December 31, 2017

Section 702 FAA expires: what are the problems with PRISM and Upstream?

(UPDATED: April 22, 2024)

Two important NSA programs, PRISM and Upstream, are based upon section 702 of the FISA Amendments Act (FAA), a law that was originally scheduled to expire today. Now the US Congress has to decide whether to continue or to reform this crucial legal authority.

Although PRISM became almost synonymous for NSA's alleged mass surveillance, it's actually, just like the Upstream program, targeted collection aimed at specific foreign targets. Still, many people think that these programs pull in way too many data (incidental collection) to be subsequently queried in an illegal way (backdoor searches).

Here we'll show some of the complexities of these two collection programs and that there are various internal procedures and methods in order to keep collection and analysis as focussed as possible.

Slide from the PRISM presentation that for the first time revealed PRISM
and Upstream as part of section 702 FAA collection.

Until recently, US lawmakers were too involved with president Trump's tax reform to devote enough attention to section 702 FAA. Therefore, on December 21, Congress extended the authority of this law through January 19, 2018. Lawyers from the Trump administration even concluded that the intelligence agencies can lawfully continue to operate under the FAA through late April (because the current FISA Court certification for the program actually expires late April 2018).

This leaves Congress some extra months to either reform or strengthen this important authority. There are several proposals, spanning from making the existing law permanent without changes, to imposing significant new limits to safeguard the privacy rights of Americans.

Meanwhile, the Office of the Director of National Intelligence (ODNI) came with additional information about data collection under section 702 FAA, and published for example a Section 702 Overview, which includes some nice infographics:

Diagram from ODNI about section 702 FAA collection. Click to enlarge.

702 FAA collection

The Snowden-revelations have shown that under the legal authority of section 702 FAA, NSA conducts two types of data collection:

- Upstream collection, for both internet and telephone communications, which are filtered out based upon specific selectors at major telephone and internet backbone switches. This takes place under the collection programs FAIRVIEW and STORMBREW.

- Downstream collection, only for internet (including internet telephony) communications, based upon specific selectors, which are acquired from at least 9 major American internet companies. This takes place under the collection program PRISM.

The Upstream and Downstream programs are different from eachother in many ways, but the thing they have in common is that collection take place inside the United States, while being aimed at foreign targets, although just one end of their communications has to be foreign. This means these programs also pull in communications between targeted foreigners and Americans - which is one of the main purposes of these programs: finding connections between terrorists inside and outside the US.

Slide showing the main differences between PRISM and Upstream
Published on October 22, 2013. Click to enlarge.

Upstream filtering

Although Upstream collection is based upon specific selectors, the American Civil Liberties Union (ACLU) presents it as "bulk surveillance", because in their opinion, the automated filtering actually means that NSA is "searching the contents of essentially everyone’s communications." Therefore they call these searches extraordinarily far-reaching and unprecedented and unlawful.

The Electronic Frontier Foundation (EFF) has a similar position and says that splitting internet cables is "unconstitutional seizure", while the subsequent search for selectors is an "unconstitutional search."

These judgements seem based upon comparing digital filtering with intercepting letters or telegrams (like what happened under project SHAMROCK from 1945-1975), but this ignores the differences with computer technology: NSA does copy entire data streams, but at virtually the same moment the filter system picks out the communications associated with the selectors, the other data are gone.

Searching through data packets of innocent people means at the same time destroying them - except when they contain one of the selectors which NSA is interested in.

Diagram from the EFF about Upstream collection. Click to enlarge.

Storage and classification

Under section 702 FAA, only data that are associated with a specific selector are stored. For Upstream collection, this means only the communications that remain after the filtering proces. These are processed (decoded, formatted, etc.) and stored in NSA databases for a maximum of only 2 years.

Downstream collection under the PRISM program results in all the data associated with specific selectors that the big internet companies hand over to the FBI, which then forwards them to NSA. These are also processed and then stored for a maximum of 5 years.
Data from FAA collection are usually stored in separate database partitions and are protected by the Exceptionally Controlled Information (ECI) compartment RAGTIME (RGT). Only analysts who are cleared for RAGTIME, have the specific need-to-know and who are authorized by the data owner have access to these data.

Already a few months before the start of the Snowden-revelations a book revealed that RAGTIME has 4 components:
- RAGTIME-A: foreign-to-foreign counterterrorism (CT) data
- RAGTIME-B: data from foreign governments (FG) transiting the US
- RAGTIME-C: data related to counterproliferation (CP) activities
- RAGTIME-P: domestic bulk collection of internet metadata*
Note that the first three components correspond to the first three FISA Court certifications that authorize section 702 FAA collection.

Last November, ZDNet reported about a leaked NSA document that lists a total of 11 components of RAGTIME. Besides the 4 known ones, the document also mentions RAGTIME-BQ, F, N, PQ, S, T and USP, but so far, we don't know what kind of data they protect.

On August 26, 2013, Der Spiegel published the so far only document from the RAGTIME (RGT)
compartment: the floorplan of the EU mission to the United Nations in New York.
Note the PINWALE ID (PWID): PWZA20120551215230001427125

Incidental collection

As almost every NSA target will communicate with at least some individuals who are not involved in terrorism or other threats to national security, it's inevitable that even targeted interception will result in storing communications of innocent (American) people too - NSA calls this "incidental collection".

The share of this incidental collection as part of the overall collection is not known: early 2017, NSA agreed to provide some information about how many American citizens may be impacted, but later, Director of National Intelligence (DNI) Dan Coats said that it "remains infeasible" for the government to cite a meaningful number.

Actual intercepts

Edward Snowden was also eager to draw public attention to this issue, and he took his last job for Booz Allen at NSA Hawaii especially for getting access to raw data collected under section 702 FAA. In his view, the PRISM and Upstream programs "crossed the line of proportionality."

He succeeded in his effort and was able to exfiltrate a cache of ca. 22.000 collection reports, containing 160.000 individual conversations (75% of which instant messages), which were intercepted by NSA between 2009 and 2012 - a much more substantive leak than the usual internal powerpoint and sharepoint stuff.

Snowden handed them over to The Washington Post, which reported about this cache on July 5, 2014. After a cumbersome investigation, it found that the intercepted communications contained valuable foreign intelligence information, but also that over 9 out of 10 account holders were not the intended surveillance targets and that nearly half of the files contained US person identifiers.

Breakdown of the intercepted messages collected under 702 FAA authority
that were reviewed by The Washington Post. Click for a larger version.

Targeted interception

The numbers from The Post do sound like a massive overcollection, but we should keep in mind that this still is targeted collection, something that privacy advocats always prefer rather than bulk collection.

NSA's Upstream program will likely result in just as many communications of innnocent people as when the police taps phone numbers and IP addresses under a warrant, although NSA targets may be more careful in conducting private telecommunications than ordinary criminals.

From the dataset examined by The Washington Post, it becomes clear that innocent people can be affected in two ways: first, when they communicate directly with (or about) a foreign target, and second, by "joining a chat room, regardless of subject, or using an online service hosted on a server that a target used for something else entirely."

This shows that even with targeted interception, the technical configuration of certain internet platforms make it apparently quite difficult, or even impossible to isolate the conversations in which a target is personally involved.

As the dataset that Snowden exfiltrated was derived from Upstream and PRISM collection, it's hard to say which of these programs is more intrusive. Upstream became a less useful source since the most common communication services have been encrypted, while PRISM may also not be as productive as before, after it was exposed by the press.

Dataflow diagram for Upstream collection under the FAIRVIEW program.
Published on November 16, 2016. Click to enlarge.
(More FAIRVIEW dataflow diagrams)

Backdoor searches

On August 9, 2013, The Guardian disclosed the so-called "backdoor searches". This is a method used by NSA analysts that was approved by the FISA Court in October 2011, so these searches are not illegal like the term "backdoor" suggests.

Apparently these backdoor searches were introduced as a replacement for the bulk collection of domestic internet metadata under the PR/TT program, which NSA terminated by the end of 2011.

These backdoor searches are not about collecting new data by tapping telephone and internet cables or acquiring data from internet companies, but about conducting searches in data that have already been collected.

While in general, NSA is only allowed to collect new data when they are related to foreign targets, these backdoor searches may also involve identifiers (like names, e-mail addresses and phone numbers) of US citizens, hence they are now officially called "U.S. person queries".

Initially, these searches were only allowed for data from PRISM, because Upstream not only collected communications "to" and "from", but also "about" targets, which made it more sensitive than PRISM collection (Upstream appeared to pull in tens of thousands of purely domestic e-mails each year).

In April 2017, NSA halted this "about" collection, after which the FISA Court allowed NSA to also conduct US person queries on data collected through the Upstream program - something that had already happened since at least mid-2013.

Risks and safeguards

NSA analysts retrieving communications of Americans is of course something that reminds of the notorious project MINARET (1967-1973), under which NSA targeted 1.650 US citizens, including civil rights leaders, journalists and even two senators.

After Glenn Greenwald tried, but failed to proof that NSA is still monitoring American citizens in that way, it's now these backdoor searches which are considered the biggest privacy violations under section 702 FAA - the ACLU says that they allow "spying on U.S. residents without a warrant."

Even former NSA director Michael Hayden was aware of the privacy risks of these queries, but the PCLOB report about section 702 explains that NSA has procedures and requirements to limit these US person queries, although they are different for content and for metadata:

- Queries of content are only permitted for US person identifiers that have been pre-approved (i.e. added to a white list) through one of several processes, including other FISA processes. Such approvals are for example granted for US persons for whom there are already individual warrants from the FISA Court under section 105 FISA or section 704 FAA. US person identifiers can also be approved by the NSA's Office of General Counsel after showing that using a certain US person identifier would "reasonably likely return foreign intelligence information."

- Queries of metadata may only be conducted in a system that requires analysts to document the basis for their metadata query (a Foreign Intelligence (FI) justification) prior to conducting the query. An oversight report adds that "analysts are not required to check any specific database or seek any internal approvals prior to executing a query against [702 FAA] metadata."

Relevant queries

In general, NSA analysts are required to create queries that are as focussed as possible so they return information that is most useful and relevant for their foreign intelligence mission. According to the PCLOB report, analysts receive "training regarding how to use multiple query terms or other query discriminators (like a date range) to limit the information that is returned in response to their queries of the unminimized data."

In the Section 702 Overview that was published by ODNI on December 20, it is explained that US person queries on metadata are useful as they are often the fastest and most efficient way to check whether and how a certain US person (either suspect or victim) is connected to foreign actors. The overview also provides some remarkably concrete examples:
- Using the name of a US person hostage to cull through communications of the terrorist network that kidnapped her to pinpoint her location and condition;
- Using the e-mail address of a US victim of a cyber-attack to quickly identify the scope of malicious cyber activities and to warn the U.S. person of the actual or pending intrusion;
- Using the name of a government employee that has been approached by foreign spies to detect foreign espionage networks and identify other potential victims;
- Using the name of a government official who will be traveling to identify any threats to the official by terrorists or other foreign adversaries.

Dataflow diagram for Downstream collection under the PRISM program.
Published on June 29, 2013. Click to enlarge.

Numbers of queries

While NSA and the Office of the Director of National Intelligence (ODNI) were apparently not able to provide numbers about the "incidental collection" under section 702 FAA, they do better when it comes to numbers about the backdoor searches.

In a letter to senator Wyden, then DNI Clapper wrote that in 2013, NSA approved 198 US person identifiers for querying the content, and that there had been ca. 9.500 queries on metadata from data collected under the PRISM program, but of the latter ca. 36% were duplicative or recurring queries.

ODNI's annual transparancy report also provides numbers of US person queries. In 2016, there were 5.288 content queries, but this also includes CIA queries and NSA searches of content from Upstream collection, something that was actually unauthorized until April 2017 (see above), but which the agency is now trying to make visible.

The rise of the number of US person queries on metadata is even higher, as it went up from 9.500 in 2013, to 30.355 in 2016. The total presented in the ODNI report is supposed to apply to NSA, CIA and FBI, but actually it only shows the number for NSA, as the CIA isn't yet able to count such queries and the FBI isn't required to do so (see below).

It should be noted that for content, it's the particular identifier that is counted, not the number of times such an identifier is actually used to query the databases. For metadata this is different, as the agencies count each time a certain identifier is queried, which of course results in far higher numbers.

Numbers of US person queries on metadata, 2013-2016. Click to enlarge.

FBI searches

Besides NSA and CIA, the FBI is also allowed to conduct backdoor or US person searches on data that NSA collected under the PRISM program - something that is considered even more problematic, given the risk of parallel construction. The FBI doesn't need individual warrants for these searches either, but its agents should "design their queries in such a way that they will return evidence of a crime."

The FBI stores data from 702 FAA collection in the same repositories as data from its own traditional FISA monitoring and physical searches. This means that these data are searched and queried many times for other than national security purposes too, but the section 702 data can only be viewed by agents or analysts with the proper training and access rights.

Given the fact that the initial collection under section 702 FAA is aimed at foreign targets, it is "extremely unlikely" that this collection contains data that are of interest to FBI agents who are investigating criminal cases. Even as, inevitably, a relatively large amount of unrelated American communications are pulled in, the chance that they are useful for a particular criminal case is just very very small.

Besides that, by far the most FBI searches on section 702 data are for national security investigations, which means about foreign espionage, terrorism and Weapons of Mass Destruction (WMD). It's not clear whether FBI has similar restrictions for content queries as NSA.


On January 11, 2018, the House of Representatives voted to extend section 702 FAA for another six years, which is until the end of 2023.
This means that the US Person or backdoor searches can continue without individualized warrants, except for a "narrow warrant requirement that applies only for searches in some later-stage criminal investigations, a circumstance which the FBI itself has said almost never happens."
The renewal of section 702 also allows the restart of the "about" collection under the Upstream program, which was ended by NSA in April 2017, after being criticized by the FISA Court.

The bill went to the Senate, which voted to invoke so-called cloture on January 16. This means there will be no further debate or amendments - a disappointing end for liberal Democrats and libertarian Republicans who tried to limit the scope of intelligence collection under section 702.
By a vote of 65-34, the Senate passed the bill to renew section 702 FAA on January 18, 2018. The next day, president Trump signed the bill into law.

On December 18, 2019, the 2nd Court of Appeals in New York ruled that "incidental collection" of the communications of Americans is reasonable and therefore doesn't require a warrant.

On April 12, 2024 the House of Representatives passed a bill to renew section 702 FAA, but only for two instead of the usual five years. The bill sharply reduces the number of FBI personnel who can conduct US person queries, creates criminal penalties for abuse, bars the FBI from querying the database solely for evidence of a crime rather than a national-security purpose, mandates more auditing of the program and codifies other changes already adopted by the FBI. Also passed was an amendment to codify a prohibition of "about collection", which the NSA had already halted in 2017. An amendment that would have required a warrant before querying US person communications failed in a dramatic tie vote.

On April 20, the renewal of section 702 FAA was approved in the Senate by a 60-34 vote, which was just 15 minutes before the existing law expired. Later that day president Biden signed the bill into law.

Links and sources
- Bruce Schneier: After Section 702 Reauthorization (2018)
- Politico: Five years after Snowden, security hawks notch landmark win (2018)
- Lawfare: FISA Section 702 Reauthorization Resource Page
- Congress is Debating Warrentless Surveillance in the Dark
- New York Times: Warrantless Surveillance Can Continue Even if Law Expires, Officials Say (2017)
- New America: A History of FISA Section 702 Compliance Violations (2017)
- The Problems with Rosemary Collyer’s Shitty Upstream 702 Opinion (2017)
- The Washington Post: In NSA-intercepted data, those not targeted far outnumber the foreigners who are + The Debrief - An occasional series offering a reporter’s insights
- B. Hanssen: Why the NSA’s Incidental Collection under Its Section 702 Upstream Internet Program May Well Be Bulk Collection, Even If The Program Engages In Targeted Surveillance
- NSA Director of Civil Liberties and Privacy Office Report: NSA's Implementation of Foreign Intelligence Surveillance Act Section 702
- Privacy and Civil Liberties Oversight Board: Surveillance Program Operated Persuant to Section 702 FISA

November 27, 2017

Trump's communications equipment outside the White House

(Updated: December 9, 2017)

On the fourth Thursday of November, Americans celebrate Thanksgiving Day and one of the traditions is that the US president addresses members of the military services that are deployed abroad.

