Monday, July 29, 2013

ECHELON

Nicky Hager Appearance before the European Parliament ECHELON Committee

23 & 24 April 20XY

Chairman:
Mr Hager, you have the floor.

Nicky Hager
Good morning. I am very pleased to be with your committee, and I think I should have to appear here as one of the people who produce the information about Echelon. I think it's very important that you have the opportunity to challenge me and question me so that as a committee you can feel confident about the information I provided to your work. But also it was very useful for me to hear your discussion yesterday, as it is now clear to me what I should be talking about, the stage you are at with your work. I had written quite a lot of notes, but I will change some of what I was going to say to you. The questions which yesterday seemed to be on everyone's mind were about what you can, as a European Parliament committee, reasonably include in your report, what you can think is true and what is not, and also about what exactly you can do about this issue. So that's what I would like to talk about today. I'll also, of course, talk about the Echelon system itself, but I won't go into huge detail on it, because I don't want to use up your time repeating things which have already been provided in your papers, but I am very keen when I finish for people to be able to question me and question my sources.
Listening to the talk yesterday the things which I would particularly like to cover today about what you as a committee can believe on the subject and particularly the question of how much proof is enough before you can say, Echelon exists, these kinds of systems exist, and move on from there.
The next thing that struck me yesterday is that I felt, at least from that discussion, this committee has got too caught up in the question of whether Echelon has been used in the one narrow area of monitoring of European companies to the advantage of United States companies. And so some of what I am going to say today is going to be about broadening the inquiry in terms of what I saw as your terms of reference to look more generally at the kind of interception against Europeans. That feels to me that you have been too focused down on that one yes or no to competitive and commercial spying. I also (thought) about the foreign relation context of the spying by the American/British/New Zealand/Australia/Canada alliance putting that in a foreign policy context, and then I'll move on - this is what I had not intended to do, but because of the stage of your inquiry - I'll move on to what I think some specific recommendations could be, the kind of things that could be adopted by a Committe like yours, hopefully not just to your region but to the rest of the world.
But I'll start by introducing myself. I began to be a researcher 20 years ago when I left university. I first worked for a government science organisation. I developed a personal interest in defence and have for some years been a writer and a critic of defence policy in my country. But in the middle of the 1990s, while I was looking at different defence subjects, I stumbled across information about our member of this signals intelligence alliance, an organisation - you'll forget the name straight away, it's a forgettable name - it's called the Government Communication Security Bureau (GCSB). That is the New Zealand equivalent of the National Security Agency or the British GCHQ. At that stage I would not have found more than one or two politicians in our entire parliament who even knew the name GCSB, even though it is by far our largest intelligence organisation, it was completely invisible. After that there ended up being 12 years of my life where I was probing deeper and deeper in that organisation. Initially I had no inside sources, but I had some lucky breaks, particularly - and this is probably what drove me on with the research - I discovered that I could find out a lot of information about the inside of the organisation from public sources. What I discovered was that this most secret of intelligence organisations had assumed that it would always be secret and so they had hidden the names of their staff and details of their internal structures within all sorts of government records that were not confidential, and by searching very methodically through all sorts of our government records I was able to get full lists of everyone who worked in this most secret intelligence organisation and all the past people who had worked there, and look through different records and find details of all their overseas postings and where they had gone and been trained in the oversees agencies. And overall after a while I got a 40-year picture of where in New Zealand's most secret intelligence people had been posted in this country and that country and trained in this particular city and started as an outsider to get a sense of this organisation. Lists of names, though, were the key for me, because I live in a small country, our capital city, where I live, is only 150.000 people. And within that city and with the knowledge of all the people who worked in the agency and all the people who had worked there I started to be able to locate people who might be prepared to talk to me.
And about in 1990, after a few years of gradually picking away at this job, I started to interview people who had worked and were working inside the intelligence organisation. For the next five years I lived a slightly strange and secret life, because I had a large number of secret interviews with different staff. These are people who, if they were caught talking to me, would have lost their jobs and probably their careers would have ended. So we had to meet very secretly and privately, I had to hide my interview notes, but gradually over the next 5 years I built up about several hundred of pages of interview notes. Further characteristics of these intelligence agencies is that they are very compartmentalised. The person working in this office quite likely doesn't have much idea at all of what the people would do in the office next door, and they probably have no idea of what happens in the floor below them in the building or in other facilities. And so to build up a picture of what was happening I had to locate people in all different parts of the organisation who were prepared to talk to me. And there is something about the easygoing or casual character of New Zealanders that meant that I was able to find a large number of people who would speak to me, and I could win their trust and they provided me, as I say, with very secret information about the organisation.
Although my research was about a New Zealand agency, that is, one agency in the south of the South Pacific, what I very quickly started to learn as these people told me the details of their jobs, was that in fact I was learning about not a New Zealand operation but a five-country operation. I was learning detailed information which was giving an insight into the United States and the British and the Canadian and the Australian agencies just as much. It quickly became clear to me that the technical systems they were using and the targetting lists and the regulations and manuals, the intelligence distributions systems, all the different specific parts of their work were not New Zealand systems, they had another agency's name on the manuals, and the target lists came from the NSA, and so finding out that New Zealand was actually a little window into finding out about the whole alliance. Likewise, the officers who I was talking to had been trained in London, in Washington, in Canberra, and the new equipment that they were installing had been planned in five-nation working groups, usually in Washington, and a lot of the specific intelligence operations, I came to learn, were joint operations where two or more of the agencies were working together. And so that meant that even though it's a strange thing that international systems should be exposed from a far-flung country like New Zealand, because these people were prepared to talk to me they gave me an opportunity to find out about international networks.
It was during an interview with one of the operations division staff in the early 1990s that I first heard about the Echelon system and I first heard that word Echelon, which I had never heard before, of course. I had a series of interviews with that officer and then other staff where I built up the description of Echelon which I have got in my book and which you have seen many of the details of in the STOA reports and other reports which have been presented to this committee. As I said, I really invite you to question me when I finish about any doubts you have about whether my information is solid or the details of the system to dispell any questions that there are about whether the system exists and also about the capabilities and limitations of the systems. I should say that it is very important that we should discuss not only the power of a system like Echelon, but also what its limitations are. The reason we should look at the limitations is that there has been many exaggerated second-hand accounts of what I and other people have written about Echelon. In my view they give an air of unreality to the subject of Echelon and intelligence. In my opinion it is in the interest of the intelligence agencies that when the public talks about intelligence it all sounds very vague and rather akin to talking about flying saucers or something and not really the real world, it suits their interest. It is very much in the interest of people like us here, people with a serious interest in the subject, to be able to be as precise and factual as possible, as it is only in that way that we can get proper public scrutiny and questioning of what is going on.
I want to begin by mentioning the limits of my knowledge of the subject, because there is, of course, a great deal that I don't know. My sources were intelligence officers working in the south of the South Pacific, and their targets were within the Pacific. I have no knowledge of specific operations in this part of the world. I don't know about which particular companies or agencies or organisations in Europe have been spied upon. The most I have ever heard about Europe was intelligence officers talking about their knowledge of an interaction with their sister facilities, like the one at Morwenstow in Britain, which they were working in parallel with, but I don't know the specific details. What I can provide you with today is a detailed understanding of the world-wide systems which work just as much in Britain and the US as they do in New Zealand, and an understanding from my years of work on this about the scale of the interception and the specific kinds of targetting which happen in our part of the world, which I think which will be quite closely mirrored in your part of the world. But I want to be clear about that if you will ask me whether somebody has been spying on Boeing or this company or that company, I haven't got the faintest idea, it is not worth asking me.
The first question then which I want to discuss with you in detail is the question of what in this highly secretive subject your committee can reasonably believe and what you should doubt, that central issue when you are studying a highly secretive thing. And I want to tell three brief stories from my part of the world, the first one comes from June 12, 1984, when our then Prime Minister, Robert Muldoon, first admitted to the New Zealand Parliament that our agency, the GCSB, existed. He told the Parliament that this organisation existed, but he reassured the members of parliament that "it does not monitor New Zealand's friends in the South Pacific". The same statement was made by two future prime ministers over the following decade. The point is, this statement was completely untrue, in fact it utterly turned the truth on its head, because the main work of the GCSB was to routinely and continuously monitor all the nations of the South Pacific, that is the nations from French Polynesia in the east across to the Salomon Islands in the west and every country in between, except for Australia, of course, that's countries with names like Fidji, Tonga, Kiribati and Tuvalu. This was part of the world-wide division of responsibilities between the UKUSA group, and New Zealand got their particular slice of the Pacific to do. I have interviewed people whose whole job was monitoring those friendly countries of New Zealand in the South Pacific, and yet every prime minister had told Parliament that they did not do that.
The second story is from 1995, when the world was told by angry US spokespeople and New Zealand and Australian politicians that New Zealand's intelligence ties had been completely cut with the United States as a retaliation against New Zealand's ban on port visits by US nuclear-armed ships. Like everyone else I believed those statements at the time, it did not seem that they would be wrong. But it turned out that they were also completely untrue. Since then I have interviewed the people who worked inside these most secret agencies at the time, who were watching the intelligence come from the US every day, and they say that apart from a few weekly digests which stopped for several months, the vast bulk of the intelligence from the US and the cooperation continued completely unimpeded. Once again, the public had been completely mislead - and the New Zealand Parliament.
The final example is from later in the 1980s when our then Prime Minister, David Lange, had the job of approving and signing the funding for a new intelligence base, the Waihopai base, New Zealand's Echelon station in this part of the network. He said that the reason why New Zealand had had to set up the station was because we had been cut off from US intelligence and we needed to set up an independent operation to help New Zealand. He said, "For years there has been concern about our dependence on others for intelligence, being hooked up to the network of others and all that implies. This Government is committed to standing on its own two feet." David Lange believed that statement when he made it, but like in the other examples, it was completely untrue. The Waihopai station had been designed from before his government was elected, and it actually represented the greatest integration of New Zealand into the intelligence alliance which there had been to date. It was the exact opposite of becoming more independent.
When years later I quietly took the draft of my book to David Lange and asked him to read it before it was published, and sat in his office with him through two long sessions while he read through the thing, he was so annoyed at the extent to which he had been mislead over that and other subjects, that he agreed to write the foreword to the book. So, the foreword to this book is by that former prime minister. So, that is three pretty fundamental untruths, one was about the targetting, one was about the alliances New Zealand was part of, and one was the degree of independence of our intelligence service, that they were quite willing to mislead the public.
I think there is a very important point or lesson in this for your committee. If the GCSB staff had not risked their careers, their jobs, to talk to me, New Zealand intelligence chiefs and politicians would very likely still be telling New Zealanders and the world that our GCSB does not spy on our friends in the South Pacific, we have been cut off from American intelligence, the Waihopai stations is there to be independent, and they could have kept doing it, because no one could have contradicted it. The point is, these lies, this misleading of the public is standard practice in the intelligence world, and the people who do this misleading are not bad people. Within the intelligence agencies senior staff believe sincerely that the secrecy of their operations are of paramount importance. They feel completely justified in misleading the public and their own governments and European Parliament committees when they need to, if that is what is required to protect their operations and stop political interference and what they believe are important long-term relationships.
What I found when working on the subject is that much of what passes for fact in the news media and the debates about intelligence is actually more or less fiction, it is mistakes or it is half-truths, which the intelligence agencies have allowed or encouraged the public to repeat year after year in their ignorance. I have talked to senior retired intelligence officers who have earnestly argued the need for the secrecy and deception. The relevance of this for your committee is obvious, if you don't want to be deflected from your job, then what I'm saying is, you must not take it seriously when you get the standard denials about Echelon and other subjects. Of course, they are going to deny it. No US or British spy agency is ever going to confirm that they intensively monitor European nations, and so the denials and the evasions that they make cannot be taken seriously. Any deception - so-called - is what they would see as necessary protection of important operations and intelligence relationships. When, for instance, the CIA director talked about there only being spying in Europe to track down bribery - that old story - that might be true, but equally it might not be true. Another example on this, the people I interviewed - and these were the people who saw thousands of intelligence reports a week coming from the US across the wire and to our intelligence agencies - said to me that the standard sort of good spying examples that people hear about in public is things like terrorism, transport of weapons and so on. In other words, the targets that the public hears about are not the real targets of these systems generally. Those targets like terrorism and weapons transport are used as a cover for the traditional areas of spying, the predominant areas of spying, which are political, diplomatic, economic and military. This is a point I want to come back to with you. In summary, what I am saying is that intelligence agencies routinely and continuously see it as their duty to mislead their publics and even their politicians, and they may also tell you the truth when it serves their interests, but this of no help to your committee, as you are probing a subject which they don't want to be probed.
Moving on to the foreign policy implications, what I found in my research is that very secret intelligence activities allow there to be a gap between public policies, that's what the governments say their foreign policies are and what the ministers say in their speeches, and what is actually doing in their secret operations. In our region this is shown graphically by the example I gave of who is targetted. In public, New Zealand is a benevolent friend, the big brother of all those South Pacific nations that helps them out in all sorts of ways, and it is a strong supporter of the regional organisations in the UNO area. Yet secretly, all of those South Pacific countries are spied on to a devestating effect. I have spoken to the officers who using the Echelon capabilities have monitored each of the Prime Ministers of those countries - this is an important list, because I think it has exact parallels in Europe - they monitor the Prime Ministers of each of those countries, our friends in the South Pacific, they monitor the rest of the ministers, they monitor the Prime Ministers' departments and the other government departments, they monitor the leaders of the opposition and opposition politicians and groups, they monitor the police forces, particularly in Fidji, which is the centre of the South Pacific, they monitor the main regional organisations such as the Pacific Islands Forum, they monitor all the UN organisations, they monitor all the politics and organisations of the South Pacific. All of this intelligence is distributed automatically to the US spy agencies which have an interest in our regions and to the other allies. The GCSB, our agency, even helped to spy on East Timor during a period when publically our politicians and the vast majority of our public supported East Timor independence. At the same time privately our intelligence officers were helping the US and Australia spy on the East Timor people at a time where that intelligence was being funneled through to the Indonesian military. The point I am making is, because these operations are so secret and can stay secret for decades on end, it is possible to have a completely separate private policy to the public forum policy.
The reason New Zealand conducts this comprehensive spying against its friendly neighbouring countries is not because it needs this covert intelligence. Indeed, in my interviews with New Zealand intelligence staff and diplomats they regard more traditional sources of diplomatic intelligence as being much more useful to them, this is intelligence like diplomats building up friendships and contacts in key parts of governments and other organisations, it is cocktail parties, it is the intelligent reading of newspapers and so on, at least in our country. The analysts and the politicians find that intelligence much more useful in practice than these bits of covert eavesdropped information. So the reason New Zealand conducts all this covert monitoring is simply because it is diligently and thoroughly performing its duties within the UKUSA alliance. There are quite deep-seated fears held by our senior intelligence officials that if they don't play their part fully in the alliance, New Zealand may be left out, or gradually frozen out of it. They believe they are acting in the best long-term interest of New Zealand when they are betraying our small and distinctly vulnerable little neighbouring countries in the short term.
I think there are obvious parallels between this New Zealand experience and Europe, the same division of responsibility for world-wide monitoring that gave New Zealand the South Pacific, which gives Australia a part from where we are and that ends up in south east Asia, and it give Britain the task of spying on Western Europe. As I told you, I don't know the specific targettings in Europe, but based on my experience of what happens in Australia and New Zealand, I have no doubt at all that the same kind of large-scale and comprehensive monitoring of European nations happens as goes on in the South Pacific, and again I say, prime ministers and other ministers and government departments and all the rest of it.
The spying systems that we are talking about except where there is sufficiently powerful encryption have the capability to monitor the whole of governments, regional and international organisations, non-government organisations, companies and individuals throughout Europe. And since secrecy and deniability keep those operations invisible, there is no reason for the US and Britain to deprive themselves of the interesting intelligence that can be gathered that way. So, what I am saying is, this secrecy allows Britain to maintain a public policy of loyalty to the European Union, while secretly continuing a completely incompatible defence intelligence relationship in support of its older transatlantic relationship. As in New Zealand, the British intelligence chiefs would be very reluctant to risk their special relationship by refusing to cooperate and monitoring the rest of your countries. I imagine, some people might say at this stage that the US and Britain are hardly going to spy on their NATO allies, and so I refer to the Pacific experience on this, because I think it is again very illuminating. What I see in the Pacific is that the US in cooperation with the rest of UKUSA have been perfectly happy to spy on close allies and trading partners. During the 1980s and 90s about half of the total workload of analysts working inside our spy agency, the GCSB, the people I was interviewing were involved in spying on two countries, that is France and Japan within the South Pacific. In the case of Japan, this is despite of being the key trading partner for New Zealand and of being a very close intelligence ally of the US. The GCSB put major resources into monitoring all Japanese embassies in our region. This was not conducted because New Zealand had a problem with Japan or a conflict or had a special need for this intelligence, it was merely because Japanese diplomatic intelligence, code-named JAD-intelligence, was a priority for the NSA, and the NSA had asked the other four allies around the world, Britain, Canada, Australia and New Zealand, to take one part of the world's Japanese embassies, in other words, five countries between them were spying on all the Japanese embassies in the world. We were being provided with the codes to break them during the intercepting and sending the results back to Washington. The same goes for France. Publically it is an ally of the US and Britain, but privately these two nations' SIGINT agencies asked New Zealand, the GCSB, as a special project to monitor French nucear testing in the South Pacific. And so from the early 80s through to 1996 when it ended, one of the three main analysis units within our GCSB was devoted to French intelligence, spying on them in New Caledonia and in French Polynesia. The purpose, according these GCSB staff, the reason why they had been asked to do this by Britain and the US was because those two nuclear weapon nations wanted to keep an eye on France's nuclear weapon development. And so this is the point I am making. Public alliances between countries don't seem to make any difference to secret intelligence operations. It would be naive to assume that friendly NATO allies and so on aren't using the resources they have got for continuous spying.

In my opinion - this is none of my business -, but in my opinion there is tension in Britain, or between Britain and the rest of the European Union. The British government will probably be able to just avoid your current inquiry just by not participating or keeping its head down. My feeling is that there is a tension or a pressure which is going to mean that eventually Britain, if these issues get more publicized, or as these issues get more publicized, Britain is going to have to make a choice, and if there is one weak point in that 50-year-old UKUSA alliance, it is Britain and it's Britain's split loyalties between its responsibilities to spy on Europe and its position within the EU. It seems to me that that relationship, which was born in the Second World War and in the Cold War, is going to come more and more under pressure in the years and decades ahead, and that is where we are going to see the first change in this, I think. The only countries within the UKUSA alliance which are not spied on, are each other, there are specific regulations which stop Canada spying on Britain or New Zealand spying on Australia. I know that the GCSB staff in New Zealand strictly follow that regulation, they never broke it, although there is evidence that some of the larger allies are not so scrupulous.
So, in summary for this part, what I am trying to communicate not from first hand experience but a very detailed experience in the Pacific, is that I think your committee should be conscious of the scale and the comprehensiveness of the spying which is likely to be occurring in Europe, and by which I am saying political, diplomatic, economic and military surveillance. And this is a surveillance which will be affecting the rights of governments and regional and international agencies and companies and community groups and citizens. What I am saying is that it is just not credible to suppose that the scope in the intensity of monitoring which New Zealand does in its part of the world against its friendly neighbours and trading partners and which Australia does in the South East Asian region against its neighbours and its trading partners and other friendly countries is not also occurring when Britain has a traditional role of spying in this part of the world on its friendly neighbours, EU partners and trading partners.
The next point that I would like to move on to is that I really think it would be a terrible shame if your committee was to waste, or to focus too much of its attention on the single issue of a certain kind of economic intelligence which has to do with competition between companies of different countries. I think part of the reason that it's here this way is because of the way that the Echelon issue arose in Europe. It has really been a news media driven issue for a while. Until the creation of your committee it was the news media that was pushing it, and the principle interest seemed to be in these questions of whether this or that large contract or deal had been won by an American corporation as a result of SIGINT. But as I am saying, while I am about to talk about the extent to which I think that is true, I think it seriously skewed the debate. It would be a pity if your committee, which has got much wider terms of reference on that, it is to do with spying on the whole of Europe, it would be a pity if you got sort of sucked down into that simple question of whether or how much is that kind of competitive intelligence being collected. I think it would be a waste of the opportunity that you have got before you.
At the risk of stating the obvious, I think it is worth referring to the function of intelligence gathering, just to broaden and confirm what I was just talking about. A world power such as the US and a regional power like Britain have numerous obviously diplomatic and economic and military and ideological and domestic political interests that they are pursuing at once, a whole diversity, and often conflicting ones as well. And so, knowing how other countries' delegations intend to act in this or that international negociation or understanding the political factions within the government, which has policies differering from them at a particular time on a particular issue, or giving advance warning of particular political issues or political protests, or gaining inside knowledge of other countries' economic planning or commodity prices, all this kind of things can be of assistance to a country as it works to pursue its national interests. These are the kinds of intelligence which are gathered through normal diplomatic reporting, and they are also the sorts of activities which you gather with using secret intelligence assets such as the Echelon system and its sister systems. Seen like this, and ignoring the fiction that intelligence gathering is only directed against threats or enemies, it is entirely unexceptional to conclude that systems like Echelon will be used for a wide range of European monitoring.
Having given this caution, I will just say a couple of words about commercially valuable intelligence, because commercially valuable intelligence is, in my direct experience of interviewing people, at least in the South Pacific and the Pacific part of what they monitor. According to my sources, commercial intelligence is actively sought by our GCSB, or was being 5 years ago as exchange between the UKUSA allies. At the time of my interviews, economic intelligence in the Pacific was not the main, but it was still a regular target. I can recall being told various economic intelligence stories on specific subjects. One was on cope and deals to do with Japan, another was to do with collecting intelligence on meat sales, which is very important for New Zealand, a third was a more general one on intelligence to do with oil prices, and the fourth was a very specific issue of a particularly large Japanese development project in the South Pacific where there was potential for New Zealand companies to win contracts. In other words, there were both macro-level and micro-level economic intelligence being collected.
In the case of New Zealand, the intelligence staff told me that the commercial, that the micro-level intelligence collecting was becoming less and less, and there was a reason for that. In New Zealand, the intelligence has never been shared with large companies like private forestry companies or something. But is was regularly shared with large state commercial trade organisations. But New Zealand has been through the same process of privatisation and foreign investment that other countries have had. And so, the intelligence liaison staff found harder and harder to decide who they should give intelligence to. Basically, they did not know whether they should be providing intelligence to, it might be a Japanese-owned company working in New Zealand or a New Zealand-owned country producing its goods in China, and so more and more they stopped doing it. However, prior to that stage - this is in contradiction to something that Jim Bamford said yesterday, he said, you have to have these people with above top secret clearances to get the intelligence, and that is exactly what is happening in New Zealand, in key areas, like, one was our dairy board, I remember, which is our largest exporting organisation in New Zealand, another was Telecom, before it was privatised in New Zealand, they were specially indoctrinated, as I call it, special above top secret cleared offices within all those organisations, who had the job of receiving SIGINT. That was routine and unexceptional, and New Zealand being furthest away from the commercial business of the world, if it was happening there, I would find it inconceivable if it wasn't happening elsewhere. In addition, and I would suggest more important, other staff described the intelligence that they were getting from the NSA, and they told about the fantastic amount of intelligence that was arriving for example monitoring international trade meetings. And I would suggest that rather than getting caught up in whether this or that private company has been disadvantaged in terms of one country gaining advantage over another, monitoring of delegations in international trade meetings is a far more important topic. From my sources, they said that whenever there was a GATT meeting or another major international meeting, there were hundreds of reports of the monitoring of the different delegations which were arriving in New Zealand and being shared between the UKUSA partners, and I have absolutely no doubt about that, because I have talked to people who saw it coming from the NSA.
Moving along, I would like to talk a bit about the issue of proof, which I think is obviously bearing hard on your committee. I have cautioned you about accepting denials by intelligence agencies and their governments. I am saying, you can't trust them if it suits their interest not to tell you the truth. And someone could reasonably reply, why should you accept information from people like me, so I would like to answer that question now. I faced the problem with proof continuously right through the process of researching and writing the book. The problem is that it is completely unreasonable to expect individual intelligence officers to go on the record, to put their names to information when they would suffer such retaliation they probably would be unemployed for the rest of their lifes. It is just too hard to expect someone to do that. The problem with that is that without those people, information can be dismissed as hearsay. How do you know, that it's right? My solution to that problem was to collect so much detail about the secret operations, that was not just to say, who you were spying on, but where does the spying occur, in which room do they do it, which parts of it, and what's the name of the manual that you work from, how do the particular systems work, who do you distribute which kind of intelligence to, and what does the manual look like that tells you who to distribute what intelligence to whom, what are the code names, even what is the internal layout of your secret facilities. In other words, the reason why I gathered that huge pile of specific detail is that I hoped that by doing that it would mean that somebody who looked at the general findings of the book could feel credibility that it had not come from my imagination, because I believed in flying saucers, but because it had actually originated in the sources who were talking to me.
At the end of the process, I believe that any reasonable person who looks at my book and looks at the detail, just like Jim Bamford was saying, with his hundred pages of references in the back of his, I think that anyone who looks through the book and sees the specific parts of it will feel confident that the information could have only come from a wide range of inside sources. I have brought several copies of the book with me, and if any of you here would like to take a copy away, I will happily give you one, not because I expect you to read it word for word at this stage, but because I really hope that you can feel reassured that it is not a work of fiction.
Also I should mention David Lange, the former New Zealand Prime Minister who I allowed to look at the book, who when he wrote a foreword to it, after overseeing this organisation as Prime Minister for 5 years, wrote, "an astonishing number of people have told him things that I as Prime Minister in charge of the intelligence services was never told". The information about Echelon which is in my book, which I was told about in New Zealand, is reinforced by various other credible sources, you got Jim Bamford yesterday, and his books on this tell the same story from different sources, you got Duncan Campbell's sources, particularly Margaret Newsham, the woman who worked at Menwith Hill who provided the early 1980s details of the expansion of Echelon at that stage, the technical details, and of course there is the US government documents which Jeffrey Richelson has uncovered in the US. What I am saying is that I hope that this information put together will allow your committee to decisively move beyond the question of whether Echelon exists. It will be a great shame if there is still an "if" hanging over this at the end of your enquiry, and I believe you will be making a contribution to your national parliaments and to the public, not just in Europe but the rest of the world, if as a parliamentary committee you can take us beyond the whether stage of the discussion of Echelon into acknowledging its existence and allowing the next stage of the debate to happen, which is what we do about it.
Now we'll talk about some of the technical details of Echelon before I finish, and as I said I am not going to take you right through the whole story of how it all works, because you have covered that over many months, but I am happy for you to question me on details at the end if you want. But I'll say a view things. As other people have said to the committee, Echelon does not somehow magically allow spying on all of the communications of the world, that's the kind of fairy tale end of the story about this. It is a real system, it's designed and upgraded by real people, and therefore it's fallible, and it's limited. These people are continuously working to increase its reach and efficiency and keep up with new developments in communications technology, for instance in our GCSB in the early 90s, there was a lot of work to automate the interception of e-mail, because they had trouble at first before they got it right.
Secondly, the computers and the other electronic equipment in Echelon is not omnipotently powerful, they cannot do everything everywhere all the time. It is part of the job of the analysts who work on this system to manage the Echelon capabilities to the greatest efficiency, this means that there are people whose job it is to analyze for instance all the different channels going up and down to a satellite, which ones are just cable TV, which ones are between countries where it is not very interesting, which ones are most rich in intelligence, and then they focus the Echelon capabilities against those which will yield the most intelligence. This is purely for not to overload the system with junk and to get the greatest efficiency out of it. But that means that they are not spying on everyone, they are focussing the resources on the places where they will get the most of the desired intelligence. Also, it is worth repeating that Echelon is mainly concerned with communications between countries. In some parts of the world they are also able to monitor communications within countries, but the NSA, the GCHQ in Britain, our agency, they are foreign intelligence organisations, and so by definition and in fact, most of their work is international communications. Having said this, the aim of the Echelon system, the purpose of it and the parallel systems it works with is to be able to monitor any international communications of interest anywhere in the world, that is its purpose, it's a global system, and it's very powerful. It lives up to many, if not all of the fears that the public has about its reach. Unlike traditional notions of spying, where we imaging one person's telephone being tapped or whatever, Echelon operates by targetting whole components of the world's telecommunications networks. It doesn't intercept one phone, it intercepts all the communications through one satellite or huge quantities of information being moved by microwave between countries. They are processing them by searching them by keywords and through the dictionary computers, it is industrial scale spying. And it has been made possible by developments in computer processing, which nowadays provide spying capabilities which are thousands or millions of times bigger than the capabilities of spying which most imagine is tapping telephones and things.
I learned about Echelon, of course, from New Zealand's contribution to it. The Waihopai station, which was opened in 1989, intercepted first one, now both of the main INTELSAT, the main civilian telecommunications satellites above the Pacific, which have tens of thousands of simultaneous faxes and e-mails and phone calls going through them. It is capturing millions of individual communications a week, and it's a small station in the network. The Australian station, which in your papers has been said is not called an Echelon station, but in my understanding is just as much an Echelon station als the New Zealand one, was built at the same stage, it was planned in the same international intelligence working groups in the early 80s, and whereas New Zealand spies on the two Pacific INTELSAT satellites, it spies on the Indian Ocean and some Asian satellites, in other words, covering two different parts of the world-wide communication system. Our intelligence staff have also described the close collaboration, like sharing information and joint projects with the Yakama satellite interception station in the North West United States, which has the colourful code name of "Cowboy", it sits in the deserts out there, and they also worked closely and some of them in the since dismantled British satellite interception station in Hong Kong, which had the equally colourful code name of "Geranium". And further afield, as I said, they talked about their more distant contacts with sister agencies like the one at Morwenstow. Thus, according to my knowledge, and this is from my sources, Echelon is a network of interception stations monitoring civilian telecommunications satellites. As far as I know from the people who described it to me, Echelon is about the satellite part of this world-wide interception.
There are other components of the UKUSA alliance's surveillance network which cover rather large parts of the world's telecommunications except for microwave networks. They operate in exactly the same way as the Echelon stations I am talking about. They capture millions of messages, might be microwave or undersea cable, they use dictionary type computers to search for keywords, but I'm not sure whether they are actually covered by the code name Echelon, because that work isn't done in New Zealand. However, I see that this is a completely minor point, it is a semantic point, as these various components of the global network of Echelon or Echelon-like interception stations work together to try to provide the global capability for which those systems were designed.
Yesterday in the discussion I thought there were a few technical things which weren't quite correct, so I'll just cover them. The first one is to say that the UKUSA countries cooperate in Echelon, but they don't cooperate in Echelon because of the needs of Echelon, that the US needed Australia or New Zealand. The UKUSA relationships go right back, according to my sources, to 1948 and they were forged in the Second World War. The reason why that particular group of countries work together on Echelon is because they have been cooperating in that intelligence alliance right through the Cold War since the 40s and even before in WW II.
Yesterday there was some confusion, I thought, about in a station like the British station at Morwenstow, what proportion of that work is British, what proportion is American and so on. So, I'll explain this very carefully, this is something which I understand very well from New Zealand. In the New Zealand station, the Waihopai station, there were lots of different subjects which the computers were searching for at once, one obviously would have been Japanese diplomatic intelligence for example, and that had its particular code numbers, the four number code that Jim Bamford talked about as 1234. There is certain search groups like that, and because New Zealand has the job within the alliance of spying on the South Pacific area, most of the code words in the Echelon system for spying on the South Pacific have been entered by New Zealand, and the messages which are captured by those keywords are sent to Wellington, not to Washington, because it's a New Zealand list of keywords. And then in Wellington the analysts look through the thousands of messages which have been selected by the computers. As Jim Bamford was saying, they pick out the ones which seem to be most interesting intelligence-wise, they translate them, they write them into the standard UKUSA intelligence reports, and then they send those off, not the raw intelligence, but they send those off to the CIA and NSA and Britain and so on around the world. But also in the Waihopai station or the other stations, it is not only the home countries' lists, but there are quite separate lists of American, Australian and Canadian and British targets as well. In other words, one country's facility can be used to gather intelligence, which is then be distributed to the other agencies which have responsibility for those other subjects. And in the case of the New Zealand station and the Australian one, in both cases most of the keywords are not New Zealand ones or Australian ones, they are American lists. If there is a subject which is captured by an American list, those ones are never seen by New Zealanders or Australians, they go straight to NSA in Washington, and it is up to them whether they choose to share their intelligence later with New Zealand. Jim Bamford was sligthly wrong on this yesterday, it is not like all the intelligence goes into one big data base and everybody can look around it and find what they want to. It is very structured and hierarchical the way that the Americans set this up, and basically the idea was that there was a world-wide network which the US had access to the capabilities of all of, and if they wanted to share that intelligence back with the individual countries, that was their choice.

So, based on that and coming back to you part of the world, if you look at Britain, there are three distinct roles that British-based facilities have for spying on Europe. The first one, and the most important of these, is the British station - not the most important, but a major one - is Morwenstow in Cornwall. I hope you have seen photos of it, if you go there, you can see the satellite dishes, some of them face out to the Atlantic, but most of them are directed up towards satellites which are sitting above Europe or above the Middle East or the Indian Ocean INTEL satellites. When you are used to these things, you can read it very clearly. And what happens at that station then is, at that satellite interception station there are some lists of targets which are British ones, and there are some lists of targets which are US ones. Britain has got not control at all and does not even see the intelligence which is collected at Morwenstow, which is according to US keywords, because that goes direct to Washington.
So, this is the first two types of spying, one is the spying that Britain does itself as the country in the alliance which has been delegated spying on Western Europe, there are British keywords in these systems, there is also the British facilities for spying on microwave netwoks and undersea networks, and likewise, they will have lists of British keywords for gathering intelligence on European topics, it's its delegated role.
And the second kind of spying is within those British-run, British-staffed facilities, there is also the list of US keywords, and that is a completely separate area of spying which Britain has no control of, they handed the sovereignty of that to the US, and their intelligence goes straight to Washington.
And the third area, which I know much less about, is completely US-run facilities like the one at Menwith Hill, which Jim Bamford said yesterday was directed primarily at the Soviet Union and Russia now. I would personally think it is most unlikely it doesn't do European spying as well, but I have no evidence for that.
Now I want to move to my final area, and that has to do with what you as a committee can do about this. This is what said this morning, because it seems to me it would be a great waste to have the investigation and not look in great detail what can be done about it. It is easy with something as big as a subject like intelligence and signals intelligence and Echelon, for people to conclude that there is nothing that can be done about it, that it's too big, that the spying occurs from other countries, it is not covered by national laws, and it's kind of like you have to accept it as a way of life. What I would like to urge is that we all see this discussion of Echelon and intelligence as being at the very beginnings of the discussion. I mean, we are living in an electronic age, most people in our countries have only been using the Internet for a handfull of years, if they are at all. The people who use these new types of electronic communications for all of their daily lives now more and more have only had a year or two, if ever, that they have heard about how vulnerable these systems are to interception. In other words, we can't expect that, when the communications technology is so new and the spying capabilities have been so secret, that the publics and the governments and the parliaments of the world will already have come to grips with these issues. In fact, we are only at the very start of the process of countries coming to grips with these issues. It is very important to see it that way, I think, because otherwise it looks discouragingly large. I think we should realize the stage that we are at with this. And so the things that I want to suggest to you are to do with the way that your committee can play a role in seriously advancing the public and the nations of the world towards where we can control these systems and regain privacy in the electronic age, which is the basic issues underlying us here. In other words, we have entered the electronic age, but every new kind of technology takes human beings' and public's time to learn about them, understand their implications and learn to control them. People are still learning to control the different kinds of weapons that are being built up, we are learning to control the environmental effects of technology. Likewise, these systems are so new that, of course, we are just at the beginning of figuring out how we deal with them.
Probably one of the main things I want to say to you today is about the importance of the role that your committee will play here. And I have specific recommendations that I would like to propose to you. In the case of New Zealand, I told you, the dominant attitude within our intelligence services and our foreign affairs establishment to do with intelligence and subjects like Echelon is one of deference to the US, but also a great insecurity. The point I am making here is that countries like New Zealand believe they are in no position to challenge something like Echelon. My book has been completely ignored by the New Zealand government and subsequent governments, not because there aren't politicians who are interested in it, but because their officials advised them strongly not to challenge their relationship with the US. And this inequality of power, I suspect, exists throughout the world, which means that most countries, however they feel privately, do not feel in a position to question or challenge the US and its allies or Russia or India, or whatever the country may be which has systems like this, because many of the large systems do, when those countries trespass on their governments and on their national interests with these things. This is what puts your committee in such a unique position compared to countries like mine, because the EU is uniquely powerful and independent enough to actually be able to have a committee like this. There will never be a temporary committee on Echelon in New Zealand, I am certain of that, and there won't be a committee like this in the British or Australian parliaments either. And so, what I believe is that your deliberations and the conclusions that you will reach here are going to play a role, and they are going to help people in coming to terms with these issues right around the world.
The other thing I will just mention on this is, putting your work into a historic context, your one-year committee with its limitations and so on is still the first time in 25 years since the US Church Committee had its hearings in the wake of the Watergate scandal and those other things Jim Bamford talked about yesterday. There has been a series of investigations of the activities of the US intelligence services and their allies. It is worth taking note of how rare these opportunities are in history. The extreme circumstances which lead to the Church Committee investigating the CIA and NSA are unlikely to occur again in our lifetimes. Likewise, the major leaks which I have got in New Zealand and which Jim Bamford has gathered and which Duncan Campbell has gathered and so on are very rare in the intelligence world. The usual state of affairs with intelligence discussions is that there is no solid information and there is no serious debate. And so, you have got an opportunity now which I plead with you not to be deflected from, because it will not come again for a long time.
What do I think can be done? Putting the view that we are at the first stages of countries in the world coming to terms with privacy in the electronic age or national sovereignty in this electronic age, the first stage, I believe, and I think this should be reflected in your recommendations, is a stage of public education and awareness. With any new technology and developments, you can't get specialists and the public starting this dabate and working out options to deal with this and learning how to cope with them and live with those developments until people at least know about them. And of course, these systems have been completely secret for decades, in the case of Echelon for two or three decades. And so I would urge you to have specific recommendations about resources and activities to help inform the publics of your member states and your parliaments. I don't think that's a soft thing or a small thing to come out of this committee, it is exactly what is needed at the moment in my opinion.
We next move on to what can be done about it. As I said, it is easy to think that because the spying goes on from countries which are not on the territory where the spying is going, that they can't be controlled by law. Of course, there are all sorts of opportunities, my apologies to the British people here, but there are all sorts of opportunities for pressure on Britain as a kind of leverage to move this issue. But that is not what I want to talk about now. I want to put out a model to you of how I think that this issue can be advanced over the next 10-20 years, which I see you at the beginning of the process of. And I want to put an analogy to you of a similar situation from a completely different sphere, and that is the sphere of control of the oceans and the law of the sea. There was a time when it was impossible for a single country, and especially not powerful country, to control its sea resources, countries that had to go out and start shooting at other countries' fishing boats and blow them up, and so the oceans were sort of uncontrollable outside the territorial waters of different nations. And if one country on its own or a small number of countries on their own had wanted to deal with that, they could not have got away with it, the more powerful countries would have simply asserted their rights, asserted their presence, and continued to use whatever seas they wanted. And yet, over a period of about a decade, the law of the sea was evolved, which has completely changed the way that it operates, and it wasn't promoted by the most powerful countries in the world, rather the initiative came from very small countries, but at the end of the process, their countries controlled huge resources in their exclusive economic zones, there are very strict rules, and of course, there are also exceptions to those rules where they are required, for example, innocent passage and ships into straits and so on. And what I'd like you to do is to suggest that you see, if you agree with me, and promote the idea that there is possibility for international cooperation in developing laws and conventions like the law of the sea as a way of developing, a way of controlling surveillance in the electronic age, in other words, of countries being able to pursue, being able to protect their sovereignty, their privacy in the electronic age, just as coastal nations would try to protect their sea resources in an age where there was no control over that. I can foresee a day when there is regional and international collaboration between countries, for example to develop secure communications networks, whole networks, that means not just you or I having an encryption system in our computer, this is the earliest, most fumbling days of trying to have secure communications at the moment. But it is taken for granted, people would not pay their phone bills unless they were assured by the state regulatory organisation that their phone company was abiding by the regulations and standards which should be set for secured communications. One country can't do it on its own, you can't have France decide that it wants to have secure communications with other countries unless the other countries communicate as well, which is why I see it as being a matter of regional cooperation and international cooperation. And there is stings in this, and again there is potential recommencations in this for you. The first is that there is ongoing education about the routine use of encryption and how individuals and companies, organisations, governments and regional organisations of different sorts can use encryption. That educational net is just the same as education, for example, on not leaving suitcases unattended at airports or whatever, that you just teach this as part of the routine way that the world is run.
The next stage after that is that government organisations work together to promote standards for communications protection. At the moment, exactly the opposite is happening. The United States and Australia are working in places like the International Telecommunications Union to get standards put in the very way that the telecommunications systems are designed, the particular hardware and software, which makes it easier to intercept, but there is no reason why a coalition of countries can't be working over the years towards laws and regulations which provide secure communications across different countries, and that there are standards for that. Obviously, just as the law of the sea has to set limits on the state sovereignty it provides. Just in the same way, although I am proposing and envisaging international agreements on communications protection, you would still have to have some exceptions for them, and that would be, for example, monitoring serious terrorism or something if that was genuinely a problem.
So, in terms of specific recommendations, just to finish off here, I would like to propose to you that this committee state or propose or will present a vision or goals about how there could be a future regime of communications protection and privacy. It won't happen next year, it won't happen in 5 years, but that that is the objective towards which we are working, and which I think is completely realistic once these issues have been known. I would also like to, as a specific suggestion, say that this committee could recommend that the European Parliament and the member states put serious resources to the preparation of research papers on how exactly you would develop new system for protecting privacy and communications across Europe and the rest of the world, covering such things as the technical issues and the laws and regulations required in the systems of cooperation that would be needed between nations. In other words, what I am saying to you is, I think that far from it being a position of powerlessness because these intelligence operations occur from other countries, it is just a matter of us being at the beginning of the process, and it's quite possible for people and their institutions like their parliaments to move towards thoroughly controlling this new technology.
Thank you.
Chairman
(opens the debate)
Question from Rapporteur Nicky Hager
I'll answer the questions backwards and come to the one of proof last. On the footprints of the satellites, there is no need at all for New Zealand in the network. All of this monitoring which happens in New Zealand could happen in Australia as well, and the reason that it happens in New Zealand is - and I am more speculating here than knowing - is the same reason as it happens always, they are just sharing between the 5 allies, it is a sharing of the workload. The reason why the analysis of the South Pacific happens in New Zealand is more rational in that New Zealand analysts will understand the South Pacific situation, the names of the politicians, the issues and so on better than some pasty-faced analyst sitting in Washington D.C.. So there is a practical purpose for that, but you are quite right, there was no technical need for there to be a station in New Zealand, it was burden-sharing rather than the technical necessity.
As for the number of communications captured in New Zealand and how many analysts there are, these systems are not very labour-intensive. The number of analysts involved in Wellington is about a dozen looking at all this intelligence, or less than 20, the reason being that most of the sorting is done electronically, it is done by computers, and there is somebody writing up reports on what is gathered at the end of that process.
What does New Zealand know of other countries' dictionaries, that means the lists put into a New Zealand station? That is a good and a crucial question, I had an argument about this not long ago with a senior GCSB person. In practice, New Zealand officers receive the lists from the foreign agencies, and a person called the dictionary manager has the job of inputting the foreign key words and directions into the New Zealand systems. And so at least at their junior level, someone has seen all the directions which are arriving. However, the more important points here is - two points - the first one is that New Zealand has never refused a request to put keywords in there for the simple reason of that inequality of size within the alliance, they wouldn't be prepared to do that, because they would get trouble. And I would assume that the same applies in Britain in most cases, that if they received a request - except they would not put it in if it said, spy on the Queen, but they wouldn't be asked to do that, but, otherwise, I think they would.
But more important to this is, there is another level, they see the keywords that go in there - they couldn't have the name of our Prime Minister or something in it - but we don't see the intelligence which comes out of the system. In other words, we have no control over that. The most which happens - this is a debate I had with one of the senior intelligence people - I said, you don't do any monitoring of what goes out, and he said, yes, we do, people look at it once a month. And what he was actually talking about was that they do quality control, they check that the messages aren't jumbled together, that there isn't too muck background noise and things, but they don't actually have a political oversight of it. They don't say, this particular fishing agreement information from this particular country might really hurt them if we gave it to the US, we won't do it, there is no direct oversight like that at all, everything goes, and we don't even see what goes.
On the subject of proof - which, as I said, is one of the key things that your report hinges on, I know - I haven't worked in these facilities, I can't bring someone before you here who has worked in these facilities, and even if I did, how would you know they are telling the truth? The great thing about secret operations is that they are deniable. Even where it is completely non-credible, where something is proven to a high degree, it can still denied, because it is so secret, and I can't bring you the filing cabinet here to show you the planning documents and so on. Which brings me back to the point which I have already made, you have to judge for yourselves how credible you think the sources are. But to be completely deterred by the inherent nature of intelligence means, you may as well not have a committee, if you are going to be deterred by the lack of solid proof and people on the record who are sworn on bibles and things. I believe that someone who looks through my book will feel comfortable with the depth of the knowledge in there, and as I have said, it has been collaborated, it has been confirmed by quite independent sources of other people's work at other times. And so even if there were some details, I imagine, where people have got things wrong, which undoubtedly happens in any research specifics, I think you can be absolutely, one hundred percent sure and completely behind doubt as to where these systems exist, which countries are involved and what the general targettings are and code names and things. That much at least you should take as solid.
Questions from VP Di Lello, Krivine, Newton-Dunn, Vattimo, von Bötticher, Dybkjaer
Nicky Hager
The first question was about what private individuals can do, and I actually think, this is a much less discouraging subject than the questioner did, but the first thing, I think, we should say about private individuals is that it is important that people are educated about systems like Echelon and what they can do, so that they can start to take preparation. But it is also important that we educate our publics, people in our countries about what the system can't do, because one of the main effects of a discussion of something like Echelon on ordinary people and publics in different countries is that people have huge and unrealistic and unnecessary fears about them. And one of the tasks of an investigation like this should be to reassure people that for example what they saw in that film "Enemies of the State" is not something that they should worry about, because it is not our job to create paranoid and unhappy people. Most people have very little to fear from these systems, and educating about their true nature is as much about reassuring and reducing fear as it is about creating protection. I think, it's a really serious side of this.
As to what people can do, though, the first stage is that people understand how vulnerable their communications are nowadays. When you send an e-mail now, or use a cell phone, it's like sending postcard with your private messages written on the back, or it's a little like writing a message on a piece of paper and pinning it on the outside of your house, it is very vulnerable to people. And so, ordinary people need to become aware of what they just naturally should do to protect their communications, and just like somebody seals the back of an envelope before they post it, in the same way they use encryption.
To lots of people at the moment, encryption sound like something technical, something that they could never do, and that it's for people who understand computers. One day, I assure you, I guarantee this, good, strong encryption will be as automatic as sealing an envelope. It is just that it's new and people are not used to it at the moment. And as for cost, in terms of what can specifically be said to people, anybody can download programmes from the Internet for free, for their internet, for their e-mail at the moment, and before long for their telephone calls, which organisations like the NSA cannot break. Technology doesn't always solve the problems of technology, but in this case, it really does seem that encryption can provide a huge amount of privacy in the electronic age once people learn about it and understand it. A practical thing that can be done for ordinary people or groups who feel subject to surveillance, is that they learn to routinely use encryption for their electronic communications. And once you have done it for a little while it's just the same as being able to type a letter on the computer rather than writing on a page, you just get used to it.
Next question, why have there been no individual complaints, why have no organisations taken this up? My opinion on that is, because it's all so new that people haven't caught up with it. The reason why individuals and specific companies haven't, is because it is also secret and that you could never ever prove it. Your committee is only one step, but it's really a very important step in moving along public understanding. There will be more complaints, they will be challenged more.
The other question was, do I have proof that the NSA and the other UKUSA allies pass on intelligence to other countries to buy their silence, for example maybe in that case of Spain. I do have proof in the case of New Zealand that in particular conflicts or particular international issues, the US has made a big deal of whether or not it supplies specific intelligence to the New Zealand agencies. I'll give you an old example, I talked to someone who was very senior in our intelligence services during the Vietnam war, and he said that, the providing and the withholding of information was an important part in the way that the US managed New Zealand and tried to keep its support for the war. I don't know for Europe, but there is a very credible suggestion that the slective and occasional provision of intelligence on Kosovo or something within a coutry is used to buy cooperation from other countries for these systems. But remember, that's not the end of the subject, because all countries do gather something from intelligence collection. But if you are only getting the benefits but none of the costs, of course you'll do it. The cost for a country, say European country, for cooperating in these systems, is the dissatisfaction of its own citizens at their being intercepted, that this is out of control. And so once that is publicized, it becomes much harder to quietly accept the advantages and collaborate in it.
That more practical question whether there was a British station in Hong Kong, of course I was talking about a station that was there before the change, and it was removed before the date. There was some publicity that the operation has been moved to Australia, my personal feeling is that most of it is happening from the American base in Japan now.
How can Brits exercise leverage on this? I was actually, I must admit, talking about other European countries putting pressure on Britain, but my personal opinion is that today it is only secrecy which allows the British government to maintain two such incompatible positions at once. And that the more publicity there is, outside or within the British parliament and elsewhere of this, that sooner or later something will have to change, because they are such incompatible positions.
Does interception happen in terms of the contents or the sender where it has been coming from? When they intercept a message from a particular organisation, is it because that there is a subject word in there, or was it because of the name of the person? The answer is, both. There are people whose jobs it is to get the directions from the government or from the foreign affairs ministry or from defence of what they are interested in collecting intelligence on at the time, and a person's whole job is to think up the words, it's like an internet search, you are trying to find out information on policing in Peru, and you put Peru and policing in as your first search, and you get 20 million things and then you narrow it down a bit and so on. It is precisely the same activity, there is analysts whose job it is to look at the request which has come, look at the newspapers or reports on that country and get the names of individuals that might be put in. As Jim Bamford was saying, we might look up the phone number of the individual you're after and use a fragment of their phone number or their e-mail address. So, it could be the person's address or phone number or the content of what they might be talking about, and in fact both of those are used. And over time, the same analysts get one copy of all the intelligence which is coming in or the thing they work on, and they see how well their selection of key words is going, and if they get a word in which is getting too much junk, intelligence they don't want, they might take that word out or stick in an extra qualification to get a richer supply of intelligence. So, that is basically what they do.
Could I be more precise about legislative proposals? It is quite within the powers of this parliament, but in particular the national, the member parliaments, to introduce laws which required telecommunications companies, the providers - this might be internet service providers or in particular the telecommunications companies - legislation which required by law that the telephone company guarantee the privacy of someone's communications while they pass through their networks. It's legally possible, and it's technically possible. If one country were to do that, say within the European Union, if one or two countries did that first and there was specific legislation, eventually there would be more countries, it would start to open a crack which would allow other countries to do the same.
Who in the New Zealand government is authorized to propose keywords? At the level of politicians, there are no countries that are ever allowed to know in detail what happens in the intelligence agencies. There would be no politician in the world who'd have any idea what those specific keywords are. That happens within very secret high-security indoctrinated staff who make those decisions, while the politicians can say, we want more intelligence about this crisis, that meeting, that issue. They will never get down to the level of keywords, that is done by the intelligence staff.
As for who my sources are, I have a wide range of sources, but the main people who are relied on were people who had worked for a long time in specific parts of our equivalent of the NSA, and what I would do with them as I had an initial interview where I won their confidence, I would let them say everything they could think of and I'd go and read their notes and come back for maybe four or five other interviews and just pursue with them all the various details, who they worked with and what the manuals were that they worked from and where they got trained and all the different parts of the story. And then, as sort of a discipline, I would offer them at the beginning that I did a draft of their information and took it back to check with them, which gave them confidence over what I was using, but also allowed them to find mistakes for me. In all I interviewed about 50 people, but some of them were in the military organisations, because our military does signals intelligence missions, and some of them were politicians or former Prime Ministers and various things like that. But the majority of those were people who had actually worked in the signals intelligence organisation.

Sunday, July 28, 2013

NSA Utah Data Center

Not much publicly available on the cabling and emanations protection of the NSA Utah Data Center. Surely highly advanced measures are being applied.
Google Earth shows a couple of stages of construction, Bing Maps a couple more. AP has published a dozen or so hi-rez photos of construction.
A lot of earthwork was done to create a flat site on a mountain side (preceded by a small air field).
[Image]
No indication of underground construction except pits and trenches under the buildngs. With none on the surface there must be trenches for power and signal cable.
[Image]
No antenna have appeared on the site for transceiving data like those of other of its data gatherers, so presumably it is done by UG fiber optic (or antenna are hidden or remote).
Photos of construction progress of the two data buildings show windowless envelopes made of panels (which may conceal masonry or concrete walls) and flat roofs without various rooftop ductwork, grilles, piping and the like which appear on roofs of other NSA and TLA facilities which might emanate signal although not likely. (Some are littered with the stuff which might be decoy.)
[Image]
Steel structural framing is shown at Utah despite its known transmittal of inadvertent signal, compared to say, reinforced concrete, metalized fabric or synthetics. although ample countermeasures are available.
[Image]
The pairing of structures at Utah, two data centers, four generator buildings, paired AC arrays and fuel tanks, etc., show redundancy also not seen elsewhere.
[Image]
Not much to see of protection against missiles and aerial attack but that is the same at other NSA facilities. Wonder what supports that confidence.
The odd bent shape of the site plan, with buildings not parallel to one another is intriguing. Could be aesthetic but may have another role, say to disperse richochet of inadvertent emanations.
Quite a few recent government buildings avoid the traditional rectilinear site planning of buildings long considered to be most cost effective and authoritarian. Some like NGA HQ, NSA Utah, NSA Hawaii and several at Ft. Meade look almost byzantine in layout, if not a shrewd design to limit echo, amplification, richochet, or best, to befuddle satellite peepers.

UTAH'S NSA LAYOUT


 

[Image]

[Image]

[Image]

[Image]

Thursday, July 11, 2013

Is this Snowden's flight today, 11 July, 2013, 2:30PM, with 4 hours to landing in Havana?

http://flightaware.com/live/flight/AFL150
 
[Image] 

Wednesday, July 10, 2013

Edward Snowden ................



Shortly before he became a household name around the world as a whistleblower, Edward Snowden answered a comprehensive list of questions. They originated from Jacob Appelbaum, 30, a developer of encryption and security software. Appelbaum provides training to international human rights groups and journalists on how to use the Internet anonymously.
Appelbaum first became more broadly known to the public after he spoke on behalf of WikiLeaks founder Julian Assange at a hacker conference in New York in 2010. Together with Assange and other co-authors, Appelbaum recently released a compilation of interviews in book form under the title "Cypherpunks: Freedom and the Future of the Internet." 
Appelbaum wound up on the radar of American authorities in the course of their investigation into the WikiLeaks revelations. They have since served legal orders to Twitter, Google and Sonic to hand over information about his accounts. But Appelbaum describes his relationship with WikiLeaks as being "ambiguous," and explains here how he was able to pose questions to Snowden.
"In mid-May, documentary filmmaker Laura Poitras contacted me," Appelbaum said. "She told me she was in contact with a possible anonymous National Security Agency (NSA) source who had agreed to be interviewed by her."
"She was in the process of putting questions together and thought that asking some specific technical questions was an important part of the source verification process. One of the goals was to determine whether we were really dealing with an NSA whistleblower. I had deep concerns of COINTELPRO-style entrapment. We sent our securely encrypted questions to our source. I had no knowledge of Edward Snowden's identity before he was revealed to the world in Hong Kong. He also didn't know who I was. I expected that when the anonymity was removed, we would find a man in his sixties."
"The following questions are excerpted from a larger interview that covered numerous topics, many of which are highly technical in nature. Some of the questions have been reordered to provide the required context. The questions focus almost entirely on the NSA's capabilities and activities. It is critical to understand that these questions were not asked in a context that is reactive to this week's or even this month's events. They were asked in a relatively quiet period, when Snowden was likely enjoying his last moments in a Hawaiian paradise -- a paradise he abandoned so that every person on the planet might come to understand the current situation as he does."
"At a later point, I also had direct contact with Edward Snowden in which I revealed my own identity. At that time, he expressed his willingness to have his feelings and observations on these topics published when I thought the time was right."


Editor's note: The following excerpts are taken from the original English-language version of the interview. Potential differences in language between the German and English versions can be explained by the fact that we have largely preserved the technical terms used by Snowden in this transcript. Explanations for some of the terminology used by Snowden as well as editor's notes are provided in the form of footnotes. Interviewer: What is the mission of America's National Security Agency (NSA) -- and how is the job it does compatible with the rule of law?
Snowden: They're tasked to know everything of importance that happens outside of the United States. That's a significant challenge. When it is made to appear as though not knowing everything about everyone is an existential crisis, then you feel that bending the rules is okay. Once people hate you for bending those rules, breaking them becomes a matter of survival.
Interviewer: Are German authorities or German politicians involved in the NSA surveillance system?
Snowden: Yes, of course. We're 1 in bed together with the Germans the same as with most other Western countries. For example, we 2 tip them off when someone we want is flying through their airports (that we for example, have learned from the cell phone of a suspected hacker's girlfriend in a totally unrelated third country -- and they hand them over to us. They 3 don't ask to justify how we know something, and vice versa, to insulate their political leaders from the backlash of knowing how grievously they're violating global privacy.
Interviewer: But if details about this system are now exposed, who will be charged?
Snowden: In front of US courts? I'm not sure if you're serious. An investigation found the specific people who authorized the warrantless wiretapping of millions and millions of communications, which per count would have resulted in the longest sentences in world history, and our highest official simply demanded the investigation be halted. Who "can" be brought up on charges is immaterial when the rule of law is not respected. Laws are meant for you, not for them.
Interviewer: Does the NSA partner with other nations, like Israel?
Snowden: Yes. All the time. The NSA has a massive body responsible for this: FAD, the Foreign Affairs Directorate.
Interviewer: Did the NSA help to create Stuxnet? (Stuxnet is the computer worm that was deployed against the Iranian nuclear program.)
Snowden: NSA and Israel co-wrote it.
Interviewer: What are some of the big surveillance programs that are active today and how do international partners aid the NSA?
Snowden: In some cases, the so-called Five Eye Partners 4 go beyond what NSA itself does. For instance, the UK's General Communications Headquarters (GCHQ) has a system called TEMPORA. TEMPORA is the signals intelligence community's first "full-take" Internet buffer that doesn't care about content type and pays only marginal attention to the Human Rights Act. It snarfs everything, in a rolling buffer to allow retroactive investigation without missing a single bit. Right now the buffer can hold three days of traffic, but that's being improved. Three days may not sound like much, but remember that that's not metadata. "Full-take" means it doesn't miss anything, and ingests the entirety of each circuit's capacity. If you send a single ICMP packet 5 and it routes through the UK, we get it. If you download something and the CDN (Content Delivery Network) happens to serve from the UK, we get it. If your sick daughter's medical records get processed at a London call center … well, you get the idea.
Interviewer: Is there a way of circumventing that?
Snowden: As a general rule, so long as you have any choice at all, you should never route through or peer with the UK under any circumstances. Their fibers are radioactive, and even the Queen's selfies to the pool boy get logged.
Interviewer: Do the NSA and its partners across the globe do full dragnet data collection for telephone calls, text and data?
Snowden: Yes, but how much they get depends on the capabilities of the individual collection sites -- i.e., some circuits have fat pipes but tiny collection systems, so they have to be selective. This is more of a problem for overseas collection sites than domestic 6 ones, which is what makes domestic collection so terrifying. NSA isn't limited by power, space and cooling PSC constraints.
Interviewer: The NSA is building a massive new data center in Utah. What is its purpose?
Snowden: The massive data repositories.
Interviewer: How long is the collected data being stored for?
Snowden: As of right now, full-take collection ages off quickly ( a few days) due to its size unless an analyst has "tasked" 7 a target or communication, in which the tasked communications get stored "forever and ever," regardless of policy, because you can always get a waiver. The metadata 8 also ages off, though less quickly. The NSA wants to be at the point where at least all of the metadata is permanently stored. In most cases, content isn't as valuable as metadata because you can either re-fetch content based on the metadata or, if not, simply task all future communications of interest for permanent collection since the metadata tells you what out of their data stream you actually want.
Interviewer: Do private companies help the NSA?
Snowden: Yes. Definitive proof of this is the hard part because the NSA considers the identities of telecom collaborators to be the jewels in their crown of omniscience. As a general rule, US-based multinationals should not be trusted until they prove otherwise. This is sad, because they have the capability to provide the best and most trusted services in the world if they actually desire to do so. To facilitate this, civil liberties organizations should use this disclosure to push them to update their contracts to include enforceable clauses indicating they aren't spying on you, and they need to implement technical changes. If they can get even one company to play ball, it will change the security of global communications forever. If they won't, consider starting that company.
Interviewer: Are there companies that refuse to cooperate with the NSA?
Snowden: Also yes, but I'm not aware of any list. This category will get a lot larger if the collaborators are punished by consumers in the market, which should be considered Priority One for anyone who believes in freedom of thought.
Interviewer: What websites should a person avoid if they don't want to get targeted by the NSA?
Snowden: Normally you'd be specifically selected for targeting based on, for example, your Facebook or webmail content. The only one I personally know of that might get you hit untargeted are jihadi forums.
Interviewer: What happens after the NSA targets a user?
Snowden: They're just owned. An analyst will get a daily (or scheduled based on exfiltration summary) report on what changed on the system, PCAPS 9 of leftover data that wasn't understood by the automated dissectors, and so forth. It's up to the analyst to do whatever they want at that point -- the target's machine doesn't belong to them anymore, it belongs to the US government.
Footnotes:
1 "We're" refers to the NSA.
2 "We" refers to the US intelligence service apparatus
3 "They" refers to the other authorities.
4 The "Five Eye Partners" is a reference to the intelligence services of United States, Britain, Australia, New Zealand and Canada.
5 "ICMP" is a reference to Internet Control Message Protocol. The answer provided here by Snowden was highly technical, but it was clear that he was referring to all data packets sent to or from Britain.
6 "Domestic" is a reference to the United States.
7 In this context, "tasked" refers to the full collection and storage of metadata and content for any matched identifiers by the NSA or its partners.
8 "Metadata" can include telephone numbers, IP addresses and connection times, among other things. Wired Magazine offers a solid primer on metadata.
9 "PCAPS" is an abbreviation of the term "packet capture".


Cryptome/A English translation of Der Spiegel Magazine article, July 7, 2013:
Just before Edward Snowden became a world famous whistleblower, he answered an extensive catalog of questions. These came from, amongst others, Jacob Appelbaum, 30, a developer of encryption and security software. Appelbaum educates international human rights groups and journalists on how to work with the Internet in safe and anonymous way.
He became more publicly know in 2010, when he represented WikiLeaks founder Julian Assange speaking at a hacker conference in New York. Along with Assange and other co-authors he has recently published the interview recording "Cypherpunks: Freedom and the Future of the Internet." [Link by Cryptome.]
In the course of investigations into the WikiLeaks disclosures, Appelbaum came to the attention of American authorities, who demanded companies such as Twitter and Google to divulge his accounts. He himself describes his attitude to WikiLeaks as "ambivalent" - and describes below how it came about that he was able to ask Snowden these questions.
In mid-May I was contacted by the documentary-maker Laura Poitras. She told me, that at this time she was in contact with an anonymous NSA source, which had consented to be interviewed by her.
She put together questions and asked me to contribute questions. This was, among other reasons, to determine whether she was really dealing with a NSA whistleblower. We sent our questions via encrypted e-mails. I did not know that the interlocutor was Edward Snowden until he revealed himself as such in public in Hong Kong. He did not know who I was. I had expected that he was someone in his sixties.
The following is an excerpt from a extensive interview which dealt with further points, many of them technical in nature. Some of the questions now appear in a different order to understand the context.
The discussion focused almost exclusively on the activities of the National Security Agency. It is important to know that these questions were not asked as relating to the events of the past week or the last month. They were entirely asked without any unrest, since, at that point, Snowden was still in Hawaii.
At a later stage I was again in direct contact with Snowden, at which time I also revealed my own my identity. He told me then that he gave consent to publish his statements.
+++++
Question: What is the mission of the National Security Agency (NSA) - and how is their job in accordance with the law?
Snowden: It is the mission of the NSA, to be aware of anything of importance going on outside of the United States. This is a considerable task, and the people there are convinced that not knowing everything about everyone could lead to some existential crisis. So, at some point, you believe it's all right to bend the rules a little. Then, if people hate it that you can bend the rules, it suddenly becomes vital even to break them.
Question: Are German authorities or politicians involved in the monitoring system ?
Snowden: Yes of course. They (the NSA people -- ed.) are in cahoots with the Germans, as well as with the most other Western countries. We (in the U.S. intelligence apparatus -- ed.) warn the others, when someone we want to catch, uses one of their airports - and they then deliver them to us. The information on this, we can for example pull off of the monitored mobile phone of a suspected hacker’s girlfriend -- who used it in an entirely different country which has nothing to do with the case. The other authorities do not ask us where we got the leads, and we do not ask them anything either. That way, they can protect their political staff from any backlash if it came out how massive the global violation of people’s privacy is.
Question: But now as details of this system are revealed, who will be brought before a court over this?
Snowden: Before U.S. courts? You're not serious, are you? When the last large wiretapping scandal was investigated - the interception without a court order, which concerned millions of communications - that should really have led to the longest prison sentences in world history. However, then our highest representatives simply stopped the investigation. The question, who is to be accused, is theoretical, if the laws themselves are not respected. Laws are meant for people like you or me - but not for them.
Question: Does the NSA cooperate with other states like Israel?
Snowden: Yes, all the time. The NSA has a large section for that, called the FAD - Foreign Affairs Directorate.
Question: Did the NSA help to write the Stuxnet program? (the malicious program used against the Iranian nuclear facilities -- ed.)
Snowden: The NSA and Israel wrote Stuxnet together.
Question: What are the major monitoring programs active today, and how do international partners help the NSA?
Snowden: The partners in the "Five Eyes" (behind which are hidden the secret services of the Americans, the British, the Australians, New Zealanders and Canadians -- ed.) sometimes go even further than the NSA people themselves. Take the Tempora program of the British intelligence GCHQ for instance. Tempora is the first "I save everything" approach ("Full take") in the intelligence world. It sucks in all data, no matter what it is, and which rights are violated by it. This buffered storage allows for subsequent monitoring; not a single bit escapes. Right now, the system is capable of saving three days’ worth of traffic, but that will be optimized. Three days may perhaps not sound like a lot, but it's not just about connection metadata. "Full take" means that the system saves everything. If you send a data packet and if makes its way through the UK, we will get it. If you download anything, and the server is in the UK, then we get it. And if the data about your sick daughter is processed through a London call center, then ... Oh, I think you have understood.
Question: Can anyone escape?
Snowden: Well, if you had the choice, you should never send information over British lines or British servers. Even the Queen’s selfies with her lifeguards would be recorded, if they existed.
Question: Do the NSA and its partners apply some kind of wide dragnet method to intercept phone calls, texts and data?
Snowden: Yes, but how much they can record, depends on the capabilities of the respective taps. Some data is held to be more worthwhile, and can therefore be recorded more frequently. But all this is rather a problem with foreign tapping nodes, less with those of the U.S. This makes the monitoring in their own territory so terrifying. The NSA’s options are practically limitless - in terms of computing power, space or cooling capacity for the computers.
Question: The NSA is building a new data center in Utah. What is it for?
Snowden: These are the new mass data storage facilities.
Question: For how long will the information there be stored?
Snowden: Right now it is still so, that the full text of collected material ages very quickly, within a few days, especially given its enormous amount. Unless an analyst marked a target or a particular communication. In that case the communication is saved for all eternity, one always get an authorization for that anyway. The metadata ages less quickly. The NSA at least wants all metadata to be stored forever. Often the metadata is more valuable than the contents of the communication, because in most cases, one can retrieve the content, if there is metadata. And if not, you mark all future communications that fits this metadata and is of interest, so that henceforth it will be recorded completely. The metadata tells you what you actually want from the broader stream.
Question: Do private companies help the NSA?
Snowden: Yes. But it's hard to prove that. The names of the cooperating telecom companies are the crown jewels of the NSA... Generally you can say that multinationals with headquarters in the USA should not be trusted until they prove otherwise. This is unfortunate, because these companies have the ability to deliver the world's best and most reliable services - if they wanted to. To facilitate this, civil rights movements should now use these revelations as a driving force. The companies should write enforceable clauses into their terms, guaranteeing their clients that they are not being spied on. And they should include technical guarantees. If you could move even a single company to do such a thing, it would improve the security of global communications. And when this appears to not be feasible, you should consider starting one such company yourself.
Question: Are there companies that refuse to to cooperate with the NSA?
Snowden: Yes, but I know nothing of a corresponding list that would prove this. However, there would surely be fewer companies of this type if the companies working with the NSA would be punished by the customer. That should be the highest priority of all computer users who believe in the freedom of thoughts.
Question: What are the sites you should beware, if you do not want to become targeted by the NSA?
Snowden: Normally one is marked as a target because of a Facebook profile or because of your emails. The only place which I personally know where you can become a target without this specific labeling, are jihadist forums.
Question: What happens if the NSA has a user in its sights?
Snowden: The target person is completely monitored. An analyst will get a daily report about what has changed in the computer system of the targeted person. There will also be... packages with certain data which the automatic analysis systems have not understood, and so on. The analyst can then decide what he wants to do - the computer of the target person does not belong to them anymore, it then more or less belongs to the U.S. government.


Scan of original German version:
Kurz bevor Edward Snowden zum weltweit bekannten Whistleblower wurde, beantwortete er einen umfangreichen Katalog von Fragen. Sie stammten unter anderem von Jacob Appelbaum, 30, einem Entwickler von Verschlüsselungs- und Sicherheitssoftware. Appelbaum unterweist internationale Menschenrechtsgruppen und Journalisten im sicheren und anonymen Umgang mit dem Internet.
Einer breiteren Öffentlichkeit wurde er 2010 bekannt, als er den WikiLeaks-Gründer Julian Assange als Redner bei einer Hacker-Konferenz in New York vertrat. Zusammen mit Assange und weiteren Co-Autoren veröffentlichte er unlängst den Gesprächsband „Cypherpunks: Unsere Freiheit und die Zukunft des Internets“.
Im Zuge der Ermittlungen rund um die WikiLeaks-Enthüllungen ist Appelbaum ins Visier amerikanischer Behörden geraten, die Unternehmen wie Twitter und Google aufgefordert haben, seine Konten preiszugeben. Er selbst bezeichnet seine Haltung zu WikiLeaks als „ambivalent“ – und beschreibt im Folgenden, wie er dazu kam, Fragen an Snowden stellen zu können:
Mitte Mai hat mich die Dokumentarfilmerin Laura Poitras kontaktiert. Sie sagte mir zu diesem Zeitpunkt, sie sei in Kontakt mit einer anonymen NSA-Quelle, die eingewilligt habe, von ihr interviewt zu werden. Sie stellte dafür gerade Fragen zusammen und bot mir an, selbst Fragen beizusteuern.
Es ging unter anderem darum festzustellen, ob es sich wirklich um einen NSA-Whistleblower handelt. Wir schickten unsere Fragen über verschlüsselte E-Mails. Ich wusste nicht, dass der Gesprächspartner Edward Snowden war – bis er sich in Hongkong der Öffentlichkeit offenbarte. Er wusste auch nicht, wer ich war. Ich hatte damit gerechnet, dass es sich um jemanden in den Sechzigern handeln würde.
Das Folgende ist ein Auszug aus einem umfangreicheren Interview, das noch weitere Punkte behandelte, viele davon sind technischer Natur. Einige der Fragen erscheinen jetzt in anderer Reihenfolge, damit sie im Zusammenhang verständlich sind.
Bei dem Gespräch ging es fast ausschließlich um die Aktivitäten der National Security Agency und um ihre Fahig - keiten. Es ist wichtig zu wissen, dass diese Fragen nicht im Zusammenhang mit den Ereignissen der vergangenen Woche oder des vergangenen Monats gestellt wurden. Sie wurden in einer Zeit totaler Ruhe gestellt, als Snowden noch auf Hawaii war.
Ich hatte zu einem spateren Zeitpunkt noch einmal direkten Kontakt mit Snowden, an dem ich auch meine eigene Identitat offenbarte. Er hat mir damals die Einwilligung gegeben, seine Aussagen zu veroffentlichen.
++++++
Frage: Was ist die Aufgabe der National Security Agency (NSA) . und wie ist deren Job mit den Gesetzen in Ubereinstimmung zu bringen?
Snowden: Aufgabe der NSA ist es, von allem Wichtigen zu wissen, das auserhalb der Vereinigten Staaten passiert. Das ist eine betrachtliche Aufgabe, und den Leuten dort wird vermittelt, dass es eine existentielle Krise bedeuten kann, nicht alles uber jeden zu wissen. Und dann glaubt man irgendwann, dass es schon in Ordnung ist, sich die Regeln etwas hinzubiegen. Und wenn die Menschen einen dann dafur hassen, dass man die Regeln verbiegt, wird es auf einmal uberlebenswichtig, sie sogar zu brechen.
Frage: Sind deutsche Behorden oder deutsche Politiker in das Uberwachungssystem verwickelt?
Snowden: Ja naturlich. Die (NSALeute .Red.) stecken unter einer Decke mit den Deutschen, genauso wie mit den meisten anderen westlichen Staaten. Wir (im US-Geheimdienstapparat .Red.) warnen die anderen, wenn jemand, den wir packen wollen, einen ihrer Flughafen benutzt. und die liefern ihn uns dann aus. Die Informationen dafur konnen wir zum Beispiel aus dem uberwachten Handy der Freundin eines verdachtigen Hackers gezogen haben, die es in einem ganz anderen Land benutzt hat, das mit der Sache nichts zu tun hat. Die anderen Behorden fragen uns nicht, woher wir die Hinweise haben, und wir fragen sie nach nichts. So konnen sie ihr politisches Fuhrungspersonal vor dem Backlash (deutsch etwa: Ruckschlag .Red.) schutzen, falls herauskommen sollte, wie massiv weltweit die Privatsphare von Menschen missachtet wird.
Frage: Aber wenn jetzt Details dieses Systems enthullt werden, wer wird dafur vor Gericht gestellt werden?
Snowden: Vor US-Gerichte? Das meinen Sie doch nicht ernst, oder? Als der letzte grose Abhorskandal untersucht wurde . das Abhoren ohne richterlichen Beschluss, das Abermillionen von Kommunikationsvorgangen betraf . hatte das eigentlich zu den langsten Haftstrafen der Weltgeschichte fuhren mussen. Aber dann haben unsere hochsten Vertreter die Untersuchung einfach gestoppt. Die Frage, wer theoretisch angeklagt werden konnte, ist hinfallig, wenn die Gesetze nicht respektiert werden. Gesetze sind gedacht fur Leute wie Sie oder mich . nicht aber fur die.
Frage: Kooperiert die NSA mit anderen Staaten wie Israel?
Snowden: Ja, die ganze Zeit. Die NSA hat eine grose Abteilung dafur, sie heist FAD . Foreign Affairs Directorate.
Frage: Hat die NSA geholfen, Stuxnet zu programmieren? (Jenes Schadprogramm, das gegen iranische Atomanlagen eingesetzt wurde .Red.)
Snowden: Die NSA und Israel haben Stuxnet zusammen geschrieben.
Frage:Welche grosen Uberwachungsprogramme sind heute aktiv, und wie helfen internationale Partner der NSA?
Snowden: Die Partner bei den "Five Eyes" (dahinter verbergen sich die Geheimdienste der Amerikaner, der Briten, der Australier, der Neuseelander und der Kanadier .Red.) gehen manchmal weiter als die NSA-Leute selbst. Nehmen wir das Tempora-Programm des britischen Geheimdienstes GCHQ. Tempora ist der erste .Ich speichere allesg-Ansatz (.Full takeg) in der Geheimdienstwelt. Es saugt alle Daten auf, egal worum es geht und welche Rechte dadurch verletzt werden. Dieser Zwischenspeicher macht nachtragliche Uberwachung moglich, ihm entgeht kein einziges Bit. Jetzt im Moment kann er den Datenverkehr von drei Tagen speichern, aber das wird noch optimiert. Drei Tage, das mag vielleicht nicht nach viel klingen, aber es geht eben nicht nur um Verbindungsdaten. .Full takeg heist, dass der Speicher alles aufnimmt. Wenn Sie ein Datenpaket verschicken und wenn das seinen Weg durch Grosbritannien nimmt, werden wir es kriegen. Wenn Sie irgendetwas herunterladen, und der Server steht in Grosbritannien, dann werden wir es kriegen. Und wenn die Daten Ihrer kranken Tochter in einem Londoner Call Center verarbeitet werden, dann c Ach, ich glaube, Sie haben verstanden.
Frage: Kann man dem entgehen?
Snowden: Na ja, wenn man die Wahl hat, sollte man niemals Informationen durch britische Leitungen oder uber britische Server schicken. Sogar Selfies (meist mit dem Handy fotografierte Selbstportrats .Red.) der Konigin fur ihre Bademeister wurden mitgeschnitten, wenn es sie gabe.
Frage: Arbeiten die NSA und ihre Partner mit einer Art Schleppnetz-Methode, um Telefonate, Texte und Daten abzufangen?
Snowden: Ja, aber wie viel sie mitschneiden konnen, hangt von den Moglichkeiten der jeweiligen Anzapfstellen ab. Es gibt Daten, die fur ergiebiger gehalten werden und deshalb haufiger mitgeschnitten werden konnen. Aber all das ist eher ein Problem bei auslandischen Anzapf-Knotenpunkten, weniger bei US-amerikanischen. Das macht die Uberwachung auf eigenem Gebiet so erschreckend. Die Moglichkeiten der NSA sind praktisch grenzenlos . was die Rechenleistung angeht, was den Platz oder die Kuhlkapazitaten fur die Computer angeht.
Frage: Die NSA baut ein neues Datenzentrum in Utah. Wozu dient es?
Snowden: Das sind die neuen Massendatenspeicher.
Frage: Für wie lange werden die gesammelten Daten aufbewahrt?
Snowden: Jetzt im Moment ist es noch so, dass im Volltext gesammeltes Material sehr schnell altert, innerhalb von ein paar Tagen, vor allem durch seine gewaltige Masse. Es sei denn, ein Analytiker markiert ein Ziel oder eine bestimmte Kommunikation. In dem Fall wird die Kommunikation bis in alle Ewigkeit gespeichert, eine Berechtigung dafür bekommt man immer. Die Metadaten (also Verbindungsdaten, die verraten, wer wann mit wem kommuniziert hat –Red.) altern weniger schnell. Die NSA will, dass wenigstens alle Metadaten für immer gespeichert werden können. Meistens sind die Metadaten wertvoller als der Inhalt der Kommunikation. Denn in den meisten Fällen kann man den Inhalt wiederbesorgen, wenn man die Metadaten hat. Und falls nicht, kann man alle künftige Kommunikation, die zu diesen Metadaten passt und einen interessiert, so markieren, dass sie komplett aufgezeichnet wird. Die Metadaten sagen einem, was man vom breiten Datenstrom tatsächlich haben will.
Frage: Helfen Privatunternehmen der NSA?
Snowden: Ja. Aber es ist schwer, das nachzuweisen. Die Namen der kooperie - renden Telekom-Firmen sind die Kronjuwelen der NSA … Generell kann man sagen, dass man multinationalen Konzernen mit Sitz in den USA nicht trauen sollte, bis sie das Gegenteil bewiesen haben. Das ist bedauerlich, denn diese Unternehmen hätten die Fähigkeiten, den weltweit besten und zuverlässigsten Service zu liefern – wenn sie es denn wollten. Um das zu erleichtern, sollten Bürgerrechtsbewegungen diese Enthüllungen jetzt nutzen, um sie anzutreiben. Die Unternehmen sollten einklagbare Klauseln in ihre Nutzungsbedingungen schreiben, die ihren Kunden garantieren, dass sie nicht ausspioniert werden. Und sie müssen technische Sicherungen einbauen. Wenn man auch nur eine einzige Firma zu so etwas bewegen könnte, würde das die Sicherheit der weltweiten Kommunikation verbessern. Und wenn das nicht zu schaffen ist, sollte man sich überlegen, selbst eine solche Firma zu gründen.
Frage: Gibt es Unternehmen, die sich weigern, mit der NSA zu kooperieren?
Snowden: Ja, aber ich weiß nichts von einer entsprechenden Liste. Es würde jedoch sicher mehr Firmen dieser Art geben, wenn die kollaborierenden Konzerne von den Kunden abgestraft würden. Das sollte höchste Priorität aller Computernutzer sein, die an die Freiheit der Gedanken glauben.
Frage: Vor welchen Websites sollte man sich hüten, wenn man nicht ins Visier der NSA geraten will?
Snowden: Normalerweise wird man aufgrund etwa des Facebook-Profils oder der eigenen E-Mails als Zielobjekt markiert. Der einzige Ort, von dem ich persönlich weiß, dass man ohne diese spezifische Markierung zum Ziel wer - den kann, sind die Foren von Dschihadisten.
Frage: Was passiert, wenn die NSA einen Nutzer im Visier hat?
Snowden: Die Zielperson wird komplett überwacht. Ein Analytiker wird täglich einen Report über das bekommen, was sich im Computersystem der Zielperson geändert hat. Es wird auch … Pakete jener Daten geben, die die automatischen Analysesysteme nicht verstanden haben, und so weiter. Der Analytiker kann entscheiden, was er tun will – der Computer der Zielperson gehört nicht mehr ihr, er gehört dann quasi der USRegierung.
Jacob Appelbaum,
Laura Poitras