konfront on Sat, 7 Feb 1998 18:34:02 +0100 (MET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> Konfrontatie: ECHELON |
[text in english] *KONFRONTATIE ** KONFRONTATIE ** KONFRONTATIE ** KONFRONTATIE* _______________________________________________________ ******************************************************** * Konfrontatie verschijnt 2 wekelijks in gratis E-mail vorm. Voor abonnement* * of opzegging hiervan stuur een verzoek aan konfront@xs4all.nl. Ook reacties * * zijn welkom. Oude nummers en diverse andere artikelen zijn te vinden op * * http://www.xs4all.nl/~konfront. * ******************************************************** Konfr. extra/6 feb 98 konfront@xs4all.nl http://www.xs4all.nl/~konfront -------------------------------------------------------- inhoud: EXPOSING THE GLOBAL SURVEILLANCE SYSTEM by Nicky Hager IN THE LATE 1980s, IN A DECISION IT PROBABLY REGRETS, THE US PROMPTED NEW ZEALAND TO JOIN A NEW AND HIGHLY SECRET GLOBAL INTELLIGENCE SYSTEM. HAGER'S INVESTIGATION INTO IT AND HIS DISCOVERY OF THE ECHELON DICTIONARY HAS REVEALED ONE OF THE WORLD'S BIGGEST, MOST CLOSELY HELD INTELLIGENCE PROJECTS. THE SYSTEM ALLOWS SPY AGENCIES TO MONITOR MOST OF THE WORLD'S TELEPHONE, E-MAIL, AND TELEX COMMUNICATIONS. For 40 years, New Zealand's largest intelligence agency, the Government Communications Security Bureau (GCSB) the nation's equivalent of the US National Security Agency (NSA) had been helping its Western allies to spy on countries throughout the Pacific region, without the knowledge of the New Zealand public or many of its highest elected officials. What the NSA did not know is that by the late 1980s, various intelligence staff had decided these activities had been too secret for too long, and were providing me with interviews and documents exposing New Zealand's intelligence activities. Eventually, more than 50 people who work or have worked in intelligence and related fields agreed to be interviewed. The activities they described made it possible to document, from the South Pacific, some alliance-wide systems and projects which have been kept secret elsewhere. Of these, by far the most important is ECHELON. Designed and coordinated by NSA, the ECHELON system is used to intercept ordinary e-mail, fax, telex, and telephone communications carried over the world's telecommunications networks. Unlike many of the electronic spy systems developed during the Cold War, ECHELON is designed primarily for non-military targets: governments, organizations, businesses, and individuals in virtually every country. It potentially affects every person communicating between (and sometimes within) countries anywhere in the world. It is, of course, not a new idea that intelligence organizations tap into e-mail and other public telecommunications networks. What was new in the material leaked by the New Zealand intelligence staff was precise information on where the spying is done, how the system works, its capabilities and shortcomings, and many details such as the codenames. The ECHELON system is not designed to eavesdrop on a particular individual's e-mail or fax link. Rather, the system works by indiscriminately intercepting very large quantities of communications and using computers to identify and extract messages of interest from the mass of unwanted ones. A chain of secret interception facilities has been established around the world to tap into all the major components of the international telecommunications networks. Some monitor communications satellites, others land-based communications networks, and others radio communications. ECHELON links together all these facilities, providing the US and its allies with the ability to intercept a large proportion of the communications on the planet. The computers at each station in the ECHELON network automatically search through the millions of messages intercepted for ones containing pre-programmed keywords. Keywords include all the names, localities, subjects, and so on that might be mentioned. Every word of every message intercepted at each station gets automatically searched whether or not a specific telephone number or e-mail address is on the list. The thousands of simultaneous messages are read in "real time" as they pour into the station, hour after hour, day after day, as the computer finds intelligence needles in telecommunications haystacks. SOMEONE IS LISTENING The computers in stations around the globe are known, within the network, as the ECHELON Dictionaries. Computers that can automatically search through traffic for keywords have existed since at least the 1970s, but the ECHELON system was designed by NSA to interconnect all these computers and allow the stations to function as components of an integrated whole. The NSA and GCSB are bound together under the five-nation UKUSA signals intelligence agreement. The other three partners all with equally obscure names are the Government Communications Headquarters (GCHQ) in Britain, the Communications Security Establishment (CSE) in Canada, and the Defense Signals Directorate (DSD) in Australia. The alliance, which grew from cooperative efforts during World War II to intercept radio transmissions, was formalized into the UKUSA agreement in 1948 and aimed primarily against the USSR. The five UKUSA agencies are today the largest intelligence organizations in their respective countries. With much of the world's business occurring by fax, e-mail, and phone, spying on these communications receives the bulk of intelligence resources. For decades before the introduction of the ECHELON system, the UKUSA allies did intelligence collection operations for each other, but each agency usually processed and analyzed the intercept from its own stations. Under