February 3, 2024

Safe and Free: comparing national legislation on electronic surveillance

A project called Safe and Free by the University of Texas now provides an overview of the legal framework for electronic surveillance by intelligence and law enforcement agencies in 12 democratic countries.

Here, I will introduce the project and discuss some general trends, as well as the different forms of prior approval of electronic surveillance operations.

Since the start of the Snowden revelations in June 2013, electronic surveillance has become a highly disputed topic. The controversy does not just concern the activities of the American signals intelligence agency NSA, but is also raised in European countries like Germany, The Netherlands and Denmark.

As the regulation of electronic surveillance is highly specialised, it's often difficult to judge whether certain measures are appropriate and effective. One way to improve them is by looking at solutions in other countries, preferably those with a similar rule-of-law tradition. This comparison is now provided by the Safe and Free project of the Strauss Center on International Security and Law at the University of Texas at Austin.

The project explores the variety of ways in which democratic states try to align surveillance for national security purposes with their values and laws. Safe and Free is an initiative of Adam Klein, director of the Strauss Center and former chairman of the Privacy and Civil Liberties Oversight Board (PCLOB), which oversees the civil liberty implications of US intelligence and counter-terrorism activities.

For Safe and Free a wide variety of surveillance experts, like think-tank members, academics, former government officials and journalists were asked to describe the legal framework for electronic surveillance in their country. This resulted in papers about the situation in Australia, Canada, France, Germany, The Netherlands, Poland, Romania, Sweden, the United Kingdom, and the United States.

Papers about Japan and South-Korea can be expected some time in the future. I had the honor of writing the paper about The Netherlands, describing the development of the legal framework for government interception from the 1960s until the current law from 2018 (which, quite unique, was subject to an advisory referendum).

Map showing the countries covered by the Safe and Free project
Click the map for a clickable map!

Reading all the papers shows how different national laws and regulations are, despite the fact that in practice, the technical methods are largely the same. All over the world, the telecommunications infrastructure for telephone and internet communications is very similar, as are the methods for interception. Hacking operations may require more creativity but have many tools and techniques in common as well.

Because states have different legal systems, institutional traditions and political constellations, the regulation of electronic surveillance methods differs from country to country. Nonetheless, some basic trends can be distinguished. An important one is the distinction between foreign and domestic, which affects many aspects.

First, most countries have separate agencies for foreign intelligence and domestic security, with signals intelligence traditionally being conducted by the military and domestic wiretapping sometimes by a national or federal police service.

In The Netherlands the civilian AIVD and the military MIVD both combine a foreign and a domestic mission, separated by their goals, instead of collection methods. Dedicated signals intelligence agencies are typical for the Five Eyes countries (the US, the UK, Canada, Australia and New Zealand), but Sweden has one as well, the FRA.

Usually, the domestic security agencies are governed by rather strict laws to safeguard the rights of their national citizens, while for foreign intelligence agencies we see more lax or even no regulations as monitoring foreign targets is considered "fair game".

Edward Snowden, however, considered this distinction very unfair and demanded equal protection for everyone. In some countries his view was picked up by the press, civil rights organizations and public opinion and eventually led to legal changes.

In the United States, presidents Obama and Biden implemented a range of constraints on the NSA's signals intelligence collection abroad, while in Germany the constitutional court ruled that fundamental rights restrict the BND's intelligence collection outside the country as much as they do inside German borders. In The Netherlands and Romania the law does not distinguish between foreign and domestic operations.

The building of the European Court of Human Rights (ECHR) in Strasbourg, France
(photo: CherryX/Wikimedia Commons)

A further increase in safeguards for human rights comes from the European Court of Human Rights (ECHR), the jurisdiction of which is recognized by 46 European countries. A notable requirement of this court is that the most intrusive surveillance methods, including tapping and hacking operations, need prior approval by an independent body.

Intercepting domestic communications for criminal prosecution is subject to judicial approval almost everywhere, but when it's done by a security agency for national security or intelligence purposes, it's usually a cabinet minister who signs off. This bore the risk of politically motivated eavesdropping, so now there has to be ex ante oversight in order to meet the case law of the ECHR.

Germany has already had such a body for decades, called the G10 Commission. Other countries followed more recently: Sweden has had the FUD since 2009, France created the CNCTR in 2015, the UK installed Judicial Commissioners in 2016 and The Netherlands established the TIB commission in 2018.

All these bodies largely consist of former judges, but in France, Germany and Sweden they include (former) members of parliament as well. This shows the differences between political cultures, as in The Netherlands parliamentarians would probably not be seen as a sufficient safeguard for independent control.

Canada has an independent Intelligence Commissioner as well, while in Australia surveillance operations which affect Australian citizens have to be approved by three ministers and the attorney general. Finally, in the US, national security operations by the FBI have to be approved by either a regular court or the FISA Court, but so-called National Security Letters can be issued by the Bureau without judicial involvement.

Depending on each country's legal situation, some of these independent bodies for prior approval also authorize or review foreign intelligence operations, but in many states the monitoring of foreign communications only needs to be approved by a minister or even just within the intelligence agency itself. The latter is the case, for example, in Poland and Romania.

In the US, the NSA merely needs a general annual certification by the FISA Court when foreign data are collected inside the US (notably via the PRISM program) and no external approval is required when collection against foreign targets takes place abroad.

In Western European countries we see that new legislation comes with increasing safeguards for civil liberties and privacy rights, but in some Eastern European countries the situation is different.

Despite the fact that Poland and Romania both have to adhere to the case law of the ECHR, their most recent laws are aimed more towards extending electronic surveillance powers and less towards accountability, democratic control and privacy safeguards. Exemplary was that Polish authorities used the notorious Pegasus spyware against political opponents.

By comparing the legal frameworks of each country we can see these kinds of general trends as well as the different ways in which safeguards are eventually implemented. They provide a set of best practices and options that can be used to improve the often complex regulation of electronic surveillance in a particular country.

Here, I focused on the issue of prior approval, but similar lessons can be learned about other topics, like the regulations for targeted and untargeted tapping operations, the use of metadata and ex post oversight by independent and parliamentary commissions. Therefore it's highly recommended to read all the papers of the Safe and Free project, which can be found at www.safeandfree.io

- Lawfare: Safe and Free: National-Security Surveillance and Safeguards Across Rule-of-Law States (2023)
- See also: International repository of legal safeguards and oversight innovation

December 11, 2023

Laatste kans voor duidelijkheid over de Tijdelijke wet cyberoperaties [NL]

(Update: December 24, 2023)

This time a blog post in Dutch about the temporary act that gives Dutch intelligence and security services more leeway for "operations against countries with an offensive cyber program directed against The Netherlands".

Wetgevingsoverleg in de Tweede Kamer over de Tijdelijke wet cyberoperaties, 16 oktober 2023


Momenteel behandelt de Eerste Kamer de Tijdelijke wet cyberoperaties, waarmee het voor de Nederlandse geheime diensten makkelijker wordt om hack- en kabeltapoperaties uit te voeren. Vanuit de AIVD en de MIVD wordt benadrukt dat deze versoepelingen dringend nodig zijn in de strijd tegen cyberaanvallen vanuit landen als Rusland en China, maar anderen vrezen dat hiermee een digitaal sleepnet mogelijk wordt gemaakt.

De Tweede Kamer ging op 24 oktober reeds in grote meerderheid akkoord met het wetsvoorstel, alleen de SP en Forum voor Democratie stemden tegen. Voorafgaand was er geen plenair kamerdebat, maar bespraken minister De Jonge van Binnenlandse Zaken en Ollongren van Defensie het voorstel alleen in een zogeheten wetgevingsoverleg met de kamercommissie voor Binnenlandse Zaken (in de samenstelling van vóór de verkiezingen van 22 november).

Verkenning bij ongerichte kabeltaps

De tijdelijke wet geldt voor vier jaar en maakt het onder meer mogelijk dat de beide geheime diensten makkelijker toegang krijgen tot computers en servers die door een vijandelijke dienst gehackt zijn. De meest controversiële bepalingen zijn echter die over ongerichte kabelinterceptie, die officieel "Onderzoeksopdrachtgerichte (OOG) interceptie" wordt genoemd.

Onder de huidige Wet op de inlichtingen- en veiligheidsdiensten (Wiv 2017) moet ongerichte interceptie, oftewel het in bulk aftappen van internetverbindingen, niet alleen noodzakelijk, proportioneel en subsidiair, maar ook "zo gericht mogelijk" zijn. In de praktijk bleek dat laatste vereiste echter niet toepasbaar op de allereerste stap die voor zo'n tap nodig is, namelijk het inventariseren van welk soort kabelverkeer uit welke landen over welke kabels loopt.

De tijdelijke wet maakt dit mogelijk door de introductie van de bevoegdheid tot "verkenning ten behoeve van ongerichte interceptie". Daarbij mag internetverkeer in bulk worden afgetapt en opgeslagen, maar alleen om vast te stellen welke datastromen interessant genoeg zijn voor een daadwerkelijke kabeltap.

Deze mogelijkheid tot verkenning is dus een zinvolle toevoeging, maar hij geldt alleen voor "onderzoeken naar landen met een offensief cyberprogramma", aangezien dat het doel van de tijdelijke wet is. Dat betekent dat deze verkenning niet geldt voor ongerichte interceptie ten behoeve van onderzoeken op andere terreinen. Daar blijven de diensten dus vastzitten aan het onwerkbare gerichtheidsvereiste, wat doet vermoeden dat men de ongerichte kabelinterceptie de komende jaren hoofdzakelijk voor het bestrijden van cyberaanvallen wil inzetten.

Hele wijken afluisteren?

Er zijn over de Tijdelijke wet cyberoperaties nog meer onduidelijkheden die ook tijdens de behandeling in de Tweede Kamer niet of nauwelijks verhelderd werden. Sowieso besteedden de meeste kamerleden hun spreektijd grotendeels aan het simpelweg herhalen van wat in de wet staat. Stevig en kritisch doorvragen deden eigenlijk alleen Nicole Temmink van de SP en Pepijn van Houwelingen van Forum voor Democratie, maar ook hun vragen waren niet goed genoeg doordacht om de juiste antwoorden te krijgen.

Zo beet Van Houwelingen zich vast in de vraag of het wetsvoorstel het mogelijk maakt om hele wijken af te luisteren. Minister De Jonge hield vol dat het aftappen van hele wijken niet kan en niet mag en dat de diensten dat ook niet willen. Inderdaad is het technisch gezien erg omslachtig om al het dataverkeer uit bepaalde wijken te onderscheppen aangezien bewoners hun vaste en mobiele dataverkeer via verschillende providers hebben lopen. Zouden de diensten inderdaad een bepaalde wijk willen monitoren, dan zou dataverkeer uit de netwerken van alle betrokken providers gehaald moeten worden.

Van Houwelingen had dus eigenlijk moeten vragen of de diensten een substantieel deel van het dataverkeer van een bepaalde provider kunnen onderscheppen. Dat zou voor de minister moeilijker te ontkennen zijn geweest. Wel zal het daarbij voor de diensten interessanter zijn om niet de verbinding tussen een provider en zijn abonnees, maar die tussen een provider en de rest van het internet af te tappen omdat langs die weg de buitenlandse cyberaanvallen binnenkomen.

Omvang en herkomst van cyberaanvallen in de periode 2005 t/m 2022 (bron)

Nederlands dataverkeer onderscheppen?

Minister De Jonge betoogde bovendien dat als de diensten interesse in iemands buurman zouden hebben, zij daarvoor niet de ongerichte kabelinterceptie zullen inzetten, omdat er genoeg andere, meer gerichte methodes zijn om een target in Nederland te monitoren. De ongerichte kabelinterceptie wil men vooral gebruiken om ongekende dreigingen uit het buitenland in beeld te krijgen, aldus de minister.

Dit is overeenkomstig de brief van 6 april 2018, waarin de ministers van Binnenlandse Zaken en van Defensie aan de Tweede Kamer lieten weten dat het "vrijwel uitgesloten [is] dat OOG-interceptie op de kabel de komende jaren wordt ingezet voor onderzoek naar communicatie met oorsprong en bestemming in Nederland".

Tussen haakjes stond daar echter achter: "met uitzondering van onderzoek in het kader van cyber defence, omdat bij digitale aanvallen misbruik wordt gemaakt van de Nederlandse digitale infrastructuur en OOG-interceptie op de kabel noodzakelijk kan zijn om dit te onderkennen." Deze niet onbelangrijke uitzondering liet minister De Jonge tijdens het overleg met de kamercommissie echter achterwege.

Nederlands dataverkeer kan dus wel ten behoeve van cyber defence in bulk worden afgetapt, en laat de tijdelijke wet nou net daarop betrekking hebben. Omdat geen enkel kamerlid dit heeft opgemerkt hebben zij kennelijk te weinig tijd en ondersteuning om zich dit ingewikkelde dossier voldoende eigen te maken. Ook is er een gebrek aan ervaring: van de kamerleden die zich in 2018 rond het referendum in de Wiv verdiept hadden zit alleen Martin Bosma van de PVV nog in de Kamer.

Momentopnames van zes maanden?

Naast Van Houwelingen was ook Nicole Temmink van de SP vasthoudend in het kritisch doorvragen. Haar ging het vooral om de bewaartermijn van zes maanden voor de data die tijdens de verkennende fase worden afgetapt.

In antwoorden op schriftelijke kamervragen werd gezegd dat deze zes maanden nodig zijn "om de geïntercepteerde gegevensstromen goed te kunnen beoordelen op bruikbaarheid" maar dat is een nogal magere onderbouwing voor de mogelijkheid om een potentieel zeer grote hoeveelheid internetdata een half jaar lang te bewaren. Minister De Jonge bleef beweren dat het hierbij slechts om een momentopname, een foto ("een snapshot") gaat.

Ook hier viel op dat de kamerleden kennelijk niet over voldoende informatie beschikten. Speciaal over het snapshotten heeft toezichthouder CTIVD namelijk in 2022 een gedetailleerd rapport uitgebracht. Daarin wordt gezegd dat dit snapshotten tot nu toe inhield dat een datakanaal maximaal twee uur per dag wordt afgetapt om de potentiële inlichtingenwaarde daarvan vast te stellen.*

Het kan zijn dat De Jonge bedoelde dat in de praktijk een snapshot nog steeds beperkt zal blijven tot twee uur per dag en dat het resultaat daarvan dan zes maanden bewaard blijft. Dat zou waarschijnlijk voor iedereen wel acceptabel zijn, maar door dat niet in de wet op te nemen, of tenminste expliciet toe te zeggen, is er nu ruimte om een continue datastroom op te slaan. Een dergelijke onduidelijkheid zou zich hier niet mogen voordoen.

Hoofdkantoor van de AIVD, waar zich ook de Joint Sigint Cyber Unit bevindt

Uitwisseling met het buitenland

Een laatste kritiekpunt op de nieuwe verkenningsfase is het feit dat data die daarbij binnengehaald worden ook met buitenlandse diensten gedeeld mogen worden. Volgens de minister gaat het daarbij alleen om "technische ondersteuning" waarbij een betrouwbare buitenlandse partner kan helpen met het duiden van bepaalde data. Het is echter niet duidelijk geworden of datastromen dan in hun geheel (mogen) worden doorgestuurd, of alleen de stukjes die voor onze eigen diensten raadsels opleveren.

Minister De Jonge gaf aan dat technische ondersteuning bijvoorbeeld nodig kan zijn om "de encryptie van bepaald Russisch verkeer te ontcijferen". Gezien de scope van de tijdelijke wet, het bestrijden van cyberaanvallen, zal het daarbij niet om diplomatieke berichten gaan, maar om malware, die tegenwoordig ook steeds vaker versleuteld is om virusscanners te ontduiken.

In het overleg met de kamercommissie voegde De Jonge daar aan toe dat onze diensten er vaak door buitenlandse partners op gewezen worden dat een bedrijf of instelling in Nederland under attack is en daarbij ook te horen krijgen aan wie zo'n aanval valt toe te rekenen: "Die samenwerkingsrelatie hou je goed als je niet alleen maar komt halen, maar ook af en toe kunt brengen".

Daarmee geeft de minister aan dat het bij deze wet niet zozeer gaat om het ouderwetse afluisteren van gesprekken of meelezen van e-mailberichten, maar om het detecteren van malware en hackpogingen. En dat de ongerichte kabeltoegang dus ook nodig is om buitenlandse partners te kunnen waarschuwen, zodat zij op hun beurt ons op de hoogte blijven houden van cyberdreigingen richting Nederland.


De Tijdelijke wet cyberoperaties is bijzonder complex en gaat over bevoegdheden op een terrein dat de komende jaren alleen maar belangrijker zal worden, namelijk het bestrijden van cyberaanvallen door landen als Rusland en China.

Ondanks dat er in schriftelijke stukken en in de mondelinge behandeling heel veel woorden over zijn gewisseld, lijkt de Tweede Kamer niet volledig te hebben doorgrond waarmee zij heeft ingestemd. Wanneer kamerleden al kritisch doorvroegen was dat met vragen die de minister de gelegenheid gaven om ontwijkend te antwoorden.

Daardoor is over diverse punten van zorg geen duidelijkheid gekomen en lijkt er zelfs nauwelijks besef te zijn dat het hier niet zozeer om klassieke inlichtingenvergaring, maar om cyber defence gaat. Daarvoor hebben de diensten weliswaar een breed zicht op kabelverkeer nodig, maar kijken ze met name naar buitenlandse cyberaanvallen en niet naar gedragingen van Nederlandse burgers.

Doordat dit niet expliciet is gemaakt blijft de wet te vaag en is de verontrusting op z'n minst begrijpelijk. De Eerste Kamer kan het wetsvoorstel niet meer wijzigen, maar kan door het stellen van de juiste vragen nog wel de nodige opheldering verkrijgen.

UPDATE: Schriftelijke vragen van de Eerste Kamer

Op 21 december 2023 publiceerde de Eerste Kamercommissie voor Binnenlandse Zaken haar schriftelijke vragen aan het kabinet. Vanuit bijna alle fracties zijn een behoorlijk groot aantal vragen gekomen, waarbij vrij veel vragen echter ook gaan over dingen die reeds bij de behandeling in de Tweede Kamer besproken en beantwoord zijn of anderzins al ergens terug te vinden zijn.

Voorts zijn veel vragen nogal algemeen gestelde open vragen, waarop het kabinet ontwijkend of onvolledig kan antwoorden, zoals we tijdens het wetgevingsoverleg in de Tweede Kamer al zagen. Een voorbeeld is dat nu gevraagd wordt "hoe bij de toepassing van dit wetsvoorstel zal worden omgegaan met metadata", in plaats van dat specifiek werd gevraagd of voor de verkennende fase niet kan worden volstaan met het analyseren van metadata (zodat de inhoud van datastromen ongemoeid blijft) en zo niet, waarom niet.

Vervolgens had dan gevraagd kunnen worden of voor de verkenning de datastromen altijd moeten worden opgeslagen of dat ze ook online kunnen worden gefilterd. Dat laatste werd al in de Memorie van Toelichting op de Wiv uit 2016 genoemd als een methode die specifiek ten behoeve van cybersecurity kan worden ingezet.* Het direct online filteren op kenmerken van malware en hackactiviteiten is immers minder privacybelastend dan het opslaan van data zodat deze ook later nog onderzocht kunnen worden.

Meerdere vragen gaan over wanneer de tijdelijke wet precies van toepassing is: wie bepaalt bijvoorbeeld wanneer een land "een offensief cyberprogramma tegen Nederland of Nederlandse belangen" uitvoert? Het kabinet heeft eerder al gezegd dat het daarbij met name om Rusland, China, Iran en Noord-Korea gaat, maar het blijft vreemd dat juist een bevoegdheid om ongekende dreigingen op te sporen pas kan worden ingezet als die aan een bepaald land wordt gekoppeld. Geen van de fracties kwam echter met de vraag of het niet duidelijker zou zijn om deze wet niet aan landen te koppelen, maar aan het bestrijden van cyberaanvallen in het algemeen.

Dit geeft de indruk dat, net als de Tweede Kamer, ook de Eerste Kamer zich nauwelijks bewust lijkt van het feit dat het hier hoofdzakelijk om cyber defence gaat en niet om traditionele inlichtingvergaring. De fractie van GroenLinks-PvdA denkt bijvoorbeeld dat al in de nieuwe verkenningsfase "mensen door middel van AI op basis van hun gedrag en uitingen beoordeeld" gaan worden. Op zich een begrijpelijke zorg, maar juist daarom zou expliciet gemaakt moeten worden dat het hier gaat om het bestrijden van malware en hackaanvallen.

Een betere vraag vanuit GroenLinks-PvdA is of de data die tijdens de verkennende fase zijn verworven ook in bulk en/of bijna live (real-time) met buitenlandse partnerdiensten mogen worden gedeeld ten behoeve van wat het kabinet "technische ondersteuning" noemt. Hieraan vooraf gaat echter het vraagstuk hoeveel data in eerste instantie tijdens de verkenning mogen worden binnengehaald.

In de Tweede Kamer vroeg Forum voor Democratie niet heel handig of hele wijken kunnen worden gaan afgeluisterd, maar overeenkomstig ik hierboven betoogde formuleert de Eerste Kamerfractie van de PVV de vraag nu beter: "In hoeverre kan bijvoorbeeld een kabelinterceptie plaatsvinden bij een grote internetprovider, waarmee in één keer het volledige gegevensverkeer van alle gebruikers verzameld wordt?"

De eveneens hierboven besproken uitzondering voor cyber defence wordt nu door de Eerste Kamerfractie van de PvdD aangehaald: "door de minister is toegezegd dat er geen interceptie zal plaatsvinden in het zogeheten Nederland-Nederland-verkeer, tenzij voor cyber defence. Is dat juist? Geldt dat ook voor het gebruik van bevoegdheden waarop het onderhavige wetsvoorstel betrekking heeft? Zo nee, is dat dan in strijd met de toezegging?"

De kwestie van de zogeheten snapshots liet de Eerste Kamer opvallend genoeg liggen. Volgens een rapport van de CTIVD uit 2022 wordt momenteel tijdens zo'n snapshot een datakanaal maximaal twee uur per dag afgetapt en het zou niet onbelangrijk zijn om te weten of dat ook voortaan het geval zal zijn, want zoals het wetsvoorstel nu geformuleerd is, zouden de diensten een continue datastroom mogen opslaan.

Aanmerkelijk minder vragen zijn er tenslotte over de nieuwe mogelijkheid om makkelijker toegang te krijgen tot computers en servers van derden wanneer die door een target gehackt zijn. Zo werd bijvoorbeeld niet gevraagd waarom er geen notificatie of zelfs compensatie mogelijk is voor mensen of bedrijven die daar mee te maken krijgen. Daar zitten haken en ogen aan, maar onmogelijk is het niet: in maart 2022 had de MIVD nota bene zelf laten weten dat zij particulieren en ondernemers na een dergelijke operatie geïnformeerd had en in een aantal gevallen ook een tegoedbon gegeven heeft.

De vaste commissie voor Binnenlandse Zaken van de Eerste Kamer verzoekt het kabinet om binnen vier weken, dus al vóór 16 januari 2024, te antwoorden middels een zogeheten nota naar aanleiding van het verslag.

- Zie voor alle officiële stukken rondom deze wetgeving: Dossier Wiv 2017, het Kamerdossier nr. 36263 en de behandeling bij de Eerste Kamer.
- MediaLogica: Zwarte Lak en Witte Jassen (8 december 2023)
- About Intel: Cyber defence operations require a dedicated legal framework (27 juni 2023)
- De Correspondent: De geheime diensten bedonderen ons, zegt de man die het kan weten (5 april 2023)
- NRC: Verkennen, hacken en tappen: mogen de AIVD en MIVD al genoeg of moet de wet nodig ruimer? (4 april 2023)
- Bert Hubert: De Tijdelijke Wet op Inlichtingen- en Veiligheidsdiensten 2022 (2 december 2022)

October 6, 2023

The NSA's new organizational designators

(Updated: February 24, 2024)

For decades, the organizational structure of the NSA was classified, but since 2013 the Snowden documents provided hundreds of designators of internal divisions, branches and units, which allowed me to reconstruct the agency's internal structure.

From 2016 to 2017, the NSA was reorganized so that many of those designators may have changed. Some recent documents, however, provide designators from the current situation, which allows to start a reconstruction of the new structure as well.

The Integrated Cyber Center (ICC) and other new buildings at the NSA's East Campus
(photo: Brendan Smialowski/Getty Images)

The reorganization of 2016

The organizational structure of the NSA as it emerged from the Snowden documents was established in the year 2000 under director Michael Hayden. In 2016, director Michael Rogers initiated a full reorganization under the name NSA21, in order to prepare the agency for the cyber challenges of the 21st century.

One of the most important (and controversial) changes was fusing the operational elements of the Signals Intelligence (SID) and Information Assurance (IAD) directorates into the new Directorate of Operations. The remaining information assurance activities were merged with the old Technology Directorate into the new Capabilities Directorate.

The hacking group Tailored Access Operations (TAO) was renamed into Computer Network Operations (CNO). The new structure as envisioned by NSA21 reached full operational capability in December 2017.

The new structure of the NSA as established by the NSA21 reorganization
(source: NSA - click to enlarge)

On October 1, 2019, an additional Cybersecurity Directorate (CSD) was established to unify the NSA's foreign intelligence and cyber defense missions and to prevent and eradicate threats to National Security Systems (NSS) and the Defense Industrial Base (DIB). The CSD pulled its workforce from several directorates, including the Operations Directorate and its Computer Network Operations group.

The new organizational structure

A number of new designators from the NSA's current structure can be found in the extensive NSA/CSS Policy 12-3 Annex C from June 2023. Some other documents and press reports provide additional information, which results in the partial chart below.

Update: The NSA/CSS Civil Liberties and Privacy Program from November 2021 provides the internal top-level designators for all the agency's current directorates. The organization chart and the remarks below have been updated accordingly:

A: Workforce Support Activities (WSA)

A2: National Cryptologic School (NCS)

B: Business Management and Acquisition (BM&A)

C: Cybersecurity Directorate (CSD)

C? Cybersecurity Collaboration Center (CCC) *

C?? Artificial Intelligence Security Center (AISC)

D: Office of the Director

DC: NSA/CSS Chief of Staff (CoS)
D2: Office of General Counsel (OGC)
D5: Civil Liberties, Privacy, and Transparancy (CLPT)
D6: Diversity, Equality, and Inclusion (DEI)
D9: Risk Management Office (RMO)

I: Office of the Inspector General (OIG)

P: Engagement and Policy (E&P)

P1: ?
P12: Office of Policy
P13: ?
P131: Information Security/Classification *
P7: Office of Compliance/Compliance Group
P75: Office of Compliance for Cybersecurity and Operations

R: Research Directorate

X: Operations Directorate

X? Computer Network Operations (CNO)

Y: Capabilities Directorate
    Chief Information Officer (CIO)

Some additional remarks (updated)

If we compare these current designators with the structure before 2016, we see that:

- The Office of the Director is still designated as "D" and may not have changed much, except for the Office of the Inspector General, which now has its own top-level designator (I), and at least two parts (the Office of Policy and the information security units) which have been transferred to the newly created Engagement & Policy Directorate (P).

- For the Inspector General (IG) this reflects that since the FY2014 Intelligence Authorization Act this official is appointed by the President and confirmed by the Senate. Previously, the IG was appointed by the Director of the NSA, who could also remove him. The first presidentially appointed NSA IG was Rob Storch, who served from 2018 to 2022.

- The position of the Chief Information Officer (CIO) is different: in 2020, the IG criticised that the CIO wasn't included in the organization charts of the agency and primarily served as head of one of the NSA's directorates, first Technology and now Capabilities.

- Other new directorates also got a top-level designator that wasn't used before 2016: Workforce Support Activities (A), Business Management and Acquisition (B), Cybersecurity (C) and Capabilities (Y). The Research Directorate however kept the letter R.

- The new Operations Directorate is designated by the letter X, which was already used under the old structure, although we don't know for what kind of activity. Maybe the previous X division was just temporary or very small as the only source that mentions it is a document about cable installations at NSA headquarters from 2007.

> See also: The NSA's regional Cryptologic Centers

September 14, 2023

Some new snippets from the Snowden documents

(Updated: September 20, 2023)

It's been more than four years since the last regular publication of documents from the Snowden trove. Last year, however, some new snippets of information from the Snowden documents appeared in the PhD thesis of hacktivist Jacob Appelbaum.

The new information isn't very spectacular and also quite specialistic, but still worth to make it more easily accessible. Also for the record I added some corrections and additions to Appelbaum's discussion of NSA surveillance methods.

NSA headquarters - Appelbaum's thesis - Eindhoven University of Technology

Jacob Appelbaum

Jacob R. Appelbaum was born in 1983 in California and became a well-known hacker and activist for digital anonymity. He was a member of the Cult of the Dead Cow hacker collective and a core member of the Tor project, which provides a tool for anonymous internet communications.

In 2012, Appelbaum moved to Berlin, where he worked closely with Laura Poitras on the NSA documents which she had received from Edward Snowden in May and June 2013. However, he was also involved in the story about the eavesdropping on German chancellor Merkel and the publication of the NSA's ANT Product Catalog.

In both cases the documents were not attributed to Snowden and apparantly came from a still unidentified "second source". In his thesis, Appelbaum seems to refer to this source when he mentions "documents exposed by whistleblowers, known and unknown, or other anonymous insiders."

In 2015, several women accused Appelbaum of sexual abuse and he subsequently lost his position at the Tor project and various other organizations. Appelbaum denied the allegations, but an investigation ordered by the Tor project determined that they appeared to be true.

Meanwhile Appelbaum had moved to The Netherlands, where he started as a PhD student at the Eindhoven University of Technology (TU/e). There he finished his thesis and received his PhD on March 25, 2022. Currently he works as a postdoc at the Coding Theory and Cryptology group at TU Eindhoven.

Appelbaum's PhD thesis

The full title of Appelbaum's thesis is "Communication in a world of pervasive surveillance. Sources and methods: Counter-strategies against pervasive surveillance architecture". His promotors were prof.dr. Mark van den Brand, prof.dr. Daniel J. Bernstein and prof.dr. Tanja Lange.

The thesis was published on March 25, 2022 and became available for download as a 24.3 MB pdf-document on September 27, 2022. The contents of this 327-page thesis are as follows:

- Chapter 1: Introduction.

- Chapter 2: Background on network protocols common to all research.

- Chapter 3: Background on cryptography common to all research.

- Chapter 4: Review of historical, political, economic, and technical adversarial capabilities (including previously published leaked documents that are from works which Appelbaum has written about in his role as a journalist).

- Chapter 5: Review of the Domain Name System and an explanation of alternative methods to improve the security and privacy of domain name lookups.

- Chapter 6: Examination of a tweak to the WireGuard VPN protocol to protect historic encrypted traffic against future attacks by quantum computers.

- Chapter 7: Introduces the Vula protocol, which is a suite of free software tools for automatically protecting network traffic between hosts in the same Local Area Network.

- Chapter 8: Introduces REUNION, a privacy-preserving rendezvous protocol.

In the preface, Appelbaum writes that his thesis is the culmination of more than a decade of research into the topic of surveillance. He expresses a political and activist aim by saying that the "machinery of mass surveillance is simply too dangerous to be allowed to exist" and that "we must use all of the tools in our toolbox – economic, social, cultural, political, and of course, cryptographic – to blind targeted and mass surveillance."

He says more has to be done than simply criticize surveillance practices. Cryptography for example, "allows for resistance in a non-violent manner to the benefit of everyone except the ones who are spying on us." From this perspective Appelbaum's thesis discusses various cryptographic implementations to "protect individual liberty, while aspiring to a broader goal of achieving societal liberty."

New information from the Snowden documents

Throughout his thesis, Appelbaum reveals some new information from Snowden documents that has not been published, but which he had access to during his research that resulted in various publications in media outlets like Der Spiegel, NDR and Le Monde. The new information is only described, so no new original documents were released.

According to Appelbaum: "Many journalists who have worked on the Snowden archive know significantly more than they have revealed in public. It is in this sense that the Snowden archive has almost completely failed to create change: many of the backdoors and sabotage unknown to us before 2013 is still unknown to us today." (page 71)

Appelbaum also provides some new information about the Snowden documents in general, by saying that The Intercept "closed their Snowden archive and reportedly it has been destroyed." (page 63, note 17)

Below, I provide exact quotes from Appelbaum's thesis, including his sources, which are in square brackets, while I added some additional links for further information.

1. BULLRUN: manipulating protocol security

"How do they accomplish their goals with project BULLRUN? One way is that United States National Security Agency (NSA) participates in Internet Engineering Task Force (IETF) community protocol standardization meetings with the explicit goal of sabotaging protocol security to enhance NSA surveillance capabilities." "Discussions with insiders confirmed what is claimed in as of yet unpublished classified documents from the Snowden archive and other sources." (page 6-7, note 8)

2. Selecting entropic internet traffic

"There are various rules governing what is selected for long-term data retention in [the NSA's] corporate repositories. One example is that some traffic which is considered entropic by a standard Shannon Entropy estimate is selected from the network in real time and saved to a database, preserving it for cryptanalysis using future technology." "This statement is based in part on an analysis of as of yet unpublished XKeyscore source code that performs a Shannon Entropy estimate. Some kinds of Internet traffic that is considered entropic is recorded for later analysis." (page 9, note 16)

3. Compromised lawful interception systems

"As part of our research, we uncovered evidence that the telecommunications infrastructure in many countries has been compromised by intelligence services. The Snowden archive includes largely unpublished internal NSA documents and presentations that discuss targeting and exploiting not only deployed, live interception infrastructure, but also the vendors of the hardware and software used to build the infrastructure. Primarily these documents remain unpublished because the journalists who hold them fear they will be considered disloyal or even that they will be legally punished. Only a few are available to read in public today." (page 41)

"Targeting lawful interception (LI) equipment is a known goal of the NSA. Unpublished NSA documents specifically list their compromise of the Russian SORM LI infrastructure as an NSA success story of compromising civilian telecommunications infrastructure to spy on targets within reach of the Russian SORM system." (page 41)

"The NSA slides have "you talk, we listen" written in Cyrillic on the jackets of two Russian officers." "Review of unpublished Snowden documents about NSA’s activities compromising deployed, lawful interception systems and as well as additional success against the vendors of such hardware or software. Needless to say, a compromised interception system is anything but lawful in the hands of an adversary." (page 41, note 4)

4. Compromised computer hardware

"While working on documents in the Snowden archive the thesis author learned that an American fabless semiconductor CPU vendor named Cavium is listed as a successful SIGINT "enabled" CPU vendor. By chance this was the same CPU present in the thesis author's Internet router (UniFi USG3). The entire Snowden archive should be open for academic researchers to better understand more of the history of such behavior." (page 71, note 21)

More information about whether Cavium CPUs may have a backdoor, as well as additional comments by Jacob Appelbaum can be found in an article published by Computer Weekly on September 19, 2023.


"The PRISM slide deck was not published in full, and the public does not fully understand aspects of the program such as the retrieval of voice content data as seen in Figure 4.24. Domains hosted by PRISM partners are also subject to selector based surveillance. Several pages of the PRISM slides list targets and related surveillance data, and a majority of them appear to be a matter of political surveillance rather than defense against terrorism. One example that is not well-known except among the journalists who had access to the full PRISM slide deck is the explicit naming of targets. An example shows a suggestion for targeting of the Tibetan Government in Exile through their primary domain name. The tibet.net domain is named as an unconventional example that analysts should be aware of as also falling under the purview of PRISM. The email domain was hosted by Google Mail, a PRISM partner, at the time of the slide deck creation and it is still currently hosted by Google Mail as of early 2022." (page 76)

6. MYSTIC: Country X

"MYSTIC was revealed to impact a number of countries by name at the time of publication: the Bahamas, Mexico, the Philippines, Kenya and one mystery country: country X. The Bahamas, and country X are subject to SOMALGET full take data and voice collection. The publisher WikiLeaks observed that the monitoring of an entire country of people is a crime when done by outside parties, essentially an act of war by the surveillance adversary. WikiLeaks then revealed that the country in question, Country X, was Afghanistan [Yea14]. Through independent review of the Snowden archive, we confirm that this is the identity of Country X, and that WikiLeaks was correct in their claim." (page 78)

(Strangely enough, the source provided by Appelbaum ("Yea14") actually shows that already four days before Wikileaks' revelation, collaborative analysis by Paul Dietrich and the author of this weblog had already pointed to Afghanistan as being Country X. In his bibliography, Appelbaum attributes this source document to "John Young and et al." (the owners of the Cryptome website), while it was actually written by and first published on the blog of Paul Dietrich)

7. Manipulation of DUAL_EC_DRBG

"Many documents released in public from the Snowden archive and additional documents which are still not public make clear that this type of bug is being exploited at scale with help from NSA’s surveillance infrastructure. It is still unclear who authored the changes at Juniper and if bribery from the NSA was involved as with RSA’s deployment of DUAL_EC_DRBG to their customers as is discussed in Section 4.4." (page 81)

8. Software backdoors

"Example from the Snowden Archive of an as of yet unreleased backdoor in fielded software that is most certainly not an exclusively exploitable backdoor by NSA. The software’s secret key generation is sabotaged by design to ensure surveillance of the community of interest. There is a corresponding XKeyscore rule that has not yet been published. The goal of that rule is to gather up all ciphertext using this sabotaged system; it is clearly part of a larger strategy. As a flag in the ground for later, the thesis author presents the following SHA256 hash: [...]. There are additional examples from other sources that this is the general shape of the game being played with more than a few acts of sabotage by the NSA." (page 83, note 27)

Some corrections and additions

Chapter 4 of Appelbaum's thesis is about "The Adversary" and describes a wide range of digital surveillance methods which are used by intelligence agencies. He writes a little a bit about the capabilities of Russia and China, but the biggest part is about the methods of the NSA as revealed through the Snowden documents.

