Following public outrage about surveillance in other countries, Germans are asking how much access their own intelligence services have to private communications. Not as much as they would like, it seems.

In 2010 the German Federal Intelligence Service (BND) gathered around 37 million e-mails, text messages and other telecommunications data. According to a report by the parliamentary watchdog, around 10 million of these messages fell under the heading of “international terrorism.”

Since then, however, the number has dropped to a fraction of that amount. In 2011 the BND intercepted 2.9 million electronic messages; in 2012 this dropped again, to 900,000. The messages checked were not only those containing certain keywords: telephone numbers and IP addresses that fell under suspicion were also monitored.
The German Federal Intelligence Service is subject to strict controls

It is the BND’s job to acquire information in order to identify and ward off threats to Germany’s security. It investigates terrorist plots, the illegal arms trade, people smuggling and drug trafficking. The intelligence service has to abide by strict laws when conducting any kind of surveillance, and is subject to supervision by a special committee of the German parliament.

Michael Hartmann of the opposition Social Democrats, Gisela Piltz of the junior coalition partner, the Free Democrats, and Hans-Peter Uhl of the Bavarian sister party of the governing Christian Democrats, the Christian Social Union, are three of the 11 members of the parliamentary watchdog in the Bundestag. The three are keen to reassure the public that Germany is not turning into a “Big Brother” surveillance state.

In recent years the watchdog has been given greater authority. It is authorized to interview all secret service agents, has access to all files, and can intervene if things are not being done according to the rules.

The three members of the committee point to the dramatic decrease in the amount of telecommunications data collected since 2010 – a consequence of improvements in surveillance techniques.

Privacy protected by the constitution
Edward Snowden’s revelations led Germans to ask what their secret services were up to

Michael Hartmann admits that the BND still throws its digital net wide, but emphasizes that collection of data is neither random nor unlimited. “Messages or phone conversations are only analyzed if there is concrete suspicion of criminal activity,” he says. Hartmann insists that the BND would never spy or eavesdrop on countries that are Germany’s allies.

Hans-Peter Uhl points out that it is forbidden for the BND to tap the phones of German citizens, either at home or abroad, unless there are concrete grounds for suspicion. “Should they eavesdrop on a foreigner in conversation with a German citizen, they have to erase the conversation,” he says. This deletion process is documented, so the data protection supervisor is able to check it really was carried out.

The watchdog members highlight the fact that a court order is required before any phone tap can be instigated. They acknowledge that personal privacy is a highly-valued commodity for everyone living in Germany, and that it is enshrined as such in the constitution. Whenever there is a question of the German intelligence services being allowed to do something which might infringe on this fundamental right, control measures must be put in place by a supervisory committee, the so-called G10 Commission, which supervises all invasions of postal, telephone and Internet privacy.

According to the German parliament, in 2011 the G10 Commission authorized Germany’s three intelligence services – domestic, foreign and military – to carry out 156 such infringements, limited to a maximum of between three and six months each.

Making surveillance public

German law also states that once an operation has come to an end, the person who has been under surveillance, or the object of a wiretap, has to be informed. This can result in official complaints, which are dealt with in public proceedings. At the last count, administrative courts in Berlin and Cologne were dealing with 16 such cases.
The BND is not allowed to eavesdrop on German citizens without a special court order

“We have a list of these complaints and follow them up,” says Gisela Piltz. “I don’t have the impression that the intelligence services are in general doing things illegally.”

In the past, representatives of the intelligence services have repeatedly attempted to persuade successive governments to allow them more extensive access to Internet and telephone data. They argue that it is essential if they are to be effective in countering terrorists and criminals using modern methods.

However, many of these requests have been denied: as, for example, when they wanted to be allowed to stockpile large amounts of data for possible future use, even if there was no concrete suspicion at the time of collection. The Constitutional Court rejected the application, and a law allowing it that was briefly in effect between 2008 and 2010 had to be repealed as a result.

An EU Commission guideline would now permit Germany to store telecommunications data for up to six months. So far, however, the justice minister has refused to adopt this into German law. The EU has instigated legal proceedings. Requirements for telecommunications providers to save data for longer than six months so that they can be made available to the intelligence services have also, so far, not been implemented.

Limited effectiveness
Rolf Tophoven believes data interception is only of limited use in combating terrorism

Rolf Tophoven, director of the Institute for Crisis Prevention in Essen and an expert on terrorism, says the secret services should not rely too heavily on the technical analysis of telecommunications data. “The results that are relevant to the intelligence services are very modest compared with the mass of data in the information gathered,” he says.

The parliamentary watchdog has even put a figure on this. It reports that out of 2.5 million e-mails analyzed by the BND, only 300 contained material relevant to their investigations.

Tophoven believes that the BND needs to employ more specialists in analyzing data and assessing a situation – if possible, on the ground. “The modern terrorist is radicalized in secret. He slips under the radar of the intelligence services and their high-tech computers,” he explains, giving the perpetrators of the Boston marathon bombings as an example.

Since the recent revelations about the extent of the United States’ surveillance program, there have been fears that Germany’s intelligence services may also be spying on its citizens more than previously admitted. However, Tophoven believes this is unlikely – and not just because of strict regulation: “The Germans don’t collect data that extensively because they don’t have anything like the personnel or the technical and financial means to do so.”

Date 26.06.2013
Author Wolfgang Dick / cc
Editor Michael Lawton

Find this story at 26 June 2013

© 2013 Deutsche Welle

Germans are apoplectic about the Internet spy programs Prism and Tempora. But police here this week announced the capture of a highway shooter using similar tactics. Privacy activists are concerned.

Germans are furious. Revelations that the United States and Britain — along with Canada, New Zealand and Australia, as part of the so-called “Five Eyes Alliance” — have spent recent years keeping a suffocatingly close watch on web and cellular communications have led politicians in Berlin to utter increasingly drastic condemnations. Over the weekend, for example, Justice Minister Sabine Leutheusser-Schnarrenberger referred to the British surveillance program Tempora as a “catastrophe” and said it was a “Hollywood-style nightmare.”

But is there not a time and a place for mass data collection? This, too, is a question Germany is grappling with this week after the capture of a truck driver who spent years shooting at other vehicles on the country’s autobahns. He was caught only after police set up a complicated surveillance system which was able to read the license plate numbers of tens of thousands of cars and trucks on the country’s highways.

The operation has unsettled data protection activists. But Jörg Ziercke, head of Germany’s Federal Criminal Police Office (BKA), praised the effort on Tuesday, telling journalists that “we have found the famous needle in a haystack.” He said there was “no alternative” to the intensive surveillance efforts the police used to capture the perpetrator.

The case involves a truck driver who fired at least 762 shots at cars and trucks on German highways and at buildings in a shooting spree that began in 2008. In several cases, his targets were only barely able to avoid accidents as a result of the shots. In 2009, one woman was hit in the neck with a bullet fired by the truck driver, identified on Tuesday only as a 57-year-old truck driver from North Rhine-Westphalia, but survived.

German officials said on Tuesday that the driver would be charged with attempted murder in addition to weapons related charges. Ziercke said the man had confessed soon after he was arrested over the weekend and said that he had acted “out of anger and frustration with traffic.” He said that he saw the situation on Germany’s autobahns as a kind of “war” and that he had merely been trying to defend himself.

A Police Monitoring System

Yet as unique as the case is, the methods employed by the police to solve it have attracted more attention. Initially, officers sought to attract shots themselves, driving a truck on the autobahns between Cologne, Frankfurt, Nuremberg and Karlsruhe where most of the gunfire had been reported. The police vehicle, however, was never targeted.

Plan B is the one that has raised data protection concerns. Even though Germany has a toll system which collects information on the trucks plying the country’s highways, police are forbidden access to the data collected. So they essentially constructed one of their own. On seven sections of the autobahns in question, police erected equipment that was able recognize and store the license plate numbers of vehicles that drove by. Using that data, they were able to identify vehicles that passed a certain section of highway at roughly the same time as did a target vehicle.

In April, the system hit pay-dirt. In just five days, six drivers reported being shot at. Officers were able to reconstruct the likely route taken by the perpetrator and they then looked at the license plate data collected by cameras stationed along that route. By filtering through the information gathered, they were able to identify one truck that could have been at each site where shots were reported. They were then able to match up the route with the mobile phone data of the driver. “The correspondence” between the two data sets “was clear,” Zierke said on Tuesday.

But were the methods employed by the federal police legal? Data protection officials aren’t so sure. “Even if the search for the highway shooter was successful in the end, from a data protection perspective the preliminary verdict on the methods used is rather ambivalent,” Edgar Wagner, the top data protection official for the state of Rhineland-Palatinate, said in a statement. “There is not a sufficient legal basis for such a nationwide … investigative technique.”

‘A Price to Pay’

He said that by his calculations, “60 to 80 million sets of data from completely innocent people” were gathered during the course of the investigation “to catch a single suspect. We have (long) known that such a procedure can be effective. But there is also a price to pay.”

It is a sentiment that is shared by many in Germany. The country has had plenty of experience with state overreach, with both the Nazis and the East Germans being experts at keeping close tabs on their citizenry. That history manifests itself in an extreme sensitivity to data privacy issues and the country has been particularly watchful when it comes to the use of digital data by companies such as Google and Facebook. Indeed, government officials beyond the Justice Ministry have reacted to US and British digital spying with notable vehemence.

It is perhaps not surprising then, that Wagner is not alone with his concerns. While not directly criticizing the methods used by federal police to track down the autobahn shooter, Wagner’s data-protection counterpart in North Rhine-Westphalia, Ulrich Lepper, expressed serious reservations in a Wednesday interview with the Bonn daily General-Anzeiger.

Powerful Preventative Measure

“The freedom to move around in the public space without being monitored is one of our fundamental rights,” he said. “Data protection — the right to control information about your person — means that you can decide who knows what and when … about you. These rights can only be infringed upon on the basis of a law.”

Ziercke, not surprisingly, does not share such concerns. He believes that law enforcement should have access to the data collected by the truck toll system and also argued on Tuesday that data collection could be a powerful preventative measure. “I would like to meet a data protection activist who is able to convince someone with the argument that we should not have been allowed to use that data to prevent danger,” he said. “I don’t find such arguments to be credible.”

Ziercke’s argument is notably close to that used by US President Barack Obama in defending the National Security Agency’s online spying program Prism. The data gathered is useful, Obama has repeatedly insisted this month, for the prevention of terror attacks.

Germans have largely rejected that line of argumentation. Whether their scorn will be applied closer to home remains to be seen.

06/26/2013 05:08 PM
By Charles Hawley

Find this story at 26 June 2013

© SPIEGEL ONLINE 2013

Reports of NSA snooping on Europe go well beyond previous revelations of electronic spying

Sabine Leutheusser-Schnarrenberger: ‘If the media reports are true, it is reminiscent of the actions of enemies during the cold war’. Photograph: Ole Spata/Corbis

Transatlantic relations plunged at the weekend as Berlin, Brussels and Paris all demanded that Washington account promptly and fully for new disclosures on the scale of the US National Security Agency’s spying on its European allies.

As further details emerged of the huge reach of US electronic snooping on Europe, Berlin accused Washington of treating it like the Soviet Union, “like a cold war enemy”.

The European commission called on the US to clarify allegations that the NSA, operating from Nato headquarters a few miles away in Brussels, had infiltrated secure telephone and computer networks at the venue for EU summits in the Belgian capital. The fresh revelations in the Guardian and allegations in the German publication Der Spiegel triggered outrage in Germany and in the European parliament and threatened to overshadow negotiations on an ambitious transatlantic free-trade pact worth hundreds of billions due to open next week.

The reports of NSA snooping on Europe – and on Germany in particular – went well beyond previous revelations of electronic spying said to be focused on identifying suspected terrorists, extremists and organised criminals.

Der Spiegel reported that it had seen documents and slides from the NSA whistleblower Edward Snowden indicating that US agencies bugged the offices of the EU in Washington and at the UN in New York. They are also accused of directing an operation from Nato headquarters in Brussels to infiltrate the telephone and email networks at the EU’s Justus Lipsius building in the Belgian capital, the venue for EU summits and home of the European council.

Citing documents it said it had “partly seen”, the magazine reported that more than five years ago security officers at the EU had noticed several missed calls apparently targeting the remote maintenance system in the building that were traced to NSA offices within the Nato compound in Brussels.

Less than three months before a German general election, the impact of the fresh disclosures is likely to be strongest in Germany which, it emerged, is by far the biggest target in Europe for the NSA’s Prism programme scanning phone and internet traffic and capturing and storing the metadata.

The documents reviewed by Der Spiegel showed that Germany was treated in the same US spying category as China, Iraq or Saudi Arabia, while the UK, Canada, Australia, and New Zealand were deemed to be allies not subject to remotely the same level of surveillance.

Germany’s justice minister, Sabine Leutheusser-Schnarrenberger, called for an explanation from the US authorities. “If the media reports are true, it is reminiscent of the actions of enemies during the cold war,” she was quoted as saying in the German newspaper Bild. “It is beyond imagination that our friends in the US view Europeans as the enemy.”

France later also asked the US for an explanation. The foreign minister, Laurent Fabius, said: “These acts, if confirmed, would be completely unacceptable.

