December 30, 2020

The report of a Swiss investigation into the case of Crypto AG



Last month, the Swiss parliamentary intelligence oversight committee published a report about its investigation into the case of Crypto AG, the former Swiss manufacturer of encryption systems that was secretly owned by the CIA and the German BND.

The committee found that the Swiss foreign intelligence service knew about this covert ownership since 1993 and used its knowledge to decrypt foreign communications, but failed to inform the responsible minister about the case.

Here I will provide a translation of the summary of this report as well as some interesting additional details from the rest of the committee's report about Crypto AG in relation to the Swiss government.





Summary of the Crypto AG report

The Swiss parliamentary audit committee for national security and the intelligence services (German: Geschäftsprüfungsdelegation or GPDel) started its investigation on February 13, 2020 and published its 64-page report about the Crypto AG case on November 10, in a French (pdf) and a German (pdf) version.

Below is a translation of the summary of this report, made from the German version by using Google Translate with the necessary manual corrections. I added some links and additional details in square brackets, as well as subheadings in bold italics for easier navigation of the text.




The case of Crypto AG
Report of the audit committee of the Federal Assembly

from November 2, 2020



The essentials in brief


Since the Fall of 1993, the Strategic Intelligence Service (German: Strategischer Nachrichtendienst or SND) managed to get reliable information about Crypto AG. It learned that the company was owned by foreign intelligence agencies and exported "weak" devices, the encryption of which could be broken with a realistic effort.

In order to be able to break the encryption of such devices itself, the SND began to gather technical information about their encryption methods and customer lists. Later, when the SND had become a civilian office, it managed to get enduring access to this knowledge with the consent of the American intelligence agencies.


Legal situation

From a legal point of view, the parliamentary audit committee (GPDel) therefore sees it as an intelligence cooperation, like in the past it was provided in the military law and today in the Intelligence Service Act (Nachrichtendienstgesetz or NDG). From the fact that the SND and the American agencies acted by mutual agreement, it follows that the Swiss authorities share responsibility for the activities of Crypto AG.

It was legally allowed that the SND and a foreign intelligence agency used a company in Switzerland to gather information about foreign countries. Given the big political implications of this cooperation, however, the GPDel considers it wrong that except for the current head of the Federal Department of Defence, Civil Protection and Sport (VBS) none of her predecessors were informed about this operation.


The east wing of the Federal Palace (Bundeshaus) in Bern, Switzerland,
home of the Federal Department of Defence, Civil Protection and Sport (VBS)
(photo: Mike Lehmann/Wikimedia Commons - click to enlarge)


Police investigation

In addition, the SND's findings on Crypto AG during the Bühler affair, which was investigated by the federal police (Bundespolizei or BuPo) in 1994 and 1995, should not have been withheld from the political leadership. The head of the federal military department (EMD) at the time did not learn the truth about Crypo AG via other ways either, as he explained to the GPDel.

The GPDel also did not found any evidence that the government unduly influenced the investigations by the BuPo. Rather, the head of the Federal Department of Justice and Police (EJPD) made an effort to clarify the ownership of the company. Ultimately, however, the BuPo had to stop its investigations without being able to answer this question.

In 1994, the GPDel was informed repeatedly about the ongoing investigations of the BuPo. Just like the military and political superiors of the SND, the GPDel did not learn anything from the foreign intelligence service related to Crypto AG. The company was never subject of the information provided by the Defense Department (VBS) when the overall supervisor specifically dealt with the topic of cryptology in 2007 and 2009.


Storage and destruction of documents related to Crypto AG

Especially valuable for the inspection of the GPDel were the operational files of the SND and the BuPo, which the federal intelligence service (Nachrichtendienst des Bundes or NDB) stored in a converted K-Anlage [Kriegsanlage, a well-hidden former command bunker of the Swiss army near Bern]. Their archiving in accordance with the applicable regulations is still pending. Due to the archiving practice of the intelligence services, however, there is no guarantee that all important documents are still available.

The destruction of such records was in part allowed by law and regulations, but in some cases it contradicted them. Between 2011 and 2014, the NDB destroyed documents from their correspondence with foreign partner services, instead of storing them internally as prescribed. Its inspection showed the GPDel that the destruction of files by the intelligence service is not an effective method for source protection. Rather, there is a risk that former sources can be compromised when authorities don't have the proper information.


Foreign espionage under the guise of a Swiss company

Companies and organizations that operate on Swiss soil benefit from Switzerland's image as a neutral state. Accordingly, foreign intelligence services may have an interest to operate under the guise of a Swiss company to the detriment of other countries.

Under certain circumstances, such a company can be guilty of the criminal offense of forbidden intelligence service against foreign states. However, such an operation is permissible under applicable law when a foreign agency uses such a company together with the NDB to collect information about foreign countries (cf. Art. 34 Para. 2 NDG).

In the view of the GPDel, planning such an operation should include a political assessment of the possible consequences for Switzerland, as well as for any affected employees of the company. The Federal Council (Bundesrat) should therefore clarify in principle how much room for maneuver it wants to grant the Defense Department (VBS) in this regard.


Not enough attention for the supply of secure encryption devices

The case of Crypto AG shows that companies under the influence of foreign intelligence services can produce devices with “weak” encryption methods. However, the GPDel assumes that Crypto AG has never supplied the “weak” encryption equipment to the Swiss authorities. Important in this case was that the Swiss authorities were able to inspect the security of the purchased devices or even influence their design. However, this is only possible with suppliers who develop and manufacture their devices in Switzerland.

For security reasons, it is not responsible for the federal government to purchase encryption solutions from foreign suppliers. Right from the start, the Federal Council did not pay the necessary attention to the role that domestic suppliers play in ensuring the availability of secure encryption technology for the Swiss authorities. As the responsible department, the Defense Department (VBS) didn't analyze the risks for a reliable supply in time and informed the Federal Council about this matter.


Access to Crypto AG at the management of the intelligence services

The information access to the Crypto AG was a well-kept secret at the management level of the SND. But when the Federal Intelligence and Security Service (NDB) was created [in 2010], this knowledge remained hidden for its first director. When confronted with this a few years later, he refused to take his responsibility.

It was only in the summer of 2019 that the current director commissioned a position paper for this case, although he was not informed by his predecessor and it was still before the NDB learned from the research of the media about Crypto AG. However, he did not use this informational advantage to uncover the relations between Crypto AG, the NDB's predecessors and the American intelligence agencies. Instead of clarifying the legal situation and recognizing the political implications, the NDB downplayed the relevance of the Crypto AG case for the current organisation.

The Defense Department (VBS), which already informed the Federal Council and the GPDel in November 2019, did not succeed in identifying the need for political action. The interdepartmental working group, which the VBS also set up, was not able to support the political leadership because of the reluctance of the NDB to provide information for the looming intelligence affair.

In its application for the Federal Council meeting on December 20, 2019, the Defense Department asserted that the level of information was insufficient for a substantive discussion about the case of Crypto AG. After finding the files in the K-Anlage, about which the Defense Department had informed the Federal Council, this finding was no longer valid.

Since the NDB had not evaluated the extensive files before the Federal Council meeting, the Council decided to establish an external committee of experts to clarify the apparently purely historical questions. With this, the Federal Council gave the strategic leadership for dealing with the Crypto AG case of the hand from the start.


Ending the parallel investigation by judge Oberholzer

When the GPDel opened its inspection on February 13, 2020, former federal judge [Niklaus] Oberholzer had been active as an external expert on behalf of the Federal Council for a month, but without having access to the files from the K-Anlage. After the GPDel had requested all relevant files from the NDB, it recognized that the Crypto AG case went beyond pure history and was of current importance. This proved the approach of the defense department, to examine the historical and current aspects of the case separately, as not very effective.

Given the various parallel investigations, the GPDel considered it necessary to discuss the unresolved coordination issues with the head of the Defense Department before the work was continued. However, when the Defense Department expanded the scope of the Oberholzer investigation before to the meeting agreed with the GPDel, the GPDel revoked its authorization to the Federal Council to commission Mr Oberholzer on February 21, 2020. As an investigative officer for the GPDel, he then reported on the intelligence-related aspects of the Crypto AG case in a secret report for the GPDel.

On February 25, 2020, the GPDel discussed its revocation of the authorization with the head of the Defense Department. The subsequent written exchange with the Federal Council led to a meeting with the federal president and the head of the Defense Department on May 25, 2020, where the GPDel provided information about the most important facts about the role of the intelligence services in the case of Crypto AG. In a classified letter this information was also brought to the attention of the Federal Council.


Former headquarters of Crypto AG in Steinhausen, Switzerland
(photo: Keystone - click to enlarge)


Suspension of the export licenses for Crypto AG's successors

After the meeting of the Federal Council on December 20, 2019, the Federal Department of Economic Affairs, Education and Research (WBF) decided to suspend the general export licenses for the successor companies of Crypto AG [Crypto International AG and TCG Legacy AG]. The goal was apparently to avoid unfavorable media coverage for the WBF.

From the point of view of the GPDel, however, the suspension of these licenses was neither materially nor legally justified, just like the way the State Secretariat for Economic Affairs (SECO) delayed matters related to those companies. Individual export applications could still be submitted though.

There were also no legal arguments against their issuance, as the export control group rightly recognized on March 4, 2020. However, due to the position of the Federal Department of Foreign Affairs (EDA), it was decided in May 2020 to submit all applications to the Federal Council for decision.


Filing a criminal complaint against Crypto AG

On February 25, 2020, the SECO, with the support of the WBF, filed a criminal complaint at the federal prosecutor's office. Because of the first media coverage, the SECO suspected that by exporting "weaker" encryption technology before 2018, Crypto AG had violated individual declaration obligations from the export control law (Güterkontrollrecht).

Without further scrutiny, the WBF took over the argument of the SECO according to which there was a legal obligation to file a complaint. However, in an opinion at the request of the SECO, the federal prosecutor had advised against filing a criminal complaint; the SECO did not discussed the matter with other federal agencies.

From the point of view of the GPDel, the criminal complaint was based on an insufficient assessment of the facts and an inadequate legal reasoning. Since the complaint was apparently made for political reasons, it should have been submitted by the Department of Economic Affairs (WBF) instead of by the SECO.


Authorization to prosecute Crypto AG

On March 13, 2020, the federal prosecutor asked the Justice and Police Department (EJPD) for the authorization to prosecute the violations of the export control law as reported by he SECO. Three months later, the EJPD submitted the prosecutor's application for decision to the Federal Council. Before that, the EJPD had a discussion about it with the GPDel on May 25, 2020.

The WBF for its part, requested the Federal Council on June 10, 2020 to approve all pending export applications, this although it had supported SECO's criminal complaint. After the Federal Council had postponed the issue by a week, the WBF requested to suspend the decision until the prosecutor's investigation had been finished. The Federal Council followed this proposal on June 19, 2020 and on the same day it granted the authorization to the federal prosecutor.


Violation of good faith and of the separation of powers

The GPDel recognizes the coherence between the decisions of the Federal Council regarding the authorization application by the federal prosecutor and the individual export applications from the successor companies of Crypto AG. With their indefinite postponement, however, the Federal Council may have violated the principle of good faith, because in principle every Swiss company can expect an authorization of its exports, unless there are legal arguments against it.

The export control law was also not a suitable means of approaching the Crypto AG case, while the criminal complaint was obviously an attempt to get rid of political responsibility by letting the justice system tackle the Crypto AG case. With this, the Federal Council ultimately linked the criminal case with the ongoing investigation of the GPDel, which was problematic given the separation of powers.




The Swiss foreign intelligence service

Initially, the Swiss foreign intelligence service (German: Strategischer Nachrichtendienst or SND) was part of the Untergruppe Nachrichtendienst (UG ND), which reported to the general staff of the Swiss army. In 2001, it was removed from the military hierarchy and turned into a civilian office, but still under the responsibility of the head of the Defense Department.

On January 1, 2010, the SND was merged with the domestic security service (Dienst für Analyse und Prävention or DAP) into the current federal intelligence and security service (Nachrichtendienst des Bundes or NDB), which is also responsible for signals intelligence.

Known divisions of the NDB are:
- NDBA for Auswertung (Analysis)
- NDBB for Beschaffung (Acquisition)
   - NDBB-A for Beschaffung Ausland (Foreign Acquisition)
   - NDBB-I for Beschaffung Inland (Domestic Acquisition)
- NDBS for Steuerung und Lage (Coordination)
- NDBU for Unterstützung (Support)


Headquarters of the Nachrichtendienst des Bundes (NDB) in Bern, Switzerland
(photo: Samuel Schalch - click to enlarge)



More details from the Crypto AG report

Besides the general conclusions as translated above, the GPDel report about the Crypto AG case also contains some more detailed information that is worth to be translated:


The MIVERVA report

The NDB provided the parliamentary audit committee (GPDel) with a copy of the internal CIA report about Crypto AG. This report is titled "MINERVA - A History" and describes how since the 1950s, US intelligence agencies cooperated with the Swedish owner of Crypto AG and was taken over by CIA and BND in 1970. The report includes the withdrawel of the Germans from the operation in 1993 and ends in 1995. The MINERVA report was written after the year 2000 with input from representatives of the BND.

It seems that around 2005, the Germans were provided a copy of the report and prepared additional assessments. This version of the American report, together with German documents, came in the hands of the press, which in February 2020 published about certain sections of the report. The full MINERVA report of almost 100 pages has not yet been released.

The GPDel analyzed the MINERVA report and additional information from the NDB confirmed the authenticity of the document. Regarding the situation in Switzerland, the report is not always accurate and contains small mistakes. Apparently the American authors were not very familiar with Switzerland and its government. (p. 9-10)



Acquiring and using information about weakened algorithms

Since the autumn of 1993, the SND got informed about the fact that Crypto AG was owned by American and German intelligence services and that the company built encryption devices with weaker algorithms. The SND aimed at breaking the encryption of these weakened devices themselves and gathered technical information about the encryption methods of the exported Crypto AG devices. This knowledge could also be used to identify weak encryption methods used in devices bought by Swiss customers. (p. 20)

This search for information about the weak algorithms continued after the SND became a civilian office in 2001 and was only successful because American intelligence agreed that Switzerland got the necessary information but only as far as necessary. (p. 20)

It should be noted that the Swiss intelligence service was not a member of the secretive Maximator alliance, in which the signals intelligence agencies of Denmark, Sweden, Germany, the Netherlands and France cooperated since 1976. Part of this cooperation was breaking the codes of diplomatic communications, for which the alliance members exchanged the algorithms used in the deliberately weakened encryption devices made by Crypto AG.

In order to actually use its knowledge about the weakened encryption methods for national security interests, the SND also had to gain access to encrypted communications. Interception of radio communications was conducted by a unit of the Swiss army (Führungsunterstützungsbasis der Armee or FUB).

After modernizing systems to intercept short wave (high frequency) radio communications, Switzerland started to set up a system to intercept satellite links, which is codenamed Onyx and became fully operational in 2006. The decryption capabilities were integrated in the interception process managed by the SND. (p. 20)


The Onyx satellite intercept station in Leuk, Switzerland
(photo: Martin Steiger/Wikimedia Commons - click to enlarge)


Knowledge about Crypto AG at the SND and the NDB

At the SND the information about Crypto AG was a closely held secret. Only the head of the SND (Fred Schreier) and his successors (Hans Wegmüller and Paul Zinniker) and no more than two other employees of the SND knew about it. The director of the newly created NDB, Markus Seiler, was (orally) informed about the existence of weak Crypto AG devices when he assumed office in 2010. (p. 21)

Only during his last year in office, 2017, Seiler was also informed about what made his organization able to decrypt the weak algorithms, but he declined to accept a note about further options. Vice-director Paul Zinniker supported him in not taking further actions. The former heads of the Swiss Defense Department (VBS) were not informed about the fact that Crypto AG was under control of American intelligence and that Swiss intelligence was using its knowledge about the weak algorithms. (p. 21)

In the spring of 2019, the current director of the NDB, Jean-Philippe Gaudin, got basically the same information about Crypto AG as his predecessor two years earlier. But this time, Gaudin requested a detailed presentation and demanded a written position paper. On August 19, 2019, Gaudin also informed the head of the Defense Department (p. 21)

Mid-October 2019, the NDB was provided with a copy of the MINERVA report and its director was informed about its contents. As of the end of October there was an increase in the communications between the NDB, the American and other foreign intelligence services, also in order to anticipate the media coverage about the MINERVA report. (p. 22)


Awareness about weaknesses in encryption devices

In 2007, the GPDel was briefed about how the SND's decryption capabilities are integrated in the process of intercepting foreign communications. A fact sheet showed that many manufacturers of encryption devices built in weaknesses for some of their customers. Behind this practice were the intelligence agencies of the United States and some of its allies. However, other states with the proper capabilities, like Switzerland, could also benefit from this. (p. 23)

According to the GPDel, the knowledge about the weakened Crypto AG devices provided useful intelligence for Switzerland as it could be used to decrypt the communications from foreign targets and exchange information with foreign intelligence services, which also strengthed the position of Switzerland. However, it should also be noticed that encryption methods and access to relevant communications are changing continously and know-how can rapidly loose its value. (p. 27)

The GPDel found that it was possible to identify weaknesses in various types of encryption devices used by Swiss institutions and to repair the deficiencies. This shows how important it is to have good insights on domestic manufacturers and influence the quality of their products. (p. 27) The GPDel was assured that all inspections made clear that Crypto AG never provided weak encryption devices to Swiss government agencies - unlike another company. (p. 31)


A second Swiss company selling weakened encryption devices

From hand-written notes from the head of the Defense Department, the GPDel learned that the security of encryption devices used by federal agencies had regularly been a talking point between the director of the SND and the head of the Defense Department. Somewhere between 2002 and 2008 it became clear that a Swiss manufacturer (not being Crypto AG) had sold unsecure equipment to the federal government and two large corporations. After learning about this, the Defense Department took measures to close the hole. (p. 28)

In November 2020, the Swiss broadcaster SRF revealed that this other Swiss company was Omnisec AG, which was founded in 1987 and dissolved in 2018. According to SRF, Omnisec had sold less secure encryption devices from their 500-series to Swiss federal agencies and even to the secret services SND and DAP. These weakened devices were also sold to at least two private companies, including the UBS bank - around the time when the US pressed Swiss banks to lift their banking secrecy.

Former headquarters of Omnisec AG in Dällikon, Switzerland
(photo: ZVG - click to enlarge)



Links & sources

- Swissinfo.ch: Second Swiss firm allegedly sold encrypted spying devices (Nov. 26, 2020)
- Woz.ch: Professor Maurer und die NSA (Nov. 26, 2020)
- SRF.ch: Geheimdienstaffäre, Corona im Milieu, Boni trotz Pandemie (Nov. 25, 2020)
- Res Strehle, Operation Crypto. Die Schweiz im Dienst von CIA und BND, Echtzeit Verlag, Juli 2020.
- CryptoMuseum.com: Operation RUBICON - The secret purchase of Crypto AG by BND and CIA


November 30, 2020

The NSA tried to spy on Danish and other European targets via cable tapping in Denmark

(Updated: July 6, 2021)

According to new revelations by the Danish broadcaster DR, the NSA tried to use its collaboration with the Danish military intelligence service FE to spy on targets in some other European countries and even on targets in Denmark itself.

Here, the new information about Denmark is compared with Germany, where similar accusations were raised in 2015 when it came out the the NSA provided the BND with thousands of selectors related to German and European targets.




New revelations from Denmark

The latest details about the cooperation between the NSA and the FE were published by the Danish broadcaster DR on November 15. This information comes from several independent sources with insight into internal reports from the FE.

In these reports, the FE management was warned about possible illegalities in the cable tapping operation that the Danish military intelligence service FE conducted in cooperation with the NSA.


An IT specialist from the FE, who blew the whistle on these issues and informed the Danish intelligence oversight board in November 2019, prepared or was involved in preparing at least two of these internal reports, according to DR News.

These two reports, one from 2012 and another one from 2015, contain an analysis of the phone numbers and e-mail addresses (also known as selectors) that the NSA sent to the FE in order to collect information from the cable tap.


Spying on Danish targets (2012)

According to DR News, the analysis of the selectors from 2012 revealed that the NSA used or had used the cooperation with the FE to spy on Danish targets, including the Ministry of Foreign Affairs and the Ministry of Finance, as well as the defense company Terma. This was discovered by an FE employee, who informed his bosses.

Sources of DR News said that the NSA entered keywords into the XKEYSCORE system that show they searched for e-mail addresses and phone numbers belonging to specific employees at Terma.

It's suspected that the Americans wanted information about Denmark's purchase of new fighter jets to replace the F-16. The Danish government eventually choose the American F-35 Joint Strike Fighter, for which Terma supplies components.


The factory of Terma Aerostructures in Grenaa where parts
for the F-35 fighter jets are produced (photo: Terma)


The revelation that the NSA was trying to spy on Danish targets is quite explosive, not only because it violates the agreement between the US and Denmark, which says that "the USA does not use the system against Danish citizens and companies", but also because it would be illegal for the FE to allow foreign espionage against Danish targets.


Protective filter system

Precisely to prevent that, the FE had installed a filter system to ensure that data from Danish citizens and companies is sorted out and not made searchable by XKEYSCORE, as DR News had reported on September 24.

A source of the Danish newspaper Berlingske explained that during the joint cable tapping operation, the NSA provided the FE with a series of selectors related to targets of their interest. These selectors were reviewed by the FE to make sure that they were not related to Danes and then entered into the system that filters the traffic from the backbone cable.

According to Berlingske, the searches on behalf of the NSA resulted in quite large data streams which were then, this time without further control by the FE, passed on to the Americans.

These press reports seem not really in accordance with each other though:

- The latest DR News report suggests that the NSA entered its selectors directly into XKEYSCORE (which is also able to perform the actual "front-end filtering") without mentioning the filter to protect Danes.

- The earlier press reports, however, say that the protective filter system either sorts out Danish data before they can be searched, or that it blocks selectors related to Danish targets before they become active in the actual collection system.

This is of some importance, because if the protective filter worked as described and intented, the NSA's selectors for Danish targets would not have resulted in actual intercepts - or just a very few, given that these kind of filters have no 100% accuracy.

As the NSA knew about this protective filter system, they may have simply relied on the FE to block anything that would not be in accordance with the Memorandum of Agreement, even though that seems not the way it should have been.


The Sandagergård complex of the FE on the island of Amager,
where a data center was built specifically to store data
from the joint NSA-FE cable tapping operation.
(Click to enlarge)


Spying on European targets (2015)

In 2015, another internal FE analysis of selectors showed that the NSA at that time used the cable tapping system to spy on targets in some other European countries, including Denmark's closest neighbours: Sweden, Norway, the Netherlands, Germany and France, according to DR News.

Sources told the Danish broadcaster that the NSA apparently also searched for information about the pan-European Eurofighter and the Swedish fighter plane Saab Gripen. Both were in the race to become Denmark's new fighter aircraft, which was decided around the time that this spying happened.

Unlike the first report, the second one was prepared some two years after the start of the Snowden revelations and in the same year as the German "Selector Affair" (see below). Both events may have been an incentive for the FE to investigate whether the NSA was also using their collaboration to spy on other European countries.

We can assume that the FE has no filter system to prevent collection against other European countries, which means the NSA selectors related to European targets had likely been active in the collection system and may have resulted in an unknown number of intercepted communications.

Spying on foreign governments is usually considered fair game and this was probably also not prohibited by the agreement between the NSA and the FE. Nonetheless would it be an embarrassment for Denmark when it would turn out that the NSA used its partnership with the FE for spying on other European countries.




UPDATE:

More details about the foreign targets were publiced on May 30, 2021 through joint reporting by the Danish broadcaster DR, SVT, NRK, Süddeutsche Zeitung, NDR, WDR and Le Monde. Multiple sources confirmed that in 2014, the FE started a secret internal investigation codenamed Operation Dunhammer. The results were handed over to the FE's management in 2015 and eventually led to the FE scandal of 2020.

According to the Dunhammer report, the NSA provided the FE with selectors for Norwegian, Swedish, German and French politicians and officials and subsequently obtained their communications, like telephone conversations, chat messages and text messages (as far as these traveled through the cables that were intercepted by the FE).

Among the German politicians were chancellor Angela Merkel, then foreign minister Frank-Walter Steinmeier and then opposition leader Peer Steinbrück. According to Der Spiegel, politicians from The Netherlands were also intercepted. Apparently, the Dunhammer report did not led to an end of the cooperation with the NSA.


Comparison with Germany

The new information about the cooperation between the NSA and the Danish FE can be compared with the things we know about a similar cooperation between the NSA and the German foreign intelligence service BND, which included at least two joint operations:

- Eikonal: tapping cables of Deutsche Telekom in Frankfurt (2004-2008)
- Bad Aibling: satellite interception at the Bad Aibling Station (2004-2013)

For the cooperation at Bad Aibling, the NSA provided the BND with a total of roughly 690.000 phone numbers and 7,8 million internet identifiers, which is an average of about 165 phone numbers and 1900 internet identifiers each day (the actual number of targets is significantly lower because each e-mail address can have some 8 different permutations).

In 2015 this resulted in the "Selector Affair", when it came out that among the identifiers for numerous legitimate targets, the NSA had also sent thousands of selectors related to European and even German targets, which was in clear violation of the Memorandum of Agreement (MoA) with the BND.



The BND satellite intercept station at Bad Aibling, Germany
(Photo: AFP/Getty Images - Click to enlarge)


Spying on European targets

Just like in Denmark, the Germans had found out that the NSA tried to spy on targets in other European countries. After severe political pressure, the German government agreed to let an independent investigator, Dr. Kurt Graulich, look at the suspicious selectors. In October 2015 he published his extensive, 250-page report about the issue.

Regarding the main list of almost 40.000 NSA selectors that the BND had rejected between 2005 and 2015, the investigator found that 62% belonged to government agencies of EU member states, 19% to Germans outside Europe, 7% to EU institutions, 6% to Germans, 4% to foreigners abroad, 1% to Germans in Europe and 1% to German embassies.


Spying on foreign governments and foreign defense companies does not violate German law, but investigator Graulich still considered it a clear violation of the Memorandom of Agreement, which allowed collection against European targets only for a very few specific topics.

Later in 2015 it was reported that the BND itself was also spying on for example the French foreign minister and the interior departments of EU member states like Poland, Austria, Denmark and Croatia, as well as on the FBI, the Voice of America and international organizations like the ICC, the WHO and UNICEF.

So just like it was the case at the BND, the FE might not have cared very much about the NSA selectors related to European targets, and just like the Germans, the Danes probably also spied on governments and certain companies from other EU countries themselves.



Spying on German targets

In 2015, the Germans had discovered that the NSA had apparently also tried to spy on German targets during their cooperation with the BND.

The examination of the NSA selectors by Dr. Graulich revealed that several hundred were related to German targets, mostly German companies, both inside and outside Germany. Selectors related to the German government were not found, which is an interesting difference to Denmark.

The reasons why the NSA was interested in these German companies could not been clarified by Dr. Graulich, mainly because the BND had no access to the NSA's motivations for each selector.

Just like in Denmark, it seems that the NSA sent their collaboration partner simply all the selectors they were interested in, with apparently little or no effort to pick out those that could be controversial.

Here too, the NSA seems to have relied on the foreign partner to block the selectors that would violate national law and the collaboration agreement. But even then this seems not very smart, because it would potentially allow the partner to see what targets the NSA was interested in.


The DAFIS filter system

Just like the FE, the BND also has a filter system to prevent that German data are passed on to the Americans. From the German parliamentary investigation we know a lot more about this BND system, which is called DAFIS (for DAtenFIlterSystem) and checks not only the selectors that come in, but also the collection results that go out:



Overview of the dataflow for the NSA-BND cooperation at Bad Aibling
(Click to enlarge)


As can be seen in the diagram, all the selectors which the NSA wanted to be used for collecting (in this case) foreign satellite traffic first had to pass the DAFIS system, which checked them in an automated process of 3 stages:
Stage 1: A negative filter which blocks e-mail addresses ending with .de and phone numbers starting with 0049, but most likely also ranges of IP addresses assigned to Germany.

Stage 2: A positive filter consisting of a list of foreign phone numbers and e-mail addresses used by German citizens, for example businessmen, journalists, but also jihadis when they are inside Germany.

Stage 3: A filter to sort out selectors that collide with "German interests", which mainly applies to European military contractors in which Germany participates (like EADS and Eurocopter, both part of Airbus now)

Selectors that were "approved" by the DAFIS system were entered into the tasking databases (Steuerungsdatenbanken) that fed the actual collection system. Communications that matched these selectors were picked out and were also sent through the DAFIS system for another check whether they might contain German data.

Only data that passed this double check were eventually transferred to the NSA. The selectors that were rejected by DAFIS were marked as "disapproved" in order to prevent that they were submitted again later on. The NSA knew and accepted that some of its selectors were blocked by the BND, according to the Graulich report.*

Most of the NSA selectors related to German targets had been blocked by the DAFIS filter. A smaller number of them had been active in the collection system for some period of time, but it is not known whether this resulted in the actual collection of communications (Erfassungen).



A European bazaar?

The way how the NSA tried to spy on European targets through their collaboration with the BND and the FE reminds of what Edward Snowden said in his written testimony for the European Parliament from March 2014:

"The result is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn't search it for Danes, and Germany may give the NSA access to another on the condition that it doesn't search for Germans.
Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements.
Ultimately, each EU national government's spy services are independently hawking domestic accesses to the NSA, GCHQ, FRA, and the like without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole."

This sounds like an accurate description, except that these joint operations with the NSA are not about "mass surveillance against ordinary citizens", as in both Germany and Denmark the NSA only provided selectors for specific targets like government agencies and companies in the defence industry, for example.

Nonetheless, spying on such targets in the partner country violates national law and the agreements between the NSA and their European counterparts, but for both the FE and the BND that didn't seem a very big concern, at least until the Snowden revelations.

One reason may lie in the fact that in general, these so-called Third Party relations with the NSA do not include a "no-spy" condition, so both parties are free spy on each other, despite their otherwise close cooperation.

That may have kept the Danish and German intelligence agencies vigilant and let them install filter systems to make sure that no data from their country would be passed on to the Americans.

And the NSA, for their part, apparently assumed that their counterparts would do enough to protect their own data so they didn't put much effort in sorting out the selectors to be used in these kind of joint operations.



Links & sources

- Willy Van Damme: De F35 – Pleegde de Deense militaire veiligheidsdienst landverraad? (Nov. 23, 2020)
- DR News: Hemmelige rapporter: USA spionerede mod danske ministerier og forsvarsindustri (Nov. 15, 2020)
- DR News: Ny afsløring: FE masseindsamler oplysninger om danskere gennem avanceret spionsystem (Sept. 24, 2020)
- Berlingske: Et pengeskab på Kastellet har i årtier gemt på et dybt fortroligt dokument. Nu er hemmeligheden brudt (Sept. 13, 2020)
- The Register: The Viking Snowden: Denmark spy chief 'relieved of duty' after whistleblower reveals illegal snooping on citizens (August 25, 2020)
- The Graulich report: Nachrichtendienstliche Fernmeldeaufklärung mit Selektoren in einer transnationalen Kooperation (Oct. 23, 2015)
- Der Spiegel: Dänemark half offenbar der NSA beim Bespitzeln von EU-Politikern
- Le Monde: Comment des dirigeants européens, dont Angela Merkel, ont été espionnés par la NSA depuis le Danemark
- SZ: NSA hört über Dänemark mit (May 30, 2021)
- DR: Forsvarets Efterretningstjeneste lod USA spionere mod Angela Merkel, franske, norske og svenske toppolitikere gennem danske internetkabler


October 28, 2020

Danish military intelligence uses XKEYSCORE to tap cables in cooperation with the NSA


Last August, it came out that a whistleblower accused the Danish military and signals intelligence service (Forsvarets Efterretningstjeneste or FE) of unlawful activities and deliberately misleading the intelligence oversight board.

Meanwhile, the Danish press was able to paint a surprisingly comprehensive and detailed picture of how the FE cooperated with the NSA in cable tapping on Danish soil.

It was further revealed that the Americans provided Denmark with a sophisticated new spy system which includes the NSA's data processing system XKEYSCORE.

A Danish paper also disclosed that the accusation of unlawful collection came from a young FE employee who reminds of Edward Snowden. A newly established investigation commission now has to clarify whether he was driven by fears or by facts.


The Sandagergård complex of the FE on the island of Amager, where a new
data center was built for its deployment of the XKEYSCORE system



Cable tapping

In an extensive piece from September 13, the renowned Danish newspaper Berlingske (founded in 1749) describes how the FE, in cooperation with the NSA, started to tap an international telecommunications cable in order to gather foreign intelligence.

In the mid-1990s, the NSA had found out that somewhere under Copenhagen there was a backbone cable containing phone calls, e-mails and text messages from and to countries like China and Russia, which was of great interest for the Americans.

Tapping that cable, however, was almost impossible without the help of the Danes, so the NSA asked the FE for access to the cable, but this request was denied, according to Berlingske.


Agreement with the United States

The US government did not give up, and in a letter sent directly to the Danish prime minister Poul Nyrup Rasmussen, US president Clinton asked his Danish colleague to reconsider the decision. And Nyrup, who was a sworn supporter of a close relationship with the US, said yes.

The cooperation was laid down in a document, which, according to Berlingske, all Danish defense ministers had to sign "so that any new minister could see that his predecessor - and his predecessors before his predecessors - with their signatures had been part of this small, exclusive circle of people who knew one of the kingdom's biggest secrets."

The code name for this cooperation is not known, but it's most likely part of the NSA's umbrella program RAMPART-A. Under this program, which started in 1992, foreign partners provide access to high-capacity international fiber-optic cables, while the US provides the equipment for transport, processing and analysis:


Slide from an NSA presentation about RAMPART-A from October 2010


Agreement with a cable operator

To make sure that tapping the cable was as legal as possible, the government asked approval of the private Danish company that operated the cable. The company agreed, but only when it was approved at the highest level, and so the agreement was signed by prime minister Rasmussen, minister of defense Hækkerup and head of department Troldborg.

Because the cable contained international telecommunications it was considered to fall within the FE's foreign intelligence mandate. The agreement was prepared in only one copy, which was shown to the company and then locked in a safe at the FE's headquarters at the Kastellet fortress in Copenhagen, according to Berlingske.

This Danish agreement is very similar to the Transit Agreement between the German foreign intelligence service BND and Deutsche Telekom, in which the latter agreed to provide access to international transit cables at its switching center in Frankfurt am Main. The BND then tapped these cables with help from the NSA under operation Eikonal (2004-2008).


Processing at Sandagergård

Berlingske reported that the communications data that were extracted from the backbone cable in Copenhagen were sent from the Danish company's technical hub to the Sandagergård complex of the FE on the island of Amager. The US had paid for a cable between the two locations.

At Sandagergård, the "NSA made sure to install the technology that made it possible to enter keywords and translate the huge amount of information, so-called raw data from the cable tapping, into "readable" information."

The filter system was not only fed by keywords from the FE, but the NSA also provided "the FE with a series of keywords that are relevant to the United States. The FE then reviews them - and checks that there are basically no Danes among them - and then enters the keywords" according to sources cited by Berlingske.

Besides this filtering with keywords and selectors, the FE and the NSA will also have used the metadata for contact-chaining, which means reconstructing which phone numbers and e-mail addresses had been in contact with each other, in order to create social network graphs - something the sources apparently didn't want to disclose to Berlingske.


Map of the current backbone cables around the Danish capital Copenhagen
and the Sandagergård complex of the FE on the island of Amager
(source: Infrapedia - click to enlarge)


Trusted partners

Part of the agreement between the US and Denmark was that "the USA does not use the system against Danish citizens and companies. And the other way around". Similar words can be found in an NSA presentation from 2011: "No US collection by Partner and No Host Country collection by US" - although this is followed by "there ARE exceptions!"

The latter remark may have inspired Edward Snowden to accuse the NSA of abusing these cooperations with foreign partner agencies to spy on European citizens, but as a source told Berlingske:

"I can not at all imagine in my imagination that the NSA would betray that trust. I consider it completely and utterly unlikely. If the NSA had a desire to obtain information about Danish citizens or companies, the United States would simply turn to [the domestic security service] PET, which would then provide the necessary legal basis."

The source also said that "the NSA wanted to jump and run for Denmark. The agency did everything Denmark asked for, without discussion. The NSA continuously helped Denmark - because of this cable access. [...] Denmark was a very, very close and valued partner."

This close and successful cooperation was apparently one of the reasons for the visit of president Bill Clinton to Denmark in July 1997, according to Berlingske.


Danish prime minister Poul Nyrup Rasmussen and US president Bill Clinton
during his visit to Denmark in July 1997 (photo: Linda Kastrup)


A new spy system

In the wake of the FE scandal even more recent developments have been revealed: a report by the Danish broadcaster DR from September 24, 2020 provides interesting details about how the Americans provided Denmark with a sophisticated new "spy system".

After the FE got a new head of procurement in 2008, NSA employees frequently traveled to Denmark for quite some time to build the necessary hardware and install the required software for the new system, which DR News describes as extremely advanced. It also has a special internal code name, which the broadcaster decided not to publish. It's also this new system through which the alleged illegal collection of Danish data took place.

According to DR News, the NSA technicians were also involved in the construction of a new data center at the FE's Sandagergård complex on Amager that was specifically built to house the new spy system, which was taken into use somewhere between 2012 and 2014. The cooperation between the FE and the NSA on this specific system was based upon a Memorandum of Understanding (MoU) signed by then FE chief Thomas Ahrenkiel.


Filter systems

The DR News report also goes into more detail about the interception process. It says that first, the intelligence service identifies a data stream that may be interesting, after which they "mirror" the light that passes through the particular fiber-optic cables. In this way, they copy both metadata and content, like text messages, chat conversations, phone calls and e-mails, and send them to the FE's data center at Sandagergård.

According to DR News, the FE tried to develop a number of filters to ensure that data from Danish citizens and companies is sorted out and not made searchable by the new spy system. The former Danish minister of defense Claus Hjort Frederiksen recently said that there was indeed an attempt to develop such filters, but at the same time he admitted that there can be no guarantee that no Danish information will pass through.



XKEYSCORE

DR News also reported that the heart of the new spy system is formed by XKEYSCORE, which was developed by the NSA and the existence of which was first revealed by The Guardian in June 2013.

The NSA's British counterpart GCHQ incorporated XKEYSCORE in its own system for processing bulk internet data codenamed TEMPORA and it can be assumed that the other Second Party partners (also known as the Five Eyes) also use this system, whether or not under a different codename.




From the Snowden documents we know that the NSA also provided XKEYSCORE to some of its Third Party partners: the German foreign intelligence service BND and domestic security service BfV, the Swedish signals intelligence service FRA and the Japanese Directorate for SIGINT. It is new though that the Danish military intelligence service FE uses the system too.

Some press reports seem to suggest that these partner agencies "gain access to XKEYSCORE" as if it would allow them to connect to a huge global mass surveillance system. The latter may be the case for the NSA's Second Party partners, but the Third Party partners are using XKEYSCORE only to process and analyze data from their own tapping points and are not able to access data from Five Eyes collection platforms.

Likewise, NSA analysts using XKEYSCORE don't have direct access to, in this case, Danish collection systems, only to data that the Danes agreed to share with the US as "3rd party collection".


Slide from an NSA presentation about XKEYSCORE from August 2008


How XKEYSCORE works

Glenn Greenwald presented XKEYSCORE as the NSA's "widest-reaching" tool to collect "nearly everything a user does on the internet". This is misleading, because it's more about quality than about quantity: the system actually helps analysts to "downsize their gigantic shrimping nets [of traditional collection methods] to tiny goldfish-sized nets and merely dip them into the oceans of data, working smarter and scooping out exactly what they want".

The NSA has XKEYSCORE installed at some 150 data collection sites all over the world. There, it creates a rolling buffer of 3 to 5 days of content and around 30 days of metadata, which can be remotely searched by analysts. They can use traditional selectors like phone numbers and e-mail addresses to pick out data of interest, but that's the old way and how other agencies perform bulk collection.

Filtering phone numbers and e-mail addresses became less useful because targets know that this happens and shifted to anonymous ways to communicate over the internet. The novelty of XKEYSCORE is that it enables analysts to find exactly those anonymous communications. For that purpose it reassembles IP packets into their original format ("sessionizing"), like Word documents, spreadsheets, chat messages, etc.



Diagram showing the dataflow for the DeepDive version of XKEYSCORE


Once restored, these files can be searched for characteristics that are related to certain targets or target groups, like use of encryption, the use of the TOR network, the use of a different language than where someone is located, and many combinations thereof. In this way, analysts can discover new targets and then start monitoring them more closely.

XKEYSCORE was also mentioned in a classified file from the German BND, which contains a diagram that shows the difference between XKEYSCORE and traditional collection systems: in the traditional set-up, IP packets from a data stream were reassembled and then went through a filter to select only those of interest, which were forwarded for further analysis. XKEYSCORE could do all that at once:






Unlawful collection?

Now that the various disclosures by the Danish press provided quite some insight into the FE's cable tapping activities, how about the abuses it's accused of?

According to DR News, it was the newly installed spy system through which the alleged illegal collection of Danish data took place. In the first place we can assume that the filters were not able to block all the communications related to Danish citizens, residents or companies, but this is of a technical nature and not intentional.

Another option is that the FE itself, or the NSA fed the system with selectors (like phone numbers and e-mail addresses) that would result in the collection of Danish data. The NSA would not have been allowed to do that under the agreement with the Danes, while for the FE this would be against the law.

According to a source cited in the aforementioned Berlingske newspaper article, there was one case in which "the NSA sent a request to search for a company in a country in Asia, but when the FE checked the selector, it discovered that the company was Danish-owned, whereupon the request was rejected".

This shows that, just like it was the case in Germany, the NSA's interest was quite "broad", but that the FE did its best to protect Danish subjects and blocked such requests where possible.

A third option is that the illegal collection took place through the additional data search capabilities of the XKEYSCORE system, which is imaginable because here the search criteria are applied to characteristics of the content of the communications, instead of the people who are involved.

According to Berlingske, the whistleblower who informed the intelligence oversight board "feared that the management of the Defense Intelligence Service was doing US business by leaving its special system with technical vulnerabilities that allowed the National Security Agency to abuse it."


The whistleblower

Berlingske was also able to identify the whistleblower as a younger employee of the FE, working as an IT specialist - a striking similarity to Edward Snowden. The paper says that in 2013 he became increasingly concerned, but it's not clear whether this may have been caused by the Snowden revelations, which started in June of that year and included reports about XKEYSCORE, the system that had just been installed at the FE.

As the IT specialist insisted on his criticism, then head of the FE Thomas Ahrenkiel decided - without informing the Americans - to set up a technical working group to go through the system looking for vulnerabilities or signs of abuse by NSA. As reported by Berlingske, the IT specialist himself, with the aim of reassuring him, also participated in the working group, which in 2014 concluded that there were no signs of illegal intrusion.

For the FE the case was closed, but, as reported by Berlingske, the IT specialist was not satisfied and "he made a drastic decision and smuggled a recorder into his workplace, arranged meetings with colleagues and bosses for several months and recorded them in secret" - again a kind of persistance very similar to how Snowden operated. But unlike Snowden, the Danish whistleblower did not contact the press, but eventually informed the intelligence oversight board.


Danish defense minister Trine Bramsen (left) and her predecessor
Claus Hjort Frederiksen (photo: Linda Kastrup/Scanpix)


Investigations

Berlingske reported that the recordings provided "hours of covert footage with employees of the service, some of which [...] have expressed themselves in a way that confirms the suspicion that the FE may have acted illegally and not intervened adequately to prevent data on Danes from being disclosed." In November 2019 they were handed over to the intelligence oversight board, which in December informed defense minister Trine Bramsen.

Unlike her predecessor, Bramsen apparently took these kind of accusations very seriously and urged the oversight board to conduct an investigation, which on August 24, 2020 resulted in the sudden suspension of the head of the FE and a few other officials (meanwhile they have returned again, but in other positions).

On October 5, the Danish government decided to submit a bill to establish a special commission that has to carry out an independent and impartial investigation into the accusations against the FE, which has to present a report within a year.



Conclusion

In 2013, a young IT specialist at the FE became worried that this intelligence service could have illegally spied on Danish citizens. This was not only in accordance with Snowden's (unsubstantiated) narrative, but also a fear that had lived in Denmark since its domestic security service PET had been accused of monitoring ordinary Danes in 1998.

Meanwhile it has turned out that Snowden was driven more by fears than by facts - could that also have been the case with the FE whistleblower? Based on what has been published so far, he apparently tried to find evidence even after an internal investigation concluded that the NSA wasn't abusing the FE's collection system.

In recent years, the NSA and the German BND have also been accused of massive illegal domestic spying. Thorough investigations have shown that was not the case, although their employees were sometimes careless and it was technically not always possible to do what was legally required.

Was this also the situation at the Danish military intelligence service? The recently established investigation commission will show.



Links & sources

- Comments at Hacker News
- Berlingske: Særlig undersøgelseskommission skal kulegrave FE-sagen (Oct. 5, 2020)
- Politiken: Debat om kabelaflytning gav tårer i Sverige og folkeafstemning i Holland (Oct. 1, 2020)
- DR News: Ny afsløring: FE masseindsamler oplysninger om danskere gennem avanceret spionsystem (Sept. 24, 2020)
- Berlingske: Et pengeskab på Kastellet har i årtier gemt på et dybt fortroligt dokument. Nu er hemmeligheden brudt (Sept. 13, 2020)
- The Local: Danish intelligence scandal related data sharing with US agency, according to media (August 28, 2020)
- The Register: The Viking Snowden: Denmark spy chief 'relieved of duty' after whistleblower reveals illegal snooping on citizens (August 25, 2020)
- BBC: Danish military intelligence head Lars Findsen suspended (August 24, 2020)


September 14, 2020

About the legality and constitutionality of the Section 215 metadata program

(Updated: December 27, 2020)

It was one of the NSA's most controversial activities: the bulk collection of domestic telephone records under the Section 215 program. On September 2, a court of appeal ruled that this violated the Foreign Intelligence Surveillance Act (FISA) and suggested that it may have been unconstitutional under the Fourth Amendment.

Here, I will provide a summary of this court case, United States v. Moalin, summarize the initial legal authority for the Section 215 program and explain on what grounds the court of appeal has now found that it was in violation of the law.

That's followed by a more extensive discussion about whether telephone metadata are protected under the Fourth Amendment of the US Constitution, which shows that the court didn't recognize the difference between extensive data mining and the much more restricted method of contact-chaining as conducted by the NSA.



Slide about the NSA's Section 215 domestic telephone records program, from the keynote
by former NSA director Keith Alexander during the security conference Black Hat USA 2013


United States v. Moalin

The case in which the US Court of Appeals for the Ninth Circuit decided is about four Somali immigrants, Basaaly Saeed Moalin, Ahmed Nasir Taalil Mohamud, Mohamed Mohamud and Issa Doreh, who were found guilty by a San Diego jury in February 2013 on charges of sending money to al-Shabaab, a jihadist terrorist group based in East Africa.

The principal evidence against the four men consisted of a series of recorded calls between Moalin, his co-defendants, and individuals in Somalia, obtained through a wiretap of Moalin's phone. After Snowden revealed the Section 215 program in June 2013, several government officials tried to defend this program by claiming that it had provided information that led to reopening the investigation into Moalin.

Among them was then-FBI Deputy Director Sean Joyce who in a congressional hearing said that "the NSA provided us a telephone number only in San Diego that had indirect contact with an extremist outside the United States." This led to an identification of co-conspirators and enabled the FBI to disrupt their financial support to al-Shabaab.



Three of the four men convicted in 2013
(image: CBS News)


Subsequently, Moalin and his co-defendants argued that the metadata program violated both the Fourth Amendment and the law under which it was authorized. Therefore, the "fruits" of the government's acquisition of Moalin's phone records should therefore have been suppressed.

And indeed, the three-judge panel of the Court of Appeals unanimously found that the bulk collection of telephone records violated the Foreign Intelligence Surveillance Act (FISA) and was possibly unconstitutional under the Fourth Amendment (see below).


No benefit for Moalin

But after carefully reviewing the classified FISA applications and all related classified information, the court was also convinced that the telephone metadata, even if unconstitutional, did not taint the evidence presented by the government.

In other words: the court saw no evidence that Section 215 had provided a lead to reopen the investigation into Moalin and to wiretap him: "To the extent the public statements of government officials created a contrary impression, that impression is inconsistent with the contents of the classified record".

This means that Moalin, who received an 18-year sentence, and one of his co-defendants remain in prison; the two other co-defendants already completed their sentences. Any of them or the government can still seek review from a larger, 11-judge en banc court, but they can also bring the case before the Supreme Court.




Notice of intelligence information

While the Ninth Circuit's ruling on Section 215 has no consequences anymore, another part of the opinion still has: the government has to provide notice to criminal defendants when evidence was obtained from surveillance conducted under FISA and the FISA Amendment Act (FAA). This also applies to surveillance conducted under other foreign intelligence authorities, including Executive Order 12333.

In the Moalin case, the defendants were not notified about the use of intelligence information, but learned about it after the trial from the public statements that government officials made in the wake of the Snowden revelations. The court, however, considered that "information as to whether surveillance other than the metadata collection occurred would not have enabled defendants to assert a successful Fourth Amendment claim."



The Richard H. Chambers building in Pasadena, once a hotel, now one of
the courthouses of the US Court of Appeals for the Ninth Circuit
(photo: Levi Clancy/Wikimedia Commons)


Bulk collection under Section 215

The NSA started its collection of domestic telephone records in October 2001 as part of the President's Surveillance Program (PSP), better known under its classification codename STELLARWIND.

This program was based upon a very controversial legal opinion by Justice Department lawyer John Yoo, arguing that it was justified by the president's wartime powers according to Article Two of the US Constitution.*

After objections raised by Justice Department officials Jack Goldsmith and James Comey, a new legal basis for this collection of telephone metadata was found in Section 215 of the Patriot Act, which was approved in secret by the FISA Court on May 24, 2006.


Unlike the content of phone calls, the associated metadata were not considered constitutionally protected. This because in 1979, the US Supreme Court had ruled that telephone records that have been voluntarily provided to a telecom provider are not protected under the Fourth Amendment of the US Constitution (Smith v. Maryland, also known as the third-party doctrine).



Section from the classified STELLARWIND report, page 16


Violation of the law

Now let's take a closer look at why the Ninth Circuit Court of Appeals considered the Section 215 bulk collection program unlawful.

Section 215 of the Patriot Act amended 50 U.S. Code §1861 and authorized the government to apply to the FISA Court for an "order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to obtain foreign intelligence information not concerning a United States person or to protect against international terrorism or clandestine intelligence activities."

According to the PCLOB report the government didn't link its FISA Court applications to a single counter-terrorism investigation. Instead, the practice was to "list multiple terrorist organizations [...] and declare that the telephone records being sought are relevant to each of those investigations", which is "little different [...] from simply declaring that they are relevant to counter-terrorism in general."

With this practice the statutory requirement of relevance for "an investigation" became virtually meaningless and therefore the Ninth Circuit ruled that the telephony metadata collection program exceeded the scope of Congress's authorization and violated that particular section of the law.


The intelligence committees

While the NSA's collection of domestic telephone records was not according to how Section 215 was intended, the congressional intelligence committees were aware of it. They had been briefed multiple times about what was actually going on - a practice that (in secret) had also been approved by the FISA Court.*

According to an American legal doctrine, "Congress is presumed to be aware of judicial interpretations of the law". So when Congress reauthorized Section 215 in 2009 and 2011, the government argued that it had also "ratified" the FISA Court's secret interpretation that allowed the NSA's bulk collection.*

However, many members of the intelligence committees choose not to attend such classified briefings, preferring to stay comfortably ignorant not only about how their legislation turned out in practice, but also about how it was interpreted by the FISA Court.*

On May 7, 2015 the Court of Appeals for the Second Circuit had excused this by saying that details about the Section 215 program were actually so hard to access, even for members of the intelligence committees, that no meaningful debate had been possible.

Therefore, this court did not recognize the theory of the implicit ratification of the FISA Court's interpretation and ruled that the bulk collection exceeded the scope of what Congress had authorized under Section 215 of the Patriot Act - the same decision as that of the Ninth Circuit.



Hand-written copy of the proposed Bill of Rights from 1789, cropped to show
just the text that would later be ratified as the Fourth Amendment
(click to enlarge)


Protected under the Fourth Amendment?

Regarding the issue whether the telephone metadata collected under Section 215 were protected under the Fourth Amendment of the US Constitution, the Court of Appeals "stopped just short of saying that the snooping was definitely unconstitutional".*

Instead of a judgement, the court described a range of differences between the use of a simple pen register back in the days of Smith v. Maryland and the present-day capabilities of collecting and analyzing metadata in bulk:
- Nowadays, metadata reveal much more information, like the IMSI and IMEI number and the trunk identifier of a cell phone, telephone calling card numbers, and time and duration of a call.
- The amount of metadata created and collected has increased exponentially, along with the government's ability to analyze it.
- The duration of the collection in this case also vastly exceeds that in Smith v. Maryland: back then the pen register was used for a few days at most, while the NSA collected telephony metadata for years.
- Telephony metadata "as applied to individual telephone subscribers and when collected on an ongoing basis [...] permit something akin to [...] 24-hour surveillance."
- The extremely large number of people from whom the NSA collected telephony metadata enables the data to be aggregated and analyzed in bulk.

Regarding the latter, the court's opinion says:
"A couple of examples illustrate this point: A woman calls her sister at 2:00 a.m. and talks for an hour. The record of that call reveals some of the woman’s personal information, but more is revealed by access to the sister’s call records, which show that the sister called the woman’s husband immediately afterward. Or, a police officer calls his college roommate for the first time in years. Afterward, the roommate calls a suicide hotline.
These are simple examples; in fact, metadata can be combined and analyzed to reveal far more sophisticated information than one or two individuals’ phone records convey. As Amici explain, “it is relatively simple to superimpose our metadata trails onto the trails of everyone within our social group and those of everyone within our contacts’ social groups and quickly paint a picture that can be startlingly detailed"

This is a probably the most common argument against the bulk collection of metadata, but it ignores that there are actually different ways how intelligence agencies use large sets of metadata:

- Contact-chaining:
The full set of data is used in a "shallow" way by only looking which phone numbers (or other kinds of identifiers) are in contact with each other. This results in contact-chains and social network graphs:


- Pattern-of-life analysis:
Only parts of the data set are used to create a deeper insight into the daily life patterns of people of interest (after being identified through contact-chaining for example). Note that this kind of analysis is also conducted for individual people who are subject of targeted interception:



The examples cited by the Court of Appeals refer to the pattern-of-life analysis, while the data collected under Section 215 were only used for contact-chaining (and analyzing the results thereof).* The latter is also mentioned in the court's opinion, but without any further discussion:
"The government was also allowed to search phone numbers within three “hops” of that selector, i.e., the phone numbers directly in contact with a selector, the numbers that had been in contact with those numbers, and the numbers that had been in contact with those numbers."


The NSA's contact chaining method

The contact chaining started with a so-called "seed" - a phone number for which there was a Reasonable, Articulable Suspicion (RAS) that it was associated with a foreign terrorism organization.

This seed number was then entered into the MAINWAY contact chaining system to retrieve all the numbers that had been in contact with the seed - the first "hop". Then, analysts could also retrieve the numbers that had been in contact with the first hop numbers, which makes a second hop from the seed number:



Slide from a declassified NSA training about the Section 215 program
(click to enlarge)


Only for the numbers that showed up in such a two (and sometimes three hop) contact chain, analysts could use a separate tool to retrieve the associated call records which were stored in a different database.

These records included the originating and receiving phone number, the date, time and duration of the call (since 2008 also the IMEI and IMSI numbers of cell phones). The collection of location data was prohibited by the FISA Court, and subscriber information was also not acquired either.

In 2006, NSA analysts saw only one of every four million phone records as a result of the contact-chaining. In 2012, the NSA used 288 phone numbers as a seed for a contact-chaining query, resulting in 6000 phone numbers that analysts actually looked at.

Only such phone numbers of interest were "enriched" with additional information from other sources, like subscriber details, which would then reveal the associated names and things like family relations for example.

When this led to a suspicious American phone number, the NSA passed it on to the FBI for further investigation. There are no indications that the NSA conducted pattern-of-life analysis using the domestic telephone metadata collected under Section 215.



ACLU v. Clapper

The way Section 215 was operated was clearly less intrusive than the examples cited above, but the Ninth Circuit didn't mention this difference. It was discussed though by district judge William H. Pauley III, who summarized the actual practice in the case ACLU v. Clapper already in December 2013:
"First, without additional legal justification - subject to rigorous minimization procedures - the NSA cannot even query the telephony metadata database. Second, when it makes a query, it only learns the telephony metadata of the telephone numbers within three "hops" of the "seed." Third, without resort to additional techniques, the Government does not know who any of the telephone numbers belong to. In other words, all the Government sees is that telephone number A called telephone number B. It does not know who subscribes to telephone numbers A or B."

Accordingly, he ruled that the Section 215 program was lawful (this was overruled by the Court of Appeals for the Second Circuit because of violation of Section 215 of the Patriot Act (see above). For that reason the Second Circuit didn't want to "reach these weighty constitutional issues").


Contact chaining compared to pen register

In a report from last February, the Privacy and Civil Liberties Oversight Board (PCLOB) says that the first hop of the contact chaining process is not much different from what a pen register did: it lists the numbers with which a particular number had been in contact with.

Regarding the second hop, the PCLOB suggests that it's rather the nature than the number of call records that constitutes a Fourth Amendment protection.

Not discussed by district judge Pauley nor by the PCLOB is the subsequent analysis of the full call records associated with the numbers from the contact chains.



Telephone interception equipment that was used in the Netherlands from 1971 to 2003.
The brown device prints the metadata of the calls on a paper slip.
(photo: Wikimedia Commons - click to enlarge)


Apparently, the pen register in the Smith v. Maryland case only provided the phone numbers, but others may have recorded more call details. As of 1979 the Dutch police for example used a "telephone call analyzer" that recorded time and duration of a call, and the phone numbers of the calling and called parties - the same elements as the NSA collected under Section 215.

Therefore, one could argue that these call records are also not protected under the Fourth Amendment, especially when they are from landline phones.

This would be a bit more difficult with the final phase of the NSA's contact chaining process, when the numbers from the contact chains are enriched with information from other sources, including names and other subscriber details.

About the subscriber information one could still say that people provide that to their phone company voluntarily (in the past it was even published in phone books), but enrichment with other kinds of information will likely cross the line of what people see as private.

Based upon this more detailed analysis of the Section 215 program, the contact chaining and the call record analysis seem close enough to a pen register to fall outside the protections of the Fourth Amendment.

For the enrichment that could be different as it comes closer to a pattern-of-life analysis, even when it still doesn't reveal "a vibrant and constantly updating picture of the person’s life" as it was cited in the Ninth Circuit's opinion.


Bulk collection?

A final aspect that has to be taken into account is that protection under the Fourth Amendment also requires recognition by society. The Court of Appeals mentions "the public outcry following the revelation of the metadata collection program" to show that nowadays "several years' worth of telephony metadata collected on an ongoing, daily basis" are regarded as something private.

But the majority of the general public probably never understood that the Section 215 metadata were only used for contact chaining and not for analyzing the database as a whole, by pattern analysis or data mining for example.*

Therefore it's yet another, but still unaddressed question whether there's a reasonable expectation of privacy when metadata are collected in bulk but only an extremely small number of them are picked out for closer examination.


Replacement and termination

For the NSA's Section 215 program these legal questions have no practical impact anymore. In 2015, it was replaced by the USA FREEDOM Act, which ended the bulk collection. Henceforth the NSA had to request the metadata from telephone companies based upon specific and pre-approved selection terms.

Early 2019, the NSA suspended the program and subsequently deleted all the data collected under this authority, "after balancing the program’s relative intelligence value, associated costs, and compliance and data-integrity concerns caused by the unique complexities of using these provider-generated business records for intelligence purposes."



Summary

1. The first time a federal judge ruled about the Section 215 program was on December 16, 2013, when in the case of Klayman v. Obama, district judge Richard J. Leon found that the bulk collection of American telephone records likely violates the Fourth Amendment and granted a preliminary injunction pending appeal.
- On August 28, 2015, this injunction was vacated by the DC Circuit Court of Appeals because the plaintiffs failed to meet the heightened burden of proof which is required for preliminary injunctions.

2. Less than two weeks after judge Leon, another district court came to an opposite decision: on December 27, 2013 judge William H. Pauley III ruled in the case ACLU v. Clapper that the metadata collection did not violate the Fourth Amendment.
- This decision was overturned on May 7, 2015 by the Second Circuit Court of Appeals, which found that the bulk collection exceeded the scope of Section 215 of the Patriot Act. The Court therefore didn't decide on the constitutional aspects.

3. The third and most recent case is United States v. Moalin, in which a jury in San Diego convicted four Somali immigrants based upon evidence that had allegedly been obtained via the Section 215 program.
- On September 2, 2020, the Ninth Circuit Court of Appeals ruled once again that the metadata collection exceeded the scope of Section 215 but stoppped just short of saying that the program was unconstitutional.



Links & sources
- Lawfare: NSA Bulk Phone Data Collection Unlawful, Appeals Court Rules
- Emptywheel: Basaaly Moalin Wins His Appeal — But Gets Nothing
- Politico: Court rules NSA phone snooping illegal — after 7-year delay
- Brennan Center for Justice: A Breakdown of Selected Government Surveillance Programs
- Privacy and Civil Liberties Oversight Board: Report on the Telephone Records Program Conducted under Section 215
- Emptywheel: The Era of Big Pen Register: The Flaw in Jeffrey Miller’s Moalin Decision