GCHQ already had three major companies under its thumb and could access 30 types of VPNs by 2010. It hopes to have the codes of 15 Internet firms and 300 VPNs by 2015. A 2012 quarterly update suggests British intelligence has compromised Google’s security after “new access opportunities” presented themselves. GCHQ was still working on Hotmail, Yahoo and Facebook’s encryption programs. Where the information couldn’t be bought, GCHQ put personnel on the ground. British intelligence recruited and deployed undercover agents to get hired by Internet firms in order to gain access to encryption keys.
Information regarding the agencies’ decryption programs is one of their most closely kept and guarded secrets. A classified instruction slide insists, “Do not ask about or speculate on sources or methods underpinning Bullrun.” Analysts are told there is no “need-to-know” basis for relaying information about the spy tool. Even decoded data cannot be stamped as a Bullrun product: “Reports derived from BULLRUN materials shall not reveal (or imply) that the source data was decrypted. The network communication technology that carried the communication should not be revealed.” Loss of surveillance capabilities as a result of “damage to industry relationships” is the greatest fear. (Washington had asked the Post to censor the names of the nine Internet companies which appear on the PRISM slides.)116 By comparison, public backlash is listed as a “moderate” concern.
Whereas The Guardian presented its own account of the encryption scandal, ProPublica and the Times joined forces. ProPublica christened its article, “Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security”117 while the Times opted for “N.S.A. Able to Foil Basic Safeguards of Privacy on Web.”118 Aside from their titles, only a few editorial amendments and two excised lines from the ProPublica version divide the work. As with any case of multiple reports on the same issue, the joint exposé covers much the same ground as The Guardian but places emphases in particular areas of interest while only mentioning aspects of the discussion Greenwald deemed more relevant. Mindful of its audience, the Times/ProPublica report is less concerned than The Guardian about GCHQ’s role in undermining encryption technology. It devotes a large portion of its time to the NSA’s pursuit of coded data.
As revealed in Greenwald’s June 20 warrantless surveillance exposé, the editorial reminds readers it is NSA policy to (capture and) store encrypted communications regardless of its (revealed) place of origin or the nationality of its sender. It adds that Bullrun had a predecessor, “Manassas.” Manassas is the Confederate title for the Battle at Bull Run but is also the name of an iron-clad ship used by the South during the Civil War. Ironically, the CSS Manassas was decommissioned shortly after being put into battle.
One of the article’s primary concerns is the manner in which encrypted data is acquired. The report notes, “In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a backdoor.” (This line was excised from the ProPublica rendition, as was the redundant, “Some companies have been asked to hand the government the encryption keys to all customer communications, according to people familiar with the government’s requests.”) Just as it had paid Cisco to install exploitable defects in its routers,119 when a foreign intelligence target ordered new American computer hardware, the U.S. government had the manufacturer install a backdoor into the product.
The NSA’s collection of encryption keys is large enough have its own named database, the Key Provisioning Service. If the storehouse doesn’t have a key the NSA needs, the politely titled “Key Recovery Service” (GCHQ’s equivalent division is code-named “Cheesy Name”) is sent out to procure it. Following Greenwald’s claim that ground agents are given cover and engage in social engineering to get passwords companies diligently refuse to hand over, the news sources report the NSA also hacks into businesses’ databases in order to get encryption codes. Because of this, the Five Eyes only share decrypted messages if they were gathered using legally obtained keys. As an incriminatory GCHQ document states, “Approval to release to non-Sigint agencies will depend on there being a proven non-Sigint method of acquiring keys.” Yet this clause may only exist for staff morale. Snowden told Appelbaum, “They [foreign nations] don’t ask to justify how we know something, and vice versa, to insulate their political leaders from the backlash of knowing how grievously they’re violating global privacy.”120 Regardless, this leaves open the possibility the quintet of spy agencies—much like U.S. intelligence’s relationship with Pakistan, Israel and Germany—could be less than forthright in their joint surveillance activities since all have an alibi for withholding information. An internal NSA document even acknowledges that GCHQ has “unspecified capabilities against network technologies.”
Though the NSA expects to have “full unencrypted access” to an unnamed Internet company, a Middle Eastern Internet service, as well as the data from three foreign governments by the close of 2013, its goal is not comprehensive retrieval of encrypted data. To save time, energy and resources, it hopes to obtain the power to do to all communications what it does with Microsoft: gain direct and live pre-encryption access.
Between the two reports, the British and American spy agencies’ encryption agenda is clear. In the event they don’t already own a website’s public key, they first attempt to financially coerce the Internet company into surrendering its key. If the business refuses, it is threatened with a court order. If it obstinately stands on principle, a hacking directive is issued. Should the company’s defenses prove to be impenetrable, moles are placed within the business to commandeer the code.
Fantastico returned on September 8 with a 13-minute feature121 over the NSA’s monitoring of the Brazilian oil giant Petrobras, specifically the company’s internal computer network. The Rede Globo production also includes insight into the NSA and GCHQ’s surveillance techniques. Petrobras was not only surveilled, it was deemed a prime example of a target in a series of NSA training slides outlining how to conduct corporate, government and financial espionage. It includes the SWIFT network, “the cooperative that unites over ten thousand banks in 212 countries.” All international banking transfers use SWIFT. The slides cite Google and the private network of France’s Ministry of Foreign Affairs as other exemplary targets.