“We expect the American authorities to answer the legitimate concerns raised by these press revelations as quickly as possible.”

Washington and Brussels are scheduled to open ambitious free-trade talks next week after years of arduous preparation. Senior officials in Brussels are worried that the talks will be setback by the NSA scandal. “Obviously we will need to see what is the impact on the trade talks,” said a senior official in Brussels.

A second senior official said the allegations would cause a furore in the European parliament and could then hamper relations with the US.

However, Robert Madelin, one of Britain’s most senior officials in the European commission, tweeted that EU trade negotiators always operated on the assumption that their communications were listened to.

A spokesman for the European commission said: “We have immediately been in contact with the US authorities in Washington and in Brussels and have confronted them with the press reports. They have told us they are checking on the accuracy of the information released yesterday and will come back to us.”

There were calls from MEPs for Herman Van Rompuy, president of the European council – who has his office in the building allegedly targeted by the US – and José Manuel Barroso, president of the European commission, to urgently appear before the chamber to explain what steps they were taking in response to the growing body of evidence of US and British electronic surveillance of Europe through the Prism and Tempora operations.

Guy Verhofstadt, the former Belgian prime minister and leader of the liberals in the European parliament, said: “This is absolutely unacceptable and must be stopped immediately. The American data-collection mania has achieved another quality by spying on EU officials and their meetings. Our trust is at stake.”

Luxembourg’s foreign minister, Jean Asselborn, told Der Spiegel: “If these reports are true, it’s disgusting.” Asselborn called for guarantees from the highest level of the US government that the snooping and spying be halted immediately.

Martin Schulz, the head of the European parliament, said: “I am deeply worried and shocked about the allegations of US authorities spying on EU offices. If the allegations prove to be true, it would be an extremely serious matter which will have a severe impact on EU-US relations.

“On behalf of the European parliament, I demand full clarification and require further information speedily from the US authorities with regard to these allegations.”

There were also calls for John Kerry, the US secretary of state on his way back from the Middle East, to make a detour to Brussels to explain US activities.

“We need to get clarifications and transparency at the highest level,” said Marietje Schaake, a Dutch liberal MEP. “Kerry should come to Brussels on his way back from the Middle East. This is essential for the transatlantic alliance.”

The documents suggesting the clandestine bugging operations were from September 2010, Der Spiegel said.

Der Spiegel quoted the Snowden documents as revealing that the US taps half a billion phone calls, emails and text messages in Germany a month. “We can attack the signals of most foreign third-class partners, and we do,” Der Spiegel quoted a passage in the NSA document as saying.

It quoted the document from 2010 as stating that “the European Union is an attack target”.

On an average day, the NSA monitored about 15m German phone connections and 10m internet datasets, rising to 60m phone connections on busy days, the report said.

Officials in Brussels said this reflected Germany’s weight in the EU and probably also entailed elements of industrial and trade espionage. “The Americans are more interested in what governments think than the European commission. And they make take the view that Germany determines European policy,” said one of the senior officials.

Jan Philipp Albrecht, a German Green party MEP and a specialist in data protection, told the Guardian the revelations were outrageous. “It’s not about political answers now, but rule of law, fundamental constitutional principles and rights of European citizens,” he said.

“We now need a debate on surveillance measures as a whole looking at underlying technical agreements. I think what we can do as European politicians now is to protect the rights of citizens and their rights to control their own personal data.”

Germany has some of the toughest data privacy laws in Europe, with the issue highly sensitive not least because of the comprehensive surveillance by the Stasi in former communist east Germany as well as the wartime experience with the Gestapo under the Nazis.

Der Spiegel noted that so far in the NSA debacle, the chancellor, Angela Merkel, had asked only “polite” questions of the Americans but that the new disclosures on the sweeping scale of the surveillance of Germany could complicate her bid for a third term in September.

Ian Traynor in Brussels
The Guardian, Sunday 30 June 2013 21.55 BST

Find this story at 30 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Overzealous data collectors in the US and Great Britain have no right to investigate German citizens. The German government must protect people from unauthorized access by foreign intelligence agencies, and it must act now. This is a matter of national security.

“Germany’s security is also being defended in the Hindu Kush, too,” Peter Struck, who was Germany’s defense minister at the time, said in 2002. If that’s true, then the government should also be expected to defend the security of its people at their own doorstep. Because the massive sniffing out and saving of data of all kinds — that of citizens and businesses, newspapers, political parties, government agencies — is in the end just that: a question of security. It is about the principles of the rule of law. And it is a matter of national security.

We live in changing times. At the beginning of last week, we thought after the announcement of the American Prism program, that US President Barack Obama was the sole boss of the largest and most extensive control system in human history. That was an error.

Since Friday, we have known that the British intelligence agency GCHQ is “worse than the United States.” Those are the words of Edward Snowden, the IT expert who uncovered the most serious surveillance scandal of all time. American and British intelligence agencies are monitoring all communication data. And what does our chancellor do? She says: “The Internet is uncharted territory for us all.”

That’s not enough. In the coming weeks, the German government needs to show that it is bound to its citizens and not to an intelligence-industrial complex that abuses our entire lives as some kind of data mine. Justice Minister Sabine Leutheusser-Schnarrenberger hit the right note when she said she was shocked by this “Hollywood-style nightmare.”

An Uncanny Alliance

We have Edward Snowden to thank for this insight into the interaction of an uncanny club, the Alliance of Five Eyes. Since World War II, the five Anglo-Saxon countries of Great Britain, the United States, Australia, New Zealand and Canada have maintained close intelligence cooperation, which apparently has gotten completely out of control.

It may be up to the Americans and the British to decide how they handle questions of freedom and the protection of their citizens from government intrusion. But they have no right to subject the citizens of other countries to their control. The shoulder-shrugging explanation by Washington and London that they have operated within the law is absurd. They are not our laws. We didn’t make them. We shouldn’t be subject to them.

The totalitarianism of the security mindset protects itself with a sentence: If you have nothing to hide, you have nothing to fear. But firstly, that contains a presumption: We have not asked the NSA and GCHQ to “protect” us. And secondly, the sentence is a stupid one: Because we all have something to hide, whether it pertains to our private lives or to our business secrets.

No Agency Should Collect So Much Data

Thus the data scandal doesn’t pertain just to our legal principles, but to our security as well. We were lucky that Edward Snowden, who revealed the spying to the entire world, is not a criminal, but an idealist. He wanted to warn the world, not blackmail it. But he could have used his information for criminal purposes, as well. His case proves that no agency in the world can guarantee the security of the data it collects — which is why no agency should collect data in such abundance in the first place.

That is the well-known paradox of totalitarian security policy. Our security is jeopardized by the very actions that are supposed to protect it.

So what should happen now? European institutions must take control of the data infrastructure and ensure its protection. The freedom of data traffic is just as important as the European freedom of exchange in goods, services and money. But above all, the practices of the Americans and British must come to an end. Immediately.

It is the responsibility of the German government to see to it that the programs of the NSA and GCHQ no longer process the data of German citizens and companies without giving them the opportunity for legal defense. A government that cannot make that assurance is failing in one of its fundamental obligations: to protect its own citizens from the grasp of foreign powers.

Germans should closely observe how Angela Merkel now behaves. And if the opposition Social Democrats and Green Party are still looking for a campaign issue, they need look no further.

06/24/2013 05:07 PM

A Commentary by Jakob Augstein

Find this story at 24 June 2013

© SPIEGEL ONLINE 2013

Berlin drängt auf Antworten aus London: Justizministerin Leutheusser-Schnarrenberger hat zwei britische Kabinettsmitglieder per Brief aufgefordert, mehr Details über das Spähprogramm Tempora zu veröffentlichen. In den Schreiben übt die FDP-Politikerin indirekt Kritik an der Cameron-Regierung.

Berlin – Jetzt schaltet sich die Bundesjustizministerin ein: Sabine Leutheusser-Schnarrenberger (FDP) hat den britischen Justizminister Christopher Grayling und die britische Innenministerin Theresa May aufgefordert, mehr Informationen über das Geheimdienstprogramm Tempora offenzulegen. Am Dienstag wandte sich Leutheusser-Schnarrenberger schriftlich an die beiden Kabinettsmitglieder von Großbritanniens Premier David Cameron. Die Briefe liegen SPIEGEL ONLINE vor.

In den beiden Schreiben identischen Inhalts, die am Vormittag parallel an die Minister verschickt wurden, äußerte sich die Ministerin sehr besorgt über die jüngsten Berichte über das gigantische Spähprogramm. Der Verdacht, durch digitale Überwachungsmethoden “riesige Mengen an Daten, E-Mails, Facebook-Nachrichten und Anrufe zu sammeln, zu speichern und zu verarbeiten”, hätte in Deutschland erhebliche Bedenken ausgelöst, heißt es in den Briefen.

Leutheusser-Schnarrenberger forderte Aufklärung in folgenden Punkten:

Auf welcher Rechtsgrundlage das Spähprogramm ausgeführt worden sei,
ob auf konkreten Verdacht ausgespäht oder die Daten allgemein ohne Anlass gesammelt worden seien,
ob die Überwachungsmaßnahmen von Richtern hätten abgesegnet werden müssen,
wie die Abhöraktionen konkret funktioniert hätten, welche Daten genau gespeichert und ob deutsche Bürger betroffen seien.

Auch übte sie indirekt Kritik an der Informationspolitik der Cameron-Regierung. “Die Kontrollfunktion von Parlament und Justiz zeichnet einen freien und demokratischen Staat aus. Sie kann aber nicht ihre Wirkung entfalten, wenn Regierungen bestimmte Maßnahmen in Schweigen hüllen”, hieß es weiter.

Leutheusser-Schnarrenberger appellierte an Grayling und May, die Grundsätze der Bürgerrechte nicht aus den Augen zu verlieren und mahnte Aufklärung an. “In unserer modernen Welt bieten die neuen Medien den Rahmen für einen freien Austausch von Meinungen und Informationen. Ein transparentes Regierungshandeln ist eine der wichtigsten Voraussetzungen für das Funktionieren eines demokratischen Staates und bedingt die Rechtsstaatlichkeit”, so die Ministerin.

Die FDP-Politikerin hatte sich bereits im Zusammenhang mit dem amerikanischen Spähprogramm Prism schriftlich an ihren US-Kollegen gewandt. Sie regte zudem an, im schwarz-gelben Kabinett eine Internet-Task-Force aus den beteiligten Ministerien zu bilden.

Die Ministerin beendete ihre Schreiben mit der Forderung nach strengeren Datenschutzstandards in der EU. Das Thema müsse beim nächsten Treffen der EU-Justizminister im Juli auf die Tagesordnung, so Leutheusser-Schnarrenberger.

Am Montag hat die Bundesregierung von Großbritannien offiziell Auskunft über das massenhafte Anzapfen von Telefon- und Internetverbindungen verlangt. Dazu sandte das Innenministerium eine Reihe von Fragen an den britischen Botschafter. Zur europäischen Chefsache will Kanzlerin Angela Merkel den Fall Tempora allerdings vorerst nicht machen. Beim EU-Gipfel Ende der Woche wolle Merkel keine Debatte über das britische Spionageprogramm forcieren, hieß es zu Beginn der Woche.

25. Juni 2013, 11:40 Uhr

Find this story at 25 June 2013

© SPIEGEL ONLINE 2013

An einem einzigen Tag soll der britische Geheimdienst GCHQ Zugriff auf 21.600 Terabyte gehabt haben – wozu, weiß nicht einmal der BND. Sicher ist nur: Die Überwacher bekommen Hilfe von großen Telekommunikationskonzernen.

Das amerikanische Außenministerium hat vor Jahren einen kleinen Flecken in Ostfriesland auf eine Liste der weltweit schützenswürdigen Einrichtungen gesetzt. Ein Angriff auf das Städtchen Norden könnte angeblich die nationale Sicherheit der USA bedrohen. Sogar der Chef des US-Geheimdienstes NSA, General Keith B. Alexander, hat vor terroristischen Attacken gewarnt.

Norden ist ein heimliches Zentrum der neuen virtuellen Welt. Das TAT-14 (Trans Atlantic Telephone Cable No 14) ist am Hilgenrieder Siel bei Norden verbuddelt. Die meisten Internetverbindungen zwischen Deutschland und Amerika laufen dort durch mehrere Glasfaserleitungen; auch Frankreich, die Niederlande, Dänemark und Großbritannien sind durch TAT-14 miteinander verbunden. Etwa 50 internationale Telekommunikationsfirmen, darunter die Deutsche Telekom, betreiben ein eigenes Konsortium für dieses Kabel.

Manchmal fließen pro Sekunde Hunderte Gigabyte an Daten durch die Leitungen. Es ist ein gigantischer Datenrausch: Millionen Telefonate und E-Mails schießen durch das Netz. Auch deshalb hat der deutsche Verfassungsschutz stets nachgeschaut, ob in Norden alles in Ordnung ist. Keine Sabotage. Keine Terroristen. Kein Problem?

