tag:blogger.com,1999:blog-45590024108794464092024-03-17T07:35:16.868+01:00Electrospaces.netInsights in Signals Intelligence, Communications Security and Top Level Telecommunications equipment. P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.comBlogger167125tag:blogger.com,1999:blog-4559002410879446409.post-72907460200964507022024-03-04T10:40:00.075+01:002024-03-15T18:54:23.872+01:00Eerste Kamer bereikt iets meer duidelijkheid over de Tijdelijke wet cyberoperaties [NL]<div align="right"><font size="2" color="gray">(<a href="#update">Update</a>: March 12, 2024)</font></div>
<br>
<i><b>This time a second blog post in Dutch about a new bill that gives Dutch intelligence and security services more leeway for operations against cyber actors. A summary of this case in English can be found <a href="https://aboutintel.eu/cyber-defence-requires-legal-framework/" target="_blank">here</a>.</b></i><br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNQqX88b2UePB78n30wR2Z5ASUW2nc_ILC_93TvicTTYVRg0xW101Bo6SVGmBkFp05nlJy5snE1a5VyXV8fB5PEsPEXSC5x_4MZEC0M_7FDor7yIAQ7Jgs63tCj1ErCXQSyeAzXR5SVKQxsqMNxr3taLloJbDJpt-Ds9Mkdt3HZgma63LYvUWZFuXR0DE/s800/cyberwet-briefing-eerstekamer.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="650" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNQqX88b2UePB78n30wR2Z5ASUW2nc_ILC_93TvicTTYVRg0xW101Bo6SVGmBkFp05nlJy5snE1a5VyXV8fB5PEsPEXSC5x_4MZEC0M_7FDor7yIAQ7Jgs63tCj1ErCXQSyeAzXR5SVKQxsqMNxr3taLloJbDJpt-Ds9Mkdt3HZgma63LYvUWZFuXR0DE/s600/cyberwet-briefing-eerstekamer.jpg"/></a></div>
<div align="center">
<font size="2">
Technische briefing in de Eerste Kamer over de Tijdelijke wet cyberoperaties, 14 november 2023<br>
</font>
</div>
<br>
<br>
<br>
<font size="+2"><b>Inleiding</b></font><br>
<br>
Op 1 december 2022 diende het kabinet bij de Tweede Kamer een voorstel in voor de <a href="https://www.tweedekamer.nl/kamerstukken/wetsvoorstellen/detail?cfg=wetsvoorsteldetails&qry=wetsvoorstel%3A36263" target="_blank">Tijdelijke wet cyberoperaties</a>, waarmee het voor de geheime diensten makkelijker wordt om hack- en kabeltapoperaties uit te voeren. Vanuit de AIVD en de MIVD wordt <a href="https://op1npo.nl/2022/03/03/jan-swillens-over-de-russische-cyberaanval-op-nederlandse-routers/" target="_blank">benadrukt</a> dat dit dringend nodig is in de strijd tegen cyberaanvallen vanuit landen als Rusland en China, maar anderen <a href="https://www.bitsoffreedom.nl/2022/04/13/nieuwe-tijdelijke-cyberwet-geeft-geheime-diensten-ruim-baan/" target="_blank">vrezen</a> dat hiermee een digitaal sleepnet mogelijk wordt gemaakt.<br>
<br>
De Tweede Kamer ging op 24 oktober 2023 in grote meerderheid akkoord met het wetsvoorstel, alleen de SP en Forum voor Democratie stemden tegen. Het debat in de Tweede Kamer besprak ik <a href="https://www.electrospaces.net/2023/12/laatste-kans-voor-duidelijkheid-over-de.html"><b>hier</b></a>. Momenteel wordt het wetsvoorstel <a href="https://www.eerstekamer.nl/wetsvoorstel/36263_tijdelijke_wet_onderzoeken" target="_blank">behandeld</a> in de Eerste Kamer en de schriftelijke vragen die daar werden gesteld besprak ik <a href="https://www.electrospaces.net/2023/12/laatste-kans-voor-duidelijkheid-over-de.html#update"><b>hier</b></a>.<br>
<br>
Op 24 januari kwamen er maar liefst 67 pagina's met <a href="https://www.eerstekamer.nl/behandeling/20240124/nota_naar_aanleiding_van_het_2/info" target="_blank"> antwoorden</a> van minister De Jonge van Binnenlandse Zaken en Ollongren van Defensie. Vervolgens hebben de Eerste Kamerfracties van GroenLinks-PvdA, PvdD en PVV op 13 februari voor een tweede keer <a href="https://www.eerstekamer.nl/behandeling/20240227/tweede_verslag/document3/f=/vmb3srl5sf91.pdf" target="_blank">schriftelijke vragen</a> ingediend, waarna de ministers op 28 februari met nog eens 35 pagina's aan <a href="https://www.eerstekamer.nl/behandeling/20240228/nota_naar_aanleiding_van_het_2/document3/f=/vmb5g6h803xo.pdf" target="_blank">antwoorden</a> kwamen. <br>
<br>
Hieronder zal ik de belangrijkste punten uit deze beantwoordingen bespreken en dan met name kijken of er antwoord is gekomen op enkele van de meest cruciale vragen die ik in mijn eerdere besprekingen benoemde.<br>
<br>
Ik beperk me hier tot de nieuwe verkennende fase die aan de <a href="https://www.aivd.nl/onderwerpen/onderzoeksopdrachtgerichte-interceptie-oog" target="_blank">ongerichte kabelinterceptie</a> van artt. 48-50 Wiv 2017 voorafgaat. Andere onderdelen van de tijdelijke wet, zoals de versoepelingen van de hackbevoegdheid en de nieuwe regelingen voor bulkdatasets, toezicht en beroep, laat ik hier buiten beschouwing.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSzy4AiEIGKW3eFfiYiJqTMy8q2XM_F3-EEWOG8VyTWTq7BHA0v8CEkpi1Bh3NYI5T38z__QtFMyFeF795q3c5R0_8-xRlUUcBOheLrF0mPrxA-GcvhCWYtOWZ_L-NEbi4L9angHckNUEH0IqBzLW1AIAgs1K1xOskE0zFb0JoC6qEevruMnqNyppBxgk/s800/schema%20tijdelijke%20wet%20cyberoperaties%20sept2023.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="657" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSzy4AiEIGKW3eFfiYiJqTMy8q2XM_F3-EEWOG8VyTWTq7BHA0v8CEkpi1Bh3NYI5T38z__QtFMyFeF795q3c5R0_8-xRlUUcBOheLrF0mPrxA-GcvhCWYtOWZ_L-NEbi4L9angHckNUEH0IqBzLW1AIAgs1K1xOskE0zFb0JoC6qEevruMnqNyppBxgk/s600/schema%20tijdelijke%20wet%20cyberoperaties%20sept2023.jpg"/></a></div>
<div align="center">
<font size="2">
Schematische samenvatting van de Tijdelijke wet cyberoperaties (klik ter vergroting)<br>
</font>
</div>
<br>
<br>
<br>
<font size="+2"><b>Toepassingsbereik</b></font><br>
<br>
Een eerste kwestie die de nodige vragen opriep is wanneer de Tijdelijke wet cyberoperaties nu precies van toepassing is. Daarbij benadrukken de ministers dat de specifieke bepalingen van de wet alleen kunnen worden ingeroepen "indien sprake is van een onderzoek naar een land met een offensief cyberprogramma".<br>
<br>
Het zou dan doorslaggevend zijn wanneer een land alszodanig is genoemd in de Geïntegreerde Aanwijzing (GA), het geheime document waarin de regering de actuele taakstellingen voor AIVD en MIVD opsomt en prioriteert.<br>
<br>
Elders zeggen de ministers echter: "Daarnaast kan de Tijdelijke wet van toepassing zijn als een digitale aanval (nog) niet (direct) te attribueren is aan een land, maar er wel een vermoeden is dat deze te attribueren is aan een statelijke actor." <font color="gray">(p. 6)</font><br>
<br>
Onduidelijk blijft of dit alleen geldt als er een vermoeden is dat de aanval te linken valt aan landen die in de GA genoemd worden (zoals Rusland, China, Iran en Noord-Korea), of ook als in het geheel nog niet duidelijk is welk land er achter kan zitten. <br>
<br>
Sowieso is het koppelen van de toepasselijkheid van deze wet aan bepaalde landen een vreemde constructie. Het had waarschijnlijk helderder geweest om de toepassing te koppelen aan cyberaanvallen in het algemeen, ongeacht door wie ze uitgevoerd worden.<br>
<br>
<br>
<b>Metadata</b><br>
<br>
Een probleem bij de vragen die eerder vanuit de Tweede Kamer en nu vanuit de Eerste Kamer werden gesteld, is dat ze soms veel te algemeen en open gesteld zijn, waardoor de ministers op een nietszeggende manier kunnen antwoorden.<br>
<br>
Een voorbeeld is dat de fractieleden van de PVV in de Eerste Kamer hadden gevraagd of de regering kon aangeven "hoe bij de toepassing van dit wetsvoorstel zal worden omgegaan met metadata".<br>
<br>
De ministers antwoorden daarop met een beschrijving van de verschuiving van het toezicht op geautomatiseerde data-analyse (GDA), iets dat al bekend was en verder geen nieuwe inzichten biedt. <font color="gray">(p.11)</font><br>
<br>
Kamerleden hadden hier veel specifieker kunnen vragen zodat de ministers ook specifieker hadden moeten antwoorden. Bijvoorbeeld of tijdens de verkennende fase niet kan worden volstaan met het analyseren van metadata, zodat inhoudelijke informatie ongemoeid kan worden gelaten.<br>
<br>
<br>
<div align="center">
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0f8hvpIbfVt6fneEHlWP9Pe8LQKqwP49OuXI9KuwYB2MXgxKiMKBZf6zxNfnu4H5Pza-FPm_rKxDfE000AtLnLxNhGgutBzRGAVJBxqXWjZhznjjzzRk9BSXyrh4nULYV0P_5-txbD1ck-0TeAdV_0hXMjmFFvP0KaTcpeR7qVIcWdfN2UvvO8qZw/s800/aivd-luchtfoto.jpg" style="display: block; text-align: center; "><img alt="" border="0" width="550" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0f8hvpIbfVt6fneEHlWP9Pe8LQKqwP49OuXI9KuwYB2MXgxKiMKBZf6zxNfnu4H5Pza-FPm_rKxDfE000AtLnLxNhGgutBzRGAVJBxqXWjZhznjjzzRk9BSXyrh4nULYV0P_5-txbD1ck-0TeAdV_0hXMjmFFvP0KaTcpeR7qVIcWdfN2UvvO8qZw/s600/aivd-luchtfoto.jpg"/></a></div>
<div align="center">
<font size="2">
Hoofdkantoor van de <a href="https://nl.wikipedia.org/wiki/Algemene_Inlichtingen-_en_Veiligheidsdienst" target="_blank">AIVD</a>, waar zich ook de <a href="https://nl.wikipedia.org/wiki/Joint_Sigint_Cyber_Unit" target="_blank">Joint Sigint Cyber Unit</a> bevindt<br>
</font>
</div>
</div>
<br>
<br>
<b>Internetproviders</b><br>
<br>
Overeenkomstig mijn eerdere bespreking van het debat in de Tweede Kamer stelde de PVV-fractie in de Eerste Kamer ook een vraag die wel specifiek genoeg was: "in hoeverre bijvoorbeeld een kabelinterceptie kan plaatsvinden bij een grote internetprovider, waarmee in één keer het volledige gegevensverkeer van alle gebruikers verzameld wordt."<br>
<br>
Daarop erkennen de ministers dat "in het algemeen kabelinterceptie bij grotere en kleinere internetproviders alsmede bij andere aanbieders van communicatiediensten kan plaatsvinden." Of ook <i>al</i> het dataverkeer van zo'n provider onderschept kan of mag worden bleef onbeantwoord. <font color="gray">(p. 49)</font><br>
<br>
Niettemin is dit een belangrijke uitspraak, die duidelijk maakt dat het bij de ongerichte kabelinterceptie niet gaat om het "afluisteren van hele wijken", maar om het aftappen van datastromen van internetproviders en andere communicatieaanbieders.<br>
<br>
Opmerkelijk is dat de ministers bij dit antwoord uit zichzelf met een aanvulling komen, die kennelijk enigszins geruststellend bedoeld is: <br>
<br>
"[...] kabelinterceptie [is] gericht op gegevensstromen. Deze gegevensstromen bevatten slechts gedeelten (fragmenten) van de communicatie van personen en organisaties in het digitale domein. Het levert – anders dan bij gerichte interceptie – geen volledig (en ononderbroken) beeld op van de communicatie van een persoon of organisatie." <font color="gray">(p. 49)</font><br>
<br>
<br>
<br>
<font size="+2"><b>Cyber defence</b></font><br>
<br>
Een volgende kwestie is of bij die internetproviders e.d. ook binnenlands dataverkeer afgetapt gaat worden. De PvdD-fractie verwees daarvoor naar de ministeriële <a href="https://zoek.officielebekendmakingen.nl/kst-34588-70.html" target="_blank" title="Zie onder punt 4">toezegging</a> uit 2018 waarin staat:<br>
<br>
"Het is vrijwel uitgesloten dat ongerichte interceptie op de kabel de komende jaren wordt ingezet voor onderzoek naar communicatie met oorsprong en bestemming in Nederland (met uitzondering van onderzoek in het kader van cyber defence, omdat bij digitale aanvallen misbruik wordt gemaakt van de Nederlandse digitale infrastructuur en ongerichte interceptie op de kabel noodzakelijk kan zijn om dit te onderkennen)."<br>
<br>
De ministers zeggen daar nu over dat die toezegging niet zozeer slaat op de <i>interceptie</i> van verkeer met oorsprong en bestemming in Nederland (dat valt gezien de werking van het internet nooit helemaal uit te sluiten), maar op het <i>onderzoek</i> naar dat verkeer.<br>
<br>
De genoemde toezegging zou dus gelezen moeten worden als: "het is vrijwel uitgesloten dat ongerichte interceptie zal worden ingezet voor inlichtingenonderzoeken naar gegevens met oorsprong en bestemming in Nederland, met uitzondering van de onderzoeken in het kader van cyber defence." <font color="gray">(p. 33)</font><br>
<br>
Met andere woorden: er mag en zal dus wel Nederlands verkeer worden binnengehaald, maar dat zal in principe niet voor nader onderzoek gebruikt worden. Voor cyber defence mag dat verkeer dan echter wel onderzocht worden.<br>
<br>
<br>
<b>Defensieve verwerving</b><br>
<br>
De Eerste Kamerleden hebben echter verzuimd om expliciet te vragen of die uitzondering voor cyber defence nu wel of niet in de praktijk wordt gebracht en zodoende lieten de ministers deze kwestie onbeantwoord.<br>
<br>
Uit een <a href="https://www.aivd.nl/onderwerpen/summerschool/vraag-en-antwoord/wat-is-de-joint-sigint-cyber-unit" target="_blank">tekst</a> op de website van de AIVD blijkt echter dat de <a href="https://nl.wikipedia.org/wiki/Joint_Sigint_Cyber_Unit" target="_blank">Joint Sigint Cyber Unit</a> (JSCU) naast "offensieve verwerving", oftewel digitale spionage, wel degelijk ook "defensieve verwerving" uitvoert, waarmee digitale dreigingen tegen Nederland onderzocht worden. Verantwoordelijk voor dat laatste is de afdeling Computer Network Defence (CND).<br>
<br>
Het blijft dan ook opmerkelijk dat geen van de betrokkenen nader op het aspect van <a href="https://en.wikipedia.org/wiki/Proactive_cyber_defence" target="_blank">cyber defence</a> in ging, terwijl de tijdelijke wet nota bene bedoeld is voor operaties tegen "landen met een offensief cyberprogramma".<br>
<br>
In de antwoorden van de ministers komt dit eigenlijk alleen ter sprake als het gaat om het belang van samenwerking met buitenlandse partners, dat is namelijk o.a. voor "het uitwisselen van identificeerbare kenmerken van cyberaanvallen gericht op het hoogwaardig Europees bedrijfsleven". <font color="gray">(p. 22)</font><br>
<br>
Hoe zich dat dan precies verhoudt tot de regelingen van de tijdelijke wet wordt verder nergens nader uitgewerkt.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZC-j9d_hCfbupf-S190ldFzn3a8YhMv13eWxRkRPtAONkiFkr83WRzroaEEbSx14HDBxv6YB9WajsymMbOnQIhrKP5fY7SBKaKYhr8aUm-m7rFxfxJfTGnqk1kXbqoao5ohNVb0krMELgAOLc4YoHrhSFwN_lV5PUko4zV0EJL7S4r-5xxphXKnayLXk/s800/cyberattack-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZC-j9d_hCfbupf-S190ldFzn3a8YhMv13eWxRkRPtAONkiFkr83WRzroaEEbSx14HDBxv6YB9WajsymMbOnQIhrKP5fY7SBKaKYhr8aUm-m7rFxfxJfTGnqk1kXbqoao5ohNVb0krMELgAOLc4YoHrhSFwN_lV5PUko4zV0EJL7S4r-5xxphXKnayLXk/s600/cyberattack-header.jpg"/></a></div>
<div align="center">
<font size="2">
Omvang en herkomst van cyberaanvallen in de periode 2005 t/m 2022 (<a href="https://www.cfr.org/cyber-operations/" target="_blank">bron</a>)<br>
</font>
</div>
<br>
<br>
<b>Internationaal verkeer</b><br>
<br>
In hun eerste beantwoording van de Eerste Kamervragen lieten de ministers meermalen weten dat de diensten zich bij de ongerichte interceptie zullen richten "op gegevensstromen die hoofdzakelijk internationaal verkeer bevatten". <br>
<br>
In de tweede vragenronde vroegen GroenLinks-PvdA en de PVV wat daar precies mee bedoeld wordt, aangezien bij het internet geen duidelijk onderscheid tussen binnenland en buitenland meer te maken valt. Zo hebben tal van Nederlandse bedrijven en zelfs <a href="https://nos.nl/artikel/2510923-amerikaanse-overheid-kan-bij-e-mail-van-nederlandse-overheden-en-kritieke-bedrijven" target="_blank">overheden</a> hun data op buitenlandse servers ("in de cloud") staan, waardoor Nederlandse communicatie feitelijk toch de grens over gaat.<br>
<br>
De ministers antwoorden daarop dat de AIVD en de MIVD zich richten op "dragers, kabels of glasvezels die zich ofwel in het buitenland bevinden, ofwel waarvan minimaal één van de twee transmissiesystemen zich fysiek in het buitenland bevindt en het verkeer dus de Nederlandse grens overgaat ofwel waarvan de diensten weten dat een communicatie aanbieder via een bepaalde fysieke locatie, bijvoorbeeld een data-centrum, internationale gegevensstromen transporteert." <font color="gray">(p. 12, 23)</font><br>
<br>
Dit is een nogal vreemd antwoord, aangezien onze diensten toch niet bepaald makkelijk toegang zullen krijgen tot kabels die zich geheel in het buitenland bevinden (al is het bijv. tijdens militaire missies ook niet geheel uitgesloten). De rest van het antwoord is vooral een bevestiging van de stelling dat Nederlandse communicatie die via een buitenlands datacentrum verloopt toch onderschept kan worden.<br>
<br>
Meer geruststellend had geweest als de ministers hadden gezegd dat de diensten zich specifiek zouden richten op datastromen uit landen als Rusland en China, maar dan geldt weer de <a href="https://zoek.officielebekendmakingen.nl/kst-34588-70.html" target="_blank" title="Zie onder punt 4">uitzondering</a> voor cyber defence, omdat "bij digitale aanvallen misbruik wordt gemaakt van de Nederlandse digitale infrastructuur en ongerichte interceptie op de kabel noodzakelijk kan zijn om dit te onderkennen." <br>
<br>
<br>
<br>
<font size="+2"><b>Snapshots</b></font><br>
<br>
Een volgende vraag die onbeantwoord bleef is de hoeveelheid data die in de verkennende fase wordt opgeslagen. Tijdens de <a href="https://www.electrospaces.net/2023/12/laatste-kans-voor-duidelijkheid-over-de.html">behandeling in de Tweede Kamer</a> bleef minister De Jonge stug volhouden dat het hierbij slechts om een momentopname, een foto gaat, wat in het jargon van de diensten een "snapshot" wordt genoemd.<br>
<br>
Hoe lang zo'n snapshot precies duurt wilde de minister ook na lang aandringen niet zeggen, wat opmerkelijk is aangezien uit een rapport van toezichthouder CTIVD uit 2022 <a href="https://www.ctivd.nl/actueel/nieuws/2022/03/15/index" target="_blank" title="Zie pag. 33">bleek</a> dat zulk snapshotten tot nu toe inhield dat een datakanaal maximaal twee uur per dag wordt afgetapt om de potentiële inlichtingenwaarde daarvan vast te stellen.<br>
<br>
Vanuit de Eerste Kamer was niet expliciet gevraagd of dat ook voortaan het geval zal zijn en de ministers zwegen er dan ook weer over. Het kan zijn dat snapshots nog steeds beperkt zullen blijven tot twee uur per dag en dat het resultaat daarvan dan zes maanden bewaard blijft, maar door dat niet expliciet te benoemen laat de wet het ook toe dat datastromen continue worden afgetapt en opgeslagen. <br>
<br>
<br>
<b>Filtersystemen</b><br>
<br>
Een beperkende factor die nog niet eerder besproken werd is de techniek. Uit wat de NSA, GCHQ en de Duitse BND doen weten we dat bij het ongericht aftappen van internetkabels al bij het aftappunt zelf filterapparatuur geplaatst wordt. Daarmee kunnen direct alle niet benodigde data weggefilterd worden en blijven alleen die data over die het meest interessant zijn voor nader onderzoek.<br>
<br>
Zou men dat filteren niet doen, dan zou er een net zo "dikke" kabel nodig zijn als degene die afgetapt wordt om alle gekopieerde data naar het hoofdkwartier van de inlichtingendienst, in dit geval de JSCU bij de AIVD in Zoetermeer, te transporteren. <br>
<br>
Een andere mogelijkheid is om de afgetapte data ter plekke op te slaan en ze van op afstand te doorzoeken. Dat zou voor metadata wel kunnen, zouden echter ook alle inhoudsdata opgeslagen worden, dan lopen de servers snel vol. Zo gezien is het praktisch niet goed voorstelbaar dat in de verkenningsfase zowel inhoud als metadata voor langere periodes worden opgeslagen.<br>
<br>
Als de snapshots niet beperkt blijven tot de genoemde twee uur per dag zal er dus ofwel direct gefilterd moeten worden, ofwel alleen metadata opgeslagen moeten worden. Dat kan in beide gevallen dan echter wél om grote hoeveelheden gaan.<br>
<br>
<br>
<br>
<font size="+2"><b>Verkenningsonderzoek</b></font><br>
<br>
In hun antwoorden aan de Eerste Kamer benadrukken de ministers dat tijdens de verkenningsfase alleen gegevens mogen worden verzameld om de latere, daadwerkelijke ongerichte interceptie zo gericht mogelijk te kunnen laten plaatsvinden.<br>
<br>
Waar tijdens de verkenningsfase dan precies naar gekeken wordt werd pas verhelderd nadat de fractie van GroenLinks-PvdA daar in de tweede vragenronde expliciet naar gevraagd had.<br>
<br>
Zoals vaker is het voor een beter inzicht nodig om meerdere passages uit de beantwoording van de ministers te combineren. Daaruit volgt dat het technisch onderzoek tijdens de verkenningsfase uit twee delen bestaat: <font color="gray">(p. 5, 9, 11)</font><br>
<br>
1. Het in kaart brengen van het digitale landschap in de zin van vaststellen wat de aard van de communicatie is en wat de gebruikte technische protocollen zijn. Dit laat dan zien of het om webverkeer, e-mail, spraakverkeer, videobestanden, etc. gaat.<br>
<br>
2. Nagaan of deze data van belang kunnen zijn voor de onderzoeksvragen van AIVD en MIVD, waarbij gebruik wordt gemaakt van input vanuit de inlichtingenteams. Deze input bestaat uit selectoren en andere gegevens over targets die de diensten reeds op andere manieren verkregen hebben. Ook kunnen bij de verkenning meer of minder complexe c.q samengestelde zoekvragen worden toegepast.<br>
<br>
<font size="2">
Selectoren worden ook in de laatste fase van de ongerichte interceptie toegepast, maar dan moet het volgens de ministers gaan om zogeheten <i>strong selectors</i> waarmee personen en/of organisaties geïdentificeerd kunnen worden, zoals telefoonnummers en e-mailadressen. Omdat dit niet gezegd wordt over de verkenningsfase, kunnen daar kennelijk ook <i>soft selectors</i> zoals trefwoorden e.d. toegepast worden. Omgekeerd mogen bij de laatste fase van de ongerichte interceptie dan weer geen eenvoudige, complexe of samengestelde zoekvragen worden toegepast. <font color="gray">(p. 16)</font><br>
</font>
<br>
Van de onderzoeken in de verkenningsfase worden rapporten opgesteld waarin wordt beschreven welke communicatiekanalen van potentiële waarde zijn voor nader inlichtingenonderzoek. Aan de hand van die bevindingen wordt dan besloten op welke kabels de daadwerkelijke ongerichte interceptie wordt ingezet. <font color="gray">(p. 10-11)</font><br>
<br>
De gegevens die gebruikt worden om de aanvraag voor die daadwerkelijke interceptie op te stellen blijven <a href="https://www.eerstekamer.nl/vod_debat_gemist?id=vm7td1km7kl4" target="_blank" title="Vanaf 45:20">bewaard</a>, alle overige data die tijdens de verkenningsfase verzameld zijn moeten na maximaal 6 maanden vernietigd worden.<br>
<br>
<br>
<b>GCHQ surveys</b><br>
<br>
Afgaande op hoe de ministers het nu beschrijven, komt de beoogde verkenningsfase bij ons vrijwel exact overeen met de <i>surveys</i> die het Britse <a href="https://nl.wikipedia.org/wiki/Government_Communications_Headquarters" target="_blank">GCHQ</a> uitvoert. Hoe die in z'n werk gingen blijkt uit enkele technische rapporten over de verkenning van satellietverbindingen die in 2014 tijdens de Snowdenonthullingen gepubliceerd werden.<br>
<br>
Bij GCHQ werden daarvoor eerst de routes en de technische kenmerken van die verbindingen in kaart gebracht en vervolgens werden er steekproeven genomen om te kijken hoe vaak daar telefoonnummers in voorkwamen die op een watchlist stonden. Dat gaf dan een goede indicatie of een verbinding productief genoeg zou zijn om er een daadwerkelijke tap op te zetten.<br>
<br>
<div align="right">
> Zie: <a href="https://www.electrospaces.net/2015/01/how-gchq-prepares-for-interception-of.html">How GCHQ prepares for interception of phone calls from satellite links</a><br>
</div>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitW_JTaKUTq2AQ1HdHI5_53_xB3S4_oZCzp0FG2xSGpgGgi5J0UhU4dGa-RGMP0DdZas3o-QaDg-d35BFQeLOYlULy5zLBGskpHQGogQqYd-Rph89TgpR5z9OdYBMVlatPNdVE08GyVRtOXpnP5EqygvsntugG1w3FItnJ5RwL40YVVK0um0e6TtUMpjU/s844/gchq-survey-detail.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="296" data-original-width="844" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitW_JTaKUTq2AQ1HdHI5_53_xB3S4_oZCzp0FG2xSGpgGgi5J0UhU4dGa-RGMP0DdZas3o-QaDg-d35BFQeLOYlULy5zLBGskpHQGogQqYd-Rph89TgpR5z9OdYBMVlatPNdVE08GyVRtOXpnP5EqygvsntugG1w3FItnJ5RwL40YVVK0um0e6TtUMpjU/s600/gchq-survey-detail.JPG"/></a></div>
<div align="center">
<font size="2">
Detail van een technisch rapport van GHCQ uit 2008 over de<br>
verkenning van een satellietverbinding tussen Jordanië en België<br>
(<a href="https://s3.documentcloud.org/documents/1282663/gchq-tr-601revise.pdf" target="_blank">volledig rapport</a> - klik om te vergroten)<br>
</font>
</div>
<br>
<br>
Als het gaat om internetverkeer zal de Nederlandse JSCU nu waarschijnlijk kijken naar selectoren in de vorm van e-mail- en IP-adressen e.d. Interessant is daarbij de vraag of ook selectoren gebruikt zullen worden die door buitenlandse partnerdiensten worden aangeleverd. Zo weten we dat de Duitse BND van de NSA miljoenen(!) <i>internet identifiers</i> kreeg om daarmee kabel- en satellietverkeer te filteren.<br>
<br>
<div align="right">
> Zie: <a href="https://www.electrospaces.net/2015/05/german-bnd-didnt-care-much-about.html" target="_blank">German BND didn't care much about foreign NSA selectors</a><br>
</div>
<br>
Omdat het onderhavige wetsvoorstel over "landen met een offensief cyberprogramma" gaat zal de JSCU naast dergelijke <i>strong selectors</i> ongetwijfeld ook andersoortige zoekvragen toepassen om signatures van malware en indicaties van hackpogingen te vinden. Omdat die dingen vaak een stuk moeilijker te vinden zijn, kan daarbij hulp van een partner als de NSA nodig zijn.<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><iframe class="BLOG_video_class" allowfullscreen="" youtube-src-id="DCzk5Mnx7Oo" width="500" height="300" src="https://www.youtube.com/embed/DCzk5Mnx7Oo"></iframe></div>
<div align="center">
<font size="2">
Videopresentatie over hoe de JSCU te werk gaat bij het onderzoek naar malware<br>
(via Tweakers: <a href="https://tweakers.net/partners/operatievolt2021/1390/talksdefensie/" target="_blank">Operatie Volt</a>, 27 maart 2021)<br>
</font>
</div>
<br>
<br>
<br>
<font size="+2"><b>Buitenlandse partners</b></font><br>
<br>
Het inroepen van dergelijke hulp, oftewel het delen van data uit de verkennende fase met buitenlandse partnerdiensten, is een van de meest omstreden onderdelen van de Tijdelijke wet cyberoperaties. Al tijdens de eerste vragenronde vroeg de Eerste Kamerfractie van GroenLinks-PvdA of dat ook in bulk en/of bijna live kan gebeuren. De ministers antwoordden daarop dat er verschillende mogelijkheden zijn:<br>
<br>
"Het ter inzage aanbieden op een systeem van de dienst is één van de mogelijkheden, net als het verstrekken door het toesturen van gegevens (al dan niet in bulk). Als het verzoek ziet op bijvoorbeeld het ontsleutelen van bepaalde gegevens, zal de buitenlandse dienst doorgaans de eigen systemen nodig hebben om dat te realiseren, ook omdat een buitenlandse dienst meestal niet bereid is dergelijke technieken te delen met een andere dienst. In dit voorbeeld ligt een verstrekking van gegevens aan die buitenlandse dienst meer voor de hand." <font color="gray">(p. 19)</font><br>
<br>
En: "Een verstrekking kan – indien noodzakelijk – spoedig na verwerving plaatsvinden of op een later moment binnen de bewaartermijn van zes maanden. Het kan daarbij zowel gaan om gegevens die reeds beoordeeld zijn door de diensten als om gegevens die de diensten nog niet hebben beoordeeld. Om de gegevens te kunnen beoordelen is juist ook het technisch onderzoek van buitenlandse diensten nodig." <font color="gray">(p. 19)</font> <br>
<br>
<br>
<b>Raad van State</b><br>
<br>
Vanuit de Eerste Kamer werd ook gevraagd naar een reactie op het <a href="https://www.raadvanstate.nl/adviezen/@131197/w04-22-0073/" target="_blank">advies van de Raad van State</a> waarin nadrukkelijk wordt afgeraden om data uit de verkennende fase met buitenlandse diensten te delen. <br>
<br>
De ministers doen echter voorkomen alsof de Raad van State alleen doelde op het feit dat data uit de verkenning niet voor andere doeleinden verwerkt mogen worden en redeneren dat het delen van die data dus wel mogelijk is, aangezien van buitenlandse partners verwacht wordt dat zij die data ook niet verder zullen verwerken. <font color="gray">(p. 30-31)</font><br>
<br>
Dat is niet echt een eerlijk antwoord, aangezien het niet verder mogen verwerken van deze data maar één van de argumenten is die de Raad van State noemt ter onderbouwing van een wel degelijk algemeen gestelde afkeuring van dergelijke data-uitwisseling: <br>
<br>
"De (bulk)data die wordt verkregen door middel van de verkennende bevoegdheid leent zich niet voor uitwisseling met buitenlandse diensten. Het betreft immers gegevens die ook de Nederlandse inlichtingendiensten binnen de eigen rechtsorde niet verder mogen verwerken. Bovendien is overdracht van deze gegevens, mede gelet op de ongerichtheid van de verkenningsbevoegdheid, een ernstige inbreuk op het recht op de bescherming van de persoonlijke levenssfeer. De Afdeling adviseert in het licht van het voorgaande in het voorstel te regelen dat deze gegevens niet mogen worden uitgewisseld met buitenlandse diensten."<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYtNO5nflgKBGBgEal7476iOF3rS0gAoqL5zcZNRrMC32wSlKIXlnrJeQVe_j_TmpYUX9bH1TsC3qVASl3ba_1D7pZk9wYr7qnnhcGfMiiLnzxCbMmI7h5FUSjMUcIyUugwK43YGUX1nc/s1600/SSEUR-europe-tekst.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYtNO5nflgKBGBgEal7476iOF3rS0gAoqL5zcZNRrMC32wSlKIXlnrJeQVe_j_TmpYUX9bH1TsC3qVASl3ba_1D7pZk9wYr7qnnhcGfMiiLnzxCbMmI7h5FUSjMUcIyUugwK43YGUX1nc/s1600/SSEUR-europe-tekst.jpg" width="400" /></a></div>
<div align="center">
<font size="2">SIGINT-partners van de NSA in Europa<br>
</font>
</div>
<br>
<br>
<b>Quid pro quo</b><br>
<br>
Ondanks het negatieve advies van de Raad van State is het voor AIVD en MIVD kennelijk onontbeerlijk om betreffende data met buitenlandse partners te delen: "de mogelijkheid om ongeëvalueerde gegevens afkomstig uit de bevoegdheid tot verkennen ten behoeve van technisch onderzoek te delen met buitenlandse diensten [is] voor de diensten in internationale samenwerkingsrelaties en voor onze onderzoeken onmisbaar." <font color="gray">(p. 52)</font><br>
<br>
Opmerkelijk is dat voor deze onmisbaarheid twee redenen genoemd worden: niet alleen voor de eigen onderzoeken van onze diensten, maar dus ook "in internationale samenwerkingsrelaties". Doorgaans wordt daarmee gedoeld op het bekende <i>quid pro quo</i>, oftewel je deelt dingen die voor partnerdiensten interessant zijn, zodat je van hen dingen terugkrijgt die voor jezelf nuttig zijn.<br>
<br>
Het is evident dat onze diensten er baat bij hebben als ze technische assistentie van meer ervaren buitenlandse partners krijgen, maar wat die partners er dan voor terug krijgen is niet echt helder geworden. <br>
<br>
De Nederlandse JSCU kan weliswaar op zijn beurt technische assistentie verlenen aan andere diensten die minder capaciteiten hebben, maar dan blijft de vraag wat het voordeel voor grote partners als de NSA en GCHQ is.<br>
<br>
<br>
<b>Cyberdreigingen</b><br>
<br>
Het is wel denkbaar dat die grote partners zelf ook baat kunnen hebben bij het duiden en ontsleutelen van de data die onze diensten aanleveren. Voor hen kan het immers interessant zijn om te zien welke indicaties van cyberdreigingen er op internetkabels in Nederland worden aangetroffen.<br>
<br>
Wellicht is dat (mede) waar de ministers op doelen wanneer zij schrijven "dat de razendsnelle uitwisseling van gegevens doorslaggevend [blijft] voor het nemen van adequate tegenmaatregelen en het verkrijgen van een adequaat dreigingsbeeld. Door binnen de internationale inlichtingen- en veiligheidswereld intensief met elkaar samen te werken, vallen afzonderlijke puzzelstukjes in elkaar, zodat het werkelijke gezicht van de dreiging zich laat zien." <font color="gray">(p. 22)</font><br>
<br>
Ook interessant is de vraag of de technische rapporten naar aanleiding van de verkenningsonderzoeken met buitenlandse diensten gedeeld worden. Die hebben zelf dan wel geen toegang tot de kabels waar de rapporten betrekking op hebben, maar het kan voor hen wel weer interessant zijn om te zien welke indicaties allemaal zijn aangetroffen.<br>
<br>
Net als de AIVD en de MIVD mogen ook buitenlandse partnerdiensten de data uit de verkenningsfase weliswaar niet voor verdere inlichtingenonderzoeken gebruiken, maar de ministers hebben niet uitgesloten dat zij de resultaten wel kunnen gebruiken voor hun eigen detectie- en interceptiesystemen. <font color="gray">(p. 21, 51, 54)</font><br>
<br>
<br>
<br>
<font size="+2"><b>Conclusie</b></font><br>
<br>
Terugkijkend kunnen we concluderen dat de parlementaire behandeling van de Tijdelijke wet cyberoperaties tot nu toe nogal onbevredigend is verlopen. Leden van zowel de Eerste als de Tweede Kamer ontbrak het vaak aan voldoende achtergrondkennis, waardoor weliswaar veel vragen gesteld werden, maar deze zelden specifiek genoeg waren om nieuwe informatie boven tafel te krijgen.<br>
<br>
De ministers, de diensthoofden en de betrokken ambtenaren bleven doorgaans hangen in abstracte formuleringen waardoor het voor buitenstaanders en menig kamerlid vrijwel onbegrijpelijk is gebleven waar het bij deze wet precies om gaat. <br>
<br>
Het is een raadsel waarom de ministers alleen na zeer gericht doorvragen met meer details kwamen - het zijn immers zaken die de Russen en Chinezen al lang weten, maar die voor het parlement en de burger van belang zijn om noodzaak, risico's en waarborgen van de wettelijke regelingen enigszins adequaat te kunnen beoordelen.<br>
<br>
De plenaire behandeling van het wetsvoorstel in de Eerste Kamer zal op 5 maart plaatsvinden. <br>
<a name="update" class="anchor"></a>
<br>
<br>
<div class="blockquote">
<b>UPDATE:</b><br>
<br>
Op 5 maart 2024 werd de Tijdelijke wet cyberoperaties door de Eerste Kamer in plenaire vergadering besproken. Het wetsvoorstel werd grondiger behandeld dan in de Tweede Kamer, waarbij met name de senatoren Mary Fiers van GroenLinks-PvdA, Peter Nicolaï van de PvdD en Alexander van Hattem van de PVV opvielen door gedetailleerd inzicht c.q. vasthoudend doorvragen. Nagenoeg ongeclausuleerd voorstander bleek Bart Kroon van BBB.<br>
<br>
Om te beginnen werd vanuit de Eerste Kamer flink doorgevraagd naar wanneer de nieuwe wet nu precies van toepassing is - niet een heel goed teken dat zo'n belangrijk aspect nog in deze allerlaatste fase van het wetgevingsproces nader opgehelderd moest worden.<br>
<br>
Minister De Jonge antwoordde dat de wet in eerste instantie van toepassing is op de landen die in de Geïntegreerde Aanwijzing (GA) genoemd worden. Mocht blijken dat ook andere landen offensieve cyberoperaties tegen Nederland uitvoeren, dan kunnen die landen ook in de GA worden opgenomen, zodat de nieuwe wet ook voor hen kan worden toegepast. Vanuit de PVV werd gevraagd of de wet ook op niet-statelijke actoren, zoals met name Islamitische Staat, van toepassing kan zijn, maar dat is volgens de minister niet het geval.<br>
<br>
Op de vraag van senator Fiers hoe het dan zit wanneer "een digitale aanval (nog) niet (direct) te attribueren is aan een land" antwoordde de minister dat dat betrekking heeft op de situatie wanneer onzeker is of een bepaald aanval vanuit Rusland, China of een ander land komt. Bij twijfel de nieuwe wet toepassen, was zijn insteek. De Nederlandse <a href="https://nl.wikipedia.org/wiki/Amsterdam_Internet_Exchange" target="_blank">AMS-IX</a> zit in de top-5 van de grootste internetknoopunten ter wereld waarmee onze diensten op "een goudmijn" zitten en we dus "een geweldige verantwoordelijkheid hebben om die te benutten", aldus De Jonge.<br>
<br>
Iets wat nog niet eerder duidelijk geworden was is dat het wetsvoorstel ondanks zijn naam niet beperkt is tot cyberoperaties. Een offensief cyberprogramma gericht tegen Nederland is weliswaar het criterium om de bepalingen van de wet van toepassing te verklaren, maar daarna valt elk soort onderzoek van de AIVD en de MIVD naar die landen onder de reikwijdte van deze wet. Dit omdat die landen een <i>"whole-of-society approach"</i> hebben, dat wil zeggen zij vallen ons met een breed scala van middelen en methodes aan, zodat ook onze diensten daar breed op moeten kunnen reageren.<br>
<br>
De vrees voor een sleepnet probeerde De Jonge te ontkrachten door nog maar eens te herhalen dat de diensten helemaal geen interesse in het Netflixverkeer van je buurman hebben en dat met de vier fases van de <a href="https://www.aivd.nl/onderwerpen/onderzoeksopdrachtgerichte-interceptie-oog" target="_blank">ongerichte interceptie</a> er een trechtering plaatsvindt waarbij per stap steeds minder data overblijft. Dat klopt inderdaad voor de klassieke inlichtingenvergaring, maar cyber defence kent een andere methodiek, waarbij het juist van belang is om een zo breed mogelijk zicht op dataverkeer te hebben.<br>
<br>
Ondanks grondige voorbereiding is dit aspect ook de Eerste Kamer volledig ontgaan: als activiteit komen de termen "cyber defence" en "cyber security" niet éénmaal voor in het <a href="https://www.eerstekamer.nl/verslag/20240305/verslag" target="_blank">schriftelijke verslag</a> van het plenaire debat.<br>
<br>
Senator Van Hattem confronteerde minister De Jonge met een contradictie in de eerdere schriftelijke antwoorden door te vragen of er de facto niet altijd sprake is van kabels met internationaal verkeer, waardoor in principe elke kabel voor verkenning in aanmerking zou kunnen komen. De minister erkende dat maar zei dat "louter nationaal verkeer niet zo heel vaak te attribueren zal zijn aan statelijke actoren met een cyberdreiging".<br>
<br>
Hier wreekt zich het ontbrekende inzicht in cyber defence, want buitenlandse actoren gebruiken Nederlandse digitale infrastructuur juist graag als dekmantel voor hun cyberaanvallen. Dat is ook precies de reden dat het wetsvoorstel ook de zogeheten bijschrijfmogelijkheden verruimt, zodat de JSCU makkelijker kan nagaan wat die actoren op Nederlandse servers en computers uitspoken.<br>
<br>
Senator Fiers vroeg voorts of een "snapshot" betekent dat data gedurende 6 maanden lang 24 uur per dag verzameld en opgeslagen mogen worden. Wederom werd weer niet gevraagd naar de twee uur per dag die nu gebruikelijk is en zodoende kon minister De Jonge er mee wegkomen door te zeggen dat de verkennende fase wel aan het basisvereiste van proportionaliteit dient te voldoen. Eerder zei hij echter nog dat het niet zo mag zijn dat de proportionaliteit in de plaats komt van het gerichtheidsvereiste, dat nu juist was afgeschaft om een goede verkenning mogelijk te maken.<br>
<br>
Senator Nicolaï ging vasthoudend in op het delen van data met buitenlandse zusterdiensten, waarop de minister antwoordde dat het belangrijk is dat de Nederlandse diensten ook iets aan hun partners te bieden hebben. Dat is het geval als zij gebruik kunnen maken van de kabel, die nu echter nog "aan de ketting" ligt. Bovendien hebben ook grotere diensten expertise en toegang van anderen nodig, aldus De Jonge, zonder daarbij verder in detail te treden.<br>
<br>
Ook vroeg Nicolaï of daarmee niet een geitenpaadje gecreëerd wordt waarbij buitenlandse diensten dingen gaan doen die onze eigen diensten niet mogen. Minister De Jonge reageerde daar tamelijk verontwaardigd op: hoe kon gedacht worden dat onze diensten zoiets zouden doen? Nu is zo'n U-bocht nadrukkelijk niet toegestaan, maar de vraag was niet zo gek: sinds Snowden met vergelijkbare <a href="https://freesnowden.is/wp-content/uploads/2014/03/vjhvekoen1ww.pdf" target="_blank">beschuldigingen</a> kwam, is dit een zorg die bij veel mensen leeft.<br>
<br>
Nicolaï diende tenslotte een <a href="https://www.eerstekamer.nl/behandeling/20240305/motie_van_het_lid_nicolai_over_een_2/document3/f=/vmbdg3zz32zq.pdf" target="_blank">motie</a> in waarbij wordt opgeroepen om data uit de verkennende fase niet met buitenlandse diensten te delen, dit overeenkomstig het advies van de Raad van State. Deze motie werd door minister De Jonge echter nadrukkelijk ontraden.<br>
<br>
Om tenslotte een indruk te geven van de bureaucratische belasting, meldde minister De Jonge dat hij de afgelopen week maar liefst 105 lasten (aanvragen voor toestemming voor een inlichtingenoperatie) op zijn bureau kreeg. Sommige zijn een formaliteit, maar anderen moeten grondiger besproken worden, hetgeen telkens maandagochtend in overleg met de hoofden van de AIVD en de MIVD gebeurt. Spoedlasten gaan telefonisch, via een beveiligde verbinding.<br>
<br>
<br>
De Eerste Kamer heeft de Tijdelijke wet cyberoperaties op 12 maart 2024 aangenomen. De fracties van SP, PvdD, Volt, GroenLinks-PvdA, OPNL en FvD stemden tegen. De stemming over de motie van senator Nicolaï werd aangehouden. De wet kan naar verwachting op 1 juli 2024 in werking treden.<br>
</div>
<br>
<br>
<br>
<b>Links</b><br>
<font size="2">
<br>
- Zie voor alle officiële stukken rondom deze wetgeving: <a href="https://electrospaces.medium.com/dossier-wiv-2017-c20eee7b53a0" target="_blank">Dossier Wiv 2017</a>, het <a href="https://www.tweedekamer.nl/kamerstukken/wetsvoorstellen/detail?cfg=wetsvoorsteldetails&qry=wetsvoorstel%3A36263" target="_blank">Kamerdossier nr. 36263</a> en de behandeling bij de <a href="https://www.eerstekamer.nl/wetsvoorstel/36263_tijdelijke_wet_onderzoeken" target="_blank">Eerste Kamer</a>.<br>
<br>
- AIVD: <a href="https://www.aivd.nl/onderwerpen/cyberdreiging/luister-mee-met-de-aivd-bij-een-cyberonderzoek" target="_blank">Onderzoek een cyberdreiging in 'Operatie POSITRON'</a><br>
- Werken voor Nederland: <a href="https://www.werkenvoornederland.nl/organisaties/ministerie-van-defensie/militaire-inlichtingen--en-veiligheidsdienst/zo-trekt-het-jscu-ten-strijde-tegen-hackers-en-terroristen" target="_blank">Zo trekt het JSCU ten strijde tegen hackers en terroristen</a><br>
- Tweakers: <a href="https://www.youtube.com/watch?v=DCzk5Mnx7Oo" target="_blank">JSCU - Good guys tooling: hoe de geheime dienst onzichtbare dreigingen onderzoekt</a><br>
</font>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com0tag:blogger.com,1999:blog-4559002410879446409.post-6764992730696033322024-02-03T12:50:00.044+01:002024-03-05T11:21:57.358+01:00Safe and Free: comparing national legislation on electronic surveillance<br>
<br>
A project called <a href="https://safeandfree.io/" target="_blank">Safe and Free</a> by the University of Texas now provides an overview of the legal framework for electronic surveillance by intelligence and law enforcement agencies in 12 democratic countries.<br>
<br>
Here, I will introduce the project and discuss some general trends, as well as the different forms of prior approval of electronic surveillance operations.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMrittbU0qqsrdc09ydwMOIzetYVdHgjBF4EOtLkk7LmxvREIAcYKJv_8VZOBYtC_r-6nBFec5FRVvpNyPRLJmlIZ7iv8bNhxxmcvQ2nXr3hgy57J8jCpHfRmGzZE5lSFHldPd17wTvfDFdUK2q5wMwlq8F2U8f84M96-0qUQzecmeQxcsg3CQMAWlBtc/s800/safe-and-free-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="650" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMrittbU0qqsrdc09ydwMOIzetYVdHgjBF4EOtLkk7LmxvREIAcYKJv_8VZOBYtC_r-6nBFec5FRVvpNyPRLJmlIZ7iv8bNhxxmcvQ2nXr3hgy57J8jCpHfRmGzZE5lSFHldPd17wTvfDFdUK2q5wMwlq8F2U8f84M96-0qUQzecmeQxcsg3CQMAWlBtc/s600/safe-and-free-header.jpg"/></a></div>
<br>
<br>
Since the start of the Snowden revelations in June 2013, electronic surveillance has become a highly disputed topic. The controversy does not just concern the activities of the American signals intelligence agency NSA, but is also raised in European countries like Germany, The Netherlands and Denmark.<br>
<br>
As the regulation of electronic surveillance is highly specialised, it's often difficult to judge whether certain measures are appropriate and effective. One way to improve them is by looking at solutions in other countries, preferably those with a similar rule-of-law tradition. This comparison is now provided by the Safe and Free project of the <a href="https://www.strausscenter.org/" target="_blank">Strauss Center on International Security and Law</a> at the University of Texas at Austin. <br>
<br>
<br>
The project explores the variety of ways in which democratic states try to align surveillance for national security purposes with their values and laws. Safe and Free is an initiative of Adam Klein, director of the Strauss Center and former chairman of the <a href="https://en.wikipedia.org/wiki/Privacy_and_Civil_Liberties_Oversight_Board" target="_blank">Privacy and Civil Liberties Oversight Board</a> (PCLOB), which oversees the civil liberty implications of US intelligence and counter-terrorism activities.<br>
<br>
For Safe and Free a wide variety of surveillance experts, like think-tank members, academics, former government officials and journalists were asked to describe the legal framework for electronic surveillance in their country. This resulted in papers about the situation in Australia, Canada, France, Germany, The Netherlands, Poland, Romania, Sweden, the United Kingdom, and the United States. <br>
<br>
Papers about Japan and South-Korea can be expected some time in the future. I had the honor of writing the <a href="https://safeandfree.io/paper/the-development-of-electronic-surveillance-norms-in-the-netherlands/" target="_blank">paper</a> about The Netherlands, describing the development of the legal framework for government interception from the 1960s until the current law from 2018 (which, quite unique, was subject to an <a href="https://en.wikipedia.org/wiki/2018_Dutch_Intelligence_and_Security_Services_Act_referendum" target="_blank">advisory referendum</a>).<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://safeandfree.io/country-studies/" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="446" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1DPxDT_BH6h9qVaPmF0PCrQoiHZoYaqtsazpl-UrYvx2Zv50jL3IKENskA6yCztL22XWzYWpZFVjWAXH_Su7EZcGlmt2Ji5cVWCo2a97MkhX0HVUk3_xib36h3k0YQD3ERu3hdPFK0f2WfSAKyWCSY0QuxznRJg5RZyM4kMMkWkBAroAey8xWvBmh33k/s600/safe-and-free-map.jpg"/></a></div>
<div align="center">
<font size="2">
Map showing the countries covered by the Safe and Free project<br>
<font color="gray">Click the map for a clickable map!</font><br>
</font>
</div>
<br>
<br>
Reading all the papers shows how different national laws and regulations are, despite the fact that in practice, the technical methods are largely the same. All over the world, the telecommunications infrastructure for telephone and internet communications is very similar, as are the methods for interception. Hacking operations may require more creativity but have many tools and techniques in common as well. <br>
<br>
Because states have different legal systems, institutional traditions and political constellations, the regulation of electronic surveillance methods differs from country to country. Nonetheless, some basic trends can be distinguished. An important one is the distinction between foreign and domestic, which affects many aspects. <br>
<br>
First, most countries have separate agencies for foreign intelligence and domestic security, with signals intelligence traditionally being conducted by the military and domestic wiretapping sometimes by a national or federal police service.<br>
<br>
In The Netherlands the civilian AIVD and the military MIVD both combine a foreign and a domestic mission, separated by their goals, instead of collection methods. Dedicated signals intelligence agencies are typical for the <a href="https://www.electrospaces.net/2014/09/nsas-foreign-partnerships.html#2ndparty">Five Eyes</a> countries (the US, the UK, Canada, Australia and New Zealand), but Sweden has one as well, the <a href="https://en.wikipedia.org/wiki/National_Defence_Radio_Establishment" target="_blank">FRA</a>.<br>
<br>
<br>
Usually, the domestic security agencies are governed by rather strict laws to safeguard the rights of their national citizens, while for foreign intelligence agencies we see more lax or even no regulations as monitoring foreign targets is considered "fair game".<br>
<br>
Edward Snowden, however, considered this distinction very unfair and demanded equal protection for everyone. In some countries his view was picked up by the press, civil rights organizations and public opinion and eventually led to legal changes.<br>
<br>
In the United States, presidents Obama and Biden <a href="https://www.federalregister.gov/documents/2022/10/14/2022-22531/enhancing-safeguards-for-united-states-signals-intelligence-activities" target="_blank">implemented</a> a range of constraints on the NSA's signals intelligence collection abroad, while in Germany the constitutional court <a href="https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/EN/2020/bvg20-037.html" target="_blank">ruled</a> that fundamental rights restrict the BND's intelligence collection outside the country as much as they do inside German borders. In The Netherlands and Romania the law does not distinguish between foreign and domestic operations.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKUbNYuxaSwSwcB7HnVITvRbdkpJ1ZfWcSTf0Oit49-0Yx3hvS4A-rbYvUM17AtCvH4P45_Faxzxl7gAGGTgjPt-te5I9lfUcJx-3YU0vpewoqSPad9LW771WFnR2vb-z6KuZL22vwu6rIAd73zpDXF4Rg-c14A3sbFhvbcVxFStm0WWqTaAc90Jyox2E/s800/European_Court_of_Human_Rights.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="450" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKUbNYuxaSwSwcB7HnVITvRbdkpJ1ZfWcSTf0Oit49-0Yx3hvS4A-rbYvUM17AtCvH4P45_Faxzxl7gAGGTgjPt-te5I9lfUcJx-3YU0vpewoqSPad9LW771WFnR2vb-z6KuZL22vwu6rIAd73zpDXF4Rg-c14A3sbFhvbcVxFStm0WWqTaAc90Jyox2E/s600/European_Court_of_Human_Rights.jpg"/></a></div>
<div align="center">
<font size="2">
The building of the European Court of Human Rights (ECHR) in Strasbourg, France<br>
<font color="gray">(photo: CherryX/Wikimedia Commons)</font><br>
</font>
</div>
</div>
<br>
<br>
A further increase in safeguards for human rights comes from the <a href="https://en.wikipedia.org/wiki/European_Court_of_Human_Rights" target="_blank">European Court of Human Rights</a> (ECHR), the jurisdiction of which is recognized by 46 European countries. A notable requirement of this court is that the most intrusive surveillance methods, including tapping and hacking operations, need prior approval by an independent body. <br>
<br>
Intercepting domestic communications for criminal prosecution is subject to judicial approval almost everywhere, but when it's done by a security agency for national security or intelligence purposes, it's usually a cabinet minister who signs off. This bore the risk of politically motivated eavesdropping, so now there has to be <i>ex ante</i> oversight in order to meet the case law of the ECHR.<br>
<br>
Germany has already had such a body for decades, called the <a href="https://www.verfassungsschutz.de/EN/about-us/mission-and-working-methods/supervision-and-oversight/supervision-and-oversight_article.html#doc1021056bodyText5" target="_blank">G10 Commission</a>. Other countries followed more recently: Sweden has had the <a href="https://www.undom.se/" target="_blank" title="FörsvarsUnderrättelseDomstolen">FUD</a> since 2009, France created the <a href="https://www.cnctr.fr/en" target="_blank" title="Commission Nationale de Contrôle des Techniques de Renseignement">CNCTR</a> in 2015, the UK installed <a href="https://www.ipco.org.uk/who-we-are/judicial-commissioners/" target="_blank">Judicial Commissioners</a> in 2016 and The Netherlands established the <a href="https://www.tib-ivd.nl/" target="_blank" title="Toetsingscommissie Inzet Bevoegdheden">TIB</a> commission in 2018. <br>
<br>
All these bodies largely consist of former judges, but in France, Germany and Sweden they include (former) members of parliament as well. This shows the differences between political cultures, as in The Netherlands parliamentarians would probably not be seen as a sufficient safeguard for independent control.<br>
<br>
Canada has an independent <a href="https://www.canada.ca/en/intelligence-commissioner.html" target="_blank">Intelligence Commissioner</a> as well, while in Australia surveillance operations which affect Australian citizens have to be approved by three ministers and the attorney general. Finally, in the US, national security operations by the FBI have to be approved by either a regular court or the FISA Court, but so-called <a href="https://en.wikipedia.org/wiki/National_security_letter" target="_blank">National Security Letters</a> can be issued by the Bureau without judicial involvement.<br>
<br>
<br>
Depending on each country's legal situation, some of these independent bodies for prior approval also authorize or review foreign intelligence operations, but in many states the monitoring of foreign communications only needs to be approved by a minister or even just within the intelligence agency itself. The latter is the case, for example, in Poland and Romania.<br>
<br>
In the US, the NSA merely needs a general annual certification by the FISA Court when foreign data are collected inside the US (notably via the PRISM program) and no external approval is required when collection against foreign targets takes place abroad.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/09/nsas-legal-authorities.html">NSA's legal authorities</a><br>
</div>
<br>
In Western European countries we see that new legislation comes with increasing safeguards for civil liberties and privacy rights, but in some Eastern European countries the situation is different. <br>
<br>
Despite the fact that Poland and Romania both have to adhere to the case law of the ECHR, their most recent laws are aimed more towards extending electronic surveillance powers and less towards accountability, democratic control and privacy safeguards. Exemplary was that Polish authorities <a href="https://www.independent.co.uk/news/world/europe/poland-israel-nso-spyware-pegasus-b1988603.html" target="_blank">used</a> the notorious <a href="https://en.wikipedia.org/wiki/Pegasus_%28spyware%29" target="_blank">Pegasus</a> spyware against political opponents.<br>
<br>
<br>
By comparing the legal frameworks of each country we can see these kinds of general trends as well as the different ways in which safeguards are eventually implemented. They provide a set of best practices and options that can be used to improve the often complex regulation of electronic surveillance in a particular country.<br>
<br>
Here, I focused on the issue of prior approval, but similar lessons can be learned about other topics, like the regulations for targeted and untargeted tapping operations, the use of metadata and <i>ex post</i> oversight by independent and parliamentary commissions. Therefore it's highly recommended to read all the papers of the Safe and Free project, which can be found at <a href="https://safeandfree.io/" target="_blank">www.safeandfree.io</a><br>
<br>
<br>
<div class="separator" style="clear: both;" align="center"><img alt="" border="0" height="150" data-original-height="237" data-original-width="233" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFfQqjc7h2GRgWMM2L0yUqIs0w2Ue1R6y5gTzE2TuYg-Q-VYCjGzeky_RuU8pDSaNCl0Uta-41uDGfYUA0iJRMvXNiAzijZf_BQt05NYxNIydN4op_mpY0X4wAGN6K_D9LXtGIy09BwAgx2QPq85qdiPOijXcohUzHxSYPlMdA_vQ6f3DeKH0LT63Ucwk/s400/Safe_and_Free_logo.png" title="Logo of the Safe and Free project" /></div>
<br>
<br>
<b>Links</b><br>
<font size="2">
- Lawfare: <a href="https://www.lawfaremedia.org/article/safe-and-free-national-security-surveillance-and-safeguards-across-rule-of-law-states" target="_blank">Safe and Free: National-Security Surveillance and Safeguards Across Rule-of-Law States</a> (2023)<br>
- See also: <a href="https://www.intelligence-oversight.org/" target="_blank">International repository of legal
safeguards and oversight innovation</a><br>
</font>
<br>P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com0tag:blogger.com,1999:blog-4559002410879446409.post-574160763246458092023-12-11T08:27:00.042+01:002024-03-09T11:57:00.773+01:00Laatste kans voor duidelijkheid over de Tijdelijke wet cyberoperaties [NL]<div align="right"><font size="2" color="gray">(<a href="#update">Update</a>: December 24, 2023)</font></div>
<br>
<i><b>This time a blog post in Dutch about the temporary act that gives Dutch intelligence and security services more leeway for "operations against countries with an offensive cyber program directed against The Netherlands".</b></i><br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd4BULFzOPiCqltHQfLtZbWx8JPBKDVxiLpBpxERy-QceS2OISJg_aY99uEiO-YRN0BJp0zBed8SyNAZKyS386kWFcBbNKK-oGnm550wll5NKYE07TmoOW2c1NxhcXseMlB_qMajmA9_EzF1dRVgEtLKRB55L7b3mtLiJ_S1yjqANzls920U5PRYYoPDE/s800/cyberwet-overleg2023.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="650" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd4BULFzOPiCqltHQfLtZbWx8JPBKDVxiLpBpxERy-QceS2OISJg_aY99uEiO-YRN0BJp0zBed8SyNAZKyS386kWFcBbNKK-oGnm550wll5NKYE07TmoOW2c1NxhcXseMlB_qMajmA9_EzF1dRVgEtLKRB55L7b3mtLiJ_S1yjqANzls920U5PRYYoPDE/s800/cyberwet-overleg2023.jpg"/></a></div>
<div align="center">
<font size="2">
Wetgevingsoverleg in de Tweede Kamer over de Tijdelijke wet cyberoperaties, 16 oktober 2023<br>
</font>
</div>
<br>
<br>
<br>
<font size="+1"><b>Inleiding</b></font><br>
<br>
Momenteel <a href="https://www.eerstekamer.nl/wetsvoorstel/36263_tijdelijke_wet_onderzoeken" target="_blank">behandelt</a> de Eerste Kamer de Tijdelijke wet cyberoperaties, waarmee het voor de Nederlandse geheime diensten makkelijker wordt om hack- en kabeltapoperaties uit te voeren. Vanuit de AIVD en de MIVD wordt <a href="https://op1npo.nl/2022/03/03/jan-swillens-over-de-russische-cyberaanval-op-nederlandse-routers/" target="_blank">benadrukt</a> dat deze versoepelingen dringend nodig zijn in de strijd tegen cyberaanvallen vanuit landen als Rusland en China, maar anderen <a href="https://www.bitsoffreedom.nl/2022/04/13/nieuwe-tijdelijke-cyberwet-geeft-geheime-diensten-ruim-baan/" target="_blank">vrezen</a> dat hiermee een digitaal sleepnet mogelijk wordt gemaakt.<br>
<br>
De Tweede Kamer ging op 24 oktober reeds in grote meerderheid akkoord met het wetsvoorstel, alleen de SP en Forum voor Democratie stemden tegen. Voorafgaand was er geen plenair kamerdebat, maar <a href="https://debatgemist.tweedekamer.nl/debatten/tijdelijke-wet-onderzoeken-aivd-en-mivd-naar-landen-met-een-offensief-cyberprogramma" target="_blank">bespraken</a> minister De Jonge van Binnenlandse Zaken en Ollongren van Defensie het voorstel alleen in een zogeheten wetgevingsoverleg met de kamercommissie voor Binnenlandse Zaken (in de samenstelling van vóór de verkiezingen van 22 november). <br>
<br>
<br>
<font size="+1"><b>Verkenning bij ongerichte kabeltaps</b></font><br>
<br>
De tijdelijke wet geldt voor vier jaar en maakt het onder meer mogelijk dat de beide geheime diensten makkelijker toegang krijgen tot computers en servers die door een vijandelijke dienst gehackt zijn. De meest controversiële bepalingen zijn echter die over ongerichte kabelinterceptie, die officieel "Onderzoeksopdrachtgerichte (OOG) interceptie" wordt genoemd.<br>
<br>
Onder de huidige <a href="https://nl.wikipedia.org/wiki/Wet_op_de_inlichtingen-_en_veiligheidsdiensten_2017" target="_blank">Wet op de inlichtingen- en veiligheidsdiensten</a> (Wiv 2017) moet ongerichte interceptie, oftewel het in bulk aftappen van internetverbindingen, niet alleen noodzakelijk, proportioneel en subsidiair, maar ook "zo gericht mogelijk" zijn.
In de praktijk bleek dat laatste vereiste echter niet toepasbaar op de allereerste stap die voor zo'n tap nodig is, namelijk het inventariseren van welk soort kabelverkeer uit welke landen over welke kabels loopt. <br>
<br>
De tijdelijke wet maakt dit mogelijk door de introductie van de bevoegdheid tot "verkenning ten behoeve van ongerichte interceptie". Daarbij mag internetverkeer in bulk worden afgetapt en opgeslagen, maar alleen om vast te stellen welke datastromen interessant genoeg zijn voor een daadwerkelijke kabeltap. <br>
<br>
Deze mogelijkheid tot verkenning is dus een zinvolle toevoeging, maar hij geldt alleen voor "onderzoeken naar landen met een offensief cyberprogramma", aangezien dat het doel van de tijdelijke wet is. Dat betekent dat deze verkenning niet geldt voor ongerichte interceptie ten behoeve van onderzoeken op andere terreinen. Daar blijven de diensten dus vastzitten aan het onwerkbare gerichtheidsvereiste, wat doet vermoeden dat men de ongerichte kabelinterceptie de komende jaren hoofdzakelijk voor het bestrijden van cyberaanvallen wil inzetten.<br>
<br>
<br>
<font size="+1"><b>Hele wijken afluisteren?</b></font><br>
<br>
Er zijn over de Tijdelijke wet cyberoperaties nog meer onduidelijkheden die ook tijdens de behandeling in de Tweede Kamer niet of nauwelijks verhelderd werden. Sowieso besteedden de meeste kamerleden hun spreektijd grotendeels aan het simpelweg herhalen van wat in de wet staat. Stevig en kritisch doorvragen deden eigenlijk alleen Nicole Temmink van de SP en Pepijn van Houwelingen van Forum voor Democratie, maar ook hun vragen waren niet goed genoeg doordacht om de juiste antwoorden te krijgen. <br>
<br>
Zo beet Van Houwelingen zich vast in de vraag of het wetsvoorstel het mogelijk maakt om hele wijken af te luisteren. Minister De Jonge hield vol dat het aftappen van hele wijken niet kan en niet mag en dat de diensten dat ook niet willen. Inderdaad is het technisch gezien erg omslachtig om al het dataverkeer uit bepaalde wijken te onderscheppen aangezien bewoners hun vaste en mobiele dataverkeer via <a href="https://nos.nl/artikel/2207759-straks-nog-maar-drie-mobiele-providers-in-nederland-is-dat-erg" target="_blank">verschillende providers</a> hebben lopen. Zouden de diensten inderdaad een bepaalde wijk willen monitoren, dan zou dataverkeer uit de netwerken van alle betrokken providers gehaald moeten worden. <br>
<br>
Van Houwelingen had dus eigenlijk moeten vragen of de diensten een substantieel deel van het dataverkeer van een bepaalde provider kunnen onderscheppen. Dat zou voor de minister moeilijker te ontkennen zijn geweest. Wel zal het daarbij voor de diensten interessanter zijn om niet de verbinding tussen een provider en zijn abonnees, maar die tussen een provider en de rest van het internet af te tappen omdat langs die weg de buitenlandse cyberaanvallen binnenkomen. <br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZC-j9d_hCfbupf-S190ldFzn3a8YhMv13eWxRkRPtAONkiFkr83WRzroaEEbSx14HDBxv6YB9WajsymMbOnQIhrKP5fY7SBKaKYhr8aUm-m7rFxfxJfTGnqk1kXbqoao5ohNVb0krMELgAOLc4YoHrhSFwN_lV5PUko4zV0EJL7S4r-5xxphXKnayLXk/s800/cyberattack-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZC-j9d_hCfbupf-S190ldFzn3a8YhMv13eWxRkRPtAONkiFkr83WRzroaEEbSx14HDBxv6YB9WajsymMbOnQIhrKP5fY7SBKaKYhr8aUm-m7rFxfxJfTGnqk1kXbqoao5ohNVb0krMELgAOLc4YoHrhSFwN_lV5PUko4zV0EJL7S4r-5xxphXKnayLXk/s600/cyberattack-header.jpg"/></a></div>
<div align="center">
<font size="2">
Omvang en herkomst van cyberaanvallen in de periode 2005 t/m 2022 (<a href="https://www.cfr.org/cyber-operations/" target="_blank">bron</a>)<br>
</font>
</div>
<br>
<br>
<font size="+1"><b>Nederlands dataverkeer onderscheppen?</b></font><br>
<br>
Minister De Jonge betoogde bovendien dat als de diensten interesse in iemands buurman zouden hebben, zij daarvoor niet de ongerichte kabelinterceptie zullen inzetten, omdat er genoeg andere, meer gerichte methodes zijn om een target in Nederland te monitoren. De ongerichte kabelinterceptie wil men vooral gebruiken om ongekende dreigingen uit het buitenland in beeld te krijgen, aldus de minister. <br>
<br>
Dit is overeenkomstig de <a href="https://zoek.officielebekendmakingen.nl/kst-34588-70.html" target="_blank" title="Zie onder punt 4">brief van 6 april 2018</a>, waarin de ministers van Binnenlandse Zaken en van Defensie aan de Tweede Kamer lieten weten dat het "vrijwel uitgesloten [is] dat OOG-interceptie op de kabel de komende jaren wordt ingezet voor onderzoek naar communicatie met oorsprong en bestemming in Nederland".<br>
<br>
Tussen haakjes stond daar echter achter: "met uitzondering van onderzoek in het kader van cyber defence, omdat bij digitale aanvallen misbruik wordt gemaakt van de Nederlandse digitale infrastructuur en OOG-interceptie op de kabel noodzakelijk kan zijn om dit te onderkennen." Deze niet onbelangrijke uitzondering liet minister De Jonge tijdens het overleg met de kamercommissie echter achterwege.<br>
<br>
Nederlands dataverkeer kan dus wel ten behoeve van cyber defence in bulk worden afgetapt, en laat de tijdelijke wet nou net daarop betrekking hebben. Omdat geen enkel kamerlid dit heeft opgemerkt hebben zij kennelijk <a href="https://archive.is/4bc9m" target="_blank">te weinig tijd</a> en ondersteuning om zich dit ingewikkelde dossier voldoende eigen te maken. Ook is er een gebrek aan ervaring: van de kamerleden die zich in 2018 rond het <a href="https://nl.wikipedia.org/wiki/Referendum_over_de_Wet_op_de_inlichtingen-_en_veiligheidsdiensten_2017" target="_blank">referendum</a> in de Wiv verdiept hadden zit alleen Martin Bosma van de PVV nog in de Kamer.<br>
<br>
<br>
<font size="+1"><b>Momentopnames van zes maanden?</b></font><br>
<br>
Naast Van Houwelingen was ook Nicole Temmink van de SP vasthoudend in het kritisch doorvragen. Haar ging het vooral om de bewaartermijn van zes maanden voor de data die tijdens de verkennende fase worden afgetapt. <br>
<br>
In antwoorden op schriftelijke kamervragen werd gezegd dat deze zes maanden nodig zijn "om de geïntercepteerde gegevensstromen goed te kunnen beoordelen op bruikbaarheid" maar dat is een nogal magere onderbouwing voor de mogelijkheid om een potentieel zeer grote hoeveelheid internetdata een half jaar lang te bewaren. Minister De Jonge bleef beweren dat het hierbij slechts om een momentopname, een foto ("een snapshot") gaat.<br>
<br>
Ook hier viel op dat de kamerleden kennelijk niet over voldoende informatie beschikten. Speciaal over het snapshotten heeft toezichthouder CTIVD namelijk in 2022 een <a href="https://www.ctivd.nl/actueel/nieuws/2022/03/15/index" target="_blank">gedetailleerd rapport</a> uitgebracht. Daarin wordt gezegd dat dit snapshotten tot nu toe inhield dat een datakanaal maximaal twee uur per dag wordt afgetapt om de potentiële inlichtingenwaarde daarvan vast te stellen.<a nohref title="CTIVD-rapport nr. 75, p. 33.">*</a><br>
<br>
Het kan zijn dat De Jonge bedoelde dat in de praktijk een snapshot nog steeds beperkt zal blijven tot twee uur per dag en dat het resultaat daarvan dan zes maanden bewaard blijft. Dat zou waarschijnlijk voor iedereen wel acceptabel zijn, maar door dat niet in de wet op te nemen, of tenminste expliciet toe te zeggen, is er nu ruimte om een continue datastroom op te slaan. Een dergelijke onduidelijkheid zou zich hier niet mogen voordoen. <br>
<br>
<br>
<div align="center">
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0f8hvpIbfVt6fneEHlWP9Pe8LQKqwP49OuXI9KuwYB2MXgxKiMKBZf6zxNfnu4H5Pza-FPm_rKxDfE000AtLnLxNhGgutBzRGAVJBxqXWjZhznjjzzRk9BSXyrh4nULYV0P_5-txbD1ck-0TeAdV_0hXMjmFFvP0KaTcpeR7qVIcWdfN2UvvO8qZw/s800/aivd-luchtfoto.jpg" style="display: block; text-align: center; "><img alt="" border="0" width="550" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0f8hvpIbfVt6fneEHlWP9Pe8LQKqwP49OuXI9KuwYB2MXgxKiMKBZf6zxNfnu4H5Pza-FPm_rKxDfE000AtLnLxNhGgutBzRGAVJBxqXWjZhznjjzzRk9BSXyrh4nULYV0P_5-txbD1ck-0TeAdV_0hXMjmFFvP0KaTcpeR7qVIcWdfN2UvvO8qZw/s600/aivd-luchtfoto.jpg"/></a></div>
<div align="center">
<font size="2">
Hoofdkantoor van de <a href="https://nl.wikipedia.org/wiki/Algemene_Inlichtingen-_en_Veiligheidsdienst" target="_blank">AIVD</a>, waar zich ook de <a href="https://nl.wikipedia.org/wiki/Joint_Sigint_Cyber_Unit" target="_blank">Joint Sigint Cyber Unit</a> bevindt<br>
</font>
</div>
</div>
<br>
<br>
<font size="+1"><b>Uitwisseling met het buitenland</b></font><br>
<br>
Een laatste kritiekpunt op de nieuwe verkenningsfase is het feit dat data die daarbij binnengehaald worden ook met buitenlandse diensten gedeeld mogen worden. Volgens de minister gaat het daarbij alleen om "technische ondersteuning" waarbij een betrouwbare buitenlandse partner kan helpen met het duiden van bepaalde data. Het is echter niet duidelijk geworden of datastromen dan in hun geheel (mogen) worden doorgestuurd, of alleen de stukjes die voor onze eigen diensten raadsels opleveren. <br>
<br>
Minister De Jonge gaf aan dat technische ondersteuning bijvoorbeeld nodig kan zijn om "de encryptie van bepaald Russisch verkeer te ontcijferen". Gezien de scope van de tijdelijke wet, het bestrijden van cyberaanvallen, zal het daarbij niet om diplomatieke berichten gaan, maar om malware, die tegenwoordig ook <a href="https://id.nl/huis-en-entertainment/computer-en-gaming/software/versleutelde-malware-blijft-langer-onontdekt" target="_blank">steeds vaker versleuteld</a> is om virusscanners te ontduiken.<br>
<br>
In het overleg met de kamercommissie voegde De Jonge daar aan toe dat onze diensten er vaak door buitenlandse partners op gewezen worden dat een bedrijf of instelling in Nederland <i>under attack</i> is en daarbij ook te horen krijgen aan wie zo'n aanval valt toe te rekenen: "Die samenwerkingsrelatie hou je goed als je niet alleen maar komt halen, maar ook af en toe kunt brengen".<br>
<br>
Daarmee geeft de minister aan dat het bij deze wet niet zozeer gaat om het ouderwetse afluisteren van gesprekken of meelezen van e-mailberichten, maar om het detecteren van malware en hackpogingen. En dat de ongerichte kabeltoegang dus ook nodig is om buitenlandse partners te kunnen waarschuwen, zodat zij op hun beurt ons op de hoogte blijven houden van cyberdreigingen richting Nederland. <br>
<br>
<br>
<font size="+1"><b>Conclusie</b></font><br>
<br>
De Tijdelijke wet cyberoperaties is bijzonder complex en gaat over bevoegdheden op een terrein dat de komende jaren alleen maar belangrijker zal worden, namelijk het bestrijden van cyberaanvallen door landen als Rusland en China. <br>
<br>
Ondanks dat er in schriftelijke stukken en in de mondelinge behandeling heel veel woorden over zijn gewisseld, lijkt de Tweede Kamer niet volledig te hebben doorgrond waarmee zij heeft ingestemd. Wanneer kamerleden al kritisch doorvroegen was dat met vragen die de minister de gelegenheid gaven om ontwijkend te antwoorden.<br>
<br>
Daardoor is over diverse punten van zorg geen duidelijkheid gekomen en lijkt er zelfs nauwelijks besef te zijn dat het hier niet zozeer om klassieke inlichtingenvergaring, maar om <a href="https://en.wikipedia.org/wiki/Proactive_cyber_defence" target="_blank">cyber defence</a> gaat. Daarvoor hebben de diensten weliswaar een breed zicht op kabelverkeer nodig, maar kijken ze met name naar buitenlandse cyberaanvallen en niet naar gedragingen van Nederlandse burgers.<br>
<br>
Doordat dit niet expliciet is gemaakt blijft de wet te vaag en is de verontrusting op z'n minst begrijpelijk. De Eerste Kamer kan het wetsvoorstel niet meer wijzigen, maar kan door het stellen van de juiste vragen nog wel de nodige opheldering verkrijgen. <br>
<br>
<a name="update"></a>
<br>
<br>
<div class="blockquote">
<b>UPDATE: Schriftelijke vragen van de Eerste Kamer</b><br>
<br>
Op 21 december 2023 publiceerde de Eerste Kamercommissie voor Binnenlandse Zaken haar <a href="https://www.eerstekamer.nl/behandeling/20231219/verslag/document3/f=/vm97m3puuxz0.pdf" target="_blank">schriftelijke vragen</a> aan het kabinet. Vanuit bijna alle fracties zijn een behoorlijk groot aantal vragen gekomen, waarbij vrij veel vragen echter ook gaan over dingen die reeds bij de behandeling in de Tweede Kamer besproken en beantwoord zijn of anderzins al ergens terug te vinden zijn.<br>
<br>
Voorts zijn veel vragen nogal algemeen gestelde open vragen, waarop het kabinet ontwijkend of onvolledig kan antwoorden, zoals we tijdens het wetgevingsoverleg in de Tweede Kamer al zagen. Een voorbeeld is dat nu gevraagd wordt "hoe bij de toepassing van dit wetsvoorstel zal worden omgegaan met metadata", in plaats van dat specifiek werd gevraagd of voor de verkennende fase niet kan worden volstaan met het analyseren van metadata (zodat de inhoud van datastromen ongemoeid blijft) en zo niet, waarom niet.<br>
<br>
Vervolgens had dan gevraagd kunnen worden of voor de verkenning de datastromen altijd moeten worden opgeslagen of dat ze ook online kunnen worden gefilterd. Dat laatste werd al in de Memorie van Toelichting op de Wiv uit 2016 genoemd als een methode die specifiek ten behoeve van cybersecurity kan worden ingezet.<a nohref title="MvT Wiv 2017, oktober 2016, p. 105.">*</a> Het direct online filteren op kenmerken van malware en hackactiviteiten is immers minder privacybelastend dan het opslaan van data zodat deze ook later nog onderzocht kunnen worden.<br>
<br>
Meerdere vragen gaan over wanneer de tijdelijke wet precies van toepassing is: wie bepaalt bijvoorbeeld wanneer een land "een offensief cyberprogramma tegen Nederland of Nederlandse belangen" uitvoert? Het kabinet heeft eerder al gezegd dat het daarbij met name om Rusland, China, Iran en Noord-Korea gaat, maar het blijft vreemd dat juist een bevoegdheid om ongekende dreigingen op te sporen pas kan worden ingezet als die aan een bepaald land wordt gekoppeld. Geen van de fracties kwam echter met de vraag of het niet duidelijker zou zijn om deze wet niet aan landen te koppelen, maar aan het bestrijden van cyberaanvallen in het algemeen.<br>
<br>
Dit geeft de indruk dat, net als de Tweede Kamer, ook de Eerste Kamer zich nauwelijks bewust lijkt van het feit dat het hier hoofdzakelijk om <a href="https://en.wikipedia.org/wiki/Proactive_cyber_defence" target="_blank">cyber defence</a> gaat en niet om traditionele inlichtingvergaring. De fractie van GroenLinks-PvdA denkt bijvoorbeeld dat al in de nieuwe verkenningsfase "mensen door middel van AI op basis van hun gedrag en uitingen beoordeeld" gaan worden. Op zich een begrijpelijke zorg, maar juist daarom zou expliciet gemaakt moeten worden dat het hier gaat om het bestrijden van malware en hackaanvallen.<br>
<br>
Een betere vraag vanuit GroenLinks-PvdA is of de data die tijdens de verkennende fase zijn verworven ook in bulk en/of bijna live (real-time) met buitenlandse partnerdiensten mogen worden gedeeld ten behoeve van wat het kabinet "technische ondersteuning" noemt. Hieraan vooraf gaat echter het vraagstuk hoeveel data in eerste instantie tijdens de verkenning mogen worden binnengehaald.<br>
<br>
In de Tweede Kamer vroeg Forum voor Democratie niet heel handig of hele wijken kunnen worden gaan afgeluisterd, maar overeenkomstig ik hierboven betoogde formuleert de Eerste Kamerfractie van de PVV de vraag nu beter: "In hoeverre kan bijvoorbeeld een kabelinterceptie plaatsvinden bij een grote internetprovider, waarmee in één keer het volledige gegevensverkeer van alle gebruikers verzameld wordt?"<br>
<br>
De eveneens hierboven besproken uitzondering voor cyber defence wordt nu door de Eerste Kamerfractie van de PvdD aangehaald: "door de minister is toegezegd dat er geen interceptie zal plaatsvinden in het zogeheten Nederland-Nederland-verkeer, tenzij voor cyber defence. Is dat juist? Geldt dat ook voor het gebruik van bevoegdheden waarop het onderhavige wetsvoorstel betrekking heeft? Zo nee, is dat dan in strijd met de toezegging?"<br>
<br>
De kwestie van de zogeheten snapshots liet de Eerste Kamer opvallend genoeg liggen. Volgens een <a href="https://www.ctivd.nl/actueel/nieuws/2022/03/15/index" target="_blank">rapport</a> van de CTIVD uit 2022 wordt momenteel tijdens zo'n snapshot een datakanaal maximaal twee uur per dag afgetapt en het zou niet onbelangrijk zijn om te weten of dat ook voortaan het geval zal zijn, want zoals het wetsvoorstel nu geformuleerd is, zouden de diensten een continue datastroom mogen opslaan.<br>
<br>
Aanmerkelijk minder vragen zijn er tenslotte over de nieuwe mogelijkheid om makkelijker toegang te krijgen tot computers en servers van derden wanneer die door een target gehackt zijn. Zo werd bijvoorbeeld niet gevraagd waarom er geen <a href="https://www.aivd.nl/onderwerpen/notificatie" target="_blank">notificatie</a> of zelfs compensatie mogelijk is voor mensen of bedrijven die daar mee te maken krijgen. Daar zitten haken en ogen aan, maar onmogelijk is het niet: in maart 2022 had de MIVD nota bene zelf <a href="https://archive.is/DJsMj" target="_blank">laten weten</a> dat zij particulieren en ondernemers na een dergelijke operatie geïnformeerd had en in een aantal gevallen ook een tegoedbon gegeven heeft.<br>
<br>
De vaste commissie voor Binnenlandse Zaken van de Eerste Kamer verzoekt het kabinet om binnen vier weken, dus al vóór 16 januari 2024, te antwoorden middels een zogeheten nota naar aanleiding van het verslag.<br>
</div>
<br>
<br>
> Vervolg: <a href="https://www.electrospaces.net/2024/03/eerste-kamer-bereikt-iets-meer.html">Eerste Kamer bereikt iets meer duidelijkheid over de Tijdelijke wet cyberoperaties</a><br>
<br>
<br>
<br>
<b>Links</b><br>
<font size="2">
<br>
- Zie voor alle officiële stukken rondom deze wetgeving: <a href="https://electrospaces.medium.com/dossier-wiv-2017-c20eee7b53a0" target="_blank">Dossier Wiv 2017</a>, het <a href="https://www.tweedekamer.nl/kamerstukken/wetsvoorstellen/detail?cfg=wetsvoorsteldetails&qry=wetsvoorstel%3A36263" target="_blank">Kamerdossier nr. 36263</a> en de behandeling bij de <a href="https://www.eerstekamer.nl/wetsvoorstel/36263_tijdelijke_wet_onderzoeken" target="_blank">Eerste Kamer</a>.<br>
<br>
- MediaLogica: <a href="https://www.vpro.nl/argos/media/kijk/afleveringen/medialogica/2023/aflevering-4.html" target="_blank">Zwarte Lak en Witte Jassen</a> (8 december 2023)<br>
- About Intel: <a href="https://aboutintel.eu/cyber-defence-requires-legal-framework/" target="_blank">Cyber defence operations require a dedicated legal framework</a> (27 juni 2023)<br>
- De Correspondent: <a href="https://decorrespondent.nl/13987/de-geheime-diensten-bedonderen-ons-zegt-de-man-die-het-kan-weten/98e8c813-b1e0-05ea-1438-1c1612ed90b8" target="_blank">De geheime diensten bedonderen ons, zegt de man die het kan weten</a> (5 april 2023)<br>
- NRC: <a href="https://archive.is/0qflh" target="_blank">Verkennen, hacken en tappen: mogen de AIVD en MIVD al genoeg of moet de wet nodig ruimer?</a> (4 april 2023)<br>
- Bert Hubert: <a href="https://berthub.eu/articles/posts/uitleg-over-de-wiv-2/" target="_blank">De Tijdelijke Wet op Inlichtingen- en Veiligheidsdiensten 2022</a> (2 december 2022)<br>
</font>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com1tag:blogger.com,1999:blog-4559002410879446409.post-73957044091805579252023-10-06T23:11:00.047+02:002024-02-24T09:46:26.883+01:00The NSA's new organizational designators<div align="right"><font size="2" color="gray">(Updated: February 24, 2024)</font></div>
<br>
For decades, the organizational structure of the NSA was classified, but since 2013 the Snowden documents provided hundreds of designators of internal divisions, branches and units, which allowed me to <a href="https://www.electrospaces.net/2014/01/nsas-organizational-designations.html">reconstruct the agency's internal structure</a>.<br>
<br>
From 2016 to 2017, the NSA was reorganized so that many of those designators may have changed. Some recent documents, however, provide designators from the current situation, which allows to start a reconstruction of the new structure as well.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTg23xxWw_QUsxDCdUUXyufP0QrKW1j-3nUDyvdU9EuYTjiyl9gG_mtxkW9KNHsCfpUn6nYLL2fPaKxZJXSZFOxwx12fs65NkdRk2T3X6OOuXAudJrjm1vh4NWaQrXf-QJFO2e9N3joNVNxY0RXPG2ixWEcGmJ2LVkIEWgIpnxg-KndqnUJHM-11hfzEY/s800/nsa-icc-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="650" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTg23xxWw_QUsxDCdUUXyufP0QrKW1j-3nUDyvdU9EuYTjiyl9gG_mtxkW9KNHsCfpUn6nYLL2fPaKxZJXSZFOxwx12fs65NkdRk2T3X6OOuXAudJrjm1vh4NWaQrXf-QJFO2e9N3joNVNxY0RXPG2ixWEcGmJ2LVkIEWgIpnxg-KndqnUJHM-11hfzEY/s600/nsa-icc-header.jpg"/></a></div>
<div align="center">
<font size="2">
The <a href="https://cyberscoop.com/nsa-integrated-cyber-center-paul-nakasone/" target="_blank">Integrated Cyber Center</a> (ICC) and other new buildings at the NSA's East Campus<br>
(photo: Brendan Smialowski/Getty Images)<br>
</font>
</div>
<br>
<br>
<br>
<font size="+2"><b>The reorganization of 2016</b></font><br>
<br>
The organizational structure of the NSA as it emerged from the Snowden documents was established in the year 2000 under director Michael Hayden.
In 2016, director Michael Rogers initiated a full reorganization under the name <a href="https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/1618701/nsa21-facing-threats-to-the-nation-and-future-challenges-with-innovation-integr/" target="_blank">NSA21</a>, in order to prepare the agency for the cyber challenges of the 21st century. <br>
<br>
One of the most important (and <a href="https://fedscoop.com/nsa-reorganization-nsa21-august-2016/" target="_blank">controversial</a>) changes was fusing the operational elements of the Signals Intelligence (SID) and Information Assurance (IAD) directorates into the new Directorate of Operations. The remaining information assurance activities were <a href="https://www.meritalk.com/profile/greg-smithberger/" target="_blank">merged</a> with the old Technology Directorate into the new Capabilities Directorate.<br>
<br>
The hacking group Tailored Access Operations (TAO) was <a href="https://mobile.nytimes.com/2017/12/01/us/politics/nsa-nghia-pho-classified-information-stolen-guilty.html" target="_blank">renamed</a> into Computer Network Operations (CNO). The new structure as envisioned by NSA21 <a href="https://oig.nsa.gov/Portals/71/Reports/SAR/OIG%20UNCLASS%20SAR%202nd%20Half%20FY2018_FINAL%2020JUL18.pdf?ver=2018-09-07-115021-997" target="_blank">reached</a> full operational capability in December 2017.<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZZL3pKeblGQD4LKpJqvrKr36ZWucAAFDRlTwHJauv4U28j5u1QbfqvJrFH3xQQDlund2BOoVWwqJIvppVONrkXoKtKHS-G_sQSrOtDJyDWlOCr2C1VVpglzmj9uEqVlqT4GrGuXTDowY/s1600/nsa-orgchart-2016.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZZL3pKeblGQD4LKpJqvrKr36ZWucAAFDRlTwHJauv4U28j5u1QbfqvJrFH3xQQDlund2BOoVWwqJIvppVONrkXoKtKHS-G_sQSrOtDJyDWlOCr2C1VVpglzmj9uEqVlqT4GrGuXTDowY/s1600/nsa-orgchart-2016.jpg" width="550" "Organizational chart of NSA after the reorganization NSA21"></a></div>
<div align="center">
<font size="2">
The new structure of the NSA as established by the NSA21 reorganization<br>
(source: NSA - click to enlarge)<br>
</font>
</div>
<br>
<br>
On October 1, 2019, an additional Cybersecurity Directorate (CSD) was <a href="https://www.cyberscoop.com/nsa-cybersecurity-directorate/" target="_blank">established</a> to unify the NSA's foreign intelligence and cyber defense missions and to prevent and eradicate threats to National Security Systems (NSS) and the Defense Industrial Base (DIB). The CSD <a href="https://cyberscoop.com/nsa-cybersecurity-directorate-neal-ziring-dave-frederick/" target="_blank">pulled</a> its workforce from several directorates, including the Operations Directorate and its Computer Network Operations group.<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivkv3Zk4fnDYkB8m-ugkf5vqGrp6tq5wObT7xpqw1ZcnziDQD15K8dQrxt820oYnZzegs7y5EP-V6RUQSuUHypSd2vmiW9VYlL1ICtCLa6OSvQl2VlL3-sGTEqLKp0bZx1Zu7e_Iz5hKtpF8-XZGkRnhWSEuW-NGROw4iEZx2dzxVQ5NhNW5z9AG5M/s200/logo%20cybersecurity%20directorate.png" style="display: block; padding: 1em 0; text-align: center;"><img alt="" border="0" width="120" data-original-height="200" data-original-width="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivkv3Zk4fnDYkB8m-ugkf5vqGrp6tq5wObT7xpqw1ZcnziDQD15K8dQrxt820oYnZzegs7y5EP-V6RUQSuUHypSd2vmiW9VYlL1ICtCLa6OSvQl2VlL3-sGTEqLKp0bZx1Zu7e_Iz5hKtpF8-XZGkRnhWSEuW-NGROw4iEZx2dzxVQ5NhNW5z9AG5M/s320/logo%20cybersecurity%20directorate.png"/></a></div>
<br>
<br>
<br>
<font size="+2"><b>The new organizational structure</b></font><br>
<br>
A number of new designators from the NSA's current structure can be found in the extensive <a href="https://www.intel.gov/assets/documents/702%20Documents/oversight/NSA_EO_14086_Procedures_Policy_12-3_Annex_C.pdf" target="_blank">NSA/CSS Policy 12-3 Annex C</a> from June 2023. Some other documents and press reports provide additional information, which results in the partial chart below.<br>
<br>
<b>Update:</b> The <a href="https://media.defense.gov/2022/Feb/22/2002942550/-1/-1/0/NSA_CSS_POLICY_12-1_20220121.PDF" target="_blank">NSA/CSS Civil Liberties and Privacy Program</a> from November 2021 provides the internal top-level designators for all the agency's current directorates. The organization chart and the remarks below have been updated accordingly:<br>
<br>
<br>
<div class="blockquote">
<font size="+1"><b>A: Workforce Support Activities (WSA)</b></font><br>
<br>
<div class="blockquote">
A2: National Cryptologic School (NCS) <br>
</div>
<br>
<br>
<font size="+1"><b>B: Business Management and Acquisition (BM&A)</b></font><br>
<br>
<br>
<font size="+1"><b>C: Cybersecurity Directorate (CSD)</b></font><br>
<br>
<div class="blockquote">
C? <a href="https://www.nsa.gov/About/Cybersecurity-Collaboration-Center/" target="_blank">Cybersecurity Collaboration Center</a> (CCC) <a href="https://www.cbsnews.com/news/nsa-cybersecurity-collaboration-center/" target="_blank">*</a><br>
<br>
<div class="blockquote">
C?? Artificial Intelligence Security Center (AISC)<br>
</div>
</div>
<br>
<br>
<font size="+1"><b>D: Office of the Director</b></font><br>
<div class="blockquote">
<br>
DC: NSA/CSS Chief of Staff (CoS)<br>
...<br>
D2: <a href="https://www.nsa.gov/Culture/General-Counsel/Overview/" target="_blank">Office of General Counsel</a> (OGC)<br>
...<br>
D5: Civil Liberties, Privacy, and Transparancy (CLPT)<br>
D6: Diversity, Equality, and Inclusion (DEI)<br>
...<br>
D9: Risk Management Office (RMO)<br>
</div>
<br>
<br>
<font size="+1"><b>I: <a href="https://oig.nsa.gov/" target="_blank">Office of the Inspector General</a> (OIG)</b></font><br>
<br>
<br>
<font size="+1"><b>P: Engagement and Policy (E&P)</b></font><br>
<br>
<div class="blockquote">
P1: ?<br>
<div class="blockquote">
P12: Office of Policy<br>
P13: ?<br>
<div class="blockquote">
P131: Information Security/Classification <a href="https://www.nsa.gov/portals/75/documents/news-features/declassified-documents/nsa-css-policies/NSACSS_PM_1-52_20210108.pdf" target="_blank">*</a><br>
</div>
</div>
...<br>
P7: Office of Compliance/Compliance Group<br>
<div class="blockquote">
P75: Office of Compliance for Cybersecurity and Operations<br>
</div>
</div>
<br>
<br>
<font size="+1"><b>R: Research Directorate</b></font><br>
<br>
<br>
<font size="+1"><b>X: Operations Directorate</b></font><br>
<br>
<div class="blockquote">
X? Computer Network Operations (CNO)<br>
</div>
<br>
<br>
<font size="+1"><b>Y: Capabilities Directorate</b></font><br>
Chief Information Officer (CIO)<br>
</div>
<br>
<br>
<hr style="height:1px;border-width:0;color:gray;background-color:gray;width:80%">
<br>
<br>
<font size="+2"><b>Some additional remarks</b> (updated)</font><br>
<br>
If we compare these current designators with the structure before 2016, we see that:<br>
<br>
- The Office of the Director is still designated as "D" and may not have changed much, except for the Office of the Inspector General, which now has its own top-level designator (I), and at least two parts (the Office of Policy and the information security units) which have been transferred to the newly created Engagement & Policy Directorate (P).<br>
<br>
- For the Inspector General (IG) this reflects that since the FY2014 Intelligence Authorization Act this official is appointed by the President and confirmed by the Senate. Previously, the IG was appointed by the Director of the NSA, who could also remove him. The first presidentially appointed NSA IG was Rob Storch, who served from 2018 to 2022.<br>
<br>
- The position of the Chief Information Officer (CIO) is different: in 2020, the IG <a href="https://fedscoop.com/nsa-cio-role-ambiguous/" target="_blank">criticised</a> that the CIO wasn't included in the organization charts of the agency and primarily served as head of one of the NSA's directorates, first Technology and now Capabilities.<br>
<br>
- Other new directorates also got a top-level designator that wasn't used before 2016: Workforce Support Activities (A), Business Management and Acquisition (B), Cybersecurity (C) and Capabilities (Y). The Research Directorate however kept the letter R.<br>
<br>
- The new Operations Directorate is designated by the letter X, which was already used under the old structure, although we don't know for what kind of activity. Maybe the previous X division was just temporary or very small as the only source that mentions it is a <a href="https://info.publicintelligence.net/NSA-CableInstallation.pdf" target="_blank">document</a> about cable installations at NSA headquarters from 2007. <br>
<br>
<br>
> See also: <a href="https://electrospaces.blogspot.com/2019/06/the-nsas-regional-cryptologic-centers.html">The NSA's regional Cryptologic Centers</a><br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKj6Yvy97IYLc4iJ9lHOBH09OJ0Wp-DGUaEcuQqphH5GM8gPeos_rxLYXcnHTocoRlpwhtpiumf_z4QxvHIfPK6BV-2jQDlU-AhlIEj52P-HUB85FGHuZPPP3j-STwn8ePFLtRB2xkcWc/s1600/NSA21-Logo.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKj6Yvy97IYLc4iJ9lHOBH09OJ0Wp-DGUaEcuQqphH5GM8gPeos_rxLYXcnHTocoRlpwhtpiumf_z4QxvHIfPK6BV-2jQDlU-AhlIEj52P-HUB85FGHuZPPP3j-STwn8ePFLtRB2xkcWc/s320/NSA21-Logo.jpg" width="200" title="NSA21 reorganization logo"></a></div>
<br>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com0tag:blogger.com,1999:blog-4559002410879446409.post-11813746854280867762023-09-14T11:08:00.078+02:002023-10-10T08:01:37.754+02:00Some new snippets from the Snowden documents<div align="right"><font size="2" color="gray">(Updated: September 20, 2023)</font></div>
<br>
It's been more than four years since the <a href="https://theintercept.com/2019/05/29/nsa-data-afghanistan-iraq-mexico-border/" target="_blank">last regular publication</a> of documents from the Snowden trove. Last year, however, some new snippets of information from the Snowden documents appeared in the PhD thesis of hacktivist <a href="https://en.wikipedia.org/wiki/Jacob_Appelbaum" target="_blank">Jacob Appelbaum</a>.<br>
<br>
The <a href="#new"><b>new information</b></a> isn't very spectacular and also quite specialistic, but still worth to make it more easily accessible. Also for the record I added some <a href="#remarks"><b>corrections and additions</b></a> to Appelbaum's discussion of NSA surveillance methods.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCNgdUg8Rgq3ERaS2lzi8Sve5oEwG7rZVOMXK6umGqydzrOxSplgMaEF2q3Alvht9q6ySJrYJ1j-PY45fLFzijvld1MUVbk1Ts1JvbFM0T0jjrOguBhqGG3U9rWAyFHhGaFWIFlaIyhR3DB0E4vKmy__3cs0tscozNYUNLB8Pd2smvgBg09AMpIHbB/s800/appelbaum-thesis-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="650" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCNgdUg8Rgq3ERaS2lzi8Sve5oEwG7rZVOMXK6umGqydzrOxSplgMaEF2q3Alvht9q6ySJrYJ1j-PY45fLFzijvld1MUVbk1Ts1JvbFM0T0jjrOguBhqGG3U9rWAyFHhGaFWIFlaIyhR3DB0E4vKmy__3cs0tscozNYUNLB8Pd2smvgBg09AMpIHbB/s600/appelbaum-thesis-header.jpg"/></a></div>
<div align="center">
<font size="2">
NSA headquarters - Appelbaum's thesis - Eindhoven University of Technology<br>
</font>
</div>
<br>
<br>
<br>
<font size="+2"><b>Jacob Appelbaum</b></font><br>
<br>
Jacob R. Appelbaum was born in 1983 in California and became a well-known hacker and activist for digital anonymity. He was a member of the <a href="https://en.wikipedia.org/wiki/Cult_of_the_Dead_Cow" target="_blank">Cult of the Dead Cow</a> hacker collective and a core member of the <a href="https://en.wikipedia.org/wiki/Tor_%28network%29" target="_blank">Tor project</a>, which provides a tool for anonymous internet communications.<br>
<br>
In 2012, Appelbaum moved to Berlin, where he worked closely with Laura Poitras on the NSA documents which she had received from Edward Snowden in May and June 2013. However, he was also involved in the story about the eavesdropping on German chancellor Merkel and the publication of the NSA's <a href="https://en.wikipedia.org/wiki/ANT_catalog" target="_blank">ANT Product Catalog</a>.<br>
<br>
In both cases the documents were not attributed to Snowden and <a href="https://www.schneier.com/blog/archives/2023/06/snowden-ten-years-later.html" target="_blank">apparantly came</a> from a still unidentified "second source". In his thesis, Appelbaum seems to refer to this source when he mentions "documents exposed by whistleblowers, known and unknown, or other anonymous insiders."<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/12/leaked-documents-that-were-not.html">Leaked documents that were not attributed to Snowden</a><br>
</div>
<br>
In 2015, several women accused Appelbaum of sexual abuse and he subsequently lost his position at the Tor project and various other organizations. Appelbaum denied the allegations, but an investigation ordered by the Tor project <a href="https://web.archive.org/web/20190820150807/https://www.nytimes.com/2016/07/28/technology/tor-project-jacob-appelbaum.html" target="_blank">determined</a> that they appeared to be true.<br>
<br>
Meanwhile Appelbaum had moved to The Netherlands, where he <a href="https://news.ycombinator.com/item?id=13891900" target="_blank">started</a> as a PhD student at the Eindhoven University of Technology (TU/e). There he finished his thesis and received his PhD on March 25, 2022. Currently he <a href="https://research.tue.nl/en/persons/jacob-r-appelbaum" target="_blank">works as a postdoc</a> at the <a href="https://www.win.tue.nl/cc/" target="_blank">Coding Theory and Cryptology</a> group at TU Eindhoven.<br>
<br>
<br>
<br>
<font size="+2"><b>Appelbaum's PhD thesis</b></font><br>
<br>
The full title of Appelbaum's thesis is "<i>Communication in a world of pervasive surveillance. Sources and methods: Counter-strategies against pervasive surveillance architecture</i>". His promotors were prof.dr. Mark van den Brand, prof.dr. Daniel J. Bernstein and prof.dr. Tanja Lange.<br>
<br>
The thesis was published on March 25, 2022 and became available for <a href="https://pure.tue.nl/ws/portalfiles/portal/197416841/20220325_Appelbaum_hf.pdf" target="_blank">download</a> as a 24.3 MB pdf-document on September 27, 2022. The contents of this 327-page thesis are as follows:<br>
<br>
- <b>Chapter 1</b>: Introduction.<br>
<br>
- <b>Chapter 2</b>: Background on network protocols common to all research.<br>
<br>
- <b>Chapter 3</b>: Background on cryptography common to all research.<br>
<br>
- <b>Chapter 4</b>: Review of historical, political, economic, and technical adversarial capabilities (including previously published leaked documents that are from works which Appelbaum has written about in his role as a journalist).<br>
<br>
- <b>Chapter 5</b>: Review of the Domain Name System and an explanation of alternative methods to improve the security and privacy of domain name lookups.<br>
<br>
- <b>Chapter 6</b>: Examination of a tweak to the WireGuard VPN protocol to protect historic encrypted traffic against future attacks by quantum computers.<br>
<br>
- <b>Chapter 7</b>: Introduces the Vula protocol, which is a suite of free software tools for automatically protecting network traffic between hosts in the same Local Area Network.<br>
<br>
- <b>Chapter 8</b>: Introduces REUNION, a privacy-preserving rendezvous protocol. <br>
<br>
<br>
In the preface, Appelbaum writes that his thesis is the culmination of more than a decade of research into the topic of surveillance. He expresses a political and activist aim by saying that the "machinery of mass surveillance is simply too dangerous to be allowed to exist" and that "we must use all of the tools in our toolbox – economic, social, cultural, political, and of course, cryptographic – to blind targeted and mass surveillance."<br>
<br>
He says more has to be done than simply criticize surveillance practices. Cryptography for example, "allows for resistance in a non-violent manner to the benefit of everyone except the ones who are spying on us." From this perspective Appelbaum's thesis discusses various cryptographic implementations to "protect individual liberty, while aspiring to a broader goal of achieving societal liberty."<br>
<br>
<a name="new"></a>
<br>
<br>
<font size="+2"><b>New information from the Snowden documents</b></font><br>
<br>
Throughout his thesis, Appelbaum reveals some new information from Snowden documents that has not been published, but which he had access to during his research that resulted in various publications in media outlets like Der Spiegel, NDR and Le Monde. The new information is only described, so no new original documents were released.<br>
<br>
According to Appelbaum: "Many journalists who have worked on the Snowden archive know significantly more than they have revealed in public. It is in this sense that the Snowden archive has almost completely failed to create change: many of the backdoors and sabotage unknown to us before 2013 is still unknown to us today." <font color="gray">(page 71)</font><br>
<br>
Appelbaum also provides some new information about the Snowden documents in general, by saying that The Intercept "closed their Snowden archive and reportedly it has been destroyed." <font color="gray">(page 63, note 17)</font><br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2019/04/the-snowden-files-where-are-they-and.html">The Snowden files: where are they and where should they end up?</a><br>
</div>
<br>
<font size="2">
Below, I provide exact quotes from Appelbaum's thesis, including his sources, which are in square brackets, while I added some additional links for further information.<br>
</font>
<br>
<br>
<b>1. BULLRUN: manipulating protocol security</b><br>
<br>
"How do they accomplish their goals with project <a href="https://en.wikipedia.org/wiki/Bullrun_%28decryption_program%29" target="_blank">BULLRUN</a>? One way is that United States National Security Agency (NSA) participates in Internet Engineering Task Force (IETF) community protocol standardization meetings with the explicit goal of sabotaging protocol security to enhance NSA surveillance capabilities." "Discussions with insiders confirmed what is claimed in as of yet unpublished classified documents from the Snowden archive and other sources." <font color="gray">(page 6-7, note 8)</font><br>
<br>
<br>
<b>2. Selecting entropic internet traffic</b><br>
<br>
"There are various rules governing what is <i>selected</i> for long-term data retention in [the NSA's] <i>corporate repositories</i>. One example is that some traffic which is considered <a href="https://en.wikipedia.org/wiki/Entropy_%28information_theory%29" target="_blank">entropic</a> by a standard Shannon Entropy estimate is <i>selected</i> from the network in real time and saved to a database, preserving it for cryptanalysis using future technology." "This statement is based in part on an analysis of as of yet unpublished <a href="https://en.wikipedia.org/wiki/XKeyscore" target="_blank">XKeyscore</a> source code that performs a Shannon Entropy estimate. Some kinds of Internet traffic that is considered entropic is recorded for later analysis." <font color="gray">(page 9, note 16)</font><br>
<br>
<br>
<b>3. Compromised lawful interception systems</b><br>
<br>
"As part of our research, we uncovered evidence that the telecommunications infrastructure in many countries has been compromised by intelligence services. The Snowden archive includes largely unpublished internal NSA documents and presentations that discuss targeting and exploiting not only deployed, live interception infrastructure, but also the vendors of the hardware and software used to build the infrastructure. Primarily these documents remain unpublished because the journalists who hold them fear they will be considered disloyal or even that they will be legally punished. Only a few are available to read in public today." <font color="gray">(page 41)</font><br>
<br>
"Targeting lawful interception (LI) equipment is a
<a href="https://www.eff.org/nl/document/20150928-intercept-exploiting-foreign-law-intercept-roundtablepdf" target="_blank">known goal</a> of the NSA. Unpublished NSA documents specifically list their compromise of the Russian SORM LI infrastructure as an NSA success story of compromising civilian telecommunications infrastructure to spy on targets within reach of the Russian <a href="https://en.wikipedia.org/wiki/SORM" target="_blank">SORM</a> system." <font color="gray">(page 41)</font><br>
<br>
"The NSA slides have "you talk, we listen" written in Cyrillic on the jackets of two Russian officers." "Review of unpublished Snowden documents about NSA’s activities compromising deployed, lawful interception systems and as well as additional success against the vendors of such hardware or software. Needless to say, a compromised interception system is anything but lawful in the hands of an adversary." <font color="gray">(page 41, note 4)</font><br>
<br>
<br>
<b>4. Compromised computer hardware</b><br>
<br>
"While working on documents in the Snowden archive the thesis author learned that an American fabless semiconductor CPU vendor named <a href="https://en.wikipedia.org/wiki/Cavium" target="_blank">Cavium</a> is listed as a successful SIGINT "enabled" CPU vendor. By chance this was the same CPU present in the thesis author's Internet router (UniFi USG3). The entire Snowden archive should be open for academic researchers to better understand more of the history of such behavior." <font color="gray">(page 71, note 21)</font><br>
<br>
<div class="blockquote">
<b>Update:</b><br>
More information about whether Cavium CPUs may have a backdoor, as well as additional comments by Jacob Appelbaum can be found in an <a href="https://www.computerweekly.com/news/366552520/New-revelations-from-the-Snowden-archive-surface" target="_blank">article</a> published by Computer Weekly on September 19, 2023.<br>
</div>
<br>
<br>
<b>5. PRISM</b><br>
<br>
"The PRISM slide deck was not published in full, and the public does not fully understand aspects of the program such as the retrieval of voice
content data as seen in <a href="https://en.wikipedia.org/wiki/PRISM#/media/File:Prism-slide-7.jpg" target="_blank">Figure 4.24</a>. Domains hosted by PRISM partners are also subject to selector based surveillance. Several pages of the PRISM slides list targets and related surveillance data, and a majority of them appear to be a matter of political surveillance rather than defense against terrorism. One example that is not well-known except among the journalists who had access to the full PRISM slide deck is the explicit naming of targets. An example shows a suggestion for targeting of the Tibetan Government in Exile through their primary domain name. The tibet.net domain is named as an unconventional example that analysts should be aware of as also falling under the purview of PRISM. The email domain was
hosted by Google Mail, a PRISM partner, at the time of the slide deck creation and it is still currently hosted by Google Mail as of early 2022." <font color="gray">(page 76)</font><br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2014/04/what-is-known-about-nsas-prism-program.html">What is known about NSA's PRISM program</a><br>
</div>
<br>
<b>6. MYSTIC: Country X</b><br>
<br>
"<a href="https://en.wikipedia.org/wiki/MYSTIC" target="_blank">MYSTIC</a> was revealed to impact a number of countries by name at the time of publication: the Bahamas, Mexico, the Philippines, Kenya and one
mystery country: country X. The Bahamas, and country X are subject to SOMALGET full take data and voice collection. The publisher WikiLeaks observed that the monitoring of an entire country of people is a crime when done by outside parties, essentially an act of war by the surveillance adversary. WikiLeaks then <a href="https://wikileaks.org/WikiLeaks-statement-on-the-mass.html" target="_blank">revealed</a> that the country in question, Country X, was Afghanistan [<a href="https://cryptome.org/2014/05/nsa-mystic-identity.pdf" target="_blank">Yea14</a>]. Through independent review of the Snowden archive, we confirm that this is the identity of Country X, and that WikiLeaks was correct in their claim." <font color="gray">(page 78)</font><br>
<br>
<font size="2">
(Strangely enough, the source provided by Appelbaum ("<a href="https://cryptome.org/2014/05/nsa-mystic-identity.pdf" target="_blank">Yea14</a>") actually shows that already four days <i>before</i> Wikileaks' revelation, collaborative analysis by Paul Dietrich and the author of this weblog had already pointed to Afghanistan as being Country X. In his bibliography, Appelbaum attributes this source document to "John Young and et al." (the owners of the Cryptome website), while it was actually written by and first published on the <a href="https://web.archive.org/web/20160424142120/https://members.efn.org/~paulmd/" target="_blank">blog</a> of Paul Dietrich)<br>
</font>
<br>
<br>
<b>7. Manipulation of DUAL_EC_DRBG</b><br>
<br>
"Many documents released in public from the Snowden archive and additional documents which are still not public make clear that this type of bug is being exploited at scale with help from NSA’s surveillance infrastructure. It is still unclear who authored the changes at Juniper and if bribery from the NSA was involved as with RSA’s deployment of <a href="https://en.wikipedia.org/wiki/Dual_EC_DRBG" target="_blank">DUAL_EC_DRBG</a> to their customers as is discussed in Section 4.4." <font color="gray">(page 81)</font><br>
<br>
<br>
<b>8. Software backdoors</b><br>
<br>
"Example from the Snowden Archive of an as of yet unreleased backdoor in fielded software that is most certainly not an exclusively exploitable backdoor by NSA. The software’s secret key generation is sabotaged by design to ensure surveillance of the community of interest. There is a corresponding <a href="https://en.wikipedia.org/wiki/XKeyscore" target="_blank">XKeyscore</a> rule that has not yet been published. The goal of that rule is to gather up all ciphertext using this sabotaged system;
it is clearly part of a larger strategy. As a flag in the ground for later, the thesis author presents the following SHA256 hash: [...]. There are additional examples from other sources that this is the general shape of the game being played with more than a few acts of sabotage by the NSA." <font color="gray">(page 83, note 27)</font><br>
<br>
<a name="remarks"></a>
<br>
<br>
<font size="+2"><b>Some corrections and additions</b></font><br>
<br>
Chapter 4 of Appelbaum's thesis is about "The Adversary" and describes a wide range of digital surveillance methods which are used by intelligence agencies. He writes a little a bit about the capabilities of Russia and China, but the biggest part is about the methods of the NSA as revealed through the Snowden documents.<br>
<br>
In general, this chapter is very similar to for example Glenn Greenwald's book <i>No Place to Hide</i> and Snowden's memoir <i>Permanent Record</i> as it reads like a one-sided accusation against the NSA without much context or the latest information. Chapter 4 also contains small errors which could easily have been prevented. Here I will discuss some examples:<br>
<br>
<br>
- Page 20, note 12: "An example is Suite-A cryptography or Type-1 cryptography, so designated by the NSA. The NSA now calls this the Commercial National Security Algorithm Suite (CNSA)"<br>
<br>
> Comment: Actually CNSA isn't the new name for the highly secure <a href="https://en.wikipedia.org/wiki/NSA_Suite_A_Cryptography" target="_blank">Suite A</a>, but for the less secure <a href="https://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography" target="_blank">Suite B</a> algorithms.<br>
<br>
<br>
- Page 41: "The BND and the CIA held secret co-ownership of <a href="https://en.wikipedia.org/wiki/Crypto_AG" target="_blank">CryptoAG</a> until 1993, and then the CIA held sole ownership until 2018. The devices were vulnerable by design, which allowed unaffiliated intelligence services, such as the former USSR’s KGB, and the East German Ministry for State Security [MfS], to independently exploit CryptoAG’s intentional flaws." <br>
<br>
> Comment: This exploitation by the KGB and the MfS was apparently suggested in a German television report, based upon claims by a former Stasi officer, but so far there are no documents that support this claim. See for more information: <a href="https://www.cryptomuseum.com/intel/cia/rubicon.htm" target="_blank">Operation RUBICON</a>.<br>
<br>
<br>
- Page 41: "It does not appear that those party to the Maximator alliance are using their agreement and relative positions to spy on the entire
planet – in stark contrast to the Five-Eyes agreement." <br>
<br>
> Comment: The <a href="https://www.electrospaces.net/2014/09/nsas-foreign-partnerships.html#2ndparty">Five Eyes</a> and especially NSA and GCHQ have massive capabilities, but spying on "the entire planet" is still rather exaggerated: their collection efforts are limited by <a href="https://www.electrospaces.net/2014/09/nsas-strategic-mission-list.html">national priorities</a>, the locations of where they can access satellite and cable traffic, as well as by technical constraints. While the five members of the European Maximator alliance have/had much smaller capabilities, they could nonetheless intercept and decrypt diplomatic communications from over 60 countries where the weakened encryption devices from Crypto AG were used (see the map below).<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2020/05/maximator-and-other-european-sigint.html">Maximator and other European SIGINT alliances</a><br>
</div>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5666wg7lsvggcyOdS9OQQbJFq4wEDr94C1iAojYbrkdT1PNUS_POgKyOpUXVpzEuZ7VFXWG3O7NevTWFI5wpbYO5wLrltnGuIACQ-3gtjegm3gA_zRIPWRx8hQK5C7_fGHhaAfNKBj-A/s1600/crypto+ag+customers.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5666wg7lsvggcyOdS9OQQbJFq4wEDr94C1iAojYbrkdT1PNUS_POgKyOpUXVpzEuZ7VFXWG3O7NevTWFI5wpbYO5wLrltnGuIACQ-3gtjegm3gA_zRIPWRx8hQK5C7_fGHhaAfNKBj-A/s1600/crypto+ag+customers.JPG" width="500" /></a><br>
<font size="2">
The countries that bought and used manipulated Crypto AG devices<br>
<font color="gray">(graphic: The Washington Post - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
- Page 47, note 8: "Narus mass surveillance and analysis systems were deployed by the NSA inside AT&T facilities to intercept all
traffic flowing through their large capacity network cables as documented [<a nohref="" title="Mark Klein and James Bamford. Wiring Up the Big Brother Machine–and Fighting it. BookSurge, 2009">KB09</a>] by whistleblower Mark Klein." <br>
<br>
> Comment: This suggests that the NSA is intercepting American communications, but actually this is part of <a href="https://www.electrospaces.net/2015/09/nsas-legal-authorities.html#upstream">Upstream collection</a>, which is aimed at foreign targets and therefore the NSA <a href="https://www.documentcloud.org/documents/4552325-SSO-NEWS-Relevant-Entries" target="_blank">applies</a> various filter systems to select traffic from countries of interest and discard purely domestic communications.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/08/fairview-collecting-foreign.html" target="_blank">FAIRVIEW: Collecting foreign intelligence inside the US</a><br>
</div>
<br>
- Page 52: "The Foreign Intelligence Surveillance Court (FISC) is largely considered to rubber stamp requests from the FBI. The FBI has routinely misled the FISC, and from the little that is known, the FISC has neither the technical knowledge, nor the general temperament to actually act as a safeguard" <br>
<br>
> Comment: Since the start of the Snowden revelations, numerous Top Secret documents from the FISC have been <a href="https://icontherecord.tumblr.com/tagged/fisc" target="_blank">declassified</a>, showing that the court examines the NSA's activities in great detail. The idea of being a "rubber stamp" is based upon the fact that the FISC denies just 0.5% of the applications, but later it became clear that American criminal courts <a href="https://www.emptywheel.net/2017/06/28/confirmed-the-fisa-court-is-less-of-a-rubber-stamp-than-title-iii-courts/" target="_blank">only deny</a> a tiny 0.06% of the requests for regular (so-called <a href="https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1284" target="_blank">Title III</a>) wiretaps.<br>
<br>
<br>
- Page 53: "The CIA meanwhile, operates their own surveillance capabilities including capabilities that are entirely outside of the
purview of the FISC, even now [<a href="https://www.wyden.senate.gov/news/press-releases/wyden-and-heinrich-newly-declassified-documents-reveal-previously-secret-cia-bulk-collection-problems-with-cia-handling-of-americans-information" target="_blank">cia22</a>]." <br>
<br>
> Comment: At least one of these cases is about the CIA's use of bulk datasets with financial information, which can of course contain information about Americans, but when the CIA obtained them in ways other than by intercepting communications, the FISC simply has no jurisdiction. It's up to lawmakers to impose privacy safeguards for creating and exchanging such bulk datasets. <br>
<br>
<br>
- Page 56: "In the Snowden archive, we see lots of hacking and hacking related programs run by NSA, such as the TURBULENCE [<a href="https://en.wikipedia.org/w/index.php?title=Turbulence_%28NSA%29&oldid=1026069496" target="_blank">Wik21u</a>] program which is made up of modular sub programs [<a href="https://archive.ph/gAojF" target="_blank">Amb13</a>]. Those programs include TURMOIL [<a href="https://arstechnica.com/information-technology/2014/03/nsas-automated-hacking-engine-offers-hands-free-pwning-of-the-world/" target="_blank">Gal14b</a>], TUTELAGE [<a href="https://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409.html" target="_blank">AGG+15a</a>], TURBINE [<a href="https://theintercept.com/2014/03/12/nsa-plans-infect-millions-computers-malware/" target="_blank">GG14</a>, <a href="https://en.wikipedia.org/w/index.php?title=TURBINE_%28US_government_project%29&oldid=950962842" target="_blank">Wik20d</a>], TRAFFICTHIEF [<a href="https://en.wikipedia.org/w/index.php?title=TRAFFICTHIEF&oldid=986162796" target="_blank">Wik20c</a>], and XKeyscore [<a href="https://www.theguardian.com/%20world/2013/jul/31/nsa-top-secret-program-online-data" target="_blank">Gre13d</a>, <a href="https://www.spiegel.de/media/6442ce11-0001-0014-0000-000000034757/media-34757.pdf" target="_blank">Unk13</a>, <a href="https://daserste.ndr.de/panorama/xkeyscorerules100.txt" target="_blank">AGG+14b</a>, <a href="https://nsa.gov1.info/dni/xkeyscore.html." target="_blank">Unk15a</a>] as shown in Figure 4.12 and Figure <a href="https://commons.wikimedia.org/wiki/File:Xkeyscore-worldmap.jpg" target="_blank">4.13</a>, as well as data that was pilfered during those break-ins." <br>
<br>
> Comment: This suggests that TURBULENCE and its sub-programs are about hacking operations, but actually, TURBULENCE is <a href="https://grid.glendon.yorku.ca/items/show/156" target="_blank">defined</a> as "a next generation mission environment that <a href="https://theintercept.com/document/2018/06/25/sso-dictionary-relevant-entries/" target="_blank">created</a> a unified system for MidPoint and Endpoint SIGINT", or in other words, an overarching framework for bulk and targeted tapping systems. Only the TURBINE sub-program can automatically <a href="https://arstechnica.com/information-technology/2014/03/nsas-automated-hacking-engine-offers-hands-free-pwning-of-the-world/" target="_blank">trigger</a> the implantation of malware into target computer systems. Furthermore, none of the sources mentioned in the thesis indicate that XKEYSCORE is a sub-program of TURBULANCE and XKEYSCORE is not a hacking tool either. A detailed explanation of the TURBULENCE system is given in an <a href="https://robert.sesek.com/2014/9/unraveling_nsa_s_turbulence_programs.html" target="_blank">article</a> by Robert Sesek, which was apparently not consulted by Appelbaum.<br>
<br>
<br>
- Page 72: "US-984XN is the classified <a href="https://www.electrospaces.net/p/sigint.html">SIGAD</a> while the program name PRISM is unclassified"<br>
<br>
> Comment: There are no indications that "PRISM" is less secret than any other coverterm which the NSA uses for its collection, processing and analysis programs. That was likely also the reason that the big internet companies involved in this program initially <a href="https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data" target="_blank">denied</a> that they had ever heard of something called PRISM.<br>
<br>
<br>
- Page 91: "the NSA's Equation Group (EQGRP), which was later renamed Tailored Access Operations (TAO)"<br>
<br>
> Comment: The name <a href="https://en.wikipedia.org/wiki/Equation_Group" target="_blank">Equation Group</a> was actually <a href="https://web.archive.org/web/20150217023145/https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf" target="_blank">coined</a> in February 2015 by the Russian cybersecurity firm Kaspersky for "one of the most sophisticated cyber attack groups in the world". Later on it <a href="https://arstechnica.com/information-technology/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/" target="_blank">became clear</a> that this group was part of the NSA's hacking division TAO.<br>
<br>
<br>
Given how many aspects of the NSA's operations Appelbaum mentions in chapter 4 of his thesis, one could say that it's inevitable that some mistakes are made and some sloppiness occurs. On the other hand, however, this is an academic publication for which the highest standards of accuracy should apply. <br>
<br>
<br>
Finally, Appelbaum's activism is illustrated by the back cover of his thesis, which shows a logo very similar to that of the German terrorist organization <a href="https://en.wikipedia.org/wiki/Red_Army_Faction" target="_blank"><i>Rote Armee Fraktion</i></a> (RAF) from the 1970s, except that the original image of an AK-45 is replaced by that of a computer keyboard:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiy4lkUk-akfN2uYBkPt5xPKu8TAXreBfRyr4aFDGMzIf6PLadDxdeccI5Aq8OcS8gKsuaiI_H0PwwIEpGf5QV2CLvUj3yXrM4DvNWq8SN8e-STsA-4uih8Ky2f8Fy7FaehIBiYNWrCMToJcpgdMuYdrRym__eVoPKS-gcjx_oDlY2xhdiiqsLebh_H/s489/appelbaum-thesis-backcover.jpg" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" height="320" data-original-height="489" data-original-width="350" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiy4lkUk-akfN2uYBkPt5xPKu8TAXreBfRyr4aFDGMzIf6PLadDxdeccI5Aq8OcS8gKsuaiI_H0PwwIEpGf5QV2CLvUj3yXrM4DvNWq8SN8e-STsA-4uih8Ky2f8Fy7FaehIBiYNWrCMToJcpgdMuYdrRym__eVoPKS-gcjx_oDlY2xhdiiqsLebh_H/s320/appelbaum-thesis-backcover.jpg"/></a></div>
<br>
<br>
<br>
Comments at <a href="https://news.ycombinator.com/item?id=37562225" target="_blank">Hacker News</a> and <a href="https://www.schneier.com/blog/archives/2023/09/new-revelations-from-the-snowden-documents.html" target="_blank">Schneier on Security</a><br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com8tag:blogger.com,1999:blog-4559002410879446409.post-43448203643386355022023-06-06T10:16:00.146+02:002024-03-05T11:23:06.733+01:00On the 10th anniversary of the Snowden revelations<div align="right"><font size="2" color="gray">(Updated: September 6, 2023)</font></div>
<br>
To mark the 10-year anniversary of the start of the Snowden revelations I will look back at some of the most notable disclosures and how they developed, based upon the most recent books and the numerous blog posts I have written here. Still, it should be noted that this overview is not a complete coverage of this wide-ranging topic.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyhZ8oMTZBwed-5n7dMj4FYGxNBxrR8NfDPbzx9Te6eeni5ePQDuNKSVPKfGm1TYMJTToHO19ZFzFVvLPJrgJ_yXPPbT06cJrAE7Nr2F5B_NoWy7aHGgdxlD6xqDPf4yy19JIbBk2TfBVZPPoiojdk039bRHMtNCmkzUuznUDeE24c_tEwqEhFaFH7/s800/10yearsnowden-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="650" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyhZ8oMTZBwed-5n7dMj4FYGxNBxrR8NfDPbzx9Te6eeni5ePQDuNKSVPKfGm1TYMJTToHO19ZFzFVvLPJrgJ_yXPPbT06cJrAE7Nr2F5B_NoWy7aHGgdxlD6xqDPf4yy19JIbBk2TfBVZPPoiojdk039bRHMtNCmkzUuznUDeE24c_tEwqEhFaFH7/s600/10yearsnowden-header.jpg"/></a></div>
<br>
<br>
<div align="center" class="hidemobile">
<a href="#books">Books and archives</a> <a href="#incentives">Incentives</a> <a href="#documents">The documents</a> <a href="#nonsnowden">Non-Snowden leaks</a><br>
<br>
<a href="#section215">The Section 215 program</a> <a href="#prism">The PRISM program</a> <a href="#overcollection">Overcollection</a><br>
<br>
<a href="#mission">The Mission List</a> <a href="#friends">Spying among friends</a> <a href="#backdoor">Backdoor tapping Google</a><br>
<br>
<a href="#boundless">BOUNDLESSINFORMANT</a> <a href="#truth">Truth</a> <a href="#conclusion">Conclusion</a><br>
</div>
<div align="center" class="hidedesktop">
<a href="#books">Books and archives</a> <a href="#incentives">Incentives</a><br>
<br>
<a href="#documents">The documents</a> <a href="#nonsnowden">Non-Snowden leaks</a><br>
<br>
<a href="#section215">Section 215</a> <a href="#prism">PRISM</a><br>
<br>
<a href="#overcollection">Overcollection</a> <a href="#mission">The Mission List</a><br>
<br>
<a href="#friends">Spying among friends</a> <a href="#backdoor">Backdoor tapping</a><br>
<br>
<a href="#boundless">BOUNDLESSINFORMANT</a> <a href="#truth">Truth</a><br>
<br>
<a href="#conclusion">Conclusion</a><br>
</div>
<br>
<a name="books"></a>
<br>
<br>
<font size="+2"><b>Books and archives</b></font><br>
<br>
Between June 2013 and May 2019, the Snowden revelations resulted in over 200 press reports and more than 1200 classified documents published in full or in part. Additionally, The Intercept published 2148 editions of the NSA's internal newsletter <a href="https://theintercept.com/snowden-sidtoday/" target="_blank">SIDtoday</a>. In total, that may be well over 5000 pages.<br>
<br>
A collection that allows a useful visual recognition of the documents was found on the private website <a href="https://web.archive.org/web/20230220194734/https://nsa.gov1.info/dni/2020/index.html" target="_blank">IC Off the Record</a>, while text searches are possible at the <a href="https://grid.glendon.yorku.ca/exhibits/show/welcome-to-the-snowden-digital" target="_blank">Snowden Archive</a> which is a collaboration between Canadian Journalists for Free Expression (CJFE) and the University of Toronto. A private collection of the documents is also available at <a href="https://github.com/iamcryptoki/snowden-archive" target="_blank">GitHub</a>.<br>
<br>
There are also at least 12 <a href="https://www.electrospaces.net/p/books.html#snowden">books about the Snowden revelations</a>. Glenn Greenwald's <i>No Place To Hide</i> from 2014 reads like a pamphlet against perceived mass surveillance. A much more factual overview can be found in <i>Der NSA Komplex</i>, which is also published in 2014 and written by two journalists from Der Spiegel, but unfortunately only available in German.<br>
<br>
Detailed insights into the political and legal background of the NSA's collection programs are provided in Timothy Edgar's <i>Beyond Snowden</i> from 2017, which is in contrast to Snowden's own memoir <i>Permanent Record</i> from 2019, which leaves more questions than answers.<br>
<br>
Finally, there's also the long-awaited book <i>Dark Mirror</i> by Washington Post journalist Barton Gellman, which was published in 2020 and offers some important new angles to the initial stories told by Snowden and Greenwald.<br>
<br>
<div align="right">
> See also my review of Permanent Record: <a href="https://www.electrospaces.net/2019/11/review-of-snowdens-book-permanent.html">Part I: at the CIA</a> - <a href="https://www.electrospaces.net/2019/12/review-of-snowdens-book-permanent.html">Part II: at the NSA</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhhtqJPTdbbQy4xiU_ry0G6brToakH7JMt1iDp1_smof7c6BOkXQ17WfJKTCTbT8H9FiCny4qPwqaior9yBUbj0RuI_QiBH0fqdy8cHuKD7IocRbpLR9tpstHvsNxtThbA5kyEhJUJjMeOpqxFQP7OqMLkf2MndGaJFBVEuKdRcCUisXuIJEe47c0Eb=s800" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/a/AVvXsEhhtqJPTdbbQy4xiU_ry0G6brToakH7JMt1iDp1_smof7c6BOkXQ17WfJKTCTbT8H9FiCny4qPwqaior9yBUbj0RuI_QiBH0fqdy8cHuKD7IocRbpLR9tpstHvsNxtThbA5kyEhJUJjMeOpqxFQP7OqMLkf2MndGaJFBVEuKdRcCUisXuIJEe47c0Eb=s800" width="500" /></a></div>
<br>
<a name="incentives"></a>
<br>
<br>
<font size="+2"><b>Incentives</b></font><br>
<br>
Some people assume that Snowden is a spy who worked for Russian intelligence, but nowadays, requests for information come from transparency activists as well. Wikileaks' wiki-page titled <a href="https://web.archive.org/web/20090619014040/https://wikileaks.org/wiki/Draft:The_Most_Wanted_Leaks_of_2009" target="_blank">The Most Wanted Leaks of 2009</a> may have inspired Manning to search for information on SIPRNet and to download hundreds of thousands of military and diplomatic reports.<br>
<br>
Likewise, the incentive for Snowden may have come from the news program <a href="https://en.wikipedia.org/wiki/Democracy_Now!" target="_blank">Democracy Now!</a>, in which on April 20, 2012, former NSA crypto-mathematician Bill Binney, documentary filmmaker Laura Poitras and hacktivist Jacob Appelbaum were interviewed by Amy Goodman (a full transcript can be found <a href="https://www.bibliotecapleyades.net/sociopolitica/sociopol_nsa05.htm" target="_blank">here</a>).<br>
<br>
In the program, Binney claimed that after 9/11 "all the wraps came off for NSA, and they decided to eliminate the protections on U.S. citizens and collect on domestically". <br>
<br>
Appelbaum <a href="https://www.democracynow.org/2012/4/20/we_do_not_live_in_a?autostart=true" target="_blank">repeated</a> what he said at the <a href="https://en.wikipedia.org/wiki/Hackers_on_Planet_Earth" target="_blank">HOPE</a> conference in 2010: "I feel that people like Bill need to come forward to talk about what the U.S. government is doing, so that we can make informed choices as a democracy" - which is exactly what Snowden would do: leaking documents because "<i>the public</i> needs to <a href="https://youtu.be/0hLjuVyIIrs?t=300" target="_blank">decide</a> whether these programs and policies are right or wrong."<br>
<br>
Later that day, Binney and Appelbaum spoke at a "Surveillance Teach-In" in the Whitney Museum, where Appelbaum emphasized that disclosing secret information is also important for privacy and civil liberties organizations: because of a lack of hard evidence and concrete harm it was almost impossible for them to fight NSA surveillance in court.<br>
<br>
<br>
<div align="center">
<iframe width="500" height="300" src="https://www.youtube.com/embed/s976iyaO39A" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe><br>
<font size="2">
Binney and Appelbaum at the Surveillance Teach-In on April 20, 2012<br>
</font>
</div>
<br>
<br>
<b>Whistleblowing?</b><br>
<br>
Just a month earlier, Snowden had started a <a href="https://www.electrospaces.net/2019/12/review-of-snowdens-book-permanent.html#sysadmin">new job</a> as a SharePoint systems administrator at the NSA's <a href="https://www.electrospaces.net/2019/06/the-nsas-regional-cryptologic-centers.html">regional cryptologic center</a> in the Kunia Tunnel complex in Hawaii. There, he began automating his tasks to free up time for something more interesting, which he describes in <i>Permanent Record</i>:<br>
<br>
<div class="blockquote">
"I want to emphasize this: my active searching out of NSA abuses began not with the copying of documents, but with the reading of them. My initial intention was just to confirm the suspicions that I'd first had back in 2009 in Tokyo. Three years later I was determined to find out if an American system of mass surveillance existed and, if it did, how it functioned." <a nohref title="Edward Snowden, Permanent Record, p. 214-215">*</a><br>
</div>
<br>
With this, Snowden basically admits that he isn't a whistleblower: he wasn't confronted with illegal activities or significant abuses and subsequently secured evidence of that, but acted the other way around, by first gathering as much information he could get and then look whether there was something incriminating in it.<br>
<br>