President Trump did so for the first time last Thursday, speaking to the five branches of the US military by video teleconference from his residence Mar-a-Lago in Florida.

The press photos released for this occasion offer a clear view of the communications equipment that is used by the president when being outside the White House or travelling.

President Trump addresses the military from Mar-a-Lago, November 23, 2017
(click to enlarge)

Video teleconferencing

The big screen for video teleconferencing (VTC) is the Cisco TelePresence System EX90 with high-definition video screen and camera. The device has been modified for TEMPEST protection by CIS Secure Computing: we can see that the screen has an additional metal encasing with silver labels to prevent and detect tampering. The VTC system includes a smaller touchscreen device which is used to control the video teleconference calls and can be seen right in front of the big screen.

During the videoconference, Trump was connected to members of the military services at oversea bases in Afghanistan, Iraq, Turkey, the USS Monterey at sea, and the US Coast Guard vessel Wrangell in Kuwait. Accordingly, the video screen was divided into six segments, with the President Of The United States (POTUS) himself in the lower middle section, surrounded by a red border. He also has a note that says who's who:

President Trump addresses the military from Mar-a-Lago, November 23, 2017
On the phone displays, the names associated with the direct line buttons were blacked out
(White House Photo/Shealah Craighead - click to enlarge)

Secure telephones

On both sides of the video teleconference screen, there are telephone sets which can be recognized as common Cisco 7975 unified IP phones, which are also modified by the communications security company CIS Secure Computing. Most visible is that instead of the standerd silver bezel or faceplate, these phones have a bright yellow one, which is the color code for the highest classification level: Top Secret/SCI.

This color shows that these phones are part of the highly secure Executive Voice over Secure IP-network, which connects the US president with all major decision makers, like the secretaries of State, Defense and Homeland Security as well as the Director of National Intelligence. The phones themselves have no encryption capability - they are connected to a central network encryptor, probably from General Dynamics' TACLANE familiy.

Also clearly visible is that these Cisco IP phones have a custom molded plastic housing, which provides TEMPEST protection against the leaking of electromagnetic emanations, but also includes two 1 Gigabit SC Fiber ports so the phone can be used in a fiber-optic network. These phones also meet Telephone Security Group (TSG) standards to make sure that they cannot by any means be caused to produce or transmit audio when the handset is on-hook.

The data stream of the video teleconference seems to be routed through the phone on the left, which has no handset and has the red "microphone mute" light on. As can be seen in a high-resolution photo, the VTC screen has an icon that shows that the connection was not encrypted:

Other locations

The same modified Cisco telephone sets can be seen in the photo below, which is from a room in the Lotte New York Palace Hotel, where Trump was staying last September for the UN General Assembly and meetings with leaders from Africa and the Middle East. Additionally, there's a newer Cisco 8841 IP phone, which is modified by Advanced Programs, Inc. (API) to provide on-hook security for the handset and the speakerphone. This phone is for any non-secure calls and is also used in the White House.

President Trump in a phone call with FEMA Director Brock Long regarding
Hurricane Maria's impact on Puerto Rico, September 20, 2017
Note the bulletproof glass plates in front of the windows
(White House Photo/Shealah Craighead - click to enlarge)

When former president Obama was on vacation, the same "yellow" Cisco phones were installed, although without the fiber-optic connections and the TEMPEST-proof encasing:

President Obama talking with his national security advisor Susan Rice following
foreign leader phone calls at Martha's Vineyard, August 11, 2014
(White House Photo - click to enlarge)

When Obama was staying in more hostile environments, these phones for the presidential telephone network were equipped with the additional security features we already saw in the Trump pictures:

President Obama talks on the phone with Russian president Putin while in Riyadh,
Saudi Arabia, with John Kerry and Susan Rice listening in, March 28, 2014
(White House Photo/Pete Souza - click to enlarge)

During Trump's second Thanksgiving address in November 2018 it appeared that the Cisco 7975 IP phone for secure calls had been replaced by a new modified Cisco IP phone 8841, see: A new secure phone for outside the White House

No Mar-a-Lago SCIF?

For the Thanksgiving photo op, the communications equipment was set up in the large living room of the Mar-a-Lago estate, most likely to provide a grand, if not to say regal decor for the press photos, but it may also indicate the absence of a dedicated secure communications room. At least it seems to show that the White House Communications Agency (WHCA) considers Trump's vacation residence less secure than Obama's.

President Trump addresses the military from Mar-a-Lago, November 23, 2017
(photo: Greg Lovett/The Palm Beach Post - click to enlarge)

Ever since Trump started using Mar-a-Lago regularly as his "Winter White House", there was speculation whether a Sensitive Compartmented Information Facility (SCIF) was created, which means a room that is protected in such a way that classified Sensitive Compartmented Information (SCI) can be stored, processed, viewed and/or discussed without being intercepted from the outside.

In April of this year, the White House press secretary tweeted a photo showing president Trump meeting with his national security staff in a provisionary situation room at Mar-a-Lago, which was apparently intended to look like a SCIF but may actually just have been a temporary set-up. The mysterious devices seen in that photo were discussed here earlier.

Links and sources
- [Video & Transcript] President Donald Trump Thanksgiving Message to the Military via Video Teleconference

October 3, 2017

The hotline between Washington and the former German capital Bonn

(Updated: December 1, 2018)

Today, it's the German Unity Day or Tag der Deutschen Einheit, which commemorates the anniversary of the reunification of East and West Germany in 1990.

In recent years, Germany's relationship with the United States had some tough times after it was revealed that chancellor Angela Merkel had been on an NSA targeting list, and a 3-year parliamentary inquiry showed a close cooperation between the NSA and the German foreign intelligence agency BND.

One part of the relationship between Germany and the US that was never reported before, is the existance of a hotline between the White House and the office of the German chancellor. Described for the first time is also the telephone equipment that was used for this kind of top level communications links.



The hotline (German: heißer Draht) between Washington and Bonn was established on Marz 16, 1962, after German chancellor Konrad Adenauer had met US president John Kennedy in Washington in November 1961. Apparently it was Kennedy who came up with the idea, maybe inspired by the secure telephone line with the British prime minister that already existed since World War II. The famous hotline between Washington and Moscow was established more than a year later, in August 1963.

In October 1966, the newspaper General Anzeiger reported that besides their initial call, Kennedy and Adenauer never used the hotline, and that at the American embassy, no one was aware of this telephone link.

This had led to the strange situation that on September 27, 1966, chancellor Ludwig Erhard and US president Lyndon Johnson, unaware of the hotline established under Kennedy, also agreed to set up a direct telephone line between the White House and Palais Schaumburg, which was the German chancellor's office (Kanzleramt) from 1949 till 1976.

After the press had reported about this agreement, Adenauer said that such a hotline already existed: he had used it for four years and had calls with Kennedy quite frequently. Multiple government spokesmen then claimed that the former chancellor was wrong, until an eye-witness was found who finally confirmed what Adenauer had said.

It's not clear how often Erhard and Johnson used the hotline: one source says they used it several times, another one that it was never used, neither by Johnson and Erhard, nor by Johnson and Kurt Georg Kiesinger, who succeeded Erhard in December 1966.* Under Adenauer and Erhard, the hotline consisted of a normal telephone line without encryption.

Secure teletype

In March 1969, US president Nixon offered chancellor Kiesinger to set up a secure teletype link between the White House and Palais Schaumburg. Were they again unaware of the earlier hotline, or was an encrypted link considered more secure? In those days it was much easier to encrypt teletype messages than a telephone channel.

We don't know whether this secure link was actually established and what equipment was used, but if so, it probably consisted of the same devices used for the hotline between Washington and Moscow: a standard teleprinter made by Teletype Corp. with the encryption being performed by an Electronic Teleprinter Cryptographic Regenerative Repeater Mixer II (ETCRRM II, see photo).

The ETCRRM II used the Vernam stream cipher, in which the plain text message is mixed with a random stream of data of the same length to generate the ciphertext. If used correctly, this method has been proved to be unbreakable.

There are no reports or other sources that mention the hotline between Bonn and Washington after 1969. But a close look at some photos of the chancellor's office show dedicated American telephone sets that enable a direct and secure communications link with the White House.

STU-I telephone

The secure teletype hotline was replaced by a secure telephone link, probably by the end of the 1970s, after the German chancellor had moved his office to the newly built Federal Chancellery in 1976. This modern, dark brown office building with lots of glass is located near the Rhine, right next to Palais Schaumburg.

Office of chancellor Helmut Kohl in the Kanzleramt building in Bonn, 1985
(photo: Archiv Friedrich/Interfoto - click to enlarge)

On the shelf beneath the painting on the right side of the wall we see two telephone sets: at the left a common gray phone without rotary dial, which was probably part of a dedicated telephone network for government (Bonner Behördennetz?) or military communications. On the right there's a standard American telephone set with some additional buttons, which can be recognized as the STU-I secure telephone:

The STU-I was developed by the NSA and introduced in 1977. It was the first secure telephone system that used a central Key Distribution Center (KDC), as well as Linear Predictive Coding (LPC) for better speech quality. Encryption was conducted through the (classified) SAVILLE algorithm, which was developed in the late 1960s by GCHQ in cooperation with NSA for cryptographic devices used by NATO and NATO countries.

It was intended that STU-I would be as compact as possible, but in the end it became a system that consisted of two units: a converted Western Electric telephone set as voice and control terminal, and the actual encryption unit which still had the size of a small refrigerator. Therefore it was often placed in an adjacent room, with a thick gray cable leading to the voice terminal. The price of one STU-I system was 35.000,- US Dollar.

STU-I voice and control terminal

In the US, the STU-I system was replaced by the STU-II and in 1987, NSA introduced the STU-III. This one-piece secure telephone became very successful and widely used throughout the US government and military. For use by NATO forces and governments of friendly nations there was a modified version designated STU-II/B.

It seems that for the hotline with Bonn though, the old STU-I was kept operational, as its voice terminal can still be recognized in this picture of Helmut Kohl's office in 1991:

Office of chancellor Helmut Kohl in the Kanzleramt building in Bonn, 1991
(photo: picture alliance/Ulrich Baumg - click to enlarge)


Below is a photo of chancellor Kohl's office in 1989, in which we see that the STU-I telephone had been replaced by its successor, the STU-II. It's not clear how that relates to the previous picture from 1991 in which we see the old STU-I: maybe the dates of the photos are not correct, or the STU-II didn't function well and the STU-I was put back.

Office of chancellor Helmut Kohl in the Kanzleramt building in Bonn, 1989
(photo: imago stock&people - click to enlarge)

IST telephone

Eventually, the hotline between Bonn and Washington did get an upgrade, and the STU-I was replaced by the Integrated Services Telephone (IST). Unlike the STU phones, which are able to encrypt the voice audio themselves, the IST has no encryption capability. Instead, it is connected to a central switch, which separates secure and non-secure traffic, after which the secure traffic is encrypted in bulk by a network encryptor.

On the far right of this photo of the chancellor's office, we can recognize an IST telephone on almost the same spot as where the STU-I phone set was:

Guided tour in the chancellor's office in the Kanzleramt building in Bonn, 1999
(photo: Wikimedia Commons/Ziko-C - click to enlarge)

The phone we see here is about half the size of the standard IST: instead of the 40 direct line buttons, there are just 6, replacing some of the special function buttons above the AUTOVON keypad with the four red keys for the Multilevel Precedence and Preemption (MLPP) function:

The IST was designed by Electrospace Systems Inc. (ESI) and manufactured by Raytheon as a dedicated device for the Defense Red Switch Network (DRSN) - hence it was called a "red phone". The DRSN is the main secure telephone network for military command and control communications and connects all mayor US command centers and many other military facilities.

The small version of the IST is rarely seen, but it was in the collection of the JKL Museum of Telephony in Mountain Ranch, California, which unfortunately was completely destroyed by a wildfire two years ago:

The small version of the IST displayed
in the JKL Museum of Telephony

It is interesting to see that a secure telephone system that was developed for the internal communications of the United States military was also used for links to foreign government leaders. For this purpose the small IST phone was only seen at the German Chancellery, as well as in the office of British prime minister Tony Blair in 2003 - just like there was also an STU-I in the office of Margaret Thatcher in 1987.

Besides the hotline with Washington, there was a direct facsimile communications link between Bonn and Moscow, which was established in 1989.* The Soviet Union also had a hotline with Erich Honecker as leader of the former East-German Republic (DDR) and during a short period before East and West Germany were united in 1991, there was a hotline between Honecker and Helmut Kohl.*



On October 3, 1990, East and West Germany were reunited and it was decided to make Berlin the capital again. After being elected chancellor late 1998, Gerhard Schröder moved to Berlin in 1999 and occupied the brand new Chancellery building in May 2001. With over 300 office rooms, this is said to be the largest government headquarters building in the world.

There are several pictures available of the chancellor's office in the Berlin Kanzleramt building, but no one in which equipment for the hotline can be recognized. If this telephone link is still operational, it will be part of the "Head of State network", which is used by the US president to communicate with foreign leaders and was upgraded to an IP-network by the White House Communications Agency (WHCA) in 2009.

Angela Merkel in her office in the new Chancellery building in Berlin, 2016
On her desk there are two regular high-end office phones,
apparently one for secure and one for non-secure calls
(photo: Reuters - click to enlarge)

In October 2013 it was revealed that NSA had tried to eavesdrop on chancellor Merkel's non-secure cell phone. This target was set in 2002, when Merkel was CDU party leader and because then Bundeskanzler Gerhard Schröder refused to join the US in the war against Iraq, the US government was probably interested in knowing the position of his main political opponent.

Although Merkel was an obvious espionage target, the fact that the Americans did so too made her angry: "Spying among friends - that simply isn’t done." She expressed this to president Obama in a phone call on October 23, 2013 and already on July 3, she had talked to him about the Snowden-revelations about Germany. It's not known whether these calls were made using the hotline of the Heads of State network.

This would have been rather ironic, but also typical for the world of espionage and signals intelligence, that on one hand, NSA tried to eavesdrop on chancellor Merkels cell phone, while on the other hand, the US provided highly encrypted equipment for the hotline between both countries.

Links and sources
- Der Westen: Diplomatie am Telefon - Der kurze Draht der Mächtigen
- Telefon Forum: Helmut Kohls Telefone

September 14, 2017

Are the Shadow Brokers identical with the Second Source?

(Updated: December 7, 2020)

What a lot of people don't know, is that a range of classified documents from the NSA have not been attributed to Edward Snowden, which means that there was at least one other leaker inside the NSA.

Initially, this leaker was called the "Second Source", and although he was responsible for significant leaks, they got little attention in the US. More media coverage gained the release, since 2016, of NSA hacking tools by the mysterious "Shadow Brokers".

Now, a close look at documents published by the German magazine Der Spiegel in December 2013 provided new indications that the Second Source could be identical with the leaker behind the Shadow Brokers.

NSA's Cryptologic Center in San Antonio, Texas (2013)
(photo: William Luther - click to enlarge)

The second source

The first leak that was not attributed to Snowden, was of an internal NSA tasking record, showing that German chancellor Angela Merkel was apparently on the NSA's targeting list. The second revelation that was said to come from the same source as the Merkel record, was that of the ANT product catalog, containing a wide range of sophisticated eavesdropping gadgets and techniques.

Security expert Bruce Schneier, who was probably the first to write about the possibility of a second source, said that this source apparently passed his documents to a small group of people in Germany, including hacktivist Jacob Appelbaum and documentary film maker Laura Poitras.

Because Poitras also received one of the initial sets of documents from Snowden, it is sometimes assumed that the documents from the Second Source may actually stem from the Snowden trove, despite not being attributed as such. For some of the individual documents this was contradicted by Glenn Greenwald and Edward Snowden though.

Spiegel reportings

The ANT catalog was published by the German magazine Der Spiegel on December 29, 2013. The original article was in German and written by Jacob Appelbaum, Judith Horchert, Ole Reißmann, Marcel Rosenbach, Jörg Schindler and Christian Stöcker. A translation in English mentioned the names of Jacob Appelbaum, Judith Horchert and Christian Stöcker.

Although this catalog got most of the attention, not at least because Appelbaum explained the various tools during a presentation at the hackers conference CCC on December 30, it was actually just an addition to Der Spiegel's extensive main piece about the hacking division of the NSA, called Tailored Access Operations (TAO).

This article was written by Jacob Appelbaum, Marcel Rosenbach, Jörg Schindler, Holger Stark and Christian Stöcker, with the cooperation of Andy Müller-Maguhn, Judith Horchert, Laura Poitras and Ole Reißmann. There was also a translation in English prepared by the Spiegel staff based upon reporting "by Jacob Appelbaum, Laura Poitras, Marcel Rosenbach, Christian Stöcker, Jörg Schindler and Holger Stark."

TAO documents

This main piece was accompanied by various NSA documents: one slide about FOXACID, a partial presentation about QUANTUM, two separate pages from other documents, as well as complete powerpoint presentations about QUANTUM tasking, the TAO unit at NSA/CSS Texas, and the QFIRE architecture:

(click to go to the various documents)

Not Snowden?

Apparently never noticed before, is that not only the ANT product catalog, but also these other presentations and documents were not attributed to Snowden. In both the German and the English version, the whole lengthy article contains multiple times phrases like "internal NSA documents viewed by SPIEGEL" but never in combination with the name of Edward Snowden.

This is remarkable, because for the media, it's usually almost some kind of honor to publish documents provided by Snowden, which is then clearly mentioned in their reporting. In those cases, the byline includes the name of the one who actually provided the documents on Snowden's behalf, often Glenn Greenwald and for Der Spiegel, Laura Poitras.

But both articles from December 29 have Jacob Appelbaum, instead of Poitras in the byline, which seems to be an indication that here, the top secret NSA documents were provided by Appelbaum, likely as the middleman for the mysterious second source.

Exception: FOXACID slide

There's one exception though: the description of the FOXACID slide says that it is from an NSA presentation from the Snowden cache - this was confirmed when on August 19, 2016, The Intercept eventually published the full presentation about FOXACID.

This slide was probably provided by Laura Poitras, from her cache of Snowden documents, which would explain why she was mentioned as one of the persons that provided assistance for Der Spiegel's main piece of December 29.

The other presentations have not been published as part of the Snowden revelations, there's only one with a similar layout (from Booz Allen's SDS unit), but is about a different topic.


If not only the ANT Product Catalog, but also these other NSA presentations about the TAO division were not provided by Snowden, but by the second source, what's the significance of that?

Analysing the range of revelations that were not attributed to Snowden, resulted in the following list of documents that were likely leaked by the second source:

- Chancellor Merkel tasking record
- TAO product catalog
- XKEYSCORE rules: New Zealand
- NSA tasking & reporting France, Germany, Brazil, Japan
- XKEYSCORE agreement between NSA, BND and BfV(?)
- NSA tasking & reporting EU, Italy, UN

Except for the TAO catalog, one of the things that all these documents have in common, is that they are different from the usual powerpoint presentations, program manuals and internal wiki pages that make up the biggest part of the Snowden revelations.

(Of course, absence of evidence is no evidence of absence, but as these second source documents are often more significant than many other Snowden files, there seems to be no reason not to publish them)

The additional December 29 files do actually fit the typical sort of documents from Snowden, which makes it more difficult to distinguish between documents from Snowden and those from the other leaker(s).

The Shadow Brokers

If we look at the content of the files, we see that those from Der Spiegel's December 29 article are all about NSA's hacking operations. There have been several Snowden stories about that topic, but more spectacular became the release, since August 2016, of actual NSA hacking tools by a mysterious person or group called The Shadow Brokers (TSB or SB).

There has been a lot of speculation about who could be behind this and how he, she or they got access to these sensitive files. One option is an NSA insider, either on his own, in cooperation with crypto-anarchists, or as a mole directed by a hostile intelligence agency.

Another suggestion was that an NSA hacker mistakenly uploaded his whole toolkit to a server outside the NSA's secure networks (also called a "staging server" or "redirector" to mask its true location) and that someone was able to grab the files from there - this option was for example favored by Snowden.


The latter theory was falsified when on April 14, 2017, the Shadow Brokers did not only publish an archive containing a series of Windows exploits, but also several documents and top secret presentation slides about NSA's infiltration of the banking network SWIFT - things unlikely to be on a staging server, which makes that the source behind the Shadow Brokers is most likely an insider. Also, maybe one or two of these hacking tools may have been on a staging server for a specific mission, but not all those that were published by the Shadow Brokers?

On July 28, the website CyberScoop reported that as part of their investigation into the Shadow Brokers leaks, US government counterintelligence investigators contacted former NSA employees in an effort to identify a possible disgruntled insider.

(just a few days ago, the Shadow Brokers released a manual for the hacking framework UNITEDRAKE, strangely enough without date and classification markings, but again something that one wouldn't find on an outside staging server)

Same source?

With the documents published by the Shadow Brokers apparently being stolen by an insider at NSA, the obvious question is: could the Shadow Brokers be identical with the Second Source? (see update)

One interesting fact is that the last revelation that could be attributed to the second source occured on February 23, 2016, and that in August of that year the Shadow Brokers started with their release of hacking files. This could mean that the second source decided to publish his documents in the more distinct and noticeable way under the guise of the Shadow Brokers.

