There’s a fascinating interactive map of the world’s undersea communications cables here. It’s also a pretty good guesstimation guide as to where there are, or are likely to be, NSA or subordinate agencies’ (and other non-affiliated intelligence services’) field stations that funnel the data flowing through such cables through computer systems that analyse traffic and content data.
(via Gizmondo)
A US Federal Court judge has ruled that the National Security Agency’s secret domestic wiretapping program of internal terrorist suspects, was illegal according to the New York Times. The activity violated the 1978 Foreign Intelligence Surveillance Act (FISA) which was put into place after the various inquiries into the activities of the FBI and NSA in the late 1960s and early 1970s. As I’ve said before, that’s hardly a surprise and don’t think this has got a whole lot to do with George W. Bush in particular. Intelligence services might claim to operate under laws but in reality their priorities are not bound by them.But there’s a kind of cycle of collective amnesia that goes on with these inquiries and rulings. This time, the NSA was basically doing almost exactly the same thing as in the earlier period. Some minor superficial changes will occur. People will forget about it. The NSA will carry on. Then in 20 years time, there will be something else that will reveal again the same kinds of activities. Cue collective shock again. And so on. It would take a lot more continual public oversight and openness for them to be held properly to account, and if they were, they’d be very different entities. But that’s not to say that they shouldn’t be held to account: the fact that most democratic nations have what amounts to a secret state within the state that may have very different priorities than the official government or the people should be profoundly worrying. Yet it seems to be such an enormous breach of the democratic ideal that it goes largely unnoticed.
Google is, as I type this, closing down its Chinese site as the first stage of its withdrawal of service from mainland China, in response to numerous attacks on the company’s computers from hackers allegedly connected to the Chinese state and ongoing demands to provide a censored service with which they felt they could not comply. The company claims that Chinese users will still be able to use Google, only through the special Hong Kong website, http://www.google.com.hk, which for historical reasons falls outside the Chinese state’s Internet control regime. Whether this will mean that the site will actually be accessible to Chinese Net users is debateable. Some say they cannot access it already. There are also numerous ‘fake Google’ sites that have sprung up to try to make some fast cash out of the situation.
But there’s more to this of course. Google has been widely reported to have opened its doors to the US National Security Agency (NSA) in order, they say, to solve the hacking issue, but the NSA only get involved in matters of US national security – if Google is essentially saying it is effectively beholden to US intelligence policy and interests, I am not sure that this is a whole lot better than bowing to China. You can be sure as well, that once invited in, the NSA will insinuate themselves into the company. Having a proper official backdoor into Google would make things a lot easier for the NSA, especially in populating its shiny new data warehouse in Utah…
A lot of my current thinking is based around the dynamic of opening / closing. I’ve been considering the way in which elements of state power, and in particular the military and intelligence agencies, regard openness per se as a threat. Now, Wired’s Threat Level blog (just about my favourite reading right now), has an excellent take on the response to what has been termed (in a deliberately mixed-up phrase) the ‘open-source insurgency’. This is the way in which the ex-head of US intelligence, now working for ‘contractor’*, Booz Allen Hamilton, Michael McConnell. is promoting the re-engineering of the Internet. This is necessary, it is argued, because the current openness of the Net means that terrorists and criminals can flourish. This re-engineering would “make attribution, geo-location, intelligence analysis and impact assessment — who did it, from where, why and what was the result — more manageable”. In other words to close the Internet. remove everything that is innovative and democratic about it, and make it easier for agencies like the NSA to monitor it.
Along with a whole raft of measures like extending ‘lawful access’ regimes, introducing corporate-biased copyright and anti-peer-2-peer legislation, censorship and Net filtering, this is an attack on what the Internet has become and to turn it into something simply for consumption – something, in other words, more like television. But there is another layer here too – the US military, I suspect, still has a nostalgic longing for when the Internet was its private domain. It’s a long way from its origins, and now perhaps the military want it back. But it isn’t theirs anymore, it’s ours and we need to fight for it.
* or, more accurately, arm’s length consulting agency of the US state.
John Young’s Cryptome is perhaps the world’s most informative repository of (now, not so) secret documents and whistleblower’s information. Around since 1996, and with its multiple mirror-sites and determined owner, governments have tried and failed to close it down. However now the evil monopolist and maker of appalling bloatware, Microsoft, has succeeded where states have failed by issuing copyright infringement threats against its ISP, Network Solutions. This apparently worried the company more than any government, and as seems to be the usual craven attitude in these cases, the ISP backed down. According to Wired, they have even put a block on the transfer of the domain name so John Young can’t move ISPs…
The problem was that Cryptome published a short Microsoft document, the Microsoft Online Services Global Criminal Compliance Handbook, about the storage and handling of user data held on online servers,which also offers advice on subpoena tactics, info about state backdoors and more. The odd thing is that this document is old news and openly available elsewhere on the web, including via the link above. Given Microsoft’s well-documented links to US intelligence, could this just be an excuse to take out Cryptome, which has revealed so much about the National Security Agency over the years? Or is this just Microsoft’s usual clumsy, blinkered legal blundering?
