NSA Briefing Slides on Brazil’s President and Advisors, July 2012 [disclosed September 1, 2013] and Petrobas, Brazil’s National Oil Company [disclosed September 8, 2013].
Source: Globo.com, http://g1.globo.com/fantastico/noticia/2013/09/veja-os-documentos-ultrassecretos-que-comprovam-espionagem-dilma.html and http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-states-spied-brazilian-oil-giant.html.
12
James R. Clapper, Director of National
Intelligence, Statement on Allegations of
Economic Espionage
In response to the furor caused by the Brazilian media’s dissemination of Snowden-provided information about U.S. spying against Petrobas, the Brazilian state-owned oil company, James Clapper, the director of national intelligence, issued this statement. The Petrobas disclosure prompted accusations that the U.S. government engaged in economic espionage, a practice it had long denied doing. Clapper responds to these accusations by acknowledging that the U.S. government collects economic and financial intelligence for national security purposes but restating the U.S. position that it does not steal the secrets of foreign companies for the benefit of American enterprises. As Cate and Fidler argue in this volume, Snowden’s disclosures about U.S. economic and financial intelligence gathering undermined U.S. government efforts to distinguish its own actions from economic and commercial spying conducted by other countries, especially China. The U.S. government’s position was not helped when Snowden later disclosed a secret report from 2009 in which the U.S. intelligence community identified a potential need to engage in “technology acquisition by all means,” including cyber operations against foreign researchers and companies, in order to maintain the U.S. edge in innovation and technology.
It is not a secret that the Intelligence Community collects information about economic and financial matters, and terrorist financing.
We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries’ economic policy or behavior which could affect global markets.
Our collection of information regarding terrorist financing saves lives. Since 9/11, the Intelligence Community has found success in disrupting terror networks by following their money as it moves around the globe. International criminal organizations, proliferators of weapons of mass destruction, illicit arms dealers, or nations that attempt to avoid international sanctions can also be targeted in an effort to aid America’s and our allies’ interests.
What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of—or give intelligence we collect to—US companies to enhance their international competitiveness or increase their bottom line.
As we have said previously, the United States collects foreign intelligence—just as many other governments do—to enhance the security of our citizens and protect our interests and those of our allies around the world. The Intelligence Community’s efforts to understand economic systems and policies and monitor anomalous economic activities is critical to providing policy makers with the information they need to make informed decisions that are in the best interest of our national security.
James R. Clapper, Director of National Intelligence, Statement on Allegations of Economic Espionage, September 8, 2013.
Source: Office of the Director of National Intelligence, http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/926-statement-by-director-of-national-intelligence-james-r-clapper-on-allegations-of-economic-espionage.
13
Dilma Rousseff, President of Brazil, Statement to United Nations General Assembly
The Snowden leaks that revealed U.S. surveillance against Brazilian government officials and companies provoked anger and diplomatic action from Brazil’s president, Dilma Rousseff. She canceled an official visit to the United States in September 2013 and, in the same month, blasted the U.S. government in a speech at the UN. Brazil and Germany led efforts at the UN in November and December 2013 to adopt a resolution on the human right to privacy in the digital age (see Document 35 for the text of this resolution). The Snowden disclosures catalyzed the adoption of new legislation in Brazil in April 2014 strengthening privacy protections for Brazilians and ensuring equal access to the Internet. In April 2014, Brazil hosted NETmundial, a Global Multistakeholder Meeting on the Future of Internet Governance, which adopted a statement of Internet governance principles and a road map for the evolution of Internet governance.
. . .
I would like to bring to the consideration of delegations a matter of great importance and gravity.
Recent revelations concerning the activities of a global network of electronic espionage have caused indignation and repudiation in public opinion around the world.
In Brazil, the situation was even more serious, as it emerged that we were targeted by this intrusion. Personal data of citizens was intercepted indiscriminately. Corporate information—often of high economic and even strategic value—was at the center of espionage activity. Also, Brazilian diplomatic missions, among them the Permanent Mission to the United Nations and the Office of the President of the Republic itself, had their communications intercepted.
Tampering in such a manner in the affairs of other countries is a breach of International Law and is an affront to the principles that must guide the relations among them, especially among friendly nations. A sovereign nation can never establish itself to the detriment of another sovereign nation. The right to safety of citizens of one country can never be guaranteed by violating fundamental human rights of citizens of another country.
The arguments that the illegal interception of information and data aims at protecting nations against terrorism cannot be sustained.
Brazil, Mr. President, knows how to protect itself. We reject, fight and do not harbor terrorist groups.
We are a democratic country surrounded by nations that are democratic, pacific and respectful of International Law. We have lived in peace with our neighbors for more than 140 years.
As many other Latin Americans [have], I fought against authoritarianism and censorship, and I cannot but defend, in an uncompromising fashion, the right to privacy of individuals and the sovereignty of my country. In the absence of the right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy. In the absence of the respect for sovereignty, there is no basis for the relationship among Nations.
We face, Mr. President, a situation of grave violation of human rights and of civil liberties; of invasion and capture of confidential information concerning corporate activities, and especially of disrespect to national sovereignty.
We expressed to the Government of the United States our disapproval, and demanded explanations, apologies and guarantees that such procedures will never be repeated.
Friendly governments and societies that seek to build a true strategic partnership, as in our case, cannot allow recurring illegal actions to take place as if they were normal. They are unacceptable.
Brazil, Mr. President, will redouble its efforts to adopt legislation, technologies and mechanisms to protect us from the illegal interception of communications and data.
My Government will do everything within its reach to defend the human rights of all Brazilians and to protect the fruits borne from the ingenuity of our workers and our companies.
The problem, however, goes beyond a bilateral relationship. It affects the international community itself and demands a response from it. Information and telecommunication technologies cannot be the new battlefield between States. Time is ripe to create the conditions to prevent cyberspace from being used as a weapon of war, through espionage, sabotage, and attacks against systems and infrastructure of other countries.
The United Nations mus
t play a leading role in the effort to regulate the conduct of States with regard to these technologies.
For this reason, Brazil will present proposals for the establishment of a civilian multilateral framework for the governance and use of the Internet and to ensure the effective protection of data that travels through the web.
We need to create multilateral mechanisms for the worldwide network that are capable of ensuring principles such as:
1—Freedom of expression, privacy of the individual and respect for human rights.
2—Open, multilateral and democratic governance, carried out with transparency by stimulating collective creativity and the participation of society, Governments and the private sector.
3—Universality that ensures the social and human development and the construction of inclusive and non-discriminatory societies.
4—Cultural diversity, without the imposition of beliefs, customs and values.
5—Neutrality of the network, guided only by technical and ethical criteria, rendering it inadmissible to restrict it for political, commercial, religious or any other purposes.
Harnessing the full potential of the Internet requires, therefore, responsible regulation, which ensures at the same time freedom of expression, security and respect for human rights.
. . .
Source: Statement by H. E. Dilma Rousseff, President of the Federative Republic of Brazil, at the Opening of the General Debate of the 68th Session of the United Nations General Assembly, September 24, 2013, http://gadebate.un.org/sites/default/files/gastatements/68/BR_en.pdf.
14
NSA Document on Cell Phone Surveillance of
German Chancellor Angela Merkel
A document published by Der Spiegel in late October 2013 from information provided by Snowden was taken as evidence that the NSA had been monitoring German chancellor Angela Merkel’s cell phone, probably since 2002. It appears to be a targeting record for Merkel, perhaps from an NSA database. An earlier, unrelated Snowden disclosure identified SYNAPSE as an NSA effort to analyze communications of foreign intelligence targets. German officials were already disturbed by previous Snowden disclosures that indicated that the NSA had engaged in mass surveillance of Germans’ communications. These disclosures prompted Germany to support efforts to strengthen the right to privacy in international law, terminate a Cold War–era intelligence agreement with the United States, and engage in talks with the U.S. government to establish a new intelligence relationship. The revelation about Merkel’s cell phone damaged U.S.-German relations significantly, and U.S.-German relations on intelligence continued to deteriorate. The German government did not renew a contract with Verizon, a U.S. company, because of concerns about security, and expelled the CIA station chief in Germany over allegations (not related to Snowden) that the CIA was attempting to get information through an employee of Germany’s domestic intelligence service. The rancor over Merkel’s cell phone overshadowed other Snowden disclosures reported in the German press that indicated the NSA had close relations with German intelligence agencies, which raised questions in Germany about the activities of its own spies. Adding to the controversy, a German prosecutor investigating the alleged tapping of Merkel’s cell phone stated in December 2014 that he had not found clear evidence the NSA engaged in such activity or even that the document in question came from the NSA.
NSA Document on Cell Phone Surveillance of German Chancellor Angela Merkel (date unknown) [disclosed October 27, 2013].
Source: Wikimedia Commons, http://commons.wikimedia.org/wiki/File:Chancellor_Merkel_rawPhoneNumber.jpg.
15
Wanted by the FBI
In May 2014, the Department of Justice announced to great media attention that it had indicted five members of the Chinese military for violating U.S. criminal law on economic espionage, theft of trade secrets, and computer crimes by hacking computer networks of U.S. companies. The FBI issued wanted posters with the indictment. Commentators noted that the likelihood the U.S. government would prosecute these men was nil, raising questions about why the Obama administration would, in such a high-profile way and in the midst of ongoing Snowden-related turmoil, apply U.S. criminal law against Chinese military personnel. As Fred Cate observes in chapter 2, this indictment invited accusations of U.S. hypocrisy given the scale and intensity of U.S. surveillance and espionage against other countries. The U.S. government appeared to have two objectives in issuing the indictment. The indictment revived a major emphasis in U.S. foreign policy before Snowden came along, the contention that China was engaging in massive economic cyber espionage against companies in the United States and other Western countries. It also reminded other nations that despite the Snowden-generated controversies about U.S. behavior, China remained a clear and present cyber security threat. In this sense, the indictment represented an attempt by the U.S. government to go back on the offensive in international cyber politics while dealing with global fallout from its own spying.
Source: Federal Bureau of Investigation, Wanted Poster, May 19, 2014, http://www.fbi.gov/news/news_blog/five-chinese-military-hackers-charged-with-cyber-espionage-against-u.s.
16
Chinese National Ministry of Defense,
Statement on U.S. Indictment of
Chinese Military Officers
China responded to the U.S. indictment of Chinese military officers in May 2014 with a statement condemning the action while also criticizing the United States in light of “the Snowden affair.” While he was in Hong Kong in June 2013, Snowden had disclosed information about U.S. surveillance and espionage against Chinese government, corporate, university, and individual targets to the South China Morning Post. Later disclosures identified China as a target of U.S. intelligence efforts, which was reported in August 2013 stories identifying China as a primary target for U.S. intelligence activities and offensive cyber operations and in March 2014 stories in the U.S. and German press about NSA activities against Chinese government targets and the Chinese telecommunications company Huawei. The indictment gave the Chinese government the opportunity to use the Snowden disclosures to remind the world about the extent of U.S. surveillance and espionage against it. Such a reminder served deeper Chinese strategic interests in weakening U.S. ideas, interests, influence, and credibility in cyberspace and cyber security matters in international politics.
On May 19 Beijing time, the United States Department of Justice indicted five members of the Chinese military on charges of so-called commercial cybertheft. China expresses its strong indignation and staunch opposition to this, and already had made solemn representations to the United States.
China’s stance on Internet security issues has been consistent and clear. China is a protector of Internet security, and the Chinese government and military have never engaged or participated in any theft of commercial secrets over the Internet. The United States’ claims of so-called commercial cybertheft and so on have been spun out of thin air to bamboozle public opinion, and they have been made out of nefarious motives.
For a long time, the relevant agencies of the United States have relied on its advanced technology and infrastructure to carry out large-scale, organized cybertheft, bugging and monitoring against foreign politicians, businesses and individuals. These facts are known to all. The hypocrisy and double standards of the United States regarding Internet security issues have been abundantly obvious from WikiLeaks to the Snowden affair. The Chinese military is a serious victim of this kind of U.S. conduct. Statistics show that the Internet user terminals of the Chinese military have come under many attacks from abroad in recent years, and IP addresses show that a considerable number of these originated in the United States. China demands that the United States give it a clear explanation of its cybertheft, bugging and monitoring activities, and immediately stop such activity.
Chinese-U.S. military relations have been enjoying healthy development, and this step by the United States flies in the face of its vow to “strive to build healthy, stable and reliabl
e military-to-military relations,” and it has seriously damaged bilateral mutual confidence. The U.S. side should demonstrate true sincerity and take substantive actions to promote the healthy and stable development of Chinese-U.S. state-to-state and military-to-military relations.
Chinese National Ministry of Defense, Statement on U.S. Indictment of Chinese Military Officers, May 20, 2014.
Source: http://news.mod.gov.cn/headlines/2014-05/20/content_4510313.htm, English translation published in New York Times, May 20, 2014, http://sinosphere.blogs.nytimes.com/2014/05/20/chinese-defense-statement-on-the-u-s-cyberspying-indictment/.
A Secure and Reliable Cyberspace?
The NSA, Encryption, and Exploits
17
NSA’s Project BULLRUN on
Defeating Encryption
Another category of disclosures made by Snowden includes NSA activities concerning encryption of cyber communications and the use of software exploits against foreign intelligence targets. These activities raised concerns that the NSA was strengthening its signals intelligence mission at the expense of broader cyber security, a point made by Cate and Fidler elsewhere in this volume. This document is an excerpt from a classified description of Project BULLRUN, a secret effort through which the NSA worked to defeat encryption of cyber communications of foreign intelligence targets. Exposure of BULLRUN and related NSA decryption activities brought accusations that the NSA was engaged in a secret war against encryption, a key way to provide security for communications transiting the Internet.
The Snowden Reader Page 21