The NSA and GCHQ Programs provide insight into government snooping chains. This blog also provides a forward to my book Sail Chains. The current focus on surveillance and privacy is based on the actions of Facebook, Amazon and google. The allied western intelligence agencies do much more. Previous blogs
Secure communications, tracking, and other jargon is used within this tale. The descriptions are based on real techniques used in Information Technology and Intelligence Surveillance. Some are described below to avoid lengthy passages of explanation in the narrative of the book and here in this blog for public edification.
Five-Eyes is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. These countries are parties to a multilateral agreement which is a treaty for joint cooperation in signals intelligence. It is a wide ranging agreement and includes facilities in each country including the Government Communication Headquarters, GCHQ, in Cheltenham, UK, and the National Security Agency, NSA, with its HQ at Fort Meade in the USA. Both organisations also carry out their own operations and programmes. Many of these programmes were known in small parts to the media and hence general public; however the extent of these programmes was not well known until the revelations leaked or stolen by Edward Snowden.
Legal restrictions in all Five Eyes countries are supposed to restrict or prevent gathering of information on citizens. Secret courts, FISA (Foreign Intelligence Surveillance Act) in USA and CMPs (Closed Material Procedures) in UK provide legal cover. Parliamentary or Congressional scrutiny is very limited. In many cases the elected representatives or their advisors do not have sufficient levels of security clearance to see the material about the programmes let alone the technical understanding of the implications.
The NSA is not supposed to spy on US citizens without a warrant but they can collect data about US citizens whilst spying on foreigners. In one example 90% of the data collected in one sweep was about US citizens (>9,500 citizens out of 11,000 contacts). In this way GCHQ can spy on US Citizens and vice versa and each can pass data to the other through the Five Eyes and not be subject to any scrutiny. It is clear from multiple sources that this spying is not just on threats but also on journalists, whistleblowers and multiple other targets that the security services have decided are legitimate targets.
The main details were leaked by Edward Snowden to two reporters Barton Gellman who published via the Washington Post and Glenn Greenwald in The Guardian. A film maker, Laura Poitras conducted interviews and also acted as a go-between, especially between Snowden and Gellman during the initial contacts when source VERAX was making contact. Many of the electronic copies of papers and programme details remain unreleased by the journalists. The NSA and GCHQ continue to deny many of the details, see here
was the code name of a warrant less surveillance program begun under the George W. Bush administration’s President’s Surveillance Program. The National Security Agency (NSA) program was approved by President Bush shortly after the September 11, 2001, attacks and was revealed by Thomas Tamm to The New York Times in 2004. STELLARWIND’s output is fed into the MAINWAY database
PRISM is a code name for a program under which the NSA collects internet communications from various US internet companies. The NSA had placed collection systems directly in the data centres of the large tech companies including Microsoft, Google, Apple, Facebook and others. Due to the nature of Internet routing many non-US connections route or partially route via the data centres. Thus privacy campaigners use Virtual Private Networks, VPNs, and other techniques to mask their messages. These techniques are also used by enemies including terrorists.
MAINWAY is a database maintained by the NSA (and Five Eyes partners) containing metadata for hundreds of billions of telephone calls made through the four largest telephone carriers in the United States: AT&T, SBC, BellSouth (all three now called AT&T) and Verizon. The existence of this database and the NSA program that compiled it was unknown to the general public until USA Today broke the story on May 10, 2006. It is estimated that the database contains over 1.9 trillion call-detail records. The records include detailed call information (caller, receiver, date/time of call, length of call, etc.) for use in traffic analysis and social network analysis, but do not include audio information or transcripts of the content of the phone calls.
Contact Chaining is a method of querying data held in MAINWAY to produce contact maps and then using associated algorithms of contacts of a target several levels away e.g. secondary, tertiary and beyond contact of contacts of contacts. Because MAINWAY holds historical data, officially 5 years worth for US citizens but with many caveats, previous contacts can be traced. Exceptions to deletion are any link to on-going or security investigations. This gives rise to an exponential increase in potential contacts. If the first contact has ten contacts and each has ten more and these in turn have ten more at 3rd degree of separation there are now 10x10x10 = 1,000. Most humans have far more than 10 contacts thus chains become very large very quickly. The game 6 Degrees of Kevin Bacon, the US Actor, demonstrates this is more humorous ways.
Algorithms are used to reduce the numbers or combine them into groups. This data is then combined with other communications data, for example, social medial posts and email, to build up a contact map. The seed in this case is the initial target or intercept which by correlating with another seed B. Contact C is thus linked in the chain.
Or a real one shown by the US news programme 60 Minutes
Any one of these contacts or nodes could be the enemy that is sought or allow movements, locations and activity patterns to be tracked thus enabling potential targeting for surveillance or more direct action. Sometimes the enemy is unknown. The node shown is a phone, email address, social media handle, website, which the technique attempts to link to an individual or organisation. A phone number of a head office could be used by hundreds of contacts. How the data is processed into MAINWAY with other named systems mentioned is shown below:
Enemies attempt to hide this activity by changing contact methods, encryption of the content of messages and other evasion techniques. For the NSA and GCHQ they are also tasked with creating method of protecting data from such intercepts by foreign powers or bad actors. Other techniques such as operating cell techniques can founder with just a single contact under the chain. Thus operational security measures are overcome. For example two terrorist cells with a leadership planning a coordinated attack can be linked.
A system called CO-TRAVELER is designed to track who meets with whom and covers everyone who carries a mobile/cell phone, all around the world. CO-TRAVELER collects billions of records daily of phone user location information. It maps the relationships of mobile/cell phone users across global mobile network cables, gathering data about who you are physically with, and how often your movements intersect with other phone users. The program even tracks when your phone is turned on or off.
TOR – Protects from government snooping or does it?
Tor is free and open-source software for enabling anonymous communication by directing Internet traffic through a worldwide overlay network. It consists of more than seven thousand relays designed to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace the Internet activity to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”. Tor’s intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities unmonitored. It was created by the Office of Naval Research and DARPA as a security protection project and the papers from Snowden demonstrated that the NSA had managed to set up infiltration into the network.
VPNs – Encrypt channels of communication thus protecting chains but not that a connection exists
Virtual Private Networks (VPNs) are encrypted channels between one or more network points. They normally use some form of shared encryption key between the end points thus preventing interception of the communication content; however, the metadata (data about data) can still be traced including locations, of end points, times of transmission, etc. Therefore, STELLARWIND can collect this data and deposit into MAINWAY for use in Contact Chaining. If a phone is used as the data connection CO-TRAVELER can match locations and obtain more metadata in addition to location and other data sources nearby.
GCHQ has a different set of names achieving the same ends see here. This shows the applications CARPART, PRIMETIME, SNAPDRAGON, MoaG, SORTING FRIENDS sending data into a system called CHART BREAKER, and onwards into CONTACT LENS which is the Contact Chaining output from MAINWAY and CHART BREAKER