As with diplomatic surveillance operations, access to financial and business records provides what is essentially insider trading information to the United States. Petrobras is one of the 30 largest companies in the world.122 When questioned, GCHQ failed to respond, but the NSA reassured Brazil its economic surveillance was conducted only to aid in determining if an impending financial crisis was looming. It stated the intelligence was in no way used “to steal the trade secrets of foreign companies on behalf of—or give intelligence we collect to—U.S. companies to enhance their international competitiveness or increase their bottom line.” Clapper stated, “It is not a secret that the intelligence community collects information about economic and financial matters, and terrorist financing.”123 It seems unlikely the NSA suspected the oil entrepreneur of having links to terrorism. Despite the American grievance that Chinese cyberspies hacked into the Pentagon and stole millions of dollars in military defense planning, the NSA had gained access to the latest technological advances in oil detection and extraction through Petrobras. Ethically, China’s espionage dealt with a foreign nation’s defense capabilities; America’s spying focused on the private sector.
Accompanying documents also reveal two GCHQ operations code-named “Flying Pig” and “Hush Puppy.” They are used to spy on TSL and SSL data transfers. The existence of the programs implies the agency does not have access to all encryption codes because MITM attacks were being used to intercept these coded communications.124 The training slides tell analysts, “foreign government networks, airlines, energy and financial organizations” are susceptible to MITM intrusions.
On the first day of the G20 Summit, Brazil’s president confronted Obama about the allegations that she had been the v
ictim of American espionage. She’d told the president, “I want to know everything that they [American intelligence agencies] have. Everything.”125 It was confirmed she still intended to go to the White House in October.126 A little over a week after the Petrobras report, Rousseff canceled the meeting.127
When O Globo first revealed American intelligence had been spying on her country, Rousseff initiated internal and external investigations into the claims. The country summarily started planning to reroute mainline undersea fiber-optic cables to bypass American connections and link directly with Europe and Africa. By August Brazil had signed a joint satellite venture with France and Italy to further secure the nation’s communications. Because of the disclosures, Brazil will have its own national encrypted email system by 2014 so citizens can abandon American communication services such as Hotmail and Google.128 After returning from the summit, Rousseff started pushing her legislators to pass a bill which would force foreign communication companies to store her country’s domestic data on Brazilian servers.129 Only the U.S. and India have more Facebook account holders.130
The next day Der Spiegel issued “iSpy: How the NSA Accesses Smartphone Data.”131 From a public relations perspective it was a deadly blow to the surveillance debate. It confirms that GCHQ’s dream of “exploit[ing] any phone, anywhere, any time” had become a reality. The Poitras editorial begins with the tale of then-NSA chief Michael Hayden being solicited by an Apple salesperson. The employee bragged that the new iPhone had over 400,000 apps (“apps” are additional applications or programs a cell phone user can elect to download). Hayden turned to his wife and announced, “This kid doesn’t know who I am, does he? Four-hundred-thousand apps means 400,000 possibilities for attacks.”
The ability for intelligence agencies to use cell phones to spy on their owners is the result of the evolution of cellular technology. Cellular communication had gone from the basic cell phone which was only able to make and receive calls, to the “feature phone” that had the capability to receive texts and emails (and, later in its development, take pictures), to the smartphone which is a handheld computer. Poitras reports that half of mobile subscribers in Germany, over two-thirds of the British and 50 percent of Americans who own a cell phone—130 million—have smartphones. The three main types of smartphones are Apple’s iPhone, Google’s Android and the independently owned Canadian BlackBerry.
In early 2013 smartphones surpassed feature phone sales.132 Because of smartphones’ popularity, prevalence and capability, the NSA had found its long-awaited surveillance Mecca. An NSA presentation asks the analyst, “Does your target have a smartphone?” and lists spying techniques which can be used to exploit iPhones. The NSA has the ability to monitor 38 features and four operating systems of the Apple product. This includes a phone’s texting, voicemail, photos, Facebook and Yahoo messenger features. The agency can tell where a smartphone owner has been, is, and plans to be through a user’s Google Earth searches, GPS and mapping programs. The NSA acknowledges the process is made even easier because most users don’t know these features have been activated. In most cases, the factory default for these programs is set to initiate when the phone is turned on for the first time.
This is not a new discovery. In late 2011 a systems administrator named Trevor Eckhart found that software designed by Carrier IQ was programmed to record dialed numbers (even if they are not transmitted), texts, Internet searches and keystrokes. The information was then relayed to the phone’s provider which, by law, would be available to the NSA. Contrary to telecoms’ denials, statistics suggest Carrier IQ’s product was installed on virtually every smartphone. Andrew Coward, a Carrier IQ marketing manager, confirmed the report.133 Nine days later, the company adamantly refuted Coward’s statement. Echkart was presented a cease-and-desist letter. When the Electronic Frontier Foundation offered the computer technician legal assistance, Carrier IQ suddenly backed down.134
Poitras reports that additional classified data shows family photos, images of war zones and group pictures of friends that the NSA had stolen from smartphones. One picture is a self-portrait by a former foreign government official. Poitras suggests it is pornographic. U.S. intelligence can even tell where pictures were taken. A photo’s GPS is inserted into the code of every picture captured by a smartphone as an Exif tag.