In general, this chapter is very similar to for example Glenn Greenwald's book No Place to Hide and Snowden's memoir Permanent Record as it reads like a one-sided accusation against the NSA without much context or the latest information. Chapter 4 also contains small errors which could easily have been prevented. Here I will discuss some examples:

- Page 20, note 12: "An example is Suite-A cryptography or Type-1 cryptography, so designated by the NSA. The NSA now calls this the Commercial National Security Algorithm Suite (CNSA)"

> Comment: Actually CNSA isn't the new name for the highly secure Suite A, but for the less secure Suite B algorithms.

- Page 41: "The BND and the CIA held secret co-ownership of CryptoAG until 1993, and then the CIA held sole ownership until 2018. The devices were vulnerable by design, which allowed unaffiliated intelligence services, such as the former USSR’s KGB, and the East German Ministry for State Security [MfS], to independently exploit CryptoAG’s intentional flaws."

> Comment: This exploitation by the KGB and the MfS was apparently suggested in a German television report, based upon claims by a former Stasi officer, but so far there are no documents that support this claim. See for more information: Operation RUBICON.

- Page 41: "It does not appear that those party to the Maximator alliance are using their agreement and relative positions to spy on the entire planet – in stark contrast to the Five-Eyes agreement."

> Comment: The Five Eyes and especially NSA and GCHQ have massive capabilities, but spying on "the entire planet" is still rather exaggerated: their collection efforts are limited by national priorities, the locations of where they can access satellite and cable traffic, as well as by technical constraints. While the five members of the European Maximator alliance have/had much smaller capabilities, they could nonetheless intercept and decrypt diplomatic communications from over 60 countries where the weakened encryption devices from Crypto AG were used (see the map below).

The countries that bought and used manipulated Crypto AG devices
(graphic: The Washington Post - click to enlarge)

- Page 47, note 8: "Narus mass surveillance and analysis systems were deployed by the NSA inside AT&T facilities to intercept all traffic flowing through their large capacity network cables as documented [KB09] by whistleblower Mark Klein."

> Comment: This suggests that the NSA is intercepting American communications, but actually this is part of Upstream collection, which is aimed at foreign targets and therefore the NSA applies various filter systems to select traffic from countries of interest and discard purely domestic communications.

- Page 52: "The Foreign Intelligence Surveillance Court (FISC) is largely considered to rubber stamp requests from the FBI. The FBI has routinely misled the FISC, and from the little that is known, the FISC has neither the technical knowledge, nor the general temperament to actually act as a safeguard"

> Comment: Since the start of the Snowden revelations, numerous Top Secret documents from the FISC have been declassified, showing that the court examines the NSA's activities in great detail. The idea of being a "rubber stamp" is based upon the fact that the FISC denies just 0.5% of the applications, but later it became clear that American criminal courts only deny a tiny 0.06% of the requests for regular (so-called Title III) wiretaps.

- Page 53: "The CIA meanwhile, operates their own surveillance capabilities including capabilities that are entirely outside of the purview of the FISC, even now [cia22]."

> Comment: At least one of these cases is about the CIA's use of bulk datasets with financial information, which can of course contain information about Americans, but when the CIA obtained them in ways other than by intercepting communications, the FISC simply has no jurisdiction. It's up to lawmakers to impose privacy safeguards for creating and exchanging such bulk datasets.

- Page 56: "In the Snowden archive, we see lots of hacking and hacking related programs run by NSA, such as the TURBULENCE [Wik21u] program which is made up of modular sub programs [Amb13]. Those programs include TURMOIL [Gal14b], TUTELAGE [AGG+15a], TURBINE [GG14, Wik20d], TRAFFICTHIEF [Wik20c], and XKeyscore [Gre13d, Unk13, AGG+14b, Unk15a] as shown in Figure 4.12 and Figure 4.13, as well as data that was pilfered during those break-ins."

> Comment: This suggests that TURBULENCE and its sub-programs are about hacking operations, but actually, TURBULENCE is defined as "a next generation mission environment that created a unified system for MidPoint and Endpoint SIGINT", or in other words, an overarching framework for bulk and targeted tapping systems. Only the TURBINE sub-program can automatically trigger the implantation of malware into target computer systems. Furthermore, none of the sources mentioned in the thesis indicate that XKEYSCORE is a sub-program of TURBULANCE and XKEYSCORE is not a hacking tool either. A detailed explanation of the TURBULENCE system is given in an article by Robert Sesek, which was apparently not consulted by Appelbaum.

- Page 72: "US-984XN is the classified SIGAD while the program name PRISM is unclassified"

> Comment: There are no indications that "PRISM" is less secret than any other coverterm which the NSA uses for its collection, processing and analysis programs. That was likely also the reason that the big internet companies involved in this program initially denied that they had ever heard of something called PRISM.

- Page 91: "the NSA's Equation Group (EQGRP), which was later renamed Tailored Access Operations (TAO)"

> Comment: The name Equation Group was actually coined in February 2015 by the Russian cybersecurity firm Kaspersky for "one of the most sophisticated cyber attack groups in the world". Later on it became clear that this group was part of the NSA's hacking division TAO.

Given how many aspects of the NSA's operations Appelbaum mentions in chapter 4 of his thesis, one could say that it's inevitable that some mistakes are made and some sloppiness occurs. On the other hand, however, this is an academic publication for which the highest standards of accuracy should apply.

Finally, Appelbaum's activism is illustrated by the back cover of his thesis, which shows a logo very similar to that of the German terrorist organization Rote Armee Fraktion (RAF) from the 1970s, except that the original image of an AK-45 is replaced by that of a computer keyboard:

Comments at Hacker News and Schneier on Security
In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties