People who watch the surveillance state have known about this stuff since the early 1980s. My personal theory is that spooks talk to each other (as spooks do) and eventually word starts to leak; it’s too clever a scam to miss. Then, when a program becomes huge enough, there are tens of thousands of people using the data from it; it’s pretty easy to figure out where the data is coming from. I first encountered the international reach-around when I was at a conference and wound up talking to an interesting fellow who turned out to be a journalist that had been investigating the surveillance state for a very long time.
That’s how it was that Duncan Campbell [intercept] told me about the UK/USA treaty on information-sharing (“the five eyes”) The US, Great Britain, Canada, Australia, and New Zealand agree to share intelligence intercepts with eachother. You can bet there were boyish little spook-giggles when they cooked up this dodge around most of their own populations’ attempts to prevent them from bypassing whatever privacy guarantees their governments offer. When Campbell told me this story, he had just returned from visiting the mysterious tower that the NSA used to operate on English soil – a tower that was perfectly situated between the British side and the Irish side of the main microwave communications link for data traffic – where the NSA intercepted all the traffic between England and Ireland, and Menwith Hill, “the billion dollar phone tap” where the NSA intercepted communications between Great Britain and Europe. [new]
I was a young puppy at the time, not as cynical and jaded about spooks as I am now, and I admit I thought Campbell sounded a bit like one of those chemtrails types. The story he was telling me made no sense at all. Why would the British let the NSA set up a station in Yorkshire to spy on the British? That’s nuts.
Nope. See, most countries that are pretending to be democratic republics, have some sort of constitution or rule of law that might specify limits on surveillance – you have to get a warrant before you can listen to a citizen’s phone. And their intelligence agencies all have a free hand to spy internationally. So, the “Five Eyes” treaty says that those countries intelligence services will share intercepts. Thus the NSA spies on the British citizens, the Canadians spy on the American citizens, and everyone shares their intercepts. The end result is: everyone is spying on their citizens but they have all bypassed any laws that say “intelligence services must not monitor domestic traffic.” Ha, ha, ha, ha, laughed the spooks, then they classified their laughter under the code-word ECHELON.
Since the early 1980s, when word about ECHELON started to leak here and there, there have been multiple disclosures attempting to outline the size of the program. Every disclosure has been consistent with the narrative of facts that the outside world has come to know about the “Five Eyes.” And attempts to regulate the program have gone nowhere: it’s too valuable and it cost too much and, who knows, they probably have “kompromat” on every politician in every government. It makes me uncomfortable to write these things because we rationalists/skeptics are conditioned to recognize the sounds of a good conspiracy theory and we get very uncomfortable, indeed, when those are the noises coming out of our own mouths. But, Edward Snowden described some of the data sources. Mark Klein described some of the data sources. Then, the leaks not only fail to contradict each other, they assemble into a consistent over-arching picture of “uh oh.”
For one example, Mark Klein disclosed the existence of Room 641A in an AT&T switching center in San Francisco. [wik] The NSA said “nonsense” [classified nonsense] [redacted] and besides [top secret] [redacted] you wouldn’t want CNN to see those pictures [redacted]. Amazingly, Klein’s disclosure didn’t really do much except “out” a bit of the surveillance program which the Bush Administration retroactively made legal and the Obama Administration decided “we need to look forward, not back.” When Edward Snowden dropped his disclosures, one of the things in them was corroboration of Room 641A. [wired] We don’t know what NSA told US lawmakers like the deplorable Dianne Feinstein, but it was [classified] and [redacted] and Feinstein didn’t care until it turned out that the CIA was spying on her investigative team’s computers, which was awkward – the oligarchs don’t care to be spied on, themselves. [cnn]
A few years after my conversation with Campbell, I bumped into the reach-around, myself. I was involved in setting up the email server for the Clinton White House and was also chartered by DARPA to do some research on recommendations for secure communications for “lightweight” (i.e.: non-NSA) security use. At the time, everyone in Washington was using Blackberries. Most Americans at the time did not realize that Blackberry was a Canadian company and all Blackberry traffic went north of the border. I asked a spook I knew if he thought Blackberry was being made so available to the Washington elite because of the reach-around, and he suggested “that is not an avenue you should pursue in your report.” See, at that time, Blackberry was popular because its communications were encrypted, with public keys (ooh! aah!) and the encryption was, well, substantially better than the “nothing” everything else had at the time. It turned out that the whole technique for tapping smart phone messaging was first rolled out by CSE, the Canadian NSA, part of the “Five Eyes.”
When I read about Katherine Gun the other day, it added a bit more to the picture of what has elsewhere been called “The New York Reach-Around” [crypt]
To achieve complete access and exploit the New York Reach Around, an interesting relationship has evolved between the government and fiber optic operators. In order for any fiber optic cable to enter or leave the United States, the operator is required to obtain a special license from the Federal Communications Commission (FCC). This is procedure is maintained through a special national security department of the FCC called the International Bureau. The International Bureau, as a condition precedent to licensing, requires the cable operators to contract with the U.S. Government allowing full and complete access to the contents of each and every cable. By virtue of this agreement, any requirements for warrants or court orders are eviscerated. By virtue of these agreements, no oversight or supervision is required. These undersea cable operators and the U.S. Government of course do not advertise any of this.FAIRVIEW LONG LINES TITANPOINTE SKYSCRAPER For example, the U.S. Government has a series of contracts with AT&T in which AT&T agrees to permit the federal government unsupervised access to all customer communications that passed over its undersea cables, domestic transmission facilities, and domestic switching systems. In these documents, AT&T is given a special code name. Each of its facilities where this sort of eavesdropping takes place is given different code name. For example, there are several major access points that are on domestic soil which AT&T (FAIRVIEW) has given the NSA access to, which use location codenames such as KILLINGTON, COPPERMOUNTAIN MAVERICK, WHISTLER, SUNVALLEY, CLIFFSIDE, TAHOE, BRECKENRIDGE, EAGLE, EDEN, TITANPOINT E (33 Thomas Street), PINECONE, SILVER COLLAM and others.It does bear mentioning that when an ECI relationship is established that in various documents the company itself will be given one codename, then the overall project an umbrella name, then under the umbrella each portion will be give a code name, and then each location or sub-location, yet a different name, and tremendous care is take to isolate the name so there is little reference to one another. To take this one more step, the AT&T Long Lines Building at 33 Thomas Street (code named TITANPOINTE) is operated by AT&T under a code name of LITHIUM, with RIMROCK access (a code name of for a hack into the 4ESS switching system), and also to the code name RIMROCK program by way of the satellite dishes on the roof. Thus, by way of the cable vault in the 3rd basement virtually anything in New York City can be tapped or tracked, and vast swathes of the inside of this building, as well as access to fiber optic systems are rented to the NSA, and even to the FBI. The TITANPOINTE is fed data from the PINECONE facility, which provides control and access to the shared fiber optic backboard, and the proprietary cables. This collected data is then funneled into the corporate networks of AT&T BLARNEY local area network (HIGHDECIBEL) and then into the corporate AT&T network to the codename PINWALE (RAGTIME) servers which harvest based on dictionary tasked terms. But, all of the aforementioned networks, access points, and hard drives all fall under the umbrella of codename FAIRVIEW. AT&T or Verizon controls the fiber optic or copper cables when they enter the cable subterranean vault, and AT&T operated the initial router or multiplexer that handled the cable/fiber that enters the building. Then AT&T runs the PINECONE SCIF inside TITANPOINTE which they hand off to another router/multiplexer in a “colocation” interconnection point and hand off the data from AT&T at that point over to the NSA under an interface called WEALTHYCUSTER (and NSA machine – the first NSA machine in the stream) which stiches together bits and bytes to reconstruct the intercepted data, which is then forwarded to another NSA owned and operated system called MAILORDER, which then sends the data to an AT&T gateway between MAILORDER and BLARNEY, and then to NSA leased lines to the NSA server called PINWALE (RAGTIME).
TITANPOINTE is a building that is armored to withstand attack – presumably from peasants with pitchforks and torches. There are other buildings around the country that look like this. There’s one in Anacostia near Washington, that looks like it was designed by the same architect; I keep meaning to go down there and see if I can get some pictures and look at the building’s security.
This stuff all sounds like chemtrails, doesn’t it? But the story is entirely consistent across all the disclosures. Snowden’s NSA-authored powerpoint slides show the outlines of the system.
