December 11, 2023

Laatste kans voor duidelijkheid over de Tijdelijke wet cyberoperaties [NL]

(Update: December 24, 2023)

This time a blog post in Dutch about the temporary act that gives Dutch intelligence and security services more leeway for "operations against countries with an offensive cyber program directed against The Netherlands".


Wetgevingsoverleg in de Tweede Kamer over de Tijdelijke wet cyberoperaties, 16 oktober 2023



Inleiding

Momenteel behandelt de Eerste Kamer de Tijdelijke wet cyberoperaties, waarmee het voor de Nederlandse geheime diensten makkelijker wordt om hack- en kabeltapoperaties uit te voeren. Vanuit de AIVD en de MIVD wordt benadrukt dat deze versoepelingen dringend nodig zijn in de strijd tegen cyberaanvallen vanuit landen als Rusland en China, maar anderen vrezen dat hiermee een digitaal sleepnet mogelijk wordt gemaakt.

De Tweede Kamer ging op 24 oktober reeds in grote meerderheid akkoord met het wetsvoorstel, alleen de SP en Forum voor Democratie stemden tegen. Voorafgaand was er geen plenair kamerdebat, maar bespraken minister De Jonge van Binnenlandse Zaken en Ollongren van Defensie het voorstel alleen in een zogeheten wetgevingsoverleg met de kamercommissie voor Binnenlandse Zaken (in de samenstelling van vóór de verkiezingen van 22 november).


Verkenning bij ongerichte kabeltaps

De tijdelijke wet geldt voor vier jaar en maakt het onder meer mogelijk dat de beide geheime diensten makkelijker toegang krijgen tot computers en servers die door een vijandelijke dienst gehackt zijn. De meest controversiële bepalingen zijn echter die over ongerichte kabelinterceptie, die officieel "Onderzoeksopdrachtgerichte (OOG) interceptie" wordt genoemd.

Onder de huidige Wet op de inlichtingen- en veiligheidsdiensten (Wiv 2017) moet ongerichte interceptie, oftewel het in bulk aftappen van internetverbindingen, niet alleen noodzakelijk, proportioneel en subsidiair, maar ook "zo gericht mogelijk" zijn. In de praktijk bleek dat laatste vereiste echter niet toepasbaar op de allereerste stap die voor zo'n tap nodig is, namelijk het inventariseren van welk soort kabelverkeer uit welke landen over welke kabels loopt.

De tijdelijke wet maakt dit mogelijk door de introductie van de bevoegdheid tot "verkenning ten behoeve van ongerichte interceptie". Daarbij mag internetverkeer in bulk worden afgetapt en opgeslagen, maar alleen om vast te stellen welke datastromen interessant genoeg zijn voor een daadwerkelijke kabeltap.

Deze mogelijkheid tot verkenning is dus een zinvolle toevoeging, maar hij geldt alleen voor "onderzoeken naar landen met een offensief cyberprogramma", aangezien dat het doel van de tijdelijke wet is. Dat betekent dat deze verkenning niet geldt voor ongerichte interceptie ten behoeve van onderzoeken op andere terreinen. Daar blijven de diensten dus vastzitten aan het onwerkbare gerichtheidsvereiste, wat doet vermoeden dat men de ongerichte kabelinterceptie de komende jaren hoofdzakelijk voor het bestrijden van cyberaanvallen wil inzetten.


Hele wijken afluisteren?

Er zijn over de Tijdelijke wet cyberoperaties nog meer onduidelijkheden die ook tijdens de behandeling in de Tweede Kamer niet of nauwelijks verhelderd werden. Sowieso besteedden de meeste kamerleden hun spreektijd grotendeels aan het simpelweg herhalen van wat in de wet staat. Stevig en kritisch doorvragen deden eigenlijk alleen Nicole Temmink van de SP en Pepijn van Houwelingen van Forum voor Democratie, maar ook hun vragen waren niet goed genoeg doordacht om de juiste antwoorden te krijgen.

Zo beet Van Houwelingen zich vast in de vraag of het wetsvoorstel het mogelijk maakt om hele wijken af te luisteren. Minister De Jonge hield vol dat het aftappen van hele wijken niet kan en niet mag en dat de diensten dat ook niet willen. Inderdaad is het technisch gezien erg omslachtig om al het dataverkeer uit bepaalde wijken te onderscheppen aangezien bewoners hun vaste en mobiele dataverkeer via verschillende providers hebben lopen. Zouden de diensten inderdaad een bepaalde wijk willen monitoren, dan zou dataverkeer uit de netwerken van alle betrokken providers gehaald moeten worden.

Van Houwelingen had dus eigenlijk moeten vragen of de diensten een substantieel deel van het dataverkeer van een bepaalde provider kunnen onderscheppen. Dat zou voor de minister moeilijker te ontkennen zijn geweest. Wel zal het daarbij voor de diensten interessanter zijn om niet de verbinding tussen een provider en zijn abonnees, maar die tussen een provider en de rest van het internet af te tappen omdat langs die weg de buitenlandse cyberaanvallen binnenkomen.


Omvang en herkomst van cyberaanvallen in de periode 2005 t/m 2022 (bron)


Nederlands dataverkeer onderscheppen?

Minister De Jonge betoogde bovendien dat als de diensten interesse in iemands buurman zouden hebben, zij daarvoor niet de ongerichte kabelinterceptie zullen inzetten, omdat er genoeg andere, meer gerichte methodes zijn om een target in Nederland te monitoren. De ongerichte kabelinterceptie wil men vooral gebruiken om ongekende dreigingen uit het buitenland in beeld te krijgen, aldus de minister.

Dit is overeenkomstig de brief van 6 april 2018, waarin de ministers van Binnenlandse Zaken en van Defensie aan de Tweede Kamer lieten weten dat het "vrijwel uitgesloten [is] dat OOG-interceptie op de kabel de komende jaren wordt ingezet voor onderzoek naar communicatie met oorsprong en bestemming in Nederland".

Tussen haakjes stond daar echter achter: "met uitzondering van onderzoek in het kader van cyber defence, omdat bij digitale aanvallen misbruik wordt gemaakt van de Nederlandse digitale infrastructuur en OOG-interceptie op de kabel noodzakelijk kan zijn om dit te onderkennen." Deze niet onbelangrijke uitzondering liet minister De Jonge tijdens het overleg met de kamercommissie echter achterwege.

Nederlands dataverkeer kan dus wel ten behoeve van cyber defence in bulk worden afgetapt, en laat de tijdelijke wet nou net daarop betrekking hebben. Omdat geen enkel kamerlid dit heeft opgemerkt hebben zij kennelijk te weinig tijd en ondersteuning om zich dit ingewikkelde dossier voldoende eigen te maken. Ook is er een gebrek aan ervaring: van de kamerleden die zich in 2018 rond het referendum in de Wiv verdiept hadden zit alleen Martin Bosma van de PVV nog in de Kamer.


Momentopnames van zes maanden?

Naast Van Houwelingen was ook Nicole Temmink van de SP vasthoudend in het kritisch doorvragen. Haar ging het vooral om de bewaartermijn van zes maanden voor de data die tijdens de verkennende fase worden afgetapt.

In antwoorden op schriftelijke kamervragen werd gezegd dat deze zes maanden nodig zijn "om de geïntercepteerde gegevensstromen goed te kunnen beoordelen op bruikbaarheid" maar dat is een nogal magere onderbouwing voor de mogelijkheid om een potentieel zeer grote hoeveelheid internetdata een half jaar lang te bewaren. Minister De Jonge bleef beweren dat het hierbij slechts om een momentopname, een foto ("een snapshot") gaat.

