In June 2013, computer specialist Edward Snowden disclosed the extent of the surveillance practices of the U.S. and British intelligence services. Snowden, who worked for a government sub-contractor and had access to confidential documents, later exposed more targeted surveillance, focusing on the telecommunications of world leaders and diplomats of allied countries. Activists, governments and international bodies have taken issue with the Obama administration, as the newspapers The Guardian and The Washington Post have revealed the extent of the surveillance. The main player in this vast surveillance operation is the highly secretive National Security Agency (NSA) which, in the light of Snowden’s revelations, has come to symbolize the abuses by the world’s intelligence agencies. Against this background, those involved in reporting on security issues have found their sources under increasing pressure.
The U.S. edition of The Guardian is still able to publish information from Edward Snowden, while the British edition is not, but the country of the First Amendment has undermined confidence in the Internet and its own standards of security. U.S. surveillance practices and decryption activities are a direct threat to investigative journalists, especially those who work with sensitive sources for whom confidentiality is paramount and who are already under pressure.
Based in Fort Meade, Virginia, the NSA has always operated behind a wall of secrecy. According to legend, its acronym was jokingly said to mean “No Such Agency” because its work took place far from the eyes of U.S. citizens. The glimpses we have had into its activities have come from whistleblowers such as Snowden, Thomas Drake and Bill Binney.
The U.S. agency has an official annual budget of $10.8 billion and is reported to employ some 100,000 people, mostly in signals intelligences (SIGINT). It has at its disposal vast resources for intercepting communications, 14 times the size those of the French DGSE external intelligence agency.
Snowden’s disclosures showed that the NSA’s eavesdropping on communications went far beyond observers’ suspicions. However, U.S. intelligence services do not just carry out large-scale monitoring of private exchanges. They also conduct a decryption program codenamed Project Bullrun, another blow aimed at the heart of confidentiality, including that of journalists.
As part of Project Bullrun, the NSA paid security software firms to install encryption systems that weakened the security of their products. The agency also used its influence with U.S. institutions to get them to lower security standards from agreed norms that were about to be adopted.
Other Snowden documents revealed that the U.S. firm RSA, a supplier of encryption software to governments and private firms, received $10 million from the NSA to reduce the security level of its BSAFE tool, which is used to enhance security in personal computers and other products, allowing the agency to monitor its customers. RSA denied there had been any such deal.
The legal framework
The legal basis for most of the surveillance practices disclosed by The Guardian and The Washington Post since June last year lies in the Foreign Intelligence Surveillance Act of 1978, amended by the 2001 USA Patriot Act, passed after the September 11 attacks, and by the FISA Amendments Act of 2008.
This legal framework defines the status of the federal Foreign Intelligence Surveillance Court, known as the FISA court, the arbiter for NSA surveillance requests in the secret judgments it renders. The criteria used by the court are broad, since monitoring a server through which communications pass is agreed if the court believes there is a reasonable assumption the communications include those from foreigners outside the United States.
Against this background, the surveillance of electronic exchanges among millions of users of Microsoft, Yahoo! Google, Facebook, PalTalk, AOL, Skype YouTube and Apple as part of the PRISM program was made possible.
The United States is part of the Five Eyes alliance, which also includes the British, Canadian, New Zealand and Australian secret services and whose purpose is to share expertise and resources in the interception of telecommunications. Documents disclosed by Snowden showed the NSA also worked with other, third party intelligence services. Among these informal partners are Germany’s Bundesnachtrichtendienst, believed to intercept up to 20 percent of the Internet traffic that passes through Germany, the Swedish agency FRA, regarded as a leading partner by the NSA because of its privileged access to submarine cables in the Baltic, and France’s DGSE, which is believed to have established a protocol for exchanging data with the United States under the Lustre program.
The NSA’s toolbox
The NSA works closely with Internet access and service providers that manage the “backbone” of the Internet, the network’s hardware. Among these big names are AT&T, Level 3 and Verizon. These links allow the NSA to monitor the Internet at the infrastructure level. Most monitoring devices are based in the United States, the stronghold of the Web industry. Outside the border of the United States, the NSA has access to the submarine cables that carry 99 percent of the world’s telecommunications, especially through its partnerships with GCHQ and the FRA.
Deep Packet Inspection technology, which allows packets of data to be intercepted as they pass through the network, is believed to have been installed in a number of data centers and concealed in the installations of ISPs. The U.S. telecoms giant AT&T has given the NSA access to its customers’ metadata. The Electronic Frontier Foundation brought a class action case against AT&T on behalf of its customers, alleging violation of privacy laws.
A dedicated NSA unit, known as Tailored Access Operations (TAO), is aimed at intercepting the communications of specific targets. The agency has a catalogue of tools at its disposal that enable it to overcome the security measures traditionally used to make communications and data secure. The 50-page catalogue, disclosed by the German news magazine Der Spiegel, shows the scope of the NSA’s expertise.
The most worrying of these tools is probably Quantum Insert, which enables the installation of spy software on specific machines. The idea is a simple one and involves redirecting the user to a fake Web page which installs spyware on the target computer. Britain’s GCHQ has also used Quantum Insert, for example to spy on engineers of the Belgian telecoms company, Belgacom.
Pressure on journalists, sources and whistleblowers
The Obama administration has shown itself to be willing to interpret the protection of national security in a broad and abusive manner, at the expense of freedom of information. A witch-hunt was launched against journalists’ sources who disclosed confidential information about the powers of the state.
James Risen, a Pulitzer Prize-winning American journalist, covered the trial of former CIA agent Jeffrey Alexander Sterling, a whistleblower who was prosecuted under the Espionage Act. In 2011, Risen was served with a subpoena from the Department of Justice ordering him to testify at the trial and ordering him to reveal his sources. The New York Times reporter fought the order, arguing that his right to protect his sources was guaranteed by law. In 2013, an appeals court in Richmond, Virginia, ruled that Risen could be made to testify at the trial. The journalist has made it clear he is determined to continue his fight to protect his sources.
On 12 September 2012, the journalist Barrett Brown was arrested by the FBI and held in a federal prison. The charges against him could add up to 105 years in prison if he was convicted. The journalist was investigating the contents of over five million internal emails released through a hack on the private intelligence company, Stratfor. Brown was charged with 12 offences after he posted a link to the site that had published the emails.
The U.S. government already had the journalist in its sights for his part in exposing “Team Themis“, a shadowy project aimed at ruining the hackers’ collective Anonymous financially and to silence journalists that were sympathetic to it. On 5 March least year, 11 of the 12 charges against him were dropped and the maximum prison term he faced was reduced to 70 years.
Whistleblowers are also in the firing line. Snowden has been prosecuted for “unauthorized communication of national defense information” and “wilful communication of classified communications intelligence information to an unauthorized person”. His case is the seventh brought under the 1917 Espionage Act by the Obama administration.
Before Obama’s first term, the Espionage Act, intended to be used against those who aid an enemy, had been used only three times. The U.S. authorities have also revoked Snowden’s passport with the aim of preventing him from travelling. Afraid to return to the United States, where officials have had harsh words for him and where a fair trial seems unlikely, Snowden is stuck in Russia, which gave him temporary asylum until summer this year. Several European countries have refused him asylum.
Chelsea Manning was sentenced to 35 years’ imprisonment last year for leaking secret military and State Department documents to WikiLeaks. Among them was the “Collateral Murder” video, showing U.S. troops in Iraq firing on civilians, killing a Reuters photojournalist and seven other people. The case against Manning was also based on the 1917 Espionage Act, even though this archaic law is in no way applicable to modern whistleblowers.
Manning was also convicted under the Computer Fraud and Abuse Act for using an unauthorized program, Wget, to download files that he passed on to WikiLeaks.
Jacob Appelbaum, the developer of the Tor privacy tool, is a journalist with Der Spiegel. He is a committed privacy advocate and has worked with WikiLeaks several times. After being harassed by the U.S. authorities, Appelbaum, an American, decided not to return to the United States in the wake of Snowden’s disclosures. He now lives in temporary exile in Berlin, where he says he has also been the target of surveillance by the intelligence services.
The NSA has been helped in its determined pursuit of WikiLeaks by GCHQ, since all visitors to the website have been monitored by the British agency’s TEMPORA surveillance system. Their IP addresses and the terms entered in search engines to access the site are intercepted and recorded.