In his memoir, Snowden doesn't come up with concrete misconducts or other things that could have triggered his decision to hand the files over to journalists. He even omits almost all the disclosures made by the press, which makes that<i> Permanent Record</i> contains hardly anything that justifies his unprecedented data theft.<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5NFYc_YNpfZ5Ho9kl4FHRWDAUK3g5APRfyBb_fVrnMP677lNZ6EXkpBIkb4Av0r7vlnrQobu674PVC2ill_N5Ij_SQwN7yHAvi42_JTuqjsyYARqKE_VdYeNpPssK153UDECIUMKV2fo/s1600/nsa-kunia-pict86.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5NFYc_YNpfZ5Ho9kl4FHRWDAUK3g5APRfyBb_fVrnMP677lNZ6EXkpBIkb4Av0r7vlnrQobu674PVC2ill_N5Ij_SQwN7yHAvi42_JTuqjsyYARqKE_VdYeNpPssK153UDECIUMKV2fo/s1600/nsa-kunia-pict86.jpg" width="500" /></a><br>
<font size="2">
The tunnel entrance to the former Kunia Regional Security Operations Center<br>
in Hawaii, where Snowden worked from March 2012 to March 2013<br>
<font color="gray">(photo: NSA - click to enlarge)</font><br>
</font>
</div>
<br>
<a name="documents"></a>
<br>
<br>
<font size="+2"><b>The documents</b></font><br>
<br>
The actual number of documents which Snowden eventually exfiltrated from the NSA has never been clarified. According to the 2016 <a href="https://fas.org/irp/congress/2016_rpt/hpsci-snowden.pdf" target="_blank">report</a> from the US House Intelligence Committee, Snowden removed more than 1.5 million documents from NSANet and the JWICS intelligence network.<br>
<br>
Glenn Greenwald repeatedly <a href="https://theintercept.com/2014/05/08/keith-alexander-unplugged-bushobama-matters/" target="_blank">said</a> that number was "pure fabrication" and he could probably agree with former NSA director Keith Alexander who in November 2013 estimated that Snowden had <a href="https://technical.ly/baltimore/2013/11/01/surveillance-necessary-hornets-nest-nsa-director-keith-alexander/" target="_blank">exposed</a> only between 50,000 and 200,000 documents.<a href="https://rumble.com/v2sgyx2-snowden-revelations-10-year-anniversary-glenn-greenwald-speaks-with-snowden.html" target="_blank" title="As of 10:55 Greenwald speaks about hundreds of thousands of documents">*</a><br>
<br>
According to Barton Gellman, Snowden provided him and Laura Poitras with an encrypted archive of documents called "Pandora" on May 21, 2013. This archive was 8 gigabytes and contained over 50,000 separate documents, all neatly organized in folders.<a nohref title="Barton Gellman, Dark Mirror, p. 22-27">*</a><br>
<br>
Poitras gave Greenwald a copy of the Pandora archive just before they boarded their flight to Hong Kong on June 1. There, Snowden <a href="https://archive.is/Evmoi" target="_blank">gave</a> Ewen MacAskill from The Guardian some 50,000 documents about GCHQ and handed over all the remaining files to Greenwald and Poitras, who are the <a href="https://www.rollingstone.com/culture/culture-news/snowden-and-greenwald-the-men-who-leaked-the-secrets-104970/" target="_blank">only ones</a> with a complete set. Other media outlets only got partial sets of documents.<br>
<br>
Greenwald's cache eventually ended up at <a href="https://en.wikipedia.org/wiki/The_Intercept" target="_blank">The Intercept</a>, the online news outlet he co-founded with Jeremy Scahill and Laura Poitras in 2014 to report about the Snowden documents. In March 2019, however, The Intercept closed its Snowden archive and <a href="https://mmm.verdi.de/beruf/snowden-und-die-grosse-datenmisshandlung-89797" target="_blank">reportedly</a> destroyed it. <br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2019/04/the-snowden-files-where-are-they-and.html">The Snowden files: where are they and where should they end up?</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQefq4RKe190Yv_uoPPOwjj4vdQudPft-6HBg_S5USvFDNrkW3nC8YJKaJN2-XmxoEHLlytfQG7FzRNydeT8Ckl4Fcu0sMNoAh7plPX8bKlKlyOmLhPxdVDK_iEwMBjG25yVffC8vjTVg/s1600/snowdenfiles-treucrypt.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQefq4RKe190Yv_uoPPOwjj4vdQudPft-6HBg_S5USvFDNrkW3nC8YJKaJN2-XmxoEHLlytfQG7FzRNydeT8Ckl4Fcu0sMNoAh7plPX8bKlKlyOmLhPxdVDK_iEwMBjG25yVffC8vjTVg/s1600/snowdenfiles-treucrypt.png" width="550" /></a><br>
<font size="2">
Screenshot from a Brazilian television report, showing some of the Snowden files<br>
opened in a TrueCrypt window on the laptop of Glenn Greenwald.<br>
<font color="gray">(screenshot by koenrh - click to enlarge)</font>
</font>
</div>
<br>
<a name="nonsnowden"></a>
<br>
<br>
<font size="+2"><b>Non-Snowden leaks</b></font><br>
<br>
In a message to Gellman, Snowden said that "he was not resigned to life in prison or worse. He wanted to show other whistleblowers that there could be a happy ending".<a nohref title="Barton Gellman, Dark Mirror, p. 129">*</a> Later, whistleblower attorney Jesselyn Radack <a href="https://abcnews.go.com/blogs/headlines/2013/10/more-nsa-leakers-followed-snowdens-footsteps-whistleblower-lawyer-says" target="_blank">hoped</a> that "courage is contagious, and we see more and more people from the NSA coming through our door after Snowden made these revelations."<br>
<br>
And indeed, other sources started to leak documents to the press. The first one was a so-called tasking record showing that the NSA had targeted the non-secure cell phone of German chancellor Angela Merkel. This was <a href="https://www.spiegel.de/politik/deutschland/nsa-merkel-beschwert-sich-bei-obama-a-929636.html" target="_blank">revealed</a> by Der Spiegel on October 23, 2013, which is less than five months after the start of Snowden's revelations. <br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2014/12/update-on-tapping-german-chancellor.html">Update on tapping German chancellor Merkel's phone</a><br>
</div>
<br>
The second leaked document that wasn't attributed to Snowden was just as spectacular: the <a href="https://web.archive.org/web/20230417173112/https://nsa.gov1.info/dni/nsa-ant-catalog/index.html" target="_blank">ANT product catalog</a> with a range of sophisticated spying gadgets from the NSA's hacking division TAO. This catalog was also published by Der Spiegel and <a href="https://www.youtube.com/watch?v=dy3-QZLTpbQ" target="_blank">discussed</a> by Jacob Appelbaum during the <a href="https://en.wikipedia.org/wiki/Chaos_Communication_Congress" target="_blank">CCC</a> on December 30, 2013.<br>
<br>
Initially, hardly anyone noticed that these documents didn't come from Snowden, and so a mysterious "second source" was able to publish files that were sometimes even more embarrassing and damaging than those from the Snowden trove, like intercepted conversations from foreign government leaders.<br>
<br>
Later, other piggybackers who called themselves <a href="https://en.wikipedia.org/wiki/The_Shadow_Brokers" target="_blank">The Shadow Brokers</a> leaked highly sensitive information about NSA hacking tools. The sources of these leaks have never been identified, although it's often <a href="https://www.schneier.com/blog/archives/2023/06/snowden-ten-years-later.html" target="_blank">assumed</a> that Russian intelligence was behind it. Snowden never addressed these other leaks, nor distanced himself from them.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/12/leaked-documents-that-were-not.html">Leaked documents that were not attributed to Snowden</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkCyHUb_BGhVxifGxmJC9KyS4-nUTSqdn_1QGquEpSDOvpu8W2LQshWBcvDCj2NKwn28dj5Z3CETbwJx3IHnr-s2O74seOssAddO56xsgdgsl5KjoNQtBSfR66JTBWmDMyK9hBmBvhvRU/s1600/wikileaks-france-nsa-comint-gamma.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkCyHUb_BGhVxifGxmJC9KyS4-nUTSqdn_1QGquEpSDOvpu8W2LQshWBcvDCj2NKwn28dj5Z3CETbwJx3IHnr-s2O74seOssAddO56xsgdgsl5KjoNQtBSfR66JTBWmDMyK9hBmBvhvRU/s1600/wikileaks-france-nsa-comint-gamma.jpg" title="NSA intelligence report about an intercepted conversation between François Hollande and Jean-Marc Ayrault" width="500"></a><br>
<font size="2">
NSA report about an intercepted conversation of French president Hollande.<br>
Leaked by an unknown source and published by Wikileaks in 2015<br>
<font color="gray">(click to enlarge)</font><br>
</font></div>
<br>
<a name="section215"></a>
<br>
<br>
<font size="+2"><b>The Section 215 program</b></font><br>
<br>
The very first disclosure of a document that did come from Snowden was the <a href="https://www.theguardian.com/world/interactive/2013/jun/06/verizon-telephone-data-court-order" target="_blank">Verizon order</a> of the Foreign Intelligence Surveillance Court (FISC). This court convenes behind closed doors and is often, but <a href="https://www.emptywheel.net/2017/06/28/confirmed-the-fisa-court-is-less-of-a-rubber-stamp-than-title-iii-courts/" target="_blank">injustly</a> referred to as a "rubber stamp". The order was <a href="https://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order" target="_blank">published</a> by The Guardian on June 6, 2013.<br>
<br>
The Verizon order showed that the NSA was collecting domestic telephone metadata under the so-called <a href="https://www.electrospaces.net/2015/09/nsas-legal-authorities.html#215">Section 215</a> program. In the US, this became the most controversial issue and initially it seemed to confirm cryptic public warnings by US senators Ron Wyden and Mark Udall, as well as the aforementioned claims by Bill Binney about domestic mass surveillance.<br>
<br>
In reaction, Director of National Intelligence (DNI) James Clapper started an unprecedented declassification effort and released numerous FISC and NSA documents about the Section 215 program on a newly created Tumblr site called <a href="https://icontherecord.tumblr.com/" target="_blank">IC On the Record</a>. <br>
<br>
<br>
<b>Misunderstanding</b><br>
<br>
This was meant to clarify a central misunderstanding: the fact that the NSA collects data inside the US doesn't mean they are spying on Americans. The NSA is still focused on foreign targets, but because they are using American internet services, it proved to be fruitful to intercept their data not only abroad, but at telecoms and internet companies inside the US as well (the "home field advantage").<br>
<br>
Accordingly, the purpose of the Section 215 program was to find out whether foreign terrorists were in contact with unknown conspirators inside the US, which was one of the failures that could have prevented the attacks of 9/11.<br>
<br>
Therefore, the only thing the domestic telephone records were used for was simple contact chaining: NSA started with a phone number of a foreign terrorist and then the MAINWAY system presented the (foreign and domestic) phone numbers with which that initial number had been in contact with, as well as the numbers they, in their turn had been in contact with, the so-called "second hop":<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoi7jzUJ2atosx9SoP5N02hnVgGUm_mzKse3D_BrnQ5bkInZKVjXVognDfOLHbhHGIeLl2uMF0ylYpSMDR3nfaxAuckz5o3DBueAlNAGlFUbiO-sYrr0eSsCj2TaiO1uBTJmNeTsrLL0g/s1600/contact-chaining-federated2.jpg" width="500" title="Federated contact chaining queries including domestic and foreign phone call records"></div>
<div align="center">
<font size="2">
Explanation: <a href="https://www.electrospaces.net/2016/02/how-nsa-contact-chaining-combines.html">How NSA contact chaining combines domestic and foreign phone records</a><br>
</font>
</div>
<br>
<br>
In 2012, the NSA used 288 phone numbers as a "seed" for such a contact chaining query, <a href="https://www.npr.org/templates/transcript/transcript.php?storyId=261079074?storyId=261079074" target="_blank">resulting</a> in 6000 phone numbers that analysts actually looked at. When this led to a suspicious American phone number, the NSA passed it on to the FBI for further investigation.<br>
<br>
This true purpose of the domestic metadata collection was clearly laid out in a <a href="https://documents.pclob.gov/prod/Documents/OversightReport/cf0ce183-7935-4b06-bb41-007d1f437412/215-Report_on_the_Telephone_Records_Program%20-%20Completed%20508%20-%2011292022.pdf" target="_blank">public report</a> which the independent Privacy and Civil Liberties Oversight Board (PCLOB) published in January 2014. The PCLOB found "no instance in which the program directly contributed to the discovery of a previously unknown terrorist plot", but Section 215 was of some value as it offered additional leads and could show that foreign terrorist plots had <i>no</i> US nexus.<br>
<br>
Although these domestic telephone records were not used to spy on Americans, and the FISC limited their retention to 5 years and prohibited the collection of location data, many people would not like to have them in an NSA database because of what Binney and Snowden called the possibility of a "turnkey tyranny".<a nohref title="Barton Gellman, Dark Mirror, p. 143">*</a><br>
<br>
The publication of the Verizon order did not only make the general public aware of the Section 215 program, but also gave civil liberty organizations standing in court, which fulfilled Jacob Appelbaum's wish from the 2012 Surveillance Teach-In.<br>
<br>
Meanwhile there have been two cases in which a Circuit Court of Appeals ruled about the Section 215 program. They both found that the bulk collection of metadata exceeded the scope of Section 215 of the <a href="https://en.wikipedia.org/wiki/Patriot_Act" target="_blank">Patriot Act</a> (because the actual practice hadn't been foreseen by lawmakers, although they had been briefed about it later). The courts didn't decide on whether the program was constitutional or not.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2020/09/about-legality-and-constitutionality-of.html">About the legality and constitutionality of the Section 215 metadata program</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://www.theguardian.com/world/interactive/2013/jun/06/verizon-telephone-data-court-order" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqLx2PNvBL112Eo7gYGDtNPiOwc5yPpW8yRTApilS-BOB1f59P-Im-gTAcZgc4O0MZEHHJ2I37QyvMPvL2I_u6meVOz3Doj1Lya-J_wh5UD9hzFDc9I5zVecRf6kE_RFU5BNl31pcDucA/s1600/verizon-order.JPG" width="500" /></a><br>
<font size="2">
The first page of the Verizon order from April 25, 2013<br>
<font color="gray">(click for the full document)</font><br>
</font>
</div>
<br>
<a name="prism"></a>
<br>
<br>
<font size="+2"><b>The PRISM program</b></font><br>
<br>
One day after the publication of the Verizon order, The Guardian and The Washington Post revealed the PRISM program, which became
synonymous for an all encompassing NSA spying system, just like <a href="https://en.wikipedia.org/wiki/ECHELON" target="_blank">ECHELON</a> was before.<br>
<br>
In his book <i>Dark Mirror</i>, Barton Gellman tells a different story than Greenwald did in <i>No Place to Hide</i>. Greenwald presented himself as the one who was chosen by Snowden to lead the revelations and claimed that he and Laura Poitras were working with Snowden since February 2013, while Gellman only got "some documents" and that Snowden was angry about the fear-driven approach of The Washington Post.<a nohref title="Glenn Greenwald, No Place to Hide, p. 54-57">*</a><br>
<br>
According to Gellman, the opposite was the case: on January 31, 2013, Laura Poitras already asked him for advice and on May 7, they agreed to work together. She introduced Gellman to her source, who still called himself Verax, and they started encrypted chat conversations. On May 20, Snowden sent them the full PRISM presentation, after which they signed a contract with The Washington Post on May 24.<a nohref title="Barton Gellman, Dark Mirror, p. 8-11 & 138-139">*</a><br>
<br>
But Snowden was under severe time pressure and urged Gellman to rapidly publish the full PRISM presentation, which he had signed with a <a href="https://en.wikipedia.org/wiki/Digital_signature" target="_blank">digital signature</a> associated with his Verax alter ego. Only gradually did Gellman realize the implications of this. Snowden's plan was to ask political asylum at a foreign <a href="https://en.wikipedia.org/wiki/Consular_missions_in_Hong_Kong" target="_blank">diplomatic mission</a> in Hong Kong, where he wanted to use the cryptographic signature to identify himself as the source of the PRISM document (and didn't rule out to "provide raw source material to a foreign government").<a nohref title="Barton Gellman, Dark Mirror, p. 129">*</a><br>
<br>
As a journalist, Gellman protected the identity of his source, but publishing the digitally signed PRISM presentation would make him and The Washington Post complicit in Snowden's flight from American law. After consulting Poitras, Gellman decided not to do so. On May 27, Snowden withdrew the exclusive right for the Washington Post and turned to Greenwald, who until that moment didn't know who Snowden was, nor had seen any of the documents.<a nohref title="Barton Gellman, Dark Mirror, p. 128-139">*</a><br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhX45CGpN-XyA5YkNbp3T9oyNeT6b-FFPt-mTIGBN4byZLcbL7ptqa-q2C92gMUEtsuF-PtA5MiTYCrn9VVn9LrjGmm_lyjrHpbsd25LKjHEjhjjQt3TSeYKSUmxkkpURjSmN36rwrlOas/s1600/prism-01-combined.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhX45CGpN-XyA5YkNbp3T9oyNeT6b-FFPt-mTIGBN4byZLcbL7ptqa-q2C92gMUEtsuF-PtA5MiTYCrn9VVn9LrjGmm_lyjrHpbsd25LKjHEjhjjQt3TSeYKSUmxkkpURjSmN36rwrlOas/s1600/prism-01-combined.jpg" width="450"></a></div>
<br>
<br>
When Greenwald finally managed to get <a href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy" target="_blank">PGP</a> working, Snowden sent him a zip-file with some 25 documents, including the 41-slide PRISM presentation. Greenwald started writing his own story about PRISM, which was <a href="https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data" target="_blank">published</a> by The Guardian on June 6, 2013.<a nohref title="Glenn Greenwald, No Place To Hide, p. 18-20 & 75-76">*</a> Just one hour earlier, The Washington Post had <a href="http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html" target="_blank">released</a> its own PRISM story.<br>
<br>
The most controversial part of these stories was the claim that "the National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants", which those companies vigorously denied.<br>
<br>
That "direct access" was taken from one of the slides, but it's unclear why both Gellman and Greenwald stuck to the most simple interpretation of it. Fact is that they had access to the extensive accompanying speaker's notes, which clearly said: "PRISM access is 100% dependent on ISP provisioning".<a nohref title="Barton Gellman, Dark Mirror, p. 119 & 124">*</a><br>
<br>
They also had all the other PRISM slides, including two that were published later on, which also show that the FBI is in between the NSA and the internet companies:
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOfMb1JnMhSPcS4ME0Yk6J0JhKR01-MolGISaHfW4u-MTd1lZr1So-WKTHFDcnotVVfQ0wU10ZdPIwQ51q5A84uyaZiyY0w1ktyUNlzXJ05aHzIkWOIa1yoweNU-9Cim-Ie4stZJ5aYpo/s1600/prism-14a.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOfMb1JnMhSPcS4ME0Yk6J0JhKR01-MolGISaHfW4u-MTd1lZr1So-WKTHFDcnotVVfQ0wU10ZdPIwQ51q5A84uyaZiyY0w1ktyUNlzXJ05aHzIkWOIa1yoweNU-9Cim-Ie4stZJ5aYpo/s1600/prism-14a.jpg" width="450"></a></div>
<div align="center">
<font size="2">
PRISM-slide published by <a href="http://www.lemonde.fr/technologies/article/2013/10/21/france-in-the-nsa-s-crosshair-wanadoo-and-alcatel-targeted_3499739_651865.html" target="_blank">Le Monde</a> on October 22, 2013<br>
</font>
</div>
<br>
<br>
In July 2014, the Privacy and Civil Liberties Oversight Board (PCLOB) published an extensive <a href="https://documents.pclob.gov/prod/Documents/OversightReport/ba65702c-3541-4125-a67d-92a7f974fc4c/702-Report-2%20-%20Complete%20-%20Nov%2014%202022%201548.pdf" target="_blank">public report</a> about PRISM as well, which confirms that individual selectors (like a target's e-mail address) are sent to internet companies, which are "compelled to give the communications sent to or from that selector to the government." According to the report, PRISM "has proven valuable in the government’s efforts to combat terrorism as well as in other areas of foreign intelligence."<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2014/04/what-is-known-about-nsas-prism-program.html">What is known about NSA's PRISM program</a><br>
</div>
<br>
In <i>Dark Mirror</i>, Gellman admits: "In retrospect, I do not love the way I wrote the [PRISM] story. I knew a lot less then than I learned later, with more time in the documents and many more interviews". A well-informed source told him that the systems of a company like Facebook are too complex to let the NSA plug in a cable. Only Facebook knows how to pull things out, which they can then hand over upon a valid request.<a nohref title="Barton Gellman, Dark Mirror, p. 124 & 148">*</a> Google <a href="https://eu.usatoday.com/story/money/business/2013/06/12/google-nsa-servers-secure-ftp/2416181/" target="_blank">did</a> that through secure <a href="https://en.wikipedia.org/wiki/File_Transfer_Protocol" target="_blank">FTP</a> transfers and in person.<br>
<br>
Another interesting addition provided by Gellman is about the date of the PRISM presentation, April 2013, which is less than one and a half months before Snowden left the NSA:<br>
<br>
<div class="blockquote">
"Nothing Snowden had seen until now better suited his plan. He had been talking to Poitras for three months, but he still did not feel confident that his disclosures would seize attention from a public that had seldom responded strongly to privacy warnings. Most of the NSA programs that worried him were legally and technically intricate, not easy to explain. He needed examples that ordinary people would recognize. Along came [the PRISM] presentation, festooned at the top of every slide with iconic logos from the best-known Internet companies in the world. "PRISM hits close to people's hearts", he told me."<a nohref title="Barton Gellman, Dark Mirror, p. 120">*</a><br>
</div>
<br>
<a name="overcollection"></a>
<br>
<br>
<font size="+2"><b>Overcollection</b></font><br>
<br>
While PRISM is no mass surveillance, but targeted collection against individual foreign targets, it still has a problematic aspect: overcollection. Snowden was eager to draw public attention to this issue and, according to Greenwald, took his last job at NSA Hawaii only in order to get access to the NSA's raw data repositories.<a nohref title="Glenn Greenwald, No Place To Hide, p. 48">*</a> Snowden declined to repeat or explain that to Gellman though.<a nohref title="Barton Gellman, Dark Mirror, p. 84">*</a><br>
<br>
He succeeded and was able to exfiltrate a cache of ca. 22,000 collection reports, <a href="https://www.washingtonpost.com/world/national-security/your-questions-answered-about-the-posts-recent-investigation-of-nsa-surveillance/2014/07/11/43d743e6-0908-11e4-8a6a-19355c7e870a_story.html?utm_term=.e6244eb277df" target="_blank">containing</a> 160,000 individual conversations (75% of which instant messages), which the NSA collected via the PRISM program between 2009 and 2012.<a nohref title="Barton Gellman, Dark Mirror, p. 340">*</a><br>
<br>
Snowden handed them over to Barton Gellman who <a href="https://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html?utm_term=.676dfdc9ca3a" target="_blank">reported</a> about these files in July 2014. Researchers at The Washington Post found that the intercepted communications contained valuable foreign intelligence information, but also that over 9 out of 10 accountholders were not the intended surveillance targets and that nearly half of the files contained US person identifiers.<br>
<br>
It's probably technically impossible to prevent such overcollection, but instead of deleting irrelevant personal content, the NSA only "minimizes" it, which means that names of Americans are redacted before they are distributed. Gellman saw that NSA personnel takes these procedures seriously, but when he confronted former NSA deputy director Rick Ledgett with his unease, Ledgett's only reply was that the NSA really doesn't care about ordinary people.<a nohref title="Barton Gellman, Dark Mirror, p. 341-345">*</a><br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2017/12/section-702-faa-expires-what-are.html">Section 702 FAA expires: what are the problems with PRISM and Upstream?</a><br>
</div>
<br>
<a name="mission"></a>
<br>
<br>
<font size="+2"><b>The Mission List</b></font><br>
<br>
Ledgett's answer is confirmed by a comprehensive listing of the tasks of the NSA in the <a href="http://cryptome.org/2014/09/nsa-strategic-mission-list.pdf" target="_blank">Strategic Mission List</a> from January 2007. It was published by The New York Times in November 2013, but got hardly any attention, despite the fact that it clearly contradicts the claims by Snowden and Greenwald that the NSA has just one single goal: collect all digital communications from all over the world.<br>
<br>
Equally less traction <a href="https://archive.is/KnUS7" target="_blank">gained</a> reports by Ewen MacAskill from The Guardian and Scott Shane from The New York Times, who tried to provide balance and nuance by showing that NSA and GCHQ also did many good things, like monitoring terrorists, the Taliban, hostage takers, human traffickers, and drug cartels.<br>
<br>
The Mission List says that China, North-Korea, Iraq, Iran, Russia and Venezuela were "Enduring Targets", which means they are of long-term strategic importance and therefore require a holistic approach. Next there were 16 "Topical Missions", which are subject to some change, but can be considered legitimate targets for any large intelligence agency:<br>
<br>
<div class="blockquote">
- Winning the Global War on Terrorism (GWOT)<br>
- Protecting the US homeland<br>
- Combating proliferation of Weapons of Mass Destruction (WMD)<br>
- Protecting US military forces deployed overseas<br>
- Providing warning of impending state instability<br>
- Providing warning of a strategic nuclear missile attack<br>
- Monitoring regional tensions that could escalate<br>
- Preventing an attack on US critical information systems<br>
- Early detection of critical foreign military developments<br>
- Preventing technological surprise<br>
- Ensuring diplomatic advantage for the US<br>
- Ensuring a steady and reliable energy supply for the US<br>
- Countering foreign intelligence threats<br>
- Countering narcotics and transnational criminal networks<br>
- Mapping foreign military and civil communications infrastructure<br>
</div>
<br>
In 2013, terrorism was <a href="https://odnigov.tumblr.com/post/138558113835/dni-clapper-visits-us-naval-academy" target="_blank">replaced</a> by cyber attacks as top threat to American national security. Since then, cyber threats are increasing in frequency, scale, sophistication and severity of impact.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2014/09/nsas-strategic-mission-list.html">NSA's Strategic Mission List</a><br>
</div>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhb79FW0Pnbhn60TIi3r-jqC1oSdFEu1qwA0hQ1EBmEZZnPDg_X7kMv17T2iK-f-mndQE-oWgan0VtUGZWhExj0NVJF1U55q2qzQ8-fm1fWylhPV0DH24Uzz7MJJXMwz4SU-A7GHv0ABZc/s1600/boundless-worldwide-aggregate.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhb79FW0Pnbhn60TIi3r-jqC1oSdFEu1qwA0hQ1EBmEZZnPDg_X7kMv17T2iK-f-mndQE-oWgan0VtUGZWhExj0NVJF1U55q2qzQ8-fm1fWylhPV0DH24Uzz7MJJXMwz4SU-A7GHv0ABZc/s1600/boundless-worldwide-aggregate.jpg" width="550" title="Screenshot of BOUNDLESSINFORMANT"></a><br>
<font size="2">
Screenshot of the BOUNDLESSINFORMANT tool showing where the NSA collected most data<br>
</font>
</div>
<br>
<a name="friends"></a>
<br>
<br>
<font size="+2"><b>Spying among friends</b></font><br>
<br>
For its mission of "Ensuring Diplomatic Advantage for the U.S.", the NSA intercepts the communications of numerous foreign governments and government leaders. Based upon documents from the Snowden trove, media reported about eavesdropping operations against the Mexican candidate for the presidency, Enrique Peña Nieto, Brazilian president Dilma Rousseff, the <a href="https://www.electrospaces.net/2015/12/how-nsa-targeted-venezuelan-oil-company.html" target="_blank">Venezuelan oil company PdVSA</a> and many others.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2013/09/an-nsa-eavesdropping-case-study.html">An NSA eavesdropping case study</a><br>
</div>
<br>
The NSA's interest in Germany's chancellor Angela Merkel had the most far-reaching consequences. Merkel herself made clear to president Obama that "spying on friends is not acceptable" (<i>Ausspähen unter Freunden, das geht gar nicht</i>) and the German parliament started an official investigation into the spying activities of the NSA (<a href="https://de.wikipedia.org/wiki/1._Untersuchungsausschuss_der_18._Wahlperiode_des_Deutschen_Bundestages" target="_blank"><i>NSA-Untersuchungsausschuss</i></a> or <a href="https://twitter.com/hashtag/NSAUA?src=hashtag_click" target="_blank">#NSAUA</a>). This inquiry lasted from March 2014 to June 2017, but soon shifted its focus to Germany's own foreign intelligence agency BND.<br>
<br>
Extensive hearings of BND employees resulted in unprecedented insights into the details of the cable tapping and satellite interception operations which the BND conducted in cooperation with the NSA. Eventually it became clear that the NSA wasn't spying on German citizens, but did try to collect communications from European governments and companies of interest - just like the BND itself, which was also <a href="http://www.dw.com/en/germany-spies-among-friends-controversy-grows-over-espionage-activities/a-18844401" target="_blank">targeting</a> American and French foreign ministers, the interior departments of EU member states, and many others.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/11/new-details-about-selectors-nsa.html">New details about the selectors NSA provided to BND</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh67yFyvaSd6MOhzMXsYnQacbFQUvqoTNL9pv-h9DVsc2Keb1WTLEG1E7Avx8Ig3w4C8i5FJL-VCmk4JIuqUooYzYVbKKoVdRwB7VHeOpenv1L5HHTd4iqwScO05Mvq42hPDS66D0Rq9_Y1yClrit3TX2Z5yzChxkeRvbKS0hk6SGJueKo1ZPpdQ9Z0/s800/merkel-cellphone-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh67yFyvaSd6MOhzMXsYnQacbFQUvqoTNL9pv-h9DVsc2Keb1WTLEG1E7Avx8Ig3w4C8i5FJL-VCmk4JIuqUooYzYVbKKoVdRwB7VHeOpenv1L5HHTd4iqwScO05Mvq42hPDS66D0Rq9_Y1yClrit3TX2Z5yzChxkeRvbKS0hk6SGJueKo1ZPpdQ9Z0/s600/merkel-cellphone-header.jpg"/></a></div>
<div align="center">
<font size="2">
German chancellor Angela Merkel holding a secure BlackBerry Z10 in 2013<br>
<font color="gray">(photo: Nicki Demarco/The Fold/The Washington Post)</font><br>
</font>
</div>
<br>
<a name="backdoor"></a>
<br>
<br>
<font size="+2"><b>Backdoor tapping Google</b></font><br>
<br>
A disclosure that caused outrage in Silicon Valley was about MUSCULAR, a collection program in which the NSA cooperates with its British counterpart GCHQ. In October 2013, The Washington Post <a href="https://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html" target="_blank">reported</a> that under this program, the NSA had secretly broken into the main communications links between Yahoo and Google data centers around the world.<br>
<br>
A big question was: why would the NSA do that, given that they already had "front door" access to Google and Yahoo via the PRISM program? Gellman asked Snowden, who didn't come much further than "Because it could" and: "I'm speculating, but NSA doesn't ignore low-hanging fruit". Eventually Gellman realized that inside the US, the NSA had to specify individual targets, but abroad it was possible to acquire such data in bulk and to search and analyse it with <a href="https://en.wikipedia.org/wiki/XKeyscore" target="_blank">XKEYSCORE</a>.<a nohref title="Barton Gellman, Dark Mirror, p. 285-286">*</a><br>
<br>
The Post didn't mention the XKEYSCORE system by name and it's also not explained in Gellman's book <i>Dark Mirror</i>. That's unfortunate, because while Greenwald and Snowden presented XKEYSCORE as a global mass surveillance tool, it's actually a smart system to find targets who are communicating anonymously and therefore cannot be traced in the traditional way, via identifiers like phone numbers and e-mail addresses.<br>
<br>
It seems that hardly anyone realized that the disclosure of XKEYSCORE must have been really damaging for the NSA. In the 1990s, ECHELON made clear that the agency targeted phone numbers, so terrorists and other adversaries began avoiding individual identifiers and switched to anonymous ways to communicate. It must have been an eye-opener that with XKEYSCORE, the NSA found a way to trace those as well.<br>
<br>
<div align="right">
> More about <a href="https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html#xkeyscore">XKEYSCORE</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglLBeqt_uSQyOyu2IBstqYg-dq_ODbFpvEab0YTi2EVdQVKw3LU4fohs12nxnMoeIXRmx2YsIV-koifbS1gf5a-4cUivqSDXj8vJtuJVnggBfjCuCVEzpJncsCR3n3jKy1J4_km3zcQe7hDVAPQtvqgyxgm7lUqqOiF_6iIrm1N-AJ1qJBrIHq21pN/s1484/muscular%20google%20cloud.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="450" data-original-height="1113" data-original-width="1484" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglLBeqt_uSQyOyu2IBstqYg-dq_ODbFpvEab0YTi2EVdQVKw3LU4fohs12nxnMoeIXRmx2YsIV-koifbS1gf5a-4cUivqSDXj8vJtuJVnggBfjCuCVEzpJncsCR3n3jKy1J4_km3zcQe7hDVAPQtvqgyxgm7lUqqOiF_6iIrm1N-AJ1qJBrIHq21pN/s600/muscular%20google%20cloud.jpg"/></a></div>
<div align="center">
<font size="2">
NSA slide showing where to intercept data from the Google cloud<br>
</font>
</div>
<br>
<a name="boundless"></a>
<br>
<br>
<font size="+2"><b>BOUNDLESSINFORMANT</b></font><br>
<br>
Where Section 215 was most controversial in the United States, but lesser-known in Europe, the opposite was the case with <a href="https://en.wikipedia.org/wiki/Boundless_Informant" target="_blank">BOUNDLESSINFORMANT</a>, which caused fury in Europe, but is hardly known across the ocean. BOUNDLESSINFORMANT isn't a system to collect data, but an internal visualization tool that counts metadata records to provide insights into the NSA's worldwide data collection.<br>
<br>
The results are shown in heat maps and charts, like for individual countries and collection programs. Such charts for Germany and a few other countries were published on July 29, 2013 by Der Spiegel, but on August 5, the German foreign intelligence agency BND said that they collected these data during military operations abroad and subsequently <a href="https://www.spiegel.de/international/world/german-intelligence-sends-massive-amounts-of-data-to-the-nsa-a-914821.html" target="_blank">shared</a> them with the NSA. <br>
<br>
Despite this statement, Glenn Greenwald interpreted these charts as evidence of American mass surveillance on European citizens and started publishing them in major European newspapers.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2013/10/boundlessinformant-only-shows-metadata.html">BOUNDLESSINFORMANT only shows metadata</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPszI1cVyVi8fjDqJjsXRVats8_Nzkd5OgZsdaEU0aqd16Hy7KK0ZsZN0R5OZiS9xM7RMRShV_JGPNrIrR5UQiizhSoM3-OIjnu0eXBHixGJaQxbHnhKRbUQf6H-uKcWCkjRakWPvTRD8/s1600/boundless-germany.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPszI1cVyVi8fjDqJjsXRVats8_Nzkd5OgZsdaEU0aqd16Hy7KK0ZsZN0R5OZiS9xM7RMRShV_JGPNrIrR5UQiizhSoM3-OIjnu0eXBHixGJaQxbHnhKRbUQf6H-uKcWCkjRakWPvTRD8/s1600/boundless-germany.jpg" width="550" title="BOUNDLESSINFORMANT screenshot showing metadata related to Germany"></a></div>
<div align="center">
<font size="2">
BOUNDLESSINFORMANT chart showing the numbers of<br>
metadata which German BND shared with the NSA<br>
</font>
</div>
<br>
<br>
On October 21, for example, the French paper Le Monde published a <a href="https://www.lemonde.fr/technologies/article/2013/10/21/france-in-the-nsa-s-crosshair-phone-networks-under-surveillance_3499741_651865.html" target="_blank">story</a> saying that "telephone communications of French citizens are intercepted on a massive scale." After a similar story appeared in Spain, NSA director Keith Alexander came with a remarkable clarification, <a href="https://www.reuters.com/article/us-usa-security-nsa-idUSBRE99S03N20131029" target="_blank">saying</a>: "This is not information that we collected on European citizens. It represents information that we and our NATO allies have collected in defense of our countries and in support of military operations."<br>
<br>
Greenwald continued his framing in Norwegian and Italian papers. Only in The Netherlands it was <a href="https://tweakers.net/nieuws/92067/nsa-onderschepte-in-maand-metadata-1-komma-8-miljoen-telefoontjes-in-nederland.html" target="_blank">found out</a> that the BOUNDLESSINFORMANT charts were not about content, but about metadata. Dutch interior minister Ronald Plasterk, however, still followed Greenwald's interpretation and assumed the Americans were spying on Dutch citizens. A court case forced the government to admit that Dutch military intelligence had collected the data during operations abroad.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2014/02/dutch-government-tried-to-hide-truth.html">Dutch government tried to hide the truth about metadata collection</a><br>
</div>
<br>
<b>Correction</b><br>
<br>
It was only in May 2019 that <a href="https://theintercept.com/2019/05/29/nsa-data-afghanistan-iraq-mexico-border/" target="_blank">The Intercept</a> put the pieces together and set the record straight: the various BOUNDLESSINFORMANT charts showed cellphone metadata that had been collected by members of the Afghanistan SIGINT Coalition (AFSC, also known as the 9 Eyes) and fed them into the NSA's Real-Time Regional Gateway (RT-RG) big data analysis platform.<br>
<br>
When The Intercept confronted Greenwald with this new research, he still <a href="https://theintercept.com/2019/05/29/nsa-data-afghanistan-iraq-mexico-border/" target="_blank">tried</a> to blame the NSA: "At the time, Der Spiegel had already reported this interpretation, the NSA wouldn’t answer our questions, and they wouldn’t give us any additional information. I am totally in favor of correcting the record if the reporting was inaccurate."<br>
<br>
While Greenwald ignored the declaration by general Alexander, he was right when he said that the NSA's internal <a href="https://www.theguardian.com/world/interactive/2013/jun/08/boundless-informant-nsa-full-text" target="_blank">documentation</a> about BOUNDLESSINFORMANT was somewhat confusing. Apparently, Greenwald had to rely on that documentation because Snowden was of little help, just like he was for various other programs that journalists did not fully understand.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2019/09/from-9-eyes-to-14-eyes-afghanistan.html">From 9-Eyes to 14-Eyes: the Afghanistan SIGINT Coalition (AFSC)</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfypdDmWG-oVMOfTYDvcDvOgf1yzyk_ogmsxSCrnvTnRiMqPoCfeqxps5rKcy2iHlSZKbi2jRd1iiwpHgOftiiti3j6Mp_ZTw2cK-h4NpHfvbJMpKqukyKg2hpfgy5u4ZXfkfD2LzxlQo/s1600/afsc-rtrg-datasources.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfypdDmWG-oVMOfTYDvcDvOgf1yzyk_ogmsxSCrnvTnRiMqPoCfeqxps5rKcy2iHlSZKbi2jRd1iiwpHgOftiiti3j6Mp_ZTw2cK-h4NpHfvbJMpKqukyKg2hpfgy5u4ZXfkfD2LzxlQo/s1600/afsc-rtrg-datasources.PNG" width="500" /></a><br>
<font size="2">
Slide showing all the collection systems that fed the RT-RG platform<br>
<font color="gray">(click to enlarge)</font><br>
</font>
</div>
<br>
<a name="truth"></a>
<br>
<br>
<font size="+2"><b>Truth</b></font><br>
<br>
Many of the documents that Snowden provided to the press have been misinterpreted or exaggerated, sometimes unintentional, but in other cases maybe deliberately. In <i>Dark Mirror</i>, Barton Gellman writes:<br>
<br>
<div class="blockquote">
"There were signs that Snowden was capable of an instrumental approach to truth. In conversations about my work, when I got stuck on a hard reporting problem, he sometimes suggested that I provoke fresh disclosures from government officials by pretending to know more than I did."<br>
<br>
"Another time he went further, proposing that I actually publish informed speculation as fact. If my story outran the evidence, he said, the government would be forced to respond and thereby reveal more. There would be a net gain for public information either way." <br>
<br>
"He said misinformation from people like Mike Hayden, supporters of the intelligence establishment, pushed the terms of debate so far off center that only rhetorical counterforce could set the record straight."<a nohref title="Barton Gellman, Dark Mirror, p. 324-326">*</a><br>
</div>
<br>
Gellman declined this approach because it would make his reporting unreliable and it undermines confidence in the press if it would turn out that certain things weren't true. However, claims made by Greenwald and Snowden himself showed that his "counterforce" method sometimes did work: the government came up with new facts - but those never got the same attention as the original story, which was already stuck in people's minds.<br>
<br>
<a name="conclusion"></a>
<br>
<br>
<font size="+1"><b>Conclusion</b></font><br>
<br>
There's no doubt that the Snowden revelations provided unprecedented insight into modern-day signals intelligence as conducted by the NSA and its Five Eyes partners. <br>
<br>
In part this was much needed to understand how the legal framework is implemented and where safeguards need improvement. That, however, requires a close examination of the documents, which shows the problems are smaller and more complex than the mythical "global mass surveillance" which Snowden and Greenwald tried to proof.<br>
<br>
On the other hand, many things have been published that were merely sensational and weakened the US and its signals intelligence system. By revealing its workings and capacity, the Snowden revelations unintentionally set a new standard which other countries <a href="https://blog.erratasec.com/2014/12/snowden-made-things-worse.html" target="_blank">hurried</a> to catch up with.<br>
<br>
<br>
<br>
<b>Links </b><br>
<font size="2">
<br>
- Der Spiegel: <a href="https://archive.is/QZwpB" target="_blank">Das Internet ist heute anders unsicher</a> (June 9, 2023)<br>
- The Atlantic: <a href="https://archive.is/KnUS7" target="_blank">Did the Snowden Revelations Change Anything?</a> (June 7, 2023)<br>
- The Guardian: <a href="https://www.theguardian.com/us-news/2023/jun/07/edward-snowden-mi5-nsa-prism-ghcq" target="_blank">Snowden, MI5 and me: how the leak of the century came to be published</a> (June 7, 2023)<br>
- The Guardian: <a href="https://www.theguardian.com/us-news/2023/jun/07/edward-snowden-10-years-surveillance-revelations" target="_blank">What’s really changed 10 years after the Snowden revelations?</a> (June 7, 2023)<br>
- Schneier on Security: <a href="https://www.schneier.com/blog/archives/2023/06/snowden-ten-years-later.html" target="_blank">Snowden Ten Years Later</a> (June 6, 2023)<br>
- System Update: <a href="https://rumble.com/v2sgyx2-snowden-revelations-10-year-anniversary-glenn-greenwald-speaks-with-snowden.html" target="_blank">SNOWDEN REVELATIONS 10-Year Anniversary: Glenn Greenwald Speaks with Snowden & Laura Poitras on the Past, Present, & Future of Their Historic Reporting</a> (June 6, 2023)<br>
- neues deutschland: <a href="https://www.nd-aktuell.de/artikel/1173743.jahre-snowden-leaks-jahre-snowden-leaks-enthuellungen-nicht-mehr-erwuenscht.html" target="_blank">10 Jahre Snowden-Leaks: Enthüllungen nicht mehr erwünscht</a> (June 6, 2023)<br>
- neues deutschland: <a href="https://www.nd-aktuell.de/artikel/1173746.zehn-jahre-snowden-leaks-snowden-leaks-geheimdokumente-belegen-globale-massenueberwachung.html" target="_blank">Snowden-Leaks: Geheimdokumente belegen globale Massenüberwachung</a> (June 6, 2023)<br>
- Heise: <a href="https://www.heise.de/hintergrund/10-Jahre-Snowden-Enthuellungen-Was-hat-der-NSA-Whistleblower-bewirkt-9060879.html" target="_blank">Edward Snowden: Die Enthüllungen des NSA-Whistleblowers 10 Jahre später</a> (June 5, 2023)<br>
- Der Tagesspiegel: <i>Edward Snowden und die Whistleblower-Frage Feiert die Verräter!</i> (June 2023)<br>
- Netkwesties: <a href="https://www.netkwesties.nl/1472/barton-gellman-herziet-nsa-onthullingen.htm" target="_blank">Barton Gellman herziet NSA-onthullingen</a> (Dec. 7, 2020)<br>
- See also: <a href="https://web.archive.org/web/20200206094116/https://signpostfilmproductions.com/timeline/" target="_blank">Timeline of Edward Snowden</a><br>
<br>
- Documentary: <a href="https://www.youtube.com/watch?v=Rnpl0jXad-8" target="_blank">Edward Snowden: Whistleblower or Spy?</a><br>
</font>
<br>
<br>
Comments at <a href="https://news.ycombinator.com/item?id=37400526" target="_blank">Hacker News</a><br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com3tag:blogger.com,1999:blog-4559002410879446409.post-85835680012649412652023-05-18T11:16:00.056+02:002023-12-14T06:58:39.164+01:00New details about the Pentagon Leak<div align="right"><font size="2" color="gray">(Updated: December 12, 2023)</font></div>
<br>
Last month it became clear that junior airman <a href="https://en.wikipedia.org/wiki/Jack_Teixeira" target="_blank">Jack Teixeira</a> had posted highly classified military intelligence information on a Discord server, which became known as the Discord or <a href="https://en.wikipedia.org/wiki/2022%E2%80%932023_Pentagon_document_leaks" target="_blank">Pentagon Leak</a>.<br>
<br>
Here I will discuss some additional details from the documents filed by the public prosecutor on <a href="https://www.courtlistener.com/docket/67189492/united-states-v-jack-douglas-teixeira/#entry-19" target="_blank">April 26</a> and <a href="https://www.courtlistener.com/docket/67189492/united-states-v-jack-douglas-teixeira/#entry-34" target="_blank">May 17</a>, which provide some more insight into Teixeira's training, clearance and working environment.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2023/04/everything-you-want-to-know-about.html">Everything you want to know about the Pentagon/Discord Leak</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgG5QWZmdo1Sv0hHztcrk_boviIQJ6zGbbvNIZ0H72b6Hr8K5Ns6nO_H0CmSoFdChYgT8eqMjSg5p_j75ffU4BLXzaC5Yz-5ovddQzq32nzU6tDiFZ2Wd_s1uPu8lZLlGNkCV_yDeZ_kBpmbY2sRdeFje2PnCE_nEpDy7cOHAcfBAQpCERGTY2kwgE8/s800/pentagonleak-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="650" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgG5QWZmdo1Sv0hHztcrk_boviIQJ6zGbbvNIZ0H72b6Hr8K5Ns6nO_H0CmSoFdChYgT8eqMjSg5p_j75ffU4BLXzaC5Yz-5ovddQzq32nzU6tDiFZ2Wd_s1uPu8lZLlGNkCV_yDeZ_kBpmbY2sRdeFje2PnCE_nEpDy7cOHAcfBAQpCERGTY2kwgE8/s600/pentagonleak-header.jpg"/></a></div>
<br>
<br>
<br>
<font size="+1"><b>Technical training</b></font><br>
<br>
Op September 26, 2019, Teixeira had joined the <a href="https://en.wikipedia.org/wiki/Massachusetts_Air_National_Guard" target="_blank">Massachusetts Air National Guard</a> and started working at the 102nd Intelligence Wing as a "Cyber Transport Specialist" - according to a <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.19.5_1.pdf" target="_blank">letter</a> he wrote to a local law enforcement officer on November 15, 2020. <br>
<br>
In that letter, Teixeira tried to convince the officer that he had matured and changed since he was <a href="https://www.cbsnews.com/boston/news/accused-pentagon-leaker-jack-teixeira-court-documents-school-threats/" target="_blank">suspended</a> for a few days at his high school in March 2018 after making racial threats and remarks about guns and Molotov cocktails. After having enlisted and obtaining a Top Secret clearance, he thought he was eligible again for the Firearms ID that was denied after the incident.<br>
<br>
A few months after joining the National Guard, on November 15, 2019, Teixeira had registred at the <a href="https://en.wikipedia.org/wiki/Community_College_of_the_Air_Force" target="_blank">Community College of the Air Force</a> (CCAF), which offers a variety of courses and programs to earn an Associate of Applied Science (AAS) degree. According to the <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.19.10_1.pdf" target="_blank">transcript</a> shown below, he completed the following courses:<br>
<br>
- US Air Force Basic Military Training at Lackland Air Force Base on August 13, 2020<br>
- Information Technology Fundamentals at Keesler Air Force Base on February 16, 2021<br>
- Cyber Transport Systems also at Keesler Air Force Base on April 29, 2021<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOjbi4_ixKDLJn4y4LcqE5DXUthSUKpE6FR1zQjdgigV5gXV2UOXNnwQ2EtecLQykp_BjGsjBC5_6MCofaMMQBe3umnic-pAiE55rFhTLGwur_SjNjQyl82uLt_oH7lo3mGhq3ugGebfMHjh1obHuAvJuVRNl_-IgqTBvf-0UfPG0Zt8HRio6w7uZ0/s800/teixeira-courses.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="698" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOjbi4_ixKDLJn4y4LcqE5DXUthSUKpE6FR1zQjdgigV5gXV2UOXNnwQ2EtecLQykp_BjGsjBC5_6MCofaMMQBe3umnic-pAiE55rFhTLGwur_SjNjQyl82uLt_oH7lo3mGhq3ugGebfMHjh1obHuAvJuVRNl_-IgqTBvf-0UfPG0Zt8HRio6w7uZ0/s600/teixeira-courses.jpg"/></a></div>
<div align="center">
<font size="2">
Transcript of the courses which Jack Teixeira took at<br>
the Community College of the Air Force (CCAF)<br>
(click to enlarge)<br>
</font>
</div>
<br>
<br>
<br>
<font size="+1"><b>Sensitive Compartmented Information</b></font><br>
<br>
Sometime in fall 2020, after he finished his basic military training, Teixeira was granted a regular ("collateral") Top Secret clearance. This was required for starting technical training and just over two months after completing that in April 2021, his clearance was extended to Top Secret/SCI, which gave access to even more closely guarded information.<br>
<br>
The prescribed <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.19.1_1.pdf" target="_blank">Sensitive Compartmented Information Nondisclosure Agreement</a> (SCINA) was signed by Teixeira and an undisclosed witness on July 7, 2021. This form has 12 spaces where the particular control systems for Sensitive Compartmented Information (SCI) or Special Access Programs (SAPs) can be filled in:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCk4_IYU7uKIXdax3acEoxeIOCIwMJrCOesHWWl5tYsj5qUzAqv_XdZMEa-SgszfOpBab1Z15Htloadl_LUZpQrWKLGEHtt3XR1sVEk0n0j9N_xuNt3gTm9fxxwub1EKxmg3OJRTYOAJYzBWkNi6oMxfujnxxZe0J85aT5EVxGAmhPkwq0GFI4Qqp-/s800/teixeira-scina.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="441" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCk4_IYU7uKIXdax3acEoxeIOCIwMJrCOesHWWl5tYsj5qUzAqv_XdZMEa-SgszfOpBab1Z15Htloadl_LUZpQrWKLGEHtt3XR1sVEk0n0j9N_xuNt3gTm9fxxwub1EKxmg3OJRTYOAJYzBWkNi6oMxfujnxxZe0J85aT5EVxGAmhPkwq0GFI4Qqp-/s600/teixeira-scina.jpg"/></a></div>
<div align="center">
<font size="2">
Jack Teixeira's Sensitive Compartmented Information Nondisclosure Agreement<br>
(click to enlarge)<br>
</font>
</div>
<br>
<br>
According to the form, Teixeira was briefed for access ("indoctrinated") to the following Sensitive Compartmented Information control systems:<br>
<br>
- SI = Special Intelligence (communications intelligence)<br>
- TK = TALENT-KEYHOLE (intelligence from satellite collection)<br>
- G = GAMMA (sensitive communication intercepts)<br>
- HCS-P = HUMINT Control System-Product (intelligence from human sources)<br>
<br>
This shows that Teixeira had legitimate access to all the SCI compartments seen in the documents that he leaked, so apparently the only thing he lacked was the specific need-to-know.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html">The US Classification System</a><br>
</div>
<br>
<div class="blockquote">
<b>Update:</b><br>
According to the book <i>Dark Mirror</i> by Washington Post-journalist Barton Gellman, Edward Snowden had an SCI clearance for SI, TK, GAMMA and HCS as well - "the worst-case scenario for the NSA's internal defenses" according to Gellman.<a nohref title="Barton Gellman, Dark Mirror, p. 67-68">*</a><br>
</div>
<br>
A week later, on July 15, 2021, Teixeira digitally signed the <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.19.3_2.pdf" target="_blank">General Information Systems Acceptable Use Policy and User Agreement</a> of the 102nd Intelligence Surveillance Reconnaissance Group, which says that his actual workplace was at the 102nd Intelligence Support Squadron (ISS).<br>
<br>
Another two weeks later, on July 28, he also signed the <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.19.2_1.pdf" target="_blank">Information Technology User Agreement</a> of the 102nd Intelligence Wing, with numerous rules for using the organization's computer systems, including "I will not disclose any non-public Air Force or DoD information to unauthorized individuals."<br>
<br>
Finally, on March 3, 2022, after one hour of e-learning, Jack Teixeira also <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.34.5_1.pdf" target="_blank">completed</a> a course about Unauthorized Disclosure (UD) of Classified Information and Controlled Unclassified Information (CUI), as provided by the <a href="https://en.wikipedia.org/wiki/Defense_Counterintelligence_and_Security_Agency" target="_blank">Defense Counterintelligence and Security Agency</a>.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFC3cqGrgvri3HGEO5cJEGepBQnFuUvrQhs5SaaAKiWYs6SMzIewFonk8JmJ_9A4kNgFFxVBp_YPLuVWvFDcKqnUXhrVbv7WivEw7jK2q-DpPIx8qAkIIFQnEj_Ayc2DNSUgpftIZJQs82oL6ywSLkMo1VVvm1KZHcTpfMj_zyF4J1eTVMfrlVcYc6/s800/teixeira-certificate.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="450" data-original-height="624" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFC3cqGrgvri3HGEO5cJEGepBQnFuUvrQhs5SaaAKiWYs6SMzIewFonk8JmJ_9A4kNgFFxVBp_YPLuVWvFDcKqnUXhrVbv7WivEw7jK2q-DpPIx8qAkIIFQnEj_Ayc2DNSUgpftIZJQs82oL6ywSLkMo1VVvm1KZHcTpfMj_zyF4J1eTVMfrlVcYc6/s600/teixeira-certificate.jpg"/></a></div>
<br>
<a name="iss"></a>
<br>
<br>
<font size="+1"><b>The Intelligence Support Squadron</b></font><br>
<br>
On October 1, 2021, Teixeira <a href="https://www.nytimes.com/2023/04/13/world/europe/jack-teixeira-pentagon-leak.html" target="_blank">started</a> as a Cyber Transport Systems Journeyman with the rank of <a href="https://work.chron.com/air-force-rank-ab-mean-20978.html" target="_blank">Airman Basic</a> (AB) and pay grade E-1 at the <a href="https://www.102iw.ang.af.mil/About/Fact-Sheets/Display/Article/2083178/102nd-intelligence-support-squadron/" target="_blank">102nd Intelligence Support Squadron</a> (ISS).<br>
<br>
The ISS comprises more than 100 military, civilian and contractor Cyberspace Support professionals who maintain their part of the Air Force <a href="https://en.wikipedia.org/wiki/Distributed_Common_Ground_System" target="_blank">Distributed Common Ground System</a> (AF-DCGS), also known as the AN/GSQ-272 SENTINEL weapon system. This includes ensuring the availability and integrity of networks and equipment, software installation and support, information system security, communications security, and everything related.<br>
<br>
The ISS is part of the 102nd Intelligence Surveillance Reconnaissance Group (ISRG), which in turn is part of the 102nd Intelligence Wing (IW). This wing was established in 2009 after the Air National Guard's 102nd Fighter Wing had lost its flying mission due to the 2005 <a href="https://en.wikipedia.org/wiki/Base_Realignment_and_Closure" target="_blank">Base Realignment and Closure</a> (BRAC). <br>
<br>
Men and women from the former flying units were transitioned to the new Intelligence Wing and <a href="https://archive.is/GHA4F" target="_blank">trained</a> to work on the DCGS, learning to run its computers and analyze intelligence from spy planes and the ever-increasing number of drones. One of them was Jack Teixeira's stepfather.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIJtNMOdmBuV2j1-H-W-ehpOboolfdod36XUiGbJso_94NcpOBWWwmJTazpMax1uEOXCUunkYg2wN21Laq8zpoRMnklnN9REkcsUhxKlnmU3Jk-H_AObjq1kvDSxEt9Z0-4YfxDJXvFB1UXdXA4cqdf8tWjXeC7Z52PB899sHKzGpYX0tb5ofMf6ih/s1280/airforce-DCGS-2014.JPG" style="display: block; text-align: center; "><img alt="" border="0" width="500" data-original-height="852" data-original-width="1280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIJtNMOdmBuV2j1-H-W-ehpOboolfdod36XUiGbJso_94NcpOBWWwmJTazpMax1uEOXCUunkYg2wN21Laq8zpoRMnklnN9REkcsUhxKlnmU3Jk-H_AObjq1kvDSxEt9Z0-4YfxDJXvFB1UXdXA4cqdf8tWjXeC7Z52PB899sHKzGpYX0tb5ofMf6ih/s600/airforce-DCGS-2014.JPG"/></a></div>
<div align="center">
<font size="2">
Military personnel operating the Air Force Distributed Common Ground System<br>
(photo: US Air Force - click to enlarge)<br>
</font>
</div>
<br>
<a name="dcgs"></a>
<br>
<br>
<font size="+1"><b>The Distributed Common Ground System</b></font><br>
<br>
The <a href="https://en.wikipedia.org/wiki/Distributed_Common_Ground_System" target="_blank">Distributed Common Ground System</a> (DCGS) is a system-of-systems for passing data from intelligence collection platforms along to combatant commanders and warfighters. There are separate versions for the Navy (DCGS-N), the Army (DCGS-A), the Air Force (AF-DCGS), the Marine Corps (DCGS-MC) and the Special Operations Forces (DCGS-SOF).<br>
<br>
In 2015, the DCGS of the Air Force <a href="https://www.af.mil/About-Us/Fact-Sheets/Display/Article/104525/air-force-distributed-common-ground-system/" target="_blank">exploited</a> more than 50 manned and unmanned aircraft sorties, reviewed over 1200 hours of motion imagery, produced approximately 3000 signals intelligence reports, exploited 1250 still images and managed a total of 20 terabytes of data each day.<br>
<br>
The AF-DCGS had started small at Langley AFB in Virginia, Beale AFB in California and Osan Air Base in South Korea, but expanded in the early 2000s as demand for airborne surveillance surged. Soon, Ramstein Air Base in Germany and Hickam AFB in Honolulu were added, which make a total of five core sites, or Distributed Ground Stations (DGS).<br>
<br>
The system is also <a href="https://www.dote.osd.mil/Portals/97/pub/reports/FY2014/af/2014af_DCGS.pdf?ver=2019-08-22-110543-657" target="_blank">installed</a> at 16 additional sites: DGS‑Experimental at Langley AFB, 7 Air National Guard (ANG) sites and 8 Distributed Mission Sites (DMS). These DGS and DMS sites are manned by a mixture of active-duty, Air National Guard, Air Force Reserve and coalition partner units working to provide an integrated combat capability.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4OtkvjGM0fNJK2bUOMLow_7YCFjJQiBVUdN_49kSp-_GH1hUOo28PxOE4xpnf8VBoXOhRkpW7ltEJjmcte5Lp_okafXpYB5-J3Ylt2UOLjXZHXWIYqik6DDuwlSwvZ9aXMHx_kdJ5Ob_vAmB5tIBSB_X7kuTqV2iDy3QSUokSPGVk9bYmqEx5tpq6/s942/af-dcgs-2015.JPG" style="display: block; text-align: center; " target="_blankk"><img alt="" border="0" width="550" data-original-height="551" data-original-width="942" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4OtkvjGM0fNJK2bUOMLow_7YCFjJQiBVUdN_49kSp-_GH1hUOo28PxOE4xpnf8VBoXOhRkpW7ltEJjmcte5Lp_okafXpYB5-J3Ylt2UOLjXZHXWIYqik6DDuwlSwvZ9aXMHx_kdJ5Ob_vAmB5tIBSB_X7kuTqV2iDy3QSUokSPGVk9bYmqEx5tpq6/s600/af-dcgs-2015.JPG"/></a></div>
<div align="center">
<font size="2">
The Air Force Distributed Common Ground System (AF DCGS) in 2015<br>
(<a href="https://www.doctrine.af.mil/Portals/61/documents/AFDP_2-0/2-0-AFDP-GLOBAL-INTEGRATED-ISR.pdf" target="_blank">source</a> - click to enlarge)<br>
</font>
</div>
<br>
<br>
The AF-DCGS core site at Ramstein Air Base is backed-up by the Distributed Ground Station-Massachusetts (DGS-MA), which was established in December 2009. This site is operated by the <a href="https://www.102iw.ang.af.mil/About/Fact-Sheets/Display/Article/2083156/102nd-intelligence-surveillance-and-reconnaissance-group/" target="_blank">102nd Intelligence Surveillance Reconnaissance Group</a> (ISRG), which performs near-real-time exploitation and analysis of video feeds from the <a href="https://en.wikipedia.org/wiki/Lockheed_U-2" target="_blank">U-2</a> spy plane, as well as from the <a href="https://en.wikipedia.org/wiki/Northrop_Grumman_RQ-4_Global_Hawk" target="_blank">RQ-4</a> Global Hawk and <a href="https://en.wikipedia.org/wiki/General_Atomics_MQ-9_Reaper" target="_blank">MQ-9</a> Reaper surveillance drones.<br>
<br>
Ramstein is a crucial hub for drone operations, first for those in Iraq and Afghanistan, and now in support of Ukraine in its war with Russia. Because of moral doubts about the American drone program, NGA intelligence analyst Daniel Hale leaked The Drone Papers to The Intercept in 2014.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2019/05/daniel-hale-arrested-for-being-source.html">Daniel Hale arrested for being the source of The Drone Papers</a><br>
</div>
<br>
<a name="suspicious"></a>
<br>
<br>
<font size="+1"><b>Suspicious behaviour</b></font><br>
<br>
Teixeira <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.34.0_1.pdf" target="_blank">said</a> that at the 102nd Intelligence Support Squadron he was initially "assigned to middle eastern intelligence gathering tasks". In November 2022 he wrote in his Discord server that he worked with "NRO, NSA, NGA, and DIA people mostly", that he was "on JWICS weekly" and "knowing what happens more than pretty much anyone else is cool." <br>
<br>
JWICS stands for <a href="https://www.electrospaces.net/2015/03/us-military-and-intelligence-computer.html#jwics" target="_blank">Joint Worldwide Intelligence Communications System</a> and is a highly secured computer and communications network for collaboration and sharing intelligence up to the classification level Top Secret/SCI among US intelligence agencies.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/03/us-military-and-intelligence-computer.html">US military and intelligence computer networks</a><br>
</div>
<br>
According to documents <a href="https://www.courtlistener.com/docket/67189492/united-states-v-jack-douglas-teixeira/#entry-34" target="_blank">filed</a> by the public prosecutor on May 17, 2023, Teixeira had been observed looking for classified intelligence information in the <a href="https://en.wikipedia.org/wiki/Sensitive_compartmented_information_facility" target="_blank">Sensitive Compartmented Information Facility</a> (SCIF) of the 102nd Intelligence Wing, which is located in building 169 at Otis Air National Guard Base on Joint Base Cape Cod.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCllk8UCATIu81PPlGanmM7PvU2iZ_xfuo5A7vsVFeJvlZMoPBQ0j4QS60yrLgWajkADat9NUlXEMrhjy8tOMDrzEz4IYWvSis0T0INxsKwQ_3SZFX2KVYrBCsGTkmfe61KUXlqIzCFH4NVKAfJcGERmA16q_2aVKT3ZdbsL-RnMEdzhB0NeFAr5K2/s1024/cape-cod.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="483" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCllk8UCATIu81PPlGanmM7PvU2iZ_xfuo5A7vsVFeJvlZMoPBQ0j4QS60yrLgWajkADat9NUlXEMrhjy8tOMDrzEz4IYWvSis0T0INxsKwQ_3SZFX2KVYrBCsGTkmfe61KUXlqIzCFH4NVKAfJcGERmA16q_2aVKT3ZdbsL-RnMEdzhB0NeFAr5K2/s400/cape-cod.jpg"/></a></div>
<div align="center">
<font size="2">
The entrance to Joint Base Cape Cod in Pocasset, Massachusetts<br>
(photo: CJ Gunther/EPA - click to enlarge)<br>
</font>
</div>
<br>
<br>
The first time was in September 2022, when a staff sergeant <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.34.2_1.pdf" target="_blank">saw</a> that Teixeira had taken notes of classified information and put the note in his pocket. The staff sergeant asked Teixeira if he planned to shread it and informed a master sergeant. They discussed the incident with Teixeira, who was "instructed to no longer take notes in any form on classified intelligence information."<br>
<br>
On October 25, it <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.34.3_1.pdf" target="_blank">became clear</a> that Teixeira was "potentially ignoring the cease-and-desist order on deep diving into intelligence information", because five days earlier he had attended the ISS morning meeting where the weekly Current Intelligence Briefing (CIB) was being given, after which Teixeira proceeded to ask very specific questions.<br>
<br>
Teixeira was once again instructed to cease-and-desist any deep dives into classified information and to focus on his job in supporting Cyber Defense Operations (<a href="https://en.wikipedia.org/wiki/Air_Force_Specialty_Code" target="_blank">Air Force Specialty Code</a> 1D). Additionally, he was offered the opportunity to explore cross training for All Source Intelligence Analyst (1N0) or Cyber Intelligence (1N4), which he declined.<br>
<br>
All this didn't stop him, because a third memorandum for the record filed by the prosecutor <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.34.4_1.pdf" target="_blank">says</a> that on January 30, 2023, a master sergeant "was walking the Ops [Operations] floor when she observed A1C [Airman 1st Class] Teixeira on a JWICS machine viewing content that was not related to his primary duty and was related to the intelligence field." <br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzTRKK1JpwMJeFZNlkGy7_8scaUbnj_MxfV8HH7wA5jTJndFC2sI_6wGViaLs3XznyP4VtvfSNZL3lHQA1cp4u0LQH76Pg-Dza7ce3vGPbF-fHJ06l7UVrXooInvP4lx2vmjWDe0BTvA8/s590/central+command+2021+dte.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="364" data-original-width="590" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzTRKK1JpwMJeFZNlkGy7_8scaUbnj_MxfV8HH7wA5jTJndFC2sI_6wGViaLs3XznyP4VtvfSNZL3lHQA1cp4u0LQH76Pg-Dza7ce3vGPbF-fHJ06l7UVrXooInvP4lx2vmjWDe0BTvA8/s590/central+command+2021+dte.jpg"/></a></div>
<div align="center">
<font size="2">
The Desktop Environment (DTE), a uniform platform for the <br>
US Intelligence Community, running on the JWICS network. <br>
</font>
</div>
<br>
<br>
The fact that apparently no further action was taken against Teixeira might have led to the <a href="https://www.cbsnews.com/news/pentagon-leaker-jack-teixeira-intelligence-unit-leaders-suspended-air-force/" target="_blank">suspension</a>, last April, of the commander of the 102nd Intelligence Support Squadron and the detachment commander overseeing administrative support.<br>
<br>
Teixeira's behaviour is very similar to that of Edward Snowden, who also had an almost insatiable desire for information regardless of whether he was entitled to it. In his book <i>Permanent Record</i>, Snowden proudly recalled how easy it was to circumvent auditing controls and internal monitoring systems.<br>
<br>
Whether Teixeira circumvented such control systems as well is still unclear. While he could apparently access intelligence information on the JWICS network, he definitely didn't have the need-to-know for the material he eventually posted on his Discord server, which included intelligence briefings for senior military commanders and civilian policy makers.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2023/04/everything-you-want-to-know-about.html">Everything you want to know about the Pentagon/Discord Leak</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0vJC_v7HqgJTJBB8lWmsua-LFFOxOSnlQB5K_jc3rEJX--_uHxkNb8IRODSC6NoKtgwbZ508YUAXpRCQGnDfTLsPTkUlgIpqf0ovLVxJiogeybRPXGxZTT48U7NjGwORzjh3DWISaTYIEgtqUd3QWCASR_ZTGTo1r-LAlX8slUU0RcrfwGyNFO9R-/s764/jointstaff-dailyupdate.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="593" data-original-width="764" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0vJC_v7HqgJTJBB8lWmsua-LFFOxOSnlQB5K_jc3rEJX--_uHxkNb8IRODSC6NoKtgwbZ508YUAXpRCQGnDfTLsPTkUlgIpqf0ovLVxJiogeybRPXGxZTT48U7NjGwORzjh3DWISaTYIEgtqUd3QWCASR_ZTGTo1r-LAlX8slUU0RcrfwGyNFO9R-/s600/jointstaff-dailyupdate.jpg"/></a></div>
<div align="center">
<font size="2">
Title of the Daily Intelligence Update for the Secretary of Defense and<br>
the Chairman of the Joint Chiefs of Staff from February 28, 2023<br />
(leaked by Jack Teixeira - click to enlarge)<br>
</font>
</div>
<br>
<br>
<br>
<font size="+1"><b>Network monitoring</b></font><br>
<br>
After Jack Teixeira had been arrested on April 13, 2023, various agencies started an investigation into his case. One <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.19.4_1.pdf" target="_blank">was</a> an audit of an "Intelligence Community-wide system for which U.S. Government Agency 2 acts as a service provider", which most likely refers to the <a href="https://en.wikipedia.org/wiki/Defense_Intelligence_Agency" target="_blank">Defense Intelligence Agency</a> (DIA) and the JWICS network.<br>
<br>
This audit, which yielded results dating back to February 26, 2022, revealed that Teixeira had accessed hundreds of classified reports and documents and conducted "hundreds of searches on the classified network on a number of subjects, many of which related to the Russia-Ukraine conflict."<br>
<br>
In addition, on or around July 30, 2022, he also searched for the terms "Ruby Ridge", "Las Vegas shooting", "Mandalay Bay shooting", "Buffalo tops shooting", and "Uvalde" which are all (related to) <a href="https://en.wikipedia.org/wiki/Mass_shootings_in_the_United_States" target="_blank">mass shootings in the United States</a>, which Teixeira had an unhealthy interest in. <br>
<br>
While it's definitely useful to have these audit results for a criminal investigation, there's apparently still no insider threat detection system that is capable of near-real-time anomaly detection. The NSA, DISA and large defense contractors were already working on that over a decade ago, but this <a href="https://cyberscoop.com/nsa-insider-threat-reality-winner-harold-martin/" target="_blank">turned out</a> to be rather difficult.<br>
<br>
The DIA seems to be lagging behind even more, as only by the end of 2021, the agency came up with plans to <a href="https://breakingdefense.com/2021/11/dia-cio-details-push-to-modernize-top-secret-network-amid-150-uptick-in-cyber-threats/" target="_blank">modernize</a> the JWICS network with for example Comply-to-Connect access control and behavioral-based vulnerability detection. <br>
<br>
<br>
<div class="blockquote">
<b>Updates:</b><br>
<br>
On May 19, 2023, a federal magistrate judge <a href="https://www.nytimes.com/2023/05/19/us/politics/teixeira-detention-hearing.html" target="_blank">ruled</a> that Jack Teixeira has to remain in prison pending his trial because he poses a continuing threat to national security and public safety.<br>
<br>
On June 15, 2023, the Justice Department <a href="https://www.nytimes.com/2023/06/15/us/politics/jack-teixeira-indicted-document-leaks.html?te=1&nl=from-the-times&emc=edit_ufn_20230615" target="_blank">filed</a> the <a href="https://t.co/cTi8PH3HrR" target="_blank">indictment</a> against Teixeira, with six counts of "willful detention and transmission of national defense information". While Teixeira leaked at least some 60 documents to his Discord server, the indictment includes only six of them: one classified Secret, the other five Top Secret/SCI.<br>
<br>
On June 30, 2023, US secretary of Defense Lloyd Austin issued a <a href="https://media.defense.gov/2023/Jul/05/2003253531/-1/-1/1/SECURITY-REVIEW-FOLLOW-ON-ACTIONS.PDF" target="_blank">memorandum</a> with a range of actions the prevent compromise of classified information. One of those actions is the establishment of a Joint Management Office for Insider Threat and Cyber Capabilities to oversee user activity monitoring and improve threat monitoring across all DoD networks.<br>
<br>
On December 11, 2023, the US Air Force released a <a href="https://www.af.mil/Portals/1/documents/2023SAF/UD_ROI_-_11_Dec_23.pdf" target="_blank">report</a> by its Inspector General which identified a range of deficiencies at Otis Air National Guard Base:<br>
<div class="blockquote">
- Four cases of suspicious behaviour by Jack Teixeira weren't properly reported to security officials;<br>
- IT specialists received weekly intelligence briefings to better understand the importance of their work, but this "know your why" effort was improper in that it provided higher level classified information than was necessary;<br>
- Some personnel believed having a TS-SCI clearance meant users had approval to examine any information they could find on JWICS;<br>
- No permission controls were in place to monitor print jobs, so any night shift member had ample opportunity to access JWICS sites
and print a high volume of products without supervision or detection;<br>
- Unit members described trusting their coworkers without verifying access or need to know and inconsistently practicing certain disciplines;<br>
- Unit leaders created a critically permissive culture that reinforced risk-accepting behaviors at inappropriate levels.<br>
</div>
As a result of the investigation, no less than 15 Air National Guardsmen have been <a href="https://www.c4isrnet.com/news/your-military/2023/12/11/15-air-national-guardsmen-disciplined-in-discord-server-leak/?utm_source=sailthru&utm_medium=email&utm_campaign=c4-cyber" target="_blank">disciplined</a>, including the wing and group commanders, as well as more junior officers and noncommissioned officers.<br>
</div>
<br>
<br>
<br>
<b>Links and Sources</b><br>
<font size="2">
<br>
- PBS Frontline documentary: <a href="https://www.pbs.org/video/the-discord-leaks-zrdqg7/" target="_blank">The Discord Leaks</a> (Dec. 12, 2023)<br>
<br>
- The Washington Post: <a href="https://archive.is/qKmiG" target="_blank">Amid leak of U.S. secrets, Pentagon hunts how documents left air base</a> (May 20, 2023)<br>
- Emptywheel: <a href="https://www.emptywheel.net/?p=112739" target="_blank">Jack Teixeira’s Polish (or Croatian) Missile</a> (May 18, 2023)<br>
- Christian Science Monitor: <a href="https://www.csmonitor.com/USA/Politics/2023/0517/Jack-Teixeira-Edward-Snowden-and-plugging-intelligence-leaks" target="_blank">Jack Teixeira, Edward Snowden, and plugging intelligence leaks</a> (May 17, 2023)<br>
- The Washington Post: <a href="https://www.washingtonpost.com/national-security/2023/05/17/leak-suspect-jack-teixeira/" target="_blank">Leak suspect shared classified secrets with foreigners, prosecutors say</a> (May 17, 2023)<br>
- The New York Times: <a href="https://archive.is/GHA4F" target="_blank">Airman in Leaks Case Worked on a Global Network Essential to Drone Missions</a> (April 30, 2023)<br>
- US Air Force Unit History: <a href="http://usafunithistory.com/PDF/0100/101-124/102%20INTELLIGENCE%20WING.pdf" target="_blank">102 Intelligence Wing</a> (Jan. 19, 2022)<br>
- AutoNorms: <a href="https://www.autonorms.eu/shortening-the-kill-chain-with-artificial-intelligence/" target="_blank">Shortening the Kill Chain with Artificial Intelligence</a> (Nov. 28, 2021)<br>
</font>
<br>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com0tag:blogger.com,1999:blog-4559002410879446409.post-68263906435612945782023-04-21T10:33:00.125+02:002023-12-14T06:57:21.528+01:00Everything you want to know about the Pentagon/Discord Leak<div align="right"><font size="2" color="gray">(Updated: December 13, 2023)</font></div>
<br>
Two weeks ago, a few highly classified military maps from Pentagon appeared on social media. As more and more of such documents surfaced, this became the most significant leak since the exposure of NSA and CIA hacking tools in 2016 & 2017.<br>
<br>
Because the content of the leaked documents has already been extensively discussed by the press, I will summarize the events, take a close look at the form of the documents and assess how the leaker might have been able to access them.<br>
<br>
<div align="center" class="hidemobile"><b>
<a href="#leak">The leak</a> <a href="#leaker">The leaker</a> <a href="#documents">The documents</a> <a href="#access">The access</a></b><br>
<br>
Updates: <a href="#update1">#1</a> <a href="#update2">#2</a> <a href="#update3">#3</a> <a href="#update4">#4</a> <a href="#update5">#5</a><br>
<br>
See also: <a href="https://www.electrospaces.net/2023/05/new-details-about-pentagon-leak.html">New details about the Pentagon Leak</a><br>
</div>
<div align="center" class="hidedesktop"><b>
<a href="#leak">The leak</a> <a href="#leaker">The leaker</a><br>
<br>
<a href="#documents">The documents</a> <a href="#access">The access</a></b><br>
<br>
Updates: <a href="#update1">#1</a> <a href="#update2">#2</a> <a href="#update3">#3</a> <a href="#update4">#4</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgq1feP5_z1bfyN8BCQ5Dz2IKfiird5pJzrhQOiP5fUbJCTakvq_LtcvGci6JJwHdXauMl3lXCX50N-UgRhKBf1YBoXgu1QoW2A3Y75YscK1uG9x1d_eAML7VXlN4bJP4lbq3gHsJzxHLc7Zgnd0eVjzSb5zdk0FKv099fxS299pTs3pooi2LVb2RR6/s800/jointstaffdocs-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="650" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgq1feP5_z1bfyN8BCQ5Dz2IKfiird5pJzrhQOiP5fUbJCTakvq_LtcvGci6JJwHdXauMl3lXCX50N-UgRhKBf1YBoXgu1QoW2A3Y75YscK1uG9x1d_eAML7VXlN4bJP4lbq3gHsJzxHLc7Zgnd0eVjzSb5zdk0FKv099fxS299pTs3pooi2LVb2RR6/s600/jointstaffdocs-header.jpg"/></a></div>
<br>
<a name="leak"></a>
<br>
<br>
<font size="+3"><b>The leak</b></font> <font size="+2">Discord - 4chan - Telegram</font><br>
<br>
The Pentagon or Discord Leak came to light on Thursday, April 6, when The New York Times <a href="https://www.nytimes.com/2023/04/06/us/politics/ukraine-war-plan-russia.html" target="_blank">reported</a> on Top Secret US defense documents that had been shared on Russian Telegram channels. <br>
<br>
How this leak developed becomes clear from research by Aric Toler from <a href="https://www.bellingcat.com/news/2023/04/09/from-discord-to-4chan-the-improbable-journey-of-a-us-defence-leak/" target="_blank">Bellingcat</a> and Shane Harris from <a href="https://www.washingtonpost.com/national-security/2023/04/12/discord-leaked-documents/" target="_blank">The Washington Post</a>, as well as from the <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.3.1.pdf" target="_blank">affidavit</a> which the FBI submitted to the district court of Massachusetts.<br>
<br>
According to these sources, the leak started in October 2022, when someone who called himself OG (for <a href="https://www.urbandictionary.com/define.php?term=OG" target="_blank"><i>Original Gangster</i></a>) began posting classified information in a <a href="https://en.wikipedia.org/wiki/Discord" target="_blank">Discord</a> server, which he eventually named "Thug Shaker Central" and was controlled by OG as the administrator. <br>
<br>
This server had been created in 2020 by someone who called himself Vakhi, a now 17-year-old high school graduate, and consisted of some 20 to 30 gamers from various countries, including Russia and Ukraine. They had been locked in their houses during the Covid-19 pandemic and were "united by their mutual love of guns, military gear and God".<br>
<br>
Initially, OG made transcriptions of classified documents he had brought home from his job on an unnamed military base. By sharing this information, OG apparently wanted to show off his insider knowledge and offer the other server members unique insights that could provide protection from the real-world troubles.<br>
<br>
Similar to Snowden, OG <a href="https://archive.is/tQAm9" target="_blank">ranted</a> about "government overreach" and saw law enforcement and intelligence agencies as "a sinister force that sought suppress its citizens and keep them in the dark."<br>
<br>
When transcribing classified documents by hand proved too tiresome and not very attractive for the server members, OG began posting photos of the original documents in January 2023. Eventually, he posted some 350 of such photos in his Discord server.<br>
<br>
Then, from February 28 to at least March 2, a 17-year-old user called Lucca secretly posted 50 to 100 of the photos from Thug Shaker Central on another Discord server, which was affiliated with a British-Filipino YouTuber called <a href="https://www.youtube.com/channel/UCOujgO5S-Zn8DqpFrvzeIqA" target="_blank">wow_mao</a>:<br>
<br>
<br>
<div align="center">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje4omFDa8YBxbdCpgwMYPdpVQt1oA6Y5BeLixW-jhMTX8wEwtK6JenK5We66eFuDzI8oVJbssJCpSmlF4pHtC_hJhyp1x7ISs7N7O1co8foB3r7DDAVl42ektdSP9uR1gAkFQn08IfMkSh4gB1MVdgZhWPxkGj9JdmRdVvw-gXfhmfPnUCpLpzt0tz/s534/jointstaffdocs-discord3.jpg"><img alt="" border="0" width="250" data-original-height="534" data-original-width="373" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje4omFDa8YBxbdCpgwMYPdpVQt1oA6Y5BeLixW-jhMTX8wEwtK6JenK5We66eFuDzI8oVJbssJCpSmlF4pHtC_hJhyp1x7ISs7N7O1co8foB3r7DDAVl42ektdSP9uR1gAkFQn08IfMkSh4gB1MVdgZhWPxkGj9JdmRdVvw-gXfhmfPnUCpLpzt0tz/s400/jointstaffdocs-discord3.jpg"/></a>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRb-JmXCYoZwV0t-OjzhIn42O0vwwZYPNMxutrXkIiJFQncUP_YfXt9FK-xzjZQCMkovzuipVwc8Tn2F8UPEvVpcwsH122B3E0F2K3OWLVXnXIi22qMhkj3EIuw4sbIlPrA9eUwYPMFrgwYeyDN2orB4q2WpOqzoa3JzAc2KEK9bEYOeiK2FRUqMgL/s535/jointstaffdocs-discord4.jpg" ><img alt="" border="0" width="250" data-original-height="535" data-original-width="381" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRb-JmXCYoZwV0t-OjzhIn42O0vwwZYPNMxutrXkIiJFQncUP_YfXt9FK-xzjZQCMkovzuipVwc8Tn2F8UPEvVpcwsH122B3E0F2K3OWLVXnXIi22qMhkj3EIuw4sbIlPrA9eUwYPMFrgwYeyDN2orB4q2WpOqzoa3JzAc2KEK9bEYOeiK2FRUqMgL/s400/jointstaffdocs-discord4.jpg"/></a><br>
<font size="2">
Screenshots of several photos posted in the wow_mao Discord server on March 1, 2023<br>
(screenshots by - click to enlarge)<br>
</font>
</div>
<br>
<br>
On March 4, 2023, ten photos from the wow_mao server appeared on yet another (and meanwhile deleted) Discord server called "Minecraft Earth Map", which was dedicated to the popular computer game <a href="https://en.wikipedia.org/wiki/Minecraft" target="_blank">Minecraft</a>. A zip file of 32 photographs also <a href="https://www.vice.com/en/article/ak3d5z/leaked-classified-documents-also-include-roleplaying-game-character-stats" target="_blank">included</a> a photo of a handwritten piece of paper that appeared to be a character sheet for a roleplaying game (RPG), which seems unrelated to the leaked documents.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_pqmV4C-IVjhiG-Zo9bYo7kV8MaJjPuaLLi1Dkg0NkdKg1Tv3NH85c-9b9c9xFP1ucoytvy5x2h2LLZP-QUZugMoXbvu-qEyANRGgpN9hjJxWlucNd81_z6TfKVWmlgFx5D7Nxnl0sTPqyD14kHMDHP1eCn7RSqZE7p93ksyUmI1PIoIvZJ7dfShC/s923/jointstaffdocs-minecraft.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="538" data-original-width="923" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_pqmV4C-IVjhiG-Zo9bYo7kV8MaJjPuaLLi1Dkg0NkdKg1Tv3NH85c-9b9c9xFP1ucoytvy5x2h2LLZP-QUZugMoXbvu-qEyANRGgpN9hjJxWlucNd81_z6TfKVWmlgFx5D7Nxnl0sTPqyD14kHMDHP1eCn7RSqZE7p93ksyUmI1PIoIvZJ7dfShC/s600/jointstaffdocs-minecraft.jpg"/></a></div>
<div align="center">
<font size="2">
(Screenshot and pixelation by <a href="https://www.bellingcat.com/news/2023/04/09/from-discord-to-4chan-the-improbable-journey-of-a-us-defence-leak/" target="_blank">Bellingcat</a> - click to enlarge)<br>
</font>
</div>
<br>
<br>
On April 5, three of these photos were posted on the message board platform <a href="https://en.wikipedia.org/wiki/4chan" target="_blank">4chan</a> and five of them on a pro-Kremlin Telegram account <a href="https://archive.is/gvFVs" target="_blank">called</a> Donbass Devushka. One of the images, showing a March 1 Ukraine status update (marked "Pg 7"), had been altered to inflate the number of Ukrainian casualties and downplay those on the Russian side.<br>
<br>
The Donbass Devushka account has some 65,000 followers and one of its administrators appeared to be former US Navy electronics technician Sarah Bils from Washington-state. She <a href="https://archive.is/gvFVs" target="_blank">said</a> that she later deleted the four photos, but they had already been picked up by other Russian Telegram channels and were eventually noticed on Twitter.<br>
<br>
Meanwhile, OG had stopped sharing images in the Thug Shaker Central server in the middle of March. On April 6, shortly before the New York Times first reported on the leak, he learned that his photos had been spilled into other social media, which made him confused and distraught. He then shut down his Discord server and urged its members to delete any information that related to him.<br>
<a name="update1"></a>
<br>
<br>
<div class="blockquote">
<b> UPDATE #1:</b><br>
<br>
On April 21, 2023, The New York Times <a href="https://archive.is/4UsqG" target="_blank">reported</a> that from February 25, 2022 (which is one day after Russia invaded Ukraine) to March 19, 2023, the leaker also posted classified information an another, easily accessible Discord server with some 600 members.<br>
<br>
There he called himself "unknowing" and provided insights into the development of the war, mainly in the form of detailed written accounts, but he apparently also posted pictures of some documents, which have since been deleted.<br>
<br>
On March 19, 2023, unknowing wrote: "I was very happy and willing and enthusiastic to have covered this event for the past year and share with all of you something that not many people get to see", but: "I've decided to stop with the updates."<br>
</div>
<br>
<br>
<font size="+1"><b>Motives and damage</b></font><br>
<br>
Looking back at the leaks of the past 10 years, we see quite some variation in motives: while Edward Snowden <a href="https://www.electrospaces.net/2020/03/edward-snowden-and-stellarwind-report.html">assumed</a> he would provide proof of mass surveillance (2013), Daniel Hale leaked the Drone Papers to <a href="https://www.electrospaces.net/2019/05/daniel-hale-arrested-for-being-source.html">inform</a> the public (2015), Harold Martin was simply <a href="https://www.electrospaces.net/2016/10/with-nsa-contractor-martin-arrested.html">hoarding</a> everthing he could get (2016), Nghia Pho wanted to improve his programming skills (2016), Reality Winner also wanted to inform the public about Russian election interference (2017), Joshua Schulte leaked the Vault7 files because he was angry at the CIA (2017), but Jack Teixeira wanted to impress his online chat group (2023).<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/12/leaked-documents-that-were-not.html">Leaked documents that were not attributed to Snowden</a><br>
</div>
<br>
However, as emptywheel <a href="https://www.emptywheel.net/2023/04/15/jack-teixeira-leak-dumps-dont-care-about-the-story-you-tell-about-motive/" target="_blank">explains</a> in an extensive blog post, the motive of the leaker is something different than what's actually inside the leaked files and what subsequently happens with them: "many [contemporary leakers] don't have expertise on the specific files they're leaking".<br>
<br>
This is demonstrated in a piece by PwnAllTheThings, who <a href="https://www.pwnallthethings.com/p/pentagon-leaks-whats-the-damage" target="_blank">analyses</a> the damage done by the military intelligence about Ukraine ("acute damage potential, but very short-lived"), the political analysis using non-fragile sources ("embarrassing, but quickly forgotten"), and the foreign intelligence from highly sensitive sources ("fragile and opaque longer-term damage").<br>
<br>
<a name="leaker"></a>
<br>
<br>
<font size="+3"><b>The leaker</b></font> <font size="+2">Jack Teixeira</font><br>
<br>
Based upon a very close examination of items that could be seen in the background of the leaked photograhps, "OG" was <a href="https://www.nytimes.com/2023/04/13/world/documents-leak-leaker-identity.html" target="_blank">identified</a> as the 21-year old airman Jack D. Teixeira. On Thursday, April 13, he was arrested by the FBI at the home of his mother in North Dighton, Massachusetts, and accused of "alleged unauthorized removal, retention and transmission of classified national defense information."<br>
<br>
Teixeira grew up in the suburbs of Providence, Rhode Island, and attended Dighton-Rehoboth High School in Massachusetts where he graduated in 2020. He appeared to be a loner and <a href="https://edition.cnn.com/politics/live-news/pentagon-documents-leak-04-13-23/index.html" target="_blank">according</a> to several of his former high school classmates, he had a fascination with the military, guns and war. <br>
<br>
Op September 26, 2019, Teixeira had joined the <a href="https://en.wikipedia.org/wiki/Massachusetts_Air_National_Guard" target="_blank">Massachusetts Air National Guard</a>, and after finishing technical training, he <a href="https://www.nytimes.com/2023/04/13/world/europe/jack-teixeira-pentagon-leak.html" target="_blank">entered</a> active duty at the 102nd Intelligence Wing on October 1, 2021. This unit is located at <a href="https://en.wikipedia.org/wiki/Otis_Air_National_Guard_Base" target="_blank">Otis Air National Guard Base</a> on the southern portion of the <a href="https://en.wikipedia.org/wiki/Joint_Base_Cape_Cod" target="_blank">Joint Base Cape Cod</a> (JBCC).<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCllk8UCATIu81PPlGanmM7PvU2iZ_xfuo5A7vsVFeJvlZMoPBQ0j4QS60yrLgWajkADat9NUlXEMrhjy8tOMDrzEz4IYWvSis0T0INxsKwQ_3SZFX2KVYrBCsGTkmfe61KUXlqIzCFH4NVKAfJcGERmA16q_2aVKT3ZdbsL-RnMEdzhB0NeFAr5K2/s1024/cape-cod.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="483" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCllk8UCATIu81PPlGanmM7PvU2iZ_xfuo5A7vsVFeJvlZMoPBQ0j4QS60yrLgWajkADat9NUlXEMrhjy8tOMDrzEz4IYWvSis0T0INxsKwQ_3SZFX2KVYrBCsGTkmfe61KUXlqIzCFH4NVKAfJcGERmA16q_2aVKT3ZdbsL-RnMEdzhB0NeFAr5K2/s400/cape-cod.jpg"/></a></div>
<div align="center">
<font size="2">
The entrance to Joint Base Cape Cod in Pocasset, Massachusetts<br>
(photo: CJ Gunther/EPA - click to enlarge)<br>
</font>
</div>
<br>
<br>
In his first job, that of a Cyber Transport Systems Journeyman, Teixeira was responsible for keeping the communications networks secure and operational, including installing, maintaining and repairing hardware and cables. Since May 2022, his job title <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.19.0_3.pdf" target="_blank">was</a> Cyber Defense Operations Journeyman. This is remarkably similar to Edward Snowden, who started as a systems administrator and then became a cyber defense analyst.<br>
<br>
Since he entered active duty in 2021, Teixeira held a Top Secret clearance with access to <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html#sci">Sensitive Compartmented Information</a> (SCI), which usually includes signals intelligence (SI) and information collected by satellites and airborne surveillance platforms (TK). For which information he had the necessary <a href="https://en.wikipedia.org/wiki/Need_to_know" target="_blank">need-to-know</a> depended on the specific duties of his job.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirN38wdo6YaBHqa5B8SC4ItryLpjHjFKD_WhPAzUVf_ouCb1LqxcLNuzx7yOS0zF4lw-G5kDKRaoQF-F0cKbytfFNtyax49lDEkqDbuByg5VADycquW3nAkvoCGiXFWLa1QQIQZsTDWKE17hHdB4PcJRVcML56cc_C69hHHaYS4TEBHbOF59lsp_yO/s1220/teixeira-map.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="450" data-original-height="980" data-original-width="1220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirN38wdo6YaBHqa5B8SC4ItryLpjHjFKD_WhPAzUVf_ouCb1LqxcLNuzx7yOS0zF4lw-G5kDKRaoQF-F0cKbytfFNtyax49lDEkqDbuByg5VADycquW3nAkvoCGiXFWLa1QQIQZsTDWKE17hHdB4PcJRVcML56cc_C69hHHaYS4TEBHbOF59lsp_yO/s600/teixeira-map.jpg"/></a></div>
<div align="center">
<font size="2">
Location of Joint Base Cape Cod and Teixeira's hometown<br>
(graphic: The Washington Post - click to enlarge)<br>
</font>
</div>
<br>
<br>
<b>The 102nd Intelligence Wing</b><br>
<br>
The <a href="https://en.wikipedia.org/wiki/102nd_Intelligence_Wing" target="_blank">102nd Intelligence Wing</a> consists of over 20 squadrons and groups. The 102nd Intelligence Surveillance Reconnaissance Group (ISRG), for example, <a href="https://www.102iw.ang.af.mil/About/Fact-Sheets/Display/Article/2083156/102nd-intelligence-surveillance-and-reconnaissance-group/" target="_blank">performs</a> near-real-time exploitation and analysis of video feeds from the <a href="https://en.wikipedia.org/wiki/Lockheed_U-2" target="_blank">U-2</a> spy plane, as well as from the <a href="https://en.wikipedia.org/wiki/Northrop_Grumman_RQ-4_Global_Hawk" target="_blank">RQ-4</a> Global Hawk and <a href="https://en.wikipedia.org/wiki/General_Atomics_MQ-9_Reaper" target="_blank">MQ-9</a> Reaper surveillance drones, which are <a href="https://www.ft.com/content/fc72d277-7fa8-4b29-9231-4feb34f43b0c" target="_blank">put together</a> so it can be used by military commanders.<br>
<br>
Other units are involved in cyber missions, like the 267th Intelligence Squadron (IS), which <a href="https://www.102iw.ang.af.mil/About/Fact-Sheets/Display/Article/2245522/267th-intelligence-squadron/" target="_blank">conducts</a> "signals intelligence exploitation in the cyber domain for 25th Air Force and US Cyber Command", providing "finished Cyber ISR products, and direct support for consumers across multiple agencies."<br>
<br>
<div class="hidemobile">
Besides <a href="https://www.ft.com/content/fc72d277-7fa8-4b29-9231-4feb34f43b0c" target="_blank">supporting</a> combat operations overseas, the 102nd Intelligence Wing also provides defense support to civilian authorities during national and regional emergencies, as is shown in this video from 2017:<br>
<br>
<br>
<div align="center">
<iframe src="https://www.dvidshub.net/video/embed/549765" width="500" height="300" frameborder="0" allowtransparency allowfullscreen></iframe><br>
<font size="2">
102nd Intelligence Wing Airmen provide disaster relief<br>
in response to Hurricane Harvey in August 2017<br>
(click the image to start the video)<br>
</font>
</div>
<br>
<br>
</div>
Meanwhile, the US Air Force has ordered the 102nd Intelligence Wing to <a href="https://www.reuters.com/world/us/alleged-leaker-teixeiras-unit-ordered-halt-intelligence-mission-air-force-2023-04-18/" target="_blank">halt</a> its intelligence mission as the service's inspector general investigates the leak. Its duties have been temporarily reassigned to other Air Force units.<br>
<a name="update2"></a>
<br>
<br>
<div class="blockquote">
<b>UPDATE #2</b>:<br>
<br>
On April 26, 2023 the US Air Force said that the commander of the 102nd Intelligence Wing temporarily <a href="https://www.cbsnews.com/news/pentagon-leaker-jack-teixeira-intelligence-unit-leaders-suspended-air-force/" target="_blank">suspended</a> his subordinate commander of the 102nd Intelligence Support Squadron and the detachment commander overseeing administrative support.<br>
</div>
<br>
> See also: <a href="https://www.electrospaces.net/2023/05/new-details-about-pentagon-leak.html">New details about the Pentagon Leak</a><br>
<br>
<a name="documents"></a>
<br>
<br>
<font size="+3"><b>The documents</b></font> <font size="+2">intelligence briefings</b></font><br>
<br>
Reportedly, Jack Teixeira <a href="https://www.nytimes.com/2023/04/13/world/europe/jack-teixeira-pentagon-leak.html" target="_blank">posted</a> some 350 photos in the Thug Shaker Central Discord server, but it should be noted that each photo only shows a single page, so the actual number of complete documents is much lower.<br>
<br>
The maps and charts seem to come in sets of up to 8 pages and an unpublished intelligence summary also consists of 8 pages. This means the number of documents may be somewhere around 60.<br>
<br>
Various media outlets have gained access to around 100 photos, likely those that were shared to the wow_mao Discord server. Just over 50 of them have been shared more widely and were also available on <a href="https://gall.dcinside.com/mgallery/board/view/?id=war&no=3271888" target="_blank">some</a> websites. On April 16, Newsweek <a href="https://www.newsweek.com/2023/05/05/read-leaked-secret-intelligence-documents-ukraine-vladimir-putin-1794656.html" target="_blank">published</a> 20 of these photos with comments by William Arkin.<br>
<br>
Most widely available are eight out of the ten photos that made their way to the Minecraft Discord server and from there to 4chan and Telegram. They are shown down below (click the image to enlarge):<br>
<br>
<div class="blockquote">
<b>Russia/Ukraine | Status of the Conflict as of 1 Mar</b> (Pg 7)<br>
TOP SECRET//HCS-P/SI-G/TK//FGI//RSEN/ORCON/NOFORN/FISA<br>
March 1, 2023<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3_DhDdm426uxzxnlPTpWL1Hs_1dsvHT6nqmW6gsKGv2A-fqBkPbNOS8ppq82Mm2m2sNnewYwZn-uxHtfZSuHdGmrEGeYAe1cnRsp_RogBZUw9aGpWK3eAPAsKe6FkYqV1dxg75gkMtu-UepgUu6ZmpSwSx_Q7hdkIhYtP1Imrfp1_L2J7fqFWvw30/s2016/jointstaffdocs-07.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="1512" data-original-width="2016" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3_DhDdm426uxzxnlPTpWL1Hs_1dsvHT6nqmW6gsKGv2A-fqBkPbNOS8ppq82Mm2m2sNnewYwZn-uxHtfZSuHdGmrEGeYAe1cnRsp_RogBZUw9aGpWK3eAPAsKe6FkYqV1dxg75gkMtu-UepgUu6ZmpSwSx_Q7hdkIhYtP1Imrfp1_L2J7fqFWvw30/s600/jointstaffdocs-07.jpg"/></a></div>
<div align="center">
<font size="2">
IVO = In the Vicinity Of ICOD = Intelligence Cut-Off Date<br>
PCN = Product Control Number UAF = Ukraine Armed Forces<br>
</font>
</div>
<br>
<br>
<b>Assessed Operations in Kharkiv</b> (Pg 8)<br>
TOP SECRET//HCS-P/SI-G/TK//FGI//RSEN/ORCON/NOFORN<br>
March 1, 2023<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPVAqTmMl2uTNqdtBrXArzwT_9IDQIPY9CfEV8N45tItWqP29Q8PgAsIhx-T2rvMqWytl5DBGLZmTOY_q7W7pz4fbdiCzl4k60etN5GLtvWY3sD9UY_BMB2TflMxoQlSIgobZPeQBdSrB1MkFV9ZTyQ8pIBxCxDIpJ_4bmUO7AEraGYrrSAA7DGu3b/s2016/jointstaffdocs-08.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="1512" data-original-width="2016" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPVAqTmMl2uTNqdtBrXArzwT_9IDQIPY9CfEV8N45tItWqP29Q8PgAsIhx-T2rvMqWytl5DBGLZmTOY_q7W7pz4fbdiCzl4k60etN5GLtvWY3sD9UY_BMB2TflMxoQlSIgobZPeQBdSrB1MkFV9ZTyQ8pIBxCxDIpJ_4bmUO7AEraGYrrSAA7DGu3b/s600/jointstaffdocs-08.jpg"/></a></div>
<br>
<br>
<b>Bakhmut Axis</b> (Pg 10)<br>
TOP SECRET//HCS-P/SI-G/TK//FGI//RSEN/ORCON/NOFORN<br>
March 1, 2023<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAE8R7ljWh0f-lvpU2_R3kxiymKjGSW8R5as3WhCi_v_bRQIHrZgFhr_t0ChCbJszhtEJFTE8WTCHVIojVbXOa6l-7Glo2WovjnmT1zoO7wE7ZBrz6ZG1aKh3PXQrfSdiHKdTmrKeSEsLRkQC8oIZEXxnCiNzV86CxN16gvBzetYGo_3egtXr1ksJS/s2016/jointstaffdocs-10.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="1512" data-original-width="2016" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAE8R7ljWh0f-lvpU2_R3kxiymKjGSW8R5as3WhCi_v_bRQIHrZgFhr_t0ChCbJszhtEJFTE8WTCHVIojVbXOa6l-7Glo2WovjnmT1zoO7wE7ZBrz6ZG1aKh3PXQrfSdiHKdTmrKeSEsLRkQC8oIZEXxnCiNzV86CxN16gvBzetYGo_3egtXr1ksJS/s600/jointstaffdocs-10.jpg"/></a></div>
<br>
<br>
<b>Donetsk Axis</b> (Pg 11)<br>
TOP SECRET//HCS-P/SI-G/TK//FGI//RSEN/ORCON/NOFORN<br>
Date unknown<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgai6SfQjuMnG21XeG7SIlh2ghK_Ws91QOjM8_EEK5mOvyioCvDfGlLO-_6Iub5XcG4mBS_vRX4WjgQCEzxd20hiKlzRL5lb7_Q4RgEchv4MaXkibhheXVs9Dm-x1-BUvC_6OsHnSqNRp0ZwaH3ffkLfZHT5q4CJqrYobrVsKL0UoUXj6SIzXuwXvXt/s1258/jointstaffdocs-11.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="944" data-original-width="1258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgai6SfQjuMnG21XeG7SIlh2ghK_Ws91QOjM8_EEK5mOvyioCvDfGlLO-_6Iub5XcG4mBS_vRX4WjgQCEzxd20hiKlzRL5lb7_Q4RgEchv4MaXkibhheXVs9Dm-x1-BUvC_6OsHnSqNRp0ZwaH3ffkLfZHT5q4CJqrYobrVsKL0UoUXj6SIzXuwXvXt/s600/jointstaffdocs-11.jpg"/></a></div>
<br>
<br>
<b>Ukraine | Freeze Favorable To Vehicle Maneuver (~16 Inches) Projections</b> (Pg 13)<br>
SECRET//REL TO USA, FVEY<br>
February 28, 2023<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpJkWOgq9JJUmLBXBfVioEa7XGegQ_nNbOZ9NyfZn7BrqGJgt8UYUMix1pRCDbGJR_xpmMKBmnzGXqSvckJWBmgLGXvF7ASQEkGmw_t0qndHNspVPXooUQDpYzLuCvvqvV1Wt6nMUW4-eSFKeagrcv9GrXvSKKPfcT_YW_ebbS-yYwAn4EVaAOl1XL/s1230/jointstaffdocs-13.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="922" data-original-width="1230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpJkWOgq9JJUmLBXBfVioEa7XGegQ_nNbOZ9NyfZn7BrqGJgt8UYUMix1pRCDbGJR_xpmMKBmnzGXqSvckJWBmgLGXvF7ASQEkGmw_t0qndHNspVPXooUQDpYzLuCvvqvV1Wt6nMUW4-eSFKeagrcv9GrXvSKKPfcT_YW_ebbS-yYwAn4EVaAOl1XL/s600/jointstaffdocs-13.jpg"/></a></div>
<br>
<br>
<b>Russia/Ukraine Joint Staff J3/4/5 Daily Update (D+370)</b> (Pg 17)<br>
SECRET//NOFORN<br>
March 1, 2023<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCvIxMiZgLzUllvTYOX9UcbeNhhDiG5DwLI_v2hJuNLGsWTT3oDmn__T3vZbx4FBtcH_03z9zMF7B6jjm9-AvvBUE_rQ1ylibL_6WXxbJ01tLd3yNJ11YmuMMLS4AmvA9gfEoyyhzyIuvyUP7I7AFb3KrZqS8l7aMWjbH3U2fTDjGVhnZolfEo-TMO/s1260/jointstaffdocs-17.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="946" data-original-width="1260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCvIxMiZgLzUllvTYOX9UcbeNhhDiG5DwLI_v2hJuNLGsWTT3oDmn__T3vZbx4FBtcH_03z9zMF7B6jjm9-AvvBUE_rQ1ylibL_6WXxbJ01tLd3yNJ11YmuMMLS4AmvA9gfEoyyhzyIuvyUP7I7AFb3KrZqS8l7aMWjbH3U2fTDjGVhnZolfEo-TMO/s600/jointstaffdocs-17.jpg"/></a></div>
<div align="center">
<font size="2">
AOR = Area of Responsibility Pax = Persons<br>
CAO = Current As Off SIGACT = Significant Activity<br>
CCIR = Commander’s Critical Information Requirement<br>
SOF = Special Operations Forces <br>
</font>
</div>
<br>
<br>
<b>US. Allied & Partner UAF Combat Power Build</b> (Pg 24)<br>
SECRET//REL TO FIN, UKR, FVEY, NATO<br>
February 28, 2023<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglaPc-92zj6kHW47YAw3sV2kZeqSxVexzKPNhw7XaIDFuBV80k3hLjzSRlsSxNVbS_ldzQReZ95lQrDV-UKFWz4-XCJLBvepco9qPZW8azjk-fHLoO1m0KiLkhPmw5Spm21Ow1d4qTthN8oV6EmPevL8ibdC5Zl4g4uji2AYkZ9A4r-ME0Y-oao-mS/s1280/jointstaffdocs-24.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="960" data-original-width="1280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglaPc-92zj6kHW47YAw3sV2kZeqSxVexzKPNhw7XaIDFuBV80k3hLjzSRlsSxNVbS_ldzQReZ95lQrDV-UKFWz4-XCJLBvepco9qPZW8azjk-fHLoO1m0KiLkhPmw5Spm21Ow1d4qTthN8oV6EmPevL8ibdC5Zl4g4uji2AYkZ9A4r-ME0Y-oao-mS/s600/jointstaffdocs-24.jpg"/></a></div>
<div align="center">
<font size="2">
CAO = Current As Off BDE = Brigade<br>
</font>
</div>
<br>
<br>
<b>BDA From Recent Strike? Damage GBU BBCARD</b> (Pg 37)<br>
SECRET//REL TO USA, FVEY<br>
February 15, 2023<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQlFym0weRFYIKfoHuQjtY9eQ9BawA5RcCvMvoWflwv2lcKnKP8S_TlxHJ3BsKSYKANqp0Dz-v7_9XO7j33I-u91EIVRuuH7qochn4zpXeG0mQzP89HMReYhi9LEdY3ceuXaybDWdO9Ennd6jLY6nmmDvDg1TUMpFYnVBZjH2e_4g0aeMJHSx177Bj/s2048/jointstaffdocs-37.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="1234" data-original-width="2048" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQlFym0weRFYIKfoHuQjtY9eQ9BawA5RcCvMvoWflwv2lcKnKP8S_TlxHJ3BsKSYKANqp0Dz-v7_9XO7j33I-u91EIVRuuH7qochn4zpXeG0mQzP89HMReYhi9LEdY3ceuXaybDWdO9Ennd6jLY6nmmDvDg1TUMpFYnVBZjH2e_4g0aeMJHSx177Bj/s600/jointstaffdocs-37.jpg"/></a></div>
<div align="center">
<font size="2">
BDA = Battle Damage Assessment OSINT = Open Source Intelligence<br>
BBCARD = ? RFI = Request For Information<br>
GBU = Guided Bomb Unit SAG-U = Security Assistance Group - Ukraine<br>
</font>
</div>
<br>
<br>
The following video provides a detailed explanation of four of the leaked documents:<br>
<br>
<div align="center">
<iframe width="500" height="281" src="https://www.youtube.com/embed/6kU5_7r8Dtk" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
</div>
</div>
<br>
<br>
<br>
<b>Addtional page numbers</b><br>
<br>
Among the set of 50+ photos are more of these military maps and a close look reveals that in the lower right corner of most of them there's an additional page number that was printed over the original text. The highest page number is 59, which indicates that maybe even more of these maps and charts (with dates from February 27 to March 2) had apparently been part of one package:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFzx83ACdvtf72u2-lMLvlcHgCEbWMF8hqg7CFk4wcgayDNPE3KSWY-7hmum6JuD5rjBBVI8yOmKtYGvpi9DNk7pdvnOuT6lP6M7Rhys0EEcr3Y9fK-SBZtvTPUu3N9tkYPEm6bBXPNujdHOA4GzygchQwSTHxeH7uJrOtPNHhRHZjWQ3akCknlUoR/s228/jointstaffdocs-08a.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="250" data-original-height="137" data-original-width="228" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFzx83ACdvtf72u2-lMLvlcHgCEbWMF8hqg7CFk4wcgayDNPE3KSWY-7hmum6JuD5rjBBVI8yOmKtYGvpi9DNk7pdvnOuT6lP6M7Rhys0EEcr3Y9fK-SBZtvTPUu3N9tkYPEm6bBXPNujdHOA4GzygchQwSTHxeH7uJrOtPNHhRHZjWQ3akCknlUoR/s400/jointstaffdocs-08a.jpg"/></a></div>
<br>
<br>
It seems that all the documents with an additional number are about the war in Ukraine, so they were probably put together to provide a comprehensive overview of the current situation ("to inform senior military and civilian government officials during briefings at the Pentagon in Arlington, Virginia" as the <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.3.1.pdf" target="_blank">affidavit</a> says?)<br>
<br>
<br>
<b>The classification markings</b><br>
<br>
More eye-catching than the additional page numbers are the classification markings. Especially the map in the first photo (marked "Pg 7") has one of the longest classification lines seen so far:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFGIXWQ0yXyaagfvOxYXF7kvEcobVU_1ewnMBkhzh_DUokSMPxnf1tOaQ70H6vmnsnjYk2nSuPpyk06Dp-PU7X8LFHY1tR2-CmLvkXYbXhrNI0P1H7NbxlDYfpPGK7ydAjK8ntxp98VV-VyGnW5taJFLh0P6or8zptlSXRaCpBa2zmTmVpIgn_qv5m/s637/jointstaffdocs-1a.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="88" data-original-width="637" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFGIXWQ0yXyaagfvOxYXF7kvEcobVU_1ewnMBkhzh_DUokSMPxnf1tOaQ70H6vmnsnjYk2nSuPpyk06Dp-PU7X8LFHY1tR2-CmLvkXYbXhrNI0P1H7NbxlDYfpPGK7ydAjK8ntxp98VV-VyGnW5taJFLh0P6or8zptlSXRaCpBa2zmTmVpIgn_qv5m/s600/jointstaffdocs-1a.jpg"/></a></div>
<div align="center">
<font size="2">
Classification line of the document marked "Pg 07" (colors enhanced)<br />
</font>
</div>
<br>
<br>
These official classification lines consist of different types of markings, separated by a double slash. The meaning of the various parts is as follows:<br>
<br>
- TOP SECRET (release would cause exceptionally grave damage to national security)<br>
<br>
- HCS-P = HCS Product (intelligence reports based on human sources)<br>
- SI-G = Special Intelligence GAMMA (sensitive communication intercepts)<br>
- TK = TALENT-KEYHOLE (intelligence from satellite collection)<br>
<br>
- FGI = Foreign Government Information (classified info from foreign partners)<br>
<br>
- RSEN = Risk Sensitive <br>
- ORCON = Originator Controlled<br>
- NOFORN = No Foreign Nationals<br>
- FISA = Foreign Intelligence Surveillance Act<br>
<br>
<br>
The markings HCS-P, SI-G, TK and FGI show that this document contains information from all the main intelligence sources: human intelligence (HUMINT, marked HCS-P), signals intelligence (SIGINT, marked SI-G), imagery intelligence (IMINT, marked TK) and intelligence provided by foreign partners (marked FGI). The result is a so-called "all-source intelligence product".<br>
<br>
In this case, this product was created by the <a href="https://en.wikipedia.org/wiki/Defense_Intelligence_Agency" target="_blank">Defense Intelligence Agency</a> (DIA), which is responsible for fusing intelligence from multiple sources for military purposes, just like the Central Intelligence Agency (CIA) creates all-source intelligence reports for the president and senior civilian policymakers.<br>
<br>
<br>
The last part of the classification line consists of the dissemination markings: <br>
<br>
- Risk Sensitive, which is used by the <a href="https://en.wikipedia.org/wiki/National_Geospatial-Intelligence_Agency" target="_blank">National Geospatial intelligence Agency</a> (NGA) to "protect especially sensitive (satellite) imaging capabilities and exploitation techniques".<br>
<br>
- Originator Controlled, which means the originator of the information controls to whom it is released. It allows originators to maintain knowledge, supervision, and control of the distribution of the information beyond its original dissemination.<br>
<br>
- No Foreign Nationals, which means the information may not be disclosed or released to foreign nationals, foreign governments, or international organizations without permission by the originator of the information.<br>
<br>
- Foreign Intelligence Surveillance Act, which is the law that allows the collection of foreign intelligence at facilities inside the United States (i.e. <a href="http://electrospaces.blogspot.com/2014/04/what-is-known-about-nsas-prism-program.html">PRISM</a> and <a href="https://www.electrospaces.net/2014/01/slides-about-nsas-upstream-collection.html">Upstream</a> collection). Information from this source may not be used in criminal investigations without approval by the attorney general.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html">The US Classification System</a><br>
</div>
<br>
A similar, but much less visible classification line (without the FISA-marking) is found on some other maps:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjE00Bfb3DTvi2Qo4m9qpRQcptRJmJrTBlPFzhomUTYoO0oUzMEqbngPu8_xq5flejfZO-fdvHlgnKVsVdsS1NCZmsDKjKttEIdrktPMUNZYlPWM58_PUXSFwq74SPvuHxJBXrDN_OlgtIhXMO51ytB7a0BaoB8AncXATFpvO9LFFoNu9EXcWf_mKYt/s710/jointstaffdocs-08b.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="147" data-original-width="710" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjE00Bfb3DTvi2Qo4m9qpRQcptRJmJrTBlPFzhomUTYoO0oUzMEqbngPu8_xq5flejfZO-fdvHlgnKVsVdsS1NCZmsDKjKttEIdrktPMUNZYlPWM58_PUXSFwq74SPvuHxJBXrDN_OlgtIhXMO51ytB7a0BaoB8AncXATFpvO9LFFoNu9EXcWf_mKYt/s600/jointstaffdocs-08b.jpg"/></a></div>
<div align="center">
<font size="2">
Classification line of the document marked "Pg 08" (colors enhanced)<br />
</font>
</div>
<br>
<br>
<b>Intelligence briefings</b><br>
<br>
For most of the maps and charts it's not clear what their exact origin is, but a photo published by Newsweek shows a document with the header of the Daily Intelligence Update for the Secretary of Defense and the Chairman of the Joint Chiefs of Staff.<br>
<br>
This briefing is dated February 28, 2023 and was prepared by the <a href="https://www.jcs.mil/Directorates/J2-Joint-Staff-Intelligence/" target="_blank">Directorate for Intelligence</a> (J2) of the Joint Staff, which is managed by the DIA:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0vJC_v7HqgJTJBB8lWmsua-LFFOxOSnlQB5K_jc3rEJX--_uHxkNb8IRODSC6NoKtgwbZ508YUAXpRCQGnDfTLsPTkUlgIpqf0ovLVxJiogeybRPXGxZTT48U7NjGwORzjh3DWISaTYIEgtqUd3QWCASR_ZTGTo1r-LAlX8slUU0RcrfwGyNFO9R-/s764/jointstaff-dailyupdate.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="593" data-original-width="764" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0vJC_v7HqgJTJBB8lWmsua-LFFOxOSnlQB5K_jc3rEJX--_uHxkNb8IRODSC6NoKtgwbZ508YUAXpRCQGnDfTLsPTkUlgIpqf0ovLVxJiogeybRPXGxZTT48U7NjGwORzjh3DWISaTYIEgtqUd3QWCASR_ZTGTo1r-LAlX8slUU0RcrfwGyNFO9R-/s600/jointstaff-dailyupdate.jpg"/></a></div>
<div align="center">
<font size="2">
Title of the Daily Intelligence Update from February 28, 2023 (colors enhanced)<br />
</font>
</div>
<br>
<br>
Besides the military maps and charts, the set of 50+ photos also contains text documents. These appear to be daily intelligence briefings which consist of one-paragraph summaries of particular events from all over the world. Four different briefings can be distinguished:<br>
<br>
- CIA Operations Center Intelligence Update (March 2, 2023; 2 pages)<br>
<br>
- Signals Intelligence briefing (March 1 or 2, 2023; 8 pages)<br>
<br>
- Multiple source intelligence briefing (probably March 1, 2023; 2 pages)<br>
<br>
- Multiple source intelligence briefing (March 2, 2023; 5 pages)<br>
<br>
<br>
Covering events from all over the world and based upon all available sources of intelligence, these briefings are clearly intended for high-level military commanders and civilian policymakers, although they are likely also distributed among watch centers like the NSA's <a href="https://www.electrospaces.net/2023/03/the-national-security-operations-center.html">National Security Operations Center</a> (NSOC).<br>
<br>
The briefing that only contains signals intelligence appears almost identical to the NSA's Global SIGINT Highlights. Parts of the Global SIGINT Highlights from 2004 to 2012 were published in 2015 by Wikileaks, which had obtained them from a still unknown source. They were considered more embarrasing for the US than most of the Snowden documents.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/06/wikileaks-publishes-some-of-most-secret.html">Wikileaks published some of the most secret NSA reports so far</a><br>
</div>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkCyHUb_BGhVxifGxmJC9KyS4-nUTSqdn_1QGquEpSDOvpu8W2LQshWBcvDCj2NKwn28dj5Z3CETbwJx3IHnr-s2O74seOssAddO56xsgdgsl5KjoNQtBSfR66JTBWmDMyK9hBmBvhvRU/s1600/wikileaks-france-nsa-comint-gamma.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkCyHUb_BGhVxifGxmJC9KyS4-nUTSqdn_1QGquEpSDOvpu8W2LQshWBcvDCj2NKwn28dj5Z3CETbwJx3IHnr-s2O74seOssAddO56xsgdgsl5KjoNQtBSfR66JTBWmDMyK9hBmBvhvRU/s1600/wikileaks-france-nsa-comint-gamma.jpg" title="NSA intelligence report about an intercepted conversation between François Hollande and Jean-Marc Ayrault" width="500"></a><br>
<font size="2">
NSA report about an intercepted conversation of French president Hollande.<br>
From the Global SIGINT Highlights, published by Wikileaks in 2015<br>
<font color="gray">(click to enlarge)</font><br>
</font></div>
<br>
<br>
The Global SIGINT Highlights succeeded the SIGINT Digest, which also included maps, graphics and images. By the end of 1994, the NSA started to <a href="https://theintercept.com/snowden-sidtoday/3676082-intelink-then-and-now/" target="_blank">share</a> content of the SIGINT Digest on the JWICS version of <a href="https://en.wikipedia.org/wiki/Intelink" target="_blank">Intelink</a>, in order to make its intelligence products available for other agencies. However, Intelink may include information from the SCI compartments SI and TK, but not from HCS and GAMMA.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2021/12/about-intellipedia-and-other-us.html">About Intellipedia and other intelligence wikis from the Snowden trove</a><br>
</div>
<a name="serial"></a>
<br>
<br>
<b>Serial numbers</b><br>
<br>
In the unpublished intelligence briefings, each paragraph has one or more serial numbers which refer to the source of the information, usually an intelligence report by one of the US intelligence agencies. Here's a selection of the serial numbers from these briefings (with classification level and topic):<br>
<br>
<div class="blockquote">
<b>NSA serialized reports:</b><br>
3/55/120969-23 (TS/SI, about Jordan)<br>
Z-G/OO/121581-23 (TS/SI-G, about Israel)<br>
3/O5/121275-23 (TS/SI, about Colombia)<br>
3/OO/122012-23 (TS/SI, about North-Korea)<br>
Y-G/OO/122008-23 (TS/SI-G, about Brazil/Russia)<br>
G/RG/122297-23 (TS/SI-G, about Russia)<br>
3/OO/122310-23 (TS/SI, about the IAEA)<br>
Z-G/OO/122198-23 (TS/SI-G, about South-Korea)<br>
3/IR/122434-23 (TS/SI, about Central African Republic)<br>
G/RA/122097-23 (TS/SI-G, about Russia in Africa)<br>
3/RT/122431-23 (TS/SI, about Nigeria)<br>
<br>
(The format of these SIGINT serial numbers is <a href="https://www.electrospaces.net/2020/02/the-serial-numbers-of-nsa-reports.html">explained here</a>)<br>
<br>
<b>Australia's ASD serialized reports:</b><br>
3/EE/718-23 (TS/SI, about China)<br>
<br>
<b>Canada's CSE serialized reports:</b><br>
3/UU/442-23 (TS/SI, about Russia & Canada)<br>
<br>
<b>DIA reports:</b><br>
DIA_F_24OUB_A (TS/SI-G, about Nicaragua)<br>
DIA_F_24O3A_A (Secret, about war in Ukraine)<br>
DIA_F_24OR2_A (Secret, about ISIS)<br>
DIA_F_24ON5_A (Secret, about China)<br>
DIA_F_24OLT_A (TS/SI, about Russia)<br>
<br>
<b>CIA reports:</b><br>
WIRe2023-04119 (Secret/HCS-P, about Ethiopia)<br>
WIRe2023-27480 (Secret, about satellite interference)<br>
WIRe2023-04601 (TS/SI-G, about China)<br>
WIRe2023-03684 (Secret, about North-Korea)<br>
<br>
<b>Other CIA reports:</b><br>
CIA 50125415520 (Unclassified, about Israel)<br>
CIA-DA-IA-2023-01909 (TS/SI, about nuclear security)<br>
CIA Intel Update [date]<br>
<br>
<b>INR reports:</b><br>
INR Night Owl Notes [date]<br>
<br>
<b>DEA reports:</b><br>
DEA-NN-IIR-3998-23 (Secret, Haiti/Russia)<br>
<br>
<b>National Intelligence Council:</b><br>
NIC-NICM-2023-04600 (Secret, about West/Central Africa)<br>
NIC-NICM-2023-04261 (?, about Ukraine)<br>
<br>
<b>Unknown:</b><br>
AFP202302281614370370 (Unclassified, about Israel)<br>
EUW2023030116612750 (Unclassified, about Nigeria)<br>
LIW2023022771195902 (Unclassified, about Israel)<br>
EUW2023030167988335 (TS/SI, about Iran)<br>
AFW2023030163657742 (Secret, Nigeria)<br>
</div>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3t8rrITMCQq2pkXeY0TwuboUZM6v6Ibxi5jh8F6po7Jlq41k83HOYV4ZA9PALRRXh4Qkr3M-9S6qehYYJ1XJ_LUXbvV8UWKZKF9s0PUBhlO-dYnmLjX_-zSTzfF-8JAXtb91ejDUxajoIev0Uq6No5vLpC66VbNvnhNfC_5hmlRN3-9wGAbc5bozT/s800/jointstaffdocs-serialnumbers.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="400" data-original-height="456" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3t8rrITMCQq2pkXeY0TwuboUZM6v6Ibxi5jh8F6po7Jlq41k83HOYV4ZA9PALRRXh4Qkr3M-9S6qehYYJ1XJ_LUXbvV8UWKZKF9s0PUBhlO-dYnmLjX_-zSTzfF-8JAXtb91ejDUxajoIev0Uq6No5vLpC66VbNvnhNfC_5hmlRN3-9wGAbc5bozT/s600/jointstaffdocs-serialnumbers.jpg"/></a></div>
<div align="center">
<font size="2">
Compilation of NSA serial numbers found in the briefings (<a href="https://twitter.com/ParssinenPaulus/status/1646696354624749573" target="_blank">source</a>)<br>
</font>
</div>
<br>
<br>
<b>Dates of the documents</b><br>
<br>
If we look at the dates of the aforementioned documents, we see that all the text briefings are from March 1 and March 2, 2023. Some of the maps and charts have dates from the second half of February, but they seem to be part of the "Ukraine package", the latest date of which is March 1. <br>
<br>
Some screenshots from the wow_mao Discord server show that the user called Lucca already posted the photos of these documents there on March 1 and March 2.<br>
<br>
That means Teixeira took the printed briefings home at the end of the same day that they had been released, photographed tens of pages, posted them on his own Discord server, after which Lucca reposted them almost immediately, or ultimately the next day on the wow_mao server. <br>
<br>
This was repeated on March 2, when Lucca reposted documents dated February 28 and March 1, mostly from the "Ukraine package". This shows how eager both Teixeira and Lucca were to share the Top Secret information.<br>
<br>
The earliest date seen so far is January 13, 2023, which is found on a chart that was
<a href="https://www.washingtonpost.com/world/2023/04/18/china-supersonic-drone-taiwan-leaks/" target="_blank">published</a> by The Washington Post on April 18:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_ntSFaq2Cr41-EWm1cKOwUqZTLLcA7MGgRN5AWNvfXSMzBgCi3sERHPwgdFBc2GRP-_IBtIsNoCI7DNZHsWONpWHIWPmMBfPzGtbglf8mPECz5mzoLtHM92DLhs6OvWWH-PBfSVl6E4Q7fRSQ-xMSlvjPK2iisskdRYmfOyktRESKWh4f5nxIhH-8/s673/jointstaffdocs-supersonic.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="460" data-original-width="673" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_ntSFaq2Cr41-EWm1cKOwUqZTLLcA7MGgRN5AWNvfXSMzBgCi3sERHPwgdFBc2GRP-_IBtIsNoCI7DNZHsWONpWHIWPmMBfPzGtbglf8mPECz5mzoLtHM92DLhs6OvWWH-PBfSVl6E4Q7fRSQ-xMSlvjPK2iisskdRYmfOyktRESKWh4f5nxIhH-8/s600/jointstaffdocs-supersonic.jpg"/></a></div>
<div align="center">
<font size="2">
Leaked document that "highlights capabilities and notional flight paths<br>
of China's supersonic reconnaissance drone, along with satellite images<br>
of its home base at Liuan Airfield", January 13, 2023.<br>
</font>
</div>
<br>
<a name="access"></a>
<br>
<br>
<font size="+3"><b>The access</b></font> <font size="+2">JWICS</b></font><br>
<br>
A frequently asked question is whether a low-level airman like Jack Teixeira had legitimate access to the documents he leaked. Given his Top Secret/SCI clearance he was allowed to work with intelligence information, but even if his unit was involved in (cyber) operations in Ukraine, it's unlikely that he had the need-to-know for high-level briefings covering events from all over the world.<br>
<br>
But where did he get them from? The easiest way would have been that a senior commander at Otis Air Base asked Teixeira to print out his daily briefings, and that Teixeira was able to grab those papers afterwards and took them home, instead of throwing them into the <a href="https://en.wikipedia.org/wiki/Burn_bag" target="_blank">burn bag</a> to be safely destructed.<br>
<br>
Already during the Snowden-leaks it became clear the NSA and other agencies <a href="https://www.washingtonpost.com/world/national-security/nsa-contractor-thought-to-have-taken-classified-material-the-old-fashioned-way/2016/10/12/ffc25e22-8cb1-11e6-875e-2c1bfe943b66_story.html" target="_blank">don't impose</a> universal checks of personnel and their belongings as they enter and leave secure facilities. Security guards only conduct random checks and use their discretion in order to keep and build the trust of the employees: "Anything that could fit in a pocket could go out undetected".<br>
<br>
In this case, however, the number of pages Teixeira took home around March 1, 2023 was so high (which is also indicated by the unsharp folds), that they wouldn't have easily fit in a pocket, but he could have put them under his clothes.<br>
<br>
<br>
<b>Unauthorized access?</b><br>
<br>
In the US, intelligence is disseminated through the Joint Worldwide Intelligence Communications System (better known as JWICS), which is a highly secure communications network for information up to the level of Top Secret/SCI. It <a href="https://www.c4isrnet.com/battlefield-tech/it-networks/2022/12/13/dia-awards-contract-to-modernize-secretive-it-network-to-unnamed-firm/" target="_blank">has</a> "only" around 200,000 users, so it's not like all 1.25 million people who hold a Top Secret clearance had access to the leaked files, like various press <a href="https://www.theguardian.com/us-news/2023/apr/21/pentagon-leak-modern-spying-ts-si-fvey-signals-intelligence-five-eyes" target="_blank">reports</a> suggested.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/03/us-military-and-intelligence-computer.html">US military and intelligence computer networks</a><br>
</div>
<br>
On the JWICS network, access is further <a href="https://archive.is/5d9iZ" target="_blank">restricted</a> through additional <a href="https://apps.dtic.mil/sti/pdfs/ADA460253.pdf" target="_blank">login requirements</a> for the various tools, programs and user groups (Communities of Interest), depending on someone's need-to-know. For example, for sharing intelligence, including from the GAMMA and HCS compartments, there's a collaborative workspace called i-Space (formerly <a href="https://en.wikipedia.org/wiki/A-Space" target="_blank">A-Space</a>), but users have to be individually authorized to see data about a particular topic or country.<br>
<br>
<br>
<b>Security measures</b><br>
<br>
When A-Space was launched (for 10.000 users) in 2007, an intelligence official <a href="https://web.archive.org/web/20150825043439/http://www.informationweek.com/us-spy-agencies-go-web-20-in-effort-to-better-share-information/d/d-id/1058453" target="_blank">admitted</a> that "This is a counter-intelligence nightmare. You've got to ask yourself, if there's one bad apple here, how much can that bad apple learn?" To mitigate that risk, A-Space would be additionally secured by looking out for suspiciously anomalous searches.<br>
<br>
Given the fact that the leaked intelligence briefings contain information from the GAMMA and HCS compartments, we have to assume that there are similar security measures in place as those for i-Space and that it's not possible to access such documents without a proper individual authorization based upon someone's clearance and need-to-know.<br>
<br>
<br>
While the US intelligence community is improving intelligence-sharing (not only since the attacks of 9/11, but already <a href="https://theintercept.com/snowden-sidtoday/3676082-intelink-then-and-now/" target="_blank">since</a> the first Gulf War from 1990-1991), that doesn't mean that security is ignored. How Teixeira was nevertheless able to get hold of the highly classified documents he shared on Discord is something that still has to be clarified.<br>
<a name="update3"></a>
<br>
<br>
<div class="blockquote">
<b> UPDATE #3:</b><br>
<br>
In the larger Discord server, where Teixeira called himself "unknowing", he <a href="https://archive.is/4UsqG" target="_blank">explained</a> his knowledge by saying: "I have a little more than open source info. Perks of being in a USAF intel unit".<br>
He also wrote that he was able to access a site run by the NSA and that "I usually work with GCHQ people when I’m looking at foreign countries". On February 28, 2022 he said that "the job i have lets me get privilege's above most intel guys":<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJwfw3150t_22qmb7FIcnJQewErJt95t2K3w560NtKiq3y_yheesd7_Y_eSzTuDnr3Fav1bVqwR1kFxU0ZiwbCIvS6HDt07FgJXz5jH3LBkWRpW4oNN64q-cGfZZEWNt2zdICTleqU5_gmJW7fKnhiv8xWeOmKFotDA3NZ6p241282T6nhNvLWxQ83/s1440/teixeira-unknowning.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="757" data-original-width="1440" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJwfw3150t_22qmb7FIcnJQewErJt95t2K3w560NtKiq3y_yheesd7_Y_eSzTuDnr3Fav1bVqwR1kFxU0ZiwbCIvS6HDt07FgJXz5jH3LBkWRpW4oNN64q-cGfZZEWNt2zdICTleqU5_gmJW7fKnhiv8xWeOmKFotDA3NZ6p241282T6nhNvLWxQ83/s400/teixeira-unknowning.jpg"/></a></div>
<div align="center">
<font size="2">
Discord post by Teixeira under the nickname unknowing (<a href="https://twitter.com/AricToler/status/1649569877395398659" target="_blank">source</a>)<br>
</font>
</div>
<br>
<br>
This sounds very similar to Edward Snowden again, who once <a href="https://lithub.com/edward-snowden-on-why-we-must-protect-our-privacy/" target="_blank">said</a>: "What was special about me was I had a special clearance called PRIVAC, which meant I could see across silos. I saw the big picture." <br>
PRIVAC stands for Privileged Access and is <a href="https://www.documentcloud.org/documents/3863426-Savage-NYT-FOIA-DOD-IG-Report-Post-Snowden-NSA.html" target="_blank">described</a> as "a higher level of access than the level of access needed to perform normal processes and system operations", which means these people <a href="https://venturebeat.com/security/exclusive-how-the-nsa-plans-to-prevent-another-snowden/" target="_blank">have</a> the capability to change network addresses, copy data, and install apps without raising red flags. <br>
After Snowden, the NSA intended to reduce the number of PRIVAC users, but in 2016, the DoD Inspector General <a href="https://www.techdirt.com/2017/06/20/oversight-report-shows-nsa-failed-to-secure-systems-following-snowden-leaks/" target="_blank">found</a> that the agency had <a href="https://www.vice.com/en/article/wjqk99/the-nsa-has-done-little-to-prevent-the-next-edward-snowden" target="_blank">failed</a> to do so.<br>
<br>
<a name="update4"></a>
<br>
<b> UPDATE #4:</b><br>
<br>
From the government's <a href="https://storage.courtlistener.com/recap/gov.uscourts.mad.255930/gov.uscourts.mad.255930.19.0_3.pdf" target="_blank">motion for pretrial detention</a> of Jack Teixeira, which was released on April 27, 2023, it became <a href="https://archive.is/D1Pqs" target="_blank">clear</a> that he had a "troubling history of making racist and violent remarks". Teixeira had been suspended from high school in 2018 for alarming comments about the use of Molotov cocktails and other weapons. This behavior was so disturbing that it was flagged by local police when Teixeira applied for a firearms identification card. <br>
<br>
Prosecutors also <a href="https://archive.is/D1Pqs" target="_blank">made public</a> a series of social media posts from 2022 and 2023 in which Teixeira expressed his desire to kill a "ton of people" and cull the "weak minded," and described what he called an "assassination van" to kill people in a "crowded urban or suburban environment." In his bedroom, investigators found a small arsenal, including handguns, bolt-action rifles, shotguns, an AK-style high-capacity weapon:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWpycu_WRDHzFx6kSy56se4_zQ-A3hggBPGDn0T5li7DKjSXvuKDYYxsiPquTd_f4BSMPWpEP9f1JBpvsVI5BMMQ1m0WQe4vpelwcXJTPHkmCLcjcY5ITcPcvzp065yOIRa-brCiM7fPYPZRJsTn9wPaAH11SujchbwdxJgDwvWvgBv6uOaHo6vegy/s680/teixeira-armsbedroom.jpeg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="384" data-original-width="680" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWpycu_WRDHzFx6kSy56se4_zQ-A3hggBPGDn0T5li7DKjSXvuKDYYxsiPquTd_f4BSMPWpEP9f1JBpvsVI5BMMQ1m0WQe4vpelwcXJTPHkmCLcjcY5ITcPcvzp065yOIRa-brCiM7fPYPZRJsTn9wPaAH11SujchbwdxJgDwvWvgBv6uOaHo6vegy/s600/teixeira-armsbedroom.jpeg"/></a></div>
<div align="center">
<font size="2">
FBI photo of the firearms found in one of Teixeira's bedrooms<br>
</font>
</div>
<br>
<br>
This raises serious questions about how it was possible that Teixeira was granted a Top Secret/SCI clearance. Some <a href="https://www.spytalk.co/p/jack-teixeira-and-me" target="_blank">suggested</a> that his behaviour might not have been very different from what is common among young airman - the <a href="https://en.wikipedia.org/wiki/United_States_House_Select_Committee_on_the_January_6_Attack" target="_blank">investigation</a> of the January 6 attack on the Capitol found that the military services included too many neo-Nazi and white supremacy extremists, <a href="https://www.spytalk.co/p/classified-us-intelligence-chat-rooms" target="_blank">including</a> in their intelligence ranks.<br>
<br>
Former NSA general counsel Glenn Gerstell <a href="https://www.wsj.com/articles/denied-a-gun-license-over-school-threat-accused-leaker-jack-teixeira-later-got-top-secret-clearance-1b0cd54#" target="_blank">said</a> that "repugnant views and having lots of guns in your bedroom are not automatically going to disqualify you for a security clearance", especially because the US government has for decades struggled to attract sufficient IT and cybersecurity talent.<br>
<br>
The <a href="https://en.wikipedia.org/wiki/Defense_Counterintelligence_and_Security_Agency" target="_blank">Defense Counterintelligence and Security Agency</a> (DCSA) confirmed that its background investigations do "not include automated checks of social media or chat rooms." A <a href="https://www.bbc.com/news/world-us-canada-65415971" target="_blank">review</a> of a serving individual's social media is only likely if their superiors have a reason to be alarmed, which is not only due to a lack of manpower, but also because it's difficult to attribute anonymous profiles.<br>
<br>
<a name="update5"></a>
<br>
<b> UPDATE #5:</b><br>
<br>
On December 11, 2023, the US Air Force released a <a href="https://www.af.mil/Portals/1/documents/2023SAF/UD_ROI_-_11_Dec_23.pdf" target="_blank">report</a> by its Inspector General which identified a range of deficiencies at Otis Air National Guard Base:<br>
<br>
- Four cases of suspicious behaviour by Jack Teixeira weren't properly reported to security officials;<br>
- IT specialists received weekly intelligence briefings to better understand the importance of their work, but this "know your why" effort was improper in that it provided higher level classified information than was necessary;<br>
- Some personnel believed having a TS-SCI clearance meant users had approval to examine any information they could find on JWICS;<br>
- No permission controls were in place to monitor print jobs, so any night shift member had ample opportunity to access JWICS sites
and print a high volume of products without supervision or detection;<br>
- Unit members described trusting their coworkers without verifying access or need to know and inconsistently practicing certain disciplines;<br>
- Unit leaders created a critically permissive culture that reinforced risk-accepting behaviors at inappropriate levels.<br>
<br>
As a result of the investigation, no less than 15 Air National Guardsmen have been <a href="https://www.c4isrnet.com/news/your-military/2023/12/11/15-air-national-guardsmen-disciplined-in-discord-server-leak/?utm_source=sailthru&utm_medium=email&utm_campaign=c4-cyber" target="_blank">disciplined</a>, including the wing and group commanders, as well as more junior officers and noncommissioned officers.<br>
</div>
<br>
<br>
> See also: <a href="https://www.electrospaces.net/2023/05/new-details-about-pentagon-leak.html">New details about the Pentagon Leak</a><br>
<br>
<br>
<br>
<b>Links and Sources</b><br>
<font size="2">
<br>
- PBS Frontline documentary: <a href="https://www.pbs.org/video/the-discord-leaks-zrdqg7/" target="_blank">The Discord Leaks</a> (Dec. 12, 2023)<br>
<br>
- The New York Times: <a href="https://archive.is/5d9iZ" target="_blank">The Next Intelligence Leak Could Be Prevented</a> (April 24, 2023)<br>
- The New York Times: <a href="https://archive.is/4UsqG" target="_blank">Airman Shared Sensitive Intelligence More Widely and for Longer Than Previously Known</a> (April 21, 2023)<br>
- Financial Times: <a href="https://www.ft.com/content/fc72d277-7fa8-4b29-9231-4feb34f43b0c" target="_blank">The Pentagon leak: how a low-ranked 21-year-old accessed top US secrets</a> (April 19, 2023)<br>
- Newsweek: <a href="https://www.newsweek.com/2023/05/05/read-leaked-secret-intelligence-documents-ukraine-vladimir-putin-1794656.html" target="_blank">Read the Leaked Secret Intelligence Documents on Ukraine and Vladimir Putin</a> (April 16, 2023)<br>
- PwnAllTheThings: <a href="https://www.pwnallthethings.com/p/pentagon-leaks-whats-the-damage" target="_blank">Pentagon Leaks: What's the Damage?</a> (April 15, 2023)<br>
- Emptywheel: <a href="https://www.emptywheel.net/2023/04/15/jack-teixeira-leak-dumps-dont-care-about-the-story-you-tell-about-motive/" target="_blank">Jack Teixeira: Leak Dumps Don’t Care about (the Story You Tell about) Motive</a> (April 15, 2023)<br>
- The New York Times: <a href="https://www.nytimes.com/2023/04/13/world/europe/jack-teixeira-pentagon-leak.html" target="_blank">The Airman Who Gave Gamers a Real Taste of War</a> (April 13, 2023)<br>
- The Cipher Brief: <a href="https://www.thecipherbrief.com/leak-questions-begin-to-center-around-a-cell-phone" target="_blank">Leak Questions Begin To Center Around A Cell Phone</a> (April 12, 2023)<br>
- The Washington Post: <a href="https://www.washingtonpost.com/national-security/2023/04/12/discord-leaked-documents/" target="_blank">Discord member details how documents leaked from closed chat group</a> (April 12, 2023)<br>
- Verschlusssache: <a href="https://ojihad.wordpress.com/2023/04/11/was-steht-in-den-geheimpapieren/" target="_blank">Was steht in den Geheimpapieren?</a> (April 11, 2023)<br>
- Emptywheel: <a href="https://www.emptywheel.net/2023/04/09/the-thug-shaker-leaks/" target="_blank">The Thug Shaker Leaks</a> (April 9, 2023)<br>
- Bellingcat: <a href="https://www.bellingcat.com/news/2023/04/09/from-discord-to-4chan-the-improbable-journey-of-a-us-defence-leak/" target="_blank">From Discord to 4chan: The Improbable Journey of a US Intelligence Leak</a> (April 9, 2023)<br>
- Motherboard: <a href="https://www.vice.com/en/article/pkadnb/pentagons-ukraine-war-plans-leaked-on-minecraft-discord-before-telegram-and-twitter" target="_blank">Pentagon’s Ukraine War Plans Leaked on Minecraft Discord Before Telegram and Twitter</a> (April 7, 2023)<br>
- The New York Times: <a href="" target="_blank">Leaked documents expose US-NATO Ukraine war plans</a> (April 7, 2023)<br>
- Politico: <a href="https://www.politico.com/news/2023/04/07/leaked-military-documents-on-ukraine-battlefield-operations-circulated-as-early-as-march-00091073" target="_blank">Leaked military documents on Ukraine battlefield operations circulated as early as March</a> (April 7, 2023)<br>
- The Gray Zone: <a href="https://thegrayzone.com/2023/04/07/leaked-documents-us-nato-ukraine-war-plan/" target="_blank">Leaked documents expose US-NATO Ukraine war plans</a> (April 7, 2023)<br>
- The New York Times: <a href="https://www.nytimes.com/2023/04/06/us/politics/ukraine-war-plan-russia.html" target="_blank">Ukraine War Plans Leak Prompts Pentagon Investigation</a> (April 6, 2023)<br>
</font>
<br>
<br>P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com8tag:blogger.com,1999:blog-4559002410879446409.post-13507536624354018722023-03-02T12:52:00.128+01:002023-10-31T23:37:58.651+01:00The National Security Operations Center (NSOC): 50 years in photos<div align="right"><font size="2" color="gray">(Updated: October 30, 2023)</font></div>
<br>
On February 21, the NSA's National Security Operations Center (NSOC) celebrated
its 50-year anniversary. For this occasion, I will take a close look at a range
of unique historic photos from inside this "Nerve Center of NSA".<br />
<br />
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl7keFuGqcGHFgeGr6ICxf4JVMwXpcjelWj6NitzS32vIis0zZ-IKFNp_GwrUsgAUG4QjFmEmayMbMQdV3qbC_hHLA4IYIhvOK4CpWR6Q0i212NcKW_sYbgxQzyZcvKzuf-lb-SPJ5FhtcLogcLJdfBok6wc2b1FevKg18OIMwZEPqPlLXbkfa9K55/s800/nsoc-50yrs-header2.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="650" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl7keFuGqcGHFgeGr6ICxf4JVMwXpcjelWj6NitzS32vIis0zZ-IKFNp_GwrUsgAUG4QjFmEmayMbMQdV3qbC_hHLA4IYIhvOK4CpWR6Q0i212NcKW_sYbgxQzyZcvKzuf-lb-SPJ5FhtcLogcLJdfBok6wc2b1FevKg18OIMwZEPqPlLXbkfa9K55/s600/nsoc-50yrs-header2.jpg"/></a></div>
<br />
<br />
<br />
<font size="+1"><b>NSA watch centers</b></font
><br />
<br />
At the US National Security Agency (NSA) there are two major watch centers operating on a
24 hours a day, 7 days a week basis:<br />
<br />
- The <b>National Security Operations Center (NSOC)</b>, established in 1973 for monitoring unfolding events and crises around the world, coordinating time-sensitive actions and providing actionable intelligence to military and civilian decision-makers.<br />
<br />
- The <b>NSA/CSS Threat Operations Center (NTOC)</b>, established in 2004 for
real-time situational awareness of cyber threats against US computer systems and
coordinating both defensive and offensive Computer Network Operations (CNO).<br />
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2014/01/nsas-organizational-designations.html">NSA's organizational designations</a><br>
</div>
<br />
<br />
<br />
<font size="+2"><b>The history of NSOC</b></font
><br />
<br />
The various international crises in the 1960s, like the tensions in the Middle
East, the Soviet invasion of Czechoslovakia, and the capture of the
<a href="https://en.wikipedia.org/wiki/USS_Pueblo_%28AGER-2%29" target="_blank"
>USS Pueblo</a
>, prompted NSA leadership to create separate offices for these geographic
regions. The same events, however, demonstrated the need for immediate input
from multiple offices to get a full understanding of what was happening around
the globe.<br />
<br />
Therefore, the National Sigint Watch Center (NSWC) was created in December 1968.
But already during its set-up a major crisis evolved, when in April 1969 North
Korea
<a
href="https://en.wikipedia.org/wiki/1969_EC-121_shootdown_incident"
target="_blank"
>shot down</a
>
a US Navy EC-121 SIGINT reconnaissance aircraft. Assistant Director for
Production (ADP) John E. Morrison, Jr. was frustrated when he had to <a href="https://documents.theblackvault.com/documents/nsa/cryptoalmanac/the_formation_of_nsoc.pdf" target="_blank">speed</a> between
various watch centers attempting to piece together a complete picture for
military and policy leaders.<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWkJbaOrN8aUHRXe4KnnUOUi-0eO-rtWJrcXlewjck0KLsBqwDiXVCC7RhAUwcydN38SPBTl4fZtQFb2iid4J75aoVOS_rXllU54iIVPrHpDWBKeSDeUhRIkB281ZvhWYmpVFe3VMQ33bseOW6gLUrmXuVY24CKriaMnef4JsnKRFT84JkRr00DtFP/s492/nsoc-morrison.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="200"
data-original-height="492"
data-original-width="459"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWkJbaOrN8aUHRXe4KnnUOUi-0eO-rtWJrcXlewjck0KLsBqwDiXVCC7RhAUwcydN38SPBTl4fZtQFb2iid4J75aoVOS_rXllU54iIVPrHpDWBKeSDeUhRIkB281ZvhWYmpVFe3VMQ33bseOW6gLUrmXuVY24CKriaMnef4JsnKRFT84JkRr00DtFP/s400/nsoc-morrison.jpg"
/></a>
</div>
<div align="center">
<font size="2">
Major General John E. Morrison, Jr.<br />
<font color="gray">(photo via NCM)</font><br />
</font>
</div>
<br />
<b>The creation of NSOC</b><br />
<br />
After the EC-121 incident Morrison proposed, and eventually established, a
single dedicated watch center to coordinate a rapid response of the NSA to
incidents and crises. The new center began limited operations in December 1972
and was formally inaugurated on February 21, 1973, as the National Sigint
Operations Center (NSOC).<br />
<br />
NSOC (pronounced as "N-sock") was housed at the third floor of the east corridor in the OPS-1 building at
the NSA's headquarters compound. OPS-1 is the large flat, three-story building
which was built in 1957 as the NSA's very first building at Fort Meade,
Maryland: <br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO9q5W_1PnccMrn6-wu0dKcyM2CmfC-bVW-8Vjw9iH9bi7fxCWdl81d_UTOQy0IOtf6JlfrXextJFu8EIR5CzmDehvN4JVta-IHCbVAIpJwyYTYJAjGy5HCIA2mMIIvNI3SpAgGfJ0LimHTVUPL1wo-Zp0mdE2NIhkdhhFPRiLGx3swUKzcjg1Y0C7/s540/nsa-hq-ops.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="500"
data-original-height="366"
data-original-width="540"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO9q5W_1PnccMrn6-wu0dKcyM2CmfC-bVW-8Vjw9iH9bi7fxCWdl81d_UTOQy0IOtf6JlfrXextJFu8EIR5CzmDehvN4JVta-IHCbVAIpJwyYTYJAjGy5HCIA2mMIIvNI3SpAgGfJ0LimHTVUPL1wo-Zp0mdE2NIhkdhhFPRiLGx3swUKzcjg1Y0C7/s600/nsa-hq-ops.jpg"
/></a>
</div>
<br />
<br />
<br />
<font size="+2"><b>NSOC in the 1970s</b></font
><br />
<br />
How the National Sigint Operations Center initially looked can be seen in some
great photos from the archive of the NSA's
<a href="https://www.nsa.gov/museum/" target="_blank"
>National Cryptologic Museum</a
>
(NCM), which provide a unique look behind once tightly closed doors:<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjG7t-uRiq1eMdSHyCjt5vR2eB_r0iohWy2wXs5XfCNJT5q0ylMdZuwVyMtOS7LLK3h-JN3KjETliwDrHibtJgfZyoZlLR_L4nHTbEmxm7dFdBW30TWmc14FS0YH6dxnpIMsx9P4xyJ-s1mrrh4i-pf5rCiHFityFGCGICazB8-lTLpyLtUL4x1qcYx/s500/nsoc-ncmphoto.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="500"
data-original-height="361"
data-original-width="500"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjG7t-uRiq1eMdSHyCjt5vR2eB_r0iohWy2wXs5XfCNJT5q0ylMdZuwVyMtOS7LLK3h-JN3KjETliwDrHibtJgfZyoZlLR_L4nHTbEmxm7dFdBW30TWmc14FS0YH6dxnpIMsx9P4xyJ-s1mrrh4i-pf5rCiHFityFGCGICazB8-lTLpyLtUL4x1qcYx/s600/nsoc-ncmphoto.jpg"
/></a>
</div>
<div align="center">
<font size="2">
Entrance to the National Sigint Operations Center (NSOC), 1970s<br />
<font color="gray">(photo: National Cryptologic Museum)</font><br />
</font>
</div>
<br />
<br />
Behind this door were the NSOC rooms, including its main watch floor, which consisted of a large open space with numerous desks. Despite the fact that almost all desks have a computer terminal, there is still a lot of paper present:<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpL-NtEnx6ZsqPzDbguQPkcndnMPsmB7YK3UM7TNTaLQZmtxFYe-zoTMRo7hn3A_jcyX2WdnxFCoF90mWnd0kzrqiozjWMIwRN3OBG5unqsA5rHtmXv8d0cEkml7CBwMwAXH3epvONgjK_0LZRqda7t1d6guWDn0xU_MWiF5reqlR54TgedRt4Qeja/s1000/nsoc-1970s.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="793"
data-original-width="1000"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpL-NtEnx6ZsqPzDbguQPkcndnMPsmB7YK3UM7TNTaLQZmtxFYe-zoTMRo7hn3A_jcyX2WdnxFCoF90mWnd0kzrqiozjWMIwRN3OBG5unqsA5rHtmXv8d0cEkml7CBwMwAXH3epvONgjK_0LZRqda7t1d6guWDn0xU_MWiF5reqlR54TgedRt4Qeja/s600/nsoc-1970s.jpg"
/></a>
</div>
<div align="center">
<font size="2">
A view of the NSOC watch floor from its early days in the 1970s<br />
<font color="gray">(photo: NSA - click to enlarge)</font><br />
</font>
</div>
<br />
<br />
It's not yet clear what kind of computer terminals we see on the desks, but one suggestion is that they might have been from Wang Laboratories. Terminals like these <a href="https://web.archive.org/web/20100527224956/http://www.nsa.gov/public_info/_files/cryptologic_spectrum/nsoc.pdf" target="_blank">allowed</a> NSOC officers access to (informal) teletype links with listening posts, query, update and maintain various databases and review time-sensitive reports. There was also a computer system called SOLIS (Sigint On-Line Information System) for rapid retrieval of SIGINT reports and requirements from the last 14 months.<br>
<br>
The telephones right next to the computer terminal are <a href="http://www.paul-f.com/we1500typ.html#CallDirector" target="_blank">Call Directors</a>: the upper one in black with a keypad and 6 push buttons, the lower one is an older version in white with a rotary dial and 18 push buttons. The Call Director was
manufactured by Western Electric from 1958 to the early 1980s and was the most advanced phone from its (largely electromechanical)
<a href="https://en.wikipedia.org/wiki/1A2_Key_Telephone_System" target="_blank">1A2 Key Telephone System</a>. Here, one may have been used for secure and another one for non-secure calls.<br />
<br>
The desk in the front of the photo even has a third telephone set of the common type from those days but without a rotary dial. Such a phone was usually used for a hotline or a dedicated alerting network, like the secure <a href="https://en.wikipedia.org/wiki/National_Operational_Intelligence_Watch_Officer%27s_Network" target="_blank">National Operational Intelligence Watch Officer's Network</a> (NOIWON), which connects NSOC with other military and intelligence watch centers.<br>
<br>
<br>
Adjacent to the large NSOC watch floor were separate rooms and spaces for specific
purposes, like a conference room, a teletype printer room, some kind of map room, a control room
and an office for the Senior Operations Officer:<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFux5JsBsDPSlWHdwiNp_QqKFtkKmK7sBdSxu2740kfrxSIkfG15lINPVmc2sZ1RSswl_PFL_LqBn-syzx1SmDrO3DyiCl-P-JfbmGW4lKE8vQ8ckK_AM4KvGjPzU8eucgOmmZZ0PFeMrCFVArXL8B8lzE-W4IudfUgnXGRKB4l5JlDsQUAZcRKTrF/s1000/nsoc-teletyperoom.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="725"
data-original-width="1000"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFux5JsBsDPSlWHdwiNp_QqKFtkKmK7sBdSxu2740kfrxSIkfG15lINPVmc2sZ1RSswl_PFL_LqBn-syzx1SmDrO3DyiCl-P-JfbmGW4lKE8vQ8ckK_AM4KvGjPzU8eucgOmmZZ0PFeMrCFVArXL8B8lzE-W4IudfUgnXGRKB4l5JlDsQUAZcRKTrF/s600/nsoc-teletyperoom.jpg"
/></a>
</div>
<div align="center">
<font size="2">
The teletype printer room of NSOC in the 1970s<br />
<font color="gray">(photo: NCM - click to enlarge)</font><br />
</font>
</div>
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEpp27_B-BhCEz_4NKkqziAKiBylDxKOwXJVygYDDx3QMK40rkrGlqH4gPlC_1EBd0j63te7k9fxYvZLKb1D62L3naT5oJnm1N1xCkCFHcl5FfW8CnDg0q-L8QR8yj2RMDPc-UUcbjso0CnHgnx1goaMFqdXE4IPTHOZkHP3kFpqp6dIDIRl5vLEBc/s1000/nsoc-maproom.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="717"
data-original-width="1000"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEpp27_B-BhCEz_4NKkqziAKiBylDxKOwXJVygYDDx3QMK40rkrGlqH4gPlC_1EBd0j63te7k9fxYvZLKb1D62L3naT5oJnm1N1xCkCFHcl5FfW8CnDg0q-L8QR8yj2RMDPc-UUcbjso0CnHgnx1goaMFqdXE4IPTHOZkHP3kFpqp6dIDIRl5vLEBc/s600/nsoc-maproom.jpg"
/></a>
</div>
<div align="center">
<font size="2">
Some kind of map room of NSOC in the 1970s<br />
<font color="gray">(photo: NCM - click to enlarge)</font><br />
</font>
</div>
<br />
<br />
<div align="center">
More photos of NSOC can be found in the
<a
href="https://5099.sydneyplus.com/final/Portal/Default.aspx?lang=en-US"
target="_blank"
>photo database</a
>
of the NCM.<br />
</div>
<br />
<br />
<b>The organization of NSOC</b><br />
<br />
The internal organization and the atmosphere of NSOC are
<a
href="https://theintercept.com/snowden-sidtoday/3008478-nsoc-s-reporting-cell/"
target="_blank"
>described</a
>
in a 2003 internal newsletter which was published as part of the Snowden
revelations. At that time, NSOC consisted of 36 desks, with desk officers
representing particular elements of the NSA, like collection and analysis units,
field sites and Second Party partners. These officers, both military and civilian, work in eight-hour shifts
in five rotating teams.<br />
<br />
The most important position is the Senior Operations Officer (SOO) who <a href="https://theintercept.com/snowden-sidtoday/3008478-nsoc-s-reporting-cell/" target="_blank">acts</a> as
the NSA Director after-hours. To stay abreast of recent reporting and
dissemination issues, the SOO relies on the Reporting Cell, which consists of
the Reporting Officer (RO) and the Senior Reporting Officer (SRO), who "work
intimately with other desks to ensure that authorized customers receive needed
intelligence legally, securely, reliably, accountably, and on time." <br />
<br>
The Surveillance and Collection Officer (SCO) <a href="https://web.archive.org/web/20100527224956/http://www.nsa.gov/public_info/_files/cryptologic_spectrum/nsoc.pdf" target="_blank">focuses</a> primarily on operational and technical matters related to the over-all SIGINT system. Other positions are or were the Operations Support Officer (OSO), the Systems Officer (SYO), the Communications Watch Officer (CWO) and the Information Service Officers (ISO).<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTsD_UwjZt78TC6xz19f-49qv7pcAzLYcoslpu6sTqWEIlznAyfF0EsKUP8sqT6EP9dDMU4Ez1-18u2v9xlBGerd3s6zTwTHF3FAF-43z1vJiT73YYop6sK9FwipRQw8wRD7LZBlpLnX0dY9lNTwTw1j1fmqkeSX13nwQXunTbtvNTh2guQzL1cC-w/s514/nsoc-sro.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="350" data-original-height="362" data-original-width="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTsD_UwjZt78TC6xz19f-49qv7pcAzLYcoslpu6sTqWEIlznAyfF0EsKUP8sqT6EP9dDMU4Ez1-18u2v9xlBGerd3s6zTwTHF3FAF-43z1vJiT73YYop6sK9FwipRQw8wRD7LZBlpLnX0dY9lNTwTw1j1fmqkeSX13nwQXunTbtvNTh2guQzL1cC-w/s600/nsoc-sro.jpg"/></a></div>
<div align="center">
<font size="2">
SRO desk sign on the ceiling of the NSOC watch floor<br />
</font>
</div>
<br />
<br />
<br />
<font size="+2"><b>NSOC in the 1980s</b></font
><br />
<br />
In January 1981, NSOC played a critical role during the
<a href="https://en.wikipedia.org/wiki/Iran_hostage_crisis" target="_blank"
>Iran hostage crisis</a
>
when president Jimmy Carter spoke directly with the SOO asking questions about
NSA's collection capabilities and Iranian air traffic control tower procedures. Carter
<a
href="https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3302922/nsas-national-security-operations-center-celebrates-50-years-of-247-operations/"
target="_blank"
>insisted</a
>
that the line with NSOC be kept open so he could follow the progress of events
in real time. Even as he was riding to the Capitol, the link with NSOC was
reestablished in his car and an aide maintained contact at the Capitol
throughout <s>Carter's</s> Reagan's inauguration ceremony.<br />
<br />
In the late 1980s the NSOC watch floor looked much more orderly, with the large
watch floor being divided into the ubiquitous office cubicles, each with a MINX
workstation with a handset attached to it as this system allowed video
calls already (see below):<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrF_oCG-rMn7quD2xd-beMnfmtn7wLDYh7YIlC12K0DEVWcTUC_2y0ajHlu1zK8lYjRKrcUChtzglWV3mGKC0e5zu1r9c7IQnVzyNjDMDXjbD65egujvqm6tU1gv3AYqRPfAciCWkvoNggK2ZR1TooD6AgWHiYNh8WuadaQR593KGiHyjpbKQnvO5t/s1000/nsoc-1980s.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="667"
data-original-width="1000"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrF_oCG-rMn7quD2xd-beMnfmtn7wLDYh7YIlC12K0DEVWcTUC_2y0ajHlu1zK8lYjRKrcUChtzglWV3mGKC0e5zu1r9c7IQnVzyNjDMDXjbD65egujvqm6tU1gv3AYqRPfAciCWkvoNggK2ZR1TooD6AgWHiYNh8WuadaQR593KGiHyjpbKQnvO5t/s600/nsoc-1980s.jpg"
/></a>
</div>
<div align="center">
<font size="2">
The NSOC watch floor, August 1988<br />
<font color="gray">(photo: NSA - click to enlarge)</font><br />
</font>
</div>
<br />
<br />
Besides the large watch floor, there appears to be a watch floor in a narrower
sense as well, as can be seen in the following photo which was on display in the
National Cryptologic Museum and is <a
href="https://commons.wikimedia.org/wiki/File:National_Security_Operations_Center_photograph,_c._1975_-_National_Cryptologic_Museum_-_DSC07658.JPG"
target="_blank">available</a> at Wikimedia Commons:<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis7yOFNAY48ZKLCri8QRnqN6NBEMgwtEnHDvLJcjO85dnjJQeVfbrq8Hz9ffgBuWhK4ChvTo-pLtr8KqltDxfrtDJ_03SDjsC4eqEPePPguXX7Gf9VwJdlWw7qOxlYEfxOJ8aB0sIqDFXZ_Rp7MrBITDeqhafDapJBkDQ20wC1-h_Ak9qOUX7gE-Ir/s1000/nsoc-ca1975.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="620"
data-original-width="1000"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis7yOFNAY48ZKLCri8QRnqN6NBEMgwtEnHDvLJcjO85dnjJQeVfbrq8Hz9ffgBuWhK4ChvTo-pLtr8KqltDxfrtDJ_03SDjsC4eqEPePPguXX7Gf9VwJdlWw7qOxlYEfxOJ8aB0sIqDFXZ_Rp7MrBITDeqhafDapJBkDQ20wC1-h_Ak9qOUX7gE-Ir/s600/nsoc-ca1975.jpg"
/></a>
</div>
<div align="center">
<font size="2">
The small NSOC watch floor in the early 1980s<br />
<font color="gray"
>(photo: National Cryptologic Museum - click to enlarge)</font
><br />
</font>
</div>
<br />
<br />
According to the description provided by the National Cryptologic Museum, this
photo shows the "NSOC watch floor circa 1975". The computer, however, can be
identified as an
<a
href="http://www.computinghistory.org.uk/det/1366/IBM-5150-with-CGA-Monitor/"
target="_blank"
>IBM 5150</a
>, which was launched in 1981. This means the photo cannot be from the 1970s,
but must have been taken in the early 1980s. Still from the 1970s, however, are the two Call Director telephone sets on the left side of the desk.<br>
<br />
Wikimedia Commons has another
<a
href="https://commons.wikimedia.org/wiki/File:National_Security_Operations_Center_photograph,_c._1985_-_National_Cryptologic_Museum_-_DSC07661.JPG"
target="_blank"
>photo</a
>
of the small NSOC watch floor, which the National Cryptologic Museum said is
from around 1985, but is actually from the late 1980s:<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwZVDy4fHBt1kohTFOIqHQs0AxbvHKxXixxFUmNbbFlfyIn_lFo83Mo-6XT2DV84KEmDhMCsHQ-_jtjX7zZFx9TI7rwgWd6Vicd-xGxLoEi-c_AojljYptTqiTO-tSu8daSPaxZhyS_DE6iu7X3RBawqkTNgrY4wW7cc8cXmhbCF6qMprmCi-cdyF6/s1000/nsoc-ca1985.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="625"
data-original-width="1000"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwZVDy4fHBt1kohTFOIqHQs0AxbvHKxXixxFUmNbbFlfyIn_lFo83Mo-6XT2DV84KEmDhMCsHQ-_jtjX7zZFx9TI7rwgWd6Vicd-xGxLoEi-c_AojljYptTqiTO-tSu8daSPaxZhyS_DE6iu7X3RBawqkTNgrY4wW7cc8cXmhbCF6qMprmCi-cdyF6/s600/nsoc-ca1985.jpg"
/></a>
</div>
<div align="center">
<font size="2">
The small NSOC watch floor in the late 1980s<br />
<font color="gray"
>(photo: National Cryptologic Museum - click to enlarge)</font
><br />
</font>
</div>
<br />
<br />
Here we see a wall covered with large and small monitors and computer screens
for various kinds of (real-time) information systems, which are marked on the
photo that was on display in the NCM.<br />
<br />
Compared to the previous picture of the small watch floor, we see that the old
Call Directors had been replaced by black and white
<a href="https://www.youtube.com/watch?v=Iem_gC5Fx4s" target="_blank"
>multiline office phones from ITT</a
>
which still worked via the 1A2 Key Telephone sytem. <br />
<br />
Job openings indicate that COASTLINE is some kind of messaging system, while MINX stands for Multimedia
Information Network Exchange, which was the
<a href="https://twitter.com/tnmoc/status/1258337025310314496" target="_blank"
>first workstation</a
>
that combined a camera and speakerphone with a high-resolution-color video
graphics display screen. This system had been
<a
href="https://www.tijd.be/algemeen/algemeen/datapoint-wil-arcnet-tot-ieee-standaard-verheffen/5000284.html"
target="_blank"
>introduced</a
>
in 1985 by
<a href="https://en.wikipedia.org/wiki/Datapoint" target="_blank"
>Datapoint Corporation</a
> with a pricetag of almost 9.000 US Dollar for a single workstation.<br />
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgj-gcBL0PZ3pboTcdG4oFAwbUKNTC_mxNwdJ2jxQ_hi_IlP_UoP1vRb5cCoHywcJOB0oJMsGz00caK0FwKiPT8tHPOy9v396GWTTq3MhtFmepc2Sp6Fnfb9bk9zPlKC2XoB8Hfykony6KvTnkO3WJ6Cai1r_DJpWTKxE3t8Jbshu_qFEY5sOZ4yuKc/s773/minx-terminal.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="350" data-original-height="576" data-original-width="773" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgj-gcBL0PZ3pboTcdG4oFAwbUKNTC_mxNwdJ2jxQ_hi_IlP_UoP1vRb5cCoHywcJOB0oJMsGz00caK0FwKiPT8tHPOy9v396GWTTq3MhtFmepc2Sp6Fnfb9bk9zPlKC2XoB8Hfykony6KvTnkO3WJ6Cai1r_DJpWTKxE3t8Jbshu_qFEY5sOZ4yuKc/s400/minx-terminal.jpg"/></a></div>
<div align="center">
<font size="2">
Close-up of a MINX video terminal from another photo<br />
<font color="gray"
>(photo: National Cryptologic Museum - click to enlarge)</font
><br />
</font>
</div>
<br>
<br>
<div class="blockquote">
<b>Updates:</b><br>
<br>
According to a reader's comment under this blog post, the "small NSOC watch floor" is actually "the SOO's office with that SOO [Senior Operations Officer] looking out big windows at the back of the SRO. The receptionist for the front entrance would be behind the photographer. The map wall was considered the far back wall."<br>
<br>
More about the NSA's computer systems used in the 1980s can be found in the newly declassified <a href="https://www.cia.gov/readingroom/docs/CIA-RDP87M00539R001201560048-2.pdf" target="_blank">United States Sigint Plan</a> from 1985. It says, for example, that existing "tailored user terminal access systems" would be replaced by more than 5,000 "smart" terminals of the User Interface System (UIS) which had local processing power and were network connected.<br>
<br>
The Sigint Plan also says that NSA would continue to expand the use of the <a href="https://www.cia.gov/readingroom/docs/CIA-RDP80B01139A000100030018-1.pdf" target="_blank">Community On-Line Intelligence System</a> (COINS) as the primary means for distributing SIGINT product online and for providing users with full-time, direct online access to SIGINT products. Access would be consistent with the need-to-know of each user.<br>
<br>
At that time, the COINS network provided online service to more than 50 organizations worldwide. A majority also had access to the NSA SIGINT On-Line Information System (SOLIS), which provided the full text of the latest 14 months of SIGINT product and was updated every 30 minutes with electrical reports from field sites and collaborating centers.<br>
<br>
Besides SOLIS, the COINS network also encompassed RYE/TIPS, which was a batch retrieval system that had been in operation since the late 1960s. It provided NSA analysts and some external users with online access to 17 formatted SIGINT product files as well as to other agencies' databases in the network.<br>
</div>
<br>
<br>
<br>
<font size="+2"><b>NSOC in the 1990s</b></font>
<br>
<br>
Over the years, NSOC was able to assume a wide range of functions in NSA's daily
operations and had become the focal point for crisis response at the agency. However,
since operation
<a href="https://en.wikipedia.org/wiki/Gulf_War" target="_blank">Desert Shield</a>
in the early 1990s, the practice of convening special cells tailored to
particular crises became standard. <br>
<br>
The National Sigint Operations Center was renamed into
<b>National Security Operations Center</b> (NSOC as well) in 1996, when it became responsible for the information security side of the NSA as well. Since then, NSOC included specialists who monitored critical networks for indications of hostile threats and intrusions, a function that was taken over by the newly created NTOC in 2004.<br>
<br>
From 1997 we have the first video footage of the NSOC watch floor, when it was filmed for the Discovery Channel documentary "Inside the
NSA":<br />
<br />
<br />
<div align="center">
<iframe
width="560"
height="315"
src="https://www.youtube.com/embed/wEtNfRhicr8?start=444"
title="YouTube video player"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
allowfullscreen
></iframe>
</div>
<br />
<br />
<br />
A still from this documentary allows a closer look at the telephone and computer
equipment used at that time:<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOkccomPOwsjagdaSzrtjjy-9nIKiHOp7T7V9BRHlOTWll4aQh8-ZEnR_5pIuMlwnMqwlP0TOer1wZpynnlOwYVS53hzJIgozAPbG9aIuxAG47mcL3aVtZQdj1ACeIyd-xmAvBYAjDWAg53r0y-B9IU4y1UqgjsSVnHtTeKdjt4jn7KMUloe5aELVn/s978/nsoc-still1997.jpg"
style="display: block; text-align: center;"
target="_blank"
><img
alt=""
border="0"
width="560"
data-original-height="704"
data-original-width="978"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOkccomPOwsjagdaSzrtjjy-9nIKiHOp7T7V9BRHlOTWll4aQh8-ZEnR_5pIuMlwnMqwlP0TOer1wZpynnlOwYVS53hzJIgozAPbG9aIuxAG47mcL3aVtZQdj1ACeIyd-xmAvBYAjDWAg53r0y-B9IU4y1UqgjsSVnHtTeKdjt4jn7KMUloe5aELVn/s600/nsoc-still1997.jpg"
/></a>
</div>
<br />
<br />
On the right we see a
<a href="https://en.wikipedia.org/wiki/SPARCstation" target="_blank"
>SPARCstation</a
>, a very popular type of desktop computer that was introducted by Sun
Microsystems in 1989.<br />
<br />
The telephone set on the left is a beige office phone manufactured by
<a href="https://en.wikipedia.org/wiki/Comdial" target="_blank">Comdial</a> as
part of its
<a href="http://www.secinfo.com/drV5e.a2u.htm" target="_blank">ExecuTech</a>
electronic key telephone system. The NSA uses these devices on the National Secure
Telephone System (NSTS), which is a stand-alone network for secure calls up to the level Top Secret/SCI. NSTS phones are also known as "gray phones" despite the fact that the actual instruments have a different color (non-secure phones are <a href="http://theory.stanford.edu/people/donald/NSA.doc.html" target="_blank">called</a> "black")<br>
<br>
Next to the Comdial phone sits a white
<a href="https://www.cryptomuseum.com/crypto/att/1100/index.htm" target="_blank"
>AT&T 1100</a
>
secure telephone from the <a href="https://en.wikipedia.org/wiki/STU-III" target="_blank">STU-III</a> family, which can be used for encrypted phone calls to anyone who is not connected to the NSTS, but also for regular unclassified conversations over the public switched telephone network (PSTN).<br />
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3ruVS4O8HIP8PWrBHIyPCLIoECWb20LHJKTTB-xR8hKP0-AyqEDtk6q98iHVlVw5HkejYZ3luFsBvdRiyMaOfmmSf-lS1Af0nLWHkBoRF6_CE__3fe_sScM_CUIJIi4hy5w0fJCRRV9kom7uD2rsY1Rlf066m9ckg5G_cBsPtkkch0QhEk-BIz9Ml/s588/nsts-comdial.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="350" data-original-height="446" data-original-width="588" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3ruVS4O8HIP8PWrBHIyPCLIoECWb20LHJKTTB-xR8hKP0-AyqEDtk6q98iHVlVw5HkejYZ3luFsBvdRiyMaOfmmSf-lS1Af0nLWHkBoRF6_CE__3fe_sScM_CUIJIi4hy5w0fJCRRV9kom7uD2rsY1Rlf066m9ckg5G_cBsPtkkch0QhEk-BIz9Ml/s400/nsts-comdial.jpg"/></a></div>
<div align="center">
<font size="2">
Close-up of a Comdial ExecuTech phone elsewhere at NSA<br />
<font color="gray"
>(click to enlarge)</font
><br />
</font>
</div>
<br />
<br />
After NSA Director Michael Hayden had seen the 1998 Hollywood movie
<a
href="https://en.wikipedia.org/wiki/Enemy_of_the_State_%28film%29"
target="_blank"
><i>Enemy of the State</i></a
>, in which the NSA was depicted as a rogue agency trying to kill people, he
launched a PR-campaign which resulted in the History Channel documentary
"America's Most Secret Agency" which was aired in the year 2000 and for which filmmakers had once again been allowed
access to the NSOC watch floor:<br />
<br />
<br />
<div align="center">
<iframe
width="560"
height="315"
src="https://www.youtube.com/embed/eaOyHyDIf7k?start=464"
title="YouTube video player"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
allowfullscreen
></iframe>
</div>
<br>
<br>
<br>
The alerting function of NSOC was described by <a href="https://en.wikipedia.org/wiki/James_Bamford" target="_blank">James Bamford</a> in his bestseller book <i>Body of Secrets</i> from 2002: <br>
<br>
<div class="blockquote">
"Of special significance is the capability to instantly display CRITIC messages on screen. Critical Intelligence reports are of the highest importance, and the CRITIC system is designed to get them to the president in ten minutes or less from the time of an event. When Saddam Hussein pushed into Kuwait in 1990, for example, the first alert came in the form of a CRITIC. The issuance of a CRITIC is instantly noted in the <i>National SIGINT File</i> by a flashing message in the top left corner of the screen." <font color="gray">(p. 516)</font><br>
<br>
"If a listening post suddenly picks up an indication of a far-off assassination, or a sudden attack by Russia on a neighboring republic, a CRITIC message containing that information will be flashed immediately to the NSOC. Shortly after the USS <i>Cole</i> was <a href="https://en.wikipedia.org/wiki/USS_Cole_bombing" target="_blank">attacked</a> by terrorists in the port of Aden in October 2000, a CRITIC was zapped to the NSOC. Within minutes of the early morning message, a call was placed to the director, Michael Hayden." <font color="gray">(p. 501)</font><br>
</div>
<br>
This <a href="https://en.wikipedia.org/wiki/Criticomm" target="_blank">CRITICOMM</a> system had become <a href="https://documents.theblackvault.com/documents/nsa/cryptoalmanac/Did_Anyone_Tell_the_President.pdf" target="_blank">operational</a> in 1961 and consisted of a worldwide network of relay centers which automatically put through the messages to the NSA. Encryption was initially performed by <a href="https://en.wikipedia.org/wiki/KW-26" target="_blank">KW-26</a> machines.<br>
<br />
<br />
<br />
<font size="+2"><b>NSOC in the 21st century</b></font
><br />
<br />
The first photo from NSOC in the 21st century can be
<a
href="https://commons.wikimedia.org/wiki/File:National_Security_Operations_Center_photograph,_2001,_with_Gen._Michael_Hayden_-_National_Cryptologic_Museum_-_DSC07662.JPG"
target="_blank"
>found</a
>
on Wikimedia Commons again and shows a visit by NSA Director Hayden somewhere in
2001:<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkHVHaUVxbVqRpIX5AweBM5Q8hpvZrU9QNO8E4OUgNtcpWGXOKZGEzbq_4E0hrntO1Ii_6hWKxwJmw1_XX_jEroJvW04mWXWGKmQOPn00I5QYNvKPA3_4eHG8QFql8oGj0ggWO6mGkolTXZsYq43IvsycN24gZbS5NsoVRyNE0DjmA7-eM7psuAvwT/s1000/nsoc-hayden-2001.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="591"
data-original-width="1000"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkHVHaUVxbVqRpIX5AweBM5Q8hpvZrU9QNO8E4OUgNtcpWGXOKZGEzbq_4E0hrntO1Ii_6hWKxwJmw1_XX_jEroJvW04mWXWGKmQOPn00I5QYNvKPA3_4eHG8QFql8oGj0ggWO6mGkolTXZsYq43IvsycN24gZbS5NsoVRyNE0DjmA7-eM7psuAvwT/s600/nsoc-hayden-2001.jpg"
/></a>
</div>
<div align="center">
<font size="2">
NSA director Michael Hayden visits NSOC, 2001<br />
<font color="gray"
>(photo: National Cryptologic Museum - click to enlarge)</font
><br />
</font>
</div>
<br />
<br />
With the many screens on the wall, the photo apparently shows the small watch
floor with modernized equipment. A whole range of digital clocks show the time
in the many regions of the world where the NSA was interested in: Bosnia,
Iraq/Saudi Arabia, Mogadishu, Moscow, Afghanistan, Pakistan/India,
Tajikistan/Kyrgyzstan, Jakarta and Seoul.<br />
<br />
On the left we see a glimpse of two phones: the upper one being the Comdial
ExecuTech for the NSTS network, the lower one appears to be a black
<a
href="https://www.cryptomuseum.com/crypto/motorola/sectel/1500.htm"
target="_blank"
>Motorola Sectel 1500</a
>
which is also from the <a href="https://en.wikipedia.org/wiki/STU-III" target="_blank">STU-III</a> secure telephone family.<br />
<br>
<br>
<b>The 9/11 attacks</b><br>
<br>
During the attacks of September 11, 2001, the NSA headquarters complex at Fort Meade was evacuated. All nonessential personnel was sent home immediately, while the remaining mission-essential personnel was moved out of the tall black-glass cubes of OPS-2A and OPS-2B into the less-vulnerable three-story OPS-1 building.<br>
<br>
"At the direction of Richard Berardino, the chief of NSOC, his thirty analysts and reporting officers began rapidly compiling whatever information they could brief Hayden and the agency's senior officials about what had just transpired. Other NSOC staffers began systematically going back over the past several days' worth of SIGINT reporting to see if anything had been missed that might have given any warning of the terrorist attacks. They found nothing." <a nohref title="Matthew M. Aid, The Secret Sentry, p. 218">*</a> <br>
<br>
After the NSA was fully up and running again, NSOC "was converted into a war room. Superfast CRITIC messages began going out to field stations around the world every time a new piece of the puzzle was discovered, such as the names of the hijackers obtained from the passenger manifest lists." <a nohref title="James Bamford, Body of Secrets, p. 646">*</a><br>
<br>
<br>
<b>An alternate NSOC in Georgia</b><br />
<br />
In July 2006, high temperatures and problems with Baltimore Gas and Electric
power generation caused server and communications failures around the NSA's
headquarters complex. This
<a
href="https://theintercept.com/snowden-sidtoday/5987402-for-the-first-time-alternate-nsoc-in-georgia-is/"
target="_blank"
>resulted</a
>
in a critical limitation in NSOC's ability to dispatch CRITIC messages to the US Intelligence Community. <br />
<br />
This prompted the first ever activation of the alternate NSOC (codenamed
DECKPIN) at the
<a
href="https://www.electrospaces.net/2019/06/the-nsas-regional-cryptologic-centers.html#georgia"
>NSA's regional cryptologic center in Georgia</a
>, which had been created to take over critical NSOC functions, should the Fort
Meade facility lose its ability to operate. After two days, NSOC at NSA
headquarters was able to resume its activities again.<br />
<br />
<br />
<b>A modernized watch floor</b><br />
<br />
Somewhere before 2012, the large NSOC watch floor in the old OPS-1 building was
modernized and given a more futuristic look with a long wall filled with video
screens and some spaceship-like elements, as can be seen in a photo that was
released on the occasion of the NSA's 60th anniversary:<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-6qDku2_ybzOZggap72Dp9MZZLmMREaONfAx1CB40vf_aSI6yKvnKtRYFf6TIqwiiDS_5SX3BsTzTPz-9-YuVvjsoMJKZMOVG-F02mYcP4IFwqgvrKhbgsg_oB66Wba2HtFHJVgwQfNeMO6r8Vbj3A_EbOamlrnotOp6hggYK6ezh6MhLMstvPCEr/s1000/nsoc-2012.jpg"
style="display: block; 0; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="615"
data-original-width="1000"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-6qDku2_ybzOZggap72Dp9MZZLmMREaONfAx1CB40vf_aSI6yKvnKtRYFf6TIqwiiDS_5SX3BsTzTPz-9-YuVvjsoMJKZMOVG-F02mYcP4IFwqgvrKhbgsg_oB66Wba2HtFHJVgwQfNeMO6r8Vbj3A_EbOamlrnotOp6hggYK6ezh6MhLMstvPCEr/s600/nsoc-2012.jpg"
/></a>
</div>
<div align="center">
<font size="2">
The NSOC watch floor in 2012<br />
<font color="gray">(photo: NSA - click to enlarge)</font><br />
</font>
</div>
<br />
<br />
Another angle of this new watch floor was shown in the CBS 60 Minutes report
"<a href="https://www.cbsnews.com/video/inside-the-nsa-the-copts/" target="_blank">Inside the NSA</a>" from 2014:<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0qzEv0YgzD-5CR9hguW_s7Wjawv6NoutdRsbfH5PMAnjqsXJizF87btPO4FXswIHvRG162qanjUB6s6h7OWRdDHzengArgmN8cAL-r7lfucXgDD-xl85By3CtNDpF-bmep_aUj-Tlcchv4ejZCCWVXVX3rKmnqqAsZoYCMOvVQoDo0poRYRbCPu7t/s1366/nsoc-60minutes.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="728"
data-original-width="1366"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0qzEv0YgzD-5CR9hguW_s7Wjawv6NoutdRsbfH5PMAnjqsXJizF87btPO4FXswIHvRG162qanjUB6s6h7OWRdDHzengArgmN8cAL-r7lfucXgDD-xl85By3CtNDpF-bmep_aUj-Tlcchv4ejZCCWVXVX3rKmnqqAsZoYCMOvVQoDo0poRYRbCPu7t/s600/nsoc-60minutes.jpg"
/></a>
</div>
<div align="center">
<font size="2">
The NSOC watch floor in 2014<br />
<font color="gray">(still from CBS 60 Minutes - click to enlarge)</font
><br />
</font>
</div>
<br />
<br />
A close look shows that the beige Comdial ExecuTech phones for the secure NSTS network had been replaced by white
<a href="http://www.avayabcm.com/M3904.php" target="_blank">Nortel M3904</a>
executive office phones: <br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<img
border="0"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0-i_Q7PJs-8bzEg3FCse7tXMh85FyRjvruBcckryrhq1mL7CtRdG25nX6aGJW_w6QKjFKn69qODI-Ku2NVG4Q26tV1Bu_BGSJzSoMtp-Q6c6jXPPmvHjhTMp5rdwoY4kLeks2JWxV4go/s1600/nsts-phone3.jpg"
title="A Nortel M3904 phone from the NSTS network"
/><br />
<font size="2"> A Nortel M3904 phone from the NSTS network<br /> </font>
</div>
<br />
<br />
<br />
<br />
<b>Moving to the Morrison Center</b><br />
<br />
By the end of last year and after almost 50 years, NSOC left its rooms in the
old OPS-1 building and
<a
href="https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3219024/nsa-opens-an-innovative-workplace-for-critical-missions-focused-on-the-future/"
target="_blank"
>moved</a
>
to a brand new office building on the NSA's
<a href="https://cryptome.org/2021/06/NSA-Cyber-Command.pdf" target="_blank"
>East Campus</a
>. This new building is called the Morrison Center, named in honor of John E.
Morrison, Jr., who proposed and established NSOC back in 1973.<br />
<br />
Besides NSOC, the seven-story Morrison Center
<a
href="https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3219024/nsa-opens-an-innovative-workplace-for-critical-missions-focused-on-the-future/"
target="_blank"
>includes</a
>
a multipurpose conference center, a modern fitness center, a 24/7 open-concept
cafeteria, gender-neutral single-user restrooms, modernized sit/stand desks, and
larger windows. The building was designed with a strong emphasis on
accessibility, so it's the first NSA facility with touchless door activators.<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4MuLFs33AMEmQxnPnRMP_YNRsEFqRtmdeG5PCrDVctLEgCFevxQxIVR1Z6cUL0Ey_9jLXMQriPp629pOFHQuG4K0DHN2xnY2fsKV2kkQ0xATUiW7a0P1nGKrWWDNelf4Y03q-cAeojwyjXR0YRDSNmv2PNiR7YboTo33EPconN_r9y8PZ2VnXkjVV/s1000/morrison-center.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="467"
data-original-width="1000"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4MuLFs33AMEmQxnPnRMP_YNRsEFqRtmdeG5PCrDVctLEgCFevxQxIVR1Z6cUL0Ey_9jLXMQriPp629pOFHQuG4K0DHN2xnY2fsKV2kkQ0xATUiW7a0P1nGKrWWDNelf4Y03q-cAeojwyjXR0YRDSNmv2PNiR7YboTo33EPconN_r9y8PZ2VnXkjVV/s600/morrison-center.jpg"
/></a>
</div>
<div align="center">
<font size="2">
The new Morrison Center at the NSA's East Campus<br />
<font color="gray">(photo: NSA.gov - click to enlarge)</font><br />
</font>
</div>
<br />
<br />
In the Morrison Center, NSOC now has a very spacious watch floor that looks even
more futuristic than the previous one in the OPS-1 building, as we can see in
two photos which the NSA released in October last year:<br />
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl4VS1DsgVBD8Ru1DUld-7RzG6ztTSzdG6XdL5RiMZnzPAyg3_15N8egsI280N-Pwe2jMjXOPJR8JQVLVv5J435Zf2FACAzWU0bDpedHdGQ_tevlRrLl-j3_m6np5XrrSOvYbCM4cE43rwoQsvWYzIszdjKYl1k67J7n1P7usA4_3YY6y_5YzdRl0J/s885/nsoc-2022.jpeg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="516"
data-original-width="885"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl4VS1DsgVBD8Ru1DUld-7RzG6ztTSzdG6XdL5RiMZnzPAyg3_15N8egsI280N-Pwe2jMjXOPJR8JQVLVv5J435Zf2FACAzWU0bDpedHdGQ_tevlRrLl-j3_m6np5XrrSOvYbCM4cE43rwoQsvWYzIszdjKYl1k67J7n1P7usA4_3YY6y_5YzdRl0J/s600/nsoc-2022.jpeg"
/></a>
</div>
<div align="center">
<font size="2">
The current NSOC watch floor in the new Morrison Center<br />
<font color="gray">(photo: NSA - click to enlarge)</font><br />
</font>
</div>
<br />
<br />
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHG4-3pPxstRJpjMugx4EVXvkBn4P1KbsmxzmDCVZo-qDU3qN5iSWVbL3fE231Ss2IJkf6Vq5Dr6HQvoB6Y7P4bpQ_JaFGgrDrFyaq_gVKUfgkd0EJu26IfRVl3zVWhsnIxN7bGrFEyKNandI_ZpJP8MJZsKF4prRc4rfPvwYcgZRfgNq8SCOgfCqv/s1000/nsoc-2022b.jpg"
style="display: block; text-align: center; "
target="_blank"
><img
alt=""
border="0"
width="600"
data-original-height="667"
data-original-width="1000"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHG4-3pPxstRJpjMugx4EVXvkBn4P1KbsmxzmDCVZo-qDU3qN5iSWVbL3fE231Ss2IJkf6Vq5Dr6HQvoB6Y7P4bpQ_JaFGgrDrFyaq_gVKUfgkd0EJu26IfRVl3zVWhsnIxN7bGrFEyKNandI_ZpJP8MJZsKF4prRc4rfPvwYcgZRfgNq8SCOgfCqv/s600/nsoc-2022b.jpg"
/></a>
</div>
<div align="center">
<font size="2">
The SOO-pit at the NSOC watch floor in the Morrison Center<br />
<font color="gray">(photo: NSA - click to enlarge)</font><br />
</font>
</div>
<br />
<br />
The new NSOC watch floor has huge video screens along the wall and each
workstation is equipped with multiple computer screens and a
<a href="https://en.wikipedia.org/wiki/KVM_switch" target="_blank"
>KVM-switch</a
>
to switch between physically separated computer networks at different
classification levels.<br />
<br />
Each workstation also has at least two Cisco IP phones from the current
<a
href="https://www.cisco.com/c/en/us/products/collaboration-endpoints/unified-ip-phone-8800-series/index.html"
target="_blank"
>8800 series</a
>, one for the secure NSTS network and another one for a (classified) telephone
network depending on the desk officer's mission needs.<br />
<br>
<br>
<div class="blockquote">
<b>Update:</b><br>
In June 2023, the NSA released the following promotional video about the new NSOC facility in the Morrison Center:<br>
<br>
<div align="center">
<iframe width="560" height="315" src="https://www.youtube.com/embed/SrunHo4Qvt4?si=3jktXFQLF30fiwFD" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
</div>
</div>
<br>
<br>
<div class="separator" style="clear: both;">
<a
href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQhPHnNcOyPiGTy7DJX2JQp24k1_hslNAsnblGPVMlKpjNDUi87-OAu31iImNNRWXt1qjOXxa9i5nDytxyPkc1rDO_QDdFYmqWRcjdcQJLbBiIARZMxIRSrnC5RNwj5iEJRqjgf8XrE_HZ0lSQ8Mzceg-OR_dnQTl0Io-7LgZQMReJeqZPLWAiDc1g/s198/nsoc-logo.png"
style="display: block; text-align: center; "
><img
alt=""
border="0"
width="150"
data-original-height="194"
data-original-width="198"
src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQhPHnNcOyPiGTy7DJX2JQp24k1_hslNAsnblGPVMlKpjNDUi87-OAu31iImNNRWXt1qjOXxa9i5nDytxyPkc1rDO_QDdFYmqWRcjdcQJLbBiIARZMxIRSrnC5RNwj5iEJRqjgf8XrE_HZ0lSQ8Mzceg-OR_dnQTl0Io-7LgZQMReJeqZPLWAiDc1g/s320/nsoc-logo.png"
/></a>
</div>
<br>
<br>
<br>
<b>Links and Sources</b><br />
<font size="2">
- NSA.gov:
<a
href="https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3302922/nsas-national-security-operations-center-celebrates-50-years-of-247-operations/"
target="_blank"
>NSA's National Security Operations Center celebrates 50 years of 24/7
operations in service to the Nation</a
>
(Feb. 21, 2023)<br />
- NSA.gov:
<a
href="https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3219024/nsa-opens-an-innovative-workplace-for-critical-missions-focused-on-the-future/"
target="_blank"
>NSA opens an innovative workplace for critical missions focused on the
future</a
>
(Nov. 17, 2022)<br />
- WashingtonTimes.com:
<a
href="
https://www.washingtontimes.com/news/2022/oct/25/nsas-new-nerve-center-ready-scan-world-threats-ame/"
target="_blank"
>NSA’s new ‘nerve center’ ready to scan the world for threats to America</a
>
(Oct. 25, 2022)<br />
- NSA.gov:
<a
href="https://www.nsa.gov/Helpful-Links/NSA-FOIA/Declassification-Transparency-Initiatives/Historical-Releases/NSA-60th-Timeline/"
target="_blank"
>NSA 60th Anniversary Book</a
>
(2012)<br />
- James Bamford: <i>Body of Secrets: Anatomy of the Ultra-Secret National Security Agency</i>, Anchor, 2002, p. 501-502.<br>
- Cryptologic Spectrum: <a href="https://web.archive.org/web/20100527224956/http://www.nsa.gov/public_info/_files/cryptologic_spectrum/nsoc.pdf" target="_blank"><i>The National SIGINT Operations Center</i></a>, Summer 1979, Vol. 9, No. 3.<br>
</font>
<br />
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com5tag:blogger.com,1999:blog-4559002410879446409.post-63132469596734908842023-01-05T11:37:00.046+01:002023-10-10T15:40:24.716+02:00About the legality of the NSA's testing and SIGINT Development projects<div align="right"><font size="2" color="gray">(Updated: January 11, 2023)</font></div>
<br>
On November 1, 2022, Bloomberg published a remarkable <a href="https://www.bloomberg.com/news/articles/2022-11-01/nsa-watchdog-concluded-one-analyst-s-surveillance-project-went-too-far#xj4y7vzkg" target="_blank">story</a> about an NSA analyst who in 2013 developed and tested a new collection method that resulted in the unauthorized collection of American telephone data.<br>
<br>
Here I will provide some additional details about what that method could have been about and will also look whether these so-called SIGINT Development (SIGDEV) projects are actually legal under American law.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA_7oNG837zvmo3Hy5Cj_Azfmfgl8mPBwkWsCL3SKyWGqkpvlPGb4svRg0MT3DJQAVaKBq4RoLThC-Xcp1_x33nBBs5cMo88YZV5jm4OvVchI49tTTjlVP7IQhNG7YEzk-bI048TgJ-WYvgIPRCOSqk43oqHDZ04u7jOjzx-g77wgnXBNE7WvPlbz_/s800/unauthorized-collection%20header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="650" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA_7oNG837zvmo3Hy5Cj_Azfmfgl8mPBwkWsCL3SKyWGqkpvlPGb4svRg0MT3DJQAVaKBq4RoLThC-Xcp1_x33nBBs5cMo88YZV5jm4OvVchI49tTTjlVP7IQhNG7YEzk-bI048TgJ-WYvgIPRCOSqk43oqHDZ04u7jOjzx-g77wgnXBNE7WvPlbz_/s800/unauthorized-collection%20header.jpg"/></a></div>
<br>
<a name="project"></a>
<br>
<br>
<font size="+2"><b>A controversial project</b></font><br>
<br>
The Bloomberg report is based upon <a href="https://www.documentcloud.org/documents/23257185-leopold-nsa-ig-foia-unauthorized-sigint-collection" target="_blank">internal NSA documents</a> requested by FOIA-expert Jason Leopold, who had to <a href="https://twitter.com/JasonLeopold/status/1587446686393122816" target="_blank">wait</a> six years before their release. The set of documents contains the report by the NSA's Inspector General from 2016 and more than 330 pages of appendices, which include a lot of internal e-mails about the case. However, most parts of the documents have been redacted.<br>
<br>
From what is readable it becomes clear that in March 2013 two whistleblowers, one of them a (female) global network analyst, discovered that another analyst in the NSA's <a href="https://www.electrospaces.net/2014/01/nsas-organizational-designations.html#s">Signals Intelligence Directorate</a> (SID) was working on an unnamed project that apparently violated internal regulations and possibly the law.<br>
<br>
The whistleblowers informed internal compliance officials, but during a meeting of seniors officials it was concluded that the project of the other analyst was acceptable because as "technical development or protocol development" it was covered by the internal regulation about Signals Intelligence Development (USSID SD4000, <a href="#legal">see below</a>).<br>
<br>
The global network analyst, however, wasn't satisfied and contacted the NSA's <a href="https://oig.nsa.gov/" target="_blank">Inspector General</a> (IG) on May 7, 2013, which was exactly one month before the first story based upon the Snowden-documents came out. The female analyst, in the IG report referred to as "the Source", accused her colleague of running a project which targeted a large volume of US persons phone numbers without proper authorization and without the necessary foreign intelligence purpose.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuxCulw2nF8aRDqweH0Sl48EX-eIeswZhZf7_iFJzZ5qLc4iSPOs5aRUwqPcbiWLxcLaC_IgHgUtAWTr7gGuxffASX9-CA-wz29HXLOu-_Ag66_lQqBCA9rG3BPfrxJEu6vTO5lbKYLdc3X0ByIhQOcFZ5eb_nGfyO0cKhZaTB7GenNU2G0hMZLaiR/s900/nsa-hq-ops1-2.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="657" data-original-width="900" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuxCulw2nF8aRDqweH0Sl48EX-eIeswZhZf7_iFJzZ5qLc4iSPOs5aRUwqPcbiWLxcLaC_IgHgUtAWTr7gGuxffASX9-CA-wz29HXLOu-_Ag66_lQqBCA9rG3BPfrxJEu6vTO5lbKYLdc3X0ByIhQOcFZ5eb_nGfyO0cKhZaTB7GenNU2G0hMZLaiR/s600/nsa-hq-ops1-2.jpg"/></a></div>
<div align="center">
<font size="2">
NSA headquarters with the OPS-1 building, where large parts<br>
of the Signals Intelligence Directorate (SID) are located<br>
</font>
</div>
<br>
<br>
A more senior NSA official told the IG that the accused analyst claimed that "the foreign intelligence purpose behind his project is to make the collection system healthier, the analytic process richer and the system more efficient". According to a subject matter expert, the analyst probably "saw his project as an easy way to accomplish his targeting and collection" and he decided to "work on his project until someone told him he should stop".<br>
<br>
His division chief, however, claimed that he told the analyst to stop his activities because he intentionally targeted US persons. Another chief told the IG that personnel in that particular branch "do not receive guidance from upper management on how to perform their mission because no one understands it" and in one of the e-mails it's said that this case is "extremely complex and would take an encyclopedia to explain fully".<br>
<br>
<br>
Inspector General George Ellard eventually spent 3 years investigating the case and completed his report on February 12, 2016. It substantiated all of the allegations that the source had brought forward: the project had "resulted in, or were at least reasonably likely to result in, the unauthorized collection of communications to or from USPs or persons in the United States, or both." <br>
<br>
The IG also found that even if the analyst had been truly unaware that he had tasked and collected US person's data, he "acted with reckless disregard of the regulations, policies, and procedures that govern the use of the SIGINT system". Finally, the IG addressed a lack of oversight, as senior officials didn't fully understand what was happening under their responsibility.<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPh5D-ZVolfRSVui6gzuLg3wk5xYHsd1ASacmsnl9r1iZSxuHnqWzIfqGmOld17GRaVgLvC96aTyMotAnwsw-N9r6fcE7uXtwCgflYL0MorD8HVmma78Ds5nF9CcjPO_iBqQ2-dg3uqXLwYLNt1YqDJIqL6RQ3Wxb990A_gyX3BDkI63C-kUhPp-JV/s157/logo-oig.png" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="150" data-original-height="157" data-original-width="157" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPh5D-ZVolfRSVui6gzuLg3wk5xYHsd1ASacmsnl9r1iZSxuHnqWzIfqGmOld17GRaVgLvC96aTyMotAnwsw-N9r6fcE7uXtwCgflYL0MorD8HVmma78Ds5nF9CcjPO_iBqQ2-dg3uqXLwYLNt1YqDJIqL6RQ3Wxb990A_gyX3BDkI63C-kUhPp-JV/s400/logo-oig.png"/></a></div>
<br>
According to the Bloomberg report it's unknown if the analyst was ever held accountable. However, according to a list of his annual training courses in the IG report, the analyst took his first course in November 2010 and his last one in May 2014, which may indicate that he started his job at the NSA somewhere in 2010 and left in 2014.<br>
<br>
<a name="filtering"></a>
<br>
<br>
<font size="+2"><b>Filtering telephone communications</b></font><br>
<br>
Besides the case as described above, the Inspector General's report and the appendices released by the NSA contain some additional details that are worth mentioning.<br>
<br>
Appendix A.3 contains a list of definitions, almost all of which have been redacted. There's one entry, however, that could provide a clue to the analyst's controversial project: under the letter L there's the name of a particular NSA collection software. <br>
<br>
Checking my extensive list of <a href="https://www.electrospaces.net/p/nicknames-and-codewords.html#l" target="_blank">NSA Nicknames and Codewords</a> shows that there's only one known collection program starting with L that fits the redacted space in the definitions list: LOPERS.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-PlgMNzTAqD1tdoFDcf2c754QzX0CVQwOT7Ealu82K005lCRtyN2Hgnm-tDF4Y8yfNabUjC-_TDrqrkvYbjLDT63qDjzQi1bft-i56ZQEn2LePV0GBnRtXkWehp6PlrjPjxcXAgZeSDygsgaMU8l_JPuLKGHQ4Zw1BAwgBkVyzWDtS0bSslsz1IzC/s758/unauthorized-collection%20lopers1.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="216" data-original-width="758" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-PlgMNzTAqD1tdoFDcf2c754QzX0CVQwOT7Ealu82K005lCRtyN2Hgnm-tDF4Y8yfNabUjC-_TDrqrkvYbjLDT63qDjzQi1bft-i56ZQEn2LePV0GBnRtXkWehp6PlrjPjxcXAgZeSDygsgaMU8l_JPuLKGHQ4Zw1BAwgBkVyzWDtS0bSslsz1IzC/s600/unauthorized-collection%20lopers1.jpg"/></a></div>
<div align="center">
<font size="2">
(text in red added by the author)<br>
</font>
</div>
<br>
<br>
LOPERS is NSA's main system to process telephone data that are collected from the core networks of telephone companies. This fits with the fact that the analyst's project resulted in collecting (American) telephone numbers. More information about LOPERS is found in an earlier <a href="https://theintercept.com/document/2018/06/25/sso-dictionary-relevant-entries/" target="_blank">internal dictionary</a> from the Snowden trove:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqftX8v39wPpk51FXaZ2iBWfoGssUwPMT9FKxsE2DF-zfNsZZFuopiaHW5IEQOKJfVUYLIjMHl3Oh2f_V5BC2xeT050E_HeJiEIZ_E0pYak5Iwx2VyZhHyXGLf5PyS29TI931-tdpMSX13LIg-VVm6GcAQEWVTzLtktsTFKpwYDoTo3fLWjPuNOv3G/s917/unauthorized-collection%20lopers%20dictionary.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="394" data-original-width="917" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqftX8v39wPpk51FXaZ2iBWfoGssUwPMT9FKxsE2DF-zfNsZZFuopiaHW5IEQOKJfVUYLIjMHl3Oh2f_V5BC2xeT050E_HeJiEIZ_E0pYak5Iwx2VyZhHyXGLf5PyS29TI931-tdpMSX13LIg-VVm6GcAQEWVTzLtktsTFKpwYDoTo3fLWjPuNOv3G/s600/unauthorized-collection%20lopers%20dictionary.jpg"/></a></div>
<br>
<br>
According to this description, "LOPERS decodes the telephone numbers present in the call signaling and forwards the numbers to KEYCARD for normalization and validation. Calls including targeted selectors are captured and saved to an output directory". This means LOPERS filters out phone numbers and subsequently the content of phone calls to and from the phone numbers which are on the NSA's target list.<br>
<br>
Given that LOPERS was apparently involved in the case of the unauthorized collection, we can imagine that the analyst could have been trying to improve the algorithms of its filter system. Another indication for this is that the table of abbreviations of the IG report contains the following entry: "<b>%</b> is a wildcard for an undefined character length".<br>
<br>
So when the analyst developed a highly complex way for filtering telephone data, that bears the risk of pulling in the wrong data, in this case phone numbers of US persons.<br>
<br>
<br>
The second word that has been redacted in the dictionary entry for LOPERS is more difficult to unmask as the system has multiple functions and purposes. The most likely options, like 'telephone', 'DNR phone' or 'main PSTN', don't fit the redacted space. What fits best is 'IP telephony', but that would only refer to one part of LOPERS' functionality:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6hcnWiOVmgh5_YvofQ-H2ciSQe_Segb38Pp2tPMNVk3McH40Goc2a7p7m3oH_PlLhguZE2y_2NxAoPXZKCqhdLVr4B5CiteTR5ECXG4PtfyzC6r1AANBILzj3fwWWcchJ6UD8YYG5r-DrdGeni0q5vcg1fRizJ5pA4g-8kBtItk9gog5DApvYYV9W/s758/unauthorized-collection%20lopers2.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="216" data-original-width="758" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6hcnWiOVmgh5_YvofQ-H2ciSQe_Segb38Pp2tPMNVk3McH40Goc2a7p7m3oH_PlLhguZE2y_2NxAoPXZKCqhdLVr4B5CiteTR5ECXG4PtfyzC6r1AANBILzj3fwWWcchJ6UD8YYG5r-DrdGeni0q5vcg1fRizJ5pA4g-8kBtItk9gog5DApvYYV9W/s400/unauthorized-collection%20lopers2.jpg"/></a></div>
<div align="center">
<font size="2">
(text in red added by the author)<br>
</font>
</div>
<br>
<br>
The term 'IP telephony' could make sense though when the analyst's project was actually about finding or improving ways to intercept IP telephony, which requires <a href="https://www.researchgate.net/publication/4045196_Methods_for_lawful_interception_in_IP_telephony_networks_based_on_H323" target="_blank">different methods</a> than those used for tradtional Public Switched Telephone Networks (PSTN). As early as 2004, the NSA was <a href="https://theintercept.com/snowden-sidtoday/3676098-telecomm-customers-can-now-pick-their-own-phone/" target="_blank">afraid</a> of the complications by Voice-over-IP (VoIP) providers offering Pick-Your-Own-Number services.<br>
<br>
With the increase of VoIP telephony, the telecommunication networks moved beyond PSTN and so did the NSA's collection efforts: in January 2011, AT&T <a href="https://theintercept.com/document/2018/06/25/sso-news-relevant-entries/" target="_blank">began</a> to provide "Carrier Grade Corporate VoIP" under the FAIRVIEW program, which encompasses AT&T's cooperation in collecting foreign intelligence inside the US.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/08/fairview-collecting-foreign.html">FAIRVIEW: Collecting foreign intelligence inside the US</a><br>
</div>
<br>
This "new capability rests on a large and complex system which collects, processes, authorizes, and selects calls using both SIP and H.323 VOIP protocol technology from 26 separate IP backbone router nodes [...] A large component of this eligible traffic is to/from high interest areas such as Pakistan".<br>
<br>
In dataflow diagrams like the one below from 2012, we see that LOPERS was one of the components of this new VoIP collection under the FAIRVIEW program:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdBuL5irGuXVvxKfAs1iAdqYHIs_sCOJykdZM3MRCWH8vE8wYC4La5_-a72T7VvkbHYz7jFhXtIp8XUcR8OvZjZuJYfVu2Y_ebdLooIIhzuQnGfJUq7F3MNKj2Pl1w3lPkjcTuneexgkVZjZzBmnGWNqppMUpjxMitXtbP0WMRvL8SqNx28zPboWCL/s1116/fairview-voip-lopers.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="789" data-original-width="1116" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdBuL5irGuXVvxKfAs1iAdqYHIs_sCOJykdZM3MRCWH8vE8wYC4La5_-a72T7VvkbHYz7jFhXtIp8XUcR8OvZjZuJYfVu2Y_ebdLooIIhzuQnGfJUq7F3MNKj2Pl1w3lPkjcTuneexgkVZjZzBmnGWNqppMUpjxMitXtbP0WMRvL8SqNx28zPboWCL/s600/fairview-voip-lopers.JPG"/></a></div>
<div align="center">
<font size="2">
Dataflow diagram for VoIP collection under FISA authority in cooperation with AT&T<br>
(<a href="https://s3.documentcloud.org/documents/3220477/FAIRVIEWDataFlowChartsApr2012.pdf" target="_blank">source</a> - click to enlarge)<br>
</font>
</div>
<br>
<br>
These details about FAIRVIEW show that the NSA began to use LOPERS for collecting VoIP telephony as well. The analyst's controversial project, however, was conducted under authority of <a href="https://en.wikipedia.org/wiki/Executive_Order_12333" target="_blank">Executive Order 12333</a>, which means outside, instead of inside the United States like under FAIRVIEW.<BR>
<br>
<a name="examples"></a>
<br>
<br>
<font size="+2"><b>Other examples of SIGINT Development</b></font><br>
<br>
The project the NSA's Inspector General investigated from 2013 to 2016 was so-called Signals Intelligence (SIGINT) Development (SIGDEV), which is the term for activities to develop, improve and refine new collection methods. <br>
<br>
The Snowden revelations included a range of documents about SIGDEV projects, which was sometimes confusing because it wasn't always clear whether such projects actually moved beyond their experimental status or not. We also learned that the signals intelligence agencies of the Five Eyes organize a large annual <a href="https://grid.glendon.yorku.ca/items/show/401" target="_blank">SIGDEV Conference</a> (SDC) to share their most promising discovery efforts.<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgML2QIpfHt0Te074Vv-mGPTc8kiTeZLSHtxTf1HwmNAtcDlZfsthMA15Xfb0hyDY_79x88dx8hV3WqPjr5t5O0r1cqsFvTH4K3LtdvgqeGYpk_N8zfH1EMG-mc-k8wkAXrSa79UoAnUF4cm_XNJoSIbeQkklKmZHsO4DCgf2KaLPqWPSycWiE8ZRE7/s236/logo-sigdev5eyes.png" style="display: block; text-align: center; "><img alt="" border="0" width="120" data-original-height="236" data-original-width="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgML2QIpfHt0Te074Vv-mGPTc8kiTeZLSHtxTf1HwmNAtcDlZfsthMA15Xfb0hyDY_79x88dx8hV3WqPjr5t5O0r1cqsFvTH4K3LtdvgqeGYpk_N8zfH1EMG-mc-k8wkAXrSa79UoAnUF4cm_XNJoSIbeQkklKmZHsO4DCgf2KaLPqWPSycWiE8ZRE7/s320/logo-sigdev5eyes.png"/ title="Five Eyes SIGDEV"></a></div>
<br>
An early example of a controversial SIGDEV project from the Snowden trove is a presentation from the NSA's Canadian counterpart <a href="https://en.wikipedia.org/wiki/Communications_Security_Establishment_Canada" target="_blank">CSEC</a> which describes a "Tradecraft Development" project aimed at identifying IP networks. The presentation was <a href="https://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881" target="_blank">published</a> by the Canadian television channel CBC in January 2014.<br>
<br>
Some people <a href="https://www.schneier.com/blog/archives/2014/02/csec_surveillan.html" target="_blank">assessed</a> that this was a proof-of-concept using an existing database of user IDs found on wifi networks, but the reporter who revealed this presentation <a href="https://notes.rjgallagher.co.uk/2014/02/canada-wifi-airports-surveillance-denial-csec-snowden.html#update" target="_blank">insisted</a> that the project used real-world data collected from the wifi system of a Canadian airport. In that case, the experiment would have been illegal, as CSEC isn't allowed to operate domestically. <br>
<div align="right">
> See: <a href="https://www.electrospaces.net/2014/02/did-csec-really-tracked-canadian.html">Did CSEC really track Canadian airport travellers?
</a><br>
</div>
<br>
Probably the biggest known testing program from the NSA is BASECOAT, which provided <a href="https://theintercept.com/2014/05/19/data-pirates-caribbean-nsa-recording-every-cell-phone-call-bahamas/" target="_blank">access</a> to the core network of a cell phone provider in the <a href="https://en.wikipedia.org/wiki/The_Bahamas" target="_blank">Bahamas</a>, an island country with some 350,000 inhabitants. BASECOAT was part of the SOMALGET program which collected and processed the content of all the phone calls from a particular network. <br>
<br>
In the Bahamas, this capability was used as a "test bed for system deployments, capabilities, and improvements", most likely to improve its operation in Afghanistan, where SOMALGET was also deployed. Together with programs that collected telephone metadata from three other countries, SOMALGET was part of the umbrella program <a href="https://en.wikipedia.org/wiki/MYSTIC" target="_blank">MYSTIC</a>.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9EGudZ8VLuP8M7HEFdE73JrU67GFNmEQgZqqrVvK0LOQXf7695MDR0FS2xAEH8_rrGlXR48SrybxMc8MDmDMeEwBtuCbOORUdUcbBAyNb6cU5lfvlajYcwxKNyCPDfuGmLA1zmEOz5OJwO9Aa7EqY-X6fO6SXhmY6csBzXqdvg8LegSwPainnlE-D/s1000/mystic_somalget.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="653" data-original-width="1000" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9EGudZ8VLuP8M7HEFdE73JrU67GFNmEQgZqqrVvK0LOQXf7695MDR0FS2xAEH8_rrGlXR48SrybxMc8MDmDMeEwBtuCbOORUdUcbBAyNb6cU5lfvlajYcwxKNyCPDfuGmLA1zmEOz5OJwO9Aa7EqY-X6fO6SXhmY6csBzXqdvg8LegSwPainnlE-D/s600/mystic_somalget.jpg"/></a></div>
<div align="center">
<font size="2">
The various components of the MYSTIC program;<br>
"country X" later <a href="https://cryptome.org/2014/05/nsa-mystic-identity.pdf" target="_blank">turned out</a> to be Afghanistan<br>
(image: The Intercept - click to enlarge)<br>
</font>
</div>
<br>
<a name="legal"></a>
<br>
<br>
<font size="+2"><b>The legal framework for SIGINT Development</b></font><br>
<br>
One of the most striking and controversial aspects of these SIGINT Development projects is that they are conducted on real-world data from actual collection systems, instead of on dummy data sets or data that have already been lawfully collected earlier on. So is this legal under American law?<br>
<br>
In <a href="https://www.archives.gov/federal-register/codification/executive-order/12333.html" target="_blank">Executive Order 12333</a> from December 4, 1981, which is the basic legal authority for American foreign intelligence collection, the NSA is given the responsibility to "Conduct of research and development to meet the needs of the United States for signals intelligence and communications security".<br>
<br>
This was further detailed in United States Signals Intelligence Directive (USSID) SD4000, <i>Signals Intelligence Development</i>, from April 6, 2011, which was superseded by SID Implementing Directive, <i>Annex F Governance of the Signals Intelligence Mission</i>, from February 25, 2013.<br>
<br>
These internal policy documents haven't been published, but from the Inspector General's report from 2016 we learn that USSID SD4000 said that SIGDEV activities:<br>
<blockquote>
- are governed by the NSA's SIGDEV Strategy and Governance (SSG) division<br>
- have to comply with other regulations, like EO 12333 and USSID SP0018<br>
- must allow auditing of queries<br>
</blockquote>
<br>
<a href="https://www.dni.gov/files/documents/1118/CLEANEDFinal%20USSID%20SP0018.pdf" target="_blank">USSID SP0018</a> is about legal compliance and has an <a href="https://www.dni.gov/files/documents/1118/CLEANEDFinal%20USSID%20SP0018.pdf" title="See pdf-page 40" target="_blank">Annex D</a> about the testing of "electronic equipment that has the capability to intercept communications". Such testing includes "development, calibration, and evaluation of such equipment".<br>
<br>
The wording of this regulation seems from the time that signals intelligence was about intercepting wireless communications, but it can easily be applied to SIGDEV activities for cable tapping purposes.<br>
<br>
According to USSID SP0018 Annex D, such testing (and development etc.) is allowed under the condition that to the maximum extent practical, the following signals should be used:<br>
<blockquote>
1. Laboratory-generated signals;<br>
2. Communications transmitted between terminals located outside the US, not used by any known US person;<br>
3. Official government communications with the consent of that agency;<br>
4. Public broadcast signals;<br>
5. Other communications in which there is no reasonable expectation of privacy.<br>
</blockquote>
<br>
Where it is not practical to test equipment according to the aforementioned provisions, testing is also allowed using signals that may contain US person communications, but only under the following conditions:<br>
<blockquote>
1. The proposed test is coordinated with the NSA's General Counsel;<br>
2. The test is limited in scope and duration;<br>
3. No particular person is targeted without consent;<br>
4. The test does not exceed 90 days.<br>
</blockquote>
<br>
When the testing results in the collection of communications of US persons, these communications shall be:<br>
<blockquote>
a. Retained and used only for the purpose of determining the capability of the electronic equipment;<br>
b. Disclosed only to persons conducting or evaluating the test, and<br>
c. Destroyed before or immediately upon completion of the testing.<br>
</blockquote>
<br>
Annex D of USSID SP0018 concludes with saying that "The technical parameters of a communications, such as frequency, modulation, and time of activity of acquired electronic signals, may be retained and used for test reporting or collection-avoidance purposes. Such parameters may be disseminated to other DoD intelligence components and other entities authorized to conduct electronic surveillance."<br>
<br>
<a name="conclusion"></a>
<br>
<br>
<font size="+2"><b>Conclusion</b></font><br>
<br>
Given the rules laid out in Annex D of USSID SP0018 it can be perfectly legal for the NSA to conduct SIGINT Development activities on real-world data if, under the aforementioned conditions, there are no alternatives that allow an equally adequate testing of new systems and methods.<br>
<br>
If the controversial SIGDEV project which the NSA's Inspector General investigated from 2013 to 2016 was indeed about improving filtering and selection methods, that would explain why the analyst used it on a live collection system: only then it could become clear whether the new method was able to sort foreign data from those related to US persons.<br>
<br>
The Inspector General, however, concluded that the analyst failed to comply with the regulations for SIGDEV projects, especially because USSID SD4000 requires that such projects have to comply with EO 12333 and USSID SP0018, which prohibit the intentional targeting of US persons, except when its approved by the FISA Court, the Attorney General or the Director of NSA.<br>
<br>
As the analyst hadn't obtained such approval and it appeared that his method resulted in the intentional targeting and subsequent collection of US person telephone communications, he had violated all applicable regulations.<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcfCDI1rzyWhhL7Q3wzBidA7NwMPu9xqjd8854Y04s1tek3Kh4uqHRc7lkmNwfuHvBMybsW1HfIjMyXmCEwGAtNsRB4ffAIX9S_kwEazr6sMXOXkRWQ-fGTaWDnsdxoWNO9lZngSjv-66_E6EP1EMuI0OoYR9Zu2_wlMRg6rnH1khLd4fldbAMeQRd/s224/logo-sigdev.png" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="150" data-original-height="220" data-original-width="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcfCDI1rzyWhhL7Q3wzBidA7NwMPu9xqjd8854Y04s1tek3Kh4uqHRc7lkmNwfuHvBMybsW1HfIjMyXmCEwGAtNsRB4ffAIX9S_kwEazr6sMXOXkRWQ-fGTaWDnsdxoWNO9lZngSjv-66_E6EP1EMuI0OoYR9Zu2_wlMRg6rnH1khLd4fldbAMeQRd/s400/logo-sigdev.png" title="Logo of the NSA's SIGINT Development division" /></a></div>
<br>
<br>
<br>
<b>Links and Sources</b><br>
<font size="2">
- Schneier on Security: <a href="https://www.schneier.com/blog/archives/2022/11/nsa-over-surveillance.html" target="_blank">NSA Over-surveillance</a> (Nov. 11, 2022)<br>
- Bloomberg: <a href="https://www.bloomberg.com/news/articles/2022-11-01/nsa-watchdog-concluded-one-analyst-s-surveillance-project-went-too-far" target="_blank">NSA Watchdog Concluded One Analyst’s Surveillance Project Went Too Far</a> (Nov. 1, 2022 - <a href="https://archive.ph/Pw19Y" target="_blank">without paywall</a>)<br>
</font>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com2tag:blogger.com,1999:blog-4559002410879446409.post-50346515840417604432022-10-26T09:03:00.058+02:002023-09-29T05:25:22.683+02:00A new secure red telephone for German chancellor Scholz<div align="right"><font size="2" color="gray">(Updated: August 21, 2023)</font></div>
<br>
In December last year, <a href="https://en.wikipedia.org/wiki/Olaf_Scholz" target="_blank">Olaf Scholz</a> succeeded Angela Merkel as chancellor of Germany. Since about half a year ago, he has a remarkably large <a href="#redphone">red telephone</a> at his desk, which appears to be the <a href="#communicator">SINA Communicator H</a>. This is a brand new device to conduct secure phone calls at different classification levels and part of the widely-used <a href="#sina">SINA architecture</a>. <br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu8Cb4wCvXJFDzJA5dYS2cesCyixD6Xu5vAlMdUahC1Vk-kH2dtytPJRVCgmkkAyfuBvs3PGeXQsuz8IO6erhepK5X907fCMU6NlbgDVVmofr4J3IsU-j2JrIQPQZ2obpoLXV_pct59KyikLtnFojn3SM3LS427qyAxYn6RK_lXhFqI18_KiOhuIpQ/s800/scholz-sinaphone-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu8Cb4wCvXJFDzJA5dYS2cesCyixD6Xu5vAlMdUahC1Vk-kH2dtytPJRVCgmkkAyfuBvs3PGeXQsuz8IO6erhepK5X907fCMU6NlbgDVVmofr4J3IsU-j2JrIQPQZ2obpoLXV_pct59KyikLtnFojn3SM3LS427qyAxYn6RK_lXhFqI18_KiOhuIpQ/s600/scholz-sinaphone-header.jpg"/></a></div>
<div align="center">
<font size="2">
German chancellor Scholz with his new red telephone for secure calls<br>
<font color="gray">(photo: Jesco Denzel - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<br>
<font size="+2"><b>The chancellor's office</b></font><br>
<br>
When the German government moved back to Berlin in 1999, a new <a href="https://en.wikipedia.org/wiki/Federal_Chancellery,_Berlin" target="_blank">Federal Chancellery</a> was being built that was opened in May 2001 by chancellor Gerhard Schröder. Built in a postmodern style, it is said to be one of the world's largest government headquarters, with nine floors in the central part and over 300 offices in the wings.<br>
<br>
On the 4th floor of the main building <a href="https://magazin.spiegel.de/EpubDelivery/spiegel/pdf/41834744" target="_blank">there's</a> a room shielded against eavesdropping for meetings of the crisis staff (<i>Krisenstab</i>) and the weekly meeting of the heads of the secret services with the head of the chancellery (there's no bunker underneath the building).<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-YE2cMh87zvwjfkkx-tYE2vSKOlvXoz7NvVzxoFzdESphROmItdv1Gg7v6i9rR-vq3L53FFSfhjGjF_qM46PvZcc7bJgBtzembzO4MEgbTwEx2EVUkhe6480y1rF3WuAqu3t1qnY6mdt5y3tCh4u3jNBgb_AvdrLcv3m-WWUd6flj1HMCzs4IDwQ0dAY/s1676/kanzleramt-sitroom2023.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="585" data-original-width="1044" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-YE2cMh87zvwjfkkx-tYE2vSKOlvXoz7NvVzxoFzdESphROmItdv1Gg7v6i9rR-vq3L53FFSfhjGjF_qM46PvZcc7bJgBtzembzO4MEgbTwEx2EVUkhe6480y1rF3WuAqu3t1qnY6mdt5y3tCh4u3jNBgb_AvdrLcv3m-WWUd6flj1HMCzs4IDwQ0dAY/s1676/kanzleramt-sitroom2023.jpg"/></a></div>
<div align="center">
<font size="2">
The small situation room in the federal Chancellary (<a href="https://www.youtube.com/watch?v=RnRLbpsHGLc" target="_blank">source</a>)<br>
with at least three Alcatel 4039 office telephones<br>
</font>
</div>
<br>
<br>
Next to the secure conference room is a small situation room (<i>Lage und Krisenzentrum</i>) where information from all over the world is collected 24/7, a selection of which is put in a folder titled <i>Nachrichtenlage</i> which the chancellor finds on his desk every morning, similar to the President's Daily Brief for the American president.<br>
<br>
The chancellor's office is on the 7th floor and is very spacious, with a seating area, a conference table and a large, almost 4 meter long black desk. Chancellor Merkel didn't like this desk and <a href="https://www.youtube.com/watch?v=POLcBYtHsu0" target="_blank" title="As of 6:30">used</a> it only for phone calls to foreign leaders. For her daily work she preferred the small conference table at the opposite end of the room.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2013/10/how-secure-is-merkel-phone.html">How secure is the Merkel-Phone?</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs1XvKqOIuoZzI1oKfEo3pGA3Z7he38I1tdxyOD3mGnuSpdl5x7NKj8lMkE9g6i4n1A2kqXbXXtF6EJZr0pmlVOpXIP6-T2lqlTN35VWpHNTohlLjTn1pgNs2trX7MEWuyhGLCsgWCINp326erTOVeLIgZk2O52NWsdeDZ2EhJuQEDjdeJ70myGtwbklM/s1682/kanzleramt-buro2023.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="946" data-original-width="1682" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs1XvKqOIuoZzI1oKfEo3pGA3Z7he38I1tdxyOD3mGnuSpdl5x7NKj8lMkE9g6i4n1A2kqXbXXtF6EJZr0pmlVOpXIP6-T2lqlTN35VWpHNTohlLjTn1pgNs2trX7MEWuyhGLCsgWCINp326erTOVeLIgZk2O52NWsdeDZ2EhJuQEDjdeJ70myGtwbklM/s600/kanzleramt-buro2023.jpg"/></a></div>
<div align="center">
<font size="2">
Various phones at the desk of chancellor Olaf Scholz (<a href="https://www.youtube.com/watch?v=RnRLbpsHGLc" target="_blank">source</a>)<br>
</font>
</div>
<br>
<br>
<div align="center">
<iframe width="560" height="315" src="https://www.youtube.com/embed/RnRLbpsHGLc?start=541" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe><br>
<font size="2">
Video impression of the chancellor's office (August 2023)<br>
</font>
</div>
<br>
<br>
<font size="+1"><b>The chancellor's telephones</b></font><br>
<br>
When Olaf Scholz took over the office from Angela Merkel in December 2021, he found two <a href="https://www.ahk.nl/fileadmin/download/ahknet/ict/4029-4039-handleiding-engels.pdf" target="_blank">Alcatel 4039</a> telephone sets on his desk, one of them with an <a href="https://www.officeeasy.nl/alcatel-uitbreidingsmodule-14-toetsen-refurbished.html" target="_blank">extension module</a> providing 14 additional direct line buttons. The Alcatel 4039 is a high-end IP office phone with a tiny alphabetic keyboard as a distinctive feature.<br>
<br>
<font size="2">
Alcatel was the telecommunications branch of the French conglomerate Compagnie Générale d’Électricité (CGE), which in 1986 was <a href="https://www.referenceforbusiness.com/history2/63/Alcatel-Alsthom-Compagnie-G-n-rale-d-Electricit.html" target="_blank">merged</a> with the telephone equipment part of ITT Corp. from the United States. This made Alcatel NV the world's second-largest telecommunications company. In Germany, <a href="https://de.wikipedia.org/wiki/Standard_Elektrik_Lorenz" target="_blank">Standard Elektrik Lorenz</a> (SEL) had become an Alcatel subsidiary as well, with 20 percent of Germany's telephone equipment market in the early 1990s, second only to Siemens AG. In 2006, Alcatel merged with the American manufacturer <a href="https://en.wikipedia.org/wiki/Lucent" target="_blank">Lucent Technologies</a> to become Alcatel-Lucent, which was acquired in 2016 by the Finnish company Nokia and merged into their <a href="https://en.wikipedia.org/wiki/Nokia_Networks" target="_blank">Nokia Networks</a> division.<br>
</font>
<br>
In an earlier video we saw that one of the phones had a red label and the other one a blue label. This likely indicates which phone is for classified conversations and which one for unclassified calls, according to the color codes of the <a href="https://www.electrospaces.net/2016/12/wikileaks-publishes-classified.html#classifications">German classification system</a>:<br>
<br>
<div class="blockquote">
- <b>Blue</b>: up to Confidential (<i>VS Vertraulich</i>)<br>
- <b>Red</b>: Secret (<i>Geheim</i>) and Top Secret (<i>Streng Geheim</i>)<br>
</div>
<br>
Ultimately by February 2022, the Alcatel 4039 with the blue label had been replaced by a stylish new IP phone, the <a href="https://www.innovaphone.com/en/ip-telephony/ip-phones/ip222.html" target="_blank">IP222</a>, made by Innovaphone. This is interesting, because Innovaphone is just a small manufacturer, but as a <a href="https://www.innovaphone.com/en/company/about-us.html" target="_blank">German company</a> its products may be considered less risky than those of foreign manufacturers.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiz8Kqoq2dzhcYQyxX1GZ9PICr8wZAKoRkwDahATm35aZVG-3uu2gV1DCE37_L_VOHo5Rc5-YMrNPfkZll-KAf0ZHyYd0iBk3KiKlAT7I_Nkcazk1lxNehyQ3rtvQzCzdpPr_JSMVg7Wy-FoA1Crga2vN4xo5bvVElDLxcJhfH73AZjpdvGsPqhP8n/s1299/innovaphone%20IP222.jpg" style="display: block; text-align: center; "><img alt="" border="0" width="300" data-original-height="1082" data-original-width="1299" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiz8Kqoq2dzhcYQyxX1GZ9PICr8wZAKoRkwDahATm35aZVG-3uu2gV1DCE37_L_VOHo5Rc5-YMrNPfkZll-KAf0ZHyYd0iBk3KiKlAT7I_Nkcazk1lxNehyQ3rtvQzCzdpPr_JSMVg7Wy-FoA1Crga2vN4xo5bvVElDLxcJhfH73AZjpdvGsPqhP8n/s600/innovaphone%20IP222.jpg"/></a></div>
<div align="center">
<font size="2">
The IP232 made by Innovaphone (click to enlarge)<br>
</font>
</div>
<br>
<a name="redphone"></a>
<br>
<br>
<font size="+1"><b>The new red telephone</b></font><br>
<br>
The first time the new red telephone on chancellor Scholz's desk was seen was during an <a href="https://www.t-online.de/nachrichten/deutschland/id_92182048/-russland-hat-keines-seiner-kriegsziele-erreicht-olaf-scholz-nach-putin-telefonat.html" target="_blank">interview</a> with T-Online that was published on May 15, 2022. The phone got broader attention by a photo <a href="https://www.instagram.com/p/CidFxjlKUkZ/" target="_blank">posted</a> on Scholz's Instagram account on September 13, 2022, during or after a 90-minute phone call with Russian president Putin.<br>
<br>
This was picked up by the German tabloid paper BILD, which in a video report (see below) suggested that Scholz had used his new red telephone ("back from the days of the Cold War") to make the phone call with Putin. However, on its website, BILD <a href="https://www.bild.de/politik/inland/politik-inland/ein-hauch-von-james-bond-wenn-beim-kanzler-das-rote-telefon-klingelt-81327700.bild.html" target="_blank">stated</a> that for conversations with for example the Kremlin, Scholz uses another secure line.<br>
<br>
The latter is most likely because for a secure phone line, both parties have to use the same encryption system, and in this case it's not very likely that the Germans would provide Putin with their newest secure voice encryption technology. In the United States, a "red phone" is also used for internal command and control communications and, despite widespread popular belief, <a href="https://www.electrospaces.net/2013/08/the-red-phone-that-was-not-on-hotline.html"><i>not</i></a> on the famous <a href="http://electrospaces.blogspot.com/2012/10/the-washington-moscow-hot-line.html">Hotline</a> between Washington and Moscow.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2017/10/the-hotline-between-washington-and.html">The hotline between Washington and the former German capital Bonn</a><br>
</div>
<br>
<br>
<div align="center">
<iframe width="500" height="300" src="https://www.youtube.com/embed/01m49j2HrK8" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe><br>
</div>
<br>
<br>
<font size="+1"><b>secunet Security Networks AG</b></font><br>
<br>
BILD had also identified Scholz's new red telephone as the so-called SINA Communicator H. This device is manufactured by the German cybersecurity company <a href="https://de.wikipedia.org/wiki/Secunet_Security_Networks" target="_blank">secunet Security Networks AG</a>, which is headquartered in Essen and was founded in 1997 as an offspring of the venerable testing association <a href="https://en.wikipedia.org/wiki/Technischer_%C3%9Cberwachungsverein" target="_blank">TÜV</a>.<br>
<br>
In 2004, secunet <a href="https://www.heise.de/newsticker/meldung/Sicherheitskooperation-zwischen-Innenministerium-und-IT-Sicherheitsunternehmen-95505.html" target="_blank">became</a> a partner in the IT Security Partnership (<i>Sicherheitspartnerschaft</i>) with the federal Interior Ministry, which by then also included <a href="https://www.rohde-schwarz.com/us/products/aerospace-defense-security/crypto-devices_230846.html" target="_blank">Rohde & Schwarz</a>, Deutsche Telekom, Siemens, IBM Deutschland and <a href="https://en.wikipedia.org/wiki/Infineon_Technologies" target="_blank">Infineon</a>.<br>
<br>
Until recently, German government and military departments used voice encryption systems for <a href="https://en.wikipedia.org/wiki/Integrated_Services_Digital_Network" target="_blank">ISDN</a>, which was very popular in Germany. But German telecommunication providers are phasing out their ISDN service one by one, replacing it by <a href="https://en.wikipedia.org/wiki/Voice_over_IP" target="_blank">Voice over IP</a> (VoIP) via <a href="https://en.wikipedia.org/wiki/Digital_subscriber_line" target="_blank">DSL</a>. This made it urgent for the government to replace their existing voice encryption systems.<br>
<a name="communicator"></a>
<br>
<br>
<font size="+1"><b>The SINA Communicator</b></font><br>
<br>
Hence, secunet developed the <a href="https://www.secunet.com/en/solutions/sina-communicator-h" target="_blank">SINA Communicator</a>, for which it already had years of experience when it came to the hardware. For the necessary software for encrypted voice and video communications, secunet <a href="https://www.shareholdervalue.de/blog/secunet-bietet-erfolgreiche-cybersecurity-made-in-germany" target="_blank">acquired</a> the German company Stashcat GmbH, which in 2016 launched the <a href="https://de.wikipedia.org/wiki/Stashcat" target="_blank">Stashcat</a> secure smartphone messenger that is used by some 50.000 German soldiers, as well as by schools, companies and local governments.<br>
<br>
The name "SINA Communicator H" signifies that the device is part of the Secure Inter-Network Architecture (SINA) product family for securing digital data and communications (<a href="#sina">see below</a>), in this case up to the classification level Secret. The latter is indicated by the letter H, as the last letter of the SINA product designations <a href="https://www.bsi.bund.de/EN/Themen/Oeffentliche-Verwaltung/Zulassung/SINA/Verschlusssachen/verschlusssachen_node.html" target="_blank">indicates</a> their maximum classification level: <br>
<br>
<div class="blockquote">
- <b>S</b>: up to <i>VS-Nur für den Dienstgebrauch</i> (Restricted)<br>
- <b>E</b>: up to <i>VS-Vertraulich</i> (Confidential)<br>
- <b>H</b>: up to <i>Geheim</i> (Secret)<br>
</div>
<br>
As such, the SINA Communicator H was <a href="https://www.bsi.bund.de/SharedDocs/Zulassung/DE/Produkte/SINA_Communicator_H_BSI-VSA-10487.html" target="_blank">certified</a> by the Federal Office for Information Security <a href="https://en.wikipedia.org/wiki/Federal_Office_for_Information_Security" target="_blank">BSI</a> in July 2021. Certification for organizations of the European Union and NATO has been requested.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHCWjxlTb90xYq7Nv_sp1W0AMch75Nrk3zbMtPw8i9EVa_QBf5LCiQwN5WJmwD-GERHGlRmyDtOOjD-YL2NSa8eQiabwo8NpwElhDdGONF45siEOTZIkPUeRJ14D8Rr6gAjZEXZIbIi9-XJYyfANSCD_ykZMIci5nDZQf6yuJX6Ii5sAfx3CpAITh-/s900/sina-communicator.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="467" data-original-width="900" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHCWjxlTb90xYq7Nv_sp1W0AMch75Nrk3zbMtPw8i9EVa_QBf5LCiQwN5WJmwD-GERHGlRmyDtOOjD-YL2NSa8eQiabwo8NpwElhDdGONF45siEOTZIkPUeRJ14D8Rr6gAjZEXZIbIi9-XJYyfANSCD_ykZMIci5nDZQf6yuJX6Ii5sAfx3CpAITh-/s600/sina-communicator.jpg"/></a></div>
<br>
<br>
The SINA Communicator is a fairly large and heavy device (weight ca. 5,5 kg) and despite the bulky look of its backside it won an <a href="https://ifdesign.com/en/winner-ranking/project/sina-communicator-h/347866" target="_blank">iF Design Award</a> earlier this year. Unlike common telephones, the SINA Communicator only has four buttons (for mute, up, down, and headset); all other functions are accessible through the 10,1" LCD touchscreen.<br>
<br>
It <a href="https://mobile.twitter.com/secunet_AG/status/1570396419797680128" target="_blank">seems</a> that currently, the device can only be used for secure phone calls. A secure messenger, video telephony and the integration of thin client functionality will be part of future upgrades. Other options such as web clients, fax support, file and document transfer and multi-party messaging can also be added.<br>
<br>
A special feature of the SINA Communicator is the Multi Level Data Separation, which means that users can communicate at different classification levels by selecting one of the approved levels via the touchscreen display. This will make it possible to use the same device to communicate with foreign partners as well.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfu--dPhiAXYnLj35R6EJWVUjqHdjPUKdXwRX9HTbTQeDxVQE2UNjoA9e7iznou3jfe1lZn14WdhomdgK_GHmTMEihdoJfgh69UEPe5sgIPK4N4ZlVg2Zen0GT3Va3iXD8FX7dOnX0w6JCMtrd0NHFnGh6-tgffdefiWVArgGzDkRyuJyKFHRUU0O5/s1920/sina-communicator%20levels.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="1028" data-original-width="1920" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfu--dPhiAXYnLj35R6EJWVUjqHdjPUKdXwRX9HTbTQeDxVQE2UNjoA9e7iznou3jfe1lZn14WdhomdgK_GHmTMEihdoJfgh69UEPe5sgIPK4N4ZlVg2Zen0GT3Va3iXD8FX7dOnX0w6JCMtrd0NHFnGh6-tgffdefiWVArgGzDkRyuJyKFHRUU0O5/s600/sina-communicator%20levels.jpg"/></a></div>
<br>
<br>
The SINA Communicator supports up to three different networks, depending on the need of the user, which enable them to communicate at various German classification levels, or at (classified) networks of European and NATO partners, up to the level Secret.<br>
<br>
For access to a particular network at a particular classification level, users get a hardware token in the form of a small key for each network they are authorized to. The key for each network has to be plugged into the phone to provide two-factor authentication:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJkvV15BrWOiBcS6EpWNsdHvOIVeWQHfOBnnMFFl8iA38AjaEiXRiMaEfZRuR1YzXZJa_v5LCObB9ahjge98li8mmvHNZfTapt5Iorp1AlnmLm1sg4I0wuPnn9rP2peQ_ZwdDKAgaGlxdXCrZ70VAX9LOTsrIj5pFmhLTcgdDQfahNZgEUEEAKJnf2/s1920/sina-communicator%20tokens.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="1018" data-original-width="1920" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJkvV15BrWOiBcS6EpWNsdHvOIVeWQHfOBnnMFFl8iA38AjaEiXRiMaEfZRuR1YzXZJa_v5LCObB9ahjge98li8mmvHNZfTapt5Iorp1AlnmLm1sg4I0wuPnn9rP2peQ_ZwdDKAgaGlxdXCrZ70VAX9LOTsrIj5pFmhLTcgdDQfahNZgEUEEAKJnf2/s600/sina-communicator%20tokens.jpg"/></a></div>
<br>
<br>
The SINA Communicator can be used on dedicated government networks or directly on the public internet and is also <a href="https://www.behoerden-spiegel.de/wp-content/uploads/2021/10/AFCEA_Magazin_2021.pdf" target="_blank" title="See pdf-page 73">compatible</a> with the modernized command and control systems (<i>Harmonisierung der Führungsinformationssysteme</i> or HaFIS) of the German armed forces.<br>
<br>
The Communicator uses standard VoIP protocols, including the <a href="https://en.wikipedia.org/wiki/Session_Initiation_Protocol" target="_blank">Session Initiation Protocol</a> (SIP) for common commercial systems and the <a href="https://www.cryptomuseum.com/crypto/usa/scip.htm" target="_blank">Secure Communications Interoperability Protocol</a> (SCIP) for secure communications with NATO partners.<br>
<br>
Encryption is conducted with a "type A cryptographic suite" and key management through a <a href="https://en.wikipedia.org/wiki/Public_key_infrastructure" target="_blank">Public Key Infrastructure</a> (PKI) or the <a href="https://en.wikipedia.org/wiki/Internet_Key_Exchange" target="_blank">Internet Key Exchange version 2</a> (IKEv2), which can be upgraded to provide resistance against attacks by future quantum computers (PQC).<br>
<br>
<a name="update"></a>
<br>
<div class="blockquote">
<b>Update:</b><br>
<br>
In October 2022, minister of state in the foreign office Tobias Lindner <a href="https://twitter.com/tobiaslindner/status/1583374936172744704" target="_blank">tweeted</a> a high-resolution photo of the SINA Communicator in red, like the one on chancellor Scholz' desk (see below).<br>
<br>
The photo shows that in the upper right corner the phone is marked with the abbreviation R-VSK, which stands for <i>Ressortübergreifende Verschlusssachen-Kommunikation</i> or in English: Interagency Classified Communication. This version is for use at federal government ministries and is currently being rolled out. <br>
<br>
Next, foreign partners will be <a href="https://background.tagesspiegel.de/cybersecurity/sicher-ueber-geheimes-reden" target="_blank">included</a> (<i>International</i>, I-VSK) as well as companies where there's a need for secure communications with government agencies (<i>Firmen</i>, F-VSK). There are also plans to offer the system to German state governments (<i>Länderbehörden</i>).<br>
<br>
To ensure its availability, the SINA Communicator is <a href="https://background.tagesspiegel.de/cybersecurity/sicher-ueber-geheimes-reden" target="_blank">manufactured</a> both by secunet and <a href="https://en.wikipedia.org/wiki/Rohde_%26_Schwarz" target="_blank">Rohde & Schwarz</a>, the latter providing experience with secure communications for vehicles. The new phone system is also made redundant so it continues to function when there's a electricity blackout.<br>
</div>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYG-bMrQpjyEJH_ESz-dM113v9l4TXRnT7DYx3lAEdtlfJELxrJ2BnL3yFa5y9egkRYH66hLJJ59N6F0QciPpWRXQsN3aNTm5YWXKBSP2_BjDQigtSEWPtg2FG2UajBe8g-4qeCVJmXfg3uEn-ECLFgMFBSTB7KnID8Bzc-62qNWvOHbYiMA6NWBSp/s901/sina-communicator-red.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="901" data-original-width="900" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYG-bMrQpjyEJH_ESz-dM113v9l4TXRnT7DYx3lAEdtlfJELxrJ2BnL3yFa5y9egkRYH66hLJJ59N6F0QciPpWRXQsN3aNTm5YWXKBSP2_BjDQigtSEWPtg2FG2UajBe8g-4qeCVJmXfg3uEn-ECLFgMFBSTB7KnID8Bzc-62qNWvOHbYiMA6NWBSp/s600/sina-communicator-red.jpg"/></a></div>
<br>
<br>
The SINA Communicator comes standard in black; the version in red <a href="https://www.secunet.com/fileadmin/user_upload/06_secuview/secuview_21_2_DE_online.pdf" target="_blank" title="See page 7">seems</a> to be for German government users to communicate up to the classification level Secret. It's not clear why this is signified with an almost completely red device, instead of with a less-eyecatching marking. <br>
<br>
In the US, for example, the phones for calls at the highest level simply have a <a href="https://www.electrospaces.net/2018/11/trump-has-new-secure-phone-outside.html">bright yellow</a> bezel surrounding the display, but for the Oval Office apparently even that was standing out too much, so there the phone for secure calls looks almost <a href="https://www.electrospaces.net/2021/01/the-phones-in-president-bidens-oval.html">identical</a> to the one for regular phone calls, similar to the two Alcatel 4039 phones that had been on Scholz's desk.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgv_J2URSr3TZOmczCcW0zhY2mr2iYdxvTiwW1_Wt0vPTGH3ed_H5njJUKOgiiIfw0d5OyeVODA95P98kWzYoBcjS8lGAKHeLEU_wY6Z2UxNqbio0rOuyvIpXrgTtVTXLjKfN9bwGtUEX0LD89nUp-ucuIMyBCOhJgCJ_myIs9EG91-eK4ZMksJpbae/s1327/secunet-redphone.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="478" data-original-width="1327" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgv_J2URSr3TZOmczCcW0zhY2mr2iYdxvTiwW1_Wt0vPTGH3ed_H5njJUKOgiiIfw0d5OyeVODA95P98kWzYoBcjS8lGAKHeLEU_wY6Z2UxNqbio0rOuyvIpXrgTtVTXLjKfN9bwGtUEX0LD89nUp-ucuIMyBCOhJgCJ_myIs9EG91-eK4ZMksJpbae/s600/secunet-redphone.JPG"/></a></div>
<div align="center">
<font size="2">
Introduction of the SINA Commnicator H in red<br>
<font color="gray"> (<a href="https://www.secunet.com/fileadmin/user_upload/06_secuview/secuview_21_2_EN_online.pdf" target="_blank">source</a> - click to enlarge)</font><br>
</font>
</div>
<br>
<a name="sina"></a>
<br>
<font size="+2"><b>The SINA architecture</b></font><br>
<br>
The SINA Communicator is the latest addition to the <i>Sichere Inter-Netzwerk Architektur</i> or <a href="https://www.bsi.bund.de/EN/Themen/Oeffentliche-Verwaltung/Zulassung/SINA/sina.html" target="_blank">Secure Inter-Network Architecture</a> (SINA) to protect classified information and communications. Following a tender by the BSI, secunet <a href="https://www.bsi.bund.de/EN/Themen/Oeffentliche-Verwaltung/Zulassung/SINA/Historie/historie_node.html" target="_blank">started</a> developing the SINA architecture in 1999.<br>
<br>
SINA enables the secure processing, storage, transmission and documentation of classified information and consists of a range of terminals and network encryption devices, including:<br>
<br>
- <a href="https://www.secunet.com/en/solutions/sina-l2-box" target="_blank">SINA L2 Box</a>: Encryption at OSI layer 2 with data throughput of up to 100 GBit/s.<br>
<br>
- <a href="https://www.secunet.com/en/solutions/sina-l3-box" target="_blank">SINA L3 Box:</a> IPSec encryption at OSI layer 3 with data throughput of up to 5 GBit/s.<br>
<br>
- <a href="https://www.secunet.com/en/solutions/sina-workstation-e/h-client-v" target="_blank">SINA Workstation</a>: Providing secure access to both classified and unclassified networks.<br>
<br>
- <a href="https://www.secunet.com/en/products-consulting/sina-workflow" target="_blank">SINA Workflow</a>: Dedicated document management system for classified information<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWjCKQNAB50sPU8PBR87pHq1CwVxlmV7t3xYsFL-6G2zyc4p8Rv2seRb9WI1nQIr4nD73bPDvRoj2qiRgEf4qYEdq7ywoXWmVnxWSaPc4Bq53G7bHwHXPaZEQX-hC4tWi7t-uo8aF9XEWaSmRFAA_OYtK2ZRVmOVGVdZ-csc0h4v_BI5JGcs3VmAWH/s931/sina-components.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="579" data-original-width="931" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWjCKQNAB50sPU8PBR87pHq1CwVxlmV7t3xYsFL-6G2zyc4p8Rv2seRb9WI1nQIr4nD73bPDvRoj2qiRgEf4qYEdq7ywoXWmVnxWSaPc4Bq53G7bHwHXPaZEQX-hC4tWi7t-uo8aF9XEWaSmRFAA_OYtK2ZRVmOVGVdZ-csc0h4v_BI5JGcs3VmAWH/s600/sina-components.JPG"/></a></div>
<br>
<br>
<b>SINA encryption</b><br>
<br>
At the lower classification levels, message encryption was initially conducted via the classified cryptographic algorithm <a href="https://en.wikipedia.org/wiki/Chiasmus_%28cipher%29" target="_blank">CHIASMUS</a>, but this has been replaced with the publicly available <a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard" target="_blank">AES</a> block cipher. The SINA products also use the <a href="https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" target="_blank">Elliptic-curve Diffie-Hellman</a> (EC-DH) for key exchange and the Elliptic-curve German Digital Signature Algorithm (EC-GDSA).<br>
<br>
At the higher classification levels, SINA products used the classified cryptographic algorithm <a href="https://en-academic.com/dic.nsf/enwiki/2166713" target="_blank">LIBELLE</a>, which was stored on the <a href="https://de.wikipedia.org/wiki/Pluto_%28Kryptoprozessor%29" target="_blank">PLUTO</a> crypto processor made by Infineon. This chip was <a href="https://www.heise.de/newsticker/meldung/Sicherheitskooperation-zwischen-Innenministerium-und-IT-Sicherheitsunternehmen-95505.html" target="_blank">integrated</a> in a Hardware Security Module (HSM) called PEPP1, which was manufactured by Rohde & Schwarz. LIBELLE was gradually <a href="https://www.bsi.bund.de/EN/Themen/Oeffentliche-Verwaltung/Zulassung/SINA/Historie/historie_node.html" target="_blank">replaced</a> by a new classified encryption algorithm.<br>
<br>
<br>
<b>Usage of SINA products</b><br>
<br>
In Germany, SINA products are installed at goverment departments, military facilities, companies working with classified information and critical infrastructures. Also secured by SINA encryption devices are the wide-area networks for Secret information of the German foreign intelligence service BND, as well as the global secure network connecting German embassies via the internet.<br>
<br>
Data that are intercepted under Germany's lawful interception authorities are also secured by SINA network encryptors when they are <a href="https://de.wikipedia.org/wiki/Sichere_Inter-Netzwerk_Architektur#Anwendung" target="_blank">transferred</a> from the telecommunications provider to the appropriate government agency.<br>
<br>
SINA devices are also certified by the responsible authorities of <a href="https://www.ia.nato.int/niapc/Manufacturer/SECUNET_49" target="_blank">NATO</a> and the <a href="https://www.consilium.europa.eu/media/59710/st06573-re03-en22.pdf" target="_blank">European Union</a> and used by public institutions and commercial enterprises in other countries as well. Meanwhile, some 170,000 SINA products have been installed in over 30 countries.<br>
<br>
In the Netherlands, for example, the cybersecurity company Fox-IT equips <a href="https://www.cryptomuseum.com/crypto/secunet/sina/index.htm" target="_blank">SINA boxes</a> with its <a href="https://www.cryptomuseum.com/crypto/foxit/redfox/index.htm" target="_blank">RedFox</a> encryption module, which comes in a commercial version and one with classified algorithms for government users.<br>
<br>
<br>
<br>
<b>Links and Sources</b><br>
<font size="2">
- Tagesspiegel: <a href="https://background.tagesspiegel.de/cybersecurity/sicher-ueber-geheimes-reden" target="_blank">Sicher über Geheimes reden</a> (2022)<br>
- secunet: <a href="https://www.secunet.com/fileadmin/user_upload/02_Downloads/Produkt-_und_Serviceseiten_Brosch%C3%BCren_und_Factsheets/SINA_Produkte/Technische_Info/Factsheets_Englisch/SINA_Communicator_H_Factsheet_EN_01.pdf" target="_blank">SINA Communicator H factsheet</a><br>
- BSI: <a href="https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Broschueren/SINA.pdf?__blob=publicationFile&v=1" target="_blank">SINA Broschüre</a> (2016)<br>
- BILD: <a href="https://www.bild.de/politik/inland/politik-inland/ein-hauch-von-james-bond-wenn-beim-kanzler-das-rote-telefon-klingelt-81327700.bild.html" target="_blank">Wenn beim Kanzler das rote Telefon klingelt</a> (2022)<br>
- Der Spiegel: <a href="https://magazin.spiegel.de/EpubDelivery/spiegel/pdf/41834744" target="_blank">Im Kanzleramt</a> (2005)<br>
- Verwaltungsvorschriften: <a href="http://www.verwaltungsvorschriften-im-internet.de/BMI-OESII5-20180810-SF-A004.htm" target="_blank">Hinweise zur Handhabung von Verschlusssachen</a><br>
</font>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com0tag:blogger.com,1999:blog-4559002410879446409.post-37747951444491231292022-10-12T07:46:00.024+02:002023-10-25T14:59:31.586+02:00Jareh Dalke arrested for offering NSA documents to the Russians<div align="right"><font size="2" color="gray">(Updated: October 25, 2023)</font></div>
<br>
On September 28, the FBI <a href="https://www.justice.gov/usao-co/pr/former-nsa-employee-arrested-espionage-related-charges" target="_blank">arrested</a> Jareh S. Dalke, who attempted to sell the Russians some highly classified documents which he exfiltrated within less than a month after he started working at the NSA. Court records provide a lot of interesting details about this case, but also raise a number of questions.<br>
<br>
<div align="center" class="hidemobile">
<a href="#job">A job at the NSA</a> <a href="#russians">Contacting the Russians</a><br>
<br>
<a href="#documents">Highly classified documents</a> <a href="#conclusion">Conclusion</a><br>
</div>
<div align="center" class="hidedesktop">
<a href="#job">A job at the NSA</a><br>
<br>
<a href="#russians">Contacting the Russians</a><br>
<br>
<a href="#documents">Highly classified documents</a><br>
<br>
<a href="#conclusion">Conclusion</a><br>
</div>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAg32fvEwv3r3hrA3s_9juRP5bqG4gBHzzLd_0CuolvRWf1Q-T3RcGpcMvqpLoIhF5xiraBWVaQBZcpxkR5woirGlyV3aDZcXWqK5wNa1KLpNi5naK0duewS1bcBwrSyzmJRkwotkjHhBu11yvAo7Ln8rR1oK1litxM9r1Dz6vTqaffKis_8ZAw7jX/s800/dalke-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAg32fvEwv3r3hrA3s_9juRP5bqG4gBHzzLd_0CuolvRWf1Q-T3RcGpcMvqpLoIhF5xiraBWVaQBZcpxkR5woirGlyV3aDZcXWqK5wNa1KLpNi5naK0duewS1bcBwrSyzmJRkwotkjHhBu11yvAo7Ln8rR1oK1litxM9r1Dz6vTqaffKis_8ZAw7jX/s600/dalke-header.jpg"/></a></div>
<div align="center">
<font size="2">
Union Station in Denver, Colorado, where Jareh Dalke provided highly<br>
classified NSA documents to someone he assumed to be a Russian agent<br>
</font>
</div>
<br>
<a name="job"></a>
<br>
<br>
<font size="+2"><b>A job at the NSA</b></font><br>
<br>
At the time of his arrest, Jareh Sebastian Dalke lived in <a href="https://en.wikipedia.org/wiki/Colorado_Springs,_Colorado" target="_blank">Colorado Springs</a>, Colorado and was 30 years old. He had been a member of the US Army from 2015 to 2018 and obtained a bachelor in Cybersecurity and Information Assurance from Western Governor's University in 2019. According to his resume he also has a master's degree from Norwich University, which includes a focus on cyber policy and technical vulnerability analysis.<br>
<br>
On June 6, 2022, Dalke became a civilian employee of the NSA and started as an information systems security designer assigned to an NSA facility in the Washington DC metro area. Not mentioned in the court records is why Dalke took a job more than 1600 miles or 2600 kilometers from where he lived, while the NSA also has a regional <a href="https://www.electrospaces.net/2019/06/the-nsas-regional-cryptologic-centers.html#colorado">Cryptologic Center</a> in Denver, which is just 70 miles or 110 km from his hometown. <br>
<br>
It would have made more sense if Dalke only attended a training at the NSA facility near Washington, while his actual job would have been at the regional center in Denver - similar to Edward Snowden, who first attended a two-week training course at NSA headquarters before starting as an <a href="https://www.electrospaces.net/2019/12/review-of-snowdens-book-permanent.html#analyst">infrastructure analyst</a> at the NSA's regional center in Hawaii.<br>
<br>
<br>
<b>Security clearance</b><br>
<br>
