One Dubai-based firm offers DIY system similar to GCHQ’s Tempora programme, which taps fibre-optic cables

Advanced Middle East Systems has been offering a device called Cerebro, which taps information from fibre-optic cables carrying internet traffic. Photograph: Corbis

Private firms are selling spying tools and mass surveillance technologies to developing countries with promises that “off the shelf” equipment will allow them to snoop on millions of emails, text messages and phone calls, according to a cache of documents published on Monday.

The papers show how firms, including dozens from Britain, tout the capabilities at private trade fairs aimed at offering nations in Africa, Asia and the Middle East the kind of powerful capabilities that are usually associated with government agencies such as GCHQ and its US counterpart, the National Security Agency.

The market has raised concerns among human rights groups and ministers, who are poised to announce new rules about the sale of such equipment from Britain.

“The government agrees that further regulation is necessary,” a spokesman for the Department for Business, Innovation and Skills said. “These products have legitimate uses … but we recognise that they may also be used to conduct espionage.”

The documents are included in an online database compiled by the research watchdog Privacy International, which has spent four years gathering 1,203 brochures and sales pitches used at conventions in Dubai, Prague, Brasilia, Washington, Kuala Lumpur, Paris and London. Analysts posed as potential buyers to gain access to the private fairs.

The database, called the Surveillance Industry Index, shows how firms from the UK, Israel, Germany, France and the US offer governments a range of systems that allow them to secretly hack into internet cables carrying email and phone traffic.

The index has details from 338 companies, including 77 from the UK, offering a total of 97 different technologies.

One firm says its “massive passive monitoring” equipment can “capture up to 1bn intercepts a day”. Some offer cameras hidden in cola cans, bricks or children’s carseats, while one manufacturer turns cars or vans into surveillance control centres.

There is nothing illegal about selling such equipment, and the companies say the new technologies are there to help governments defeat terrorism and crime.

But human rights and privacy campaigners are alarmed at the sophistication of the systems, and worry that unscrupulous regimes could use them as tools to spy on dissidents and critics.

Libya’s former leader Muammar Gaddafi is known to have used off-the-shelf surveillance equipment to clamp down on opposition leaders.

Privacy International believes UK firms should now be subject to the same strict export licence rules faced by arms manufacturers.

“There is a culture of impunity permeating across the private surveillance market, given that there are no strict export controls on the sale of this technology, as there are on the sale of conventional weapons,” said Matthew Rice, research consultant with Privacy International.

“This market profits off the suffering of people around the world, yet it lacks any sort of effective oversight or accountability.

“This lack of regulation has allowed companies to export surveillance technology to countries that use their newly acquired surveillance capability to spy on human rights activists, journalists and political movements.”

Privacy International hopes the Surveillance Industry Index will give academics, politicians and campaigners a chance to look at the type of surveillance technologies now available in the hope of sparking a debate about improved regulation.

The documents include a brochure from a company called Advanced Middle East Systems (AMES), based in Dubai. It has been offering a device called Cerebro – a DIY system similar to the Tempora programme run by GCHQ – that taps information from fibre-optic cables carrying internet traffic.

AMES describes Cerebro as a “core technology designed to monitor and analyse in real time communications … including SMS (texting), GSM (mobile calls), billing data, emails, conversations, webmail, chat sessions and social networks.”

The company brochure makes clear this is done by attaching probes to internet cables. “No co-operation with the providers is required,” it adds.

“Cerebro is designed to store several billions of records – metadata and/or communication contents. At any time the investigators can follow the live activity of their target with advanced targeting criteria (email addresses, phone numbers, key words),” says the brochure.

AMES refused to comment after being contacted by the Guardian, but said it followed similar protocols to other surveillance companies. “We don’t want to interact with the press,” said a spokesman.

Another firm selling similar equipment is VASTech, based in South Africa, which has a system called Zebra. Potential buyers are told it has been designed to help “government security agencies face huge challenges in their combat against crime and terrorism”.

VASTech says Zebra offers “access to high volumes of information generated via telecommunication services for the purposes of analysis and investigation”.

It has been designed to “intercept all content and metadata of voice, SMS, email and fax communications on the connected network, creating a rich repository of information”.

A spokesman for the company said: “VASTech produces products for governmental law enforcement agencies. These products have the primary goal of reducing specifically cross-border crimes such as child pornography, human trafficking, drug smuggling, weapon smuggling, money laundering, corruption and terrorist activities. We compete internationally and openly against several suppliers of similar systems.

“We only supply legal governments, which are not subjected to international sanctions. Should their status change in this regard, we hold the right to withdraw our supplies and support unilaterally.”

Ann McKechin, a Labour member of the arms export control committee, said: “Obviously we are concerned about how our government provides licences, given these new types of technology.

“Software technology is now becoming a very large component of our total exports and how we police it before it gets out of country will become an increasingly difficult question and I think the government has to review its processes to consider whether they are fit for the task.”

She said the Department for Business, Innovation and Skills, which has responsibility for granting export licences, had to ensure it has the skills and knowledge to assess new technologies, particularly if they were being sold to “countries of concern”.

“The knowledge of staff which maybe more geared to more traditional types of weaponry,” she added.

A business department spokesperson said: “The government agrees that further regulation is necessary. These products have legitimate uses in defending networks and tracking and disrupting criminals, but we recognise that they may also be used to conduct espionage.

“Given the international nature of this problem we believe that an internationally agreed solution will be the most effective response. That is why the UK is leading international efforts to agree export controls on specific technologies of concern.

“We expect to be able to announce real progress in this area in early December.”
What’s on offer

Some companies offer a range of spy equipment that would not look out of place in a James Bond film

Spy vans

Ordinary vans, cars and motorbikes can be customised to offer everything a spy could need. Tiny cameras and microphones are hidden in wing mirrors, headlights and even the makers’ logo. Vehicles can also be fitted with the latest mass surveillance technology, allowing them to intercept, assess and store a range of digital communications from the surrounding area.

Hidden cameras

The range of objects that can hide high-quality cameras and recording equipment appears almost limitless; from a box of tissues giving a 360-degree view of the room, to a child’s car seat, a brick and a key fob. Remote controls allow cameras to follow targets as they move around a room and have a powerful zoom to give high definition close-ups.

Recorders

As with cameras recording equipment is getting more sophisticated and more ubiquitous. From cigarette lighters to pens their are limitless ways to listen in on other people’s conversations. One firm offers a special strap microphone that straps to the wearer’s would be spies’ back and records conversations going on directly behind them. According to the brochure: “[This] is ideal because people in a crowd think that someone with their back turned can’t hear their conversation.. Operatives can work much closer to their target.”

Handheld ‘biometric cameras’

This system, made by a UK firm, is currently being used by British forces in Afghanistan to help troops identify potential terrorists. The brochure for the Mobile Biometric Platform says: “Innocent civilian or Insurgent? Not Certain? Our systems are.” It adds: “The MBP is tailored for military use and enables biometric enrolment and identification of finger, face and iris against on board watchlists in real time from live or forensic data.”

Mobile phone locators

It is now possible, from a single laptop computer, to locate where a mobile phone is calling from anywhere in the world, with an accuracy of between 200 metres and a mile. This is not done by attaching probes, and it is not limited to the area where the laptop is working from. The “cross border” system means it is now theoretically possible to locate a mobile phone call from a town abroad from a laptop in London.

Nick Hopkins and Matthew Taylor
The Guardian, Monday 18 November 2013 21.42 GMT

Find this story at 18 November 2013

© 2013 Guardian News and Media Limited or its affiliated companies. All rights reserved.

Security experts say that Canadian intelligence has developed a powerful spying tool to scope out and target specific phones and computers so as to better set up hacking and bugging operations.

The outlines of the technology are contained in the slides of a PowerPoint presentation made to allied security agencies in June, 2012. Communications Security Establishment Canada (CSEC) called the tool “Olympia,” showing how its analysts sifted through an immense amount of communications data and zeroed in on the phones and computer servers they determined merited attention – in the demonstration case, inside the Brazilian Ministry of Energy and Mines.

Within weeks, CSEC figured out who was talking to whom by plugging phone numbers and Internet protocol addresses into an array of intelligence databases. In this way it “developed a detailed map of the institution’s communications,” Paulo Pagliusi, a Brazilian security expert who examined the slides, told The Globe.

The slides are part of a large trove of documents that have been leaked by Edward Snowden, the former contractor with the U.S. National Security Agency (NSA) whose disclosures have set off a debate over whether the agency has improperly intruded on the privacy of Americans. Other disclosures have raised questions about its spying on foreign governments, sometimes with the assistance of allied intelligence agencies.

The Globe and Mail has collaborated with the Brazil-based American journalist Glenn Greenwald, based on information obtained from the Snowden documents. Mr. Snowden, who went into hiding in Hong Kong before the first cache of NSA documents was leaked, has been charged by the United States with espionage and theft of government property. Russia has granted him temporary sanctuary.

Canadian officials declined to comment on the slides. Responding to an e-mail requesting comment on whether Canada co-operated with its U.S. counterpart in tapping into Brazilian communications, CSEC spokesman Andy McLaughlin said the agency “cannot comment on its foreign intelligence activities or capabilities.” Prime Minister Stephen Harper said earlier this month that he is “very concerned” about reports CSEC focused on the Brazil ministry.

Any ability to sift through telecommunications data for specific leads can be valuable for electronic-eavesdropping agencies, especially the capacity to map out – without necessarily listening into – an organization’s Internet or voice communications. This, in turn, can help isolate specific devices for potential hacking operations. By developing “Olympia” as a method for doing just this, Canada added to its spymasters’ toolkit.

The PowerPoint presentation by CSEC was first reported by Brazil’s Fantastico TV program, which earlier reported the NSA spying, in conjunction with Mr. Greenwald. Brazilian officials expressed outrage at the United States, but their criticism of Canada was more fleeting. They say they now intend to put public employees on an encrypted e-mail system.

The CSEC presentation – titled Advanced Network Tradecraft – described a technological reconnaissance mission aimed at the Brazilian energy ministry in April and May of 2012. According to the presentation, the agency knew very little about the ministry going in, apart from its Internet domain name and a few associated phone numbers. The presentation never makes clear CSEC’s intentions for targeting the Brazilian ministry.

The leaked slides also suggest Canada sought to partner with the NSA, with one slide saying CSEC was “working with TAO to further examine the possibility” of a more aggressive operation to intercept Internet communications.

“TAO” refers to “tailored access operations,” said Bruce Schneier, a privacy specialist for the Berkman Center for the Internet and Society at Harvard. “It’s the NSA ‘blackbag’ people.” (A “blackbag job” refers to a government-sanctioned break-and-enter operation – hacking in this case – to acquire intelligence.)

It is not clear whether CSEC or the NSA followed up with other actions involving the Brazilian ministry.

COLIN FREEZE AND STEPHANIE NOLEN
WASHINGTON and RIO DE JANEIRO — The Globe and Mail
Published Saturday, Oct. 19 2013, 8:00 AM EDT

Find this story at 19 October 2013

© Copyright 2013 The Globe and Mail Inc.

Une semaine après les manifestations d’indignation exprimées par les autorités politiques françaises après les révélations du Monde sur l’ampleur des interceptions électroniques réalisées, en France, par l’Agence nationale de sécurité (NSA) américaine, de nouveaux éléments montrent que cette émotion pouvait être, en partie, feinte.

Mardi 29 octobre, devant la commission du renseignement de la Chambre des représentants, le chef de la NSA, le général Keith Alexander, a juré que les informations du Monde ainsi que celles d’El Mundo, en Espagne, et de L’Espresso, en Italie, sur l’interception de communications de citoyens européens par la NSA étaient « complètement fausses ». Il a précisé qu’il s’agissait de « données fournies à la NSA » par ces mêmes partenaires européens.

Quelques heures plus tôt, le quotidien américain The Wall Street Journal, s’appuyant sur des sources anonymes, affirmait que les 70,3 millions de données téléphoniques collectées en France, par la NSA, entre le 10 décembre 2012 et le 8 janvier 2013, ont été communiquées par les services français eux-mêmes. Ces éléments auraient été transmis, selon ce journal, conformément à un accord de coopération en matière de renseignement entre les Etats-Unis et la France.

UN ACCORD DE COOPÉRATION CONNU SOUS LE NOM DE « LUSTRE »

Ces informations, qui tendent à dédouaner la NSA de toute intrusion, ne permettent de progresser dans la compréhension de l’espionnage américain dans le monde qu’à condition de les mettre en résonance avec l’éclairage apporté, le 28 octobre, par la Süddeutsche Zeitung. La presse allemande a signalé, grâce à une note dévoilée par l’ex-consultant de la NSA Edward Snowden, l’existence d’un accord de coopération sur la surveillance entre la France et les Etats-Unis connu sous le nom de « Lustre ».

Selon nos informations, recueillies auprès d’un haut responsable de la communauté du renseignement en France, la direction des services extérieurs français, la DGSE, a, en effet, établi, à partir de la fin 2011 et début 2012, un protocole d’échange de données avec les Etats-Unis.

La France bénéficie d’un positionnement stratégique en matière de transport de données électroniques. Les câbles sous-marins par lesquels transitent la plupart des données provenant d’Afrique et d’Afghanistan atterrissent à Marseille et à Penmarc’h, en Bretagne. Ces zones stratégiques sont à la portée de la DGSE française, qui intercepte et stocke l’essentiel de ce flux entre l’étranger et la France.

“UN TROC ENTRE LA DIRECTION DE LA NSA ET CELLE DE LA DGSE”

« C’est un troc qui s’est institué entre la direction de la NSA et celle de la DGSE, explique la même source. On donne des blocs entiers sur ces zones et ils nous donnent, en contrepartie, des parties du monde où nous sommes absents, mais la négociation ne s’est pas effectuée en une fois, le périmètre du partage s’élargit au fil des discussions qui se prolongent encore aujourd’hui. »

Il paraît donc, a priori, en partie exact, qu’une partie des données téléphoniques transitant sur le sol français soit transmise, conformément aux accords de coopération, et sans tri préalable, par la DGSE à la NSA. Il s’agit donc de données concernant aussi bien des citoyens français recevant des communications de ces zones géographiques que d’étrangers utilisant ces canaux.

Il paraît peu probable que le gouvernement français, qui supervise le financement des infrastructures d’interception et de stockage de la DGSE, ne soit pas au courant de ces pratiques. Ce qui relativise la sincérité des récriminations françaises après l’annonce, par Le Monde, de ces interceptions américaines.

GÉOGRAPHIE SOUS-MARINE

L’absence de statut juridique clair des métadonnées en France et l’étrange discrétion de la Commission nationale de contrôle des interceptions de sécurité (CNCIS) paraissent, de plus, avoir facilité la transmission à la NSA par la DGSE de millions de données relevant de la vie privée de millions de Français.

Au regard de la quantité des interceptions réalisées en un seul mois, la justification avancée par les services de renseignement concernant des questions liées à la lutte contre le terrorisme peut également être sujette à caution.

D’après un responsable à Matignon, la France n’est pas la seule à « troquer » ainsi les données passant sur son territoire. Elle appartiendrait à « une amicale » qui comprend des pays tels qu’Israël, la Suède ou l’Italie, vers lesquels convergent également des câbles sous-marins stratégiques pour les Américains. Depuis 2011, une nouvelle redistribution des cartes de la coopération en matière de renseignement s’est ainsi réalisée sur le seul fondement de cette géographie sous-marine.

RESPONSABILITÉ DES AUTORITÉS POLITIQUES FRANÇAISES

Ces informations viennent donc préciser celles déjà publiées par Le Monde concernant la collecte, en un mois, par la NSA, de 70,3 millions de données téléphoniques concernant la France. Qu’une partie de ces informations soient transmises avec l’assentiment de la DGSE ne change en rien son caractère attentatoire aux libertés. Ce nouvel éclairage pose avant tout la responsabilité des autorités politiques françaises. Sollicitée sur cette coopération, la DGSE s’est refusée à tout commentaire.

Par ailleurs, Le Monde maintient, sur la base des documents dévoilés par Edward Snowden permettant de décrypter les tableaux d’interceptions de données téléphoniques et numériques à travers le monde, qu’il s’agit d’opérations « contre » un pays nommé. Dans ce cas précis, la France.

Un haut responsable du renseignement français, joint, mercredi matin, a admis, sous couvert d’anonymat, l’existence de « ces échanges de données ». Il a néanmoins démenti « catégoriquement » que la DGSE puisse transférer « 70,3 millions de données à la NSA ».

LE MONDE | 30.10.2013 à 12h51
Par Jacques Follorou

Find this story at 30 October 2013

© Le Monde.fr

When Ban Ki-moon, the United Nations secretary general, sat down with President Obama at the White House in April to discuss Syrian chemical weapons, Israeli-Palestinian peace talks and climate change, it was a cordial, routine exchange.

The National Security Agency nonetheless went to work in advance and intercepted Mr. Ban’s talking points for the meeting, a feat the agency later reported as an “operational highlight” in a weekly internal brag sheet. It is hard to imagine what edge this could have given Mr. Obama in a friendly chat, if he even saw the N.S.A.’s modest scoop. (The White House won’t say.)

But it was emblematic of an agency that for decades has operated on the principle that any eavesdropping that can be done on a foreign target of any conceivable interest — now or in the future — should be done. After all, American intelligence officials reasoned, who’s going to find out?

From thousands of classified documents, the National Security Agency emerges as an electronic omnivore of staggering capabilities, eavesdropping and hacking its way around the world to strip governments and other targets of their secrets, all the while enforcing the utmost secrecy about its own operations. It spies routinely on friends as well as foes, as has become obvious in recent weeks; the agency’s official mission list includes using its surveillance powers to achieve “diplomatic advantage” over such allies as France and Germany and “economic advantage” over Japan and Brazil, among other countries.

Mr. Obama found himself in September standing uncomfortably beside the president of Brazil, Dilma Rousseff, who was furious at being named as a target of N.S.A. eavesdropping. Since then, there has been a parade of such protests, from the European Union, Mexico, France, Germany and Spain. Chagrined American officials joke that soon there will be complaints from foreign leaders feeling slighted because the agency had not targeted them.

James R. Clapper Jr., the director of national intelligence, has repeatedly dismissed such objections as brazen hypocrisy from countries that do their own share of spying. But in a recent interview, he acknowledged that the scale of eavesdropping by the N.S.A., with 35,000 workers and $10.8 billion a year, sets it apart. “There’s no question that from a capability standpoint we probably dwarf everybody on the planet, just about, with perhaps the exception of Russia and China,” he said.

Since Edward J. Snowden began releasing the agency’s documents in June, the unrelenting stream of disclosures has opened the most extended debate on the agency’s mission since its creation in 1952. The scrutiny has ignited a crisis of purpose and legitimacy for the N.S.A., the nation’s largest intelligence agency, and the White House has ordered a review of both its domestic and its foreign intelligence collection. While much of the focus has been on whether the agency violates Americans’ privacy, an issue under examination by Congress and two review panels, the anger expressed around the world about American surveillance has prompted far broader questions.

If secrecy can no longer be taken for granted, when does the political risk of eavesdropping overseas outweigh its intelligence benefits? Should foreign citizens, many of whom now rely on American companies for email and Internet services, have any privacy protections from the N.S.A.? Will the American Internet giants’ collaboration with the agency, voluntary or otherwise, damage them in international markets? And are the agency’s clandestine efforts to weaken encryption making the Internet less secure for everyone?

Matthew M. Aid, an intelligence historian and author of a 2009 book on the N.S.A., said there is no precedent for the hostile questions coming at the agency from all directions.

“From N.S.A.’s point of view, it’s a disaster,” Mr. Aid said. “Every new disclosure reinforces the notion that the agency needs to be reined in. There are political consequences, and there will be operational consequences.”

A review of classified agency documents obtained by Mr. Snowden and shared with The New York Times by The Guardian, offers a rich sampling of the agency’s global operations and culture. (At the agency’s request, The Times is withholding some details that officials said could compromise intelligence operations.) The N.S.A. seems to be listening everywhere in the world, gathering every stray electron that might add, however minutely, to the United States government’s knowledge of the world. To some Americans, that may be a comfort. To others, and to people overseas, that may suggest an agency out of control.

The C.I.A. dispatches undercover officers overseas to gather intelligence today roughly the same way spies operated in biblical times. But the N.S.A., born when the long-distance call was a bit exotic, has seen its potential targets explode in number with the advent of personal computers, the Internet and cellphones. Today’s N.S.A. is the Amazon of intelligence agencies, as different from the 1950s agency as that online behemoth is from a mom-and-pop bookstore. It sucks the contents from fiber-optic cables, sits on telephone switches and Internet hubs, digitally burglarizes laptops and plants bugs on smartphones around the globe.

Mr. Obama and top intelligence officials have defended the agency’s role in preventing terrorist attacks. But as the documents make clear, the focus on counterterrorism is a misleadingly narrow sales pitch for an agency with an almost unlimited agenda. Its scale and aggressiveness are breathtaking.

The agency’s Dishfire database — nothing happens without a code word at the N.S.A. — stores years of text messages from around the world, just in case. Its Tracfin collection accumulates gigabytes of credit card purchases. The fellow pretending to send a text message at an Internet cafe in Jordan may be using an N.S.A. technique code-named Polarbreeze to tap into nearby computers. The Russian businessman who is socially active on the web might just become food for Snacks, the acronym-mad agency’s Social Network Analysis Collaboration Knowledge Services, which figures out the personnel hierarchies of organizations from texts.

The spy agency’s station in Texas intercepted 478 emails while helping to foil a jihadist plot to kill a Swedish artist who had drawn pictures of the Prophet Muhammad. N.S.A. analysts delivered to authorities at Kennedy International Airport the names and flight numbers of workers dispatched by a Chinese human smuggling ring.

The agency’s eavesdropping gear, aboard a Defense Department plane flying 60,000 feet over Colombia, fed the location and plans of FARC rebels to the Colombian Army. In the Orlandocard operation, N.S.A. technicians set up what they called a “honeypot” computer on the web that attracted visits from 77,413 foreign computers and planted spyware on more than 1,000 that the agency deemed of potential future interest.

The Global Phone Book

No investment seems too great if it adds to the agency’s global phone book. After mounting a major eavesdropping effort focused on a climate change conference in Bali in 2007, agency analysts stationed in Australia’s outback were especially thrilled by one catch: the cellphone number of Bali’s police chief.

“Our mission,” says the agency’s current five-year plan, which has not been officially scheduled for declassification until 2032, “is to answer questions about threatening activities that others mean to keep hidden.”

The aspirations are grandiose: to “utterly master” foreign intelligence carried on communications networks. The language is corporate: “Our business processes need to promote data-driven decision-making.” But the tone is also strikingly moralistic for a government bureaucracy. Perhaps to counter any notion that eavesdropping is a shady enterprise, signals intelligence, or Sigint, the term of art for electronic intercepts, is presented as the noblest of callings.

“Sigint professionals must hold the moral high ground, even as terrorists or dictators seek to exploit our freedoms,” the plan declares. “Some of our adversaries will say or do anything to advance their cause; we will not.”

The N.S.A. documents taken by Mr. Snowden and shared with The Times, numbering in the thousands and mostly dating from 2007 to 2012, are part of a collection of about 50,000 items that focus mainly on its British counterpart, Government Communications Headquarters or G.C.H.Q.

While far from comprehensive, the documents give a sense of the agency’s reach and abilities, from the Navy ships snapping up radio transmissions as they cruise off the coast of China, to the satellite dishes at Fort Meade in Maryland ingesting worldwide banking transactions, to the rooftops of 80 American embassies and consulates around the world from which the agency’s Special Collection Service aims its antennas.

The agency and its many defenders among senior government officials who have relied on its top secret reports say it is crucial to American security and status in the world, pointing to terrorist plots disrupted, nuclear proliferation tracked and diplomats kept informed.

But the documents released by Mr. Snowden sometimes also seem to underscore the limits of what even the most intensive intelligence collection can achieve by itself. Blanket N.S.A. eavesdropping in Afghanistan, described in the documents as covering government offices and the hide-outs of second-tier Taliban militants alike, has failed to produce a clear victory against a low-tech enemy. The agency kept track as Syria amassed its arsenal of chemical weapons — but that knowledge did nothing to prevent the gruesome slaughter outside Damascus in August.

The documents are skewed toward celebration of the agency’s self-described successes, as underlings brag in PowerPoints to their bosses about their triumphs and the managers lay out grand plans. But they do not entirely omit the agency’s flubs and foibles: flood tides of intelligence gathered at huge cost that goes unexamined; intercepts that cannot be read for lack of language skills; and computers that — even at the N.S.A. — go haywire in all the usual ways.

Mapping Message Trails

In May 2009, analysts at the agency learned that Iran’s supreme leader, Ayatollah Ali Khamenei, was to make a rare trip to Kurdistan Province in the country’s mountainous northwest. The agency immediately organized a high-tech espionage mission, part of a continuing project focused on Ayatollah Khamenei called Operation Dreadnought.

Working closely with the National Geospatial-Intelligence Agency, which handles satellite photography, as well as G.C.H.Q., the N.S.A. team studied the Iranian leader’s entourage, its vehicles and its weaponry from satellites, and intercepted air traffic messages as planes and helicopters took off and landed.

They heard Ayatollah Khamenei’s aides fretting about finding a crane to load an ambulance and fire truck onto trucks for the journey. They listened as he addressed a crowd, segregated by gender, in a soccer field.

They studied Iranian air defense radar stations and recorded the travelers’ rich communications trail, including Iranian satellite coordinates collected by an N.S.A. program called Ghosthunter. The point was not so much to catch the Iranian leader’s words, but to gather the data for blanket eavesdropping on Iran in the event of a crisis.

This “communications fingerprinting,” as a document called it, is the key to what the N.S.A. does. It allows the agency’s computers to scan the stream of international communications and pluck out messages tied to the supreme leader. In a crisis — say, a showdown over Iran’s nuclear program — the ability to tap into the communications of leaders, generals and scientists might give a crucial advantage.

On a more modest scale, the same kind of effort, what N.S.A. calls “Sigint development,” was captured in a document the agency obtained in 2009 from Somalia — whether from a human source or an electronic break-in was not noted. It contained email addresses and other contact details for 117 selected customers of a Mogadishu Internet service, Globalsom.

While most on the list were Somali officials or citizens, presumably including some suspected of militancy, the document also included emails for a United Nations political officer in Mogadishu and a local representative for the charity World Vision, among other international institutions. All, it appeared, were considered fair game for monitoring.

This huge investment in collection is driven by pressure from the agency’s “customers,” in government jargon, not only at the White House, Pentagon, F.B.I. and C.I.A., but also spread across the Departments of State and Energy, Homeland Security and Commerce, and the United States Trade Representative.

By many accounts, the agency provides more than half of the intelligence nuggets delivered to the White House early each morning in the President’s Daily Brief — a measure of success for American spies. (One document boasts that listening in on Nigerian State Security had provided items for the briefing “nearly two dozen” times.) In every international crisis, American policy makers look to the N.S.A. for inside information.

Pressure to Get Everything

That creates intense pressure not to miss anything. When that is combined with an ample budget and near-invisibility to the public, the result is aggressive surveillance of the kind that has sometimes gotten the agency in trouble with the Foreign Intelligence Surveillance Court, a United States federal court that polices its programs for breaches of Americans’ privacy.

In the funding boom that followed the Sept. 11 attacks, the agency expanded and decentralized far beyond its Fort Meade headquarters in Maryland, building or expanding major facilities in Georgia, Texas, Colorado, Hawaii, Alaska, Washington State and Utah. Its officers also operate out of major overseas stations in England, Australia, South Korea and Japan, at overseas military bases, and from locked rooms housing the Special Collection Service inside American missions abroad.

The agency, using a combination of jawboning, stealth and legal force, has turned the nation’s Internet and telecommunications companies into collection partners, installing filters in their facilities, serving them with court orders, building back doors into their software and acquiring keys to break their encryption.

But even that vast American-run web is only part of the story. For decades, the N.S.A. has shared eavesdropping duties with the rest of the so-called Five Eyes, the Sigint agencies of Britain, Canada, Australia and New Zealand. More limited cooperation occurs with many more countries, including formal arrangements called Nine Eyes and 14 Eyes and Nacsi, an alliance of the agencies of 26 NATO countries.

The extent of Sigint sharing can be surprising: “N.S.A. may pursue a relationship with Vietnam,” one 2009 G.C.H.Q. document reported. But a recent G.C.H.Q. training document suggests that not everything is shared, even between the United States and Britain. “Economic well-being reporting,” it says, referring to intelligence gathered to aid the British economy, “cannot be shared with any foreign partner.”

As at the school lunch table, decisions on who gets left out can cause hurt feelings: “Germans were a little grumpy at not being invited to join the 9-Eyes group,” one 2009 document remarks. And in a delicate spy-versus-spy dance, sharing takes place even with governments that are themselves important N.S.A. targets, notably Israel.

The documents describe collaboration with the Israel Sigint National Unit, which gets raw N.S.A. eavesdropping material and provides it in return, but they also mention the agency’s tracking of “high priority Israeli military targets,” including drone aircraft and the Black Sparrow missile system.

The alliances, and the need for stealth, can get complicated. At one highly valued overseas listening post, the very presence of American N.S.A. personnel violates a treaty agreed to by the agency’s foreign host. Even though much of the eavesdropping is run remotely from N.S.A.’s base at Fort Gordon, Ga., Americans who visit the site must pose as contractors, carry fake business cards and are warned: “Don’t dress as typical Americans.”

“Know your cover legend,” a PowerPoint security briefing admonishes the N.S.A. staff members headed to the overseas station, directing them to “sanitize personal effects,” send no postcards home and buy no identifiably local souvenirs. (“An option might be jewelry. Most jewelry does not have any markings” showing its place of origin.)

Bypassing Security

In the agency’s early years, its brainy staff members — it remains the largest employer of mathematicians in the country — played an important role in the development of the first computers, then largely a tool for code breaking.

Today, with personal computers, laptops, tablets and smartphones in most homes and government offices in the developed world, hacking has become the agency’s growth area.

Some of Mr. Snowden’s documents describe the exploits of Tailored Access Operations, the prim name for the N.S.A. division that breaks into computers around the world to steal the data inside, and sometimes to leave spy software behind. T.A.O. is increasingly important in part because it allows the agency to bypass encryption by capturing messages as they are written or read, when they are not encoded.

In Baghdad, T.A.O. collected messages left in draft form in email accounts maintained by leaders of the Islamic State of Iraq, a militant group. Under a program called Spinaltap, the division’s hackers identified 24 unique Internet Protocol addresses identifying computers used by the Lebanese militant group Hezbollah, making it possible to snatch Hezbollah messages from the flood of global communications sifted by the agency.

The N.S.A.’s elite Transgression Branch, created in 2009 to “discover, understand, evaluate and exploit” foreign hackers’ work, quietly piggybacks on others’ incursions into computers of interest, like thieves who follow other housebreakers around and go through the windows they have left ajar.

In one 2010 hacking operation code-named Ironavenger, for instance, the N.S.A. spied simultaneously on an ally and an adversary. Analysts spotted suspicious emails being sent to a government office of great intelligence interest in a hostile country and realized that an American ally was “spear-phishing” — sending official-looking emails that, when opened, planted malware that let hackers inside.

The Americans silently followed the foreign hackers, collecting documents and passwords from computers in the hostile country, an elusive target. They got a look inside that government and simultaneously got a close-up look at the ally’s cyberskills, the kind of intelligence twofer that is the unit’s specialty.

In many other ways, advances in computer and communications technology have been a boon for the agency. N.S.A. analysts tracked the electronic trail left by a top leader of Al Qaeda in Africa each time he stopped to use a computer on his travels. They correctly predicted his next stop, and the police were there to arrest him.

And at the big N.S.A. station at Fort Gordon, technicians developed an automated service called “Where’s My Node?” that sent an email to an analyst every time a target overseas moved from one cell tower to another. Without lifting a finger, an analyst could follow his quarry’s every move.

The Limits of Spying

The techniques described in the Snowden documents can make the N.S.A. seem omniscient, and nowhere in the world is that impression stronger than in Afghanistan. But the agency’s capabilities at the tactical level have not been nearly enough to produce clear-cut strategic success there, in the United States’ longest war.

A single daily report from June 2011 from the N.S.A.’s station in Kandahar, Afghanistan, the heart of Taliban country, illustrates the intensity of eavesdropping coverage, requiring 15 pages to describe a day’s work.

The agency listened while insurgents from the Haqqani network mounted an attack on the Hotel Intercontinental in Kabul, overhearing the attackers talking to their bosses in Pakistan’s tribal area and recording events minute by minute. “Ruhullah claimed he was on the third floor and had already inflicted one casualty,” the report said in a typical entry. “He also indicated that Hafiz was located on a different floor.”

N.S.A. officers listened as two Afghan Foreign Ministry officials prepared for a meeting between President Hamid Karzai of Afghanistan and Iranian officials, assuring them that relations with the United States “would in no way threaten the interests of Iran,” which they decided Mr. Karzai should describe as a “brotherly country.”

The N.S.A. eavesdropped as the top United Nations official in Afghanistan, Staffan de Mistura, consulted his European Union counterpart, Vygaudas Usackas, about how to respond to an Afghan court’s decision to overturn the election of 62 members of Parliament.

And the agency was a fly on the wall for a long-running land dispute between the mayor of Kandahar and a prominent local man known as the Keeper of the Cloak of the Prophet Muhammad, with President Karzai’s late brother, Ahmed Wali Karzai, as a mediator.

The agency discovered a Taliban claim to have killed five police officers at a checkpoint by giving them poisoned yogurt, and heard a provincial governor tell an aide that a district police chief was verbally abusing women and clergymen.

A Taliban figure, Mullah Rahimullah Akhund, known on the United States military’s kill-or-capture list by the code name Objective Squiz Incinerator, was overheard instructing an associate to buy suicide vests and a Japanese motorbike, according to the documents.

And N.S.A. listened in as a Saudi extremist, Abu Mughira, called his mother to report that he and his fellow fighters had entered Afghanistan and “done victorious operations.”

