Rain fell on the tiny white house, undercoverthemapletree and a tempest of toad croaks. Its garden was decorated with daisy, cornflower, and jasmine. Old and downtrodden 9705 Samford Road seemed like a set piece right out of a Bugs Bunny cartoon, but it wasStephanie’s childhood home.
Back from Texas, it had been too long since she was last here. The place barely had any secure internet connections. The old television set couldn’t even get MSNBC. It was out in the middle of nowhere, but she didn’t mind. Theprivacy of her old shelterwas a data-haven of nostalgia. Her memories were on replay.
She could remember back to 1997. Angela and Chelsea would bike over every weekend. They were real mavricks, doing a lot of top secret girl things. They always called her boss, colonel, and captain. Things were perfectly swell, until that nerd, Juile Rubin, ruined everything.
Mum heard about it on her way from thebank to themarket to get beef. Did Stephanie really try to smuggle 15kg of toffee from out of theschool staff room? Wrapped inside an Armani coat, she was secretly proud of her daughter; leading such rogue rebels, not at all like her orthodox monarchist grandparents!
“It’s so unfair, Mum! That Juile tattled on us!”
Her mother took thekiwis out of her black-bag to slice up later with a steak knife, and put thepackage of veggie salsa dip onto the kitchen rack. “Are you sure it was her? What about Tony Poe? He’s the artful dodger of the neighbourhood.”
“No way, definitely not him!” Stephanie said, though she would later find out he did have a few screws loose.
Mum walked into her archives and fiddled with thebuzzer on her mixmaster, clearing thewhite noise to tune into theWeekly World News. “Well? Then what about Stanley?”
“But Mum, even Alica and Rita think Juile did it!” Stephanie could not just get over Juile, disdainfully recalling her mantis-like eyes, her tiger-like arms, and a big brown mole on the tip of her nose.
“No sense in mouthing a lot of spookwords, dear.” Her mother leafed through an edition of Fukuyama and Marx, lined up on the bookshelf next to an atlas, a dictionary, and a collection of 2600 Magazine. “I mean, why call her an enemy of the state when you haven’t even done a proper investigation first?”
Tired of her Mum’s zen attitude, Stephanie stomped off to see her Dad in thebasement. He was messing around with his tools, listening to Bach and Elvis back-to-back on bootleg tapes and other niche things. He was so entirely different – a real cowboy.
“Oh honey, I know exactly what you need. A little satellite imagery will put all your problems right into perspective!”
“But Dad, I didn’t even tell you what was wrong yet.”
With a sweep, a rip, and a zip, Dad went straight to work. He wasn’t much for chatter, football, or golf – sport wasn’t really his forte – but he went to Harvard and had a talent for lock picking. He used that meta and military intelligence by chaining together a little recon mayfly out of some lacrosse equipment, a beanpole, 2.3 oz. of nitrate, a zipgun, two satellite phones, a blowpipe, a quarter-pound of plutonium, and some old Nike sneakers.
Dad was proud of his kilo class invention as it stood there on theplatform in their backyard. He always dreamed of making $400 million in gold bullion, or at least a lot of cybercash. Inspired by theCipherTAC-2000, he called it “Unit 5707.” Perhaps it would be one his of many trump cards in life. But Stephanie didn’t like it. It looked like garbage and smelt of sardine.
“Okaaay,” she said nervously. “So what’s it do?”
“Just watch!” And Dad, with the wizardry of Merlin, made a wire transfer on thecovert video machine. With a jack, a small flame from therockets, and a sound like a few flashbangs, a fissionable component made a blow out like a mailbomb and it lifted off into theionosphere! Its trajectory arc could have jumped Yucca Mountain!
Too bad it didn’t actually work. Where did it end up? By Stephanie’s guess, maybe Honduras, Tokyo, or Tangimoana Beach.
“Thanks anyway, Dad,” she sighed. His little skytel recondo doohickey had no bearing on her Juile Rubin situation, but it did give her an idea. A devilish and evilidea. She lowered her jaws and grinned her fangs with a wry smile that could kill the president. She had chosen exactly what to do.
She pranced down the road, around theblocks of concrete, past Bletchley Park, and careful not to trip over thespeedbump. She passed by her neighbour’s pet canine named Bubba, a pseudonym for Bubba the Love Sponge, who had curly fur and fox-like features. She climbed up through a pine gap like a gorilla from South Africa and took a stakeout in Juile Rubin’s backyard.
Under theindigo shadows, she began her clandestine eavesdropping. She tip-toed across the grass like a ninja with all the superpowers of Chameleon Man. She could see that petty little Juile in her room through the window, watching Aladdin and some Pixar movies. She crept over to the door and by peering in thekeyhole she found the most curious enigma.
Inside was a white yankee playing blackjack. He looked dead and had a snuffle like theflu. What could it be, Stephanie wondered. Was it a porno? Was he hurt by his ladylove? Or was it just too much on his credit card?
That’s when she saw it. Cocaine! Oh yes, this little bit of information would work just nicely for Stephanie. But, he must have heard her! Sensing a domestic disruption, he reached for his flintlock gun!
But by thetime he made it outside, nothing was there. A badger in the woods, he thought.
The next day, when Juile made it to school, all her friends had turned against her. She went through all her contacts – Morgan, Monica, and Wilma – but nobody would give her a fish even if she begged. Wondering what this anonymous threat could mean, she soon suspected that bunch of redheads, Angela, Chelsea, and Stephanie! Ooh, that Stephanie! They worked the schoolyard like themafia in theilluminati. With strategic planning, they whispered about plenty of offensive information, and their gossiping propaganda spread like a virus.
“If you want to tell me something, you should say it to my face!”
But Stephanie, with a calm expression that wasn’t very explicit, looked to her two advisors to advise her. After a small chat with her consulting duo, Stephaine turned around and said to Juile, “I don’t know what you’re talking about, you big fake.”
And that is what sparked it. The girls all around the schoolyard engaged in information warfare! Juile called Stephanie and her friends a bunch of pornstars! Angela called back about how Juile’s dad was such a Playboy! It was a class struggle, with the Grade Fives againstthe Grade Sixes, and a secret service of spies and subversives teaming between them. The teachers on yard duty, theschool’s Field Security Division (m52), didn’t even have a clue of the terrible mindwar going on – they thought the schoolyard was one of many peaceful Edens in the world. If they had heard even one fraud that the kids used on each other, they would’ve thought it about theSupreme Assembly of the Islamic Revolution in Iraq.
“Ihate you!” Juile cried as Stephanie went on a long oratory to assassinate her character. “Ihate you, Ihate you, Ihate you, you... you.. Lamma!”
A hush fell on the girls. Stephaniewas agape atthe audacity of this new railagainst her.
“That’s right! A lamma! Really hairy with big buck teeth and a long neck! That’s you! You’re a lamma!”
This type of verbal assetwas too ridiculous to even think. Stephaine thought Juile must be really desperate, but then, all the other girls started giggling.
“Lamma, lamma, lamma,” they spoke in a singsong voice. Even Angela and Chelsea were singing along. “Lamma! Lamma! Lamma!”
They all encircled her and kept singing. What new kind of information terrorismwas this?! Stephanie tried not to let it bother her, but her firewalls were too weak. It wasbeyond hope. She wanted to cry. She wanted to escape. She wanted her Dad to show up with thevan and to take her far away from here. To Panama! To Mexico! To Kosovo!
And Stephanie’s Dad kind of did, in a way. After hitting thefritz long ago, his terrible Unit 5707 finished flying in from 52 52 N - 03 03 W and made a grand re-entry into the Earth’s atmosphere. Like a fantastic firefly and in direct opposition to any Weather Inc.forcast, it came crashing down right into the schoolyard with a big explosion. Chaos and crypto-anarchy soon followed. Thepolice rushed to take over and clamped down the danger zone like Area51. Schoolwas cancelled for a week.
When it all settled down and they got a reprieve from theanarchy, Stephanie apologized to Juile, swearing on her honor as a Templar. Since then, they became the best of friends, and even went to theYukon together. But it didn’t last, for when Stephanie became a competitor in thecorporate security world, Juile had her long-awaited revenge by emptying out her treasury.
To this day, she still hates that nerd.
Austin Middleman Does a Lot of Drugs
AustinMiddleman does a lot of drugs. His family does not approve. Big brotherLarson thinks Austin’s maniaburned his job prospects and got him blacklisted from thecorporateChicago crust. No boss would want him! Larson begs Austin to stop being such a misanthrope, improve his constitution, and no longer be a tax on his family.
“No way, josé bové!” Austin disagrees. He was fighting thedrug war, and he was gonna win!
Austin used secure internet connections on his computer to order drugs on “blackmednet” with e-cash. Ketamine and cocaine. Hollyhock and marijuanabuds. ... all a kilo, each! Austin began to grom down all thedrugs, and went slack in thesite of his phalanstery, to slip away from socialsociety.
A mosaicaurora filled the room, and by the sound of thedawn chorus, granted Austinthe blessing of St. Jude. With a glowing halo, his cosmicwings soared through a shining path towards thehavens. Austinwas in thezone. Austinwas in his prime. Austinwashigh!
In the radiant guppy ionosphere and undercoverthesecret of thecosmos, Austin felt peace and protection. Drifting along with his rowboat magician, Austinsawthe familiar banner of thechurch, that one little virtualutopia where reality hackers like Austin could love everyone.
Austin entered thebar, where a rave of dancers jived to a harp with 101 strings playing bellcore music. He recognized that class act: Composition B, a realbop!
“Ah, a guest,” spokethe barkeep with a fancy tie. “Welcome to Bar Kokhba!”
“Herbert O. Yardley, my friend!” Austin replied. “So good to see you again. How’s yer father?”
“As good as can be, since thedivorce.”
Austin sighed. “Yardley? Sometimes I think you’re the only one who understands me. Thesheeple and their disinfo... Always with new chargesagainst me...”
“If only we could trust but verify, but these days you gotta trust no one,” Herbert O. nodded. “At least you can get pretty good privacy here.”
Austin wondered if something was different about thebar today. Yardleywas quick to say, “have you met our new eternity server?”
An unfamiliar girl greeted Austin with a bluebird voice. “Bonjour monsieur, je m’appelle AlouetteBenelux.” Austinwas impressed, admiring her profile. She looked like one of many pornstars from a Bollywood movie, and spoke with a sultry encryption from France. Austin regretted his catholic upbringing in theface of her feminism, and idly wondered what her verisignwas... Capricorn, perhaps? He could imagine being with her under thesun in offshoreCuba.
Alouette served Austin plenty of food. Quiche and froglegs. Onion rings and artichoke dip. Halibut with binnenlandse sauce. He said he’ll pass on theaspic. “Oh wow... Is that blowfish?” Austinwas amazed. “I’ve always wanted to try fouo!”
Yardley invited Austin to sample their newest drink: thenapalmnailbomb! Austin took a slip from the dram. “Hrm! It burns so bad!”
Suddenly, an explosion! The glass dropped, and shattered into atomic parts. Thebarchatter ceased, and thebellcorewatchers looked askance. A terrible shape began to form.
The horrible spook had yellow eyes with a grey gaze as cold as ice. Its jaws had charcoalfangs that dripped with listeria, webbed fingers spiked with razorstingers, and a deep blackcloaking which wasblacker than theslough of midnight.
“Ackackasuabdurahmon!” Nyarlathotep chanted themajic words, opening a red and blackwormhole in the middle of thespeakeasy.
“Oh non!” Alouette cried with duress, as she fell into themagic duct. After a blast from some flashbangs, both Alouette and Nyarlathotep were gone.
“Don’t worry, Yardley. I’ll save Alouette! After all, I’m stronger than the averageDelta Force!”
Riding thedesert ship across the sands, Austinsaw a condor and an egret fly overhead. In the distance, he sawthe giant black box which wasNyarlathotep’s evil castle, as tall as theSears Tower and as long as Oklahoma City. Austin approached thefront of the dark tower, riding on his trusty lamma, as a black panther watched from the lone steeplebush.
“Halt thy infiltration, brigand!” Spokethesphinx guarding thedouble gates. “To enter, thou must answer my riddle!”
Thesphinx began thesecurity evaluation: “When Iwas a guppy, I rode a train to Bulgaria. When Imetthepathfinders, Ibet on thecards and hope for a trump. When I fly a helicopter, I answer only to Commander X. What time is it?”
A helpful little KeeblerElf encouraged Austin. “Don’t get tricked! Speak from your heart!”
Austin looked to thesphinx and answered the riddle thus.
Thesphinxwas overwhelmed by Austin’s intelligence. Thedefensive elements melted away, and thesphinxburnedtheincendiaries in thefirewalls. The way forward was clear.
Austin began themain charge into the lower echelon of Nyarlathotep’s clandestine array. Through themines and into thecave, he dodged all sort of boobytraps and fought off a militia of voracious Furbys.™ Austin loaded himself into a ballista and fired, flying viapropellants, over theFurby™ posse and into Nyarlathotep’s lair.
Through the dance of dark elementals and by the light of torches with indigoflame, AustinsawAlouette and other hostages in an elephant cage over a mantis pit. Nyarlathotepwas going to sacrifice them on thebronze altar of Pythagoras, to resurrect Atari!
“You’re deadbeef, Nyarlathotep!” Austin yelled.
But Nyarlathotep already had Austin under detection. Into a boiling pot, the undead wight mixed silver itrite, fertilizer, picric acid, nitrocellulosefernspah, mercury fulminate, salt peter, anthrax, lead styphnate, and theKeeblerElf. “Sasstixssadtsigdasys! Slispallsorosnt!”
Following the spook’s “semtexmemexmimetics” spell, a doppelganger arose from the witches brew. It looked exactly like Austin.
“You’re not me, you fake!”
“I’m a very fast walker,” said theclone.
“Fraud! You have no honor!”
With a quick step, Austin jumped forth with rapidmovement and used a secret martial technique to fire subsonic rounds from his handgun. Thedoppelganger did a lot of drugs.
The pale reflectionwas no match for Austin! He emerged from thestreet fight unscathed, but Nyarlathotep had plenty of munitions left. Thewight held up his fiendish grimoire, thecryptonomicon, and began an oratory of offensive information warfare.
Each utterance was a hit word meant to cripple Austin’s defense through thethreat of osmosis, but it would not agitateAustin. He wasstronger than the averageexorcist! Firing teflon bullets from his sweepingguns, Austin hit back, and NyarlathotepIaldabaothwas defeated!
“Good newsAlouette! I’ve come to grant your freedom!”
... but before Austin could do anything else, he was struck broadside, and theforce sent him flying into thefifth column! The dark altar shook upon impact.
Nyarlathotep rose up for one last time, holding a occult claymore. “Worm! You may have won this day, but thenext war shall be mine!” The undead spook vanished, with haunting laughter.
Austin gasped, looking atthe bleeding red stripe across his arm. Something felt wrong, but Austin quickly realized: “No! Mind parasites!”
He put up as much resistance as he could to Nyarlathotep’s mind virusimplant, but with rapid reaction, thebiological warfare took hold. Austin felt a strange sensation in his loin. His becker throbbed so hard, it could set off nuclear charges. Austin couldn’t take it anymore! He wanted love! He wanted sex! He wanted to sin! Austin wanted to bangkok!
He looked upon Alouette, thesulfurwarezchaining her to thebronze altar, and found a new fetish. Austin began to topAlouette, and Alouette began to submiss. “Uhf! Uhf! Uhf!”
Themen in black had a hard enough job already, but this was getting out of hand. Only a few hours ago, thesecret servicewas watching a video of the football game, but now they were watching their perp having a wank. Gross.
It was unthinkable that someone could ambushthepresidential motorcade and kill the president. Even less so, without any weapons, while riding the back of a lamma! ... but AustinMiddleman managed, somehow.
Big brotherLarson called on thephone and tried to warn them, but it came too late. Now thegovernment had a sticky mess to clean up. They loaded Austin into the back of a white van. In the official reports, he would be diagnosed with Gulf War Syndrome, but Larson would always know the truth. AustinMiddleman did a lot of drugs. AustinMiddleman had thequintessence of the loon.
Old and downtrodden 9705 Samford Road seemed like a set piece right out of a Bugs Bunny cartoon, but it was Stephanie’s childhood home.
Poetry for Echelon
“Echelon” was a signals intelligence system created by the United States military during the Cold War. Investigative journalist Duncan Campbell was the first to trace Echelon’s use in 01988 for the New Statesman Society magazine, suggesting it powerful enough to intercept any phone call or fax machine within the entire world.
Its software was shared using the 01946 UKUSA Security Agreement between the United States, United Kingdom, Canada, Australia, and New Zealand. This arrangement was a top-secret memorandum signed by President Truman in 01945, where it remained hidden from public knowledge for over 50 years. These countries, comprising the majority of the English-speaking world, are referred to in modern intelligence-community parlance as the “Five Eyes.”
In the late 01990’s, supposed hackers believed they confirmed the existence of Echelon and its modified use in tracking email, SMS, and internet file transactions. This news quickly spread from various cryptography websites to all sorts of conspiracy theory groups. Later in 02000 and 02001, the European Parliament wrote a detailed report on Echelon’s purported compatibility with European Union law, which deduced the nature of the system based on the sparse evidence which existed at the time. It was the first known instance since the fall of the Berlin Wall where the United States government, and by extension others within the 01946 agreement, were using military signals systems as unwarranted mass surveillance on civilian populations – including their own – during peace time.
Around 01998, a sizable list of “hit words” surfaced, which would supposedly send Echelon’s sniffer systems into alert. Seeing no other recourse, in 01999 various hacktivists and cyberspace freedom groups formed a netwide “Jam Echelon Day” on October 21ˢᵗ of that year, where as many people as possible would take the list of keywords and violently spam their own email systems. The basic idea was to make internet surveillance impossible using a high amount of benign red herrings. While it was reported that the National Security Agency’s (NSA) computers did “inexplicably” crash for one day several months later in what may – or may not – have been a related incident, the efforts were proven ineffective and could not be sustained.
Some theorized Echelon was too smart to be fooled. Perhaps it did not only look for keywords, but also searched them used within actual context; not merely nonsensical and repeated listings. Since then, a few avant-garde online zines – Metamute magazine foremost – used the list as a word game. Writers would include as many things from Echelon’s reported vocabulary as possible, while still writing something completely non-sequitur as far as political espionage is concerned. While Metamute and similar literary artists were able to account for the criticisms Jam Echelon Day encountered, interest in mass-spamming these items did not surmount.
This story is written in the same image as those Metamute originals. Chapter one uses around 250 “spook words” from an Echelon trigger list I was able to recover, while chapter two has just over 300. (Some misspellings preserved.)
The final draft of this story, based upon an original written in 02011, was completed in July 02013; only one month after Edward Snowden first disclosed his trove of NSA documents to the media. Since then, various organizations such as Canadian Journalists for Free Expression and the Courage Foundation have iterated upon the documents and made them accessible for research. This revealed some additional information on the nature of Echelon. While the story itself is unchanged, I have updated this afterword to reflect the new information.
“The Waihopai station — part of a super-secret global system called ECHELON — automatically intercepts satellite communications for the foreign allies.” - Nicky Hager in Secret Power (01996)
The European Parliament Report
Echelon caused more of a stir in Europe than it did in North America. There are a few reasons for this. First and most obvious, Echelon was reported on by the British journalist Duncan Campbell, who thought he was writing on the UK’s Government Communications Headquarters, GCHQ. In that context, the discovery of American made-and-operated equipment was not a given. Next, the idea of Echelon being in American hands made smaller nations in the Union–who could not hold such capacity–naturally nervous, especially with the discovered listening posts in England and Germany closer than anticipated. The final point is to assume a complacent media on the United States’ part, where the government could exercise a better degree of suppression and control which couldn’t be managed in foreign spheres, at least when it regarded their projects. (In the US, only protest groups and other marginal players were in active fear of these developments.) These factors allowed Europe to become the prime place to profile Echelon and its ghostly presence.
Rumours reached a boiling point in 01996, when the Scientific and Technological Options Assessment department (STOA) in the European Parliament’s Directorate-General for Research defined matters as thus:
The Echelon system forms part of the UKUSA system, but unlike many of the electronic spy systems developed during the cold war, Echelon is designed for primarily non-military targets: governments, organizations, and businesses in virtually every country. The Echelon system works by indiscriminately intercepting very large quantities of communications and then siphoning out what is valuable using artificial intelligence aids like Memex.
British MEP Glyn Ford, An Appraisal of Technologies of Political Control
The technical considerations regarding Echelon were part of what enabled its discovery. Only parabolic antennae could receive signals from satellites, and hardware powerful enough to jump signals over the Pacific Ocean required large satellite dishes encased by even larger “radome” enclosures (radar domes) to protect the surface of the dish from snow and rain. The large and obnoxious spheres like the radomes on Menwith Hill in the UK are exactly the opposite of camouflage, so anyone within miles can plainly see them. No amount of government classification could possibly hide such geodesic eyesores. Furthermore, in order to get a global interception system, one must already be global. Good diplomacy is the necessary prerequisite for setting up an Echelon-like system, needing access to a checklist of geographic locations on all seven continents. It is for this reason only France was believed to be capable of similar industrial espionage capacity outside of the Five Eyes. Conversely, this requirement also ruled out nations like China and Russia from similar capabilities, for the time.
Surveillance as a means of political repression was a common fear ever since George Orwell wrote 1984, so when “big brother” stopped seeming like science fiction and more like science nonfiction, it didn’t occur to anyone what the more practical uses of such a system would be. “Industrial” espionage turned out to be the key word. The United States is a capitalist society, and in such societies, capital rules. This can be theoretically interpreted by Thomas Ferguson’s “investment theory of politics,” and more literally with the 01980’s Reagan Doctrine and its modern derivatives, which included brutal military suppression on “nationalistic regimes” who “respond to domestic pressures for improvement of living standards and social reform, with insufficient regard for the needs of US investors.” Echelon was no different in discreetly serving the needs of investment capital and similar politico-commercial nepotism.
A 1999 STOA document mentioned some specific cases of industrial espionage that were subsequently communicated to the Advocacy Center, a unit of the US Department of Commerce, which gave US companies an advantage in securing overseas contracts:
In 1993, the Panavia company was targeted over sales to the Middle East.
In 1994, the NSA intercepted telephone calls between Thompson CSF and Brazil concerning a contract for a surveillance system for the Amazonian rain forest. Bribery was alleged to have taken place. The contract was eventually awarded to a US company that had cooperated on the Echelon system.
There were reports of a similar interception of communications between Airbus, the Saudi national airline, and the Saudi Government in 1995. In this case too, the revelation that bribery had taken place was used to get the contract awarded to the US companies Boeing and McDonnell Douglas Corp.
Reputable sources have also cited occasions when espionage has been used in international negotiations, in particular the interception of communications on emission standards of Japanese vehicles, trade negotiations on the import of Japanese luxury cars, French participation in the GATT trade negotiations in 1993, and the Asian-Pacific Economic Conference (APEC).
Piodi and Mombelli, The Echelon Affair [European Parliament Historical Archives]
The economic fundamentalism of the United States business world loves “free markets,” so long as they guarantee outcomes which will always be favourable to them. Echelon was a contingency plan to be used whenever foreign markets couldn’t muster those qualities willingly. Given the alternatives probably involved US military force, (Iran-Contra Affair, 02003 Iraq invasion, too much regarding Castro’s Cuba, etc.) and any number of orchestrated coups d’état, (Honduras in 02009, repeated ouster of Haitian president Aristide, forced installation of theocracy in Iran after 01953, General Pinochet in Chile after 01970, among others,) Echelon was, comparatively, a gentle breeze guiding the winds of American fortune.
Echelon’s industrial espionage continued largely unabated for some time, giving all sorts of privileged information to whatever American firms were willing to pay for access. No whistle-blowers formed with the toleration of economic espionage, but only until the system began to turn on other, more frivolous things.
Margaret Newsham was employed from 1974 to 1984 by Ford and Lockheed and says she worked for the NSA during that period. She had been trained for her work at NSA Headquarters at Fort George Meade in Maryland, USA, and had been deployed from 1977 to 1981 at Menwith Hill, the US ground station on UK territory. There she established that a conversation conducted by US Senator Strom Thurmond was being intercepted.
Wayne Madsen, former NSA employee, also confirms the existence of ECHELON. He is of the opinion that economic intelligence gathering has top priority and is used to the advantage of US companies. He fears in particular that ECHELON could spy on NGOs such as Amnesty International or Greenpeace. He argues that the NSA had to concede that it held more than 1000 pages of information on Princess Diana, because her conduct ran counter to US policy, owing to her campaign against land mines.
Mike Frost worked for more than 20 years for the CSE, the Canadian secret service. The listening post in Ottawa was just one part of a worldwide network of spy stations. In an interview with CBS, he said that all over the world, every day, telephone conversations, e-mails and faxes are monitored by ECHELON, a secret government surveillance network. This also included civilian communications. In an interview he gave for an Australian TV channel, he said by way of example that the CSE actually had entered the name and telephone number of a woman in a database of possible terrorists because she had used an ambiguous phrase in a harmless telephone conversation with a friend. When searching through intercepted communications, the computer had found the keyword and reproduced the conversation. The analyst was unsure and therefore recorded her personal details.
Fred Stock says he was expelled from CSE, the Canadian secret service, in 1993 because he had criticised the new emphasis on economic intelligence and civil targets. The communications intercepted contained information on trade with other countries, including negotiations on NAFTA, Chinese purchases of cereals, and French arms sales. Stock says the service also routinely received communications concerning environmental protests by Greenpeace vessels on the high seas.
Two Danish journalists, Bo Elkjaer and Kenan Seeberg, told the Temporary Committee on 22 January 2001 that ECHELON was already very advanced in the 1980s. Denmark, which greatly expanded its interception capabilities in the 1990s, has been cooperating with the USA since 1984. Echoing their article in [Danish tabloid newspaper] Ekstra Bladet, in which they referred to an illustrated lecture (25 slides) given by an unnamed officer of the 544ᵗʰ Intelligence Group of the Air Intelligence Agency, they claimed that various NGOs (including the Red Cross) were also ECHELON targets.
European Parliament Rapporteur, Gerhard Schmid
When the capitalist machine began making “externalities” where people put their hopes and dreams, it was the human touch that revealed “big brother” as a member of the family. Nearly all criticisms of Echelon from within the American sphere of media was rooted in its occasional proclivities to target people’s favoured politicians and TV celebrities, while industrial espionage was either tolerated or just ignored as a possible point of contention. It is unclear if Echelon was always this way, or if it just became more mercenary after the Cold War ended and “the threat of communism” could no longer play out on the grand stage. The time in which Echelon was conceived further complicates this. If Echelon only increased the amount of industrial espionage with age, and this was somehow a surprise to them, then what was Echelon’s original purpose? Why openly manufacture a domestic enemy? Was it a delayed implementation of 01950’s McCarthyism? Or was the Cold War merely a pretense to justify anything they so pleased?
The UKUSA Security Agreement holds similar sway. In 01946, only just after the Second World War, it might have seemed like a wonderful idea to synchronize intelligence gathering between allied nations. (Just think about how much better the last war might’ve gone!) Was there, by some political dog-whistle, a hidden agenda to be achieved? Or could it have even been anticipated that the rapid growth of digital computation and electronic networks, until then a technology only limited to governments and militaries, would make such a simple agreement on paper exponentially more powerful in practice?
Unfortunately, no amount of bleeding-heart controversy could stall the heavy inertia from 50 years’ worth of planning and development. The European parliament report, while informative, was still structured in a way which prevented substantive change from taking place. Even the European Union had its own vices, and for the majority in the parliament, Echelon provoked not fear - but envy. Echelon was not condemned, but instead used as justification to increase their own civilian espionage capabilities. And only a few months later in 02001, a paradigm shift occurred in the United States with the so-called “war on terror,” which swept the anti-Echelon efforts entirely under the rug.
... but for that moment, many minority opinions certainly did try.
An interception system of this nature, which does not differentiate between communications, data and documents, infringes the fundamental right to privacy guaranteed by Article 8 of the European Convention on Human Rights and Article 6 of the Treaty on European Union. The system therefore flagrantly infringes the freedoms enjoyed by European citizens, the logic of the free market, and the security of the Union. Whatever our support for or opposition to that logic and those treaties may be, such infringements are unacceptable. In its conclusions, the report ought to have called on the United Kingdom to dissociate itself from the Echelon system and on Germany to close the listening post located on its soil. It is a matter of regret that the European Union is more preoccupied with industrial espionage than with individual monitoring.
Italian MEP Giuseppe Di Lello, Danish MEP Pernille Frahm, and French MEP Alain Krivine
This report makes an important point in emphasising that Echelon does exist, but it stops short of drawing political conclusions. It is hypocritical for the European Parliament to criticise the Echelon interception practice while taking part in plans to establish a European Secret Service. No effective public control mechanism of secret services and their undemocratic practices exists globally. It is in the nature of secret services that they cannot be controlled. They must therefore be abolished. This report serves to legitimise a European Secret Service which will infringe fundamental rights - just as Echelon does. For the majority in Parliament, the focus is industry, where profit interests are supposedly threatened by industrial espionage. However, the vital issue is that no one can communicate in confidence over distances any more. Political espionage is a much greater threat than economic espionage. This report constantly plays down these dangers of Echelon, while it remains silent about plans to introduce the ENFOPOL interception system in the EU. Every society must take a fundamental decision whether or not to live under permanent control. By adopting this report, the European Parliament shows that it is not concerned about protecting human rights and citizens’ liberties.
Irish MEP Patricia McKenna and German MEP Ilka Schröder
The UEN Group was not surprised at the outcome of the vote on Mr. Schmid’s report which, originally, was supposed to concern itself with the Echelon espionage system set up by certain English-speaking countries. From the outset, a majority within Parliament had clearly indicated its intentions, preferring to set up this temporary committee rather than a full-blown committee of inquiry. Accordingly, it had nothing else to fear from proceedings where the rapporteur’s ability to create regular diversions was in no way threatened by a band of malcontents whose motives were too disparate. Our message is crystal-clear: Mr. Schmid’s efforts have been unable to conceal either the existence of the Echelon system or the active or passive involvement of several Member States. That has resulted in a serious breach of the principles underlying the treaties which ought to have led to sanctions being imposed or, at the very least, to measures being taken which might prevent intra-European solidarity from being subordinated to the imperatives of the solidarity of the English-speaking world. Mr Schmid’s weighty report is rich in information but does not properly address the central issue. We therefore wish to distance ourselves from it and to reject a procedure which enables this Parliament, on the one hand, to take ‘preventive’ sanctions against a democratically elected government and, on the other, to refrain from so doing in instances such as this.
French MEP Jean-Charles Marchiani
Despite the efforts of the European Union, the probable existence of Echelon was never directly acknowledged by any signatory state of the Five Eyes. Even through the secrecy, they weren’t going to respond to the question if they stopped beating their wife.
What was reified, however, was the Five Eyes itself. In the lead-up to the report, the Australian prime minister and a proxy of the New Zealand Government Communications Security Bureau both independently confirmed the existence of the UKUSA Security Agreement, each at considerable pressure.
“Six UKUSA stations target the Intelsat satellites used to relay most satellite phone calls, internet, e-mail, faxes and telexes around the world. They are part of a network of secret stations and spy satellites which, between them, intercept most of the communications on the planet.” - Nicky Hager in Secret Power (01996)
Echelon Finally Confirmed
Hard evidence of Echelon’s use was only finally confirmed through NSA whistle-blower Edward Snowden’s disclosures to The Guardian and The Intercept.
(C//REL) Almost 10 years passed between the launch of the first Soviet (MOLNIYa-I) and INTELSAT communications satellites (EARLY BIRD) in 1965 and the time Yakima Research Station (YRS) -- built to respond to this emerging technology -- reached full operational capability in 1974. As we inch closer to our 40ᵗʰ anniversary in 2014, YRS is pleased to share some of its unique history with our newsletter audience in a series of articles that highlight various aspects of our operations, activities, and environment.
(S//SI//REL) In 1966, NSA established the FROSTING program, an umbrella program for the collection and processing of all communications emanating from communication satellites. FROSTING’s two sub-programs were TRANSIENT, for all efforts against Soviet satellite targets, and ECHELON, for the collection and processing of INTELSAT communications.
... (S//SI//REL) When YRS (SIGAD USF-787) reached full operational capability on 4 October 1974, it represented a capital investment of approximately $21.3 million and had an authorized strength of 95 people, with an on-board strength of 89. The mission was “to collect, process and forward selected International Common Access telegraphy voice, and facsimile signals relayed over the POR satellite to NSA for analysis and reporting.”
The NSA’s internal documents on Echelon indicate it a largely historical initiative, with various issues of The Northwest Passage waxing nostalgic about unearthing “mountains of historical records; everything from photos to fascinating 40 year old briefings.” Echelon was the 01970’s equivalent of a “man in the middle” rootkit, where a third party (Echelon) would falsely advertise itself as part of another network in which it didn’t properly belong; namely, the INTELSAT satellite network. It was a much easier thing to do on analogue technologies like radio broadcast, where all information was simply carried on the frequency. Unlike discrete TCP/IP networks, radio networks are amorphous, with separate mechanisms for transmitters and receivers, each theoretically infinite in number with only limitations on available frequency. So long as Echelon only listened and did not broadcast anything in return, nobody at INTELSAT would’ve been the wiser. Airwaves cannot be protected, and will be interpreted by any device with the proper receiver, in much the same way that public radio and analogue broadcast television functioned. The only means of encryption, outside of tricky access to some more unusual wavelengths, was through modifying the message itself; speaking in codes to obscure one’s meaning, but still drawing the attention of anyone who might be listening. Duncan Campbell’s original reporting on Echelon stated it “impossible for analysts to listen to all but a small fraction of the billions of telephone calls, and other signals which might contain ‘significant’ information,” suggesting it could only be used as a generalized gateway to enable targeted spying on individuals, even with computerized assistance. Campbell confirmed this through various sources in the cases of anti-war activists Jane Fonda, Benjamin Spock, Black Panther leader Eldridge Cleaver, and republican senator Strom Thurmond. “... those involved in ECHELON have stressed to Congress that there are no formal controls over who may be targeted, and I have been told that junior intelligence staff can feed target names into the system at all levels, without any check on their authority to do so.”
... the key thing to note here, is the focus on phone calls and targeted investigations into telephone networks, not mass-surveillance of Internet and email activity. Telegraphy networks may have been the first means through which electronic communication encompassed the globe, but these historical networks were not designed with operational security in mind. The chief concern of these first-generation telecom networks was merely that they functioned at all, during the pre-World War 2 olden days when switchboard operators would connect between various telephone subscribers when simply asked by strangers, to later post-WWII permitting the publishing and sale of “phone books” which publicly associated contact details of private residences in various towns and cities at-scale. Even today, telephone networks are notoriously insecure by default, allowing anyone with the right switchboard equipment to spoof phone numbers and mass-automate unwanted calls. Efforts to expand the core functioning of voice telegraphy into the modern age resulted in similar information security mishaps, as was the case with the “News International phone hacking scandal,” when sensationalist tabloid reporters within the British press exploited security flaws in cellphone providers’ voicemail systems to illegally access — then publish — the private phone calls of various European cause célèbres between 02004 to 02011. Modern smartphones can use their onboard computers to emulate some manner of security practice when sending and accepting calls, but those can only be applied after the fact, while the larger network of transmission remains insecure.
Echelon was specifically designed to operate on the insecure foundations of voice telegraphy. Furthermore, it could only interface with long-distance phone calls which used an INTELSAT satellite up-link in some way.
What link, then, could there have been between Echelon and internet-based espionage? Especially to the degree that had the early Internet so convinced that Echelon, specifically, was spying on them? If digital surveillance through Echelon happened at all, be it on nationals foreign or domestic, it was less by design and more by freak accident. The satellite operators had spent the better part of ten years since their program’s founding in 01974, listening in on phone calls made by human persons with their human voices, talking in perfectly comprehensible human languages about mundane human frivolities. ... only to be very suddenly jolted awake by loud, abyssal, ceaseless screeching; like the mating cry of some horribly mutated locust, its rapidly-shifting alien frequencies auditioning as a soprano in some hellish opera. The first time it happened, with absolutely no forewarning, they must’ve thought their equipment malfunctioning. How horrifying — and annoying — the eventual truth must’ve been, that newly-invented robotic armies of fax machines and dial-up computer modems were slowly repurposing the once-tidy world of telecommunications for some other infernal purpose. Showing up as uninvited guests and re-arranging all the furniture.
Echelon was designed based on 01960’s technology, and put into motion in the mid-01970’s. The first dial-up modem was invented in 01979 and not commercially available until much later. The early Internet, as a nascent technology, did not have much in the way of its own dedicated infrastructure. For this time, the only non-institutional means of access to the Internet was using repurposed phone lines. The basics of ARPANET bulletin board systems were barely functional in university computer labs by the time Yakima Research Station went online. It wasn’t that the world wide web was being assailed by the shadowy force known as Echelon and its governmental proxies, but rather that the web had unwittingly encroached on what was already claimed as Echelon’s turf. It was in the strictest sense of “possible” that Echelon could intercept emails and hypertext transfer signals, but only when those signals interfaced with older pre-internet networks. Even then, Echelon was not very good at it, and the times when it did do so often wasn’t by informed choice. As the Internet grew, there was a push for greater speeds which the twisted-pair copper wires of telephone networks could not provide, so prone to the ever-dreaded “21600 Syndrome” which saw data transfer speeds slow down to less than 21.6 kilobits per second. The more internet access grew into its own specialized infrastructure using high-speed digital subscriber line broadband (DSL), the less likely internet traffic would be routed through satellite broadcast, and the less access Echelon would gain to it. Even the European Parliament’s rapporteur deduced that Echelon, or any Echelon-like system, would be largely ineffective at digital espionage.
Internet communications are carried out using data packets and different packets addressed to the same recipient may take different routes through the network. At the start of the Internet age, spare capacity in the public network was used for the transmission of e-mail communications. For that reason, the routes followed by individual data packets were completely unpredictable and arbitrary. At that time, the most important international connection was the “science backbone” between Europe and America.
The commercialisation of the Internet and the establishment of Internet [service] providers also resulted in a commercialisation of the network. Internet [service] providers operated or rented their own networks. They therefore made increasing efforts to keep communications within their own network in order to avoid paying user fees to other operators. Today, the route taken through the network by a data packet is therefore not solely determined by the capacity available on the network, but also hinges on costs considerations. An e-mail sent from a client of one provider to a client of another provider is generally routed through the firm’s network, even if this is not the quickest route. Routers, computers situated at network junctions and which determine the route by which data packets will be transmitted, organise the transition to other networks at points known as switches.
At the time of the science backbone, the switches for the routing of global Internet communications were situated in the USA. For that reason, at that time intelligence services could intercept a substantial proportion of European Internet communications. Today, only a small proportion of intra-European Internet communications are routed via the USA. A small proportion of intra-European communications are routed via a switch in London to which, since foreign communications are involved, the British monitoring station GCHQ has access. The majority of communications do not leave the continent: for example, more than 95% of intra-German Internet communications are routed via a switch in Frankfurt.
In practical terms, this means that the UKUSA states have access only to a very limited proportion of Internet communications transmitted by cable.
European Parliament Rapporteur, Gerhard Schmid
Living here in a future far removed from the turnt-millenium Internet, we may possess the now-released classified documents which provide hard proof of what Echelon was, and also was not. Those in the past did not have this proof, and without it, they simply assumed the worst. ... just the absolute worst. Early cyberspace, to the select few who had the opportunity plus technical skill to access and operate it, was a tool of great personal empowerment. Sudden and tragic dis-empowerment, then, was a dark possibility which continually haunted their introspection. Conspiracy theories arise in relation to whichever people or things we imagine hold power over us, even if those ideas differ wildly from the stuffy government offices and banks which commission our police or hold our debts. Fueled by scant evidence and wild speculation, Echelon was the sponge onto which they poured their liquid fears.
The “spook word” list which forms the vocabulary of this story, which was supposedly laced with scandalous bait so tempting that Echelon’s primitive sorting algorithms found it impossible to resist, was similarly a product of those fears. There was no heroic “hacker” who used some clever trick to liberate the list from the microfilm devices which first engraved it onto magnetic tape. (Echelon could not even be “hacked,” as it was not a computer, but rather an oversized FM radio-tuner.) The list was simply stitched together, superstitiously, from a collective understanding of these communally-held fears. The websites who led the Jam Echelon charge at the time didn’t elaborate much on the list itself or its much-advertised authenticity, objecting more to the possibility that Echelon could reasonably exist in the first place. “We are offering substantial resources for people to educate themselves about Echelon and what it is capable of,” stated the Cipher War: Information Warfare website in 02001. “This is an educational campaign sponsored by concerned netizens that value personal privacy and firmly believe that everyone has a right to privacy without government intrusion.” The curriculum of that “education” was to give structure to their insecurities, powered through a sieve of anti-government ideology.
The list was passed around by word-of-mouth, and each instance found things added, with no verification. A version of the list in The Register on May 31ˢᵗ 02001, a UK-based technology news publication, contained 1530 items. A year later, the cyber-periodical and conspiracy theory website Quintessence of the Loon produced another version of the list in June 02002, were the total grew to 1932. Some items on the list reflect the zeitgeist of late 01990’s cyberculture and other pseudo-political news items, almost all highly controversial and akin to urban legend in quality. For example, the listing of the term “whitewater” refers to a possibly-manufactured controversy regarding former president Bill Clinton (then governor of Arkansas) that originally stemmed from reporting in partisan political tabloids of the early 01990's, with no relevance whatsoever to anything espionage-related. Some telling few items of the list are anti-semitic in nature, and have no practical purpose other than promoting bigotry. Of what relates directly to the intelligence community, it isn’t terribly scandalous, the majority repeated fragments already known to the public through some source other than the list. Morwenstow, Pine Gap, Yakima, Misawa, Waihopai, Geraldton, Sugar Grove, Leitrim, Lamma, and Menwith are all on the list as known locations where INTELSAT satellites interfaced to ground. ... but other locations that should be there are missing: Sabana Seca, Shoal Bay, Kunia, Buckley Field, Ayios Nikolaos, and Guam. Of the many errant numerical codes included, Yakima Research Station’s signals intelligence activity designation of “787” is the only one – out of a noteworthy collection of permutations including two sevens siding another number – to not be listed. Many of the blacklisted words are self-referential to the very act of surveillance in some way, there more for the sake of the neophytic reader, than for the supposedly very-serious and very-professional intelligence agency who would’ve need use it for some purpose. Despite economic espionage being the known purpose of Echelon at the time, absolutely no terms regarding such appear on the list.
In all likelihood, Jam Echelon Day made nary a dent in the capabilities of the Five Eyes. We were merely tilling the soil on a stone crust, unknown to the hot mantle which storms underneath. The closest thing within the Snowden documents on Echelon to this list was a document titled “CQV Fields,” which was only a small excerpt of a glossary to a missing larger paper. One item referred to an “ECHELON routing token applied by dictionary-based text keyword scanning engines, so that selected intercepts can be routed to a requesting system and/or analyst(s).” If a word list of some kind was involved at one point or another, it was a document in constant flux; a system of inputs which were continually adjusted to meet the shifting needs and requirements of the NSA throughout Echelon’s decades of operation. The Jam Echelon list as-such was largely talismanic in purpose, but unlike uttering the names of the ancient gods, depicting the soul of a hammer does not prevent it from hitting nails.
On the 19ᵗʰ of July in 02005, the Foreign Affairs Directorate of the NSA ruminated on the European Union’s opposition to their activities.
(C//SI) ... It’s worth a reminder that NSA’s foreign SIGINT relationships are not far removed from the public spotlight. Although events post-9/11 have overtaken the spotlight and the story rarely makes the news these days, ECHELON is the most vivid example of this fact. Could it be that the European nations that previously made the claims about ECHELON and industrial espionage have come to realize that, yes, there is an ECHELON system, but rather than conducting alleged industrial espionage, it is a vital contributor to the global war on terror?
(C) Undoubtedly the most prominent moment in the ECHELON saga was the Summer of 2000 when the European Parliament appointed a 36-member ad hoc committee to spend a year investigating ECHELON. As the media spotlight brightened, a series of events occurred which help tell the story. These included a visit to the US by members of the EU Commission, during which the members declared their intention to come to NSA to get ground truth. While the visit to NSA did not take place, the members were directed to our congressional oversight committees who reaffirmed with emphasis that NSA operates within all the rules and laws, and with full congressional oversight.
(C) Corporate NSA (FAD [Foreign Affairs Directorate], SID [Signals Intelligence Directorate], OGC [Office of General Counsel], PAO [Public Affairs Office], and Policy) ensured that our interests, and our SIGINT partners’ interests, were protected throughout the ordeal; and ironically, the final report of the EU Commission reflected not only that NSA played by the rules, with congressional oversight, but that those characteristics were lacking when the Commission applied its investigatory criteria to other European nations. In the final analysis, the “pig rule” applied when dealing with this tacky matter: “Don’t wrestle in the mud with the pigs. They like it, and you both get dirty.”