James Bamford has a superb review of the new book by Matthew Aid about the US National Security Agency (NSA) in the New York Review of Books this month. What seems to be causing a stir around the intelligence research (and computing) community is the reference to a report by the MITRE corporation into a the information needs of the NSA in relation to new central NSA data repository being constructed in the deserts of Utah. The report, which is being rather speculative, says that IF the trend for increasing numbers of sensors collecting all kinds of information continues, then the kind of storage capacity required would be in the range of yottabytes by 2015 – as CrunchGear blog points out: there are “a thousand gigabytes in a terabyte, a thousand terabytes in a petabyte, a thousand petabytes in an exabyte, a thousand exabytes in a zettabyte, and a thousand zettabytes in a yottabyte. In other words, a yottabyte is 1,000,000,000,000,000GB.” However CrunchGear misses the ‘ifs’ in the report as some of the comments on the story point out. There is no doubt however, that the NSA will have some technical capabilities that are way beyond what the ordinary commercial market currently provides and it’s probably useless to speculate just how far beyond. Perhaps more important in any case, are the technologies and techniques required to sort such a huge amount of information into usable data and to create meaningful categories and profiles from it – that is where the cutting edge is. The size of storage units is not really even that interesting… The other interesting thing here is the hint of competition within US intelligence that never seems to stop: just a few months back, the FBI was revealed to have its Investigative Data Warehouse (IDW) plan. Data Warehouses or repositories seem to be the current fashion in intelligence: whilst the whole rest of the world moves more towards ‘cloud computing’ and more open systems, they collect it all and lock it down.
I’ve noted before that there seems to be a concerted push around the world by governments to introduce comprehensive new telecoms surveillance laws that force telecommunications and Internet Service Providers (ISPs) to record, store, and provide access to and/or share with state intelligence agencies, the traffic and/or communications data of their customers (in other words, users like us). What is noticeably here is that there is a particular logic that appears in the arguments of governments who are attempting to persuade their parliaments or people of the need for such laws. This logic that is firstly, circular and self-referential, in that it makes reference to the fact that other governments have passed such laws as if this in itself provides some compelling reason for the law to be passed in their own country. The second part of this is a king of competitive disadvantage arguments that flows from the first argument: if ‘we’ don’t have this law, then somehow we are falling behind in a never openly discussed intelligence-capability race that will hit national technological innovation too.
The media often seem oblivious to what seems obvious, and hence the story on the CTV news site today with reference to Canada’s currently proposed communications law that would allow the Canadian Security and Intelligence Service (CSIS) warrantless access to such the data from Internet and telecoms providers. They consider it to be ‘unexpected’ that the parliamentary Security Intelligence Review Committee has come out in support of the bill. Looking at the reasons why though, they are exactly what one would expect if one has been following the debates around the world and contain exactly the logics I have outlined. The story notes that the committee “points out that governments in the United States and Europe have already passed laws requiring co-operation between security agencies and online service providers” (without, incidentally, pointing out that these remain enormously controversial, or that other governments have abandoned some of their attempts) and later that “intelligence technology… requires continued access to new talent and innovative research.” However they won’t go into details as it is a “very sensitive matter.”
And absent from this debate as usual is the fact that this is not just a question of ‘national security’ if you set up these systems, you feed the US National Security Agency too. Canadian intelligence is still bound by agreements made after WW2, particularly the CANUSA agreement on Signals Intelligence (SIGINT), later incorporated into the UKUSA structure. And as we all know, right now, the USA does not always have the same strategic interests as Canada (the issue of arctic sovereignty is just one example). If this bill is passed, it’s a license for US spies, not just Canadian ones.
In one of those fortuitous instances of synchronicity, there are two stories today that illustrate some of both the commonalities and the differences between state surveillance practices and regulation in the UK and the USA.
In the UK, The Guardian has revealed that the Surveillance Commissioner (a separate office to the Information Commissioner) has been very critical behind the scenes, as the Lords Committee was in public, of the uses to which the Regulation of Investigatory Powers Act (2000) (RIPA) has been put, not this time by local government, but by national ministries like the Department for Environment, Food and Rural Affairs (DEFRA) and agencies, including Ofcom (the broaadcast and communications regulator) and the Charities Commission. DEFRA came in for a particular telling-off over its spying on fishermen. The chief commissioner, Sir Christopher Rose found generalised lax practice, a lack of proper justification for and proportionality in the used of RIPA, and little training or accountability. In short, RIPA is being used because the powers exist not because there is any pressing justification to use surveillance in this manner – the used of surveillance has expanded because it is available.
It is very interesting that The Guardian had to discover all this through Freedom of Information Act (FOIA) requests, and that the Surveillance Commissioner had not put all of this in the public domain as a matter of course. It highlights for me, once again, the clear difference in attitude and regulatory practice between him and the open, accountable, and active Information Commissioner’s Office (ICO). It confirms my view that we would be much better off if the Surveillance Commissioner’s work was absorbed into the ICO.
In the USA, it is to lawyers that people immediately turn if some bad practice is suspected on behalf of the government. The Los Angeles Times reports that on Friday, the US government lost the case it had been bringing to try to stop an Islamic charity based in Oregon from suing them over what they claim were illegal wiretapping operations targeted at them. The case stems from the Bush administration’s attempts to bypass what were already very weak regulations governing the surveillance of American citizens which were introduced in the Foreign Intelligence Surveillance Act (1978) (FISA) and recently amended in the Protect America Act (2007). Requests are supposed to go to the Foreign Intelligence Surveillance Court (FISC) which meets in secret and does not have to publish its rulings and so far as we know, has never turned down a request – so it is somewhat mystifying except as a matter of speed and convenience that the Bush administration did bypass the court.
Now the Obama administration is (shamefully) defending the actions of his predecessor. This is not entirely surprising. Intelligence is one area of continuity between governments: it is what Peter Gill called the ‘secret state’, a core that remains constant regardless of changes of administration. Nixon and Bush were both stupid enough to get caught, but the NSA, CIA and FBI are continually looking for different ways to get around domestic regulations on surveillance. Political devices like the UKUSA agreement served this purpose for many years – whereby Canadian and British intelligence services would collect SIGINT on Americans and supply it to the NSA and vice-versa. But GCHQ and others just don’t have the capabilities to carry out the amount of monitoring that now goes on. It’s been the reality for many years now that the NSA in particular does spy on Americans. Again, they have the capabilities so those capabilities are used.
Of course, unlike in the UK, we are talking about the threat of terrorism not anglers catching one-too-many fish; that really does say something about the petty bureaucracy that characterises the UK! However RIPA was also justified originally with reference to terrorism and serious and organised crime. Anyway, the ruling in the Oregon case clearly states that state secrets privilege was not enough to justify warrantless surveillance of suspects, whatever they had allegedly done. It seems that at least is one point of hope that the USA and the UK have in common. Let’s see where these situations now lead in each country…
The Online Jounal has published a piece by ex-NSA operative and perennial thorn in the side of the organisation, Wayne Madsen, which gives far more detail of the system of illegal wiretapping of e-mails, in operation over recent years.
According to Madsen, two NSA programs for text interception are known to exist, one called PINWALE, which mainly targets Russian e-mails, and secondly the STELLAR WIND program, which “was initiated by the George W. Bush administration with the cooperation of major U.S. telecommunications carriers, including AT&T and Verizon.” and “was a major priority of the NSA program”.
Madesen gives details of how PINWALE and there’s little reason to suppose that STELLAR WIND is very different. Basically these programs search a range of ‘metadatabases’, repositories of captured text from millions of people around the world, outside and inside the USA. The search parameters include: “date-time, group, natural language, IP address, sender and recipients, operating system, and other information embedded in the header”.
Madesen claims that both STELLAR WIND and PINWALE “negated both USSID 18 and the Foreign Intelligence Surveillance Act of 1978 [which were introduced following the Church Committee report into illegal operations by the NSA in the 1960s and early 1970s] by permitting NSA analysts to read the e-mails, faxes, and text messages of U.S. persons”
The three metadatabases are called LION HEART, LION ROAR, and LION FUSION and were developed, as with many NSA systems in conjunction with an external contractor, in this case, Booz Allen Hamilton, which Madsen previously revealed was also responsible for FIRSTFRUITS, program used to track the articles, and communications of particular journalists.
There’s more detail in the article, and one other thing is certain. All these exotic codenames will now be history, as all intelligence agencies have a policy of changing them once they are revealed. Journalists still talk about ECHELON as if it exists as an active NSA operation, but that one hasn’t existed under that name for twenty years or more. There are a huge diversity of NSA programs for all kinds of communications interception and sorting. Each component will have its own terminology and many will be temporary parts of a greater whole, which may not even exist by the time they are revealed. At least former insiders like Madsen can keep some track of developments…
The American Civil Liberties Union (ACLU) is calling for President Obama´s administration to release secret files that would shed light on the previous US government´s security and surveillance policies, including the now use of torture and warrantless surveillance. It´s a good move of course, but as I´ve previously remarked, the NSA and others have been doing this for almost 50 years, either directly or indirectly through UKUSA allies, warrants or no warrants, so what makes anyone think that they only started doing this under Bush or will stop if such information is released? As intelligence researcher, Loch K. Johnson, remarked about the Church Committee hearings in the 1970s, one thing they showed was that, when it came to illegal intelligence activities, the office of the President was an irrelevancy. Bush was probably even more irrelevant than most. Still, sunlight is the best disinfectant… but if Obama can change the internal culture of US intelligence, he will truly have performed a miracle.
ubisurv 