But the article moves to more substantial matters by grabbing the loose thread of cellular phone surveillance that its bookend report left dangling. The British intelligence agency seeks to “[collect] voice and SMS and geo-locating phone” data and “intelligence from all the extra functionality that iPhones and BlackBerrys offer.” A classified document recognizes the technological climate and sets the agenda: “Google Apps already has over 30 million users. This is good news. It allows us to exploit the mobile advantage.” As with telecommunications providers’ government compliance, on February 8, 2011, it was noted that “Legal assurances [by cell phone manufacturers were] now believed to be good.”
In its conclusion—a review of GCHQ’s contribution to American intelligence—the report states that the British intelligence agency “[ … ] had given the NSA 36% of all the raw information the British had intercepted from computers the agency was monitoring. A confidential document declares new technological advances permit the British to “[ … ] interchange 100% of GCHQ End Point Projects with NSA.”
Also on August 1, NGB6 expanded on British communication providers’ roles in government surveillance. It was another joint feature with Süddeutsche Zeitung, which would release “Snowden revealed names of spying telecom companies”7 the next day.
Together the news sources report that not two but seven major domestic telecoms, alongside their respective code names, provided GCHQ with access to their fiber-optic cables in 2010: Verizon Business (“Dacron”), British Telecommunications (“Remedy”), Vodafone Cable (“Gerontic”), Global Crossing (“Pinnage”), Level 3 (“Little”), Viatel (“Vitreous”) and Interoute (“Streetcar”). The British spy agency used Tempora to hack the various data backbones across Europe. GCHQ has 102 “points of presence” over Europe, 15 of which are in Germany.
The British communication companies’ involvement with GCHQ is of particular interest to Germany, because Level 3 owns data centers in Berlin, Hamburg, Dusseldorf, Frankfurt and Munich. Global Crossing and Interoute are also major German communication distributors. For readers familiar with the American surveillance story, Viatel’s response was predictable as well as somewhat laughable: “We do not cooperate with the GCHQ or grant access to our infrastructure or customer data.” The company representative continues, “Like all telecommunications providers in Europe, we are obliged to comply with European and national laws including those regarding privacy and data retention. From time to time, we receive inquiries from authorities, [which are] checked by our legal and security departments, and if they are legal, [they] will be processed accordingly.” The reports also reveal that the Five Eyes, whose acronym is revealed as “FVEY,” operate a “ring of satellite monitoring systems around the globe.” The group project is code-named “Echelon.”
Epoca’s sophomore disclosure effort appeared on August 2. Greenwald is the first credited writer of “Letter from the American Ambassador in Brazil thanks the NSA for its Support.”8 He presents a classified missive dated May 19, 2009, addressed to General Alexander thanking him and the NSA for their work with SIGINT. The top secret document was written by Thomas Shannon, who at the time was assistant secretary to the Bureau of Western Hemisphere Affairs. Shannon states he was impressed by the quality of information provided by the spy agency during the Fifth Summit of the Americas. The Summit of the Americas, originated by Bill Clinton, occurs every few years and brings together the leaders of the Western Hemisphere to discuss chosen themes. Topics for 2009 included the economic crisis, environmental issues and alternative energy. Shannon proudly announces, “We succeeded and our rivals failed, and our success owes in good measure to the abundant, timely, and detailed reporting that you [Alexander and the NSA] provided.” Over 100 reports had been received which revealed the “plans and intentions of the other Summit participants.” Seven months after he penned the thank you note, Shannon was appointed ambassador to Brazil.
Poitras’ return to the printed page after Snowden stepped freely onto Russian soil, “Mass Data: Transfers from Germany Aid US Surveillance,”9 conveniently, implicitly and thematically follows The Guardian’s discussion of GCHQ and the NSA’s relationship. Though her report substantiates an assumption any regular reader of the Snowden affair would have about the BND’s kinship with American intelligence, it also provides a vital piece of the surveillance puzzle.