But there's probably also a much more direct connection: the batch of documents published along with Der Spiegel's main piece from December 29, 2013 include a presentation about the TAO unit at NSA's Cryptologic Center in San Antonio, Texas, known as NSA/CSS Texas (NSAT):

TAO Texas presentation, published by Der Spiegel in December 2013
(click for the full presentation)

And surprisingly, the series of three slides that were released by the Shadow Brokers on April 14 were also from NSA/CSS Texas. They show three seals: in the upper left corner those of NSA and CSS and in the upper right corner that of the Texas Cryptologic Center:

TAO Texas slide, published by the Shadow Brokers in April 2017
(click for the full presentation)


It's quite remarkable that among the hundreds of NSA documents that have been published so far, there are only these two sets from NSA/CSS Texas. This facility is responsible for operations in Latin America, the Caribbean, and along the Atlantic littoral of Africa in support of the US Southern and Central Commands.

Update: The three Shadow Brokers slides from NSA/CSS Texas show operations against EastNets and Business Computer Group (BCG), which are both Service Bureaus for the banking network SWIFT. EastNets has offices in Belgium, Jordan, Egypt and UAE and was targeted under the codename JEEPFLEA_MARKET, while BCG serves Panama and Venezuela and was targeted under JEEPFLEA_POWDER.

Besides the one in San Antonio, Texas, NSA has three other regional Cryptologic Centers in the US: in Augusta, Georgia, in Honolulu, Hawaii and in Denver, Colorado. These four locations were established in 1995 as Regional Security Operations Centers (RSOC) in order to disperse operational facilities from the Washington DC area, providing redundancy in the event of an emergency.

So far, no documents from any of these regional centers have been published, except for the two from NSA/CSS Texas. This could be a strong indication that they came from the same source - and it seems plausible to assume that that source is someone who actually worked at that NSA location in San Antonio.


This person may only have stolen files that were available at his own workplace, as it should be realized that not every leaker necessarily has similar broad access like Snowden had (and gained) in his job as a systems administrator.

Snowden on the other hand may only have downloaded things from an intranet for NSA as a whole (assuming that would contain the most interesting files) and leaving the local network for his Hawaii office untouched - which would explain why we never saw any documents marked NSA/CSS Hawaii (another reason could be that such documents would have made it easier to identify him).
Update: One rare 2007 message from NSA Hawaii was, among some other documents, published by The Intercept on March 1, 2018.

Given the many hacking files, it's tempting to assume that the second source/Shadow Brokers was an NSA hacker at the Texas TAO unit. It's not clear though whether someone in such a position would also have had the access to the intelligence reports and traditional tasking lists which were published by Wikileaks. It's also possible that those documents came from a different source.


One final thing that the revelations from the second source and the Shadow Brokers seem to have in common is the motivation: none of their documents reveal serious abuses or illegal methods, but only compromise methods and operations, and discredit US intelligence.

Most of these documents weren't vetted by professional journalists either: although initially published by Der Spiegel and some other German media, later files were made public by the uncritical website Wikileaks, while the Shadow Brokers postings come without any intermediary on sites like Pastebin, Medium and Steemit.

(In March 2017, Wikileaks started the "Vault 7" series in which they publish secret hacking tools from the CIA. These files have dates between November 2003 and March 2016 and are therefore more recent that those from the Shadow Brokers, with their newest files being dated October 18, 2013 - some 5 months after Snowden left the NSA and around the same time when Der Spiegel published the first document from the second source)

Update #1:

On the weblog there are some additional thoughts about this issue: the author is, for various reasons, skeptical about the Shadow Brokers being a disgruntled NSA employee or contractor, and therefore that he could be identical with the Second Source. As an alternative, Emptywheel suggests that Jakob Appelbaum and the Shadow Brokers may have a mutually shared source.

I can agree with that, as I may not have made clear enough that the Second Source is the person who was able to actually steal documents from inside NSA, while the Shadow Brokers is a group or a single person who is responsible for publishing the files, just like Der Spiegel and Wikileaks did for most of the documents attributed to the Second Source.

Of course it would be possible that the Second Source eventually started to publish his documents himself under the covername Shadow Brokers, but as noted by Emptywheel, there are several indications that makes this less likely.

A slightly different option is that the Second Source provided his documents to Jacob Appelbaum and that he had them published by Der Spiegel and Wikileaks, and that later on, either Appelbaum himself acted as the Shadow Brokers, or gave the files to someone else operating under that guise.

Update #2:

In November 2013, the New York Times published a slide with a pie chart showing the sources of 103 collection accesses at the NSA's station in San Antonio, Texas. It's not clear though whether only this individual slide/chart is about NSA Texas, or the presentation as a whole.

Update #3:

An updated overview of the Shadow Brokers story was published by the New York Times on November 12, 2017, saying that investigators were worried that one or more leakers may still be inside NSA and also that the small number of specialists who have worked both at TAO and at the CIA came in for particular attention, out of concern that a single leaker might be responsible for both the Shadow Brokers and the files published by Wikileaks as part of their Vault7 and Vault8 series (although the CIA files are more recent).

Update #4:

In November 2020, national security blogger emptywheel reported that she had information that someone had logged into one of the Guccifer 2.0 accounts (involved in leaking the DNC documents hacked by the GRU) using the same IP address as someone who logged into the early staging sites (either Pastebin or GitHub) used by the Shadow Brokers. This could be an indication that the Shadow Brokers was an operation of Russian intelligence.

Links and sources
- The New York Times: Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core (2017)
- UNITEDRAKE and hacking under FISA Orders (2017)
- Shadow Brokers' Persistence: Where TSB has signed, message, hosted, and collected
- The US Intelligence Community has a Third Leaker (2014)

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties