USIS, one of the US’s largest security providers, admits to carrying out vetting procedures on Aaron Alexis

Aaron Alexis had been arrested three times before the Navy Yard incident, including two suspected offences involving guns. Photograph: Kristi Suthamtewakul/Reuters

Pressure to overhaul vetting procedures for US government contractors grew on Thursday after one of the largest US security providers admitted that it carried out background checks on Navy Yard gunman Aaron Alexis.

USIS, a Virginia-based company owned by private equity group Providence, had previously denied conducting background investigations into Alexis, according to a report by Bloomberg. Alexis had been arrested three times, including two suspected offences involving guns, although he was not charged or convicted. On Thursday USIS issued a statement in response to mounting questions over how Alexis received the “secret” level clearance that allowed him access to military facilities such as Navy Yard. “Today we were informed that in 2007, USIS conducted a background check of Aaron Alexis for OPM,” said a company spokesman in a statement provided to the Guardian. “We are contractually prohibited from retaining case information gathered as part of the background checks we conduct for OPM and therefore are unable to comment further on the nature or scope of this or any other background check.”

USIS, formerly known as US Investigations Services, was also involved in background checks on National Security Agency whistleblower Edward Snowden, but subsequently defended its role. In a statement to the Wall Street Journal last month, the company said the federal government did not raise any concerns at the time about its work in February 2011 on the five-year “periodic reinvestigation” of Snowden. The company said the NSA, not USIS, was ultimately responsible for approving or denying Snowden’s security clearance.

Snowden’s leaks of classified material revealing the extent of the NSA’s surveillance activities in the US and abroad prompted a review of vetting procedures for contractors by the Office of the Director of National Intelligence.

On Tuesday, the White House also announced a separate review by the Office of Management and Budget to examine “standards for contractors and employees across federal agencies”.

Follow Dan Roberts by emailBeta
Dan Roberts in Washington
theguardian.com, Thursday 19 September 2013 23.54 BST

Find this story at 19 September 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

WASHINGTON — The government contractor that performed a background investigation of the man who says he disclosed two National Security Agency surveillance programs is under investigation, a government watchdog said Thursday.

Patrick McFarland, the inspector general at the Office of Personnel Management, said during a Senate hearing that the contractor USIS is being investigated and that the company performed a background investigation of Edward Snowden.

McFarland also told lawmakers that there may have been problems with the way the background check of Snowden was done, but McFarland and one of his assistants declined to say after the hearing what triggered the decision to investigate USIS and whether it involved the company’s check of Snowden.

“To answer that question would require me to talk about an ongoing investigation. That’s against our policy,” Michelle Schmitz, assistant inspector general for investigations, told reporters after the hearing. “We are not going to make any comment at all on the investigation of USIS.”

USIS, which is based in Falls Church, Va., did not immediately respond to a request for comment.

Sen. Claire McCaskill, D-Mo., said she and her staff have been told that the inquiry is a criminal investigation related “to USIS’ systemic failure to adequately conduct investigations under its contract” with the Office of Personnel Management.

McCaskill said that USIS conducted a background investigation in 2011 for Snowden, who worked for government contractor Booz Allen Hamilton. Snowden says he is behind the revelations about the NSA’s collection of Americans’ phone records and Internet data from U.S. Internet companies.

“We are limited in what we can say about this investigation because it is an ongoing criminal matter,” McCaskill said. “But it is a reminder that background investigations can have real consequences for our national security.”

McFarland told reporters that his office has the authority to conduct criminal investigations.

A background investigation is required for federal employees and contractors seeking a security clearance that gives them access to classified information.

Of the 4.9 million people with clearance to access “confidential and secret” government information, 1.1 million, or 21 percent, work for outside contractors, according to a January report from the Office of the Director of National Intelligence. Of the 1.4 million who have the higher “top secret” access, 483,000, or 34 percent, work for contractors.

By RICHARD LARDNER 06/20/13 04:51 PM ET EDT

Find this story at 20 June 2013

© 2013 TheHuffingtonPost.com, Inc.

WASHINGTON—Federal inspectors have been conducting a criminal investigation for more than a year of the company that performed a background check on Edward Snowden, the former systems analyst who leaked some of the nation’s most closely held secrets to the media, U.S. officials said on Thursday.

Federal inspectors have been conducting a criminal investigation for more than a year of the company that performed a background check on Edward Snowden, the former systems analyst who leaked some of the nation’s most closely held secrets to the media. Dion Nissenbaum reports.

USIS, the largest contractor involved in conducting security background checks for the federal government, is being scrutinized over allegations about a “systematic failure to adequately conduct investigations,” Sen. Claire McCaskill (D., Mo.) said during a special congressional hearing. Those allegations aren’t related to Mr. Snowden.

Federal officials confirmed the investigation Thursday and added that there also may have been problems with USIS’s 2011 security background check of Mr. Snowden, 29 years old, who fled to Hong Kong to avoid prosecution for admittedly taking years of classified documents while working as a Booz Allen Hamilton contractor at a National Security Agency office in Hawaii.

Later that year, inspectors at the Office of Personnel Management—which oversees more than 90% of the government’s security background checks—launched the continuing contracting-fraud investigation of USIS.

Patrick McFarland, inspector general for the Office of Personnel Management, said that there appear to have been problems with the USIS investigation of Mr. Snowden in 2011, though he didn’t provide any details. The 2011 background check of Mr. Snowden was a re-investigation for his security clearance.

“We do believe that there may be some problems,” Mr. McFarland said during the hearing.

USIS, a Falls Church, Va., company owned by private-equity firm Providence Equity Partners LLC, has more than 7,000 employees and conducts 45% of OPM investigations done by contractors, officials said. Last year, USIS received $200 million for its work, Ms. McCaskill said.

In a statement, USIS said it turned over records last year in response to a subpoena from the agency’s inspector general, but that it had never been informed it is under criminal investigation. With regards to Mr. Snowden’s security check, the company said it wouldn’t comment on confidential investigations.

The nation’s background-check system has come under renewed scrutiny in the wake of Mr. Snowden’s revelations.

The federal agency spends more than $1 billion a year to conduct 2 million investigations of people seeking security clearances for jobs doing everything from cleaning offices at the State Department to working as covert operatives overseas. Most of that money goes to contractors like USIS.

Of the roughly 2 million investigations in 2012, more than 770,000 involved people requesting new or continued access to classified information.

The system has been plagued by massive backlogs and delays of more than a year for completion of investigations. Current and former investigators have complained the process is antiquated and focuses more on making sure applicants properly fill out a 127-page application form than on thorough background checks.

On Thursday, Mr. McFarland warned that the investigative process is so flawed that it poses a security risk. “There is an alarmingly insufficient level of oversight of the federal investigative-services program,” he told lawmakers. “A lack of independent verification of the organization that conducts these important background investigations is a clear threat to national security,” he said.

One concern for lawmakers is the pressure on contractors to quickly complete cases to bring in more money for their firms.

Since 2007, 18 people have been convicted of falsifying records while conducting background checks, officials said. Eleven of those were federal workers; seven were contractors.

The latest case came Thursday when Ramon Davila, a former Virgin Islands police commissioner who worked as an independent contractor conducting background checks, pleaded guilty to making false statements about his work. Mr. Davila, who worked at one time for USIS, admitted he didn’t conduct a thorough inquiry while working as a contractor for the agency in 2007.

On Thursday, Mr. McFarland said such cases may be the tip of the iceberg. “I believe there may be considerably more,” he told lawmakers. “I don’t believe that we’ve caught it all by any stretch.”

Federal officials were pressed to explain why USIS could continue to conduct sensitive investigations while under criminal investigation.

Formerly a branch of the federal government, U.S. Investigations Services LLC was spun out of the Office of Personnel Management in 1996. It was renamed USIS after it was acquired by private-equity firms Carlyle Group LP and Welsh, Carson, Anderson & Stowe in early 2003 for about $1 billion. Those firms flipped the Falls Church, Va., company to fellow private-equity firm Providence four years later for about $1.5 billion.

Providence, which specializes in buying and selling media, telecom and data companies, has since combined USIS with pre-employment-screening firm HireRight Inc., corporate-investigations firm Kroll Inc. and others under the name Altegrity Inc.

—Ryan Dezember and Evan Perez contributed to this article.
Write to Dion Nissenbaum at dion.nissenbaum@wsj.com

By Dion Nissenbaum
Updated June 21, 2013 3:56 a.m. ET

Find this story at 21 June 2013

Copyright 2013 Dow Jones & Company, Inc. All Rights Reserved

The fallout from Ed Snowden’s leaks has taken many forms, one of which is the NSA taking a long look at its contractors’ hiring processes. Snowden claims to have taken the job solely to gathering damning info. This revelation, combined with some inconsistencies in his educational history, have placed the companies who perform background and credit checks under the microscope.

What these agencies are now discovering can’t be making them happy, including the news that one contractor’s investigative work apparently involved a seance.
Anthony J. Domico, a former contractor hired to check the backgrounds of U.S. government workers, filed a 2006 report with the results of an investigation.

There was just one snag: A person he claimed to have interviewed had been dead for more than a decade. Domico, who had worked for contractors CACI International Inc. (CACI) and Systems Application & Technologies Inc., found himself the subject of a federal probe.
It’s not as if Domico’s case is an anomaly.
Domico is among 20 investigators who have pleaded guilty or have been convicted of falsifying such reports since 2006. Half of them worked for companies such as Altegrity Inc., which performed a background check on national-security contractor Edward Snowden. The cases may represent a fraction of the fabrications in a government vetting process with little oversight, according to lawmakers and U.S. watchdog officials.
Who watches the watchers’ watchers? It appears as if that crucial link in the chain has been ignored. Give any number of people a job to do and, no matter how important that position is, a certain percentage will cut so many corners their cubicles will start resembling spheres.

These are the people entrusted to help ensure our nation’s harvested data remains in safe hands, or at least, less abusive ones. Those defending the NSA claim this data is well-protected and surrounded by safeguards against abuse. Those claims were always a tad hollow, but this information shows them to be complete artifice. The NSA, along with several other government agencies, cannot positively say that they have taken the proper steps vetting their personnel.

USIS, the contractor who vetted Ed Snowden, openly admits there were “shortcomings” in its investigation of the whistleblower. Perhaps Snowden’s background check was a little off, but overall, calling the USIS’ problems “shortcomings” is an understatement.
Among the 10 background-check workers employed by contractors who have been convicted or pleaded guilty to falsifying records since 2006, eight of them had worked for USIS, according to the inspector general for the U.S. Office of Personnel Management. The personnel agency is responsible for about 90 percent of the government’s background checks.

In one case, Kayla M. Smith, a former investigative specialist for USIS, submitted some 1,600 falsified credit reports, according to the inspector general’s office.
Smith spent 18 months turning in these falsified reports, which accounted for a third of her total output. One might wonder how someone like Smith ends up working for a background check contractor. The answer? This problem isn’t confined to one level.
[T]he investigator who had vetted Smith was convicted in a separate falsification case, Patrick McFarland, inspector general for the personnel office, said at a June 20 hearing held by two Senate panel.
Will it get better? USIS is already ceding market share to other contractors but it’s impossible to say whether its competitors will be more trustworthy. McFarland says his office doesn’t have enough funding to perform thorough probes, which indicates what’s been caught so far is just skimming the surface. These agencies harvesting our data (and their defenders) all expect Americans (and others around the world) to simply trust them. Meanwhile, the reasons why we shouldn’t continue to mount unabated.

A couple of senators are hoping their new piece of oversight legislation will fix the problem. It would provide McFarland’s office with more investigation funding, but simply adding more “oversight” isn’t going to make the problem go away. The NSA’s mouthpieces continue to insist that everything it does is subject to tons and tons of “oversight,” but that has done very little to improve its standing in the “trustworthy” department. There are systemic issues that need to be addressed, both in these agencies and the contractors they hire and expecting to paper over the cracks with a little legislation will only result in more revelations of wrongdoing, rather than fewer occurrences.

by Tim Cushing
Wed, Jul 10th 2013 8:49am

Find this story at 10 July 2013

To the growing list of U.S. jobs that require Top Secret clearances add this one: packing and crating.

A June 2 job posting on the website of CACI International Inc. (CACI), a government contractor that works for the Defense Department and intelligence agencies, seeks a full-time “packer/crater” to prepare products such as “chillers, generators, boats and vehicles” for shipping.

The listing says the candidate must have a high-school diploma and hold a Top Secret/Sensitive Compartmented Information clearance, the type held by Edward Snowden, 29, the former National Security Agency contractor who says he passed information about classified electronic surveillance programs to two newspapers.

From packers to computer specialists, the number of U.S. military and intelligence jobs requiring Top Secret clearances has risen since the attacks of Sept. 11, 2001, as the federal government expanded efforts to track and stop terrorists globally. That has made the government more dependent on contractors such as Arlington, Virginia-based CACI to fill many of these roles, and it has increased the workload on investigators who must process security clearances.

“Perhaps the government should take a look at the number of people being granted access to sensitive information” and the security risks of that proliferation, said Robert Burton, a partner at the law firm of Venable LLP in Washington who served as acting administrator of the Office of Federal Procurement Policy in President George W. Bush’s administration.
About 1.4 Million

About 1.4 million Americans held Top Secret clearances as of October, including about 483,000 who worked for contractors, according to data from the Office of the Director of National Intelligence. Packer/Crater is listed among occupational specialties on the Central Intelligence Agency’s jobs website, which says the job pays $23.94 an hour and requires a polygraph examination.

Access to Sensitive Compartmented Information, or SCI, is limited to those cleared for specific Top Secret programs or information.

Among those with Top Secret clearances was Snowden, who had been working as a computer technician for government contractor Booz Allen Hamilton Holding Corp. (BAH) for less than three months after previously holding a position with the CIA. Booz Allen said yesterday it had fired Snowden, who it said had a salary of $122,000 a year, for “violations of the firm’s code of ethics and firm policy.”

For Booz Allen, based in McLean, Virginia, almost a quarter of annual revenue comes from work for intelligence agencies, according to its annual regulatory filing. About 27 percent of its employees held Top Secret/Sensitive Compartmented Information clearances, according to the company.
Lockheed, SAIC

The company, which reported sales for the year ending March 31 of $5.76 billion, was acquired in 2008 by the Washington-based private-equity firm Carlyle Group LP, which still holds 67 percent of the company, according to data compiled by Bloomberg.

Booz Allen, the 13th-largest federal contractor, competes with Lockheed Martin Corp. (LMT), SAIC Inc. (SAI), CACI and other companies for U.S. intelligence contracts.

Jobs seeking candidates with Top Secret clearances are among the five most-advertised requirements in the U.S., according to Wanted Technologies, a Quebec City-based company that collects and analyzes job ads.

While postings for Top Secret jobs declined about 23 percent in March from a year earlier, there were still 20,000 such ads posted online, according to “Hiring Demand Indicators” published in April by Wanted Technologies. All of the top five job categories were related to computer technologies.
Security Clearances

Government agencies must turn to contractors for almost a half-million workers with Top Secret clearances because agencies can’t meet their needs for such “highly prized” workers from within, said Stan Soloway, president and chief executive officer of the Professional Services Council, an Arlington, Virginia-based group that represents contractors such as SAIC and CACI.

The danger of leaks isn’t exacerbated by having workers for contractors holding Top Secret clearances, Soloway said.

“You’d still have an overwhelming number of people” working in this area, even if the government was hiring federal workers rather than contractors, Soloway said. “The sheer growth in the intel community increased the potential for leaks.”
Background Investigations

The demand for workers with security clearances has grown so much that many of the background investigations that once were done by the Federal Bureau of Investigation and the Office of Personnel Management are now farmed out to contractors as well, said Charles Tiefer, a University of Baltimore law professor and former member of the U.S. Commission on Wartime Contracting.

“You couldn’t fill a need as large as it is today if you still depended on the FBI to do field work on every job applicant for a clearance in the government or as a government contractor,” Tiefer said. “So many clearances are being granted that they are doing it by having contractors process the clearances.”

The boost in jobs requiring Top Secret clearances has another effect too: It costs money.

The U.S. Government Accountability Office said in a July 2012 report that the Director of National Intelligence hadn’t provided other government agencies with a clear policy and instructions for determining which civilian jobs needed that clearance.
‘Investigative Workload’

“Developing a sound requirements process is important because requests for clearances for positions that do not need a clearance or need a lower level of clearance increase investigative workload and costs unnecessarily,” according to the GAO report.

To issue a Top Secret clearance, the government or a designated contractor conducts a Single Scope Background Investigation, which includes a review of everywhere an individual has lived, attended school and worked, according to the GAO. Investigators also interview four references who have social knowledge of the individual, talk to former spouses and conduct a check of financial records. Top Secret clearances must be renewed every five years. Some also require a polygraph examination.

The U.S. spent $1 billion in 2011 to conduct background investigations for a variety of classifications, the GAO said.

In 2012, each investigation to issue a new Top Secret clearance costs about $4,000 with a renewal cost of $2,711, compared with the base price of $260 for a more routine Secret clearance, according to the GAO.

“A lot of security reform efforts have been focused on other aspects” of how intelligence agencies work, Brenda Farrell, author the GAO report said in a phone interview. “This one definitely needs attention.”

To contact the reporters on this story: Gopal Ratnam in Washington at gratnam1@bloomberg.net; Danielle Ivory in Washington at divory@bloomberg.net

To contact the editors responsible for this story: Stephanie Stoughton at sstoughton@bloomberg.net; John Walcott at jwalcott9@bloomberg.net

By Gopal Ratnam and Danielle Ivory – Jun 12, 2013

Find this story at 12 June 2013

®2013 BLOOMBERG L.P.

WASHINGTON — Just as Edward J. Snowden was preparing to leave Geneva and a job as a C.I.A. technician in 2009, his supervisor wrote a derogatory report in his personnel file, noting a distinct change in the young man’s behavior and work habits, as well as a troubling suspicion.

The C.I.A. suspected that Mr. Snowden was trying to break into classified computer files to which he was not authorized to have access, and decided to send him home, according to two senior American officials.

But the red flags went unheeded. Mr. Snowden left the C.I.A. to become a contractor for the National Security Agency, and four years later he leaked thousands of classified documents. The supervisor’s cautionary note and the C.I.A.’s suspicions apparently were not forwarded to the N.S.A. or its contractors, and surfaced only after federal investigators began scrutinizing Mr. Snowden’s record once the documents began spilling out, intelligence and law enforcement officials said.

“It slipped through the cracks,” one veteran law enforcement official said of the report.

Spokesmen for the C.I.A., N.S.A. and F.B.I. all declined to comment on the precise nature of the warning and why it was not forwarded, citing the investigation into Mr. Snowden’s activities.

Half a dozen law enforcement, intelligence and Congressional officials with direct knowledge of the supervisor’s report were contacted for this article. All of the officials agreed to speak on the condition of anonymity because of the continuing criminal investigation.

In hindsight, officials said, the report by the C.I.A. supervisor and the agency’s suspicions might have been the first serious warnings of the disclosures to come, and the biggest missed opportunity to review Mr. Snowden’s top-secret clearance or at least put his future work at the N.S.A. under much greater scrutiny.

“The weakness of the system was if derogatory information came in, he could still keep his security clearance and move to another job, and the information wasn’t passed on,” said a Republican lawmaker who has been briefed on Mr. Snowden’s activities.

Mr. Snowden now lives in Moscow, where he surfaced this week for the first time since receiving temporary asylum from the Russian government over the summer. On Wednesday night, he met with four American whistle-blowers who have championed his case in the United States and who presented him with an award they said was given annually by a group of retired C.I.A. officers to members of the intelligence community “who exhibit integrity in intelligence.”

In a television interview, one member of the group, Jesselyn Radack, a former Justice Department official, said that Mr. Snowden “looked great.”

“He seemed very centered and brilliant,” Ms. Radack said. “Smart, funny, very engaged. I thought he looked very well.”

Another of the whistle-blowers, Coleen Rowley, a former F.B.I. agent who testified before the Senate about missteps in the agency’s investigation of the Sept. 11, 2001, attacks, said, “We talked about prior examples of great people in history that had themselves been under this kind of pressure, and he’s remarkably centered.”

On Thursday, Mr. Snowden’s father, Lon, arrived in Moscow to see his son after assurances from Mr. Snowden’s legal aide that there would be “no complications” in organizing a meeting with his father. But in a telephone interview later in the day, Lon Snowden said he had not yet been able to meet with his son.

“I can’t tell you the where and the when,” the elder Mr. Snowden said. “I have no idea. I hope something happens.”

It is difficult to tell what would have happened had N.S.A. supervisors been made aware of the warning the C.I.A. issued Mr. Snowden in what is called a “derog” in federal personnel policy parlance.

“The spectrum of things in your personnel file could be A to Z,” said Charles B. Sowell, who until June was a top official in the Office of the Director of National Intelligence working on improving the security clearance process. “There’s a chance that that information could be missed and might not be surfaced.”

Mr. Sowell, now a senior vice president at Salient Federal Solutions, an information technology company in Fairfax, Va., emphasized that he left the government before Mr. Snowden’s disclosures became public.

Intelligence and law enforcement officials say the report could have affected the assignments Mr. Snowden was given, first as an N.S.A. contractor with the computer company Dell in Japan and later with Booz Allen Hamilton in Hawaii, as well as the level of supervision he received.

The electronic systems the C.I.A. and N.S.A. use to manage the security clearances for its full-time and contracted employees are intended to track major rule-based infractions, not less serious complaints about personal behavior, a senior law enforcement official said. Thus, lesser derogatory information about Mr. Snowden was unlikely to have been given to the N.S.A. unless it was specifically requested. As a result of Mr. Snowden’s case, two law enforcement officials said, that flaw has since been corrected and such information is now being pushed forward.

The revelation of the C.I.A.’s derogatory report comes as Congress is examining the process of granting security clearances, particularly by USIS, a company that has performed 700,000 yearly security checks for the government. Among the individuals the company vetted were Mr. Snowden and Aaron Alexis, who the police say shot and killed 12 people at the Washington Navy Yard last month.

“We have a compelling need to monitor those trusted with this sensitive information on a more regular basis and with broader sets of data,” said Kathy Pherson, a former C.I.A. security officer who belongs to an intelligence industry task force that is expected to issue a report on the matter by year’s end.

While it is unclear what exactly the supervisor’s negative report said, it coincides with a period of Mr. Snowden’s life in 2009 when he was a prolific online commenter on government and security issues, complained about civil surveillance and, according to a friend, was suffering “a crisis of conscience.”

Mr. Snowden got an information technology job at the C.I.A. in mid-2006. Despite his lack of formal credentials, he gained a top-secret clearance and a choice job under State Department cover in Geneva. Little is known about what his duties were there.

Mavanee Anderson, who worked with Mr. Snowden in Geneva and also had a high security clearance, said in an article in The Chattanooga Times Free Press of Tennessee in June that when they worked from 2007 through early 2009, Mr. Snowden “was already experiencing a crisis of conscience of sorts.”

“Anyone smart enough to be involved in the type of work he does, who is privy to the type of information to which he was privy, will have at least moments like these,” she said.

Later, Mr. Snowden would tell the newspaper The Guardian that he was shocked and saddened by some of the techniques C.I.A. operatives in Geneva used to recruit sources. “Much of what I saw in Geneva really disillusioned me about how my government functions and what its impact is in the world,” he told The Guardian. “I realized that I was part of something that was doing far more harm than good.”

There were other signs that have since drawn investigators’ attention. In early 2009, someone using Mr. Snowden’s screen name expressed outrage at government officials who leaked information to the news media, telling a friend in an Internet chat that leakers “should be shot.”

“They’re just like WikiLeaks,” Mr. Snowden — or someone identified as him from his screen name, “TheTrueHOOHA,” and other details — wrote in January 2009 about an article in The New York Times on secret exchanges between Israel and the United States about Iran’s nuclear program.

He later told The Guardian he was disappointed that President Obama “advanced the very policies that I thought would be reined in.”

“I got hardened,” he said.

Michael S. Schmidt contributed reporting from Washington, and Andrew Roth from Moscow.

October 10, 2013
By ERIC SCHMITT

Find this story at 10 October 2013

© 2013 The New York Times Company

WASHINGTON (Reuters) – The U.S. National Security Agency failed to install the most up-to-date anti-leak software at a site in Hawaii before contractor Edward Snowden went to work there and downloaded tens of thousands of highly classified documents, current and former U.S. officials told Reuters.

Well before Snowden joined Booz Allen Hamilton last spring and was assigned to the NSA site as a systems administrator, other U.S. government facilities had begun to install software designed to spot attempts by unauthorized people to access or download data.

The purpose of the software, which in the NSA’s case is made by a division of Raytheon Co, is to block so-called “insider threats” – a response to an order by President Barack Obama to tighten up access controls for classified information in the wake of the leak of hundreds of thousands of Pentagon and State Department documents by an Army private to WikiLeaks website in 2010.

The main reason the software had not been installed at the NSA’s Hawaii facility by the time Snowden took up his assignment there was that it had insufficient bandwidth to comfortably install it and ensure its effective operation, according to one of the officials.

Due to the bandwidth issue, intelligence agencies in general moved more slowly than non-spy government units, including the Defense Department, to install anti-leak software, officials said.

NBC News reported earlier this year that Snowden, who has been charged with espionage but was granted asylum in Russia, took advantage of antiquated security systems to rummage through the NSA’s computer systems but details of the lapses in Hawaii have not previously been reported.

A spokeswoman for the NSA declined to discuss details of the agency’s schedule for installing anti-leak software in Hawaii. She said the agency has had to speed up its efforts to tighten security in the wake of Snowden’s disclosures.

“We open our facilities only after we have met all of the necessary regulatory, statutory, and infrastructure requirements,” the spokeswoman said. “NSA has a very large, diverse and complex IT infrastructure across our global enterprise, and many features of that infrastructure evolve over time as new capabilities are developed, refined, and deployed.”

She added: “NSA and the Intelligence Community at large have been moving forward with IT efficiency initiatives for several years. … The unauthorized disclosures have naturally compelled NSA and the rest of the IC to accelerate the timeline.”

Raytheon had no immediate comment.

INSIDER THREAT

In December 2010, the White House created a task force, headed by a former senior intelligence officer, to develop plans and systems to tighten access controls for classified information.

One of the specific initiatives announced by the White House for spy agencies was the installation of a program described as “Enhanced Automated, On-Line Audit Capability: Systems will monitor user activity on all IC classified computer systems to detect unusual behavior.”

The NSA Hawaii facility, known as a Remote Operations Center, opened in January 2012, replacing an older site located in a nearby World War II-era facility. The facility is focused on intercepting communications from Asia, and the Washington Post has reported that it also is involved in operations in cyberspace such as mapping adversaries’ computer networks and implanting electronic beacons.

Snowden was assigned by Booz Allen Hamilton to the Hawaii facility in late March or early April 2013, after first attending training sessions near NSA’s Maryland headquarters.

He was only there for a few weeks before he told his employers that he needed time off because of health problems. Snowden then disappeared and turned up several weeks later in Hong Kong. There, he gave a TV interview and a trove of secrets from the NSA and its British counterpart, Government Communications Headquarters, to writer Glenn Greenwald, filmmaker Laura Poitras, and journalists from Britain’s Guardian newspaper.

Reuters reported in August that Snowden began downloading documents describing the U.S. government’s electronic spying on an earlier job working for Dell Inc in April 2012.

One official said Congressional oversight committees had repeatedly expressed concerns to the administration that agencies across the government, including spy units, had moved too slowly to install updated security software.

Another official said that U.S. agencies were still not positive they knew the details of all the material which Snowden had downloaded and turned over to journalists.

(Editing by Tiffany Wu and Grant McCool)

Fri, Oct 18 2013

By Mark Hosenball and Warren Strobel

Find this story at 18 October 2013

© Thomson Reuters 2011.

Hoe duurzaam koopt de overheid in? (Met wie werkt ze dus samen?)

In nota’s stelt de overheid een actief inkoopbeleid voor te staan van duurzaam geproduceerde producten voor haar ambtenaren, alsmede de aanstelling van extern adhoc-personeel gebonden aan sociale voorwaarden. Mooie woorden, maar de praktijk is echter weerbarstig, zo blijkt.

Op de website Helpdesk Duurzaam Inkopen http://helpdeskduurzaaminkopen.nlvan de bedrijven consultancy DHV en Significant (bekend van het onderzoek naar de Wet op de Uitgebreide identificatieplicht) wordt de film An Inconvenient Truth van Al Gore genoemd als aanjager van het duurzaamheidsdebat. Dagblad Trouw kopte op 28 februari 2007 ‘Al Gore is hypocriet’. In het artikel wordt het energiegebruik van de voormalig vicepresident van de VS vergeleken met dat van een doorsnee huishouden in de staat Tenessee. Gore gebruikte toen veertien keer zoveel energie als een gemiddelde Amerikaan.

Het voorbeeld van Gore geeft aan dat het duurzaamheidsdebat niet eenvoudig verloopt. Daarbij gaat het niet om de boodschap – er vindt klimaatverandering plaats – maar om de definitie, de controle en het toezicht. Is die controle en toezicht wel mogelijk als er geen transparantie is? Wimpelt de overheid haar verantwoordelijkheid ten aanzien van haar eigen inkopen niet af op bedrijven, NGO’s, ketens en uiteindelijk de werknemers die de producten en diensten verzorgen voor die overheid? En weten we eigenlijk wel met wie de overheid samenwerkt (DHV, Significant?) of wordt dat ook overgelaten aan de markt?

Duurzaam inkopen

De duurzaamheidsgedachte heeft sinds enkele jaren postgevat binnen het inkoopbeleid van de Nederlandse overheid, het zogenaamde duurzaam inkopen. De website van de twee consultancy bedrijven is daar dan ook op gericht. De overheid is een grote consument en betrekt allerlei goederen en diensten van het bedrijfsleven. Vanuit de milieulobby, maar ook de derde wereld beweging, is jarenlang druk uitgeoefend om de overheid te bewegen zelf het goede voorbeeld te geven. Bij duurzaamheid gaat het zowel om milieu-aspecten als om sociale aspecten. Denk aan het ondersteunen van de fiets en de trein in het kader van het woon-werkverkeer en de Max Havelaar koffie in de kantine.

Duurzaam inkopen, zoals het door de overheid wordt genoemd, vindt zijn oorsprong in de Nota Milieu en Economie uit 1997. Er volgden allerlei andere nota’s, rapporten, initiatieven, pilots en targets. De Monitor Duurzaam Inkopen 2010 meldt vervolgens trots dat de doelen voor dat jaar ruimschoots bereikt zijn: ‘Het Rijk heeft 99.8 procent duurzame inkopen gerealiseerd (doelstelling 100 procent), Provincies 96 procent (doelstelling 50 procent), waterschappen 85 procent, gemeenten 87-90 procent (doelstelling 75 procent), universiteiten 80 procent, hogescholen 95 procent en het middelbaar beroepsonderwijs 75 procent.

Indrukwekkende cijfers en geslaagd beleid zou je zeggen. Een rapport van KPMG uit 2010 voor het toenmalig ministerie van Infrastructuur en Milieu concludeert dat de inkoop van de schoonmaak bij de overheid 100 procent duurzaam is (Monitor Duurzaam Inkopen 2010 Resultaten monitoringonderzoek duurzaam inkopen 2010 KPMG juni 2010).

Nu is met betrekking tot het milieu de inkoop nog redelijk te volgen. De kantinebeheerder gebruikt alleen biologische producten, de minister fietst tussen werk en privé, de dienstauto is een hybride en er wordt geen chloor gebruikt in het toilet op het ministerie van Veiligheid en Justitie.

Bij de sociale aspecten is het echter een stuk lastiger. Hanteert het ingehuurde schoonmaakbedrijf wel de ‘fundamentele’ fatsoensnormen, en wat zijn die? Krijgen mensen wel een redelijk loon naar arbeid? En wie controleert eigenlijk of aan die sociale voorwaarden van het duurzaam inkopen is voldaan? De recente stakingsacties van de schoonmakers bij de ministeries van Sociale Zaken en Buitenlandse Zaken maakt duidelijk dat de prachtige percentages in de monitor van 2010 niet veel zeggen over de kwaliteit van de duurzaamheid en ook vragen oproepen over de controle op de inkopen.

Klein inkoopbeleid

De overheid ziet natuurlijk in dat een solide beleid dat niet één-twee-drie te organiseren valt. Men geeft aan dat het duurzame inkoopbeleid alleen geldt voor ‘alle EU-aanbestedingen en openbare nationale aanbestedingen en meervoudig onderhandse offerteaanvragen groter dan € 50.000 (exclusief BTW)’. (Website PIANOo, Expertisecentrum Aanbesteden van het ministerie van Economische Zaken, Infrastructuur en Innovatie). De kleinere inkopen behoeven in principe niet duurzaam te zijn. Bij de aanschaf van bureaustoelen bijvoorbeeld bij een waarde hoger dan € 50.000 kan de duurzaamheid van het product zelfs redelijk precies worden geformuleerd.

De rijksoverheid schrijft dat bij ‘de belangrijkste milieuaspecten, de volledige levensloop van het product of de dienst in beschouwing wordt genomen.’ Hierbij gaat het om de kwaliteit en de afkomst van de materialen waarvan de stoel is gemaakt, hoe lang deze mee gaat. Een stoel van gerecycled plastic uit Nederland is duurzamer dan een stoel van hard hout afkomstig uit het Amazone gebied in Brazilië.

Hoe zit het echter met de mobiele telefoons die de overheid aanschaft? In veel smartphones en andere telecommunicatie materialen zijn zeldzame (edel)metalen verwerkt en meestal niet gerecycled. De overheid zal geen tweede hands apparatuur via Marktplaats aanschaffen. En die metalen komen meestal uit conflictgebieden zoals de documentaire Blood in my mobile ons laat zien. In die documentaire gaat het overigens vooral om Nokia telefoons.

De exacte afkomst van materialen is ook vaak lastig te bepalen. Apple zal bijvoorbeeld aangeven dat de metalen uit de iphones zijn betrokken van allerlei tussenhandelaren. Ook schermen bedrijven vaak met de term bedrijfsgeheim. Het Green Public Procurement Mobile Phones Technical Background Report van de Europese Unie, DG-Environment by Forum for the Future/BRE 2011, stelt echter dat bedrijven die willen meedingen bij een aanbesteding het eigen beleid ten aanzien van metalen uit Congo moeten openbaren. ‘Asking bidders to disclose their policies on sourcing from the Democratic Republic of the Congo (DRC) has been included in the criteria based on industry evidence and recent developments in U.S. Law’.

Hoe betrouwbaar is echter de mededeling van Nokia dat ze geen Coltan, columbite-tantalite, uit Congo gebruiken? En wie gaat het controleren? Het beleid rond duurzaam inkopen van de overheid wil die tekortkomingen opvangen door bedrijven te wijzen op hun keten-aansprakelijkheid. Bij de keten gaat het om het gehele traject van ruwe materialen tot de afnemer. Keten-aansprakelijk is er op gericht om ‘verbeteringen in de keten’ aan te brengen doordat bedrijven en instellingen controle en toezicht uitvoeren.

De controle en het toezicht op de ruwe materialen van producten betreft het niet alleen conflictgebieden. Met ijzer toegepast in een bureaustoel lijkt niet veel aan de hand, maar als de ijzerertsmijn al het water onttrekt aan de regio kan het voor boeren en bewoners in de omgeving van een mijn vreselijke gevolgen hebben. Hoe is dat goed te controleren en wie houdt daar toezicht op? Is na te gaan welk ijzererts de basis is geweest voor het ijzer in de stoel?

Keten-aansprakelijkheid

In de communicatie rondom duurzaam inkopen lijkt het zwaartepunt dan ook te liggen op energiezuinigheid en de afvalverwerking van bijvoorbeeld stoelen, computers en gebouwen. Tussen de bestaande ketens die het ministerie opsomt in het kader van de keten-aansprakelijkheid bevinden zich op dit moment nog geen ketens die verantwoordelijk zijn voor kantoormeubilair, elektronica en gebouwen.

Bij keten-aansprakelijkheid gaat het niet alleen om de milieuaspecten van de goederen en diensten. Vooral bij de sociale voorwaarden wordt de keten gezien als een belangrijke promotor van duurzaamheid. Agentschap NL van het ministerie van Economische Zaken, Landbouw en Innovatie (ministerie van ELI) vermeldt: ‘Voor inkopers is niet makkelijk na te gaan of er ergens in de productieketen kinderarbeid is verricht of medewerkers voor een hongerloon hebben gewerkt’. Die kinderarbeid is meestal iets dat plaatsvindt in landen als China en India, weggestopt op het platteland of in een miljoenenstad.

Apple bijvoorbeeld ligt onder vuur vanwege arbeidsomstandigheden bij haar Chinese toeleveranciers van iphones. Eind 2011 waren de slechte omstandigheden in de fabrieken waar onderdelen van Apple worden gemaakt in het nieuws naar aanleiding van een golf van zelfmoorden onder arbeiders. In een markt waar de marges klein zijn, zullen de andere producenten echter niet veel beter presteren. Apple had de pech dat enkele werknemers de stilte verbraken.

Het voorbeeld van Apple maakt duidelijk dat misstanden niet eenvoudig zijn op te sporen, misschien zelfs niet voor het bedrijf zelf. Apple zegt dat zij het toezicht op de fabrieken zal verscherpen, maar of dat voldoende is, is onduidelijk. Het Agentschap NL geeft daarom aan dat het voor de inkoper lastig is, zeker als bij de keten allerlei bedrijven of productielijnen in het buitenland betrokken zijn.

De recente protesten van de schoonmakers maken duidelijk dat het duurzame inkopen wat betreft sociale voorwaarden zelfs op lokaal niveau geen sinecure is. Bij die voorwaarden wordt in een folder van het ministerie van ELI verwezen naar ‘fundamentele normen in de verdragen van Internationale Arbeidsorganisatie en de normen in de Universele Verklaring van de Rechten van de Mens (UVRM)’. Een deel van de algemene normen is afkomstig van conventies van de Internationale Arbeidsorganisatie (ILO), zoals de afschaffing van dwangarbeid en slavernij, de vrijwaring van discriminatie op het werk en in beroep, de afschaffing van kinderarbeid, de vrijheid van vakvereniging en recht op collectief onderhandelen.

Een ander deel betreft de mensenrechten uit het UVRM, uitgewerkt in bindende verdragen als het BuPo en Esocul. De overheid heeft ten aanzien van duurzaam inkopen deze algemene normen nog eens aangescherpt met aanvullende normen. Er kan eigenlijk niets fout gaan met dat inkoopbeleid, zou je denken. Met zoveel indrukwekkende normen zal niet het eerste de beste schoonmaakbedrijf aan de slag gaan op het ministerie van Sociale Zaken. De praktijk is weerbarstig, zoals blijkt.

Controle beperkt

Natuurlijk is de controle voor de overheid beperkt, misschien zelfs onmogelijk, zoals het Agentschap NL over de taak van de inkoper schrijft, maar wat valt er dan nog duurzaam in te kopen? In het beleid nemen de keten-initiatieven een centrale rol in. Bedrijven kunnen zich bij deze initiatieven aansluiten. De initiatieven ‘zijn organisaties waarin verschillende partijen samenwerken om zicht te krijgen op de productieketen en om te beïnvloeden dat er betere sociale voorwaarden in de keten komen’.

In de communicatie over Duurzaam inkopen worden de volgende keten-initiatieven opgesomd: ‘Fair Flowers Fair Plants (FFP) voor bloemen en planten, Fair Wear Foundation voor kleding, Max Havelaar voor voedingsmiddelen, bloemen, katoen, cosmetica en verzorging, Union for Ethical BioTrade voor voedsel, cosmetica, farmacie, decoratie UTZ Certified voor koffie, thee, cacao, palmolie en Social Accountability International voor alles.’

Bij de verschillende initiatieven lijken zowel consumenten als producenten vertegenwoordigd, maar wie verricht de controle in de fabrieken? Het voorbeeld van Apple laat zien dat sociale normen, controle en toezicht op papier nog niets zeggen over de daadwerkelijke omstandigheden en eventuele verbeteringen. Belangen van producenten en consumenten liggen soms heel ver uit elkaar.

Het ministerie geeft dit in een folder ook aan: ‘De criteria voor duurzaam inkopen adresseren sociale aspecten en milieu-aspecten. Tegelijkertijd moet voorkomen worden dat de criteria een negatieve invloed hebben op het ‘profit’-aspect. De toepassing van de criteria dient daarom over het geheel genomen niet te leiden tot substantiële meerkosten’, vermeldt het Toetsingskader criteria duurzaam inkopen van 1 juni 2010.

‘Substantiële meerkosten’ is een rekbaar begrip. De overheid wil zelf ook voor een dubbeltje op de eerste rij zitten. Bij de aanbesteding van de schoonmaak van de toiletten zal de goedkoopste aanbieder toch eerder gekozen worden dan de dure aanbieder die zijn werknemers een respectvol salaris betaalt. De folder van het ministerie uit juni 2010 vermeldt daarom dat bij de ‘milieugerelateerde criteria gebruik wordt gemaakt van bestaande kennis bij inkopers, bedrijven, NGO’s, brancheorganisaties, kennisinstituten en recente onderzoeken’.

Het keten-initiatief Fair Flowers Fair Plants (FFP) geeft aan dat ‘FFP-bloemen en planten een traject volgen van producent tot aan het verkooppunt. Elke schakel in de keten moet lid zijn van Fair Flowers Fair Plants en moet bewijzen dat het om FFP producten gaat.’ Bij de controles wordt gelet op milieu-eisen (gewasbeschermingsmiddelen, meststoffen, energie, water en afval) en sociale eisen (veiligheid, gezondheid en arbeidsomstandigheden).

Bij controles zijn feitelijke omstandigheden makkelijker vast te stellen da ‘menselijke factoren’. Is de vakbond ook daadwerkelijk een vakbond van de werknemers zelf of heeft het bedrijf de bond opgezet om bij de keten te horen? Over milieu-criteria is het ministerie van ELI helder: ‘Voor de milieu gerelateerde criteria wordt gebruik gemaakt van bestaande kennis bij inkopers, bedrijven, NGO’s, brancheorganisaties, kennisinstituten en recente onderzoeken.’ De sociale criteria zijn niet geformuleerd omdat de ‘contouren van de sociale criteria thans nog worden uitgewerkt tot criteria die bij het inkopen kunnen worden gebruikt

Sociale voorwaarden

De overheid erkent de problemen met betrekking tot de sociale voorwaarden en daarom is onder het kopje ‘duurzaamheid: people, planet, profit’ een ‘redelijke inspanning’ geformuleerd: ‘Omdat het moeilijk is alles wat in de keten gebeurt te kennen, vraagt de overheid een inspanningsverplichting van de leverancier en geen resultaatsverplichting.’ Zodra Apple kan aangeven dat zij de fabrieken écht regelmatig bezoekt dan kan de iphone nog voor duurzaam doorgaan, ondanks de slechte arbeidsomstandigheden.

Bij de inspanning gaat het om ‘de grootte van de opdracht, de frequentie van de relatie met toeleveranciers, de machtsverhoudingen tussen partijen in de keten, de kenbaarheid van de situatie in de keten.’ Het schoonmaakbedrijf dat zijn werknemers slecht behandelt en betaalt kan ook voor duurzaam doorgaan door te verwijzen naar de ‘machtsverhoudingen tussen partijen in de keten.’ Het probeert de sociale voorwaarden na te komen, maar slaagt daar duidelijk niet in omdat de werknemers uit onvrede de straat op gaan.

Het is voor de ambtenaar die een duurzame mobiele telefoon of bureaustoel wil aanschaffen, dan wel schoonmakers wil aanstellen bepaald geen eenvoudige klus. Hij kan alles aan de markt over laten en hopen dat de keten-initiatieven verbeteringen in de sociale voorwaarden teweeg zullen brengen, maar het kan ook mis gaan. De toiletten worden vervolgens niet meer schoon gemaakt, de stoelen gaan na drie jaar in plaats van vijf jaar stuk en in de telefoon zit tóch Coltan verwerkt volgens een documentairemaker.

Inspanningsverplichting, ketenaansprakelijkheid… uiteindelijk gaat het om onderzoek die misstanden aan het licht brengt, zoals in het geval van Apple. Onderzoek door journalisten of niet gouvernementele organisaties. Het ministerie geeft dan ook als tip aan het bedrijfsleven dat zij ‘de gegevens kunnen raadplegen die zijn bijeengebracht door onderzoeksinstanties en NGO’s.’ Verschillende NGO’s hebben zich ook aangesloten bij keten-initiatieven. De vakbonden, FNV Bondgenoten en CNV dienstenbond, en de NGO de Clean Clothes Campaign hebben zich bij de kledingketen aangesloten (Fair Wear Foundation).

Vraag is echter of het doorverwijzen naar NGO’s en onderzoeksinstanties niet wat al te gemakkelijk is. Waar ligt de verantwoordelijkheid van de overheid zelf? Het voorbeeld van de schoonmakers laat zien dat bij zoiets essentieels als een schone werkplek het al fout gaat. Hoe zit het dan met het kantoormeubilair of de gebruikte communicatiemiddelen? Misschien is de koffie wel zuiver, maar de communicatie niet?

Daarnaast wordt er al jaren bezuinigd op het maatschappelijk middenveld en ontwikkelingsorganisaties. Wordt duurzaam inkopen straks niet het afchecken van de inspanning van een bedrijf? En bestaan de ketens in de toekomst alleen nog maar uit de producenten voor wie profit net iets belangrijker is dan people? De consument, lees de overheid, speelt daar ook een belangrijke rol in, want de markt heerst en alles kan nog goedkoper.

Onzichtbare contracten

Als voorbeeld hebben we Apple genomen, maar levert het computerbedrijf eigenlijk wel telefoons aan bestuursorganen in Nederland? Bij de openbare aanbestedingen zijn er publieke registers, maar de contracten onder de € 50.000 blijven onzichtbaar. In principe hoeft de overheid alleen bij openbare aanbestedingen duurzaam in te kopen. Elk jaar is het bedrag dat wordt aanbesteed minder dan de helft van het totale inkoopvolume (Het totale inkoopvolume van Nederlandse overheden, Instituut voor Onderzoek van Overheidsuitgaven (IOO bv) uit 2009).

Er is sprake van nogal grove schattingen, want de cijfers over de aanbestedingen lopen uiteen van 18 tot 33 miljard euro. De getallen zijn echter een indicatie voor het percentage duurzaam ingekochte goederen en diensten. Dit ligt rond de 30 en 50 procent bij een geschat totaal volume van de overheid van rond de 60 miljard. Als de overheid echter beweert dat de inkoop van het schoonmaken 100 procent duurzaam is en vervolgens de schoonmakers daar anders over denken, roept dat vragen op over het gehele duurzaamheidstraject.

Hoe zit het met het ijzer van het kantoormeubilair en de coltan in de telefoons? De publicaties over de slechte arbeidsomstandigheden in de fabrieken voor onderdelen van Apple laten zien dat onderzoek van groot belang is om het duurzaamheidsgehalte tegen het licht te houden. Een eerste vereiste voor dat onderzoek is de vraag of de overheid iphones in gebruik heeft. Daarbij is de vraag of het een openbare aanbesteding betreft van minder belang.

Door in de Monitor Duurzaam Inkopen 2010 heel hard te roepen dat alle doelen gehaald zijn en aan te geven dat de Rijksoverheid bijna 100 procent duurzaam inkoopt, wordt de illusie gewekt dat 100 procent ook alle inkoop betreft. Nergens wordt vermeld om welk percentage van het totale inkoopvolume van de Rijksoverheid het gaat. Duurzaam inkopen zou ook op de boekhouding moeten slaan en dus ook als het om niet aan te besteden goederen en diensten gaat. De overheid wil geen goedkope stoelen die door kinderhanden zijn gemaakt in de kamer van de minister van ELI.

Het ministerie geeft zelf toe dat de overheid niet over de kennis beschikt ten aanzien van materialen, arbeidsomstandigheden en andere sociale en milieu-aspecten. Om die reden verwijst de overheid bedrijven door naar ‘de gegevens die zijn bijeengebracht door onderzoeksinstanties en NGO’s.’ Die organisaties moeten dan wel weten met wie de overheid in zee gaat, want anders wordt het onderzoek een verdraaid lastig karwei.

Verzoek tot openbaarmaking

Buro Jansen & Janssen verzocht op 7 juli 2010 alle ministeries en politiediensten om contracten met bedrijven op het gebied van ICT, communicatie, dataverzameling en beheer, toegangscontrole, zichtsystemen, alarm, wapensystemen, beschermende oplossingen voor personeel, voertuigen en gebouwen, voertuigen, training en detachering openbaar te maken. In totaal werden 34 bestuursorganen aangeschreven.

Met name de politie reageerde als door een wesp gestoken. Wat Buro Jansen & Janssen wel niet dacht! Alles passeerde de revue. Te veel werk, niet te vinden, allemaal persoonlijk, zeer geheim, staatsgeheim, levensgevaarlijk als bandieten dat te weten komen.

Ruim een half jaar later druppelden de eerste overzichtslijsten binnen. Het duurde tot in de zomer van 2011 voordat alle lijsten in het bezit van Jansen & Janssen waren. Ze zijn verschillend van opzet, inhoud, duidelijkheid en precisie. Sommige politieregio’s hebben geprobeerd zo volledig mogelijk te zijn bij de beantwoording van het verzoek, anderen zo onvolledig mogelijk. En het betreft niet alle namen van de bedrijven die met de politie of de verschillende ministeries samenwerken.

Waarom worden eigenlijk niet alle namen van de instanties die met de overheid samenwerken openbaar gemaakt? Alleen dan kan serieus werk worden gemaakt van een duurzaam inkoopbeleid. Een overheid die niet transparant is, zal altijd schoonmakers in dienst hebben die niet volgens normale fatsoensnormen worden behandeld. Vuile ramen ontnemen het zicht op een serieus beleid waarbij sociale en milieu-aspecten centraal staan en waarbij het inkopen niet duurzaam is, maar wordt afgewimpeld.

Find this story at 26 March 2012

Was treiben die USA in Deutschland? Antworten finden sich auch in einer offiziellen US-Datenbank. Hier finden Sie alle Verträge für Geheimdienstarbeiten in Deutschland.

Was treiben die USA in Deutschland? Antworten finden sich auch in der offiziellen Datenbank FPDS.gov. Hier müssen alle vergebenen Staatsaufträge praktisch in Echtzeit eingebucht werden, wenn ihr Volumen 3000 Dollar übersteigt.

Die Webseite bietet eine Volltextsuche, lässt sich jedoch auch nach Kategorien filtern. Wer sich für Aufträge in Deutschland interessiert, gibt POP_COUNTRY_NAME:”GERMANY” in das Feld ein. Wer nach PRODUCT_OR_SERVICE_CODE:”R423″ sucht, findet alle Aufträge die mit “Intelligence” zu tun haben, mit Geheimdienstarbeit.
Amerikanische Auftragnehmer
Was Spionagefirmen in Deutschland für die USA treiben

Die US-Geheimdienste sammeln so viele Daten, dass sie alleine nicht hinterherkommen. Deswegen mieten sie Zusatzkräfte bei privaten Dienstleistern. Die arbeiten wie Spione – auch in Deutschland.

Diese Daten kann man dann als Excel-Datei herunterladen. Hier finden Sie die Tabelle mit allen Intelligence-Aufträgen in Deutschland zum Herunterladen.

Das bedeuten die wichtigsten Spalten in der Tabelle:

Contract ID: Auftragsnummer, über die man in der Regel leicht in der FPDS-Datenbank den Auftrag mit weiteren Zusatzinformationen findet

Vendor Name: Dienstleisterfirma

Year signed: Jahr, in dem der Vertrag geschlossen wurde

Action Obligation ($): Auftragssumme (manchmal negativ, wenn Aufträge stoniert oder rückwirkend verringert werden)

NAICS Description und PSC Description: Kategorie des Auftrags

Global Vendor Name: Mutterkonzern
Aufträge in Deutschland
Die Top 3 der Mietspione

Alleine in Deutschland haben die USA bisher 140 Millionen Euro für private Spione ausgegeben. Die meisten Aufträge gingen an die drei Firmen SOSi, Caci und MacAulay-Brown. Was sind das für Konzerne?
Demonstration gegen NSA-Horchposten bei Darmstadt: Auch Staatsaufträge für den Dagger-Complex finden sich in der Datenbank (Foto: dpa)

16. November 2013 11:05 Datenbank-Recherche
Von Bastian Brinkmann

Find this story at 16 November 2013

Vijf bedrijven in een excel

Copyright: Süddeutsche Zeitung Digitale Medien GmbH / Süddeutsche Zeitung GmbH

Alleine in Deutschland haben die USA bisher 140 Millionen Euro für private Spione ausgegeben. Die meisten Aufträge gingen an die drei Firmen SOSi, Caci und MacAulay-Brown. Was sind das für Konzerne?

Etwa 70 Prozent ihres Budgets geben die US-Geheimdienste für Aufträge an Privatfirmen aus. Das ist bekannt, seit vor Jahren eine interne Präsentation des amerikanischen Geheimdienstdirektors im Internet auftauchte. Die privaten Auftragnehmer, auf Englisch Contractors, sind eine riesige Schattenarmee (mehr dazu hier).

Und sie sind auch in Deutschland tätig: Rund 140 Millionen Dollar haben die USA in den vergangenen zehn Jahren in Deutschland für private Spione ausgegeben (hier alle Aufträge in einer Tabelle zum Herunterladen). Dazu kommen Hunderte Millionen Dollar für spionagenahe Dienstleistungen wie Datenbankpflege oder Datenverarbeitung.

Süddeutsche.de stellt die drei Spionagehelfer vor, die am meisten Umsatz in Deutschland mit Geheimdienstarbeiten machen.
Nummer 1: SOSi – Vom Übersetzungsbüro zum Flughafenbetreiber

Mitarbeiter von SOSi seien das Ziel von internationalen Terroristen und ausländischen Geheimdiensten, sagt der Sicherheitschef der Firma. Das Unternehmen arbeite mit den geheimsten Daten der US-Regierung. Es gelte daher, besondere Sicherheitsmaßnahmen zu treffen, erzählt er in einem Video im Intranet. Nach dem Urlaub müssten die Mitarbeiter eine kurze Befragung über sich ergehen lassen: Wen haben sie getroffen? Warum? Änderungen im Privatleben seien der Firma bitte umgehend zu melden. Und wichtig sei auch, sagt er, den Vorgesetzten von verdächtigem Verhalten von Kollegen zu berichten.

SOS International, der Sicherheitschef kürzt es gerne S-O-S-i ab, ist der größte Spionagedienstleister der Amerikaner in Deutschland. Allein 2012 hat die Firma für Geheimdiensttätigkeiten in Deutschland 11,8 Millionen Euro von der US-Regierung bekommen, insgesamt waren es in den vergangenen Jahren rund 60 Millionen Dollar.

Auf den ersten Blick gibt sich die Firma offen: Es gibt eine Internetseite, eine Facebook-Seite, die Vorstände twittern, der Firmenchef sendet Videobotschaften. Mehrere Anfragen zu ihrer Tätigkeit in Deutschland ließ die Firma allerdings unbeantwortet. Wie die Firma tickt lässt sich trotzdem gut rekonstruieren: aus den öffentlichen Daten – und aus einer älteren Version des Intranets der Firma, die sie offenbar versehentlich ins Internet stellte.

Dort findet sich allerhand: Hinweise zum Dresscode (konservativ-professionell), Empfehlungen zum Umgang mit Drogen (geringe Mengen Alkohol bei Firmenfeiern erlaubt) oder Anweisungen zur Reaktion auf Kontaktversuche der Medien (nichts herausgeben). Und auch das eindringliche Briefing des Sicherheitschefs, in dem er an den Patriotismus und die Paranoia seiner Mitarbeiter appelliert.

Öffentlich verkauft sich das Unternehmen als Familienunternehmen mit Vom-Tellerwäscher-zum-Millionär-Geschichte. Ursprünglich ist Sosi der Vorname der Unternehmensgründerin: Sosi Setian kam 1959 als Flüchtling aus Armenien nach Amerika, heißt es in der Selbstdarstellung der Firma. Sie arbeitete als Übersetzerin für US-Behörden, gründete 1989 ein Übersetzungsbüro. Nach sechs Monaten hatte sie 52 Mitarbeiter, die sie angeblich alle regelmäßig zum Abendessen in ihr Zuhause einlud.

Heute ist der Sohn der Gründerin, Julian Setian, Geschäftsführer, seine Schwester Pandora sitzt ebenfalls im Vorstand. Der große Erfolg kam nach dem 11. September 2001 – und mit den immens gestiegenen Spionageausgaben der USA. 2002 begann SOSi Übersetzer nach Afghanistan und in den Irak zu schicken. Ein Jahr später heuerten sie auch Spionageanalysten und Sicherheitstrainer an – die Firma hatte erkannt, wie lukrativ das Geheimdienstgeschäft war. Inzwischen beschäftigt das Unternehmen zwischen 800 bis 1200 Mitarbeiter und ist auf allen Feldern der Spionage aktiv, steht auf der Firmenhomepage.

Was das konkret heißt, lässt sich mit Broschüren aus dem Intranet rekonstruieren: SOSi hat die US Army in Europa bei der Auswertung ihrer Spionageergebnisse unterstützt, in Afghanistan PR-Arbeit für die US-Truppen gemacht, im Irak Einheimische auf der Straße angeworben, um die Sicherheitslage im Land einzuschätzen, und in Amerika FBI-Agenten die Techniken der Gegenspionage beigebracht.

Neben den USA hat die Firma Büros in acht weiteren Ländern, darunter Deutschland, heißt es in der Broschüre, die aus dem Jahr 2010 stammt. Auf seiner Homepage sucht das Unternehmen Mitarbeiter in Darmstadt, Heidelberg, Mannheim, Stuttgart und Wiesbaden – also an den traditionellen Standorten der Amerikaner. Im September hat SOSi in einer Pressemitteilung veröffentlicht, dass sie die 66. Military Intelligence Brigade in Darmstadt in den kommenden drei Jahren beim Planen, Sammeln und Auswerten von Geo-Daten unterstützen werde, der sogenannten Geospatial-Intelligence.
Solche Software müssen GEOINT-Analysten von SOSi bedienen können. (Foto: Screenshot exelisvis.com)

Im Mai gewann die Firma eine Ausschreibung der irakischen Regierung. SOSi übernimmt nach dem Abzug der letzten amerikanischen Truppen aus dem Irak die Verantwortung für die Logistik und die Sicherheit von drei ehemaligen US-Stützpunkten sowie einem Flugplatz. Mehr als 1500 Mitarbeiter werden dafür gebraucht, das würde die Unternehmensgröße fast verdoppeln.

Die Verantwortung für das Geschäft trägt dann Frank Helmick, der seit Dezember 2012 bei SOSi arbeitet. Vor seiner Pensionierung war Helmick übrigens General der US-Army. Zuletzt kommandierte er den Abzug der US-Truppen aus dem Irak.

“Du siehst den Hund dort? Wenn du mir nicht sagst, was ich wissen will, werde ich den Hund auf dich hetzen”, soll Zivilist 11 gesagt haben, damals 2003 im berüchtigten US-Militärgefängnis Abu Ghraib im Irak. Sein Kollege, Zivilist 21, soll einen Gefangenen gezwungen haben, rote Frauen-Unterwäsche auf dem Kopf zu tragen. So steht es in zwei internen Berichten des US-Militärs (dem Fay- und dem Tabuga-Report). Und dort steht auch: Zivilist 11 und Zivilist 21 waren Angestellte der US-Firma Caci.

Bis heute bestreitet das Unternehmen, an den Misshandlungen beteiligt gewesen zu sein, deren Bilder damals um die Welt gingen: Nackte Häftlinge aufgestapelt zu menschlichen Pyramiden, traktiert mit Elektroschocks, angeleint wie Hunde. Unstrittig ist nur, dass Dutzende Mitarbeiter der Firma im Irak waren, um dort Gefangene zu befragen – weil das US-Militär mit dem eigenen Personal nicht mehr hinterherkam. Für viele Kritiker der US-Geheimdienste ist Caci damit zum erschreckendsten Beispiel geworden, wie weit Privatfirmen in die schmutzigen Kriege der Amerikaner verstrickt sind.

Nachhaltig geschadet haben die Foltervorwürfe der Firma aber nicht: 2012 hat Caci einen Rekordumsatz von 3,8 Milliarden Dollar erwirtschaftet, 75 Prozent davon stammen immer noch aus Mitteln des US-Verteidigungsministeriums. 15.000 Mitarbeiter sind weltweit für das Unternehmen tätig. Unter dem Firmenmotto “Ever vigilant” (stets wachsam) bieten sie den Geheimdiensten Unterstützung in allen Bereichen der Spionage, wie das Unternehmen im Jahresbericht 2006 schrieb: Informationen sammeln, Daten analysieren, Berichte schreiben, die Geheimdienstarbeit managen.

Caci hat 120 Büros rund um die Welt, in Deutschland sitzt die Firmen in Leimen, einer Kreisstadt in Baden mit 25.000 Einwohnern. Laut der offiziellen Datenbank der US-Regierung hat die Firma in den vergangenen zehn Jahren in Deutschland 128 Millionen Dollar umgesetzt. Auf seiner Homepage hat Caci Mitarbeiter in Wiesbaden, Schweinfurt, Stuttgart, Heidelberg, Darmstadt und Bamberg gesucht, den klassischen Standorten des US-Militärs. Bei manchen Jobs sind die genauen Standorte geheim, bei fast allen die Berechtigung nötig, “Top Secret” arbeiten zu dürfen.

Was die Firma in Deutschland treibt, zeigt sich an einem Auftrag aus dem Jahr 2009. Damals bekam das Unternehmen den Zuschlag, für fast 40 Millionen Dollar SIGINT-Analysten nach Deutschland zu schicken. SIGINT steht für Signals Intelligence, Fernmeldeaufklärung sagen die deutschen Behörden. Was das heißt? Mitarbeiter von Caci haben in Deutschland demnach Telefonate und Internetdaten wie E-Mails abgefangen und ausgewertet.

MacAulay-Brown, Eberstädter Weg 51, Griesheim bei Darmstadt. Offiziell ist der Deutschlandsitz des drittgrößten Spionagezulieferers des US-Militärs in Deutschland nirgendwo angegeben. Doch in einem Prospekt aus dem Jahr 2012 findet sich diese Adresse. Und die ist durchaus brisant: Es ist die Adresse des Dagger Complex. Streng abgeschirmt sitzt dort die 66. Military Intelligence Brigade des US-Militärs und offenbar auch die NSA.

Sogar eine Telefonnummer mit Griesheimer Vorwahl hatte MacAulay-Brown veröffentlicht. Wer dort anruft, bekommt erzählt, dass der Mitarbeiter der Firma etwa seit einem Jahr dort nicht mehr arbeitet. Mehr erfährt man nicht; nicht einmal, wer den Anruf jetzt entgegengenommen hat.

Dass die Firma so engen Kontakt zu Geheimdiensten und Militär hat, überrascht nicht. Geschäftsführer Sid Fuchs war früher Agent der CIA. Weitere Vorstandsmitglieder waren Agenten oder ranghohe Militärs. Die Firma rühmt sich damit, dass 60 Prozent ihrer Mitarbeiter mehr als 15 Jahre Erfahrung im Militär oder sonstigen Regierungstätigkeiten hat.

Dementsprechend ist auch das Tätigkeitsspektrum von MacAulay-Brown, die sich auch MacB abkürzen. Auf seiner Homepage wirbt das Unternehmen damit, einen Rundum-Service für Geheimdienste anzubieten. Die Firma habe, heißt es, kostengünstige, innovative und effiziente Spionage-Möglichkeiten für die Geheimdienste gefunden. Der Fokus liegt dabei auf den eher technischen Spionagebereichen der Signalauswertung und Erderkundung (Fachwörter: Geoint, Masint, Sigint).

Auch in Deutschland hat MacB in diesem Bereich gearbeitet. 2008 hat das Unternehmen mitgeteilt, einen Auftrag der 66. Military Intelligence Brigade in Darmstadt für technische Spionage über Satelliten und Sensoren bekommen zu haben. Insgesamt hat MacAulay-Brown laut Zahlen aus der offiziellen US-Datenbank für Staatsaufträge in den vergangenen Jahren fast zehn Millionen Dollar von der 66. Military Intelligence Brigade erhalten, mit der sich das Unternehmen den Bürositz in Darmstadt zumindest zeitweise teilte.

Mit Signaltechnik und Erderkundung hat das Unternehmen lange Erfahrung. MacAulay-Brown wurde 1979 von zwei Technikern gegründet, John MacAulay und Dr. Charles Brown. Sie waren zunächst ein Ingenieurbüro für die Army, arbeiteten unter anderem an Radarsystemen. Später fokussierte sich die Firma auf das Testen militärischer System für die Air Force. Bis heute ist MacB in diesem Bereich tätig, auch in Deutschland: Das Unternehmen sucht beispielsweise derzeit in Spangdahlem einen Flugzeugtechniker, in dem Ort in Rheinland-Pfalz unterhält die Air Force einen Flughafen.

Ein weiterer Geschäftsbereich von MacB ist die Cybersicherheit – auch hier ist die Firma offenbar in Deutschland tätig: Dem veröffentlichten Prospekt mit der Büroadresse im Dagger-Complex ist eine Liste von Experten angehängt, die das Militär auf Abruf von dem Unternehmen mieten kann – inklusive der Stundenpreise. Neben technischen Schreibern und Grafikdesignern finden sich dabei auch Jobbeschreibungen, die Hackertätigkeiten beinhalten.

Bis heute ist die Firma in Privatbesitz. Sie gehört Syd und Sharon Martin, die MacB 2001 mit ihrer inzwischen verkauften Mutterfirma Sytex gekauft hatten. Als sie 2005 Sytex an den US-Rüstungskonzern Lockheed Martin verkauften, behielten sie MacB – und machten es immer erfolgreicher. Der Umsatz ist seit 2005 von 65 auf 350 Millionen Dollar gewachsen. Die Firma beschäftigt inzwischen 2000 Mitarbeiter weltweit.

Den Erfolg haben dabei vor allem Verträge der US-Regierung gebracht. 2012 war das Unternehmen erstmals auf der Liste der 100 größten Regierungs-Contractors, 2013 steht sie bereits auf Platz 91. Und wenn es nach dem Management geht, soll es so weiter gehen. In einem Interview mit den Dayton Business News sagte Geschäftsführer Fuchs, er wolle in den kommenden Jahren den Umsatz auf eine Milliarde steigern und die Mitarbeiterzahl verdoppeln.

16. November 2013 12:21 Aufträge in Deutschland
Von Oliver Hollenstein

Find this story at 16 November 2013

© Süddeutsche Zeitung Digitale Medien GmbH / Süddeutsche Zeitung GmbH

One Dubai-based firm offers DIY system similar to GCHQ’s Tempora programme, which taps fibre-optic cables

Advanced Middle East Systems has been offering a device called Cerebro, which taps information from fibre-optic cables carrying internet traffic. Photograph: Corbis

Private firms are selling spying tools and mass surveillance technologies to developing countries with promises that “off the shelf” equipment will allow them to snoop on millions of emails, text messages and phone calls, according to a cache of documents published on Monday.

The papers show how firms, including dozens from Britain, tout the capabilities at private trade fairs aimed at offering nations in Africa, Asia and the Middle East the kind of powerful capabilities that are usually associated with government agencies such as GCHQ and its US counterpart, the National Security Agency.

The market has raised concerns among human rights groups and ministers, who are poised to announce new rules about the sale of such equipment from Britain.

“The government agrees that further regulation is necessary,” a spokesman for the Department for Business, Innovation and Skills said. “These products have legitimate uses … but we recognise that they may also be used to conduct espionage.”

The documents are included in an online database compiled by the research watchdog Privacy International, which has spent four years gathering 1,203 brochures and sales pitches used at conventions in Dubai, Prague, Brasilia, Washington, Kuala Lumpur, Paris and London. Analysts posed as potential buyers to gain access to the private fairs.

The database, called the Surveillance Industry Index, shows how firms from the UK, Israel, Germany, France and the US offer governments a range of systems that allow them to secretly hack into internet cables carrying email and phone traffic.

The index has details from 338 companies, including 77 from the UK, offering a total of 97 different technologies.

One firm says its “massive passive monitoring” equipment can “capture up to 1bn intercepts a day”. Some offer cameras hidden in cola cans, bricks or children’s carseats, while one manufacturer turns cars or vans into surveillance control centres.

There is nothing illegal about selling such equipment, and the companies say the new technologies are there to help governments defeat terrorism and crime.

But human rights and privacy campaigners are alarmed at the sophistication of the systems, and worry that unscrupulous regimes could use them as tools to spy on dissidents and critics.

Libya’s former leader Muammar Gaddafi is known to have used off-the-shelf surveillance equipment to clamp down on opposition leaders.

Privacy International believes UK firms should now be subject to the same strict export licence rules faced by arms manufacturers.

“There is a culture of impunity permeating across the private surveillance market, given that there are no strict export controls on the sale of this technology, as there are on the sale of conventional weapons,” said Matthew Rice, research consultant with Privacy International.

“This market profits off the suffering of people around the world, yet it lacks any sort of effective oversight or accountability.

“This lack of regulation has allowed companies to export surveillance technology to countries that use their newly acquired surveillance capability to spy on human rights activists, journalists and political movements.”

Privacy International hopes the Surveillance Industry Index will give academics, politicians and campaigners a chance to look at the type of surveillance technologies now available in the hope of sparking a debate about improved regulation.

The documents include a brochure from a company called Advanced Middle East Systems (AMES), based in Dubai. It has been offering a device called Cerebro – a DIY system similar to the Tempora programme run by GCHQ – that taps information from fibre-optic cables carrying internet traffic.

AMES describes Cerebro as a “core technology designed to monitor and analyse in real time communications … including SMS (texting), GSM (mobile calls), billing data, emails, conversations, webmail, chat sessions and social networks.”

The company brochure makes clear this is done by attaching probes to internet cables. “No co-operation with the providers is required,” it adds.

“Cerebro is designed to store several billions of records – metadata and/or communication contents. At any time the investigators can follow the live activity of their target with advanced targeting criteria (email addresses, phone numbers, key words),” says the brochure.

AMES refused to comment after being contacted by the Guardian, but said it followed similar protocols to other surveillance companies. “We don’t want to interact with the press,” said a spokesman.

Another firm selling similar equipment is VASTech, based in South Africa, which has a system called Zebra. Potential buyers are told it has been designed to help “government security agencies face huge challenges in their combat against crime and terrorism”.

VASTech says Zebra offers “access to high volumes of information generated via telecommunication services for the purposes of analysis and investigation”.

It has been designed to “intercept all content and metadata of voice, SMS, email and fax communications on the connected network, creating a rich repository of information”.

A spokesman for the company said: “VASTech produces products for governmental law enforcement agencies. These products have the primary goal of reducing specifically cross-border crimes such as child pornography, human trafficking, drug smuggling, weapon smuggling, money laundering, corruption and terrorist activities. We compete internationally and openly against several suppliers of similar systems.

“We only supply legal governments, which are not subjected to international sanctions. Should their status change in this regard, we hold the right to withdraw our supplies and support unilaterally.”

Ann McKechin, a Labour member of the arms export control committee, said: “Obviously we are concerned about how our government provides licences, given these new types of technology.

“Software technology is now becoming a very large component of our total exports and how we police it before it gets out of country will become an increasingly difficult question and I think the government has to review its processes to consider whether they are fit for the task.”

She said the Department for Business, Innovation and Skills, which has responsibility for granting export licences, had to ensure it has the skills and knowledge to assess new technologies, particularly if they were being sold to “countries of concern”.

“The knowledge of staff which maybe more geared to more traditional types of weaponry,” she added.

A business department spokesperson said: “The government agrees that further regulation is necessary. These products have legitimate uses in defending networks and tracking and disrupting criminals, but we recognise that they may also be used to conduct espionage.

“Given the international nature of this problem we believe that an internationally agreed solution will be the most effective response. That is why the UK is leading international efforts to agree export controls on specific technologies of concern.

“We expect to be able to announce real progress in this area in early December.”
What’s on offer

Some companies offer a range of spy equipment that would not look out of place in a James Bond film

Spy vans

Ordinary vans, cars and motorbikes can be customised to offer everything a spy could need. Tiny cameras and microphones are hidden in wing mirrors, headlights and even the makers’ logo. Vehicles can also be fitted with the latest mass surveillance technology, allowing them to intercept, assess and store a range of digital communications from the surrounding area.

Hidden cameras

The range of objects that can hide high-quality cameras and recording equipment appears almost limitless; from a box of tissues giving a 360-degree view of the room, to a child’s car seat, a brick and a key fob. Remote controls allow cameras to follow targets as they move around a room and have a powerful zoom to give high definition close-ups.

Recorders

As with cameras recording equipment is getting more sophisticated and more ubiquitous. From cigarette lighters to pens their are limitless ways to listen in on other people’s conversations. One firm offers a special strap microphone that straps to the wearer’s would be spies’ back and records conversations going on directly behind them. According to the brochure: “[This] is ideal because people in a crowd think that someone with their back turned can’t hear their conversation.. Operatives can work much closer to their target.”

Handheld ‘biometric cameras’

This system, made by a UK firm, is currently being used by British forces in Afghanistan to help troops identify potential terrorists. The brochure for the Mobile Biometric Platform says: “Innocent civilian or Insurgent? Not Certain? Our systems are.” It adds: “The MBP is tailored for military use and enables biometric enrolment and identification of finger, face and iris against on board watchlists in real time from live or forensic data.”

Mobile phone locators

It is now possible, from a single laptop computer, to locate where a mobile phone is calling from anywhere in the world, with an accuracy of between 200 metres and a mile. This is not done by attaching probes, and it is not limited to the area where the laptop is working from. The “cross border” system means it is now theoretically possible to locate a mobile phone call from a town abroad from a laptop in London.

Nick Hopkins and Matthew Taylor
The Guardian, Monday 18 November 2013 21.42 GMT

Find this story at 18 November 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

It was an innocuous e-mail, one of millions sent every day by spouses with updates on the situation at home. But this one was of particular interest to the National Security Agency and contained clues that put the sender’s husband in the crosshairs of a CIA drone.

Days later, Hassan Ghul — an associate of Osama bin Laden who provided a critical piece of intelligence that helped the CIA find the al-Qaeda leader — was killed by a drone strike in Pakistan’s tribal belt.

The U.S. government has never publicly acknowledged killing Ghul. But documents provided to The Washington Post by former NSA contractor Edward Snowden confirm his demise in October 2012 and reveal the agency’s extensive involvement in the targeted killing program that has served as a centerpiece of President Obama’s counterterrorism strategy.

An al-Qaeda operative who had a knack for surfacing at dramatic moments in the post-Sept. 11 story line, Ghul was an emissary to Iraq for the terrorist group at the height of that war. He was captured in 2004 and helped expose bin Laden’s courier network before spending two years at a secret CIA prison. Then, in 2006, the United States delivered him to his native Pakistan, where he was released and returned to the al-Qaeda fold.

But beyond filling in gaps about Ghul, the documents provide the most detailed account of the intricate collaboration between the CIA and the NSA in the drone campaign.

The Post is withholding many details about those missions, at the request of U.S. intelligence officials who cited potential damage to ongoing operations and national security.

The NSA is “focused on discovering and developing intelligence about valid foreign intelligence targets,” an NSA spokeswoman said in a statement provided to The Post on Wednesday, adding that the agency’s operations “protect the nation and its interests from threats such as terrorism and the proliferation of weapons of mass destruction.”

In the search for targets, the NSA has draped a surveillance blanket over dozens of square miles of northwest Pakistan. In Ghul’s case, the agency deployed an arsenal of cyber-espionage tools, secretly seizing control of laptops, siphoning audio files and other messages, and tracking radio transmissions to determine where Ghul might “bed down.”

The e-mail from Ghul’s wife “about her current living conditions” contained enough detail to confirm the coordinates of that household, according to a document summarizing the mission. “This information enabled a capture/kill operation against an individual believed to be Hassan Ghul on October 1,” it said.

The file is part of a collection of records in the Snowden trove that make clear that the drone campaign — often depicted as the CIA’s exclusive domain — relies heavily on the NSA’s ability to vacuum up enormous quantities of e-mail, phone calls and other fragments of signals intelligence, or SIGINT.

To handle the expanding workload, the NSA created a secret unit known as the Counter-Terrorism Mission Aligned Cell, or CT MAC, to concentrate the agency’s vast resources on hard-to-find terrorism targets. The unit spent a year tracking Ghul and his courier network, tunneling into an array of systems and devices, before he was killed. Without those penetrations, the document concluded, “this opportunity would not have been possible.”

At a time when the NSA is facing intense criticism for gathering data on Americans, the drone files may bolster the agency’s case that its resources are focused on fighting terrorism and supporting U.S. operations overseas.

“Ours is a noble cause,” NSA Director Keith B. Alexander said during a public event last month. “Our job is to defend this nation and to protect our civil liberties and privacy.”

The documents do not explain how the Ghul e-mail was obtained or whether it was intercepted using legal authorities that have emerged as a source of controversy in recent months and enable the NSA to compel technology giants including Microsoft and Google to turn over information about their users. Nor is there a reference to another NSA program facing scrutiny after Snowden’s leaks, its metadata collection of numbers dialed by nearly every person in the United States.

To the contrary, the records indicate that the agency depends heavily on highly targeted network penetrations to gather information that wouldn’t otherwise be trapped in surveillance nets that it has set at key Internet gateways.

The new documents are self-congratulatory in tone, drafted to tout the NSA’s counterterrorism capabilities. One is titled “CT MAC Hassan Gul Success.” The files make no mention of other agencies’ roles in a drone program that escalated dramatically in 2009 and 2010 before tapering off in recent years.

Even so, former CIA officials said the files are an accurate reflection of the NSA’s contribution to finding targets in a campaign that has killed more than 3,000 people, including thousands of alleged militants and hundreds of civilians, in Pakistan, according to independent surveys. The officials said the agency has assigned senior analysts to the CIA’s Counterterrorism Center, and deployed others to work alongside CIA counterparts at almost every major U.S. embassy or military base overseas.

“NSA threw the kitchen sink at the FATA,” said a former U.S. intelligence official with experience in Afghanistan and Pakistan, referring to the Federally Administered Tribal Areas, the region in northwest Pakistan where al-Qaeda’s leadership is based.

NSA employees rarely ventured beyond the security gates of the U.S. Embassy in Islamabad, officials said. Surveillance operations that required placing a device or sensor near an al-Qaeda compound were handled by the CIA’s Information Operations Center, which specializes in high-tech devices and “close-in” surveillance work.

“But if you wanted huge coverage of the FATA, NSA had 10 times the manpower, 20 times the budget and 100 times the brainpower,” the former intelligence official said, comparing the surveillance resources of the NSA to the smaller capabilities of the agency’s IOC. The two agencies are the largest in the U.S. intelligence community, with budgets last year of $14.7 billion for the CIA and $10.8 billion for the NSA. “We provided the map,” the former official said, “and they just filled in the pieces.”

In broad terms, the NSA relies on increasingly sophisticated versions of online attacks that are well-known among security experts. Many rely on software implants developed by the agency’s Tailored Access Operations division with code-names such as UNITEDRAKE and VALIDATOR. In other cases, the agency runs “man-in-the-middle” attacks in which it positions itself unnoticed midstream between computers communicating with one another, diverting files for real-time alerts and longer-term analysis in data repositories.

Through these and other tactics, the NSA is able to extract vast quantities of digital information, including audio files, imagery and keystroke logs. The operations amount to silent raids on suspected safe houses and often are carried out by experts sitting behind desks thousands of miles from their targets.

The reach of the NSA’s Tailored Access Operations division extends far beyond Pakistan. Other documents describe efforts to tunnel into systems used by al-Qaeda affiliates in Yemen and Africa, each breach exposing other corridors.

An operation against a suspected facilitator for al-Qaeda’s branch in Yemen led to a trove of files that could be used to “help NSA map out the movement of terrorists and aspiring extremists between Yemen, Syria, Turkey, Egypt, Libya and Iran,” according to the documents. “This may enable NSA to better flag the movement of these individuals” to allied security services that “can put individuals on no-fly lists or monitor them once in country.”

A single penetration yielded 90 encrypted al-Qaeda documents, 16 encryption keys, 30 unencrypted messages as well as “thousands” of chat logs, according to an inventory described in one of the Snowden documents.

The operations are so easy, in some cases, that the NSA is able to start downloading data in less time than it takes the targeted machine to boot up. Last year, a user account on a social media Web site provided an instant portal to an al-Qaeda operative’s hard drive. “Within minutes, we successfully exploited the target,” the document said.

The hunt for Ghul followed a more elaborate path.

Ghul, who is listed in other documents as Mustafa Haji Muhammad Khan, had surfaced on U.S. radar as early as 2003, when an al-Qaeda detainee disclosed that Ghul escorted one of the intended hijackers to a Pakistani safe house a year before the Sept. 11, 2001, attacks.

A trusted facilitator and courier, Ghul was dispatched to Iraq in 2003 to deliver a message to Abu Musab al-Zarqawi, the al-Qaeda firebrand who angered the network’s leaders in Pakistan by launching attacks that often slaughtered innocent Muslims.

When Ghul made another attempt to enter Iraq in 2004, he was detained by Kurdish authorities in an operation directed by the CIA. Almost immediately, Ghul provided a piece of intelligence that would prove more consequential than he may have anticipated: He disclosed that bin Laden relied on a trusted courier known as al-Kuwaiti.

The ripples from that revelation wouldn’t subside for years. The CIA went on to determine the true identity of al-Kuwaiti and followed him to a heavily fortified compound in Abbottabad, Pakistan, where bin Laden was killed in 2011.

Because of the courier tip, Ghul became an unwitting figure in the contentious debate over CIA interrogation measures. He was held at a CIA black site in Eastern Europe, according to declassified Justice Department memos, where he was slapped and subjected to stress positions and sleep deprivation to break his will.

Defenders of the interrogation program have cited Ghul’s courier disclosure as evidence that the agency’s interrogation program was crucial to getting bin Laden. But others, including former CIA operatives directly involved in Ghul’s case, said that he identified the courier while he was being interrogated by Kurdish authorities, who posed questions scripted by CIA analysts in the background.

The debate resurfaced amid the release of the movie “Zero Dark Thirty” last year, in which a detainee’s slip after a brutal interrogation sequence is depicted as a breakthrough in the bin Laden hunt. Ghul’s case also has been explored in detail in a 6,000-page investigation of the CIA interrogation program by the Senate Intelligence Committee that has yet to be released.

Sen. Dianne Feinstein (D-Calif.), the chairman of the panel, sought to settle the Ghul debate in a statement last year that alluded to his role but didn’t mention him by name.

“The CIA detainee who provided the most significant information about the courier provided the information prior to being subjected to coercive interrogation techniques,” Feinstein said in the statement, which was signed by Sen. Carl Levin (D-Mich.).

The George W. Bush administration’s decision to close the secret CIA prisons in 2006 set off a scramble to place prisoners whom the agency did not regard as dangerous or valuable enough to transfer to Guantanamo Bay. Ghul was not among the original 14 high-value CIA detainees sent to the U.S. installation in Cuba. Instead, he was turned over to the CIA’s counterpart in Pakistan, with ostensible assurances that he would remain in custody.

A year later, Ghul was released. There was no public explanation from Pakistani authorities. CIA officials have noted that Ghul had ties to Lashkar-e-Taiba, a militant group supported by Pakistan’s intelligence service. By 2007, he had returned to al-Qaeda’s stronghold in Waziristan.

In 2011, the Treasury Department named Ghul a target of U.S. counterterrorism sanctions. Since his release, the department said, he had helped al-Qaeda reestablish logistics networks, enabling al-Qaeda to move people and money in and out of the country. The NSA document described Ghul as al-Qaeda’s chief of military operations and detailed a broad surveillance effort to find him.

“The most critical piece” came with a discovery that “provided a vector” for compounds used by Ghul, the document said. After months of investigation, and surveillance by CIA drones, the e-mail from his wife erased any remaining doubt.

Even after Ghul was killed in Mir Ali, the NSA’s role in the drone strike wasn’t done. Although the attack was aimed at “an individual believed to be” the correct target, the outcome wasn’t certain until later when, “through SIGINT, it was confirmed that Hassan Ghul was in fact killed.”

By Greg Miller, Julie Tate and Barton Gellman, Published: October 17

Find this story at 17 October 2013

© The Washington Post Company

Ever since September 11, the US – with the help of the CIA – has been carrying out a secret war that defies imagination, says New York Times reporter Mark Mazzetti. And it’s not just Washington giving the green light.

The campaign against America’s enemies is silent and precise. Commanders fight without troops. They operate from CIA headquarters in Langley, Virginia – their “troops” in front of computer screens in Nevada or New Mexico. Their weapons are unmanned drones.

“The CIA, over the last 12 years, has very much been back in the business of killing,” said Pulitzer Prize winner Mark Mazzetti in an interview with DW. “Since the September 11 attacks, the CIA has gradually transformed into very much of a paramilitary organization.”
Mark Mazzetti also broke news of the CIA’s destruction of interrogation tapes in 2007

Just released in Germany, “The Way of the Knife: The CIA, a Secret Army, and a War at the Ends of the Earth” contains evidence gathered by the New York Times journalist via interviews with intelligence operatives and politicians. Mazzetti speaks of a military complex catalysed by developments in drone technology.

“It’s the military, it’s the spy services, it’s private companies that have in many ways created this new state where they can carry out these secret missions and secret eavesdropping,” he said.

Blurred boundaries

The new procedural structures followed in the wake of the terror attacks on New York’s World Trade Center and Pentagon which resulted in more than 3,000 deaths. Anti-terrorism legislation enacted under President George W. Bush, Mazzetti says, circumvented earlier prohibitions on targeted killings.

“There’s a whole new world that has emerged since the Spetember 11 attacks,” he said.

Borders between the army and secret service became blurred. Roughly 60 percent of the CIA’s current staff was hired after the 2001 terror attacks. Many of those hires have a simple task: hunting and killing people.

Bush’s successor, Barack Obama, further pursued that policy – with the help of, among other things, a secret agreement with the Pakistani government. Local tribal areas in Pakistan were considered sanctuaries for Taliban fighters in Afghanistan. Since 2004, drones have been flying over such areas and firing rockets at the homes, vehicles and territories of supposed Islamists. Publicly, the Pakistani government has reacted with protests to violations of its sovereign territory. Quietly, Mazzetti says, Pakistan might have endorsed them.

“There are suspicions that privately, they have been giving their approval for the strikes,” he said, “because the US has also gone after enemies of Pakistan.” One example was Taliban leader Nek Mohammed. He became the first official target of CIA drone strikes in Pakistan and his death, Mazzetti says, was a precondition for the US to receive flyover rights for further strikes.
In Yemen, August 2013 saw four strikes in three days, leaving fifteen dead

Drone missions were then expanded – to Yemen as well as Somalia. Resulting mishaps are greeted by silence in Washington. Its successes are celebrated in the media.

Carte blanche from Washington

In certain countries, Washington has given the CIA complete control over drone operations.

“In Pakistan, for instance, the CIA really has the authority to target individuals or groups of individuals without asking the White House’s permission,” Mazzetti said. In countries like Yemen, he added, President Obama has insisted that the White House have more control over the kill list. Those operations are first reviewed by task forces within the White House.

Less controversial are attacks on individuals who have been clearly identified. In “signature attacks,” however, that is not the case.

“Signature strikes are based on patterns of activities. In other words, they look on the ground. They don’t know specifically who these people are, but they suspect they’re doing suspicious activities – they might be trying to cross the border into Afghanistan,” Mazzetti said. “[The CIA] has the authority to carry out a strike.”

Such attacks are controversial – particularly due to the increase in civilian casualties. One of the more notorious cases occurred in March 2011 in Pakistan. More than 40 civilians were killed during a drone attack on a suspected Taliban meeting in North Waziristan, an area considered by the Pakistani government to have been “Talibanized.” The meeting turned out to be an open-air tribal gathering.

Further developments

Over time, Pakistan’s government began turning away from the attacks it once invited. Protests against America’s “killer drones” took place both outside the government and within it.
Only in Pakistan did Obama score lower than presidential candidate Mitt Romney in a pre-election, worldwide survey

Pakistani authorities refer to the latest UN figures citing 330 drone attacks. Approximately 2,200 people are thought to have been killed in those attacks, but according to the Bureau of Investigative Journalism, an independent journalist network based in London, the figures are far higher. Among those killed, 400 were civilians, according to official statements from Pakistan. Another 200 were considered “non-combatants.” The UN has called on the US to release its own statistics on civilian casualties resulting from drone strikes.

“President Obama has indicated, although he doesn’t say it publicly, that these strikes in Pakistan will continue as long as there are American troops in Afghanistan. So that should be at least another year,” Mazzetti said.

It’s a policy Obama will have to clarify with Pakistani Prime Minister Nawaz Sharif, who will be visiting the White House on Wednesday (23.10.2013). It will be equally difficult, Mazzetti says, for the US government to justify arguments against other countries’ use of military drones. In China or Russia, for example, the technology for unmanned warfare is already readily available.
Soon to be weaponized?

For Mazzetti, the idea of the world turning into a “silent battlefield” is as frightening as the role drones might play in day-to-day America in the future.

With police already utilizing drones for criminal investigations, the journalist and author believes that in just five-to-10 years, weaponized drones will be used for domestic crime-fighting.

Date 22.10.2013
Author Antje Passenheim, Washington / cd
Editor Rob Mudge

Find this story at 22 October 2013

© 2013 Deutsche Welle

Promotional materials for private spy companies show that mass surveillance technology is being sold to police departments as a way to monitor dissent

The documents leaked to media outlets by former NSA contractor Edward Snowden this year have brought national intelligence gathering and surveillance operations under a level of scrutiny not seen in decades. Often left out of this conversation, though, is the massive private surveillance industry that provides services to law enforcement, defense agencies and corporations in the U.S. and abroad – a sprawling constellation of companies and municipalities. “It’s a circle where everyone [in these industries] is benefitting,” says Eric King, lead researcher of watchdog group Privacy International. “Everyone gets more powerful, and richer.”

Promotional materials for numerous private spy companies boast of how law enforcement organizations can use their products to monitor people at protests or other large crowds – including by keeping tabs on individual people’s social media presence. Kenneth Lipp, a journalist who attended the International Association of Chiefs of Police conference in Philadelphia from October 19th to 23rd, tells Rolling Stone that monitoring Twitter and Facebook was a main theme of the week. “Social media was the buzzword,” says Lipp. He says much of the discussion seemed to be aimed at designing policies that wouldn’t trigger potentially limiting court cases: “They want to avoid a warrant standard.”

While the specifics of which police departments utilize what surveillance technologies is often unclear, there is evidence to suggest that use of mass surveillance against individuals not under direct investigation is common. “The default is mass surveillance, the same as NSA’s ‘collect it all’ mindset,” says King. “There’s not a single company that if you installed their product, [it] would comply with what anyone without a security clearance would think is appropriate, lawful use.”

The YouTube page for a company called NICE, for instance, features a highly produced video showing how its products can be used in the event of a protest. “The NICE video analytic suite alerts on an unusually high occupancy level in a city center,” a narrator says as the camera zooms in on people chanting and holding signs that read “clean air” and “stop it now.” The video then shows authorities redirecting traffic to avoid a bottleneck, and promises that all audio and video from the event will be captured and processed almost immediately. “The entire event is then reconstructed on a chronological timeline, based on all multimedia sources,” says the narrator. According to an interview with the head of NICE’s security division published in Israel Gateway, NICE systems are used by New Jersey Transit and at the Statue of Liberty, though it isn’t clear if they are the same products shown in the video.

“Thousands of customers worldwide use NICE Security solutions to keep people safe and protect property,” says Sara Preto, a spokesperson for NICE. She declined to confirm any specific clients, but added: “We work with law enforcement and other government agencies within the framework of all relevant and national laws.”

Another program, made by Bright Planet and called BlueJay, is billed in a brochure to law enforcement as a “Twitter crime scanner.” BlueJay allows cops to covertly monitor accounts and hashtags; three that Bright Planet touts in promotional material are #gunfire, #meth, and #protest. In another promotional document, the company says BlueJay can “monitor large public events, social unrest, gang communications, and criminally predicated individuals,” as well as “track department mentions.” Bright Planet did not respond to a request for comment.

A third company, 3i:Mind, lays out a scenario for a potential law enforcement client that begins: “Perhaps you are tracking an upcoming political rally.” It continues:

Once you set up the OpenMIND™ system to profile and monitor the rally, it will search the web for the event on web pages, social networking sites, blogs, forums and so forth, looking for information about the nature of the rally (e.g. peaceful, violent, participant demographics), try to identify both online and physical world activist leaders and collect information about them, monitor the event in real-time and alert you on user-defined critical developments.

The scenario concludes: “Your insight is distributed to the local police force warning them that the political rally may turn violent and potentially thwarting the violence before it occurs.” The 3i:Mind website gives no clues at to which governments or corporations use their products, and public information on the company is limited, though they have reportedly shown their product at various trade shows and police conferences. The company didn’t respond to a request for comment.

Other companies are less upfront about how their products can be used to monitor social unrest. A product that will be familiar to anyone who attended an Occupy Wall Street protest in or around New York’s Zuccotti Park is SkyWatch, by FLIR, pointed out to Rolling Stone by Lipp, the journalist who attended the police conference. SkyWatch is a mobile tower in the form of a two-person cab that can be raised two stories high to provide “an array of surveillance options,” according to a promotional brochure. Those options include cameras and radar, as well as “customizable” options. The brochure says SkyWatch is perfect for “fluid operations whether on the front lines or at a hometown event.” As of this writing, the NYPD still has a SkyWatch deployed in a corner of Zuccotti Park, where Occupy activists were evicted by the police nearly two years ago.

These promotional materials, taken together, paint a picture not only of local police forces becoming increasingly militarized, but also suggest departments are venturing into intelligence-gathering operations that may go well beyond traditional law enforcement mandates. “Two things make today’s surveillance particularly dangerous: the flood of ‘homeland security’ dollars (in the hundreds of millions) to state and local police for the purchase of spying technologies, and the fact that spook technology is outpacing privacy law,” says Kade Crockford, director of the Massachusetts ACLU’s technology for liberty program and the writer of the PrivacySOS blog, which covers these issues closely. “Flush with fancy new equipment, police turn to communities they have long spied on and infiltrated: low-income and communities of color, and dissident communities.”

Many of the legal questions surrounding these kinds of police tactics remain unsettled, according to Faiza Patel, co-director of the Liberty and National Security program at New York University Law School’s Brennan Center for Justice. Information that is publicly available, like tweets and Facebook posts, is generally not protected by the Fourth Amendment, though legal questions may arise if that information is aggregated on a large scale – especially if that collection is based on political, religious or ethnic grounds. “This information can be useful, but it can also be used in ways that violate the Constitution,” says Patel. “The question is: what are [police departments] using it for?”

Rolling Stone contacted police departments for the cities of New York City, Los Angeles, Chicago, Philadelphia and Washington D.C. for comment on this story.

“The Philadelphia Police Department has their own cameras,” says that force’s spokesperson Jillian Russell. “The department does not have private surveillance companies monitor crime.” She directed follow-up questions about software used to process big data to a deputy mayor’s office, who didn’t return a phone call asking for comment.

When asked if the LAPD uses programs to monitor protesters, a media relations email account sent an unsigned message that simply read: “We are not aware of this.”

The other police departments did not respond to requests for comment.

By JOHN KNEFEL
October 24, 2013 3:16 PM ET

Find this story at 24 October 2013

Copyright ©2013 Rolling Stone

Nongovernmental organisations (NGO) GroundWork, Earthlife Africa and Greenpeace Africa have agreed to rejoin State-owned power utility Eskom’s NGO forum after the parastatal acknowledged that an investigation into its now-terminated contract with intelligence support services company Swartberg revealed that the firm was “spying” on the environmental groups.

Eskom said in a statement on Monday that security management at the Medupi coal-fired power station, in Limpopo, had entered into the contract with Swartberg to “ensure protection of the Medupi site and to better anticipate threats to personnel and property”, following civil unrest at Medupi in May 2011.

However, following media reports that Swartberg was gathering intelligence from the three organisations, the NGO forum members suspended their participation in February, calling for an investigation by the energy provider.

After terminating the contract with Swartberg, Eskom commissioned independent legal firm Bowman Gilfillan to initiate an investigation, which revealed “concerns” about the way in which the contract was managed.

After disclosing the extent, process and outcome of the investigation to the three affected NGOs, Eskom CEO Brian Dames said the use of private companies to gather intelligence from stakeholders was “unacceptable” and “not how Eskom does business”.

“To the extent that this may have happened as a consequence, even if unintended, is regrettable and Eskom apologises for this,’’ he commented.

The NGOs said in a statement that they believed their key demand for a full internal investigation and a public apology had been met.

“We, therefore, think it is in order to return to the stakeholder forum, where we will continue to engage and, where necessary, challenge Eskom on its energy choices,” they stated.

Eskom said it had, since the outcome of the investigation, taken steps to strengthen internal controls and brought the matter to the attention of the South African Police Service to determine whether any laws were contravened, and if any further action was required.

The group said it would also implement the recommendations made following the investigation, including pursuing disciplinary action against individuals who did not comply with Eskom policies.

Published 11 Nov 2013
Article by: Natalie Greve

Find this story at 11 November 2013

Copyright © Creamer Media (Pty) Ltd