Working in adjoining buildings, the NSA receives intercepted data from the BND on a daily basis. But the German foreign intelligence agency paradoxically assures its citizenry the information it gives to U.S. intelligence is not only wiped clean of any identifying features, it does not include any domestic data. In turn the NSA claims it complies with the rules and regulations of the country in which it is operating. Under Germany’s G-10 Law, domestic surveillance is illegal. However, an accompanying Boundless Informant graph shows daily reports of telephone and Internet traffic in Germany from December 10, 2012 and January 8, 2013. Though the information could have been retrieved and transferred as foreign intelligence by the NSA from U.S. soil or by another surveillance organization such as GCHQ, the revealed code or SIGINT Activity Designator (SIGAD) for one interception site is “US-987LA.” This is strongly believed to be one of two domestic outposts. The numeric suffix is also indicative of a third-party contractor, implying the BND was spying on its own people for the NSA. The report suggests either German foreign intelligence is lying to its government, or Germany’s representatives are feigning ignorance.
There is a third possibility. The programs used and their respective monthly figures are as follows: XKeyscore, 182 million; Lopers (used for monitoring traditional “hard-line” telephone connections), 131 million; Juggernaut (used for spying on mobile network transfers such as vocal communication, fax and text messaging), 93.5 million; Cerf Call Moses, 39 million; and Matrix, almost eight million records. (By comparison, Spain, Italy, France and the Netherlands had almost no Internet data surveilled in the same 30-day period.) Due to the bloated figures, solely blaming the BND is logistically difficult. Though not definitive due to the lapse of time, a travel report relays that only 100 BND employees were stationed in a single German surveillance facility in 2006. It is possible the outpost is smaller than US-987LA, but by ratio, Menwith is staffed with 1,600 employees for a country of 63 million. As previously noted, Germany has a population of 80 million. If the BND was gathering domestic data, unless there was a massive growth in Germany’s intelligence budget over the last seven years, it is unlikely the immense amount of data could be collected, analyzed and filtered by such a small workforce. The Der Spiegel report states, “Officially, the German government is still waiting for an answer from Washington as to where in Germany the metadata documented in the NSA files was obtained.” Regardless of which party is responsible, Germany and America’s reliance on XKeyscore to gather data is also a concern since the program has full-take capabilities.
The article also cites two of Germany’s spying tools, Mira4 and VERAS, which were given to the NSA in exchange for nondescript intelligence assistance. Poitras’ report closes on the frightening note of the classified documents mentioning a discussion between the two agencies. They spoke of analysis programs able to detect behavior patterns. This technology is used by civilian data mining companies to predict consumer behavior. By gauging and comparing an individual’s past and current purchasing patterns and Internet browsing habits with previous, established models, analysis programs guess what a person intends to buy next. In 2012 the American corporation Target began sending maternity-related coupons to a Minneapolis teenager based on purchasing patterns. The consumer wasn’t aware she was pregnant. She was.10
Poitras’ article on August 5 serves another purpose. By placing her explanation of SIGADs alongside Greenwald’s O Globo Fairview exposé, readers could step back and see a blurred outline of the bigger surveillance picture. It becomes even clearer once two previous citations are considered. On June 8, The Guardian released an additional, edited PRISM slide but adm
itted it had difficulty interpreting its meaning due to lack of context.11 The slide mentions the Fairview and “Blarney” programs. On July 10, Gellman released a similar slide without redactions.12 Readers could see that the program names “Oakstar” and “Stormbrew” had been censored by The Guardian.13
Gathering bulk data from corporate, government and private telecom and Internet providers, each spy program has a different function and purpose, as indicated by its related SIGAD. For example, an unseen slide briefly mentioned in Gellman’s original PRISM report states Blarney is “an ongoing collection program that leverages IC [intelligence community] and commercial partnerships to gain access and exploit foreign intelligence obtained from global networks.” Blarney can be assumed to utilize PRISM for its data analysis because PRISM’s assigned SIGAD is US-984XN. The two known SIGAD’s associated with Blarney are US-984 and US-984X. Blarney is believed to be installed in Room 641A in San Francisco and somewhere in New Jersey.
