December 13, 2014

Update on tapping German chancellor Merkel's phone

(Updated: June 28, 2016)

Over the last days, there were some new developments regarding the eavesdropping on the mobile phone of the German chancellor Angela Merkel, which was revealed in October last year. It was clarified that the record from an NSA database that was presented as evidence for this tapping, wasn't actually an original NSA document, but just a transcription.

Also, this database record wasn't among the Snowden-documents. This means the information about monitoring Merkel's phone was not provided by Edward Snowden, but by another leaker, something that many people may not have been aware of.


German chancellor Angela Merkel holding a secure BlackBerry Z10 in 2013
(photo: Nicki Demarco/The Fold/The Washington Post)


Criminal investigation

In June of this year, the highest German public prosecutor (Generalbundesanwalt) started a criminal investigation against NSA regarding the alleged eavesdropping on chancellor Merkel. Last month it was reported that this case had been closed as no sufficient evidence had been found, but this was not fully correct.

In his annual press conference on December 11, prosecutor Harald Range said that the investigation of the eavesdropping on chancellor Merkel is still going on:



Annual press conference of the federal public prosecutor Harald Range
(information about the Merkel eavesdropping starts at 23:20)


Regarding the eavesdropping case, prosecutor Range said the following things:

- The phone number which is at stake is not registered by the German Chancellery, but it's a number that has been used since 1999 by the headquarters of Merkel's party CDU. Therefore the number wasn't used by Gerhard Schröder (chancellor from the SPD party from 1998-2005).

- The document (see below) that was publicly presented as a proof of this eavesdropping is not an authentic NSA interception order, nor is it from an NSA database. Actually, it was made by a reporter of Der Spiegel, based upon an NSA document he had seen.

- The prosecutor asked the editors of Der Spiegel to hand over the original document or to be questioned about it, but this was refused pointing to the journalist's privilege to protect their sources. NSA was asked for a statement through the BND, but also refused to comment.

- This makes that under these circumstances, a serious evaluation of the authenticity of the document is not possible.

- Through his German lawyer, Edward Snowden was also given the opportunity to provide a written statement, but until now there was no reaction.

- Presently, there is no sufficient evidence that could lead to an indictment, but the case is not yet closed. The investigation continues, and this will also include the results of the parliamentary committee that is currently investigating NSA spying activities.

- Based upon the Snowden revelations and other media reports it can be assumed that in general, foreign intelligence agencies are trying to spy on German targets by electronic means. But according to German law, that is not enough to open a criminal case, because that would be investigating without reasonable suspicion, which the public prosecutor isn't allowed to do under the rule of law. Where neccessary, such investigations are the responsibility of the security services.


Misinterpretation

Parts of what prosecutor Range said was misinterpreted by a number of foreign news websites, like Business Insider UK and Vox.com, which said that the NSA document might not be authentic or even faked by Der Spiegel.

It seems these media only took the first part of Range's statement that the document "was made by a reporter of Der Spiegel, based upon an NSA document he had seen" and overlooked/left out the last part.

Although the German public prosecutor's office couldn't find any concrete evidence for the eavesdropping by NSA, Der Spiegel stresses that neither NSA nor the US government has denied that phone calls of chancellor Merkel had been monitored.


A second leaker

After the public prosecutor's press conference, Der Spiegel provided a statement saying that prior to their reporting about the eavesdropping on chancellor Merkel, they had access to information from an NSA database, which it copied.

This sounds like Der Spiegel got access to the content of an NSA database from which it selected and copied the information related to chancellor Merkel. But in the book "Der NSA Komplex" written by Spiegel reporters Marcel Rosenbach and Holger Stark, it is said that early October 2013, "we received the excerpt from an NSA database about Merkel's cell phone".*

That phrase suggests that someone from outside, and also someone not being Edward Snowden, provided Der Spiegel with just that one particular record which includes Merkel's phone number. How and in what form is not said. Greenwald confirms that this information didn't came from Snowden, and earlier on, also Bruce Schneier was convinced that this came from a second leaker.


Just a transcription

After having obtained the database record, Der Spiegel presented it to the Chancellery, so they could verify it. According to their statement, Der Spiegel made it very clear that this information was not an original document, but just a transcription. Apparently for this reason, the magazine never published the database record, but only reported about its contents.

However, some other German newspapers somehow managed to get a copy of the letter that was sent to the Chancellery and published it in their print editions. One of them was the tabloid paper BILD, from which this scan was made:




So what we see here is a printed copy of a copy (either by xerox, a scanner or a (mobile phone) camera, which explains the fuzzyness) of the print on a DIN A4-sheet of paper that was sent to Merkel's Chancellary.

Maybe this was a xerox copy of the excerpt which the mysterious source handed over to Der Spiegel, but more likely (else it could be used to trace the source) is that a reporter copied the original text by hand. Probably he used an Apple computer, as the result is in the Ayuthaya font, which comes with Apple's OS X.

For a detailed explanation of the record: How NSA targeted chancellor Merkel's mobile phone

Right after this "document" was first published, some people wondered why it looks like a piece of paper, whereas all other leaked NSA documents are digital files (with a few similar exceptions though). This has now been cleared, but again we see that it can take some time and some pressure before such questions are answered.


From which database?

Initially, Der Spiegel reported that the record that mentions Merkel's phone number comes from an NSA database in which the agency records its targets.* My suggestion was that this could have been a database codenamed OCTAVE, which was used for tasking telephony targets, but which reportedly was replaced by the Unified Targeting Tool (UTT) in 2011.

But a more recent Spiegel article from early June 2014, seems to say that it's an entry from the NYMROD database. A slide in which Merkel was listed among 122 other heads of state in the NYMROD database was published by Der Spiegel on March 29, 2014. This slide was from an NSA presentation about content extraction analytics that was fully published in June.

However, in another NSA document it is explained that NYMROD is a name-matching system that is used for finding "garbled or misspelled names" of targets. It contains names taken from CREST (a translating database) and from intelligence reports from NSA, CIA and DoD databases.

If we compare that function with the data in the record that was published, it seems not very likely that the entry is from NYMROD. A tasking database still seems the best option.

Update:
On June 12, 2015, the highest German public prosecutor, Harald Range, said the investigation into the eavesdropping on chancellor Merkel was closed, and no court case would be filed. This because there was no sufficient hard evidence: no original documents were provided, and also Edward Snowden seemed not to have any personal insights in this matter.

Update:
During a hearing of the German parliamentary investigation commission on June 23, 2016, it came out that the German information assurance agency BSI offered to investigate chancellor Merkel's cell phone, but this offer wasn't accepted by the chancellery and therefore it wasn't possible to for example check the phone for any kind of malware implants.



Links and Sources
- Spiegel.de: When Germany's federal prosecutor appeared to discredit SPIEGEL
- Golem.de: Spiegel soll NSA-Dokument zu Merkel-Handy hergestellt haben
- LittleGreenFootballs.com: Did a German Prosecutor Really Claim That Der Spiegel’s NSA Document Was a Fake?

3 comments:

Anonymous said...

Makes one wonder how the US did get access to Merkel's confidential conversations, which were leaked by Marcel Lazăr Lehel ("Guccifer"). Was it through CIA's mole at the BND, who was caught when he allegedly tried to sell as well to the Russians?

Or were these secret conversations, which involved Schäuble and BND president Schindler, recorded by NSA by hacking the "secure" landlines?

Anonymous said...

I wonder if you have noticed: Laura Poitras "Citizen Four" documentary showcases what seems to be an early version/draft of the NSA Merkel mobile phone number tasking database record on a (OS X) computer screen of Der Spiegel journalist:

https://youtu.be/1CVs6-epA1o?si=6Y-RjnjYtLMDqucP&t=6002

Text from of the record is shown in the context of discussion with Jacob Appelbaum on a Jabber server(!) just before the story was launched.

The Citizen Four version is different from the final print and picture version of the record.
- SelectorType is "ID" instead of "PUBLIC DIRECTORY NUM"
- lacks the row "SynapseSelectorTypeID SYN_044"
- Selector Value is a number "01733948*blank*" instead of completely blanked or "+49173-XXXXXXX" from the print edition.
- differences in word formatting

Not sure if there is any signifigance to these details, other than it seems to be line with the Der Spiegel's "not the original but just a transciption" statement about the record.

Interestingly, after the referenced Merkel NSA spying story scene, the documetary makes no effort to distance Snowden from the record but instead features a chat of Poitras and Snowden discussing the case in insider fashion -- adding to the impression/confusion that the story was sourced from the Snowden documents.

Only later Snowden folks have tried to deny the Snowden leak connection to the story. As a contrast, Poitras/Greenwald went out of their way in the documentary to highlight non-Snowden leak origins of for the drone documents but, curiously, not with the Merkel/NSA phone spying story... Snowden folks are playing strange games...

P/K said...

Thank you, that's an interesting addition!

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties