Category: telephone tapping

EU Telecommunications Directive in effect

From today, private lives in the UK will be a little less private, as EU Directive 2006/24/EC becomes part of national law.

Traffic data on e-mail, website visits and Internet telephone calls now have to be recorded and retained by Internet Service Providers (ISPs). Specifically, the Directive mandates the retention of: the source of a communication; the destination of a communication; the date, time and duration of a communication; the type of communication; the type and identity of the communication device; and the location of mobile communication equipment.

This is coming into force despite the fact that many countries and ISPs still object to the directive. It has to be said that many ISPs are objecting on grounds of cost rather than any ethical reason. German courts are yet to determine the constitutionality of the directive and Sweden is not going to implement it at all.

As with many of these kinds of laws, it was rushed through on a wave of emotion after a particular ‘trigger event’ – in this case, the 7/7 bombings in London in 2005. There was a whole lot of devious practice in the Council of Ministers to get it passed too – if the Directive had been considered as a policing and security matter, it would still have needed unanimity, which means that the objections of Germany and Sweden would have vetoed the Directive. Instead, it was reclassified as ‘commercial’ on the grounds that it was about the regulation of corporations, and commerical matters need only a majority vote. How convenient…

The Home Office in Britain says our rights are safe because of RIPA, which is hardly cause for rejoicing. My main concerns, apart from the fact that this is yet another moment in the gradual erosion of private life, are that:

1. police access will rapidly become routine rather than specific, and this could be extended to many other public authorities – the original drafts of the Communications Bill would have extended the right of access to such data to all RIPA-empowered organisations (which includes most public authorities);

2. the data will be used illicitly by ISP employees for criminal purposes (remember that most identity thefts are inside jobs) – the records will be a blackmailers delight;

3. there will more ‘losses’ of this data by ISPs and others who have access to it. Remember the accidental revelation of user data by AOL in the USA?

Surveillance in the UK and the USA: commonalities and differences

In one of those fortuitous instances of synchronicity, there are two stories today that illustrate some of both the commonalities and the differences between state surveillance practices and regulation in the UK and the USA.

In the UK, The Guardian has revealed that the Surveillance Commissioner (a separate office to the Information Commissioner) has been very critical behind the scenes, as the Lords Committee was in public, of the uses to which the Regulation of Investigatory Powers Act (2000) (RIPA) has been put, not this time by local government, but by national ministries like the Department for Environment, Food and Rural Affairs (DEFRA) and agencies, including Ofcom (the broaadcast and communications regulator) and the Charities Commission. DEFRA came in for a particular telling-off over its spying on fishermen. The chief commissioner, Sir Christopher Rose found generalised lax practice, a lack of proper justification for and proportionality in the used of RIPA, and little training or accountability. In short, RIPA is being used because the powers exist not because there is any pressing justification to use surveillance in this manner – the used of surveillance has expanded because it is available.

It is very interesting that The Guardian had to discover all this through Freedom of Information Act (FOIA) requests, and that the Surveillance Commissioner had not put all of this in the public domain as a matter of course. It highlights for me, once again, the clear difference in attitude and regulatory practice between him and the open, accountable, and active Information Commissioner’s Office (ICO). It confirms my view that we would be much better off if the Surveillance Commissioner’s work was absorbed into the ICO.

In the USA, it is to lawyers that people immediately turn if some bad practice is suspected on behalf of the government. The Los Angeles Times reports that on Friday, the US government lost the case it had been bringing to try to stop an Islamic charity based in Oregon from suing them over what they claim were illegal wiretapping operations targeted at them. The case stems from the Bush administration’s attempts to bypass what were already very weak regulations governing the surveillance of American citizens which were introduced in the Foreign Intelligence Surveillance Act (1978) (FISA) and recently amended in the Protect America Act (2007). Requests are supposed to go to the Foreign Intelligence Surveillance Court (FISC) which meets in secret and does not have to publish its rulings and so far as we know, has never turned down a request – so it is somewhat mystifying except as a matter of speed and convenience that the Bush administration did bypass the court.

Now the Obama administration is (shamefully) defending the actions of his predecessor. This is not entirely surprising. Intelligence is one area of continuity between governments: it is what Peter Gill called the ‘secret state’, a core that remains constant regardless of changes of administration. Nixon and Bush were both stupid enough to get caught, but the NSA, CIA and FBI are continually looking for different ways to get around domestic regulations on surveillance. Political devices like the UKUSA agreement served this purpose for many years – whereby Canadian and British intelligence services would collect SIGINT on Americans and supply it to the NSA and vice-versa. But GCHQ and others just don’t have the capabilities to carry out the amount of monitoring that now goes on. It’s been the reality for many years now that the NSA in particular does spy on Americans. Again, they have the capabilities so those capabilities are used.

Of course, unlike in the UK, we are talking about the threat of terrorism not anglers catching one-too-many fish; that really does say something about the petty bureaucracy that characterises the UK! However RIPA was also justified originally with reference to terrorism and serious and organised crime. Anyway, the ruling in the Oregon case clearly states that state secrets privilege was not enough to justify warrantless surveillance of suspects, whatever they had allegedly done. It seems that at least is one point of hope that the USA and the UK have in common. Let’s see where these situations now lead in each country…

German Corporations in Trouble over Surveillance

t seems that there is a mood in Germany for much stronger action, and a growing awareness that the country cannot, unlike in the UK at present, or indeed Germany in its own recent past, be allowed to slip into a situation in which surveillance becomes normal…

There is a major ongoing storm in Germany over the behaviour of its major corporations in spying on workers. There is a nice summary news report from the BBC which you can watch here.

The newest scandal emerged in January when it was revealed that the railway company, Deutsche Bahn, had conducted surveillance operations against thousands of its staff, both workers and management, possibly over years. The operations, with names like ‘Squirrel’, involved all kinds of intrusive internal espionage including tracking family members. The company’s aim was apparently to do with corruption and links to other rival corporations but the management have now admitted they went too far.

Internal security was also the reason behind the massive surveillance operations at Deutsche Telekom, the communications giant, possibly dating back to 2000. Here journalists and managers were targeted by a private detective agency. And of course then there was last year’s scandal over the way that the Lidl supermarket chain created a kind of Stasi-style operation at many of its stores and warehouses in Germany and the Czech Republic with secret cameras and operatives making detailed notes on the movements (especially toilet breaks) of its employees. According to The Guardian, the level of personal detail recorded by the store was incredible, one entry read: “Frau M wanted to make a call with her mobile phone at 14.05 … She received the recorded message that she only had 85 cents left on her prepaid mobile. She managed to reach a friend with whom she would like to cook this evening, but on condition that her wage had been paid into her bank, because she would otherwise not have enough money to go shopping.”

In the BBC report, the conclusion seems to be that better data protections laws are needed. Certainly this is true. But the cases involving corporations are important because they provide clear and comprehensible examples of how people ‘with nothing to hide’ can be targeted anyway and do have to be worried. There are enough of them too to show that this is not a series of isolated cases, but a part of a ‘culture of surveillance’. However it seems that there is a mood in Germany for much stronger action, and a growing awareness that the country cannot, unlike in the UK at present, or indeed Germany in its own recent past, be allowed to slip into a situation in which surveillance becomes normal. This means more than stronger DP, it means not allowing corporations and government to reduce fundamental liberties with arguments about ‘exceptions’. There seems to be growing awareness from the strong German Trades Unions in particular about this, we will see if this translates into wider social, and state, action.

Australian targeted surveillance convictions ‘appallingly low’

If mass surveillance (through CCTV and huge databases) is often ineffective, then surely targeted surveillance, through judicially-approved orders warranting the use of high-tech secret cameras, listening devices and tracking, must at least ‘work’. However, The Canberra Times reports that in Australia at least, this does not appear to be the case.

In fact out of 311 such warrants issued in 2007-8, just 86 individuals were prosecuted and only 10 criminal convictions resulted. Now we don’t know exactly why this was in each case, however it does suggest that Bill Rowlings, the Civil Liberties Australia chief executive is right to describe the conviction rates as “appallingly low” indicting that the many if the warrants for targeted surveillance are “fishing expeditions” by the police, rather than backed by serious evidence.

It would be interesting to see how the Australian figures compare to those available for similar countries, particularly the UK (if indeed the figures are available and comparable).

More details of illegal NSA wiretap program revealed

The Online Jounal has published a piece by ex-NSA operative and perennial thorn in the side of the organisation, Wayne Madsen, which gives far more detail of the system of illegal wiretapping of e-mails, in operation over recent years.

According to Madsen, two NSA programs for text interception are known to exist, one called PINWALE, which mainly targets Russian e-mails, and secondly the STELLAR WIND program, which “was initiated by the George W. Bush administration with the cooperation of major U.S. telecommunications carriers, including AT&T and Verizon.” and “was a major priority of the NSA program”.

Madesen gives details of how PINWALE and there’s little reason to suppose that STELLAR WIND is very different. Basically these programs search a range of ‘metadatabases’, repositories of captured text from millions of people around the world, outside and inside the USA. The search parameters include: “date-time, group, natural language, IP address, sender and recipients, operating system, and other information embedded in the header”.

Madesen claims that both STELLAR WIND and PINWALE “negated both USSID 18 and the Foreign Intelligence Surveillance Act of 1978 [which were introduced following the Church Committee report into illegal operations by the NSA in the 1960s and early 1970s] by permitting NSA analysts to read the e-mails, faxes, and text messages of U.S. persons”

The three metadatabases are called LION HEART, LION ROAR, and LION FUSION and were developed, as with many NSA systems in conjunction with an external contractor, in this case, Booz Allen Hamilton, which Madsen previously revealed was also responsible for FIRSTFRUITS, program used to track the articles, and communications of particular journalists.

