The Snowden Reader
Page 24
In addition, Emergency Cyber Actions that are intended or likely to produce cyber effects within the United States (or otherwise likely to adversely affect U.S. network defense activities or U.S. networks) must be conducted:
Under the procedures and, as appropriate, criteria for domestic operations previously approved by the President; and
Under circumstances that at the time of the Emergency Cyber Action preclude the use of network defense, law enforcement, or some form of DOD support to civil authorities that would prevent the threatened imminent loss of life or significant damage. (S/NF)
Department and agency heads shall report Emergency Cyber Actions to the President through the National Security Advisor as soon as feasible. If the coordination specified above is not practicable in the available time, then notification shall occur after the fact as soon as possible to inform subsequent whole-of-government response and recovery activities. (S/NF)
Until such time as any additional criteria for domestic operations are approved by the President, authorization by department and agency heads for Emergency Cyber Actions that are intended or likely to produce cyber effects within the United States (or otherwise likely to adversely affect U.S. network defense activities or U.S. networks) shall be granted only if the President has provided prior approval for such activity, or circumstances at the time do not permit obtaining prior approval from the President and such actions are conducted within the other constraints defined above. (S/NF)
VI. Process (U)
The National Security Staff (NSS) shall formalize the functions of the Cyber Operations Policy Working Group (COP-WG) as the primary United States Government forum below the level of an Interagency Policy Committee (IPC) for integrating DCEO or OCEO policy, including consideration of exceptions or refinements to the principles of this directive. The COP-WG shall work with other elements of the policy community as appropriate to the geographic or functional context of the DCEO- or OCEO-related policy discussion at the earliest opportunity. The COP-WG is not an operational group, but will address policy issues related to the conduct of operations raised by departments and agencies or the NSS. (S/NF)
Departments and agencies shall work through the COP-WG to raise unresolved or ambiguous policy questions in an integrated IPC meeting of all appropriate national and economic security stakeholders. The NSS shall use existing channels to elevate any unresolved policy conflicts to the Deputies and Principals Committees, as appropriate. (C/NF)
Departments and agencies shall continue to use existing operational processes for cyber operations, except as those processes are modified by or under this directive. Other types of operations that are supported or enabled by cyber operations shall use their existing operational processes. This continued use of existing operational processes applies, for example, to operations conducted under military orders that authorize DCEO or OCEO, including clandestine preparatory activities. (C/NF)
Departments and agencies, during planning for proposed cyber operations, shall use established processes . . . to coordinate and deconflict with other organizations—including, as appropriate, State, DOD, DOJ, DHS, members of the IC, and relevant sector specific agencies—and obtain any other approvals required under applicable policies, except as those processes are modified by or under this directive. Departments and agencies shall modify or enhance these processes as future circumstances dictate. (S/NF)
Departments and agencies shall coordinate DCEO and OCEO with State and Chiefs of Station or their designees in countries where DCEO or OCEO are conducted or cyber effects are expected to occur. (S/NF)
Coordination of DCEO and OCEO with network defense efforts shall be sufficient to enable a whole-of-government approach to the protection of U.S. national interests and shall identify potential implications of proposed DCEO and OCEO for U.S. networks, including potential adversary responses or unintended consequences of U.S. operations for which the United States Government or the private sector would need to prepare. This coordination shall occur in a manner consistent with operational security requirements and the protection of intelligence sources, methods, and activities. (S/NF)
Toward this end of ensuring a unified whole-of-government approach, departments and agencies shall coordinate and deconflict DCEO and OCEO with network defense efforts of other departments and agencies as appropriate. (S/NF)
In addition, DCEO and OCEO with potential implications for U.S. networks shall be deconflicted as appropriate and coordinated with DHS, appropriate law enforcement agencies, and relevant sector-specific agencies. (S/NF)
The United States Government shall make all reasonable efforts to identify and notify, as appropriate, private sector entities that could be affected by DCEO and OCEO. (S/NF)
Policy Criteria (U)
Policy deliberations for DCEO and OCEO shall consider, but not be limited to, the following criteria:
Impact: The potential threat from adversary actions or the potential benefits, scope, and recommended prioritization of proposed U.S. operations as compared with other approaches—including, as appropriate, network defense by the United States Government or private sector network operators;
Risks: Assessments of intelligence gain or loss, the risk of retaliation or other impacts on U.S. networks or interests (including economic), impact on the security and stability of the Internet, and political gain or loss to include impact on foreign policies, bilateral and multilateral relationships (including Internet governance), and the establishment of unwelcome norms of international behavior;
Methods: The intrusiveness, timeliness, efficiency, capacity, and effectiveness of operational methods to be employed;
Geography and Identity: Geographic and identity aspects of the proposed activity, including the location of operations and the resulting effects, the identity of network owners and users that will be affected, and the identity or type—when known—of adversaries to be countered or affected by U.S. operations;
Transparency: The need for consent or notification of network or computer owners or host countries, the potential for impact on U.S. persons and U.S. private sector networks, and the need for any public or private communications strategies before or after an operation; and
Authorities and Civil Liberties: The available authorities and procedures and the potential for cyber effects inside the United States or against U.S. persons. (S/NF)
Policy decisions shall be broad enough and include rationales in order to provide guidelines and direction for future proposals with the same operational and risk parameters. (C/NF)
. . .
Presidential Policy Directive/PPD-20 on U.S. Cyber Operations Policy, October 2012 [disclosed June 7, 2013] (footnotes omitted).
Source: “Obama Tells Intelligence Chiefs to Draw Up Cyber Target List—Full Document Text,” Guardian, June 7, 2013, http://www.theguardian.com/world/interactive/2013/jun/07/obama-cyber-directive-full-text.
“Worse than the U.S.”?
Surveillance by the UK’s Government
Communications Headquarters
23
GCHQ’s TEMPORA Program
Snowden’s disclosures revealed information not only about U.S. government intelligence, but also about the intelligence activities of other countries. These leaks included documents related to collaboration between the NSA and intelligence agencies in Australia, Canada, Germany, Israel, the Netherlands, Norway, Sweden, and the United Kingdom. Snowden also released information about the intelligence activities of some governments, including those of Australia, Canada, and the Netherlands. The majority of disclosures about foreign governments related to the UK’s signals intelligence agency, GCHQ. In fact, Snowden said that GCHQ was “worse than the U.S.” The documents below relate to what Snowden disclosed about GCHQ and reactions to what he made public. The first document is from GCHQ describing its TEMPORA capability. The Guardian disclosed TEMPORA in June 2013, early in the timing of Snowden’s leaks. Under TEMPORA, GCHQ collects large volumes of metadata and communication content by
accessing fiber-optic cables over which significant portions of the world’s Internet and telephone traffic travels. GCHQ analysts then query the information by, for example, using XKEYSCORE, the powerful NSA tool shared with GCHQ for analyzing surveillance information collected by various means and held in different databases.
. . .
BREAKING NEWS (May 2012)—The second tranche of ‘deep dive’ processing capability at RPC [Remote Processing Centre] has gone live. . . .
This gives over 300 GCHQ and ~250 NSA analysts access to huge amounts of data to support the target discovery mission.
The MTI [Master the Internet] programme would like to say a big thanks to everyone who has made this possible . . . a true collaborative effort!
TEMPORA was delivered by the MTI Enhanced Discovery swimlane . . .
TEMPORA
TEMPORA is an Internet Buffer capability being delivered by MTI . . . for joint mission benefit. It builds upon the key success of the TINT experiment and will provide a vital unique capability. . . .
• TEMPORA is the codeword for GCHQ’s internet buffer business capability as a whole—which is the ability to loosely promote a % of traffic across GCHQ’s SSE [Special Source Exploitation] access into a repository which will keep the content (and its associated metadata) for periods of time (approximately 3 days for content and up to 30 days for metadata) to allow retrospective analysis and forwarding to follow on systems.
• TEMPORA as a capability is agnostic of the technologies used to promote that traffic and to store that traffic and so should not be used as a codeword for the individual components (e.g., XKS [XKEYSCORE], MVR [Massive Volume Reduction] etc).
• At the moment the components include, amongst others, GCHQ SSE Access, POKERFACE sanitisation, XKS (in various configurations) and it will include MVR in the very near future.
• TEMPORA also covers the management of the rules used to promote traffic into the internet buffer capability.
• TEMPORA is not processing centre specific. . . .
A bit more detail
TEMPORA are GCHQ’s large-scale, Deep Dive deployments on Special Source access (SSE). Deep Dive XKeyscores work by promoting loose categories of traffic (e.g., all web, email, social, chat, EA, VPN [Virtual Private Network], VoIP [Voice-over Internet Protocol] . . . ) from the bearers feeding the system and block all high-volume, low value traffic (e.g., P2P [Peer-to-Peer] downloads). This usually equates to ~30% of the traffic on the bearer. We keep the full sessions for 3 working days and the metadata for 30 days for you to query, using all the functionality that Keyscore offers to slice and dice the data. The aim is to put the best 7.5% of our access into TEMPORA’s, comprising a mix of Deep Dive Keyscores and promotion of data based on IP [Internet Protocol] subnet or technology type from across the entire MVR. At the moment, users are able to access 46x10Gs of data via existing Internet Buffers. This is a lot of data! Not only that, but the long-running TINT program and our initial 3-month operation trial of the CPC [Cheltenham Processing Centre] Internet Buffer (the first operational Internet Buffer to be deployed) show that every area of ops can get real benefit from this capability, especially for target discovery and target development. Internet Buffers are different from TINT in that the latter is purely an experimental, research environment whereas Internet Buffers can be used operationally for EPR, Effects, enabling CNE [Computer Network Exploitation] etc.
. . .
GCHQ, Information about TEMPORA, May 2012 [disclosed June 18, 2014].
Source: Der Spiegel, http://www.spiegel.de/media/media-34103.pdf.
24
NSA Memo on the TEMPORA Program
This document is an internal NSA communication about TEMPORA announcing that NSA analysts can get access to it through XKEYSCORE, an NSA system analysts use to search NSA databases for information on existing surveillance targets or to develop new foreign intelligence targets. It reveals not only the excitement of NSA analysts about getting access to a “massive site” containing “40 billion pieces of content a day,” but also the deep intelligence cooperation taking place between NSA and the UK’s GCHQ.
NSA, TEMPORA—“The World’s Largest XKEYSCORE”—Is Now Available to Qualified NSA Users, September 19, 2012 [disclosed June 18, 2014]. Page 4 of 4 is blank and not reproduced here.
Source: Der Spiegel, http://www.spiegel.de/media/media-34090.pdf.
25
British Parliament’s Intelligence and
Security Committee, Statement on the
U.S. PRISM Program
Snowden’s disclosures of GCHQ activities spawned policy and legal controversies in the UK, including allegations that GCHQ had access to information the NSA collected under PRISM without authorization under British law. With access to PRISM information concerning foreigners located outside the United States, did GCHQ access and use PRISM data about British nationals that GCHQ could not, under British law, have or review? The Intelligence and Security Committee (ISC) of Parliament issued this statement in July 2013 summarizing its conclusions following a review of whether GCHQ acted illegally with respect to PRISM information shared by the U.S. government. The ISC is charged with providing parliamentary oversight of the British government’s intelligence activities, including GCHQ. These functions make it the equivalent of the select committees on intelligence in the U.S. House of Representatives and Senate. Although the ISC found no wrongdoing in GCHQ’s actions, its concluding thoughts revealed disquiet about the existing statutory framework and noted a need for further examination of whether this framework adequately protected private communications. In October 2013, the committee announced that it was broadening the scope of this examination to include the impact on privacy of the intelligence agencies’ capabilities, and the committee’s inquiry was continuing as of this writing.
INTELLIGENCE AND SECURITY
COMMITTEE OF PARLIAMENT
Chairman: The Rt. Hon. Sir Malcolm Rifkind, MP
Statement on GCHQ’s Alleged Interception of Communications under the US PRISM Programme
Introduction
1. Over the last month, details of highly classified intelligence-gathering programmes run by the US signals intelligence agency – the National Security Agency (NSA) – have been leaked in both the US and the UK. Stories in the media have focussed on the collection of communications data and of communications content by the NSA. These have included the collection of bulk ‘meta-data’ from a large communications provider (Verizon), and also access to communications content via a number of large US internet companies (under the PRISM programme).
2. The legal arrangements governing these NSA accesses, and the oversight and scrutiny regimes to which they are subject, are matters for the US Congress and courts. However some of the stories have included allegations about the activities of the UK’s own signals intelligence agency, GCHQ. While some of the stories are not surprising, given GCHQ’s publicly acknowledged remit, there is one very serious allegation amongst them – namely that GCHQ acted illegally by accessing communications content via the PRISM programme.1
What is the PRISM programme?
3. PRISM is a programme through which the US Government obtains intelligence material (such as communications) from Internet Service Providers (ISPs). The US administration has stated that the programme is regulated under the US Foreign Intelligence Surveillance Act (FISA), and applications for access to material through PRISM have to be approved by the FISA Court, which is comprised of 11 senior judges. Access under PRISM is specific and targeted (not a broad ‘data mining’ capability, as has been alleged).
4. Stories in the media have asserted that GCHQ had access to PRISM and thereby to the content of communications in the UK without proper authorisation. It is argued that, in so doing, GCHQ circumvented UK law. This is a matter of very serious concern: if true, it would constitute a serious violation of the rights of UK citizens.
Our investigation
5. The ISC has taken detailed evidence from GCHQ. Our inv
estigation has included scrutiny of GCHQ’s access to the content of communications, the legal framework which governs that access, and the arrangements GCHQ has with its overseas counterparts for sharing such information. We have received substantive reports from GCHQ, including:
Page 1 of 3
• a list of counter-terrorist operations for which GCHQ was able to obtain intelligence from the US in any relevant area;
• a list of all the individuals who were subject to monitoring via such arrangements who were either believed to be in the UK or were identified as UK nationals;
• a list of every ‘selector’ (such as an email address) for these individuals on which the intelligence was requested;
• a list of the warrants and internal authorisations that were in place for each of these individual being targeted;
• a number (as selected by us) of the intelligence reports that were produced as a result of this activity; and
• the formal agreements that regulated access to this material.
We discussed the programme with the NSA and our Congressional counterparts during our recent visit to the United States. We have also taken oral evidence from the Director of GCHQ and questioned him in detail.
• It has been alleged that GCHQ circumvented UK law by using the NSA’s PRISM programme to access the content of private communications. From the evidence we have seen, we have concluded that this is unfounded.
• We have reviewed the reports that GCHQ produced on the basis of intelligence sought from the US, and we are satisfied that they conformed with GCHQ’s statutory duties. The legal authority for this is contained in the Intelligence Services Act 1994.