August 30, 2013

The red phone that was NOT on the Hotline

(UPDATED: March 5, 2016)

Today, it's exactly 50 years ago that the famous Washington-Moscow Hotline became operational. Allthough this link has always been for written communications only, many people think there are red telephones on the Hotline, as this is often depicted in popular culture.

One wide-spread image is from the article about the Hotline on the online encyclopedia Wikipedia. It shows a non-dial red telephone which is on display in the Jimmy Carter Library and Museum in Atlanta, Georgia:

(photo uploaded to Wikimedia by user Piotrus under CC-BY-SA)

Much of the confusion about the real purpose of this phone was due to the fact that in this picture, the text on the plate below the phone wasn't readable. But now, upon request of this weblog, the curator of the Jimmy Carter Library and Museum kindly provided the text, which reads as follows:

During Jimmy Carter’s presidency, the “red phone” was a hotline to the Kremlin in Moscow. A U.S. president could pick up the phone and speak directly to Soviet leaders in times of crisis.

The text is about a red phone used for the Hotline, but more important is the fact that the telephone which is on display, is just a reproduction. This is also confirmed by the curator, who said that this phone is a prop that the exhibition designer wanted to use.

Now it's clear that the actual red phone in the picture was never used on the Hotline between Washington and Moscow, nor on any other secure telephone network (allthough red phone sets were regularly used for predecessors of the Defense Red Switch Network, which is the main secure voice network of the US military).

The picture on Wikipedia shows just an ordinary phone set, like the ones that are quite commonly used for emergency telephone lines of any kind which don't require a dialing capability. Probably because the designer of the exhibition at the Jimmy Carter Museum also thought there were red telephones on the Hotline, such a common phone set was used to represent this.

For people visiting the museum it must have looked like a confirmation of their idea of the red phone hotline. When someone uploaded a picture of this phone to Wikipedia in March 2011, it soon found its way to articles about the Washington-Moscow Hotline in eleven languages, most of them erroneously saying the Hotline also having a voice capability. It was only after research done for this weblog, which resulted in an extensive article about the Hotline last year, that some of the Wikipedia articles were corrected.

After the issue of the wrong attribution of the red telephone was raised here on this weblog, the Jimmy Carter Library noticed this, and replaced the description of the phone as of March 2016 with the following text, which is now accurate:
"During Jimmy Carter’s presidency, the “red phone” was used to communicate with U.S. military command centers in a crisis. It was not the hotline to Soviet leaders, as is often shown in movies."

What the Washington-Moscow Hotline looks nowadays: the terminal room
at the Pentagon showing the secure computer link equipment
(photo:, 2013)

August 28, 2013

The 50th anniversary of the Washington-Moscow Hotline

(Updated: September 16, 2013)

This Friday, August 30, it's exactly 50 years ago that a direct communication link between the United States and Russia became operational. This Washington-Moscow Hotline is one of the most famous top level communications systems in modern history.

Many people think the Washington-Moscow Hotline uses red phone sets, but that's a myth. The Hotline never was a telephone line as it started with teletype terminals, later replaced by facsimile equipment. Since 2008 the Hotline uses secure e-mail, as can be seen in this most recent picture of the Hotline terminal in the Pentagon:

The Washington-Moscow Hotline terminal room at the Pentagon, 2013
Presidential communicator Navy Chief Petty Officer John E. Kelley (seated) and
senior presidential translator Lt. Col. Charles Cox man the hotline terminal

For the full history and more unique historical pictures of the Hotline, see our updated story from last year: The Washington-Moscow Hotline

A small event to celebrate the 50th anniversary will be held this Thursday, August 29, at Fort Detrick in Maryland, where the satellite ground station of the American end of the Hotline is situated. The event includes as guest speakers: the former American ambassador, Jack Foust Matlock, Jr. and a son of the former Soviet Premier Nikita Khrushchev, Dr. Sergei Khrushchev.

An entirely edible, satellite dish-shaped cake
to celebrate the 50th anniversary of the Hotline
(photo: USAG VI)

There seems to be no commemoration involving the American and Russian presidents. Maybe this is due to the fact that the relationship between both countries has troubled after Edward Snowden, who leaked many top secret documents from the NSA, was granted asylum in Russia recently.

Some articles about the 50th anniversary of the Hotline:
- World Leader Hotline At Fort Detrick Celebrates 50 Years
- Hotline, now 50 years old, continues to promote dialog with Russians
- 50 years later, hotline to Washington-Moscow hotline still relevant
- RussianReport: Washington – Moscow “hotline” turns 50 years old this month
- "Горячая линия" связи между Москвой и Вашингтоном отметила полувековой юбилей
- На связи – Белый дом

August 24, 2013

NSA also has arrangements with foreign internet providers

(Updated: January 25, 2014)

Last Tuesday, August 20, the Wall Street Journal came with a big story with new details about the NSA surveillance programs. The article claims that NSA has the capacity to reach roughly 75% of all US internet traffic that flows through domestic fiber-optic cables. However, this was strongly denied by the NSA

The 75% claim got a lot of attention, but most media apparently oversaw a section later on in the article, which reveals a far more sensitive NSA collection method:

"The NSA started setting up Internet intercepts well before 2001, former intelligence officials say. Run by NSA's secretive Special Services Office, these types of programs were at first designed to intercept communications overseas through arrangements with foreign Internet providers, the former officials say. NSA still has such arrangements in many countries, particularly in the Middle East and Europe, the former officials say."

Documents which were recently leaked by Edward Snowden already confirmed that the NSA collects internet data from telecommunication cables going through the United States. But now we learn that also foreign internet providers are cooperating with NSA in order to intercept foreign communications.

For Americans it may be embarrassing that NSA is tapping into domestic internet cables, but for people elsewhere in the world it must be even more embarrassing that their telecommunications provider might have some secret agreement with a foreign intelligence agency.

Here we will combine this with a number of other recent stories and this shows us that NSA and its British counterpart, the Government Communications Headquarters (GCHQ), have arrangements with a number of big American and British telecommunications companies, and also with an unknown number of foreign internet providers. These are cooperating because they are required by law and both NSA and GCHQ are paying them for the expenses. The result is a global internet surveillance network.

The doughnut-shaped building of GCHQ in Cheltenham, Gloucestershire.

Cooperating with GCHQ

The names of the companies cooperating with GCHQ were published on August 2 by the German newspaper Süddeutsche Zeitung and the NDR television channel. As these are smaller regional media, it seems that The Guardian didn't dare to publish these names themselves. Both media were given access to some top secret GCHQ documents from 2009, partly from an internal system called GC-Wiki, which mention the following telecommunications providers (meanwhile some have merged) and their codenames:
- Verizon Business (DACRON)
- British Telecom (REMEDY)
- Vodafone Cable (GERONTIC)
- Global Crossing (PINNAGE)
- Level 3 (LITTLE)
- Viatel (VITREOUS)
- Interoute (STREETCAR)

GCHQ has clandestine agreements with these seven companies, described in one document as "intercept partners", in order to give the agency access to their network of undersea cables. The companies are paid for logistical and technical assistance and British Telecom even developed software and hardware to intercept internet data. At GCHQ this collection effort is conducted under the "Mastering the Internet" component of the TEMPORA program.

The identity of the participating companies was regarded as extremely sensitive, in official documents referred to as "Exceptionally Controlled Information" (ECI), with the company names replaced with the codewords. Disclosure of the names would not only cause "high-level political fallout", but would also be very damaging for the trustworthiness of the companies.

One of the doors of room 641A in the building of AT&T in San Francisco,
where the NSA had a secret internet tapping device installed,
which was revealed by an AT&T technician in 2006.

In reaction to these disclosures, Vodafone and Verizon said that they comply with the laws of all the countries in which they operate cables and that they won't disclose any customer data in any jurisdiction unless legally required to do so. This is the same kind of reply some of the US internet companies gave regarding to their alleged involvement in the PRISM program.

Tapping the internet backbone

Together, the seven companies operate a huge share of the high-capacity undersea fibre-optic cables that make up the backbone of the internet's architecture. The German media also noted that these companies also run some important internet nodes in Germany, and for example Interoute owns and operates Europe's largest cloud services platform.

We do not know how many of the internet cables and nodes of these providers have collection and filtering devices attached. Former NSA official and whistleblower William Binney gives quite a large number of major points in the global fiber optic networks where there would likely be Narus, Verint or similar intercepting devices. In this article there's a list of the most likely surveillance nodes on the networks of AT&T, Verizon, BT Group and Deutsche Telekom - situated all over the world.

The Guardian confirms that in 2012 GCHQ had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time. The collected metadata is stored for up to 30 days, while the content of communications is typically stored for three days.

On August 28, new reports by the Italian paper L'Espresso and the international website of the German paper Süddeutsche Zeitung revealed the names of at least 14 undersea fiber-optic internet cables which GCHQ is tapping:

- TAT-14, connecting the United States with the United Kingdom, France, the Netherlands, Germany, and Denmark
- Atlantic Crossing 1, linking the USA and the United Kingdom, the Netherlands and Germany
- SeaMeWe3, which connects Europe, Asia and the Middle East
- SeaMeWe4, linking Europe, North Africa and Asia
- FLAG Europe Asia (FEA), linking Europe to Japan through the Middle East and India
- FLAG Atlantic-1, linking New York with France and England
- Circe North, connecting the United Kingdom with Belgium, France, Germany and the Netherlands
- Circe South, idem
- Solas, between the United Kingdom and Ireland across the Irish Sea
- UK-France 3
- UK-Netherlands 14
- Ulysses 1 and 2, running between Dover and Calais, resp. IJmuiden and Lowestoft
- Yellow/AC-2, connecting New York with Bude in the United Kingdom
- Pan European Crossing (PEC), linking the United Kingdom, Belgium, and France

Overview of the undersea fiber-optic cables
Click for an interactive map!

The existance of internet tapping points outside the US and the UK was confirmed in a report by The Independent from August 23. It says GCHQ runs a secret internet-monitoring station at an undisclosed location in the Middle East to intercept and process vast quantities of emails, telephone calls and web traffic on behalf of Western intelligence agencies.

The station is able to tap into and extract data from the underwater fibre-optic cables passing through the region. All of the messages and data passed back and forth on the cables is copied into giant computer storage buffers and then sifted for data of special interest. These data are then processed and passed to GCHQ in Cheltenham and shared with the NSA.

Network Security Agreements

On July 7, The Washington Post published about a "Network Security Agreement" between the US government and the fiber-optic network operator Global Crossing, which in 2003 was being sold to a foreign company. Global Crossing was later sold to Colorado-based Level 3 Communications, which owns many international fiber-optic cables, and the 2003 agreement was replaced by a new one (pdf) in 2011.

According to the Post, this agreement became a model for similar arrangements with other companies. These ensure that when US government agencies seek access to the massive amounts of data flowing through their networks, the companies have systems in place to provide it securely. The 2011 agreement with Level 3 clearly says that all domestic communication cables shall pas through a facility from which lawful electronic surveillance can be conducted:

The bottom line here is in the word "lawful". As long as information requests by NSA or GCHQ are lawful, the internet providers will assist in gathering the required data. They even have to.

Corporate Partner Access program

Just like GCHQ, NSA is also paying telecommunication companies. This came out when on August 30, The Washington Post published parts of the highly classified US Intelligence Budget. This revealed that NSA’s Special Source Operations (SSO) division runs a project called Corporate Partner Access, which involves major US telecommunications providers to tap into "high volume circuit and packet-switched networks".

For the fiscal year 2013 this program was expected to cost $ 278 million, down nearly one-third from its peak of $ 394 million in 2011. Among the possible costs covered by this amount are "network and circuit leases, equipment hardware and software maintenance, secure network connectivity, and covert site leases". The total of 278 million breaks down as follows for specific programs:
- BLARNEY: $ 65.96 million
- FAIRVIEW: $ 94.74 million
- STORMBREW: $ 46.04 million
- OAKSTAR: $ 9.41 million

A final $ 56.6 million is for "Foreign Partner Access", but according to The Washington Post it's not clear whether these are for foreign companies, foreign governments or other foreign entities.

The article says that telecommunications companies generally charge to comply with surveillance requests from state, local and federal law enforcement and intelligence agencies. This simplifies the government’s access to surveillance and the payments cover for the costs of buying and installing new equipment, along with a reasonable profit, which makes it also profitable for the companies to cooperate with NSA and other agencies.

Some more details about collecting data with the help of foreign facilities came from NSA slides shown in the background of a Brazilian television report on September 8, 2013. These slides mention at least three sub-programs of OAKSTAR for collecting phone and internet communications "through a foreign access point":
The latter program is specified as a "Foreign access point through PRIMECANE, and 3rd party partner" (see below).


2nd and 3rd party countries

Similar arrangements with telecommunication providers can be expected in Canada, Australia and New Zealand, as the signals intelligence agencies of these countries have a very close information sharing relationship with GCHQ and NSA under the UKUSA-Agreement from 1946. Regarding signals intelligence these countries count as 2nd party allies of the NSA.

One step below, there's a group of around 30 countries that are considered to be 3rd party partners. According to the Snowden-leaks Germany, France, Austria, Denmark, Belgium and Poland are among them.* Probably Norway, Malaysia, Singapore, Japan, South Korea, Israel, Taiwan and South Africa are 3rd party partners too.*

Update #1:
New documents show that Sweden is a 3rd Party partner of NSA since 1954.

Update #2:
Another disclosed NSA document has confirmed that France, Germany, Spain, Italy, Belgium, the Netherlands, Denmark, Norway and Sweden are 3rd Party partners of NSA and that they are part of a group called SIGINT Seniors Europe (SSEUR) or 14-Eyes.

As the Wall Street Journal article says that the foreign internet providers are "particularly in the Middle East and Europe", this reminds of a special relationship the United States has with a number of countries in particularly these regions. We know them by the fact that they have a so-called Defense Telephone Link with the US:

- In Europe: Albania, Austria, Bulgaria, Czech Republic, Estonia, Latvia, Lithuania, Macedonia, Poland, Romania, Slovenia and Slovakia.
- In the Middle East: Bahrein, Israel, Kuwait, Oman, Qatar, Saudi Arabia, and the United Arab Emirates.

Most of these countries are small, dependent on US military support and therefore often willing to cooperate with US intelligence agencies. Of course this doesn't necessarily mean that in all of these countries the NSA has agreements with local internet providers, but the list may give an indication of where we can expect cooperating companies. Having secret arrangements with a foreign intelligence agency is a highly sensitive and tricky business, so internet providers have to be covered by their government.

> See for the latest: NSA's foreign partnerships

The new way of intercepting

For the NSA these arrangements with foreign internet providers make good sense. Before the Internet-age, NSA could intercept many communications on its own, for example by placing taps at underwater telephony cables and intercepting satellite transmissions and microwave links. These were the long-distance connections for the public switched telephone network, which also carried most of the early internet traffic.

The 20 feet/6 meter and 6 tons tapping device for a Soviet cable in
the Sea of Okhotsk, which was placed in the 1970's under operation Ivy Bells
and was discovered and removed by the Soviets in 1981.

With the rapid expansion of the internet after the year 2000, the copper cables and satellite and microwave links have been replaced by fiber-optic cables, which are far more difficult to intercept. NSA is reportedly capable of placing taps at underwater fiber cables, but these are of course very cumbersome and costly operations.

Therefore, the way to go was to place taps at locations where the fiber-optic communications are switched. For the internet, much of the switching occurs at relatively few sites, but here intercepting has to be done with the help, or at least the knowledge, of the companies who are operating these sites.

Before 2001, NSA was only authorized to intercept communications with both ends being foreign. So the first internet providers to cooperate with had to be outside the US. But due to the very nature of the internet, NSA soon found out that it was increasingly difficult to keep foreign and domestic communications separated.

For that reason president George W. Bush secretly authorized NSA to also wiretap international communications where just one party is believed to be affiliated with terrorism. Under this new authority NSA could now also involve American telecommunication providers, first those providing hardware transmissions (AT&T, Verizon, etc) and later companies offering the software for today's communications (Microsoft, Google, Apple, etc).

Nothing really new

Now, NSA and its UKUSA partners are cooperating with a range of national and foreign internet providers, which gives them access to the main internet cables and switching points all around the world. This is just like they operated the ECHELON network with listening stations worldwide, intercepting the former satellite communications.

For some people all this may sound like Snowden's claim about the NSA being able to eavesdrop on every conversation of everyone in the world, but there's no evidence for that. NSA does want access to as many communication channels as possible, but only for gathering information about enemies of the United States, not about ordinary people. Given the enormous amount of data traffic, NSA will just do everything to gather that info as focussed and efficiently as possible - more about that next time.

(This article was updated with info about the Level 3 agreement, the British base in the Middle East, the names of the fiber-optic cables and the budget for cooperation of telecom providers)

Links and Sources

- NY Times: N.S.A. May Have Penetrated Internet Cable Links
- Wall Street Journal: New Details Show Broader NSA Surveillance Reach - still availabe here
- Süddeutsche Zeitung: Snowden enthüllt Namen der spähenden Telekomfirmen
- The Guardian: BT and Vodafone among telecoms companies passing details to GCHQ
- The Washington Post: Agreements with private companies protect U.S. access to cables’ data for surveillance
- Süddeutsche Zeitung: British Officials Have Far-Reaching Access To Internet And Telephone Communications
- Wikipedia listing: List of international submarine communications cables

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties