Government Snooping Chains

The NSA and GCHQ Programs provide insight into government snooping chains. This blog also provides a forward to my book Sail Chains. The current focus on surveillance and privacy is based on the actions of Facebook, Amazon and google. The allied western intelligence agencies do much more. Previous blogs

Secure communications, tracking, and other jargon is used within this tale. The descriptions are based on real techniques used in Information Technology and Intelligence Surveillance. Some are described below to avoid lengthy passages of explanation in the narrative of the book and here in this blog for public edification.

Five-Eyes

Five-Eyes is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. These countries are parties to a multilateral agreement which is a treaty for joint cooperation in signals intelligence. It is a wide ranging agreement and includes facilities in each country including the Government Communication Headquarters, GCHQ, in Cheltenham, UK, and the National Security Agency, NSA, with its HQ at Fort Meade in the USA. Both organisations also carry out their own operations and programmes. Many of these programmes were known in small parts to the media and hence general public; however the extent of these programmes was not well known until the revelations leaked or stolen by Edward Snowden.

GCHQ

GCHQ
NSA Signpost
NSA Sign post

Legal restrictions in all Five Eyes countries are supposed to restrict or prevent gathering of information on citizens. Secret courts, FISA (Foreign Intelligence Surveillance Act) in USA and CMPs (Closed Material Procedures) in UK provide legal cover. Parliamentary or Congressional scrutiny is very limited. In many cases the elected representatives or their advisors do not have sufficient levels of security clearance to see the material about the programmes let alone the technical understanding of the implications.

The NSA is not supposed to spy on US citizens without a warrant but they can collect data about US citizens whilst spying on foreigners. In one example 90% of the data collected in one sweep was about US citizens (>9,500 citizens out of 11,000 contacts). In this way GCHQ can spy on US Citizens and vice versa and each can pass data to the other through the Five Eyes and not be subject to any scrutiny. It is clear from multiple sources that this spying is not just on threats but also on journalists, whistleblowers and multiple other targets that the security services have decided are legitimate targets.

Snowden

The main details were leaked by Edward Snowden to two reporters Barton Gellman who published via the Washington Post and Glenn Greenwald in The Guardian. A film maker, Laura Poitras conducted interviews and also acted as a go-between, especially between Snowden and Gellman during the initial contacts when source VERAX was making contact. Many of the electronic copies of papers and programme details remain unreleased by the journalists. The NSA and GCHQ continue to deny many of the details, see here


STELLARWIND

was the code name of a warrant less surveillance program begun under the George W. Bush administration’s President’s Surveillance Program. The National Security Agency (NSA) program was approved by President Bush shortly after the September 11, 2001, attacks and was revealed by Thomas Tamm to The New York Times in 2004. STELLARWIND’s output is fed into the MAINWAY database

PRISM

PRISM is a code name for a program under which the NSA collects internet communications from various US internet companies. The NSA had placed collection systems directly in the data centres of the large tech companies including Microsoft, Google, Apple, Facebook and others. Due to the nature of Internet routing many non-US connections route or partially route via the data centres. Thus privacy campaigners use Virtual Private Networks, VPNs, and other techniques to mask their messages. These techniques are also used by enemies including terrorists.

MAINWAY

MAINWAY is a database maintained by the NSA (and Five Eyes partners) containing metadata for hundreds of billions of telephone calls made through the four largest telephone carriers in the United States: AT&T, SBC, BellSouth (all three now called AT&T) and Verizon. The existence of this database and the NSA program that compiled it was unknown to the general public until USA Today broke the story on May 10, 2006. It is estimated that the database contains over 1.9 trillion call-detail records. The records include detailed call information (caller, receiver, date/time of call, length of call, etc.) for use in traffic analysis and social network analysis, but do not include audio information or transcripts of the content of the phone calls.

Contact Chaining

Contact Chaining is a method of querying data held in MAINWAY to produce contact maps and then using associated algorithms of contacts of a target several levels away e.g. secondary, tertiary and beyond contact of contacts of contacts. Because MAINWAY holds historical data, officially 5 years worth for US citizens but with many caveats, previous contacts can be traced. Exceptions to deletion are any link to on-going or security investigations. This gives rise to an exponential increase in potential contacts. If the first contact has ten contacts and each has ten more and these in turn have ten more at 3rd degree of separation there are now 10x10x10 = 1,000. Most humans have far more than 10 contacts thus chains become very large very quickly. The game 6 Degrees of Kevin Bacon, the US Actor, demonstrates this is more humorous ways.

Algorithms are used to reduce the numbers or combine them into groups. This data is then combined with other communications data, for example, social medial posts and email, to build up a contact map. The seed in this case is the initial target or intercept which by correlating with another seed B. Contact C is thus linked in the chain.

Or a real one shown by the US news programme 60 Minutes

NBC Real Chain

Any one of these contacts or nodes could be the enemy that is sought or allow movements, locations and activity patterns to be tracked thus enabling potential targeting for surveillance or more direct action. Sometimes the enemy is unknown. The node shown is a phone, email address, social media handle, website, which the technique attempts to link to an individual or organisation. A phone number of a head office could be used by hundreds of contacts. How the data is processed into MAINWAY with other named systems mentioned is shown below:

Mainway Dataflow showing Government Snooping Chains

Enemies attempt to hide this activity by changing contact methods, encryption of the content of messages and other evasion techniques. For the NSA and GCHQ they are also tasked with creating method of protecting data from such intercepts by foreign powers or bad actors. Other techniques such as operating cell techniques can founder with just a single contact under the chain. Thus operational security measures are overcome. For example two terrorist cells with a leadership planning a coordinated attack can be linked.

CO-TRAVELER

A system called CO-TRAVELER is designed to track who meets with whom and covers everyone who carries a mobile/cell phone, all around the world. CO-TRAVELER collects billions of records daily of phone user location information. It maps the relationships of mobile/cell phone users across global mobile network cables, gathering data about who you are physically with, and how often your movements intersect with other phone users. The program even tracks when your phone is turned on or off.

TOR – Protects from government snooping or does it?

Tor is free and open-source software for enabling anonymous communication by directing Internet traffic through a worldwide overlay network. It consists of more than seven thousand relays designed to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace the Internet activity to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”. Tor’s intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities unmonitored. It was created by the Office of Naval Research and DARPA as a security protection project and the papers from Snowden demonstrated that the NSA had managed to set up infiltration into the network.

VPNs – Encrypt channels of communication thus protecting chains but not that a connection exists

Virtual Private Networks (VPNs) are encrypted channels between one or more network points. They normally use some form of shared encryption key between the end points thus preventing interception of the communication content; however, the metadata (data about data) can still be traced including locations, of end points, times of transmission, etc. Therefore, STELLARWIND can collect this data and deposit into MAINWAY for use in Contact Chaining. If a phone is used as the data connection CO-TRAVELER can match locations and obtain more metadata in addition to location and other data sources nearby.

GCHQ

GCHQ has a different set of names achieving the same ends see here. This shows the applications CARPART, PRIMETIME, SNAPDRAGON, MoaG, SORTING FRIENDS sending data into a system called CHART BREAKER, and onwards into CONTACT LENS which is the Contact Chaining output from MAINWAY and CHART BREAKER

Ramblings

There has been a lot going on since my last commentary blog hence my new ramblings. The Paris attacks are a notable case in point. These have, once again prompted the powers that be to insist that they need more powers to monitor communications as a way of preventing further attacks.

Once again no specificity is provided on how exactly the systems proposed would have prevented an attack. Especially, given that the purveyors of the UK’s 7/7/ and Lee Rigby attacks and the Paris attackers were already known to the security services and could therefore, have had a warranted watch put on them.

In the House of Lords in the UK, a small group of peers attempted to re-introduce the proposed “Snooper’s Charter” via a back door amendment into another bill. It failed but all the main political parties seem to be keen to re-introduce such legislation in the next Parliament. It may only be a temporary reprieve. I am torn between the need for the security and police services to have the tools they need, against the wider civil liberties objections. It would really help if actual facts were provided rather than meaningless ascertains.

What was truly astonishing was the demonstrable lack of expertise exhibited by any of the speakers. By their questions they could not describe how the technology works, why current systems cannot do what they want, or how they can be circumvented? This against a back-drop of Post-Snowden cynicism. Itself created by the continuing release of so much information on how the 5 Eyes have already misused their powers. Then, there is the misuse of existent legislation, like the use of RIPA to spy on everyone from journalists to dog fouling pedestrians.

The bland statements of we acted within the law, whilst pressing for changes to those same laws. Of course with CCTV on every corner even private face to face meetings can be monitored, if only the pictures were not so rubbish – traffic enforcement does not seem to have the problem.

Frankly, if the security services or police want to intercept get a warrant. This gives them all the power they need. Of course it may help their argument if tapped phone calls etc were admissible in UK courts; yet these same organizations do not want that. So what is the information for?

Even where full surveillance is in place, in the immediate aftermath of a terrorist attack, the security services and police managed to kill the wrong target (Mendes) or used their authority to investigate the family of innocent victims (Lawrence). Both of course actions under the stewardship of the then Met Police Commissioner Blair. The same Blair who tried to get the amendment through parliament.

Another Blair, (ex PM this time) of course has stated how keen he is for the Chilcott inquiry to finally report on the actions leading up to the second Iraq war. The report has again been delayed until after the next election. Much like the Bloody Sunday Inquiry – good job if you can get it – unlimited budget, no delivery timescale, and a no requirement to come up with interim or other conclusions. Even parliamentary scrutiny can be ignored or not answered. Independent judiciary, or cover up for their mates? It is difficult to decide. Of course I would love to see the outcome in light of the background story to my own books (needed to get a plug in somewhere) An Agent’s Demise and An Agent’s Rise. One reviewer thought my story was far fetched – clearly they have not read about the machinations of the politicians and spy agencies to justify their actions.

Still another election is looming and the electorate are far more concerned with who will win Big Brother rather than who is behaving as Big Brother!

Spying and Oversight

Spying and oversight from November 2013

As a relatively new author, I watched with interest the appearance of the UK’s Spy Chiefs in front of the Parliamentary Committee that is established to hold them to account. My first book published – An Agent’s Demise – had as a backdrop how the Iraqi Dossier might have been manipulated to lead the politicians to decide to go to war. I have started a sequel – An Agent’s Rise and I have another story underway another thriller about revolution. These tales are all triggered by a keen interest in what the spies might get up to, but just as importantly what the politicians and the spy’s bosses know. Plausible deniability is often used to cover tracks both by spies, their managers and the politicians.

The revelations from Edward Snowden a former American computer specialist who apparently worked as a CIA employee and NSA contractor, provided information to the press, some of which has been published, about classified operations by the USA, Israel, and the UK security services. From what little we know these mass surveillance operations have added to some of our knowledge as to what happens, but has concentrated on the technicalities of the programmes rather than what is done with the information.

The appearance of the UK’s spy chiefs in front of the Committee is a regular occurrence but this was the first with all three chiefs (Security Service, Secret Intelligence Service and GCHQ) in public. You can watch the proceedings from the BBC here. Not mentioned but notable by his absence was the Chief of Defence Intelligence (DI) who’s task is to act as “the main provider of strategic defence intelligence to the department (Ministry of Defence) and the Armed Forces.” Apparently the actual strategic defence of the UK is not as important so his attendance at the committee was not called for. Fighting the terrorist war on the ground in Afghanistan is a military operation which GCHQ supports, when their resources are not diverted by the NSA to help monitor Angela Merkel’s mobile phone in the interests of commercial advantage National Security.

So what did we learn from the evidence? Very little; the media made a big deal of the admission by the head of GCHQ that monitored terrorist groups had been observed/heard/monitored discussing how to change their methods of communication in the light of Snowden’s published revelations. If GCHQ bothered to notice the discussion about Internet security has been a constant trend on technical forums for at least 15 years, where methods of encryption, monitoring, obfuscation and a whole host of techniques have been freely discussed. If the UK’s enemies (terrorist or other) were not aware of the techniques then they are either more stupid than we think or perhaps it was a good line to feed the media. Admitting that we have overheard such a discussion is also telling them exactly what Snowden told them, so Sir Iain Lobban (Head of GCHQ) haven’t you just given away that little secret, perhaps your passport should be removed.

There have been some very clever uses of words in the USA and UK to describe the activities like PRSIM and why they are considered legal, under political scrutiny. Effectively the NSA can trawl the data on UK citizens given to it by GCHQ without a warrant and GCHQ can trawl the USA data given to it by NSA without a warrant. Both agencies may legally spy on foreigners without warrants. There is not a handover of a database. It’s the same systems in use just different access permissions. Both agencies can then report to their oversight representatives that they are operating within the law.

Then we have the testimony, not under oath by the way, that multiple terrorist operations have been prevented in the last few years. In Parliament the Head of the Secret Service said 34 operations had been disrupted but provided no evidence for this statement. In the USA General Alexander, head of the NSA, accompanied by the Director of National Intelligence James Clapper, stated in testimony to Congress that 54 operations had been prevented since 9th September 2011, again no details provided. He did admit that the use of the surveillance systems had not necessarily contributed to any of these operations.

So what do we know, in the UK there were the attacks of 7th July 2005. Several of the suicide bombers and their wider circle were known to the authorities – result 52 dead over 700 injured. That was four years after 9/11 and that attack was after Embassy bombings and attacks around the globe. This was followed by failed attacks two weeks later when the security authorities managed to kill an innocent Brazilian on a tube train after he had got on that tube train. I won’t list all the attacks Wikipedia has a comprehensive list, but please note the IRA ones over 30 years and yet Al-Qa’eda are considered a bigger threat? The former head of the Metropolitan Police, Sir Ian Blair, stated in December 2006 that

Al-Qa’eda poses a greater threat to civilian life than the Nazis did during the Second World War.

Sir Ian had clearly never researched The Blitz, which killed over 40,000 civilians in one 57-day period from September 1940. He may have been exaggerating a little but is this the mind set, or just a bad history education?

So returning to Parliament and the serious damage that Snowden is alleged to have done. It has been quoted that Snowden’s leaks are the greatest threat to UK Intelligence operations. Like Sir Ian Blair methinks they doth protest too much. They clearly have forgotten or would like us to forget about Blunt, Philby, McClean, Burgess, possibly Cairncross, often reffered to as The Cambridge Four/Five or how about the Profumo scandal when the then Minister of State for War (now the MoD) John Profumo shared a mistress with the Soviet Naval Attaché. Before our American friends get all clever about the British problem what about the Rosenburgs or John Walker.

According to reports Snowden shared access to the information he attained with nearly 1 million others, clearly this secret is not quite as secret as some might think. The fact he could leave the high security office with all this data is the security scandal and out security chiefs on both sides of the Atlantic seem hell bent on avoiding how Snowden got the information instead concentrating, as ever, on the messenger. Snowden did not hand the information to Al-Qa’eda, he may have been in China and now Russia but the security services have failed to demonstrate that the information is in the hands of the Russian or Chinese intelligence services. Stopping the partner of the journalist who was allegedly carrying a written down password to a USB stick does not mean that the stick has been accessed; in fact we are then told that the security services were unable to access the data or were they? So why mention the password at all, maybe it was his bank PIN? Maybe the current court case investigating his detention at Heathrow airport on suspicion of terrorism might shed some light?

As a would be author I have so many possible plot lines for a fictional story left by this mess I don’t know where to start. How much of the story and information that is in the public eye is disinformation or real, is impossible to guess. From what I have seen of our democratic institutions their lack of oversight, technological knowledge, and willingness to believe what the spy chiefs tell them, is not encouraging. After all Sir Malcolm Rifkind the head of the Parliamentary Committee former Foreign Secretary (responsible for the Secret Intelligence Service) has never explained why he claimed expenses for constituency flights to Scotland when his constituency is in London, all within the rules, all submitted with proper Government oversight. He was by no means the worst of the MP expenses scandal but… I haven’t commented on the lack of questions about torture, extraordinary rendition, or any of the other things that maybe we should know about being done in our name, after all the hounding of one, perhaps misguided, whistle-blower is so much better TV than asking a proper question or getting a proper answer.

  • UK spy chiefs emerge from shadows to blast Edward Snowden – Reuters (reuters.com)
  • NSA leaks: UK’s enemies are ‘rubbing their hands with glee’, says MI6 chief (theguardian.com)
  • UK spy chiefs hit out at Snowden (skynews.com.au)
  • Questioning of spy agency chiefs ‘wouldn’t have scared a puppy’ (theguardian.com)