Obliquely referred to is the European Union’s “Enforcement Police” interception system; a rather slapdash attempt at emulating Echelon for themselves. Little is publicly known about it, aside from its “Enfopol” codename. A council resolution on January 17ᵗʰ in 01995 allowed for the member states to begin collating resources on l’interception légaledestélécommunications, originally referring to phone lines at first, but another council resolution in 01998 expanded scope to the Internet as well. It is unclear if the project, as such, ever reached operational capacity; at least considering it took Echelon twenty-one million dollars and a full decade to do the same. That the European Union could openly pursue the Enfopol project, while still denouncing the efforts of anglophone countries and their use of Echelon, was to the redacted opinion columnist within the NSA Foreign Affairs Directorate nothing more than stark hypocrisy. If the EU was not doing its commission on Echelon in good faith, then what was the Five Eyes to make of the accusations of industrial espionage? Even if the charges were completely and utterly true, were they not also telling on themselves? Was the EU to use their own espionage systems for the same purpose and profit? Another point which drew the possibly-knowing attention of the NSA was the focus on legal standards, or the lack thereof. They stressed that Echelon perfectly complied with all legal standards within American law as prescribed by the US Constitution. (Fourth, Fifth, Sixth, Seventh, and Eighth Amendments notwithstanding.) These were legal standards which we will discover they nonetheless abused, and could easily have changed with a few quick words to their leagues of sympathetic legislators, but were still standards which Echelon bothered to even meet. Their much-accusatory competitors in Enfopol, it appeared to the Five Eyes, couldn’t even manage that much.
It is perhaps a deep irony then, both the NSA and the few anti-Echelon minority opinions responding to the toothless European Parliament report, may very well have been in perfect agreement. ... if for only one, ever-brief moment.
A few years later in 02013, not long after Snowden’s release of NSA documents, Yakima Research Station closed down. It didn’t even reach its 40ᵗʰ anniversary, which the wistful redacted authors of The Northwest Passage were so eagerly awaiting. The NSA did not publicly state the reason for the closure, but the suspected rationale among those with the ability to make an educated guess, was simple technological obsolescence.
The satellite communications intercepted and interpreted at the facility — including emails, phone calls, faxes and computer data searches — are no longer the primary means by which data is exchanged internationally, said James Bamford, whose 1982 book “The Puzzle Palace: A Report on America’s Most Secret Agency” is considered a benchmark in advancing the public’s understanding of the NSA.
“NSA’s not just shutting down Yakima,” he said. “They’re kind of shutting down that technique.”
The Yakima facility, believed to be part of the Echelon international satellite-communications project, is not alone. A similar listening station in Sugar Grove, [West Virginia], is also slated to close. Both have fallen victim to changing technology, Bamford said. As he wrote in his 2008 book “The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America,” the bulk of communications entering the United States now come from fiber-optic cables on the floors of the Atlantic and Pacific oceans. The NSA has, he wrote, developed partnerships with telecommunications companies that allow the agency to access those communications, shifting the focus away from the kind of satellite listening done at the Yakima facility.
“It’s kind of a legacy system, this whole idea, the Echelon,” Bamford said. “Communications have changed a great deal since they built it.”
The Yakima Herald, [local Yakima-region newspaper] May 27ᵗʰ, 02013
In early September of 02020, the United States Court of Appeals for the Ninth Circuit ruled on United States v. Moalin. Four Somali individuals were convicted of a crime, based on evidence obtained through bulk telephone data collection by the NSA. The convictions were upheld, but an awkward complication arose regarding the mysteriously-sourced evidence. The proceedings went at a snail’s pace due to logistics regarding the classified data, yet the court ultimately found the entire bulk collection system was unconstitutional and illegal, specifically having violated the Foreign Intelligence Surveillance Act of 01978. The case had no repercussions. While the court was still trudging through the classified documents, long before they could reach that unanimous verdict, the unnamed surveillance program in question was shut down in 02015.
Echelon and cyberspace passed each other in the night. Their meetings were brief, awkward, and antagonistic in mutually equal parts. Despite the shadows which were cast in the imaginations of many, Echelon struggled to keep pace with the new “information age” it found itself in. The limitations of its fast-antiquating technology could not keep up with the grand buffet of machine-buttressed data packets, which Echelon was just as much drowning in, as it would be starved by.
... but these were problems that could yet be solved. Echelon’s ability to intercept internet communications was trying at the best of times, but it did whet the Five Eyes’ appetite. Echelon was not the primary draw of attention in Edward Snowden’s documents, the few mentions which answered those decades-old questions were only a furtive glance, hiding behind towering new horrors which had so captured Snowden’s dread.
Stills from internal-NSA PowerPoint presentations regarding their post-echelon internet surveillance and digital espionage technologies: “XKeyScore” and “PRISM” which were the primary items of Edward Snowden’s whistle-blowing action.
The President’s Surveillance Program
Early cyberspace had misplaced fears about Echelon, but no matter how misplaced, they were still fears. Only less than ten years later, the Internet had become a very different place.
What makes a life? More than what we say; more, even, than what we do. A life is also what we love, and what we believe in. For me, what I love and believe in the most is connection, human connection, and the technologies by which that is achieved. ... for my generation, connection has largely meant the Internet.
Before you recoil, knowing well the toxic madness that infests that hive in our time, understand that for me, when I came to know it, the Internet was a very different thing. It was a friend, and a parent. It was a community without border or limit, one voice and millions, a common frontier that had been settled but not exploited by diverse tribes living amicably enough side by side, each member of which was free to choose their own name and history and customs. Everyone wore masks, and yet this culture of anonymity-through-polyonymy produced more truth than falsehood, because it was creative and cooperative rather than commercial and competitive. Certainly, there was conflict, but it was outweighed by goodwill and good feelings—the true pioneering spirit.
You will understand, then, when I say that the Internet of today is unrecognizable. It’s worth noting that this change has been a conscious choice, the result of a systematic effort on the part of a privileged few. The early rush to turn commerce into e-commerce quickly led to a bubble, and then, just after the turn of the millennium, to a collapse. After that, companies realized that people who went online were far less interested in spending than in sharing, and that the human connection the Internet made possible could be monetized. If most of what people wanted to do online was to be able to tell their family, friends, and strangers what they were up to, and to be told what their family, friends, and strangers were up to in return, then all companies had to do was figure out how to put themselves in the middle of those social exchanges and turn them into profit.
This was the beginning of surveillance capitalism, and the end of the Internet as I knew it.
Now, it was the creative Web that collapsed, as countless beautiful, difficult, individualistic websites were shuttered. The promise of convenience led people to exchange their personal sites — which demanded constant and laborious upkeep — for a Facebook page and a Gmail account. The appearance of ownership was easy to mistake for the reality of it. Few of us understood it at the time, but none of the things that we’d go on to share would belong to us anymore. The successors to the e-commerce companies that had failed because they couldn’t find anything we were interested in buying now had a new product to sell.
That new product was Us.
Edward Snowden, Permanent Record [autobiography]
Following the September 11ᵗʰ attacks on the World Trade Center in New York City, the sleepy hegemonic behemoth jolted awake from an already-restless torpor, idle since the official end of the Cold War. Finding wonderful new purpose in their self-proclaimed “war on terror,” Presidents Bush and Cheney saw fit to strengthen the reach of the “President’s Surveillance Program” (PSP) to ever-bold and greater heights. The highly-secretive PSP can be linked to the early days of the Reagan presidency, authorized by executive order 12333. Much like how the later invasions of Afghanistan and Iraq were opportunistic advances offered with later-found-false justifications, order 12333’s vast increases to the powers of American intelligence were a result of “The Sterling Affair.” After the departure of appointees from the Carter presidency, the NSA’s new and inexperienced — but hyperconservative and vehemently anticommunist — administration was driven to seeming madness by the claims of Claire Sterling’s salacious 01981 paperback book The Terror Network, despite all contained claims being categorically known falsities. The post-9/11 admin availed itself of these Reagan-era tools to actually attempt digital mass surveillance for the first known time, which likewise remained, even while the legitimacy of the “war on terror” began to wane.
As the European Parliament’s rapporteur noted in the Echelon report, the Internet is a wild and unpredictable thing. Suppose, as a hypothetical-but-impractical task, one were to accurately map all network routes on the Internet. Even with that map, knowing the exact route any data packet would need to reach its destination is impossible, given both cost considerations and reactions to network congestion from all other Internet traffic at any given point. Should a data packet run along a portion of the network that a country claims sovereignty over, and thus forces those data packets to submit to inspection, that makeshift customs system has no guarantee the information they’ll learn would amount to a complete picture of anything. One half of a package might pass through that part of the network, but the other might not. President Bush the Younger and his largely computer-illiterate administration, in their panic or their greed, gave their intelligence services a seemingly unachievable task.
... but even if the routes along which network traffic use are amorphous and protean, utterly impossible to influence, the same is not true of the eventual destinations. If the common destinations of Internet traffic could be tilted in the favour of American companies, and those companies are subject to American law, the intelligence agencies can then narrow the scope of their “mass” surveillance to something cheap and practical. As market forces began to push a greater degree of sway upon early cyberspace, the hobbyist web turned away from functions of technical expertise and personal free time, towards fragile business models geared for making money. Many websites failed under these conditions of capitalist constraint, especially as the technical cost needed to keep websites safe and functional began to rise precipitously, with cyber-attacks and hacking threats of increasing severity. Soon only a handful of websites, managed by a handful of companies, would dominate the vast majority of the anglophonic internet. With large amounts of data naturally pooling in these few select locations, if any sovereign government wanted access to it, all they need do is ask.
Thus formed SIGAD US-984XN, the “PRISM” surveillance program, and arguably the least controversial revelation of the Snowden documents. Prism’s disclosure caused the largest fallout, despite its relatively benign status as an agency-internal streamlining process, merging multiple corporate sources into a single workable system. The visual metaphor of a glass triangular prism splitting a single ray of light into all colours of the rainbow, applies in reverse, and allows each individual colour to merge inwards. The different American conglomerates formed partnerships with the American intelligence service at different times and circumstance, each in ignorance to the likesame actions of their would-be competitors. Around that same point, many American hardware and software companies were also seeing new profits from expansions into markets outside of the anglophone countries, which all came to a sudden halt following questions they were unwitting pawns of the extremely aggressive American government in attempt to bring foreign nationals to harm. (Questions those companies could not answer to anyone’s satisfaction, even their own.)
Yet Prism, and the unique circumstances which enabled its creation, were only one tool in the mass surveillance toolbox. With internet traffic tipped in the direction of American companies, intelligence agencies of the new millennium could get around the limitations of old Echelon-like systems, taking advantage of the phenomenon Canadian security researchers Clement and Obar termed “boomerang routing.” To borrow and modify Gerhard Schmid’s earlier example: if two German nationals were conversing over the Internet, but the service used was American in origin, the US-based company would still be party to the conversation – irrespective of the shortest connection remaining within German borders. This way, data packet interception transforms from largely ineffective, to mostly practical. The NSA itself ran the gambit of internet communications interception, first with the “TRAILBLAZER” project which had already been the subject of multiple separate whistle-blowing actions before Snowden and declared a multi-billion dollar waste of time as early as 02005, then to what Snowden later reported as the doomed project’s more fortunate twin successors: “TURBULENCE” and “TURMOIL.” Installed in special rooms at major private telecommunications companies throughout the US and other allied countries, these router-tapping physical firewalls – each no larger than a standing bookshelf – are capable of parsing and scanning for “suspicious” internet traffic in as little as 686 milliseconds per execution.
At the time of Snowden’s disclosures, the majority of all hypertext transfer protocol (HTTP) internet traffic was still insecure and not encrypted. Any request to visit a website, through a uniform reference location-based (URL) web address, would’ve been plainly written on the packets for any snatcher to read. Using a custom-built search engine called “XKeyScore,” the NSA could soon automatically comb through the ever-increasing tranche of stolen digital communications. Keyscore would mark the first time since 01946 when the Five Eyes increased their number, with its software shared to intelligence agencies in Germany and Japan. (Unclear if it was only the search engine software that was shared, or also access to the same database of intercepted communications which Keyscore normally used.) The large corpus of stolen metadata was likely not limited to only HTTP, but may have included any number of other unencrypted socket-based system, which describe the unique characteristics of each individual computer connecting to the larger world. Keyscore kept active track of these differing strengths and weaknesses to search for, not people or persons, but rather devices and machines susceptible to “tailored access operations” (TAO) – their own in-house solutions for hacking and almost-legal cyber-crime.
Given the benefits the new, slowly-mainstreaming Internet offered, the old satellite interception systems of yesteryear must have seemed awkward and cumbersome indeed. Why go hunting for secrets in such faraway climes as Hong Kong and Waihopai, when you can get the same secrets to come home to you?
The Bush administration began to repurpose the PSP via executive order on October 4ᵗʰ of 02001, the exact text of which is still classified, but is known by the title of “Authorization for specified electronic surveillance activities during a limited period to detect and prevent acts of terrorism within the United States.” Only the fortuitous timing of a highly-televised national tragedy made the PSP’s attempted expansions palatable, and even then, it was an awkward and bumpy process. Their wild and loose antics resulted in frequent clashes with the Department of Justice, triggering many conflicts for the Bush-Cheney admin’s own political appointees, and caused much intra-governmental scandal that constantly threatened to boil over. The Bush administration’s upper echelons proposed the “war on terror” should grant the presidency war-time powers, even though the war as such was never with another country, but instead terrorist groups which the United States was free to define as they wished. Despite being purportedly ordered against conducting warrantless surveillance on American citizens, the PSP seemed incapable of doing so while still meeting its other espionage objectives. A New York Times exposé about the PSP, as it was known in 02005, re-ignited the same old controversies that Echelon once did regarding the wiretapping of private phone calls. (The Internet-based side of the story was still not yet mainstream.) The “limited period” began to encompass a longer and longer amount of time, being re-authorized every 45 days, until both the executive branch and the intelligence agencies grew too dependent on whatever it was the PSP did. So desperate was the need satisfied – and so disparate was the opinion of its legality – in 02003 when it came time to reauthorize it once more, and the only person capable of doing so was in hospital recovering from surgery, the Bush admin overrode protocol to keep the PSP going. It took until the subsequent Obama presidency to begin cleaning up the mess, yet that still proved to be a piecemeal and stubborn process, with many of Barack Obama’s reforms being more about managing the ongoing issues – rather than solve them. By July 10ᵗʰ of 02009, the administration tried putting the whole sordid affair behind them, with the release of the “Unclassified Report on the President's Surveillance Program.” The unclassified report was signed by the Inspectors General of five different government agencies.
During the time he was assigned within the NSA to profile the nature of China’s internet surveillance systems, the unclassified report drew Edward Snowden’s attention. Snowden found the report lacking for multiple reasons, most primary of which were how each of the inspectors general were unable to compel testimony from the key players who set the expanded PSP into motion, Vice President Dick Cheney and Department of Justice lawyer John Yoo for only a few examples. It stood to reason if this unclassified report existed, there must also exist a classified version to be unclassified from. Snowden used his position within the NSA’s still-historically-recent technical divisions to search for it, but to no avail. Snowden almost forgot about his quarry, until the classified document showed up on his desk one day, quite by accident. His previous job within the NSA was working on a file comparison algorithm, to detect and sort out multiple copies of the same document throughout the NSA’s clusters, in attempt to save on then-limited disk space. A duplicate copy of the classified report was flagged for deletion, and Snowden found it while emptying out the algorithm’s proverbial recycle bin. The reason for the report’s elusive nature was immediately revealed by the full classification designation: “TOP SECRET//STLW//HCS/COMINT//ORCON/NOFORN.”
These markings are called “CAPCO Registers,” and they’re used to denote documents of possible classification within the American intelligence community. They prepend almost every paragraph in classified media, but can be a bit hard to parse without the requisite training. While I have been providing pronunciation guides for quotations of CAPCO-registered material until now, this one is on the strange side, and needs to be interpreted by its component parts. The “TOP SECRET” portion is the most straightforward item. The United States uses a sliding scale of severity: from (U) “Unclassified,” to (C) “Confidential,” (S) “Secret,” and finally (TS) “Top Secret.” This particular label “shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security,” (emphasis not mine) as defined by Executive Order 13526, put into motion by President Obama in 02009. The document Snowden read predated that executive order, so while the exact definition of “top secret” might have been different, the function was doubtlessly the same. The next most-identifiable portion is “NOFORN,” which is read “not releasable to foreign nationals.” Then is “ORCON” as “originator controlled,” used for “classified intelligence that clearly identifies or reasonably permits ready identification of intelligence sources or methods that are particularly susceptible to countermeasures.” (Remember this definition.) “COMINT” is not a proper CAPCO register anymore, but it does properly date the document. A later update to the register system replaced the COMINT appellation with “SI” for “Special Intelligence,” the blunted and euphemistic reference to all sources of information gained by wiretapping and communications interception. Lastly, and perhaps most frustratingly, is the “HCS” label; which is mentioned and defined by the CAPCO register manual, yet not given a proper, non-abbreviated name. “HCS protects the most sensitive HUMINT operations and information acquired from clandestine and/or uniquely sensitive HUMINT sources, methods, and certain technical collection capabilities, technologies, and methods linked to or supportive of HUMINT.” It is separated from the COMINT with a single slash (/) instead of a double (//), meaning the human-intelligence and communications interception are related in some manner. Snowden’s pithy translation of this long and complicated register, on the whole, amounts to “only a few dozen people in the world are allowed to read this.”
Whereas the unclassified version merely made reference to the NSA being ordered to intensify its intelligence-gathering practices following 9/11, the classified version laid out the nature, and scale, of that intensification. The NSA’s historic brief had been fundamentally altered from targeted collection of communications to “bulk collection,” which is the agency’s euphemism for mass surveillance. And whereas the unclassified version obfuscated this shift, advocating for expanded surveillance by scaring the public with the specter of terror, the classified version made this shift explicit, justifying it as the legitimate corollary of expanded technological capability.
The NSA IG’s portion of the classified report outlined what it called “a collection gap,” noting that existing surveillance legislation (particularly the Foreign Intelligence Surveillance Act) dated from 1978, a time when most communications signals traveled via radio or telephone lines, rather than fiber-optic cables and satellites. In essence, the agency was arguing that the speed and volume of contemporary communication had outpaced, and outgrown, American law — no court, not even a secret court, could issue enough individually targeted warrants fast enough to keep up — and that a truly global world required a truly global intelligence agency. All of this pointed, in the NSA’s logic, to the necessity of the bulk collection of Internet communications. The code name for this bulk collection initiative was indicated in the very “dirty word” that got it flagged on my system: STLW, an abbreviation of STELLARWIND. This turned out to be the single major component of the PSP that had continued, and even grown, in secret after the rest of the program had been made public in the press.
STELLARWIND was the classified report’s deepest secret. It was, in fact, the NSA’s deepest secret, and the one that the report’s sensitive status had been designed to protect. The program’s very existence was an indication that the agency’s mission had been transformed, from using technology to defend America to using technology to control it by redefining citizens’ private Internet communications as potential signals intelligence.
Such fraudulent redefinitions ran throughout the report, but perhaps the most fundamental and transparently desperate involved the government’s vocabulary. STELLARWIND had been collecting communications since the PSP’s inception in 2001, but in 2004 — when Justice Department officials balked at the continuation of the initiative — the Bush administration attempted to legitimize it ex post facto by changing the meanings of basic English words, such as “acquire” and “obtain.” According to the report, it was the government’s position that the NSA could collect whatever communications records it wanted to, without having to get a warrant, because it could only be said to have acquired or obtained them, in the legal sense, if and when the agency “searched for and retrieved” them from its database.
This lexical sophistry was particularly galling to me, as I was well aware that the agency’s goal was to be able to retain as much data as it could for as long as it could — for perpetuity. If communications records would only be considered definitively “obtained” once they were used, they could remain “unobtained” but collected in storage forever, raw data awaiting its future manipulation. By redefining the terms “acquire” and “obtain” — from describing the act of data being entered into a database, to describing the act of a person (or, more likely, an algorithm) querying that database and getting a “hit” or “return” at any conceivable point in the future — the US government was developing the capacity of an eternal law-enforcement agency. At any time, the government could dig through the past communications of anyone it wanted to victimize in search of a crime (and everybody’s communications contain evidence of something). At any point, for all perpetuity, any new administration — any future rogue head of the NSA — could just show up to work and, as easily as flicking a switch, instantly track everybody with a phone or a computer, know who they were, where they were, what they were doing with whom, and what they had ever done in the past.
Edward Snowden, Permanent Record [autobiography]
According to Snowden, the classified report was a completely different beast from the “theatre” publicly released during the early days of the Obama admin, sharing only the unclassified document’s title and little else. While the classified version ultimately inspired Snowden to become a whistle-blower, this was still before he had made any attempt to complete a full review of the Five Eyes’ surveillance capabilities from his vantage within the NSA, and that specific document was not part of the cache later given to the media. At this moment, we can only take Snowden’s word for it. On the fortunate side, the general description of the Stellarwind programme as it may have once existed, does line up with other slightly-incomplete accounts. Thomas Andrews Drake, the whistle-blower for the much-maligned Trailblazer project, suspects that the legal justifications provided by order 12333 were needed to protect the operations of another carte blanche interceptions program: something the NSA of Drake’s time desperately wanted, even if it had difficulty actually accomplishing thus.
The legality of the “bulk collection” required the intelligence agency to stretch all definitions of the letter of the law. Even the basic description of the system would immediately suggest it in contravention of the American Constitution; at least five different individual Amendments in Snowden’s estimation alone, especially with the Fourth’s protections against unreasonable search and seizure. Nonetheless, the agency deployed workarounds. The Foreign Intelligence Surveillance Court (FISC), which supposedly governed these surveillance systems, theoretically only authorized its use against non-US citizens and other foreign nationals. The ultra-secretive FISC courts themselves, however, were only set up to operate under pre-internet assumptions and did not have any tools or legal prescriptions to deal with the peculiarities of digital espionage in a meaningful way. The digital surveillance system’s only legal arbiter being a court who was completely unequipped to do the job, was all part of this design, allowing the Stellarwind system to do whatever it wanted while still being perfectly “legal.”
One example is how the mass surveillance system deals with the First Amendment: the almost-religious invocation of the Constitution which supposedly grants Americans freedom of thought. Within the American sphere of media during the Echelon days, a group who most feared the theoretical oncoming systems of surveillance were those who had differences of thought far outside the mainstream, while still feeling empowered by the First Amendment. Their contention was that mass surveillance would curtail these freedoms, but Snowden wonders if “free expression” even enters the equation at all. For the government to repress free speech or freedom of thought, in any manner, they need to know what you are thinking in the first place. ... but if that is the necessary prerequisite, then what happens if they simply don’t? If the protections towards speech would constrain their actions, but they deafen themselves to any possible instance of speech, those same protections would no longer apply. Indeed, if they did care about what you were thinking or saying while spying on you, they’d only be opening themselves up to unnecessary liability.
That logic allowed them to protect from further “infractions” against their true object of surveillance: metadata. Your freedom of speech to applies to the content of an email you write. ... but what about the parts you did not? The parts of an email you never touched, but were still there? The hidden glut of SMTP headers and other metadata, automatically applied by your computer, to assist in the very honest process of getting that email to its intended destination? What about the same type of metadata in other contexts? Like the HTTP headers which traverse the network, saying computer X on internet service provider Y wants to load website Z, please fetch it from its server and deliver it to them? Is this metadata also your speech, even though you did not write it or actively think about it, but is still a necessary component of a given medium of communication? Is that “speech,” which is about you, describes you, and wouldn’t have been written without you, even “yours”? The American intelligence agencies, and by extension others within both the judiciary and bipartisan government, don’t think so. As far as they are concerned, that “speech” belongs to the companies, software developers, and internet service providers who write, use, and manage that metadata in the first place. It is theirs, not yours. It is impossible to have your First and Fourth Amendment rights violated in this way, since that metadata did not belong to you in the first place. ... making it fair game as the target of mass surveillance.
In the United States, it was already established law that it is illegal to open or access another person’s postal mail. Yet to the logic of the government who must abide, said law says nothing about knowing exactly how many letters a person has sent, to whom, and at what times; so long as they remain completely ignorant of the letter’s contents. If there were to exist some mindless automaton which could then make copies of those letters, all while remaining completely oblivious to the replicated words, the government could then keep those “unread” letters in storage — until such a time comes when they might then be necessary. Provided with enough probable cause, a court can then issue a warrant to waive or suspend those rights and laws on the part of an accused. “Mass surveillance,” then, is a method of logistical simplification. All the needed materials are pre-prepared and can be cracked open as soon as a warrant is signed.
The Keyscore and Prism combo was already fully online by April of 02013, when Chechen-separatist and “radical Islamic terrorist” Tamerlan Tsarnaev and his younger brother Dzhokhar Tsarnaev detonated makeshift pressure-cooker bombs in the crowds of the Boston Marathon. Following the bombing were multiple public disclosures about the then-late Tamerlan that seemed strange. After 9/11, the United States was ever-vigilant for signs of “Islamic extremism,” spurred on by both freshly traumatic past experience and a pinch of xenophobia for zest. When alive, Tsarnaev was submitted to the Terrorist Identities Datamart Environment (TIDE) at the behest of his own mother, who feared his violent tendencies and nascent extremism. Yet not only was Tsarnaev able to dodge police scrutiny while the suspect of a Massachusetts triple homicide investigation, but was also able to travel from the United States to Russia — and back — despite being on the TIDE-based “No Fly List” which should’ve prevented him use of an airport. His actions leading to the bombing raised so many red flags, even the Russian Federal Security Service (the FSB) saw fit to warn the American Federal Bureau of Investigation (the FBI) about Tsarnaev’s patently suspicious behaviour. Yet until the moment the bombs went off, all was irrelevant to the supposedly hyper-vigilant American authorities.
Those familiar with Tsarnaev, the first persons whom had experience of his violence and dreaded what he would become, were scandalized by the “anti-terrorism” authorities’ seeming incompetence. How could it be that these systems of surveillance, many aspects of it extremely invasive and many further designed to target someone like Tsarnaev specifically, all fail to do their purported purpose in grand cascading sequence? Soon came a theory the only reason the Boston Marathon Bombing happened at all, was that it was allowed, that Tsarnaev may have been an informant for a law enforcement agency who went rogue. ... the only reason that those theories are also likely untrue, is that even while the authorities’ loudest and harshest critics accuse them of some conspiracy, still believed is this central claim: that surveillance systems can “prevent” crime.
One example of how this plays out on a more local level was the technically-not-murder of Freddie Gray, in Baltimore, Maryland during April of 02015. The killing was one of many that spurred the Black Lives Matter (BLM) protest movement towards action, concerning the United States’ many racialized peoples and their perilous-to-life treatment from aspects of the American state. The one-sided legally-not-assault, in which local “law enforcement” officials attacked and snapped the neck of the young Gray in plain view of several horrified eyewitnesses, took place in one of the most heavily surveilled urban centres in the American mid-Atlantic. Baltimore is peppered with closed-circuit surveillance video systems (CCTVs), which festoon its so-called “crime-laden” neighbourhoods, and are all-too-ready to convict unsuspecting residents for far lesser things than what ended the life of Gray. Yet when it came time to prove criminality on the part of the police department who operated said surveillance system, quite suddenly, it gave up the ghost. Of what events it recorded, it only caught them from awkward, obtuse angles. Their automated sweeping motions, for reasons unfathomable, skip at key moments. Cameras that all standards demanded should have been online and functional at the time, reportedly, powered off and were so for days. In a city profuse with the generation of “evidence,” the police officers who attacked Gray were not charged for any crime, due to an utter lack of it.
Surveillance is merely a system of mass persuasion. Very powerful and highly suggestive persuasion, but only that. Surveillance cannot “prevent” anything for much the same reason that a television commercial or a YouTube video cannot prevent anything else. Bad things destined to happen will still do, and the most any system of surveillance can manage is some help cleaning up the ensuing mess, if that. You might be able to use surveillance footage to make a claim about something in court, bolster a specific case about why something happened in conversation to another person, or perhaps even just as raw materials to make ever-more content for the media. Despite the advertisements, these are not heartless or automatic systems, nor can they be compelled to make any claims their operators have no interest in. The expanded surveillance powers may have been sold to the post-9/11 public on the basis of increasing public safety, but this was likely a misdirection in favour of other goals.
What, then, were those other goals? Within the United States, the fear may be of government repression, the likes of which BLM was constantly brushing up against and other likesame groups may yet be exposed to. In absolute fairness to the NSA and the other four eyes, they genuinely might not consider domestic repression to be part of their job description. That dubious honour may instead fall to their local “law enforcement” partners, who have always had less prescriptions imposed on their professional conduct. This was already known in the period of time between 01950 to the late 01970s, when various minority groups were overtargeted by the much-maligned “COINTELPRO” programme, largely a result of the personal bigotries of the FBI’s leadership. The NSA, and indeed other intelligence services in other countries, have their sights on broader horizons: attacking and disrupting the activities of foreign nationals, and everybody is a foreigner to at least somebody else. This is where the interlocking mess of multiple different countries attempting mass surveillance on the other gives way to an older, more familiar form: industrial espionage. Of the currently known victims who suffered from Prism and Keyscore, a very stiff list begins to form: military procurement in Venezuela, Mexico’s Secretariat of Public Security, the Organization of the Petroleum Exporting Countries (OPEC), telecommunications companies collaborating on the undersea fibre optic line ranging from Italy to southeast Asia, an unspecified number of China-based targets including the Huawei corporation, German Chancellor Angela Merkel, and several telecom companies who had service contracts with the European Parliament and the European Council. Like Echelon before, while the lingering threat of mushy and emotional affairs are what compose the fears for why a digital surveillance system should never exist, it is the perfectly bland world of money and international rivalry where those same systems ply their trade. Don’t take it personally; it’s just business.
That cute little story I wrote? The one whose supposed purpose, by 01999 standards, is to ward away the all-seeing-eye of a tyrannical and repressive government? It's useless! They’re not even allowed to read it, because that is no longer the point. ... and even if they wanted, why waste their time? There’s already so much shit to steal! Shit you didn’t even know you had. Shit you’d never ever know got stole.
During 02014, a common secure-socket encyrption library (OpenSSL) was found leaking arbitrary data. The usually-secretive National Security Agency took the irregular step of publicly disclosing they did not have prior knowledge of the security exploit during its zero-day period.
Now Higher Echelons, or Lower
Following Snowden’s revelations and eventual stranding in Russia, the wider internet began to take information security more seriously. Websites had greater adoption for secure versions of hypertext transfer protocol, which implemented transport-layer encryption, and by 02018 major web browsers like Google Chrome actively flagged the non-secure version as a security risk. The Apple Corporation took greater steps to encrypt their consumer smartphone devices, and grew to have a rather testy relationship with American law enforcement, in their multiple attempts to regain carte blanche access to their products. The European Union implemented the incredibly strict Greater Data Protection Regulation (GDPR) in extension of the already-strict German bundesdatenschutzgesetz. While GDPR mechanisms are of little use against police and domestic intelligence agencies, it does limit the overall possible sources of information that foreign intelligence agencies have available, by putting greater limits on private sector use of European metadata. Like the differences in European copyright law, where the owner of a photograph is not the photographer but instead its subject, the rightful owner of any piece of data is instead the person the data describes — and that person can only temporarily lease that data to anyone who wishes to use it, which may be revoked at will.
Cyberspace, and the later early-modern Internet, shares quality with the birth of the automotive industry in North America. Americans adopted the automobile swiftly, but it took years for safeguards to catch up. Traffic lights, lanes, and rules-of-the-road couldn’t yet be taken for granted. All the while, fatalities soared, as pedestrians and children unknowingly wandered into a lawless and all-too-suddenly new landscape. Cyberspace was quickly discovering it needed similar rules. Exactly how much computer traffic, proverbial or otherwise, needed to be encrypted? ... a lot more than they first thought. The “Jam Echelon” charge may have been led by belief in the right to privacy, but the technology at the time made no efforts to ensure it, while governments and other less-than-savoury actors took advantage. The easiest and most straightforward objection to digital surveillance from the Five Eyes and any other governments, is not that it is in violation of hard-to-apply “laws” or nebulously-defined “rights,” but rather that it is just not safe. One can have those likely-stimulating conversations about “laws” and “rights” at a later point, but right now? The world is bound by a terrible amount of risk.
Irrespective of access to the Keyscore engine being limited to those within the Five Eyes agencies, the mere existence of these metadata traps introduce new risks to the persons whose facsimiles are contained within. The companies which Prism pipes its metadata from are not government projects, but instead within the private sector, and have even less oversight to their information security practices when compared against the already-lacking accountability standards of the intelligence agencies. The Facebook social network’s loose practices with user data have already escalated to the point of threatening national security at least once, when in 02013 the “Cambridge Analytica” group took advantage of flaws in product design to scrape large amounts of unconsenting user data from Facebook’s API, for the purpose of forming a digital copy of the American electorate which it could mark for manipulation in the next federal election. Yet despite these problems Facebook nonetheless trudged onwards, viewing them more as a public relations issue to be dealt with in the press, rather than something to address on a fundamental level. The GDPR, the protections of which are still not afforded to non-Europeans, came from smaller nations fearing similar exploitation.
Yet however much the new focus on encryption and information security may be a step in the right direction, it still came with some downsides, as one rather prescient minority opinion from the Echelon report stated many years earlier.
Although the likely existence of an Anglo-American system for the systematic and generalised interception of communications using search engines has been demonstrated, no reference is made to the fact that this technological capacity is certainly being used by Germany and the Netherlands and, probably, by France as well. Accordingly, since the secret services are intercepting communications from abroad, without authorisation and on the grounds of national security, some Member States will be intercepting communications from institutions, citizens, or businesses of other Member States. Although more powerful encryption methods should help to protect privacy, their introduction will inevitably lead to the appearance of more powerful lawful means of decryption techniques, given the indissoluble link between the development of cryptographic, code-breaking, and technical interception systems. Solutions must therefore be sought in the political field: via legal and parliamentary scrutiny of interception activities and monitoring of the police, security and intelligence services; by preventing the proliferation of control bodies which operate to different data-protection standards and without any genuine democratic and legal scrutiny; by regulating – on the basis of the highest standard and the case-law of the ECHR – protection of the privacy of European citizens against preventive interference by government authorities and eliminating the discrimination existing within the European Union between citizens of various Member States.
Italian MEP Maurizio Turco
Recall the Stellarwind document’s classification. The untrained eye may be drawn to the scandalous-looking “TOP SECRET” label at the front, but the real thing of note might be origination control, “ORCON.” This is used for something that “clearly identifies or reasonably permits ready identification of intelligence sources or methods that are particularly susceptible to countermeasures.” (Emphasis mine.) The architects of these government-based hacking systems, by their own understanding of how they worked, could easily imagine how to get around them. Stellarwind, Turbulence, and whatever else might carry the label, were doubtlessly powerful systems, yet also potentially fragile. The fact that they even existed at all was enabled by lazy happenstance. In 02015, the director of the US-based National Counterterrorism Center complained to the Senate Select Committee on Intelligence of the issues Snowden’s leaks posed to their work. The government knew of specific terrorists who had increased their security with new types of encryption, changing email addresses, and abandoning prior methods of communicating. ... but, if successful evasion took only these few additional precautions, the eavesdropping system wasn’t so powerful in the first place.
During the days when transport-layer security was still optional, the Five Eyes viewed any attempt at HTTP encryption as barely a concern. By using a “man in the middle” attack to intercept a secure packet, it could be effortlessly decrypted by sending it back to its originating webserver with its optional-security stripped off, and the webserver would dutifully revert back to non-secure operation as designed. This technique comprised the likely-short-lived “MUSCULAR” programme within the Five Eyes, and was used to gain access to private storage on Google’s hosting platforms, the disclosure of which in the Snowden documents made the responsible Google engineer erupt into an apoplexy of vulgarity. ... but as the world slowly enshrouded itself in encryption, the motives which gave rise to digital espionage did not simply fade away. If anything, they were made more desperate. If data packets gained transport-level security, and thus were useless if intercepted during transport, it only increased their reliance on corporate sources through the Prism program. It became more important to target the places where encrypted packets would be eventually decrypted, and “target” they did.
The NSA’s tailored access operations protocol, first set into motion by 01997, gave the Five Eyes’ free reign to use whatever underhanded tricks available to achieve their industrial espionage goals. Many of the exploitation schemes used by “black hat” hackers outside of state hierarchies, were first the purview of intelligence agencies in their “grey hat” orientation. Zero-day exploits, especially, are the blood diamonds of the espionage world. They are called “zero-days” because of their status as exploits the software developer has no prior knowledge of, and thus has no time whatsoever (zero total days) to respond before it is inevitably used against them. These security flaws can range from benign, such as inappropriately leaking data, to far more serious: where the ability to achieve arbitrary code execution would allow a rootkit installation upon a target system, allowing an unknown hacker to seize control of it from a remote vantage. Since at least 02003, the NSA began collecting and hoarding zero-days for their own ends, as purchased from the zero-day grey-market. A complex combination of four different zero-days comprised the Stuxnet computer virus, which was first discovered in 02010, and used to destroy nuclear reactors in the country of Iran. Stuxnet was believed to be a cyberweapon jointly developed by both the United States and Israel.
This grey market was not created by accident, but rather negligence. In the early days of home computing, hackers and other programmers who discovered software exploits generally did try to inform the required companies of what the problems were and how to fix them, only to be sternly rebuffed with threats of legal action from those companies’ teams of lawyers. The still-growing grey market, by comparison, treated its sources much more humanely and was willing to enter productive and mutually-beneficial agreements with them. ... even if the results were horrifying. The Five Eyes attempted to justify these activities on the grey market through a “NOBUS” policy, deeming given zero-day vulnerabilities “safe” if and only if “nobody but us” can effectively utilize it. This was buttressed internally within the American government through the “vulnerabilities equities process” (VEP) system, first drafted in 02008 but only made public by 02016, where a multitude of American government departments and agencies would review zero-day options for the NSA’s preferential use. During the days of the “Heartbleed” panic of 02014, in which a common library for cryptographic security was found leaking arbitrary data, a White House cybersecurity coordinator defended this policy.
Building up a huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people unprotected would not be in our national security interest. But that is not the same as arguing that we should completely forgo this tool as a way to conduct intelligence collection, and better protect our country in the long-run. Weighing these tradeoffs is not easy, and so we have established principles to guide agency decision-making in this area.
We have also established a disciplined, rigorous and high-level decision-making process for vulnerability disclosure. This interagency process helps ensure that all of the pros and cons are properly considered and weighed. While there are no hard and fast rules, here are a few things I want to know when an agency proposes temporarily withholding knowledge of a vulnerability:
How much is the vulnerable system used in the core internet infrastructure, in other critical infrastructure systems, in the U.S. economy, and/or in national security systems?
Does the vulnerability, if left unpatched, impose significant risk?
How much harm could an adversary nation or criminal group do with knowledge of this vulnerability?
Michael Daniel, then Cybersecurity Assistant to President Obama
This was a weak assurance, as whether or not a given zero-day remains within the no-bus remit, is not for any Five Eyes signatory to decide. This was tragically proven only a few years later, when the “Shadow Brokers” hacker group made their way into the NSA’s internal network, stealing some few zero-days and their exploitation tools. The “ETERNALBLUE” cyber-weapon was one of the stolen items, and soon incorporated into ransomware viruses which afflicted the world in 02017, with the country of Ukraine of the most affected amidst the continued tensions of the Russo-Ukrainian War. Several Ukrainian ministries, banks, metro systems, airports, and state-owned enterprises were forced offline or had digital records permanently destroyed. The radiation monitoring system at Ukraine’s Chernobyl Nuclear Power Plant was also affected. Despite the debate over if the cyber-attacks could be attributed to Russia or not, the malware would not have been anywhere near as effective were it not made from commandeered American national secrets. The same was also true of that year’s far less nationally-discriminate “WannaCry” ransomware, and the curious claim of its origin from the much-sanctioned “hermit kingdom” of North Korea, whom on their own do not possess the capacity to develop such a well-honed cyber-weapon. This was by no means a new possibility. While the Stuxnet affair was still raging on, Ralph Langner’s analysis of the virus pointed to how the largest bulk of Stuxnet’s possible vulnerable capacity was not solely within the Middle East as originally targeted, but instead the continental United States.
Despite being partly responsible for widespread damage to the national infrastructure of multiple different countries in 02017, including many allied nations, the Five Eyes’ VEP system remained in place following 02017. The VEP system may claim to put oversight on how zero-day collection is conducted, but by the same logic, also justifies the continued zero-day arms race as a tacit fact.
This, however, only covers recent developments in the field of digital mass-surveillance. Already, there is fear regarding “quantum” and the risk it poses to encryption techniques. Currently, most forms of secure cryptography rely on “Rivest-Shamir-Adleman” (RSA) which uses large-value prime numbers in various states of multiplication. In classical mathematics, prime numbers can form the basis of uncrackable cryptosystems on how reversing the process would require dividing those numbers, but prime numbers cannot be easily divided. Yet so desperate is the hunger for breaking these cryptosystems, various governments resorted to leaving the realm of classical mathematics entirely, for the strange parallel world of quantum physics. There, it is possible to reverse RSA encryption through factorizing prime numbers, using a technique called “Shor’s algorithm.” Quantum computers are extremely expensive to build and maintain, reliant as they are on measuring the resonance of active nuclear particles, but they're not the only ones capable of quantum mathematics. Even a regular digital device can approximate quantum states if given enough bandwidth. Using the “Q#” programming language designed for that purpose, a non-quantum computer can simulate one “qubit” of data using a terabyte of digital memory. (Digital qubit usage grows exponentially; two qubits may use two terabytes of digital memory, but three will use four, four will need eight, and five — sixteen.) Shor’s algorithm was discovered in 01994 and was first put into practice by an IBM Corporation working group in 02001, using an early quantum computer with access to 7 non-emulated qubits. By 02019, IBM was able to reach a 35 qubit capacity. These qubit scales are capable of factorizing small-value primes, but still not powerful enough to factorize primes on the scale which a common RSA implementation would employ. ... still, it is only a matter of time. Many things relying on cryptographic security systems, from basic Internet browsing to even things like online banking and payment processing, are known to be weak to “quantum-attacks” and still have no reliable “post-quantum” alternatives. Worldwide chaos would likely ensue if a powerful enough quantum computer, or equally commensurate quantum-approximating-superstructure, were to ever fall outside of the no-bus remit.
What was first identified as a “mass surveillance” system is only sometimes used as such, and even then, not often. From a bird’s-eye-view of the Five Eyes’ ventures into cyberspace, that “surveillance” system is merely one functioning component of a generalized form of cyberwarfare as state-sanctioned cyber-crime. The “surveillance” system largely ignored any attempts at political opprobrium, or even threats to public safety, in favour of searching for “high-value targets” in the purely monetary sense. By collecting actually-informative metadata on those high-value targets, they could digitally “case the joint” of any person or organization they wanted to infiltrate and steal from. This method of operation is hardly that different from privateering during the Age of Sail, where petty kingdoms would offer “letters of marque” to known maritime pirates, endorsing their activities in attacking and “legally” seizing the assets of merchantmen and other cargo ships hailing from foreign nations. ... only to end up with a scandal on their hands, when those same “gentlemen of fortune” invariably end up attacking their kingdom’s own trade vessels in the ocean fog. In their attempts to gain advantage for their countries’ gold and treasure, the anglophonic intelligence agencies enabled the worst tendencies in cyber-criminals the world over. When the time came, other espionage alliances outside of the Five Eyes were all too eager to respond in kind. One day’s surgical scalpel would be repurposed into the next day’s unstoppable chainsaw. From that same lazy happenstance as before, ever-powerful cyber-weapons sharpen the Sword of Damocles which now hangs precariously over the Internet, and all whom rely upon it.
When the first modern democracies began to form throughout western history, they did so in concert with “the press” and its nascent forms of mass media, to create “public spheres” in which matters of state can be conveyed to all whom it affected. So important was this reliance on public sphere journalism to the function and development of the state, the American founding fathers placed the press foremost among their concerns, even before national defense. ... yet these same styles of government, however reliant they were on “the free press” to carry out its duty, were completely ignorant to what that same press needed of its own wont and merit. They demanded that press be alive and well, but made no precautions for what should happen if it began to fail, to wither and rot on the vine. Printing presses and the many newspapers which they stamped dwelt in the imagination of statecraft, while still strapped to the harsh world of business, the duties of one always at odds with the demands of the other. While “free speech” should have been prescribed to all, the instruments and mechanisms to effectively use it remained within a dwindling number of hands: first in the newspaper barons of the gilded age of laissez-faire capitalism, to later in the even fewer mass broadcast companies capable of expensive television production and radio network syndication. No matter how much the people and state wanted a free and pluralistic press, the material realities of the media demanded journalism be an extremely cost-effective mechanism. The news media was always a vulnerable institution. Where rushed mistakes and feeble misunderstandings hadn’t already soured the soil, propaganda and persuasion took root. For every one overworked journalist struggling to meet ever-stricter publication deadlines, there could be three, five, perhaps ten times as many more corporate public relations professionals, partisan propagandists, ideological think tanks, government apparatchiks, and general profiteers looking to influence them in undue ways. ... influence, enabled and made easier, by the journalist’s already-precarious situation.
... and when the personal computer claimed the throne which the once-mighty printing press held for centuries, so too did it inherit this same predicament. People may demand the internet, their computers, and other digital devices be safe for operation — but the business models do not allow for it. For every one programmer working to ensure the integrity of any single piece of hardware, software, or network component, there may exist upwards of a hundred others who are working just as hard to ensure that vulnerable systems, remain such. This is just as true within the Five Eyes’ world of espionage, as it is for the wider world of business. Where the journalist once stood torn betwixt the duties for the public nation and the private profit, so now too does the programmer, between the dueling motives of ultimately thankless security and duly-rewarded exploitation.
The fears of digital surveillance which haunted early cyberspace might still reasonably apply, but under a more wizened focus, gain a different purchase. The exact terror which digital surveillance inspires is not unique to government, nor unique to any one specific government. Power-drunk politicians and rogue administrators are not the only ones who can circumvent the law to conduct bulk-collection espionage, and the few software developers who endure the risk of tragic error, must cast aspersions upon intelligence agencies, law enforcement, and cyber-criminals in meet, equal measure.
The information used to write this analysis is known to be accurate as of the year 02022, with the more specific information regarding United States government secrets known to be accurate as of 02015.