooperation. Microsoft declined to comment.

The news comes as the tech firms are attempting to distance themselves from the Prism revelations. All the firm’s listed as participating in the Prism scheme have denied that they give the NSA “direct” access to their servers, as claimed by the slide presentation, and said that they only comply with legal requests made through the courts.

But since the story broke a more nuanced picture of how the tech firms work with the surveillance authorities has emerged. The US authorities have become increasingly interested in tech firms and its employees after initially struggling to keep up with the shift to digital communications. NSA officials have held high level talks with executives in the tech firms and are actively recruiting in the tech community.
‘That information is how they make their money’

Shane Harris, author of The Watchers: The Rise of America’s Surveillance State, said the NSA had a crisis in the late 1990s when it realised communication was increasingly digital and it was falling behind in its powers to track that data. “You can not overstate that without this data the NSA would be blind,” he said.

The NSA employs former valley executives, including Max Kelly, the former chief security officer for Facebook, and has increasingly sought to hire people in the hacker community. Former NSA director lieutenant general Kenneth Minihan has taken the opposite tack and is helping create the next generation of tech security firms. Minihan is managing director of Paladin Capital, a private equity firm that has a fund dedicated to investing in homeland security. Paladin also employs Dr Alf Andreassen, a former technical adviser for naval warfare who was also for classified national programmes at AT&T and Bell Laboratories.

Harris said the ties were only likely to deepen as technology moves ever more of our communications on line. He warned the move was likely to present more problems for the tech firms as their consumers worry about their privacy. “It’s been fascinating for me listening to the push back from the tech companies,” said Harris.

Christopher Soghoian, a senior policy analyst studying technological surveillance at the American Civil Liberties Union, said the relationship between the tech giants and the NSA has a fundamental – and ironic – flaw that guarantees the Prism scandal is unlikely to be the last time tensions surface between the two.

The US spying apparatus and Silicon Valley’s top tech firms are basically in the same business, collecting information on people, he said. “It’s a weird symbiotic relationship. It’s not that Facebook and Google are trying to build a surveillance system but they effectively have,” he said. “If they wanted to, Google and Facebook could use technology to tackle the issue, anonymizing and deleting their customers’ information. But that information is how they make their money, so that is never going to happen.”

Dominic Rushe in New York
guardian.co.uk, Thursday 20 June 2013 17.37 BST

Find this story at 20 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Skype calls’ immunity to police phone tapping threatened
Suspicious phone conversations on Skype could be targeted for tapping as part of a pan-European crackdown.

Suspicious phone conversations on Skype could be targeted for tapping as part of a pan-European crackdown on what law authorities believe is a massive technical loophole in current wiretapping laws, allowing criminals to communicate without fear of being overheard by the police.

The European investigation could also help U.S. law enforcement authorities gain access to Internet calls. The National Security Agency (NSA) is understood to believe that suspected terrorists use Skype to circumvent detection.

While the police can get a court order to tap a suspect’s land line and mobile phone, it is currently impossible to get a similar order for Internet calls on both sides of the Atlantic.

Skype insisted that it does cooperate with law enforcement authorities, “where legally and technically possible,” the company said in a statement.

“Skype has extensively debriefed Eurojust on our law enforcement program and capabilities,” Skype said.

Eurojust, a European Union agency responsible for coordinating judicial investigations across different jurisdictions announced Friday the opening of an investigation involving all 27 countries of the European Union.

“We will bring investigators from all 27 member states together to find a common approach to this problem,” said Joannes Thuy, a spokesman for Eurojust based in The Hague in the Netherlands.

The purpose of Eurojust’s coordination role is to overcome “the technical and judicial obstacles to the interception of Internet telephony systems”, Eurojust said.

The main judicial obstacles are the differing approaches to data protection in the various E.U. member states, Thuy said.

The investigation is being headed by Eurojust’s Italian representative, Carmen Manfredda.

Criminals in Italy are increasingly making phone calls over the Internet in order to avoid getting caught through mobile phone intercepts, according to Direzione Nazionale Antimafia, the anti-Mafia office in Rome.

Police officers in Milan say organized crime, arms and drugs traffickers, and prostitution rings are turning to Skype and other systems of VOIP (voice over Internet Protocol) telephony in order to frustrate investigators.

While telecommunications companies are obliged to comply with court orders to monitor calls on land lines and mobile phones, “Skype’ refuses to cooperate with the authorities,” Thuy said.

In addition to the issue of cooperation, there are technical obstacles to tapping Skype calls. The way calls are set up and carried between computers is proprietary, and the encryption system used is strong. It could be possible to monitor the call on the originating or receiving computer using a specially written program, or perhaps to divert the traffic through a proxy server, but these are all far more difficult than tapping a normal phone. Calls between a PC and a regular telephone via the SkypeIn or SkypeOut service, however, could fall under existing wiretapping regulations and capabilities at the point where they meet the public telephone network.

The pan-European response to the problem may open the door for the U.S. to take similar action, Thuy said.

“We have very good cooperation with the U.S.,” he said, pointing out that a U.S. prosecutor, Marylee Warren, is based in The Hague in order to liaise between U.S. and European judicial authorities.

The NSA (National Security Agency) is so concerned by Skype that it is offering hackers large sums of money to break its encryption, according to unsourced reports in the U.S.

Italian investigators have become increasingly reliant on wiretaps, Eurojust said, giving a recent example of customs and tax police in Milan, who overheard a suspected cocaine trafficker telling an accomplice to switch to Skype in order to get details of a 2kg drug consignment.

“Investigators are convinced that the interception of telephone calls have become an essential tool of the police, who spend millions of euros each year tracking down crime through wiretaps of land lines and mobile phones,” Eurojust said.

The first meeting of Eurojust’s 27 national representatives is planned in the coming weeks but precise details of its timing and the location of the meeting remain secret, Thuy said.

“They will exchange information and then we will give advice on how to proceed,” he said. Bringing Internet telephony into line with calls on land lines and mobile phones “could be the price we have to pay for our security,” he said.

Paul Meller (IDG News Service)
— 23 February, 2009 09:47

Find this story at 23 February 2009

Copyright 2013 IDG Communications

Exclusive: British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA, latest documents from Edward Snowden reveal

Secret document detailing GCHQ’s ambition to ‘master the internet’

Britain’s spy agency GCHQ has secretly gained access to the network of cables which carry the world’s phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).

The sheer scale of the agency’s ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.

One key innovation has been GCHQ’s ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.

GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.

This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user’s access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.

The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called “the largest programme of suspicionless surveillance in human history”.

“It’s not just a US problem. The UK has a huge dog in this fight,” Snowden told the Guardian. “They [GCHQ] are worse than the US.”

However, on Friday a source with knowledge of intelligence argued that the data was collected legally under a system of safeguards, and had provided material that had led to significant breakthroughs in detecting and preventing serious crime.

Britain’s technical capacity to tap into the cables that carry the world’s communications – referred to in the documents as special source exploitation – has made GCHQ an intelligence superpower.

By 2010, two years after the project was first trialled, it was able to boast it had the “biggest internet access” of any member of the Five Eyes electronic eavesdropping alliance, comprising the US, UK, Canada, Australia and New Zealand.

UK officials could also claim GCHQ “produces larger amounts of metadata than NSA”. (Metadata describes basic information on who has been contacting whom, without detailing the content.)

By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.

The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: “We have a light oversight regime compared with the US”.

When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was “your call”.

The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.

The documents reveal that by last year GCHQ was handling 600m “telephone events” each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time.
Document quoting Lt Gen Keith Alexander, head of the NSA, during a visit to Britain

Each of the cables carries data at a rate of 10 gigabits per second, so the tapped cables had the capacity, in theory, to deliver more than 21 petabytes a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours.

And the scale of the programme is constantly increasing as more cables are tapped and GCHQ data storage facilities in the UK and abroad are expanded with the aim of processing terabits (thousands of gigabits) of data at a time.

For the 2 billion users of the world wide web, Tempora represents a window on to their everyday lives, sucking up every form of communication from the fibre-optic cables that ring the world.

The NSA has meanwhile opened a second window, in the form of the Prism operation, revealed earlier this month by the Guardian, from which it secured access to the internal systems of global companies that service the internet.

The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.

This was done under secret agreements with commercial companies, described in one document as “intercept partners”.

The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned “sensitive relationship teams” and staff were urged in one internal guidance paper to disguise the origin of “special source” material in their reports for fear that the role of the companies as intercept partners would cause “high-level political fallout”.

The source with knowledge of intelligence said on Friday the companies were obliged to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.

“There’s an overarching condition of the licensing of the companies that they have to co-operate in this. Should they decline, we can compel them to do so. They have no choice.”

The source said that although GCHQ was collecting a “vast haystack of data” what they were looking for was “needles”.

“Essentially, we have a process that allows us to select a small number of needles in a haystack. We are not looking at every piece of straw. There are certain triggers that allow you to discard or not examine a lot of data so you are just looking at needles. If you had the impression we are reading millions of emails, we are not. There is no intention in this whole programme to use it for looking at UK domestic traffic – British people talking to each other,” the source said.

He explained that when such “needles” were found a log was made and the interception commissioner could see that log.

“The criteria are security, terror, organised crime. And economic well-being. There’s an auditing process to go back through the logs and see if it was justified or not. The vast majority of the data is discarded without being looked at … we simply don’t have the resources.”

However, the legitimacy of the operation is in doubt. According to GCHQ’s legal advice, it was given the go-ahead by applying old law to new technology. The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.

However, an obscure clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad. But the nature of modern fibre-optic communications means that a proportion of internal UK traffic is relayed abroad and then returns through the cables.