SIGADs classify hosts as well as location. Oakstar’s SIGADs were revealed in the O Globo report. US-3206 is the code for the collections gleaned from Monkeyrocket; US-3217 for Shiftingshadow; US-3230 for Orangecrush; US-3247 for Yachtshop, which is the access point for the private contractor Blueanchor; US-3251 for Orangeblossom; US-3273 for Silverzephyr, which is the access point for the private contractor Steelknight; US-3277 for Bluezephyr and US-3354 for Cobalfalcon.14
Like Blarney, Stormbrew’s data collection is largely focused on domestic communications. Its corporate and private affiliates are located in Washington, California, Texas, Florida, New York, Virginia and Pennsylvania. Stormbrew’s SIGAD is US 983. Examining the location of known SIGADs, it appears suffixes beginning with the number 3 designate foreign surveillance and 9 denote domestic spying activity. One of Stormbrew’s assigned SIGAD’s is US-3140 for an entity code-named “Madcapocelot.” Its name and numeric indicator imply it is an eastern lookout point for European communications.
In Greenwald’s July 31 XKeyscore report, a classified slide shows that XKeyscore contains “[u]nique data beyond user activity from front end full-take feeds.” The belated PRISM slide tells analysts to use both “upstream” data alongside PRISM. Upstream is the common term for “front end.” It is “active” information sent from a computer. For example, when a person sends an email, it goes “upstream.” It is “downstream” or “passive” after the email message has been received and downloaded. The revealed documents come together to imply data is deposited into the storage reservoirs “Marina,” “Pinwale” and “Trafficthief” only after it has been received, reviewed and filtered.15 An example data flow would be a user’s email originating in Brazil. As it is transferred to a South American Internet firm’s fiber-optic cables contracted by Orangecrush, it is picked up by Fairview, and PRISM processes it before it is deposited and stored in Pinwale for later reference. XKeyscore can then retrieve files from this catalogued system. Astute readers were able to begin getting a handle on how American surveillance functioned two months after the debate began.
Even though Snowden was safe in the confines of Russia, the U.S. government was still trying to make life difficult for him. The encrypted email service Lavabit, based out of Texas, announced it was shutting down on August 8.16 The company’s owner, Ladar Levison, stated on the website’s index page that he had decided to close the firm’s doors after 10 years because he didn’t want to “become complicit in crimes against the American people.”17 This was after the federal government filed a lawsuit in early July once he refused to grant access to one particular user’s email account.18 Snowden had held a Lavabit account since January 2010.19 He used the email address [email protected] to extend his G9 meeting invitations and communicate with human rights groups and his Russian attorneys afterward.20 Even though Levison could say little about the content of Snowden’s emails because Lavabit files are asymmetrically encrypted on the company’s server and only the account holder possesses the key, Levison was put under a gag order. Though initially shut out of their accounts, the 400,000 Lavabit users were later given a 72-hour window to retrieve, record or transfer the contents of their files.21 Levison told The Guardian, “We are entering a time of state-sponsored intrusion into our privacy that we haven’t seen since the McCarthy era. And it’s on a much broader scale.”22 He has since started a legal defense fund, and has raised over $100,000.23
After Obama’s speech, The Guardian set to refute any claims that U.S. intelligence was not legally entitled to conduct surveillance on a U.S. citizen. On August 9, “NSA loophole allows warrantless search for US citizens’ emails and phone calls”24 appeared.