However, as witnessed in Snowden’s precaution of having Greenwald, Poitras, Harrison and Russian attorneys remove the batteries and place their phones in the refrigerator, merely disabling these features is futile. Cell phones are designed to run at a low frequency even when they are turned off. This is perhaps one of the reasons why many models of smartphones have imbedded, or built-in, power sources. American intelligence calls the covert espionage capability “The Find.” It was first utilized in 2004 and uses a type of spyware which is installed when a person innocently agrees to download a product update.135 It was discovered in 2009 when a design flaw in the spyware crashed servers.136 But Snowden wasn’t merely attempting to keep his location a secret. He didn’t want U.S. intelligence hearing what he had to say. The ability for authorities to remotely listen to conversations even when a phone is turned off was revealed in a 2006 court ruling.137
Even the smartphone which is marketed on its reputation for security has been compromised by the NSA. Poitras includes a screenshot of an instructional slide titled, “Your target is using a BlackBerry? Now what?” It contains a BlackBerry’s decrypted email from a Mexican government agency. Because of its security features, BlackBerry was once the preferred cell phone for government employees. Now less than half of federal workers use the product.
Poitras states that users make it even simpler for the NSA to spy. Because most smartphone owners have their phones programmed to “synch” or relay all of the phone’s data to their personal computer, the NSA has two outlets to retrieve information. But the particulars are not important because a three-frame overview138 labeled “Top Secret” and titled, “iPhone Location Services” reveals the NSA’s attitude, approach and capabilities.
The first slide, which bears the caption, “Who knew in 1984 … ,” contains two pictures from Ridley Scott’s iconographic Apple commercial which aired during that year’s Super Bowl. The advertisement is an adaptation of a scene from George Orwell’s classic 1949 dystopian tale, Nineteen Eighty Four. It is thematically relevant because Orwell presents a totalitarian state which is under constant and absolute government surveillance. The next slide shows former Apple co-founder and CEO Steven Jobs presenting the latest iPhone to audiences. The caption continues from the first slide, “ … that this would be big brother … .” This is referring to the cell phone and not Jobs. Big Brother is the metaphor for the omnipresent eye in Orwell’s novel. The last slide houses two pictures: an enthralled, dancing customer who has just purchased an iPhone and a person with “iPhone 4” painted on his cheek. The caption finishes the sentence, “ … and the zombies would be paying customers?”
“Who knew in 1984 that this would be big brother, and the zombies would be paying customers?” The individuals in the final slide do not appear to be terrorists.
The NSA had turned the people’s phones against them. The intelligence agency even mocks the fact that the watched are, through their own taxes, paying the watchers to spy on them. The “zombies” don’t even own the legal rights to the phones which are tracking their every move and thought. When a cell phone’s contract is paid off, the phone’s owner receives an “unlock code” which is essentially the digital deed to the device. Only after the code is entered, thereby “rooting” the phone, can a person have complete control over the machine’s programming. (In January 2013, Congress made it illegal to unlock a cell phone without the provider’s consent.)139 Until then, because the phone is property of the manufacturer, the company decides which programs are mandatory. Obama’s reassurance on August 9 that skeptics of federal oversight can rely on private industry to develop and provide privacy measures was insulting to all but the most uninitia
ted. The businesses offering the technology were issued court orders and paid millions of dollars to obtain and surrender user data to the government. The communications providers and U.S. government have little worry that the masses will one day control their phones. Long before most smartphone owners pay off their contact, they are hungry for the latest technology and freely enter into another agreement. Until then, the phone as well as the data within it is property of the provider.
As the last slide states, the irony is that the government didn’t have to convince or coerce its citizens that surveillance was necessary. Nor did it have to spend money to do so. The watched have shown they are willing and eager to hand over their rights and hundreds of thousands of dollars for what is essentially government surveillance tools disguised as an all-in-one phone, computer and personal manager. There are even biometric apps that users can download free of charge. They monitor sleep patterns, recognize fingerprints and track walking and running rates. Most smartphones come equipped with voice recognition software. Moreover, smartphone clients are not only allowing themselves to be freely surveilled, they are working for American intelligence. With Exif tags, the NSA is able to create a layout of the inside of a building, business or home without having to place bugs or implants within the facility because smartphone users are unconsciously acting as undercover spy agents each time they take a picture.
The U.S. government had been watching its citizens since the advent of the telegram, but only recently has it been able to do so with near-absolute precision, accuracy and mind-numbing ease. Though it was inevitable, it had been predictable. Since the time of the wired cable, each step of technology afforded the U.S. government greater and greater surveillance opportunities. From the widespread use of the telephone to the advent of the Internet, federal spies clipped the heels of technology as it moved toward the panopticon. The NSA is correct, 1984 is now.
The Edward Snowden Affair Page 29