ECHELON, a particular station's Dictionary computer contains not only its parent agency's chosen keywords, but also has lists entered in for other agencies. In New Zealand's satellite interception station at Waihopai (in the South Island), for example, the computer has separate search lists for the NSA, GCHQ, DSD, and CSE in addition to its own. Whenever the Dictionary encounters a message containing one of the agencies' keywords, it automatically picks it and sends it directly to the headquarters of the agency concerned. No one in New Zealand screens, or even sees, the intelligence collected by the New Zealand station for the foreign agencies. Thus, the stations of the junior UKUSA allies function for the NSA no differently than if they were overtly NSA-run bases located on their soil. The first component of the ECHELON network are stations specifically targeted on the international telecommunications satellites (Intelsats) used by the telephone companies of most countries. A ring of Intelsats is positioned around the world, stationary above the equator, each serving as a relay station for tens of thousands of simultaneous phone calls, fax, and e-mail. Five UKUSA stations have been established to intercept the communications carried by the Intelsats. The British GCHQ station is located at the top of high cliffs above the sea at Morwenstow in Cornwall. Satellite dishes beside sprawling operations buildings point toward Intelsats above the Atlantic, Europe, and, inclined almost to the horizon, the Indian Ocean. An NSA station at Sugar Grove, located 250 kilometers southwest of Washington, DC, in the mountains of West Virginia, covers Atlantic Intelsats transmitting down toward North and South America. Another NSA station is in Washington State, 200 kilometers southwest of Seattle, inside the Army's Yakima Firing Center. Its satellite dishes point out toward the Pacific Intelsats and to the east. *1 The job of intercepting Pacific Intelsat communications that cannot be intercepted at Yakima went to New Zealand and Australia. Their South Pacific location helps to ensure global interception. New Zealand provides the station at Waihopai and Australia supplies the Geraldton station in West Australia (which targets both Pacific and Indian Ocean Intelsats). *2 Each of the five stations' Dictionary computers has a codename to distinguish it from others in the network. The Yakima station, for instance, located in desert country between the Saddle Mountains and Rattlesnake Hills, has the COWBOY Dictionary, while the Waihopai station has the FLINTLOCK Dictionary. These codenames are recorded at the beginning of every intercepted message, before it is transmitted around the ECHELON network, allowing analysts to recognize at which station the interception occurred. New Zealand intelligence staff has been closely involved with the NSA's Yakima station since 1981, when NSA pushed the GCSB to contribute to a project targeting Japanese embassy communications. Since then, all five UKUSA agencies have been responsible for monitoring diplomatic cables from all Japanese posts within the same segments of the globe they are assigned for general UKUSA monitoring.3 Until New Zealand's integration into ECHELON with the opening of the Waihopai station in 1989, its share of the Japanese communications was intercepted at Yakima and sent unprocessed to the GCSB headquarters in Wellington for decryption, translation, and writing into UKUSA-format intelligence reports (the NSA provides the codebreaking programs). "COMMUNICATION" THROUGH SATELLITES The next component of the ECHELON system intercepts a range of satellite communications not carried by Intelsat.In addition to the UKUSA stations targeting Intelsat satellites, there are another five or more stations homing in on Russian and other regional communications satellites. These stations are Menwith Hill in northern England; Shoal Bay, outside Darwin in northern Australia (which targets Indonesian satellites); Leitrim, just south of Ottawa in Canada (which appears to intercept Latin American satellites); Bad Aibling in Germany; and Misawa in northern Japan. A group of facilities that tap directly into land-based telecommunications systems is the final element of the ECHELON system. Besides satellite and radio, the other main method of transmitting large quantities of public, business, and government communications is a combination of water cables under the oceans and microwave networks over land. Heavy cables, laid across seabeds between countries, account for much of the world's international communications. After they come out of the water and join land-based microwave networks they are very vulnerable to interception. The microwave networks are made up of chains of microwave towers relaying messages from hilltop to hilltop (always in line of sight) across the countryside. These networks shunt large quantities of communications across a country. Interception of them gives access to international undersea communications (once they surface) and to international communication trunk lines across continents. They are also an obvious target for large-scale interception of domestic communications. Because the facilities required to intercept radio and satellite communications use large aerials and dishes that are difficult to hide for too long, that network is reasonably well documented. But all that is required to intercept land-based communication networks is a building situated along the microwave route or a hidden cable running underground from the legitimate network into some anonymous building, possibly far removed. Although it sounds technically very difficult, microwave interception from space by United States spy satellites also occurs.4 The worldwide network of facilities to intercept these communications is largely undocumented, and because New Zealand's GCSB does not participate in this type of interception, my inside sources could not help either. NO ONE IS SAFE FROM A MICROWAVE A 1994 expos of the Canadian UKUSA agency, Spyworld, co-authored by one of its former staff, Mike Frost, gave the first insights into how a lot of foreign microwave interception is done (see p. 18). It described UKUSA "embassy collection" operations, where sophisticated receivers and processors are secretly transported to their countries' overseas embassies in diplomatic bags and used to monitor various communications in foreign capitals. *5 Since most countries' microwave networks converge on the capital city, embassy buildings can be an ideal site. Protected by diplomatic privilege, they allow interception in the heart of the target country. *6 The Canadian embassy collection was requested by the NSA to fill gaps in the American and British embassy collection operations, which were still occurring in many capitals around the world when Frost left the CSE in 1990. Separate sources in Australia have revealed that the DSD also engages in embassy collection. *7 On the territory of UKUSA nations, the interception of land-based telecommunications appears to be done at special secret intelligence facilities. The US, UK, and Canada are geographically well placed to intercept the large amounts of the world's communications that cross their territories. The only public reference to the Dictionary system anywhere in the world was in relation to one of these facilities, run by the GCHQ in central London. In 1991, a former British GCHQ official spoke anonymously to Granada Television's World in Action about the agency's abuses of power. He told the program about an anonymous red brick building at 8 Palmer Street where GCHQ secretly intercepts every telex which passes into, out of, or through London, feeding them into powerful computers with a program known as "Dictionary." The operation, he explained, is staffed by carefully vetted British Telecom people: "It's nothing to do with national security. It's because it's not legal to take every single telex. And they take everything: the embassies, all the business deals, even the birthday greetings, they take everything. They feed it into the Dictionary." *8 What the documentary did not reveal is that Dictionary is not just a British system; it is UKUSA-wide. Similarly, British researcher Duncan Campbell has described how the US Menwith Hill station in Britain taps directly into the British Telecom microwave network, which has actually been designed with several major microwave links converging on an isolated tower connected underground into the station.9 The NSA Menwith Hill station, with 22 satellite terminals and more than 4.9 acres of buildings, is undoubtedly the largest and most powerful in the UKUSA network. Located in northern England, several thousand kilometers from the Persian Gulf, it was awarded the NSA's "Station of the Year" prize for 1991 after its role in the Gulf War. Menwith Hill assists in the interception of microwave communications in another way as well, by serving as a ground station for US electronic spy satellites. These intercept microwave trunk lines and short range communications such as military radios and walkie talkies. Other ground stations where the satellites' information is fed into the global network are Pine Gap, run by the CIA near Alice Springs in central Australia and the Bad Aibling station in Germany. *10 Among them, the various stations and operations making up the ECHELON network tap into all the main components of the world's telecommunications networks. All of them, including a separate network of stations that intercepts long distance radio communications, have their own Dictionary computers connected into ECHELON. In the early 1990s, opponents of the Menwith Hill station obtained large quantities of internal documents from the facility. Among the papers was a reference to an NSA computer system called Platform. The integration of all the UKUSA station computers into ECHELON probably occurred with the introduction of this system in the early 1980s. James Bamford wrote at that time about a new worldwide NSA computer network codenamed Platform "which will tie together 52 separate computer systems used throughout the world. Focal point, or `host environment,' for the massive network will be the NSA headquarters at Fort Meade. Among those included in Platform will be the British SIGINT organization, GCHQ." *11 LOOKING IN THE DICTIONARY The Dictionary computers are connected via highly encrypted UKUSA communications that link back to computer data bases in the five agency headquarters. This is where all the intercepted messages selected by the Dictionaries end up. Each morning the specially "indoctrinated" signals intelligence analysts in Washington, Ottawa,Cheltenham, Canberra, and Wellington log on at their computer terminals and enter the Dictionary system. After keying in their security passwords, they reach a directory that lists the different categories of intercept available in the data bases, each with a four-digit code. For instance, 1911 might be Japanese diplomatic cables from Latin America (handled by the Canadian CSE), 3848 might be political communications from and about Nigeria, and 8182 might be any messages about distribution of encryption technology. They select their subject category, get a "search result" showing how many messages have been caught in the ECHELON net on that subject, and then the day's work begins. Analysts scroll through screen after screen of intercepted faxes, e-mail messages, etc. and, whenever a message appears worth reporting on, they select it from the rest to work on. If it is not in English, it is translated and then written into the standard format of intelligence reports produced anywhere within the UKUSA network either in entirety as a "report," or as a summary or "gist." INFORMATION CONTROL A highly organized system has been developed to control what is being searched for by each station and who can have access to it. This is at the heart of ECHELON operations and works as follows. The individual station's Dictionary computers do not simply have a long list of keywords to search for. And they do not send all the information into some huge database that participating agencies can dip into as they wish. It is much more controlled. The search lists are organized into the same categories, referred to by the four digit numbers. Each agency decides its own categories according to its responsibilities for producing intelligence for the network. For GCSB, this means South Pacific governments, Japanese diplomatic, Russian Antarctic activities, and so on. The agency then works out about 10 to 50 keywords for selection in each category. The keywords include such things as names of people, ships, organizations, country names, and subject names. They also include the known telex and fax numbers and Internet addresses of any individuals, businesses, organizations, and government offices that are targets. These are generally written as part of the message text and so are easily recognized by the Dictionary computers. The agencies also specify combinations of keywords to help sift out communications of interest. For example, they might search for diplomatic cables containing both the words "Santiago" and "aid," or cables containing the word "Santiago" but not "consul" (to avoid the masses of routine consular communications). It is these sets of words and numbers (and combinations), under a particular category, that get placed in the Dictionary computers. (Staff in the five agencies called Dictionary Managers enter and update the keyword search lists for each agency.) The whole system, devised by the NSA, has been adopted completely by the other agencies. The Dictionary computers search through all the incoming messages and, whenever they encounter one with any of the agencies' keywords, they select it. At the same time, the computer automatically notes technical details such as the time and place of interception on the piece of intercept so that analysts reading it, in whichever agency it is going to, know where it came from, and what it is. Finally, the computer writes the four-digit code (for the category with the keywords in that message) at the bottom of the message's text. This is important. It means that when all the intercepted messages end up together in the database at one of the agency headquarters, the messages on a particular subject can be located again. Later, when the analyst using the Dictionary system selects the four- digit code for the category he or she wants, the computer simply searches through all the messages in the database for the ones which have been tagged with that number. This system is very effective for controlling which agencies can get what from the global network because each agency only gets the intelligence out of the ECHELON system from its own numbers. It does not have any access to the raw intelligence coming out of the system to the other agencies. For example, although most of the GCSB's intelligence production is primarily to serve the UKUSA alliance, New Zealand does not have access to the whole ECHELON network. The access it does have is strictly controlled. A New Zealand intelligence officer explained: "The agencies can all apply for numbers on each other's Dictionaries. The hardest to deal with are the Americans. ... [There are] more hoops to jump through, unless it is in their interest, in which case they'll do it for you." There is only one agency which, by virtue of its size and role within the alliance, will have access to the full potential of the ECHELON system the agency that set it up. What is the system used for? Anyone listening to official "discussion" of intelligence could be forgiven for thinking that, since the end of the Cold War, the key targets of the massive UKUSA intelligence machine are terrorism, weapons proliferation, and economic intelligence. The idea that economic intelligence has become very important, in particular, has been carefully cultivated by intelligence agencies intent on preserving their post-Cold War budgets. It has become an article of faith in much discussion of intelligence. However, I have found no evidence that these are now the primary concerns of organizations such as NSA. QUICKER INTELLIGENCE, SAME MISSION A different story emerges after examining very detailed information I have been given about the intelligence New Zealand collects for the UKUSA allies and detailed descriptions of what is in the yards-deep intelligence reports New Zealand receives from its four allies each week. There is quite a lot of intelligence collected about potential terrorists, and there is quite a lot of economic intelligence, notably intensive monitoring of all the countries participating in GATT negotiations. But by far, the main priorities of the intelligence alliance continue to be political and military intelligence to assist the larger allies to pursue their interests around the world. Anyone and anything the particular governments are concerned about can become a target. With capabilities so secret and so powerful, almost anything goes. For example, in June 1992, a group of current "highly placed intelligence operatives" from the British GCHQ spoke to the London Observer: "We feel we can no longer remain silent regarding that which we regard to be gross malpractice and negligence within the establishment in which we operate." They gave as examples GCHQ interception of three charitable organizations, including Amnesty International and Christian Aid. As the Observer reported: "At any time GCHQ is able to home in on their communications for a routine target request," the GCHQ source said. In the case of phone taps the procedure is known as Mantis. With telexes it is called Mayfly. By keying in a code relating to Third World aid, the source was able to demonstrate telex "fixes" on the three organizations. "It is then possible to key in a trigger word which enables us to home in on the telex communications whenever that word appears," he said. "And we can read a pre-determined number of characters either side of the keyword."12 Without actually naming it, this was a fairly precise description of how the ECHELON Dictionary system works. Again, what was not revealed in the publicity was that this is a UKUSA-wide system. The design of ECHELON means that the interception of these organizations could have occurred anywhere in the network, at any station where the GCHQ had requested that the four-digit code covering Third World aid be placed. Note that these GCHQ officers mentioned that the system was being used for telephone calls. In New Zealand, ECHELON is used only to intercept written communications: fax, e-mail, and telex. The reason, according to intelligence staff, is that the agency does not have the staff to analyze large quantities of telephone conversations. Mike Frost's expos of Canadian "embassy collection" operations described the NSA computers they used, called Oratory, that can "listen" to telephone calls and recognize when keywords are spoken. Just as we can recognize words spoken in all the different tones and accents we encounter, so too, according to Frost, can these computers. Telephone calls containing keywords are automatically extracted from the masses of other calls and recorded digitally on magnetic tapes for analysts back at agency headquarters. However, high volume voice recognition computers will be technically difficult to perfect, and my New Zealand-based sources could not confirm that this capability exists. But, if or when it is perfected, the implications would be immense. It would mean that the UKUSA agencies could use machines to search through all the international telephone calls in the world, in the same way that they do written messages. If this equipment exists for use in embassy collection, it will presumably be used in all the stations throughout the ECHELON network. It is yet to be confirmed how extensively telephone communications are being targeted by the ECHELON stations for the other agencies. The easiest pickings for the ECHELON system are the individuals, organizations,and governments that do not use encryption. In New Zealand's area, for example, it has proved especially useful against already vulnerable South Pacific nations which do not use any coding, even for government communications (all these communications of New Zealand's neighbors are supplied, unscreened, to its UKUSA allies). As a result of the revelations in my book, there is currently a project under way in the Pacific to promote and supply publicly available encryption software to vulnerable organizations such as democracy movements in countries with repressive governments. This is one practical way of curbing illegitimate uses of the ECHELON capabilities. One final comment. All the newspapers, commentators, and "well placed sources" told the public that New Zealand was cut off from US intelligence in the mid-1980s. That was entirely untrue. The intelligence supply to New Zealand did not stop, and instead, the decade since has been a period of increased integration of New Zealand into the US system. Virtually everything the equipment, manuals, ways of operating, jargon, codes, and so on, used in the GCSB continues to be imported entirely from the larger allies (in practice, usually the NSA). As with the Australian and Canadian agencies, most of the priorities continue to come from the US, too. The main thing that protects these agencies from change is their secrecy. On the day my book arrived in the book shops, without prior publicity, there was an all-day meeting of the intelligence bureaucrats in the prime minister's department trying to decide if they could prevent it from being distributed. They eventually concluded, sensibly, that the political costs were too high. It is understandable that they were so agitated. Throughout my research, I have faced official denials or governments refusing to comment on publicity about intelligence activities. Given the pervasive atmosphere of secrecy and stonewalling, it is always hard for the public to judge what is fact, what is speculation, and what is paranoia. Thus, in uncovering New Zealand's role in the NSA-led alliance, my aim was to provide so much detail about the operations the technical systems, the daily work of individual staff members, and even the rooms in which they work inside intelligence facilities that readers could feel confident that they were getting close to the truth. I hope the information leaked by intelligence staff in New Zealand about UKUSA and its systems such as ECHELON will help lead to change. --- # distributed via nettime-l : no commercial use without permission # <nettime> is a closed moderated mailinglist for net criticism, # collaborative text filtering and cultural politics of the nets # more info: majordomo@icf.de and "info nettime" in the msg body # URL: http://www.desk.nl/~nettime/ contact: nettime-owner@icf.de