Snowden, PRISM & Related Revelations (reverse chronological order)
"Snowden saw what happened to other whistleblowers, and behaved accordingly. His political theory has been quite exact and entirely consistent. He says the existence of these programmes, undisclosed to the American people, is a fundamental violation of American democratic values. Surely there can be no argument with that.
Snowden's position is that efforts so comprehensive, so overwhelmingly powerful, and so conducive to abuse, should not be undertaken save with democratic consent. He has expressed recurrently his belief that the American people are entitled to give or withhold that informed consent. But Snowden has also identified the fastening of those programmes on the global population as a problematic act, which deserves a form of moral and ethical analysis that goes beyond mere raison d'état....Edward Snowden has revealed problems for which we need solutions. The vast surveillance-industrial state that has grown up since 2001 could not have been constructed without government contractors and the data-mining industry. Both are part of a larger ecological crisis brought on by industrial overreaching....we should end the immunity given to the telecommunications operators for assisting illegal listening. Immunity was extended by legislation in 2008. When he was running for president, Barack Obama said that he was going to filibuster that legislation. Then, in August 2008, when it became clear that he was going to become the next president, he changed his mind. Not only did he drop his threat to filibuster the legislation, he interrupted his campaigning in order to vote for immunity.|
The US listeners are having a political crisis beyond their previous imagining. They do not like to appear in the spotlight, or indeed to be visible at all. Now they have lost their credibility with the cybersecurity industry, which has realised that they have broken their implicit promises about what they would not hack. The global financial industry is overwhelmed with fear at what they've done. The other US government agencies they usually count on for support are fleeing them.
much of that software is written by us. The "us" I mean here is those communities sharing free or open source software, with whom I have worked for decades.
Protocols that implement secure communications used by businesses between themselves and with consumers (HTTPS, SSL, SSH, TLS, OpenVPN etc) have all been the target of the listeners' interference.
Snowden has documented their efforts to break our cryptography.
The US listeners are courting global financial disaster. If they ever succeed in compromising the fundamental technical methods by which businesses communicate securely, we would be one catastrophic failure away from global financial chaos. Their conduct will appear to the future to be as economically irresponsible as the debasing of the Roman coinage. It is a basic threat to the economic security of the world.
The bad news is that they have made some progress towards irremediable catastrophe. First, they corrupted the science. They covertly affected the making of technical standards, weakening everyone's security everywhere in order to make their own stealing easier. Second, they have stolen keys, as only the best-financed thieves in the world can do. Everywhere encryption keys are baked into hardware, they have been at the bakery.
At the beginning of September when Snowden's documents on this subject first became public, the shock waves reverberated around the industry. But the documents released also showed that the listeners are still compelled to steal keys instead of breaking our locks. They have not yet gained enough technical sophistication to break the fundamental cryptography holding the global economy together.
Making public what crypto NSA can't break is the most inflammatory of Snowden's disclosures from the listeners' perspective. As long as nobody knows what the listeners cannot read, they have an aura of omniscience. Once it is known what they cannot read, everyone will use that crypto and soon they cannot read anything any more.
Snowden has disclosed that their advances on our fundamental cryptography were good but not excellent. He is also showing us that we have very little time to improve our own cryptography. We must hurry to recover from the harm done to us by technical standards corruption. From now on, the communities that make free software crypto for everyone else must assume that they are up against "national means of intelligence". In this trade, that is bad news for developers, because that's the big leagues. When you play against their opposition, even the tiniest mistake is fatal....Snowden's courage is exemplary. But he ended his effort because we needed to know now. We have to inherit his understanding of that fierce urgency."
Eben Moglen, 'Privacy under attack: the NSA files revealed new threats to democracy', The Guardian
29 May 2014
"One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents....Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. |
... these GCHQ documents are the first to prove that a major western government is using some of the most controversial techniques to disseminate deception online and harm the reputations of targets. Under the tactics they use, the state is deliberately spreading lies on the internet about whichever individuals it targets, including the use of what GCHQ itself calls “false flag operations” and emails to people’s families and friends. Who would possibly trust a government to exercise these powers at all, let alone do so in secret, with virtually no oversight, and outside of any cognizable legal framework?
Then there is the use of psychology and other social sciences to not only understand, but shape and control, how online activism and discourse unfolds..."
Glenn Greenwald , 'How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations', Intercept website
24 Feb 2014
"Chancellor Angela Merkel of Germany has announced plans to set up a European communications network as part of a broad counter-espionage offensive designed to curb mass surveillance conducted by the US National Security Agency and its British counterpart, GCHQ. The move is her government’s first tangible response to public and political indignation over NSA and GCHQ spying in Europe, which was exposed last October with revelations that the US had bugged Ms Merkel’s mobile phone and that MI6 operated a listening post from the British Embassy in Berlin.|
...Germany’s counter-espionage drive comes after months of repeated and abortive attempts by its officials to reach a friendly “no spy” agreement with the US. Phillip Missfelder, a spokesman for Ms Merkel’s government, admitted recently that revelations about NSA spying had brought relations with Washington to their worst level since the US-led invasion of Iraq in 2003.
Der Spiegel claimed that on a single day last year, January 7, the NSA tapped into some 60 million German phone calls. The magazine said that Canada, Australia, Britain and New Zealand were exempt from NSA surveillance but Germany was regarded as a country open to “spy attacks”.
Tony Paterson , 'Surveillance revelations: Angela Merkel proposes European network to beat spying by NSA and GCHQ', Independent, 17 Feb 2014
"British companies are fighting back against government surveillance in the U.S. 21 percent of UK firms are moving their hosted information out of the country because of security concerns.That's according to an independent survey of 300 British and Canadian small businesses, commissioned by cloud hosting firm Peer 1 Hosting. The study finds over a fifth of UK firms and one-third of their Canadian counterparts are relocating their information away from US-based data centres because of the NSA intelligence agency scandal, revealed last summer by whistleblower Edward Snowden.|
The survey also suggests the spying scandal has had a significant impact on non-US cloud service providers. Nearly seven out of 10 (69 percent) of decision makers say the mass surveillance has made them more sceptical of data hosting providers everywhere and 57 percent are less likely to use a public cloud as a result.
...Steve Durbin, global vice president of the Information Security Forum (ISF) user group, believes that this confirms that the NSA scandal has encouraged cloud users to “ask the right questions about how their information is being stored, managed and handled”. “As a result, I think businesses are saying that from a risk point of view it might make more sense for us to be storing some of this information in Europe, in the UK or within our own borders, if we can't get satisfactory answers from cloud providers or indeed if the answers from a risk perspective just seem too high for our business.”
Bowden, a former chief privacy adviser to Microsoft, told SCMagazineUK.com: “The rights of foreigners simply haven't been part of the US debate - so far.”
“The key international question regarding Obama's NSA reforms is whether he will recognise the human right to privacy of non-Americans, who currently have no protection whatsoever under the FISA law,” he explained. “Both the EU Commission and Parliament have demanded equal treatment with US citizens.
Tim Ring , 'NSA backlash continues: UK firms move data out the US', SC Magazine, 14 Jan 2014
"The phone, internet and email records of UK citizens not suspected of any wrongdoing have been analysed and stored by America's National Security Agency under a secret deal that was approved by British intelligence officials, according to documents from the whistleblower Edward Snowden.
In the first explicit confirmation that UK citizens have been caught up in US mass surveillance programs, an NSA memo describes how in 2007 an agreement was reached that allowed the agency to "unmask" and hold on to personal data about Britons that had previously been off limits.... The NSA has been using the UK data to conduct so-called "pattern of life" or "contact-chaining" analyses, under which the agency can look up to three "hops" away from a target of interest – examining the communications of a friend of a friend of a friend. Guardian analysis suggests three hops for a typical Facebook user could pull the data of more than 5 million people into the dragnet. |
James Ball, 'US and UK struck secret deal to allow NSA to 'unmask' Britons' personal data', The Guardian, 21st November 2013
"The days are over when those demanding secrecy for their work can offer the dismissive excuses of the three intelligence chiefs to Westminster's intelligence and security committee earlier this month. This boiled down to "Trust us, we are policemen". How could anyone trust people who delivered Britain's entire wardrobe of state secrets, some 60,000 files, to a potential audience of up to 800,000 Americans, including an honest but appalled private contractor named Snowden – and that after the Manning-Assange revelations. They must have known it would all leak.
