The Edward Snowden Affair (20 page)

An accompanying 51-page disclosure
⁶⁸
discusses Stellar Wind. The report includes a signed, 16-page 2007 Department of Justice memo
⁶⁹
requesting the NSA be granted the authority to surveil “communications metadata associated with United States persons and persons believed to be in the United States.”
⁷⁰
The memo followed then-Secretary of Defense Robert Gates’ October 2007 signature verifying the accompanying “Supplemental Procedures” pertaining to Internet metadata.

The memo’s justification rests upon the intelligence agency already housing a large amount of American data and believing “[ … ] it is over-identifying numbers and addresses that belong to United States persons and that modifying its practice to [contact] chain through all telephone numbers and addresses, including those reasonably believed to be used by a United States person, will yield valuable foreign intelligence information primarily concerning non-United States persons outside the United States.” It is paradoxically admitting that there is already too much information but nonetheless wants the NSA’s “hop” policy to be made legal.

Though this form of collection does not include the content of emails, Internet metadata reveals who is sending and receiving emails (the information appearing on all of an email’s address lines) and discloses a user’s IP address, which can reveal an individual’s location. Greenwald considers the greatest privacy violation to be IP address retrieval. Yet he makes a novice IT assumption.

He defers to Julian Sanchez of the Cato Institute who, though he is not incorrect in his information relating to IP logs, was obviously confused about what Greenwald was asking. Sanchez states a user’s IP log reveals what websites a person has visited, in what order and how frequently. In essence, an IP catalog provides a biography of a person’s thoughts as they occur. As with Verizon, AT&T and other providers’ metadata collections, this type of information permits an analyst to easily assess a person’s interests, habits and proclivities.

However, a static IP address listed in the header of an email is inactive. For an analyst to retrieve the contents of an IP log and exploit its recording device—in this case what is referred to as a first-person cookie—an individual would have to either have been granted access to that particular computer or hacked it. The most common hacking method for this type of information retrieval is the insertion of spying software or “spyware.” Greenwald fails to make a distinction between static and kinetic IP addresses or expound upon how an IP log can be captured.

Greenwald goes on to play attorney and lets the government attempt justification before deconstructing its reasoning. Deputy Attorney General James Cole told the House Intelligence Committee on June 18, “Toll records, phone records like this [i.e., telephone metadata], that don’t include any content, are not covered by the Fourth Amendment because people don’t have a reasonable expectation of privacy in who they called and when they called. That’s something you show to the phone company.” Greenwald is quick to point out that unlike a telephone invoice, Internet billing does not include an itemized report of whom a person emailed or what websites were visited during the preceding month. The same logic can be applied to other personal records an individual shares with another party but nonetheless has a “reasonable expectation” to assume will remain confidential, such as medical records.

Others have compared metadata to the information on the outside of a mailed envelope.
⁷¹
A letter’s mailing instructions include who is writing and from what location, who is receiving the missive and at what location, and when the exchange is taking place. This is vital transmission data which allows material to be delivered. Though a postal carrier can see this information, the individual is not permitted to view the contents of the envelope. However, unlike the federal government’s approach to electronic metadata, only the trusted third party—the postal service—has been granted permission by the sender to access the envelope’s transport information. The only other person aside from the postal worker who is legally permitted to handle the envelope, as well as read its contents, is the addressee. Using this analogy, only a contracted carrier, be it the postal service or an electronic communication company, has the right to access delivery data. Yet the argument would prove futile. The U.S. Postal Service would admit a little over a month later it takes photographs of every piece of mail it receives and transports.
⁷²
This is reportedly done to ease the processing burden but the files are kept on record and freely surrendered upon receipt of a government request.

Stellar Wind was grossly ineffective. Intelligence agents referred to the program’s target profiles as “Pizza Hut cases” because 99 percent of red flags were triggered by fast food takeout orders.
⁷³
Somewhat dubiously, since Stellar Wind’s objective was to track potential terrorist activity, the program was responsible for unveiling former New York governor Eliot Spitzer’s solicitation of prostitutes.
⁷⁴

As with his report on Obama’s order to draw up a global cyberattack hit list, Greenwald’s article does not reveal previously unknown information. Its novelty is that it confirms and expounds upon what is suspected by providing official documentation. In spite of this, the article remains somewhat vague. Greenwald announces more invasive surveillance measures commenced in 2007, but the disclosed memo is merely a request. No known finalized, signed law confirms that in its later stages Stellar Wind’s Internet mining unapologetically included United States citizens directly, only incidentally. Snowden obviously could not locate or access such incendiary materials if they do exist. However, in Greenwald’s defense, the report was merely a primer for current United States surveillance practices.

In “How the NSA is still harvesting your online data,” Greenwald opens by rejecting the Obama administration’s claim that domestic Internet surveillance had ceased in 2011. He states it is clear a division within the NSA called the Special Source Operations (SSO) Directorate, “collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets.”

Though he cannot confirm it is Stellar Wind’s immediate successor, “EvilOlive” is presumed to be the replacement program the SSO announced the day after Christmas in 2012. Its purported ability to get 75 percent of traffic to “pass through the filter” is the result of having “opened the aperture” so more data can be “identified, selected and forwarded to NSA repositories.” Given its characteristics, EvilOlive appears to be the American response to Tempora.

EvilOlive’s vague nature could be self-sustaining or a component or complement to another program periodically mentioned in the referenced documentation, “ShellTrumpet.” Five days after EvilOlive was activated, an SSO official bragged that ShellTrumpet had just processed its one-trillionth metadata record. Though it was in its fifth year of operation, half of the data it had vacuumed up was collected during 2012. ShellTrumpet capabilities include “near-real-time metadata analysis” and “direct email tip alerting.” Since the program operates in “near-real-time,” “direct email tip alerting” may refer to triggers which call an analyst’s attention to a target having just received an electronic message or, as suggested by its prefix, a filter which alerts the NSA to the mention of a person, item or activity within the content of an email.

Greenwald relays that “a substantial portion” of the data which the NSA analyzes is provided by allied governments, most likely the other Four Eyes. By at least August 2012, GCHQ began providing its American counterpart with data through a program titled “Transient Thurible.” Greenwald reports U.S. intelligence was also expanding its collection capabilities at this time. A February 6, 2013, SSO disclosure mentions the addition of two more programs by September 2013: “MoonLightPath” and “Spinneret.”

Greenwald’s return is somewhat disappointing. Though his report on Stellar Wind is more thorough, it contains inaccurate IT data, fails to provide the final chapters of the program’s history, and is inconclusive. (This is perhaps due to Snowden not being readily available after his Russian arrival;
⁷⁵
he and Greenwald purportedly remained in steady contact after Hong Kong.
⁷⁶
) Granted, it is a springboard for what he wants to discuss—contemporary American domestic surveillance programs—but his companion article pales by comparison. His exposé on EvilOlive and ShellTrumpet, which may or may not be the primary mechanisms for U.S. domestic spying, is emaciated and fails to provide a clear, convincing picture of the NSA’s current operations. Greenwald even admits, “It is not clear how much of this collection concerns foreigners’ online records and how much concerns those of Americans. Also unclear is the claimed legal authority for this collection.” The referenced documentation to the various programs could conceivably be the result of delicate information which
The Guardian
was not comfortable releasing. As witnessed with previous partially redacted disclosures where, at times, a censored slide bore little more than its title, the possibility exists that nothing of interest would have remained for Greenwald’s audience post-redaction. Yet, unlike all of his preceding articles, his EvilOlive report did not attempt to confirm the documentation or add comment.

While the U.S. Army spent the day attempting to justify the decision it had made 24 hours before to include filtering The
Guardian’s
website as part of its routine Internet “network hygiene,”
⁷⁷
the German periodical
Der Spiegel
ran the first of many Poitras-produced editorials on June 29.
Der Spiegel
is a German-language weekly with a circulation of over one million subscribers.

The article “NSA Spied on European Union Offices”
⁷⁸
opens by citing a classified September 2010 document retrieved by Snowden proving U.S. intelligence “not only conducted online surveillance of European citizens” but surveilled EU offices in Washington and the New York headquarters of the United Nations. Audio bugs were installed, computers hacked and telephone and Internet data was compromised. The EU offices are unapologetically designated as a “location target.”

American intelligence also monitored the member states on their native soil. The NSA allegedly tapped the home of the Council of the European Union, the Justus Lipsius Building in Belgium’s capital, Brussels. “A precise analysis showed that the attacks on the telecommunications system had originated from a building complex separated from the rest of the NATO headquarters that is used by NSA experts.” The on-site European spying is presumed to have taken place no later than 2008.

In a subsequent report, Poitras would remark that almost all foreign diplomatic surveillance is recognized by the U.S. as illegal: “With few exceptions, this electronic eavesdropping not only contravenes the diplomatic code, but also international agreements. The Convention on the Privileges and Immunities of the United Nations of 1946, as well as the Vienna Convention on Diplomatic Relations of 1961, long ago established that no espionage methods are to be used. What’s more, the US and the UN signed an agreement in 1947 that rules out all undercover operations.”
⁷⁹

The festival of disclosures would end with an international double feature starring
The Guardian
and
Der Spiegel
on June 30. MacAskill presented “New NSA leaks show how US is bugging its European allies”
⁸⁰
a few hours before Poitras issued, “NSA Snoops on 500 Million German Data Connections.”
⁸¹
The bookend reports appeared a week before the U.S. was scheduled to discuss free-trade policies with the European Union in Brussels.
⁸²

MacAskill’s work is less of a follow-up than a companion piece to Poitras’
Der Spiegel
debut. It outlines that U.S. intelligence was not only spying on the European embassies in New York and Washington but the previously cited September 2010 document lists a total of 38 missionary “targets,” including France, Italy, Greece, Japan, Mexico, South Korea, India and Turkey.

Each embassy’s spy program was given its own code name. The EU mission at the U.N. office in New York was designated “Perdido” and included a floor plan of the embassy. France’s New York U.N. mission was “Blackfoot,” its Washington operation, “Wabash.” In some cases separate titles were issued to differentiate an embassy from its American surveillance. Operation “Klondyke” focused upon Greece’s U.N. Embassy, “Powell.” Italy’s Washington office was known both as “Bruneau” and “Hemlock.”

Aside from audio bugs and cable interception, the NSA spied using “Dropmire.” Though granted a code name, Dropmire is not a target or assignment: given the context provided by MacAskill, it is a physical espionage device. An accompanying 2007 slide states that Dropmire is “implanted on the Cryptofax at the EU embassy, DC.” Dropmire gathers information as faxes are sent between foreign affairs offices and their respective European capitals. The timing of Dropmire’s incorporation suggests it was installed for the same purpose that G20 surveillance had been initiated. U.S. intelligence sought “knowledge of policy disagreements on global issues and other rifts between member states” after the 2008 banking crisis.

Following less than a week after
Süddeutsche Zeitung
/NGB’s joint TAT-14 report, Poitras’ article focuses upon the NSA’s preoccupation with its G20 partner and U.N. ally, Germany. It relays that American intelligence readily collects German telephone calls, emails, text messages and chat transcripts in bulk. The metadata is stored overseas at Fort Meade, Maryland.

The report is alarming because of America’s alliances with Germany, especially when compared to U.S. surveillance of other European nations. In France the average American data capture is two million pieces of information per day from its 65 million citizens. A normal surveillance day for Germany’s 80 million residents is 15 times as much, 30 million intercepts per diem. Poitras does not attempt to offer conjecture as to why America is overly concerned with Germany. She does highlight that the report is consistent with Boundless Informant’s leaked heat map. Germany is in the same color code as Saudi Arabia, China, Iraq, Lithuania, Afghanistan and Kenya. Snowden’s stolen document also confirms Germany’s immediate response to the Tempora release was accurate. As with TAT-14, the NSA’s main German intercept points are the country’s Internet hubs linking it to the outside world. Though she tries to remain objective by not providing tentative explanations for the intense spying, Poitras succumbs to the temptation to mention that the classified documents explicitly exclude the other Four Eyes—Australia, Canada, New Zealand and Britain—from U.S. intelligence’s prying eyes. Should any of the Five Eyes want to surveil another espionage member, it must first obtain permission.
⁸³