The Edward Snowden Affair (32 page)

There is a third possibility. The programs used and their respective monthly figures are as follows: XKeyscore, 182 million; Lopers (used for monitoring traditional “hard-line” telephone connections), 131 million; Juggernaut (used for spying on mobile network transfers such as vocal communication, fax and text messaging), 93.5 million; Cerf Call Moses, 39 million; and Matrix, almost eight million records. (By comparison, Spain, Italy, France and the Netherlands had almost no Internet data surveilled in the same 30-day period.) Due to the bloated figures, solely blaming the BND is logistically difficult. Though not definitive due to the lapse of time, a travel report relays that only 100 BND employees were stationed in a single German surveillance facility in 2006. It is possible the outpost is smaller than US-987LA, but by ratio, Menwith is staffed with 1,600 employees for a country of 63 million. As previously noted, Germany has a population of 80 million. If the BND was gathering domestic data, unless there was a massive growth in Germany’s intelligence budget over the last seven years, it is unlikely the immense amount of data could be collected, analyzed and filtered by such a small workforce. The
Der Spiegel
report states, “Officially, the German government is still waiting for an answer from Washington as to where in Germany the metadata documented in the NSA files was obtained.” Regardless of which party is responsible, Germany and America’s reliance on XKeyscore to gather data is also a concern since the program has full-take capabilities.

The article also cites two of Germany’s spying tools, Mira4 and VERAS, which were given to the NSA in exchange for nondescript intelligence assistance. Poitras’ report closes on the frightening note of the classified documents mentioning a discussion between the two agencies. They spoke of analysis programs able to detect behavior patterns. This technology is used by civilian data mining companies to predict consumer behavior. By gauging and comparing an individual’s past and current purchasing patterns and Internet browsing habits with previous, established models, analysis programs guess what a person intends to buy next. In 2012 the American corporation Target began sending maternity-related coupons to a Minneapolis teenager based on purchasing patterns. The consumer wasn’t aware she was pregnant. She was.
¹⁰

Poitras’ article on August 5 serves another purpose. By placing her explanation of SIGADs alongside Greenwald’s
O Globo Fairview
exposé, readers could step back and see a blurred outline of the bigger surveillance picture. It becomes even clearer once two previous citations are considered. On June 8,
The Guardian
released an additional, edited PRISM slide but admitted it had difficulty interpreting its meaning due to lack of context.
¹¹
The slide mentions the Fairview and “Blarney” programs. On July 10, Gellman released a similar slide without redactions.
¹²
Readers could see that the program names “Oakstar” and “Stormbrew” had been censored by
The Guardian
.
¹³

Gathering bulk data from corporate, government and private telecom and Internet providers, each spy program has a different function and purpose, as indicated by its related SIGAD. For example, an unseen slide briefly mentioned in Gellman’s original PRISM report states Blarney is “an ongoing collection program that leverages IC [intelligence community] and commercial partnerships to gain access and exploit foreign intelligence obtained from global networks.” Blarney can be assumed to utilize PRISM for its data analysis because PRISM’s assigned SIGAD is US-984XN. The two known SIGAD’s associated with Blarney are US-984 and US-984X. Blarney is believed to be installed in Room 641A in San Francisco and somewhere in New Jersey.

SIGADs classify hosts as well as location. Oakstar’s SIGADs were revealed in the
O Globo
report. US-3206 is the code for the collections gleaned from Monkeyrocket; US-3217 for Shiftingshadow; US-3230 for Orangecrush; US-3247 for Yachtshop, which is the access point for the private contractor Blueanchor; US-3251 for Orangeblossom; US-3273 for Silverzephyr, which is the access point for the private contractor Steelknight; US-3277 for Bluezephyr and US-3354 for Cobalfalcon.
¹⁴

Like Blarney, Stormbrew’s data collection is largely focused on domestic communications. Its corporate and private affiliates are located in Washington, California, Texas, Florida, New York, Virginia and Pennsylvania. Stormbrew’s SIGAD is US 983. Examining the location of known SIGADs, it appears suffixes beginning with the number 3 designate foreign surveillance and 9 denote domestic spying activity. One of Stormbrew’s assigned SIGAD’s is US-3140 for an entity code-named “Madcapocelot.” Its name and numeric indicator imply it is an eastern lookout point for European communications.

In Greenwald’s July 31 XKeyscore report, a classified slide shows that XKeyscore contains “[u]nique data beyond user activity from front end full-take feeds.” The belated PRISM slide tells analysts to use both “upstream” data alongside PRISM. Upstream is the common term for “front end.” It is “active” information sent
from
a computer. For example, when a person sends an email, it goes “upstream.” It is “downstream” or “passive” after the email message has been received and downloaded. The revealed documents come together to imply data is deposited into the storage reservoirs “Marina,” “Pinwale” and “Trafficthief” only after it has been received, reviewed and filtered.
¹⁵
An example data flow would be a user’s email originating in Brazil. As it is transferred to a South American Internet firm’s fiber-optic cables contracted by Orangecrush, it is picked up by Fairview, and PRISM processes it before it is deposited and stored in Pinwale for later reference. XKeyscore can then retrieve files from this catalogued system. Astute readers were able to begin getting a handle on how American surveillance functioned two months after the debate began.

Even though Snowden was safe in the confines of Russia, the U.S. government was still trying to make life difficult for him. The encrypted email service Lavabit, based out of Texas, announced it was shutting down on August 8.
¹⁶
The company’s owner, Ladar Levison, stated on the website’s index page that he had decided to close the firm’s doors after 10 years because he didn’t want to “become complicit in crimes against the American people.”
¹⁷
This was after the federal government filed a lawsuit in early July once he refused to grant access to one particular user’s email account.
¹⁸
Snowden had held a Lavabit account since January 2010.
¹⁹
He used the email address
[email protected]
to extend his G9 meeting invitations and communicate with human rights groups and his Russian attorneys afterward.
²⁰
Even though Levison could say little about the content of Snowden’s emails because Lavabit files are asymmetrically encrypted on the company’s server and only the account holder possesses the key, Levison was put under a gag order. Though initially shut out of their accounts, the 400,000 Lavabit users were later given a 72-hour window to retrieve, record or transfer the contents of their files.
²¹
Levison told
The Guardian
, “We are entering a time of state-sponsored intrusion into our privacy that we haven’t seen since the McCarthy era. And it’s on a much broader scale.”
²²
He has since started a legal defense fund, and has raised over $100,000.
²³

After Obama’s speech,
The Guardian
set to refute any claims that U.S. intelligence was not legally entitled to conduct surveillance on a U.S. citizen. On August 9, “NSA loophole allows warrantless search for US citizens’ emails and phone calls”
²⁴
appeared.

It reveals an FAA 702 “Update,” which is believed to have been in effect since 2011 but metadata establishes was instituted no later than June 2012. The clause gives the NSA authority to investigate “non-US citizens [ … ] outside the US at the point of collection” without a warrant. A slippery slope then ensues through contact chaining of “incidental” domestic data. Until this time, even though the U.S. intelligence admitted “it is not reasonably possible to identify the number of people located in the United States whose communications may have been reviewed under Section 702 authority,”
²⁵
intelligence had hidden behind the assertion it had no lawful right to conduct domestic surveillance. Essentially the FAA addendum eradicates the minimization procedures set to protect Americans from being surveilled. The disclosure of the FAA update permitted Senator Wyden to discuss the previously classified surveillance policy, “Once Americans’ communications are collected, a gap in the law that I call the ‘back-door searches loophole’ allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans.” The NSA silently pled guilty after Wyden and Udall informed
²⁶
General Alexander that an NSA FAA fact sheet
²⁷
posted on the agency’s website misled readers into believing “the law does not allow the NSA to deliberately search for the records of particular Americans.” The fact sheet was later removed.
²⁸

Whereas Greenwald’s sister report in June left arguable room for doubt, the existence and implied need for 702’s amendment speaks for itself. It also explains the semantic delicacy incorporated in Washington’s guarantee that Americans were not being watched. Much like data is not considered to be surveilled until it is seen by human eyes, the insinuation was that no
direct
targeting was taking place. The FAA update proves, at worst, Americans are indirectly targeted; at the very least their data is being retroactively searched.
²⁹
XKeyscore’s querying of entire databases of full-take records is now understood to be the administration’s definition of “indirect surveillance.” In an accompanying report titled, “NSA surveillance: the long fight to close backdoor into US communications,”
³⁰
it is clear who is at fault. Intelligence agencies and the Department of Justice “reaffirmed” to the chair of the Senate Intelligence Committee, Dianne Feinstein, that database searches “do not provide a means to circumvent the general requirement to obtain a court order before targeting a U.S. person under FISA.” As intelligence hid the existence of law-violating surveillance programs from Congress, it was also misinforming and misdirecting oversight committees.

On Monday, August 12,
Der Spiegel
produced what begins as a less volatile article, “Ally and Target: US Intelligence Watches Germany Closely.”
³¹
Using classified documents, it reports how the United States views various nations from a surveillance perspective. By its conclusion, the exposé answers a long-standing question about American spying.

By at least April 2013, the NSA prioritized its surveillance of foreign nations. It does so using a sliding scale that gauges a multitude of espionage categories. With 1 being the greatest concern and 5 being the least, foreign policy, economic stability and financial systems, arms exports, new technologies, “advanced conventional” weapons, international trade, counter-espionage and the risk of cyberattacks, energy security and food are all rated. (A subsequent report would include human rights, war crimes, environmental issues and raw materials.)
³²
Overall, China, Russia, Iran, Pakistan and Afghanistan are “intelligence priorities.” France, Germany and Japan are mid-level concerns while Italy and Spain reside below them. Cambodia, Laos, Nepal, Finland, Denmark, Croatia and the Czech Republic are “more or less irrelevant from a US intelligence perspective.”

U.S. intelligence is mindful but not preoccupied with the foreign policy, economic stability and financial systems of Germany, having issued a grade of 3 to each. The country’s arms exports, new technologies, advanced conventional weapons and international trade earned a rank of 4. The risk of cyberattacks or counter-espionage by its U.N. partner is the least of America’s worries, having merited a score of 5.

The article goes on to discuss an NSA report painfully dubbed, “Tales from the Land of Brothers Grimm.” In it, one German analyst expresses legal and moral apprehensions about using XKeyscore, stating in
Der Spiegel
’s terms, “[H]e always felt that he had one foot in prison when he was using the program.” The agent’s anxiety suggests that the individual was aware Xkeyscore violated or skirted G-10 laws. However, German spies are also reported to have reveled in their newfound snooping capabilities using the surveillance program. A unit manager relayed that he had finally been able to acquire materials from the Tunisian Interior Ministry which had doggedly eluded his grasp. This was after XKeyscore’s training was broken down into the program’s respective components and presented in 20-minute briefings. Analysts stated the frantic instruction felt like “speed dating.”

The article shifts gears once more and reveals why American intelligence has an infatuation with Germany. After 9/11, the NSA wanted to establish a core surveillance hub in the center of Europe so the agency could readily track terrorists, “most” of which move through Germany during their travels. It also needed a place to watch the international gray hat organization, Anonymous. (It would later be reported that the federal government’s preoccupation with the vigilante organization was not rooted in undermining rebel cyber collectives. The U.S. government sought to arrest and extort Anonymous members by getting them to consent to international NSA hacking missions as part of a plea bargain.)
³³
It succeeded. The NSA’s European Cryptologic Center in Griesheim is reported to have the “largest analysis and productivity in Europe.”

The Washington Post
’s return to the disclosure field is somewhat of a surprise. The day Snowden applied for bulk asylum status and made his first public announcement after reaching Russia, Gellman’s home office presented, “Plugging the leaks in the Edward Snowden case.”
³⁴
It is nothing short of a pro-Washington renunciation of Snowden which conveniently overlooks that the periodical was side-by-side in breaking the first whistleblowing reports.