Such reports flowed from the agency’s Kandahar station day after day, year after year, and surely strengthened the American campaign against the Taliban. But they also suggest the limits of intelligence against a complex political and military challenge. The N.S.A. recorded the hotel attack, but it had not prevented it. It tracked Mr. Karzai’s government, but he remained a difficult and volatile partner. Its surveillance was crucial in the capture or killing of many enemy fighters, but not nearly enough to remove the Taliban’s ominous shadow from Afghanistan’s future.

Mining All the Tidbits

In the Afghan reports and many others, a striking paradox is the odd intimacy of a sprawling, technology-driven agency with its targets. It is the one-way intimacy of the eavesdropper, as N.S.A. employees virtually enter the office cubicles of obscure government officials and the Spartan hide-outs of drug traffickers and militants around the world.

Venezuela, for instance, was one of six “enduring targets” in N.S.A.’s official mission list from 2007, along with China, North Korea, Iraq, Iran and Russia. The United States viewed itself in a contest for influence in Latin America with Venezuela’s leader then, the leftist firebrand Hugo Chávez, who allied himself with Cuba, and one agency goal was “preventing Venezuela from achieving its regional leadership objectives and pursuing policies that negatively impact U.S. global interests.”

A glimpse of what this meant in practice comes in a brief PowerPoint presentation from August 2010 on “Development of the Venezuelan Economic Mission.” The N.S.A. was tracking billions of dollars flowing to Caracas in loans from China (radar systems and oil drilling), Russia (MIG fighter planes and shoulder-fired missiles) and Iran (a factory to manufacture drone aircraft).

But it was also getting up-close and personal with Venezuela’s Ministry of Planning and Finance, monitoring the government and personal emails of the top 10 Venezuelan economic officials. An N.S.A. officer in Texas, in other words, was paid each day to peruse the private messages of obscure Venezuelan bureaucrats, hunting for tidbits that might offer some tiny policy edge.

In a counterdrug operation in late 2011, the agency’s officers seemed to know more about relations within a sprawling narcotics network than the drug dealers themselves. They listened to “Ricketts,” a Jamaican drug supplier based in Ecuador, struggling to keep his cocaine and marijuana smuggling business going after an associate, “Gordo,” claimed he had paid $250,000 and received nothing in return.

The N.S.A., a report said, was on top of not just their cellphones, but also those of the whole network of “buyers, transporters, suppliers, and middlemen” stretching from the Netherlands and Nova Scotia to Panama City and Bogotá, Colombia. The documents do not say whether arrests resulted from all that eavesdropping.

Even with terrorists, N.S.A. units can form a strangely personal relationship. The N.S.A.-G.C.H.Q. wiki, a top secret group blog that Mr. Snowden downloaded, lists 14 specialists scattered in various stations assigned to Lashkar-e-Taiba, the Pakistani terrorist group that carried out the bloody attack on Mumbai in 2008, with titles including “Pakistan Access Pursuit Team” and “Techniques Discovery Branch.” Under the code name Treaclebeta, N.S.A.’s hackers at Tailored Access Operations also played a role.

In the wiki’s casual atmosphere, American and British eavesdroppers exchange the peculiar shoptalk of the secret world. “I don’t normally use Heretic to scan the fax traffic, I use Nucleon,” one user writes, describing technical tools for searching intercepted documents.

But most striking are the one-on-one pairings of spies and militants; Bryan is assigned to listen in on a man named Haroon, and Paul keeps an ear on Fazl.

A Flood of Details

One N.S.A. officer on the Lashkar-e-Taiba beat let slip that some of his eavesdropping turned out to be largely pointless, perhaps because of the agency’s chronic shortage of skilled linguists. He “ran some queries” to read intercepted communications of certain Lashkar-e-Taiba members, he wrote in the wiki, but added: “Most of it is in Arabic or Farsi, so I can’t make much of it.”

It is a glimpse of the unsurprising fact that sometimes the agency’s expensive and expansive efforts accomplish little. Despite the agency’s embrace of corporate jargon on goal-setting and evaluation, it operates without public oversight in an arena in which achievements are hard to measure.

In a world of ballooning communications, the agency is sometimes simply overwhelmed. In 2008, the N.S.A.’s Middle East and North Africa group set about updating its Sigint collection capabilities. The “ambitious scrub” of selectors — essentially search terms — cut the number of terms automatically searched from 21,177 to 7,795 and the number of messages added to the agency’s Pinwale database from 850,000 a day to 450,000 a day.

The reduction in volume was treated as a major achievement, opening the way for new collection on Iranian leadership and Saudi and Syrian diplomats, the report said.

And in a note that may comfort computer novices, the N.S.A. Middle East analysts discovered major glitches in their search software: The computer was searching for the names of targets but not their email addresses, a rather fundamental flaw. “Over 500 messages in one week did not come in,” the report said about one target.

Those are daily course corrections. Whether the Snowden disclosures will result in deeper change is uncertain. Joel F. Brenner, the agency’s former inspector general, says much of the criticism is unfair, reflecting a naïveté about the realpolitik of spying. “The agency is being browbeaten for doing too well the things it’s supposed to do,” he said.

But Mr. Brenner added that he believes “technology has outrun policy” at the N.S.A., and that in an era in which spying may well be exposed, “routine targeting of close allies is bad politics and is foolish.”

Another former insider worries less about foreign leaders’ sensitivities than the potential danger the sprawling agency poses at home. William E. Binney, a former senior N.S.A. official who has become an outspoken critic, says he has no problem with spying on foreign targets like Brazil’s president or the German chancellor, Angela Merkel. “That’s pretty much what every government does,” he said. “It’s the foundation of diplomacy.” But Mr. Binney said that without new leadership, new laws and top-to-bottom reform, the agency will represent a threat of “turnkey totalitarianism” — the capability to turn its awesome power, now directed mainly against other countries, on the American public.

“I think it’s already starting to happen,” he said. “That’s what we have to stop.”

Whatever reforms may come, Bobby R. Inman, who weathered his own turbulent period as N.S.A. director from 1977 to 1981, offers his hyper-secret former agency a radical suggestion for right now. “My advice would be to take everything you think Snowden has and get it out yourself,” he said. “It would certainly be a shock to the agency. But bad news doesn’t get better with age. The sooner they get it out and put it behind them, the faster they can begin to rebuild.”

November 2, 2013
By SCOTT SHANE

Find this story at 2 November 2013

© 2013 The New York Times Company

WASHINGTON D.C. – President Richard Nixon acknowledged that he had given instructions to “do anything short of a Dominican-type action” to keep the democratically elected president of Chile from assuming office, according to a White House audio tape posted by the National Security Archive today. A phone conversation captured by his secret Oval Office taping system reveals Nixon telling his press secretary, Ron Zeigler, that he had given such instructions to then U.S. Ambassador Edward Korry, “but he just failed, the son of a bitch…. He should have kept Allende from getting in.”

A transcript of the president’s comments on March 23, 1972, made after the leak of corporate papers revealing collaboration between ITT and the CIA to rollback the election of socialist leader Salvador Allende, was recently published in the National Security Archive book, The Pinochet File: A Declassified Dossier on Atrocity and Accountability by Peter Kornbluh; the tape marks the first time Nixon can be heard discussing his orders to undermine Chilean democracy. The conversation took place as Zeigler briefed the President on a State Department press conference to contain the growing ITT/CIA scandal which included one ITT document stating that Korry had been “given the green light to move in the name of President Nixon…to do all possible short of a Dominican Republic-type action to keep Allende from taking power.” Other declassified records show that Nixon secretly ordered maximum CIA covert operations to “prevent Allende from coming to power or unseat him” in the fall of 1970 but that Ambassador Korry was deliberately not informed of covert efforts to instigate a military coup.

When the White House-ordered covert operations failed to prevent Allende’s November 3, 1970, inauguration, Nixon’s national security advisor, Henry Kissinger, lobbied vigorously for a hard-line U.S. policy “to prevent [Allende] from consolidating himself now when we know he is weaker than he will ever be and when he obviously fears our pressure and hostility,” according to a previously unknown eight-page briefing paper prepared for the President on November 5, 1970. In the secret/sensitive “memorandum for the president” Kissinger claimed that Allende’s election posed “one of the most serious challenges ever faced in the hemisphere” and that Nixon’s “decision as to what to do about it may be the most historic and difficult foreign affairs decision you will have to make this year.” The memorandum reveals that Kissinger forcefully pressed the President to overrule the State Department’s position that there was little Washington could do to oppose the legitimately elected president of Chile and that the risks for U.S. interests of intervening to oppose him were greater than coexisting with him. “If all concerned do not understand that you want Allende opposed as strongly as we can, the result will be a steady drift toward the modus vivendi approach,” Kissinger informed Nixon.

Kissinger personally requested an hour to brief Nixon on November 5 in preparation for a National Security Council meeting to discuss Chile strategy the next day. The briefing paper records his threat perception of an Allende government as a model for other countries. As Kissinger informed the president: “The example of a successful elected Marxist government in Chile would surely have an impact on-an even precedent value for-other parts of the world, especially in Italy; the imitative spread of similar phenomena elsewhere would in turn significantly affect the world balance and our own position in it.” According to a transcript of the NSC meeting published in The Pinochet File, Nixon told his aides the next day that “our main concern is the prospect that [Allende] can consolidate himself and the picture projected to the world will be his success.”

“This document is the Rosetta stone for deciphering the motivations of Kissinger and Nixon in undermining Chilean democracy,” according to Peter Kornbluh who directs the Archive’s Chile Documentation Project. “It reinforces the judgement of history on Kissinger’s role as the primary advocate of overthrowing the Allende government.”

The Archive also posted today a series of declassified transcripts of Kissinger’s staff meetings after he became Secretary of State. The transcripts, dated from the days following the coup that brought General Augusto Pinochet to power through the first several years of his regime’s repression in Chile, record Kissinger’s attitude toward human rights atrocities and mounting Congressional pressure to curtail U.S. economic and military assistance the military regime. They are quoted at length in Kornbluh’s book, The Pinochet File, and recently cited in the New York Times Week in Review section (December 28, 2003).

According to the first transcript dated October 1, 1973, when Kissinger was informed by his assistant secretary of inter-American affairs of initial reports of massacres following the coup he told his staff that the U.S. should not defend what the regime was doing. However, he emphasized: “But I think we should understand our policy–that however unpleasant they act, the [military] government is better for us than Allende was.”

As pressure from human rights advocates mounted for Washington to distance itself from the Pinochet regime, according to the transcripts, Kissinger argued that the Chilean military government was no worse than other Latin American nations and repeatedly voiced concern that the junta would collapse without U.S. support. “I think the consequences could be very serious, if we cut them off from military aid,” Kissinger told his staff during a December 3, 1974, meeting.

The transcripts also capture Kissinger disparaging his own State Department staff for being soft on the human rights issue. In an exchange with Assistant Secretary for Latin America, William Rogers, on December 3, 1974, for example, Kissinger accuses his staff of “egging on” Senator Edward Kennedy who was the leading advocate of cutting assistance to the Pinochet regime on human rights grounds. “How many of our people are really egging Kennedy on,” Kissinger demands to know. At the beginning of a September 1975 meeting with Pinochet’ foreign minister, Adm. Patricio Carvajal, according to another transcript, Kissinger told him:

Well, I read the briefing paper for this meeting and it was nothing but Human Rights. The State Department is made up of people who have a vocation for the ministry. Because there were no enough churches for them, they went into the Department of State.
Note: The following documents are in PDF format.
You will need to download and install the free Adobe Acrobat Reader to view.

Hear/Read the Documents

l) White House Audio Tape, President Richard M. Nixon and White House press secretary Ron Zeigler, March 23, 1972

This audio clip is available in several formats:
Windows Media Audio – Broadband (1.1 MB – Streaming)
Windows Media Audio – Dial-up/56kb (298 KB – Streaming)
MP3 – (569 KB – Does not stream)

In this White House tape, President Nixon is recorded on March 23, 1972, speaking by phone to his White House press secretary, Ron Zeigler about damage control efforts on the first major covert operations scandal of the 1970s-the ITT papers on Chile. Zeigler reports on a State Department press conference held earlier in the afternoon. He tells the president that the key issue was an ITT memo that stated that in the fall of 1970, U.S. Ambassador Edward Korry had received a “green light” from the White House to “do everything short of a Dominican Republic-type action” to stop Allende. Nixon demands to know how that leaked out, and then emphatically states that Korry “was instructed” to do that. The President then scapegoats the Ambassador for failing to carry out those instructions. Numerous declassified records make it clear that Nixon and Kissinger explicitly ordered the CIA not to inform Ambassador Korry of their efforts to instigate a military coup to keep Allende from assuming office.

2) White House, SECRET/SENSITIVE Memorandum for the President, “Subject: NSC Meeting, November 6-Chile,” November 5, 1970

This briefing paper, found among thousands of NSC papers recently declassified by the Nixon Presidential Materials Project at NARA, reveals Kissinger’s forceful attempts to influence Nixon’s policy toward an Allende government prior to a pivotal National Security Council meeting on Chile. Written two days after Allende’s inauguration, Kissinger emphasizes to Nixon that his election “poses for us one of the most serious challenges ever faced in this hemisphere.” Nixon’s decisions on what to do about it, he informs the President, “may be the most historic and difficult foreign affairs decision you will have to make this year.” Kissinger lists the “serious threats” he perceives Allende to pose to U.S. interests in the region and the world, among them $1 billion in investments that could be lost, and the precedent-setting “example of a successful elected Marxist government.” The memo notes that Allende will seek to be: “internationally respectable; move cautiously and pragmatically; avoid immediate confrontations with us.” But Kissinger attributes this to Allende’s “gameplan” to “neutralize” his political opponents in Chile. Nixon’s national security advisor urges him to overrule the State Department position that the U.S. does “not have the capability of preventing Allende from consolidating himself or forcing his failure” and that U.S. influence was best gained by “maintain[ing] our relationship and our presence in Chile.” Instead Kissinger forcefully recommends a hostile policy of pressure and opposition, but implemented “quietly and covertly” for maximum effectiveness. “Contrary to your usual practice of not making a decision at NSC meetings,” the memo concludes, “it is essential that you make it crystal clear where you stand on this issue….If all concerned do not understand that you want Allende opposed as strongly as we can, the result will be a steady drift toward the modus vivendi approach.”

3) Department of State, SECRET/NODIS, “Secretary’s Staff Meeting, October 1, 1973”

At the first staff meeting following Henry Kissinger’s confirmation as Secretary of State, Chile is a key topic. In this transcript, Assistant Secretary for Latin America, Jack Kubisch, comes to the meeting from Capitol Hill and reports that legislators are peppering him with questions about massive atrocities by the new military regime in Chile. He tells Kissinger that Newsweek magazine has reported 2700 bodies piled up in the central morgue in Santiago. “I’ve been asked: ‘How many people have been killed? Is it true, the rumors we hear,'” Kubisch states. Kissinger responds by making his policy toward the new Pinochet regime clear. He tells his staff: “I agree that we should not knock down stories that later prove to be true, nor should we be in the position of defending what they’re doing in Santiago. But I think we should understand our policy-that however unpleasant they act, the government is better for us than Allende was.”

4) Department of State, SECRET/NODIS, “Secretary’s Staff Meeting, October 2, 1973”

In staff meeting the next day, Assistant Secretary Jack Kubisch asks Secretary Kissinger if Pinochet’s new foreign minister should be invited to an upcoming diplomatic luncheon in New York City with other Latin American ministers. “Your behavior with him will be watched very close by the others to see whether or not you are blessing the new regime in Chile, or whether it is just protocol,” Kubisch advises Kissinger. “What will be the test? How will they judge?,” Kissinger asks. “I suppose if you give him warm abrazzos, sitting next to you, and huddling in the corner, that will all be reported back to their governments. [Laughter.],” Kubisch responds.

5) Department of State, SECRET, “The Secretary’s 8:00 a.m. Regional Staff Meeting,” December 3, 1974

At this staff meeting, Secretary Kissinger spends considerable time discussing Congressional efforts, led by Senator Edward Kennedy, to restrict U.S. military assistance to the Pinochet regime. The transcript records Kissinger’s vehement opposition to such legislative initiatives, on the grounds that they are unfair to the Chilean military government, could lead to its collapse, and set a dangerous precedent for cutting assistance to other unsavory governments the Ford Administration is supporting. “Well, am I wrong that this sort of thing is likely to finish off that government?” he demands to know. Later he asks: “Is this government worse than the Allende government? Is human rights more severely threatened by this government than Allende?” According to Kissinger, “the worse crime of this government is that it is pro-American.” In response, Assistant Secretary for Latin America, William Rogers informs the Secretary, “in terms of freedom of association, Allende didn’t close down the opposition party. In terms of freedom of the press, Allende didn’t close down all the newspapers.”

6) Department of State, SECRET, “The Secretary’s Principals and Regionals Staff Meeting,” December 20, 1974

At this staff meeting, the discussion of the State Department’s response to Senator Kennedy’s efforts to curtail assistance continues. Kissinger tells his staff that he won’t tolerate concessions to Congress on human rights and again expresses concern that the Pinochet regime will collapse. “We can’t acquiesce on that, and I have to talk to the President,” he states. “We cannot get into that business while I’m here, of behaving that way, of making a deal with a Senator that we know is against the national interest. You know the only possible outcome of this can be an extreme left wing government in Chile or driving the Chilean Government sort of toward the Arabs.”

7) Department of State, SECRET, “The Secretary’s Regionals and Principals’ Staff Meeting,” December 23, 1974

During this meeting, Kissinger again presses his staff to resist efforts by Congress to encroach on executive branch prerogatives and curtail assistance to the Pinochet regime. He calls cutting military aid to Chile “insane.” His Assistant Secretary, William Rogers, is left to explain the political realities of the human rights movement to him. “It is insane. But, Mr. Secretary, it does reflect an extraordinary strong feeling amongst the Congress, as you well know.” The human rights issue, Rogers reiterates later in the meeting “has caught the imagination up on the Hill, as you well know, Mr. Secretary, and amongst the American people.” Kissinger protests that if Congress is able to curtail assistance to Chile, it will move to cut aid to other countries like South Korea and Turkey. “There isn’t going to be any end to it,” he states, and “we are going to wind up in an unbelievable precarious position, in which no country can afford to tie up with us….” He continues: “It is a problem of the whole foreign policy that is being pulled apart, pulling out thread by thread, under one pretext or another.”

8) Department of State, Memorandum of Conversation, Secretary’s Meeting with Foreign Minister Carvajal, September 29, 1975

This transcript records a meeting between Secretary Kissinger and Pinochet’s foreign minister, Patricio Carvajal, following Chile’s decision to cancel a visit by the United Nations Human Rights Commission investigating human rights crimes. Kissinger begins the meeting by disparaging his staff “who have a vocation for the ministry” for focusing on human rights in the briefing papers prepared for the meeting. He tells Carvajal that condemnation of the Pinochet regime’s human rights record is “a total injustice,” but that “somewhat visible” efforts by the regime to alleviate the situation would be useful in changing Congressional attitudes. “Our point of view is if you do something, let us know so we can use it with Congress.” Kissinger, Carvajal, and Assistant Secretary Rogers then discuss U.S. efforts to expedite Ex-Im Bank credits and multilateral loans to Chile as well as cash sales of military equipment. At the end of the meeting, Kissinger voices support for the regime’s idea to host the June 1976 OAS meeting in Santiago as a way of increasing Pinochet’s prestige and improving Chile’s negative image.

KISSINGER SECRETLY LOBBIED PRESIDENT
AGAINST “DRIFT TOWARD MODUS VIVENDI”
WITH ELECTED SOCIALIST PRESIDENT

DECLASSIFIED KISSINGER TRANSCRIPTS REVEAL
STRONG SUPPORT FOR PINOCHET FOLLOWING CHILEAN COUP

National Security Archive Electronic Briefing Book No. 110

February 3 , 2004

For further information Contact
Peter Kornbluh 202 994 7116
pkorn@gwu.edu

Find this story at 3 February 2004

Copyright 1995-2004

Many times I’ve mentioned the foreign-policy assessments of William R. Polk, at right, who first wrote for the Atlantic (about Iraq) during Dwight Eisenhower’s administration, back in 1958, and served on the State Department’s Policy Planning staff during the Kennedy years. He now has sent in a detailed analysis about Syria.

Polk wrote this just before President Obama switched from his go-it-alone policy and decided to seek Congressional approval for a Syrian strike. It remains relevant for the choices Congress, the public, and the president have to make. It is very long, but it is systematically laid out as a series of 13 questions, with answers. If you’re in a rush, you could skip ahead to question #7, on the history and use of chemical weapons. Or #6, about the under-publicized role of drought, crop failure, and climate change in Syria’s predicament. But please consider the whole thing when you have the time to sit down for a real immersion in Congress’s upcoming decision. It wouldn’t hurt if Senators and Representatives read it too.

By William Polk

Probably like you, I have spent many hours this last week trying to put together the scraps of information reported in the media on the horrible attack with chemical weapons on a suburb of Damascus on Wednesday, August 21. Despite the jump to conclusions by reporters, commentators and government officials, I find as of this writing that the events are still unclear. Worse, the bits and pieces we have been told are often out of context and usually have not been subjected either to verification or logical analysis. So I ask you to join me in thinking them through to try to get a complete picture on what has happened, is now happening and about to happen. I apologize for both the length of this analysis and its detail, but the issue is so important to all of us that it must be approached with care.

Because, as you will see, this is germane in examining the evidence, I should tell you that during my years as a member of the Policy Planning Council, I was “cleared” for all the information the US Government had on weapons of mass destruction, including poison gas, and for what was then called “Special Intelligence,” that is, telecommunications interception and code breaking.

[JF note: This is the list of questions around which the rest of the essay is structured.] I will try to put in context 1) what actually happened; 2) what has been reported; 3) who has told us what we think we know; 4) who are the possible culprits and what would be their motivations; 5) who are the insurgents? 6) what is the context in which the attack took place; 7) what are chemical weapons and who has used them; 8) what the law on the use of chemical weapons holds; 9) pro and con on attack; 10) the role of the UN; 11) what is likely to happen now; 12) what would be the probable consequences of an attack and (13) what could we possibly gain from an attack.

1: What Actually Happened

On Wednesday, August 21 canisters of gas opened in several suburbs of the Syrian capital Damascus and within a short time approximately a thousand people were dead. That is the only indisputable fact we know.

2: What Has Been Reported

Drawing primarily on Western government and Israeli sources, the media has reported that canisters of what is believed to be the lethal nerve gas Sarin were delivered by surface-to-surface rockets to a number of locations in territory disputed by the Syrian government and insurgents. The locations were first reported to be to the southwest, about 10 miles from the center of Damascus, and later reported also to be to the east of the city in other suburbs. The following Voice of America map shows the sites where bodies were found.

3: Who Told Us What We Think We Know

A UN inspection team that visited the site of the massacre on Monday, August 26, almost 5 days after the event.

Why was the inspection so late? As a spokesman for UN Secretary General Ban Ki-moon pointed out (Gareth Porter in IPS, August 27), the request to the Syrian government to authorize an inspection was not made until August 24 and was granted the next day. In any event, according to the spokesman, the delay was not of fundamental importance because “Sarin can be detected for up to months after its use.”

What was the American government position on inspection? Secretary of State John Kerry initially demanded that the Syrian government make access to the suspected site or sites possible. Then it charged that the Syrian government purposefully delayed permission so that such evidence as existed might be “corrupted” or destroyed. On the basis of this charge, he reversed his position and urged UN Secretary General Ban to stop the inquiry. According to The Wall Street Journal of August 26, Secretary Kerry told Mr. Ban that “the inspection mission was pointless and no longer safe…” To emphasize the American position, according to the same Wall Street Journal report,“Administration officials made clear Mr. Obama would make his decision based on the U.S. assessment and not the findings brought back by the U.N. inspectors.”

IPS’s Gareth Porter concluded after talks with chemical weapons experts and government officials that “The administration’s effort to discredit the investigation recalls the George W. Bush administration’s rejection of the position of U.N. inspectors in 2002 after they found no evidence of any weapons of mass destruction in Iraq and the administration’s refusal to give inspectors more time to fully rule out the existence of an active Iraqi WMD programme. In both cases, the administration had made up its mind to go to war and wanted no information that could contradict that policy to arise.” Is this a fair assessment?

Why was the first UN inspection so limited? The only publicly known reason is that it came under sniper fire while on the way to the first identified site. Who fired on it or for what reason are, as of this writing, unknown. The area was contested by one or more rebel groups and under only limited or sporadic control by the Syrian government. Indeed, as photographs published by The New York Times on August 29, show the UN inspectors in one area (Zamaka) guarded by armed men identified as “rebel fighters.” So the sniper could have been almost anyone.

How limited was the first phase of inspection? According to a report in The Guardian (Monday, August 26, 2013), the small team of UN Inspectors investigating the poison gas attack in Syria spent only an hour and a half at the site. So far, we have not been given any report by the UN team, but the doctor in charge of the local hospital was apparently surprised by how brief and limited was their investigation. According toThe Guardian reporter, he said,

“The committee did not visit any house in the district. We asked the committee to exhume the bodies for checking them. But they refused. They say that there was no need to do that.

‘We had prepared samples for the committee from some bodies and video documentation. There were urine and blood samples as well as clothes. But they refused to take them.

‘After an hour and a half, they got an order from the regime to leave ASAP. The security force told the committee if they did not leave now, they could not guarantee their security. They could not visit the main six sites where the chemical rockets had fallen and lots of people were killed.’ ”

Why did the investigators not do a more thorough job? The doctor at the site told the Guardian reporter that the Assad regime warned the investigators that they should leave because it could not guarantee their safety but the newspaper’s headline says that the Syrian government authorities ordered them out. Which is true? Is there another explanation? And why did the inspection team not have the means to retrieve parts of the delivery equipment, presumably rockets? Were they told by the UN or other authorities not to retrieve them or were they refused permission by the Syrian government? We simply do not know.

To say the least, the inspection was incomplete. The best that the State Department spokesman could say about such evidence as was gathered is that there is “’little doubt’ [Vice President Biden later raised the certainty from the same limited evidence to “no doubt”] that forces loyal to Mr. Assad were responsible for using the chemical weapons.” (“’Little Doubt’ Syria Gassed Opposition,” The Wall Street Journal,August 26, 2013).

Much was made of the belief that the gas had been delivered by rocket. However, as The New York Times correspondent Ben Hubbard reported (April 27, 2013) “”Near the attack sites, activists found spent rockets that appeared to have been homemade and suspected that they delivered the gas.” Would the regular army’s chemical warfare command have used “homemade” rockets? That report seemed to point to some faction within the opposition rather than to the government.

Several days into the crisis, we have been given a different source of information. This is from Israel. For many years, Israel is known to have directed a major communications effort against Syria. Its program, known as Unit 8200 is Mossad’s equivalent of NSA. It chose to share what it claimed was a key intercept with outsiders. First, a former officer told the German news magazine Focus (according to The Guardian,August 28, 2013) that Israel had intercepted a conversation between Syrian officers discussing the attack. The same Information was given to Israeli press (see “American Operation, Israeli Intelligence” in the August 27 Yediot Ahronoth,) It also shared this information with the American government. Three Israeli senior officers were reported to have been sent to Washington to brief NSC Director Susan Rice. What was said was picked up by some observers. Foreign Policy magazine reported (August 28, “Intercepted Calls Prove Syrian Army Used Nerve Gas, U.S. Spies Say”) that “in the hours after a horrific chemical attack east of Damascus, an official at the Syrian Minister of Defense exchanged what Israeli intelligence described as “panicked phone calls” with a leader of a chemical weapons unit, demanding answer for a nerve agent strike that killed more than 1,000 people.”

But, as more information emerged, doubts began to be expressed. As Matt Apuzzo reported (AP, August 29, “AP sources: Intelligence on weapons no ‘slam dunk.’”), according to a senior US intelligence official, the intercept “discussing the strike was among low level staff, with no direct evidence tying the attack to an Assad insider or even a senior commander.” Reminding his readers of the famous saying by the then head of the CIA, George Tenet, in 2002 that the intelligence against Saddam Husain was “slam dunk,” when in fact it was completely erroneous, the AP correspondent warned that the Syrian attack of last week “could be tied to al-Qaida-backed rebels later.”

Two things should be borne in mind on these reports: the first is that Israel has had a long-standing goal of the break-up or weakening of Syria which is the last remaining firmly anti-Israeli Arab state. (the rationale behind this policy was laid out by Edward Luttwak in the OpEd section of the August 24, 2013 New York Times). It also explains why Israel actively had sought “regime change” in Iraq. The second consideration is that Israeli intelligence has also been known to fabricate intercepts as, for example, it did during the 1967 Arab-Israeli war.

So, unless or until more conclusive evidence is available, the request by Mr. Ban (“U.N. seeks more time for its inspectors,”International Herald Tribune, August 29, 2013) for more time appears to be prudent. Despite what Messrs Biden and Kerry have said, I believe a court would conclude that the case against the Syrian government was “not proven.”

4: Who Are the Possible Culprits and What Would be Their Motivations?

Since such information as we have is sketchy and questionable, we should seek to understand motives. As a historian, dealing as one always does, with incomplete information, I have made it a rule when trying to get at the “truth” in any contentious issue to ask a series of questions among which are who benefits from a given action and what would I have done in a given situation? Look briefly at what we think we now know in light of these questions:

First, who gains by the action. I do not see what Assad could have gained from this gas attack. It is evident that while the area in which it took place is generally held to be “disputed” territory, the government was able to arrange for the UN inspection team to visit it but not, apparently, to guarantee their safety there. If Assad were to initiate an attack, it would be more logical for him to pick a target under the control of the rebels.

Second, to have taken the enormous risk of retaliation or at least loss of support by some of his allies (notably the Russians) by using this horrible weapon, he must have thought of it either as a last ditch stand or as a knockout blow to the insurgents. Neither appears to have been the case. Reports in recent weeks suggest that the Syrian government was making significant gains against the rebels. No observer has suggested that its forces were losing. All indications are that the government’s command and control system not only remains intact but that it still includes among its senior commanders and private soldiers a high proportion of Sunni Muslims. Were the regime in decline, it would presumably have purged those whose loyalties were becoming suspect (i.e. the Sunni Muslims) or they would have bolted for cover. Neither happened.

Moreover, if it decided to make such an attack, I should have thought that it would have aimed at storage facilities, communications links, arms depots or places where commanders congregated. The suburbs of Damascus offered none of these opportunities for a significant, much less a knockout, blow.

Third, as students of guerrilla warfare have learned guerrillas are dispersed but civilians are concentrated. So weapons of mass destruction are more likely to create hostility to the user than harm to the opponent. The chronology of the Syrian civil war shows that the government must be aware of this lesson as it has generally held back its regular troops (which were trained and armed to fight foreign invasion) and fought its opponents with relatively small paramilitary groups backed up by air bombardment. Thus, a review of the fighting over the last two years suggests that its military commanders would not have seen a massive gas attack either as a “game changer” or an option valuable enough to outweigh the likely costs.

So, what about the enemies of the Assad regime? How might such an attack have been to their advantage?

First, a terrorizing attack might have been thought advantageous because of the effect on people who are either supporting the regime or are passive. There are indications, for example, that large numbers of the pathetic Palestinian refugees are pouring out their camps in yet another “displacement.” The number of Syrian refugees is also increasing. Terror is a powerful weapon and historically and everywhere was often used. Whoever initiated the attack might have thought, like those who initiated the attack on Guernica, the bombing of Rotterdam and the Blitz of London, that the population would be so terrorized that they might give up or at least cower. Then as food shortages and disease spread, the economy would falter. Thus the regime might collapse.

That is speculative, but the second benefit to the rebels of an attack is precisely what has happened: given the propensity to believe everything evil about the Assad regime, daily emphasized by the foreign media, a consensus, at least in America, has been achieved is that it must have been complicit. This consensus should make it possible for outside powers to take action against the regime and join in giving the insurgents the money, arms and training.

We know that the conservative Arab states, the United States, other Western powers and perhaps Israel have given assistance to the rebels for the last two years, but the outside aid has not been on a scale sufficient to enable them to defeat the government. They would need much more and probably would also need foreign military intervention as happened in Libya in April 2011 to overthrow Muamar Qaddafi. The rebels must have pondered that situation. We know that foreign military planners have. (See “Military Intervention in Syria” Wikileaks reprinted on August 25, 2013, memorandum of a meeting in the Pentagon in 2011.) Chillingly, the just cited Wikileaks memorandum notes that the assembled military and intelligence officers “don’t believe air intervention would happen unless there was enough media attention on a massacre, like the Ghadafi [sic] move against Benghazi.” (See Time, March 17, 2011.) As in Libya, evidence of an ugly suppression of inhabitants might justify and lead to foreign military intervention.

Clearly, Assad had much to lose and his enemies had much to gain. That conclusion does not prove who did it, but it should give us pause to find conclusive evidence which we do not now have.

5: Who are the insurgents?

We know little about them, but what we do know is that they are divided into hundreds – some say as many as 1,200 — of small, largely independent, groups. And we know that the groups range across the spectrum from those who think of themselves as members of the dispersed, not-centrally-governed but ideologically-driven association we call al-Qaida, through a variety of more conservative Muslims, to gatherings of angry, frightened or dissatisfied young men who are out of work and hungry, to blackmarketeers who are trading in the tools of war, to what we have learned to call in Afghanistan and elsewhere “warlords.”

Each group marches to its own drumbeat and many are as much opposed to other insurgents as to the government; some are secular while others are jihadists; some are devout while others are opportunists; many are Syrians but several thousand are foreigners from all over the Middle East, Europe, Africa and Asia. Recognition of the range of motivations, loyalties and aims is what, allegedly, has caused President Obama to hold back overt lethal-weapons assistance although it did not stop him from having the CIA and contractors covertly arm and train insurgents in Jordan and other places.