Ook hier viel op dat de kamerleden kennelijk niet over voldoende informatie beschikten. Speciaal over het snapshotten heeft toezichthouder CTIVD namelijk in 2022 een gedetailleerd rapport uitgebracht. Daarin wordt gezegd dat dit snapshotten tot nu toe inhield dat een datakanaal maximaal twee uur per dag wordt afgetapt om de potentiële inlichtingenwaarde daarvan vast te stellen.*

Het kan zijn dat De Jonge bedoelde dat in de praktijk een snapshot nog steeds beperkt zal blijven tot twee uur per dag en dat het resultaat daarvan dan zes maanden bewaard blijft. Dat zou waarschijnlijk voor iedereen wel acceptabel zijn, maar door dat niet in de wet op te nemen, of tenminste expliciet toe te zeggen, is er nu ruimte om een continue datastroom op te slaan. Een dergelijke onduidelijkheid zou zich hier niet mogen voordoen.


Hoofdkantoor van de AIVD, waar zich ook de Joint Sigint Cyber Unit bevindt


Uitwisseling met het buitenland

Een laatste kritiekpunt op de nieuwe verkenningsfase is het feit dat data die daarbij binnengehaald worden ook met buitenlandse diensten gedeeld mogen worden. Volgens de minister gaat het daarbij alleen om "technische ondersteuning" waarbij een betrouwbare buitenlandse partner kan helpen met het duiden van bepaalde data. Het is echter niet duidelijk geworden of datastromen dan in hun geheel (mogen) worden doorgestuurd, of alleen de stukjes die voor onze eigen diensten raadsels opleveren.

Minister De Jonge gaf aan dat technische ondersteuning bijvoorbeeld nodig kan zijn om "de encryptie van bepaald Russisch verkeer te ontcijferen". Gezien de scope van de tijdelijke wet, het bestrijden van cyberaanvallen, zal het daarbij niet om diplomatieke berichten gaan, maar om malware, die tegenwoordig ook steeds vaker versleuteld is om virusscanners te ontduiken.

In het overleg met de kamercommissie voegde De Jonge daar aan toe dat onze diensten er vaak door buitenlandse partners op gewezen worden dat een bedrijf of instelling in Nederland under attack is en daarbij ook te horen krijgen aan wie zo'n aanval valt toe te rekenen: "Die samenwerkingsrelatie hou je goed als je niet alleen maar komt halen, maar ook af en toe kunt brengen".

Daarmee geeft de minister aan dat het bij deze wet niet zozeer gaat om het ouderwetse afluisteren van gesprekken of meelezen van e-mailberichten, maar om het detecteren van malware en hackpogingen. En dat de ongerichte kabeltoegang dus ook nodig is om buitenlandse partners te kunnen waarschuwen, zodat zij op hun beurt ons op de hoogte blijven houden van cyberdreigingen richting Nederland.


Conclusie

De Tijdelijke wet cyberoperaties is bijzonder complex en gaat over bevoegdheden op een terrein dat de komende jaren alleen maar belangrijker zal worden, namelijk het bestrijden van cyberaanvallen door landen als Rusland en China.

Ondanks dat er in schriftelijke stukken en in de mondelinge behandeling heel veel woorden over zijn gewisseld, lijkt de Tweede Kamer niet volledig te hebben doorgrond waarmee zij heeft ingestemd. Wanneer kamerleden al kritisch doorvroegen was dat met vragen die de minister de gelegenheid gaven om ontwijkend te antwoorden.

Daardoor is over diverse punten van zorg geen duidelijkheid gekomen en lijkt er zelfs nauwelijks besef te zijn dat het hier niet zozeer om klassieke inlichtingenvergaring, maar om cyber defence gaat. Daarvoor hebben de diensten weliswaar een breed zicht op kabelverkeer nodig, maar kijken ze met name naar buitenlandse cyberaanvallen en niet naar gedragingen van Nederlandse burgers.

Doordat dit niet expliciet is gemaakt blijft de wet te vaag en is de verontrusting op z'n minst begrijpelijk. De Eerste Kamer kan het wetsvoorstel niet meer wijzigen, maar kan door het stellen van de juiste vragen nog wel de nodige opheldering verkrijgen.



UPDATE: Schriftelijke vragen van de Eerste Kamer

Op 21 december 2023 publiceerde de Eerste Kamercommissie voor Binnenlandse Zaken haar schriftelijke vragen aan het kabinet. Vanuit bijna alle fracties zijn een behoorlijk groot aantal vragen gekomen, waarbij vrij veel vragen echter ook gaan over dingen die reeds bij de behandeling in de Tweede Kamer besproken en beantwoord zijn of anderzins al ergens terug te vinden zijn.

Voorts zijn veel vragen nogal algemeen gestelde open vragen, waarop het kabinet ontwijkend of onvolledig kan antwoorden, zoals we tijdens het wetgevingsoverleg in de Tweede Kamer al zagen. Een voorbeeld is dat nu gevraagd wordt "hoe bij de toepassing van dit wetsvoorstel zal worden omgegaan met metadata", in plaats van dat specifiek werd gevraagd of voor de verkennende fase niet kan worden volstaan met het analyseren van metadata (zodat de inhoud van datastromen ongemoeid blijft) en zo niet, waarom niet.

Vervolgens had dan gevraagd kunnen worden of voor de verkenning de datastromen altijd moeten worden opgeslagen of dat ze ook online kunnen worden gefilterd. Dat laatste werd al in de Memorie van Toelichting op de Wiv uit 2016 genoemd als een methode die specifiek ten behoeve van cybersecurity kan worden ingezet.* Het direct online filteren op kenmerken van malware en hackactiviteiten is immers minder privacybelastend dan het opslaan van data zodat deze ook later nog onderzocht kunnen worden.

Meerdere vragen gaan over wanneer de tijdelijke wet precies van toepassing is: wie bepaalt bijvoorbeeld wanneer een land "een offensief cyberprogramma tegen Nederland of Nederlandse belangen" uitvoert? Het kabinet heeft eerder al gezegd dat het daarbij met name om Rusland, China, Iran en Noord-Korea gaat, maar het blijft vreemd dat juist een bevoegdheid om ongekende dreigingen op te sporen pas kan worden ingezet als die aan een bepaald land wordt gekoppeld. Geen van de fracties kwam echter met de vraag of het niet duidelijker zou zijn om deze wet niet aan landen te koppelen, maar aan het bestrijden van cyberaanvallen in het algemeen.

Dit geeft de indruk dat, net als de Tweede Kamer, ook de Eerste Kamer zich nauwelijks bewust lijkt van het feit dat het hier hoofdzakelijk om cyber defence gaat en niet om traditionele inlichtingvergaring. De fractie van GroenLinks-PvdA denkt bijvoorbeeld dat al in de nieuwe verkenningsfase "mensen door middel van AI op basis van hun gedrag en uitingen beoordeeld" gaan worden. Op zich een begrijpelijke zorg, maar juist daarom zou expliciet gemaakt moeten worden dat het hier gaat om het bestrijden van malware en hackaanvallen.

Een betere vraag vanuit GroenLinks-PvdA is of de data die tijdens de verkennende fase zijn verworven ook in bulk en/of bijna live (real-time) met buitenlandse partnerdiensten mogen worden gedeeld ten behoeve van wat het kabinet "technische ondersteuning" noemt. Hieraan vooraf gaat echter het vraagstuk hoeveel data in eerste instantie tijdens de verkenning mogen worden binnengehaald.

In de Tweede Kamer vroeg Forum voor Democratie niet heel handig of hele wijken kunnen worden gaan afgeluisterd, maar overeenkomstig ik hierboven betoogde formuleert de Eerste Kamerfractie van de PVV de vraag nu beter: "In hoeverre kan bijvoorbeeld een kabelinterceptie plaatsvinden bij een grote internetprovider, waarmee in één keer het volledige gegevensverkeer van alle gebruikers verzameld wordt?"

De eveneens hierboven besproken uitzondering voor cyber defence wordt nu door de Eerste Kamerfractie van de PvdD aangehaald: "door de minister is toegezegd dat er geen interceptie zal plaatsvinden in het zogeheten Nederland-Nederland-verkeer, tenzij voor cyber defence. Is dat juist? Geldt dat ook voor het gebruik van bevoegdheden waarop het onderhavige wetsvoorstel betrekking heeft? Zo nee, is dat dan in strijd met de toezegging?"

De kwestie van de zogeheten snapshots liet de Eerste Kamer opvallend genoeg liggen. Volgens een rapport van de CTIVD uit 2022 wordt momenteel tijdens zo'n snapshot een datakanaal maximaal twee uur per dag afgetapt en het zou niet onbelangrijk zijn om te weten of dat ook voortaan het geval zal zijn, want zoals het wetsvoorstel nu geformuleerd is, zouden de diensten een continue datastroom mogen opslaan.

Aanmerkelijk minder vragen zijn er tenslotte over de nieuwe mogelijkheid om makkelijker toegang te krijgen tot computers en servers van derden wanneer die door een target gehackt zijn. Zo werd bijvoorbeeld niet gevraagd waarom er geen notificatie of zelfs compensatie mogelijk is voor mensen of bedrijven die daar mee te maken krijgen. Daar zitten haken en ogen aan, maar onmogelijk is het niet: in maart 2022 had de MIVD nota bene zelf laten weten dat zij particulieren en ondernemers na een dergelijke operatie geïnformeerd had en in een aantal gevallen ook een tegoedbon gegeven heeft.

De vaste commissie voor Binnenlandse Zaken van de Eerste Kamer verzoekt het kabinet om binnen vier weken, dus al vóór 16 januari 2024, te antwoorden middels een zogeheten nota naar aanleiding van het verslag.



Links
- Zie voor alle officiële stukken rondom deze wetgeving: Dossier Wiv 2017, het Kamerdossier nr. 36263 en de behandeling bij de Eerste Kamer.
- MediaLogica: Zwarte Lak en Witte Jassen (8 december 2023)
- About Intel: Cyber defence operations require a dedicated legal framework (27 juni 2023)
- De Correspondent: De geheime diensten bedonderen ons, zegt de man die het kan weten (5 april 2023)
- NRC: Verkennen, hacken en tappen: mogen de AIVD en MIVD al genoeg of moet de wet nodig ruimer? (4 april 2023)
- Bert Hubert: De Tijdelijke Wet op Inlichtingen- en Veiligheidsdiensten 2022 (2 december 2022)

October 6, 2023

The NSA's new organizational designators

(Updated: February 24, 2024)

For decades, the organizational structure of the NSA was classified, but since 2013 the Snowden documents provided hundreds of designators of internal divisions, branches and units, which allowed me to reconstruct the agency's internal structure.

From 2016 to 2017, the NSA was reorganized so that many of those designators may have changed. Some recent documents, however, provide designators from the current situation, which allows to start a reconstruction of the new structure as well.


The Integrated Cyber Center (ICC) and other new buildings at the NSA's East Campus
(photo: Brendan Smialowski/Getty Images)



The reorganization of 2016

The organizational structure of the NSA as it emerged from the Snowden documents was established in the year 2000 under director Michael Hayden. In 2016, director Michael Rogers initiated a full reorganization under the name NSA21, in order to prepare the agency for the cyber challenges of the 21st century.

One of the most important (and controversial) changes was fusing the operational elements of the Signals Intelligence (SID) and Information Assurance (IAD) directorates into the new Directorate of Operations. The remaining information assurance activities were merged with the old Technology Directorate into the new Capabilities Directorate.

The hacking group Tailored Access Operations (TAO) was renamed into Computer Network Operations (CNO). The new structure as envisioned by NSA21 reached full operational capability in December 2017.


The new structure of the NSA as established by the NSA21 reorganization
(source: NSA - click to enlarge)


On October 1, 2019, an additional Cybersecurity Directorate (CSD) was established to unify the NSA's foreign intelligence and cyber defense missions and to prevent and eradicate threats to National Security Systems (NSS) and the Defense Industrial Base (DIB). The CSD pulled its workforce from several directorates, including the Operations Directorate and its Computer Network Operations group.



The new organizational structure

A number of new designators from the NSA's current structure can be found in the extensive NSA/CSS Policy 12-3 Annex C from June 2023. Some other documents and press reports provide additional information, which results in the partial chart below.

Update: The NSA/CSS Civil Liberties and Privacy Program from November 2021 provides the internal top-level designators for all the agency's current directorates. The organization chart and the remarks below have been updated accordingly:


A: Workforce Support Activities (WSA)

A2: National Cryptologic School (NCS)


B: Business Management and Acquisition (BM&A)


C: Cybersecurity Directorate (CSD)

C? Cybersecurity Collaboration Center (CCC) *

C?? Artificial Intelligence Security Center (AISC)


D: Office of the Director

DC: NSA/CSS Chief of Staff (CoS)
...
D2: Office of General Counsel (OGC)
...
D5: Civil Liberties, Privacy, and Transparancy (CLPT)
D6: Diversity, Equality, and Inclusion (DEI)
...
D9: Risk Management Office (RMO)


I: Office of the Inspector General (OIG)


P: Engagement and Policy (E&P)

P1: ?
P12: Office of Policy
P13: ?
P131: Information Security/Classification *
...
P7: Office of Compliance/Compliance Group
P75: Office of Compliance for Cybersecurity and Operations


R: Research Directorate


X: Operations Directorate

X? Computer Network Operations (CNO)


Y: Capabilities Directorate
    Chief Information Officer (CIO)





Some additional remarks (updated)

If we compare these current designators with the structure before 2016, we see that:

- The Office of the Director is still designated as "D" and may not have changed much, except for the Office of the Inspector General, which now has its own top-level designator (I), and at least two parts (the Office of Policy and the information security units) which have been transferred to the newly created Engagement & Policy Directorate (P).

- For the Inspector General (IG) this reflects that since the FY2014 Intelligence Authorization Act this official is appointed by the President and confirmed by the Senate. Previously, the IG was appointed by the Director of the NSA, who could also remove him. The first presidentially appointed NSA IG was Rob Storch, who served from 2018 to 2022.

- The position of the Chief Information Officer (CIO) is different: in 2020, the IG criticised that the CIO wasn't included in the organization charts of the agency and primarily served as head of one of the NSA's directorates, first Technology and now Capabilities.

- Other new directorates also got a top-level designator that wasn't used before 2016: Workforce Support Activities (A), Business Management and Acquisition (B), Cybersecurity (C) and Capabilities (Y). The Research Directorate however kept the letter R.

- The new Operations Directorate is designated by the letter X, which was already used under the old structure, although we don't know for what kind of activity. Maybe the previous X division was just temporary or very small as the only source that mentions it is a document about cable installations at NSA headquarters from 2007.


> See also: The NSA's regional Cryptologic Centers




September 14, 2023

Some new snippets from the Snowden documents

(Updated: September 20, 2023)

It's been more than four years since the last regular publication of documents from the Snowden trove. Last year, however, some new snippets of information from the Snowden documents appeared in the PhD thesis of hacktivist Jacob Appelbaum.

The new information isn't very spectacular and also quite specialistic, but still worth to make it more easily accessible. Also for the record I added some corrections and additions to Appelbaum's discussion of NSA surveillance methods.


NSA headquarters - Appelbaum's thesis - Eindhoven University of Technology



Jacob Appelbaum

Jacob R. Appelbaum was born in 1983 in California and became a well-known hacker and activist for digital anonymity. He was a member of the Cult of the Dead Cow hacker collective and a core member of the Tor project, which provides a tool for anonymous internet communications.

In 2012, Appelbaum moved to Berlin, where he worked closely with Laura Poitras on the NSA documents which she had received from Edward Snowden in May and June 2013. However, he was also involved in the story about the eavesdropping on German chancellor Merkel and the publication of the NSA's ANT Product Catalog.

In both cases the documents were not attributed to Snowden and apparantly came from a still unidentified "second source". In his thesis, Appelbaum seems to refer to this source when he mentions "documents exposed by whistleblowers, known and unknown, or other anonymous insiders."


In 2015, several women accused Appelbaum of sexual abuse and he subsequently lost his position at the Tor project and various other organizations. Appelbaum denied the allegations, but an investigation ordered by the Tor project determined that they appeared to be true.

Meanwhile Appelbaum had moved to The Netherlands, where he started as a PhD student at the Eindhoven University of Technology (TU/e). There he finished his thesis and received his PhD on March 25, 2022. Currently he works as a postdoc at the Coding Theory and Cryptology group at TU Eindhoven.



Appelbaum's PhD thesis

The full title of Appelbaum's thesis is "Communication in a world of pervasive surveillance. Sources and methods: Counter-strategies against pervasive surveillance architecture". His promotors were prof.dr. Mark van den Brand, prof.dr. Daniel J. Bernstein and prof.dr. Tanja Lange.

The thesis was published on March 25, 2022 and became available for download as a 24.3 MB pdf-document on September 27, 2022. The contents of this 327-page thesis are as follows:

- Chapter 1: Introduction.

- Chapter 2: Background on network protocols common to all research.

- Chapter 3: Background on cryptography common to all research.

- Chapter 4: Review of historical, political, economic, and technical adversarial capabilities (including previously published leaked documents that are from works which Appelbaum has written about in his role as a journalist).

- Chapter 5: Review of the Domain Name System and an explanation of alternative methods to improve the security and privacy of domain name lookups.

- Chapter 6: Examination of a tweak to the WireGuard VPN protocol to protect historic encrypted traffic against future attacks by quantum computers.

- Chapter 7: Introduces the Vula protocol, which is a suite of free software tools for automatically protecting network traffic between hosts in the same Local Area Network.

- Chapter 8: Introduces REUNION, a privacy-preserving rendezvous protocol.


In the preface, Appelbaum writes that his thesis is the culmination of more than a decade of research into the topic of surveillance. He expresses a political and activist aim by saying that the "machinery of mass surveillance is simply too dangerous to be allowed to exist" and that "we must use all of the tools in our toolbox – economic, social, cultural, political, and of course, cryptographic – to blind targeted and mass surveillance."

He says more has to be done than simply criticize surveillance practices. Cryptography for example, "allows for resistance in a non-violent manner to the benefit of everyone except the ones who are spying on us." From this perspective Appelbaum's thesis discusses various cryptographic implementations to "protect individual liberty, while aspiring to a broader goal of achieving societal liberty."



New information from the Snowden documents

Throughout his thesis, Appelbaum reveals some new information from Snowden documents that has not been published, but which he had access to during his research that resulted in various publications in media outlets like Der Spiegel, NDR and Le Monde. The new information is only described, so no new original documents were released.

According to Appelbaum: "Many journalists who have worked on the Snowden archive know significantly more than they have revealed in public. It is in this sense that the Snowden archive has almost completely failed to create change: many of the backdoors and sabotage unknown to us before 2013 is still unknown to us today." (page 71)

Appelbaum also provides some new information about the Snowden documents in general, by saying that The Intercept "closed their Snowden archive and reportedly it has been destroyed." (page 63, note 17)


Below, I provide exact quotes from Appelbaum's thesis, including his sources, which are in square brackets, while I added some additional links for further information.


1. BULLRUN: manipulating protocol security

"How do they accomplish their goals with project BULLRUN? One way is that United States National Security Agency (NSA) participates in Internet Engineering Task Force (IETF) community protocol standardization meetings with the explicit goal of sabotaging protocol security to enhance NSA surveillance capabilities." "Discussions with insiders confirmed what is claimed in as of yet unpublished classified documents from the Snowden archive and other sources." (page 6-7, note 8)


2. Selecting entropic internet traffic

"There are various rules governing what is selected for long-term data retention in [the NSA's] corporate repositories. One example is that some traffic which is considered entropic by a standard Shannon Entropy estimate is selected from the network in real time and saved to a database, preserving it for cryptanalysis using future technology." "This statement is based in part on an analysis of as of yet unpublished XKeyscore source code that performs a Shannon Entropy estimate. Some kinds of Internet traffic that is considered entropic is recorded for later analysis." (page 9, note 16)


3. Compromised lawful interception systems

"As part of our research, we uncovered evidence that the telecommunications infrastructure in many countries has been compromised by intelligence services. The Snowden archive includes largely unpublished internal NSA documents and presentations that discuss targeting and exploiting not only deployed, live interception infrastructure, but also the vendors of the hardware and software used to build the infrastructure. Primarily these documents remain unpublished because the journalists who hold them fear they will be considered disloyal or even that they will be legally punished. Only a few are available to read in public today." (page 41)

"Targeting lawful interception (LI) equipment is a known goal of the NSA. Unpublished NSA documents specifically list their compromise of the Russian SORM LI infrastructure as an NSA success story of compromising civilian telecommunications infrastructure to spy on targets within reach of the Russian SORM system." (page 41)

"The NSA slides have "you talk, we listen" written in Cyrillic on the jackets of two Russian officers." "Review of unpublished Snowden documents about NSA’s activities compromising deployed, lawful interception systems and as well as additional success against the vendors of such hardware or software. Needless to say, a compromised interception system is anything but lawful in the hands of an adversary." (page 41, note 4)


4. Compromised computer hardware

"While working on documents in the Snowden archive the thesis author learned that an American fabless semiconductor CPU vendor named Cavium is listed as a successful SIGINT "enabled" CPU vendor. By chance this was the same CPU present in the thesis author's Internet router (UniFi USG3). The entire Snowden archive should be open for academic researchers to better understand more of the history of such behavior." (page 71, note 21)

Update:
More information about whether Cavium CPUs may have a backdoor, as well as additional comments by Jacob Appelbaum can be found in an article published by Computer Weekly on September 19, 2023.


5. PRISM

"The PRISM slide deck was not published in full, and the public does not fully understand aspects of the program such as the retrieval of voice content data as seen in Figure 4.24. Domains hosted by PRISM partners are also subject to selector based surveillance. Several pages of the PRISM slides list targets and related surveillance data, and a majority of them appear to be a matter of political surveillance rather than defense against terrorism. One example that is not well-known except among the journalists who had access to the full PRISM slide deck is the explicit naming of targets. An example shows a suggestion for targeting of the Tibetan Government in Exile through their primary domain name. The tibet.net domain is named as an unconventional example that analysts should be aware of as also falling under the purview of PRISM. The email domain was hosted by Google Mail, a PRISM partner, at the time of the slide deck creation and it is still currently hosted by Google Mail as of early 2022." (page 76)


6. MYSTIC: Country X

"MYSTIC was revealed to impact a number of countries by name at the time of publication: the Bahamas, Mexico, the Philippines, Kenya and one mystery country: country X. The Bahamas, and country X are subject to SOMALGET full take data and voice collection. The publisher WikiLeaks observed that the monitoring of an entire country of people is a crime when done by outside parties, essentially an act of war by the surveillance adversary. WikiLeaks then revealed that the country in question, Country X, was Afghanistan [Yea14]. Through independent review of the Snowden archive, we confirm that this is the identity of Country X, and that WikiLeaks was correct in their claim." (page 78)

(Strangely enough, the source provided by Appelbaum ("Yea14") actually shows that already four days before Wikileaks' revelation, collaborative analysis by Paul Dietrich and the author of this weblog had already pointed to Afghanistan as being Country X. In his bibliography, Appelbaum attributes this source document to "John Young and et al." (the owners of the Cryptome website), while it was actually written by and first published on the blog of Paul Dietrich)


7. Manipulation of DUAL_EC_DRBG

"Many documents released in public from the Snowden archive and additional documents which are still not public make clear that this type of bug is being exploited at scale with help from NSA’s surveillance infrastructure. It is still unclear who authored the changes at Juniper and if bribery from the NSA was involved as with RSA’s deployment of DUAL_EC_DRBG to their customers as is discussed in Section 4.4." (page 81)


8. Software backdoors

"Example from the Snowden Archive of an as of yet unreleased backdoor in fielded software that is most certainly not an exclusively exploitable backdoor by NSA. The software’s secret key generation is sabotaged by design to ensure surveillance of the community of interest. There is a corresponding XKeyscore rule that has not yet been published. The goal of that rule is to gather up all ciphertext using this sabotaged system; it is clearly part of a larger strategy. As a flag in the ground for later, the thesis author presents the following SHA256 hash: [...]. There are additional examples from other sources that this is the general shape of the game being played with more than a few acts of sabotage by the NSA." (page 83, note 27)



Some corrections and additions

Chapter 4 of Appelbaum's thesis is about "The Adversary" and describes a wide range of digital surveillance methods which are used by intelligence agencies. He writes a little a bit about the capabilities of Russia and China, but the biggest part is about the methods of the NSA as revealed through the Snowden documents.

In general, this chapter is very similar to for example Glenn Greenwald's book No Place to Hide and Snowden's memoir Permanent Record as it reads like a one-sided accusation against the NSA without much context or the latest information. Chapter 4 also contains small errors which could easily have been prevented. Here I will discuss some examples:


- Page 20, note 12: "An example is Suite-A cryptography or Type-1 cryptography, so designated by the NSA. The NSA now calls this the Commercial National Security Algorithm Suite (CNSA)"

> Comment: Actually CNSA isn't the new name for the highly secure Suite A, but for the less secure Suite B algorithms.


- Page 41: "The BND and the CIA held secret co-ownership of CryptoAG until 1993, and then the CIA held sole ownership until 2018. The devices were vulnerable by design, which allowed unaffiliated intelligence services, such as the former USSR’s KGB, and the East German Ministry for State Security [MfS], to independently exploit CryptoAG’s intentional flaws."

> Comment: This exploitation by the KGB and the MfS was apparently suggested in a German television report, based upon claims by a former Stasi officer, but so far there are no documents that support this claim. See for more information: Operation RUBICON.


- Page 41: "It does not appear that those party to the Maximator alliance are using their agreement and relative positions to spy on the entire planet – in stark contrast to the Five-Eyes agreement."

> Comment: The Five Eyes and especially NSA and GCHQ have massive capabilities, but spying on "the entire planet" is still rather exaggerated: their collection efforts are limited by national priorities, the locations of where they can access satellite and cable traffic, as well as by technical constraints. While the five members of the European Maximator alliance have/had much smaller capabilities, they could nonetheless intercept and decrypt diplomatic communications from over 60 countries where the weakened encryption devices from Crypto AG were used (see the map below).



The countries that bought and used manipulated Crypto AG devices
(graphic: The Washington Post - click to enlarge)


- Page 47, note 8: "Narus mass surveillance and analysis systems were deployed by the NSA inside AT&T facilities to intercept all traffic flowing through their large capacity network cables as documented [KB09] by whistleblower Mark Klein."

> Comment: This suggests that the NSA is intercepting American communications, but actually this is part of Upstream collection, which is aimed at foreign targets and therefore the NSA applies various filter systems to select traffic from countries of interest and discard purely domestic communications.


- Page 52: "The Foreign Intelligence Surveillance Court (FISC) is largely considered to rubber stamp requests from the FBI. The FBI has routinely misled the FISC, and from the little that is known, the FISC has neither the technical knowledge, nor the general temperament to actually act as a safeguard"

> Comment: Since the start of the Snowden revelations, numerous Top Secret documents from the FISC have been declassified, showing that the court examines the NSA's activities in great detail. The idea of being a "rubber stamp" is based upon the fact that the FISC denies just 0.5% of the applications, but later it became clear that American criminal courts only deny a tiny 0.06% of the requests for regular (so-called Title III) wiretaps.


- Page 53: "The CIA meanwhile, operates their own surveillance capabilities including capabilities that are entirely outside of the purview of the FISC, even now [cia22]."

> Comment: At least one of these cases is about the CIA's use of bulk datasets with financial information, which can of course contain information about Americans, but when the CIA obtained them in ways other than by intercepting communications, the FISC simply has no jurisdiction. It's up to lawmakers to impose privacy safeguards for creating and exchanging such bulk datasets.


- Page 56: "In the Snowden archive, we see lots of hacking and hacking related programs run by NSA, such as the TURBULENCE [Wik21u] program which is made up of modular sub programs [Amb13]. Those programs include TURMOIL [Gal14b], TUTELAGE [AGG+15a], TURBINE [GG14, Wik20d], TRAFFICTHIEF [Wik20c], and XKeyscore [Gre13d, Unk13, AGG+14b, Unk15a] as shown in Figure 4.12 and Figure 4.13, as well as data that was pilfered during those break-ins."

> Comment: This suggests that TURBULENCE and its sub-programs are about hacking operations, but actually, TURBULENCE is defined as "a next generation mission environment that created a unified system for MidPoint and Endpoint SIGINT", or in other words, an overarching framework for bulk and targeted tapping systems. Only the TURBINE sub-program can automatically trigger the implantation of malware into target computer systems. Furthermore, none of the sources mentioned in the thesis indicate that XKEYSCORE is a sub-program of TURBULANCE and XKEYSCORE is not a hacking tool either. A detailed explanation of the TURBULENCE system is given in an article by Robert Sesek, which was apparently not consulted by Appelbaum.


- Page 72: "US-984XN is the classified SIGAD while the program name PRISM is unclassified"

> Comment: There are no indications that "PRISM" is less secret than any other coverterm which the NSA uses for its collection, processing and analysis programs. That was likely also the reason that the big internet companies involved in this program initially denied that they had ever heard of something called PRISM.


- Page 91: "the NSA's Equation Group (EQGRP), which was later renamed Tailored Access Operations (TAO)"

> Comment: The name Equation Group was actually coined in February 2015 by the Russian cybersecurity firm Kaspersky for "one of the most sophisticated cyber attack groups in the world". Later on it became clear that this group was part of the NSA's hacking division TAO.


Given how many aspects of the NSA's operations Appelbaum mentions in chapter 4 of his thesis, one could say that it's inevitable that some mistakes are made and some sloppiness occurs. On the other hand, however, this is an academic publication for which the highest standards of accuracy should apply.


Finally, Appelbaum's activism is illustrated by the back cover of his thesis, which shows a logo very similar to that of the German terrorist organization Rote Armee Fraktion (RAF) from the 1970s, except that the original image of an AK-45 is replaced by that of a computer keyboard:




Comments at Hacker News and Schneier on Security

June 6, 2023

On the 10th anniversary of the Snowden revelations

(Updated: September 6, 2023)

To mark the 10-year anniversary of the start of the Snowden revelations I will look back at some of the most notable disclosures and how they developed, based upon the most recent books and the numerous blog posts I have written here. Still, it should be noted that this overview is not a complete coverage of this wide-ranging topic.







Books and archives

Between June 2013 and May 2019, the Snowden revelations resulted in over 200 press reports and more than 1200 classified documents published in full or in part. Additionally, The Intercept published 2148 editions of the NSA's internal newsletter SIDtoday. In total, that may be well over 5000 pages.

A collection that allows a useful visual recognition of the documents was found on the private website IC Off the Record, while text searches are possible at the Snowden Archive which is a collaboration between Canadian Journalists for Free Expression (CJFE) and the University of Toronto. A private collection of the documents is also available at GitHub.

There are also at least 12 books about the Snowden revelations. Glenn Greenwald's No Place To Hide from 2014 reads like a pamphlet against perceived mass surveillance. A much more factual overview can be found in Der NSA Komplex, which is also published in 2014 and written by two journalists from Der Spiegel, but unfortunately only available in German.

Detailed insights into the political and legal background of the NSA's collection programs are provided in Timothy Edgar's Beyond Snowden from 2017, which is in contrast to Snowden's own memoir Permanent Record from 2019, which leaves more questions than answers.

Finally, there's also the long-awaited book Dark Mirror by Washington Post journalist Barton Gellman, which was published in 2020 and offers some important new angles to the initial stories told by Snowden and Greenwald.

> See also my review of Permanent Record: Part I: at the CIA - Part II: at the NSA





Incentives

Some people assume that Snowden is a spy who worked for Russian intelligence, but nowadays, requests for information come from transparency activists as well. Wikileaks' wiki-page titled The Most Wanted Leaks of 2009 may have inspired Manning to search for information on SIPRNet and to download hundreds of thousands of military and diplomatic reports.

Likewise, the incentive for Snowden may have come from the news program Democracy Now!, in which on April 20, 2012, former NSA crypto-mathematician Bill Binney, documentary filmmaker Laura Poitras and hacktivist Jacob Appelbaum were interviewed by Amy Goodman (a full transcript can be found here).

In the program, Binney claimed that after 9/11 "all the wraps came off for NSA, and they decided to eliminate the protections on U.S. citizens and collect on domestically".

Appelbaum repeated what he said at the HOPE conference in 2010: "I feel that people like Bill need to come forward to talk about what the U.S. government is doing, so that we can make informed choices as a democracy" - which is exactly what Snowden would do: leaking documents because "the public needs to decide whether these programs and policies are right or wrong."

Later that day, Binney and Appelbaum spoke at a "Surveillance Teach-In" in the Whitney Museum, where Appelbaum emphasized that disclosing secret information is also important for privacy and civil liberties organizations: because of a lack of hard evidence and concrete harm it was almost impossible for them to fight NSA surveillance in court.



Binney and Appelbaum at the Surveillance Teach-In on April 20, 2012


Whistleblowing?

Just a month earlier, Snowden had started a new job as a SharePoint systems administrator at the NSA's regional cryptologic center in the Kunia Tunnel complex in Hawaii. There, he began automating his tasks to free up time for something more interesting, which he describes in Permanent Record:

"I want to emphasize this: my active searching out of NSA abuses began not with the copying of documents, but with the reading of them. My initial intention was just to confirm the suspicions that I'd first had back in 2009 in Tokyo. Three years later I was determined to find out if an American system of mass surveillance existed and, if it did, how it functioned." *

With this, Snowden basically admits that he isn't a whistleblower: he wasn't confronted with illegal activities or significant abuses and subsequently secured evidence of that, but acted the other way around, by first gathering as much information he could get and then look whether there was something incriminating in it.

In his memoir, Snowden doesn't come up with concrete misconducts or other things that could have triggered his decision to hand the files over to journalists. He even omits almost all the disclosures made by the press, which makes that Permanent Record contains hardly anything that justifies his unprecedented data theft.



The tunnel entrance to the former Kunia Regional Security Operations Center
in Hawaii, where Snowden worked from March 2012 to March 2013
(photo: NSA - click to enlarge)



The documents

The actual number of documents which Snowden eventually exfiltrated from the NSA has never been clarified. According to the 2016 report from the US House Intelligence Committee, Snowden removed more than 1.5 million documents from NSANet and the JWICS intelligence network.

Glenn Greenwald repeatedly said that number was "pure fabrication" and he could probably agree with former NSA director Keith Alexander who in November 2013 estimated that Snowden had exposed only between 50,000 and 200,000 documents.*

According to Barton Gellman, Snowden provided him and Laura Poitras with an encrypted archive of documents called "Pandora" on May 21, 2013. This archive was 8 gigabytes and contained over 50,000 separate documents, all neatly organized in folders.*

Poitras gave Greenwald a copy of the Pandora archive just before they boarded their flight to Hong Kong on June 1. There, Snowden gave Ewen MacAskill from The Guardian some 50,000 documents about GCHQ and handed over all the remaining files to Greenwald and Poitras, who are the only ones with a complete set. Other media outlets only got partial sets of documents.

Greenwald's cache eventually ended up at The Intercept, the online news outlet he co-founded with Jeremy Scahill and Laura Poitras in 2014 to report about the Snowden documents. In March 2019, however, The Intercept closed its Snowden archive and reportedly destroyed it.




Screenshot from a Brazilian television report, showing some of the Snowden files
opened in a TrueCrypt window on the laptop of Glenn Greenwald.
(screenshot by koenrh - click to enlarge)



Non-Snowden leaks

In a message to Gellman, Snowden said that "he was not resigned to life in prison or worse. He wanted to show other whistleblowers that there could be a happy ending".* Later, whistleblower attorney Jesselyn Radack hoped that "courage is contagious, and we see more and more people from the NSA coming through our door after Snowden made these revelations."

And indeed, other sources started to leak documents to the press. The first one was a so-called tasking record showing that the NSA had targeted the non-secure cell phone of German chancellor Angela Merkel. This was revealed by Der Spiegel on October 23, 2013, which is less than five months after the start of Snowden's revelations.


The second leaked document that wasn't attributed to Snowden was just as spectacular: the ANT product catalog with a range of sophisticated spying gadgets from the NSA's hacking division TAO. This catalog was also published by Der Spiegel and discussed by Jacob Appelbaum during the CCC on December 30, 2013.

Initially, hardly anyone noticed that these documents didn't come from Snowden, and so a mysterious "second source" was able to publish files that were sometimes even more embarrassing and damaging than those from the Snowden trove, like intercepted conversations from foreign government leaders.

Later, other piggybackers who called themselves The Shadow Brokers leaked highly sensitive information about NSA hacking tools. The sources of these leaks have never been identified, although it's often assumed that Russian intelligence was behind it. Snowden never addressed these other leaks, nor distanced himself from them.




NSA report about an intercepted conversation of French president Hollande.
Leaked by an unknown source and published by Wikileaks in 2015
(click to enlarge)



The Section 215 program

The very first disclosure of a document that did come from Snowden was the Verizon order of the Foreign Intelligence Surveillance Court (FISC). This court convenes behind closed doors and is often, but injustly referred to as a "rubber stamp". The order was published by The Guardian on June 6, 2013.

The Verizon order showed that the NSA was collecting domestic telephone metadata under the so-called Section 215 program. In the US, this became the most controversial issue and initially it seemed to confirm cryptic public warnings by US senators Ron Wyden and Mark Udall, as well as the aforementioned claims by Bill Binney about domestic mass surveillance.

In reaction, Director of National Intelligence (DNI) James Clapper started an unprecedented declassification effort and released numerous FISC and NSA documents about the Section 215 program on a newly created Tumblr site called IC On the Record.


Misunderstanding

This was meant to clarify a central misunderstanding: the fact that the NSA collects data inside the US doesn't mean they are spying on Americans. The NSA is still focused on foreign targets, but because they are using American internet services, it proved to be fruitful to intercept their data not only abroad, but at telecoms and internet companies inside the US as well (the "home field advantage").

Accordingly, the purpose of the Section 215 program was to find out whether foreign terrorists were in contact with unknown conspirators inside the US, which was one of the failures that could have prevented the attacks of 9/11.

Therefore, the only thing the domestic telephone records were used for was simple contact chaining: NSA started with a phone number of a foreign terrorist and then the MAINWAY system presented the (foreign and domestic) phone numbers with which that initial number had been in contact with, as well as the numbers they, in their turn had been in contact with, the so-called "second hop":



In 2012, the NSA used 288 phone numbers as a "seed" for such a contact chaining query, resulting in 6000 phone numbers that analysts actually looked at. When this led to a suspicious American phone number, the NSA passed it on to the FBI for further investigation.

This true purpose of the domestic metadata collection was clearly laid out in a public report which the independent Privacy and Civil Liberties Oversight Board (PCLOB) published in January 2014. The PCLOB found "no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot", but Section 215 was of some value as it offered additional leads and could show that foreign terrorist plots had no US nexus.

Although these domestic telephone records were not used to spy on Americans, and the FISC limited their retention to 5 years and prohibited the collection of location data, many people would not like to have them in an NSA database because of what Binney and Snowden called the possibility of a "turnkey tyranny".*

The publication of the Verizon order did not only make the general public aware of the Section 215 program, but also gave civil liberty organizations standing in court, which fulfilled Jacob Appelbaum's wish from the 2012 Surveillance Teach-In.

Meanwhile there have been two cases in which a Circuit Court of Appeals ruled about the Section 215 program. They both found that the bulk collection of metadata exceeded the scope of Section 215 of the Patriot Act (because the actual practice hadn't been foreseen by lawmakers, although they had been briefed about it later). The courts didn't decide on whether the program was constitutional or not.




The first page of the Verizon order from April 25, 2013
(click for the full document)



The PRISM program

One day after the publication of the Verizon order, The Guardian and The Washington Post revealed the PRISM program, which became synonymous for an all encompassing NSA spying system, just like ECHELON was before.

In his book Dark Mirror, Barton Gellman tells a different story than Greenwald did in No Place to Hide. Greenwald presented himself as the one who was chosen by Snowden to lead the revelations and claimed that he and Laura Poitras were working with Snowden since February 2013, while Gellman only got "some documents" and that Snowden was angry about the fear-driven approach of The Washington Post.*

According to Gellman, the opposite was the case: on January 31, 2013, Laura Poitras already asked him for advice and on May 7, they agreed to work together. She introduced Gellman to her source, who still called himself Verax, and they started encrypted chat conversations. On May 20, Snowden sent them the full PRISM presentation, after which they signed a contract with The Washington Post on May 24.*

But Snowden was under severe time pressure and urged Gellman to rapidly publish the full PRISM presentation, which he had signed with a digital signature associated with his Verax alter ego. Only gradually did Gellman realize the implications of this. Snowden's plan was to ask political asylum at a foreign diplomatic mission in Hong Kong, where he wanted to use the cryptographic signature to identify himself as the source of the PRISM document (and didn't rule out to "provide raw source material to a foreign government").*

As a journalist, Gellman protected the identity of his source, but publishing the digitally signed PRISM presentation would make him and The Washington Post complicit in Snowden's flight from American law. After consulting Poitras, Gellman decided not to do so. On May 27, Snowden withdrew the exclusive right for the Washington Post and turned to Greenwald, who until that moment didn't know who Snowden was, nor had seen any of the documents.*




When Greenwald finally managed to get PGP working, Snowden sent him a zip-file with some 25 documents, including the 41-slide PRISM presentation. Greenwald started writing his own story about PRISM, which was published by The Guardian on June 6, 2013.* Just one hour earlier, The Washington Post had released its own PRISM story.

The most controversial part of these stories was the claim that "the National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants", which those companies vigorously denied.

That "direct access" was taken from one of the slides, but it's unclear why both Gellman and Greenwald stuck to the most simple interpretation of it. Fact is that they had access to the extensive accompanying speaker's notes, which clearly said: "PRISM access is 100% dependent on ISP provisioning".*

They also had all the other PRISM slides, including two that were published later on, which also show that the FBI is in between the NSA and the internet companies:

PRISM-slide published by Le Monde on October 22, 2013


In July 2014, the Privacy and Civil Liberties Oversight Board (PCLOB) published an extensive public report about PRISM as well, which confirms that individual selectors (like a target's e-mail address) are sent to internet companies, which are "compelled to give the communications sent to or from that selector to the government." According to the report, PRISM "has proven valuable in the government’s efforts to combat terrorism as well as in other areas of foreign intelligence."


In Dark Mirror, Gellman admits: "In retrospect, I do not love the way I wrote the [PRISM] story. I knew a lot less then than I learned later, with more time in the documents and many more interviews". A well-informed source told him that the systems of a company like Facebook are too complex to let the NSA plug in a cable. Only Facebook knows how to pull things out, which they can then hand over upon a valid request.* Google did that through secure FTP transfers and in person.

Another interesting addition provided by Gellman is about the date of the PRISM presentation, April 2013, which is less than one and a half months before Snowden left the NSA:

"Nothing Snowden had seen until now better suited his plan. He had been talking to Poitras for three months, but he still did not feel confident that his disclosures would seize attention from a public that had seldom responded strongly to privacy warnings. Most of the NSA programs that worried him were legally and technically intricate, not easy to explain. He needed examples that ordinary people would recognize. Along came [the PRISM] presentation, festooned at the top of every slide with iconic logos from the best-known Internet companies in the world. "PRISM hits close to people's hearts", he told me."*



Overcollection

While PRISM is no mass surveillance, but targeted collection against individual foreign targets, it still has a problematic aspect: overcollection. Snowden was eager to draw public attention to this issue and, according to Greenwald, took his last job at NSA Hawaii only in order to get access to the NSA's raw data repositories.* Snowden declined to repeat or explain that to Gellman though.*

He succeeded and was able to exfiltrate a cache of ca. 22,000 collection reports, containing 160,000 individual conversations (75% of which instant messages), which the NSA collected via the PRISM program between 2009 and 2012.*

Snowden handed them over to Barton Gellman who reported about these files in July 2014. Researchers at The Washington Post found that the intercepted communications contained valuable foreign intelligence information, but also that over 9 out of 10 accountholders were not the intended surveillance targets and that nearly half of the files contained US person identifiers.

It's probably technically impossible to prevent such overcollection, but instead of deleting irrelevant personal content, the NSA only "minimizes" it, which means that names of Americans are redacted before they are distributed. Gellman saw that NSA personnel takes these procedures seriously, but when he confronted former NSA deputy director Rick Ledgett with his unease, Ledgett's only reply was that the NSA really doesn't care about ordinary people.*




The Mission List

Ledgett's answer is confirmed by a comprehensive listing of the tasks of the NSA in the Strategic Mission List from January 2007. It was published by The New York Times in November 2013, but got hardly any attention, despite the fact that it clearly contradicts the claims by Snowden and Greenwald that the NSA has just one single goal: collect all digital communications from all over the world.

Equally less traction gained reports by Ewen MacAskill from The Guardian and Scott Shane from The New York Times, who tried to provide balance and nuance by showing that NSA and GCHQ also did many good things, like monitoring terrorists, the Taliban, hostage takers, human traffickers, and drug cartels.

The Mission List says that China, North-Korea, Iraq, Iran, Russia and Venezuela were "Enduring Targets", which means they are of long-term strategic importance and therefore require a holistic approach. Next there were 16 "Topical Missions", which are subject to some change, but can be considered legitimate targets for any large intelligence agency:

- Winning the Global War on Terrorism (GWOT)
- Protecting the US homeland
- Combating proliferation of Weapons of Mass Destruction (WMD)
- Protecting US military forces deployed overseas
- Providing warning of impending state instability
- Providing warning of a strategic nuclear missile attack
- Monitoring regional tensions that could escalate
- Preventing an attack on US critical information systems
- Early detection of critical foreign military developments
- Preventing technological surprise
- Ensuring diplomatic advantage for the US
- Ensuring a steady and reliable energy supply for the US
- Countering foreign intelligence threats
- Countering narcotics and transnational criminal networks
- Mapping foreign military and civil communications infrastructure

In 2013, terrorism was replaced by cyber attacks as top threat to American national security. Since then, cyber threats are increasing in frequency, scale, sophistication and severity of impact.



Screenshot of the BOUNDLESSINFORMANT tool showing where the NSA collected most data



Spying among friends

For its mission of "Ensuring Diplomatic Advantage for the U.S.", the NSA intercepts the communications of numerous foreign governments and government leaders. Based upon documents from the Snowden trove, media reported about eavesdropping operations against the Mexican candidate for the presidency, Enrique Peña Nieto, Brazilian president Dilma Rousseff, the Venezuelan oil company PdVSA and many others.


The NSA's interest in Germany's chancellor Angela Merkel had the most far-reaching consequences. Merkel herself made clear to president Obama that "spying on friends is not acceptable" (Ausspähen unter Freunden, das geht gar nicht) and the German parliament started an official investigation into the spying activities of the NSA (NSA-Untersuchungsausschuss or #NSAUA). This inquiry lasted from March 2014 to June 2017, but soon shifted its focus to Germany's own foreign intelligence agency BND.

Extensive hearings of BND employees resulted in unprecedented insights into the details of the cable tapping and satellite interception operations which the BND conducted in cooperation with the NSA. Eventually it became clear that the NSA wasn't spying on German citizens, but did try to collect communications from European governments and companies of interest - just like the BND itself, which was also targeting American and French foreign ministers, the interior departments of EU member states, and many others.



German chancellor Angela Merkel holding a secure BlackBerry Z10 in 2013
(photo: Nicki Demarco/The Fold/The Washington Post)



Backdoor tapping Google

A disclosure that caused outrage in Silicon Valley was about MUSCULAR, a collection program in which the NSA cooperates with its British counterpart GCHQ. In October 2013, The Washington Post reported that under this program, the NSA had secretly broken into the main communications links between Yahoo and Google data centers around the world.

A big question was: why would the NSA do that, given that they already had "front door" access to Google and Yahoo via the PRISM program? Gellman asked Snowden, who didn't come much further than "Because it could" and: "I'm speculating, but NSA doesn't ignore low-hanging fruit". Eventually Gellman realized that inside the US, the NSA had to specify individual targets, but abroad it was possible to acquire such data in bulk and to search and analyse it with XKEYSCORE.*

The Post didn't mention the XKEYSCORE system by name and it's also not explained in Gellman's book Dark Mirror. That's unfortunate, because while Greenwald and Snowden presented XKEYSCORE as a global mass surveillance tool, it's actually a smart system to find targets who are communicating anonymously and therefore cannot be traced in the traditional way, via identifiers like phone numbers and e-mail addresses.

It seems that hardly anyone realized that the disclosure of XKEYSCORE must have been really damaging for the NSA. In the 1990s, ECHELON made clear that the agency targeted phone numbers, so terrorists and other adversaries began avoiding individual identifiers and switched to anonymous ways to communicate. It must have been an eye-opener that with XKEYSCORE, the NSA found a way to trace those as well.

> More about XKEYSCORE


NSA slide showing where to intercept data from the Google cloud



BOUNDLESSINFORMANT

Where Section 215 was most controversial in the United States, but lesser-known in Europe, the opposite was the case with BOUNDLESSINFORMANT, which caused fury in Europe, but is hardly known across the ocean. BOUNDLESSINFORMANT isn't a system to collect data, but an internal visualization tool that counts metadata records to provide insights into the NSA's worldwide data collection.

The results are shown in heat maps and charts, like for individual countries and collection programs. Such charts for Germany and a few other countries were published on July 29, 2013 by Der Spiegel, but on August 5, the German foreign intelligence agency BND said that they collected these data during military operations abroad and subsequently shared them with the NSA.

Despite this statement, Glenn Greenwald interpreted these charts as evidence of American mass surveillance on European citizens and started publishing them in major European newspapers.



BOUNDLESSINFORMANT chart showing the numbers of
metadata which German BND shared with the NSA


On October 21, for example, the French paper Le Monde published a story saying that "telephone communications of French citizens are intercepted on a massive scale." After a similar story appeared in Spain, NSA director Keith Alexander came with a remarkable clarification, saying: "This is not information that we collected on European citizens. It represents information that we and our NATO allies have collected in defense of our countries and in support of military operations."

Greenwald continued his framing in Norwegian and Italian papers. Only in The Netherlands it was found out that the BOUNDLESSINFORMANT charts were not about content, but about metadata. Dutch interior minister Ronald Plasterk, however, still followed Greenwald's interpretation and assumed the Americans were spying on Dutch citizens. A court case forced the government to admit that Dutch military intelligence had collected the data during operations abroad.


Correction

It was only in May 2019 that The Intercept put the pieces together and set the record straight: the various BOUNDLESSINFORMANT charts showed cellphone metadata that had been collected by members of the Afghanistan SIGINT Coalition (AFSC, also known as the 9 Eyes) and fed them into the NSA's Real-Time Regional Gateway (RT-RG) big data analysis platform.

When The Intercept confronted Greenwald with this new research, he still tried to blame the NSA: "At the time, Der Spiegel had already reported this interpretation, the NSA wouldn’t answer our questions, and they wouldn’t give us any additional information. I am totally in favor of correcting the record if the reporting was inaccurate."

While Greenwald ignored the declaration by general Alexander, he was right when he said that the NSA's internal documentation about BOUNDLESSINFORMANT was somewhat confusing. Apparently, Greenwald had to rely on that documentation because Snowden was of little help, just like he was for various other programs that journalists did not fully understand.




Slide showing all the collection systems that fed the RT-RG platform
(click to enlarge)



Truth

Many of the documents that Snowden provided to the press have been misinterpreted or exaggerated, sometimes unintentional, but in other cases maybe deliberately. In Dark Mirror, Barton Gellman writes:

"There were signs that Snowden was capable of an instrumental approach to truth. In conversations about my work, when I got stuck on a hard reporting problem, he sometimes suggested that I provoke fresh disclosures from government officials by pretending to know more than I did."

"Another time he went further, proposing that I actually publish informed speculation as fact. If my story outran the evidence, he said, the government would be forced to respond and thereby reveal more. There would be a net gain for public information either way."

"He said misinformation from people like Mike Hayden, supporters of the intelligence establishment, pushed the terms of debate so far off center that only rhetorical counterforce could set the record straight."*

Gellman declined this approach because it would make his reporting unreliable and it undermines confidence in the press if it would turn out that certain things weren't true. However, claims made by Greenwald and Snowden himself showed that his "counterforce" method sometimes did work: the government came up with new facts - but those never got the same attention as the original story, which was already stuck in people's minds.



Conclusion

There's no doubt that the Snowden revelations provided unprecedented insight into modern-day signals intelligence as conducted by the NSA and its Five Eyes partners.

In part this was much needed to understand how the legal framework is implemented and where safeguards need improvement. That, however, requires a close examination of the documents, which shows the problems are smaller and more complex than the mythical "global mass surveillance" which Snowden and Greenwald tried to proof.

On the other hand, many things have been published that were merely sensational and weakened the US and its signals intelligence system. By revealing its workings and capacity, the Snowden revelations unintentionally set a new standard which other countries hurried to catch up with.



Links

- Der Spiegel: Das Internet ist heute anders unsicher (June 9, 2023)
- The Atlantic: Did the Snowden Revelations Change Anything? (June 7, 2023)
- The Guardian: Snowden, MI5 and me: how the leak of the century came to be published (June 7, 2023)
- The Guardian: What’s really changed 10 years after the Snowden revelations? (June 7, 2023)
- Schneier on Security: Snowden Ten Years Later (June 6, 2023)
- System Update: SNOWDEN REVELATIONS 10-Year Anniversary: Glenn Greenwald Speaks with Snowden & Laura Poitras on the Past, Present, & Future of Their Historic Reporting (June 6, 2023)
- neues deutschland: 10 Jahre Snowden-Leaks: Enthüllungen nicht mehr erwünscht (June 6, 2023)
- neues deutschland: Snowden-Leaks: Geheimdokumente belegen globale Massenüberwachung (June 6, 2023)
- Heise: Edward Snowden: Die Enthüllungen des NSA-Whistleblowers 10 Jahre später (June 5, 2023)
- Der Tagesspiegel: Edward Snowden und die Whistleblower-Frage Feiert die Verräter! (June 2023)
- Netkwesties: Barton Gellman herziet NSA-onthullingen (Dec. 7, 2020)
- See also: Timeline of Edward Snowden

- Documentary: Edward Snowden: Whistleblower or Spy?


Comments at Hacker News
In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties