This weekend, U.S. President Barack Obama sat down for a series of meetings with China’s newly appointed leader, Xi Jinping. We know that the two leaders spoke at length about the topic du jour — cyber-espionage — a subject that has long frustrated officials in Washington and is now front and center with the revelations of sweeping U.S. data mining. The media has focused at length on China’s aggressive attempts to electronically steal U.S. military and commercial secrets, but Xi pushed back at the “shirt-sleeves” summit, noting that China, too, was the recipient of cyber-espionage. But what Obama probably neglected to mention is that he has his own hacker army, and it has burrowed its way deep, deep into China’s networks.

When the agenda for the meeting at the Sunnylands estate outside Palm Springs, California, was agreed to several months ago, both parties agreed that it would be a nice opportunity for President Xi, who assumed his post in March, to discuss a wide range of security and economic issues of concern to both countries. According to diplomatic sources, the issue of cybersecurity was not one of the key topics to be discussed at the summit. Sino-American economic relations, climate change, and the growing threat posed by North Korea were supposed to dominate the discussions.

Then, two weeks ago, White House officials leaked to the press that Obama intended to raise privately with Xi the highly contentious issue of China’s widespread use of computer hacking to steal U.S. government, military, and commercial secrets. According to a Chinese diplomat in Washington who spoke in confidence, Beijing was furious about the sudden elevation of cybersecurity and Chinese espionage on the meeting’s agenda. According to a diplomatic source in Washington, the Chinese government was even angrier that the White House leaked the new agenda item to the press before Washington bothered to tell Beijing about it.

So the Chinese began to hit back. Senior Chinese officials have publicly accused the U.S. government of hypocrisy and have alleged that Washington is also actively engaged in cyber-espionage. When the latest allegation of Chinese cyber-espionage was leveled in late May in a front-page Washington Post article, which alleged that hackers employed by the Chinese military had stolen the blueprints of over three dozen American weapons systems, the Chinese government’s top Internet official, Huang Chengqing, shot back that Beijing possessed “mountains of data” showing that the United States has engaged in widespread hacking designed to steal Chinese government secrets. This weekend’s revelations about the National Security Agency’s PRISM and Verizon metadata collection from a 29-year-old former CIA undercover operative named Edward J. Snowden, who is now living in Hong Kong, only add fuel to Beijing’s position.

But Washington never publicly responded to Huang’s allegation, and nobody in the U.S. media seems to have bothered to ask the White House if there is a modicum of truth to the Chinese charges.

It turns out that the Chinese government’s allegations are essentially correct. According to a number of confidential sources, a highly secretive unit of the National Security Agency (NSA), the U.S. government’s huge electronic eavesdropping organization, called the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.

Hidden away inside the massive NSA headquarters complex at Fort Meade, Maryland, in a large suite of offices segregated from the rest of the agency, TAO is a mystery to many NSA employees. Relatively few NSA officials have complete access to information about TAO because of the extraordinary sensitivity of its operations, and it requires a special security clearance to gain access to the unit’s work spaces inside the NSA operations complex. The door leading to its ultramodern operations center is protected by armed guards, an imposing steel door that can only be entered by entering the correct six-digit code into a keypad, and a retinal scanner to ensure that only those individuals specially cleared for access get through the door.

According to former NSA officials interviewed for this article, TAO’s mission is simple. It collects intelligence information on foreign targets by surreptitiously hacking into their computers and telecommunications systems, cracking passwords, compromising the computer security systems protecting the targeted computer, stealing the data stored on computer hard drives, and then copying all the messages and data traffic passing within the targeted email and text-messaging systems. The technical term of art used by NSA to describe these operations is computer network exploitation (CNE).

TAO is also responsible for developing the information that would allow the United States to destroy or damage foreign computer and telecommunications systems with a cyberattack if so directed by the president. The organization responsible for conducting such a cyberattack is U.S. Cyber Command (Cybercom), whose headquarters is located at Fort Meade and whose chief is the director of the NSA, Gen. Keith Alexander.

Commanded since April of this year by Robert Joyce, who formerly was the deputy director of the NSA’s Information Assurance Directorate (responsible for protecting the U.S. government’s communications and computer systems), TAO, sources say, is now the largest and arguably the most important component of the NSA’s huge Signal Intelligence (SIGINT) Directorate, consisting of over 1,000 military and civilian computer hackers, intelligence analysts, targeting specialists, computer hardware and software designers, and electrical engineers.

The sanctum sanctorum of TAO is its ultramodern operations center at Fort Meade called the Remote Operations Center (ROC), which is where the unit’s 600 or so military and civilian computer hackers (they themselves CNE operators) work in rotating shifts 24 hours a day, seven days a week.

These operators spend their days (or nights) searching the ether for computers systems and supporting telecommunications networks being utilized by, for example, foreign terrorists to pass messages to their members or sympathizers. Once these computers have been identified and located, the computer hackers working in the ROC break into the targeted computer systems electronically using special software designed by TAO’s own corps of software designers and engineers specifically for this purpose, download the contents of the computers’ hard drives, and place software implants or other devices called “buggies” inside the computers’ operating systems, which allows TAO intercept operators at Fort Meade to continuously monitor the email and/or text-messaging traffic coming in and out of the computers or hand-held devices.

TAO’s work would not be possible without the team of gifted computer scientists and software engineers belonging to the Data Network Technologies Branch, who develop the sophisticated computer software that allows the unit’s operators to perform their intelligence collection mission. A separate unit within TAO called the Telecommunications Network Technologies Branch (TNT) develops the techniques that allow TAO’s hackers to covertly gain access to targeted computer systems and telecommunications networks without being detected. Meanwhile, TAO’s Mission Infrastructure Technologies Branch develops and builds the sensitive computer and telecommunications monitoring hardware and support infrastructure that keeps the effort up and running.

TAO even has its own small clandestine intelligence-gathering unit called the Access Technologies Operations Branch, which includes personnel seconded by the CIA and the FBI, who perform what are described as “off-net operations,” which is a polite way of saying that they arrange for CIA agents to surreptitiously plant eavesdropping devices on computers and/or telecommunications systems overseas so that TAO’s hackers can remotely access them from Fort Meade.

It is important to note that TAO is not supposed to work against domestic targets in the United States or its possessions. This is the responsibility of the FBI, which is the sole U.S. intelligence agency chartered for domestic telecommunications surveillance. But in light of information about wider NSA snooping, one has to prudently be concerned about whether TAO is able to perform its mission of collecting foreign intelligence without accessing communications originating in or transiting through the United States.

Since its creation in 1997, TAO has garnered a reputation for producing some of the best intelligence available to the U.S. intelligence community not only about China, but also on foreign terrorist groups, espionage activities being conducted against the United States by foreign governments, ballistic missile and weapons of mass destruction developments around the globe, and the latest political, military, and economic developments around the globe.

According to a former NSA official, by 2007 TAO’s 600 intercept operators were secretly tapping into thousands of foreign computer systems and accessing password-protected computer hard drives and emails of targets around the world. As detailed in my 2009 history of NSA, The Secret Sentry, this highly classified intercept program, known at the time as Stumpcursor, proved to be critically important during the U.S. Army’s 2007 “surge” in Iraq, where it was credited with single-handedly identifying and locating over 100 Iraqi and al Qaeda insurgent cells in and around Baghdad. That same year, sources report that TAO was given an award for producing particularly important intelligence information about whether Iran was trying to build an atomic bomb.

By the time Obama became president of the United States in January 2009, TAO had become something akin to the wunderkind of the U.S. intelligence community. “It’s become an industry unto itself,” a former NSA official said of TAO at the time. “They go places and get things that nobody else in the IC [intelligence community] can.”

Given the nature and extraordinary political sensitivity of its work, it will come as no surprise that TAO has always been, and remains, extraordinarily publicity shy. Everything about TAO is classified top secret codeword, even within the hypersecretive NSA. Its name has appeared in print only a few times over the past decade, and the handful of reporters who have dared inquire about it have been politely but very firmly warned by senior U.S. intelligence officials not to describe its work for fear that it might compromise its ongoing efforts. According to a senior U.S. defense official who is familiar with TAO’s work, “The agency believes that the less people know about them [TAO] the better.”

The word among NSA officials is that if you want to get promoted or recognized, get a transfer to TAO as soon as you can. The current head of the NSA’s SIGINT Directorate, Teresa Shea, 54, got her current job in large part because of the work she did as chief of TAO in the years after the 9/11 terrorist attacks, when the unit earned plaudits for its ability to collect extremely hard-to-come-by information during the latter part of George W. Bush’s administration. We do not know what the information was, but sources suggest that it must have been pretty important to propel Shea to her position today. But according to a recently retired NSA official, TAO “is the place to be right now.”

There’s no question that TAO has continued to grow in size and importance since Obama took office in 2009, which is indicative of its outsized role. In recent years, TAO’s collection operations have expanded from Fort Meade to some of the agency’s most important listening posts in the United States. There are now mini-TAO units operating at the huge NSA SIGINT intercept and processing centers at NSA Hawaii at Wahiawa on the island of Oahu; NSA Georgia at Fort Gordon, Georgia; and NSA Texas at the Medina Annex outside San Antonio, Texas; and within the huge NSA listening post at Buckley Air Force Base outside Denver.

The problem is that TAO has become so large and produces so much valuable intelligence information that it has become virtually impossible to hide it anymore. The Chinese government is certainly aware of TAO’s activities. The “mountains of data” statement by China’s top Internet official, Huang Chengqing, is clearly an implied threat by Beijing to release this data. Thus it is unlikely that President Obama pressed President Xi too hard at the Sunnydale summit on the question of China’s cyber-espionage activities. As any high-stakes poker player knows, you can only press your luck so far when the guy on the other side of the table knows what cards you have in your hand.
Save big when you subscribe to FP.

THOMAS SAMSON/AFP/Getty Images

Matthew M. Aid is the author of Intel Wars: The Secret History of the Fight Against Terror and The Secret Sentry: The Untold History of the National Security Agency, and is co-editor with Cees Wiebes of Secrets of Signals Intelligence During the Cold War and Beyond.

Foreign Policy Magazine

Thursday, June 20, 2013

BY MATTHEW M. AID | JUNE 10, 2013

Find this story at 10 June 2013

©2013 The Foreign Policy Group, LLC.

(Reuters) – China’s top Internet security official says he has “mountains of data” pointing to extensive U.S. hacking aimed at China, but it would be irresponsible to blame Washington for such attacks, and called for greater cooperation to fight hacking.

Cyber security is a major concern for the U.S. government and is expected to be at the top of the agenda when President Barack Obama meets with Chinese President Xi Jinping in California on Thursday and Friday.

Obama will tell Xi that Washington considers Beijing responsible for any cyber attacks launched from Chinese soil and must take action to curb high-tech spying, White House officials said on Tuesday.

China’s Internet security chief complained that Washington used the news media to raise cyber security concerns which would be better settled through communication, not confrontation.

“We have mountains of data, if we wanted to accuse the U.S., but it’s not helpful in solving the problem,” said Huang Chengqing, director of the National Computer Network Emergency Response Technical Team/Coordination Center of China, known as CNCERT.

“They advocated cases that they never let us know about,” Huang said in comments on Tuesday and carried by the government-run China Daily newspaper on Wednesday.

“Some cases can be addressed if they had talked to us, why not let us know? It is not a constructive train of thought to solve problems.”

CNCERT has instead co-operated with the United States, receiving 32 Internet security cases from the United States in the first four months of 2013, and handling most promptly, except for a few that lacked sufficient proof, Huang said.

Designs for more than two dozen major U.S. weapons systems have been compromised by Chinese hackers, the Washington Post reported late last month.

The compromised designs included combat aircraft and ships, as well as missile defense systems vital for Europe, Asia and the Gulf, the newspaper said, citing a report prepared for the U.S. Defense Department by the Defense Science Board.

Huang did not deny the report, but suggested that if the U.S. government wants to keep weapons programs secure, it should not allow them to be accessed online.

“Even following the general principle of secret-keeping, it should not have been linked to the Internet,” Huang said.

Cyber attacks from the United States have been as serious as the accusations from Washington, Huang said

CNCERT, which issues a weekly report on cyber attacks against China, says that 4,062 U.S.-based computer servers hijacked 2.91 million mainframe computers in China.

(Reporting by Terril Yue Jones; Editing by Michael Perry)

BEIJING | Wed Jun 5, 2013 12:24am EDT

Find this story at 5 June 2013

© Thomson Reuters

Hong Kong (CNN) — U.S. intelligence agents have been hacking computer networks around the world for years, apparently targeting fat data pipes that push immense amounts of data around the Internet, NSA leaker Edward Snowden told the South China Morning Post on Wednesday.

Among some 61,000 reported targets of the National Security Agency, Snowden said, are hundreds of computers in China — which U.S. officials have increasingly criticized as the source of thousands of attacks on U.S. military and commercial networks. China has denied such attacks.

The Morning Post said it had seen documents provided by Snowden but was unable to verify their authenticity. The English-language news agency, which operates in Hong Kong, also said it was unable to independently verify allegations of U.S. hacking of networks in Hong Kong and mainland China since 2009.
Snowden told the paper that some of the targets included the Chinese University of Hong Kong, public officials and students. The documents also “point to hacking activity by the NSA against mainland targets,” the newspaper reported.

The claims came just days after U.S. President Barack Obama pressed Chinese President Xi Jinping to address cyberattacks emanating from China that Obama described as “direct theft of United States property.”

Snowden’s allegations appear to give weight to claims by some Chinese government officials that the country has been a victim of similar hacking efforts coming from the United States.

His claims came as Gen. Keith Alexander, the National Security Agency chief, testified at a U.S. Senate hearing that the country’s cyberinfrastructure, including telephones and computer networks, is somewhat vulnerable to attack.

On a scale of one to 10, “our critical infrastructure’s preparedness to withstand a destructive cyberattack is about a three, based on my experience,” he said.

In the Morning Post interview — published one week after the British newspaper The Guardian revealed the first leaks attributed to Snowden — he claimed the agency he once worked for as a contractor typically targets high-bandwidth data lines that connect Internet nodes located around the world.

“We hack network backbones — like huge Internet routers, basically — that give us access to the communications of hundreds of thousands of computers without having to hack every single one,” the newspaper quoted him as saying.

A “backbone” is part of the inner workings of a computer network that links different parts of that network. It is used to deliver data from one part of the network to another and, as such, could expose data from multiple computers if hacked.

‘Trying to bully’

Snowden, 29, worked for the Booz Allen Hamilton computer consulting firm until Monday, when he was fired after documents he provided to journalists revealed the existence of secret programs to collect records of domestic telephone calls in the United States and the Internet activity of overseas residents.

While he has not been charged, the FBI is conducting an investigation into the leaks, and he has told The Guardian that he expects the United States will try to prosecute him.
Snowden told the Morning Post that he felt U.S. officials were pressuring his family and also accused them of “trying to bully” Hong Kong into extraditing him to prevent the release of more damaging information.

He vowed to resist extradition efforts if it comes to that, saying he “would rather stay and fight the United States government in the courts, because I have faith in Hong Kong’s rule of law.”

“My intention is to ask the courts and people of Hong Kong to decide my fate,” the South China Morning Post quoted Snowden as saying. “I have been given no reason to doubt your system.”

But Hong Kong lawmaker Regina Ip, a former secretary of security for the territory, said Tuesday that while any extradition process could take months, Snowden isn’t necessarily beyond the reach of the United States.

“If he thought there was a legal vacuum in Hong Kong which renders him safe from U.S. jurisdiction, that is unlikely to be the case,” she said.

The newspaper said Snowden has been hiding in undisclosed locations inside the semi-autonomous Chinese territory since checking out of his hotel room Monday — a day after he revealed his identity in an interview with The Guardian.

Snowden told the Morning Post he is not trying to evade U.S. authorities.

“People who think I made a mistake in picking Hong Kong as a location misunderstand my intentions,” the newspaper quoted him as saying. “I am not here to hide from justice; I am here to reveal criminality.”

The NSA and the National Intelligence director did not immediately respond to a CNN request for comment.

Asked during a media briefing on Wednesday for comment on Snowden’s latest claims, U.S. State Department spokeswoman Jennifer Psaki declined. She said she had not seen the latest Morning Post report.

On the defensive

The revelations have renewed debate over surveillance in the United States and overseas in the name of fighting terrorism, with supporters saying the programs revealed by Snowden are legal and have helped stop terror plots. Civil liberties advocates, however, call the measures dangerous and unacceptable intrusions.

Such criticisms have put Obama and his allies on the issue — both Democrats and Republicans — on the defensive against mounting criticisms from a similarly bipartisan group of critics demanding changes to rein in the programs.

There also is a sharp division among Americans over the issue.

A Gallup poll released Wednesday found that 44% of Americans believe Snowden did the right thing by releasing details about the classified surveillance programs, while 42% said it was wrong and 14% said they were unsure.

The poll for that question had a 6% margin of error.

It also found that more Americans disapprove than approve of the government’s surveillance programs, 53% to 37%. Ten percent had no opinion.

The poll for that question had a 4% margin of error.

Those differences were on display Wednesday when Alexander, the director of the National Security Agency, testified at a hearing into cybersecurity technology and civil liberties.

Officials have been unable to explain controversial data mining programs because they have been classified, Alexander testified.

But Alexander rejected the Snowden’s claim that the NSA could tap into any American’s phone or computer.

“I know of no way to do that,” Alexander said.

But he testified that phone records obtained by the government helped prevent “dozens” of terrorist events.

He would not discuss disrupted plots broadly, saying they were classified. But he did say federal data mining appeared to play a role in helping to disrupt a plot in recent years to attack the New York subway system.

Alexander said information developed overseas was passed along to the FBI, which he said was able to identify eventual suspect Najibullah Zazi in Colorado and ultimately uncover a plot. Zazi pleaded guilty to terror-related charges in 2010.

While not on the roster for Wednesday’s hearing, another administration official in the spotlight is Director of National Intelligence James Clapper, whom Democratic Sen. Ron Wyden has singled out for how he answered questions about the telephone surveillance program in March.

In March, Wyden asked Clapper whether the NSA collects “any type of data at all on millions or hundreds of millions of Americans?”

“No sir,” Clapper said.

On Saturday, Clapper told NBC News that he answered in the “most truthful or least most untruthful manner” possible.

Clapper told NBC that he had interpreted “collection” to mean actually examining the materials gathered by the NSA.

He previously told the National Journal he had meant that “the NSA does not voyeuristically pore through U.S. citizens’ e-mails,” but he did not mention e-mails at the hearing.

NSA leaker’s girlfriend says she’s ‘lost at sea’

EU questions

Fallout over revelations about the NSA’s intelligence-gathering has reached the European Union’s governing body, where Vice President Viviane Reding raised concerns that the United States may have targeted some of its citizens.

Reding said she plans to raise the issue during a meeting Friday with U.S. Attorney General Eric Holder.

“The respect for fundamental rights and the rule of law are the foundations of the EU-U.S. relationship. This common understanding has been, and must remain, the basis of cooperation between us in the area of Justice,” Reding, the EU commissioner for justice, said Wednesday.

“Trust that the rule of law will be respected is also essential to the stability and growth of the digital economy, including transatlantic business. This is of paramount importance for individuals and companies alike.”

CNN’s Jethro Mullen reported and wrote from Hong Kong, and Chelsea J. Carter reported and wrote from Atlanta. CNN’s Paul Steinhauser, Tom Cohen, Michael Pearson, Doug Gross, Shirley Henry, Brian Walker and Pamela Boykoff contributed to this report.

By Jethro Mullen and Chelsea J. Carter, CNN
June 13, 2013 — Updated 0932 GMT (1732 HKT)

Find this story at 13 June 2013

© 2013 Cable News Network

Obama administration says NSA data helped make arrests in two important cases – but critics say that simply isn’t true

A new NSA data farm is set to open in the fall in Bluffdale, Utah. A former CIA agent said: ‘[Data-mining] played no role in the Headley case.’ Photograph: George Frey/Getty Images

Lawyers and intelligence experts with direct knowledge of two intercepted terrorist plots that the Obama administration says confirm the value of the NSA’s vast data-mining activities have questioned whether the surveillance sweeps played a significant role, if any, in foiling the attacks.

The defence of the controversial data collection operations, highlighted in a series of Guardian disclosures over the past week, has been led by Dianne Feinstein, chairwoman of the Senate intelligence committee, and her equivalent in the House, Mike Rogers. The two politicians have attempted to justify the NSA’s use of vast data sweeps such as Prism and Boundless Informant by pointing to the arrests and convictions of would-be New York subway bomber Najibullah Zazi in 2009 and David Headley, who is serving a 35-year prison sentence for his role in the 2008 Mumbai attacks.

Rogers told ABC’s This Week that the NSA’s bulk monitoring of phone calls and internet contacts was central to intercepting the plotters. “I can tell you, in the Zazi case in New York, it’s exactly the programme that was used,” he said.

A similar point was made in anonymous briefings by administration officials to the New York Times and Reuters.

But court documents lodged in the US and UK, as well as interviews with involved parties, suggest that data-mining through Prism and other NSA programmes played a relatively minor role in the interception of the two plots. Conventional surveillance techniques, in both cases including old-fashioned tip-offs from intelligence services in Britain, appear to have initiated the investigations.

In the case of Zazi, an Afghan American who planned to attack the New York subway, the breakthrough appears to have come from Operation Pathway, a British investigation into a suspected terrorism cell in the north-west of England in 2009. That investigation discovered that one of the members of the cell had been in contact with an al-Qaida associate in Pakistan via the email address sana_pakhtana@yahoo.com.

British newspaper reports at the time of Zazi’s arrest said that UK intelligence passed on the email address to the US. The same email address, as Buzzfeed has pointed out, was cited in Zazi’s 2011 trial as a crucial piece of evidence. Zazi, the court heard, wrote to sana_pakhtana@yahoo.com asking in coded language for the precise quantities to use to make up a bomb.

Eric Jurgenson, an FBI agent involved in investigating Zazi once the link to the Pakistani email address was made, told the court: “My office was in receipt – I was notified, I should say. My office was in receipt of several email messages, email communications. Those email communications, several of them resolved to an individual living in Colorado.”

Michael Dowling, a Denver-based attorney who acted as Zazi’s defence counsel, said the full picture remained unclear as Zazi pleaded guilty before all details of the investigation were made public. But the lawyer said he was sceptical that mass data sweeps could explain what led law enforcement to Zazi.

“The government says that it does not monitor content of these communications in its data collection. So I find it hard to believe that this would have uncovered Zazi’s contacts with a known terrorist in Pakistan,” Dowling said.

Further scepticism has been expressed by David Davis, a former British foreign office minister who described the citing of the Zazi case as an example of the merits of data-mining as “misleading” and “an illusion”. Davis pointed out that Operation Pathway was prematurely aborted in April 2009 after Bob Quick, then the UK’s most senior counter-terrorism police officer, was pictured walking into Downing Street with top secret documents containing details of the operation in full view of cameras.

The collapse of the operation, and arrests of suspects that hurriedly followed, came five months before Zazi was arrested in September 2009. “That was the operation that led to the initial data links to Zazi – they put the clues in the database which gave them the connections,” Davis said.

Davis said that the discovery of the sana_pakhtana@yahoo.com email – and in turn the link to Zazi – had been made by traditional investigative work in the UK. He said the clue-driven nature of the inquiry was significant, as it was propelled by detectives operating on the basis of court-issued warrants.

“You can’t make this grand sweeping [data collection] stuff subject to warrants. What judge would give you a warrant if you say you want to comb through vast quantities of data?”

Legal documents lodged with a federal court in New York’s eastern district shortly after Zazi’s arrest show that US counter-intelligence officials had been keeping watch over him under targeted surveillance with the warranted approval of the special intelligence court. During the course of the prosecution, the US served notice that it would be offering evidence “obtained and derived from electronic surveillance and physical search conducted pursuant to the Foreign Intelligence Surveillance Act of 1978 (Fisa).”

Feinstein and Rogers have also pointed to the case of David Headley, who in January was sentenced to 35 years in jail for having made multiple scouting missions to Mumbai ahead of the 2008 terrorist attacks that killed 168 people. Yet the evidence in his case also points towards a British tip-off as the inspiration behind the US interception of him.

In July 2009, British intelligence began tracking Headley, a Pakistani American from Chicago, who was then plotting to attack Danish newspaper Jyllands-Posten in retaliation for its publication of cartoons of the prophet Mohammed. Information was passed to the FBI and he was thereafter, until his arrest that October, kept under targeted US surveillance.

An intelligence expert and former CIA operative, who asked to remain anonymous because he had been directly involved in the Headley case, was derisive about the claim that data-mining sweeps by the NSA were key to the investigation. “That’s nonsense. It played no role at all in the Headley case. That’s not the way it happened at all,” he said.

The intelligence expert said that it was a far more ordinary lead that ensnared Headley. British investigators spotted him when he contacted an informant.

The Headley case is a peculiar choice for the administration to highlight as an example of the virtues of data-mining. The fact that the Mumbai attacks occurred, with such devastating effect, in itself suggests that the NSA’s secret programmes were limited in their value as he was captured only after the event.

Headley was also subject to a plethora of more conventionally obtained intelligence that questions the central role claimed for the NSA’s data sweeps behind his arrest. In a long profile of Headley, the investigative website ProPublica pointed out that he had been an informant working for the Drug Enforcement Administration perhaps as recently as 2005. There are suggestions that he might have then worked in some capacity for the FBI or CIA.

Headley was also, ProPublica found, the subject of several inquiries by agents of the FBI-led Joint Terrorism Task Force. A year before the Mumbai attacks his then wife, Faiza Outalha, reported on him to the US embassy Islamabad, saying he was on a secret mission in India and was a “drug dealer, terrorist and spy”.

Ed Pilkington in New York and Nicholas Watt in London
guardian.co.uk, Wednesday 12 June 2013 15.51 BST

Find this story at 12 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Listen to defenders of the U.S. government’s recently revealed data collection practices, and you’re likely to hear claims about terrorist plots these sweeping activities have purportedly stopped.

Senate Intelligence Committee Chairwoman Dianne Feinstein, D-Calif., explained on ABC’s “This Week” Sunday that in one of the signature uses of the dragnet collection of every American’s phone records, the NSA managed to track one of our own informants, David Headley, as he helped Islamic terrorists plan attacks. She did not mention that it did nothing to prevent the 2008 terrorist attack in Mumbai, which killed 166 — and in which Headley had a role in planning.

Director of National Intelligence James Clapper called the effort to track Headley – which did manage to thwart Headley’s 2009 plans to attack a Danish newspaper – a success, in an interview with Andrea Mitchell. Such is the value of these programs, it appears, that top proponents of the program celebrate the tracking of a DEA informant gone bad as their main talking point.

“U.S. officials say Headley simply slipped through the cracks,” ProPublica reported earlier this year in a blockbuster story on Headley. ProPublica describes competing claims about when the Drug Enforcement Agency, which first recruited Headley in 1997, stopped using him as an informant; DEA insists he was deactivated in 2002, while other sources say he remained a U.S. informant through 2005. What’s clear is that Headley spent the subsequent years leading up to the 2008 Mumbai attack traveling form Pakistan to India, casing out the terror plot.

Multiple warnings to the Indian government — perhaps based on the intelligence now being touted — failed to prevent the attack. “U.S. officials learned enough about his activities to become concerned, monitor him intermittently and pick up fragments of intelligence that contributed to the warnings to India,” reported ProPublica. At the time of the attack, Headley had returned safely to Lahore, Pakistan, and he even traveled between there, Chicago and Europe thereafter, planning another plot. In October 2009, the FBI arrested Headley in Chicago as he traveled to Pakistan to hand off intelligence for an attack on Denmark.

Before we start celebrating our finding an informant-turned-terrorist we lost as one of the successes that makes massive spying worthwhile, shouldn’t we first get an explanation for how our intelligence agencies lost track of Headley in the first place?

The flood of missed warnings about Headley’s increasing ties with Islamic terrorists did lead to an investigation led by DNI Clapper’s office in 2010, but the results of it have not been made public. Yet the embarrassment of having a former American informant play a key role in one of the biggest attacks since 9/11 doesn’t seem to have prevented Clapper and Feinstein from boasting of NSA’s success in his case.

Headley’s attacks are not the only ones cited by Feinstein and Clapper. Feinstein also cited the case of Najibullah Zazi, an Afghan immigrant to the U.S. who plotted to blow up the New York subway in 2009. FBI’s success in thwarting Zazi’s attack is probably the most serious publicly known example of a thwarted attack. To the extent the NSA’s programs played a key role, then, it is a significant success.

But even there, the claims appear fuzzy or overblown. Feinstein, for example, describes the success this way (emphasis added): “[Zazi] made the decision that he was going to blow up a New York subway, who went to a beauty wholesale supply place, bought enough hydrogen peroxide to make bombs, was surveilled by the FBI for six months, traveled to go to New York, to meet with a number of other people who were going to carry out this attack with him, and were arrested by the FBI, who has pled guilty and in federal prison.”

It’s an interesting use of the word “surveilled,” because according to sworn court testimony the lead that identified Zazi was an email account identified in a British terrorism case, which the NSA tracked. That account, not Zazi, was surveilled. Days, not months, before Zazi’s planned attack, he sent an email to the account asking for help making explosives, which led the FBI to uncover his plot.

PRISM — the direct access to Internet companies’ data, which Clapper’s office describes as a “computer system used to facilitate the government’s statutorily authorized collection of foreign intelligence information from electronic communication service providers” — appears to have been the means by which FBI conducted this surveillance. A New York Times source explains PRISM was the only means to access the email: “It was through an e-mail correspondence that we had access to only through Prism.” But tracking the email account would have been legal under the FISA laws in place prior to 9/11. As such, PRISM seems to have made it easier to capture Zazi, but may not have been pivotal.

The claim PRISM helped to nab Zazi is new since these revelations. But Feinstein has long insisted that Section 215 — the dragnet collection program — had a role, too (she made that claim, in part, to support the reauthorization of the language used to conduct the dragnet collection in 2009).

That makes the Zazi case troubling too, because there is a good deal of circumstantial evidence that the government used Section 215 to identify people in Aurora, Colo., who had, like Zazi, purchased hydrogen peroxide and acetone, which (in addition to being common household chemicals) are precursors for the explosives Zazi used. The government described three people associated with Zazi in an affidavit justifying his detention, implying they were accomplices. Yet, these three unnamed people never appeared in the legal case again. They appear to have been completely innocent of any tie to Zazi’s plot. If so, then, in addition to being a success story, the Zazi case would also be a perfect example of how these tools can implicate perfectly innocent people as terrorists for something as innocent as buying hair care supplies.

At the very least, the fuzzy cases Feinstein and Clapper are boasting about demonstrate the need for far more transparency on these tools. If they’re justifying a gross incursion on American privacy, in part because they helped track down an informant our intelligence services lost track of — and created false positives based on hair bleach purchases — then we need to seriously reconsider their use.

Marcy Wheeler writes at EmptyWheel.net and is the author of “Anatomy of Deceit.”

Monday, Jun 10, 2013 07:10 PM +0200

By Marcy Wheeler

Find this story at 10 June 2013

Copyright © 2013 Salon Media Group, Inc.

Defenders of “PRISM” say it stopped subway bombings. But British and American court documents suggest old-fashioned police work nabbed Zazi.

Would-be subway bomber Najibullah Zazi. Image by Marc Piscotty / Getty Images

Defenders of the American government’s online spying program known as “PRISM” claimed Friday that the suddenly controversial secret effort had saved New York City’s subways from a 2009 terrorist plot led by a young Afghan-American, Najibullah Zazi.

But British and American legal documents from 2010 and 2011 contradict that claim, which appears to be the latest in a long line of attempts to defend secret programs by making, at best, misleading claims that they were central to stopping terror plots. While the court documents don’t exclude the possibility that PRISM was somehow employed in the Zazi case, the documents show that old-fashioned police work, not data mining, was the tool that led counterterrorism agents to arrest Zazi. The public documents confirm doubts raised by the blogger Marcy Wheeler and the AP’s Adam Goldman, and call into question a defense of PRISM first floated by House Intelligence Committee Chairman Mike Rogers, who suggested that PRISM had stopped a key terror plot.

Reuters’s Mark Hosenball advanced the claim Friday, based on anonymous “government sources”:

A secret U.S. intelligence program to collect emails that is at the heart of an uproar over government surveillance helped foil an Islamist militant plot to bomb the New York City subway system in 2009, U.S. government sources said on Friday.

The sources said Representative Mike Rogers, chairman of the House of Representatives Intelligence Committee, was talking about a plot hatched by Najibullah Zazi, an Afghan-born U.S. resident, when he said on Thursday that such surveillance had helped thwart a significant terrorist plot in recent years.

President Barack Obama’s administration is facing controversy after revelations of details of massive programs run by the National Security Agency for collecting information from telephone and Internet companies.

The surveillance program that halted the Zazi plot was one that collected email data on foreign intelligence suspects, a U.S. government source said.

The New York Times also emphasized the Zazi case Friday:

To defenders of the N.S.A., the Zazi case underscores how the agency’s Internet surveillance system, called Prism, which was set up over the past decade to collect data from online providers of e-mail and chat services, has yielded concrete results.

“We were able to glean critical information,” said a senior intelligence official, who spoke on the condition of anonymity. “It was through an e-mail correspondence that we had access to only through Prism.”

But public — though not widely publicized — details of the Zazi plot cast into doubt the notion that a data mining program had much to do with the investigation. Zazi traveled to Pakistan in 2008 to train with al Qaeda. He was charged in 2009 with leading two other men in a plot to detonate suicide bombs in the New York subways.

The path to his capture, according to the public records, began in April 2009, when British authorities arrested several suspected terrorists. According to a 2010 ruling from Britain’s Special Immigration Appeals Commission, one of the suspects’ computers included email correspondence with an address in Pakistan.

The open case is founded upon a series of emails exchanged between a Pakistani registered email account sana_pakhtana@yahoo.com and an email account admittedly used by Naseer humaonion@yahoo.com between 30 November 2008 and 3 April 2009. The Security Service’s assessment is that the user of the sana_pakhtana account was an Al Qaeda associate…”

“For reasons which are wholly set out in the closed judgment, we are sure satisfied to the criminal standard that the user of the sana_pakhtana account was an Al Qaeda associate,” the British court wrote.

Later that year, according to a transcript of Zazi’s July, 2011 trial, Zazi emailed his al Qaeda handler in Pakistan for help with the recipe for his bombs. He sent his inquiry to the same email address: sana_pakhtana@yahoo.com.

An FBI agent, Eric Jurgenson, testified, “I was notified, I should say. My office was in receipt of several e-mail messages, e-mail communications.” Those emails — from Zazi to the same sana_pakhtana@yahoo.com — “led to the investigation,” he testified.

The details of terror investigations are not always laid out this clearly in public; but they appear to belie the notion, advanced by anonymous government officials Friday, that sweeping access to millions of email accounts played an important roil in foiling the subway attack. Instead, this is the sort investigation made possible by ordinary warrants under the Foreign Intelligence Surveillance Act; authorities appear simply to have been monitoring the Pakistani email account that had been linked to terrorists earlier that year.

This was, in fact, reported at the time. That November, British authorities were bragging to the Telegraph about their role in arresting Zazi:

The plan, which reportedly would have been the biggest attack on America since 9/11, was uncovered after Scotland Yard intercepted an email….The alleged plot was unmasked after an email address that was being monitored as part of [the 2009 U.K. case] was suddenly reactivated.

The existence of PRISM was revealed Thursday by the Washington Post and the Guardian. Authorities are now scrambling to justify the program.

posted on June 7, 2013 at 10:21pm EDT

Ben Smith
BuzzFeed Staff

Find this story at 7 June 2013

Copyright © 2013 BuzzFeed, Inc.

European authorities have known since mid-2011 that the US could conduct surveillance on EU citizens. But experts say that European countries had little interest in picking a fight with their ally in Washington.
There has been widespread outrage in Europe over the scope of the National Security Agency’s PRISM surveillance program. European experts, however, are not surprised by American whistleblower Edward Snowden’s revelations.
“What Snowden revealed about PRISM was already known to certain well-connected people for a long time,” Benjamin Bergemann, the author of the German blog netzpolitik.org and a member of the Digitale Gesellschaft (Digital Society) e.V., told DW.
The European Parliament commissioned a report in 2012, which showed that US authorities could theoretically access European citizens’ data since 2008. The report’s authors were hard on European authorities.
In the EU, there was no awareness that mass political surveillance was possible, according to the authors of the study. Incredibly, since 2011 “neither the EU Commission nor the national lawmakers nor the European Parliament had any knowledge of FISAAA 1881a.”
FISAAA 1881a refers to a section of a 2008 amendment to the US Foreign Intelligence Surveillance Act of 1978. That section of the 2008 amendment empowers US spy agencies to collect information stored in American cloud computing providers.
The authors of the EU study warned that US authorities had access to the data of non-US citizens in these so-called data clouds. The EU was neglecting to protect its citizens, according to the report’s devastating conclusion.

Focus on China and Russia

Europeans had long invested their energy in the fight for consumer protection in the Internet and against cyber crime, according to Julien Jeandesboz of the Centre d’Etudes sur les Conflits. Jeandesboz said that the focus in the EU was not on state-sponsored threats to its citizens.
The Europeans debated about hackers, identity theft, and the regulation of Internet companies. And in the rare moments when the discussion did turn to state-sponsored activities, the EU’s attention was focused on China and Russia.
Jeandesboz believes that political motivations explain the EU’s blind eye to US spy activities. The Patriot Act, which gave Washington broad wiretapping authority after the September 11, 2001 attacks, was controversial and publicly discussed in the EU. But while it’s one thing to target cyber criminals, it’s totally different to move against the US government, according to Jeandesboz.
For most European governments, the US is an important ally and trade partner as well as the world’s leading Internet provider.

European intelligence agencies complicit?

According to Britain’s Guardian newspaper, European intelligence agencies may have profited from the Americans’ surveillance activities. The Guardian reported that Britain’s equivalent to the NSA, the GCHQ, appears to have made use of American intelligence gleaned from PRISM.
Every European user of Facebook and Google should be aware that their data may be subject to PRISM, said blogger Benjamin Bergemann.
“One could say, ‘what interest does the US have in me?’ But one should not forget that the European criminal justice systems have an interest in such surveillance and so a coalition of interests could form,” Bergemann said.

EU citizens’ rights violated

While Internet users in Europe can sue in court for the control of their own data, no such legal right exists in the US. And European law is at a loss when it comes to transnational data transfers.
According to Nicolas Hernanz, many laws that are passed in the US now also affect EU citizens. Hernanz, with the Center for European Policy Studies in Brussels, said that Europeans’ legal right to control their own personal data is being “thrown in the garbage can” as a result of US surveillance activities.
US lobbyists have managed numerous times to water down tough data protection provisions in EU treaties, according to Bergemann. He hopes that the importance of data protection and privacy will be reflected in pending EU legislative initiatives.
Jeandesboz believes that if the revelations about PRISM cannot move the EU to act, then nothing can. While experts thought that such sweeping surveillance was possible, it was not considered likely. Jeandesboz said that Europeans need to stand up for their legal tradition in the face of the US. Otherwise, more civil liberties could be sacrificed for security, he continued.
“The fear of terrorism and the preventative security concept have reached their high point,” said blogger Benjamin Bergemann.

Data protection directive

There are many proposals for how the EU can protect its citizens from US surveillance. But there is little unity in the 27-member bloc. A data protection directive, which is supposed to be passed before the 2014 EU elections, has been vigorously debated.
EU parliamentarians have proposed several changes to the directive. One proposal would flag American web services, warning EU users that the site is governed by US law and could be under the control of US authorities. Another proposal would extend protection to the whistleblower Edward Snowden.

Disturbing trends in Europe

At the very least, political pressure could be placed on the US, if Washington was forced to sign a law enforcement treaty with the EU. But not even that exists at the moment. And experts warn that pointing the finger across the pond is not enough.
Within the EU, there has to be a discussion about whether or not data protection should be sacrificed to counterterrorism, the experts say. The concept of preventive security is becoming more prominent in the 27-member bloc, according to Bergemann.
“The telecommunications providers have been forced to set up an electronic interface for the authorities, so that IP addresses can be retrieved,” Bergemann said. “These trends also exist in Europe.”

Deutsche Welle
11.06.2013
Nina Haase

Find this story at 11 June 2013

© 2013 Deutsche Welle

The recent confirmation that NSA is performing data mining on the telephone records of Americans raises an important question for Canadians, is CSE likewise mining the call records of people in Canada?

The short answer is I don’t know. But there are some telling indications that CSE is interested in undertaking such monitoring and that it may well be doing it to one degree or another.

First, let’s look at the program in the U.S. From the original Guardian report and subsequent revelations (see, for example, Shane Harris, “What We Know About the NSA Metadata Program,” Dead Drop blog, 6 June 2013) we now know quite a lot about the NSA’s domestic phone records monitoring program, including the following features about it:
Current procedures date from 2006, but the program began shortly after 9/11
Entails data mining of nationwide telephone call records
Focus on metadata, not content
Network analysis involved
Undertaken as part of counter-terrorism effort
Now consider this description of data mining research conducted in 2006 by CSE and the Mathematics of Information Technology and Complex Systems (MITACS) project, a Canadian network of academia, industry, and the public sector (originally posted here but subsequently removed; archived version here; first blogged by me here):
As part of ongoing collaborations with the Communications Security Establishment (CSE), we are applying unsupervised and semi-supervised learning methods to understand transactions on large dynamic networks, such as telephone and email networks. When viewed as a graph, the nodes correspond to individuals that send or receive messages, and edges correspond to the messages themselves. The graphs we address can be observed in real-time, include from hundreds to hundreds of thousands of nodes, and feature thousands to millions of transactions. There are two goals associated with this project: firstly, there is the semi-supervised learning task, and rare-target problem, in which we wish to identify certain types of nodes; secondly, there is the unsupervised learning task of detecting anomalous messages. For reasons of efficiency, we have restricted our attention to meta-data of message transactions, such as the time, sender, and recipient, and ignored the contents of messages themselves. In collaboration with CSE, we are studying the problem of counter-terrorism, a semi-supervised problem in which some terrorists in a large network are labeled, but most are not…. Another common feature of counter-terrorism problems is the fact that large volumes of data are often “streamed” through various collection sites, in order to provide maximal information in a timely fashion. A consequence of efficient collection of transactions on very large graphs is that the data itself can only be stored for a short time. This leads to a nonstandard learning problem, since most learning algorithms assume that the full dataset can be accessed for training purposes. Working in conjunction with CSE, we will devise on-line learning algorithms that scale efficiently with increasing volume, and need only use each example once. [Emphasis added.]
Note these features:
Applicable to telephone and email networks
Thousands to millions of transactions
Metadata, not content, examined
Counter-terrorism related

Familiar looking?

Consider also this comment made by then-CSE Chief John Adams to the Standing Senate Committee on National Security and Defence on 30 April 2007:
What is your interpretation of intercept, if I were to ask? If you asked me, it would be if I heard someone talking to someone else or if I read someone’s writing. An intercept would not be to look on the outside of the envelope. That is not an intercept to me. Unfortunately, that is not everyone’s interpretation of intercept, so the suggestion is that we should define that in the legislation…. Intercept is defined in another piece of legislation, and that is where people would probably look if they were searching for a definition of intercept. They are saying that could be troublesome for us, so we had better define it in our act to avoid that problem. That sort of thing has not come up as an issue, but it could.

As I noted in an earlier post, that sounds an awful lot like something you would say if you wanted to collect phone call metadata (number called, duration of call, etc.) and similar addressing information for e-mails and other communications — and felt you already had the legal basis to do so.

Would such monitoring be legal in Canada? I don’t know. (Usual disclaimer about not being a lawyer applies.)

Michael Geist suggests that s. 21 of the CSIS Act might be used to authorize the activity; CSE’s participation would then be based on CSIS’s authority.

Another possibility is that CSE might consider its foreign intelligence mandate (processing the records as part of the hunt for foreign terrorists) sufficient to authorize such monitoring. It is possible that this somewhat cryptic passage in the CSE oversight commissioner’s 2010-11 Annual Report is referring in whole or in part to such activities:

CSEC conducts a number of activities for the purposes of locating new sources of foreign intelligence. When other means have been exhausted, CSEC may use information about Canadians when it has reasonable grounds to believe that using this information may assist in identifying and obtaining foreign intelligence. CSEC conducts these activities infrequently, but they can be a valuable tool in meeting Government of Canada intelligence priorities. CSEC does not require a ministerial authorization to conduct these activities because they do not involve interception of private communications. However, a ministerial directive provides guidance on the conduct of these activities.

In recent years, three reviews have involved some degree of examination of these activities: a Review of CSEC’s foreign intelligence collection in support of the Royal Canadian Mounted Police (RCMP) (Phase II) (2006); a Review of CSEC’s activities carried out under a (different) ministerial directive (2008); and a Review of CSEC’s support to the Canadian Security Intelligence Service (CSIS) (2008).

In his 2006–2007 Annual Report, the late Commissioner Gonthier questioned whether the foreign signals intelligence part of CSEC’s mandate (part (a) of its mandate) was the appropriate authority in all instances for CSEC to provide support to the RCMP in the pursuit of its domestic criminal investigations. In his 2007–2008 Annual Report, Commissioner Gonthier stated that pending a re-examination of the legal issues raised, no assessment would be made of the lawfulness of CSEC’s activities in support of the RCMP under the foreign signals intelligence part of CSEC’s mandate. He also noted that CSEC’s support to CSIS raised similar issues. Commissioner Gonthier emphasized that although he was in agreement with the advice that the Department of Justice had provided to CSEC, he questioned which part of CSEC’s mandate — part (a) or part (c), the assistance part of CSEC’s mandate — should be used as the proper authority for conducting the activities.

Subsequent to these reviews and statements in the annual reports, the Chief of CSEC suspended these activities. CSEC then made significant changes to related policies, procedures and practices.

Review rationale

These activities involve CSEC’s use and analysis of information about Canadians for foreign intelligence purposes. Specific controls are placed on these activities to ensure compliance with legal, ministerial and policy requirements. Major changes to certain policies, procedures and practices have recently occurred. This was the first review of these activities since the Chief of CSEC allowed their resumption under new policies and procedures.

None of the above proves that CSE has been analyzing Canadians’ call records. But with NSA examining U.S. records, you can bet that CSE at the very least has taken a good, hard look at the possibility of doing the same in Canada. And some of the above certainly suggests that they may have gone well beyond just considering the possibility.

When the question of whether CSE was data mining Canadian call records came up in 2006, CSE was quick to make a perhaps carefully worded denial. This time around, not so much (Mitch Potter & Michelle Shephard, “Canadians not safe from U.S. online surveillance, expert says,” Toronto Star, 7 June 2013):

the Toronto Star contacted CSEC for comment Friday about its own metadata collection program, but received a boilerplate statement stressing that the agency is “prohibited by law from directing its activities at Canadians anywhere in the world or at any person in Canada” and “operates within all Canadian laws.”

“The Communications Security Establishment Canada (CSEC) cannot comment on its methods, operations and capabilities. To do so would undermine CSEC’s ability to carry out its mandate. It would also be inappropriate to comment on the activities or capabilities of our allies,” the statement said.

Which doesn’t prove anything either.

[Update 10 June 2013: But it would appear that this article does prove that metadata monitoring is being done: Colin Freeze, “Data-collection program got green light from MacKay in 2011,” Globe and Mail, 10 June 2013.]

Sunday, June 09, 2013

Find this story at 9 June 2013

Disclosure triggers civil liberties storm as the information-sharing agreement had not been made known to Parliament or the public as accusations raise ethical and legal concerns over direct access to ‘millions’ of web users

A report by GCHQ to Parliament’s Intelligence and Security Committee on the listening agency’s links to a secret US spy programme is due shortly.

The Intelligence and Security Committee (ISC) will receive a report on claims that it received material through the secret Prism scheme “very shortly”, according to chairman Sir Malcolm Rifkind.

“The ISC is aware of the allegations surrounding data obtained by GCHQ via the US Prism programme,” Sir Malcolm said.

“The ISC will be receiving a full report from GCHQ very shortly and will decide what further action needs to be taken as soon as it receives that information.”

This development came after allegations that thousands of Britons could have been spied on by GCHQ under a “chilling” link to a secret American operation covertly collecting data from the world’s largest internet companies.

David Cameron and Theresa May, the Home Secretary, faces cross-party demands to spell out details of links between the electronic eavesdropping centre in Cheltenham and the previously-unknown Prism programme operated by the National Security Agency (NSA).

The disclosure triggered a civil liberties storm as the information-sharing agreement had not been made known to Parliament or the public.

Ms May, who is determined to revive her own “snoopers’ charter” plans to require telecoms companies to collect data about people’s internet habits, will be confronted by MPs over the claims in the Commons on Monday.

Under Prism, American agents were able to glean data, including the contents of emails and web-chats, direct from the servers of major providers including Facebook, Google and Yahoo.

It emerged that some of the information had been passed to GCHQ, raising fears that the agency had been sidestepping the usual legal process for requesting intelligence material about UK nationals. The agency insists it operates within a “strict legal and policy framework”.

According to documents, GCHQ received 197 intelligence reports through the Prism system in the 12 months to May 2012, a rise of 137 per cent on the previous year.

Keith Vaz, the chairman of the Commons home affairs select committee, said he was writing to Ms May to demand an explanation.

He said: “I am astonished by these revelations which could involve the data of thousands of Britons. The most chilling aspect is that ordinary American citizens and potentially British citizens too were apparently unaware that their phone and online interactions could be watched. This seems to be the snooper’s charter by the back door.”

The existence of the Prism programme was revealed by the Washington Post and the Guardian, which obtained a copy of a presentation to NSA agents on the extent of its reach.

Further classified documents released yesterday pointed to the British link, noting that “special programmes exist for GCHQ for focused Prism processing”, suggesting the agency may have been making requests for specific information.

A GCHQ spokesman said: “Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Intelligence and Security Committee.”

A Government spokesman said he would “neither confirm nor deny” the claims about GCHQ and refused to disclose whether the subject was being discussed with the US authorities.

However, the senior Conservative MP, David Davis, said it was difficult to reconcile GCHQ’s statement that it was subject to proper scrutiny with Parliament’s ignorance of the programme.

He said: “In the absence of parliamentary knowledge approval by a secretary of state is a process of authorisation, not a process of holding to account. Since nobody knew it was happening at all there is no possibility of complaint.”

The Liberal Democrat MP Julian Huppert said he would be tabling a series of parliamentary questions about the GCHQ revelations on Monday and would be calling for a Commons statement from Ms May.

He said: “We have to understand exactly what information they have had and what the safeguards are. It’s deeply, deeply alarming.”

The controversy has added to the pressure on Nick Clegg from Liberal Democrats not to allow Ms May to revive the “snooper’s charter” after the Woolwich terrorist attack. Gareth Epps, co-chair the Social Liberal Forum, said: “Instead of Theresa May forcing through expensive and intrusive legislation, there should be statement by the Government on the purpose and scope of data harvesting of British citizens under Prism.”

Concerns about the disclosures were also raised by the Information Commissioner’s Office. A spokesman said: “There are real issues about the extent to which US law enforcement agencies can access personal data of UK and other European citizens. Aspects of US law under which companies can be compelled to provide information to US agencies potentially conflict with European data protection law, including the UK’s own Data Protection Act.”

Nick Pickles of the civil liberties campaign group Big Brother Watch said questions needed to be asked at the “highest levels” to establish whether British citizens had had their privacy breached “without adherence to the proper legal process or any suspicion of wrongdoing”.

James Blessing, chief technology officer of ISP Keycom, and a council member of the Internet Service Providers’ Association, described the leaked document describing the NSA programme as “really quite scary”.

He said: “If, as this document claims, the NSA has direct access to those servers – unfettered, unbroken access – the NSA can see anything anyone in the UK is doing without any safeguards or controls. It’s been shown that if people have unfettered access they have a propensity to go and look, they can’t help themselves and they will go and find things.”

Whitehall sources said established channels had long been used by GCHQ to request information from the US. However, that the UK service had no direct access to Prism or any similar intelligence gathering systems of the NSA. There were no UK personnel present even as part of any exchange programme when the system may have been used, they claimed.

According to US sources what is called telephone “metadata” gathered from the mobile telephone records of customers of Verizon by the NSA was almost certainly been passed on to GCHQ, although what was released remained at the discretion of the Americans.

Nigel Morris, Kim Sengupta, Ian Burrell
Saturday, 8 June 2013

Find this story at 8 June 2013

© independent.co.uk

Exclusive: UK security agency GCHQ gaining information from world’s biggest internet firms through US-run Prism programme

Documents show GCHQ (above) has had access to the NSA’s Prism programme since at least June 2010. Photograph: David Goddard/Getty Images

The UK’s electronic eavesdropping and security agency, GCHQ, has been secretly gathering intelligence from the world’s biggest internet companies through a covertly run operation set up by America’s top spy agency, documents obtained by the Guardian reveal.

The documents show that GCHQ, based in Cheltenham, has had access to the system since at least June 2010, and generated 197 intelligence reports from it last year.

The US-run programme, called Prism, would appear to allow GCHQ to circumvent the formal legal process required to seek personal material such as emails, photos and videos from an internet company based outside the UK.

The use of Prism raises ethical and legal issues about such direct access to potentially millions of internet users, as well as questions about which British ministers knew of the programme.

In a statement to the Guardian, GCHQ, insisted it “takes its obligations under the law very seriously”.

The details of GCHQ’s use of Prism are set out in documents prepared for senior analysts working at America’s National Security Agency, the biggest eavesdropping organisation in the world.

Dated April this year, the papers describe the remarkable scope of a previously undisclosed “snooping” operation which gave the NSA and the FBI easy access to the systems of nine of the world’s biggest internet companies. The group includes Google, Facebook, Microsoft, Apple, Yahoo and Skype.

The documents, which appear in the form of a 41-page PowerPoint presentation, suggest the firms co-operated with the Prism programme. Technology companies denied knowledge of Prism, with Google insisting it “does not have a back door for the government to access private user data”. But the companies acknowledged that they complied with legal orders.

The existence of Prism, though, is not in doubt.

Thanks to changes to US surveillance law introduced under President George W Bush and renewed under Barack Obama in December 2012, Prism was established in December 2007 to provide in-depth surveillance on live communications and stored information about foreigners overseas.

The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.

The documents make clear the NSA has been able to obtain unilaterally both stored communications as well as real-time collection of raw data for the last six years, without the knowledge of users, who would assume their correspondence was private.

The NSA describes Prism as “one of the most valuable, unique and productive accesses” of intelligence, and boasts the service has been made available to spy organisations from other countries, including GCHQ.

It says the British agency generated 197 intelligence reports from Prism in the year to May 2012 – marking a 137% increase in the number of reports generated from the year before. Intelligence reports from GCHQ are normally passed to MI5 and MI6.

The documents underline that “special programmes for GCHQ exist for focused Prism processing”, suggesting the agency has been able to receive material from a bespoke part of the programme to suit British interests.

Unless GCHQ has stopped using Prism, the agency has accessed information from the programme for at least three years. It is not mentioned in the latest report from the Interception of Communications Commissioner Office, which scrutinises the way the UK’s three security agencies use the laws covering the interception and retention of data.

Asked to comment on its use of Prism, GCHQ said it “takes its obligations under the law very seriously. Our work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the intelligence and security committee”.

The agency refused to be drawn on how long it had been using Prism, how many intelligence reports it had gleaned from it, or which ministers knew it was being used.

A GCHQ spokesperson added: “We do not comment on intelligence matters.”

The existence and use of Prism reflects concern within the intelligence community about access it has to material held by internet service providers.

Many of the web giants are based in the US and are beyond the jurisdiction of British laws. Very often, the UK agencies have to go through a formal legal process to request information from service providers.

Because the UK has a mutual legal assistance treaty with America, GCHQ can make an application through the US department of justice, which will make the approach on its behalf.

Though the process is used extensively – almost 3,000 requests were made to Google alone last year – it is time consuming. Prism would appear to give GCHQ a chance to bypass the procedure.

In its statement about Prism, Google said it “cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a back door for the government to access private user data”.

Several senior tech executives insisted they had no knowledge of Prism or of any similar scheme. They said they would never have been involved in such a programme.

“If they are doing this, they are doing it without our knowledge,” one said. An Apple spokesman said it had “never heard” of Prism.

In a statement confirming the existence of Prism, James Clapper, the director of national intelligence in the US, said: “Information collected under this programme is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.”

A senior US administration official said: “The programme is subject to oversight by the foreign intelligence surveillance court, the executive branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimise the acquisition, retention and dissemination of incidentally acquired information about US persons.”

Nick Hopkins
guardian.co.uk, Friday 7 June 2013 14.27 BST

Find this story at 7 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Data on U.S. customers, secretly collected from phone companies, has been shared with British security agencies, writes Eli Lake. Plus, everything you need to know about the NSA Spying Program.

At least one foreign government has gained access to sensitive data collected by the National Security Agency from U.S. telecommunications companies in dragnet court warrants demanding the secret transfer of U.S. customers’ calling records.

The information collected by the NSA, known as “metadata,” does not include the content of the phone calls or the names of the people associated with the accounts. But it does tell the government when calls were made, what numbers were dialed, and the location and duration of those calls. Current and former U.S. intelligence officials familiar with the longstanding program to collect metadata from American telecommunications and Internet companies tell The Daily Beast that, in a few discreet cases, the NSA has shared unedited analysis of these records with its British counterpart, the Government Communications Headquarters (GCHQ).

The Guardian on Friday reported that documents the newspaper obtained showed the GCHQ in 2010 gained access to an NSA metadata collection program known as Prism to secretly tap into the servers of leading internet companies such as Apple and Google. The documents showed the British generated 197 intelligence reports from access to the system in 2012, the Guardian reported.

Late Thursday, James Clapper, the director of national intelligence, issued a statement defending the government’s collection of phone records, which he said protected the privacy of most Americans. For example, Clapper said only specially trained personnel could access the vast database of metadata collected by the government. A secret body known as the Foreign Intelligence Surveillance Court reviews the program every 90 days and only allows the government to query the database “when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization.”

Clapper was responding to an article The Guardian published Wednesday based on a secret court order that demanded Verizon Business Network Services Inc. hand over to the federal government all “metadata” from its customers between April 25 and July 19. On Thursday the chairmen and ranking members of the House and Senate intelligence committees said the program had been in place since 2006, and the court order disclosed by The Guardian was a routine request by the government for the caller records. The Washington Post on Thursday disclosed that the NSA has also run a separate monitoring program to tap directly into the servers of nine U.S. Internet companies to extract information from users, ranging from video and audio files to emails.

With advances in computer science, intelligence services can now mine vast amounts of data collected by telecom companies, Internet service providers, and social-media sites for patterns that can illuminate terrorist networks and help solve crimes. Rep. Mike Rogers, the Republican chairman of the House Permanent Select Committee on Intelligence, told reporters that he knew of one instance where the NSA metadata program thwarted a domestic terrorist attack.

‘Somebody’s gotta go to jail for something!’ Watch these amateur Internet pundits scold the NSA.
These metadata, these intelligence officers say, reside in vast hard drives that belong to the NSA. Analysts there can then take a phone number or email address and uncover suspected terrorists’ associates, find their locations, and even learn clues about their possible targets.

Peter Wood, the CEO of First Base Technologies, a security firm that works closely with British law enforcement in this area, says this kind of “big data” analysis can be useful to federal law enforcement.

“All emails have headers, which are full of information most people don’t see,” Wood says. “It allows law enforcement to trace the root and source of emails—that gives them the provenance of an email. This allows them to determine the physical origin of threats, if they can be sure the source of the email has not, in turn, been compromised itself.” Wood compared the analysis to how commercial Internet companies use similar data to target ads to individuals based on their search patterns.

“The big open question is what happens to this data when it’s collected.”
Sometimes, the analysis of metadata is shared between allied services, current and retired U.S. intelligence officers say. This is particularly true with the GCHQ, Britain’s equivalent of the NSA.

One former senior U.S. intelligence official with knowledge of the program tells The Daily Beast, “My understanding is if the British had a phone number, we might run the number through the database for them and provide them with the results.”

“I do not know of cases where the U.S. government has shared this kind of metadata with the United Kingdom, but I would be surprised if this never happened,” Wood says. “Both countries cooperate very closely on counterterrorism.”

The U.S. and the U.K. have an agreement to share signal intercepts and electronic intelligence through a pact known as the United Kingdom United States of America Agreement. Over the years, the agreement has been expanded to include Australia, Canada, and New Zealand.

U.S. intelligence officials who spoke to The Daily Beast said that British nationals were not permitted to sit at the actual terminals where NSA analysts mine the metadata collected from phone companies and Internet service providers. But British GCHQ has received unredacted analysis of targeted searches, according to these sources.

A spokeswoman for the NSA declined to comment for this article.

“The whole idea of sharing information that could be of value in a terrorism investigation would be a high priority, especially after 9/11,” says James Bamford, the author of three histories of the NSA, including his most recent book, The Shadow Factory. “If the United States feels it got the information legally, which it does in this case, then from all I know the NSA believes it has the authority to pass the intelligence on to intelligence partners.”

Jameel Jaffer, deputy legal director at the American Civil Liberties Union, says he is worried about what becomes of the records collected by the NSA. “The big open question is what happens to this data when it’s collected,” Jaffer says. “Is it shared amongst agencies? Is it used in law-enforcement investigations? Has it been used in prosecutions? And has it been shared with foreign countries—and which foreign countries has it been shared with and under what conditions?”

The Daily Beast
by Eli Lake Jun 7, 2013 4:45 AM EDT

Find this story at 7 June 2013

© 2013 The Newsweek/Daily Beast Company LLC

American telecoms giant Verizon has been handing information about British companies to the US government, putting it on a collision course with UK regulators.
On Verizon’s UK website, the company makes a point of telling customers it will help to defend them against spying by government agencies Photo: AP

The company has found itself at the centre of a major scandal in the US, after it emerged that the National Security Agency (NSA) is collecting the telephone records of millions of customers on an “ongoing, daily basis”, under a top-secret court order issued in April.

The US is also reaching directly into the servers of Facebook, Google and other internet companies to harvest data. The NSA’s classified PRISM programme reportedly allows the government to collect virtually limitless amounts of information from emails, pictures and social media accounts.

Verizon on Thursday battled to prevent a customer backlash by telling them it had no choice in the matter. The Obama administration justified the surveillance, claiming it was a “critical tool in protecting the nation from terrorist threats”.

Two other major American wireless providers, AT&T and Sprint, have also been receiving similar orders, as have credit card companies, sources told the Wall Street Journal.

It is not clear whether Verzion Wireless, the US wireless operator owned by Verizon and Britain’s Vodafone, has received an order. Vodafone, which owns 45pc and has no operational role in the company, had no comment on Friday.
Related Articles
US spy scandal threatens Silicon Valley 11 Jun 2013
US harvests data from Facebook, Google and other web giants 07 Jun 2013
US to declassify secret surveillance documents after uproar 07 Jun 2013
Obama govt secretly collecting US phone records 06 Jun 2013
Analysis: latest leak could devastate Obama 06 Jun 2013
EE to offer shared smartphone and tablet data plans 06 Jun 2013

Verizon’s court order did not just stop at US shores. Washington called for Verizon to hand over all telephone records “for communications between the United States and abroad”, including calls routed via Verizon’s UK subsidiary, based in Reading.

On Verizon’s UK website, the company makes a point of telling customers it will help to defend them against spying by government agencies.

“Whether global or local, [your communications] must be secure because there are many threats to your organisation, from those that want to destroy your reputation and from those that want to take what’s yours,” the company says in a video entitled “2013 data breach”.

“This year’s most talked about threat is espionage… with many [breaches] tracing back to state affiliated culprits, taking months or even years to detect.”

However, the US government’s secret court order instructed Verizon to collect the numbers of the people at either end of each call, information about their location and the time and length of the conversation. It was not asked to record the actual conversations, but it was obliged to hold the information for a minimum of three months.

The Information Commissioner’s Office, the regulator responsible for safeguarding privacy in the UK, is expected to investigate the security breach.

When ordinary customers make calls out of the US, their network will connect them to the UK network they are calling, meaning Verizon has limited information about calls. However, it has comprehensive details about business customers making calls to colleagues across the Atlantic, as their calls are kept within the confines of the same network. Verizon would have pulled the information from its UK servers.

These so-called enterprise systems are theoretically designed to reduce costs and boost security.

Verizon could not be reached for comment.

Unlike the phone tracking programme, where telecom companies are forced to hand over records, PRISM appears to allow the NSA to freely search the tech firms’ networks at any time.

PRISM also allows the government access to the content of online accounts, whereas the phone programme provides data on the time and location of a call but does not tell investigators what was said.

A secret slide show obtained by The Guardian and The Washington Post appear to indicate that the nine companies are willing participants in the programme, beginning with Microsoft in 2007.

However, the Guardian reported that several of the companies claimed to have no knowledge of that their servers were being accessed by the government.

Google said in a statement: “From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”

An Apple spokesman said: “We have never heard of PRISM. We do not provide any government agency with direct access to our servers and any agency requesting customer data must get a court order,” he said.

The scale of the operation is detailed in a 41-page slideshow obtained by the two newspapers, which describes PRISM as the single largest source of NSA data.

By Katherine Rushton, US Business Editor

10:30AM BST 07 Jun 2013

Find this story at 7 June 2013

© Copyright of Telegraph Media Group Limited 2013

Government Tapping CONTENT, Not Just Metadata … Using Bogus “Secret Interpretation” of Patriot Act

We reported in 2008 that foreign companies have had key roles scooping up Americans’ communications for the NSA:

At least two foreign companies play key roles in processing the information.

Specifically, an Israeli company called Narus processes all of the information tapped by AT &T (AT & T taps, and gives to the NSA, copies of all phone calls it processes), and an Israeli company called Verint processes information tapped by Verizon (Verizon also taps, and gives to the NSA, all of its calls).

Business Insider notes today:

The newest information regarding the NSA domestic spying scandal raises an important question: If America’s tech giants didn’t ‘participate knowingly’ in the dragnet of electronic communication, how does the NSA get all of their data?

One theory: the NSA hired two secretive Israeli companies to wiretap the U.S. telecommunications network.

In April 2012 Wired’s James Bamford — author of the book “The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America” — reported that two companies with extensive links to Israel’s intelligence service provided hardware and software the U.S. telecommunications network for the National Security Agency (NSA).

By doing so, this would imply, companies like Facebook and Google don’t have to explicitly provide the NSA with access to their servers because major Internet Service Providers (ISPs) such as AT&T and Verizon already allows the U.S. signals intelligence agency to eavesdrop on all of their data anyway.

From Bamford (emphasis ours):

“According to a former Verizon employee briefed on the program, Verint, owned by Comverse Technology, taps the communication lines at Verizon…

At AT&T the wiretapping rooms are powered by software and hardware from Narus, now owned by Boeing, a discovery made by AT&T whistleblower Mark Klein in 2004.”

Klein, an engineer, discovered the “secret room” at AT&T central office in San Francisco, through which the NSA actively “vacuumed up Internet and phone-call data from ordinary Americans with the cooperation of AT&T” through the wiretapping rooms, emphasizing that “much of the data sent through AT&T to the NSA was purely domestic.”

NSA whistleblower Thomas Drake corroborated Klein’s assertions, testifying that while the NSA is using Israeli-made NARUS hardware to “seize and save all personal electronic communications.”

Both Verint and Narus were founded in Israel in the 1990s.

***

“Anything that comes through (an internet protocol network), we can record,” Steve Bannerman, marketing vice president of Narus, a Mountain View, California company, said. “We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on, we can reconstruct their (voice over internet protocol) calls.”

With a telecom wiretap the NSA only needs companies like Microsoft, Google, and Apple to passively participate while the agency to intercepts, stores, and analyzes their communication data. The indirect nature of the agreement would provide tech giants with plausible deniability.

And having a foreign contractor bug the telecom grid would mean that the NSA gained access to most of the domestic traffic flowing through the U.S. without technically doing it themselves.

This would provide the NSA, whose official mission is to spy on foreign communications, with plausible deniability regarding domestic snooping.

The reason that Business Insider is speculating about the use of private Israeli companies to thwart the law is that 2 high-ranking members of the Senate Intelligence Committee – Senators Wyden and Udall – have long said that the government has adopted a secret interpretation of section 215 of the Patriot Act which would shock Americans, because it provides a breathtakingly wide program of spying.

Last December, top NSA whistleblower William Binney – a 32-year NSA veteran with the title of senior technical director, who headed the agency’s global digital data gathering program (featured in a New York Times documentary, and the source for much of what we know about NSA spying) – said that the government is using a secret interpretation of Section 215 of the Patriot Act which allows the government to obtain:

Any data in any third party, like any commercial data that’s held about U.S. citizens ….

(relevant quote starts at 4:19).

I called Binney to find out what he meant.

I began by asking Binney if Business Insider’s speculation was correct. Specifically, I asked Binney if the government’s secret interpretation of Section 215 of the Patriot Act was that a foreign company – like Narus, for example – could vacuum up information on Americans, and then the NSA would obtain that data under the excuse of spying on foreign entities … i.e. an Israeli company.

Binney replied no … it was broader than that.

Binney explained that the government is taking the position that it can gather and use any information about American citizens living on U.S. soil if it comes from:

Any service provider … any third party … any commercial company – like a telecom or internet service provider, libraries, medical companies – holding data about anyone, any U.S. citizen or anyone else.

I followed up to make sure I understood what Binney was saying, asking whether the government’s secret interpretation of Section 215 of the Patriot Act was that the government could use any information as long as it came from a private company … foreign or domestic. In other words, the government is using the antiquated, bogus legal argument that it was not using its governmental powers (called “acting under color of law” by judges), but that it was private companies just doing their thing (which the government happened to order all of the private companies to collect and fork over).

Binney confirmed that this was correct. This is what the phone company spying program and the Prism program – the government spying on big Internet companies – is based upon. Since all digital communications go through private company networks, websites or other systems, the government just demands that all of the companies turn them over.

Let’s use an analogy to understand how bogus this interpretation of the Patriot Act is. This argument is analogous to a Congressman hiring a hit man to shoot someone asking too many questions, and loaning him his gun to carry out the deed … and then later saying “I didn’t do it, it was that private citizen!” That wouldn’t pass the laugh test even at an unaccredited, web-based law school offered through a porn site.

I then asked the NSA veteran if the government’s claim that it is only spying on metadata – and not content – was correct. We have extensively documented that the government is likely recording content as well. (And the government has previously admitted to “accidentally” collecting more information on Americans than was legal, and then gagged the judges so they couldn’t disclose the nature or extent of the violations.)

Binney said that was not true; the government is gathering everything, including content.

Binney explained – as he has many times before – that the government is storing everything, and creating a searchable database … to be used whenever it wants, for any purpose it wants (even just going after someone it doesn’t like).

Binney said that former FBI counter-terrorism agent Tim Clemente is correct when he says that no digital data is safe (Clemente says that all digital communications are being recorded).

Binney gave me an idea of how powerful Narus recording systems are. There are probably 18 of them around the country, and they can each record 10 gigabytes of data – the equivalent of a million and a quarter emails with 1,000 characters each – per second.

Binney next confirmed the statement of the author of the Patriot Act – Congressman Jim Sensenbrenner – that the NSA spying programs violate the Patriot Act. After all, the Patriot Act is focused on spying on external threats … not on Americans.

Binney asked rhetorically: “How can an American court [FISA or otherwise] tell telecoms to cough up all domestic data?!”

Update: Binney sent the following clarifying email about content collection:

It’s clear to me that they are collecting most e-mail in full plus other text type data on the web.

As for phone calls, I don’t think they would record/transcribe the approximately 3 billion US-to-US calls every day. It’s more likely that they are recording and transcribing calls made by the 500,000 to 1,000,000 targets in the US and the world.

Posted on June 8, 2013 by WashingtonsBlog

Find this story at 8 June 2013

© 2007 – 2013 Washington’s Blog

AT&T’s central office on Folsom Street in San Francisco houses a secret room that allows the National Security Agency to monitor phone and internet traffic, according to former AT&T technician-cum-whistle-blower Mark Klein. View Slideshow

AT&T provided National Security Agency eavesdroppers with full access to its customers’ phone calls, and shunted its customers’ internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center, according to a former AT&T worker cooperating in the Electronic Frontier Foundation’s lawsuit against the company.

Mark Klein, a retired AT&T communications technician, submitted an affidavit in support of the EFF’s lawsuit this week. That class action lawsuit, filed in federal court in San Francisco last January, alleges that AT&T violated federal and state laws by surreptitiously allowing the government to monitor phone and internet communications of AT&T customers without warrants.

On Wednesday, the EFF asked the court to issue an injunction prohibiting AT&T from continuing the alleged wiretapping, and filed a number of documents under seal, including three AT&T documents that purportedly explain how the wiretapping system works.

According to a statement released by Klein’s attorney, an NSA agent showed up at the San Francisco switching center in 2002 to interview a management-level technician for a special job. In January 2003, Klein observed a new room being built adjacent to the room housing AT&T’s #4ESS switching equipment, which is responsible for routing long distance and international calls.

“I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room,” Klein wrote. “The regular technician work force was not allowed in the room.”

Klein’s job eventually included connecting internet circuits to a splitting cabinet that led to the secret room. During the course of that work, he learned from a co-worker that similar cabinets were being installed in other cities, including Seattle, San Jose, Los Angeles and San Diego.

“While doing my job, I learned that fiber optic cables from the secret room were tapping into the Worldnet (AT&T’s internet service) circuits by splitting off a portion of the light signal,” Klein wrote.

The split circuits included traffic from peering links connecting to other internet backbone providers, meaning that AT&T was also diverting traffic routed from its network to or from other domestic and international providers, according to Klein’s statement.

The secret room also included data-mining equipment called a Narus STA 6400, “known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets,” according to Klein’s statement.

Narus, whose website touts AT&T as a client, sells software to help internet service providers and telecoms monitor and manage their networks, look for intrusions, and wiretap phone calls as mandated by federal law.

Klein said he came forward because he does not believe that the Bush administration is being truthful about the extent of its extrajudicial monitoring of Americans’ communications.

“Despite what we are hearing, and considering the public track record of this administration, I simply do not believe their claims that the NSA’s spying program is really limited to foreign communications or is otherwise consistent with the NSA’s charter or with FISA,” Klein’s wrote. “And unlike the controversy over targeted wiretaps of individuals’ phone calls, this potential spying appears to be applied wholesale to all sorts of internet communications of countless citizens.”

After asking for a preview copy of the documents last week, the government did not object to the EFF filing the paper under seal, although the EFF asked the court Wednesday to make the documents public.

One of the documents is titled “Study Group 3, LGX/Splitter Wiring, San Francisco,” and is dated 2002. The others are allegedly a design document instructing technicians how to wire up the taps, and a document that describes the equipment installed in the secret room.

In a letter to the EFF, AT&T objected to the filing of the documents in any manner, saying that they contain sensitive trade secrets and could be “could be used to ‘hack’ into the AT&T network, compromising its integrity.”

According to court rules, AT&T has until Thursday to file a motion to keep the documents sealed. The government could also step in to the case and request that the documents not be made public, or even that the entire lawsuit be barred under the seldom-used State Secrets Privilege.

AT&T spokesman Walt Sharp declined to comment on the allegations, citing a company policy of not commenting on litigation or matters of national security, but did say that “AT&T follows all laws following requests for assistance from government authorities.”

Ryan Singel 04.07.06

Find this story at 4 July 2006

Wired.com © 2013 Condé Nast

Israeli high-tech firms Verint and Narus have had connections with U.S. companies and Israeli intelligence in the past, and ties between the countries’ intelligence agencies remain strong.

Were Israeli companies Verint and Narus the ones that collected information from the U.S. communications network for the National Security Agency?

The question arises amid controversy over revelations that the NSA has been collecting the phone records of hundreds of millions of Americans every day, creating a database through which it can learn whether terror suspects have been in contact with people in the United States. It also was disclosed this week that the NSA has been gathering all Internet usage – audio, video, photographs, emails and searches – from nine major U.S. Internet providers, including Microsoft and Google, in hopes of detecting suspicious behavior that begins overseas.

According to an article in the American technology magazine “Wired” from April 2012, two Israeli companies – which the magazine describes as having close connections to the Israeli security community – conduct bugging and wiretapping for the NSA.

Verint, which took over its parent company Comverse Technology earlier this year, is responsible for tapping the communication lines of the American telephone giant Verizon, according to a past Verizon employee sited by James Bamford in Wired. Neither Verint nor Verizon commented on the matter.

Natus, which was acquired in 2010 by the American company Boeing, supplied the software and hardware used at AT&T wiretapping rooms, according to whistleblower Mark Klein, who revealed the information in 2004. Klein, a past technician at AT&T who filed a suit against the company for spying on its customers, revealed a “secret room” in the company’s San Fransisco office, where the NSA collected data on American citizens’ telephone calls and Internet surfing.

Klein’s claims were reinforced by former NSA employee Thomas Drake who testified that the agency uses a program produced by Narus to save the personal electrical communications of AT&T customers.

Both Verint and Narus have ties to the Israeli intelligence agency and the Israel Defense Forces intelligence-gathering unit 8200. Hanan Gefen, a former commander of the 8200 unit, told Forbes magazine in 2007 that Comverse’s technology, which was formerly the parent company of Verint and merged with it this year, was directly influenced by the technology of 8200. Ori Cohen, one of the founders of Narus, told Fortune magazine in 2001 that his partners had done technology work for the Israeli intelligence.

International intel

The question of whether intelligence communities outside the United States were involved has been raised. According to The Guardian, the Government Communications Headquarters (GCHQ), Britain’s intelligence agency, secretly collected intelligence information from the world’s largest Internet companies via the American program PRISM. According to a top secret document obtained by The Guardian, GCHQ had access to PRISM since 2010 and it used the information to prepare 197 intelligence reports last year. In a statement to the Guardian, GCHQ, said it “takes its obligations under the law very seriously.”

According to The Guardian, details of GCHQ’s use of PRISM are set out in a 41-page PowerPoint presentation prepared for senior NSA analysts, and describe a “snooping” operation that gave the NSA and FBI access to the systems of nine Internet giants, including Google, Facebook, Microsoft, Apple, Yahoo and Skype.

Given the close ties between U.S. and Israeli intelligence, the question arises as to whether Israeli intelligence, including the Mossad, was party to the secret.

Obama stands by spies

At turns defensive and defiant, U.S. President Barack Obama stood by the spy programs revealed this week.

He declared Friday that his country is “going to have to make some choices” balancing privacy and security, launching a vigorous defense of formerly secret programs that sweep up an estimated 3 billion phone calls a day and amass Internet data from U.S. providers in an attempt to thwart terror attacks.

Obama also warned that it will be harder to detect threats against the United States now that the two top-secret tools to target terrorists have been so thoroughly publicized.

“Nobody is listening to your telephone calls,” Obama assured the nation after two days of reports that many found unsettling. What the government is doing, he said, is digesting phone numbers and the durations of calls, seeking links that might “identify potential leads with respect to folks who might engage in terrorism.” If there’s a hit, he said, “if the intelligence community then actually wants to listen to a phone call, they’ve got to go back to a federal judge, just like they would in a criminal investigation.”

Tapping thwarted terror attack

While Obama said the aim of the programs is to make America safe, he offered no specifics about how the surveillance programs have done this. House Intelligence Committee Chairman Mike Rogers, R-Mich., on Thursday said the phone records sweeps had thwarted a domestic terror attack, but he also didn’t offer specifics.

U.S. government sources said on Friday that the attack in question was an Islamist militant plot to bomb the New York City subway system in 2009.

Obama asserted his administration had tightened the phone records collection program since it started in the George W. Bush administration and is auditing the programs to ensure that measures to protect Americans’ privacy are heeded – part of what he called efforts to resist a mindset of “you know, `Trust me, we’re doing the right thing. We know who the bad guys are.'”

But again, he provided no details on how the program was tightened or what the audit is looking at.

Obama: 100% privacy is impossible

The furor this week has divided Congress, and led civil liberties advocates and some constitutional scholars to accuse Obama of crossing a line in the name of rooting out terror threats.

Obama, himself a constitutional lawyer, strove to calm Americans’ fears – but also remind them that Congress and the courts had signed off on the surveillance.

“I think the American people understand that there are some trade-offs involved,” Obama said when questioned by reporters at a health care event in San Jose, California.

“It’s important to recognize that you can’t have 100 percent security and also then have 100 percent privacy and zero inconvenience,” he said. “We’re going to have to make some choices as a society. And what I can say is that in evaluating these programs, they make a difference in our capacity to anticipate and prevent possible terrorist activity.”

Obama said U.S. intelligence officials are looking at phone numbers and lengths of calls – not at people’s names – and not listening in.

The two classified surveillance programs were revealed this week in newspaper reports that showed, for the first time, how deeply the National Security Agency dives into telephone and Internet data to look for security threats. The new details were first reported by The Guardian and The Washington Post, and prompted Director of National Intelligence James Clapper to take the unusual and reluctant step of acknowledging the programs’ existence.

Obama echoed intelligence experts – both inside and outside the government – who predicted that potential attackers will find other, secretive ways to communicate now that they know that their phone and Internet records may be targeted.

By TheMarker, Haaretz, The Associated Press and Reuters | Jun.08, 2013 | 12:41 PM | 17

Find this story at 8 June 2013

© Haaretz Daily Newspaper Ltd.