Für die über die “Seekabelendstelle” Norden, wie die offizielle Bezeichnung der Einrichtung lautet, vermittelten Daten hat sich offenbar der britische Geheimdienst Government Communications Headquarters (GCHQ) brennend interessiert. Aus Unterlagen des Whistleblowers Edward Snowden jedenfalls soll hervorgehen, dass die Briten im Rahmen der Operation “Tempora” die Daten abgegriffen haben. Es soll sich um unzählige Daten handeln, die aus Deutschland kamen oder nach Deutschland geschickt wurden.

Das ist nicht der Cyberkrieg, vor dem die amerikanische NSA immer gewarnt hat, sondern ein heimlicher umfassender Big-Data-Angriff auf die Bevölkerung eines befreundeten Landes. Die alte Formel: “Freund hört mit” umfasst das Problem nicht mal ungefähr. Großbritanniens Geheimdienst hat einen Lauschangriff auf Deutschland gestartet.

Die Menge der abgefangenen Daten ist noch Spekulation, und unklar ist auch, wo der Angriff genau erfolgt sein soll. Sicher nicht in Norden, das früher durch sein Seeheilbad bekannt wurde. Das würde sich kein Nachrichtendienstler trauen. Schon gar nicht in freundlicher Absicht.

Wahrscheinlich erfolgte der Angriff in dem kleinen Küstenstädtchen Bude im Südwesten Englands, das 858 Kilometer Luftlinie von Norden entfernt liegt. Dort macht das Kabel Zwischenstation – das Ende der Strecke ist New Jersey.

Dass ein britischer Geheimdienst auf diese Weise und so umfassend E-Mails deutscher Bürger abfängt oder Telefonate abhört, war vor Snowdens Enthüllungen für undenkbar gehalten worden. Der Bundesnachrichtendienst erklärt seit Tagen, dass er von den Aktivitäten der Amerikaner oder der Briten nichts wusste und selbst nur Zeitungswissen habe. Das klingt glaubhaft. Die beiden befreundeten Nationen, heißt es in Berlin, hätten offenbar ihr eigenes nationales Sicherheitsprogramm gefahren.

So viel Sicherheit war sicherlich nur mithilfe von Kommunikationsgesellschaften möglich. Angeblich sollen die beiden britischen Unternehmen Vodafone und British Telecommunications (BT) den Geheimen behilflich gewesen sein.

Jeder Eingriff, das erklärt eine Telekom-Sprecherin, müsste von dem internationalen Konsortium genehmigt werden, aber eine solche Genehmigung liegt nicht vor. Ein Sprecher der britischen Vodafone erklärte auf Anfrage, dass sich das Unternehmen an die Gesetze in den jeweiligen Ländern halte und Angelegenheiten, die mit der nationalen Sicherheit zusammenhingen, nicht kommentiere. Diese Formel klingt in diesen Tagen sehr vertraut.

Rechtsgrundlage für die Aktion “Tempora” ist ein sehr weit gefasstes Gesetz aus dem Jahr 2000. Danach kann die Kommunikation mit dem Ausland abgefangen und gespeichert werden. Die privaten Betreiber der Datenkabel, die beim Abhören mitmachen, sind zum Stillschweigen verpflichtet.

Nordengate macht klar, wie unterschiedlich Gesetze und Regeln in dieser Welt angewandt werden, es symbolisiert aber auch den Wandel der Geheimdienstarbeit. Ganz früher haben Nachrichtendienste Telefonate über relativ simple Horchposten abgehört. Glasfaserleitungen stellten die Dienste vor neue Herausforderungen. Telefonate werden seitdem in optische Signale umgewandelt. Da die Leitungen vor allem am Meeresboden verlaufen, gerieten Nachrichtendienste für kurze Zeit an ihre Grenzen.

Bereits um die Jahrtausendwende berichteten amerikanische Blätter, dass die NSA mithilfe von U-Booten an die Daten gelangen wollte. So wurde das Atom-U-Boot Jimmy Carter umgerüstet, um Glasfaserkabel aufzuschlitzen und dann abzuhören. Vorher hatten die Dienste auf anderem Weg regelmäßig Seekabel angezapft. Bei früheren Kupferkabeln reichte ein Induktions-Mikrofon, um die Gespräche abzugreifen. Glasfaserkabel hingegen müssen gebogen werden, um die optisch vermittelten Signale auslesen zu können. Am verwundbarsten sind die Kabel freilich an Land.

Was die Briten mit den vielen deutschen Daten machen und gemacht haben, erschließt sich selbst dem BND nicht so ganz. An einem einzigen Tag soll der britische Geheimdienst insgesamt Zugriff auf 21.600 Terabyte gehabt haben. Dank Snowden ist bekannt, dass die abgefangenen Inhalte drei Tage vorgehalten wurden und Benutzerdaten 30 Tage. In der Zwischenzeit wurden die Daten mit speziellen Programmen gefiltert. Selbst dem Briten George Orwell wäre ein solches Überwachungsprogramm im Leben nicht eingefallen.

25. Juni 2013 05:10 Großbritanniens Abhördienst GCHQ
Von John Goetz, Hans Leyendecker und Frederik Obermaier

Find this story at 25 June 2013

Copyright: Süddeutsche Zeitung Digitale Medien GmbH / Süddeutsche Zeitung GmbH

Ecuador’s flag flying above its coat of arms at the country’s embassy in Moscow on Monday. Snowden is seeking asylum in the South American nation.

Journalists flocked to Moscow’s Sheremetyevo Airport on Monday to board a flight to Cuba that supposedly would also contain fugitive Edward Snowden, who is attempting to escape arrest by U.S. authorities for revealing highly classified surveillance programs.

According to a widely distributed statement by an unidentified Aeroflot employee, Snowden should have been on flight SU150 direct to Havana leaving Moscow on Monday afternoon. The Aeroflot employee even said which seat he was to occupy, 17A.

But reporters, whose news organizations shelled out about $2,000 per ticket to get them on board at the last minute, found no Snowden anywhere on board — increasing suspicions that Russia could be helping to stymie U.S. efforts to catch him amid a low point in bilateral relations.

After Snowden supposedly arrived at Sheremetyevo from Hong Kong on Sunday, Washington pressured Moscow to detain him, apparently to no avail. Russian officials said that given poor ties between the countries, which have split in recent months over issues including the civil war in Syria and the U.S. Magnitsky Act, they are in no rush to help their former Cold War foes.

“Ties are in a rather complicated phase, and when ties are in such a phase, when one country undertakes hostile action against another, why should the United States expect restraint and understanding from Russia?” Alexei Pushkov, the head of the State Duma’s International Affairs Committee, repeated Reuters.

A former technical contractor with the U.S. National Security Agency, Snowden is reportedly seeking to travel to Ecuador, which is considering his asylum request. His current whereabouts are unknown.

Ecuador has already equipped Snowden with refugee papers that could allow him safe passage to his destination, according to WikiLeaks founder Julian Assange, whose organization has assisted Snowden. The U.S. government said earlier that Snowden’s American passport had been revoked.

Assange told the Guardian on Monday that he was aware of Snowden’s whereabouts but that he was unable to reveal them due to “bellicose threats coming from the U.S. administration.”

U.S. Secretary of State John Kerry, speaking on Monday at a news conference in New Delhi, implored Russia to assist in efforts to apprehend Snowden, recalling that over the last two years, the U.S. had extradited seven prisoners requested by Russia. “Reciprocity and the enforcement of the law is pretty important,” he said.

“I suppose there is no small irony here. I mean, I wonder if Mr. Snowden chose China and Russia’s assistance in his flight from justice because they are such powerful bastions of Internet freedom, and I wonder if while he was in either of those countries he raised the question of Internet freedom, since that seems to be what he champions,” Kerry said.

The cooperation described by Kerry is a drop in the bucket compared to the disputes between the countries, however.

Following some successes during a “reset” in ties kicked off in 2009 at the behest of U.S. President Barack Obama, relations took a sharp downward turn with the return of Vladimir Putin to the Kremlin last year.

Under Putin, the Russian government has undertaken what critics call a harsh crackdown on the opposition and on civil society, including kicking out the U.S. Agency for International Development, while the U.S. last year passed the Magnitsky Act, which imposes economic and travel restrictions on Russian officials implicated in human rights abuses. Russia retaliated by outlawing U.S. adoptions of Russian orphans.

More recently, the two nations have argued bitterly over what tack to take in seeking a solution to the civil war in Syria, with Russia backing President Bashar Assad and the U.S. supporting the rebels.

Now, the fate of Snowden, a 30-year-old former employee of a U.S. security contractor whose exposure of government phone and Internet surveillance has provoked public outrage, is becoming another point of contention.

According to Andrei Soldatov, a leading expert in Russia’s security agencies, the Russian government itself has an extensive system to monitor almost any kind of communication between its citizens.

Pushkov said Russia had no obligation to help the U.S. in this situation, given the recently passed Magnitsky Act. It was unclear whether Russian authorities had had contact with Snowden — Putin’s spokesman said Monday that the Kremlin was unaware of any such contact — but it seemed unlikely that the government could be unaware of Snowden’s whereabouts if he had entered Russia.

“All these flights carried out by Aeroflot via Moscow, as though there is no other route, are emblematic of Russia’s involvement in the process,” said Valery Garbuzov, deputy director of the Institute for U.S. and Canadian Studies in Moscow.

Ecuador’s foreign minister also said his government was in “respectful” contact with Russia over Snowden’s asylum application.

Nonetheless, Washington appears to be holding out hope for assistance from Moscow.

Caitlin Hayden, a spokeswoman for the U.S. National Security Council, mentioned “intensified cooperation after the Boston marathon bombings and our history of working with Russia on law enforcement matters” as grounds for Russia “to look at all options available to expel Mr. Snowden back to the U.S. to face justice for the crimes with which he is charged.”

25 June 2013 | Issue 5154
By Ivan Nechepurenko

Nikolay Asmolovskiy / Reuters

Find this story at 25 June 2013

© Copyright 1992-2013. The Moscow Times

In early 2010, journalist and satirist Barrett Brown was working on a book on political pundits, when the hacktivist collective Anonymous caught his attention. He soon began writing about its activities and potential. In a defense [2] of the group’s anti-censorship operations in Australia published on February 10, Brown declared, “I am now certain that this phenomenon is among the most important and under-reported social developments to have occurred in decades, and that the development in question promises to threaten the institution of the nation-state and perhaps even someday replace it as the world’s most fundamental and relevant method of human organization.”

By then, Brown was already considered by his fans to be the Hunter S. Thompson of his generation. In point of fact he wasn’t like Hunter S. Thompson, but was more of a throwback—a sharp-witted, irreverent journalist and satirist in the mold of Ambrose Bierce or Dorothy Parker. His acid tongue was on display in his co-authored 2007 book, Flock of Dodos: Behind Modern Creationism, Intelligent Design and the Easter Bunny, in which he declared: “This will not be a polite book. Politeness is wasted on the dishonest, who will always take advantage of any well-intended concession.”

But it wasn’t Brown’s acid tongue so much as his love of minutia (and ability to organize and explain minutia) that would ultimately land him in trouble. Abandoning his book on pundits in favor of a book on Anonymous, he could not have known that delving into the territory of hackers and leaks would ultimately lead to his facing the prospect of spending the rest of his life in prison. In light of the bombshell revelations published by Glenn Greenwald and Barton Gellman about government and corporate spying, Brown’s case is a good—and underreported—reminder of the considerable risk faced by reporters who report on leaks.

In February 2011, a year after Brown penned his defense of Anonymous, and against the background of its actions during the Arab Spring, Aaron Barr, CEO of the private intelligence company HBGary, claimed to have identified the leadership of the hacktivist colletive. (In fact he only had screen names of a few members). Barr’s boasting provoked a brutal hack of HBGary by a related group called Internet Feds (it would soon change its name to “LulzSec”). Splashy enough to attract the attention of The Colbert Report [3], the hack defaced and destroyed servers and websites belonging to HBGary. Some 70,000 company emails were downloaded and posted online. As a final insult to injury, even the contents of Aaron Barr’s iPad were remotely wiped.

The HBGary hack may have been designed to humiliate the company, but it had the collateral effect of dropping a gold mine of information into Brown’s lap. One of the first things he discovered was a plan to neutralize Glenn Greenwald’s defense of Wikileaks by undermining them both. (“Without the support of people like Glenn, wikileaks would fold,” read one slide.) The plan called for “disinformation,” exploiting strife within the organization and fomenting external rivalries—“creating messages around actions to sabotage or discredit the opposing organization,” as well as a plan to submit fake documents and then call out the error.” Greenwald, it was argued, “if pushed,” would “choose professional preservation over cause.”

Other plans targeted social organizations and advocacy groups. Separate from the plan to target Greenwald and WikiLeaks, HBGary was part of a consortia that submitted a proposal to develop a “persona management [4]” system for the United States Air Force, that would allow one user to control multiple online identities for commenting in social media spaces, thus giving the appearance of grassroots support or opposition to certain policies.

The data dump from the HBGary hack was so vast that no one person could sort through it alone. So Brown decided to crowdsource the effort. He created a wiki page, called it ProjectPM [5], and invited other investigative journalists to join in. Under Brown’s leadership, the initiative began to slowly untangle a web of connections between the US government, corporations, lobbyists, and a shadowy group of private military and information security consultants.