For his new job at the NSA, Dalke's clearance for Secret information from his time at the Army was upgraded to a <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html#sci">Top Secret/SCI</a> clearance, which is common for almost everyone working at the NSA. This clearance requires the most rigorous <a href="https://veteran.com/how-to-get-ts-sci-clearance/" target="_blank">vetting</a>, which includes disclosing financial information like debts and bankruptcies going back seven years.<br>
<br>
According to court records, Dalke had <a href="https://www.justice.gov/opa/press-release/file/1539081/download" target="_blank">filed</a> for bankruptcy in December 2017 when he had some 32,000 USD in student loan debt and 51,000 USD in other non-secured debt, primarily from credit cards. Usually things like these are a red flag, as it makes someone vulnerable to blackmail or willing to sell classified information - which was exactly what happened in this case.<br>
<br>
<br>
<b>Exploiting a misconfiguration</b><br>
<br>
Once at the NSA, Dalke apparently soon <a href="https://www.justice.gov/opa/press-release/file/1539081/download" target="_blank">got</a> access to classified information beyond what he was allowed to see. This was due to "a misconfiguration in the system" as he later told his presumed Russian contact. It's asthonising that he found this flaw already within 10 days after he started his job: he printed one of the stolen classified documents already on June 17, 2022. Was this an extreme coincidence or was it orchestrated? <br>
<br>
A highly speculative theory could be that the Russians had Dalke recruited early on and urged him to apply for a position at the NSA (which could explain why he took a job that was 1600 miles away). Once Dalke was inside, the Russians gave him the details about the misconfiguration and which information he should look for. In the court records there's nothing that hints at this option, but also not much that contradicts it.<br>
<br>
<br>
<b>Printing classified documents</b><br>
<br>
Later, Dalke printed at least three additional documents with which he was able to walk out. Exfiltrating printed documents is easier than information in electronic form as the latter can be detected by detection gates. Earlier it had become clear that there <a href="http://www.zdnet.com/article/how-did-one-contractor-steal-50tb-of-nsa-data-easily-say-former-spies/" target="_blank">were</a> no pocket checks at the NSA and security guards only <a href="https://www.washingtonpost.com/world/national-security/nsa-contractor-thought-to-have-taken-classified-material-the-old-fashioned-way/2016/10/12/ffc25e22-8cb1-11e6-875e-2c1bfe943b66_story.html" target="_blank">conducted</a> random checks and used their discretion in order to keep and build the trust of the employees.<br>
<br>
It's not clear how Dalke transferred the classified documents to his presumed Russian contact, but he could have known that making a scan or a photo of a printed document still makes it individually <a href="https://en.wikipedia.org/wiki/Machine_Identification_Code" target="_blank">traceable</a>.<br>
<br>
That was painfully demonstrated by the case of former NSA employee <a href="https://en.wikipedia.org/wiki/Reality_Winner" target="_blank">Reality Winner</a>, who printed a document which she provided to the investigative website The Intercept. Due to sloppyness of The Intercept, the document was recognized and traced by the NSA, after which the FBI arrested Winner on June 3, 2017. <br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://s3.documentcloud.org/documents/3766950/NSA-Report-on-Russia-Spearphishing.pdf" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="506" data-original-width="948" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqQqtj1erkOcwueQ5jLyoTzxzxXfzwTCeJR4syUz28LCORG0TjcMg-nZH1gJMi1OfkZFpepaFhBG8qILLe8nmpD62_r7OkFhzB2yyHemf33VdSsyNBAlOTQr1X-vy0hX5nrPpOHI_I-jA-9f4-yIjBjfY_497Y5hItF9ANdFljl-Yt2KHlavjOGbZv/s600/winner-nsadocument.JPG"/></a></div>
<div align="center">
<font size="2">
The NSA document which Reality Winner leaked to The Intercept in 2017<br>
(click to view the full document)<br>
</font>
</div>
<br>
<a name="russians"></a>
<br>
<br>
<font size="+2"><b>Contacting the Russians</b></font><br>
<br>
According to the court records submitted by the FBI, Jareh Dalke abruptly left the NSA because of "a family illness that required him to be away for nine months, a period which the agency was unable to support." He submitted his resignation on June 28 and was debriefed from his TS/SCI clearance on July 1, 2022.<br>
<br>
At the end of July, Dalke began communicating with someone he believed to be associated with the Russian government, but who actuallly was an undercover agent of the FBI, a so-called Online Covert Employee (OCE). According to the FBI they exchanged encrypted e-mail messages through a legitimate foreign e-mail provider, likely the Swiss company <a href="https://en.wikipedia.org/wiki/ProtonMail" target="_blank">ProtonMail</a> or a similar secure e-mail provider. <br>
<br>
It's not known how Dalke came in contact with the undercover FBI agent, but he could have tried to contact for example the Russian embassy in Washington and was then detected by the FBI which closely monitors such communication channels. If so, the FBI could subsequently contact Dalke under the guise of being a Russian intelligence officer. <br>
<br>
<font size="2">
(Emptywheel <a href="https://www.emptywheel.net/2022/09/30/fbi-seems-to-be-collecting-offers-to-spy-for-russia/" target="_blank">noticed</a> that on the same day that Dalke was arrested, the FBI also arrested Jamie Lee Henry and her wife Anna Gabrielian, who wanted to <a href="https://www.the-sun.com/news/6332613/jamie-lee-henry-anna-gabrielian-major-russia-md/" target="_blank">provide</a> Russia with medical records of senior American military officers)<br>
</font>
<br>
<br>
<b>Dalke's motives</b><br>
<br>
According to court records, Dalke told the undercover FBI agent that he "recently learned that my heritage ties back to your country, which is part of why I have come to you as opposed to others". Although he had already left the NSA, he said that he worked for the US government because he "questioned our role in damage to the world in the past and by mixture of curiosity for secrets and a desire to cause change."<br>
<br>
Dalke then told his contact that he had "exfiltrated some information that is of a very high level" which was related to foreign targeting of US systems and information on cyber operations, among other topics.<br>
<br>
He <a href="https://www.justice.gov/opa/press-release/file/1539081/download" target="_blank">added</a> that at the moment he was on a temporary assignment elsewhere that didn't allow him access to such information, but that he planned to return to a position that would give him access to information from both the NSA and another government agency.<br>
<br>
<br>
<b>Proof of willingness</b><br>
<br>
Dalke offered the information in exchange for a specific kind of <a href="https://en.wikipedia.org/wiki/Cryptocurrency" target="_blank">cryptocurrency</a>, stating, "there is an opportunity to help balance scales of the world while also tending to my own needs." <br>
<br>
On August 5, the undercover FBI agent asked him for some proof, after which Dalke sent him three excerpts, two from Top Secret documents and one from a document classified as Secret. According to NSA records, Dalke had <a href="https://www.justice.gov/opa/press-release/file/1539081/download" target="_blank">printed</a> these documents on June 17, 22 and 23 and was also the only NSA employee to have printed all of these documents.<br>
<br>
On August 10, Dalke also sent his covert contact a full document from another US government agency, as a "show of good faith" and that he was "willing to provide full documents without reservation." This four-page document contained information about a foreign government leader and was classified SECRET//NOFORN.<br>
<br>
<br>
<b>Request for verification</b><br>
<br>
In two e-mails from August 23 and 24, Dalke <a href="https://www.justice.gov/opa/press-release/file/1539081/download" target="_blank">requested</a> his covert contact to verify that he was truly a representative of the Russian government. According to court records, Dalke claimed that he had reached out through "multiple published channels to gain a response. This included submission to the SVR TOR site."<br>
<br>
The <a href="https://en.wikipedia.org/wiki/Foreign_Intelligence_Service_%28Russia%29" target="_blank">SVR</a> is the Russian foreign intelligence agency, which apparently has a website on the anonymous <a href="https://en.wikipedia.org/wiki/Tor_%28network%29" target="_blank">TOR</a> network as well. Dalke requested a verification by a posting on an official website or through a report in a government-controlled Russian media outlet. It's not clear whether or how this was conducted, but the e-mail communications between Dalke and the undercover FBI agent continued.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLKWivg1JSyRHQ68E-Keee4yc2H7TO9RGjjBlc9LRAAbk7EMRz0sBlNEaVQVdJ6QbKvrKgI3QTBkdtNCo0n27iqa7eAhrblMoA2mXwMAZc7tVah8cmftQfIx_mUKUW4au2q-EsVKLNotnlo4yTt4jKxWcoX68TIqEv_MwFzTmCGbxn8ezTBYtGwFAt/s1665/svr-website.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="925" data-original-width="1665" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLKWivg1JSyRHQ68E-Keee4yc2H7TO9RGjjBlc9LRAAbk7EMRz0sBlNEaVQVdJ6QbKvrKgI3QTBkdtNCo0n27iqa7eAhrblMoA2mXwMAZc7tVah8cmftQfIx_mUKUW4au2q-EsVKLNotnlo4yTt4jKxWcoX68TIqEv_MwFzTmCGbxn8ezTBYtGwFAt/s600/svr-website.JPG"/></a></div>
<div align="center">
<font size="2">
The website of the Russian foreign intelligence agency SVR on the public internet<br>
</font>
</div>
<br>
<br>
<b>Seeking additional information</b><br>
<br>
On August 26, Dalke <a href="https://www.justice.gov/opa/press-release/file/1539081/download" target="_blank">claimed</a> that his total debt was already some 237,000 USD and that 93,000 USD was coming due very soon. Accordingly, he requested 85,000 USD in return for all the classified information he had in his possession - a remarkably risky way of solving debts, given the high salaries which Dalke, with his TS/SCI clearance, could have <a href="https://sdi.ai/blog/benefits-of-having-a-security-clearance-it-industry/" target="_blank">expected</a> when he would take a job in the private sector.<br>
<br>
Dalke even told his contact that he would share additional information in the future, once he returned to the Washington DC area. And indeed, on August 11 he had applied to an external vacancy at the NSA again. The NSA's Human Resources Department was unaware of the FBI investigation into Dalke and conducted a telephonic interview with him on August 24, in which he expressed his desire to return to the agency. <br>
<br>
This is very similar to Snowden, who took his <a href="https://www.electrospaces.net/2019/12/review-of-snowdens-book-permanent.html#analyst">last job at the NSA</a> to get even more access. But while Snowden was looking for additonal information about NSA collection efforts, Dalke was apparently primarily interested in the money and appeared much less careful in hiding his digital traces.<br>
<br>
On August 25, the undercover FBI agent sent a second amount of cryptocurrency to an address that Dalke had provided. A few days later, Dalke <a href="https://www.justice.gov/opa/press-release/file/1539081/download" target="_blank">deposited</a> a similar amount of the same type of cryptocurrency on an account in his true name at the cryptocurrency exchange <a href="https://en.wikipedia.org/wiki/Kraken_%28company%29" target="_blank">Kraken</a>, from which he withdrew the same amount in US dollars (ca. 4,500 USD) and deposited it at his bank account.<br>
<br>
<br>
<b>Final transfer and arrest</b><br>
<br>
After much back and forth, Dalke and the undercover FBI agent agreed to transfer the full documents in Denver, Colorado. Dalke was <a href="https://s3.documentcloud.org/documents/23127610/dalke-indictment.pdf" target="_blank">told</a> that a secure connection would be available at Union Station, on September 28, 2022, between 11:30 a.m. and 3:30 p.m., during which time he could transmit the classified material.<br>
<br>
We don't know how this electronic <a href="https://en.wikipedia.org/wiki/Dead_drop" target="_blank">dead drop</a> worked, but a likely option would be a secure wifi connection. That allows communicating at a certain distance without meeting in person or using the telephone network or the internet.<br>
<br>
On September 28, Dalke arrived at <a href="https://en.wikipedia.org/wiki/Denver_Union_Station" target="_blank">Union Station</a> and used his laptop to transfer five documents via the secure connection. Right after that he was <a href="https://www.justice.gov/usao-co/pr/former-nsa-employee-arrested-espionage-related-charges" target="_blank">arrested</a> by the FBI.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQnDIicYMdTwJhMTzZJsdclk0cnGuyG4p7UFGEvyG4l9gzjL0QqtOo2V6rhnq9HOJGmMXWcOlcpstY6D07BX3bsR1UweEkubQ8mEN9RIzPYAlZJ1oumkVFuxnwW0vm30_pdJSBe2uEFbLCQ46terzwfAbIXVqa9dcGDkQZ_HayNQwmXgSI_gwSs0Ef/s800/Denver_union_station1.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="600" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQnDIicYMdTwJhMTzZJsdclk0cnGuyG4p7UFGEvyG4l9gzjL0QqtOo2V6rhnq9HOJGmMXWcOlcpstY6D07BX3bsR1UweEkubQ8mEN9RIzPYAlZJ1oumkVFuxnwW0vm30_pdJSBe2uEFbLCQ46terzwfAbIXVqa9dcGDkQZ_HayNQwmXgSI_gwSs0Ef/s600/Denver_union_station1.jpg"/></a></div>
<div align="center">
<font size="2">
Union Station in Denver, Colorado<br>
</font>
</div>
<br>
<a name="documents"></a>
<br>
<br>
<font size="+2"><b>Highly classified documents</b></font><br>
<br>
In Denver, Dalke had sent the undercover FBI agent the following five documents:<br>
<br>
<b>1.</b> A letter in which he wrote that he was very happy to provide the information and asked whether there were any desired documents which he was willing to find when he returned to his main office.<br>
<br>
<b>2.</b> A ten-page typed document containing additional information related to the threat assessment of the military offensive capabilities of a foreign government (source of excerpt 1 which Dalke had sent his covert contact earlier on).<br>
Classification: TS//SI-G//OC/REL TO USA, CAN, GBR/FISA<br>
<br>
<b>3.</b> A fourteen-page typed document containing additional information related to sensitive US defense capabilities, a portion of which relates to a foreign government (source of excerpt 3).<br>
Classification: TS//SI-G//OC/NF<br>
<br>
<b>4.</b> A fourteen-page typed document containing additional information regarding plans to update a certain cryptographic program (source of excerpt 2).<br>
Classification: TS//SI-G//OC/NF<br>
<br>
<b>5.</b> A fourteen-page typed annex containing additional information related to the plans to update a certain cryptographic program (source of excerpt 2).<br>
Classification: TS//SI-G//OC/NF<br>
<br>
<br>
The abbreviations in these classification markings stand for:<br>
<br>
- TS = Top Secret (release would cause exceptionally grave damage to national security)<br>
<BR>
- SI = Special Intelligence (intelligence from intercepted foreign communications)<br>
<br>
- G = GAMMA (highly sensitive communications intercepts)<br>
<BR>
- OC = ORCON (the originator of the information controls to whom it is released)<br>
<br>
- NF = NOFORN (the information may not be disclosed to foreign nationals)<br>
<br>
- REL TO USA, CAN, GBR (Releasable to the US, Canada and the United Kingdom)<br>
<br>
- FISA (information derived from FISA collection inside the US)<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html">The US Classification System</a><br>
</div>
<br>
<b>The GAMMA compartment</b><br>
<br>
It is remarkable that all four documents which Jareh Dalke eventually transferred to his covert contact have the classification marking GAMMA, which is a compartment of the Special Intelligence (SI) control system to provide additional protection for highly sensitive communication intercepts. <br>
<br>
Such documents are of course closely guarded and even among the more than thousand documents published during the Snowden revelations, there were none from the GAMMA compartment. The Snowden trove did include 12 entries of the NSA's internal <a href="https://www.electrospaces.net/2021/12/about-intellipedia-and-other-us.html#wikiinfo">WikiInfo</a> platform which has the maximum classification level TOP SECRET//SI-GAMMA/TALENT KEYHOLE, but these particular entries have no GAMMA information in them.<br>
<br>
In 2015, however, Wikileaks had <a href="https://www.electrospaces.net/2015/06/wikileaks-publishes-some-of-most-secret.html">published</a> a number of intelligence reports from the GAMMA compartment about the <a href="https://wikileaks.org/nsa-france/intercepts/" target="_blank">French president</a>, the <a href="https://wikileaks.org/nsa-germany/intercepts/" target="_blank">German chancellor</a> and the <a href="https://wikileaks.org/nsa-un/intercepts/" target="_blank">UN secretary general</a>. They were part of a series of documents, provided by a still unknown source, which were even more embarrassing for the US government than most of the Snowden files.<br>
<br>
<div align="right">
> See: <a href="https://www.electrospaces.net/2015/12/leaked-documents-that-were-not.html">Leaked documents that were not attributed to Snowden</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkCyHUb_BGhVxifGxmJC9KyS4-nUTSqdn_1QGquEpSDOvpu8W2LQshWBcvDCj2NKwn28dj5Z3CETbwJx3IHnr-s2O74seOssAddO56xsgdgsl5KjoNQtBSfR66JTBWmDMyK9hBmBvhvRU/s1600/wikileaks-france-nsa-comint-gamma.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkCyHUb_BGhVxifGxmJC9KyS4-nUTSqdn_1QGquEpSDOvpu8W2LQshWBcvDCj2NKwn28dj5Z3CETbwJx3IHnr-s2O74seOssAddO56xsgdgsl5KjoNQtBSfR66JTBWmDMyK9hBmBvhvRU/s1600/wikileaks-france-nsa-comint-gamma.jpg" title="NSA intelligence report about an intercepted conversation between François Hollande and Jean-Marc Ayrault" width="500"></a><br>
<font size="2">
Intelligence report classified TOP SECRET//COMINT-GAMMA,<br>
published by Wikileaks in 2015<br>
<font color="gray">(click to enlarge)</font><br>
</font></div>
<br>
<a name="conclusion"></a>
<br>
<br>
<font size="+2"><b>Conclusion</b></font><br>
<br>
Almost ten years after Snowden left the NSA with several hundred thousand files, it's remarkable and surprising that it's apparently still possible that someone gets a job there and just walks out with highly sensitive documents - within less than a month! <br>
<br>
However, as the court records leave several key questions unanswered, we don't known whether Jareh Dalke was just "lucky" to find a way to solve his debts, or whether he was part of a more sophisticated Russian spying operation.<br>
<br>
As former NSA general counsel Rajesh De <a href="https://www.theguardian.com/us-news/2016/oct/08/accused-nsa-contractor-harold-martin-ex-wife-interview-classified-information" target="_blank">explained</a> back in 2016, it is unlikely "you’re going to be able to stop every incident of somebody taking documents if they’re determined to do so. But the real question is how quickly can you detect it, how quickly can you mitigate the harm of any such incident." That at least seems to have gone well in this case.<br>
<br>
<div class="blockquote">
<b>Update:</b><br>
On October 23, 2023, Dalke <a href="https://www.c4isrnet.com/federal-oversight/doj-fbi/2023/10/23/former-nsa-worker-pleads-guilty-to-trying-to-sell-us-secrets-to-russia/?utm_source=sailthru&utm_medium=email&utm_campaign=c4-cyber" target="_blank">pleaded</a> guilty. Federal prosecutors agreed to not ask for more than about 22 years in prison. Dalke will be sentenced in April 2024.<br>
</div>
<br>
<br>
<br>
<b>Links and sources</b><br>
<font size="2">
- Court records: <a href="https://www.justice.gov/opa/press-release/file/1539081/download" target="_blank">Affidavit</a> (Sept. 27) - <a href="https://s3.documentcloud.org/documents/23127610/dalke-indictment.pdf" target="_blank">Indictment</a> (Oct. 7)<br>
- Schneier on Security: <a href="https://www.schneier.com/blog/archives/2022/10/nsa-employee-charged-with-espionage.html" target="_blank">NSA Employee Charged with Espionage</a> (Oct. 4, 2022)<br>
- Clearancejobs: <a href="https://news.clearancejobs.com/2022/09/30/ex-nsa-employee-arrested-by-fbi-for-attempted-espionage/" target="_blank">Ex-NSA Employee Arrested by FBI for Attempted Espionage</a> (Sept. 30, 2022)<br>
- Emptywheel: <a href="https://www.emptywheel.net/2022/09/30/fbi-seems-to-be-collecting-offers-to-spy-for-russia/" target="_blank">FBI Seems to Be Collecting Offers to Spy for Russia</a> (Sept. 30, 2022)<br>
- The New York Times: <a href="https://www.nytimes.com/2022/09/30/us/nsa-espionage-colorado.html" target="_blank">Former National Security Agency Employee Charged With Espionage</a> (Sept. 30, 2022)<br>
</font>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com1tag:blogger.com,1999:blog-4559002410879446409.post-48115347985178664932022-09-21T08:49:00.178+02:002023-10-13T13:29:33.486+02:00The highly classified documents found at Trump's residence Mar-a-Lago<div align="right"><font size="2" color="gray">(Updated: July 21, 2023)</font></div>
<br>
This weblog is not only about signals intelligence, communications security and top level telecommunications equipment, but also about the <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html">US Classification System</a>, which is equally fascinating in all its complexities.<br>
<br>
Recently, an unprecedented photo from the FBI provided a unique look at highly classified documents which former US president Donald Trump stole from the <a href="https://en.wikipedia.org/wiki/White_House" target="_blank">White House</a> and stored at his private residence <a href="https://en.wikipedia.org/wiki/Mar-a-Lago" target="_blank">Mar-a-Lago</a> in Florida.<br>
<br>
Here I'll provide a detailed explanation of these documents, as well as where they apparantly came from. <br>
<br>
<div align="center" class="hidemobile"><b>
<a href="#moving">Moving to Mar-a-Lago</a> <a href="#search">The search at Mar-a-Lago</a><br>
<br>
<a href="#cover">Cover sheets</a> <a href="#detailed">The detailed property inventory</a> <a href="#boxes">Trump's boxes</a><br>
<br>
<a href="#indictment">Update: The indictment</a>
</b></div>
<div align="center" class="hidedesktop"><b>
<a href="#moving">Moving to Mar-a-Lago</a><br>
<br>
<a href="#search">The search at Mar-a-Lago</a><br>
<br>
<a href="#cover">Cover sheets</a><br>
<br>
<a href="#detailed">The detailed property inventory</a><br>
<br>
<a href="#boxes">Trump's boxes</a><br>
<br>
<a href="#indictment">Update: The indictment</a>
</b></div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYVbTZwHFdQ7lx7_BbnZ1OIXXcNgTMyVRYKBZ_ZV8xxnISR6Dv_LZn4Qv9SijjT1CWtmasoJcA6DXjuy-vpn0efJdZXKTf2fCE5D1hzzAaSOygJiqsu_niplVy16Reb4EkeGmUCYzi-2ZBLvupfrmEZjyjZFLkq_2vlfKqtQUCnpQ8LgLNsQ3_9tHO/s800/mar-a-lago%20search%20header2.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYVbTZwHFdQ7lx7_BbnZ1OIXXcNgTMyVRYKBZ_ZV8xxnISR6Dv_LZn4Qv9SijjT1CWtmasoJcA6DXjuy-vpn0efJdZXKTf2fCE5D1hzzAaSOygJiqsu_niplVy16Reb4EkeGmUCYzi-2ZBLvupfrmEZjyjZFLkq_2vlfKqtQUCnpQ8LgLNsQ3_9tHO/s600/mar-a-lago%20search%20header2.jpg"/></a></div>
<div align="center">
<font size="2">
Mar-a-Lago and the highest classified documents which the FBI found in Trumps office<br>
</font>
</div>
<br>
<a name="moving"></a>
<br>
<br>
<font size="+2"><b>Moving to Mar-a-Lago</b></font><br>
<br>
On January 20, 2021, former president Donald J. Trump left the White House and moved his belongings to his residence Mar-a-Lago in Palm Beach, Florida. The <a href="https://en.wikipedia.org/wiki/National_Archives_and_Records_Administration" target="_blank">National Archives and Records Administration</a> (NARA) subsequently learned of approximately <a href="https://www.emptywheel.net/2022/10/03/nara-asked-for-24-boxes-trump-gave-them-15/" target="_blank">two dozen</a> boxes of presidential records that had not been returned to it as required under the <a href="https://en.wikipedia.org/wiki/Presidential_Records_Act" target="_blank">Presidential Records Act</a> (PRA).<br>
<br>
Late 2021, officials at the archives <a href="https://www.washingtonpost.com/politics/2022/02/12/trump-15-boxes/" target="_blank">warned</a> Trump's team that there could be a referral to the Justice Department or an alert to Congress if he continued to refuse to comply with the PRA. Apparently, Trump ultimately <a href="https://www.nytimes.com/2022/08/22/us/politics/trump-mar-a-lago-documents.html" target="_blank">went through</a> several boxes at Mar-a-Lago himself and late December, his lawyers informed the NARA that they had found 12 boxes of documents and that they were ready for retrieval.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilR3az-BlvMT_PnR_h9EsHJfNvBqfcwrL6tDt038jOM5u7dR3Dnwa1c-RD8EFFIEtE1fss4mKrfMLzFFhG690a-HIE-Mp6qjbiE8WuOCiRU4oEyNz-zQFNQ-kck3KolpH7lDwHQTzhp1P_GXsXibHLzIF3aN82-5cN1Qv48voChB-Mnu0b-zKYH3Xr/s904/mar-a-lago-wikimedia.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="575" data-original-width="904" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilR3az-BlvMT_PnR_h9EsHJfNvBqfcwrL6tDt038jOM5u7dR3Dnwa1c-RD8EFFIEtE1fss4mKrfMLzFFhG690a-HIE-Mp6qjbiE8WuOCiRU4oEyNz-zQFNQ-kck3KolpH7lDwHQTzhp1P_GXsXibHLzIF3aN82-5cN1Qv48voChB-Mnu0b-zKYH3Xr/s904/mar-a-lago-wikimedia.jpg"/></a></div>
<div align="center">
<font size="2">
Donald Trump's residence Mar-a-Lago in Palm Beach, Florida, March 2019<br>
<font color="gray">(White House photo - click to enlarge)</font><br>
</font>
</div>
<a name="15boxes"></a>
<br>
<br>
<b>15 boxes retrieved</b><br>
<br>
On January 18, 2022, the NARA finally retrieved 15 boxes of records from Mar-a-Lago, containing presidential records and other sensitive material, along with various news clippings and other miscellanea. In its initial review of the materials within those boxes, NARA <a href="https://storage.courtlistener.com/recap/gov.uscourts.flsd.618763/gov.uscourts.flsd.618763.48.1_2.pdf" target="_blank" title="See pdf-page 6">identified</a> classified documents marked up to the level of Top Secret, including <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html#sci">Sensitive Compartmented Information</a> (SCI) and <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html#sap">Special Access Programs</a> (SAP).<br>
<br>
On February 9, NARA told the Department of Justice (DOJ) that the 15 boxes contained highly classified records that were "unfoldered, intermixed with other records and otherwise unproperly identified." President Biden granted the FBI access to the boxes for examination and by May, the bureau had identified classified documents in 14 of the 15 boxes. In total, there were 184 classified documents, 67 of which were marked Confidential, 92 Secret and 25 Top Secret.<br>
<br>
<br>
<b>Criminal investigation</b><br>
<br>
Former president Trump then attempted to delay the DOJ's review of the materials by asserting executive privilege over the documents. After the Assistant Attorney General for the Office of Legal Counsel rejected this claim, the FBI launched a criminal investigation to determine:<br>
<br>
- How these classified documents were removed from the White House; <br>
- Whether Mar-a-Lago was an authorized storage location for those documents; <br>
- Whether additional classified documents had been removed from the White House; <br>
- Which individuals were involved in the removal and storage of the documents at Mar-a-Lago.<br>
<br>
A grand jury was installed and the FBI began interviewing several of Trump's personal aides as well as three former White House lawyers who had been among Trump's representatives to the archives. <br>
<a name="classification"></a>
<br>
<br>
<font size="+1"><b>Classification markings</b></font><br>
<br>
On May 11, former president Donald J. Trump was served with a grand jury subpoena which <a href="https://storage.courtlistener.com/recap/gov.uscourts.flsd.618763/gov.uscourts.flsd.618763.48.1_2.pdf" target="_blank" title="See pdf-page 11">ordered</a> him to hand over any and all documents bearing at least the following classification markings:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIIQecs6OA25trLWV0NuUGTBcellX7CgzRrXamK6vD0z39FyreXsGatmIJmrh1PhVoOHDcQS_xhgDUtE2xCswWO8HTeZVEBilEu-jxeavRX-qIxjiPt2z07jFViJKK3RzJKlepmSstMbZJw_5OCmqA0uRxqxKz-42qVN2eQmc7zQ-R85pkacnJqLeL/s1236/list.JPG" style="display: block; text-align: center;" target="_blank"><img alt="" border="0" width="600" data-original-height="457" data-original-width="1236" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIIQecs6OA25trLWV0NuUGTBcellX7CgzRrXamK6vD0z39FyreXsGatmIJmrh1PhVoOHDcQS_xhgDUtE2xCswWO8HTeZVEBilEu-jxeavRX-qIxjiPt2z07jFViJKK3RzJKlepmSstMbZJw_5OCmqA0uRxqxKz-42qVN2eQmc7zQ-R85pkacnJqLeL/s1236/list.JPG"/></a></div>
<br>
<br>
These classification markings contain a lot of lesser-known abbreviations, which are explained in my earlier overview of the <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html">US Classification System</a>. They are, in order of appearance:<br>
<br>
- SI = Special Intelligence (intelligence from intercepted communications)<br>
- G = GAMMA (sensitive communication intercepts)<br>
- NOFORN = No Foreign Nationals<br>
- ORCON = Originator Controlled<br>
- HCS = HUMINT Control System (intelligence from human sources)<br>
- HCS-O = HCS Operations (HUMINT operations and methods)<br>
- HCS-P = HCS Product (HUMINT intelligence reports)<br>
- TK = TALENT-KEYHOLE (intelligence from satellite collection)<br>
- TS = Top Secret (release would cause exceptionally grave damage to national security) <br>
- SAP = Special Access Program (non-intelligence equivalent of SCI)<br>
- NF = NOFORN (see above)<br>
- OC = ORCON (see above)<br>
- FRD = Formerly Restricted Data (about nuclear weapons)<br>
- NATO = Releasable to NATO partners<br>
- S = Secret (release would cause serious damage to national security)<br>
- C = Confidential (release would cause damage to national security)<br>
<br>
This list may have been based upon the classification markings that the FBI found on the documents in the boxes that had already been retrieved by the National Archives, but <a href="https://www.washingtonpost.com/national-security/2022/09/06/trump-nuclear-documents/" target="_blank">according</a> to The Washington Post, the goal of the list was to ensure recovery of all classified records, and not just those that investigators had reason to believe might be at Mar-a-Lago. This becomes clear from the fact that the list contains all possible combinations of the various markings.<br>
<br>
<a name="nuclear"></a>
<br>
<b>Nuclear weapons information?</b><br>
<br>
Therefore the markings in the list don't say whether or not certain kinds of information were present at Mar-a-Lago. That especially applies to press reports <a href="https://www.theguardian.com/us-news/2022/aug/12/fbi-search-trump-mar-a-lago-home-classified-nuclear-weapons-documents-report" target="_blank">saying</a> that among the things that Trump was still hiding were documents about nuclear weapons, which was likely based upon the FRD marking in the list. Given that this marking is only listed once, there may have been only very few if not just one single document with nuclear weapons information, with many more about signals intelligence (SI) and human intelligence (HCS).<br>
<br>
In an <a href="https://storage.courtlistener.com/recap/gov.uscourts.flsd.617854/gov.uscourts.flsd.617854.102.1.pdf" target="_blank">affidavit</a> from August 5, the FBI listed the statutory authorities upon which it based its application for a search warrant:<br>
<br>
- 18 USC 793(e), the Espionage Act<br>
- 18 USC 1519, obstruction<br>
- 18 USC 2071, willfully removing information<br>
- 44 USC 2201, the Presidential Records Act<br>
- 44 USC 3301(a), the Federal Records Act<br>
- EO 13526, the Executive Order governing classified information<br>
<br>
Not listed was the <a href="https://en.wikipedia.org/wiki/Atomic_Energy_Act_of_1946" target="_blank">Atomic Energy Act</a> (AEA), so apparently the FBI didn't expect to find classified documents about American nuclear weapons. However, on September 6, it was <a href="https://www.washingtonpost.com/national-security/2022/09/06/trump-nuclear-documents/" target="_blank">reported</a> that among the thousands of documents which the FBI eventually seized at Mar-a-Lago, there was one document that <a href="https://www.emptywheel.net/2022/09/07/team-trump-knows-details-of-the-investigation-that-jay-bratt-does-not/" target="_blank">described</a> a "foreign government's military defenses, including its nuclear capabilities" - which is much less secret and sensitive than information about American weapons.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKtcIlHNeYRlb117dc2-OucWM2N6k93JvGDwBSKOeRExvUSjsbxS8A39nx31s151HrQiubxpwmTYO3B2oJwvo6svXTrHxHIxtcxTvWjKoZq_a34D1qhqbIg-hC115etEiimhJqNkTAamMKtlhzs7fvOF42FjRm02SeKqmpT2QHKyEs95kvFtT4wsIW/s800/mar-a-lago%20agents.JPG" style="display: block; text-align: center; " target="_blnank"><img alt="" border="0" width="500" data-original-height="529" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKtcIlHNeYRlb117dc2-OucWM2N6k93JvGDwBSKOeRExvUSjsbxS8A39nx31s151HrQiubxpwmTYO3B2oJwvo6svXTrHxHIxtcxTvWjKoZq_a34D1qhqbIg-hC115etEiimhJqNkTAamMKtlhzs7fvOF42FjRm02SeKqmpT2QHKyEs95kvFtT4wsIW/s600/mar-a-lago%20agents.JPG"/></a></div>
<div align="center">
<font size="2">
Secret Service agents stand outside an entrance to Mar-a-Lago, August 8, 2022<br>
<font color="gray">(Photo: Terry Renna/Associated Press - click to enlarge)</font><br>
</font>
</div>
<a name="misleading"></a>
<br>
<br>
<b>A misleading statement</b><br>
<br>
On June 3, 2022, the DoJ's Chief of Counterintelligence Jay Bratt and some FBI agents visited Mar-a-Lago where they received 38 additional classified documents, including 17 labeled Top Secret, in "a single Redweld envelope, double-wrapped in tape". One of Trump's lawyers signed a <a href="https://storage.courtlistener.com/recap/gov.uscourts.flsd.618763/gov.uscourts.flsd.618763.48.1_2.pdf" target="_blank" title="See pdf-page 16">statement</a> asserting that they had conducted a diligent search of the boxes from the White House and handed over the remaining classified material.<br>
<br>
The FBI was informed that all of the records from the White House had been kept in one particular storage room and that "there were no other records stored in any private office space or other location at the Premises and that all available boxes were searched." However, government personnel <a href="https://www.emptywheel.net/2022/08/31/christina-bobb-claimed-no-copies-of-the-stolen-classified-documents-had-been-made/" target="_blank">was</a> "explicitly prohibited from opening or looking inside any of the boxes that remained in the storage room."<br>
<br>
<div class="blockquote">
<b>Updates:</b><br>
<br>
According to court records, the FBI agents and the DOJ counsel who were permitted to see the storage room on June 3, 2022, <a href="https://www.emptywheel.net/2022/10/13/on-august-8-there-were-at-least-73-items-where-the-fbi-had-seen-50-55-boxes-on-june-3/" target="_blank">observed</a> that there were approximately 50 to 55 boxes in that room, besides a coat rack with suit jackets, as well as interior decor items such as wall art and frames.<br>
<br>
An unknown number of those boxes may have come from five (later repacked to six) pallets with about 85 document boxes which in July 2021 were <a href="https://www.bloomberg.com/news/articles/2022-10-05/trump-says-feds-packed-top-secret-mar-a-lago-documents-foia-says-they-didn-t" target="_blank">shipped</a> from a temporary office space used by Trump's staff in Arlington, Virginia to Mar-a-Lago (2 pallets) and a facility of <a href="https://en.wikipedia.org/wiki/Life_Storage" target="_blank">Life Storage</a> (4 pallets) in West Palm Beach, Florida.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFQa7ObSHnnvR9lNATUQF4YAJVBeBH7HkvrTwWxUEnGE-qZPmI9l6AdOgUH9v8GceJLTY1ikjnptueVQzLT4fCxxXwEINg2biMU2ktbN5HoAJDsGwtHpjkNtjTPMdFmm3UbLO7BC2lvyEeg1Mc3jK0s2r8f5QwDjnyCFVwe2uUHmRG0cJXTLPMg8Qi/s800/mar-a-lago%20virginia%20pallets.png" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="605" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFQa7ObSHnnvR9lNATUQF4YAJVBeBH7HkvrTwWxUEnGE-qZPmI9l6AdOgUH9v8GceJLTY1ikjnptueVQzLT4fCxxXwEINg2biMU2ktbN5HoAJDsGwtHpjkNtjTPMdFmm3UbLO7BC2lvyEeg1Mc3jK0s2r8f5QwDjnyCFVwe2uUHmRG0cJXTLPMg8Qi/s600/mar-a-lago%20virginia%20pallets.png"/></a></div>
<div align="center">
<font size="2">
Five pallets of boxes ready for shipment from Virginia to Florida, July 2021<br>
<font color="gray">(photo: GSA via FOIA request by Bloomberg)</font><br>
</font>
</div>
<br>
<br>
According to the <a href="https://s3.documentcloud.org/documents/23839636/230609-trump-indictment.pdf" target="_blank">indictment</a> filed by the Justice Department on June 9, 2023, Trump's aid Walt Nauta started to move boxes out of the Mar-a-lago storage room on May 22, 2022. In the next days, he <a href="https://www.emptywheel.net/2023/06/11/mind-the-gap-it-was-the-musician-in-the-storage-closet-with-the-five-eyes-secrets/" target="_blank">moved</a> a total of 65 boxes out of the room and on June 2, he moved 30 boxes back. Right after that, Trump's lawyer Evan Corcoran conducted a review to see whether the boxes contained classified documents.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYRnCzzNwFHYXAScAGN4c8dN6Cahgg0SZvVgVTl94EHilIvMaa5egQPZdpSD4JKKXvapD9FmcFPyCb5QYkOHAbaqpZNayD3IAC2V2cF7Xl1la4LCLVLlnflrc9c17URt80TogF3LQMEOx3uMmGoJDp5hSDD91Z6kf_oUx7gFZzBGPJN9irsHh80sYm/s803/mar-a-lago%20indictment4.png" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="718" data-original-width="803" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYRnCzzNwFHYXAScAGN4c8dN6Cahgg0SZvVgVTl94EHilIvMaa5egQPZdpSD4JKKXvapD9FmcFPyCb5QYkOHAbaqpZNayD3IAC2V2cF7Xl1la4LCLVLlnflrc9c17URt80TogF3LQMEOx3uMmGoJDp5hSDD91Z6kf_oUx7gFZzBGPJN9irsHh80sYm/s600/mar-a-lago%20indictment4.png"/></a></div>
<div align="center">
<font size="2">
Boxes in the storage room of Trump's residence Mar-a-Lago<br>
<font color="gray">(photo from the indictment - click to enlarge)</font><br>
</font>
</div>
</div>
<br>
<a name="search"></a>
<br>
<br>
<font size="+2"><b>The search at Mar-a-Lago</b></font><br>
<br>
On August 5, 2022, a federal judge signed a <a href="https://storage.courtlistener.com/recap/gov.uscourts.flsd.617854/gov.uscourts.flsd.617854.17.0_10.pdf" target="_blank">search warrant</a> for Mar-a-Lago on the grounds that "National Defense Information" (NDI) had been found in the boxes NARA retrieved from Mar-a-Lago and that there was probable cause to believe that additional documents containing such information remained at Trump's estate.<br>
<br>
Three days later, FBI agents searched the Mar-a-Lago estate and seized what initially appeared to be 12 boxes of documents. Classified material was recovered from a storage room in the basement and from a container on the floor of a closet in a former dressing room of the bridal suite above the ballroom, which now <a href="https://www.huffpost.com/entry/donald-trump-mar-a-lago-office_n_608a6d87e4b05af50dbfc757" target="_blank">serves</a> as Trump's office, also known as the "45 office".<br>
<a name="items"></a>
<br>
<br>
<b>Items seized by the FBI</b><br>
<br>
The result of this search is described in a form called "<a href="https://storage.courtlistener.com/recap/gov.uscourts.flsd.617854/gov.uscourts.flsd.617854.17.0_10.pdf?fbclid=IwAR2z90eJy_6FGOY7fRmxNCWHDcPSySYoewGeWFfjFDo2cPTujYxsMJJOvE4" target="_blank" title="See pdf-page 5 & 6">Receipt for Property</a>" which lists 33 items, mostly boxes, which were (discontinuously) labeled A-1 to A-73. Besides the boxes there were also some separate documents, notes and binders of photos. A detailed discussion of these seized materials can be found at the <a href="https://www.emptywheel.net/2022/09/01/no-one-puts-roger-stone-in-a-box/" target="_blank">emptywheel</a> weblog.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAlA0OWmr4Bj3FbbhvzToGbX0Vz61O31IWYQqnsPhlw_cDRd4mACKfGRxAnMuY20xEgQw_2ug8NwVT31iZSMBv_T89ZSCNfavJkXnXF9QqnBb1pFOKPUdlM3MN9XYTVfhwyWGubn9my1lBkfYd538m4YpwIKHnHH5q_WJPc_uSAgT5TFAFdlw4B89f/s956/mar-a-lago%20receipt.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="804" data-original-width="956" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAlA0OWmr4Bj3FbbhvzToGbX0Vz61O31IWYQqnsPhlw_cDRd4mACKfGRxAnMuY20xEgQw_2ug8NwVT31iZSMBv_T89ZSCNfavJkXnXF9QqnBb1pFOKPUdlM3MN9XYTVfhwyWGubn9my1lBkfYd538m4YpwIKHnHH5q_WJPc_uSAgT5TFAFdlw4B89f/s956/mar-a-lago%20receipt.JPG"/></a></div>
<br>
<br>
According to a DoJ filing from August 31, these boxes contained over a hundred classified records spread over 11 boxes. In the receipt they are seperately listed and marked with an additional A, for example: "13 - Box labeled A-18" which contained "13A - Miscellaneous Top Secret Documents", etc.<br>
<a name="highly"></a>
<br>
<br>
<b>Highly classified documents</b><br>
<br>
The most sensitive kind of documents, classified as <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html#sci">Sensitive Compartmented Information</a> (SCI), were only found in item #2, a "Leatherbound box of documents". These appeared so sensitive that "even the FBI counterintelligence personnel and DOJ attorneys conducting the review <a href="https://drive.google.com/file/d/1nxJHlu3jqN5njXLM8J8QTrzRsiE4M_p1/view" target="_blank" title="See pdf-page 13">required</a> additional clearances before they were permitted to review them."<br>
<br>
On August 30, a <a href="https://storage.courtlistener.com/recap/gov.uscourts.flsd.618763/gov.uscourts.flsd.618763.48.1_2.pdf" target="_blank">filing</a> by the Justice Department included an unprecedented photograph which shows the classified documents from the leatherbound box from Trump's office:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgS9iojLD9maw7PnQ0ZeftD88fnQSye0IYMyqT4IcuHFmBlisAwOfKmE5dGcYR2Gi3hQweYQTHVkPoD6Vtu6wRaSMCombbyrHXWL2Ycbg3cilvlpkGq-Z7851ubxAomXXZsgVslcrfvRXfsUJtESXiKnDaon-bMtjLamVY7-2AOec5XS_CxLC3klPLT/s1200/mar-a-lago%20ts-sci%20docs%20medium.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="801" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgS9iojLD9maw7PnQ0ZeftD88fnQSye0IYMyqT4IcuHFmBlisAwOfKmE5dGcYR2Gi3hQweYQTHVkPoD6Vtu6wRaSMCombbyrHXWL2Ycbg3cilvlpkGq-Z7851ubxAomXXZsgVslcrfvRXfsUJtESXiKnDaon-bMtjLamVY7-2AOec5XS_CxLC3klPLT/s1200/mar-a-lago%20ts-sci%20docs%20medium.jpg"/></a></div>
<div align="center">
<font size="2">
Classified documents marked as item #2A spread on the floor of Trumps office in Mar-a-Lago<br>
<font color="gray">(Photo via the US District Court for the Southern District of Florida - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
This photo was taken by the FBI in order to document the evidence they found, which explains the ruler and a marker that says that this is item #2A. To counter the impression that he had them lying on the floor like this, Trump <a href="https://twitter.com/AndrewFeinberg/status/1565086491847573504" target="_blank">said</a> that it had been FBI agents who "took [these documents] out of cartons and spread them around on the carpet".<br>
<br>
The documents were spread on a carpet with a classic flower motif, with on the right side a cardboard box with five picture frames, one of which shows a Time magazine cover from March 4, 2019, showing all the Democratic candidates who hoped to challenge Trump in the 2020 election.<br>
<br>
On the left there's a small part of fringed dark-blue fabric, probably a curtain, and a white scalloped cabinet, which was <a href="https://twitter.com/RichardCheese/status/1564839255918096384" target="_blank">identified</a> as a $3679.- <a href="https://www.goodshomefurnishings.com/sligh-birkdale-file-chest/310-450-43/iteminformation.aspx" target="_blank">Birkdale File Chest</a> - most likely from the time that this room was part of Mar-a-Lago's bridal suite.<br>
<br>
<a name="cover"></a>
<a name="coversheets"></a>
<br>
<br>
<font size="+2"><b>Cover sheets</b></font><br>
<br>
Most eye-catching are the colorful cover sheets for classified information. In the photo we can recognize four types, three of which were never seen before. Already known and publicly <a href="https://sgp.fas.org/othergov/sf704.pdf" target="_blank">available</a> are the standard cover sheets (SF704) with the broad borders in red, which are used to protect documents classified as Secret.<br>
<br>
<br>
<b>Secret/SCI</b><br>
<br>
In the front of the photo there's a cover sheet which looks brownish but may also be red (or <a href="https://thedebrief.org/its-classified-a-deep-dive-into-the-dark-world-of-keeping-secrets/" target="_blank">orange</a>) with the text "SECRET//SCI - Contains Sensitive Compartmented Information up to HCS-P/SI/TK". Unlike the common cover sheets for Secret documents, this one was never seen before. It's also more rare, because usually information from an SCI compartment is classified Top Secret. <br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDjujHjlmauQChI8FU_cqFymmBLNPOGauw0wFS2JcCPum4KIwKqGr59DE6ixy_RoJDLFjWfJwvVmS67raO-5UzW5Ns-CiP8zZiIActrTjvEe_OYCXAbTaoxsRBQ-IIUS_8xIRGdOxoOWvYvXgykW1Vcm2di-lXLnim5ZyOQwuJC0rai5vbACTUA7gC/s679/mar-a-lago%20secret-sci.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="400" data-original-height="678" data-original-width="679" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDjujHjlmauQChI8FU_cqFymmBLNPOGauw0wFS2JcCPum4KIwKqGr59DE6ixy_RoJDLFjWfJwvVmS67raO-5UzW5Ns-CiP8zZiIActrTjvEe_OYCXAbTaoxsRBQ-IIUS_8xIRGdOxoOWvYvXgykW1Vcm2di-lXLnim5ZyOQwuJC0rai5vbACTUA7gC/s400/mar-a-lago%20secret-sci.JPG"/></a></div>
<div align="center">
<font size="2">
The cover sheet for a document classified as Secret/SCI<br>
<font color="gray">(click to enlarge)</font><br>
</font>
</div>
<br>
<br>
SCI is sometimes called "above Top Secret" but officially that's not correct: SCI encompasses compartments of information that provide additional protection <i>within</i> the level Top Secret. In the same way these compartments can exist within the level Secret and actually a particular SCI compartment may <a href="https://www.dcsecurityclearanceconsultants.com/sensitive-compartmented-information.php" target="_blank">contain</a> information at any classification level:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnFWRsgkmuq6l4mu3QwSQsX-0of5oEjTGZzG7mYUtrfgW-wby1EcTggtoqoR3dgEu2aSc233Wl_4jmT17ntq43s8vVETORo7HAkD-ftL_ApUajXZT98NOjbSNFUHwqcTq0kqRMai6WCIp5SbzXHckZm7O17Bi3F0gTimjPflUnqIFLXjYV676CdsPj/s554/classification%20SCI.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="400" data-original-height="205" data-original-width="554" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnFWRsgkmuq6l4mu3QwSQsX-0of5oEjTGZzG7mYUtrfgW-wby1EcTggtoqoR3dgEu2aSc233Wl_4jmT17ntq43s8vVETORo7HAkD-ftL_ApUajXZT98NOjbSNFUHwqcTq0kqRMai6WCIp5SbzXHckZm7O17Bi3F0gTimjPflUnqIFLXjYV676CdsPj/s554/classification%20SCI.jpg"/></a></div>
<br>
<br>
<b>Top Secret/SCI</b><br>
<br>
In the FBI photo we also see five cover sheets for documents classified as Top Secret/SCI. While the standard cover sheet for Top Secret information (SF703) is also publicly <a href="https://sgp.fas.org/othergov/sf703.pdf" target="_blank">available</a>, this one was never seen before. It has a broad border in yellow, which is the color code for Sensitive Compartmented Information (SCI), and text in orange, which may refer to the color code for Top Secret:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjC0iCJasLTuIX6lwawtIw0e3aTHvXghDlcgZbFcp8oRPXkbPlC19cSagEme_0n__rPkdUV7Cvpskc7A0I2t2-FBJWk1_Fbt9zxrN2Bc6zQQg7DltW4PMbxf46wUFwLDKkixW6qZC7HHTfSW6Wli9_XCZcxGRKfPwJjhiWBeHoTF3JnDztEWXyb8HVa/s1000/mar-a-lago%20ts-sci%20cover%20sheets.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="640" data-original-width="1000" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjC0iCJasLTuIX6lwawtIw0e3aTHvXghDlcgZbFcp8oRPXkbPlC19cSagEme_0n__rPkdUV7Cvpskc7A0I2t2-FBJWk1_Fbt9zxrN2Bc6zQQg7DltW4PMbxf46wUFwLDKkixW6qZC7HHTfSW6Wli9_XCZcxGRKfPwJjhiWBeHoTF3JnDztEWXyb8HVa/s400/mar-a-lago%20ts-sci%20cover%20sheets.JPG"/></a></div>
<div align="center">
<font size="2">
Cover sheets for documents classified as Top Secret/SCI<br>
<font color="gray">(click to enlarge)</font><br>
</font>
</div>
<a name="whitehouse"></a>
<br>
<br>
<b>A White House cover sheet</b><br>
<br>
Finally, there's a fourth cover sheet, which is only partially visible because it's folded back, probably to show the classification marking on the document. On the cover sheet we can only read some fragments, like "THIS", "PLEASE STORE IN" (a <a href="https://www.klsecurity.com/products/safes/gsa-approved-safes/class-6-security-containers.html" target="_blank">GSA Approved Security Container</a> which is depicted right above these words) and "UNAU[THORIZED]".<br>
<br>
In the upper right corner it has a seal which can be identified as that of the <a href="https://en.wikipedia.org/wiki/Executive_Office_of_the_President_of_the_United_States" target="_blank">Executive Office of the President of the United States</a> (EOP), which includes a range of offices and bodies like the National Security Council (NSC), the White House Military Office (WHMO) and the staff of the West Wing.<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQ47sTCivV8r4Ii-qMdf7Ny76-LNbjhBYULLzWqeEskSQyXvu71lHaPItMDMy3vq4-0TFBidrOMNmJjh4FsqQFe38vhhrNHNDHa3MWqmFSjWVcRlvNgB8ng0EY0XrcqKS4TSa7hTDcH_6ADUibB6v2jyRNoMTGf_ihRv8ExgccaXuRR5oI5E6MNyOf/s613/mar-a-lago%20white%20house%20cover%20sheet.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="400" data-original-height="613" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQ47sTCivV8r4Ii-qMdf7Ny76-LNbjhBYULLzWqeEskSQyXvu71lHaPItMDMy3vq4-0TFBidrOMNmJjh4FsqQFe38vhhrNHNDHa3MWqmFSjWVcRlvNgB8ng0EY0XrcqKS4TSa7hTDcH_6ADUibB6v2jyRNoMTGf_ihRv8ExgccaXuRR5oI5E6MNyOf/s613/mar-a-lago%20white%20house%20cover%20sheet.JPG"/></a></div>
<div align="center">
<font size="2">
The custom White House cover sheet<br>
<font color="gray">(click to enlarge)</font><br>
</font>
</div>
<br>
<br>
This document is classified Top Secret, but interestingly, the rest of the classification line has been redacted by the FBI. Usually that happens when a particular program or compartment has not been declassified. Given that it has a custom White House cover sheet, the document may be about a sensitive plan or program from the president or the NSC.<br>
<a name="compartments"></a>
<br>
<br>
<b>SCI compartments</b><br>
<br>
The various cover sheets not only hide the content of the particular documents, but also their mandatory classification line at the top and the bottom of the document. Therefore we don't know which kind of intelligence they contain and how sensitive they actually are.<br>
<br>
The cover sheets for Secret/SCI and Top Secret/SCI both have the warning "Contains Sensitive Compartmented Information up to HCS-P/SI/TK", which
means the documents may contain information from one, two or even all three of the following SCI control systems:<br>
<br>
- HCS-P = Humint Control System - Product (intelligence from human sources)<br>
- SI = Special Intelligence (intelligence from intercepted communications)<br>
- TK = TALENT KEYHOLE (intelligence from satellite collection platforms)<br>
<br>
The documents found at Mar-a-Lago at least don't contain the most sensitive human intelligence information, which is protected by the HCS-O(perations) compartment.<br>
<br>
It's not clear whether these cover sheets are also used for documents with information from compartments or sub-compartments of these control systems, i.e. even more sensitive and closely guarded secrets.<br>
<br>
<div class="blockquote">
<b>Update:</b><br>
On October 21, 2022, The Washington Post <a href="https://www.washingtonpost.com/national-security/2022/10/21/trump-documents-mar-a-lago-iran-china/" target="_blank">reported</a> that among the most sensitive documents seized by the FBI describes Iran's missile program. Others describe highly sensitive intelligence work aimed at China, according to anonymous sources, who also said that many of the more sensitive documents are "top-level analysis papers that do not contain sources' names. But even without individual identifiers, such documents can provide valuable clues to foreign adversaries about how the United States may be gathering intelligence, and from whom."<br>
</div>
<a name="dissemination"></a>
<br>
<br>
<b>Dissemination markings</b><br>
<br>
Besides the documents with a cover sheet, the FBI photo shows 12 classified documents without such a colorful protection and therefore they redacted all the content. One document (between the yellow Top Secret/SCI cover sheets) is fully redacted, on the others we see the following classification markings:<br>
<br>
- SECRET//ORCON-USGOV/NOFORN and LIMITED ACCESS (2 documents)<br>
- SECRET//ORCON-USGOV/NOFORN (6 documents)<br>
- SECRET with additional markings redacted (1 document)<br>
- SECRET NOFORN (1 document)<br>
- SECRET and something illegible (1 document)<br>
- CONFIDENTIAL and LIMITED ACCESS (1 document)<br>
<br>
Distinctive here are the so-called <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html#dissemination">dissemination markings</a>, which are added to the classification level to restrict the dissemination of information among only those people who have the appropriate clearance level and the need to know the information. The dissemination markings seen here are:<br>
<br>
- <b>ORCON</b>, which means the originator of the information controls to whom it is released. It allows originators to maintain knowledge, supervision, and control of the distribution of the information beyond its original dissemination. Further dissemination of this information requires advance permission from the originator.<br>
<br>
- <b>ORCON-USGOV</b>, which means the information "has been pre-approved for further dissemination without originator approval to the US Government's Executive Branch Departments and Agencies." It's not allowed to use this marking with information classified as SI-G or HCS-O. <br>
<br>
- <b>NOFORN</b>, which means the information may not be disclosed or released to foreign nationals, foreign governments, or international organizations of governments without permission by the originator. <br>
<br>
- <b>LIMITED ACCESS</b> seems not a registred dissemination marking as it's not part of the classification line and is also not listed in the 2016 manual for the <a href="https://www.muckrock.com/foi/united-states-of-america-10/capco-register-and-manual-83950/#file-955416" target="_blank">Intelligence Community Markings System</a> nor in the list of <a href="https://www.dodcui.mil/Portals/109/Documents/Desktop%20Aid%20Docs/CUI%20LDC%20Training%20Aid_DEC%2021.pdf" target="_blank">CUI dissemination markings</a> from 2021, which suggests that it's an internal White House marking.<br>
<br>
This brings to mind US Director of National Intelligence Dan Coats who in February 2018 <a href="https://www.bbc.com/news/world-us-canada-43050030" target="_blank">warned</a> that presidential aides with interim security clearances should only have limited access to classified information. Not much later a <a href="https://murphy.house.gov/news/documentsingle.aspx?DocumentID=633" target="_blank">bill</a> to the same effect was introduced, but didn't pass the House of Representatives.<br>
<br>
Shortly before it had come out that Trump's former staff secretary Rob Porter and his son-in-law Jared Kushner were working under an interim security clearance and more than 30 of Trump's aides had their clearance <a href="https://www.bloomberg.com/news/articles/2018-02-28/more-than-30-white-house-aides-said-to-lose-top-secret-clearance" target="_blank">downgraded</a> from Top Secret to Secret.<br>
<br>
<br>
In total, the FBI photo of item #2A shows 22 classified documents: 1 Confidential, 14 Secret and 7 Top Secret.<br>
<br>
<a name="detailed"></a>
<br>
<br>
<font size="+2"><b>The detailed property inventory</b></font><br>
<br>
As if the photo of the classified documents wasn't enough, the court also unsealed the <a href="https://s3.documentcloud.org/documents/22274264/read-full-list-of-documents-seized-from-mar-a-lago.pdf" target="_blank">Detailed Property Inventory</a>, which happened on September 2, 2022. This inventory lists in more detail all the things the FBI seized at Mar-a-Lago:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKVG1Htj1yHZS9LROjd2y0pLU0hYJJQp7Mm6yuiDiJmm0nkm5VPDBJ20WUJXlZnbFqY04s-9MUCMfVq0cnJFsPlkzo-eYKMTiGVRiqO0YBOzjAuL8bm7Dqr1ENNZbTtE_WXTXIMwnCu0RB8gzJprIm-OMS763H03LhFIjogub5PBQUwpgmybsl1FOq/s863/mar-a-lago%20detailed%20inventory.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="642" data-original-width="863" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKVG1Htj1yHZS9LROjd2y0pLU0hYJJQp7Mm6yuiDiJmm0nkm5VPDBJ20WUJXlZnbFqY04s-9MUCMfVq0cnJFsPlkzo-eYKMTiGVRiqO0YBOzjAuL8bm7Dqr1ENNZbTtE_WXTXIMwnCu0RB8gzJprIm-OMS763H03LhFIjogub5PBQUwpgmybsl1FOq/s863/mar-a-lago%20detailed%20inventory.JPG"/></a></div>
<br>
<a name="total"></a>
<br>
<b>Total number of classified documents</b><br>
<br>
In this inventory we see the other documents which the FBI found in the leatherbound box (item #2), showing that it actually contained 1 Confidential and 1 Secret document more than seen in the photo, maybe because some were stacked together. In total, the leatherbound box contained 24 classified documents:<br>
<br>
<div class="blockquote">
7 <b>Top Secret</b>, of which:<br>
<blockquote>
5 with <b>Top Secret/SCI</b> cover sheet<br>
1 with <b>EOP/White House</b> cover sheet<br>
</blockquote>
15 <b>Secret</b>, of which:<br>
<blockquote>
1 with <b>Secret/SCI</b> cover sheet<br>
</blockquote>
2 <b>Confidential</b><br>
</div>
<br>
Overall, the FBI seized 103 classified documents: 31 Confidential, 54 Secret and 18 Top Secret, dispersed in 13 boxes from the storage room as well as in the leatherbound box from Trump's office, where one separate classified document (item #1) was found as well.<br>
<a name="empty"></a>
<br>
<br>
<b>Empty folders</b><br>
<br>
According to the detailed inventory, item #2 also included 43 "Empty Folders with "CLASSIFIED" Bannners" as well as 28 empty folders labeled "Return to Staff Secretary/Military Aide". These kind of folders are used in the White House to bundle (and cover) the actual classified documents for the president. From Obama's presidency there are several photos of such folders: <br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcEDsq6XYpSOIiEytPS3WMpabVwjv5OOCW2CBgWLyi1pM4LMWSKMLszGMmCXLqh_PWAtpRd0AqEcURnEoCUADnZNqtoFUOdeVwW4h8k5u55JPUzltWUegQBJ0xWHHg7OA5ivhyG30BMMeJoiJfxrCPvdyE4YVwwrvChh6_ld30v4DxDWNyeI69YaOp/s1200/classified%20folder%20for%20obama%20june%202009.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="800" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcEDsq6XYpSOIiEytPS3WMpabVwjv5OOCW2CBgWLyi1pM4LMWSKMLszGMmCXLqh_PWAtpRd0AqEcURnEoCUADnZNqtoFUOdeVwW4h8k5u55JPUzltWUegQBJ0xWHHg7OA5ivhyG30BMMeJoiJfxrCPvdyE4YVwwrvChh6_ld30v4DxDWNyeI69YaOp/s1200/classified%20folder%20for%20obama%20june%202009.jpg"/></a></div>
<div align="center">
<font size="2">
A folder holding classified information on president Obama's desk, June 2009<br>
<font color="gray">(White House photo - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
There even <a href="https://twitter.com/WMRDC/status/1566046885856612353" target="_blank">appeared</a> a photo on Twitter of such an empty folder which is on display among other memorabilia from Trump's presidency in the <a href="https://www.trumptowerny.com/midtown-bar-and-lounge-nyc" target="_blank">45 Wine & Whiskey</a> bar on the lobby floor of <a href="https://en.wikipedia.org/wiki/Trump_Tower" target="_blank">Trump Tower</a> in Manhattan:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaMit-ObAtnYNYc7SFzVBA4d5UPaMwkro097ACe2pOOKfr8esw1ENKv9OOmHDhYLd-Vk2YqiTbxh9eK-aaKHMZEI99l3lfZQGbEvT7_xdJYy6JPbr_L1ONL4emFdBdpJ0XqL6gBImbj12RVwpWX3NuKtPpA2lKeMnccP4SnbxAJshhsY4g5HNhpcWZ/s302/trump%20tower%20bar%20folder.jpg" style="display: block; text-align: center; "><img alt="" border="0" height="300" data-original-height="302" data-original-width="231" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaMit-ObAtnYNYc7SFzVBA4d5UPaMwkro097ACe2pOOKfr8esw1ENKv9OOmHDhYLd-Vk2YqiTbxh9eK-aaKHMZEI99l3lfZQGbEvT7_xdJYy6JPbr_L1ONL4emFdBdpJ0XqL6gBImbj12RVwpWX3NuKtPpA2lKeMnccP4SnbxAJshhsY4g5HNhpcWZ/s320/trump%20tower%20bar%20folder.jpg"/></a></div>
<br>
<br>
In total, the detailed inventory lists 48 of these empty folders, so it's possible that they originally contained the 103 classified documents which the FBI found "unfoldered" and scattered among the various boxes. Interesting though, is that 43 of those empty folders were in the box with the (much smaller number of) classified documents in Trump's office.<br>
<br>
At the White House such folders and their content had to be returned to the <a href="https://en.wikipedia.org/wiki/White_House_Office_of_the_Staff_Secretary" target="_blank">staff secretary</a>, just like how the empty folders for unclassified documents were labeled. However, this didn't bother Trump, who had the habit of simply <a href="https://www.nytimes.com/2022/08/18/us/politics/trump-fbi-classified-documents.html" target="_blank">ripping up</a>(!) any papers he was no longer interested in or had finished reviewing.<br>
<br>
He did so with papers <a href="https://www.nytimes.com/2022/08/18/us/politics/trump-fbi-classified-documents.html" target="_blank">ranging</a> "from routine documents to classified material, and leaving the pieces strewn around the floor or in a trash can. Officials would have to rummage through the shreds and tape them back together to recreate the documents in order to store them as required under the Presidential Records Act."<br>
<br>
<div class="blockquote">
<b>Update:</b><br>
On September 26, 2022, the Justice Department filed a slightly <a href="https://pacer-documents.s3.amazonaws.com/42/618763/051125111467.pdf" target="_blank">revised version</a> of the Detailed Property Inventory. It <a href="https://twitter.com/charlie_savage/status/1574517971577364512" target="_blank">shows</a> small differences in the number of press clippings and unclassified government documents and that in box 33 there were only 2 empty "Return to Staff Secretary" folders and no empty folders for classified documents, so in total there are just 46 instead of 48 empty classified folders.<br>
</div>
<br>
<a name="trump"></a>
<a name="boxes"></a>
<br>
<br>
<font size="+2"><b>Trump's boxes</b></font><br>
<br>
According to the <a href="https://s3.documentcloud.org/documents/22274264/read-full-list-of-documents-seized-from-mar-a-lago.pdf" target="_blank">Detailed Property Inventory</a>, the FBI also found a huge number of "US Government Documents/Photographs without Classification Markings" - over 1400 in Trump's office and over 9700(!) in the various boxes from the storage room. <br>
<br>
In a dispute about possibly privileged documents, Trump's lawyer claimed that the over 11,000 unclassified documents <a href="https://www.emptywheel.net/2022/09/29/the-claimed-200000-pages-trump-stole-include-press-clippings/" target="_blank">amount</a> to some 200,000 pages, but later a special master <a href="https://eu.usatoday.com/story/news/politics/2022/10/18/special-master-trump-mar-lago-documents/10533239002/" target="_blank">said</a> they only contain 21,792 pages, which is an average of less than 2 pages per document.<br>
<br>
Also interesting is that most of the 26 boxes from the storage room contain a mix of:<br>
<br>
- Magazines, newspapers, press articles, other printed media (1,673 in total)<br>
- Classified US government documents (103 in total)<br>
- Unclassified US government documents/photographs (11,179 in total)<br>
- Miscellanea (clothing, books, gifts and empty folders)<br>
<a name="working"></a>
<br>
<br>
<b>Trump's way of working</b><br>
<br>
This more or less similar composition can be explained by Trump's routine at the White House, where he used to work in the small <a href="http://www.whitehousemuseum.org/west-wing/presidents-dining-room.htm" target="_blank">dining room</a> near the Oval Office. On the dining table he made piles of paper, which included everything from news articles to highly classified government documents. These were <a href="https://www.emptywheel.net/2022/09/03/the-fbi-seized-no-boxes-with-press-clippings-that-postdate-november-2020/" target="_blank">stacked</a> into cardboard boxes, while "staffers kept swapping out the boxes as they filled up."<br>
<br>
Trump also had material <a href="https://www.nytimes.com/2022/08/18/us/politics/trump-fbi-classified-documents.html" target="_blank">sent</a> "up to the <a href="http://www.whitehousemuseum.org/residence.htm" target="_blank">White House Residence</a>, and it was not always clear what happened to it. He sometimes asked to keep material after his intelligence briefings, but aides said he was so uninterested in the paperwork during the briefings themselves that they never understood what he wanted it for." <br>
<br>
The boxes followed him wherever he went as they <a href="https://edition.cnn.com/2022/02/07/politics/trump-rip-documents-white-house-national-archives/index.html" target="_blank">contained</a> "all the save-for-later items that Trump would spend long flights going through: articles that he wanted to scribble Sharpie messages on before mailing them off to close friends; gossipy stories about West Wing drama that he would hate-read as he sought to identify leakers; and, occasionally, important memos on any number of policy topics or budding crises."<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4HbLSNJMQlxJUdCBTTD9aVOiAckRdL1vyMtIIY_QzqmAx9aBtBIprOXbGL-XOdWai2NgiRbBJbuHWBiqKp7y7hvGz7BL7lNtQXaol7STtmovp7CwDq0qLyy6Zgfuyis3UydAMcCuyWDo/s1600/ovaloffice-trump-turnbull-20170128.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4HbLSNJMQlxJUdCBTTD9aVOiAckRdL1vyMtIIY_QzqmAx9aBtBIprOXbGL-XOdWai2NgiRbBJbuHWBiqKp7y7hvGz7BL7lNtQXaol7STtmovp7CwDq0qLyy6Zgfuyis3UydAMcCuyWDo/s1600/ovaloffice-trump-turnbull-20170128.jpg" width="550" /></a><br>
<font size="2">
Disorderly piles of paper on president's Trump desk in the Oval Office, January 28, 2017<br>
<font color="gray">(photo: Drew Angerer/Getty - click to enlarge)</font>
</font>