The main rebel armed force is known as the Free Syrian Army. It was formed in the summer of 2011 by deserters from the regular army. Similar to other rebel armies (for example the “external” army of the Provisional Algerian Government in its campaign against the French and various “armies” that fought the Russians in Afghanistan) its commanders and logistical cadres are outside of Syria. Its influence over the actual combatants inside of Syria derives from its ability to allocate money and arms and shared objectives; it does not command them. So far as is known, the combatants are autonomous. Some of these groups have become successful guerrillas and have not only killed several thousand government soldiers and paramilitaries but have seized large parts of the country and disrupted activities or destroyed property in others.

In competition with the Free Syrian Army is an Islamicist group known as Jabhat an-Nusra (roughly “sources of aid”) which is considered to be a terrorist organization by the United States. It is much more active and violent than groups associated with the Free Syrian Army. It is determined to convert Syria totally into an Islamic state under Sharia law. Public statements attributed to some of its leaders threaten a blood bath of Alawis and Christians after it achieves the fall of the Assad regime. Unlike the Free Syrian Army it is a highly centralized force and its 5-10 thousand guerrillas have been able to engage in large-scale and coordinated operations.

Of uncertain and apparently shifting relations with Jabhat an-Nusra, are groups that seem to be increasing in size who think of themselves as members of al-Qaida. They seem to be playing an increasing role in the underground and vie for influence and power with the Muslim Brotherhood and the dozens of other opposition groups.

Illustrating the complexity of the line-up of rebel forces, Kurdish separatists are seeking to use the war to promote their desire either to unite with other Kurdish groups in Turkey and/or Iraq or to achieve a larger degree of autonomy. (See Harald Doornbos and Jenan Moussa, “The Civil War Within Syria’s Civil War,” Foreign Policy, August 28, 2013). They are struggling against both the other opposition groups and against the government, and they too would presumably welcome a collapse of the government that would lead to the division of the country into ethnic-religious mini-states.

It seems reasonable to imagine that at least some and perhaps all of these diverse groups must be looking for action (such as a dramatic strike against the regime) that would tip the scale of military capacity. Listening to the world media and to the intelligence agents who circulate among them, they must hope that an ugly and large-scale event caused by or identified with the government might accomplish what they have so far been unable to do.

6: What Is the Context in Which the Attack Took Place?

Syria is and has always been a complex society, composed of clusters of ancient colonies. Generally speaking, throughout history they have lived adjacent to one another rather than mixing in shared locations as the following map suggests.

[Syrian ethnic and/or religious communities. The large white area is little-inhabited desert. Courtesy of Wikipedia]

The population before the outbreak of the war was roughly (in rounded numbers) 6 in 10 were Sunni Muslim, 1 in 7 Christian, 1 in 8 Alawi (an ethnic off-shoot of Shia Islam), 1 in 10 Kurdish Muslim, smaller groups of Druze and Ismailis (both off-shoots of Shia Islam) and a scattering of others.

Syria has been convulsed by civil war since climate change came to Syria with a vengeance. Drought devastated the country from 2006 to 2011. Rainfall in most of the country fell below eight inches (20 cm) a year, the absolute minimum needed to sustain un-irrigated farming. Desperate for water, farmers began to tap aquifers with tens of thousands of new well. But, as they did, the water table quickly dropped to a level below which their pumps could lift it.

[USDA Foreign Agricultural Service, Commodity Intelligence Report, May 9, 2008]

In some areas, all agriculture ceased. In others crop failures reached 75%. And generally as much as 85% of livestock died of thirst or hunger. Hundreds of thousands of Syria’s farmers gave up, abandoned their farms and fled to the cities and towns in search of almost non-existent jobs and severely short food supplies. Outside observers including UN experts estimated that between 2 and 3 million of Syria’s 10 million rural inhabitants were reduced to “extreme poverty.”

The domestic Syrian refugees immediately found that they had to compete not only with one another for scarce food, water and jobs, but also with the already existing foreign refugee population. Syria already was a refuge for quarter of a million Palestinians and about a hundred thousand people who had fled the war and occupation of Iraq. Formerly prosperous farmers were lucky to get jobs as hawkers or street sweepers. And in the desperation of the times, hostilities erupted among groups that were competing just to survive.

Survival was the key issue. The senior UN Food and Agriculture Organization (FAO) representative in Syria turned to the USAID program for help. Terming the situation “a perfect storm,” in November 2008, he warned that Syria faced “social destruction.” He noted that the Syrian Minister of Agriculture had “stated publicly that [the] economic and social fallout from the drought was ‘beyond our capacity as a country to deal with.’” But, his appeal fell on deaf ears: the USAID director commented that “we question whether limited USG resources should be directed toward this appeal at this time.” (reported on November 26, 2008 in cable 08DAMASCUS847_a to Washington and “leaked” to Wikileaks )

Whether or not this was a wise decision, we now know that the Syrian government made the situation much worse by its next action. Lured by the high price of wheat on the world market, it sold its reserves. In 2006, according to the US Department of Agriculture, it sold 1,500,000 metric tons or twice as much as in the previous year. The next year it had little left to export; in 2008 and for the rest of the drought years it had to import enough wheat to keep its citizens alive.

So tens of thousands of frightened, angry, hungry and impoverished former farmers flooded constituted a “tinder” that was ready to catch fire. The spark was struck on March 15, 2011 when a relatively small group gathered in the town of Daraa to protest against government failure to help them. Instead of meeting with the protestors and at least hearing their complaints, the government cracked down on them as subversives. The Assads, who had ruled the country since 1971, were not known for political openness or popular sensitivity. And their action backfired. Riots broke out all over the country, As they did, the Assads attempted to quell them with military force. They failed to do so and, as outside help – money from the Gulf states and Muslim “freedom fighters” from the rest of the world – poured into the country, the government lost control over 30% of the country’s rural areas and perhaps half of its population. By the spring of 2013, according to the United Nations High Commission for Refugees (UNHCR), upwards of 100,000 people had been killed in the fighting, perhaps 2 million have lost their homes and upwards of 2 million have fled abroad. Additionally, vast amounts of infrastructure, virtually whole cities like Aleppo, have been destroyed.

Despite these tragic losses, the war is now thought to be stalemated: the government cannot be destroyed and the rebels cannot be defeated. The reasons are not only military: they are partly economic– there is little to which the rebels could return; partly political – the government has managed to retain the loyalty of a large part of the majority Muslim community which comprises the bulk of its army and civil service whereas the rebels, as I have mentioned, are fractured into many mutually hostile groups; and partly administrative — by and large the government’s structure has held together and functions satisfactorily whereas the rebels have no single government.

7: What are Chemical Weapons and Who Has Used Them?

When I was a member of the Policy Planning Council and was “cleared” for all information on weapons of mass destruction, I was given a detailed briefing at Fort Meade on the American poison gas program. I was so revolted by what I learned that I wrote President Kennedy a memorandum arguing that we must absolutely end the program and agree never to use it. Subsequently, the United States is said to have destroyed 90% of its chemical weapons.

My feelings aside, use of chemical weapons has been common. As the former head of the US Congress’s committee on foreign affairs and later president of the Woodrow Wilson Center, Lee Hamilton, told me, his experience was that when a weapon was available, the temptation to use it was almost irresistible. History bears him out. While most people were horror-stricken by the use of gas, governments continued to use it. In times of severe stress, it became acceptable. As Winston Churchill wrote, use “was simply a question of fashion changing as it does between long and short skirts for women.” Well, perhaps not quite, but having begun to use gas in the First World War, when about 100,000 people were killed by it, use continued.

After the war, the British, strongly urged by Churchill, then Colonial Secretary, used combinations of mustard gas, chlorine and other gases against tribesmen in Iraq in the 1920s. As he said, “I am strongly in favour of using poisoned gas against uncivilised tribes.” In the same spirit, the Spaniards used gas against the Moroccan Rif Berbers in the late 1920s; the Italians used it against Ethiopians in the 1930s; and the Japanese used it against the Chinese in the 1940s. Churchill again: during the Second World War, he wrote that if the Blitz threatened to work against England, he “may certainly have to ask you [his senior military staff] to support me in using poison gas. We could drench the cities of the Ruhr and many other cities in Germany…” More recently in 1962, I was told by the then chief of the CIA’s Middle Eastern covert action office, James Critichfield that the Egyptians had used lethal concentrations of tear gas in their campaign against royalist guerrillas in Yemen.

America used various chemical agents including white phosphorus in Vietnam (where it was known as “Willie Pete”) and in Fallujah (Iraq) in 2005. We encouraged or at least did not object to the use of chemical agents, although we later blamed him for so doing, by Saddam Husain. Just revealed documents show that the Reagan administration knew of the Iraqi use in the Iraq-Iran war of the same poison gas (Sarin) as was used a few days ago in Syria and Tabun (also a nerve gas). According to the US military attaché working with the Iraqi army at the time, the US government either turned a blind eye or approved its use (see the summary of the documents in Shane Harris and Matthew Aid, “Exclusive: CIA Files Prove America Helped Saddam as He Gassed Iran,” Foreign Policy, August 26, 2013) We were horrified when Saddam Husain used poison gas against the Kurdish villagers of Halabja in 1988 (killing perhaps 4-5 thousand people) but by that time we had dropped our support for the Iraqi government. Finally, Israel is believed to have used poison gas in Lebanon and certainly used white phosphorus in Gaza in 2008.

I cite this history not to justify the use of gas – I agree with Secretary Kerry that use of gas is a “moral obscenity” — but to show that its use is by no means uncommon. It is stockpiled by most states in huge quantities and is constantly being produced in special factories almost everywhere despite having been legally banned since the Geneva Protocol of June 17, 1925.

8: What Is Current Law on the Use of Chemical Weapons?

Use, production and storage of such weapons was again banned in the 1993 Chemical Weapons Convention (to which Syria it not a party). But nearly all the signatories to that convention reserved the right legally to use such weapons if the weapons had been used against them (i.e. no first strike). The Convention, unfortunately, contains no provision banning the use of weapons, as Saddam certainly did and as Assad is accused of doing, in civil war. My understanding of the current law, as set out in the 1993 Convention, is that the United States and the other NATO members are legally entitled to take military action only when we – not their citizens — are actually threatened by overt military attack with chemical weapons.

9: Pro and Con on Attack

Putting the legal issue aside, there is precedent. A part of the rationale for the 2003 U.S. attack on Iraq was the charge that it had or was developing weapons of mass destruction including poison gas which it planned to use against us. This was the essence of Secretary of State Collin Powell’s presentation to the United Nations Security Council on February 6, 2003.

Powell then realized that there was no evidence to back up his charge (and it was later shown to be false), but that did not stop or even delay the attack. The determination to attack had already been made, regardless of evidence. An attack was undoubtedly then generally approved by the American public and its elected representatives. They, and our NATO allies, concluded on the basis of what the second Bush administration told them that there was a threat and, therefore, that action was not only necessary for defense but also legal. It is the memory of this grave misleading of the public that haunts at least some government officials and elected representatives today.

Memory of the Iraqi deception and the subsequent disaster is apparently responsible for the Parliamentary rejection of British Prime Minister David Cameron’s announced plan to take military action against the Syrian government. “The vote was also a set back for Mr. Obama, who, having given up hope of getting United Nations Security Council authorization for the strike, is struggling to assemble a coalition of allies against Syria…

But administration officials made clear that eroding support would not deter Mr. Obama in deciding to go ahead with a strike.” (“Obama Set for Limited Strike on Syria as British Vote No,” The New York Times, August 29, 2013)

The New York Times editorial board essentially joined with the British Parliament in arguing that “Despite the pumped-up threats and quickening military preparations, President Obama has yet to make a convincing legal or strategic case for military action against Syria.” (Editorial of August 28, 2013)

“As he often so eloquently does, President Obama said on August 23, ‘…what I think the American people also expect me to do as president is to think through what we do from the perspective of, what is in our long-term national interests?…Sometimes what we’ve seen is that folks will call for immediate action, jumping into stuff, that does not turn out well, gets us mired in very difficult situations, can result in us being drawn into very expensive, difficult, costly interventions that actually breed more resentment in the region.’ ”

However, as I point out below, his actions, as unfortunately also is typical of him, do not seem to mesh with his words.

Meanwhile, at the United Nations, Secretary General Ban urged the European heads of state and President Obama to “Give peace a chance…give diplomacy a chance.”

There has been a steady outpouring of informed non-governmental opposition to an attack. Sir Andrew Green, the former British ambassador called it “poor foolishness…It beggars belief that we appear to be considering an armed attack on Syria with no clear purpose and no achievable objective.” (Blundering into war in Syria would be pure foolishness.” The English Conservative Party daily, Conservative Home, August 26, 2013). This was from a member of the Prime Minister’s Conservative party; the Labour opposition was even more opposed to the adventure.

The Russian government was outspoken in opposition. Many Western commentators regarded their opposition as a sort of echo of the Cold War, but the Russians were acutely aware of the danger that their own large (16% of their population) and growing Muslim population might be affected by the “forces of extremism in country after country in the Middle East by [the US] forcing or advocating a change in leadership – from Iraq to Libya, Egypt to Syria.” (Steven Lee Myers, “Putin stays quiet as his aides assail the West,”International Herald Tribune, August 29, 2013) As I have mentioned, President Obama believed that the Russians would veto the resolution the British had submitted to the Security Council before the English Parliament voted down the Prime Minister’s plan to intervene.

10): What is the role of the United Nations?

Perhaps the most important role of the United Nations has not been in the highly publicized meetings and decisions of the Security Council, but in its specialized agencies, particularly the Food and Agricultural Organization (FAO) in the attempt to mobilized food aid and the High Commission for Refugees (HCR) in attempting to ameliorate the conditions of the millions of people displaced by the fighting. They have had little to work with.

But it is the UN in its more peace seeking role that is now in the forefront. Weapons experts from the UN are conducting the investigation of the sites where the victims were killed. There has been, as I mentioned above, an effort to end their work after their initial visit, but the UN Secretary General insisted that they continue for at least two more days. The British, French and American governments have attempted also to limit the role of the UN to give them more latitude for whatever action they wish to take. Indeed, the US State Department spokesman was quoted as saying that whatever the inspectors reported would make no difference to the decisions of the Western powers. Of course, the Western powers are concerned that whatever might be laid before the UN Security Council might be vetoed by Russia and perhaps also by China.

11: What is Likely to Happen Now

[This section written just before the president’s surprise announcement that he would go to Congress.]

While President Obama has spoken of caution and taking time to form a coalition, the gossip around the White House (The Wall Street Journal,August 26 and later accounts cited above) suggests that he is moving toward a cruise missile strike to “deter and degrade” the Syrian government even if this has to be a unilateral action. (Paul Lewis and Spencer Ackerman, “White House forced to consider unilateral strikes against Assad after British PM unexpectedly loses key motion on intervention,” The Guardian, August 30, 2013) The US Navy has moved 5 cruise missile armed destroyers into the Mediterranean off the Syrian coast and “all indications suggest that a strike could occur soon after United nations investigators charged with scrutinizing the Aug. 21 attack leave the country. They are scheduled to depart Damascus on Saturday [August 31, 2013].” (Mark Lander et al, “Obama Set for Limited Strike on Syria as British Vote No,” The New York Times, August 29, 2013)

12: What Would Be the Probable Consequences of an Attack?

Retired Marine General Anthony Zinni, who was head of the Central Command when missiles were launched against Iraqi and Afghan targets warned (Ernesto Londoño and Ed O’Keefe, “imminent U.S. strike on Syria could draw nation into civil war,” The Washington Post, August 28, 2013) that “The one thing we should learn is that you can’t get a little bit pregnant.” Taking that first step would almost surely lead to other steps that in due course would put American troops on the ground in Syria as a similar process did in Vietnam, Iraq and Afghanistan. Stopping at the first step would be almost impossible as it was in those campaigns. As the former American ambassador to Syria commented “A couple of cruise missiles are not going to change their way of thinking.” And, Zinni put it in more pointed terms, “You’ll knee-jerk into the first option, blowing something up, without thinking through what this could lead to.”

Why is this? It is called “mission creep.” When a powerful government takes a step in any direction, the step is almost certain to have long-term consequences. But, it seldom that leaders consider the eventual consequences. What happens? Inevitably, having taken step “A,” it narrows its options. It is embarked upon one path and not another one. At that point, step “B” often seems the logical thing to do whereas some other, quite different sort of action on a different path, seems inappropriate in the context that step “A” has created. At the same time, in our highly visual age with the forces of television coming to bear, governments, particularly in societies where public opinion or representation exist, come under pressure to do something as President Obama said in the remarks I have just quoted. Where lobbies represent sectors of the economy and society with vested interests, the pressure to do something become immense. We have often seen this in American history. One political party stands ready to blame the other for failure to act. And fear of that blame is often persuasive. Thus, step “C” takes on a life of its own quite apart from what is suggested by a calm analysis of national interest, law or other considerations. And with increasing speed further steps are apt to become almost inevitable and even automatic. If you apply this model to Vietnam, Iraq and Afghanistan, you can see how modest first steps led to eventual massive involvement.

During this time, it is likely that the victims of the attacks or their allies would attempt to strike back. Many observers believe that the Syrian government would be prepared to “absorb” a modest level of attack that stopped after a short period. However, if the attacks were massive and continued, it might be impossible for that government or its close allies, the Iranian and Iraqi governments and the Hizbulllah partisans in Lebanon, to keep quiet. Thus, both American installations, of which there are scores within missile or aircraft range, might be hit. Israel also might be targeted and if it were, it would surely respond. So the consequences of a spreading, destabilizing war throughout the Middle East and perhaps into South Asia (where Pakistan is furious over American drone attacks) would be a clear and present danger.

Even if this scenario were not played out, it would be almost certain that affected groups or their allies would seek to carry the war back to America in the form of terrorist attacks.

13: So what could we possibly gain from an attack on Syria?

Even if he wanted to, could Assad meet our demands? He could, of course, abdicate, but this would probably not stop the war both because his likely successor would be someone in the inner circle of his regime and because the rebels form no cohesive group. The likely result would be something like what happened after the fall of the Taliban in Afghanistan, a vicious civil war among competing factions.

No one, of course, can know what would happen then. My hunch is that Syria, like Afghanistan, would be torn apart not only into large chunks such as the Kurds in the northeast but even neighborhood by neighborhood as in the Iraqi cities. Muslims would take revenge on Alawis and Christians who would be fighting for their lives. More millions would be driven out of their homes. Food would be desperately short, and disease probably rampant. If we are worried about a haven for terrorists or drug traffickers, Syria would be hard to beat. And if we are concerned about a sinkhole for American treasure, Syria would compete well with Iraq and Afghanistan. It would probably be difficult or even impossible to avoid “boots on the ground” there. So we are talking about casualties, wounded people, and perhaps wastage of another several trillion dollars which we don’t have to spend and which, if we had, we need to use in our own country for better heath, education, creation of jobs and rebuilding of our infrastructure.

Finally, if the missile attacks do succeed in “degrading” the Syrian government, it may read the signs as indicating that fighting the war is acceptable so long as chemical weapons are not employed. They may regard it as a sort of license to go ahead in this wasting war. Thus, the action will have accomplished little. Thus, as General Zinni points out, America will likely find itself saddled with another long-term, very expensive and perhaps unwinnable war. We need to remind ourselves what Afghanistan did – bankrupting the Soviet Union – and what Iraq cost us — about 4,500 American dead, over 100,000 wounded, many of whom will never recover, and perhaps $6 trillion.

Can we afford to repeat those mistakes?

By James Fallows

Find this story at 2 September 2013

Copyright © 2013 by The Atlantic Monthly Group.

For 67 years the US has pursued its own interests at the expense of global justice – no wonder people are sceptical now

US troops fire a white phosphorous mortar towards a Taliban position on 3 April 2009 in Helmand province, Afghanistan. Photograph: John Moore/Getty

You could almost pity these people. For 67 years successive US governments have resisted calls to reform the UN security council. They’ve defended a system which grants five nations a veto over world affairs, reducing all others to impotent spectators. They have abused the powers and trust with which they have been vested. They have collaborated with the other four permanent members (the UK, Russia, China and France) in a colonial carve-up, through which these nations can pursue their own corrupt interests at the expense of peace and global justice.

Eighty-three times the US has exercised its veto. On 42 of these occasions it has done so to prevent Israel’s treatment of the Palestinians being censured. On the last occasion, 130 nations supported the resolution but Barack Obama spiked it. Though veto powers have been used less often since the Soviet Union collapsed in 1991, the US has exercised them 14 times in the interim (in 13 cases to shield Israel), while Russia has used them nine times. Increasingly the permanent members have used the threat of a veto to prevent a resolution being discussed. They have bullied the rest of the world into silence.

Through this tyrannical dispensation – created at a time when other nations were either broken or voiceless – the great warmongers of the past 60 years remain responsible for global peace. The biggest weapons traders are tasked with global disarmament. Those who trample international law control the administration of justice.

But now, as the veto powers of two permanent members (Russia and China) obstruct its attempt to pour petrol on another Middle Eastern fire, the US suddenly decides that the system is illegitimate. Obama says: “If we end up using the UN security council not as a means of enforcing international norms and international law, but rather as a barrier … then I think people rightly are going to be pretty skeptical about the system.” Well, yes.

Never have Obama or his predecessors attempted a serious reform of this system. Never have they sought to replace a corrupt global oligarchy with a democratic body. Never do they lament this injustice – until they object to the outcome. The same goes for every aspect of global governance.

Obama warned last week that Syria’s use of poisoned gas “threatens to unravel the international norm against chemical weapons embraced by 189 nations”. Unravelling the international norm is the US president’s job.

In 1997 the US agreed to decommission the 31,000 tonnes of sarin, VX, mustard gas and other agents it possessed within 10 years. In 2007 it requested the maximum extension of the deadline permitted by the Chemical Weapons Convention – five years. Again it failed to keep its promise, and in 2012 it claimed they would be gone by 2021. Russia yesterday urged Syria to place its chemical weapons under international control. Perhaps it should press the US to do the same.

In 1998 the Clinton administration pushed a law through Congress which forbade international weapons inspectors from taking samples of chemicals in the US and allowed the president to refuse unannounced inspections. In 2002 the Bush government forced the sacking of José Maurício Bustani, the director general of the Organisation for the Prohibition of Chemical Weapons. He had committed two unforgiveable crimes: seeking a rigorous inspection of US facilities; and pressing Saddam Hussein to sign the Chemical Weapons Convention, to help prevent the war George Bush was itching to wage.

The US used millions of gallons of chemical weapons in Vietnam, Laos and Cambodia. It also used them during its destruction of Falluja in 2004, then lied about it. The Reagan government helped Saddam Hussein to wage war with Iran in the 1980s while aware that he was using nerve and mustard gas. (The Bush administration then cited this deployment as an excuse to attack Iraq, 15 years later).

Smallpox has been eliminated from the human population, but two nations – the US and Russia – insist on keeping the pathogen in cold storage. They claim their purpose is to develop defences against possible biological weapons attack, but most experts in the field consider this to be nonsense. While raising concerns about each other’s possession of the disease, they have worked together to bludgeon the other members of the World Health Organisation, which have pressed them to destroy their stocks.

In 2001 the New York Times reported that, without either Congressional oversight or a declaration to the Biological Weapons Convention, “the Pentagon has built a germ factory that could make enough lethal microbes to wipe out entire cities”. The Pentagon claimed the purpose was defensive but, developed in contravention of international law, it didn’t look good. The Bush government also sought to destroy the Biological Weapons Convention as an effective instrument by scuttling negotiations over the verification protocol required to make it work.

Looming over all this is the great unmentionable: the cover the US provides for Israel’s weapons of mass destruction. It’s not just that Israel – which refuses to ratify the Chemical Weapons Convention – has used white phosphorus as a weapon in Gaza (when deployed against people, phosphorus meets the convention’s definition of “any chemical which through its chemical action on life processes can cause death, temporary incapacitation or permanent harm”).

It’s also that, as the Washington Post points out: “Syria’s chemical weapons stockpile results from a never-acknowledged gentleman’s agreement in the Middle East that as long as Israel had nuclear weapons, Syria’s pursuit of chemical weapons would not attract much public acknowledgement or criticism.” Israel has developed its nuclear arsenal in defiance of the non-proliferation treaty, and the US supports it in defiance of its own law, which forbids the disbursement of aid to a country with unauthorised weapons of mass destruction.

As for the norms of international law, let’s remind ourselves where the US stands. It remains outside the jurisdiction of the International Criminal Court, after declaring its citizens immune from prosecution. The crime of aggression it committed in Iraq – defined by the Nuremberg tribunal as “the supreme international crime” – goes not just unpunished but also unmentioned by anyone in government. The same applies to most of the subsidiary war crimes US troops committed during the invasion and occupation. Guantánamo Bay raises a finger to any notions of justice between nations.

None of this is to exonerate Bashar al-Assad’s government – or its opponents – of a long series of hideous crimes, including the use of chemical weapons. Nor is it to suggest that there is an easy answer to the horrors in Syria.

But Obama’s failure to be honest about his nation’s record of destroying international norms and undermining international law, his myth-making about the role of the US in world affairs, and his one-sided interventions in the Middle East, all render the crisis in Syria even harder to resolve. Until there is some candour about past crimes and current injustices, until there is an effort to address the inequalities over which the US presides, everything it attempts – even if it doesn’t involve guns and bombs – will stoke the cynicism and anger the president says he wants to quench.

During his first inauguration speech Barack Obama promised to “set aside childish things”. We all knew what he meant. He hasn’t done it.

George Monbiot
The Guardian, Monday 9 September 2013 20.30 BST

Find this story at 9 September 2013
© 2013 Guardian News and Media Limited or its affiliated companies.

When U.S. ambassador J. Christopher Stevens was killed in a flash of hatred in Benghazi, Libya, on September 11, 2012, the political finger-pointing began. But few knew exactly what had happened that night. With the ticktock narrative of the desperate fight to save Stevens, Fred Burton and Samuel M. Katz provide answers.
By Fred Burton and Samuel M. Katz

THE INFERNO The U.S. Special Mission in Benghazi, Libya, in flames, on September 11, 2012. The attackers seemed to have detailed knowledge of the mission’s layout and even to know there were jerry cans full of gasoline near the compound’s western wall, which they would use to fuel the fire.

Adapted from Under Fire: The Untold Story of the Attack in Benghazi, by Fred Burton and Samuel M. Katz, to be published in September by St. Martin’s Press; © 2013 by the authors.

After the fall of Colonel Qaddafi, in 2011, Libya had become an al-Qaeda-inspired, if not al-Qaeda-led, training base and battleground. In the northeastern city of Benghazi, Libya’s second-largest city, men in blazers and dark glasses wandered about the narrow streets of the Medina, the old quarter, with briefcases full of cash and Browning Hi-Power 9-mm. semi-automatics—the classic killing tool of the European spy. Rent-a-guns, militiamen with AK-47s and no qualms about killing, stood outside the cafés and restaurants where men with cash and those with missiles exchanged business terms.

It was a le Carré urban landscape where loyalties changed sides with every sunset; there were murders, betrayals, and triple-crossing profits to be made in the post-revolution. The police were only as honest as their next bribe. Most governments were eager to abandon the danger and intrigue of Benghazi. By September 2012 much of the international community had pulled chocks and left. Following the kidnapping in Benghazi of seven members of its Red Crescent relief agency, even Iran, one of the leading state sponsors of global terror, had escaped the city.

But Libya was a target-rich environment for American political, economic, and military interests, and the United States was determined to retain its diplomatic and intelligence presence in the country—including an embassy in Tripoli and a mission in Benghazi, which was a linchpin of American concerns and opportunities in the summer of the Arab Spring. Tunisia had been swept by revolution, and so had Egypt. “The United States was typically optimistic in its hope for Libya,” an insider with boots on the ground commented, smiling. “The hope was that all would work out even though the reality of an Islamic force in the strong revolutionary winds hinted otherwise.”

The United States no longer had the resources or the national will to commit massive military manpower to its outposts in remnants of what was once defined as the New World Order. This wasn’t a political question, but a statement of reality. The fight against terrorism and Islamic fundamentalism was a brand of warfare that would not be fought with brigades and Bradley armored fighting vehicles. The footprint of the United States in this unsettled country and its ever important but dangerous second city would have to be small and agile.

In 1984, Secretary of State George P. Shultz ordered the convening of an Advisory Panel on Overseas Security to respond to critical threats to American diplomats and diplomatic facilities encountered around the world. The panel was chaired by retired admiral Bobby Ray Inman, a former deputy director of the Central Intelligence Agency. One of the primary findings of what would become known as the Inman Report was the need for an expanded security force to protect American diplomatic posts overseas, and on August 27, 1986, a new State Department security force and law-enforcement agency, the Diplomatic Security Service, an arm of the Bureau of Diplomatic Security (DS), was formed. Another important result from the report was a focus on physical-security enhancements for embassies and consulates. These force-protection specifications, unique in the world of diplomatic security, included blast-proofing innovations in architecture to mitigate the devastating yield of an explosion or other methods of attack, including rocket and grenade fire. These new embassies, known as Inman buildings, incorporated anti-ram walls and fences, gates, vehicle barriers, ballistic window film, and coordinated local guard forces to create impregnable fortresses that could withstand massive explosions and coordinated attempts to breach an embassy’s defenses.

For over a decade following the 9/11 attacks, DS managed to contain the fundamentalist fervor intent on inflicting catastrophic damage on America’s diplomatic interests around the world—especially in the Middle East. But the wave of civilian unrest that swept through the Arab world in the Arab Spring took the region—and the United States—by surprise. Governments that had been traditional allies of the United States and that had sent police officers to anti-terrorism-assistance training were overthrown in instantaneous and unexpected popular revolutions. Traditionally reliable pro-American regimes were replaced with new governments—some Islamic-centered.

In Libya, Qaddafi’s intelligence services had prevented al-Qaeda operatives from establishing nodes inside the country, as well as providing information on known cells and operatives plotting attacks in North Africa. With the dictator’s death, the years of secret-police rule came to an end.

J. Christopher Stevens was the foreign-service officer who made sure that American diplomacy in Libya flourished. Chris, as he was called, was a true Arabist; he was known to sign his name on personal e-mails as “Krees” to mimic the way Arabs pronounced his name. Born in Grass Valley, California, in 1960, Chris had developed a passionate love for the Arab world while working for the Peace Corps in Morocco in the mid-1980s. Virtually all of his posts were in the Middle East and in locations that can be best described as dicey. It would be North Africa, however, where Chris Stevens would excel as a diplomat and as a reliable face of American reach. When the United States re-emerged as a political player in Libya, he jumped at the opportunity to work in this new arena for American diplomacy.

Stevens was a greatly admired diplomat, respected by men and women on both sides of the political divide. Personable and self-effacing, he was described, in absolutely complimentary terms, as a “relic,” a practitioner of diplomacy from days past. He achieved agreements and cooperation through interpersonal relationships; he was known to have achieved more over cups of rocket-fuel coffee in a market gathering spot than could ever have been achieved in reams of paperwork or gigabytes’ worth of e-mails.

In April 2011, Chris had been dispatched to Benghazi as a special envoy by then secretary of state Hillary Rodham Clinton. On this, his second tour to the country, he would be America’s man on the ground in the Arab Spring conflict to oust Qaddafi. Establishing a rapport with the many militias that were battling Qaddafi loyalists required a deft hand and a talent for breaking bread with men in camouflage fatigues who talked about long-standing relationships while walkie-talkies stood on the table next to their plates of hummus and AK-47s were nestled by their feet.

When the civil war was over and Qaddafi’s humiliating end completed, Chris was an obvious choice to become ambassador, President Barack Obama’s personal representative to the new Libya. Stevens was based in the U.S. Embassy in Tripoli, which had recently been reopened as the country emerged from the chaos, fury, and joyous hope of the Arab Spring.

But Tripoli wasn’t the sole U.S. diplomatic outpost in Libya. The U.S. Special Mission in Benghazi, an ad hoc consulate not meeting all of the Inman security requirements, had been hastily set up amid the fluid realities of the Libyan civil war. “Expeditionary Diplomacy” dictated that DS do the best it could without the protections afforded official consulates.

On the 11th anniversary of the 9/11 terrorist attacks, five DS agents found themselves together in Benghazi protecting the Special Mission Compound and Ambassador Chris Stevens, who planned to be in the city for a week. They were known, as coined so aptly in the field office, as “hump agents.” Inexperienced yet willing to do what they were told and to work the worst shifts, they were the nuts and bolts of the protection backbone. The five men in Benghazi were a mixed bag of over-achievers: former street cops, U.S. Marines, a U.S. Army Iraq-war veteran, and academics. All had under 10 years on the job; some had less than 5.

They will be identified as R., the temporary-duty regional security officer (RSO) who was the senior man among the group; he was on a long-term posting in Libya, borrowed from the RSO’s office in Tripoli. A. and B. were junior agents assigned temporary duty in Benghazi. C. and D. were young agents who constituted Ambassador Stevens’s ad hoc protective detail, and who had flown with him from Tripoli.

In the post-9/11 world, DS men and women on the job no longer learned by being hump agents in a field office and flying from one city to another inside the United States to help out protecting the Dalai Lama on a Monday and a NATO foreign minister taking his family to Disneyland on a Friday. The new DS sent its newest agents into the eye of the storm, in Afghanistan and Kurdistan, where they could learn under fire. Like those locales, Benghazi was an assignment where there were no wrong and right decisions—only issues of reaction and survival. It was an assignment that would require each man to utilize the resourcefulness and think-on-your-feet instincts that DS was so good in fostering in its young agents.

Although trained for every worst-case scenario imaginable, no agent ever expects it to happen, but each knows that when things start to go bad they go bad very quickly. In truth, time stands still for those engaged in the fight, and how quickly things go south is known only to those who have been there and done that. Who lives and dies depends a great deal on training, teamwork, and fate.
2102 Hours: Benghazi, Libya

T
he Libyan security guard at the compound’s main gate, Charlie-1, sat inside his booth happily earning his 40 Libyan dinars ($32 U.S.) for the shift. It wasn’t great money, clearly not as much as could be made in the gun markets catering to the Egyptians and Malians hoping to start a revolution with coins in their pockets, but it was a salary and it was a good job in a city where unemployment was plague-like. The guards working for the Special Mission Compound tried to stay alert throughout the night, but it was easier said than done. To stay awake, some chain-smoked the cheap cigarettes from China that made their way to North Africa via Ghana, Benin, and Togo. The nicotine helped, but it was still easy to doze off inside their booths and posts. Sleeping on duty was risky. The DS agents routinely made spot checks on the guard force in the middle of the night. These unarmed Libyan guards were the compound’s first line of defense—the trip wire.

