Government Snooping Chains

The NSA and GCHQ Programs provide insight into government snooping chains. This blog also provides a forward to my book Sail Chains. The current focus on surveillance and privacy is based on the actions of Facebook, Amazon and google. The allied western intelligence agencies do much more. Previous blogs

Secure communications, tracking, and other jargon is used within this tale. The descriptions are based on real techniques used in Information Technology and Intelligence Surveillance. Some are described below to avoid lengthy passages of explanation in the narrative of the book and here in this blog for public edification.

Five-Eyes

Five-Eyes is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. These countries are parties to a multilateral agreement which is a treaty for joint cooperation in signals intelligence. It is a wide ranging agreement and includes facilities in each country including the Government Communication Headquarters, GCHQ, in Cheltenham, UK, and the National Security Agency, NSA, with its HQ at Fort Meade in the USA. Both organisations also carry out their own operations and programmes. Many of these programmes were known in small parts to the media and hence general public; however the extent of these programmes was not well known until the revelations leaked or stolen by Edward Snowden.

GCHQ

GCHQ
NSA Signpost
NSA Sign post

Legal restrictions in all Five Eyes countries are supposed to restrict or prevent gathering of information on citizens. Secret courts, FISA (Foreign Intelligence Surveillance Act) in USA and CMPs (Closed Material Procedures) in UK provide legal cover. Parliamentary or Congressional scrutiny is very limited. In many cases the elected representatives or their advisors do not have sufficient levels of security clearance to see the material about the programmes let alone the technical understanding of the implications.

The NSA is not supposed to spy on US citizens without a warrant but they can collect data about US citizens whilst spying on foreigners. In one example 90% of the data collected in one sweep was about US citizens (>9,500 citizens out of 11,000 contacts). In this way GCHQ can spy on US Citizens and vice versa and each can pass data to the other through the Five Eyes and not be subject to any scrutiny. It is clear from multiple sources that this spying is not just on threats but also on journalists, whistleblowers and multiple other targets that the security services have decided are legitimate targets.

Snowden

The main details were leaked by Edward Snowden to two reporters Barton Gellman who published via the Washington Post and Glenn Greenwald in The Guardian. A film maker, Laura Poitras conducted interviews and also acted as a go-between, especially between Snowden and Gellman during the initial contacts when source VERAX was making contact. Many of the electronic copies of papers and programme details remain unreleased by the journalists. The NSA and GCHQ continue to deny many of the details, see here


STELLARWIND

was the code name of a warrant less surveillance program begun under the George W. Bush administration’s President’s Surveillance Program. The National Security Agency (NSA) program was approved by President Bush shortly after the September 11, 2001, attacks and was revealed by Thomas Tamm to The New York Times in 2004. STELLARWIND’s output is fed into the MAINWAY database

PRISM

PRISM is a code name for a program under which the NSA collects internet communications from various US internet companies. The NSA had placed collection systems directly in the data centres of the large tech companies including Microsoft, Google, Apple, Facebook and others. Due to the nature of Internet routing many non-US connections route or partially route via the data centres. Thus privacy campaigners use Virtual Private Networks, VPNs, and other techniques to mask their messages. These techniques are also used by enemies including terrorists.

MAINWAY

MAINWAY is a database maintained by the NSA (and Five Eyes partners) containing metadata for hundreds of billions of telephone calls made through the four largest telephone carriers in the United States: AT&T, SBC, BellSouth (all three now called AT&T) and Verizon. The existence of this database and the NSA program that compiled it was unknown to the general public until USA Today broke the story on May 10, 2006. It is estimated that the database contains over 1.9 trillion call-detail records. The records include detailed call information (caller, receiver, date/time of call, length of call, etc.) for use in traffic analysis and social network analysis, but do not include audio information or transcripts of the content of the phone calls.

Contact Chaining

Contact Chaining is a method of querying data held in MAINWAY to produce contact maps and then using associated algorithms of contacts of a target several levels away e.g. secondary, tertiary and beyond contact of contacts of contacts. Because MAINWAY holds historical data, officially 5 years worth for US citizens but with many caveats, previous contacts can be traced. Exceptions to deletion are any link to on-going or security investigations. This gives rise to an exponential increase in potential contacts. If the first contact has ten contacts and each has ten more and these in turn have ten more at 3rd degree of separation there are now 10x10x10 = 1,000. Most humans have far more than 10 contacts thus chains become very large very quickly. The game 6 Degrees of Kevin Bacon, the US Actor, demonstrates this is more humorous ways.

Algorithms are used to reduce the numbers or combine them into groups. This data is then combined with other communications data, for example, social medial posts and email, to build up a contact map. The seed in this case is the initial target or intercept which by correlating with another seed B. Contact C is thus linked in the chain.

Or a real one shown by the US news programme 60 Minutes

NBC Real Chain

Any one of these contacts or nodes could be the enemy that is sought or allow movements, locations and activity patterns to be tracked thus enabling potential targeting for surveillance or more direct action. Sometimes the enemy is unknown. The node shown is a phone, email address, social media handle, website, which the technique attempts to link to an individual or organisation. A phone number of a head office could be used by hundreds of contacts. How the data is processed into MAINWAY with other named systems mentioned is shown below:

Mainway Dataflow showing Government Snooping Chains

Enemies attempt to hide this activity by changing contact methods, encryption of the content of messages and other evasion techniques. For the NSA and GCHQ they are also tasked with creating method of protecting data from such intercepts by foreign powers or bad actors. Other techniques such as operating cell techniques can founder with just a single contact under the chain. Thus operational security measures are overcome. For example two terrorist cells with a leadership planning a coordinated attack can be linked.

CO-TRAVELER

A system called CO-TRAVELER is designed to track who meets with whom and covers everyone who carries a mobile/cell phone, all around the world. CO-TRAVELER collects billions of records daily of phone user location information. It maps the relationships of mobile/cell phone users across global mobile network cables, gathering data about who you are physically with, and how often your movements intersect with other phone users. The program even tracks when your phone is turned on or off.

TOR – Protects from government snooping or does it?

Tor is free and open-source software for enabling anonymous communication by directing Internet traffic through a worldwide overlay network. It consists of more than seven thousand relays designed to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace the Internet activity to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”. Tor’s intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities unmonitored. It was created by the Office of Naval Research and DARPA as a security protection project and the papers from Snowden demonstrated that the NSA had managed to set up infiltration into the network.

VPNs – Encrypt channels of communication thus protecting chains but not that a connection exists

Virtual Private Networks (VPNs) are encrypted channels between one or more network points. They normally use some form of shared encryption key between the end points thus preventing interception of the communication content; however, the metadata (data about data) can still be traced including locations, of end points, times of transmission, etc. Therefore, STELLARWIND can collect this data and deposit into MAINWAY for use in Contact Chaining. If a phone is used as the data connection CO-TRAVELER can match locations and obtain more metadata in addition to location and other data sources nearby.

GCHQ

GCHQ has a different set of names achieving the same ends see here. This shows the applications CARPART, PRIMETIME, SNAPDRAGON, MoaG, SORTING FRIENDS sending data into a system called CHART BREAKER, and onwards into CONTACT LENS which is the Contact Chaining output from MAINWAY and CHART BREAKER

In, Out or Shake It All About

In, out or shake it all about was written before the referendum on Brexit

I did not think I would return so quickly to the UK’s in out referendum as a blog topic but here I am. Once again I am heartily sick of this misinformation that is allowed to run across our media outlets without proper questioning.

This week much has been made of the legal status of the agreement with the Council of Europe and whether it is binding. Bottom line on this, in my view, is that the agreement is binding in intent but only becomes formalised after treaty change. As I explained in my previous post, this will require referendums in several other countries. If rejected by the constitutional process in those countries then what?

There continues to be a lack of clarity on many areas of our relationship with the EU regardless of the agreement negotiated. The in/out decision is really about this for most out campaigners. Regardless of the renegotiation details which appear almost to be a side show. I’ll focus on three elements Finance, Security, Rights and Trade.

Finance

The UK’s is the 4th largest contributor but the 2nd largest net contributor behind Germany. This net contribution is effectively a membership fee and that contribution is used by the EU organisations to subsidise and support other EU nations of which Poland, in 2013, was the largest recipient. In other words it is overseas aid for the EU.   This fee in 2015 was £9 billion based on £18b contribution, £5b rebate (Mrs T) and £4b in farming via Common Agricultural. As a comparison the UK currently pays £43b per year in interest on its National debt of £1.6 Trillion.

The UK is the 5th or 6th largest economy in the world depending on which source you site. G7 membership, G20 membership IMF etc are not dependent on EU membership.

Security

The In campaigners claim we are safer inside the EU. The Out disagree.  So facts:

Under Article 51 of the UN charter all nation states have the right to self defence. The UK is a permanent member of the UN Security Council – one of five. Under Article 51 NATO operates its collective defence policy of an attack against one is an attack against all. NATO is the same size as the EU in terms of members, but they do not align. Several EU countries are Neutral (Austria, Finland and Sweden. You can add Ireland based on non-belligerency) therefore they cannot help with that type of security. Of course the USA and Canada are not in the EU but help with security. In/Out this does not change.

Security has other forms. The UK is one of the so-called 5-eyes which share intelligence information this is (CIA, MI5, MI6 , NSA, GCHQ etc with Australia, New Zealand ,Canada and the USA).  No other member of the EU is; therefore, there is intelligence information that the UK does not share with those countries. There are separate agreements with some countries (France, Germany, Netherlands etc) and NATO shares some. So much for the contribution to the EU security.

Europol is put forward as  a good example of EU security. Norway is mentioned as European, non-EU member that shares information. What is Europol? It has 800 members of staff of which 145 are liaison officers from member police forces. Under 5-eyes MI5 which along with the Met Police has Counter-Terrorism responsibilities, can’t share info with Europol. In fact much activity in 5-eyes is spent spying on our EU partners. Mrs Merkel’s phone for example. Do we really believe that Europol cooperation would stop if the UK left, or would a Norway arrangement be made. Then there is Interpol which is in 190 countries with many of the same aims as Europol. We would still be a member of that.

Rights

We are protected by the UN, Universal Declaration of Human Rights and the European Convention on Human Rights. Both predate and are separate from the EU. The European Court of Human Rights is not an EU institution, nor is the War Crimes unit, nor the International Court. The EU does have the CJEU or the European Court of Justice which arbitrates on EU law i.e. the rights and wrongs under the treaty. This was the argument on legality disputed by the two sides this week. In effect they are both right. The CJEU could over turn but it has never done so. So, it will not, or might not, but could.

Some rights I believe the EU has done a much better job on then the UK authorities. Data protection is one are where the UK’s Information Commissioner has been an abject failure primarily due to the powers granted to the ICO. The EU has been much stronger striking down the pathetic Safe Harbor agreement with the USA as offering no protection. Whether the UK alone would stand up to the USA in these matters is doubtful, given 5-eyes its unlikely. This might mean that in event of an exit the EU may not be able to exchange data with the UK. That will be a major impediment to trade so would need to be addressed. In this case EU protection offers more than just UK.

Trade

Following the letter from several major companies promoting stay in the airwaves and print were full of disagreements on what exit might mean. I return to World Trade Organisation, G7, G20 and other agreements. Based on import export the EU needs us in a free trade area more than we need them especially as the EFTA agreements have not fully supported the trade in services.  BMW and Audi will not want to lose access to the market. Any hint of trade tariffs or protectionism would just escalate on both sides. The actions of the Eurozone will make this more and more difficult for those members

In or Out

I still don’t know but I want to see much stronger reasons for staying in then I have seen so far. The new agreement does not change that as I cannot see anything fundamental changing. Removing ever closer union from a treaty (if approved) means nothing when the Eurozone is doing just that and has to do that to make the Euro work.