The Snowden Files: The Inside Story of the World's Most Wanted Man
Page 13
Unsurprisingly, given their history, both countries’ spy agencies wanted to exploit their good luck and tap into all these submarine cables in order to eavesdrop. As technology changed, the two organisations had successively intercepted radio traffic, then microwave beams and ultimately satellite links. It was logical to seek now to break into the floods of internet and phone data which were travelling by the latest fibre-optic systems.
Postwar Britain originally won its place in the so-called ‘Five Eyes’ electronic spying team, along with Australia, Canada and New Zealand, by handing over access to a network of listening stations across the globe in Cyprus, Ceylon, Hong Kong, South Africa, Diego Garcia, Ascension Island and such Middle East client states as Oman. But with the loss of empire, some of that advantage evaporated.
Britain also gave the US two satellite stations of its own on British soil – Menwith Hill (known as ‘MHS’), on the southern edge of the Yorkshire Dales, and Croughton, which handles CIA communications. But the Brits constantly had their hands held out for cash. As one GCHQ chief, Sir David Omand, was heard to say optimistically: ‘We have the brains: they have the money.’
Thanks to Snowden we know to what extent, at least partially. In the period 2009 to 2012 the US government paid GCHQ at least £100m. In 2009 the NSA gave GCHQ £22.9m. The following year the NSA’s payments rose to £39.9m. This included £4m to support GCHQ’s work for NATO forces in Afghanistan, and £17.2m for ‘mastering the internet’. The NSA paid a further £15.5m towards redevelopments at GCHQ Bude. The gesture ‘protected (GCHQ’s core) budget’, at a time of austerity by David Cameron’s coalition. In 2011/2012 the NSA gave another £34.7m to GCHQ.
British officials sniff that the sums are tiny. ‘In a 60-year alliance it is entirely unsurprising that there are joint projects in which resources and expertise are pooled,’ a Cabinet Office spokesman says. But the cash gives the NSA further leverage. In one 2010 document, GCHQ acknowledges that Fort Meade had ‘raised a number of issues with regards to meeting NSA’s minimum expectations’. It said GCHQ ‘still remains short of the full NSA ask’.
Lurking always is the spectre of US displeasure. One internal paper warns: ‘The NSA ask is not static and retaining “equability” will remain a challenge in the near future.’ The UK’s biggest fear, says another, is that ‘US perceptions of the … partnership diminish, leading to loss of access and/or reduction in investment … to the UK.’
In other words, the British needed to keep up and demonstrate their worth. They were only a tenth of the size of their US partners. If they fell behind technically, the mighty NSA might cease intelligence-sharing, and Britain’s ability to punch above its weight in the world could end ignominiously.
It was against this background that the GCHQ director in charge of ‘mastering the internet’ wrote a pitch for a new British project on 19 May 2009. He asserted that the agency had been struggling with changes in technology: ‘It’s becoming increasingly difficult for GCHQ to acquire the rich source of traffic needed to enable our support to partners within HMG [Her Majesty’s government], the armed forces and overseas.’
But a breakthrough was in sight, he said. Experiments had been taking place for two years at Bude, and had been crowned with success.
The problem was not so much to tap into the internet pipes – both the US and the UK could do that. It was to find a method of reading and analysing the torrents of data within the tapped cables, as they rushed past at speeds of at least 10 gigabytes per second.
GCHQ’s achievement was to be able to build a gigantic computerised internet buffer. The buffer could store traffic. Analysts and data miners would then be able retrospectively to sort through this vast pool of digital material. Full content, such as email messages, could be kept available for three days, and the less bulky metadata, such as email contacts and subject lines, for as much as 30 days. Uninteresting material such as peer-to-peer downloads of movies would be filtered out.
From the residue the spy agencies would, with luck, glean usable intelligence about targets of interest. The system was analogous to a gargantuan catch-up TV service where you could go back and watch any broadcast you’d previously missed.
At Bude, several key transatlantic fibre-optic cables made landfall close by. They could therefore be tapped into relatively cheaply and the data diverted the short distance to RPC-1 – a new ‘Regional Processing Centre’ secretly constructed on-site by a consortium of private firms, led by Lockheed Martin with BAE Systems’ subsidiary Detica and software company Logica. The process of furtive extraction had its own acronym: SSE, for special source exploitation.
By March 2010, analysts from the NSA had been allowed some preliminary access to the Bude project, initially codenamed TINT, then christened TEMPORA. It was described as a ‘joint GCHQ/NSA research initiative’. It uniquely ‘allows retrospective analysis’ of internet traffic.
Soon GCHQ was boasting of major achievements. ‘We are starting to “master the internet”. And our current capability is quite impressive.’ One document spoke of 2 billion users of the internet worldwide, with over 400 million regular users of Facebook, and a 600 per cent increase in mobile phone traffic from the year before. The agency believed it was on top of these developments. The report claimed the UK now had the ‘biggest internet access in Five Eyes’.
Not everything was perfect. The memo noted that American service providers were moving to Malaysia and India, with the NSA ‘buying up real estate in these places’ in a scramble to keep up. ‘We won’t see this traffic crossing the UK. Oh dear,’ the author said, suggesting Britain should follow suit and ‘buy facilities overseas’.
But the general tone of GCHQ’s 2010–2011 mid-year review was cheery. It stated that in one 24-hour period the agency had been able to process and store ‘more than 39 billion events’, ‘increasing our capability to produce unique intelligence from our targets’ use of the internet’. Apparently this meant GCHQ had managed to collect 39 billion pieces of information in a single day.
The NSA was impressed with British efforts. In a 2011 ‘Joint Collaboration Activity’ report it said that the UK now ‘produced larger amounts of metadata than the NSA’. By May 2012 it was reported that a second internet buffering centre had been constructed at Cheltenham, within the vast circular state-of-the-art headquarters complex its 6,000 staff generally referred to as ‘the doughnut’. A third overseas processing centre was also successfully organised and built at a location in the Middle East. The whole program was capable of collecting ‘a lot of data!’ Using TEMPORA, more than ‘300 GCHQ and 250 NSA analysts’ now had access to ‘huge amounts of data to support the target discovery mission’.
Snowden’s files show just how closely British and US intelligence personnel work alongside each other. While working for the CIA in Geneva, Snowden himself visited Croughton, the CIA communications base 30 miles north of Oxford in rustic Northamptonshire. Writing as TheTrueHOOHA, Snowden said he was struck by the large number of sheep grazing nearby in green fields – a classic English scene.
The NSA has had its own operations branch at GCHQ Cheltenham since the 1950s, as well as in London; GCHQ staff work at MHS. With some advance warning other GCHQ employees from Cheltenham can visit the heavily protected US outpost.
The NSA has a senior US liaison officer attached to the UK intelligence community known as SUSLO; his British counterpart operating in Washington under diplomatic cover is called SUKLO. Lesser GCHQ employees are assigned to practically all NSA facilities; they are called ‘integrees’. There is even a GCHQ staffer at the NSA’s tropical base in Hawaii, where Snowden worked.
Typically GCHQ employees do at least one stint at an NSA facility. The agency provides a helpful glossary for the Brits on American life; it gives tips on car hire and points out that in the US a boot is a ‘trunk’. There are joint meetings, training courses, exchange visits, cryptological workshops and celebratory dinners. And, one suspects – though Snowden’s documents don’t tell
us this – the odd inter-agency romance.
This intelligence-swapping arrangement dating back to 1947 has been a success story. One document speaks of ‘another fine example of NSA and GCHQ working well together’. The Anglo-American SIGINT partnership is often warm on a personal level, beneficial to both parties and historically enduring. You might call it a marriage.
The files, meanwhile, offer a rare insight into the cloistered world of British spying. Salaries of GCHQ staff may be low but the organisation offers its linguists and mathematicians lots of leisure activities: pub quiz nights, cake sales, trips to Disneyland Paris and an internal puzzle letter called Kryptos. It even has its own social networking site, SpySpace. The main drawback to a GCHQ career is the agency’s provincial location. ‘Be prepared to describe where Gloucestershire is,’ a GCHQ recruitment guide says.
*
One particularly sensitive aspect of TEMPORA is the secret role played by telecoms companies which own or manage the fibre-optic cables. GCHQ calls them ‘intercept partners’, liaison with whom is handled by ‘sensitive relationship teams’. They include some of the world’s leading firms. BT, the main intercept partner, is codenamed ‘REMEDY’, Verizon Business ‘DACRON’, and Vodafone Cable ‘GERONTIC’. Four smaller providers also have codenames. In 2009, Global Crossing was ‘PINNAGE’, Level 3 ‘LITTLE’, Viatel ‘VITREOUS’ and Interoute ‘STREETCAR’.
Between them these companies help intercept most of the cable links touching the UK. They have British landing points at Lowestoft, Pevensey Bay, Holyhead (linking the UK to the Republic of Ireland), Whitesands Bay, Goonhilly and other seaside towns.
The company names are classified even higher than top secret, as ‘Strap 2 ECI’ – ‘exceptionally controlled information’. Exposure might presumably lead to customer unhappiness. One leaked document warns of potential ‘high-level political fallout’ if the firms’ identities become public. Intelligence sources stress that the companies have no choice. As in the US, they can use the excuse that they are compelled by law.
Thanks to this corporate co-operation, for which the telecoms companies are paid substantially by the British taxpayer, GCHQ was handling 600 million ‘telephone events’ a day by 2012. It had tapped more than 200 fibre-optic cables which touched the UK. It was able to process data from at least 46 of them at a time. This is indeed a lot of data – more than 21 petabytes a day – and the equivalent of sending all the information in the British Library 192 times every 24 hours.
Yet inside GCHQ there is still anxiety that the organisation will fall behind. One of the team responsible for managing TEMPORA sets out how the agency’s ‘mission role’ grew. New techniques had given GCHQ access to huge amount of new data or ‘light’ – emails, phone calls and Skype conversations. ‘Over the last five years, GCHQ’s access to “light” [has] increased by 7,000 per cent.’ The amount of material being analysed and processed had increased by 3,000 per cent, he said – an astonishing figure. The agency was ‘breaking new ground’ but also struggling to keep up. ‘The complexity of our mission has evolved to the point where existing management capability is no longer fit for purpose.’
An internal review for 2011/2012 also warns: ‘The two major technology risks that GCHQ has to face next year are the spread of ubiquitous encryption on the internet and the explosion in the use of smartphones as mobile internet devices. Over time, both of these technologies could have significant effect on our current tradecraft.’
The agency predicts that by 2015, 90 per cent of all internet traffic will come from mobile phones. There were already 100 million smartphones around the world in 2012. The mobile was the ‘most prolific customer product ever invented’. GCHQ was launching a new project to ‘exploit mobile devices’, the document said. It meant ‘getting intelligence from all the extra functionality that iPhones and BlackBerrys offer’. GCHQ’s end goal was: ‘to exploit any phone, anywhere, anytime’.
TEMPORA and allied projects may be impressive. But in inventing them, the western espionage agencies seemed oblivious to the larger picture: that the state was now indiscriminately collecting the communications of millions of people, without their knowledge or consent.
In the past, British spooks attached crocodile clips on copper wires to eavesdrop on the phone calls of thieves and villains or Irish Republican terrorists. These were individual targets approved on individual ministerial warrants: the identifiable bad guys. Now, though, the NSA and GCHQ were hoovering up data from everyone on a Brobdingnagian scale. This included data from a majority of people who were entirely innocent.
Officials insist they don’t have the analysts to sift through all this private correspondence. One told the Guardian: ‘The vast majority of the data is discarded without being looked at … we simply don’t have the resources.’ He said: ‘If you had the impression we are reading millions of emails, we are not. There is no intention in this whole program to use it for looking at UK domestic traffic – British people talking to each other.’ The head of GCHQ, Sir Iain Lobban, publicly repeats the spies’ favourite analogy of a ‘vast haystack of data’, containing needles.
The haystack does, of course, consist of the communications of both Britons and foreigners. GCHQ’s mass sweepings included among other things the contents of cables linking the international data centres belonging to Google and Yahoo, where they passed across British territory.
The British spies quote obscure UK legislation dating from 2000, which permits unrestrained foreign intelligence-gathering. They say this Regulation of Investigatory Powers Act (RIPA) allows them to bulk-collect all ‘external’ internet communications. ‘We turn somersaults to obey its spirit and letter,’ one said. The word ‘external’ is interpreted – some would say twisted – to mean anything tapped from a cable that has at least one foreign end. Because of the way internet links work, this means that anyone in Britain who sends an email is often also talking to GCHQ. Not something the ordinary paying customer who signs up to BT and Google can find on their contract, even in the very smallest print.
Both the British and the Americans can make secret searches inside this ‘haystack’ of mass data for patterns of behaviour, for contact chaining of groups of friends and for target individuals. Secret letters signed by British foreign secretaries – the first was Labour’s David Miliband in 2009, the next the Conservatives’ William Hague – apparently authorise queries made with a view to investigating foreign political intentions, nuclear proliferation, terrorism, serious financial crime and the UK’s ‘economic wellbeing’. How is this policed? Government lawyers have since demonstrated in British cases that the word ‘terrorism’ is capable of being interpreted very widely.
When GCHQ staff succeed in supplying their US partner with valuable intelligence, they brag about it. This happened, they say, on at least two recent occasions: the first involved underwear bomber Umar Farouk Abdulmutallab, who in 2009 tried to blow up an airliner bound for Detroit. The second took place five months later when Faizal Shahzad, a 30-year-old US citizen who was born in Pakistan, attempted a car bombing in New York’s Times Square.
The NSA was ‘delighted’ with GCHQ’s ‘unique contributions’ against the US bombers. There is no clue as to what these exact contributions were. For its part, the NSA helped GCHQ with the investigation following the devastating 7/7 atrocities in London in 2005. It was the worst attack in London since the second world war. Four suicide bombers blew up three Tube trains and a bus, killing 52 people.
GCHQ denies routinely circumventing the Five Eyes’ own self-denying rules and carrying out spying on US citizens on the NSA’s behalf. And the NSA denies providing the same ‘revolving door’ service when it comes to collecting intelligence on UK nationals.
Unfortunately, Snowden’s documents appear to give the lie to such claims. He unearthed NSA memos from 2005 and 2007 implying that sometimes the two agencies do target each other’s citizens. The NSA is allowed to include Britons in its mass surveillance databases, ‘when it is i
n the best interest of both nations’. Furthermore, a procedure is detailed under which the NSA will even spy on UK citizens behind the backs of the British. ‘Under certain circumstances it may be advisable and allowable to target second-party persons and second-party communications systems unilaterally, when it is in the best interests of the US, and necessary for US national security.’
So the Five Eyes’ claim that the gentlemanly western partners do not spy on each other seems simply false. All these dismaying disclosures and the subsequent international uproar meant that – as the leakers and journalists involved were soon to discover – their boldness was making the secret spymasters on both sides of the Atlantic very angry indeed. Snowden himself, Glenn Greenwald and the British reporters back in London at the Guardian were all shortly to feel the effects of that rage.
9
YOU’VE HAD YOUR FUN
The Guardian offices, Kings Place, London
June 2013
‘Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.’
JOHN MILTON,
Areopagitica
Up on the otherwise silent third floor of Kings Place, a late-night cleaner steered his Hoover around the group clustered at a computer. He was busy chatting in Spanish on his mobile as he passed, and did not seem to register their unease at the sight of him.
Under the eye of deputy editor Paul Johnson, a painfully slow assembly and formatting process was taking place through the night, not to the normal online Guardian network, but on to a big orange LaCie external hard drive – one of the few unused items on the premises capable of holding scores of gigabytes. The stuff was Snowden’s – thousands of highly classified leaked documents in a heavily encrypted form.