The specifications of the collection system are surreal: [ars]As of July of 2009, relationships with three telecom companies provided access to 592 10-gigabit-per-second pipes on the cables collectively and 69 10-gbps “egress” pipes through which data could be pulled back.
… suck up all the chat, messaging, email, browsing “metadata” (the URLs people enter, and a codex of text words in the HTML that is returned) It’s nice to see international cooperation at such a level, isn’t it?
But, wait! See that bottom bit? Embassies or Consulates. What’s in New York?
I hadn’t heard of Katharine Gun. I wish we all had, when it was the right time. Daniel Ellsberg writes about her: [cons]
But actually, the leak didn’t come from “someone very high” in GCHQ. The whistleblower turned out to be a 28-year-old linguist and analyst at the agency, Katharine Gun, who had chosen to intervene against the march to war.
As Gun has recounted, she and other GCHQ employees “received an email from a senior official at the National Security Agency. It said the agency was ‘mounting a surge particularly directed at the UN Security Council members,’ and that it wanted ‘the whole gamut of information that could give U.S. policymakers an edge in obtaining results favorable to U.S. goals or to head off surprises.'”
In other words, the U.S. and British governments wanted to eavesdrop on key UN delegations and then manipulate or even blackmail them into voting for war.
I remember how those events unfolded, but like all Americans I had no idea, because the establishment press didn’t carry any of that story, over here.
While scarcely reported in the U.S. media (despite cutting-edge news releases produced by my colleagues at the Institute for Public Accuracy beginning in early March of 2003), the revelations published by the Observer caused huge media coverage across much of the globe – and sparked outrage in several countries with seats on the Security Council.
“In the rest of the world there was great interest in the fact that American intelligence agencies were interfering with their policies of their representatives in the Security Council,” Ellsberg noted. A result was that for some governments on the Security Council at the time, the leak “made it impossible for their representatives to support the U.S. wish to legitimize this clear case of aggression against Iraq. So, the U.S. had to give up its plan to get a supporting vote in the UN.”
The fig-leaf was unavailable, so the US and United Kingdom launched their illegal war of aggression, anyway. Perhaps this will help you understand why I don’t pay much attention to the “Russia hacking US election” kerfuffle: it’s not even a blip on the radar screen. Russian and Chinese hacking is little league ball. It is, literally, not worth the world’s attention compared to the stuff the US does and has been doing for decades.
For one thing, you need to understand that all that stuff about warrants is just window-dressing. They already have your data. The warrant is so they can admit they have it.
The “New York Reach-Around” is very well documented [here]. I must note that I did not see a single thing in that document that contradicts what has been disclosed by multiple whistle-blowers and leaks.
Link farm by Institute for Public Accuracy [ipa] regarding Katherine Gun and the surveillance related to the Iraq war maneuvering at the UN.
Mexicans and Chileans put two and two together, regarding pressure they were getting about the UN vote: [ipa]
Adolfo Aguilar Zinser, Mexico’s U.N. ambassador at the time, has charged that the U.S. spied on a private meeting of six swing countries on the Security Council aimed at a compromise. Zinser told the Observer: “The meeting was in the evening. They [U.S. diplomats] call us in the morning before the meeting of the Security Council and they say: ‘We appreciate you trying to find ideas, but this is not a good idea.'”
[wired] FBI has its own entire system that parallels NSA’s, because – you know – spooks and cops don’t play nice with each other. But in the waning days of the Obama Administration, Obama allowed NSA to give FBI a view into its collection stream “before privacy controls are applied” – i.e.: they can query the raw archive. The archive of everything the “Five Eyes” share.
If any of this shit actually worked, why is there any terrorism, anywhere? That’s a facetious question. Here’s a better one: given the NSA and FBI’s intercept and search capability, why aren’t they rolling up potentially violent white supremacist groups? They absolutely, certainly, definitely, had all the white supremacist coordinating committee’s message traffic before Charlottesville. I guess they were too busy looking for traffic in Arabic.
jazzlet says
I have seen the Bude intercept station that Campbell talks of, we were going to Coombe https://www.landmarktrust.org.uk/Search-and-Book/landmark-groups/coombe/ to celebrate a significant birthday of my father’s with other members of the family. Driving along the small coast road in the dark of a January night, following the directions to Coombe we suddenly came aross this fenced in, brightly lit installation of blocky buildings and huge statellite dishes which wasn’t mentioned in our directions at all. Our immediate assumption was that it was some sort of listening place because it wasn’t labelled in any way nor mentioned in our directions, despite being the most obvious landmark on that road. It was a surreal encounter looming up out of the dark on the way to a rural holiday, although it did explain the quality of what was theoretically a minor country road.
I am probably more comfortable with talking about this stuff than you clearly are as most of my family are Labour activists, as I was back in the eighties and I read the Duncan Campbell article in The New Statesman back when it was published. Also the articles about the MI6 files of various Labour politicians that they accessed when they got into power. The revelations about police infiltrators of ‘dangerous’ environmental groups etc etc. We knew that our security services watched us. Yes, it sounds like classic conspiracy theory talk, except that there is no doubt it is real.
Marcus Ranum says
jazzlet@#1:
I am probably more comfortable with talking about this stuff than you clearly are as most of my family are Labour activists, as I was back in the eighties and I read the Duncan Campbell article in The New Statesman back when it was published. Also the articles about the MI6 files of various Labour politicians that they accessed when they got into power. The revelations about police infiltrators of ‘dangerous’ environmental groups etc etc. We knew that our security services watched us. Yes, it sounds like classic conspiracy theory talk, except that there is no doubt it is real.
Since I’m a computer security industry “insider” I always assumed that my peers were considering the general good and thinking a bit about what they were doing. The idea of building systems like this, all in the service of endless nationalism, is so strange to me I naively didn’t think anyone would be so stupid. It ought to be obvious that once someone builds such systems, they eventually will become the target of their own systems. To my peers: “Thanks a lot, guys!”
Driving along the small coast road in the dark of a January night, following the directions to Coombe we suddenly came aross this fenced in, brightly lit installation of blocky buildings and huge statellite dishes which wasn’t mentioned in our directions at all.
That must have felt like something right out of the X-files. If I worked at a place like that I’d be tempted to troll people by putting up “Umbrella Corp” signs in key places.
Another thing about it: it’s all a huge waste of money, really. Tapping an entire communications infrastructure is just sloppy. I’m sure they think it’s all clever and stuff because it’s an interesting technological challenge but, sheesh, if they wanted to monitor the UN there are more direct and simpler ways. With these vast systems they could a) stop all spam b) shut down all the malware command and control c) detect any Russian online troll farms and – presumably – reroute their traffic to a black hole d) detect corrupt politicians e) reveal the communications between the Trump campaign and Wikileaks f) map and identify the planners of white supremacist terror marches – etc. They have this vast and powerful and inanely expensive system that they can’t directly use because if they use it then they have to admit that they have it and that they coldly and repeatedly violated the 4th amendment decades ago. So: it stays secret and only serves the establishment not the people who paid for it and for whom it was supposedly built.
Ieva Skrebele says
Politicians regularly spend lots of time talking about these kinds of unimportant questions. The media have all those front page articles about this, because, well, that’s what politicians are apparently concerned about. All this seems like just a distraction, a sort of smokescreen, that’s used to ensure that voters don’t notice, don’t think about the important questions. In Latvia politicians spend all this time talking about crap like “family values,” or preservation of Latvian language (should education in Russian language be banned in Latvian public schools?), basically the local equivalent of “God, guns and gays.” But the interesting and important questions? Nobody talks about them publicly, they are decided in secret and behind closed doors. I’m getting the impression that politicians intentionally make lots of fuss about the unimportant issues in order to keep media and voters distracted and busy with something.
Wow, that’s naïve. Even as a child I was more cynical than that. I’m not even sure why I got so cynical at such an early age. Maybe because my mother taught me to always expect the worst from people?
Come on, you know that for millennia people have been obediently building systems that were used for their own oppression. Why should programmers be any different than everybody else? If it was so easy to crate spying systems in, for example, communist countries, why should U.S. be any different?
I don’t think the elites even care about any of these possible improvements you just listed. Stopping spam and shutting down malware? Who cares, it’s not like rich people worry about spam and malware. Detecting corrupt politicians? I’d say that those who are making decisions are corrupt politicians themselves, so why should they want a system that allows detecting their illegal activities?
sonofrojblake says
It’s long been an ambition of mine to fly low over Menwith Hill. It’s about a sixty km flight from where I normally take off, and I’ve got within about ten km of it. One day, perhaps…
AsqJames says
I wonder if Mark Thomas is still running his Menwith Hill Balloon club? https://www.youtube.com/watch?v=epWTJUajIdI (the sound is terrible, but I couldn’t find a better version)
jazzlet says
AsqJames @#5 Love me some Mark Thomas, thanks.
Marcus Ranum says
AsqJames@#5:
I wonder if Mark Thomas is still running his Menwith Hill Balloon club?
I have to confess I’d never even heard of him before. That was hysterical! Especially spying on the embassy. I love old school British surrealist humor.
Marcus Ranum says
sonofrojblake@#4:
It’s long been an ambition of mine to fly low over Menwith Hill.
Please don’t. Those are Americans down there and they probably have anti-aircraft missiles.
Marcus Ranum says
Fun fact: Facebook spent approximately $1.5billion on its network and infrastructure last year.
This stuff costs several times that.
Marcus Ranum says
Ieva Skrebele@#3:
Come on, you know that for millennia people have been obediently building systems that were used for their own oppression. Why should programmers be any different than everybody else? If it was so easy to crate spying systems in, for example, communist countries, why should U.S. be any different?
You out-cynical’d me. I yield.
Dunc says
Mark Thomas is a very funny guy who, among many other things, wrote a funny book about an unfunny subject: the international trade in weapons and “security equipment”. The book is called “As Used on the Famous Nelson Mandela, which is a direct quote from an actual “security equipment” catalogue. It’s worth reading. I particularly enjoyed the bit where he helps a bunch of schoolkids set up as international arms dealers and acquire the necessary export licenses to sell guns to some African despot in violation of a UN embargo as part of a school project…
(I’m putting “security equipment” in scare quotes for two reasons: One, because while it’s illegal to sell weapons and weapon components to countries under UN Arms Embargoes without the proper paperwork [paperwork which can be fairly easily acquired, but anyway…], the restrictions are a lot looser for “security equipment”, and so a lot of things that you or I might regard as weapons get classified as “security equipment”. Two, because a lot of the things classified as “security equipment” would be more accurately described as implements of torture.)
Marcus Ranum says
Dunc@#11:
Mark Thomas is a very funny guy who, among many other things, wrote a funny book about an unfunny subject: the international trade in weapons and “security equipment”. The book is called “As Used on the Famous Nelson Mandela, which is a direct quote from an actual “security equipment” catalogue. It’s worth reading.
Oooh. Queued. Thank you.
Two, because a lot of the things classified as “security equipment” would be more accurately described as implements of torture.
Janes used to have a counter-insurgency goods listing; I think they stopped. It was all rubber bullets and cattle prods and stuff. Mostly made in USA! (#AMERICANJOBS) Aaaah, right: it’s only $20! [amzn] It’ll keep you up at night if you read between the lines. “Counter-insurgency” being the hip name for “protesters.”
I’d always wondered how hard it is to get an end-user certificate. There are certain things that would be very nice to have lots of. Like, think how fun it would be to show up at a protest with riot gear and riot shields just like the cops, except saying “TAXPAYER” on them. If you have an end-user certificate you could simply claim that you were field testing the product.
AsqJames says
I’m glad that went down well – I nearly mentioned “As Used on the Famous Nelson Mandela” too as I thought it would be right up MR’s street, but I didn’t want to come off as too much of a Mark Thomas fanboy! He brilliantly exposes the absurdity of states and governments…usually by following the rules exactly and taking them to their logical, but farcical, conclusions. The “mass lone demonstrations” around Parliament being a prime example.
Ieva Skrebele says
That would be hilarious. I’d love to see this. I wonder whether one could get away with this, though. There might be some law that forbids this.
Another fun fact: A few months ago I tried telling a friend about all this. He didn’t believe me. His answer was, basically, that this kind of crap would require an enormous amount of money and therefore it cannot be true—there’s no way governments would spend so much money on something so stupid.
avalus says
Thank you for exposing me to Mark Thomas, Brilliant!