All appeared quiet and safe. The feeling of security was enhanced at 2102 hours when an SSC (Supreme Security Council—a coalition of individual and divergently minded Libyan militias) patrol vehicle arrived. The tan Toyota Hilux pickup, with an extended cargo hold, decorated in the colors and emblem of the SSC, pulled off to the side of the road in front of Charlie-1. The driver shut off the engine. He wasn’t alone—the darkened silhouette of another man was seen to his right. The pickup sported twin Soviet-produced 23-mm. anti-aircraft guns—the twin-barreled cannons were lethal against Mach 2.0 fighter aircraft and devastating beyond belief against buildings, vehicles, and humans. The two men inside didn’t come out to engage in the usual small talk or to bum some cigarettes from the guards or even to rob them. The Libyan guards, after all, were not armed.

Suddenly the SSC militiaman behind the steering wheel fired up his engine and headed west, the vehicle crunching the gravel with the weight of its tires.

Later, following the attack, according to the (unclassified) Accountability Review Board report, an SSC official said that “he ordered the removal of the car ‘to prevent civilian casualties.’ ” This hints that the SSC knew an attack was imminent; that it did not warn the security assets in the Special Mission Compound implies that it and elements of the new Libyan government were complicit in the events that transpired.

It was 2142 hours.

The attack was announced with a rifle-butt knock on the guard-booth glass.

“Iftah el bawwaba, ya sharmout,” the gunman ordered, with his AK-47 pointed straight at the forehead of the Libyan guard at Charlie-1. “Open the gate, you fucker!” The guard, working a thankless job that was clearly not worth losing his life over, acquiesced. Once the gate was unhinged from its locking mechanism, armed men appeared out of nowhere. The silence of the night was shattered by the thumping cadence of shoes and leather sandals and the clanking sound of slung AK-47s and RPG-7s banging against the men’s backs.

Once inside, they raced across the compound to open Bravo-1, the northeastern gate, to enable others to stream in. When Bravo-1 was open, four vehicles screeched in front of the Special Mission Compound and unloaded over a dozen fighters. Some of the vehicles were Mitsubishi Pajeros—fast, rugged, and ever so reliable, even when shot at. They were a warlord’s dream mode of transportation, the favorite of Benghazi’s criminal underworld and militia commanders. The Pajeros that pulled up to the target were completely anonymous—there were no license plates or any other identifying emblems adorning them, and they were nearly invisible in the darkness, especially when the attackers disabled the light in front of Bravo-1.

Other vehicles were Toyota and Nissan pickups, each armed with single- and even quad-barreled 12.7-mm. and 14.5-mm. heavy machine guns. They took up strategic firing positions on the east and west portions of the road to fend off any unwelcome interference.

Each vehicle reportedly flew the black flag of the jihad.

Some of the attackers removed mobile phones from their pockets and ammunition pouches and began to videotape and photograph the choreography of the assault. One of the leaders, motioning his men forward with his AK-47, stopped to chide his fighters. “We have no time for that now,” he ordered, careful not to speak in anything louder than a coarse whisper. “There’ll be time for that later.” (Editor’s note: Dialogue and radio transmissions were re-created by the authors based on their understanding of events.)

Information Management Officer (IMO) Sean Smith was in his room at the residence, interfacing with members of his gaming community, when Charlie-1 was breached. The married father of two children, Smith was the man who had been selected to assist Ambassador Stevens in Benghazi with communications. An always smiling 34-year-old U.S. Air Force veteran and computer buff, he was ideally suited for the sensitive task of communicator. Earlier in the day, Smith had ended a message to the director of his online-gaming guild with the words “Assuming we don’t die tonight. We saw one of our ‘police’ that guard the compound taking pictures.” He was online when the enemy was at the gate, chatting with his guild-mates. Then suddenly he typed “Fuck” and “Gunfire.” The connection ended abruptly.

One of the gunmen had removed his AK-47 assault rifle from his shoulder and raised the weapon into the air to fire a round. Another had tossed a grenade. The Special Mission Compound was officially under attack.

R. sounded the duck-and-cover alarm the moment he realized, by looking at the camera monitors, that the post had been compromised by hostile forces. Just to reinforce the severity of the situation, he yelled “Attack, attack, attack!” into the P.A. system. From his command post, R. had an almost complete view of the compound thanks to a bank of surveillance cameras discreetly placed throughout, and the panorama these painted for him is what in the business they call an “oh shit” moment. He could see men swarming inside the main gate, and he noticed the Libyan guards and some of the February 17 Martyrs Brigade (a local Benghazi militia hired to protect the mission) running away as fast as they could. R. immediately alerted the embassy in Tripoli and the Quick Reaction Force (QRF) housed in the Annex, a covert C.I.A. outpost about a mile from the mission. The QRF was supposed to respond to any worst-case scenarios in Benghazi with at least three armed members. R.’s message was short and to the point: “Benghazi under fire, terrorist attack.”
Night of Terror

A
. was the agent on duty that night who, according to the Special Mission Compound’s emergency protocols, would be responsible for safeguarding Stevens and Smith in case of an attack. A. rushed into the residence to relieve, or “push,” D., who ran back to the barracks to retrieve his tactical kit, through the access point in the alleyway connecting the two compounds. D. was wearing a white T-shirt and his underwear when the alarm sounded. The terrorists had achieved absolute surprise.

The DS agents ran like sprinters toward their stowed weapons and equipment. Their hearts rushed up their chests, to the back of their throats; their mouths dried up in the surge of adrenaline. The agents attempted to draw on their training and keep their minds focused and fluid as they hoped to avoid an encounter when outnumbered and outgunned. The sounds of guttural Arabic voices, which sounded like angry mumbling to the Americans, grew, and the odd vicious shot was fired into the September sky. The bitter smell of cordite, like a stagnant cloud left behind following a Fourth of July fireworks display, hung in the air. Numerous figures, their silhouettes barely discernible in the shadows, chased the agents from behind, chanting unintelligibly and angrily.

The agents got ready to engage, but hoped that they wouldn’t have to yet. It was too early in the furious chaos to make a last stand. Each agent asked himself the basic questions: How many gunmen were inside the perimeter? What weapons did they have?

But one thing was absolutely certain in the minds of each and every one of the agents in those early and crucially decisive moments: that the U.S. ambassador, the personal representative of President Barack Obama, was the ultimate target of the attack. They knew that they had to secure him and get him out of the kill zone.

A. ran up the landing to round up Ambassador Stevens and Smith and to rush them to the safe haven inside the residence. “Follow me, sir,” A. said in a calming though urgent tone. “We are under attack.”

There was no time to get dressed or to grab personal items, such as a wallet or cell phone; there was no time to power down laptops or even to take them. A. insisted, however, that both Stevens and Smith don the khaki Kevlar body-armor vests that had been pre-positioned in their rooms. It was critical that the three men make it to the safe haven and lock the doors before the attackers knew where they were. A., following the room-clearing tactics he had been taught in his training, carefully turned each corner, his assault rifle poised to engage any threat. He also had a shotgun slung over his shoulder just in case; the shotgun is a no-nonsense tool of ballistic reliability that was an ideal weapon to engage overwhelming crowds of attackers. A.’s service-issue SIG Sauer handgun was holstered on his hip.

A. heard voices shouting outside the walls; these were interrupted only by the sporadic volleys of automatic gunfire. The lights in the residence were extinguished. The gunfire alerted both Stevens and Smith to the immediacy of the emergency, but negotiating the dark path to the safe haven was made more difficult by the restrictive hug of the heavy vests. Every few feet A. would make sure that the two were following close behind him.

When the three reached the safe haven, the mesh steel door was shut behind them and locked. A. took aim with his rifle through the wrought-iron grate over the window. The door, as well as the window, was supposed to be opened only when the cavalry arrived. When that would happen was anyone’s guess.

Ambassador Stevens requested A.’s BlackBerry to make calls to nearby consulates and to the embassy in Tripoli. He spoke in hushed tones so as not to compromise their position to anyone outside. His first call was to his deputy chief of mission, Gregory Hicks, who was in Tripoli at the U.S. Embassy. Soon after, Hicks discovered a missed call on his phone from an unfamiliar number. He returned the call and reached Stevens, who told him of the attack.

Stevens also called local militia and public-security commanders in Benghazi, pleading for help. He had developed a close and affectionate rapport with many of the most powerful men in the city—both the legitimate and the ruthless. For an unknown reason, Stevens didn’t call the Libya Shield Force, a group of relatively moderate fighting brigades that was, perhaps, the closest armed force in the country to a conventional military organization. The Shield of Libya did have an Islamist-leaning ideology, but it wasn’t jihadist. It answered to the Libyan Defense Ministry, and was under the command of Wisam bin Ahmid; Ahmid led a well-equipped and disciplined force in Benghazi called the Free Libya Martyrs. The Free Libya Martyrs fielded ample assets in the city. Reportedly, Wisam bin Ahmid could have responded, but he was never asked.

Perhaps Stevens feared that members of the militia were participating in the attack.

According to a press account, the Libya Shield Force militia had figured in a cable dispatched to the State Department earlier in the day by the ambassador. In the communication, there was mention of how Muhammad al-Gharabi and Wisam bin Ahmid might not continue to guarantee security in Benghazi, “a critical function they asserted they were currently providing,” because the United States was supporting Mahmoud Jibril, a candidate for the office of prime minister. The cable discussed the city of Derna and linked it to an outfit called the Abu-Salim Brigade, which advocated a harsh version of Islamic law.

The list of whom Ambassador Stevens phoned that night remains protected, but it is believed to have included militia commanders who were quite proud to parade the president of the United States’ personal representative in front of their ragtag armies, but did not feel it wise or worthy to commit these forces for the rescue of a true friend.

C. had initially rushed back to the Tactical Operations Center (TOC), but then redirected back to the agents’ quarters to grab his gear and back up D. It was procedure—and tactical prudence—for the remaining agents at the compound to work in teams of two. B. and R. were inside the TOC, locked down behind secured fire doors. The TOC was the security nerve center of the facility. Situated south of the residence, it was a small structure of gray cement with little windows sealed by iron bars. Perhaps the most fortified spot on the compound, it was just barely large enough for two or three individuals, as it was filled with communications, video-surveillance, and other emergency gear.

C. and D. rushed out of the barracks, weapons in hand, hoping to reach the residence on the western side of the compound, but the two young agents found themselves seeking cover. Moving slowly, and peering around corners, the two tried to cross the alleyway that separated the two halves of the Special Mission Compound, but they feared the connecting path would turn into an exposed killing zone. There were just too many gunmen racing about and screaming to one another in Arabic. The DS agents realized that they were cut off, so they made their way back to the barracks. Some of the attackers carried R.P.G.’s slung over their shoulder, and the DS agents knew that they were facing superior firepower. C. radioed the TOC of their predicament and waited for the chance to attempt a breakout.

Bad as the situation was, R., the TOC regional-security officer, had things in hand. Like an air-traffic controller, he knew that the stakes were high and that mistakes could lead to disaster. Ambassador Stevens was hunkered down, and so were the agents. Everyone just needed to hold tight until the cavalry arrived—the C.I.A.’s Global Response Staff and the QRF. The TOC had visual surveillance of the “tangos,” slang for terrorists, and could update the agents.

With pinpoint Military Operations on Urban Terrain tradecraft, the terrorists assaulted the February 17 Martyrs Brigade command post, at the western tip of the northern perimeter, by lobbing a grenade inside and then, before the smoke and debris cleared, firing dedicated bursts of AK-47 fire into the main doorway. A number of February 17 Martyrs Brigade militiamen, along with one or two Libyan guards, were seriously wounded in the exchange, though they still managed to use an escape ladder to climb up to the rooftop, where they hid. The command-post floor was awash in blood.

As they watched the attack on the mission unfold in real time on the video monitors, R. and B. attempted to count the men racing through both the Bravo-1 and Charlie-1 gates. However, the attackers had flowed through the northern part of the grounds so quickly and in such alarming numbers that R. and B. could not ascertain their numbers or armaments. It was only later, by reviewing the attack via the high-resolution DVR system, that the DS discovered there were 35 men systematically attacking the Special Mission Compound.

They were not members of a ragtag force. Split into small groups, which advanced throughout the compound methodically, they employed military-style hand signals to direct their progression toward their objectives. Some were dressed in civil-war chic—camouflage outfits, black balaclavas. Some wore “wifebeater” white undershirts and khaki military trousers. A few wore Inter Milan soccer jerseys—Italian soccer is popular in Libya. Some of those who barked the orders wore mountaintop jihad outfits of the kind worn by Taliban warriors in Afghanistan. Virtually all of the attackers had grown their beards full and long. According to later reports and shadowy figures on the ground in Benghazi—organizers and commanders from nearby and far away—foreigners had mixed in with the local contingent of usual suspects. Many were believed to have come from Derna, on the Mediterranean coast between Benghazi and Tobruk. Derna had been the traditional hub of jihadist Islamic endeavors inside Libya and beyond.

It was clear that whoever the men who assaulted the compound were, they had been given precise orders and impeccable intelligence. They seemed to know when, where, and how to get from the access points to the ambassador’s residence and how to cut off the DS agents as well as the local guard force and the February 17 Martyrs Brigade militiamen on duty that night. As is standard procedure, in the days leading up to the arrival of the ambassador, the regional security officer and his team had made a series of official requests to the Libyan government for additional security support for the mission. It appears that the attackers either intercepted these requests or were tipped off by corrupt Libyan officials. According to one European security official who had worked in Benghazi, “The moment notifications and requests went out to the Libyan Transitional National Council and the militias in advance of Stevens’s arrival, it was basically like broadcasting the ambassador’s itinerary at Friday prayers for all to hear.”

The attackers had seemed to know that there were new, uninstalled generators behind the February 17 Martyrs Brigade command post, nestled between the building and the overhang of foliage from the western wall, as well as half a dozen jerry cans full of gasoline to power them. One of the commanders dispatched several of his men to retrieve the plastic fuel containers and bring them to the main courtyard. A gunman opened one of the cans and began to splash the gasoline on the blood-soaked floor of the February 17 command post. The man with the jerry can took great pains to pour the harsh-smelling fuel into every corner of the building before setting fire to one of the DS notices and igniting an inferno.
In the Line of Fire

A
. watched from between the metal bars inside the safe haven as a fiery clap was followed by bright-yellow flames that engulfed the command post. He updated the TOC with what he could see and, more ominously, what he could smell.

“A. here. I see flames and smoke.”

“Roger that, me too,” said R., in the TOC.

R. keyed the microphone again and said, “Backup en route.”

And then there was silence.

Silence on the radio means one of two things: either all is good or things are very bad. There are no in-betweens.

Thick plumes of acrid gray and black smoke billowed upward to cloud the clear night sky. The Special Mission Compound was painted in an eerie orange glow. For added fury, some of the gunmen broke the windshields of several of the February 17 Martyrs Brigade vehicles parked near their command post and doused the interior of the vehicles with gasoline. A lit cigarette, smoked almost to the filter, was tossed in to ignite another blaze.

The men carrying the fuel-filled jerry cans moved slowly as they struggled to slice a path to the ambassador’s villa. The 20 liters of fuel contained in each plastic jerry can weighed about 40 pounds, and the gunmen found them difficult to manage, with the fuel sloshing around and spilling on their boots and sandals. The men in charge barked insults and orders to the jerry-can-carrying crews, but intimidation was pointless.

The survival equation at the Special Mission Compound was growing dim. R. summoned C. and D. over the radio:

“Guys, TOC here. Several tangos outside your door. Stay put. Do not move.”

“Copy,” replied one of the agents.

“Backup on the way.”

In the background, the TOC agent could hear the sound of the angry mob in the hallways, over the agent’s keyed microphone. R. communicated his situation to the C.I.A. Annex, the RSO in Tripoli, and the Diplomatic Security Command Center, in Virginia, via his cell phone. Well over a dozen terrorists were trying to break through the cantina at the residence. C. and D. had shut the main door and moved the refrigerator from inside the kitchen and barricaded the door with it. They hunkered down low, with their assault rifles in hand, prepared for the breach and the ballistic showdown. They were trapped. So, too, were R. and B., in the TOC.

A. leaned upward, glancing out through the murky transparency of his window, peering across the bars at the violence before him. He watched as the fuel bearers inched their way forward toward the residence, and he limbered up the fingers of his shooter’s hand as he laid a line of sight onto the targets closing the distance to the villa. He controlled his breathing in preparation to take that first shot. He found himself relying on his instincts, his experience, and, above all, his training. The purpose of the training that DS agents receive—the extensive tactical and evasive-driving skills that are hammered into each and every new member—is to show them how to buy time and space with dynamic skill and pragmatic thought. The DS trains its agents to analyze threats with their minds and gut instincts and not with their trigger fingers.

In that darkened bunker of the villa’s safe haven, A. faced a life-changing or life-ending decision that few of even the most experienced DS agents have ever had to make: play Rambo and shoot it out or remain unseen and buy time? Buying time takes brains—and, according to a DS agent with a plethora of experiences in counterterrorist investigations, “we hire people for their brains.” But A. found himself in the unforgiving position of being damned if he did and damned if he didn’t. As retired DS agent Scot Folensbee reflected, “When you are faced with immediate life-and-death decisions, you know that ultimately, if you survive, you will be second-guessed and criticized. So, the only thing to do is realize that in these cases of ‘Should I shoot or not shoot,’ you as the agent are the one making the decision and you the agent will have to live with that decision. There wasn’t a right decision here, and there wasn’t a wrong one, either.” As A. scanned the horizon, taking aim at which of the attackers he would have to shoot first, he understood that he would either be congratulated or criticized; dead or alive were mere afterthoughts.

The Special Mission Compound in Benghazi on that night was not a textbook case. No classroom, no training officer, and certainly no armchair general could understand the nuances of those terrifying uncertain moments of the attack. The attackers had managed to cut off and isolate two two-man tandems of armed support, and the local militia, paid to stand and fight, had cut and run. A.’s decision was his and his alone. And he chose to do whatever was humanly feasible to keep Stevens and Smith alive. There was no honor in a suicidal last stand before it was absolutely the time to commit suicide. Every second that the three could hang on was another second of hope that rescue would come.

It was 2200 hours.

The attackers moved quickly into the villa. The front door had been locked, and it took some effort to get it open. Finally, an R.P.G. was employed to blow a hole through the door. As they penetrated the villa the attackers were furious and violent, with an animal-like rage. They happily sated their appetite for destruction on anything before them, ripping the sofas and cushions to shreds. Bookshelves, lighting fixtures, vases were bashed and crushed. TVs were thrown to the ground and stomped on; the kitchen was ransacked. The computers left behind, perhaps containing sensitive and possibly even classified information, were simply trashed.

A. raised his weapon at the ceiling, trying to follow the footsteps of the invaders as they stomped on shards of broken glass above. The TOC was providing him with a play-by-play description of the frenetic orgy of destruction. As the gunmen searched the house, determined to retrieve a captive, either a defiant ambassador or the corpse of one, they headed down toward the safe haven.

All that separated A., Stevens, and Smith from the terrorists was the steel-reinforced security gate, of the kind installed inside the apartments of diplomats serving in “normal” locations in order to prevent criminal intrusions. The metal gate wasn’t a State Department-spec forced-entry-and-blast-resistant door, like the ones used in Inman buildings.

A. knew that unless help arrived soon they were, to use a DS euphemism, “screwed.” Screwed was an understatement. The terrorists would use explosives or an R.P.G. to blast their way into the safe haven; they had, he believed, used one to blast through the doors at the main entrance. R.P.G.’s and satchels of Semtex were virtually supermarket staples in Benghazi, and with one pull of the grenade launcher’s trigger or one timed detonation, the armored door to the safe haven would be a smoldering twist of ruin. But fire was a much cheaper and far simpler solution to a frustrating obstacle.

Burning down an embassy or a diplomatic post was so much easier than blowing it up, and historically, when a diplomatic post’s defenses had been breached, the end result was usually an inferno. As the frenzy of destruction began to simmer down, the roar of fire was loud and ominous. R. radioed A. with the news. “Smoke is seen from the villa’s windows, over.” The message was superfluous. The three men could hear the flames engulfing the building, and they could feel the oven-like heat growing hotter and more unbearable as each moment passed. The lights from behind the door began to flicker. The electricity began to falter, and then it died.

Once the fires began and the gunmen discovered the path to the safe haven, A. moved onto his knees to take aim with his assault rifle in case the attackers made it through this final barrier. The attackers flailed their hands wildly in the attempt to pry the gate open. None fired into the room; the mesh steel made it difficult for them to poke the barrels of their AK-47s to a point where they would be able to launch a few rounds. Stevens, Smith, and A. were safely out of view, crouched behind walls. A. cradled his long gun with his left hand, wiping the sweat from his right. He knew he had to be frugal with his shots. He didn’t know if he had enough rounds to stop 10 men, let alone more. As A. moved his sights from target to target, the fiery orange glow behind them made the dozen or so men look like a hundred.

Just before the fire was set, the gunmen had emerged from the villa, relaxed and joyous. They fecklessly fired their AK-47s into the air and watched the villa erupt in a wild blaze. Whoever was inside the doomed building would most certainly die. Their work for the night was nearly done.

The smoke spread fast as A. ordered Stevens and Smith to drop to their knees and led them in a crawl from the bedroom toward the bathroom, which had a small window. Towels were taken off their fancy racks and doused with water. A. rolled them loosely and forced them under the door to keep the smoke from entering the smaller space the three men had retreated to. Nevertheless, the acrid black vapor was eye-searing and blinded the men in the safe haven. The three, crawling around on the bathroom floor, gasped for clean air to fill their lungs. They couldn’t see a thing in the hazy darkness. The men began to vomit into the toilet. Getting some air was now more important than facing the wrath of the attackers.

The situation inside the safe haven was critical. A. attempted to pry open the window, but in seeking ventilation he exacerbated the situation; the opening created an air gust which fed the intensity of the flames and the smoke. The safe haven became a gas chamber. A. yelled and pleaded with Stevens and Smith to follow him to an adjacent room with an egress emergency window, but he couldn’t see the two through the smoke. He banged on the floor as he crawled, hoping they would hear him. A. found himself in the throes of absolute terror. He was, however, unwilling to surrender to the dire environment. He pushed through toward the window, barely able to breathe. With his voice raw from smoke, he mustered whatever energy he had left to yell and propel Stevens and Smith forward.

The egress window was grilled, and within the grille was a section that could be opened for emergency escape. It had a lock with the key located near the window but out of reach from someone outside. It did not open easily. Using all the strength of his arms and shoulders, A. managed to pry the window slightly ajar. He yelled for Stevens and Smith to follow him as he forced his body through the opening. The taste of fresh air pushed him ahead, and he was determined to get his ambassador and his IMO to safety, no matter what.

Coughing up soot, he reached inside to help Stevens and Smith out. There was no response, though; they had not followed him. A. heard the crackling of AK-47 gunfire in the distance, and he heard the whooshing sound of shots flying overhead. Some of the gunmen, who had by now begun to retreat from the blaze, began firing at him. A. didn’t care at this point. Showing enormous courage and dedication, he went back into the safe haven several times to search for both men. The heat and the intensity of the fire and smoke beat him back each time.

Later, A. could not remember the number of attempts he had made to search for Stevens and Smith, but they were numerous. His hands were severely burned, and the smoke inhalation had battered his body to the point where even minor movements caused excruciating pain. Still, he resolved to get the two men out of the inferno, dead or alive. But at approximately his sixth attempt to go back inside, A. found he couldn’t go back anymore. His body, weakened by a lack of oxygen and severe pain, had been humbled by the hellacious reality. Stoically he gathered himself and made toward an emergency ladder near the egress window. He climbed to the roof as the flames rushed upward from the windows that had exploded. While rounds were flying by him, he tried to pull off a metal grate over a skylight on the top of the roof. The building resembled a funeral pyre.

Atop the building, A. struggled his way toward the wedge-shaped sandbag firing emplacement that the DS Mobile Security Deployment operators had affixed the last time they had been to Benghazi. The sandbags shielded A. from the odd shots still ringing out in the night; greenish beams of tracer fire littered the roofline, as the gunmen still hoped to have a chance to engage some of the Americans in a battle to the end. A. used his radio and weapon to smash open the skylight in the hope of ventilating the building. He prayed this would cause the fire to burn itself out, enabling him to rush down into the labyrinth of destruction and save the lives of the ambassador and Sean Smith.

But, as pillars of fire and smoke surged up through the shattered remnants of the skylight, the collapse of the weakened roof seemed imminent. Struggling with every breath he took, he gathered his strength and pressed down on the talk button of his Motorola handset. “I don’t have the ambassador,” he yelled. “Repeat, over?” B. responded. He couldn’t hear what A. had said. As the flames roared around A., he struggled to speak. He found it excruciating to hold the radio in his burned hands. But they had to know. He took a lung-filling gasp of air. “I don’t have the ambassador!”

By Esam Omran Al-Fetori/Reuters/Landov.

Find this story at august 2013

Vanity Fair © Condé Nast Digital

For years, the Central Intelligence Agency denied it had a secret file on MIT professor and famed dissident Noam Chomsky. But a new government disclosure obtained by The Cable reveals for the first time that the agency did in fact gather records on the anti-war iconoclast during his heyday in the 1970s.

The disclosure also reveals that Chomsky’s entire CIA file was scrubbed from Langley’s archives, raising questions as to when the file was destroyed and under what authority.

The breakthrough in the search for Chomsky’s CIA file comes in the form of a Freedom of Information Act (FOIA) request to the Federal Bureau of Investigation. For years, FOIA requests to the CIA garnered the same denial: “We did not locate any records responsive to your request.” The denials were never entirely credible, given Chomsky’s brazen anti-war activism in the 60s and 70s — and the CIA’s well-documented track record of domestic espionage in the Vietnam era. But the CIA kept denying, and many took the agency at its word.

Now, a public records request by Chomsky biographer Fredric Maxwell reveals a memo between the CIA and the FBI that confirms the existence of a CIA file on Chomsky.

Dated June 8, 1970, the memo discusses Chomsky’s anti-war activities and asks the FBI for more information about an upcoming trip by anti-war activists to North Vietnam. The memo’s author, a CIA official, says the trip has the “ENDORSEMENT OF NOAM CHOMSKY” and requests “ANY INFORMATION” about the people associated with the trip.

After receiving the document, The Cable sent it to Athan Theoharis, a professor emeritus at Marquette University and an expert on FBI-CIA cooperation and information-gathering.

“The June 1970 CIA communication confirms that the CIA created a file on Chomsky,” said Theoharis. “That file, at a minimum, contained a copy of their communication to the FBI and the report on Chomsky that the FBI prepared in response to this request.”

The evidence also substantiates the fact that Chomsky’s file was tampered with, says Theoharis. “The CIA’s response to the FOIA requests that it has no file on Chomsky confirms that its Chomsky file was destroyed at an unknown time,” he said.

It’s worth noting that the destruction of records is a legally treacherous activity. Under the Federal Records Act of 1950, all federal agencies are required to obtain advance approval from the national Archives for any proposed record disposition plans. The Archives is tasked with preserving records with “historical value.”

“Clearly, the CIA’s file, or files, on Chomsky fall within these provisions,” said Theoharis.

It’s unclear if the agency complied with protocols in the deletion of Chomsky’s file. The CIA declined to comment for this story.

What does Chomsky think? When The Cable presented him with evidence of his CIA file, the famous linguist responded with his trademark cynicism.

“Some day it will be realized that systems of power typically try to extend their power in any way they can think of,” he said. When asked if he was more disturbed by intelligence overreach today (given the latest NSA leaks) or intelligence overreach in the 70s, he dismissed the question as an apples-to-oranges comparison.

“What was frightening in the ‘60s into early ‘70s was not so much spying as the domestic terror operations, COINTELPRO,” he said, referring to the FBI’s program to discredit and infiltrate domestic political organizations. “And also the lack of interest when they were exposed.”

Regardless,, the destruction of Chomsky’s CIA file raises an even more disturbing question: Who else’s file has evaporated from Langley’s archives? What other chapters of CIA history will go untold?

“It is important to learn when the CIA decided to destroy the Chomsky file and why they decided that it should be destroyed,'” said Theoharis. “Undeniably, Chomsky’s was not the sole CIA file destroyed. How many other files were destroyed?”

Posted By John Hudson Tuesday, August 13, 2013 – 9:18 AM Share

Find this story at 13 August 2013

©2013 The Foreign Policy Group,

20 August 1999
Source: Hardcopy of 61 pages. Thanks to Sten Linnarsson.

Find this story at 2000 part 1
Find this story at 2000 part 2
Find this story at 2000 part 3
Find this story at 2000 part 4
Campbell’s report: http://cryptome.org/jya/ic2000.zip (981KB)
http://www.fas.org/irp/program/process/docs/98-14-01-2en.pdf

This is part 1 of 4 of “Development of Surveillance Technology and Risk of Abuse of Economic Information (an appraisal of technologies of political control).”

Part 2: “The legality of the interception of electronic communications: A concise survey of the principal legal issues and instruments under international, European and national law,” by Prof. Chris Elliott: http://cryptome.org/dst-2.htm

Part 3: “Encryption and cryptosystems in electronic surveillance: a survey of the technology assessment issues,” by Dr. Franck Leprévost: http://cryptome.org/dst-3.htm

Part 4: “The state of the art in Communications Intelligence (COMINT) of automated processing for intelligence purposes of intercepted broadband multi-language leased or common carrier systems, and its applicability to COMINT targeting and selection, including speech recognition,” by Duncan Campbell: http://www.iptvreports.mcmail.com/stoa_cover.htm [dead]

Campbell’s report: http://cryptome.org/jya/ic2000.zip (981KB)

EUROPEAN PARLIAMENT

SCIENTIFIC AND TECHNOLOGICAL OPTIONS ASSESSMENT
STOA
DEVELOPMENT OF SURVEILLANCE
TECHNOLOGY AND RISK OF ABUSE
OF ECONOMIC INFORMATION
(An appraisal of technologies of political control)

Part 1/4

The perception of economic risks arising from the potential vulnerability
of electronic commercial media to interception

Survey of opinions of experts
Interim Study

Working document for the STOA Panel

Luxembourg, May 1999 PE 168.184/Int.St./part 1/4
Directorate General for Research

Cataloguing data:

Title:

Part 1/4 of:
DEVELOPMENT OF SURVEILLANCE TECHNOLOGY AND
RISK OF ABUSE OF ECONOMIC INFORMATION
(An appraisal of technologies of political control)

Workplan Ref.: EP/IV/B/STOA/98/1401

Publisher: European Parliament
Directorate General for Research
Directorate A
The STOA Programme

Author: Mr Nikos BOGONIKOLOS – ZEUS E.E.I.G.

Editor: Mr Dick HOLDSWORTH, Head of STOA Unit

Date: May 1999

PE number: PE 168. 184/Int.St./1/4

This document is a working Document for the ‘STOA Panel’. It is not an official publication of STOA.

This document does not necessarily represent the views of the European Parliament.

CONTENTS
PART A: OPTIONS
Introduction
General overview of the outcome of the survey (interim stage)
Views on privacy collected from the survey
General privacy issue
The market for privacy
The role of industry
The need for European legislation

Options for action on surveillance and privacy
PART B: ARGUMENTS AND EVIDENCE
General
Examples of Abuse of Economic Information
PART C: TECHNICAL FILE
1. INTRODUCTION
Surveillance and Privacy
Dataveillance Techniques
Risks Inherent in Data Surveillance
Controls

2. SURVEILLANCE: TOOLS AND TECHNIQUES – Current technologies
1. Visual Surveillance
2. Audio Surveillance
3. Phone Tapping and Encryption
4. Voice and Word Pattern Recognition
5. Proximity Smart Cards
6. Transmitter Location
7. E-mail at Workplace
8. Electronic Databases
9. The Internet

3. THE USE OF SURVEILLANCE TECHNOLOGY SYSTEMS FOR THE TRANSMISSION AND COLLECTION OF ECONOMIC INFORMATION
3.1 CALEA System
3.2 ECHELON Connection
3.3 Inhabitant identification Schemes

4. THE NATURE OF ECONOMIC INFORMATION SELECTED BY SURVEILLANCE TECHNOLOGY SYSTEMS
A. From telecommunication systems
B. From new information technologies (Internet)
C. Some examples of data collection on the Internet

5. PROTECTION FROM ELECTRONIC SURVEILLANCE
A. Encryption (Cryptography)
Private sector initiatives

B. Key – recovery
Encryption and the global information infrastructure
Key-Recovery: Requirements and proposals

6. SURVEILLANCE TECHNOLOGY SYSTEMS IN LEGAL AND REGULATORY CONTEXT
A. Privacy regulation
Multinational data protection measures
Data protection directive in Europe
Privacy regulation in the United States

B. Protection of Privacy in the telecommunications sector

C. Cryptography
Cryptography policy in USA
Cryptography policy guidelines from OECD
E. U. cryptography policy
Other national and international activities related to cryptography policy

D. Key recovery

E. European Initiatives
DLM-FORUM- Electronic Records
Promoting Safe Use of Internet
REFERENCES

PART A: OPTIONS

Introduction

The present study, ‘Development of surveillance technology and risk of abuse of economic information’ presents the interim results from a survey of the opinions of experts, together with additional research and analytical material by the authors. It has been conducted by ZEUS E.E.I.G. as part of a technology assessment project on this theme initiated by STOA in 1998 at the request of the Committee on Civil Liberties and Internal Affairs of the European Parliament. This STOA project is a follow-up to an earlier one entitled: “An appraisal of technologies of political control” conducted for the same Committee. The earlier project resulted in an Interim Study (PE 166.499) written by OMEGA Foundation, Manchester, and published by STOA on January 1998 and later updated (September 1998).

In the earlier study it was reported that within Europe all fax, e-mail and telephone messages are routinely intercepted by means of what is called the ECHELON global surveillance system. The monitoring was said to be “routine and indiscriminate”. The ECHELON system formed part of the UKUSA system, but unlike many of the electronic spy systems developed during the cold war, ECHELON was said to be designed for primarily non-military targets: governments, organisations and businesses in virtually every country.

In the present study the authors were requested to investigate the use of surveillance technology systems, for the collection and possible abuse of sensitive economic information.

The principal method selected was a procedure of data collection and processing based on a modified DELPHI method (to be referred to here as “the survey”). Under this method, a list of potential sources of data was prepared. These were some 49 experts from universities, industrial and commercial undertakings in the informations and telecommunications technology sector, as well as a smaller number of persons in international or governmental organisations. The experts were drawn from 11 Member States of the European Union, plus Cyprus, Norway and Switzerland.

The next step was the collection of the data. This was mostly achieved by direct interviews of the experts, with the use of a questionnaire. The views (data) were processed and a convergence examination performed. The convergence procedure was based on a recursive approach for the exclusion of the non-reliable data. The last step was the drawing of the analytical results.

General overview of the outcome of the survey

The predominant view among the experts was that since nowadays almost all economic information is exchanged through electronic means (telephone, fax, e-mail), and, in addition, all digital telecommunication devices and switches have enhanced wiretapping capabilities, for these reasons they suggested that we must focus on the protection of the data when transmitted (using encryption products), on the use of government-approved encryption products and on the adoption of common standards concerning encryption and key-recovery products. The position could be summed up in the statement that ‘since it is difficult to prove that economic information has been captured by ECHELON system and passed on by the NSA, we have to consider privacy protection in a global international networked society’.

In summary, therefore, we see that two perceptions of this question emerge: (1) a concern about the possible threat to privacy and economic and civil rights potentially posed by global clandestine electronic surveillance systems operated by large and powerful secret government agencies, and (2) anxiety about the problems of commercial and personal privacy which arise now that so much commercial and other communications traffic is conducted over the Internet. Managers of businesses engaged in electronic commerce may perhaps be concerned about global clandestine surveillance systems: what is certain is that they are worried in a more familiar way about threats to commercial security posed by the nature of the new electronic business media and their possible vulnerability to interception by competitors and fraudsters.

Reflecting the feedback from the survey, the present study tends to reflect Perception 2, whereas the earlier one of 1998 tended to reflect Perception 1.

Advances in information and communication technologies have fostered the development of complex national and international networks which enable thousands of geographically dispersed users to distribute, transmit, gather and exchange all kinds of data. Transborder electronic exchanges — private, professional, industrial and commercial — have proliferated on a global scale and are bound to intensify among businesses and between businesses and consumers, as electronic commerce develops.

At the same time developments in digital computing have increased the capacity for accessing, gathering, recording, processing, sorting, comparing and linking alphanumeric, voice and image data. This substantial growth in international networks and the increase in economic data processing have arisen the need at securing privacy protection in transborder data flows.

Today, it is not necessary to define new principles for the protection of data (and privacy) in an expanding global electronic environment. It is necessary to define the appropriate means of putting the established principles into practice, particularly on the information and communication networks.

An active education strategy may be one of the ways to help achieve on-line and privacy protection and to give all actors the opportunities to understand their common interests.

Common technological solutions can assist in implementing privacy and data protection guidelines in global information networks. The general optimism about technological solutions, the pressure to collect economic information and the need for political and social policy decisions to ensure privacy must be considered.

The growth in international networks and the increase in economic data processing have arisen the need at securing privacy protection in transborder data flows and especially the use of contractual solutions. Global E-Commerce has changed the nature of retailing. There were great cultural and legal differences between countries affecting attitudes to the use of sensitive data (economic or personal) and the issue of applicable law in global transaction had tope resolved. Contracts might bridge the gab between those with legislation and the others.

Since Internet symbolised global commerce, faced with a rapid expansion in the numbers of transactions, there is a need to define a stable lasting framework for business. Internet is changing profound the markets and adjusting new contracts. To that reality is a complex problem.

Views on privacy collected from the survey

In this section the experts’ views on the various privacy issues are reported. The information was mostly collected by direct interviews of the experts, based on a predefined questionnaire.

General privacy issues

Privacy can be a contentious subject because it means different things to different people. The definition given is: “Privacy is the claim of individuals, groups, or institutions to determine for themselves how, when and to what extent information about them is communicated to others”
A clear problem expressed is that in an electronic environment, it becomes hard to differentiate between a private and public place and therefore what should be protected and what should not.
It was argued that is unreasonable for the society to subsidise the cost of individuals to maintain their privacy, pointing out that most people will choose utility over security (and consequently privacy)
It was suggested that privacy in many ways sacrifices other goods (time, effort and energy among them) in order to obtain it.
Three basic tools necessary for privacy protection were outlined: notice (to the data supplier), consent (to the consumer), and accountability.
Although accountability may be essential to ensuring privacy, it unfortunately conflicts with the anonymity, privacy implies. For any commerce to take place on the Internet, therefore, some level of anonymity and therefore privacy must be sacrificed. The question to be answered is ” how much and who will decide”.

The market for privacy

When the European Commission adopted the privacy directive (95/46/EC), it stated that privacy protection is a central precondition to consumers’ acceptance of electronic commerce. Accordingly, a critical issue experts argued, was whether there was a “market failure’ in the electronic environment that required some sort of government intervention to ensure data privacy.
Some experts responded that data privacy is not purely a public good, and so at some point someone will have a market incentive to protect it. Some corporations that have tried to market their strong privacy protection have yet to see any results and have concluded that: “privacy doesn’t sell”. Other industries have marketed privacy successfully (such as the cellular telephone industry) which could mean that the public demands for privacy are forthcoming and will eventually be profitable.
They feel that a question to be answered is: Who governs the responsibility of the information collector, or does society have to impose a sense of responsibility?”

The role of industry

Most experts expressed the view that the information industry should be primarily self-regulated: the industry is changing too rapidly for government legislative solutions, and most corporations are not simply looking at National or European but at global markets, which national governments cannot regulate.
Indeed several experts expressed the fear that any European attempt to allow USA to oversee (via global surveillance systems) data would lead to abuses by the government or other competitive companies.
They noted that many companies (such as Citibank) already inform consumers and clients that, unless told otherwise, they will disclose information to their affiliates. They suggested that a simple seal on the home page of a Web site, declaring that a company adheres to certain industry privacy standards might cease the fears of the public and offer some level of accountability.
Alternatively, they suggested that the media could act as an effective watchdog, informing consumers and companies of what information is being collected about them and how that information is being used.
They also noted that multinational companies could better negotiate for themselves across national boundaries than governments can. Electronic commerce is unlikely to gain popularity until the issues of notice, consent and recourse have been resolved. The market will force companies wishing to participate in this medium to address and solve these concerns.

The need for European legislation

Experts took the view that the European Parliament must now ask how, in a world of the Internet, one reconciles the objectives of protecting both: privacy and free flow of information.
In recent years there have been disclosures that unauthorised individuals have examined financial information from the Internal Revenue Service in USA. Several experts pointed to the flap over the decision by the Social Security Administration in USA to provide companies account information on-line. Each of these examples suggests that protecting data privacy may be a great challenge for the European Parliament.
Experts agreed that the European Parliament should play a role in creating a standard for disclosure. Several experts went further and argued the need of a privacy agency within the European Union to act as an ombudsman and to represent privacy interests, so that in debates between European Union and USA there is someone whose responsibility would be to protect privacy.
Whatever several experts believe the appropriate role for national governments to be in ensuring privacy in an electronic environment, some “private regulation” is already occurring on the Internet by the computer engines, who write code and decide computer standards. In fact experts suggested that when encryption software becomes ubiquitous it will push Internet commerce because it allows for potentially anonymous transactions, which will solve privacy issues by default.
It was pointed out that a group of high-tech companies in co-operation with standardisation organisations should agree on a web-based standard that would allow companies and consumers to interact with data collectors and inform them of what information they would be comfortable having disclosed to other parties.

Options for action on surveillance and privacy

The policy options for consideration by the committee on Civil Liberties and Internal Affairs of the European Parliament which emerged from the survey are:

Authorities in the EU and Member States should:

engage in a dialogue involving the private sector and individual users of networks in order to learn about their needs for implementing the privacy guidelines in the global network;

undertake an examination of private sector technical initiatives;

encourage the development of applications within global networks, of technological solutions that implement the privacy principles and uphold the right of users, businesses and consumers for protection of their privacy in the electronic environment.
Drafting methods for enforcing codes of conduct and privacy statements ranging from standardisation, labelling and certification in the global environment through third-party audit to formal enforcement by a regulatory body.
Definitions of the transactions which must remain anonymous, and technical capabilities for providing anonymity need to be specified.
Enforcement for the adoption of adequate standards (cryptography and key encryption) from all E.U. member states. Multilateral agreements with other countries could then be negotiated.
Drafting of common guidelines of credit information use (in each member state of the E.U. different restriction policies exist). It must be dear how those restrictions could apply to a globally operating credit reference agency.
Drafting of common specifications for cryptography systems and government access key recovery systems, which must be compatible with large scale, economical, secure cryptographic systems.
Enforcement for the adoption of special authorisation schemes for Information Society Services and supervision of their activities by National Authorisation Bodies.
Drafting of a common responsibilities framework for on-line service providers, who transmit and store third party information. This could be drafted and supervised by National PTTs.
The European Parliament should examine critically proposals from the US for the elimination of cryptography and the adoption of encryption controls supervised by US Agencies.
Annual statistics and reporting on abuse of economic information by any means must be reported to the Parliament of each member state of the E.U.
Measures for encouraging the formal education systems of each member state of the E.U. or the appropriate European Training Institute/Organisation to take up the general task of educating users in the technology and their rights.

PART B: ARGUMENTS AND EVIDENCE

General

Nowadays almost all economic information is exchanged through electronic means (telephone, fax, e-mail). In addition, all digital telecommunication devices and switches have enhanced wiretapping capabilities. As a conclusion we have to consider privacy protection in a global international networked society. And when we speak about electronic protection and privacy in the exchange of economic information, we actually speak for electronic commerce over the Internet.

The information society promises economic and social benefits for all: citizens, companies and governments. Advances in information and communication technologies have fostered the proliferation of private, professional, industrial and commercial transborder electronic exchanges on a global scale which are bound to intensify among businesses and between businesses and consumers as electronic commerce develops. New methods for processing the vast accumulation of data -such as data mining techniques- make it possible, on the basis of demographic data, credit information, details of on-line transactions etc, to identify new kinds of purchasing patterns or unusual relationships.

Indeed, compliance with rules governing the protection of privacy and personal data is crucial to establishing confidence in electronic transactions, and particularly in Europe, which has traditionally been heavily regulated in this area. The development of the global information society makes the convergence of government policies, the transparency of rules and regulations and their effective implementation on economic and social life. In particular, in the context of electronic commerce, the development of on-line commercial activities hinges to a large extent, not only on the faith consumers have in business in terms of guaranteed product delivery or security payment systems, but also on the confidence that users and consumers will have in the ways that businesses handle their personal data.

To operate with confidence on the global networks, most consumers need assurance that their on-line activities and electronic transactions will not be collected or used without their knowledge or made available to parties other than their initial correspondents. Neither linked to other data about them in order to compile behavioural profiles without their consent.

The importance of information and communication systems for society and the global economy is intensifying with the increasing value and quantity of data that is transmitted and stored on those systems. At the same time those systems and data are also increasingly vulnerable to a variety of threats such as unauthorised access and use, misappropriation, alteration and destruction. Proliferation of computers, increased computing power, interconnectivity, decentralisation, growth of networks and the number of users, as well as the convergence of information and communication technologies, while enhancing the utility of these systems, also increase system invulnerability.

Cryptography is an important component of secure information and communication systems and a variety of application have been developed that incorporate cryptographic methods to provide data security.

Although there are legitimate governmental, commercial and individual needs and uses for cryptography, it may also be used by individuals or entities for illegal activities, which can affect public safety, national security, the enforcement of laws, business interests, consumers interests or privacy. Governments together with industry and the general public, are challenged to develop balanced policies to address these issues.

Cryptography uses an algorithm to transform data in order to render it unintelligible to anyone who does not possess certain secret information (the cryptographic “key”), necessary for decryption of the data. Within the new concept of cryptography, rather than sharing one secret key, the new design uses two mathematically related keys for each communication party: a “public key” that is disclosed to the public and a corresponding “private key”, that is kept secret. A message that is encrypted with a public key can only be decrypted by the corresponding private key.

An important application for public key cryptography is “digital signature”, which can be used to verify the integrity of data or the authenticity of the sender of data. In this case, the private key is used to “sign” a message, while the corresponding public key is used to verify a “signed” message.

Public key cryptography plays an important role in developing information infrastructure. Much of the interest in information and communication networks and technologies centres on their potential to accommodate electronic commerce; however open networks such as the Internet present significant challenges for making enforceable electronic contracts and secure payments.

Since Electronic Commerce on one hand is one of the key strategies of the European Union and the privacy protection on the other hand, one of its main principles, E.U. in 1998 released three “key” working documents:

Proposal for a European Parliament and Council Directive on certain legal aspects of Electronic Commerce in the internal market [ COM(1998) 586 final].
Proposal for a European Parliament and Council directive on a common framework for electronic signatures [COM (1998)297 final].
Ensuring security and trust in electronic communication: “Towards a European framework for digital signatures and Encryption” [COM(1997) 503 final].

Increasing the number of people with authorised access to the critical infrastructure and to business data, will increase the likelihood of attack, whether through technical means, by exploitation of mistakes or through corruption. Further “key-recovery” requirements to the extent that they made encryption can have the effect of discouraging or delaying the deployment of cryptography in increasingly vulnerable computing and communication networks.

As the Internet and other communications systems reach further into everyday lives, national security, law enforcement and individual privacy have become perilously intertwined. Governments want to restrict the free flow of information; software producers are seeking ways to ensure consumers are not bugged from the very moment of purchase. The US is behind a world-wide effort to limit individual privacy and enhance the capability of its intelligence services to eavesdrop on personal conversations. The campaign has had two legal strategies: the first made it mandatory for all digital telephone switches, cellular and satellite phones and all developing communication technologies to build in surveillance capabilities; the second sought to limit the dissemination of software that contains encryption, a technique which allows people to scramble their communications and files to prevent others from reading them. The first effort to heighten surveillance opportunities was to force telecommunications companies to use equipment designed to include enhanced wiretapping capabilities. The end goal was to ensure that the US and its allied intelligence services could easily eavesdrop on telephone networks anywhere in the world. In the late 1980s, in a programme known internally as ‘Operation Root Canal’, US law enforcement officials demanded that telephone companies alta their equipment to facilitate the interception of messages. The companies refused but, after several years of lobbying, Congress enacted the Communications Assistance for Law Enforcement Act (CALEA) in 1994.

CALEA requires that terrestrial carriers, cellular phone services and other entities ensure that all their ‘ equipment, facilities or services’ are capable of expeditiously. . . enabling the government…to intercept… all wire and oral communications carried by the carrier…concurrently with their transmission.’ Communications must be interceptable in such a form that they could be transmitted to a remote government facility.

Manufacturers must work with industry and law enforcement officials to ensure that their equipment meets federal standards. A court can fine a company US$10,000 per day for each product that does not comply.

The passage of CALEA has been controversial but its provisions have yet to be enforced due to FBI efforts to include even more rigorous regulations under the law. These include the requirement that cellular phones allow for location-tracking on demand and that telephone companies provide capacity for up to 50,000 simultaneous wiretaps.

While the FBI lobbied Congress and pressured US companies into accepting a tougher CALEA, it also leaned on US allies to adopt it as an international standard. In 1991, the FBI held a series of secret meetings with EU member states to persuade them to incorporate CALEA into European law. The plan, according to an EU report, was to ‘call for the Western World (EU, US and allies) to agree to norms and procedures and then sell their products to Third World countries. Even if they do not agree to interception orders, they will find their telecommunications monitored by the UK-USA signals intelligence network the minute they use the equipment.’ The FBI’s efforts resulted in an EU Council of Ministers resolution that was quietly adopted in January 1995, but not publicly released until 20 months later. The resolution’s text is almost word for word identical to the FBI’s demands at home. The US government is now pressuring the International Telecommunications Union (ITU) to adopt the standards globally.

The second part of the strategy was to ensure that intelligence and police agencies could understand every communication they intercepted. They attempted to impede the development of cryptography and other security measures, fearing that these technologies would reduce their ability to monitor the emissions of foreign governments and to investigate crime.

These latter efforts have not been successful. A survey by the Global Internet Liberty Campaign (GILC) found that most countries have either rejected domestic controls or not addressed the issue at all. The GILC found that ‘many countries, large and small, industrialised and developing, seem to be ambivalent about the need to control encryption technologies’.

The FBI and the National Security Agency (NSA) have instigated efforts to restrict the availability of encryption world-wide. In the early 1970s, the NSA’s pretext was that encryption technology was ‘born classified’ and, therefore, its dissemination fell into the same category as the diffusion of A-bomb materials. The debate went underground until 1993 when the US launched the Clipper Chip, an encryption device designed for inclusion in consumer products. The Clipper Chip offered the required privacy, but the government would retain a ‘pass-key’ – anything encrypted with the chip could be read by government agencies.

Behind the scenes, law enforcement and intelligence agencies were pushing hard for a ban on other forms of encryption. In a February 1993 document, obtained by the Electronic Privacy Information Center (EPIC), they recommended ‘Technical solutions, such as they are, will only work if they are incorporated into all encryption products’.

To ensure that this occurs, legislation mandating the use of government-approved encryption products, or adherence to government encryption criteria, is required.’ The Clipper Chip was widely criticised by industry, public interest groups, scientific societies and the public and, though it was officially adopted, only a few were ever sold or used.

From 1994 onwards, Washington began to woo private companies to develop an encryption system that would provide access to keys by government agencies. Under the proposals – variously known as ‘key escrow’, ‘key recovery’ or ‘trusted third parties’ – the keys would be held by a corporation, not a government agency, and would be designed by the private sector, not the NSA. The systems, however, still entailed the assumption of guaranteed access to the intelligence community and so proved as controversial as the Clipper Chip. The government used export incentives to encourage companies to adopt key escrow products: they could export stronger encryption, but only if they ensured that intelligence agencies had access to the keys.

Under US law, computer software and hardware cannot be exported if it contains encryption that the NSA cannot break. The regulations stymie the availability of encryption in the USA because companies are reluctant to develop two separate product lines — one, with strong encryption, for domestic use and another, with weak encryption, for the international market. Several cases are pending in the US courts on the constitutionality of export controls; a federal court recently ruled that they violate free speech rights under the First Amendment.
(… The NSA is one of the shadowiest of the US intelligence agencies. Until a few years ago, it existence was a secret and its charter and any mention of its duties are still classified. However, it does have a Web site (www.nsa.gov:8080) in which it describes itself as being responsible for the signals intelligence and communications security activities of the US government. One of its bases, Menwith Hill, was to become the biggest spy station in the world. Its ears — known as radomes — are capable of listening in to vast chunks of the communications spectrum throughout Europe and the old Soviet Union

In its first decade the base sucked data from cables and microwave links running through a nearby Post Office tower, but the communications revolutions of the Seventies and Eighties gave the base a capability that even its architects could scarcely have been able to imagine. With the creation of Intelsat and digital telecommunications, Menwith and other stations developed the capability to eavesdrop on an extensive scale on fax, telex and voice messages. Then, with the development of the Internet, electronic mail and electronic commerce, the listening posts were able to increase their monitoring capability to eavesdrop on an unprecedented spectrum of personal and business communications.

This activity has been all but ignored by the UK Parliament. When Labour MPs raised questions about the activities of the NSA, the Government invoked secrecy rules. It has been the same for 40years…. )

(Simon Davis report: http://www.telegraph.co.uk)

The FBI has not let up on efforts to ban products on which it cannot eavesdrop. In mid-1997, it introduced legislation to mandate that key-recovery systems be built into all computer systems. The amendment was adopted by several congressional Committees but the Senate preferred a weaker variant. A concerted campaign by computer, telephone and privacy groups finally stopped the proposal; it now appears that no legislation will be enacted in the current Congress.

While the key escrow approach was being pushed in the USA, Washington had approached foreign organisations and states. The linchpin for the campaign was David Aaron, US ambassador to the Organisation for Economic Co-operation and Development (OECD), who visited dozens of countries in what one analyst derided as a programme of ‘laundering failed US policy through international bodies to give it greater acceptance’.

Led by Germany and the Scandinavians, the EU has been generally distrustful of key escrow technology. In October 1997, the European Commission released a report which advised: ‘Restricting the use of encryption could well prevent law-abiding companies and citizens from protecting themselves against criminal attacks. It would not, however, totally prevent criminals from using these technologies.’ The report noted that ‘privacy considerations suggest limit the use of cryptography as a means to ensure data security and confidentiality’.

Some European countries have or are contemplating independent restrictions. France had a longstanding ban on the use of any cryptography to which the government does not have access. However, a 1996 law, modified the existing system, allowing a system of “tiers du confidence”, although it has not been implemented, because of EU opposition. In 1997, the Conservative government in the UK introduced a proposal creating a system of trusted third parties.

It was severely criticised at the time and by the new Labour government, which has not yet acted upon its predecessor’s recommendations. The debate over encryption and the conflicting demands of security and privacy are bound to continue. The commercial future of the Internet depends on a universally-accepted and foolproof method of on-line identification; as of now, the only means of providing it is through strong encryption. That put the US government and some of the world’s largest corporations, notably Microsoft, on a collision course. (Report of David Banisar, Deputy director of Privacy International and Simon Davies, Director General of Privacy International).

The issue of encryption divides the member states of the European Union. Last October the European Commission published a report entitled: “Ensuring security and Trust in Electronic Commerce”, which argued that the advantages of allowing law enforcement agencies access to encrypted messages are not clear and could cause considerable damage to the emerging electronic industry. It says that if citizens and companies “fear that their communications and transactions are being monitored with the help of key access or similar schemes unduly enlarging the general surveillance possibility of government agencies, they may prefer to remaining in the anonymous off-line world and electronic commerce will just not happen”.

However, Mr Straw said in Birmingham (JHA Informal JHA Ministers) that: “It would not be in the public interest to allow the improper use of encryption by criminals to be totally immune from the attention of law enforcement agencies”. The UK, along with France (which already has a law obliging individuals to use “crackable” software) and the USA, is out on a limb in the EU. “The UK presidency has a particular view and they are one of the access hard-liners. They want access: “them and the French”, commented an encryption expert. They are particularly about “confidential services” which ensure that a message can only be read by the person for whom it is intended who has a “key” to access it. The Commission’s report proposes “monitoring” Member States laws’ on “confidential services” to ensure they do not contravene the rules of the single market.

Examples of Abuse of Economic Information

In the course of collecting the data for and preparing this Interim Study various examples were cited of abuse of privacy via global surveillance telecommunication systems. A number of them is given in [54]. For the final version of the study, we shall see whether the experts have further comments to make on these examples, or whether they have new examples to suggest.

The consultation of experts in our survey so far yielded the following comments:

Since Internet has come to play a significant role in global commerce, then (as in Examples 1, 2, 3 and 4 cited below) Internet also became a tool of misleading information and a platform for deceitful advertisement.
On the positive side, Internet is a “golden highway” for those interested in the process of information.
However, apart from global surveillance technology systems, additional tools have been developed for surveillance. The additional tool used for information transferred via Internet or via Digital Global telecommunication systems is the capture of data with Taiga software. Taiga software has the possibility to capture, process and analyse multilingual information in a very short period of time (I billion characters per second), using key-words.

The examples given below are taken from the sources named:

Example 1

On January 15, 1990, the telephone network of AT&T company, in all the North-east part of USA faced serious difficulties. The network NuPrometheus had illegally owned and distributed the key-code of the operational system of AT&T Macintosh computer (Apple company).
J.P. Barlow: “A not terribly brief history of the Electronic Frontier Foundation,” 8 November 1990

Example 2

On January 24, 1990, the Electronic Frontier Foundation (EFF) in USA, accused a huge police operation under the encoded name “Sun Devil”, in which 40 computers and 23,000 diskettes were seized from teenagers, in 15 towns within USA. Teenager Craig Neidorf supported by EFF, not to be punished in 60 years prison and 120,000 USD penalty. Craig Neidorf had published in Phrack (a hackers magazine) part of the internal files of a telephone company.
M. Godwin: “The EFF and virtual communities,” 1991

Example 3

On June 25, 1998, in Absheim, an aircraft A-320 of the European Company “Airbus Industries” crashed during a demonstration flight. The accident was reportedly caused by dangerous manoeuvres. One person died and 20 were injured.

Very soon afterwards, and before the announcement of the official report, in the aerospace and transport Internet newsgroups there appeared many hostile messages against the Airbus undertaking and against the French company Aerospatiale as well, with which Airbus had close cooperation. Messages declared that the accident was to be expected because European engineers are not so highly qualified as American engineers. It was also clearly stated, that in the future similar accidents were to be expected.

Aerospatiale’s representatives took these hostile messages very seriously. They tried to discover the sources of messages and they finally realised that senders’ identification data, addresses and nodes were false. The source messages came from USA, from computers with misleading identification data and transferred from anonymous servers in Finland.
B. Martnet and Y.M. Marti: “L’intelligence econimique. Les yeux et les oreilles de 1′ enterprise, Editions d’organisation”. Paris 1995

Example 4

In October 31, 1994, in USA, an accident occurred to an ATR aircraft (of the European Consortium Aeritalia and Aerospatiale). Owing to this accident, a ban on ATR flights for two months was imposed. This decision became catastrophic on a commercial level for the company, because ATR was obliged to carry out test flights in fog conditions.

During this period, in Internet newsgroups (and especially in the AVSIG forum, supported by Compuserve), the exchange of messages was of vital significance. The messages supporting the European company were few, while the messages against ATR were many.

At the beginning of January 1995, there appeared a message from a journalist in this forum asking the following: “I have heard that ATR flights will begin soon. Can anybody confirm this information?” The answer came very soon. Three days after, unexpectedly, permission to continue ATR flights was given. The company learned this, as soon as the permission announced. But if they had actively participated in the newsgroups, they would have gained some days to inform their offices and their clients.
“Des langages pour analyser la poussiere d’ info”, Liberation, 9 June 1995

Example 5

The government of Brasil in 1994, announced its intention to assign an international contract (Amazonios). This procurement was of great interest since the total amount available for the contract was 1,4 billion USD. From Europe, the French companies Thomson and Alcatel expressed their interest and from USA, the huge weapon industry Raytheon. Although the offer of the French companies was technically excellent and allegedly better documented, the contract was eventually assigned to the USA company. It was reported in the press that this was achieved with a new offensive strategy used by USA. When the government of Brazil was about to assign the contract to the French companies, American Officials (allegedly with the personal involvement of President Bill Clinton) readjusted their offer, according to the offer of the European companies, and asserted that French companies influenced the committee, an accusation which was never proved. On the other hand, the European companies were reported to have indications that the intention of the government of Brazil to assign the contract to the European companies became known to Americans with the use of FBI’s surveillance technologies.
“La nouvelle machine de querre americaine”, LeMonde du reseingnement no 158, 16 February 1995

Example 6

In January 1994 Edouard Balladur, French Prime Minister, went to Ryadh (Saudi Arabia), feeling certain to bring back a historic contract for more than 30 million francs in sale of weapons and, especially, Airbus. He returned disappointed. The contract went to the McDonnell-Douglas American company, rival of Airbus. The French were report to believe that this was at least in part due to electronic surveillance by the ECHELON system, which had given to the Americans the financial conditions and incentives authorised by Airbus.

French press reports said the National Security Agency is the most secret and most significant of the thirteen secret agencies of the United States. It receives about a third of the appropriations allocated with clandestine intelligence: 8 of the 26,6 billion dollars (160 18 billion francs) registered appropriations in the 1997 budget. With its 20.000 employees in United States and some thousands of agents throughout the world, the NSA (which forms part of ministry for Defence since its creation in 1956) is more important than the CIA, even if the latter is better known to the public. Its site at Fort Meade contains, according to sources familiar with the place, the greatest concentration of data processing power and mathematicians in the world. They are employed to sort and analyse the flood of data acquired by ECHELON on the networks of international telecommunications.
“Echelon est au service des interets americains”, Liberation, 21 April 1998

PART C: TECHNICAL FILE
1. INTRODUCTION

Surveillance and Privacy

Surveillance is the systematic investigation or monitoring of the actions or communications of one or more persons. It has traditionally been undertaken by physical means (e.g. prison guards on towers). In recent decades it has been enhanced through image amplification devices such as binoculars and high-resolution satellite cameras.

The basic born [sic] physical surveillance comprises watching (visual surveillance) and listening (aural surveillance). Monitoring may be undertaken remotely in space, with the aid of image amplification devices like field glasses, infrared binoculars, light amplifiers and satellite cameras and sound amplification devices like directional microphones; and remotely in time with the aid of image and sound recording devices.

Electronic devices have been developed to augment physical surveillance and offer new possibilities such as closed-circuit TV (CCTV), VCR, telephone bugging, Proximity cards, Electronic Database, etc.

In addition to physical surveillance, several kinds of communications surveillance are practiced, including mail covers and telephone interception.

The popular term electronic surveillance refers to both augmentations to physical surveillance (such as directional microphones and audio bugs) and to communication surveillance, particularly telephone taps.

The recent years have seen the emergence and refinement of a new form of surveillance no longer of the real person, but of the person’s data shadow or digital persona. Data surveillance or Dataveillance is the systematic use of personal data systems in the investigation or monitoring of the actions or communications of one or more persons. Dataveillance is significantly lees expensive than physical and electronic surveillance, because it can be automated. As a result, the economic constraints on surveillance are diminished and more individuals and larger populations are capable of being monitored. Like surveillance, more generally, Dataveillance is of two kinds: “personal Dataveillance”, where a particular person has been previously identified as being of interest, “mass Dataveillance”, where a group or large population is monitored, in order to detect individuals of interest, and / or to deter people from stepping out of line.

Surveillance technology systems are mechanisms, which can identify, monitor and track movements and data. During the last few decades since information technology has become immensely sophisticated real benefits have been achieved in the development of surveillance technology systems.

On the other hand, negative impacts have been considerable:
The application of IT to the surveillance of people through their data.

IT technology may have substantial implications in privacy.

People often think of privacy as some kind of right. Unfortunately, the concept of a “right” is a problematic way to start, became a right seems to be some kind of absolute standard. What’s worse, is very easy to get confused between legal rights on one hand and natural or moral rights on the other. It turns out to be much more useful to think about privacy as one kind of thing (among many kinds of things) that people like to have lots of.

Privacy the interest that individuals have in sustaining a “personal space” free from interference by other people and organizations.

To a deeper level privacy turns out not to be a single interest but rather has several dimensions:

privacy of the person
privacy of personal behavior
privacy of personal communications
privacy of personal data

With the close coupling that has occurred between computing and communications, particularly since the 1980’s the last two aspects have become closely linked, and are commonly referred as information privacy.

Information privacy is the interest an individual has in controlling, or at least significantly influencing the handling of data about themselves.

The term ‘data privacy’ is sometimes used in the same way. ‘Data’ refers to inert numbers, where information implies the use of data by humans to extract meaning; hence ‘information privacy’ is arguably the more descriptive way of the two alternatives.

‘Confidentiality’ is an incidental and wholly inadequate substitute for proper information privacy, protection, where:
‘Confidentiality is the legal duty of individuals who come into the procession of information about others, especially in the course of particular kinds of relationships with them’.

Dataveillance Techniques

A variety of Dataveillnce techniques exists. Front-end verification (FEV), for example, comprises the checking of data supplied by an applicant (e.g. for a loan or government benefit) against data from a variety of additional sources, in order to identify discrepancies.

FEV may be applied as a person dataveillance tool where responsible grounds exist for suspecting that the information the person has provided may be unreliable; where, on the other hand, it is applied to every applicant, mass dataveillance is being undertaken. Data matching is a facilitative mechanism of particular value in mass dataveillance. It involves trawling through large volumes of data collected for different purposes, searching for discrepancies and drawing influences from them.
Personal dataveillance of previously identified individuals

integration of data hitherto stored in various locations within a single organization
screening or authentication of transactions against internal norms
front-end verification of transactions that appear to be exceptional, against data relevant to the matter at hand. and sought from other databases or from third parties.
front-end audit of individuals who appear to be exceptional against data related to other databases or from third parties.
cross-system enforcement against individuals, where a third party reports that the individual has committed a transgression in his or her relationship with the third party.

Mass dataveillance of groups of people.

screening or authentication of all transactions, where or not they appear to be exceptional, against internal norms
front-end verification of all transactions, whether or not they appear to be exceptional against data relevant to the matter at hand, as sought from other internal databases or from third parties.
front-end audit of individuals, whether or not they appear to be exceptional against data relevant to the matter at hand, as sought from other internal databases or from third parties.
single-factor file analysis of all data held or able to be acquired, whether or not they appear to be exceptional, variously involving transaction data compared against a norm, permanent data or other transaction data.
profiling or multi-factor file analysis of all data held or able to acquire, whether or not they appear to be exceptional, variously involving singular profiling of data held at a point in time, or aggregative profiling of transaction trails over time.

Facilitative mechanisms could be:

computer data matching, in which personal data records relating to many people are compared in order to identify cases of interest
data concentration, homely the combination of personal data interchange networks and hub systems.

Risks inherent in Data Surveillance

Data surveillance’s broader social impacts can be grouped as follows:
In personal dataveillance

low data quickly decisions [sic]
lack of subject knowledge of, and consent to, data flows
blacklisting
denial of redemsion [sic]

In mass surveillance
a. Risks to the individuals:

arbitrariness
a contextual data merger
complexity and incomprehensibility of data
witch hunts
ex-ante discrimination and guilt prediction
selective advertising
inversion of the onus of proof
covert operations
unknown accusations and accusers
denial of due process

b. Risks to society:

prevailing climate of suspicion
adversarial relationships
focus of law enforcement on easily detectable and provable offences
inequitable application of the law
decreased respect for the law and low enforcers
reduction in the meaningfulness of individual actions
reduction in self-reliance and self-determination
stultification of originality
increased tendency to opt out of the official level of society
weakening of society’s moral fibre and cohesion
destabilization of the strategic balance of
power repressive potential for the totalitarian government.

By way of example, individuals can suffer as a result of misunderstandings about the meaning of data on the file, or because the file contains erroneous data, which the individual does not understand and against which he / she has little or not chance of arguing without the help of a specialized lawyer.

Such seemingly small, but potentially very frustrating and infuriating personal problems can escalate into widespread distrust by people of government agencies and the legal system as a whole

Of course, many of the risks referred are diffuse. On the other hand, there is a critical economic difference between conventional forms of surveillance and Dataveillance.

Physical surveillance is expensive because it requires the application of considerable resources. Although (with few exceptions), this expense has been sufficient to restrict the use of surveillance. Admittedly the selection criteria used by the surveillance agencies have not always accorded with what the citizenry might have preferred, but at least its extent was limited. The effect was that in most countries the abuses affected particular individuals who had attracted the attention of the state, but were not so pervasive that artistic and potential freedoms were widely constrained.

Dataveillance changes all that. Dataveillance is relatively very cheap and getting cheaper all the time, thanks to progress in information technology. The economic limitations are overcome and the digital persona can be monitored with thoroughness and frequency and surveillance extended to whole populations. Nowadays, a number of particular populations have attracted the bulk of the attention, because the state already processed substantial data – holdings about them. There are social welfare recipients and employers of the state. Now that techniques have been refined, they are being pressed into more general usage, in the private as well in the public sector.

Controls

If dataveillance is burgeoning, controls are needed to ensure that its use is not excessive or unfair. There is a variety of natural or intrinsic controls, such as self-restraint and morality. Unfortunately morality has been shown many times to be an entirely inadequate influence over people’s behaviour. There is also the economic constraint, whereby work that isn’t worth doing tends not to get done, because people perceive better things to do with the same scarce resources. Regrettably this too is largely ineffective. Cost/benefit analysis of dataveillance measures is seldom performed, and when it has been the quality has generally been appalling. This reflects the dominance of political over economic considerations — both politicians and public servants want action to be seen to be being taken, and are less concerned about its effectiveness than its visibility.

If intrinsic controls are inadequate, extrinsic measures are vital. For example, the codes of ethics of professional bodies and industry associations could be of assistance. Regrettably, these are generally years behind the problems, and largely statements of aspiration rather than operational guidelines and actionable statements of what is and is not acceptable behaviour. Over twenty years after the information privacy movement gathered steam, there are few and very limited laws which make dataveillance activities illegal, or which enable regulatory agencies or the public to sue transgressing organisations. A (limited) statute exists at national level, but none at all at the level of State Governments. In any case, statutory regimes are often weak due to the power of data-using lobbies, the lack of organisation of the public, and the lack of comprehension and interest by politicians. The public has demonstrated itself as being unable to focus on complex issues; public apathy is only overcome when a proposal is presented simply and starkly, such as ‘the State is proposing to issue you with a plastic card. You will need to produce it whenever anyone asks you to demonstrate that you have Permission to breathe’.

There is a tendency for dataveillance tools to be developed in advanced nations, which have democratic traditions and processes (however imperfect). There is a further tendency for the technology to be exported to less developed countries.

Many of these have less well-developed democratic traditions, more authoritarian and even repressive regimes. The control mechanisms in advanced western democracies are inadequate to cope with sophisticated dataveillance technologies; in third world countries there is very little chance indeed of new extrinsic controls being established to ensure balance in their application. It appears that some third-world countries may be being used as test-beds for new dataveillance technologies.

2. SURVEILLANCE: TOOLS AND TECHNIQUES – Current technologies

Surveillance is using some of the most advanced and sophisticated technology to keep track of individuals; where they go, what they do and even what they say.

Visual and audio surveillance are almost everywhere, and, modern electronic technology gives the possibility of keeping track of individual’s moments without cameras or microphones, just with surveillance of their data (Dataveillance )

1. Visual Surveillance

Closed-circuit TV (CCTV) is the most common electronic visual surveillance technique.

Recording can be in two modes: real-time or time-lapse. Real-time is regular TV (at 30 frames (second) showing full motion). Time-lapse selects only a few frames per time period, perhaps one or two per second, to record. The advantage of time-lapse is that it allows one tape to record for a much longer time than real time recording

Video electronics can be very sophisticated indeed and the recent trend is digital video. This allows using the QUAD recording system, a method of compressing four separate camera images into a single frame, so that the guard could see all four views on the monitor screen and record them on a VCR (Video Cassette Recorder) at the same time. These systems allow detailed surveillance and plant monitoring, so that responsibles can observe everything happening within the facility.

In the previous years may be, only the entrance (or specific spaces) would be under video surveillance. Now it is possible to have surveillance everywhere. Using hard disks instead of videotape allows keeping a record of several month’s worth of time-lapse video.

Cameras also are much more sophisticated today than years ago. New circuits allow the camera to ignore bright, light-emitting objects within their fields of view. Miniaturization allows easier concealment, infra-red cameras allow surveillance in darkness. Video surveillance is portable as well. The old days of concealing a camcorder in a briefcase or duffel bag have given way to subminiature cameras concealed in neckties and other items. Decoy items (items containing the surveillance equipment) include baseball caps, belt buckles, briefcases, eyeglasses and wristwatches.

CCTV is very quickly becoming an internal part of crime control policy, social control theory and Community consciousness. It is promoted by police and politicians as primary solution for urban dysfunction.

They are now used in many areas, including roads, trains, railway platforms, car parks, loading docks, shopping centers, individual retail stores, banks, automatic teller machines, petrol stations, lifts, lobby areas, cash handling and storage areas and employee recreation rooms.

Within the aims of the contract, this study looks at its usage in five main industrial contexts: retail stores, financial services, manufacturing, warehousing and distribution, larger office buildings and leisure and entertainment complexes.

Video surveillance is used in these industries for several reasons:

to minimize the risk of theft, especially in the retail industry for purposes of deterring and detecting crime
protect premises from threats to property such as sabotage, arson and vandalism
to monitor individual employee work performance
to improve customer service by observing peak periods and planning the allocation of staff throughout the day
to assist in staff training
to enhance health and safety standards
to ensure that employees comply with legal obligations
to protect employers from liability claims
to monitor production processes.

Most surveillance systems are being installed to prevent theft, either by outsiders or employees, but, video surveillance systems often are used for a range of purposes beyond what was originally intended. Surveillance systems which are initially installed for the purpose of protecting property against an external security threat can be used for other purposes, such as to monitor employees’ productivity and work behavior.

The routine use of video surveillance has the potential to undermine employees’ sense of privacy and dignity in the workplace. Surveillance is associated with increased levels of stress, undermining morale and creating distrust and suspicion between employees and management. While it may be an effective instrument to protect an employer from external security threats, it is not appropriate as a means of monitoring individual employee performance.

Covert surveillance with a smaller number of hidden cameras may in fact be a much popular and at the same time cheaper option than a general security system.

Some of the justifications offered for covert video surveillance are:

employers have a right to protect their business interests
covert surveillance affect fewer employees than overt surveillance and is much cheaper
if employees are unaware of surveillance, there is less risk of individual disputation
covert surveillance is often the most effective means of detecting unlawful activity.

2. Audio Surveillance

Audio surveillance is no longer merely an arcane art practiced by spies and private detectives. Today, it’s common place and spreading. Tape recorders are a fact of life, and they’re often used to document a transaction. Trying to telephone some companies and some government agencies there is a recording sign says: “This transaction is being recorded to help us assure …”.

In some companies the real purpose of tape recording conversation is to check how may the handle an hour, and to have evidence in case the customer says something that can used against him.

In prisons, officials often use electronic equipment to record all telephone conversations. Some of these are between lawyer and client, but all they go onto tape. It depends on the ethics of the guards whether they listen or not.

They are “high tech voice recorders” that put every conversation on a CD disk. A model made for correctional use is the “Laser voice”, using optional disk voice recording.

“Tube mike” is an electric device for “bugging” a room, motor vehicle, or other premises. It is a plastic tube passed through a small hole in a wall to conduct sound from the room to a small microphone at the other end.

This could be characterized as “non- access surveillance”.

“Tube microphones” come in all sizes. Some are relatively large plastic tubes (about 1/2” in diameter), but for tight spaces or maximum concealment there are “needle microphones” pressed against a wall to hear sounds in the next room.

If there is access to a room, a bug could be planted almost anywhere, even in the subject’s clothing. “Radio mikes” transmit whatever they pick up to a nearby receiver eliminating the need for tell-tale wires. Their only drawback, if they’re totally self-contained, is battery life. Other models fit into wall plugs, and take their power from the house current

One type of portable radio mike is the size and shape of a credit card, with a range of several hundred feet and a 30-hour battery life. Placed into the beast pocket of the subjects jacket, it permits monitoring a conversation held outdoors. The value of this is that many people think its possible to overhear a conversation held on the street or in a park, and that walking will defeat any prospect of a bug planted nearby.

In the open market there are several models of “gimmicked telephones” that use in the built in microphone to pick up any conversation in the room even when the telephone is not in use.

All the types of audio surveillance with miscellaneous bugging devices described before, are used today mainly in police and internal security agencies (such as FBI, NSA etc) or in companies security departments.

Telephone tapping still exists, but with today’s Electronic Switching System (ESS) its no longer necessary to go out and physically tap a person’s telephone line.

3. Phone Tapping and Encryption

Whenever a telephone line is tapped the privacy of the persons at both ends of the line is invaded and all conversations between them upon any subject and although proper, confidential and privileged ma be overheard.

The phone tapping normally used for surveillance of communications to combat “serious crime” and to protect “national security”.

On the other hand often companies keep records of phone numbers calls and the duration of such calls. In some companies these records are used to gauge job performance, while in others it simply allows employees to review calls and reimburse the employer for calls of a purely personal nature.

4. Voice and Word Pattern Recognition

Since it is no possible for an Agency or organization to employ a staff large enough to listen to all telephone conversations, read all faxes, etc, word recognition has to be computerized.

In this case a central computer could monitor all (or a group) of telephone conversations and recognize those in which the agency had an interest by using voice patterns and key words.

A wide variety of techniques are used to perform speech recognition. Typically speech recognition starts with the digital sampling of speech. The next stage is acoustic signal processing. Most techniques include spectral analysis e.g. LPC (Linear Predictive Coding), MFCC (Mel Frequency Cepstral Coefficients) cochlea modeling and many more.

The next stage is recognition of phonemes, groups of phonemes and words. This stage can be achieved by many processes such as DTW (Dynamic Time Warping), HMM (Hidden Markov modeling), expert systems and combination of techniques.

Most systems utilize some knowledge of the language to aid the recognition process. Some systems try to “understand” speech. That is try to convert the words into a representation of what the speaker intended to mean or achieve by what they said.

Voice and pattern recognition used as an advanced tool and a helpful technique (thanks to the IT) for surveillance of communications to combat “serious crime” or to protect “national security”

5. Proximity Smart Cards

Originally, electronic cards were substitutes for keys, which were too easy to reproduce. A metal key blank and a file where all that were necessary to duplicate a key, but more sophisticated equipment is necessary to duplicate even the simplest sort of electronic card.

The first type of electronic card used barium ferrite as magnetic dots embedded in the magnetic layer. This was a significant advance over punched cards, that were relatively easy to duplicate.

In the early 1970s, magnetic stripe cards were produced (by IBM), which are still used in credit cards and are somewhat more secure. However, they’re still too easy to forge and should pass through a magnetic stripe reader.

In the early 1980s, the advent of Application Specific Integrated Circuit (ASIC) technology, resulted in what quickly become known as “smart card” which could hold a variety of codes and information to make misuse or duplication almost impossible. This was the first “proximity card”, which did not require direct contact through a card recorder.

The proximity card is basically a “transponder” an electronic device that replies to a radio signal that “interrogates” it. The extended range model doesn’t require even placing it near the card reader, as it transmits to a receiver several feet away.

Use of proximity smart card as Transport card / E-purse

Transportation companies use the proximity smart cards to replace metro, bus, train tickets and boarding cards, etc.
The proximity smart card results in considerable time saving by greatly increasing passenger flow without diminishing security
With the contact part of the card, the proximity smart card is perfectly suited to financial transactions involving small amounts of money: automatic vending cafeterias, local shops, parking fees, cinemas, recreation / amusement parks, cultural and sports centers etc.

Use of proximity smart card as Access control / ID card

The company Proximity smart card contains data used to identify cardholders, as well as his own different access rights. The contactless part of the card is used to access building and other protected areas.
The contact portion can be used for network access, such as the Internet. With the electronic purse function it can be used in the company restaurant, at automatic vending machines, just like a traditional multi-service card.

One application, although, extends the proximity card’s usefulness by turning it into a tracking device. Proximity readers installed along the walls of a building allow tracking each card within the facility. If somebody is carrying one of these cards within a building so equipped, the central computer can sense exactly where he (she is at all times). There is a record of which area the employee (or visitor) is in, when he leaves, and where else within the building he may go. If the employee goes to the cafeteria, the computer will log when he lefts his work station, how long it took him to get to the cafeteria, which root he took, how long he remained in the cafeteria, when he started back and by which route, and when he arrived back in his work area. Likewise if he went to the bathroom. The computer can record whether he/she went to the men’s room or the ladies’ room.

Many countries are actively considering adopting national ID cards for the variety of functions. These include the United States, United Kingdom and Canada.

There are ID cards (credit cards) used for digital cash service which is supposed to be “anonymous”. But, it appears that the bank and the merchants could find the identity of the users.

The customer is identified to the trader and ultimate to the bank by the 300 previous transactions. Each of these will soon be superseded by further transactions and drop off end of the list.

These can be monitored by the bank and could be used for marketing purposes. This is the audit trail and could be sold to business users for third party marketing.

6. Transmitter Location

When a telephone or mobile phone used, the location of the user could be identified. The science of location radio uses three methods of finding a transmitter. The oldest is triangulation, in which several receiving stations with directional antennas take bearing on a transmission and communicate the bearing to a central plotting room.

Technicians trace each bearing on a map of the area and the intersection of the bearing pinpoints the location of the transmitter.

The second method requires several receives as well, and works by measuring the relative strengths of signals received. A computer analyses the strengths and determines the location of the transmitter

The third method also requires a computer-controlled chain of receives and measures the minute differences in the time the signal arrives at each receiver.

Formerly classified, these techniques are now available on the civilian market for law enforcement and private security. One application is locating stolen cars by pinpointing radio transmitters installed in the vehicle for this purpose.

Location of cellular phones in another application. Police today are using (in some countries) this application to pinpoint the location of cellphone users. Purportedly, this is to speed emergency response when a citizen calls for help (at home or in the road). Once the equipment is in place, it can, and must, serve other purposes. Criminal investigators will be able to pinpoint a specific cellphone each time the caller uses it, this will help an investigation into a stolen cellphone, or help locate wanted persons unwise enough to use cellphone or mobile phone.

Another device, sold only to police, is the “cellphone ESN Reader”, which reads the numbers of the targeted cellphone. This detects and records the cellular phone number, called number and ESN of the target phone of a ranges of up to two miles.

Theoretically, the technology can locate every cellphone and every mobile phone in the country every time someone makes a call on it (for cellphones) or just open it (for mobile phones).

7. E-mail at workplace

Personal messages the employee sent over his company’s e-mail are not private. They are not, and court decisions have held that they’re not.

It is a safe assumption that companies will keep an increasingly watchful eye on their internal email, and scrutinize what employees are saying to each other. It is easy to see that some companies may find that scrutinising staff e-mail can have more than one advantage for a company management. Originally instigated to avoid liability, reading employee’s e-mail can also serve to alert management of dishonesty, disloyalty or even matters like union activity.

8. Electronic Databases

The computer age has brought surveillance into a new era in which information about almost anybody is available to almost anybody.

Databases from Human Identification

There are a lot of government databases containing information about almost every resident in United States and in many European Countries as well.

A variety of person identification techniques are available, which can assist in associating data with them. Important examples of these techniques are:

names (what the person is called by other people)
codes (what the person is called by the organization)
knowledge (what the person knows)
biometrics (what the person is, does, or looks like e.g. appearance, natural physiography, etc.)

Data bases for financial surveillance

Financial records are gathered privately by several giant companies that specialize in this sort of information. These “credit reporting bureaus” purportedly maintain credit records, but in fact keep far more than credit information in their databases.

Other databases for human identification

There exist specialized databases available mainly to private investigators. These call information from telephone directories, city directories, voter registration records and many other public and private records to provide a profile of the person being investigated.

9. The Internet

The Internet, which began as a Computer communication network between Universities and laboratories decades ago, has turned into a vast public forum accessible to anyone with a computer.

International organizations, Public authorities, Companies, Universities, Research centers and individuals have access and exploit the Internet.

On the other hand Internet became:

an entertainment tool
a huge Information source
an important marketing tool
a big virtual electronic market with a considerable number of economic transactions every second

IT technology at the same time, restricted the individuals’ right to privacy since they could be identified through their ID number or through their records or transactions.

The growing rift between the needs of Internet Commerce and the individual’s right to privacy gave rise to the development of new tools.

In January 1999 Intel announced its plans for the development of a microchip containing embedded electronic serial numbers that allow individual computers to be readily identified.

The identities, similar to the unique vehicle identification numbers on cars and trucks would be a caller ID technology for computer.

But critics see it is on an ominous development, ushering in a new period of electronic surveillance. Privacy experts fear the new Intel chip could mean the death of anonymity on the Internet.

But this would appear to really variously endanger privacy on the Internet by creating a permanent ID number for every Intel user on the Net.

3. THE USE OF SURVEILLANCE TECHNOLOGY SYSTEMS FOR THE TRANSMISSION AND COLLECTION OF ECONOMIC INFORMATION

As the Internet and other communication systems reach further into the everyday lives, national security, low enforcement and individual privacy have become perilously intertwined. Governments want to restrict the free flow of information and software producers are seeking ways to ensure consumers are not bugged from the moment of purchases.

All developing communication technologies, digital telephone switches cellular and satellite phones HAVE SURVEILLANCE CAPABILITIES. On the other hand the development of software that contains encryption, a telephone which allows people to scramble their communications and files to prevent others from reading them gourd earth [sic].

3.1 CALEA system

The first effort to heighten surveillance opportunities (made by USA) was to force telecommunication companies to use equipment desired to include enhanced wiretapping capabilities.

In the late 1980s in a program known internally as “Operation Root Canal” US low enforcement officials demanded that telephone companies alter their equipment to facilitate the interception of messages. The companies refused but, after several years of lobbying, Congress enacted the Communications Assistance for Law Enforcement ACT (CALEA) in 1994.

CALEA requires that terrestrial cellular phone services and other entities ensure that all their equipment, facilities or services are capable of expeditiously, enabling the government to intercept all wire and oral communications varied by the carrier concurrently with their transmission.

Communications must be interceptable in such a form that they could be transmitted to a remote government facility. Manufactures must work with industry and low enforcement officials to ensure that their equipment meets federal standards.

The passage of CALEA has been controversial, but its provisions have yet to be enforced due to FBI efforts to include even more rigorous regulations under the law. These include: the requirement, the cell phones allow for location – tracking on demand and that telephone companies provide capacity for up to 50.000 simultaneous wiretaps.

CALEA finally has been accepted as an International standard in US. In 1991 the FBI contacted EU member states in order to propose to them do incorporate CALEA into European Law. This plan according to an EU report, was to call for the Western World (EU, US and allies) to agree to norms and procedures and then sell their products to Third World countries. There is a council resolution that was adopted on 17 January 1997 on the lawful interception of communications (961C329/a). The US government is now in negotiations with the International Telecommunications Unit (ITU) to adopt the standards globally.

3.2 ECHELON Connection

The previous STOA Interim Study (PE 166.499) entitled “An Appraisal of technologies of political control” made certain statements concerning the ECHELON global surveillance system. This is reported to be a world-wide surveillance system designed and coordinated by the US NSA (National Security Agency) that intercepts e-mail, fax, telex and international telephone communications carried via satellites and has been operating since the early 1980s – it is part of the post Cold War developments based on the UK-USA agreement signed between the UK, USA, Canada, Australia and New Zealand in 1948.

The five agencies said to be involved are: the US National Security Agency (NSA), the Government Communications Security Bureau (GCSB) in New Zealand, Government Communications Headquarters Signals Directorate (DSD) in Australia. The system was brought to light by the author Nicky Hager in his 1996 book Secret Power: New Zealand’s role in the International Spy Network. For this, he interviewed more than 50 people who work or have worked in intelligence who are concerned at the uses of ECHELON. It is said that “The ECHELON system is not designed to eavesdrop on a particular individual’s e-mail or fax link. Rather, the system works by indiscriminately intercepting very large quantities of communications and using computers to identify and extract messages from the mass of unwanted ones”.

According to Interim Study (PE 166.499) of 1998, there are reported to be three components to ECHELON:
1. The monitoring of Intelsats, international telecommunications satellites used by phone companies In most countries. A key ECHELON station is at Morwenstow in Cornwall monitoring Europe, the Atlantic and the Indian Ocean.

2. ECHELON interception of non-Intelsat regional communication satellites. Key monitoring stations are Menwith Hill in Yorkshire and Bad Aibling in Germany.

3. The final element of the ECHELON system is the surveillance of land-based or under-sea systems, which use cables or microwave tower networks.

At present it is thought ECHELON’s effort is primarily directed at the “written form” (e-mails, fixes, and telexes) but new satellite telephones system which take over from old land-based ones will be as vulnerable as the “written word”.

Each of the five centres supply to the other four “Dictionaries” of keywords, phrases, people and places to ‘stag” and tagged intercept is forwarded straight to the requesting country.

It is the interface of the ECHELON system and its potential development on phone calls combined with the standardisation of”tappable” telecommunications centres and equipment being sponsored by the EU and the USA which presents a truly global threat over which there are no legal or democratic controls.

The earlier study (PE 166.499) identified a number of options for the European Union, centred round the proposition that:
“All surveillance technologies, operations and practices should be subject to procedures to ensure democratic accountability and there should be proper codes of practice to ensure redress if malpractice or abuse takes place. Explicit criteria should be agreed for deciding who should be targeted for surveillance and who should not, how such data is stored, processed and shared. Such criteria and associated codes of practice should be made publicly available.”

Other points included:
– All requisite codes of practice should ensure that new surveillance technologies are brought within the appropriate data protection legislation.

– Given that data from most digital monitoring systems can be seamlessly edited, new guidance should be provided on what constitutes admissible evidence. This concern is particularly relevant to automatic identification systems which will need to take cognizance of the provisions of Article 15, of the 1995 European Directive on the Protection of Individuals and Processing of Personal Data.

– Regulations should be developed covering the provision of electronic bugging and tapping devices to private citizens and companies, so that their sale is governed by legal permission rather than self regulation.

– Use of telephone interception by Member states should be subject to procedures of public accountability referred to in (1) above. Before any telephone interception takes place a warrant should be obtained in a manna prescribed by the relevant parliament. In most cases, law enforcement agencies will not be permitted to self-authorise interception except in the most unusual of circumstances which should be reported back to the authorising authority at the earliest opportunity.

– Annual statistics on interception should be reported to each member states’ parliament. These statistics should provide comprehensive details of the actual number of communication devices intercepted and data should be not be aggregated. (This is to avoid the statistics only identifying the number of warrants, issued whereas organisations under surveillance may have many hundreds of members, all of whose phones may be subject to interception).

– Technologies facilitating the automatic profiling and pattern analysis of telephone calls to establish friendship and contact networks should be subject to the same legal requirements as those for telephone interception and reported to the relevant member state parliament.

– The European Parliament should reject proposals from the United States for making private messages via the global communications network (Internet) accessible to US Intelligence Agencies. Nor should the Parliament agree to new expensive encryption controls without a wide ranging debate within the EU on the implications of such measures. These encompass the civil and human rights of European citizens and the commercial rights of companies to operate within the law, without unwarranted surveillance by intelligence agencies operating in conjunction with multinational competitors.

3. Inhabitant identification Schemes

Inhabitant identification schemes are schemes, which provide all, or most people in the country with a unique code and a token (generally a card) containing the code.

Such schemes are used in many European Countries for a defined set of purposes, typically the administration of taxation, natural superannuation and health insurance. In some countries, they are used for multiple additional purposes.

4. THE NATURE OF ECONOMIC INFORMATION SELECTED BY SURVEILLANCE TECHNOLOGY SYSTEMS

A. From telecommunication systems

Concerning public authorities and organizations:

secret telephone conversations, fax messages and electronic mail
sensitive information concerning taxation
information concerning various fund transfers especially from one service to the other and financial transactions
data used in the critical banking infrastructure systems

Concerning business:

private business communication, including telephone conversations, fax messages and electronic mail
order from fund transfers and other financial transactions (e.g. payments by credit cards by fax)
sensitive business information and trade secrets

Concerning individuals:

private conversations, fax messages, e-mail
payments by credit cards
secret information concerning taxation

B. From new information technologies (Internet)

Concerning public authorities and organizations:

sensitive information and state secrets
tele-banking
tax records and other financial information
data used in the operation of critical infrastructure systems
public contracts received by electronic mail

Concerning business:

contracts
invoices and other official documents
secret electronic transactions
risk of international property and license in secret transactions
payment orders by credit cards
payments received on-line

Concerning consumers and individuals:

payment by credit cards
payment on-line
contracts and agreements
electronic financial transactions (e.g. tele-banking).

C. Some examples of data collection on tSe Internet

Data can be collected over the Internet either directly or indirectly; in other words, it can be collected either at the time of contact with a correspondent or without the knowledge of the person concerned, often automatically. The nature of the data collected varies according to the protocol used on the network i.e. according to the type of service. In practice, different protocols are very often used in combination to augment the profitability or quality of exchanges. For example, a Web page may propose an exchange of correspondence or a transfer of documents via links with the e-mail protocol and the protocol used for transferring files, which is more powerful.

When electronic messaging is used (Simple Mail Transfer Protocol — SMTP, and Network News Transfer Protocol — NNTP), communication is established from one personal mailbox to another, or between a personal mailbox and a mailbox common to a number of correspondents. The information transmitted consists of the name and e-mail address, the server address and the signature file (sig.file) if created by the user of the machine. If a communication is addressed to a joint mailbox, this information is given out to an indeterminate number of correspondents, participation in a discussion group being theoretically free. As a result, any person listed on a distribution list can at the very least obtain the e-mail addresses of all other listed parties, since this information is provided automatically for purposes of communication on a given topic.

While most downloading (File Transfer Protocol — FTP) is done anonymously, with only the network’s Internet Protocol — IP — address being revealed, the same cannot be said for document presentation (World Wide Web — WWW, Hyper Text Transfer Protocol — HTTP). The minimum information revealed at each step in the Web is the name of the network machine making the request and the type of browser being used. Browsers contain an identification — ID — file which, is configured by the user or at the user’s request, stores various personal data such as the user’s name or e-mail address. If a Web server requests this information, it can be automatically given out.

A Web server can also send out information, which is stored by the user’s navigator (so-called ‘cookies’) and retrieved at a subsequent connection to the server. This system indicates that a visitor has been there before, but without revealing his identity: identification requires matching with other information. As a result, when linked to the ID file incorporated into the browser and transmitted to a server, the information recorded in cookies c-an yield valuable user profiles. It can be noted, however, that some navigations — to a varying and often inadequate extent — allow use of these cookies to be blocked.

5. PROTECTION FROM ELECTRONIC SURVEILLANCE

A. Encryption (Cryptography)

Finally, new information technologies include the privacy of individuals, the security of data in the computer or on the network, and the availability of encryption software to protect data in the event they are intercepted. In this context, privacy refers to controlling the dissemination and use of data, including information that are unintentionally revealed as a by-product of the use of the information technologies themselves.

Security refers to the integrity of the data storage, processing, and transmitting systems and includes concerns about the reliability of the hardware and software, the protections against intrusion into the theft of the computer equipment, and the resistance of computer systems to infiltration by unpermitted users, that is, “hacking”. Encryption is the practice of encoding data so that even if a computer or network is compromised, the data’s content will remain secret. Security and encryption issues are important because they are central to public confidence in networks and to the use of the systems for the sensitive or secret data, such as the processing of information touching on national security. These issues are surpassingly controversial because of governments’ interest in preventing digital information from being impervious to official interception and decoding for low enforcement and other purposes.

Private sector initiatives

A large number of private sector interests, in the United States in particular, are attempting, a view to fostering electronic commerce, to promote technological solutions that will provide a a1 practical response to consumers concerns while still preserving business interests. In other words, they are starting to explore ways and means of making privacy work in communication networks. These initiatives go in the right direction and it would be worthwhile for governments to engage in a dialogue on the basis.

As an example, Netscape joined by Microsoft, is leading an industry initiative (40 companies) to cope with privacy issues and proposes standard software intended to enable computer users to control what personal information is obtained when they visit Internet sites and how the information is used, as well as avoid unwanted e-mail. The proposal, called the OPS — Open Profiling Standard –, which has been submitted to the World Wide Web Consortium — W3C, provides the users with a way to pre-package the personal registration information Web sites may require. At the same time, OPS lets users control when and how much of their personal profiles can be passed to a third party. OPS would have users fill out profiles and preference information in a standard that could be identified by a digital certificate (that would give a guarantee from a trusted third party that the person is really who they say they are). The standardized format and brand names associated with the profile forms would be incorporated, in the case of Netscape, into the Communicator browser. According to some specialists, OPS is an addition to rather than replacement for the intrusive cookie method of tracking user information.

Another project is the new W3C Platform for Privacy Preferences (P3) Project developed by the W3C. The P3 Project is a platform on which other technological, market and regulatory solutions can interoperate and build. The P3 prototype allows Web sites to easily describe their privacy practices as well as users to set policies about the collection and use of their personal data. A flexible ‘negotiation’ between the Web site’s practices and the user’s preferences allows service to offer the preferred level of service and data protection to the user. If there is a match, access to the site is seamless; otherwise the user is notified of the difference and is offered other access options to proceed. With P3, users can download ‘recommended’ settings established by organizations such as industry associations and consumer advocacy groups. According to some privacy specialists, P3 requires users to disclose privacy preferences when good privacy policies should provide meaningful information for users about Web site practices and not require users to disclose personal information.

Techniques to provide users with more information about privacy practices are also being developed. For instance, a number of companies and service operators have a privacy Icon which appears either when the user enters a site, or when the user starts to provide information. The Icon can either lead by hyper-link to a sophisticated service providing details of the company’s (service operator) data protection policies and a tick box(es) allowing the user to opt out of having his/her data used foe specific purposes, or the icon can lead to page referring the user, for example, to an address from which further details are available.

Another example is the development of services and branding techniques, which intend to provide, dear meaningful designations for privacy practices such as TRUSTe, formerly eTRUST.

The TRUSTe program will focus on addressing privacy issues concerning data collection on the Internet. With an emphasis on analysing consumer fears surrounding electronic commerce, the program will utilise Web site icons (trustmarks) to alert online consumers to the uses of their personal information.

To further consumer privacy the TRUSTe program will utilise a standardised method of informed consent. A branded system of ‘trustmarks’ or logos, representing the Web site’s information privacy policy for users’ personal information, will alert consumers to how the information they reveal online will be used.

The three trustmarks will be:

No Exchange – no personally identifiable information is used by the site.
One-to-one Exchange is collected only for the site owner’s use.
Third Party Exchange – data is collected and provided to specified third parties but only with the user’s knowledge and consent.

The TRUSTe initiative was launched in July 1996 by the Electronic Frontier Foundation (EFF) and a group of pioneering Internet companies. CommerceNet and the EFF then partnered in October 1996 to move forward in implementing the initiative.

TRUSTe is a global, non-profit initiative to establish trust and confidence in electronic communication by creating an infrastructure to address online privacy issues. Comprised of premier members from the electronic commerce industry, the program assures consumer privacy through a progressive policy of informed consent utilising a branded system of ‘trustmarks’, which represent a company’s online information privacy policy.

Finally, systems for implementing on-line E-mail Preference Services (EPS) or ‘E-mail Robinson Lists’ are also under consideration (EPS allow consumers who do not wish to receive e-mails to be excluded from lists, the common database used to register opt out demands being then used to clean marketing lists). As an example, a software package is being developed in the USA which would allow consumers to register on-line; would be secure from intruders, and yet user-friendly for industry to clean their E-mail marketing lists; and which could be serviced easily by the operator (the Direct Marketing Association (DMA-US)). A similar system will be developed in the United Kingdom, and it is planned that these two countries would then spearhead a Global Convention on EPS inviting other DMSs to join. Another proposal, which has yet to be fully considered by industry, comes from the UK data protection Registrar, which has suggested a mechanism enabling the consumers to indicate if they do not wish to be contacted be e-mail in their e-mail address. A universally agreed character (a marker) would indicate that the user does not want to receive any marketing solicitations. The user would also be free to make different choices: i.e. to use the marker when visiting one site and not to use it when visiting another. This system should be combined with others, such as the proposed E-mail Preference Service.

B. Key-recovery

Cryptography is a complex area, with scientific, technical, political, social, business, and economic dimensions.

For the purpose of this report, ‘key recovery’ systems are characterized by the presence of some mechanism for obtaining exceptional access to the plain text of encrypted traffic. Key recovery might serve a wide spectrum of access requirements, from a backup mechanism that ensures a business’ continued access to its own encrypted archive in the event keys are lost, to providing covert law enforcement access to wiretapped encrypted telephone conversations. Many of the costs, risks, and complexities inherent in the design, implementation, and operation of key recovery systems depend on the access requirements around which the system is designed.

We focus specifically on key recovery systems designed to meet government access specifications. These specifications diverge in important ways from the needs of commercial or individual encryption users:

Access without end-user knowledge or consent — Few commercial users need (or want) covert mechanisms to recover keys or plain text data they protect. On the contrary, business access rules are usually well known, and audit is a very important safeguard against fraud and error. Government specifications require mechanisms that circumvent this important security practice.

Ubiquitous adoption — Government seeks the use of key recovery for all encryption, regardless of whether there is benefit to the end-user or whether it makes sense in context. In fact, there is little or no demand for key recovery for many applications and users. For example, the commercial demand for recovery of encrypted communications is extremely limited, and the design and analysis of key recovery for certain kinds of communications protocols is especially difficult.

Fast paths to plain text — Law enforcement demands fast (near real-time), 24-hour-a-day, 365-day-a-year access to plain text, making it impossible to employ the full range of safeguards that could ameliorate some of the risks inherent in commercial key recovery systems.

Encryption and the global information infrastructure

The Global Information Infrastructure promises to revolutionize electronic commerce, reinvigorate government, and provide new and open access to the information society. Yet this promise cannot be achieved without information security and privacy. Without a secure and trusted infrastructure, companies and individuals will become increasingly reluctant to move their private business or personal information online.

The need for information security is widespread and touches all of us, whether users of information technology or not. Sensitive information of all kinds is increasingly finding its way into electronic form. Examples include:

Private personal and business communications, including telephone conversations, fax messages, and electronic mail;
Electronic funds and other financial transactions;
Sensitive business information and trade secrets;
Data used in the operation of critical infrastructure systems such as air traffic control, the telephone network or the power grid; and
Health records, personnel files, and other personal information.

Electronically managed information touches almost every aspect of daily life in modern society. This rising tide of important yet unsecured electronic data leaves our society increasingly vulnerable to curious neighbors, industrial spies, rogue nations, organized crime, and terrorist organizations.

Paradoxically, although the technology for managing and communicating electronic information is improving at a remarkable rate, this progress generally comes at the expense of intrinsic security. In general, as information technology improves and becomes faster, cheaper, and easier to use, it becomes less possible to control (or even identify) where sensitive data flows, where documents originated, or who is at the other end of the telephone. The basic communication infrastructure of our techniques more and more frequently will become the only visible approach to assuring the privacy and safety of sensitive information as these trends continue.

Encryption is an essential tool in providing security in the information age. Encryption is based on the use of mathematical procedures to scramble data so that it is extremely difficult — if not virtually impossible — for anyone other than authorized recipients to recover the original ‘plain text’. Properly implemented encryption allows sensitive information to be stored on insecure computers or transmitted across insecure networks. Only parties with the correct decryption ‘key’ (or keys) are able to recover the plain text information.

Highly secure encryption can be deployed relatively cheaply, and it is widely believed that encryption will be broad}y adopted and embedded in most electronic and communications products and applications for handling potentially valuable data. Applications of cryptography include protecting files from theft or unauthorized access, securing communications from interception, and enabling secure business transactions. Other cryptographic techniques can be used to guarantee that the contents of a file or message have not been altered (integrity), to establish the identity of a party (authentication), or to make legal commitments (non-repudiation).

In making information secure from unwanted eavesdropping, interception, and theft, strong encryption has an ancillary effect: it becomes more difficult for law enforcement to conduct certain kinds of surreptitious electronic surveillance (particularly wiretapping) against suspected criminals without the knowledge and assistance of the target. This difficulty is at the core of the debate over key recovery.

Key-Recovery: Requirements and proposals

The United States and other national governments have sought to prevent widespread use of cryptography unless ‘key recovery’ mechanisms guaranteeing law enforcement access to plain text are built into these systems. The requirements imposed by such government-driven key recovery systems are different from the features sought by encryption users, and ultimately impose substantial new risks and costs.

Key recovery encryption systems provide some form of access to plain text outside of the normal channel of encryption and decryption. Key recovery is sometimes also called ‘key escrow’. The term ‘escrow’ became popular in connection with the U.S. government’s Clipper Chip initiative, in which a master key to each encryption device was held ‘in escrow’ for release to law enforcement. Today the term ‘key recovery’ is used as generic term for these systems, encompassing the various ‘key escrow’, ‘trusted third party’, ‘exceptional access’, ‘data recovery’, and ‘key recovery’ encryption systems introduced in recent years. Although there are differences between these systems, the distinctions are not critical for our purposes. In this report, the general term ‘key recovery’ is used in a broad sense, to refer to any system for assuring third-party (government) access to encrypted data.

Key recovery encryption systems work in a variety of ways. Early ‘key escrow’ proposals relied on the storage of private keys by the U. S. government, and more recently by designated private entities .

Other systems have ‘escrow agents’ or ‘key recovery agents’ that maintain the ability to recover the keys for a particular encrypted communication session or stored file; these systems require that such ‘session keys’ be encrypted with the key known by a recovery agent and included with the data. Some systems split the ability to recover keys among several agents.

Many interested parties have sought to draw sharp distinctions among the various key recovery proposals. It is certainly true that several new key recovery systems have emerged that they can be distinguished from the original ‘Clipper’ proposal by their methods of storing and recovering keys. However, our discussion takes a higher-level view of the basic requirements of the problem rather than the details of any particular scheme; it does not require a distinction between ‘key escrow’, ‘trusted third-party’, and ‘key recovery’. All these systems share the essential elements that concern us for the purposes of this study:

A mechanism, external to the primary means of encryption and decryption, by which a third party can obtain covert access to the plain text of encrypted data.
The existence of a highly sensitive secret key (or collection of keys) that must be secured for an extended period of time.

Taken together, these elements encompass a system of ‘ubiquitous key recovery’ designed to meet law enforcement specifications. While some specific details may change, the basic requirements most likely will not: they are the essential requirements for any system that meets the stated objective of guaranteeing law enforcement agencies timely access, without user notice, to the plain text of encrypted communications traffic.

6. SURVEILLANCE TECHNOLOGY SYSTEMS IN LEGAL AND REGULATORY CONTEXT

As a conclusion from this present Interim Study is the principle that WE HAVE TO CONSIDER PRIVACY PROTECTION IN THE CONTEXT OF A GLOBAL NETWORKED SOCIETY. And when we speak about electronic privacy in the exchange of economic information, we are speaking about one single thing above all others: Electronic Commerce over the Internet.

A. Privacy regulation

Multinational data protection measures

Enactment of data protection laws by individual European nations has been paralleled and, in some cases anticipated, by multinational actions. In 1980 the Committee of Ministers of the Organization for Economic Cooperation and Development (OECD) issued Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (guidelines). The guidelines outline basic principles for both data protection and the free flow of information among countries that have laws conforming with the protection principles. The guidelines, however, have no blinding force and permit broad variation in national implementation.

One year after the OECD issued its guidelines, the Council of Europe promulgated a convention, For the Protection of Individuals with Regard to Automatic Processing of Personal Data. The convention, which took effect in 1985, is similar to the guidelines, although it focuses more on the importance of data protection to protect personal privacy. The convention specifies that data must be obtained and processed fairly; used and stored only for legal purposes; adequate, relevant, and not excessive in relation to the purpose for which they are processed; accurate and up-to-date; and stored no longer than necessary. The document gives individuals the right to inquire about the existence of data files concerning them; obtain a copy of that data; and have false or improperly processed data corrected or erased.

The convention requires each of the member countries (now twenty-six) to enact conforming national laws. By 1992, however, when debate over the more detailed European Union data protection directive, discussed below, overtook the convention, only ten countries — Austria, Denmark France, Germany, Ireland, Luxembourg, Norway, Spain Sweden and the United Kingdom — had ratified the convention, while eight — Belgium, Cyprus, Greece, Island, Italy, Netherlands, Portugal and Turkey — had signed without ratification. The Council of Europe subsequently urged all European Union member states to ratify and implement the convention when it endorsed the European Commission’s proposal for a data protection directive. By 1997, all of the fifteen EU member states (except Greece, which is currently considering a privacy bill) and Switzerland have national legislation consistent with the convention.

Nevertheless, the resulting protection for personal privacy is far from uniform, for at least three reasons. First, some of the national data protection legislation existed before the adoption of the convention. Second, the convention was not self-executing and therefore permitted each country to implement its national laws conforming to the government’s terms in very different ways. Finally, the convention did not include definitions for important terms, such as what constitutes an ‘adequate’ level of data protection; as result, member countries were left free to adopt their own, inconsistent definitions in their national legislation.

Data protection directive in Europe

Although, legal protection for a ‘right of privacy’ originated in the United States, Europe was the site of the first privacy legislation and has been the source of most comprehensive privacy regulation.

Europe is the site of the first privacy legislation, the earliest national privacy statute, and now the most comprehensive protection for information privacy in the world. That protection reflects on apparent consensus within Europe that privacy is a fundamental human right which few in any other rights equal. In the context of European history and civil law culture, that consensus makes possible extensive, detailed regulation of virtually all activities concerning ‘any information relating to an identified or identifiable natural person’. It is difficult to imagine a regulatory regime offering any greater protection to information privacy, or greater contrast to U.S. law.

As a result of the variation and uneven application among national laws permitted by both the guidelines and the convention, in July 1990 the commission of the then-European Community (EC) published a draft Council Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on Free Movement of Such Data The draft directive was part of the ambitious program by the countries of the European Union to create not merely the ‘common market’ and ‘economic and monetary union’ contemplated by the Treaty of Rome, but also the potential union embodied in the Treaty on European Union signed in 1992 in Maastricht.

The shift from economic to broad-based political union brought with it new attention to the protection of information privacy. On March 1 1, 1992, the European Parliament amended the commission’s proposal to eliminate the distinction in the 1990 draft between public and private sector data protection and then overwhelmingly approved the draft directive. On October 15, 1992, the commission issued its amended proposal; on February 20, 1995, the Council of Ministers adopted a Common Position with a View to Adopting Directive 95/46/EC of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data. The directive was formally approved on October 24, 1995, and took effect three years later.

Privacy regulation in the United States

The protection for the information privacy in the United States is disjoined, inconsistent, and limited by conflicting interests. There is no explicit constitutional guarantee of a right to privacy in the United States. Although the Supreme Court has fashioned a variety of rights out of the Bill of Rights and the Fourteenth Amendment, ‘information privacy’ has received little protection, primarily based on the Fourth and Fourteenth Amendments. In the Fourth Amendment arena, the Court has found constitutional violations when the police have searched for or seized records without a warrant or meeting one of the exceptions to the warrant requirement. The Court, however, has written that the Fourth Amendment privacy right has little application outside of the context of the investigation and prosecution of criminal activity. Moreover, this protection against such searches does not extend to information controlled by a third person. Under the Fourteenth Amendment, the Court has recognized a constitutional right restricting the government from compelling individuals to disclose certain personal information. This right protects only the interest of an individual in not disclosing certain information, and that right is evaluated under intermediate scrutiny, as opposed to the strict scrutiny required when fundamental rights are at stake

As with all constitutional rights, these apply only against the government, not private actors. The requirement for state action and the ‘negative’ nature of constitutional rights require only that the government refrain from taking actions that impermissibly invaded individuals’ information privacy rights, not that the government take steps to affirmatively protect those rights. The Constitution also requires, however, that the government avoid actions that infringe other rights enumerated therein, such as the protection for expression in the Fifth Amendment, the government cannot take private property, whether by physical occupation or extensive regulation, without according due process and paying just compensation to the owner.

Outside of the constitutional arena, protection for information privacy relies on hundreds of federal and state laws and regulations, each of which applies only to a specific category of information user (such as the government or retailers of videotapes), context (applying for credit or subscribing to cable television), type of information (criminal records or financial information), or use for that information (computer matching or impermissible discrimination). PrivacY laws in 49 the United States most often prohibit certain disclosures, rather than collection, use, or storage, of personal information. When those protections extend to the use of personal information, it is often as a by-product of legislative commitment to another goal, such as eliminating discrimination. And the role provided for the government in most U. S. privacy laws is often limited to providing a judicial form for resolving disputes.

Passage of the privacy provisions in the Cable Communications Policy Act, and recent passage of the Consumer Credit Reporting Reform Act and the CPNI provision of the Telecommunications Act, demonstrate that Congress can enact serious privacy protection, even if limited to narrow sectoral environments. The later two acts and the expanding debate in Washington over the privacy evince the growing attention to the development of laws and regulations to protect privacy.

However, as the limits and exceptions within existing privacy laws indicate, privacy protection in the United States is fundamentally in tension with other cherished values. The legal regulation of privacy is significantly influenced by the importance placed by society on the prevention of crime and prosecution of criminals, free expression and an investigatory press, the acquisition and use of property, and a limited role for government involvement in daily life. A comparison of the legal regimes of the EU and the United States suggests that the Europe privacy is more valued and less in conflict with other widely shared values.

B. Protection of Privacy in the telecommunications sector

Directive 97/66/EC of the European Parliament and the Council of the 15 December 1997 concerns the processing of personal data and the protection of privacy in the telecommunications sector.

This directive provides for the harmonisation of the provisions of the member states required to ensure an equivalent level of protection of fundamental rights and freedom, and in particular the right to privacy, with respect to the processing of personal data in the telecommunications sector and to ensure the free movement of such data and telecommunications equipment and services in the Community.

The provision of this directive particularises and complements the directive 95/46/EC for the purpose mentioned above. Moreover they provide for protection and legitimate interests of subscribers who are legal persons.

This directive shall not apply to the activities which fall outside the scope of Community law, such as those provided for by titles V and VI of the treaty on European Union, and in any case to activities concerning public security, defence, state security (including the economic well being of the state when the activities relate to state security matters) and the activities of the state in areas of criminal law.

C. Cryptography

Cryptography policy in USA

It is part of the strategy to ensure that police and intelligence agencies could understand every communication they intercepted.

They attempted to impede the development of cryptography and other security measures, fearing that these technologies would reduce their ability to monitor the emissions of foreign governments and to investigate crime.

A survey by the Global Internet Liberty Campaign (GILC) found that most countries either rejected domestic controls or not addressed the issue at all. The GILC found that many countries, large and small, industrialised and developing, seem to be ambivalent about the need to control encryption technology.

The FBI and the National Security Agency (NSA) have instigated efforts to restrict the availability of encryption world-wide, in the early 1970s, the NSA’s pretext was that encryption technology was ‘born classified’ and, therefore, it dissemination fell into the same category as the diffusion of A-bomb materials. The debate went underground until 1993 when the US launched the Clipper Chip, an encryption device designed for inclusion in consumer products. The Clipper Chip offered the required privacy, but the government would remain a ‘pass- key’ — anything encrypted with the chip could be read by government agencies.

Behind the scenes, law enforcement and intelligence agencies were pushing hard for a ban on other forms of encryption. In a February 1993 document, obtained by the Electronic Privacy Information Centre (EPIC), recommended ‘Technical solutions, such as they are, will only work if they are incorporated into all encryption products. To ensure that this occurs, legislation mandating the use of government-approved encryption products, or adherence to government encryption criteria’. The Clipper Chip was widely criticised by industry, public interest groups, scientific societies and the public and, though it was officially adopted, only a few were ever sold or used.

From 1994 onwards, USA began to woo private companies to develop an encryption system that would provide access to keys by government agencies. Under the proposals — variously known as ‘key recovery’ or ‘trusted third parties’ — the key would be held by a corporation, not a government agency, and would be designed by the private sector, not the NSA. The systems, however, still entitled the assumption of guaranteed access to the intelligence community and so proved as controversial used export incentives to encourage companies to adopt key escrow products: they could export stronger encryptions but only if they ensured that intelligence agencies had access to the keys.

Under US law, computer software and hardware cannot be exported if it contains encryption that the NSA cannot break. The regulations stymie the availability of encryption in the USA because companies are reluctant to develop two separate product lines – one, with strong encryption, for domestic use and another, with weak encryption, for the international market. Several cases are pending in the US courts on the constitutionality of export controls; a federal court recently ruled that they violate free speech rights under the First Amendment.

The FBI has not let up on efforts to ban products on which it cannot eavesdrop. In mid-1997, it introduced legislation to mandate that key-recovery systems be built into all computer systems. Several congressional committees adopted the amendment but the Senate preferred a weaker variant. A concerted campaign by computer, telephone and privacy groups finally stopped the proposal; it now appears that no legislation will be enacted in the current Congress.

Cryptography policy guidelines from OECD

The organisation for Economic Co-operation and Development in 1997 issued a report on cryptography policy entitled: CRYPTOGRAPHY POLICY: THE GUIDELINES AND THE ISSUES (OCOE / GD (97) 204). The basic principles (each of which addresses an important policy concern) are independent and should be considered as a whole so as to balance the various interests. The principles are:

Trust in cryptographic methods: Users should be trustworthy in order to generate confidence in the use of information and commercial data.
Choice of Cryptographic methods: Users should have a right to choose any cryptographic method, subject to applicable law.
Market driven development of cryptographic methods: Cryptographic methods should be developed in response to the needs, demands and responsibilities of individuals, business and governments.
Standards for cryptographic methods: Technical standards, criteria and protocols for cryptographic methods should be developed and promulgated at the national and international law.
Protection of privacy and Personal data: the fundamental rights of individuals, to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptographic methods.
Lawful access: National cryptography policies may allow lawful access to plain text, or cryptographic keys, of encrypted data. These policies must respect the other principles contained in the guidelines to the greatest extent possible.
Liability: whether established by contract on legislation, the liability of individuals and entities that offer cryptographic services or hold or access cryptographic keys should be clearly stated.
International co-operation: Governments should cooperate to coordinate cryptography policies. As part of this effort, governments should remove, or avoid creating in the name of cryptography policy, unjustified obstacles to trade.

Given the role of cryptography in the information and communications infrastructure and in developing electronic commerce, cryptography policy has the broader perspective to overlap with economic, legal and political aspects of a number of information systems, protection of privacy and personal data and intellectual property protection.

E.U. cryptography policy

Led by the Germany and the Scandinavians, the EU has been generally distrustful of key escrow technology. In October 1997, the European Commission released a report entitled: ‘Towards a European Framework of Digital Signatures and Encryption’, ensuring security and trust in electronic communications (COM (97)503 final) which advised: ‘Restricting the use of encryption could well prevent law-abiding companies and citizens from protecting themselves against criminal attacks. It would not, however, totally prevent criminals from using these technologies’. The report noted that ‘privacy considerations suggest limit the use of cryptography as a means to ensure data security and confidentiality’.

Some European countries have or are contemplating independent restrictions. France had a longstanding ban on the use of any cryptography to which the government does not have access. However, a 1996 law, modifying the existing system, allows a system of tiers du confidence, although it has not been implemented because of EU opposition. In 1997, the Conservative government in the UK introduced a proposal creating a system of trusted third parties. It was severely criticised at the time and by the new Labour government, which has not yet acted upon its predecessor’s recommendations.

0 The debate over encryption and the conflicting demands of security and privacy are bound to continue. The commercial future of the Internet depends on a universally-accepted and foolproof method of on-line identifications; as of now, the only means of providing it is through strong encryption. This put the US government and some of the world’s largest corporations, notably Microsoft, on a collision course.

Other national and international activities related to cryptography policy

Cryptographic products and technologies have historically been subject to export controls. The current basis for export controls in the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (agreed on 13 July 1996), which includes cryptography products on its control lists for export. The Agreement is implemented in national regulations. Regulation [(EC) 3381/94] and Decision [94/942/PESC] of the Council of the European Union of 19 December 1994 on the control of the export of dual-use goods are also applicable to the export of cryptographic products.

The Council of Europe has developed considerable resources to studying the subject of computer-related crime, issuing the Recommendation [R(95)13] of the Council of Europe of 11 September 1995 concerning problems of criminal procedural law connected with information technology, and is considering suggesting an international convention to address the issue. Such a convention could address matters such as exchange of information among government agencies in case involving the use of cryptography.

At the G7 Summit meeting on anti-terrorism in July 1996, G7 governments announced that consultations would be accelerated, ‘in appropriate bilateral or multilateral for a, on the use of encryption that allows, when necessary, lawful government access to data and communication in order, inter alia, to prevent or investigate acts of terrorism, while protecting the privacy of legitimate communications’.

In May 1996 the US National Research Council’s Computer Science and Telecommunications Board published the report ‘Cryptography’s Role in Securing the Information Society’. This interagency study assesses the effect of cryptographic technologies on US national security, law enforcement, commercial and privacy interests, and reviews the impact of export controls on cryptographic technologies. This authoritative report provides a comprehensive review of the cryptography policy issues faced by the US Government.

C. Key recovery

As of mid-1998 a wide range of government, industry, and academic efforts toward specifying, prototyping, and standardising key recovery system that meet government specifications have been implemented. Some of industry’s efforts were stimulated by U.S. government policies that offer more favorable export treatment to companies that commit to designing key recovery features into the future products, and by U.K. government moves to link the licensing of certification authorities to the use of key recovery software.

Yet despite these incentives, and the intense interest and effort by research and development teams, neither industry nor government has yet produced a key recovery architecture that universally satisfies both the demands of government and the security and cost requirements of encryption users.

The commercial key recovery products in existence today do not reconcile the conflict between commercial requirements and government specifications. In the absence of government pressure, commercial key recovery features are by their nature of interest primarily to business operations willing to pay a significant premium to ensure continued access to stored data maintained only in applications of encryption (such as communication traffic) are known in advance not to require recoverability and therefore would not be designed to use a key recovery system.

Another problem is that the most secure and economical commercial key recovery do not support the real-time, third-party, covert access sought by governments in order to support surveillance. In particular, ‘self-escrow’ by an individual does not meet government access demands. The third-party nature and global reach implied by these government demands make key recovery systems a much more difficult, expensive, and risky proposition than a facility for internal, off-line recovery in business enterprise. For example, most organizations keep backups in the form of plain text on magnetic media in physically protected premises. Similarly, organizations that keep encrypted data might naturally be best served by storing backup keys in a bank safe deposit box. A requirement for near-real-time access would preclude this approach, however prudent or appropriate.

Any access-time requirement carries with it special risks. In particular, some sort of network technology will generally be required. Such a network, which must link a large number of law enforcement agencies with different key recovery centers, would be extraordinarily difficult to secure. The current attention in the U.S. on the problem of securing critical infrastructure, such as telephone networks, power grids, national banking networks and air traffic control systems, underscores the problem of managing risk in key recovery. The system that support critical infrastructure, which are increasingly reliant on open networks and information systems, are among the most important current and future applications of cryptography. The complexity and increased risk introduced with key recovery would make critical infrastructure protected by cryptography more vulnerable to the kinds of sophisticated attackers that pose the most serious threats to these systems.

Government specifications for key recovery systems for export approval are focused on the easier problem of ensuring that keys are recoverable when authorized. They do not address or give techniques for the far harder problem of ensuring against unauthorized disclosure of data. The design and construction of prototype key recovery systems that satisfy government specifications for export, therefore, are not sufficient to demonstrate that these systems can be operated securely, in an economical manner, on a large scale, or without introducing unacceptable new risks. Any assessment of a proposed system must take into account a broad range of design, implementation, operation, and policy considerations.

As of mid-1998, we are aware of no key recovery proposals that have undergone analysis of the kind required. On the other hand, as our report notes, there are compelling reasons to believe that, given the state of the art in cryptography and secure systems engineering, government-access key recovery is not compatible with large scale, economical, secure cryptography systems.

D. European Initiatives

DLM-FORUM — Electronic Records

The first multidisciplinary European DLM-Forum (DLM-Forum’96) on electronic records which took place in Brussels between the 18th and 20th December 1996 was a major event in the investigation of possibilities for wider co-operation in this area both between Member States and at Community level. It was initiated by the experts’ report Archives in the European Union (Report of the Group of Experts on the Coordination of Archives. Brussels – Luxembourg: OPOCE 1994) and confirmed by the EU-Council Conclusions of June 1994 (94/C 235/03).

Organised by the European Commission in close co-operation with the EU member states it hosted more than 300 experts and decision-makers from public administration, archives, industry (hard- and software suppliers) and research. The multidisciplinary approach and the aim to publish guidelines on machine readable data as a concrete result as well as the high quality of the presentations were the attractions that turned this inaugural event into a European forum of international interest in the field of electronic records administration and storage. Participants came from all the EU member states, from other European countries (including the Russian Federation and Poland), as well as from Canada and the USA.

First reviews that have been published by specialised journals are unanimously enthusiastic. The forum’s success owed a lot to the Programme Committee’s preparations and should also be attributed to the undivided and continuous support of the Irish and Dutch presidencies of the EU-Council.

The forum was opened by the Secretary General of the European Commission, David Williamson who emphasised that archives, including increasingly electronic documents, are our collective memory and how important it is to retain that memory and to insure that it remains accessible in the future. In their keynote addresses the Deputy Director General of the Directorate General for Science, Research and Development, Hendrik Tent and the Permanent Representative of Ireland to the European Union, H.E. Ambassador Denis O’Leary laid out the political and technical framework of the DLM-Forum’96. Mr Tent described the importance of the forum with respect to innovation in the digital era and the Commission’s approach towards this challenge. Mr O’Leary stressed the role of archives in our society and the citizens’ right of access to information. In his closing speech the Head of Commissioner Bangemann’s Cabinet, Paul Weissenberg, pointed to the importance of electronic archives in the European Union’s concept of the Information Society as set out in the Bangemann report and subsequent documents. He stressed the necessity of concrete measures as an immediate consequence to the DLM-Forum.

The ‘life-cycle’-concept of electronic records guided the three parallel sessions. Thus the speakers in those sessions reflected on electronic documents in the different phases of their administrative life. The multitude of topics ranged from discussions of norms and standards for data interchange to the presentation of new electronic storage material. Surveys on the ‘state of the art’ in Europe completed this first interdisciplinary approach to retaining the collective memory of the Information Society.

It was the balance between working sessions and spontaneous and informal discussions outside those sessions that produced a most agreeable working atmosphere in which experts’ debates led to the kind of mutual understanding and the establishment of personal ties and relations needed to solve problems that concern all the disciplines represented at the forum. Thus the catalyst effect, which was hoped for, was achieved: experts from industry and research became sensitive to the concerns of archives and administrations.

The forum will lead, as foreseen, to amendments to the first draft of multidisciplinary guidelines Best practices for using Machine Readable Data which had been distributed to the participants.

Furthermore a document for follow-up measures, the so-called ’10 points’, was agreed on by the participants. One major topic for follow-up activities is the establishment of national focal points to improve co-ordination and networking and to establish functional requirements for electronic records management in the public and private sectors. Another topic concerns the urge for establishing training programmes for archivists and administrators.

In a world of continuous and rapid change modern archives services are an element of continuity, stability and a solid base for essential information and indispensable records. Modern management in public and private institutions has to be dynamic, active and innovative, and above all has to cover the entire continuum of the life of documents. ‘The DLM-Forum’96 demonstrated that the issues posed by the preservation and re-use of electronic records are central not only to the work of archivists, but also form the cornerstone of future economic growth and development within the European Union.’ as Seamus Ross points out in his presentation. In short: the problem of preserving electronic records concerns even more people and areas than have been covered by the forum’s participants. Further activities should include among others legal advisors, system designers and application developers, auditors and insurance providers. Contacts with existing working groups (e.g. the European Commission’s Legal Advisory Board for the information market) have to be established or intensified. A first step to co-ordinate these activities is the installation of the DLM-Monitoring Committee in April 1997.

Promoting safe Use of Internet

To prevent illegal and harmful content being distributed on the Internet the European Commission is promoting initiatives which are aimed at increasing the general awareness among parents, teachers, public sector and the information industry about how to deal with the issue in practical terms.

This action accompanies the Green Paper on Protection of Minors and Human Dignity in Audiovisual and Information Services, the Communication on Illegal and Harmful Content on the Internet, and the Action plan on promoting safe use of the Internet.

REFERENCES

1. STOA, PE 166499: “An appraisal of technologies of political control”, 1998.

2. R. Clarke: Dataveillance: Delivering “1984”, Xamax Consultancy Pty Ltd, February 1993.

3. R. Clarke: Introduction to Dataveillance and Information Privacy and Definitions of Terms, Xamax Consultancy Pty Ltd, October 1998.

4. R. Clarke: A Future Trace on Dataveillance: Trends in the Anti-Utopial Science Fiction Genre, Xamax Consultancy Pty Ltd. March 1993.

5. T. Dixon: Workplace video surveillance – controls sought, Privacy law and Policy Reporter, 2 PLPR 141, l995.

6. T. Dixon: Privacy charter sets new benchmark in privacy protection, Privacy law and Policy Reporter, 2 PLPR 41. 1995.

7. D. Banisar and S. Davies: The code war, Index online, News Analysis, issue 1998.

8. T. Lesce: They’re Watching You! The Age of Surveillance, Breakout Productions, 1998.

9. W.G. Staples: The Culture of Surveillance, St. Martin’s Press, 1997.

10. D. Lyon and E. Zureik: Computers, Surveillance and privacy, University of Minnesota Press, 1996.

11. D. Lyon: The Electronic Eye – The rise of Surveillance Society, University of Minnesota Press. 1994.

12. F.H. Cate: privacy in the Information Age, Brookings Institution Press, 1997.

13. P. Brookes: Electronic Surveillance Devices, Newnes, 1998.

14. O.E.C.D.: Privacy Protection in a Global Networked Society, DSTI/ICCPAREG(98)5/FINAL, July 1998.

15. O.E.C.D.: Implementing the OECD “Privacy Guidelines” in the Electronic Environment: Focus on the Internet, DSTI/ICCP/REG(97)6/FINAL, September 1998.

16. O.E.C.D.: Cryptography policy: The Guidelines and the issues, OCDE/GD(97)204, 1997.

17. Report By an Ad Hoc Group of Cryptographers and Computer Scientists: The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption, 1998.

18. COM(98) 586 final: Legal framework for the Development of electronic Commerce.

19. COM(98) 297 final: Proposal for a European Parliament and Council Directive on a common framework for electronic signatures, OJ C325, 23/10/98.

20. A. Troye-Walker, European Commission: Electronic Commerce: EU policies and SMEs, August 1998.

21. COM(97) 503 final: Ensuring security and trust in electronic communications – Towards a European Framework for Digital Signatures and Encryption.

22. Directive 97/7/EC of the European Parliament and the Council of May 1997 on the protection of Consumers in respect of Distance Contracts. OJ L 144. 14/6/1997.

23. ISPO: Electronic Commerce – Legal Aspects. http://www.ispo.cec.be .

24. Privacy International: http://www.privacy.org .

25. Newton and Mike: Picturing the future of CCTV, Security Management, November 1994.

26. Gips and A. Michael: Tie Spy, Security Management, November 1996.

27. Clarke and Barry: Get Carded With Confidence, Security Management, November 1994.

28. Horowitz and Richard: The Low Down on Dirty Money, Security Management, October 1997.

29. Cellular E-911 Technology Gets Passing Grade in NJ Tests, Law Enforcement News, July – August 1997.

30. Shannon and Elaine: Reach Out and Waste Someone, Time Digital, July August 1997.

31. Thompson, Army, Harowitz, and Sherry: Taking a Reading on E-mail Policy, Security Management, November 1996.

32. Trickey and L. Fried: E-mail Policy by the Letter, Security Management, April 1996.

33. Net Proceeds, Law Enforcement News, January 1997.

34. Burrell, and Cassandra: Lawmen Seek Key to Computer Criminals, Associated Press, July 10, 1997, Albuquerque Journal.

35. Gips and A. Michael: Security Anchors CNN, Security Management, September 1996.

36. Bowman and J. Eric: Security Tools up for the Future, Security Management, January 1996.

37. E. Alderman and C. Kennedy: The right to Privacy, Knopf 1995.

38. Bennet and J. Colin: Regulating Privacy — Data protection and public Policy in Europe and the United States, Cornell University Press, 1992

39. BeVier and R Lillian: Information about Individuals in the Hands of Government — Some reflections on Mechanisms for Privacy Protection, William and Mary Bill of Rights Journal 4, Winter 1995.

40. Branscomb and A. Well: Who owns Information? From Privacy to Public Access, Basic Books 1994

41. Branscomp: Global Governance of Global Networks, Indiana Journal of Global Legal studies, Spring 1994.

42. Network Wizards, Internet Domain Survey, January 1997, http://www.nw.com/zone/WWW/report.html .

43. Network Wizards, Internet Domain Survey, January 1997, http://nw.com/zone/WWW/lisybynum.html .

44. Simon Davis: report, December 1997, http://www.telegraph.co.uk .

45. Francis S. Chlapowski: The Constitutional Protection of Information Privacy: Boston University Law Review, January 1991.

46. Ibid., p. 35.

47. Ibid., p. 45.

48. Ibid., p. 48.

49. Ibid., p. 57

50. Ibid., p. 82.

51. Ibid., p. 276.

52. Ibid., p. 267.

53. J. Guisnel: Guerres dans le cyberspace, Editions la decouverte, 1995.

54. http://www.dis.org .

55. http://www.telegraph.co.uk .

STOA PROGRAMME

European Parliament
Directorate-General for Research
Directorate A
SCH 4/61

L-2929 Luxembourg

Tel: +352 4300 22511
Fax:+352 4300 22418
rholdsworth@europarl.eu.int

LEO 6 D46
Rue Wiertz 60
B-1047 Bruxelles

Tel: +32 2 284 3962
Fax:+32 2 284 9059
msosa@europarl.eu.int

Digitization and HTML by JYA/Urban Deadline.

Skype calls’ immunity to police phone tapping threatened
Suspicious phone conversations on Skype could be targeted for tapping as part of a pan-European crackdown.

Suspicious phone conversations on Skype could be targeted for tapping as part of a pan-European crackdown on what law authorities believe is a massive technical loophole in current wiretapping laws, allowing criminals to communicate without fear of being overheard by the police.

The European investigation could also help U.S. law enforcement authorities gain access to Internet calls. The National Security Agency (NSA) is understood to believe that suspected terrorists use Skype to circumvent detection.

While the police can get a court order to tap a suspect’s land line and mobile phone, it is currently impossible to get a similar order for Internet calls on both sides of the Atlantic.

Skype insisted that it does cooperate with law enforcement authorities, “where legally and technically possible,” the company said in a statement.

“Skype has extensively debriefed Eurojust on our law enforcement program and capabilities,” Skype said.

Eurojust, a European Union agency responsible for coordinating judicial investigations across different jurisdictions announced Friday the opening of an investigation involving all 27 countries of the European Union.

“We will bring investigators from all 27 member states together to find a common approach to this problem,” said Joannes Thuy, a spokesman for Eurojust based in The Hague in the Netherlands.

The purpose of Eurojust’s coordination role is to overcome “the technical and judicial obstacles to the interception of Internet telephony systems”, Eurojust said.

The main judicial obstacles are the differing approaches to data protection in the various E.U. member states, Thuy said.

The investigation is being headed by Eurojust’s Italian representative, Carmen Manfredda.

Criminals in Italy are increasingly making phone calls over the Internet in order to avoid getting caught through mobile phone intercepts, according to Direzione Nazionale Antimafia, the anti-Mafia office in Rome.

Police officers in Milan say organized crime, arms and drugs traffickers, and prostitution rings are turning to Skype and other systems of VOIP (voice over Internet Protocol) telephony in order to frustrate investigators.

While telecommunications companies are obliged to comply with court orders to monitor calls on land lines and mobile phones, “Skype’ refuses to cooperate with the authorities,” Thuy said.

In addition to the issue of cooperation, there are technical obstacles to tapping Skype calls. The way calls are set up and carried between computers is proprietary, and the encryption system used is strong. It could be possible to monitor the call on the originating or receiving computer using a specially written program, or perhaps to divert the traffic through a proxy server, but these are all far more difficult than tapping a normal phone. Calls between a PC and a regular telephone via the SkypeIn or SkypeOut service, however, could fall under existing wiretapping regulations and capabilities at the point where they meet the public telephone network.

The pan-European response to the problem may open the door for the U.S. to take similar action, Thuy said.

“We have very good cooperation with the U.S.,” he said, pointing out that a U.S. prosecutor, Marylee Warren, is based in The Hague in order to liaise between U.S. and European judicial authorities.

The NSA (National Security Agency) is so concerned by Skype that it is offering hackers large sums of money to break its encryption, according to unsourced reports in the U.S.

Italian investigators have become increasingly reliant on wiretaps, Eurojust said, giving a recent example of customs and tax police in Milan, who overheard a suspected cocaine trafficker telling an accomplice to switch to Skype in order to get details of a 2kg drug consignment.

“Investigators are convinced that the interception of telephone calls have become an essential tool of the police, who spend millions of euros each year tracking down crime through wiretaps of land lines and mobile phones,” Eurojust said.

The first meeting of Eurojust’s 27 national representatives is planned in the coming weeks but precise details of its timing and the location of the meeting remain secret, Thuy said.

“They will exchange information and then we will give advice on how to proceed,” he said. Bringing Internet telephony into line with calls on land lines and mobile phones “could be the price we have to pay for our security,” he said.

Paul Meller (IDG News Service)
— 23 February, 2009 09:47

Find this story at 23 February 2009

Copyright 2013 IDG Communications

MUMBAI, India — The terrorists who struck this city last month stunned authorities not only with their use of sophisticated weaponry but also with their comfort with modern technology.

The terrorists navigated across the Arabian Sea to Mumbai from Karachi, Pakistan, with the help of a global positioning system handset. While under way, they communicated using a satellite phone with those in Pakistan believed to have coordinated the attacks. They recognized their targets and knew the most direct routes to reach them in part because they had studied satellite photos from Google Earth.

And, perhaps most significantly, throughout the three-day siege at two luxury hotels and a Jewish center, the Pakistani-based handlers communicated with the attackers using Internet phones that complicate efforts to trace and intercept calls.

Those handlers, who were apparently watching the attacks unfold live on television, were able to inform the attackers of the movement of security forces from news accounts and provide the gunmen with instructions and encouragement, authorities said.

Hasan Gafoor, Mumbai’s police commissioner, said Monday that as once complicated technologies — including global positioning systems and satellite phones — have become simpler to operate, terrorists, like everyone else, have become adept at using them. “Well, whether terrorists or common criminals, they do try to be a step ahead in terms of technology,” he said.

Indian security forces surrounding the buildings were able to monitor the terrorists’ outgoing calls by intercepting their cellphone signals. But Indian police officials said those directing the attacks, who are believed to be from Lashkar-e-Taiba, a militant group based in Pakistan, were using a Voice over Internet Protocol (VoIP) phone service, which has complicated efforts to determine their whereabouts and identities.

VoIP services, in which conversations are carried over the Internet as opposed to conventional phone lines or cellphone towers, are increasingly popular with people looking to save money on long distance and international calls. Many such services, like Skype and Vonage, allow a user to call another VoIP-enabled device anywhere in the world free of charge, or to call a standard telephone or cellphone at a deeply discounted rate.

But the same services are also increasingly popular with criminals and terrorists, a trend that worries some law enforcement and intelligence agencies. “It’s a concern,” said one Indian security official, who spoke anonymously because the investigation was continuing. “It’s not something we have seen before.”

In mid-October, a draft United States Army intelligence report highlighted the growing interest of Islamic militants in using VoIP, noting recent news reports of Taliban insurgents using Skype to communicate. The unclassified report, which examined discussions of emerging technologies on jihadi Web sites, was obtained by the Federation of American Scientists, a Washington-based nonprofit group that monitors the impact of science on national security.

VoIP calls pose an array of difficulties for intelligence and law enforcement services, according to communications experts. “It means the phone-tapping techniques that work for old traditional interception don’t work,” said Matt Blaze, a professor and computer security expert at the University of Pennsylvania.

An agency using conventional tracing techniques to track a call from a land line or cellphone to a VoIP subscriber would be able to get only as far as the switching station that converts the voice call into Internet data, communications experts said. The switch, usually owned and operated by the company providing the VoIP service, could be located thousands of miles from the subscriber.

The subscriber’s phone number would also likely reveal no information about his location. For instance, someone in New York could dial a local phone number but actually be connected via the Internet to a person in Thailand.

In Mumbai, authorities have declined to disclose the names of the VoIP companies whose services the Lashkar-e-Taiba handlers used, but reports in Indian news media have said the calls have been traced to companies in New Jersey and Austria. Yet investigators have said they are convinced that the handlers who directed the attacks were actually sitting somewhere in Pakistan during the calls.

One senior Lashkar-e-Taiba leader who American officials believe may have played a key role in planning the Mumbai attacks is Zarrar Shah. Mr. Shah, known to be a specialist in communications technology, may have been aware of the difficulties in tracing VoIP.

To determine the location of a VoIP caller, an investigating agency has to access a database kept by the service provider. The database logs the unique numerical identifier, known as an Internet Protocol (I.P.) address, of whatever device the subscriber was using to connect to the Internet. This could be a computer equipped with a microphone, a special VoIP phone, or even a cellphone with software that routes calls over the Internet using wireless connections as opposed to cellular signals.

It would then take additional electronic sleuthing to determine where the device was located. The customer’s identity could be obtained from the service provider as well, but might prove fraudulent, experts said.

Getting the I.P. address and then determining its location can take days longer than a standard phone trace, particularly if service providers involved are in a foreign country.

“Ultimately, we can trace them,” said Mr. Gafoor, referring to VoIP calls. “It takes a little longer, but we will trace them.”

Washington is assisting the Indian authorities in obtaining this information, according to another Indian police official who also spoke anonymously because of the continuing investigation.

Further complicating this task is the fact that I.P. addresses change frequently and are less tied to a specific location than phone numbers.

Computer experts said that while these challenges were formidable, none were insurmountable. And they cautioned that security services and police forces might be disingenuous when they complain about terrorists’ use of new technologies, including VoIP.

The experts said that VoIP calls left a far richer data trail for investigators to mine than someone calling from an old-fashioned pay phone. Mr. Blaze, the computer security expert at the University of Pennsylvania, also noted that 15 years ago the Mumbai attackers would probably not have had the capacity to make calls to their handlers during the course of their attacks, depriving investigators of vital clues to their identities. “As one door closes — traditional wire line tapping — all these other doors have opened,” Mr. Blaze said.

December 9, 2008
By JEREMY KAHN

Find this story at 9 December 2008

Copyright 2008 The New York Times Company

Government Tapping CONTENT, Not Just Metadata … Using Bogus “Secret Interpretation” of Patriot Act

We reported in 2008 that foreign companies have had key roles scooping up Americans’ communications for the NSA:

At least two foreign companies play key roles in processing the information.

Specifically, an Israeli company called Narus processes all of the information tapped by AT &T (AT & T taps, and gives to the NSA, copies of all phone calls it processes), and an Israeli company called Verint processes information tapped by Verizon (Verizon also taps, and gives to the NSA, all of its calls).

Business Insider notes today:

The newest information regarding the NSA domestic spying scandal raises an important question: If America’s tech giants didn’t ‘participate knowingly’ in the dragnet of electronic communication, how does the NSA get all of their data?

One theory: the NSA hired two secretive Israeli companies to wiretap the U.S. telecommunications network.

In April 2012 Wired’s James Bamford — author of the book “The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America” — reported that two companies with extensive links to Israel’s intelligence service provided hardware and software the U.S. telecommunications network for the National Security Agency (NSA).

By doing so, this would imply, companies like Facebook and Google don’t have to explicitly provide the NSA with access to their servers because major Internet Service Providers (ISPs) such as AT&T and Verizon already allows the U.S. signals intelligence agency to eavesdrop on all of their data anyway.

From Bamford (emphasis ours):

“According to a former Verizon employee briefed on the program, Verint, owned by Comverse Technology, taps the communication lines at Verizon…

At AT&T the wiretapping rooms are powered by software and hardware from Narus, now owned by Boeing, a discovery made by AT&T whistleblower Mark Klein in 2004.”

Klein, an engineer, discovered the “secret room” at AT&T central office in San Francisco, through which the NSA actively “vacuumed up Internet and phone-call data from ordinary Americans with the cooperation of AT&T” through the wiretapping rooms, emphasizing that “much of the data sent through AT&T to the NSA was purely domestic.”

NSA whistleblower Thomas Drake corroborated Klein’s assertions, testifying that while the NSA is using Israeli-made NARUS hardware to “seize and save all personal electronic communications.”

Both Verint and Narus were founded in Israel in the 1990s.

***

“Anything that comes through (an internet protocol network), we can record,” Steve Bannerman, marketing vice president of Narus, a Mountain View, California company, said. “We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on, we can reconstruct their (voice over internet protocol) calls.”

With a telecom wiretap the NSA only needs companies like Microsoft, Google, and Apple to passively participate while the agency to intercepts, stores, and analyzes their communication data. The indirect nature of the agreement would provide tech giants with plausible deniability.

And having a foreign contractor bug the telecom grid would mean that the NSA gained access to most of the domestic traffic flowing through the U.S. without technically doing it themselves.

This would provide the NSA, whose official mission is to spy on foreign communications, with plausible deniability regarding domestic snooping.

The reason that Business Insider is speculating about the use of private Israeli companies to thwart the law is that 2 high-ranking members of the Senate Intelligence Committee – Senators Wyden and Udall – have long said that the government has adopted a secret interpretation of section 215 of the Patriot Act which would shock Americans, because it provides a breathtakingly wide program of spying.

Last December, top NSA whistleblower William Binney – a 32-year NSA veteran with the title of senior technical director, who headed the agency’s global digital data gathering program (featured in a New York Times documentary, and the source for much of what we know about NSA spying) – said that the government is using a secret interpretation of Section 215 of the Patriot Act which allows the government to obtain:

Any data in any third party, like any commercial data that’s held about U.S. citizens ….

(relevant quote starts at 4:19).

I called Binney to find out what he meant.

I began by asking Binney if Business Insider’s speculation was correct. Specifically, I asked Binney if the government’s secret interpretation of Section 215 of the Patriot Act was that a foreign company – like Narus, for example – could vacuum up information on Americans, and then the NSA would obtain that data under the excuse of spying on foreign entities … i.e. an Israeli company.

Binney replied no … it was broader than that.

Binney explained that the government is taking the position that it can gather and use any information about American citizens living on U.S. soil if it comes from:

Any service provider … any third party … any commercial company – like a telecom or internet service provider, libraries, medical companies – holding data about anyone, any U.S. citizen or anyone else.

I followed up to make sure I understood what Binney was saying, asking whether the government’s secret interpretation of Section 215 of the Patriot Act was that the government could use any information as long as it came from a private company … foreign or domestic. In other words, the government is using the antiquated, bogus legal argument that it was not using its governmental powers (called “acting under color of law” by judges), but that it was private companies just doing their thing (which the government happened to order all of the private companies to collect and fork over).

Binney confirmed that this was correct. This is what the phone company spying program and the Prism program – the government spying on big Internet companies – is based upon. Since all digital communications go through private company networks, websites or other systems, the government just demands that all of the companies turn them over.

Let’s use an analogy to understand how bogus this interpretation of the Patriot Act is. This argument is analogous to a Congressman hiring a hit man to shoot someone asking too many questions, and loaning him his gun to carry out the deed … and then later saying “I didn’t do it, it was that private citizen!” That wouldn’t pass the laugh test even at an unaccredited, web-based law school offered through a porn site.

I then asked the NSA veteran if the government’s claim that it is only spying on metadata – and not content – was correct. We have extensively documented that the government is likely recording content as well. (And the government has previously admitted to “accidentally” collecting more information on Americans than was legal, and then gagged the judges so they couldn’t disclose the nature or extent of the violations.)

Binney said that was not true; the government is gathering everything, including content.

Binney explained – as he has many times before – that the government is storing everything, and creating a searchable database … to be used whenever it wants, for any purpose it wants (even just going after someone it doesn’t like).

Binney said that former FBI counter-terrorism agent Tim Clemente is correct when he says that no digital data is safe (Clemente says that all digital communications are being recorded).

Binney gave me an idea of how powerful Narus recording systems are. There are probably 18 of them around the country, and they can each record 10 gigabytes of data – the equivalent of a million and a quarter emails with 1,000 characters each – per second.

Binney next confirmed the statement of the author of the Patriot Act – Congressman Jim Sensenbrenner – that the NSA spying programs violate the Patriot Act. After all, the Patriot Act is focused on spying on external threats … not on Americans.

Binney asked rhetorically: “How can an American court [FISA or otherwise] tell telecoms to cough up all domestic data?!”

Update: Binney sent the following clarifying email about content collection:

It’s clear to me that they are collecting most e-mail in full plus other text type data on the web.

As for phone calls, I don’t think they would record/transcribe the approximately 3 billion US-to-US calls every day. It’s more likely that they are recording and transcribing calls made by the 500,000 to 1,000,000 targets in the US and the world.

Posted on June 8, 2013 by WashingtonsBlog

Find this story at 8 June 2013

© 2007 – 2013 Washington’s Blog

Analysts at the National Security Agency can now secretly access real-time user data provided by as many as 50 American companies, ranging from credit rating agencies to internet service providers, two government officials familiar with the arrangements said.

Several of the companies have provided records continuously since 2006, while others have given the agency sporadic access, these officials said. These officials disclosed the number of participating companies in order to provide context for a series of disclosures about the NSA’s domestic collection policies. The officials, contacted independently, repeatedly said that “domestic collection” does not mean that the target is based in the U.S. or is a U.S. citizen; rather, it refers only to the origin of the data.

The Wall Street Journal reported today that U.S. credit card companies had also provided customer information. The officials would not disclose the names of the companies because, they said, doing so would provide U.S. enemies with a list of companies to avoid. They declined to confirm the list of participants in an internet monitoring program revealed by the Washington Post and the Guardian, but both confirmed that the program existed.

“The idea is to create a mosaic. We get a tip. We vet it. Then we mine the data for intelligence,” one of the officials said.

In a statement, Director of National Intelligence James Clapper said that programs collect communications “pursuant to section 702 of the Foreign Intelligence Surveillance Act, ” and “cannot be used to intentionally target any U.S. citizen, any other U.S person, or anyone within the United States.”

He called the leaks “reprehensible” and said the program “is among the most important” sources of “valuable” intelligence information the government takes in.

One of the officials who spoke to me said that because data types are not standardized, the NSA needs several different collection tools, of which PRISM, disclosed today by the Guardian and the Washington Post, is one. PRISM works well because it is able to handle several different types of data streams using different basic encryption methods, the person said. It is a “front end” system, or software, that allows an NSA analyst to search through the data and pull out items of significance, which are then stored in any number of databases. PRISM works with another NSA program to encrypt and remove from the analysts’ screen data that a computer or the analyst deems to be from a U.S. person who is not the subject of the investigation, the person said. A FISA order is required to continue monitoring and analyzing these datasets, although the monitoring can start before an application package is submitted to the Foreign Intelligence Surveillance Court.

From the different types of data, including their credit card purchases, the locations they sign in to the internet from, and even local police arrest logs, the NSA can track people it considers terrorism or espionage suspects in near-real time. An internet geo-location cell is on constant standby to help analysts determine where a subject logs in from. Most of the collection takes place on subjects outside the U.S, but a large chunk of the world’s relevant communication passes through American companies with servers on American soil. So the NSA taps in locally to get at targets globally.

It is not clear how the NSA interfaces with the companies. It cannot use standard law enforcement transmission channels to do, since most use data protocols that are not compatible with that hardware. Several of the companies mentioned in the Post report deny granting access to the NSA, although it is possible that they are lying, or that the NSA’s arrangements with the company are kept so tightly compartmentalized that very few people know about it. Those who do probably have security clearances and are bound by law not to reveal the arrangement.

This arrangement allows the U.S. companies to “stay out of the intelligence business,” one of the officials said. That is, the government bears the responsibility for determining what’s relevant, and the company can plausibly deny that it subjected any particular customer to unlawful government surveillance. Previously, Congressional authors of the FAA said that such a “get out of jail free” card was insisted by corporations after a wave of lawsuits revealed the extent of their cooperation with the government.

It is possible, but not likely, that the NSA clandestinely burrows into servers on American soil, without the knowledge of the company in question, although that would be illegal.

The 2008 FISA Amendments Act allow the NSA to analyze, with court orders, domestic communications of all types for counter-terrorism, counter-espionage, counter-narcotics and counter-proliferation purposes. If the agency believes that both ends of the communication, or the circle of those communicating, are wholly within the U.S., the FBI takes over. If one end of the conversation is outside the U.S., the NSA keeps control of the monitoring. An administration official said that such monitoring is subject to “extensive procedures,” but as the Washington Post reported, however, it is often very difficult to segregate U.S. citizens and residents from incidental contact.

One official likened the NSA’s collection authority to a van full of sealed boxes that are delivered to the agency. A court order, similar to the one revealed by the Guardian, permits the transfer of custody of the “boxes.” But the NSA needs something else, a specific purpose or investigation, in order to open a particular box. The chairman of the Senate intelligence committee, Sen. Dianne Feinstein, said the standard was “a reasonable, articulatable” suspicion, but did not go into details.

Legally, the government can ask companies for some of these records under a provision of the PATRIOT Act called the “business records provision.” Initially, it did so without court cognizance. Now, the FISC signs off on every request.

Armed with what amounts to a rubber stamp court order, however, the NSA can collect and store trillions of bytes of electromagnetic detritus shaken off by American citizens. In the government’s eyes, the data is simply moving from one place to another. It does not become, in the government’s eyes, relevant or protected in any way unless and until it is subject to analysis. Analysis requires that second order.

And the government insists that the rules allowing the NSA or the FBI to analyze anything relating to U.S. persons or corporations are strict, bright-line, and are regularly scrutinized to ensure that innocents don’t get caught up in the mix. The specifics, however, remain classified, as do the oversight mechanisms in place.

The wave of disclosures about the NSA programs have significantly unsettled the intelligence community.

The documents obtained by the two newspapers are marked ORCON, or originator controlled, which generally means that the agency keeps a record of every person who accesses them online and knows exactly who might have printed out or saved or accessed a copy. The NSA in particular has a good record of protecting its documents.

The scope of the least suggest to one former senior intelligence official who now works for a corporation that provides data to the NSA that several people with top-level security clearances had to be involved.

The motive, I suspect, is to punch through the brittle legal and moral foundation that modern domestic surveillance is based upon. Someone, at a very high level, or several people, may have simply found that the agency’s zeal to collect information blinded it to the real-world consequences of such a large and unending program. The minimization procedures might also be well below the threshold that most Americans would expect.

Clapper said in his statement that the disclosures about the program “risk important protections for the security of Americans.”

June 6, 2013, at 8:02 PM

Ambinder is co-author of a new book about government secrecy and surveillance, Deep State: Inside the Government Secrecy Industry.

Find this story at 6 June 2013

© 2013 THE WEEK PUBliCATIONS, INC.

The first time “Danny” (far right) officially ran as a CAM medic: March 18, 2012 at a protest to mark the anniversary of the beginning of the Iraq war.
On March 27, Chicago teachers and their supporters – including parents, students and community residents – rallied against the largest mass public school closure in US history. News of the mobilization sparked huge public interest before the demonstration – including from an undercover police officer calling himself “Danny Edwards.”

The day before the big rally, “Danny” reached out in individual emails to fellow volunteer street medics he had met a year earlier after he took a 20-hour training with Chicago’s local street medic collective, Chicago Action Medical (CAM). CAM’s volunteer emergency medical technicians (EMTs), nurses, doctors and trained street medics provide emergency medical treatment at local protests.

His aim in reaching out: to learn more about the next day’s plans.

“Danny” – who admitted to us on May 6 that he is, in fact, a Chicago police officer – could have saved himself the trouble and his department the expense. After all, organizers had already coordinated directly with top CPD brass about their plans for the next day and widely promoted their intent to stage nonviolent civil disobedience.

After the CTU rally, “Danny” also tried to recruit at least one CAM volunteer street medic via email on April 30, the day before a May 1, 2013, immigrants’ rights march, to pair up with him as a partner. There were no takers, so he showed up alone at the rally sporting marked medic regalia.

His latest undercover sortie as a fake volunteer street medic bookends a hectic year for him.

The Paper Trail

“Danny” was a fixture at CAM events beginning in early March 2012, when he participated in a 20-hour introductory training for new street medics – a training he described in an email to CAM volunteer street medic Scott Mechanic as “great.”

May 1, 2012: “Danny Edwards” – posing with fellow Chicago Action Medical volunteers at their health care booth in Union Park, where street medics were volunteering to provide first aid and emergency health care for participants at the annual May Day rally and march. “Danny” – the only medic not smiling – is standing in front of the CAM banner.

The email address “Danny” used in that correspondence, which he did not sign by name, was pegged to the name of a Chicago police officer cited months later in court documents involved in undercover work around the NATO protests.

Less than half an hour after sending that initial email, “Danny” sent the first in a flurry of emails to Mechanic from a different email address, writing “let me know what going on so i can get involved (sic).”

“Danny’s” March 2012 foray into spying on CAM aligns with the date prosecutors say the Chicago Police Department (CPD) posted two other undercover agents who went by the street names “Mo” and “Nadia” on a 90-day temporary duty undercover assignment to Field Intelligence Team 7150. That team was tasked with infiltrating Occupy and anarchist groups in the run-up to the NATO Summit, according to court documents filed by Cook County State’s Attorney Anita Alvarez in April 2013.

Those two officers, “Mo” and “Nadia,” are also purported linchpins in the criminal cases against five activists known as the “NATO 5,” three of whom are scheduled to go to trial on NATO-related domestic terrorism charges this September.

The NATO prosecutors’ October 2012 Answer to Discovery lists this same police officer among the CPD officers, detectives and other police officials who may be called to testify in this fall’s upcoming trial. He is also mentioned in the NATO defendants’ February 25, 2013, Motion to Compel Discovery as “a CPD undercover officer related to this investigation.”

Busy Year for “Danny” – and Early Red Flags

Five days after he inadvertently emailed Scott Mechanic under his given name and scrambled to cover his tracks, “Danny” acted for the first time as a CAM street medic at a small permitted peace march on Chicago’s north side. The March 18, 2012 event was organized to mark the anniversary of the launch of the Iraq War in March 2003.

May 1, 2013: “Danny Edwards,” undercover Chicago police officer, at a May Day rally for immigrant rights in Chicago’s Union Park.
“Danny” ran again as a marked CAM street medic on April 7, 2012 at Occupy Chicago’s “Occupy Spring” event, also emailing Mechanic on April 26, 2012 about bringing a “friend” to an upcoming health workshop. On May 1, 2012, he volunteered as a marked CAM street medic at a May Day rally and march, where his refusal to follow CAM operational guidelines – reportedly abandoning his street medic partner to make a b-line for a group of young protesters wearing black clothes – began to raise real alarms with fellow street medics.

After “Danny’s” behavior on May Day, a number of veteran CAM volunteers – including Mechanic – moved immediately to isolate him from new and less experienced street medics, to monitor his behavior closely and to broadly urge the practice of good security culture.

But without a smoking gun, they were unwilling to expose him publicly. The chill from veteran street medics didn’t discourage “Danny” from continuing to reach out and show up to actions.

On May 11, a week and a half later and as local organizers were scrambling to find housing for out-of-town protesters traveling in for the demonstrations, he emailed Mechanic directly for information about housing that other groups or collectives might be offering. “I have a group of friends in need and I wanted some direction,” he wrote.

On May 20, 2012, at a large protest against the NATO Summit, CAM street medics demanded that he remove his medic markings after he again ignored CAM street operations protocols by deserting his partner to sprint after a group of protesters clad in black clothes.

“Danny” sent emails to individual members of CAM’s listserv – but almost never to the larger listserv – strategically for the next year, seeking information about upcoming demonstrations and meetings. The off-list queries continued to raise red flags with CAM members he contacted, some of whom had never met him and did not know who he was.

When we asked “Danny” at the 2013 May Day rally to confirm his name and identity as a CPD officer, he insisted he was “Danny Edwards” and claimed to be a friend of a local activist.

That’s not how the activist described “Danny” to CAM volunteers at a street medic training before the NATO protests last spring. At that training, he told CAM members that “Danny” had recently befriended him, and he raised concerns there about “Danny’s” interest in topics ranging from Molotov cocktails to property damage.

“NATO 5” Connection

According to court documents released in the months after the NATO Summit protests, “Danny”is one of the undercover officers at the heart of the “NATO 5” criminal cases. He’s mentioned in the pre-NATO Summit pre-emptive raid search warrant documents as “Undercover Officer C,” and is also cited by his given name in court documents for one of the NATO defendants, Sebastian “Sabi” Senakiewicz, as a potential trial witness.

We tried to question “Danny” about his undercover activities on May 6 at a house that had a sheet of paper with his given name and phone number taped to the front door. While he admitted he was, in fact, the named police officer he’d denied being just five days earlier, he declined to answer our questions.

“Danny’s” post-NATO activities raise a key question: Why keep an undercover officer in play as a volunteer street medic in a nonviolent health-care project almost a year after the NATO protests that ostensibly put him into motion as a police spy in the first place?

It’s virtually impossible to say from the official record. That’s because the CPD and Cook County State’s Attorney Anita Alvarez have fought tooth and nail in court for almost a year to prevent defense attorneys in the remaining NATO cases from learning more about the scope and character of police spying on political activity leading up to last year’s NATO Summit.

At a “NATO 3” status hearing on May 14, 2013, prosecutors again opposed disclosing information about the wider scope of police spying on Chicago’s activist groups (as they have before in official court filings) in the months leading up to the NATO Summit. Defense attorneys rebutted in open court – as they did in writing earlier in their April 30, 2013, “Reply to the State’s Response to Defendants’ Motion to Compel” – that this information remains directly relevant to the NATO cases because it would broaden the context of the arrests of the NATO 3 and the CPD’s pre-NATO spying efforts targeting the activist community.

Broader Context

Police spying in recent years has targeted peace groups, environmentalists and the Occupy movement, a focus on protest as a potential flashpoint of “terrorism” that sometimes has disastrous consequences. By way of example, in Boston, local police focused their attention on the political activism of local residents at the same time they missed the threat posed by the Boston Marathon bombers.

And law enforcement has also demonstrated a disturbing pattern of working undercover to create crime to prosecute crime. Notable cases like the “Cleveland 4” fit into a pattern that journalist Arun Gupta has described as law enforcement’s “war of entrapment against the Occupy movement.”

Law enforcement infiltration in Chicago in the run-up to the 2012 NATO Summit unfolded most publicly with the use of at least two undercover cops who went by the names “Mo” and “Nadia.”

Both were regular fixtures at a spring 2012 encampment to try to prevent the closure of the Woodlawn Mental Health Clinic on Chicago’s south side, one of six public mental health clinics slated for closure by city officials and hardly a flashpoint of “potential terrorist activity.” They also showed up at one point at an independent media center organized to cover the NATO protests and at numerous other documented locales in the two and a half months before the NATO Summit.

“Red Squad” 2.0 Rolling Back into Town?

Ongoing police spying a year after the NATO meeting by “Danny” – and potentially others – raises a real alarm among activists, including CAM street medics, whose national community traces its origins to the Medical Presence Project of the Medical Committee for Human Rights (MCHR).

MCHR was first formed in 1964 to provide medical assistance to the civil rights movement. Its Chicago-based volunteers, who also provided medical aid at protests organized by peace projects and student groups opposed to the Vietnam War, were among thousands of civilians spied on by the CPD’s notorious Red Squad.

“The CPD’s decision to plant an undercover police spy in Chicago Action Medical is outrageous, but sadly, comes as no surprise,” said CAM street medic Dick Reilly in an interview. “The CPD has a long and sordid history of surveillance and infiltration of labor, peace and social justice groups dating back to the 1886 railroading of the Haymarket defendants – efforts that led to the creation of Chicago’s infamous Red Squad. Over a hundred years later, the cops are clearly still at it.”

For Reilly, CAM’s ongoing infiltration threatens core freedoms that range from the privacy rights of the people they treat to police officials’ ongoing assault on dissent in the city.

“When the CPD targets a volunteer medical project like CAM – which seeks to provide basic first aid to people exercising their democratic rights and whose primary principle is to ‘do no harm’ – it underscores the lengths to which they’ll go to criminalize dissent, suppress resistance and pander to the agenda of the political and economic elites they actually serve and protect,” Reilly said.

The Chicago Red Squad’s abuses of basic constitutional rights were so egregious – targets included the Parent-Teachers’ Association and the League of Women Voters – that a federal court slapped the city with a consent decree in 1982 that expressly barred politically motivated police spying unless police could show at least some evidence of criminal intent on the part of the targets of their spying.

The city was finally able to win relief from the consent decree in January 2001, after arguing for years constitutional protections thwarted its ability to investigate gangs and “terrorism.”

The consent decree’s demise hasn’t kept the CPD out of hot water for spying on political projects, either, beginning as early as 2002. Were the old consent decree still in place, CAM members believe “Danny’s” undercover spying on their work over the past year would have been illegal.

McCarthy’s Spy-Ops Background at NYPD, Newark PD

Just before he was sworn in as Chicago’s new mayor in May of 2011, Rahm Emanuel – a former US Congressman and chief of staff for President Obama – announced the appointment of new police superintendent Garry McCarthy. Three months later, McCarthy created an intelligence-gathering unit tasked to perform “counter-terrorism” work in preparation for the May 2012 NATO meetings.

A career New York cop, McCarthy is no stranger to the use of systematic police spying.

The New York Police Department (NYPD) has a contentious track record in this arena, prompting the implementation of New York’s own version of Chicago’s Red Squad consent decree – the Handschu Decree – while McCarthy was climbing up the NYPD’s ranks to a senior command position.

It wasn’t long after he formally assumed the mantle of CPD superintendent in 2011 that McCarthy drew fire for allowing the latest iteration of New York’s police spy ring to operate in Newark, NJ, where he had served as police chief before taking the position as CPD’s top dog.

McCarthy also served as an NYPD commander when the police set up spy rings before the 2004 Republican National Convention in New York City and during “CIA on the Hudson,” the joint NYPD/CIA project that was set up and run by former CIA Deputy Director for Operations David Cohen to “map the human terrain” of New York City’s Islamic community.

Targeting Street Medics

Volunteer street medics have historically been an attractive target for undercovers.

CAM street medic Scott Mechanic met “Anna,” before she was outed as a police infiltrator, an FBI informant who used her position as a street medic to befriend and entrap environmental activists. One of those activists, Eric McDavid, is serving a 20-year sentence in a case built around Anna’s testimony and her reported entrapment activities.

In the wake of Hurricane Katrina, Mechanic was also a street medic volunteer at New Orleans’ Common Ground Collective, where he and dozens of other volunteer health-care providers ran into Brandon Darby, an agent provocateur and FBI informant at the heart of another entrapment case, this one against David McKay and Bradley Crowder.

“These kinds of informants and undercover police represent a real threat to activists, in no small part because they’re committed to manufacturing crime where none exists to terrorize the public and justify their abuses of our right to dissent,” said Mechanic. “This Chicago cop’s infiltration of our group raises real questions about police intrusion into protesters’ medical histories – and it’s a truly despicable example of exploiting people’s caregivers as part of the national campaign to criminalize dissent.”

Convergence of the War on Drugs, War on Terrorism

As a Chicago cop, the CPD officer who infiltrated CAM has worked on narcotics and gang cases, including as an undercover officer.

Given the growing conflation of the “War on Drugs” with the “War on Terrorism,” which is increasingly married to a War on Dissent, it’s not surprising that the Chicago police officer who infiltrated CAM would segue into COINTELPRO-style undercover work. By the 1990’s, the CPD was listing dissidents by alleged political affiliation in their gang database, in tandem with then-Mayor Richard M. Daley’s claim that the Red Squad Consent Decree shackled cops’ ability to investigate both gangs and “terrorism.”

Shahid Buttar, executive director of the Bill of Rights Defense Committee, points to the delayed notice search warrants enabled by Section 213 of the USA PATRIOT Act – presented to the public as a counter-terrorism tool – as a key example of the War on Drugs’ convergence with the War on Terrorism.

“Both the War on Drugs and the War on Terrorism have long represented cash cows for law enforcement and intelligence agencies, from the FBI all the way down to local police departments,” Buttar said in an interview. “Beyond the serial corruption of agencies pimping public fears to inflate their budgets, many particular powers claimed as necessary for one ‘war’ are actually used more in the other.”

The Chicago Police Department did not respond to our phone calls or emails about this story.

Tuesday, 21 May 2013 09:55
By Steve Horn and Chris Geovanis, Truthout | Report

Find this story at 21 May 2013

© 2012 Truthout