It reveals an FAA 702 “Update,” which is believed to have been in effect since 2011 but metadata establishes was instituted no later than June 2012. The clause gives the NSA authority to investigate “non-US citizens [ … ] outside the US at the point of collection” without a warrant. A slippery slope then ensues through contact chaining of “incidental” domestic data. Until this time, even though the U.S. intelligence admitted “it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under Section 702 authority,”25 intelligence had hidden behind the assertion it had no lawful right to conduct domestic surveillance. Essentially the FAA addendum eradicates the minimization procedures set to protect Americans from being surveilled. The disclosure of the FAA update permitted Senator Wyden to discuss the previously classified surveillance policy, “Once Americans’ communications are collected, a gap in the law that I call the ‘back-door searches loophole’ allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans.” The NSA silently pled guilty after Wyden and Udall informed26 General Alexander that an NSA FAA fact sheet27 posted on the agency’s website misled readers into believing “the law does not allow the NSA to deliberately search for the records of particular Americans.” The fact sheet was later removed.28
Whereas Greenwald’s sister report in June left arguable room for doubt, the existence and implied need for 702’s amendment speaks for itself. It also explains the semantic delicacy incorporated in Washington’s guarantee that Americans were not being watched. Much like data is not considered to be surveilled until it is seen by human eyes, the insinuation was that no direct targeting was taking place. The FAA update proves, at worst, Americans are indirectly targeted; at the very least their data is being retroactively searched.29 XKeyscore’s querying of entire databases of full-take records is now understood to be the administration’s definition of “indirect surveillance.” In an accompanying report titled, “NSA surveillance: the long fight to close backdoor into US communications,”30 it is clear who is at fault. Intelligence agencies and the Department of Justice “reaffirmed” to the chair of the Senate Intelligence Committee, Dianne Feinstein, that database searches “do not provide a means to circumvent the general requirement to obtain a court order before targeting a U.S. person under FISA.” As intelligence hid the existence of law-violating surveillance programs from Congress, it was also misinforming and misdirecting oversight committees.
On Monday, August 12, Der Spiegel produced what begins as a less volatile article, “Ally and Target: US Intelligence Watches Germany Closely.”31 Using classified documents, it reports how the United States views various nations from a surveillance perspective. By its conclusion, the exposé answers a long-standing question about American spying.
By at least April 2013, the NSA prioritized its surveillance of foreign nations. It does so using a sliding scale that gauges a multitude of espionage categories. With 1 being the greatest concern and 5 being the least, foreign policy, economic stability and financial systems, arms exports, new technologies, “advanced conventional” weapons, international trade, counter-espionage and the risk of cyberattacks, energy security and food are all rated. (A subsequent report would include human rights, war crimes, environmental iss
ues and raw materials.)32 Overall, China, Russia, Iran, Pakistan and Afghanistan are “intelligence priorities.” France, Germany and Japan are mid-level concerns while Italy and Spain reside below them. Cambodia, Laos, Nepal, Finland, Denmark, Croatia and the Czech Republic are “more or less irrelevant from a US intelligence perspective.”
U.S. intelligence is mindful but not preoccupied with the foreign policy, economic stability and financial systems of Germany, having issued a grade of 3 to each. The country’s arms exports, new technologies, advanced conventional weapons and international trade earned a rank of 4. The risk of cyberattacks or counter-espionage by its U.N. partner is the least of America’s worries, having merited a score of 5.
The article goes on to discuss an NSA report painfully dubbed, “Tales from the Land of Brothers Grimm.” In it, one German analyst expresses legal and moral apprehensions about using XKeyscore, stating in Der Spiegel’s terms, “[H]e always felt that he had one foot in prison when he was using the program.” The agent’s anxiety suggests that the individual was aware Xkeyscore violated or skirted G-10 laws. However, German spies are also reported to have reveled in their newfound snooping capabilities using the surveillance program. A unit manager relayed that he had finally been able to acquire materials from the Tunisian Interior Ministry which had doggedly eluded his grasp. This was after XKeyscore’s training was broken down into the program’s respective components and presented in 20-minute briefings. Analysts stated the frantic instruction felt like “speed dating.”
The Edward Snowden Affair Page 24