British intelligence was saved from catastrophe only by Snowden not dumping his material on the web but giving it to what he regarded as responsible journalists. The newspapers, notably the Guardian, published less than 1% of the material judged as clearly in the public interest...The world now faces total electronic penetration, with huge power available to those who control it. The idea that the assurances of a policeman or spy are "good enough for me" has been shown as deluded. No group should be trusted with such unconstrained leverage over others, least of all one revealed as systematically deceiving Congress.
Expecting the west's arcane democratic institutions to police the new digital power of states is to build a sandcastle against a tank. Yet they are all we have. |
Simon Jenkins, 'The days of believing spy chiefs who say 'Trust us' are over', The Guardian, 20th November 2013
"The extent and scale of mass surveillance undertaken by Britain's spy agencies is to be scrutinised in a major inquiry to be formally launched on Thursday.
Parliament's intelligence and security committee (ISC), the body tasked with overseeing the work of GCHQ, MI5 and MI6, will say the investigation is a response to concern raised by the leaks from the whistleblower Edward Snowden.
Sir Malcolm Rifkind, the committee chair, said 'an informed and proper debate was needed'. One Whitehall source described the investigation as 'a public inquiry in all but name'.|
Nick Hopkins, Patrick Wintour, Rowena Mason and Matthew Taylor, 'Extent of spy agencies' surveillance to be investigated by parliamentary body', The Guardian, 17th October 2013
"The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.|
Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.
..The five-page memorandum, termed an agreement between the US and Israeli intelligence agencies "pertaining to the protection of US persons", repeatedly stresses the constitutional rights of Americans to privacy and the need for Israeli intelligence staff to respect these rights.
But this is undermined by the disclosure that Israel is allowed to receive "raw Sigint" – signal intelligence. The memorandum says: "Raw Sigint includes, but is not limited to, unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content."
Glenn Greenwald, Laura Poitras and Ewen MacAskill, 'NSA shares raw intelligence including Americans' data with Israel', The Guardian, 4 October 2013
"Britain runs a secret internet-monitoring station in the Middle East to intercept and process vast quantities of emails, telephone calls and web traffic on behalf of Western intelligence agencies, The Independent has learnt.
The station is able to tap into and extract data from the underwater fibre-optic cables passing through the region.
The information is then processed for intelligence and passed to GCHQ in Cheltenham and shared with the National Security Agency (NSA) in the United States. The Government claims the station is a key element in the West’s 'war on terror' and provides a vital 'early warning' system for potential attacks around the world.|
The Independent is not revealing the precise location of the station but information on its activities was contained in the leaked documents obtained from the NSA by Edward Snowden."
Duncan Campbell, Oliver Wright, James Cusik, Kim Sengupta, 'UK’s secret Mid-East internet surveillance base is revealed in Edward Snowden leaks', The Independent, 23d August 2013
"Before the 30-year-old analyst (Edward Snowden) turned whistleblower, only a few people outside GCHQ had heard of 'Tempora', the programme that gives the agency access to the fibre-optic cables that carry the world's phone calls and web traffic; only they knew it had developed an ingenious way of storing this material for up to 30 days.|
Only those in the intelligence community had heard of "Prism", another initiative that has given the NSA – and GCHQ too – access to millions of emails and live chat conversations held by the world's major internet companies, including Google, Facebook, Microsoft and Apple.
Nick Hopkins, Julian Borger, Luke Harding, 'GCHQ: inside the top secret world of Britain's biggest spy agency', The Guardian, 2nd August 2013
"US intelligence services are spying on the European Union mission in New York and its embassy in Washington, according to the latest top secret US National Security Agency documents leaked by the whistleblower Edward Snowden. One document lists 38 embassies and missions, describing them as "targets". It details an extraordinary range of spying methods used against each target, from bugs implanted in electronic communications gear to taps into cables to the collection of transmissions with specialised antennae. Along with traditional ideological adversaries and sensitive Middle Eastern countries, the list of targets includes the EU missions and the French, Italian and Greek embassies, as well as a number of other American allies, including Japan, Mexico, South Korea, India and Turkey. The list in the September 2010 document does not mention the UK, Germany or other western European states.|
One of the bugging methods mentioned is codenamed Dropmire, which, according to a 2007 document, is "implanted on the Cryptofax at the EU embassy, DC" – an apparent reference to a bug placed in a commercially available encrypted fax machine used at the mission. The NSA documents note the machine is used to send cables back to foreign affairs ministries in European capitals."
Ewen MacAskill, Julian Borger, 'New NSA leaks show how US is bugging its European allies', The Guardian, 1st July 2013
".......GCHQ has placed more than 200 probes on transatlantic cables and is processing 600m "telephone events" a day as well as up to 39m gigabytes of internet traffic. Using a programme codenamed Tempora, it can store and analyse voice recordings, the content of emails, entries on Facebook, the use of websites as well as the "metadata" which records who has contacted who. The programme is shared with GCHQ's American partner, the National Security Agency.
Nick Davies, 'MI5 feared GCHQ went 'too far' over phone and internet monitoring', The Guardian, 22nd June 2013
"...On Monday the Guardian carried a story that British intelligence had spied on delegates at two G20 summits, those chaired by Gordon Brown in 2009. Laptops and mobile phones had been hacked, and internet cafes installed and bugged. With many of the same heads of government gathering for the G8 summit in Northern Ireland, the story was, to put it mildly, sensational. The source was the American whistleblower, Edward Snowden, whose revelations about the US National Security Agency had been running in the Guardian and Washington Post for a week. It was initially hinted at by other British media but was covered by a D-notice (warning against publishing anything that could damage national security) from the government."
Simon Jenkins, 'Britain's response to the NSA story? Back off and shut up', The Guardian, 19th June 2013
|......One document records that in March 2009 – the month before the heads of state meeting – GCHQ was working on an official requirement to "deliver a live dynamically updating graph of telephony call records for target G20 delegates … and continuing until G20 (2 April)."|
Another document records that when G20 finance ministers met in London in September, GCHQ again took advantage of the occasion to spy on delegates, identifying the Turkish finance minister, Mehmet Simsek, as a target and listing 15 other junior ministers and officials in his delegation as "possible targets".
...The September meeting of finance ministers was also the subject of a new technique to provide a live report on any telephone call made by delegates and to display all of the activity on a graphic which was projected on to the 15-sq-metre video wall of GCHQ's operations centre as well as on to the screens of 45 specialist analysts who were monitoring the delegates...
Ewen MacAskill et al, 'GCHQ intercepted foreign politicians' communications at G20 summits', The Guardian, 17th June 2013
|...Mr Snowden has revealed details about two top-secret surveillance programmes that he hopes will start to shift the debate. First, a leaked court order showed that the NSA has been collecting the phone records of millions of Americans who are business customers of Verizon. Second, documents claimed the NSA operates a programme that allows it to siphon off large volumes of data, including emails and photos, from the servers of nine big technology companies.
The government has admitted the first disclosure but says that the nature of the programme is misunderstood. The database stores only numbers, not names, officials say. Rather than listening to calls, the intelligence services use the “metadata” from the call records to look for a terror suspects’ connections.
Mike Rogers, chairman of the House intelligence committee, said that it was too expensive for the telephone companies to keep all the details of call records so they were stored at the NSA. To access any specific part of the database, the intelligence services needed a warrant based on a genuine national security threat, he said.
The second charge is less clear. Reports indicated that the NSA was using a computer program called Prism to swallow large chunks of data directly from Google, Yahoo and other companies in a manner that goes well beyond anything covered by federal court warrants. In a Guardian interview, Mr Snowden described an almost casual illegality at the NSA. “Sitting at my desk, I had the authorities to wiretap anyone, from you or your accountant, to a federal judge or even the president,” he said.
Source: Geoff Dyer, 'America: Church versus state - The Church committee offers a model for regulation of US intelligence agencies', Financial Times, 11th June 2013
Back to Intelligence Updates