There’s more detail in the article, and one other thing is certain. All these exotic codenames will now be history, as all intelligence agencies have a policy of changing them once they are revealed. Journalists still talk about ECHELON as if it exists as an active NSA operation, but that one hasn’t existed under that name for twenty years or more. There are a huge diversity of NSA programs for all kinds of communications interception and sorting. Each component will have its own terminology and many will be temporary parts of a greater whole, which may not even exist by the time they are revealed. At least former insiders like Madsen can keep some track of developments…

An aerial view of the NSA's station at Yakima in Washington State (Cryptome)
An aerial view of the NSA's station at Yakima in Washington State (Cryptome)

ACLU calls for release of Bush security info

The American Civil Liberties Union (ACLU) is calling for President Obama´s administration to release secret files that would shed light on the previous US government´s security and surveillance policies, including the now use of torture and warrantless surveillance. It´s a good move of course, but as I´ve previously remarked, the NSA and others have been doing this for almost 50 years, either directly or indirectly through UKUSA allies, warrants or no warrants, so what makes anyone think that they only started doing this under Bush or will stop if such information is released? As intelligence researcher, Loch K. Johnson, remarked about the Church Committee hearings in the 1970s, one thing they showed was that, when it came to illegal intelligence activities, the office of the President was an irrelevancy. Bush was probably even more irrelevant than most. Still, sunlight is the best disinfectant… but if Obama can change the internal culture of US intelligence, he will truly have performed a miracle.

Obama’s new NSA-approved PDA

One story I didn’t mention last week, but which still seems to be doing the rounds, is the saga of new US President Obama´s PDA. Obama is well-known as a Blackberry-addict, using it constantly during the campaign, but as CNET pointed out such wireless devices are known to be highly insecure and vulnerable to all kinds of illicit monitoring and capture. There is, however, one device approved by the US National Security Agency (NSA), which its own employees use, the Sectera Edge Secure Mobile Environment Portable Electronic Device (SME PED), made by defence contractor, General Dynamics C4 Systems of Scottsdale, Arizona. It looks pretty similar to athe Palm Treo series, apart from the strengthned chasis, ‘secure’ ports and special ‘trusted’ display… all this for just $3500! (I hope he´s better at not losing his phones than me…)

Obama´s new PDA
Obama's new PDA

The rest of us, I guess will just have to put up with our insecure communications. The CNET article gives plenty of scary examples of just how insecure they are to simple hacking, even without the NSA’s rather more sophisticated programs. Of course even such NSA-approved ‘secure’ systems will undoubtedly have built-in backdoors that are accessible to the NSA, which is one of the main reasons they are even involved in the development of such technologies. And it is not just these unusual products of course – remember the Windows backdoor revelations from a few years back? Or further back, the Swedish government’s discovery that the NSA could access all their encrypted Lotus Notes documents – this later reverse engineering of the backdoor by Adam Back shows that the spooks are not without a (very bleak) sense of humour. Obama might now have secure communications, but there is always one agency whose evesdropping even he will not be able to avoid…

“Harpooning fish from an airplane”: NSA surveillance of US citizens

If the NSA can put this down to a period of bad leadership and bad policy, it might be allowed to get on with what it does relatively unhindered in the Obama era.

Boingboing has a link to a ten-miunte long MSNBC inerview with Russell Tice, an ex-National Security Agency (NSA) employee who is the latest in the long line of NSA whistleblowers after the likes of Wayne Madsen and Magaret Newsham. Tice’s revelations concern the NSA’s monitoring of internal communications in the USA after 9/11. According to Tice, the NSA both swept all US communications and also targeted specific groups, including journalists, for more comprehensive collection.

I have no idea how genuine Tice is and in many ways, despite the occasional choice phrase to describe SIGINT operations like the one with which I titled this post, he is a lot less interesting than Madsen or Newsham in that he’s not really telling us anything we didn’t know already. There is also a rather naive attitude from mainstream organisations like MSNBC that this is all down to the evil President Bush. This seems to suggest a lack of knowledge of history – do they really not remember the massive scandal over the very same use of watchlists by the NSA on behalf of the FBI in the 1960s? The huge inquiry led by Senator Frank Church in the 1970s? Can they continue to pretend that this is all totally new and that we can forget about ECHELON and the fact that this kind of surveillance is pervasive and systematic and becomes more so as technologies of collection, archiving and analysis improve? That is and always has been, what the NSA does in conjunction with its UKUSA network of largely subordinate allies and helpers (see this nice summary from Le Monde).

Of course this could be another explanation of Tice’s role, and the reason why he is being allowed to do the rounds of the newspapers and TV stations. Far from being simply a disaffected employee, he might be either a knowing or unknowing part of a media strategy by the NSA. If the NSA can put this down to a period of bad leadership and bad policy, it might be allowed to get on with what it does relatively unhindered in the Obama era. We shall see… or rather, we probably won’t!

NB: I wrote my PhD thesis on the networks of NSA-related bases around the world, including Menwith Hill, not far from where I live. It is worth checking out Cryptome’s Eyeball series of aerial views of NSA and other secret sites.

Fort George C. Meade, Maryland, Headquarters of the NSA
Fort George C. Meade, Maryland, Headquarters of the NSA