Parliament passed the Ripa law to allow GCHQ to trawl for information, but it did so 13 years ago with no inkling of the scale on which GCHQ would attempt to exploit the certificates, enabling it to gather and process data regardless of whether it belongs to identified targets.

The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ’s compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.

An indication of how broad the dragnet can be was laid bare in advice from GCHQ’s lawyers, who said it would be impossible to list the total number of people targeted because “this would be an infinite list which we couldn’t manage”.

There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: “So far they have always found in our favour”.

Historically, the spy agencies have intercepted international communications by focusing on microwave towers and satellites. The NSA’s intercept station at Menwith Hill in North Yorkshire played a leading role in this. One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: “Why can’t we collect all the signals all the time? Sounds like a good summer project for Menwith.”

By then, however, satellite interception accounted for only a small part of the network traffic. Most of it now travels on fibre-optic cables, and the UK’s position on the western edge of Europe gave it natural access to cables emerging from the Atlantic.

The data collected provides a powerful tool in the hands of the security agencies, enabling them to sift for evidence of serious crime. According to the source, it has allowed them to discover new techniques used by terrorists to avoid security checks and to identify terrorists planning atrocities. It has also been used against child exploitation networks and in the field of cyberdefence.

It was claimed on Friday that it directly led to the arrest and imprisonment of a cell in the Midlands who were planning co-ordinated attacks; to the arrest of five Luton-based individuals preparing acts of terror, and to the arrest of three London-based people planning attacks prior to the Olympics.

As the probes began to generate data, GCHQ set up a three-year trial at the GCHQ station in Bude, Cornwall. By the summer of 2011, GCHQ had probes attached to more than 200 internet links, each carrying data at 10 gigabits a second. “This is a massive amount of data!” as one internal slideshow put it. That summer, it brought NSA analysts into the Bude trials. In the autumn of 2011, it launched Tempora as a mainstream programme, shared with the Americans.

The intercept probes on the transatlantic cables gave GCHQ access to its special source exploitation. Tempora allowed the agency to set up internet buffers so it could not simply watch the data live but also store it – for three days in the case of content and 30 days for metadata.

“Internet buffers represent an exciting opportunity to get direct access to enormous amounts of GCHQ’s special source data,” one document explained.

The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to “selectors” – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is “content”, such as recordings of phone calls or the substance of email messages. The rest is metadata.

The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location, as well a search for ways to maintain the agency’s comparative advantage as the world’s leading communications companies increasingly route their cables through Asia to cut costs. Meanwhile, technical work is ongoing to expand GCHQ’s capacity to ingest data from new super cables carrying data at 100 gigabits a second. As one training slide told new users: “You are in an enviable position – have fun and make the most of it.”

Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball
The Guardian, Friday 21 June 2013 17.23 BST

Find this story at 21 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Data includes recordings of telephone calls, contents of emails, details of messages on social media and the history of internet use

Britain’s electronic eavesdropping centre, GCHQ, has started collecting data from the network of fibre-optic cables carrying the world’s telephone calls and internet traffic, it was reported tonight.

The massive programme of surveillance allows the agency to store vast volumes of information for up to 30 days which it can then study for evidence of terrorist and criminal activity.

The claims, in The Guardian, will provoke a fresh civil liberties storm following recent allegations that thousands of Britons could have been spied on by GCHQ through a covert link with the US National Security Agency (NSA).

According to the paper, the agency has been running Operation Tempora for 18 months under which it gains access to transatlantic cables carrying data about phone calls and internet use. It is said to share information gleaned from it with the NSA.

The data includes recordings of telephone calls, contents of emails, details of messages on social media and the history of internet use.

Documents seen by the paper suggest that by last year GCHQ was handling 600m “telephone events” each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 at a time.

A source told The Guardian that the eavesdropping allowed the security services to arrest three people planning attacks on last year’s London Olympics, as well as terrorist cells in the Midlands and Luton. It has also been used against child exploitation networks and to boost cyberdefence.

A GCHQ spokesman said: “It is longstanding practice that we do not comment on intelligence matters.”

He added: “GCHQ takes its obligations under the law very seriously. Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Intelligence and Security Committee.”

* Edward Snowden has been charged in his absence by US prosecutors with spying and theft of government property. The charges are included in sealed documents filed by prosecutors.

Nigel Morris
Saturday, 22 June 2013

Find this story at 22 June 2013

© independent.co.uk

Amid leaks from NSA whistleblower Edward Snowden, senior intelligence source reveals worries were voiced in 2008

GCHQ taps can intercept UK and US phone and internet traffic. Photograph: EPA

Senior figures inside British intelligence have been alarmed by GCHQ’s secret decision to tap into transatlantic cables in order to engage in the bulk interception of phone calls and internet traffic.

According to one source who has been directly involved in GCHQ operations, concerns were expressed when the project was being discussed internally in 2008: “We felt we were starting to overstep the mark with some of it. People from MI5 were complaining that they were going too far from a civil liberties perspective … We all had reservations about it, because we all thought: ‘If this was used against us, we wouldn’t stand a chance’.”

The Guardian revealed on Friday that GCHQ has placed more than 200 probes on transatlantic cables and is processing 600m “telephone events” a day as well as up to 39m gigabytes of internet traffic. Using a programme codenamed Tempora, it can store and analyse voice recordings, the content of emails, entries on Facebook, the use of websites as well as the “metadata” which records who has contacted who. The programme is shared with GCHQ’s American partner, the National Security Agency.

Interviews with the UK source and the NSA whistleblower Edward Snowden raise questions about whether the programme:

■ Exploits existing law which was passed by parliament without any anticipation that it would be used for this purpose.

■ For the first time allows GCHQ to process bulk internal UK traffic which is routed overseas via these cables.

■ Allows the NSA to engage in bulk intercepts of internal US traffic which would be forbidden in its own territory.

■ Functions with no effective oversight.

The key law is the Regulation of Investigatory Powers Act 2000, Ripa, which requires the home secretary or foreign secretary to sign warrants for the interception of the communications of defined targets. But the law also allows the foreign secretary to sign certificates that authorise GCHQ to trawl for broad categories of information on condition that one end of the communication is outside the UK.

According to the UK source: “Not so long ago, this was all about attaching crocodile clips to copper wires. And it was all about voice. Now, it’s about the internet – massive scale – but still using the same law that was devised for crocodile clips. Ripa was primarily designed for voice, not for this level of interception. They are going round Ripa. The legislation doesn’t exist for this. They are using old legislation and adapting it.”

The source claimed that even the conventional warrant system has been distorted – whereas police used to ask for a warrant before intercepting a target’s communications, they will now ask GCHQ to intercept the target’s communications and then use that information to seek a warrant.

There is a particular concern that the programme allows GCHQ to break the boundary which stopped it engaging in the bulk interception of internal UK communications. The Ripa requirement that one end of a communication must be outside the UK was a significant restriction when it was applied to phone calls using satellites, but it is no longer effective in the world of fibre-optic cables. “The point is that this is an island,” the source said. “Everything comes and goes – nearly everything – down fibre-optic cables. You make a mobile phone call, it goes to a mast and then down into a fibre-optic cable, under the ground and away. And even if the call is UK to UK, it’s very likely – because of the way the system is structured – to go out of the UK and come back in through these fibre-optic channels.”

Internet traffic is also liable to be routed internationally even if the message is exchanged between two people within the UK. “At one point, I was told that we were getting 85% of all UK domestic traffic – voice, internet, all of it – via these international cables.”

Last year, the government was mired in difficulty when it tried to pass a communications bill that became known as the “snoopers’ charter”, and would have allowed the bulk interception and storage of UK voice calls and internet traffic. The source says this debate was treated with some scepticism inside the intelligence community – “We’re sitting there, watching them debate the snoopers’ charter, thinking: ‘Well, GCHQ have been doing this for years’.”

There are similar concerns about the role of the NSA. It could have chosen to attach probes to the North American end of the cables and documents shown to the Guardian by Edward Snowden suggest that key elements of the Tempora filtering process were designed by the NSA. Instead, the NSA agency has exported its computer programs and 250 of its analysts to operate the system from the UK.

Initial inquiries by the Guardian have failed to explain why this has happened, but US legislators are likely to want to check whether the NSA has sought to bypass legal or policy requirements which restrict its activity in the US. This will be particularly sensitive if it is confirmed that Tempora is also analysing internal US traffic.

The UK source challenges the official justification for the programme; that it is necessary for the fight against terrorism and serious crime: “This is not scoring very high against those targets, because they are wise to the monitoring of their communications. If the terrorists are wise to it, why are we increasing the capability?

“The answer is that you can’t stop it. It is a self-fulfilling prophecy. The more we develop communications technology, the more they develop technology to intercept it. There was MS Chat – easy. Then Yahoo chat – did that, too. Then Facebook. Then Skype. Then Twitter. They keep catching up. It is good for us, but it is bad for us.”

It is clear from internal paperwork that GCHQ has created systems to restrain the use of this powerful tool and to ensure that its use complies not only with Ripa but also with the 1998 Human Rights Act, which requires essentially that the use of the data must be proportional to the crime or threat investigated. Defenders insist that the mass of data is heavily filtered by the programme so that only that relating to legitimate targets is analysed.

However, there are doubts about the effectiveness of this. First, according to the UK source, “written definitions for targeting and filtering are very elastic. They are wide open to interpretation.” The target areas defined by the Ripa certificates are secret.

Second, there is further room for interpretation when human analysts become involved in using the filtered intelligence to produce what are known as “contact chains”. “Here is target A. But who is A talking to? Now we’re into B and C and D.” If analysts believe it is proportional, they can look at all the traffic – content and metadata – relating to all of the target’s contact.” GCHQ audits a sample of its analysts’ work – believed to be 5% every six months – but even the statistical results of these audits are also secret.

Beyond the detail of the operation of the programme, there is a larger, long-term anxiety, clearly expressed by the UK source: “If there was the wrong political change, it could be very dangerous. All you need is to have the wrong government in place. It is capable of abuse because there is no independent scrutiny.”

Nick Davies
The Observer, Saturday 22 June 2013 20.18 BST

Find this story at 22 June 2013
© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Leaked documents reveal Russian president was spied on during visit, as questions are raised over use of US base in Britain

US spies intercepted communications of the then Russian president, Dmitry Medvedev, during a G20 summit in London. Photograph: Alexander Zemlianichenko/AP

American spies based in the UK intercepted the top-secret communications of the then Russian president, Dmitry Medvedev, during his visit to Britain for the G20 summit in London, leaked documents reveal.

The details of the intercept were set out in a briefing prepared by the National Security Agency (NSA), America’s biggest surveillance and eavesdropping organisation, and shared with high-ranking officials from Britain, Australia, Canada and New Zealand.

The document, leaked by the NSA whistleblower Edward Snowden and seen by the Guardian, shows the agency believed it might have discovered “a change in the way Russian leadership signals have been normally transmitted”.

The disclosure underlines the importance of the US spy hub at RAF Menwith Hill in Harrogate, North Yorkshire, where hundreds of NSA analysts are based, working alongside liaison officers from GCHQ.

The document was drafted in August 2009, four months after the visit by Medvedev, who joined other world leaders in London, including the US president, Barack Obama, for the event hosted by the British prime minister, Gordon Brown.

Medvedev arrived in London on Wednesday 1 April and the NSA intercepted communications from his delegation the same day, according to the NSA paper, entitled: “Russian Leadership Communications in support of President Dmitry Medvedev at the G20 summit in London – Intercept at Menwith Hill station.”

The document starts with two pictures of Medvedev smiling for the world’s media alongside Brown and Obama in bilateral discussions before the main summit.
RAF Menwith Hill in North Yorkshire. Photograph: Nigel Roddis/Reuters

The report says: “This is an analysis of signal activity in support of President Dmitry Medvedev’s visit to London. The report details a change in the way Russian leadership signals have been normally transmitted. The signal activity was found to be emanating from the Russian embassy in London and the communications are believed to be in support of the Russian president.”

The NSA interception of the Russian leadership at G20 came hours after Obama and Medvedev had met for the first time. Relations between the two leaders had been smoothed in the runup to the summit with a series of phone calls and letters, with both men wanting to establish a trusting relationship to discuss the ongoing banking crisis and nuclear disarmament.

In the aftermath of their discussions on 1 April, the two men issued a joint communique saying they intended to “move further along the path of reducing and limiting strategic offensive arms in accordance with the treaty on the non-proliferation of nuclear weapons”.

A White House official who briefed journalists described the meeting as “a very successful first meeting focused on real issues”. The official said it had been important for the men to be open about the issues on which they agreed and disagreed. Obama had stressed the need to be candid, the official noted.

While it has been widely known the two countries spy on each other, it is rare for either to be caught in the act; the latest disclosures will also be deeply embarrassing for the White House as Obama prepares to meet Vladimir Putin, who succeeded Medvedev as president, in the margins of the G8 summit this week.

The two countries have long complained about the extent of each other’s espionage activities, and tit-for-tat expulsions of diplomats are common. A year after Obama met Medvedev, the US claimed it had broken a highly sophisticated spy ring that carried out “deep cover” assignments in the US.

Ten alleged Russian spies living in America were arrested.

Putin was withering of the FBI-led operation: “I see that your police have let themselves go and put some people in jail, but I guess that is their job. I hope the positive trend that we have seen develop in our bilateral relations recently will not be harmed by these events.” Last month, the Russians arrested an American in Moscow who they alleged was a CIA agent.

The new revelations underline the significance of RAF Menwith Hill and raise questions about its relationship to the British intelligence agencies, and who is responsible for overseeing it. The 560-acre site was leased to the Americans in 1954 and the NSA has had a large presence there since 1966.

It has often been described as the biggest surveillance and interception facility in the world, and has 33 distinct white “radomes” that house satellite dishes. A US base in all but name, it has British intelligence analysts seconded to work alongside NSA colleagues, though it is unclear how the two agencies obtain and share intelligence – and under whose legal authority they are working under.

Ewen MacAskill, Nick Davies, Nick Hopkins, Julian Borger and James Ball
The Guardian, Monday 17 June 2013

Find this story at 17 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Exclusive: phones were monitored and fake internet cafes set up to gather information from allies in London in 2009

Documents uncovered by the NSA whistleblower, Edward Snowden, reveal surveillance of G20 delegates’ emails and BlackBerrys. Photograph: Guardian

Foreign politicians and officials who took part in two G20 summit meetings in London in 2009 had their computers monitored and their phone calls intercepted on the instructions of their British government hosts, according to documents seen by the Guardian. Some delegates were tricked into using internet cafes which had been set up by British intelligence agencies to read their email traffic.

The revelation comes as Britain prepares to host another summit on Monday – for the G8 nations, all of whom attended the 2009 meetings which were the object of the systematic spying. It is likely to lead to some tension among visiting delegates who will want the prime minister to explain whether they were targets in 2009 and whether the exercise is to be repeated this week.

The disclosure raises new questions about the boundaries of surveillance by GCHQ and its American sister organisation, the National Security Agency, whose access to phone records and internet data has been defended as necessary in the fight against terrorism and serious crime. The G20 spying appears to have been organised for the more mundane purpose of securing an advantage in meetings. Named targets include long-standing allies such as South Africa and Turkey.

There have often been rumours of this kind of espionage at international conferences, but it is highly unusual for hard evidence to confirm it and spell out the detail. The evidence is contained in documents – classified as top secret – which were uncovered by the NSA whistleblower Edward Snowden and seen by the Guardian. They reveal that during G20 meetings in April and September 2009 GCHQ used what one document calls “ground-breaking intelligence capabilities” to intercept the communications of visiting delegations.

This included:

• Setting up internet cafes where they used an email interception programme and key-logging software to spy on delegates’ use of computers;

• Penetrating the security on delegates’ BlackBerrys to monitor their email messages and phone calls;

• Supplying 45 analysts with a live round-the-clock summary of who was phoning who at the summit;

• Targeting the Turkish finance minister and possibly 15 others in his party;

• Receiving reports from an NSA attempt to eavesdrop on the Russian leader, Dmitry Medvedev, as his phone calls passed through satellite links to Moscow.

The documents suggest that the operation was sanctioned in principle at a senior level in the government of the then prime minister, Gordon Brown, and that intelligence, including briefings for visiting delegates, was passed to British ministers.

A briefing paper dated 20 January 2009 records advice given by GCHQ officials to their director, Sir Iain Lobban, who was planning to meet the then foreign secretary, David Miliband. The officials summarised Brown’s aims for the meeting of G20 heads of state due to begin on 2 April, which was attempting to deal with the economic aftermath of the 2008 banking crisis. The briefing paper added: “The GCHQ intent is to ensure that intelligence relevant to HMG’s desired outcomes for its presidency of the G20 reaches customers at the right time and in a form which allows them to make full use of it.” Two documents explicitly refer to the intelligence product being passed to “ministers”.
One of the GCHQ documents. Photograph: Guardian

According to the material seen by the Guardian, GCHQ generated this product by attacking both the computers and the telephones of delegates.

One document refers to a tactic which was “used a lot in recent UK conference, eg G20”. The tactic, which is identified by an internal codeword which the Guardian is not revealing, is defined in an internal glossary as “active collection against an email account that acquires mail messages without removing them from the remote server”. A PowerPoint slide explains that this means “reading people’s email before/as they do”.

The same document also refers to GCHQ, MI6 and others setting up internet cafes which “were able to extract key logging info, providing creds for delegates, meaning we have sustained intelligence options against them even after conference has finished”. This appears to be a reference to acquiring delegates’ online login details.

Another document summarises a sustained campaign to penetrate South African computers, recording that they gained access to the network of their foreign ministry, “investigated phone lines used by High Commission in London” and “retrieved documents including briefings for South African delegates to G20 and G8 meetings”. (South Africa is a member of the G20 group and has observer status at G8 meetings.)
Another excerpt from the GCHQ documents. Photograph: Guardian

A detailed report records the efforts of the NSA’s intercept specialists at Menwith Hill in North Yorkshire to target and decode encrypted phone calls from London to Moscow which were made by the Russian president, Dmitry Medvedev, and other Russian delegates.

Other documents record apparently successful efforts to penetrate the security of BlackBerry smartphones: “New converged events capabilities against BlackBerry provided advance copies of G20 briefings to ministers … Diplomatic targets from all nations have an MO of using smartphones. Exploited this use at the G20 meetings last year.”

The operation appears to have run for at least six months. One document records that in March 2009 – the month before the heads of state meeting – GCHQ was working on an official requirement to “deliver a live dynamically updating graph of telephony call records for target G20 delegates … and continuing until G20 (2 April).”

Another document records that when G20 finance ministers met in London in September, GCHQ again took advantage of the occasion to spy on delegates, identifying the Turkish finance minister, Mehmet Simsek, as a target and listing 15 other junior ministers and officials in his delegation as “possible targets”. As with the other G20 spying, there is no suggestion that Simsek and his party were involved in any kind of criminal offence. The document explicitly records a political objective – “to establish Turkey’s position on agreements from the April London summit” and their “willingness (or not) to co-operate with the rest of the G20 nations”.

The September meeting of finance ministers was also the subject of a new technique to provide a live report on any telephone call made by delegates and to display all of the activity on a graphic which was projected on to the 15-sq-metre video wall of GCHQ’s operations centre as well as on to the screens of 45 specialist analysts who were monitoring the delegates.

“For the first time, analysts had a live picture of who was talking to who that updated constantly and automatically,” according to an internal review.

A second review implies that the analysts’ findings were being relayed rapidly to British representatives in the G20 meetings, a negotiating advantage of which their allies and opposite numbers may not have been aware: “In a live situation such as this, intelligence received may be used to influence events on the ground taking place just minutes or hours later. This means that it is not sufficient to mine call records afterwards – real-time tip-off is essential.”

In the week after the September meeting, a group of analysts sent an internal message to the GCHQ section which had organised this live monitoring: “Thank you very much for getting the application ready for the G20 finance meeting last weekend … The call records activity pilot was very successful and was well received as a current indicator of delegate activity …

“It proved useful to note which nation delegation was active during the moments before, during and after the summit. All in all, a very successful weekend with the delegation telephony plot.”

Ewen MacAskill, Nick Davies, Nick Hopkins, Julian Borger and James Ball
The Guardian, Monday 17 June 2013

Find this story at 17 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Top-secret document, prepared by GCHQ, contained proposals to target Commonwealth allies at heads of government summit

The Queen and Commonwealth leaders at the heads of government summit in Trinidad. Photograph: Luis Acosta/AFP/Getty Images

UK intelligence agencies planned to spy on delegates to the Commonwealth heads of government meeting in 2009, including being asked to obtain information to give UK ministers an advantage in talks with their Commonwealth counterparts, according to a top-secret document seen by the Guardian.

The meeting, which takes place every two years, was held in Trinidad in 2009. The UK delegation was headed by the Queen, with Prince Philip also in attendance, along with Gordon Brown, the then prime minister, David Miliband, then foreign secretary, and Douglas Alexander, then international development secretary.

A page from an internal top-secret intranet of GCHQ, shared with the NSA, discovered by the 29-year-old whistleblower Edward Snowden and seen by the Guardian, shows a list of “key intelligence requirements” set out for the summit.

Alongside notes to check for threats against the security of the UK delegation during the visit, the document lists “Intelligence to inform UK senior’s [sic] Bi-lats”, “Initelligence [sic] on South Africa’s views on Zimbabwe prior to Brown/Zuma meeting” and “climate change reporting”.

The revelation that UK intelligence agencies made plans to target ministers and officials from Commonwealth countries, as well as the targeting of G20 officials disclosed elsewhere, is likely to raise tensions among the Commonwealth nations, who may seek clarity over whether their officials were bugged, and if so to what extent.

The note, which was prepared in advance of the meeting, also sets out a schedule for different UK agencies to set up their activities in Trinidad. MI6 were tasked to set up several days before the event, with GCHQ’s operation beginning with the arrival of delegates. The Guardian is not publishing the original document as it contains logistical details and some limited references to personnel.

The 2009 Commonwealth meeting, which was also attended by Nicolas Sarkozy, then president of France, appears to have been the first time MI6 – formally known as SIS, or the Secret Intelligence Service – had been asked to gather intelligence from a Commonwealth heads of government gathering.

“SIS have no past history of targeting this meeting,” the document notes in an explanation of why operations might be limited in their scope.

As it was prepared in advance of the Commonwealth meeting, the memo does not confirm to what extent surveillance was carried out, or even whether planned operations actually took place.

However, it does stress to agency staff that “we will be measured on our ability to deliver”.

The memo also shows that the agencies were preparing to brief senior ministers, and the prime minister, during the conference.

The memo noted that Lady Kinnock was available for briefings from 25 to 29 November, David Miliband could be briefed from 26 to 29 November, and Gordon Brown on 29 November only.

There is no indication as to whether the briefings actually took place, or whether the ministers were aware of the security services’ plans for the summit.

Ewen MacAskill, Nick Davies, Nick Hopkins, Julian Borger and James Ball
The Guardian, Sunday 16 June 2013 20.47 BST

Find this story at 16 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

NSA Director Keith Alexander says his agency’s analysts, which until recently included Edward Snowden among their ranks, take protecting “civil liberties and privacy and the security of this nation to their heart every day.”
(Credit: Getty Images)

The National Security Agency has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls, a participant in the briefing said.

Rep. Jerrold Nadler, a New York Democrat, disclosed on Thursday that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed “simply based on an analyst deciding that.”

If the NSA wants “to listen to the phone,” an analyst’s decision is sufficient, without any other legal authorization required, Nadler said he learned. “I was rather startled,” said Nadler, an attorney and congressman who serves on the House Judiciary committee.

Not only does this disclosure shed more light on how the NSA’s formidable eavesdropping apparatus works domestically, it also suggests the Justice Department has secretly interpreted federal surveillance law to permit thousands of low-ranking analysts to eavesdrop on phone calls.

James Owens, a spokesman for Nadler, provided a statement on Sunday morning, a day after this article was published, saying: “I am pleased that the administration has reiterated that, as I have always believed, the NSA cannot listen to the content of Americans’ phone calls without a specific warrant.” Owens said he couldn’t comment on what assurances from the Obama administration Nadler was referring to, and said Nadler was unavailable for an interview. (CNET had contacted Nadler for comment on Friday.)

Because the same legal standards that apply to phone calls also apply to e-mail messages, text messages, and instant messages, being able to listen to phone calls would mean the NSA analysts could also access the contents of Internet communications without going before a court and seeking approval.

Nadler’s initial statement appears to confirm some of the allegations made by Edward Snowden, a former NSA infrastructure analyst who leaked classified documents to the Guardian. Snowden said in a video interview that, while not all NSA analysts had this ability, he could from Hawaii “wiretap anyone from you or your accountant to a federal judge to even the president.”

There are serious “constitutional problems” with this approach, said Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation who has litigated warrantless wiretapping cases. “It epitomizes the problem of secret laws.”

The NSA declined to comment to CNET. (This is unrelated to the disclosure that the NSA is currently collecting records of the metadata of all domestic Verizon calls, but not the actual contents of the conversations.)

Director of National Intelligence James Clapper released a statement on Sunday saying: “The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress.” Clapper’s statement did not elaborate, however, on what “proper” authorization would be. Some reports have suggested that permission from a “shift supervisor” would also be required.

The Washington Post disclosed Saturday that the existence of a top-secret NSA program called NUCLEON, which “intercepts telephone calls and routes the spoken words” to a database. Top intelligence officials in the Obama administration, the Post said, “have resolutely refused to offer an estimate of the number of Americans whose calls or e-mails have thus made their way into content databases such as NUCLEON.”

A portion of the NSA’s mammoth data center in Bluffdale, Utah, scheduled to open this fall.
(Credit: Getty Images)

Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls — in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established “listening posts” that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, “whether they originate within the country or overseas.” That includes not just metadata, but also the contents of the communications.

William Binney, a former NSA technical director who helped to modernize the agency’s worldwide eavesdropping network, told the Daily Caller this week that the NSA records the phone calls of 500,000 to 1 million people who are on its so-called target list, and perhaps even more. “They look through these phone numbers and they target those and that’s what they record,” Binney said.

Brewster Kahle, a computer engineer who founded the Internet Archive, has vast experience storing large amounts of data. He created a spreadsheet this week estimating that the cost to store all domestic phone calls a year in cloud storage for data-mining purposes would be about $27 million per year, not counting the cost of extra security for a top-secret program and security clearances for the people involved.

NSA’s annual budget is classified but is estimated to be around $10 billion.

Documents that came to light in an EFF lawsuit provide some insight into how the spy agency vacuums up data from telecommunications companies. Mark Klein, who worked as an AT&T technician for over 22 years, disclosed in 2006 (PDF) that he witnessed domestic voice and Internet traffic being surreptitiously “diverted” through a “splitter cabinet” to secure room 641A in one of the company’s San Francisco facilities. The room was accessible only to NSA-cleared technicians.

AT&T and other telecommunications companies that allow the NSA to tap into their fiber links receive absolute immunity from civil liability or criminal prosecution, thanks to a law that Congress enacted in 2008 and renewed in 2012. It’s a series of amendments to the Foreign Intelligence Surveillance Act, also known as the FISA Amendments Act.

That law says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court, as long as minimization requirements and general procedures blessed by the court are followed.

A requirement of the 2008 law is that the NSA “may not intentionally target any person known at the time of acquisition to be located in the United States.” A possible interpretation of that language, some legal experts said, is that the agency may vacuum up everything it can domestically — on the theory that indiscriminate data acquisition was not intended to “target” a specific American citizen.

Rep. Jerrold Nadler, an attorney and member of the House Judiciary committee, who said he was “startled” to learn that NSA analysts could eavesdrop on domestic calls without court authorization.
(Credit: Getty Images)

Rep. Nadler’s statement that NSA analysts can listen to calls without court orders came during a House Judiciary hearing on June 13 that included FBI director Robert Mueller as a witness.

Mueller initially sought to downplay concerns about NSA surveillance by claiming that, to listen to a phone call, the government would need to seek “a special, a particularized order from the FISA court directed at that particular phone of that particular individual.”

Is information about that procedure “classified in any way?” Nadler asked.

“I don’t think so,” Mueller replied.