One connection was between Bank of America and the Chamber of Commerce. WikiLeaks had claimed to possess a large cache of documents belonging to Bank of America. Concerned about this, Bank of America approached the United States Department of Justice. The DOJ directed it to the law and lobbying firm Hunton and Williams [6], which does legal work for Wells Fargo and General Dynamics and also lobbies for Koch Industries, Americans for Affordable Climate Policy, Gas Processors Association, Entergy among many other firms. The DoJ recommended that Bank of America hire Hunton and Williams, explicitly suggesting Richard Wyatt [7] as the person to work with. Wyatt, famously, was the lead attorney in the Chamber of Commerce’s lawsuit against the Yes Men.

In November 2010, Hunton and Williams organized a number of private intelligence, technology development and security contractors—HBGary, plus Palantir Technologies, Berico Technologies, and, according to Brown, a secretive corporation with the ominous name Endgame Systems—to form “Team Themis” —‘themis’ being a Greek word meaning “divine law.” Its main objective was to discredit critics of the Chamber of Commerce, like Chamber Watch [8] using such tactics as creating a “false document, perhaps highlighting periodical financial information,” giving it to a progressive group opposing the Chamber, and then subsequently exposing the document as a fake to “prove that US Chamber Watch cannot be trusted with information and/or tell the truth.” In addition, the group proposed creating a “fake insider persona” to infiltrate Chamber Watch. They would “create two fake insider personas, using one as leverage to discredit the other while confirming the legitimacy of the second.” The leaked emails showed that similar disinformation campaigns were being planned against WikiLeaks and Glenn Greenwald.

It was clear to Brown that these were actions of questionable legality, but beyond that, government contractors were attempting to undermine Americans’ free speech—with the apparent blessing of the DOJ. A group of Democratic Congressmen asked for an investigation [9] into this arrangement, to no avail.

By June 2011, the plot had thickened further. The FBI had the goods on the leader of LulzSec, one Hector Xavier Monsegur, who went under the nom de guerre Sabu. The FBI arrested him on June 7, 2011 and (according to court documents) turned him into an informant the following day. Just three days before his arrest, Sabu had been central to the formation of a new group called AntiSec, which comprised his former LulzSec crew members, as well as members as Anonymous. In early December AntiSec hacked the website of a private security company called Stratfor Global Intelligence. On Christmas Eve, it released a trove of some five million internal compnay emails. AntiSec member and Chicago activist Jeremy Hammond [10], has pled guilty to the attack and is currently facing ten years in prison for it.

The contents of the Stratfor leak were even more outrageous than those of the HBGary hack. They included discussion of opportunities for renditions and assassinations. For example, in one video, Statfor’s Vice President of Intelligence, Fred Burton, suggested taking advantage of the chaos in Libya to render Lockerbie bomber Abdelbaset al-Megrahi, who had been released from prison on compassionate grounds due to his terminal illness. Burton said that the case “was personal.” When someone pointed out in an email that such a move would almost certainly be illegal—“This man has already been tried, found guilty, sentenced…and served time”—another Stratfor employee responded that this was just an argument for a more efficient solution: “One more reason to just bugzap him with a hellfire. :-)”

(Stratfor employees also seemed to take a keen interest in Jeremy Scahill’s writings about Blackwater in The Nation, copying and circulating entire articles, with comments suggesting a principle interest was in the question of whether Blackwater was setting up a competing intelligence operation. Emails also showed grudging respect for Scahill: “Like or dislike Scahill’s position (or what comes of his work), he does an amazing job outing [Blackwater].”)

When the contents of the Stratfor leak became available, Brown decided to put ProjectPM on it. A link to the Stratfor dump appeared in an Anonymous chat channel; Brown copied it and pasted it into the private chat channel for ProjectPM, bringing the dump to the attention of the editors.

Brown began looking into Endgame Systems [11], an information security firm that seemed particularly concerned about staying in the shadows. “Please let HBGary know we don’t ever want to see our name in a press release,” one leaked email read. One of its products, available for a $2.5 million annual subscription, gave customers access to “zero-day exploits”—security vulnerabilities unknown to software companies—for computer systems all over the world. Business Week [12] published a story on Endgame in 2011, reporting that “Endgame executives will bring up maps of airports, parliament buildings, and corporate offices. The executives then create a list of the computers running inside the facilities, including what software the computers run, and a menu of attacks that could work against those particular systems.” For Brown, this raised the question of whether Endgame was selling these exploits to foreign actors and whether they would be used against computer systems in the United States. Shortly thereafter, the hammer came down.

The FBI acquired a warrant [13] for Brown’s laptop, gaining the authority to seize any information related to HBGary, Endgame Systems, Anonymous, and, most ominously, “email, email contacts, ‘chat’, instant messaging logs, photographs, and correspondence.” In other words, the FBI wanted his sources.

When the FBI went to serve Brown he was at his mother’s house. Agents returned with a warrant to search his mother’s house, retrieving his laptop. To turn up the heat on Brown, the FBI initiated charges against his mother for obstruction of justice for concealing his laptop computer in her house. (Facing criminal charges, on March 22, 2013, his mother, Karen McCutchin, pled guilty to one count of obstructing the execution of a search warrant. She faces up to twelve months in jail. Brown maintains that she did not know the laptop was in her home.)

By his own admission, the FBI’s targeting of his mother made Brown snap. In September 2012, he uploaded an incoherent YouTube video [14], in which he explained that he had been in treatment for an addiction to heroin, taking the medication Suboxone, but had gone off his meds and now was in withdrawal. He threatened the FBI agent that was harassing his mother, by name, warming:

“I know what’s legal, I know what’s been done to me… And if it’s legal when it’s done to me, it’s going to be legal when it’s done to FBI Agent Robert Smith—who is a criminal.”

“That’s why [FBI special agent] Robert Smith’s life is over. And when I say his life is over, I’m not saying I’m going to kill him, but I am going to ruin his life and look into his fucking kids… How do you like them apples?”

Please support our journalism. Get a digital subscription for just $9.50! [15]

The media narrative was immediately derailed. No longer would this be a story about the secretive information-military-industrial complex; now it was the sordid tale of a crazy drug addict threatening an FBI agent and his (grown) children. Actual death threats against agents are often punishable by a few years in jail. But Brown’s actions made it easier for the FBI to sell some other pretext to put him away for life.

The Stratfor data included a number of unencrypted credit card numbers and validation codes. On this basis, the DOJ accused Brown of credit card fraud for having shared that link with the editorial board of ProjectPM. Specifically, the FBI charged him with Traffic in Stolen Authentication Features, Access Device Fraud, Aggravated Identity Theft, as well as an Obstruction of Justice charge (for being at his mother’s when the initial warrant was served) and charges stemming from his threats against the FBI agent. All told, Brown is looking at century of jail time: 105 years in federal prison if served sequentially. He has been denied bail.

Considering that the person who carried out the actual Stratfor hack had several priors and is facing a maximum of ten years, the inescapable conclusion is that the problem is not with the hack itself, but with Brown’s journalism. As Glenn Greenwald remarked in the Guardian: “it is virtually impossible to conclude that the obscenely excessive prosecution he now faces is unrelated to that journalism and his related activism.”

Today, Brown is in prison and ProjectPM is under increased scrutiny by the DOJ, even as its work has ground to a halt. In March, the DOJ served the domain hosting service CloudFlare with a subpoena [16] for all records on the ProjectPM website, and in particular asked for the IP addresses of everyone who had accessed and contributed to ProjectPM, describing it as a “forum” through which Brown and others would “engage in, encourage, or facilitate the commission of criminal conduct online.” The message was clear: Anyone else who looks into this matter does so at their grave peril.

Some journalists are now understandably afraid to go near the Stratfor files. The broader implications of this go beyond Brown; one might think that what we are looking at is Cointelpro 2.0—an outsourced surveillance state—but in fact it’s worse. One can’t help but infer that the US Department of Justice has become just another security contractor, working alongside the HBGarys and Stratfors on behalf of corporate bidders, with no sense at all for the justness of their actions; they are working to protect corporations and private security contractors and give them license to engage in disinformation campaigns against ordinary citizens and their advocacy groups. The mere fact that the FBI’s senior cybersecurity advisor has recently moved to Hunton and Williams shows just how incestuous this relationship has become. Meanwhile the Department of Justice is also using its power and force to trample on the rights of citizens like Barrett Brown who are trying to shed light on these nefarious relationships. In order to neutralize those who question or investigate the system, laws are being reinterpreted or extended or otherwise misappropriated in ways that are laughable—or would be if the consequences weren’t so dire.

While the media and much of the world have been understandably outraged by the revelation of the NSA’s spying programs, Barrett Brown’s work was pointing to a much deeper problem. It isn’t the sort of problem that can be fixed by trying to tweak a few laws or by removing a few prosecutors. The problem is not with bad laws or bad prosecutors. What the case of Barrett Brown has exposed is that we confronting a different problem altogether. It is a systemic problem. It is the failure of the rule of law.

Links:
[1] http://www.youtube.com/watch?v=TOW7GOrXNZI
[2] http://www.huffingtonpost.com/barrett-brown/anonymous-australia-and-t_b_457776.html
[3] http://www.colbertnation.com/the-colbert-report-videos/426198/may-09-2013/colbert-s-book-club—learning–the-great-gatsby-
[4] http://boingboing.net/2011/02/18/hbgarys-high-volume.html
[5] http://wiki.echelon2.org/wiki/Main_Page
[6] http://www.hunton.com/
[7] http://www.huffingtonpost.com/2010/10/19/chamber-of-commerce-still_n_768076.html
[8] http://images2.americanprogress.org/ThinkProgress/ProposalForTheChamber.pdf
[9] http://www.washingtonpost.com/wp-dyn/content/article/2011/02/28/AR2011022805810.html
[10] http://www.dailydot.com/news/lulzsec-jeremy-hammond-bail-denied-hacker/
[11] http://wiki.echelon2.org/wiki/Endgame_Systems
[12] http://www.businessweek.com/magazine/cyber-weapons-the-new-arms-race-07212011.html
[13] http://www.buzzfeed.com/mhastings/exclusive-fbi-escalates-war-on-anonymous
[14] https://www.youtube.com/watch?v=TOW7GOrXNZI
[15] https://subscribe.thenation.com/servlet/OrdersGateway?cds_mag_code=NAN&cds_page_id=122425&cds_response_key=I12SART1
[16] http://leaksource.wordpress.com/2013/04/05/doj-issues-subpoena-for-info-on-barrett-browns-project-pm-site/

Peter Ludlow | June 18, 2013

Find this story at 18 June 2013

© 2012 The Nation

Jeremy Hammond pleaded guilty today to the infamous Stratfor hack, as well as taking responsibility for eight additional hacks of law enforcement and defense contractor websites in 2011 and 2012. As a condition of the plea, the radical hacker will face a maximum of 10 years in federal prison, and restitution costs of up to $2.5 million. After Hammond entered his plea, his legal team framed his prosecution as part of the government’s larger attempt to control the flow of information and punish those who seek to distribute it to journalists and the public.

“There’s a war going on about corporate spying and access to information,” said defense attorney Sarah Kunstler at a press conference immediately following the hearing. “Jeremy is someone who worked toward making information public.”

In a statement posted online after the plea deal, Hammond echoed this point. “I did this because I believe people have a right to know what governments and corporations are doing behind closed doors,” Hammond wrote. “I did what I believe is right.”

The Rise and Fall of Jeremy Hammond: Enemy of the State

Hammond entered his plea – admitting to one count of conspiracy to engage in computer hacking – in a federal courtroom in lower Manhattan, surrounded by observers and supporters. One of those in attendance was his twin brother, Jason, who had just flown in from Chicago. When Hammond initially addressed the judge, he raised his right hand to be sworn in, and clenched his fist in a symbol of defiance.

The hack Hammond pleaded guilty to involved accessing information from the servers of Stratfor, a private intelligence company, and providing it to Wikileaks, who then published some of the information. Hammond was charged under the controversial 1984 Computer Fraud and Abuse Act, the same law used to charge the late Aaron Swartz and other cyber-activists. “Included among the leaked internal documents were millions of emails that exposed Stratfor’s wide-ranging spying activities, including surveillance of Bhopal activists at the behest of Dow Chemical, of PETA on behalf of Coca-Cola, and of Occupy Wall Street under contract to the U.S. Department of Homeland Security,” supporters said in a statement.

Beyond Stratfor, Hammond took responsibility for eight other hacks, all of which involved either law enforcement, intelligence firms or defense contractor websites. From June 2011 to February 2012, Hammond obtained unauthorized information from the Arizona Department of Public Safety, the FBI virtual academy, a marketing firm that builds websites for law enforcement called Brooks Jeffreys, Special Forces Gear, Vanguard Defense Industries, the Jefferson County sheriffs department, the Boston Police Patrolman’s Institute and a Pennsylvania firm called Combined Systems that makes tear gas. Hammond was granted immunity from federal prosecution for any of those hacks in exchange for taking responsibility for them. Kunstler said he could potentially face charges at the state level, though she said there may be some double jeopardy protection.

The New Political Prisoners: Leakers, Hackers and Whistleblowers

Michael Ratner, president emeritus of the Center For Constitutional Rights and lawyer for Wikileaks founder Julian Assange, said that journalists should stand up for Hammond. “He should be looked at as a source, as a whistle-blower,” Ratner said after the plea deal. “He, like other whistle-blowers in this country, ought to be protected, because they’re the only thing that let us know what our government and our private security companies are doing and they’re the only things that can keep this government even close to honest.”

Earlier in the case, Hammond’s legal team made a motion for Judge Loretta Preska to recuse herself because her husband was a victim of the Stratfor leak. That motion was denied. (Full disclosure: This reporter previously spoke at a rally that called for Preska to recuse herself.)

Other hackers in the Anonymous-affiliated group called Lulzsec who were charged in similar leaks – but were tried in the U.K. – have received much lighter sentences, from 20 to 32 months. Jason Hammond has asked supporters to sign a Change.org petition on his brother’s behalf calling for Judge Preska to sentence Hammond to time served. Jeremy Hammond’s sentencing hearing is scheduled for September 6th.

by John Knefel
MAY 28, 2013

Find this story at 28 May 2013

©2013 Rolling Stone

LONDON—Today, Monday 27 February, WikiLeaks began publishing The Global Intelligence Files – more than five million emails from the Texas-headquartered “global intelligence” company Stratfor. The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency. The emails show Stratfor’s web of informers, pay-off structure, payment-laundering techniques and psychological methods, for example :

“[Y]ou have to take control of him. Control means financial, sexual or psychological control… This is intended to start our conversation on your next phase” – CEO George Friedman to Stratfor analyst Reva Bhalla on 6 December 2011, on how to exploit an Israeli intelligence informant providing information on the medical condition of the President of Venezuala, Hugo Chavez.

The material contains privileged information about the US government’s attacks against Julian Assange and WikiLeaks and Stratfor’s own attempts to subvert WikiLeaks. There are more than 4,000 emails mentioning WikiLeaks or Julian Assange. The emails also expose the revolving door that operates in private intelligence companies in the United States. Government and diplomatic sources from around the world give Stratfor advance knowledge of global politics and events in exchange for money. The Global Intelligence Files exposes how Stratfor has recruited a global network of informants who are paid via Swiss banks accounts and pre-paid credit cards. Stratfor has a mix of covert and overt informants, which includes government employees, embassy staff and journalists around the world.

The material shows how a private intelligence agency works, and how they target individuals for their corporate and government clients. For example, Stratfor monitored and analysed the online activities of Bhopal activists, including the “Yes Men”, for the US chemical giant Dow Chemical. The activists seek redress for the 1984 Dow Chemical/Union Carbide gas disaster in Bhopal, India. The disaster led to thousands of deaths, injuries in more than half a million people, and lasting environmental damage.

Stratfor has realised that its routine use of secret cash bribes to get information from insiders is risky. In August 2011, Stratfor CEO George Friedman confidentially told his employees : “We are retaining a law firm to create a policy for Stratfor on the Foreign Corrupt Practices Act. I don’t plan to do the perp walk and I don’t want anyone here doing it either.”

Stratfor’s use of insiders for intelligence soon turned into a money-making scheme of questionable legality. The emails show that in 2009 then-Goldman Sachs Managing Director Shea Morenz and Stratfor CEO George Friedman hatched an idea to “utilise the intelligence” it was pulling in from its insider network to start up a captive strategic investment fund. CEO George Friedman explained in a confidential August 2011 document, marked DO NOT SHARE OR DISCUSS : “What StratCap will do is use our Stratfor’s intelligence and analysis to trade in a range of geopolitical instruments, particularly government bonds, currencies and the like”. The emails show that in 2011 Goldman Sach’s Morenz invested “substantially” more than $4million and joined Stratfor’s board of directors. Throughout 2011, a complex offshore share structure extending as far as South Africa was erected, designed to make StratCap appear to be legally independent. But, confidentially, Friedman told StratFor staff : “Do not think of StratCap as an outside organisation. It will be integral… It will be useful to you if, for the sake of convenience, you think of it as another aspect of Stratfor and Shea as another executive in Stratfor… we are already working on mock portfolios and trades”. StratCap is due to launch in 2012.

The Stratfor emails reveal a company that cultivates close ties with US government agencies and employs former US government staff. It is preparing the 3-year Forecast for the Commandant of the US Marine Corps, and it trains US marines and “other government intelligence agencies” in “becoming government Stratfors”. Stratfor’s Vice-President for Intelligence, Fred Burton, was formerly a special agent with the US State Department’s Diplomatic Security Service and was their Deputy Chief of the counterterrorism division. Despite the governmental ties, Stratfor and similar companies operate in complete secrecy with no political oversight or accountability. Stratfor claims that it operates “without ideology, agenda or national bias”, yet the emails reveal private intelligence staff who align themselves closely with US government policies and channel tips to the Mossad – including through an information mule in the Israeli newspaper Haaretz, Yossi Melman, who conspired with Guardian journalist David Leigh to secretly, and in violation of WikiLeaks’ contract with the Guardian, move WikiLeaks US diplomatic cables to Israel.

Ironically, considering the present circumstances, Stratfor was trying to get into what it called the leak-focused “gravy train” that sprung up after WikiLeaks’ Afghanistan disclosures :

“[Is it] possible for us to get some of that ’leak-focused’ gravy train ? This is an obvious fear sale, so that’s a good thing. And we have something to offer that the IT security companies don’t, mainly our focus on counter-intelligence and surveillance that Fred and Stick know better than anyone on the planet… Could we develop some ideas and procedures on the idea of ´leak-focused’ network security that focuses on preventing one’s own employees from leaking sensitive information… In fact, I’m not so sure this is an IT problem that requires an IT solution.”

Like WikiLeaks’ diplomatic cables, much of the significance of the emails will be revealed over the coming weeks, as our coalition and the public search through them and discover connections. Readers will find that whereas large numbers of Stratfor’s subscribers and clients work in the US military and intelligence agencies, Stratfor gave a complimentary membership to the controversial Pakistan general Hamid Gul, former head of Pakistan’s ISI intelligence service, who, according to US diplomatic cables, planned an IED attack on international forces in Afghanistan in 2006. Readers will discover Stratfor’s internal email classification system that codes correspondence according to categories such as ’alpha’, ’tactical’ and ’secure’. The correspondence also contains code names for people of particular interest such as ’Hizzies’ (members of Hezbollah), or ’Adogg’ (Mahmoud Ahmedinejad).

Stratfor did secret deals with dozens of media organisations and journalists – from Reuters to the Kiev Post. The list of Stratfor’s “Confederation Partners”, whom Stratfor internally referred to as its “Confed Fuck House” are included in the release. While it is acceptable for journalists to swap information or be paid by other media organisations, because Stratfor is a private intelligence organisation that services governments and private clients these relationships are corrupt or corrupting.

WikiLeaks has also obtained Stratfor’s list of informants and, in many cases, records of its payoffs, including $1,200 a month paid to the informant “Geronimo” , handled by Stratfor’s Former State Department agent Fred Burton.

WikiLeaks has built an investigative partnership with more than 25 media organisations and activists to inform the public about this huge body of documents. The organisations were provided access to a sophisticated investigative database developed by WikiLeaks and together with WikiLeaks are conducting journalistic evaluations of these emails. Important revelations discovered using this system will appear in the media in the coming weeks, together with the gradual release of the source documents.

END

Public partners in the investigation
Comment
Current WikiLeaks status
How to read the data
Public partners in the investigation:

More than 25 media partners (others will be disclosed after their first publication) :

Al Akhbar – Lebanon – http://english.al-akhbar.com
Al Masry Al Youm – Egypt – http://www.almasry-alyoum.com
Bivol – Bulgaria – http://bivol.bg
CIPER – Chile – http://ciperchile.cl
Dawn Media – Pakistan – http://www.dawn.com
L’Espresso – Italy – http://espresso.repubblica.it
La Repubblica – Italy – http://www.repubblica.it
La Jornada – Mexico – www.jornada.unam.mx/
La Nacion – Costa Rica – http://www.nacion.com
Malaysia Today – Malaysia – www.malaysia-today.net
McClatchy – United States – http://www.mcclatchydc.com
Nawaat – Tunisia – http://nawaat.org
NDR/ARD – Germany – http://www.ndr.de
Owni – France – http://owni.fr
Pagina 12 – Argentina – www.pagina12.com.ar
Plaza Publica – Guatemala – http://plazapublica.com.gt
Publico.es – Spain – www.publico.es
Rolling Stone – United States – http://www.rollingstone.com
Russian Reporter – Russia – http://rusrep.ru
Sunday Star-Times – New Zealand – www.star-times.co.nz
Ta Nea – Greece –- http://www.tanea.gr
Taraf – Turkey – http://www.taraf.com.tr
The Hindu – India – www.thehindu.com
The Yes Men – Bhopal Activists – Global http://theyesmen.org
Comment:

WikiLeaks – Kristinn Hrafnsson, Official WikiLeaks representative, +35 4821 7121

Other comment :
Bhopal Medical Appeal (in UK) – Colin Toogood : colintoogood@bhopal.org / +44 (0) 1273 603278/ +44 (0) 7798 845074
International Campaign for Justice in Bhopal (in India) – Rachna Dhingra : rachnya@gmail.com, +91 98 261 67369
Yes Men – mike@theyesmen.org / +44 (0) 7578 682321 – andy@theyesmen.org, +1-718-208-0684
Privacy International – +44 (0) 20 7242 2836

Twitter tag : #gifiles
CURRENT WIKILEAKS STATUS:

An extrajudicial blockade imposed by VISA, MasterCard, PayPal, Bank of America, and Western Union that is designed to destroy WikiLeaks has been in place since December 2010. The EU Commission is considering whether it will open a formal investigation, but two lawsuits have been filed (http://wikileaks.org/Banking-Blocka…). There are also other ways to donate (https://shop.wikileaks.org/donate). It is legal to donate, including in the United States. The US Treasury has publicly stated that that there are no grounds to place WikiLeaks on a US government blacklist.

WikiLeaks Founder and Publisher Julian Assange has not been charged with any crime in any country. Four prosecutors are currently trying to charge him under the Espionage Act of 1917 before a closed Grand Jury in Virginia, in the United States. Julian Assange has been detained for 447 days (10,728 hours) since Dec 7, 2010, without charge, and he is currently awaiting a decision from the UK Supreme Court on extradition to Sweden (http://www.justiceforassange.com/Su…). The decision is expected in March. The decision on whether he will be onwardly extradited to the US lies in the hands of the Swedish Executive, but Sweden’s Prime Minister Fredrik Reinfeldt has refused to state whether he will protect Assange from a politically motivated extradition to the United States (http://justice4assange.com/US-Extra… ).

The Swedish Foreign Minister Carl Bildt has repeatedly attacked WikiLeaks this week in a bizarre manner (http://ferrada-noli.blogspot.com/20… ).

An alleged WikiLeaks US military source, Bradley Manning, has been in pre-trial detention for 639 days (http://bradleymanning.org/ ). His arraignment took place on 24 February 2012. In December 2011, Manning’s attorney revealed in the preliminary hearing that the US government is attempting to enter a plea deal with Manning in order to “go after” Assange. Manning has 22 charges against him, including violating the Espionage Act of 1917 and aiding the enemy. Manning has deferred entering a plea. Julian Assange and WikiLeaks are legally represented in the Manning hearings by the US Centre for Constitutional Rights (http://ccrjustice.org/ ). WikiLeaks was denied full access to Manning’s hearing after appeal (http://ccrjustice.org/newsroom/pres… ). WikiLeaks put out a statement relating to Manning’s trial ahead of the Article 32 Hearing : (http://www.wikileaks.org/Statement-… ).

The alleged WikiLeaks-supporting hacktivists known as the “PayPal 14” were arrested in 2011 following co-ordinated online demonstrations against the financial services companies that are carrying out the unlawful financial blockade on WikiLeaks (VISA, MasterCard, Paypal, Western Union, Bank of America). They are represented by attorney Stanley Cohen and will go before court in May 2012 (http://www.cyberguerrilla.org/?p=4644 ).

WikiLeaks is about to launch a distributed, encrypted “Facebook for revolutionaries” (https://wlfriends.org/ ).

Julian Assange is currently directing interviews, from house arrest, for a programme on the future of the world that is syndicated to various broadcasters. The first show will be broadcast in March (http://www.wikileaks.org/New-Assang… )
HOW TO READ THE DATA

This is a glossary and information on how to understand the internal terms and codes used by Stratfor in their emails. It is not a complete list. We call on the public to add to this list by tweeting #gifind

To see a list of the terms George Friedman considers useful for his staff to know please download this PDF : The Stratfor Glossary of Useful, Baffling and Strange Intelligence Terms.

OPEN SOURCE VS. “COVERT”

As you browse through the content, you will notice that a large set of it is what is classified as “open source” (subject lines which include [OS]). These are basically email threads that start with someone posting a published and accessible source, such as news sites, and follow with commentary by the staff. In one of the emails, Joseph Nye is referenced saying :

“Open source intelligence is the outer pieces of the jigsaw puzzle, without which one can neither begin nor complete the puzzle”

CODES IN SUBJECT LINES

Many of the emails have codes in the subject lines as well as in the body, to make it easier for the staff to “quickly identify when we need to go back and have a look-see.” [*] :

Examples : INSIGHT – COUNTRY – Subject – SOURCE CODE INSIGHT – CHINA – Trains and planes – CN1000

Please refer to the glossary for the code names of subject and country tags, as well as mailing list names.

SOURCE CODES

A lot of interesting stuff comes from “sources”. Sources are either informal contacts or people they have a formal relationship with. The IDs for sources have the format of CN120 or ME001. In terms of the character part, it refers to a region or a country :

A) Regions ME – Middle East region EU – European Union EE – Eastern Europe LA- South America SA- South Asia

B) Countries or Orgs CN – China PK – Pakistan IN- India ML – Malaysia VN – Vietnam NP- Nepal

US – United States VZ – Venezuela CO- Colombia BR-Brazil NC- Nicaragua MX- Mexico CL/CH- Chile AR- Argentina PY- Paraguay BOL- Bolivia

RU – Russia UA – Ukraine GE – Georgia TJ – Tajikstan MD – Moldova BG -Bulgaria CR/CZ- Czech Republic PT- Portugal

ZA – South Africa AO – Angola SO – Somalia NG- Nigeria CD- DR Congo CI- Cote D’Ivoire ZW- Zimbabwe ZM- Zambia RW- Rwanda KE- Kenya ET- Ethiopia SD -Sudan MA- Morocco SN- Senegal GN- Guinea SL- Sierra Leone

IR – Iran IQ- Iraq IL or IS- Israel SA- Saudi Arabia SY- Syria KU- Kuwait Y or YN – Yemen HZ – Hizbollah TK – Turkey LN- Lebanon LY- Libya UAE- UAE EG- Egypt (etc.)

C) Odd codes OCH – Old China hand, a finance insider. Stick – Scott Stewart, high level employee Z’s – Zetas, Mexican drug gang

INSIGHTS FORMAT

When “insights” are sent, they usually have the following header information :

SOURCE : The ID of the source, say CN123. Sometimes this is left “no source ID” when it’s a new source.

ATTRIBUTION : How the source is to be attributed, i.e. “Source in the pharma distribution industry in China”, Stratfor source, etc.

SOURCE DESCRIPTION : Describes the source, for example : “Source works with Mercator Pharmaceutical Solutions, distributing pharma to developing countries.” These include concrete details on the source for internal consumption so that there’s a better understanding on the source’s background and ability to make assessments on the ground.

PUBLICATION : Yes or No. If the option is yes it doesn’t mean that it would be published, but rather that it _can_ be published.

SOURCE RELIABILITY : A/B

SOURCE RELIABILITY : A-F, A being the best and F being the worst. This grades the turnaround time of this source in responding to requests.

ITEM CREDIBILITY : 1-10, 1 being the best and 10 being the worst (we may change the range here in the future). this changes a lot based on the info provided. 1 is “you can take this to the bank” and 10 would be an example of maybe – “this is a totally ridiculous rumor but something that is spreading on the ground”

SPECIAL HANDLING : often this is “none” but it may be something like, “if you use this we need to be sure not to mention the part about XXX in the publication” or any other special notes

SOURCE HANDLER : the person who can take follow-up questions and communicate with the source.

MAILING LISTS

alpha@stratfor.com Discussions circulated exclusively among analysts, writers and higher-ups, including ’insights’ and discussions about sources and source meetings. secure@stratfor.com Discussions circulated exclusively among analysts and higher-ups, and only for use within continental US (analysts traveling ’overseas’ are removed from the list for the duration of their journey). analysts@stratfor.com – Discussion among analysts only, who manage sources, gather and analyze intelligence. ct@stratfor.com Ongoing discussions to collect and analyze counterterrorism intelligence, circulated among select group of analysts. tactical@statfor.com Non-time sensitive discussions for internal training on technical and tactical matters within field of counterterrorism. intelligence@stratfor.com gvalerts@stratfor.com – Related to Gas ventures clients military@stratfor.com Military list for pre-approved staff africa@stratfor.com eastasia@stratfor.com mesa@stratfor.com Middle East/South Asia list for pre-approved staff. eurasia@stratfor.com os@stratfor.com List with information from the public domain circulated and discussed among all employees. adp@stratfor.com List for ADPs. See Glossary. translations@stratfor.com alerts@stratfor.com responses@stratfor.com dialog-list@stratfor.com

GLOSSARY

a) Industry and other misc. tags :

HUMINT – Human intelligence OSINT- Open source intelligence DATA FLU BIRDFLU ECON TECH ENERGY MINING GV – Gas Venture CT – Counterterrorism G1-G4 B2-B4 S1-S4 MILITARY or MIL PENTAGON AQ- Al Qaeda AQAP – Al Qaeda in the Arabia Peninsula SF- Special Forces CONUS- Continental US

b) Special internal codewords :

Hizzies or HZ – Hizbollah Izzies or IZ – Israel A-dogg – Mahmoud Ahmadinajad, Iranian President Baby bashar – Bashar Al-Assad, Syrian President Uncle Mo – Moammar Gaddhafi ADP- Analyst Development Program. Four-month program at STRATFOR from which candidates— mostly recent college graduates— are selected for hire. Strictly protect and protect – Often mentioned in the ’subject’, means that the source is protected. Played- A term used for procuring sensitive information from sources. E.g. from one of the secure list messages circulating the ’complete scenario for the Israeli team in Centcom’s war game,’ the analyst who procured the data wrote : “I played the head of the Mossad which was great fun.” Excomm- Appears to be ’executive committee’ of STRATFOR.

c) Regions and Orgs

AFRICOM – African countries LATAM – Latin American MERCOSUR NATFA ASEAN APEC FSU – Former Soviet Union countries MESA or MIDDLEEAST – Middle East EASTASIA OPEC EURASIA SA – South Asia FSB- Federal Security Service (Russia)

ATTACHED DOCUMENTS

Attached documents can be searched by Filename or part of the file name. Preliminary searches for filenames using the terms ’lists’, ’source lists’ or ’insight lists’, coupled with the names of source handlers (e.g. Reva for Turkey, Brazil or Venezuela) produced Excel lists of the source names, contact info and source descriptions which correspond to the source codes (e.g. ME1315).

Sourcing Criteria

The following are the proposed criteria for analyzing both sources and insight.

1. Source Timeliness 2. Source Accessibility/Position 3. Source Availability 4. Insight Credibility 5. Insight Uniqueness

Source Timeliness : This is the average grade on how long this particular source turns around tasks and replies to inquiries. It may change but is more of a static indicator.

Source Accessibility : Accessibility weighs the source’s position to have certain knowledge in a particular field. So, for example, if we are looking for energy insight and the source is an official in an energy agency, his or her Accessibility would be ranked higher than if s/he was a banker giving insight on energy. While we would welcome a banker giving his/her insight, a good source may not have a high accessibility ranking if they aren’t in a position to offer reliable insight on a certain topic. The source’s access to decision makers, specific training or education in the desired topic area, specific knowledge of events/situations/incidents can also be considered.

Source Availability : How often can we go to this source ? Are they someone we can tap daily, weekly, monthly, yearly ?

Insight Credibility : This is our assessment of the veracity of the insight offered. Here we need to consider whether or not this is disinformation, speculation, correct data or knowledgeable interpretation. Any bias that the source is displaying or any specific viewpoints or personal background the source is using in the assessment provided should also be considered.

Insight Uniqueness : Is this insight something that could be found in OS ? If it is but the analysis of the information is unique, it would still have a high uniqueness ranking. Or, if it is concrete data, but is something that is only offered to industry insiders, i.e. stats that aren’t published but that aren’t secret, it would still have a high uniqueness score.

Scoring

All of the above factors will be scored on an A-F scale, with A being exemplary and F being useless.

Source Timeliness : A = turnaround within 24 hours B = turnaround within 48 hours C = turnaround within a week D = turnaround within a month F = lucky to receive a reply at all

Source Accessibility : A = Someone with intimate knowledge of the particular insight B = Someone within the industry but whose knowledge of the topic is not exact (e.g. if we were asking someone in the oil industry about natural gas) C = Someone working close to the industry who doesn’t have intimate knowledge of a particular topic but can speak to it intelligently (e.g. a financial consultant asked to gauge the movement of the stock market) D = Someone who may know a country but doesn’t have any concrete insight into a particular topic but can offer rumors and discussions heard on the topic F = Someone who has no knowledge of a particular industry at all

Source Availability : A = Available pretty much whenever B = Can tap around once a week C = Can tap about once a month D = Can tap only several times a year F = Very limited availability

Insight Credibility : A = We can take this information to the bank B = Good insight but maybe not entirely precise C = Insight is only partially true D = There may be some interest in the insight, but it is mostly false or just pure speculation. F = Likely to be disinformation

Insight Uniqueness : A = Can’t be found anywhere else B = Can only be found in limited circles C = Insight can be found in OS, but the source has an interesting take/analysis D = Insight can be found in OS, but still may not be common knowledge F = Insight is accessible in numerous locations

Daily Insight Scoring

SOURCE : code ATTRIBUTION : this is what we should say if we use this info in a publication, e.g. STRATFOR source/source in the medical industry/source on the ground, etc SOURCE DESCRIPTION : this is where we put the more concrete details of the source for our internal consumption so we can better understand the source’s background and ability to make the assessments in the insight. PUBLICATION : Yes or no. If you put yes it doesn’t mean that we will publish it, but only that we can publish it. SOURCE RELIABILITY : A-F. A being the best and F being the worst. This grades the source overall – access to information, timeliness, availability, etc. In short, how good is this source ? ITEM CREDIBILITY : A-F. A = we can take this info to the bank ; B = Good insight but maybe not entirely precise ; C = Insight is only partially true ; D = There may be some interest in the insight, but it is mostly false or just pure speculation ; F = Likely to be disinformation. SPECIAL HANDLING : often this is “none” but it may be something like, “if you use this we need to be sure not to mention the part about XXX in thepublication” or any other special notes SOURCE HANDLER : the person who can take follow-up questions and communicate with the source.

Find this story at 27 February 2012

William Hague has hailed GCHQ’s ‘democratic accountability’, but legislation drafted before a huge expansion of internet traffic appears to offer flexibility

GCHQ – the government’s communications headquarters. Does it have the strongest checks and balances in the world? Photograph: Reuters

William Hague was adamant when he addressed MPs on Monday last week. In an emergency statement (video) forced by the Guardian’s disclosures about GCHQ involvement with the Prism programme, the foreign secretary insisted the agency operated within a “strong framework of democratic accountability and oversight”.

The laws governing the intelligence agencies provide “the strongest systems of checks and balances for secret intelligence anywhere in the world”, he said.

Leaked documents seen by the Guardian give the impression some high-ranking officials at GCHQ have a different view.

In confidential briefings, one of Cheltenham’s senior legal advisers, whom the Guardian will not name, made a note to tell his guests: “We have a light oversight regime compared with the US”.

The parliamentary intelligence and security committee, which scrutinises the work of the agencies, was sympathetic to the agencies’ difficulties, he suggested.

“They have always been exceptionally good at understanding the need to keep our work secret,” the legal adviser said.

Complaints against the agencies, undertaken by the interception commissioner, are conducted under “the veil of secrecy”. And the investigatory powers tribunal, which assesses complaints against the agencies, has “so far always found in our favour”.

The briefings offer important glimpses into the GCHQ’s view of itself, the legal framework in which it works, and, it would seem, the necessity for reassuring the UK’s most important intelligence partner, the United States, that sensitive information can be shared without raising anxiety in Washington.

None of the documents advocates law-breaking – quite the opposite. But critics will say they highlight the limitations of the three pieces of legislation that underpin the activities of GCHQ, MI5 and MI6 – which were repeatedly mentioned by Hague as pillars of the regulatory and oversight regime during his statement to the Commons.

The foreign secretary said GCHQ “complied fully” with the Regulation of Investigatory Powers Act (Ripa), the Human Rights Act (HRA) and the Intelligence Services Act (Isa).

Privacy campaigners argue the laws have one important thing in common: they were drafted in the last century, and nobody involved in writing them, or passing them, could possibly have envisaged the exponential growth of traffic from telecoms and internet service providers over the past decade.

Nor could they have imagined that GCHQ could have found a way of storing and analysing so much of that information as part of its overarching Mastering the Internet project.

The Tempora programme appears to have given Britain’s spymasters that resource, with documents seen by the Guardian showing Britain can retain for up to 30 days an astronomical amount of unfiltered data garnered from cables carrying internet traffic.

This raises a number of questions about the way GCHQ officials and ministers have legitimised the programme.

The briefings, which are entitled UK Operational Legalities, stress that GCHQ “is an organisation with a highly responsible approach to compliance with the law”.

GCHQ also has a well staffed legal team, known as OPP-LEG, to help staff navigate their way through the complexities of the law.

But there appears to be some nervousness about Tempora. In a paper written for National Security Agency (NSA) analysts entitled A Guide to Using Internet Buffers at GCHQ, the author notes: “[Tempora] represents an exciting opportunity to get direct access to enormous amounts of GCHQ’s special source data.

“As large-scale buffering of metadata and content represent a new concept for GCHQ’s exploitation of the internet, GCHQ’s legal and policy officers are understandably taking a careful approach to their access and use.”

So how did GCHQ secure the legal authority for setting up Tempora, and what safeguards are in place for sharing the intelligence with the Americans? According to the documents, the British government used Ripa to get taps on to the fibre-optic cables.

These cables carry internet traffic in and out of the country and contain details of millions of emails and web searches. The information from these cables went straight into the Tempora storage programme.

In one presentation, which appeared to be for US analysts from the NSA, GCHQ explained: “Direct access to large volumes of unselected SSE data [is] collected under a Ripa warrant.”

The precise arrangement between the firms is unclear, as are the legal justifications put before ministers. Isa gives GCHQ some powers for the “passive collection” of data, including from computer networks.

But it appears GCHQ has relied on paragraph four of section 8 of Ripa to gain “external warrants” for its programmes.

They allow the agency to intercept external communications where, for instance, one of the people being targeted is outside Britain.

In most Ripa cases, a minister has to be told the name of an individual or company being targeted before a warrant is granted.

But section 8 permits GCHQ to perform more sweeping and indiscriminate trawls of external data if a minister issues a “certificate” along with the warrant.

According to the documents, the certificate authorises GCHQ to search for material under a number of themes, including: intelligence on the political intentions of foreign governments; military postures of foreign countries; terrorism, international drug trafficking and fraud.

The briefing document says such sweeping certificates, which have to be signed off by a minister, “cover the entire range of GCHQ’s intelligence production”.

“The certificate is issued with the warrant and signed by the secretary of state and sets out [the] class of work we can do under it … cannot list numbers or individuals as this would be an infinite list which we couldn’t manage.”

Lawyers at GCHQ speak of having 10 basic certificates, including a “global” one that covers the agency’s support station at Bude in Cornwall, Menwith Hill in North Yorkshire, and Cyprus.

Other certificates have been used for “special source accesses” – a reference, perhaps, to the cables carrying web traffic. All certificates have to be renewed by the foreign secretary every six months.

A source with knowledge of intelligence confirmed: “Overall exercise of collection and analysis [is] done under a broad, overall legal authority which has to be renewed at intervals, and is signed off at a senior political level.”

The source said the interception commissioner was able to “conclude that [the process] was not appropriate”, and that the companies involved were not giving up the information voluntarily.

“We have overriding authority to compel [them] to do this,” the source said. “There’s an overarching condition of the licensing of the companies that they have to co-operate in this.

“Should they decline, we can compel them to do so. They have no choice. They can’t talk about the warrant, they can’t reveal the existence of it.”

GCHQ says it can also seek a sensitive targeting authority (STA), which allows it snoop on any Briton “anywhere in the world” or any foreign national located in the UK.

It is unclear how the STA system works, and who has authority over it.

The intelligence agencies also have to take note of the HRA, which demands any interception is “necessary and proportionate”.

But the documents show GCHQ believes these terms are open to interpretation – which “creates flexibility”. When Tempora became fully functional in around 2011, GCHQ gave the NSA access to the programme on a three-month trial – and the NSA was keen to impress.

The US agency sent a briefing to some of its analysts urging them to show they could behave responsibly with the data. Under a heading – “The need to be successful!” – the author wrote: “As the first NSA users to receive operational access [to Tempora], we’re depending on you to provide the business case required to justify expanded access. Most importantly we need to prove that NSA users can utilise the internet buffers in ways that are consistent with GCHQ’s legal and policy rules.

“In addition, we need to prove that NSA’s access … is necessary to prosecute our mission and will greatly enhance the production of the intelligence … success of this three-month trial will determine expanded NSA access to internet buffers in the future.”

The NSA appears to have made a successful case. In May last year, an internal GCHQ memo said it had 300 analysts working on intelligence from Tempora, and the NSA had 250. The teams were supporting “the target discovery mission”.

But the safeguards for the sharing of this information are unclear.

Though GCHQ says it only keeps the content of messages for three working days, and the metadata for up to 30 days, privacy campaigners here and in the US will want to know if the NSA is adhering to the same self-imposed rules. One concern for privacy campaigners is that GCHQ and the NSA could conduct intercepts for each other, and then offer to share the information – a manoeuvre that could bypass the domestic rules they have to abide by.

This was raised by MPs during last week’s statement, with the former Labour home secretary David Blunkett calling for clarification on this potential loophole.

Last week, the Guardian sent a series of questions to the Foreign Office about this issue, but the department said it would not be drawn on it.

“It is a longstanding policy not to comment on intelligence matters; this includes our intelligence co-operation with the United States.

“The intelligence and security committee is looking into this, which is the proper channel for such matters.”

Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball
The Guardian, Friday 21 June 2013 17.23 BST

Find this story at 21 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Fisa court submissions show broad scope of procedures governing NSA’s surveillance of Americans’ communication

• Document one: procedures used by NSA to target non-US persons
• Document two: procedures used by NSA to minimise data collected from US persons

The documents show that discretion as to who is actually targeted lies directly with the NSA’s analysts. Photograph: Martin Rogers/Workbook Stock/Getty

Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information “inadvertently” collected from domestic US communications without a warrant.

The Guardian is publishing in full two documents submitted to the secret Foreign Intelligence Surveillance Court (known as the Fisa court), signed by Attorney General Eric Holder and stamped 29 July 2009. They detail the procedures the NSA is required to follow to target “non-US persons” under its foreign intelligence powers and what the agency does to minimize data collected on US citizens and residents in the course of that surveillance.

The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used.

The procedures cover only part of the NSA’s surveillance of domestic US communications. The bulk collection of domestic call records, as first revealed by the Guardian earlier this month, takes place under rolling court orders issued on the basis of a legal interpretation of a different authority, section 215 of the Patriot Act.

The Fisa court’s oversight role has been referenced many times by Barack Obama and senior intelligence officials as they have sought to reassure the public about surveillance, but the procedures approved by the court have never before been publicly disclosed.

The top secret documents published today detail the circumstances in which data collected on US persons under the foreign intelligence authority must be destroyed, extensive steps analysts must take to try to check targets are outside the US, and reveals how US call records are used to help remove US citizens and residents from data collection.

However, alongside those provisions, the Fisa court-approved policies allow the NSA to:

• Keep data that could potentially contain details of US persons for up to five years;

• Retain and make use of “inadvertently acquired” domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;

• Preserve “foreign intelligence information” contained within attorney-client communications;

• Access the content of communications gathered from “U.S. based machine[s]” or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.

The broad scope of the court orders, and the nature of the procedures set out in the documents, appear to clash with assurances from President Obama and senior intelligence officials that the NSA could not access Americans’ call or email information without warrants.

The documents also show that discretion as to who is actually targeted under the NSA’s foreign surveillance powers lies directly with its own analysts, without recourse to courts or superiors – though a percentage of targeting decisions are reviewed by internal audit teams on a regular basis.

Since the Guardian first revealed the extent of the NSA’s collection of US communications, there have been repeated calls for the legal basis of the programs to be released. On Thursday, two US congressmen introduced a bill compelling the Obama administration to declassify the secret legal justifications for NSA surveillance.

The disclosure bill, sponsored by Adam Schiff, a California Democrat, and Todd Rokita, an Indiana Republican, is a complement to one proposed in the Senate last week. It would “increase the transparency of the Fisa Court and the state of the law in this area,” Schiff told the Guardian. “It would give the public a better understanding of the safeguards, as well as the scope of these programs.”

Section 702 of the Fisa Amendments Act (FAA), which was renewed for five years last December, is the authority under which the NSA is allowed to collect large-scale data, including foreign communications and also communications between the US and other countries, provided the target is overseas.

FAA warrants are issued by the Fisa court for up to 12 months at a time, and authorise the collection of bulk information – some of which can include communications of US citizens, or people inside the US. To intentionally target either of those groups requires an individual warrant.
One-paragraph order

One such warrant seen by the Guardian shows that they do not contain detailed legal rulings or explanation. Instead, the one-paragraph order, signed by a Fisa court judge in 2010, declares that the procedures submitted by the attorney general on behalf of the NSA are consistent with US law and the fourth amendment.

Those procedures state that the “NSA determines whether a person is a non-United States person reasonably believed to be outside the United States in light of the totality of the circumstances based on the information available with respect to that person, including information concerning the communications facility or facilities used by that person”.

It includes information that the NSA analyst uses to make this determination – including IP addresses, statements made by the potential target, and other information in the NSA databases, which can include public information and data collected by other agencies.

Where the NSA has no specific information on a person’s location, analysts are free to presume they are overseas, the document continues.

“In the absence of specific information regarding whether a target is a United States person,” it states “a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person can be positively identified as a United States person.”

If it later appears that a target is in fact located in the US, analysts are permitted to look at the content of messages, or listen to phone calls, to establish if this is indeed the case.

Referring to steps taken to prevent intentional collection of telephone content of those inside the US, the document states: “NSA analysts may analyze content for indications that a foreign target has entered or intends to enter the United States. Such content analysis will be conducted according to analytic and intelligence requirements and priorities.”

Details set out in the “minimization procedures”, regularly referred to in House and Senate hearings, as well as public statements in recent weeks, also raise questions as to the extent of monitoring of US citizens and residents.

NSA minimization procedures signed by Holder in 2009 set out that once a target is confirmed to be within the US, interception must stop immediately. However, these circumstances do not apply to large-scale data where the NSA claims it is unable to filter US communications from non-US ones.

The NSA is empowered to retain data for up to five years and the policy states “communications which may be retained include electronic communications acquired because of limitations on the NSA’s ability to filter communications”.

Even if upon examination a communication is found to be domestic – entirely within the US – the NSA can appeal to its director to keep what it has found if it contains “significant foreign intelligence information”, “evidence of a crime”, “technical data base information” (such as encrypted communications), or “information pertaining to a threat of serious harm to life or property”.

Domestic communications containing none of the above must be destroyed. Communications in which one party was outside the US, but the other is a US-person, are permitted for retention under FAA rules.

The minimization procedure adds that these can be disseminated to other agencies or friendly governments if the US person is anonymised, or including the US person’s identity under certain criteria.
Holder’s ‘minimization procedure’ says once a target is confirmed to be in the US, interception of communication must stop. Photo: Nicholas Kamm/AFP/Getty Images

A separate section of the same document notes that as soon as any intercepted communications are determined to have been between someone under US criminal indictment and their attorney, surveillance must stop. However, the material collected can be retained, if it is useful, though in a segregated database:

“The relevant portion of the communication containing that conversation will be segregated and the National Security Division of the Department of Justice will be notified so that appropriate procedures may be established to protect such communications from review or use in any criminal prosecution, while preserving foreign intelligence information contained therein,” the document states.

In practice, much of the decision-making appears to lie with NSA analysts, rather than the Fisa court or senior officials.

A transcript of a 2008 briefing on FAA from the NSA’s general counsel sets out how much discretion NSA analysts possess when it comes to the specifics of targeting, and making decisions on who they believe is a non-US person. Referring to a situation where there has been a suggestion a target is within the US.

“Once again, the standard here is a reasonable belief that your target is outside the United States. What does that mean when you get information that might lead you to believe the contrary? It means you can’t ignore it. You can’t turn a blind eye to somebody saying: ‘Hey, I think so and so is in the United States.’ You can’t ignore that. Does it mean you have to completely turn off collection the minute you hear that? No, it means you have to do some sort of investigation: ‘Is that guy right? Is my target here?” he says.

“But, if everything else you have says ‘no’ (he talked yesterday, I saw him on TV yesterday, even, depending on the target, he was in Baghdad) you can still continue targeting but you have to keep that in mind. You can’t put it aside. You have to investigate it and, once again, with that new information in mind, what is your reasonable belief about your target’s location?”

The broad nature of the court’s oversight role, and the discretion given to NSA analysts, sheds light on responses from the administration and internet companies to the Guardian’s disclosure of the PRISM program. They have stated that the content of online communications is turned over to the NSA only pursuant to a court order. But except when a US citizen is specifically targeted, the court orders used by the NSA to obtain that information as part of Prism are these general FAA orders, not individualized warrants specific to any individual.

Once armed with these general orders, the NSA is empowered to compel telephone and internet companies to turn over to it the communications of any individual identified by the NSA. The Fisa court plays no role in the selection of those individuals, nor does it monitor who is selected by the NSA.

The NSA’s ability to collect and retain the communications of people in the US, even without a warrant, has fuelled congressional demands for an estimate of how many Americans have been caught up in surveillance.

Two US senators, Ron Wyden and Mark Udall – both members of the Senate intelligence committee – have been seeking this information since 2011, but senior White House and intelligence officials have repeatedly insisted that the agency is unable to gather such statistics.

Glenn Greenwald and James Ball
guardian.co.uk, Thursday 20 June 2013 23.59 BST

Find this story at 20 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

WASHINGTON — When Max Kelly, the chief security officer for Facebook, left the social media company in 2010, he did not go to Google, Twitter or a similar Silicon Valley concern. Instead the man who was responsible for protecting the personal information of Facebook’s more than one billion users from outside attacks went to work for another giant institution that manages and analyzes large pools of data: the National Security Agency.

Mr. Kelly’s move to the spy agency, which has not previously been reported, underscores the increasingly deep connections between Silicon Valley and the agency and the degree to which they are now in the same business. Both hunt for ways to collect, analyze and exploit large pools of data about millions of Americans.

The only difference is that the N.S.A. does it for intelligence, and Silicon Valley does it to make money.

The disclosure of the spy agency’s program called Prism, which is said to collect the e-mails and other Web activity of foreigners using major Internet companies like Google, Yahoo and Facebook, has prompted the companies to deny that the agency has direct access to their computers, even as they acknowledge complying with secret N.S.A. court orders for specific data.

Yet technology experts and former intelligence officials say the convergence between Silicon Valley and the N.S.A. and the rise of data mining — both as an industry and as a crucial intelligence tool — have created a more complex reality.

Silicon Valley has what the spy agency wants: vast amounts of private data and the most sophisticated software available to analyze it. The agency in turn is one of Silicon Valley’s largest customers for what is known as data analytics, one of the valley’s fastest-growing markets. To get their hands on the latest software technology to manipulate and take advantage of large volumes of data, United States intelligence agencies invest in Silicon Valley start-ups, award classified contracts and recruit technology experts like Mr. Kelly.

“We are all in these Big Data business models,” said Ray Wang, a technology analyst and chief executive of Constellation Research, based in San Francisco. “There are a lot of connections now because the data scientists and the folks who are building these systems have a lot of common interests.”

Although Silicon Valley has sold equipment to the N.S.A. and other intelligence agencies for a generation, the interests of the two began to converge in new ways in the last few years as advances in computer storage technology drastically reduced the costs of storing enormous amounts of data — at the same time that the value of the data for use in consumer marketing began to rise. “These worlds overlap,” said Philipp S. Krüger, chief executive of Explorist, an Internet start-up in New York.

The sums the N.S.A. spends in Silicon Valley are classified, as is the agency’s total budget, which independent analysts say is $8 billion to $10 billion a year.

Despite the companies’ assertions that they cooperate with the agency only when legally compelled, current and former industry officials say the companies sometimes secretly put together teams of in-house experts to find ways to cooperate more completely with the N.S.A. and to make their customers’ information more accessible to the agency. The companies do so, the officials say, because they want to control the process themselves. They are also under subtle but powerful pressure from the N.S.A. to make access easier.

Skype, the Internet-based calling service, began its own secret program, Project Chess, to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials, according to people briefed on the program who asked not to be named to avoid trouble with the intelligence agencies.

Project Chess, which has never been previously disclosed, was small, limited to fewer than a dozen people inside Skype, and was developed as the company had sometimes contentious talks with the government over legal issues, said one of the people briefed on the project. The project began about five years ago, before most of the company was sold by its parent, eBay, to outside investors in 2009. Microsoft acquired Skype in an $8.5 billion deal that was completed in October 2011.

A Skype executive denied last year in a blog post that recent changes in the way Skype operated were made at the behest of Microsoft to make snooping easier for law enforcement. It appears, however, that Skype figured out how to cooperate with the intelligence community before Microsoft took over the company, according to documents leaked by Edward J. Snowden, a former contractor for the N.S.A. One of the documents about the Prism program made public by Mr. Snowden says Skype joined Prism on Feb. 6, 2011.

Microsoft executives are no longer willing to affirm statements, made by Skype several years ago, that Skype calls could not be wiretapped. Frank X. Shaw, a Microsoft spokesman, declined to comment.

In its recruiting in Silicon Valley, the N.S.A. sends some of its most senior officials to lure the best of the best. No less than Gen. Keith B. Alexander, the agency’s director and the chief of the Pentagon’s Cyber Command, showed up at one of the world’s largest hacker conferences in Las Vegas last summer, looking stiff in an uncharacteristic T-shirt and jeans, to give the keynote speech. His main purpose at Defcon, the conference, was to recruit hackers for his spy agency.

N.S.A. badges are often seen on the lapels of officials at other technology and information security conferences. “They’re very open about their interest in recruiting from the hacker community,” said Jennifer Granick, the director of civil liberties at Stanford Law School’s Center for Internet and Society.

But perhaps no one embodies the tightening relationship between the N.S.A. and the valley more than Kenneth A. Minihan.

A career Air Force intelligence officer, Mr. Minihan was the director of the N.S.A. during the Clinton administration until his retirement in the late 1990s, and then he ran the agency’s outside professional networking organization. Today he is managing director of Paladin Capital Group, a venture capital firm based in Washington that in part specializes in financing start-ups that offer high-tech solutions for the N.S.A. and other intelligence agencies. In effect, Mr. Minihan is an advanced scout for the N.S.A. as it tries to capitalize on the latest technology to analyze and exploit the vast amounts of data flowing around the world and inside the United States.

The members of Paladin’s strategic advisory board include Richard C. Schaeffer Jr., a former N.S.A. executive. While Paladin is a private firm, the American intelligence community has its own in-house venture capital company, In-Q-Tel, financed by the Central Intelligence Agency to invest in high-tech start-ups.

Many software technology firms involved in data analytics are open about their connections to intelligence agencies. Gary King, a co-founder and chief scientist at Crimson Hexagon, a start-up in Boston, said in an interview that he had given talks at C.I.A. headquarters in Langley, Va., about his company’s social media analytics tools.

The future holds the prospect of ever greater cooperation between Silicon Valley and the N.S.A. because data storage is expected to increase at an annual compound rate of 53 percent through 2016, according to the International Data Corporation.

“We reached a tipping point, where the value of having user data rose beyond the cost of storing it,” said Dan Auerbach, a technology analyst with the Electronic Frontier Foundation, an electronic privacy group in San Francisco. “Now we have an incentive to keep it forever.”

Social media sites in the meantime are growing as voluntary data mining operations on a scale that rivals or exceeds anything the government could attempt on its own. “You willingly hand over data to Facebook that you would never give voluntarily to the government,” said Bruce Schneier, a technologist and an author.

James Risen reported from Washington, and Nick Wingfield from Seattle. Kitty Bennett contributed reporting.

June 19, 2013
By JAMES RISEN and NICK WINGFIELD

Find this story at 19 June 2013

© 2013 The New York Times Company

Scheme – set up before firm was purchased by Microsoft – allegedly eased access for US law enforcement agencies

Prosecutors in Zhu Yufu’s trial for subversion cited text messages that he sent using Skype. Photograph: Mario Tama/Getty Images

Skype, the web-based communications company, reportedly set up a secret programme to make it easier for US surveillance agencies to access customers’ information.

The programme, called Project Chess and first revealed by the New York Times on Thursday, was said to have been established before Skype was bought by Microsoft in 2011. Microsoft’s links with US security are under intense scrutiny following the Guardian’s revelation of Prism, a surveillance program run by the National Security Agency (NSA), that claimed “direct” access to its servers and those of rivals including Apple, Facebook and Google.

Project Chess was set up to explore the legal and technical issues involved in making Skype’s communications more readily available to law enforcement and security officials, according to the Times. Only a handful of executives were aware of the plan. The company did not immediately return a call for comment.

Last year Skype denied reports that it had changed its software following the Microsoft acquisition in order to allow law enforcement easier access to communications. “Nothing could be more contrary to the Skype philosophy,” Mark Gillett, vice president of Microsoft’s Skype division, said in a blog post.

According to the Prism documents, Skype had been co-operating with the NSA’s scheme since February 2011, eight months before the software giant took it over. The document gives little detail on the technical nature of that cooperation. Microsoft declined to comment.

The news comes as the tech firms are attempting to distance themselves from the Prism revelations. All the firm’s listed as participating in the Prism scheme have denied that they give the NSA “direct” access to their servers, as claimed by the slide presentation, and said that they only comply with legal requests made through the courts.

But since the story broke a more nuanced picture of how the tech firms work with the surveillance authorities has emerged. The US authorities have become increasingly interested in tech firms and its employees after initially struggling to keep up with the shift to digital communications. NSA officials have held high level talks with executives in the tech firms and are actively recruiting in the tech community.
‘That information is how they make their money’

Shane Harris, author of The Watchers: The Rise of America’s Surveillance State, said the NSA had a crisis in the late 1990s when it realised communication was increasingly digital and it was falling behind in its powers to track that data. “You can not overstate that without this data the NSA would be blind,” he said.

The NSA employs former valley executives, including Max Kelly, the former chief security officer for Facebook, and has increasingly sought to hire people in the hacker community. Former NSA director lieutenant general Kenneth Minihan has taken the opposite tack and is helping create the next generation of tech security firms. Minihan is managing director of Paladin Capital, a private equity firm that has a fund dedicated to investing in homeland security. Paladin also employs Dr Alf Andreassen, a former technical adviser for naval warfare who was also for classified national programmes at AT&T and Bell Laboratories.

Harris said the ties were only likely to deepen as technology moves ever more of our communications on line. He warned the move was likely to present more problems for the tech firms as their consumers worry about their privacy. “It’s been fascinating for me listening to the push back from the tech companies,” said Harris.

Christopher Soghoian, a senior policy analyst studying technological surveillance at the American Civil Liberties Union, said the relationship between the tech giants and the NSA has a fundamental – and ironic – flaw that guarantees the Prism scandal is unlikely to be the last time tensions surface between the two.

The US spying apparatus and Silicon Valley’s top tech firms are basically in the same business, collecting information on people, he said. “It’s a weird symbiotic relationship. It’s not that Facebook and Google are trying to build a surveillance system but they effectively have,” he said. “If they wanted to, Google and Facebook could use technology to tackle the issue, anonymizing and deleting their customers’ information. But that information is how they make their money, so that is never going to happen.”

Dominic Rushe in New York
guardian.co.uk, Thursday 20 June 2013 17.37 BST

Find this story at 20 June 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Skype calls’ immunity to police phone tapping threatened
Suspicious phone conversations on Skype could be targeted for tapping as part of a pan-European crackdown.

Suspicious phone conversations on Skype could be targeted for tapping as part of a pan-European crackdown on what law authorities believe is a massive technical loophole in current wiretapping laws, allowing criminals to communicate without fear of being overheard by the police.

The European investigation could also help U.S. law enforcement authorities gain access to Internet calls. The National Security Agency (NSA) is understood to believe that suspected terrorists use Skype to circumvent detection.

While the police can get a court order to tap a suspect’s land line and mobile phone, it is currently impossible to get a similar order for Internet calls on both sides of the Atlantic.

Skype insisted that it does cooperate with law enforcement authorities, “where legally and technically possible,” the company said in a statement.

“Skype has extensively debriefed Eurojust on our law enforcement program and capabilities,” Skype said.

Eurojust, a European Union agency responsible for coordinating judicial investigations across different jurisdictions announced Friday the opening of an investigation involving all 27 countries of the European Union.

“We will bring investigators from all 27 member states together to find a common approach to this problem,” said Joannes Thuy, a spokesman for Eurojust based in The Hague in the Netherlands.

The purpose of Eurojust’s coordination role is to overcome “the technical and judicial obstacles to the interception of Internet telephony systems”, Eurojust said.

The main judicial obstacles are the differing approaches to data protection in the various E.U. member states, Thuy said.

The investigation is being headed by Eurojust’s Italian representative, Carmen Manfredda.

Criminals in Italy are increasingly making phone calls over the Internet in order to avoid getting caught through mobile phone intercepts, according to Direzione Nazionale Antimafia, the anti-Mafia office in Rome.

Police officers in Milan say organized crime, arms and drugs traffickers, and prostitution rings are turning to Skype and other systems of VOIP (voice over Internet Protocol) telephony in order to frustrate investigators.

While telecommunications companies are obliged to comply with court orders to monitor calls on land lines and mobile phones, “Skype’ refuses to cooperate with the authorities,” Thuy said.

In addition to the issue of cooperation, there are technical obstacles to tapping Skype calls. The way calls are set up and carried between computers is proprietary, and the encryption system used is strong. It could be possible to monitor the call on the originating or receiving computer using a specially written program, or perhaps to divert the traffic through a proxy server, but these are all far more difficult than tapping a normal phone. Calls between a PC and a regular telephone via the SkypeIn or SkypeOut service, however, could fall under existing wiretapping regulations and capabilities at the point where they meet the public telephone network.

The pan-European response to the problem may open the door for the U.S. to take similar action, Thuy said.

“We have very good cooperation with the U.S.,” he said, pointing out that a U.S. prosecutor, Marylee Warren, is based in The Hague in order to liaise between U.S. and European judicial authorities.

The NSA (National Security Agency) is so concerned by Skype that it is offering hackers large sums of money to break its encryption, according to unsourced reports in the U.S.

Italian investigators have become increasingly reliant on wiretaps, Eurojust said, giving a recent example of customs and tax police in Milan, who overheard a suspected cocaine trafficker telling an accomplice to switch to Skype in order to get details of a 2kg drug consignment.

“Investigators are convinced that the interception of telephone calls have become an essential tool of the police, who spend millions of euros each year tracking down crime through wiretaps of land lines and mobile phones,” Eurojust said.

The first meeting of Eurojust’s 27 national representatives is planned in the coming weeks but precise details of its timing and the location of the meeting remain secret, Thuy said.

“They will exchange information and then we will give advice on how to proceed,” he said. Bringing Internet telephony into line with calls on land lines and mobile phones “could be the price we have to pay for our security,” he said.

Paul Meller (IDG News Service)
— 23 February, 2009 09:47

Find this story at 23 February 2009

Copyright 2013 IDG Communications