“Then I can say the following,” Nadler said. “We heard precisely the opposite at the briefing the other day. We heard precisely that you could get the specific information from that telephone simply based on an analyst deciding that…In other words, what you just said is incorrect. So there’s a conflict.”

Sen. Dianne Feinstein (D-Calif.), the head of the Senate Intelligence committee, separately acknowledged that the agency’s analysts have the ability to access the “content of a call.”

Rep. Mike Rogers (R-Mich.), the head of the House Intelligence committee, told CNN on Sunday that the NSA “is not listening to Americans’ phone calls” or monitoring their e-mails, and any statements to the contrary are “misinformation.” It would be “illegal” for the NSA to do that, Rogers said.

Sen. Dianne Feinstein, chair of the Senate Intelligence committee, acknowledged this week that NSA analysts have the ability to access the “content of a call.”
(Credit: Getty Images)

Director of National Intelligence Michael McConnell indicated during a House Intelligence hearing in 2007 that the NSA’s surveillance process involves “billions” of bulk communications being intercepted, analyzed, and incorporated into a database.

They can be accessed by an analyst who’s part of the NSA’s “workforce of thousands of people” who are “trained” annually in minimization procedures, he said. (McConnell, who had previously worked as the director of the NSA, is now vice chairman at Booz Allen Hamilton, Snowden’s former employer.)

If it were “a U.S. person inside the United States, now that would stimulate the system to get a warrant,” McConnell told the committee. “And that is how the process would work. Now, if you have foreign intelligence data, you publish it [inside the federal government]. Because it has foreign intelligence value.”

McConnell said during a separate congressional appearance around the same time that he believed the president had the constitutional authority, no matter what the law actually says, to order domestic spying without warrants.

Former FBI counterterrorism agent Tim Clemente told CNN last month that, in national security investigations, the bureau can access records of a previously made telephone call. “All of that stuff is being captured as we speak whether we know it or like it or not,” he said. Clemente added in an appearance the next day that, thanks to the “intelligence community” — an apparent reference to the NSA — “there’s a way to look at digital communications in the past.”

NSA Director Keith Alexander said on June 12 that his agency’s analysts abide by the law: “They do this lawfully. They take compliance oversight, protecting civil liberties and privacy and the security of this nation to their heart every day.”

But that’s not always the case. A New York Times article in 2009 revealed the NSA engaged in significant and systemic “overcollection” of Americans’ domestic communications that alarmed intelligence officials. The Justice Department said in a statement at the time that it “took comprehensive steps to correct the situation and bring the program into compliance” with the law.

Jameel Jaffer, director of the ACLU’s Center for Democracy, says he was surprised to see the 2008 FISA Amendments Act be used to vacuum up information on American citizens. “Everyone who voted for the statute thought it was about international communications,” he said.

Update, June 16 at 10:45 p.m. PT: Adds one paragraph with a statement provided by Director of National Intelligence James Clapper.

Update, June 16 at 11:15 a.m. PT: The original headline when the story was published Saturday was “NSA admits listening to U.S. phone calls without warrants,” which was changed to “NSA spying flap extends to contents of U.S. phone calls,” to better match the story. The first paragraph was changed to add attribution to Rep. Nadler. Also added was an additional statement that the congressman’s aide sent this morning, an excerpt from a Washington Post story on NSA phone call content surveillance that appeared Saturday, and remarks that Rep. Rogers made on CNN this morning.

by Declan McCullagh | June 15, 2013 4:39 PM PDT

Find this story at 15 June 2013

© CBS Interactive Inc.

The controversy involving Edward Snowden and the National Security Agency (NSA) leaks has drawn attention to the fact that most analysis of the government’s intelligence data is performed by private contractors, not government employees.

When it comes to examining and deciphering the enormous volumes of communications collected by the NSA, it’s companies like SAIC, CSC and Booz Allen Hamilton that do much of the work.

Snowden was just one of thousands of private contractor employees helping operate the NSA’s vast operation of finding threats before they manifest.

Tim Shorrock, author of Spies for Hire: The Secret World of Intelligence Outsourcing, estimates that about 70% of the federal government’s intelligence budgets are spent on the private sector.

Shorrock says if the 70% figure is applied to the NSA’s estimated budget (the official figure is classified) of $8 billion a year (the largest in the intelligence community), NSA could be spending as much as $6 billion on contractors.

Michael V. Hayden, former director of both the NSA and the Central Intelligence Agency, has said that “the largest concentration of cyber power on the planet” is located just down the street from NSA headquarters in Maryland. More specifically, he meant at the intersection of the Baltimore Parkway and Maryland Route 32, which is where all of NSA’s major contractors, from Booz to Northrop Grumman, carry out their surveillance and intelligence work for the agency.

With so many companies taking part in America’s spying activity, it is no wonder that private sector workers hold about 22% of all U.S. government security clearances and about 29% of top secret security clearances.

The Obama administration promised four years ago to substantially reduce this figure and put more of this highly sensitive work back in the hands of federal employees.

That hasn’t happened yet.

June 15, 2013 – Nth America – Tagged: 1984, corporatocracy, NSA, PRISM, US

By allgov.com

Find this story at 15 June 2013

As the Justice Department prepares to file charges against Booz Allen Hamilton employee Edward Snowden for leaking classified documents about the National Security Agency, the role of private intelligence firms has entered the national spotlight. Despite being on the job as a contract worker inside the NSA’s Hawaii office for less than three months, Snowden claimed he had power to spy on almost anyone in the country. “I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant to a federal judge, to even the president, if I had a personal email,” Snowden told The Guardian newspaper. Over the past decade, the U.S. intelligence community has relied increasingly on the technical expertise of private firms such as Booz Allen, SAIC, the Boeing subsidiary Narus and Northrop Grumman. About 70 percent of the national intelligence budget is now spent on the private sector. Former NSA Director Michael V. Hayden has described these firms as a quote “digital Blackwater.” We speak to Tim Shorrock, author of the book “Spies for Hire: The Secret World of Outsourced Intelligence.”
Transcript

This is a rush transcript. Copy may not be in its final form.

AARON MATÉ: The U.S. government has begun the process of charging Edward Snowden with disclosing classified information after he leaked a trove of secret documents outlining the NSA’s surveillance programs. The FBI has already questioned Snowden’s relatives and associates. Snowden is a 29-year-old computer technician who formerly worked for the CIA. He reportedly turned over thousands of documents to Glenn Greenwald of The Guardian newspaper, as well as to The Washington Post. Only a few have been published so far. His current whereabouts are unknown. Snowden flew from Hawaii to Hong Kong on May 20th. On Monday, he reportedly checked out of his Hong Kong hotel one day after The Guardian posted a video of him explaining his decision to leak the information.

AMY GOODMAN: Response to Edward Snowden’s actions has been mixed. On Capitol Hill, Senator Dianne Feinstein accused Snowden of committing treason. Meanwhile, Pentagon Papers whistleblower Daniel Ellsberg called Snowden a hero, writing, quote, “In my estimation, there has not been in American history a more important leak than Edward Snowden’s release of NSA material—and that definitely includes the Pentagon Papers 40 years ago,” he said. The founder of WikiLeaks, Julian Assange, has also praised Edward Snowden.

JULIAN ASSANGE: Edward Snowden is a hero who has informed the public about one of the most serious, serious events of the decade, which is the creeping formulation of a mass surveillance state that has now coopted the courts, corrupted the courts in the United States, made them secret, made them produce orders which violate U.S. constitutional protections to nearly the entire population, and then, if that wasn’t enough, has embroiled U.S. high-tech companies like Google, Yahoo!, Skype, Facebook, etc., to extend that surveillance all across the world—the amount of collections from the United States alone revealed to be more than 2.4 billion in the month of March alone. And that is something that I and John Perry Barlow and many other journalists and civil libertarians have been campaigning on for a long time, so it’s very pleasing to see such clear and concrete proof presented to the public.

AMY GOODMAN: Julian Assange speaking on Sky News. Up until a few weeks ago, Edward Snowden worked as a systems administrator inside the NSA’s office in Hawaii. His employer was not the U.S. government, but a military contractor called Booz Allen Hamilton. Over the past decade, the U.S. intelligence community has relied increasingly on the technical expertise of private firms such as Booz Allen, SAIC, the Boeing subsidiary Narus and Northrop Grumman. Former NSA director Michael V. Hayden has described these firms as a, quote, “digital Blackwater.” According to the journalist Tim Shorrock, about 70 percent of the national intelligence budget is spent on the private sector.

AARON MATÉ: The leaks by Edward Snowden have also raised questions over who has access to the nation’s biggest secrets. According to The Washington Post, authorities are unsure how a contract employee at a distant NSA satellite office was able to obtain a highly classified copy of an order from the Foreign Intelligence Surveillance Court. During his interview with The Guardian, Edward Snowden claimed he had the power to spy on anyone, including the president.

EDWARD SNOWDEN: Any analyst at any time can target anyone, any selector anywhere. Where those communications will be picked up depends on the range of the sensor networks and the authorities that that analyst is empowered with. Not all analysts have the ability to target everything. But I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant to a federal judge, to even the president, if I had a personal email.

AMY GOODMAN: To talk more about Edward Snowden and the privatized world of intelligence, we’re joined by Tim Shorrock, author of the book Spies for Hire: The Secret World of Outsourced Intelligence . He has just written a piece for Salon.com entitled “Meet the Contractors Analyzing Your Private Data: Private Companies Are Getting Rich Probing Your Personal Information for the Government. Call It Digital Blackwater.” In fact, Tim Shorrock, explain who exactly called it “digital Blackwater.”

TIM SHORROCK: Well, this was said by Michael V. Hayden, who used to be the director of the NSA and was the director of the NSA when President Bush began the warrantless surveillance program back in 2001 right after 9/11. He has moved on from intelligence, the intelligence agencies, to become an executive with Chertoff Group, which is a large consulting company in Washington that works very closely with intelligence agencies and corporations advising them on cybersecurity and advising them on just basically security issues. And so, you know, he has cashed himself in and is making lots of money himself in this industry.

AMY GOODMAN: Let’s go to the former NSA and CIA director, General Michael Hayden, who, as you said, oversaw much of the privatization of the NSA from 1999 to 2005. This is him speaking in 2011.

MICHAEL HAYDEN: We may come to a point where defense is more actively and aggressively defined even for the—even for the private sector and what is permitted there is something we would never let the private sector do in physical space.

UNIDENTIFIED: That’s interesting.

MICHAEL HAYDEN: I mean, you look—well, I mean, let me really throw out a bumper sticker for you here: How about a digital Blackwater? OK? I mean, we have privatized certain defense activities, even in physical space. And now you’ve got a new domain in which we don’t have any paths trampled down in the forest in terms of what it is we expect the government or will allow the government to do. And in the past, in our history, when that has happened, private sector expands to fill the empty space. I’m not quite an advocate for that, but these are the kinds of things that are going to be put into play here very, very quickly.

AMY GOODMAN: That was the former head of the CIA and the NSA, General Michael Hayden. Tim Shorrock, talk about Booz Allen, Booz Allen Hamilton, and Edward Snowden and what this relationship is all about between Booz Allen and the NSA.

TIM SHORROCK: Well, the most astonishing thing I found in the articles in The Guardian and the revelation that he was from Booz Allen was that, in fact, Booz Allen Hamilton is involved at the—basically the darkest levels, the deepest levels of U.S. intelligence. If Mr. Snowden had access to these kinds of documents, such as these PRISM documents about surveillance on the Internet, as well as this FISA court order, that means practically anyone in Booz Allen who is in intelligence working for the NSA has access to the same kinds of documents. And American people should really know that now we have conclusive proof that these private-sector corporations are operating at the highest levels of intelligence and the military. I think that’s the bottom line here. It’s not curious—you know, the question is not why this low-level person at Booz Allen got these documents; the question is: Why is Booz Allen involved at this level of intelligence?

AARON MATÉ: Tim Shorrock, so, according to The New York Times, it’s gone so far that even the process of granting security clearances is often handled by contractors. So, can you talk about the duties that contractors are performing for the government on these intelligence matters?

TIM SHORROCK: Well, first of all, I want to comment on some of these stories in The New York Times and other newspapers. I mean, that’s an old story. Everyone knows that, you know, the security clearances is done by contractors. That’s been true for a decade or more. And, you know, Booz Allen has been around for years and years and years. The question is: Why haven’t these newspapers covered this? They cover intelligence as if there’s no private-sector involvement at all. And suddenly, they hear that Booz Allen is involved, and suddenly we have all these stream of articles about privatized intelligence. Well, welcome to the world of “digital Blackwater,” as Hayden calls it.

And, you know, specifically on Booz Allen and what these companies do, I mean, you know, they—as I wrote in my book, Spies for Hire, they do everything from, you know, CIA intervention in other countries; JSOC, you know, when it does raids, contractors are involved in finding out where people they attack are and determining the mapping and all that and the imagery to make sure that pilots and drones can hit the right people—or the wrong people. And they’re involved in the Defense Intelligence Agency. They’re involved in all military agencies that do intelligence. They do everything. They do everything that the government does.

AMY GOODMAN: What’s wrong with that?

TIM SHORROCK: What’s wrong with that is that it’s a for-profit operation. Many times, you have—inside these agencies, you have contractors overseeing other contractors, contractors, you know, giving advice to the agency about how to set its policies, what kind of technology to buy. And, of course, they have relationships with all the companies that they work with or that they suggest to the leaders of U.S. intelligence.

And I think, you know, a terrible example of this is, you know, a few months ago, I wrote a cover story for The Nation magazine about the NSA whistleblowers that you’ve had on this show a few times—Tom Drake, Bill Binney and the other two—and, you know, they blew the whistle on a huge project called Trailblazer that was contracted out to SAIC that was a complete failure. And this project was designed, from the beginning, by Booz Allen, Northrop Grumman and a couple other corporations who advised the NSA about how to acquire this project, and then decided amongst themselves to give it to SAIC, and then SAIC promised the skies and never produced anything, and the project was finally canceled in 2005.

And it’s very ironic that Michael Hayden says he’s not sure about, you know, this privatization. I mean, he’s the one who set this whole privatization in place. He’s the one who did it. He’s the one who pulled the trigger on it. And he’s responsible for this vast privatization of NSA, which, I have to say, began before 9/11.

AMY GOODMAN: Can you talk about Booz Allen Hamilton in terms of its other clients? Here it has this remarkable access to information. You know, as Edward Snowden said in his video statement, which we ran yesterday on Democracy Now!, he could wiretap almost anyone, at his level, and that a lot of people could. The information that people like Snowden get, can Booz Allen then share this information with other corporate clients it has?

TIM SHORROCK: Well, I don’t know that for sure, because it’s very difficult to penetrate these companies, but I don’t think so. I think what they do is they operate just like the intelligence community does, like the—you know, the NSA shares the information with other agencies. Of course, the NSA collects, is the main collector for the government in terms of signals intelligence, what comes over the Internet and telephone and cellphones and all that, and they pass that on to other agencies that request it. It goes to the president of the United States. It goes—it goes to all the high levels of the State Department and other agencies that need to know what’s going on both around the world and inside the United States. And so, I doubt that they would pass it to other corporations, but they certainly have their hands in it.

And I think if Booz Allen Hamilton is doing this and has access to such high-level documents, then you know that these other companies do, too—SAIC, Northrop Grumman, all of the companies you named at the top of the show. They have the same kinds of access, and they do—they do very much the same kinds of work that Booz Allen does. And I think it’s—like I said before, it’s just about time we recognized that this is really, you know, Intelligence Inc. This is a—you know, 70 percent of it is a for-profit operation. It’s a joint venture between government agencies and the private sector, and the private sector makes money off of it. They make big profits from this.

AARON MATÉ: Tim, I’m wondering if you can talk about some more—about these companies, specifically Narus and Palantir.

TIM SHORROCK: Well, Narus is the company that basically makes the technology that allows agencies, as well as corporations and telecom companies, to intercept traffic coming in, telecom traffic coming in, you know, from the outside, from other countries, on fiber-optic cables. And they have this incredible capacity to process information. And, you know, a few year—right after—you know, when this story started blowing up in the—after The New York Times blew the story on surveillance, warrantless surveillance, you know, there was this whistleblower at AT&T, this technician, who found that Narus equipment had been attached to AT&T’s switching center in San Francisco, and they were using this equipment to divert the entire—the entire traffic, all the whole—the whole—everything that was coming in, they diverted that to a secret room, and that went right into the NSA’s servers.

AMY GOODMAN: That was Mark Klein.

TIM SHORROCK: And those—that’s what Narus—that’s what Narus technology does. And so, you know, that’s the key—

AMY GOODMAN: And Narus is owned by Boeing?

TIM SHORROCK: Boeing. It was bought by Boeing. It was actually—the company originated, actually, in Israel. You know, Israel has a very powerful equivalent to the National Security Agency. And it came out of—it came out of Israel, and then they brought their technology here, and they were very involved in the wiretapping right after—right after 9/11. And then Boeing bought them. And, of course, Boeing itself is a major intelligence contractor, through that company, and, you know, they used to—they own a company that used to transport a lot of these prisoners around that the CIA captured overseas.

AMY GOODMAN: And Palantir?

TIM SHORROCK: And you asked about—you asked about Palantir. It’s a Silicon Valley company that basically does data mining and mapping out relationships. I mean, all this—as I said in the Salon article yesterday, all this information and all this data that comes into the NSA has to be analyzed, and that’s what these companies they do that they hire. You know, they take—you know, NSA stores all this data. We know the story about this big Utah data center that’s just about to open. And they download it all there, and then they can go back to it. They can go back to it a day later, or they can go back to it months later or years later. And that’s one of the things that Mr. Snowden talked about in his interviews, was how they go back and analyze this data.

AMY GOODMAN: I wanted to ask you about The Guardian in its reports calling the NSA contractor Edward Snowden, who fed them information, “whistleblower.” But the Associated Press says it would instead use terms like “source” or “leaker.” In a memo sent to reporters, it said, quote, “A whistle-blower is a person who exposes wrongdoing. It’s not a person who simply asserts that what he has uncovered is illegal or immoral. Whether the actions exposed by Snowden and [Bradley] Manning constitute wrongdoing is hotly contested. … Sometimes whether a person is a whistle-blower can be established only some time after the revelations, depending on what wrongdoing is confirmed or how public opinion eventually develops,” unquote. What do you make of what the AP is saying? I mean, of course, they change their—their definitions over time. We just saw them drop the word “illegal” when it comes to describing people.

TIM SHORROCK: Well, I think it’s kind of semantics. I mean, you know, he has blown the whistle on some actions that the NSA is doing, some programs the NSA is doing, that may be unconstitutional. And I think, you know, that’s why Daniel Ellsberg has had so much praise for him. I mean, he’s showing the underside of the war on terror, the underside of the surveillance state. And I think, in that sense, he’s a real whistleblower. You know, perhaps the difference between him and, say, the NSA Four—Tom Drake and Bill Binney and the others—is that, you know, the NSA Four did not leak information. I mean, they reported it through the chain of command, or they tried to. And what’s unfortunate was, you know, they tried to do this, and then they were caught up in an investigation of who leaked to The New York Times about the NSA surveillance program, and they were persecuted and investigated, and Tom Drake was actually indicted under the Espionage Act and charged with being a spy. Those charges were ridiculous, and the case completely collapsed, but nevertheless, that’s what happened to them. So, Snowden maybe looked at that and decided, you know, he’s just—you know, why go through channels? I mean, I think if we had a system where people could actually expose wrongdoing and without fear of being persecuted, that he may not have broken the law. And I think we need to look very carefully at that, because we need to protect people like this who want to expose wrongdoing.

AARON MATÉ: Tim Shorrock, is it harder for Snowden, as a private contractor, to try to blow the whistle than it would have been had he been working directly for the government?

TIM SHORROCK: Well, perhaps so. I’m not sure what the difference in how they might prosecute somebody like this, but clearly, from what’s being said, you know, today and what was said yesterday, they’re going after him. In fact, I’ve heard they may charge him under the Espionage Act. So, that’s what they would do to a government official, as well, or an intelligence officer who leaked the same kind of thing. So, I don’t really think it’s that much different. And like I said at the top of the show, you know, what really—what really amazed me was the fact that Booz Allen Hamilton, as a corporation, is involved at this level of intelligence. It’s not that this guy was just a low-level employee. It’s that this company is involved, and you have the private sector at that level of NSA.

AMY GOODMAN: What do you think should be done differently? I mean, there’s two different issues here: One is the level of privatization of the military and intelligence, and the other is what Edward Snowden has actually revealed about what the U.S. government is doing with our information.

TIM SHORROCK: Well, what should we do about specifically what?

AMY GOODMAN: In terms of these private intelligence contractors and the access they have.

TIM SHORROCK: Well, you know, there’s been a process underway where the agencies are supposed to be doing, you know, inventories of the contractors and who they—what they do. And I think—you know, there was a report I saw recently from the inspector general of the Pentagon that looked at the Special Operations Command, which is—you know, Jeremy Scahill has been writing about it. It’s the most secretive part of the U.S. military, does these raids all over the world. And they looked at their contracts, and they found that a lot of JSOC and special operations contractors were doing inherently governmental work; in other words, they were doing things that, by law, should only be done by the government. And there was—at that level, there was very loose oversight.

And I think that we need to look, as a country, and the government certainly needs to do this, and Congress certainly needs to do this—you know, OK, it’s fine to buy technology from corporations, if they need it, but using corporations to fill your ranks, you know, to provide personnel—I mean, you go to these agencies, and it’s—you know, it’s not exactly like this, but it’s very much like a NASCAR race where they have logos, corporate logos, all over themselves. I mean, that’s what it’s like inside the NSA. You’ve got CSC over here. You’ve got Northrop Grumman over here, Lockheed Martin and so on.

Do we need to have the private sector doing all this analysis? I think that’s a very critical question to be asked. Do we want to have private corporations at the highest levels? And again, you know, if that’s something—that’s something that Congress, I believe, should really look at. And in the time that I’ve been covering this, as far as I recall, there’s only been one single hearing in Congress on this issue of intelligence contractors, and it was three years ago, and it was a pathetic hearing. They actually called me in for some advice, and they actually called Tom Drake in for advice, too. I didn’t know it at the time. And they—of course they didn’t use any of our suggestions. I—

AMY GOODMAN: The man they charged with espionage?

TIM SHORROCK: The man they—the man that was—had been charged earlier with espionage.

AMY GOODMAN: Well, the U.S. government had been charged with espionage, who, of course, ultimately—

TIM SHORROCK: Yes.

AMY GOODMAN: —those charges were dropped—

TIM SHORROCK: Right.

AMY GOODMAN: —and has been called by many a whistleblower.

TIM SHORROCK: Right. He’s a true whistleblower. And—but the point—you know, I said, “You know, you ought to call in the chief executives of Booz Allen Hamilton and all these companies, so the American people can meet the secret leaders of the intelligence community.” We know who Clapper is. We knew—you know, when Hayden was director, we knew who he was. But we don’t know these people running the corporations.

AMY GOODMAN: McConnell?

TIM SHORROCK: McConnell, Michael McConnell, used to be the director of national intelligence. Before that, he was NSA director. And, you know, in between, he was at Booz Allen Hamilton running their military intelligence programs. Now he’s back at Booz Allen Hamilton. So there’s this continuous flow of people in and out of the private sector back into government. It’s not even a revolving door; it’s just a spending door. But basically, what we have is an intelligence ruling class, public and private, that hold the secrets. And I think, you know, when Bill Binney talks about the Stasi, the East German police that listened to everybody, you know, look at, we have hundreds of thousands of contractors with security clearances. We have hundreds of thousands of federal workers in, you know, Homeland Security and intelligence. We have a massive number of people that are monitoring other Americans. I think it’s a very dangerous situation.

AMY GOODMAN: Tim Shorrock, I want to thank you for being with us, investigative reporter who covers national security. His most recent piece at Salon.com is “Meet the Contractors Analyzing Your Private Data: Private Companies Are Getting Rich Probing Your Personal Information for the Government. Call It Digital Blackwater.” He is author of Spies for Hire: The Secret World of Outsourced Intelligence.

This is Democracy Now! When we come back, we’ll look at the Wal-Mart shareholders’ meeting and what happened outside and in. Stay with us.

Tuesday, June 11, 2013

Find this story at 11 June 2013

The original content of this program is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License. Please attribute legal copies of this work to democracynow.org. Some of the work(s) that this program incorporates, however, may be separately licensed. For further information or additional permissions, contact us.

One of the big questions raised after Edward Snowden exposed the NSA’s secret surveillance programs is how a private contractor working at Booz Allen Hamilton had access to such sensitive information in the first place.

We still don’t know the precise answer, though here’s a bit of broader context: As our Washington Post colleagues report Tuesday, top-secret clearances for outside contractors aren’t necessarily unusual. In fact, roughly 500,000 private contractors had security clearance to handle top-secret material in 2012:

But there’s an important caveat here: Clearance doesn’t mean all these workers get to see every classified document out there. And, as various analysts have pointed out, Snowden likely would have needed even higher clearance than “top secret” to gain access to PRISM and other surveillance programs. (One former NSA official told the Post that “maybe 30 or maybe 40″ people would have access to the secret court orders that Snowden leaked.) So this chart still isn’t the full story.

Meanwhile, Booz Allen Hamilton, where Snowden worked, is only one private contractor of many here:

There’s a lot more detail in this Post story about the outsourcing of intelligence work, which notes that one in four intelligence workers has been a contractor, and 70 percent of the intelligence budget goes to private firms. “But,” the caveat goes, “in the rush to fill jobs, the government has relied on faulty procedures to vet intelligence workers, documents and interviews show.”

In a related vein, The Atlantic’s Jordan Weissman compiles some of the evidence that outsourcing key functions doesn’t always save the government money. For instance: “The Senate Intelligence Committee has stated that while the average civilian federal employee costs $125,000 per year (with overhead included), an equivalent contractor comes out to about $250,000.”

This phenomenon isn’t confined to military and intelligence. Since 1999, the number of civilian workers directly employed by the entire federal government has stayed roughly constant at about 2.7 million. But the number of private contractors across the board has ballooned, from 4.4 million to an estimated 7.6 million in 2005 — that’s everything from defense contractors and auditors to food inspectors and groundskeepers. And there’s no ready way to tell whether this outsourcing boom has actually saved taxpayers money.

By Brad Plumer, Updated: June 11, 2013

Find this story at 11 June 2013

© The Washington Post Company

As the American Civil Liberties Union sues the Obama administration over its secret NSA phone spying program, we look at how the government could use phone records to determine your friends, medical problems, business transactions and the places you’ve visited. While President Obama insists that nobody is listening to your telephone calls, cybersecurity expert Susan Landau says the metadata being collected by the government may be far more revealing than the content of the actual phone calls. A mathematician and former Sun Microsystems engineer, Landau is the author of the book “Surveillance or Security?: The Risks Posed by New Wiretapping Technologies.”
Transcript

This is a rush transcript. Copy may not be in its final form.

NERMEEN SHAIKH: The American Civil Liberties Union sued the Obama administration on Tuesday over the National Security Agency’s secret program to vacuum up the phone records of millions of Americans. The lawsuit comes less than one week after The Guardian and The Washington Post revealed the existence of a secret court ruling ordering Verizon to hand over records of its business customers. This is ACLU attorney Alex Abdo.

ALEX ABDO: This program is a massive and unprecedented grab of information by the intelligence agencies. They’re sweeping up or they’re tracking literally every call made in this country. And the Constitution simply doesn’t allow the government to do that. If it has a reason to suspect a particular American of wrongdoing, then the government should target that American for investigation or surveillance, but they shouldn’t indiscriminately sweep up the calls of millions of innocent Americans.

AMY GOODMAN: The disclosure of the secret NSA surveillance program was based on information leaked by Edward Snowden, a former CIA employee who most recently worked inside the NSA’s Hawaii office for the private firm Booz Allen Hamilton. On Friday, President Obama confirmed the existence of the surveillance program.

PRESIDENT BARACK OBAMA: When it comes to telephone calls, nobody is listening to your telephone calls. That’s not what this program’s about. As was indicated, what the intelligence community is doing is looking at phone numbers and durations of calls. They are not looking at people’s names, and they’re not looking at content. But by sifting through this so-called metadata, they may identify potential leads with respect to folks who might engage in terrorism. If these folks—if the intelligence community then actually wants to listen to a phone call, they’ve got to go back to a federal judge, just like they would in a criminal investigation. So, I want to be very clear—some of the hype that we’ve been hearing over the last day or so—nobody is listening to the content of people’s phone calls.

AMY GOODMAN: While President Obama insisted nobody is listening to your telephone calls, many cybersecurity experts say the metadata being collected by the government may be far more revealing than the actual content of the phone calls.

Joining us now from Washington, D.C., is Susan Landau, mathematician and former Sun Microsystems engineer, author of the book Surveillance or Security?: The Risks Posed by New Wiretapping Technologies. She received a Guggenheim Fellowship in 2012.

Susan Landau, welcome to Democracy Now! This may surprise many people, this point that metadata—just, you know, the fact of a phone call, who you called, perhaps where you made the call—can be more revealing than a transcript of the conversation itself.

SUSAN LANDAU: That’s right. That’s because a phone call—the metadata of a phone call tells what you do as opposed to what you say. So, for example, if you call from the hospital when you’re getting a mammogram, and then later in the day your doctor calls you, and then you call the surgeon, and then when you’re at the surgeon’s office you call your family, it’s pretty clear, just looking at that pattern of calls, that there’s been some bad news. If there’s a tight vote in Congress, and somebody who’s wavering on the edge, you discover that they’re talking to the opposition, you know which way they’re vote is going.

One of my favorite examples is, when Sun Microsystems was bought by Oracle, there were a number of calls that weekend before. One can imagine just the trail of calls. First the CEO of Sun and the CEO of Oracle talk to each other. Then probably they both talk to their chief counsels. Then maybe they talk to each other again, then to other people in charge. And the calls go back and forth very quickly, very tightly. You know what’s going to happen. You know what the announcement is going to be on Monday morning, even though you haven’t heard the content of the calls. So that metadata is remarkably revealing.

NERMEEN SHAIKH: Well, John Negroponte, the nation’s first director of national intelligence under President George W. Bush, has defended the surveillance program and the collection of metadata. He described metadata as, quote, “like knowing what’s on the outside of an envelope.” Susan Landau, your response to that?

SUSAN LANDAU: That’s not really true. That was the case when we had black telephones that weighed several pounds and sat on the living room table or the hall table, and you knew that there was a phone call from one house to another house. Now everybody carries cellphones with them. And so, the data is, when I call you, I know that I’m talking to you, but I have no idea where you are. It’s the phone company who has that data now. And that data is far more revealing than what’s on the outside of an envelope. As I said earlier, it’s what you do, not what you say. And because we’re carrying the cellphones with us and making calls all during the day, that it’s very, very revelatory.

NERMEEN SHAIKH: Could you explain, Susan, the significance of location data? Can the government map a person’s whereabouts through this metadata?

SUSAN LANDAU: Of course. In fact, all it takes is four data points to be 95 percent sure who the person is. I noticed President Obama said no names, but in fact, if you know four locations, because home and work are often unique pairs for most people, 95 percent location of—of times when you have four location points, you know who it is you’re listening to. So, you follow somebody, and they make calls from work every day, and then one day you notice they’ve made some calls from a bar at the end of the day. And then you discover somebody in middle age, somebody who ought to be working, is now making calls only from home. You know they’ve been fired, even though you haven’t listened to any of the content of the calls.

AMY GOODMAN: I wanted to ask you about the comments of the director of national intelligence, James Clapper, coming under increasing scrutiny over comments he made to the Senate over the government’s surveillance program. In March, Democratic Senator Ron Wyden questioned Clapper about the NSA.

SEN. RON WYDEN: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?

JAMES CLAPPER: No, sir.

SEN. RON WYDEN: It does not?

JAMES CLAPPER: Not wittingly. There are cases where they could inadvertently, perhaps, collect, but not wittingly.

AMY GOODMAN: Director of National Intelligence James Clapper is holding his head as he’s responding to questions from Senator Ron Wyden in March. Well, during an interview this week with NBC’s Andrea Mitchell, James Clapper defended his response, saying he had answered the question in the, quote, “least untruthful manner,” unquote. Meanwhile, on Tuesday, Senator Wyden called for public hearings to investigate the scope of the NSA’s surveillance of Americans. Wyden said, quote, “One of the most important responsibilities a Senator has is oversight of the intelligence community. [This] job cannot be done responsibly if Senators [aren’t] getting straight answers to direct questions.” Susan Landau, translate what James Clapper said.

SUSAN LANDAU: Well, he said that we’re not getting—that the NSA was not getting data on millions of Americans. But given that Verizon and the other telecos presumably were also sending this information, and they were sending it daily, that does not appear to be true.

Now, what we don’t know, we don’t know a lot of things. One of the things we don’t know is the kind minimization that the NSA did on the data. When you do a criminal wiretap, you’re required to do what’s called minimization. You can listen to the call, but if it’s not the target of the investigation, if it’s not the criminal him or herself, but let’s say their teenage daughter, then you have to shut down the wiretap, and you can pick it up again in a couple of minutes. If it’s the criminal, but they’re talking about going out to buy milk, let’s say, unless you think that’s code for going out to pick up some heroin, you have to shut it down. That’s minimization.

We don’t know several things. First of all, of course, there was a secret interpretation of a law, and that has no place in a democracy. That’s tantamount to secret laws. But we also don’t know what kind of data minimization the NSA was doing, and that’s something that ought to come out in public hearings. That’s very different from exposing sources and methods.

NERMEEN SHAIKH: Well, the secret court order to obtain Verizon phone records was sought by the FBI under a section of the Foreign Intelligence Surveillance Act that was expanded by the PATRIOT Act. In 2011, Democratic Senator Ron Wyden warned about how the government was interpreting its surveillance powers under Section 215 of the PATRIOT Act.

SEN. RON WYDEN: When the American people find out how their government has secretly interpreted the PATRIOT Act, they are going to be stunned, and they are going to be angry. And they’re going to ask senators, “Did you know what this law actually permits? Why didn’t you know before you voted on it?” The fact is, anyone can read the plain text of the PATRIOT Act, and yet many members of Congress have no idea how the law is being secretly interpreted by the executive branch, because that interpretation is classified. It’s almost as if there were two PATRIOT Acts, and many members of Congress have not read the one that matters. Our constituents, of course, are totally in the dark. Members of the public have no access to the secret legal interpretations, so they have no idea what their government believes the law actually means.

NERMEEN SHAIKH: Susan Landau, that was Democratic Senator Ron Wyden. Could you comment on what he said? He was speaking in 2011.

SUSAN LANDAU: Yes. No, I actually had members of the press call me after his speech and say, “What is he talking about in Section 215?” And I literally had no idea, because it did not occur to me, and maybe that’s my naïveté. It did not occur to me that the government would be collecting the metadata under a secret interpretation.

So what Senator Wyden is talking about is that collection of metadata, and what he’s alluding to is how extremely powerful it is. Currently, our laws, our wiretapping laws, which were passed when phones didn’t move, back in the 1960s and ’70s, those wiretap laws protect content, very strongly. You need a wiretap warrant to get at content. But they protect the metadata—the who, the when, the what time, how long a call was for, the location—much less strongly. That needs to be changed. And, in fact, a bill was reported out of the Senate Judiciary Committee, the Electronic Communications Privacy Act—an updated version of the bill was reported out earlier this year. That’s what Senator Wyden is alluding to. The fact that that metadata, now that we carry cellphones, now that payphones essentially don’t exist—there are far fewer payphones than a decade ago, and so one has to rely on cellphones—Senator Wyden is saying that information is very private information. It reveals a remarkable amount about what a person is doing, who they are, whom they associate with, who they spend their nights with, where they are when they travel. All that kind of information is very private, deserves constitutional protection. And yet, under a secret interpretation of the law, it’s in fact being handed over to the government. And that’s what Senator Wyden is saying.

AMY GOODMAN: Finally, Susan Landau, people like Senator Feinstein are calling for an investigation into what Edward Snowden has done. We’re about to have a debate on whether he is a traitor or a hero. What do you think of what Snowden has done? And what do you think needs to be done? Where should the investigation take place?

SUSAN LANDAU: So, the first thing is whether—what do I think of what Edward Snowden has done. I think of myself as a computer scientist, not a policy or legal expert. I don’t know what I would have done in his shoes, but I do know that what he’s done is opened up a public debate about something that should have been public many, many years ago. We can’t have secret interpretations of law in a democracy.

Where do I think things should go? I think there need to be two investigations. One, I think Senator Feinstein is absolutely right, although I would target things a little bit differently. We’ve developed a surveillance-industrial complex, as has been exhibited to the public now, and I think that’s where Senator Feinstein should concentrate. I think it’s time for a Church-type Committee investigation, under perhaps the aegis of the Judiciary Committee, under perhaps Senator Leahy, but we need an examination of the surveillance laws and what we’re doing, why we’re doing it, what was done illegally, and so on. And it needs to be a broad investigation, the same way it was done in the 1970s under the Church Committee.

AMY GOODMAN: I want to thank you very much, Susan Landau, mathematician, former Sun Microsystems engineer, author of the book Surveillance or Security?: The Risks Posed by New Wiretapping Technologies. She received a Guggenheim Fellowship in 2012. When we come back, a debate on what Edward Snowden has done. Traitor or hero? Stay with us.

Wednesday, June 12, 2013

Find this story at 12 June 2013 
The original content of this program is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License. Please attribute legal copies of this work to democracynow.org. Some of the work(s) that this program incorporates, however, may be separately licensed. For further information or additional permissions, contact us.