</div>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2017/02/trumps-beautiful-oval-office-phones-and.html">Trump's "beautiful" Oval Office phones and what was changed on them</a><br>
</div>
<a name="florida"></a>
<br>
<br>
<b>The boxes that went to Florida</b><br>
<br>
The papers that Trump had accumulated in his last several months in office had been <a href="https://www.nytimes.com/2022/08/20/us/politics/trump-fbi-search.html" target="_blank">dropped</a> into roughly two dozen boxes, which <a href="https://edition.cnn.com/2022/02/07/politics/trump-rip-documents-white-house-national-archives/index.html" target="_blank">had</a> apparently been in the White House Residence and thus were packed up with Trump's personal belongings.<br>
<br>
As such, they not only contained some highly classified documents, but also several personal mementos, <a href="https://www.theguardian.com/us-news/2022/feb/07/trump-papers-kim-love-letters-national-archives-mar-a-lago" target="_blank">including</a> the "love letters" from the North Korean dictator Kim Jong-un and the letter which former president Obama left on his last day in office.<br>
<br>
Although the White House Counsel's Office had told Trump's chief of staff Mark Meadows that these boxes in the Residence needed to be turned over to the National Archives, they were actually shipped to Mar-a-Lago.<br>
<br>
Eventually, at least 42 boxes arrived in Florida. 15 of them were retrieved by the National Archives on January 18, 2022, 38 classified documents were handed over to the FBI on June 3, while the rest was seized during the search on August 8.<br>
<br>
However, as emptywheel <a href="https://www.emptywheel.net/2022/09/03/the-fbi-seized-no-boxes-with-press-clippings-that-postdate-november-2020/" target="_blank">noticed</a>, the press clippings date back to 1995, but there are none that postdate November 2020, which may indicate that the FBI still has not all the documents that Trump took with him.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrhC9yiLcuXHzpawFyovTBiBMrDaOXsN1gMbUaEfnSXtlHYyR50P6xs5PldZieFtStshFeDr0_lh9Aduzu0Hk8YDi5pATz6_wGEEg8ZEZTx20BlbG_aqwBG4zJHvap7z78jWB0Upb2TieBxJz2W6-Ew1_LnaLjj7V_p2hVwBHB-JAfj4pAgficHcdx/s801/mar-a-lago%20indictment1.png" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="450" data-original-height="801" data-original-width="713" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrhC9yiLcuXHzpawFyovTBiBMrDaOXsN1gMbUaEfnSXtlHYyR50P6xs5PldZieFtStshFeDr0_lh9Aduzu0Hk8YDi5pATz6_wGEEg8ZEZTx20BlbG_aqwBG4zJHvap7z78jWB0Upb2TieBxJz2W6-Ew1_LnaLjj7V_p2hVwBHB-JAfj4pAgficHcdx/s600/mar-a-lago%20indictment1.png"/></a></div>
<div align="center">
<font size="2">
One of Trump's boxes accidentally turned over, December 7, 2021<br>
<font color="gray">(photo from the indictment - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<div class="blockquote">
<b>Update:</b><br>
On December 7, 2022, it was <a href="https://edition.cnn.com/2022/12/07/politics/trump-lawyers-properties-search/index.html" target="_blank">reported</a> that a team hired by Trump’s lawyers found two additional classified documents in a storage unit where the General Services Administration had shipped Trump's belongings after he left the White House (likely the one in West Palm Beach, Florida). The documents were handed over to the FBI. Besides the storage unit, the team searched Trump Tower in New York, the Bedminster golf club and an office location in Florida.<br>
</div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOScFfcCd4GS6jc5ZJcMS4jsMBaeMJpovnpkIJT01zggxxRJW7WwXhOL06V6xg-VcwI9RDkKP4ETBJAfd3xObhYn35dRkazlGO6OTQ-Led6lQcFSZaGwq7LjJuTkiYIebFAGaBsrNbGnRzMsCUadUMbFoAarWSVXtyCWX8Y-mpR2sDFbkgnNo83mBu/s943/mar-a-lago%20docs%20overview.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="342" data-original-width="961" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOScFfcCd4GS6jc5ZJcMS4jsMBaeMJpovnpkIJT01zggxxRJW7WwXhOL06V6xg-VcwI9RDkKP4ETBJAfd3xObhYn35dRkazlGO6OTQ-Led6lQcFSZaGwq7LjJuTkiYIebFAGaBsrNbGnRzMsCUadUMbFoAarWSVXtyCWX8Y-mpR2sDFbkgnNo83mBu/s943/mar-a-lago%20docs%20overview.JPG"/></a></div>
<div align="center">
<font size="2">
Overview of the boxes and classified documents found at Trump's properties<br>
<font color="gray">(click to enlarge)</font><br>
</font>
</div>
<br>
<a name="indictment"></a>
<br>
<br>
<font size="+2"><b>Update: The indictment</b></font><br>
<br>
On June 9, 2023, the US Justice Department filed an <a href="https://storage.courtlistener.com/recap/gov.uscourts.flsd.648653/gov.uscourts.flsd.648653.3.0.pdf" target="_blank">indictment</a> against former president Trump, <a href="https://www.nytimes.com/2023/06/09/us/politics/trump-indictment-charges-documents-justice-department.html" target="_blank">accusing</a> him of mishandling classified documents he kept upon leaving office and then obstructing the government’s efforts to reclaim them.<br>
<br>
The indictment provides detailed information about how Trump's boxes were handled and where exactly they had been stored, including several <a href="https://twitter.com/a_sends/status/1667282689886388228" target="_blank">photos</a> of those rooms. Trump is specifically charged with the possession of 31 documents, which the indictment lists with additional details.<br>
<br>
A reasonable guess about the contents of some of those documents is <a href="https://www.pwnallthethings.com/p/donald-trump-indictment-whats-in" target="_blank">provided</a> by PwnAllTheThings, while emptywheel <a href="https://www.emptywheel.net/2023/06/12/31-flavors-of-stolen-classified-documents/" target="_blank">considers</a> that the reason for so many highly classified documents being included in the indictment is because they may have been compromised already. <br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiS_mb91cNPyYXvuUp6voFcCCqTs-1N3VKOFnwliRpWi6i0IFUOYxMi3bRILiCHX0uCrUZSkK7ta66X0PbSXE1NXOw33xz3iCVRU8BK8RPtC-wzrr5LmaxqYcHHbhfXjG0TpSUC6FbybClnjojqF-DUcf1Gl3YIOAGqZdcIJRxwd6dvyoeBCJMYQ4E1/s1116/mar-a-lago%20indictment2.png" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="980" data-original-width="1116" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiS_mb91cNPyYXvuUp6voFcCCqTs-1N3VKOFnwliRpWi6i0IFUOYxMi3bRILiCHX0uCrUZSkK7ta66X0PbSXE1NXOw33xz3iCVRU8BK8RPtC-wzrr5LmaxqYcHHbhfXjG0TpSUC6FbybClnjojqF-DUcf1Gl3YIOAGqZdcIJRxwd6dvyoeBCJMYQ4E1/s600/mar-a-lago%20indictment2.png"/></a></div>
<div align="center">
<font size="2">
Boxes stored in a bathroom of the Lake Room at Mar-a-Lago<br>
<font color="gray">(photo from the indictment - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
Of the 31 classified documents listed in the indictment:<br>
<br>
<b>- 10 documents had been returned to the FBI on June 3, 2022:</b><br>
<br>
<div class="blockquote">
- 1 TS // [redacted] / SI / TK // ORCON / NOFORN<br>
- 2 TS // [redacted] // ORCON / NOFORN / FISA<br>
- 1 TS // [redacted] // RSEN / ORCON / NOFORN<br>
- 2 TS // HCS-P / SI // ORCON-USGOV / NOFORN<br>
- 2 TS // SI / TK // NOFORN<br>
- 2 TS // Special Handling<br>
</div>
<br>
<b> - 21 documents had been seized by the FBI on August 8, 2022:</b><br>
<br>
<div class="blockquote">
- 1 TS // [redacted] / [redacted] // ORCON / NOFORN / FISA<br>
- 1 TS // [redacted] / [redacted] // ORCON / NOFORN<br>
- 1 TS // [redacted] / TK // ORCON / IMCON / NOFORN<br>
- 1 TS // [redacted] // ORCON / NOFORN<br>
- 1 TS // SI / TK // NOFORN<br>
- 1 TS // SI // NOFORN / Special Handling<br>
- 1 TS // SI // NOFORN / FISA<br>
- 1 TS // TK // NOFORN<br>
- 1 TS // NOFORN // Special Handling<br>
- 2 TS // Special Handling<br>
- 3 S // ORCON / NOFORN<br>
- 3 S // NOFORN<br>
- 1 S // FRD<br>
- 2 S // REL to USA, FVEY<br>
- 1 no marking<br>
</div>
<br>
<br>
<b>Redacted compartments</b><br>
<br>
For an explanation of all these classification markings, <a href="#classification">see above</a>. What's interesting is that at least two different codewords have been redacted, which means there are at least two <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html#sci">SCI control systems</a> or <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html#sap">Special Access Programs</a> (SAPs), the existence of which hasn't been declassified, as is the case with SI, TK and HCS-P.<br>
<br>
All the classification lines with the redacted codewords have the Originator Controlled (ORCON) and No Foreign Nationals (NOFORN) dissemination markings, which indicates that the information from these hidden SCI control systems or SAPs is more sensitive than the usual information from the SI and TK control systems.<br>
<br>
From the descriptions in the indictment it becomes clear that all documents with information from these redacted compartments are either about (US) military activities in foreign countries or about the military capabilities of foreign countries, including one document "concerning nuclear capabilities of a foreign country".<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi09V6nneZwTuo-fIgtD1TGPZ7hbk5VoISsQ_mBiatg_aWAF5B2kVlkKc15pOWZEjNejdC_jeoEiUcz8e36dKRWT35z9eke3MEsNqTCjqRpWSE6bnscNZUZgm60EmBSk9h6Ds-JHJnEmWtxTPsLnn5O9iBjce2liG3FePENTOX0xxXL7AYP0eTucdEF/s891/mar-a-lago%20indictment%20list.png" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="501" data-original-width="891" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi09V6nneZwTuo-fIgtD1TGPZ7hbk5VoISsQ_mBiatg_aWAF5B2kVlkKc15pOWZEjNejdC_jeoEiUcz8e36dKRWT35z9eke3MEsNqTCjqRpWSE6bnscNZUZgm60EmBSk9h6Ds-JHJnEmWtxTPsLnn5O9iBjce2liG3FePENTOX0xxXL7AYP0eTucdEF/s600/mar-a-lago%20indictment%20list.png"/></a></div>
<div align="center">
<font size="2">
Some entries of the list of documents in the indictment against Donald Trump<br>
<font color="gray">(click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<b>Formerly Restricted Data</b><br>
<br>
One document listed in the indictment is classified as "Formerly Restricted Data" (FRD), which is a classification category for nuclear secrets under the Atomic Energy Act. FRD is primarily <a href="https://www.directives.doe.gov/terms_definitions/formerly-restricted-data" target="_blank">related</a> to "the military utilization of atomic weapons".<br>
<br>
The term "Formerly" doesn't mean that it has been declassified, but that it has been removed from the category "Restricted Data" (RD). RD <a href="https://www.directives.doe.gov/terms_definitions/restricted-data" target="_blank">contains</a> the more sensitive information about "the design, manufacture, or use of atomic weapons; the production of special nuclear material; and the use of special nuclear material in the production of energy." <br>
<br>
<br>
<b>Special Handling</b><br>
<br>
Also of interest is SPECIAL HANDLING, which isn't an official marking according to the 2016 <a href="https://www.muckrock.com/foi/united-states-of-america-10/capco-register-and-manual-83950/#file-955416" target="_blank">Intelligence Community Markings System</a>. In the indictment, all documents marked with SPECIAL HANDLING are described as "White House intelligence briefing", which may <a href="https://www.usnews.com/news/national-news/articles/2023-06-09/trump-mishandled-some-of-the-most-secretive-intelligence-documents-indictment-says" target="_blank">refer</a> to the <a href="https://en.wikipedia.org/wiki/President%27s_Daily_Brief" target="_blank">President's Daily Brief</a> (PDB), or otherwise a less-important intelligence briefing.<br>
<br>
As far as I know, the SPECIAL HANDLING marking hasn't been seen before, so it's unclear how restrictive it is. Since it's not in the official classification guides, it seems to be an internal White House marking, just like LIMITED ACCESS, which was seen on documents the FBI found in Trump's office during <a href="#search">the search at Mar-a-Lago</a> on August 8, 2022:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhObEWsgGeFz3k9ew5fURiCW2oed602weYFT0fvAM2XMR9NMwErzwdQb83cpxPWXo_Aki7Xuo77slTuqeBFR1Z4LOWnIsHoaC5aqr0IiSiamWH3TnQ3ugqi-_Fbmk5DU7Xu9BcGIy1CjO1lX4gDzO1xFS3I7oidsntM0OTWH52RTiU51JnT1lq_FPPO/s578/mar-a-lago%20limited%20access.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="178" data-original-width="578" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhObEWsgGeFz3k9ew5fURiCW2oed602weYFT0fvAM2XMR9NMwErzwdQb83cpxPWXo_Aki7Xuo77slTuqeBFR1Z4LOWnIsHoaC5aqr0IiSiamWH3TnQ3ugqi-_Fbmk5DU7Xu9BcGIy1CjO1lX4gDzO1xFS3I7oidsntM0OTWH52RTiU51JnT1lq_FPPO/s600/mar-a-lago%20limited%20access.JPG"/></a></div>
<div align="center">
<font size="2">
Document from Trump's office, classified SECRET//ORCON-USGOV/NOFORN<br>
and additionally marked as LIMITED ACCESS<br>
<font color="gray">(click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<b>Usage in court</b><br>
<br>
While the FBI seized and received a total of 143 classified documents (35 of which Top Secret and 54 Secret) from Mar-a-Lago, the Department of Justice (DoJ) charged Trump with the illegal possession of only 31 documents (21 Top Secret and 9 Secret).<br>
<br>
This is probably because the military or intelligence agency that owns the particular information didn't authorize DoJ to use it in a court case, or DoJ decided itself that the risk to sources and methods and/or other damage to national security <a href="https://twitter.com/petestrzok/status/1667276956327444482" target="_blank">outweighed</a> their use and possible disclosure at trial.<br>
<br>
<br>
On June 13, 2023, former president Trump <a href="https://edition.cnn.com/2023/06/13/politics/trump-indictment-federal-court-appearance/index.html" target="_blank">appeared</a> for an arraignment hearing at a federal courthouse in Miami where he pleaded not guilty.<br>
<br>
On July 21, 2023, judge Aileen M. Cannon <a href="https://storage.courtlistener.com/recap/gov.uscourts.flsd.648653/gov.uscourts.flsd.648653.83.0_1.pdf" target="_blank">announced</a> that the trial against Donald Trump for mishandling classified information will start on May 20, 2024 in her courthouse at Fort Pierce in Florida.<br>
<br>
<i>To be continued...</i><br>
<br>
<br>
<br>
<font size="+2"><b>Links and sources</b></font><br>
<font size="2">
<br>
- Court Listener: <a href="https://www.courtlistener.com/docket/67490070/united-states-v-trump/" target="_blank">United States v. Trump</a><br>
- Emptywheel: <a href="https://www.emptywheel.net/portfolio-item/trump-document-theft-resources/" target="_blank">Trump Document Theft Resources</a><br>
- Teri Kanefield: <a href="https://terikanefield.com/timelinestolendocs/" target="_blank">Timeline: Trump's Stolen Documents Case</a><br>
- LegalEagle: <a href="https://www.youtube.com/c/LegalEagle/videos" target="_blank">Videos about the Mar-a-Lago search case</a><br>
- Wikipedia: <a href="https://en.wikipedia.org/wiki/FBI_search_of_Mar-a-Lago" target="_blank">FBI search of Mar-a-Lago</a><br>
<br>
- Emptywheel: <a href="https://www.emptywheel.net/2023/10/10/potus-is-very-emotional-and-in-a-bad-place-donald-trumps-classified-discovery" target="_blank">“POTUS is very emotional and in a bad place.” Donald Trump’s Classified Discovery </a> (Oct. 10, 2023)<br>
- ABC News: <a href="https://abcnews.go.com/US/after-white-house-trump-allegedly-discussed-potentially-sensitive/story?id=103760456" target="_blank">Trump allegedly discussed US nuclear subs with foreign national after leaving White House: Sources</a> (Oct. 6, 2023)<br>
- PwnAllTheThings: <a href="https://www.pwnallthethings.com/p/donald-trump-indictment-whats-in" target="_blank">Donald Trump indictment: what are the classified documents?</a> (June 9, 2023)<br>
- The New York Times: <a href="https://www.nytimes.com/2023/01/30/us/politics/white-house-classified-documents-trump-biden.html" target="_blank">Burn Bags and Tracking Numbers: How the White House Handles Classified Files</a> (Jan. 30, 2023)<br>
- The Washington Post: <a href="https://www.washingtonpost.com/national-security/2022/12/21/trump-doj-garland-mar-a-lago-january-6/" target="_blank">Skepticism before a search: Inside the Trump Mar-a-Lago documents investigation</a> (Dec. 21, 2022)<br>
- The Washington Post: <a href="https://www.washingtonpost.com/national-security/2022/10/21/trump-documents-mar-a-lago-iran-china/" target="_blank">Mar-a-Lago classified papers held U.S. secrets about Iran and China</a> (Oct. 21, 2022)<br>
- New York Intelligencer: <a href="https://nymag.com/intelligencer/2022/10/trump-betrayed-by-his-diet-coke-valet-walt-nauta.html" target="_blank">Trump Was Betrayed by His Diet Coke Valet</a> (Oct. 14, 2022)<br>
- The New York Times: <a href="https://www.nytimes.com/2022/10/06/us/politics/trump-white-house-documents-lawyers.html" target="_blank">Justice Dept. Is Said to Believe Trump Has More Documents</a> (Oct. 6, 2022)<br>
- Business Insider: <a href="https://www.businessinsider.com/log-mar-a-lago-docs-posted-online-court-filing-deleted-2022-10" target="_blank">Court accidentally unsealed, then deleted, documents from the Mar-a-Lago case describing information the FBI seized from Trump</a> (Oct. 6, 2022)<br>
- Bloomberg: <a href="https://www.bloomberg.com/news/articles/2022-10-05/trump-says-feds-packed-top-secret-mar-a-lago-documents-foia-says-they-didn-t" target="_blank">Trump Says US Agency Packed Top-Secret Documents. These Emails Suggest Otherwise.</a> (Oct. 5, 2022)<br>
- The Washington Post: <a href="https://www.washingtonpost.com/national-security/2022/09/06/trump-nuclear-documents/" target="_blank">Material on foreign nation’s nuclear capabilities seized at Trump’s Mar-a-Lago</a> (Sept. 6, 2022)<br>
- The New York Times: <a href="https://www.nytimes.com/2022/09/02/us/politics/trump-fbi-folders-classified.html" target="_blank">F.B.I. Found 48 Empty Folders That Had Contained Classified Documents at Trump’s Home</a> (Sept. 2, 2022)<br>
- Lawfare: <a href="https://www.lawfareblog.com/justice-department-show-force-mar-lago-case" target="_blank">A Justice Department Show of Force in the Mar-a-Lago Case</a> (Aug. 31, 2022)<br>
- The Washington Post: <a href="https://www.washingtonpost.com/politics/2022/08/31/trump-mar-a-lago-fbi-search-classified-documents/" target="_blank">The photo of classified documents at Trump’s Mar-a-Lago resort, annotated</a> (Aug. 31, 2022)<br>
- Politico: <a href="https://www.politico.com/news/2022/08/30/trump-justice-department-filing-warrant-00054319" target="_blank">Trump team likely sought to conceal classified docs at Mar-a-Lago, DOJ tells judge</a> (Aug. 30, 2022)<br>
- Indian Express: <a href="https://indianexpress.com/article/world/donald-trump-presidential-materials-return-fight-8114455/" target="_blank">Inside the 20-month fight to get Trump to return Presidential material</a> (Aug. 28, 2022)<br>
- The New York Times: <a href="https://www.nytimes.com/2022/08/18/us/politics/trump-fbi-classified-documents.html" target="_blank">Another Trump Mystery: Why Did He Resist Returning the Government’s Documents?</a> (Aug. 18, 2022)<br>
- The Guardian: <a href="https://www.theguardian.com/us-news/2022/aug/12/fbi-search-trump-mar-a-lago-home-classified-nuclear-weapons-documents-report" target="_blank">FBI searched Trump’s Mar-a-Lago home for classified nuclear weapons documents</a> (Aug. 12, 2022)<br>
- CNN: <a href="https://edition.cnn.com/2022/02/07/politics/trump-rip-documents-white-house-national-archives/index.html" target="_blank">Former White House officials describe Trump’s habit of ripping up documents and haphazard record-keeping</a> (Febr. 8, 2022)<br>
- US State Department: <a href="https://fam.state.gov/fam/12fam/12fam0530.html" target="_blank">Storing and Safeguarding Classified Material</a> (Febr. 24, 2022)<br>
</font>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com2tag:blogger.com,1999:blog-4559002410879446409.post-21474194820917265832022-03-28T21:32:00.030+02:002023-09-11T03:14:57.991+02:00The phones of Ukrainian president Zelensky<br>
Ever since Russia invaded Ukraine on February 24, Ukrainian president Zelensky bravely leads his country in the fight against the Russian armed forces. As in any war, communications are of vital importance here too.<br>
<br>
Among Zelensky's communication systems are some interesting <a href="#largesmall"><b>telephone sets</b></a>, which he also uses for frequent phone calls to <a href="#foreign"><b>foreign leaders</b></a>, while there are separate secure phones that function as a <a href="#hotline"><b>hotline</b></a> with US president Biden.<br>
<br>
<br>
<div style="display:none">
<img alt="" border="0" width="800" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/a/AVvXsEiEfQNSzR96nifNxgJfcfg0SbgakB-J8ZTHmd_HgejpHysJrGTTUU9BnSlmSiaVM7mbp1yN9CHUpjcFTxmfuo5hir9g_ccuw2p9rjuCO7api-08LeOlK0je9A-qT91RaQxBDlNoSxvWkj2fpQol2CNTyvTYoIqBHuBsdPZoG777EMU1Cig6zodBN8th=s800"/>
</div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjn83b74jTabPZ0AYk0kkk5d8NDO5mfZIdT3X9utC2sonZIKAvMw0UET6cDIP3i3PJV7Ub-PZxVGKdxoIG1LQF3C7B_4rnXOjLz-D3bKUuEKo9PuTTdVWYZXn9fbvErtJXW-G7pll8Ob2ldG2MHBSlJP7uycLFjhEJFuwc1-x6JzWmPNSL6C0xaBxPx/s800/zelensky-phones1.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjn83b74jTabPZ0AYk0kkk5d8NDO5mfZIdT3X9utC2sonZIKAvMw0UET6cDIP3i3PJV7Ub-PZxVGKdxoIG1LQF3C7B_4rnXOjLz-D3bKUuEKo9PuTTdVWYZXn9fbvErtJXW-G7pll8Ob2ldG2MHBSlJP7uycLFjhEJFuwc1-x6JzWmPNSL6C0xaBxPx/s800/zelensky-phones1.jpg"/></a></div>
<div align="center">
<font size="2">
Ukrainian president Zelensky making a phone call<br>
</font>
</div>
<br>
<br>
<a name="office"></a>
<br>
<font size="+2">Office of the President of Ukraine</font><br>
<br>
In 2019, former actor and comedian <a href="https://en.wikipedia.org/wiki/Volodymyr_Zelenskyy" target="_blank">Volodymyr Zelensky</a> became the sixth president of Ukraine since the country's independence in 1991. As president he is supported by the <a href="https://en.wikipedia.org/wiki/Office_of_the_President_of_Ukraine" target="_blank">Office of the President of Ukraine</a>, or Presidential Administration, which is located in a massive office building on Bankova street in the center of the capital Kyiv.<br>
<br>
The ceremonial residence of the Ukrainian president is the baroque <a href="https://en.wikipedia.org/wiki/Mariinskyi_Palace" target="_blank">Mariinskyi Palace</a>, located in the Pechersk district of Kyiv. Other presidential residences include the <a href="https://en.wikipedia.org/wiki/House_with_Chimaeras" target="_blank">House with Chimaeras</a> and the <a href="https://en.wikipedia.org/wiki/House_of_the_Weeping_Widow" target="_blank">House of the Weeping Widow</a>, which are both in Art Nouveau style and are used for official visits by foreign representatives.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4eheE1NKV9CU7msb-WTIJceuRI7p0KweB18JNNai6H-pNDA0-3X2F6oxQJHw7SotwOOCyaWD8SB0a6Tl8kBf0uMAagP9WfPyyBvbXUhBc6dj0QIZ7PIF9ayBjnI1U_wkeyhbyQ0PLi5vsFII-GKaHYHRS8rDINtfVjj5sE6ggi6GzOkOzPzGjEXkT/s900/ukraine-officepresident.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="675" data-original-width="900" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4eheE1NKV9CU7msb-WTIJceuRI7p0KweB18JNNai6H-pNDA0-3X2F6oxQJHw7SotwOOCyaWD8SB0a6Tl8kBf0uMAagP9WfPyyBvbXUhBc6dj0QIZ7PIF9ayBjnI1U_wkeyhbyQ0PLi5vsFII-GKaHYHRS8rDINtfVjj5sE6ggi6GzOkOzPzGjEXkT/s900/ukraine-officepresident.jpg"/></a></div>
<div align="center">
<font size="2">
The building of the Office of the President of Ukraine on Bankova street<br>
<font color="gray">(photo: Håkan Henriksson/Wikimedia Commons - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<b>Two different offices</b><br>
<br>
As president, Zelensky works in the building of the Presidential Administration, where he apparently has two offices, both richely decorated: one with green pilasters and a desk with a desktop and chair in green leather, the other office with wooden paneling and a desktop and chair in brown leather.<br>
<br>
The function of these two offices is probably similar to those of the Russian president in the Kremlin, who has a very large and elaborate office for receiving foreign dignitaries and a somewhat smaller and a bit less ornate one for talks with domestic visitors and government officials.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEj8QNxWCsVaLO4s8qLiXcz7rigGyTRgaFGB5PIXZciJRrLT6VCw6MHp-Y7ueERVpXBMnoMpyPjbUa1fXBqF8wSqJbKuXW2LSj4vuAaPTUE-ly8e3UhtFk5MEuYipfuNzthk6hgolHUjpZIRbuZUrQuHeN3yp62c84TJm3LsqNqBmHsNg3Yd10QGAJNF=s1116" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="607" data-original-width="1116" src="https://blogger.googleusercontent.com/img/a/AVvXsEj8QNxWCsVaLO4s8qLiXcz7rigGyTRgaFGB5PIXZciJRrLT6VCw6MHp-Y7ueERVpXBMnoMpyPjbUa1fXBqF8wSqJbKuXW2LSj4vuAaPTUE-ly8e3UhtFk5MEuYipfuNzthk6hgolHUjpZIRbuZUrQuHeN3yp62c84TJm3LsqNqBmHsNg3Yd10QGAJNF=s1116"/></a></div>
<div align="center">
<font size="2">
Zelensky in his "brown" office at the Presidential Administration building, June 19, 2019.<br>
<font color="gray">(photo: Valentyn Ogirenko/Reuters - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<a name="largesmall"></a>
<a name="soviet"></a>
<br>
<font size="+2">Phones large and small</font><br>
<br>
Another similarity is the telephone system, which in the Kremlin <a href="https://www.businessinsider.com/russian-prime-minister-office-old-school-technology-2014-5?international=true&r=US&IR=T" target="_blank">consists</a> of some old-fashioned white telephone sets without any buttons and somewhat newer models with key pads, as well as a large gray telephone device with numerous direct line buttons to government officials, lawmakers and heads of major companies.<br>
<br>
The old white phones each connect to a separate network with only a select number of subscribers. They are a distinct feature of the Russian bureaucracy, but they can also be seen in the presidential offices of other countries that had been part of the former Soviet Union, like that of former president <a href="https://tengrinews.kz/article/na-knopke-u-prezidenta-rabochee-mesto-nursultana-nazarbaeva-667/" target="_blank">Nursultan Nazarbajev</a> of Kazakhstan.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh33I3h451LOtDMBuxa8QnIHmr5HR4KrhGwMARwqeUnY-3aJrSpIhbJwyO0rDugXUmLHcDEvnJqPbNzxxqNX2AgKe8Rrq77l-S1R4P_Ju6fC-4myBnCtr8ZlT_0RPi1ww4INljv-CjDL64kFyguv245XJe_CatWiHuMu1HnvA2nnISjjNjQ0H96inFK=s900" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="450" data-original-height="606" data-original-width="900" src="https://blogger.googleusercontent.com/img/a/AVvXsEh33I3h451LOtDMBuxa8QnIHmr5HR4KrhGwMARwqeUnY-3aJrSpIhbJwyO0rDugXUmLHcDEvnJqPbNzxxqNX2AgKe8Rrq77l-S1R4P_Ju6fC-4myBnCtr8ZlT_0RPi1ww4INljv-CjDL64kFyguv245XJe_CatWiHuMu1HnvA2nnISjjNjQ0H96inFK=s900"/></a></div>
<div align="center">
<font size="2">
Dmitri Medvedev on his first day as Russian prime minister, May 8, 2012.<br>
<font color="gray">(photo: Russian government - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<b>A huge phone console</b><br>
<br>
The eye-catcher in the office of the Ukrainian president is also an extremely large telephone, which is ivory-colored and has a rather small display, indicating that it may be over 20 years old. <br>
<br>
The left part, next to the handset, has several function keys and direct line buttons, while the dialing pad is in the central black section, in which there's also a gold ornament that could be the trident from the <a href="https://en.wikipedia.org/wiki/Coat_of_arms_of_Ukraine" target="_blank">Ukrainian coat of arms</a>.<br>
<br>
The right part of the phone is filled with 80 direct line buttons, so the president can make a call to almost anyone by pressing just a single button.<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ-YXMOvuNfamXM9E8TmqaQS-8Lq-b6WVY9V-qaUXSxu9QXx403t2QtXMp_kRwD96e5KtVzs_yhiZ77S7F-5ZDP_5brHdIaVoafNc1pu3aJKH-QVTStLB23QJB-SCC0o7APBbsGPeprLNJ8M4fPyM6LiMlZlsEmx5agHXSsDtq8H8eJgjKc9aZFXAO/s429/zelensky-hugephone.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="350" data-original-height="307" data-original-width="429" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ-YXMOvuNfamXM9E8TmqaQS-8Lq-b6WVY9V-qaUXSxu9QXx403t2QtXMp_kRwD96e5KtVzs_yhiZ77S7F-5ZDP_5brHdIaVoafNc1pu3aJKH-QVTStLB23QJB-SCC0o7APBbsGPeprLNJ8M4fPyM6LiMlZlsEmx5agHXSsDtq8H8eJgjKc9aZFXAO/s429/zelensky-hugephone.jpg"/></a></div>
<br>
This phone console is most likely part of the internal telephone network of the Presidential Administration and can be used for <a href="https://www.instagram.com/p/B758GQclvQL/" target="_blank">all</a> regular (non-secure) phone calls.<br>
<br>
But as the phone is probably custom made it may also provide access to secure lines, just like the slightly smaller but still impressive telephone consoles of the US <a href="https://en.wikipedia.org/wiki/Defense_Red_Switch_Network" target="_blank">Defense Red Switch Network</a> (DRSN).<br>
<br>
In Zelensky's more recent video messages from his "green" office the huge white phone seems to have been removed, which is a bit strange as one of its functions is to symbolize the command and control authority of the president (<b>update:</b> meanwhile the white phone has been put back).<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiEfQNSzR96nifNxgJfcfg0SbgakB-J8ZTHmd_HgejpHysJrGTTUU9BnSlmSiaVM7mbp1yN9CHUpjcFTxmfuo5hir9g_ccuw2p9rjuCO7api-08LeOlK0je9A-qT91RaQxBDlNoSxvWkj2fpQol2CNTyvTYoIqBHuBsdPZoG777EMU1Cig6zodBN8th=s800" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="544" data-original-width="800" src="https://blogger.googleusercontent.com/img/a/AVvXsEiEfQNSzR96nifNxgJfcfg0SbgakB-J8ZTHmd_HgejpHysJrGTTUU9BnSlmSiaVM7mbp1yN9CHUpjcFTxmfuo5hir9g_ccuw2p9rjuCO7api-08LeOlK0je9A-qT91RaQxBDlNoSxvWkj2fpQol2CNTyvTYoIqBHuBsdPZoG777EMU1Cig6zodBN8th=s800"/></a></div>
<div align="center">
<font size="2">
President Zelensky in his "green" office with the huge white telephone<br>
<font color="gray">(photo: Valentyn Ogirenko/Reuters - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<b>A phone without buttons</b><br>
<br>
The Ukrainian president also has an old-fashioned telephone set without a key pad, similar to the ones used in the Kremlin. In Ukraine this phone is part of a special network that provides direct lines to a select group of top-level government officials, like the president, the prime minister and the speaker of the <a href="https://en.wikipedia.org/wiki/Verkhovna_Rada" target="_blank">Verkhovna Rada</a>, the Ukrainian parliament. <br>
<br>
In November 2019, the young minister of the Cabinet of Ministers, Dmytro Dubilet, <a href="https://telegraf.com.ua/ukraina/politika/5227269-strana-v-smartfone-kak-chinovniki-pereydut-so-spetssvyazi-na-prilozhenie-v-telefone.html" target="_blank">proposed</a> to abandon this old Soviet phone system, which is managed by the <a href="https://en.wikipedia.org/wiki/State_Special_Communications_Service_of_Ukraine" target="_blank">State Service for Special Communications and Information Protection</a> (SSSCIP), as it costs the state "literally billions of hryvnias" - at that time at least some 40 million US dollar.<br>
<br>
Dubilet proposed that instead of these "ancient" secure landline phones, the leaders of the country should be <a href="https://www.facebook.com/dubilet/posts/10157903866578552" target="_blank">given</a> customized smartphones with a special app that encrypts voice and text communications with <a href="https://en.wikipedia.org/wiki/Post-quantum_cryptography" target="_blank">post-quantum cryptography</a> algorithms. These phones should access the telephone network via secure wifi.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEj34t6_wRc3q6TSP4s2nXqWecPwfD5RR3wgxPI6ZqNWzlppBQRgjX0_1wZxQSWQPPXeD0ov5glL2QGbiGdFrxL-I-0qeU_41TOqHhvyobUU8UKW3GYGrbSOzzNdZncB5j_RcIC0qsC6D5bAUqa00nejk-DuUasMejQHG7aL1Qv4GFmz0iKXR7AXMZPd=s540" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="450" data-original-height="405" data-original-width="540" src="https://blogger.googleusercontent.com/img/a/AVvXsEj34t6_wRc3q6TSP4s2nXqWecPwfD5RR3wgxPI6ZqNWzlppBQRgjX0_1wZxQSWQPPXeD0ov5glL2QGbiGdFrxL-I-0qeU_41TOqHhvyobUU8UKW3GYGrbSOzzNdZncB5j_RcIC0qsC6D5bAUqa00nejk-DuUasMejQHG7aL1Qv4GFmz0iKXR7AXMZPd=s540"/></a></div>
<div align="center">
<font size="2">
A phone of the dedicated network for the president of Ukraine<br>
<font color="gray">(photo: <a href="https://telegraf.com.ua/ukraina/politika/5227269-strana-v-smartfone-kak-chinovniki-pereydut-so-spetssvyazi-na-prilozhenie-v-telefone.html" target="_blank">Telegraf</a> - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
"It is more efficient to do peer-to-peer encryption (preferably without a transit server). We could encrypt data simultaneously with two algorithms (for example, Ukrainian <a href="https://en.wikipedia.org/wiki/Kalyna_%28cipher%29" target="_blank">Kalyna</a> and foreign <a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard" target="_blank">AES</a>), which guarantees confidentiality even if one of the two is compromised" - according to Dubilet, who <a href="https://www.facebook.com/dubilet/posts/10157903866578552" target="_blank">said</a> that the old system could be left behind for military communications.<br>
<br>
Dubilet <a href="https://www.facebook.com/dubilet/posts/10157903866578552" target="_blank">continued</a>: "Why do you need to issue special smartphones and not install an app on ordinary ones? To rule out hardware-level hacking as well as infection through other applications. [...] It's no secret that now top politicians mainly use standard messengers for their communication (including sensitive topics). Such [a secure] application could be an alternative to at least WhatsApp / Telegram."<br>
<br>
It's not clear whether Dubilet's proposal has been realized, but in 2020, the SSSCIP began <a href="https://uk.wikipedia.org/wiki/%D0%94%D0%B5%D1%80%D0%B6%D0%B0%D0%B2%D0%BD%D0%B0_%D1%81%D0%BB%D1%83%D0%B6%D0%B1%D0%B0_%D1%81%D0%BF%D0%B5%D1%86%D1%96%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%B3%D0%BE_%D0%B7%D0%B2%27%D1%8F%D0%B7%D0%BA%D1%83_%D1%82%D0%B0_%D0%B7%D0%B0%D1%85%D0%B8%D1%81%D1%82%D1%83_%D1%96%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D1%96%D1%97_%D0%A3%D0%BA%D1%80%D0%B0%D1%97%D0%BD%D0%B8" target="_blank">modernizing</a> the government's communications system. This included expanding the functionality of the National Telecommunication Network (NTN) to "ensure the integration of existing special communication systems and unification of secure electronic communications of various government agencies in the general security circuit using modern digital technologies."<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqbI58SaKox7fQCzSm6nZHMEYOpW7cMsN_lWmPAOGyLf5pBXHH3wo9mOxWK78Hvh5mWotM1JpqqWVW3jGehjNmjGl79vSgwxVfYjkdXJViUUmGxrX4wxLfQPj3M_VzbhanDQlAlrIwfgv-0z8deOvaqyFi_arme1_uono_FcLeK4RPuDG0sBRVSWAE/s868/ukraine-dsszzi.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="450" data-original-height="867" data-original-width="868" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqbI58SaKox7fQCzSm6nZHMEYOpW7cMsN_lWmPAOGyLf5pBXHH3wo9mOxWK78Hvh5mWotM1JpqqWVW3jGehjNmjGl79vSgwxVfYjkdXJViUUmGxrX4wxLfQPj3M_VzbhanDQlAlrIwfgv-0z8deOvaqyFi_arme1_uono_FcLeK4RPuDG0sBRVSWAE/s868/ukraine-dsszzi.JPG"/></a></div>
<div align="center">
<font size="2">
Oleksandr Potiy from the SSSCIP with at least six phones<br>
for dedicated networks, November 13, 2020<br>
<font color="gray">(photo: <a href="https://www.instagram.com/p/CHioDA5Bgpm/" target="_blank">Instagram</a> - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<b>Videoconferencing systems</b><br>
<br>
Already in 2016, the SSSCIP had <a href="https://telegraf.com.ua/ukraina/politika/2676785-poroshenko-ispyital-zashhishhennuyu-videokonferentssvyaz.html" target="_blank">developed</a> a new system of secure videoconferencing. When he tested this new system, former president Petro Poroshenko explained:<br>
<blockquote>
"In late 2013 and early 2014, the situation was terrible. We had completely Russian software. We had completely open access of the aggressor country to all our state secrets and, in fact, from scratch, we had to develop technical and software tools for protecting information, to provide a radical re-equipment and reboot of confidential communication systems."<br>
</blockquote>
<br>
Current president Volodymyr Zelensky <a href="https://www.president.gov.ua/news/somij-tizhden-v-ukrayini-sposterigayetsya-padinnya-rivnya-za-68377" target="_blank">uses</a> both a commercial <a href="https://www.cisco.com/c/en/us/support/collaboration-endpoints/dx80/model.html" target="_blank">Cisco DX80</a> videoconferencing system and the custom-made secure one, which includes quite bulky equipment, indicating that it is <a href="https://en.wikipedia.org/wiki/Tempest_%28codename%29" target="_blank">TEMPEST</a>-shielded to prevent electromagnetic emanations:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8qnnwZdZXcBSqpy5CXDKS0cpC5Uoviz1U18NUWXCGutYwvyTaVXETxTUe4b5UK1NgBgY1rbLN0qHhSZ4qsYXzvYQ4FDeKM0wQ2CQB4lTaza7C6fZ81ZgHRTt_3_lyoZ-0STb3q-e_jBgKwpyj29ErsmzfSsVgTGqQnjiFCoSUH3bgSQWfa0bhMwAn/s960/zelensky-vtc2020may.jpeg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="360" data-original-width="630" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8qnnwZdZXcBSqpy5CXDKS0cpC5Uoviz1U18NUWXCGutYwvyTaVXETxTUe4b5UK1NgBgY1rbLN0qHhSZ4qsYXzvYQ4FDeKM0wQ2CQB4lTaza7C6fZ81ZgHRTt_3_lyoZ-0STb3q-e_jBgKwpyj29ErsmzfSsVgTGqQnjiFCoSUH3bgSQWfa0bhMwAn/s960/zelensky-vtc2020may.jpeg"/></a></div>
<div align="center">
<font size="2">
President Zelensky using the secure videoconferencing system, May 12, 2020.<br>
<font color="gray">(photo: Presidential Administration - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<b>Addressing foreign parliaments</b><br>
<br>
Another kind of videoconferences are the virtual addresses to foreign parliaments which Zelensky started to deliver and included the British House of Commons and the US Congress. In these addresses he dramatically pointed out their responsibility to support the people of Ukraine in their fight against the Russian military agression.<br>
<br>
Zelensky usually delivered these speeches from a nondescript room, probably in a bunker. The photo below shows him in a very improvised setting, with the <a href="https://www.cisco.com/c/en/us/support/collaboration-endpoints/dx80/model.html" target="_blank">Cisco DX80</a> videoconferencing screen, an <a href="https://www.avaya.com/en/devices-and-phones/conference-phones/b149/" target="_blank">Avaya B149</a> conference phone, an Apple MacBook, camera equipment and an old-fashioned Soviet-style telephone without rotary dial:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_8BJP_dy6E5esP3Al7jhGnew9CiloPI13lBg_gu73M_XxgZkoZmVjz5V_FGrLyO2fuxttp86Jxb3dENy3HRUe6aq141SU1LlEWNIPHpuSWUl0xBX8VQyNaC7A9ej9AIBUwbgGN4DIi5EoCElfmVdMuGvEXuqa43AjdfbswuT1l1w5qZyA7AmLAcLM/s720/zelensky-bunker.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="405" data-original-width="720" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_8BJP_dy6E5esP3Al7jhGnew9CiloPI13lBg_gu73M_XxgZkoZmVjz5V_FGrLyO2fuxttp86Jxb3dENy3HRUe6aq141SU1LlEWNIPHpuSWUl0xBX8VQyNaC7A9ej9AIBUwbgGN4DIi5EoCElfmVdMuGvEXuqa43AjdfbswuT1l1w5qZyA7AmLAcLM/s720/zelensky-bunker.jpg"/></a></div>
<div align="center">
<font size="2">
President Zelensky delivering a speech from an unknown location<br>
<font color="gray">(photo: DPA vía Europa Press - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<a name="foreign"></a>
<br>
<font size="+2">Calls with foreign leaders</font><br>
<br>
In February 2022, when the Russian military threat became imminent, president Zelensky had phone calls with a range of foreign presidents and prime ministers in which he <a href="https://www.theguardian.com/world/2022/feb/28/the-phone-has-become-the-ukrainian-presidents-most-effective-weapon" target="_blank">urged</a> them to impose sanctions against Russia and requested arms to defend his country.<br>
<br>
For these calls he either used the huge white phone console or a commercial <a href="https://www.avaya.com/en/devices-and-phones/conference-phones/b149/" target="_blank">Avaya B149</a> conference phone, like in the photo below, showing Zelensky when he was <a href="https://www.instagram.com/p/CaVczqeMk1J/" target="_blank">talking</a> to Dutch prime minister Mark Rutte on February 23:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjfHtucYU9wa9_9PO6vgTZ-13Qp-Y99Y7zTOl0xfF228fMurBFPOUmuiFat6kBo2qntjGvr6iKlg7JnN8-Gff3sUl-3JZU-vDw4WsM8ceyOi92tY5fzFi-PCG7OxjXGJAXcXc6BjCqxpCDn2n8I1HM1x7rWCuC3yxrEYWAPD-7H9VfCk24uoA45zkZy=s866" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="579" data-original-width="866" src="https://blogger.googleusercontent.com/img/a/AVvXsEjfHtucYU9wa9_9PO6vgTZ-13Qp-Y99Y7zTOl0xfF228fMurBFPOUmuiFat6kBo2qntjGvr6iKlg7JnN8-Gff3sUl-3JZU-vDw4WsM8ceyOi92tY5fzFi-PCG7OxjXGJAXcXc6BjCqxpCDn2n8I1HM1x7rWCuC3yxrEYWAPD-7H9VfCk24uoA45zkZy=s866"/></a></div>
<div align="center">
<font size="2">
President Zelensky talks to Dutch prime minister Mark Rutte, February 23, 2022<br>
<font color="gray">(photo via Instagram - click to enlarge)</font><br>
</font>
</div>
<br>
<a name="hotline"></a>
<br>
<b>Calls with US president Biden</b><br>
<br>
Zelensky also spoke to US president Joe Biden several times, but for these calls a different telephone set was used: a <a href="https://www.cisco.com/c/en/us/products/collaboration-endpoints/unified-ip-phone-7975g/index.html" target="_blank">Cisco 7975G Unified IP Phone</a>. This is a common high-end executive phone which was also used for the secure telephone network of the White House until it was replaced by a newer model from Cisco's 8800-series in 2017. <br>
<br>
<div align="right">
> Read more: <a href="https://www.electrospaces.net/2017/02/trumps-beautiful-oval-office-phones-and.html">
Trump's "beautiful" Oval Office phones<br>
and what was changed on them</a><br>
</div>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZME9UDwKKLPbSIgPj52pm8jhuC-kpEqMTtzG950qODhDDPLXbE9LdJYzqXACXUQv2RsbuKY0dN46VHoxApMArXf_Ma7313pUDQilhc2UM6hPWINXcclECifGO_TMvNtcdVJmPLdEovbk2U4e9BFjWCBiDdsWO-RI4rtivRLeJpvhtv17ZLEwHeFl3/s900/zelensky-jan2022a.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="2731" data-original-width="4096" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZME9UDwKKLPbSIgPj52pm8jhuC-kpEqMTtzG950qODhDDPLXbE9LdJYzqXACXUQv2RsbuKY0dN46VHoxApMArXf_Ma7313pUDQilhc2UM6hPWINXcclECifGO_TMvNtcdVJmPLdEovbk2U4e9BFjWCBiDdsWO-RI4rtivRLeJpvhtv17ZLEwHeFl3/s900/zelensky-jan2022a.jpg"/></a></div>
<div align="center">
<font size="2">
President Zelensky during a phone call with US president Biden, January 27, 2022. <br>
<font color="gray">(photo: Ukrainian Presidential Press - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
In the photo we see Zelensky during a long telephone conversation with Biden on January 27, 2022, discussing diplomatic efforts on de-escalation of the Russian threat. A close look at the Cisco phone shows that the wallpaper of the display has an image of the White House, clearly indicating that it's for calls to the president of the United States:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiVUeQ7QTXHp7BKaad3WoE5uOn8E0RWVk8QKXuCZcbk5ZA_D9yuRKcpMDJo4kGiAk-B2mQsN8PlUSA5oGoHwwyqGoMqG_D8zJcTe7Luu18hSzAxrqaVplZUlAOuYnVHy4AtkF16sUsU3miH4_1wVwW2xAnDhbhvOV7INHyb6agKUC-LEgV8kS99xowt=s900" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="450" data-original-height="543" data-original-width="900" src="https://blogger.googleusercontent.com/img/a/AVvXsEiVUeQ7QTXHp7BKaad3WoE5uOn8E0RWVk8QKXuCZcbk5ZA_D9yuRKcpMDJo4kGiAk-B2mQsN8PlUSA5oGoHwwyqGoMqG_D8zJcTe7Luu18hSzAxrqaVplZUlAOuYnVHy4AtkF16sUsU3miH4_1wVwW2xAnDhbhvOV7INHyb6agKUC-LEgV8kS99xowt=s900"/></a></div>
<br>
<br>
So here we have a rare occasion in which we can see dedicated telephone equipment for a hotline between heads of state. The connection between Zelenksy's office and the White House was probably relayed by the US embassy in Kyiv, like other secure communications between the Ukrainians and US officials, as was <a href="https://edition.cnn.com/europe/live-news/ukraine-russia-putin-news-03-01-22/h_5a65303ee7ffa3cb8765d5aafd8c2202" target="_blank">reported</a> by CNN.<br>
<br>
<div align="right">
> Read more: <a href="http://electrospaces.blogspot.com/2012/11/bilateral-hotlines-worldwide.html">Bilateral hotlines worldwide</a><br>
</div>
<br>
<b>Secure satellite phones</b><br>
<br>
In February 2022, as fears mounted about the Russian invasion, the US prepared to evacuate its embassy and <a href="https://edition.cnn.com/europe/live-news/ukraine-russia-putin-news-03-01-22/h_5a65303ee7ffa3cb8765d5aafd8c2202" target="_blank">provided</a> the Ukrainian government with a secure satellite phone to maintain regular contact with president Zelensky, who now moves around to multiple locations in Kyiv that are protected with a significant security presence.<br>
<br>
On March 5, Zelensky <a href="https://www.nytimes.com/2022/03/06/us/politics/us-ukraine-weapons.html" target="_blank">used</a> this satellite phone for a 35-minute call with his American counterpart on what more the US could do to support Ukraine without entering into direct combat with Russian forces. A similar phone had been provided to Ukrainian foreign minister Dmytro Kuleba.<br>
<br>
CNN <a href="https://edition.cnn.com/europe/live-news/ukraine-russia-putin-news-03-01-22/h_5a65303ee7ffa3cb8765d5aafd8c2202" target="_blank">reported</a> that these satellite phones require electricity but can operate off of a generator or energy from a car if needed. Initially it took a few days for the Ukrainians to get the satellite phones up and working because the instructions on how to use them were in English.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwMQ25ue6CO48lEHPPV4iCq8qYLsc9DSZGQgieOZy8FTABAZPLgvgW_ENtKMNDwZYzV_b0i00VzkfJn4bm6oBQDFEeI8mQZio-1IHM-6gn6LUoNbsWxlV6C5QgMYMewZYf3L1eCJOjHXdWGabsZE78PeUe1_5UUB5CFucdWvJE09ay6vZ_nuOFxwnE/s1000/ukrain-usembassy.jpeg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="667" data-original-width="1000" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwMQ25ue6CO48lEHPPV4iCq8qYLsc9DSZGQgieOZy8FTABAZPLgvgW_ENtKMNDwZYzV_b0i00VzkfJn4bm6oBQDFEeI8mQZio-1IHM-6gn6LUoNbsWxlV6C5QgMYMewZYf3L1eCJOjHXdWGabsZE78PeUe1_5UUB5CFucdWvJE09ay6vZ_nuOFxwnE/s1000/ukrain-usembassy.jpeg"/></a></div>
<div align="center">
<font size="2">
The US embassy in the Ukrainian capital Kyiv. <br>
<font color="gray">(photo: Andrew Kravchenko/AP)</font><br>
</font>
</div>
<br>
<br>
<b>Zelensky's smartphone</b><br>
<br>
Finally, Ukrainian president Zelensky also has a smartphone, which he uses to <a href="https://www.instagram.com/p/Ca0hYyrIlIj/" target="_blank">record</a> some of the messages to his people, like the famous one in which he showed that he hasn't left the capital and can still stay in the building of the Presidential Administration on Bankova street (see below).<br>
<br>
For a president and other top government officials, a smartphone imposes the risk of being hacked and tracked, but in Zelensky's case we can assume that, besides other security measures, it only connects to a secure base station or a secure wifi router that merely provides access to a sufficiently secured internal network.<br>
<br>
<br>
<div align="center">
<iframe width="500" height="300" src="https://www.youtube.com/embed/KMynwOS7NJQ" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
<div align="center">
<font size="2">
Video message by Ukrainian president Zelensky, March 7, 2022.<br>
</font>
</div>
<br>
<br>
<br>
<b>Links and sources</b><br>
<font size="2">
- CNN: <a href="https://edition.cnn.com/europe/live-news/ukraine-russia-putin-news-03-01-22/h_5a65303ee7ffa3cb8765d5aafd8c2202" target="_blank">US in contact with Zelensky through secure satellite phone given to him by the US</a> (March 1, 2022)<br>
- The Guardian: <a href="https://www.theguardian.com/world/2022/feb/28/the-phone-has-become-the-ukrainian-presidents-most-effective-weapon" target="_blank">The phone has become the Ukrainian president’s most effective weapon</a> (February 28, 2022)<br>
- Telegraf: <a href="https://telegraf.com.ua/ukraina/politika/5227269-strana-v-smartfone-kak-chinovniki-pereydut-so-spetssvyazi-na-prilozhenie-v-telefone.html" target="_blank">Страна в смартфоне: как чиновники перейдут со спецсвязи на приложение в телефоне</a> (November 11, 2019)<br>
<br>
See also: <a href="https://news.ycombinator.com/item?id=30840029" target="_blank">Comments at Hacker News</a><br>
</font>
<br>P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com5tag:blogger.com,1999:blog-4559002410879446409.post-74271439457853060772022-02-02T12:45:00.036+01:002023-11-13T09:38:13.949+01:00Head of Danish military intelligence arrested but independent inquiry finds no wrongdoing<div align="right"><font size="2" color="gray">(Updated: November 13, 2023)</font></div>
<br>
Unprecedented developments in Denmark: a former defense minister as well as the head of the military intelligence service FE have been charged for disclosing highly classified information, for which the latter has even been imprisoned. <br>
<br>
Here I will provide more details about the arrest of FE head <a href="#findsen"><b>Lars Findsen</b></a> and the charges against defense minister <a href="#frederiksen"><b>Claus Hjort Frederiksen</b></a>, followed by a summary of how the crisis has <a href="#development"><b>developed</b></a>, the recent <a href="#conclusions"><b>conclusions</b></a> of an independent investigation and finally the <a href="#snowden"><b>similarities</b></a> to the Snowden case.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgI2B1hfqi63VbvIiPqnq-V7bUOc7rMHRvD7PDtmXszMlpJiN1QIo5yrY41C3zZ81Z-pwnyAiWrNI8ICldPMA9pO0DfzDqRsRyZbcZ9La1NrBj-ct3ToyheeatV24-Zee7wYpcgZsMDCWol-O3_FCJ926C7Kwg-AQjJ8cg6_PsM3jB7AgQQQHnB9jCu=s800" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="650" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/a/AVvXsEgI2B1hfqi63VbvIiPqnq-V7bUOc7rMHRvD7PDtmXszMlpJiN1QIo5yrY41C3zZ81Z-pwnyAiWrNI8ICldPMA9pO0DfzDqRsRyZbcZ9La1NrBj-ct3ToyheeatV24-Zee7wYpcgZsMDCWol-O3_FCJ926C7Kwg-AQjJ8cg6_PsM3jB7AgQQQHnB9jCu=s800"/></a></div>
<div align="center">
<font size="2">
FE head Lars Findsen (left) and former defense minister Claus Hjort Frederiksen<br>
<font color="gray">(photos: Liselotte Sabroe/EPA-EFE & Johannes Jansson/Norden)</font><br>
</font>
</div>
<br>
<a name="findsen"></a>
<br>
<br>
<font size="+1"><b>FE head Lars Findsen arrested and imprisoned</b></font><br>
<br>
On January 10, the Danish broadcaster DR <a href="https://www.dr.dk/nyheder/indland/hemmelig-pet-taskforce-aflyttede-spionchef-lars-findsen-i-maanedsvis-afsloere-laek" target="_blank">reported</a> that Lars Findsen had been arrested on Copenhagen Airport on December 8, 2021, after he had been under surveillance by the Danish police intelligence service (<a href="https://en.wikipedia.org/wiki/Danish_Security_and_Intelligence_Service" target="_blank"><i>Politiets EfterretningsTjeneste</i></a> or PET).<br>
<br>
It's a wry turn of fate as Findsen himself had been the head of the PET from 2002 to 2007. Since 2015 he led the Danish military intelligence service (<a href="https://en.wikipedia.org/wiki/Danish_Defence_Intelligence_Service" target="_blank"><i>Forsvarets Efterretningstjeneste</i></a> or FE), before he was suspended in August 2020.<br>
<br>
<blockquote>
<b>Update:</b><br>
On April 4, 2022, DR <a href="https://www.dr.dk/nyheder/indland/blev-aflyttet-i-derhjemme-sagen-mod-spionchef-lars-findsen-omfatter-samtaler-med" target="_blank">reported</a> that the PET had apparently bugged Findsen's house in order to find out whether he revealed classified information to family members, which is a very intrusive method that is only used in the most serious cases.<br>
</blockquote>
<br>
According to DR, the PET <a href="https://www.dr.dk/nyheder/indland/hemmelig-pet-taskforce-aflyttede-spionchef-lars-findsen-i-maanedsvis-afsloere-laek" target="_blank">set up</a> a special investigation after on September 30, 2020 the Danish newspaper <i>Berlingske</i> <a href="http://www.berlingske.dk/samfund/et-pengeskab-paa-kastellet-har-i-aartier-gemt-paa-et-dybt-fortroligt" target="_blank">published</a> a long piece with unprecedented details about the cooperation between the FE and the NSA. The investigation intensified when in May 2021 news media from several European countries provided additional details based upon nine sources with access to classified information (see below).<br>
<br>
On the same day as Lars Findsen, the PET <a href="https://www.pet.dk/Nyheder/2021/Fire%20personer%20anholdt%20for%20laekager%20fra%20efterretningstjenesterne.aspx" target="_blank">arrested</a> three other current and former employees of the FE and the PET. Just like Findsen, they are accused of the unauthorized disclosure of highly classified information in violation of section 109(1) of the Danish criminal code, which is punishable with up to 12 years in prison.<br>
<br>
This came quite unexpected because section 109 was only <a href="https://politiken.dk/indland/art8591089/%C2%BBHerbert-Pundik-br%C3%B8d-ind-og-sagde-%C2%BBJens-Peter-Skaarup-er-parat-til-at-g%C3%A5-i-f%C3%A6ngsel-uanset-hvor-l%C3%A6nge-han-skal-sidde-der%C2%AB.-Det-havde-vi-nu-ikke-aftalt-at-jeg-var%C2%AB" target="_blank">used once</a> before, as it is meant for cases of treason and espionage, comparable to the American Espionage Act of 1917. In Denmark, leaks by government employees were usually charged under a much less strict law which can lead to imprisonment for only up to two years.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhAcmWs4uKaAeBJvOlOp5sD37DuH1tOA7_Ln6zw_pHQcluvYAbggewuPsY40gpR7KXuK7wRSARwzCaeI9ZzEPaAtueuDsfhK7UyIf8H9HOUQWb-u9t4tsIMBcrSzxy9hU95h08FFLPTu44eTPSL_k7Ba25EHGoe9w8Q6XGSpVJl9PPdyO76mSPaX-by=s449" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="308" data-original-width="449" src="https://blogger.googleusercontent.com/img/a/AVvXsEhAcmWs4uKaAeBJvOlOp5sD37DuH1tOA7_Ln6zw_pHQcluvYAbggewuPsY40gpR7KXuK7wRSARwzCaeI9ZzEPaAtueuDsfhK7UyIf8H9HOUQWb-u9t4tsIMBcrSzxy9hU95h08FFLPTu44eTPSL_k7Ba25EHGoe9w8Q6XGSpVJl9PPdyO76mSPaX-by=s449"/></a></div>
<div align="center">
<font size="2">
The headquarters of the Danish police intelligence service PET<br>
</font>
</div>
<br>
<br>
The exact charges against Findsen haven't been made public, but according to DR News it's about leaking information to the press. Just before a hearing behind closed doors at Copenhagen magistrate's court on January 10, Findsen <a href="https://www.dw.com/en/danish-spy-chief-detained-over-highly-sensitive-leak/a-60379168" target="_blank">exclaimed</a> to the press: "I want the charges brought forward and I plead not guilty. This is completely insane". Findsen has to stay in prison at least until February 4, the other three have been released on bail.<br>
<blockquote>
<b>Updates:</b><br>
<br>
On February 4, the court gathered behind closed doors again and decided that Findsen has to stay in custody for another four weeks. Highly unusual was the fact that it took some <a href="https://www.dr.dk/engagement/taet-paa/stil-spoergsmaal-fe-sagen">8 hours</a> to reach that decision. Findsen appeared in court carrying the 2017 war novel <a href="https://en.wikipedia.org/wiki/All_the_Light_We_Cannot_See" target="_blank"><i>All the Light We Cannot See</i></a> by Anthony Doerr.<br>
<br>
On February 17, an appeals court ordered that Findsen had to be <a href="https://apnews.com/article/europe-denmark-copenhagen-classified-information-88cc4a755c8c8f3612d1815d2a22edf7" target="_blank">released</a> from prison because although there's "a well-founded suspicion" that he violated Danish law by disclosing intelligence information, the court "didn’t find that the conditions for a pre-trial detention are met."<br>
</blockquote>
<br>
Already in December 2021, the head of the PET and the acting head of the FE visited the main Danish media outlets and warned that their editors could also be charged under section 109. On January 4, eight journalists from six media were <a href="https://politiken.dk/indland/art8553528/Flere-journalister-fra-danske-medier-er-indkaldt-til-afh%C3%B8ring-i-l%C3%A6kagesag-fra-FE-og-PET" target="_blank">summoned</a> for questioning as part of the police investigation into the leaks about the FE.<br>
<br>
A possible explanation for this intimidation could be that the Danish government wants to demonstrate that they will punish leakers severely and do everything to prevent any further leaks in an attempt to comfort the FE's foreign partners, especially the Americans, who are likely highly disturbed by the recent developments.<br>
<br>
This could risk the continuation of the intelligence cooperation, for which mutual trust is the most important factor: intelligence agencies will only be willing to share their secret information when they are convinced that the other side will keep the information just as secret and will not misuse it in any way.<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4k4qApg2I7SdqqiE97Qyf2_DGLfIbSxUZgVZYa9vGg-V3yQn25SCwOQ2IiXUi0J7O0kDxuf4Ro8nlxQSzG2UWAF6_AKLCOogsC2NtDJdof6x4f-BrwFIMQZgZSUVjpbort6uWrx6g5w4/s1600/findsen-phones.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4k4qApg2I7SdqqiE97Qyf2_DGLfIbSxUZgVZYa9vGg-V3yQn25SCwOQ2IiXUi0J7O0kDxuf4Ro8nlxQSzG2UWAF6_AKLCOogsC2NtDJdof6x4f-BrwFIMQZgZSUVjpbort6uWrx6g5w4/s1600/findsen-phones.jpg" width="550" /></a><br>
<font size="2">
Lars Findsen in his office as head of the FE, with two Cisco 7900-series IP phones,<br>
apparently one for secure and one for non-secure calls<br>
<font color="gray">(photo: Ritzau/Jens Dresling - click to enlarge)</font><br>
</font>
</div>
<a name="frederiksen"></a>
<br>
<br>
<font size="+1"><b>Charges against former Defense minister Frederiksen</b></font><br>
<br>
The current crisis didn't stop at the imprisonment of Lars Findsen though: on January 14, it was <a href="https://www.dr.dk/nyheder/politik/claus-hjort-frederiksen-er-sigtet-have-delt-statshemmeligheder">reported</a> that Claus Hjort Frederiksen, who was defense minister from November 2016 to June 2019, is also charged under section 109. This was made public in a brief press release which the Liberal or Venstre Party sent to Danish media.<br>
<br>
As a member of parliament, Frederiksen has immunity, but the Liberal Alliance party doesn't <a href="https://politiken.dk/indland/art8578961/%C2%BBDer-er-ridset-op-til-en-konflikt-man-n%C3%A6sten-kunne-have-i-en-film%C2%AB" target="_blank">want</a> to lift it unless the Danish parliament gets full insight into a possible criminal case against him. In the press release he said that he never had the intention to harm Denmark or Danish interests.<br>
<blockquote>
<b>Update:</b> <br>
On February 4, 2022, Frederiksen issued a <a href="https://www.facebook.com/ClausHjortFrederiksen/posts/364032208869207" target="_blank">statement</a> on Facebook in which he said that the day before he got insight into the charges against him and that they are only based on newspaper articles and public debates.<br>
</blockquote>
<br>
During two interviews in December 2021 (with the television programs <a href="https://politiken.dk/kultur/set_og_hoert/art8479886/Claus-Hjort-Frederiksen-var-b%C3%A5de-nedladende-og-fjendtlig-i-%E2%80%99Deadline%E2%80%99" target="_blank"><i>Deadline</i></a> and <a href="https://ekstrabladet.dk/nyheder/politik/danskpolitik/claus-hjort-jeg-er-sigtet/9082460" target="_blank"><i>Lippert</i></a>), Frederiksen had been remarkably talkative about the FE's cooperation with the NSA, but he was also <a href="https://www.weekendavisen.dk/2020-37/samfund/landsskadeligt" target="_blank">angry</a> about how his successor as defense minister, Trine Bramsen, handled the case by suspending Findsen and some other officials, including a general responsible for the relations with the Americans.<br>
<br>
Just recently it was <a href="https://www.dr.dk/nyheder/indland/claus-hjort-ville-beskytte-spionsamarbejde-forsoegte-bremse-kulegravning-af" target="_blank">revealed</a> that on February 28, 2019, Frederiksen had arranged a meeting with the Oversight Board to convince them to drop their investigation into the FE in order to not endanger the cooperation with the NSA - a controversial move given the independent position of the Oversight Board, which accordingly continued its investigation that eventually sparked the current intelligence crisis.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCterRZMylIaMxf89h1jN7vGkYznu1Ex0qhy0Lk08IDk0JezMD4F8955BUMn16vK5-5jw5ZuA-tuMN8NsBAqJI0fkR42und9bPNsn9Jepehm2AObgTQkaWDDOx_HEA_Zz5jPJHYedSR8E/s0/dk-defense-ministers.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCterRZMylIaMxf89h1jN7vGkYznu1Ex0qhy0Lk08IDk0JezMD4F8955BUMn16vK5-5jw5ZuA-tuMN8NsBAqJI0fkR42und9bPNsn9Jepehm2AObgTQkaWDDOx_HEA_Zz5jPJHYedSR8E/s0/dk-defense-ministers.jpg" width="500"/></a></div>
<div align="center">
<font size="2">
Current Danish defense minister Trine Bramsen (left) and her predecessor<br>
Claus Hjort Frederiksen (photo: Linda Kastrup/Scanpix)<br>
</font>
</div>
<br>
<br>
After the revelations in the media, Frederiksen apparently felt free to explain and stress that the FE did nothing wrong: that spying on European countries is common practice and that to protect Danish citizens (i.e. to keep within the law) the FE had installed filter systems.<br>
<br>
He was especially concerned about the relationship with the NSA, because in recent years, Denmark had reached almost the same level as the <a href="https://www.electrospaces.net/2016/11/data-sharing-systems-used-within-five.html">Five Eyes</a> partnership, an achievement that his successor had put at risk now, according to Frederiksen.<br>
<br>
There are actually several countries that claim a position very close to the Five Eyes, but fact is that Denmark is a so-called <a href="https://www.electrospaces.net/2014/09/nsas-foreign-partnerships.html#3rdparty">Third Party</a> partner of the NSA already since 1954 and, as such, a member of the <a href="https://www.electrospaces.net/2020/05/maximator-and-other-european-sigint.html#sseur">SIGINT Seniors Europe</a> (SSEUR) and, between 2009 and 2014, of the <a href="https://www.electrospaces.net/2019/09/from-9-eyes-to-14-eyes-afghanistan.html">Afghanistan SIGINT Coalition</a> (AFSC).<br>
<br>
<a name="development"></a>
<br>
<br>
<font size="+2">Development of the intelligence crisis</font><br>
<br>
The Danish intelligence crisis started on August 24, 2020, when the ministry of Defense issued a short <a href="https://fmn.dk/nyheder/Pages/Ledende-medarbejdere-i-Forsvarets-Efterretningstjeneste-fritaget-fra-tjeneste-indtil-videre.aspx" target="_blank">statement</a> saying that Lars Findsen and two other officials of the military intelligence service had been suspended from duty until further notice.<br />
<br>
The same day, the Intelligence Oversight Board (<a href="https://www.tet.dk/om-tilsynet/?lang=en" target="_blank"><i>Tilsynet med EfterretningsTjenesterne</i></a> or TET) issued a <a href="https://www.tet.dk/wp-content/uploads/2020/08/PRESSEMEDDELELSE.pdf" target="_blank">press release</a> with the unclassified results of an investigation that had been initiated by information provided by one or more whistleblowers. The main accusations were:<br />
<blockquote>
- The FE withheld key and crucial information and provided the Oversight Board with incorrect information;<br>
- There were risks that the FE's collection activities led to unlawful collection against Danish citizens;<br>
- The FE failed to investigate indications of espionage within the Ministry of Defense;<br>
- There's a culture of insufficient legal awareness within the FE's management;<br>
- There were activities in violation of the Danish law, including obtaining and sharing information about Danish citizens;<br>
- The FE has unlawfully processed information about an employee of the Oversight Board.<br>
</blockquote>
<br>
On December 21, 2020 the Danish justice minister established the FE Commission (<a href="https://feuk.dk/" target="_blank"><i>FE-kommissionen</i></a>) to further investigate the allegations against the FE and to present a report within a year.<br>
<br>
<div align="right">
> Read more: <a href="https://www.electrospaces.net/2020/08/head-of-danish-military-intelligence.html">
Head of Danish military intelligence suspended<br>
after misleading the oversight board</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU44ZXh4LhMMjH4F7VHhyphenhyphenWyu_Iudhn2tp55AN0ncrxQbJvi_ZcYq8S0IPHmWRKK9SX8F5TauIvP_AsG6WD4tM2Nh7uv28LbHl8aj9diacNweaj5k9bN8LY8MyIqnYOxMEjJ0ATvR0Ri1o/s1600/fe-kastellet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU44ZXh4LhMMjH4F7VHhyphenhyphenWyu_Iudhn2tp55AN0ncrxQbJvi_ZcYq8S0IPHmWRKK9SX8F5TauIvP_AsG6WD4tM2Nh7uv28LbHl8aj9diacNweaj5k9bN8LY8MyIqnYOxMEjJ0ATvR0Ri1o/s1600/fe-kastellet.jpg" width="600" /></a><br>
<font size="2">
The Kastellet fortress in Copenhagen, the workplace of most of the FE's employees<br>
<font color="gray">(photo: Danish Air Force Photo Service)</font><br>
</font>
</div>
<a name="xks"></a>
<br>
<br>
<font size="+1"><b>The FE uses XKEYSCORE to process data from the cable tap</b></font><br>
<br>
Meanwhile, Danish media came with unprecedented disclosures: on September 13, the newspaper <i>Berlingske</i> <a href="https://www.berlingske.dk/samfund/et-pengeskab-paa-kastellet-har-i-aartier-gemt-paa-et-dybt-fortroligt" target="_blank">revealed</a> how in the mid-1990s the FE, in cooperation with the NSA, started to tap a backbone cable containing communications from countries like China and Russia - very similar to <a href="https://www.electrospaces.net/2015/05/new-details-about-joint-nsa-bnd.html">Operation Eikonal</a> (2004-2008) in which the NSA cooperated with the German foreign intelligence servce BND.<br>
<br>
According to Berlingske, the communications of interest were extracted from the cable in Copenhagen and were then sent to the <a href="https://web.archive.org/web/20200811153920/https://fe-ddis.dk/om-os/Organisation/lokaliteter-i-dk/Pages/Sandagergaard.aspx" target="_blank">Sandagergård complex</a> of the FE on the island of Amager. Part of the agreement between the US and Denmark was that "the USA does not use the system against Danish citizens and companies. And the other way around".<br>
<br>
On September 24, 2020, the Danish broadcaster DR <a href="https://www.dr.dk/nyheder/indland/ny-afsloering-fe-masseindsamler-oplysninger-om-danskere-gennem-avanceret-spionsystem" target="_blank">reported</a> that after 2008, NSA employees traveled to Denmark to build a data center for a new system to process the data from the cable tap. The heart of this system is formed by <a href="https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html#xkeyscore">XKEYSCORE</a>, the sophisticated processing and filtering system for internet data used by the NSA and GCHQ.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPJz2Jla9q6Obf6wNfN2BsSxAXWm3sK6oynmSOoD-hKpVBVvIucIgFNtU6iz0Vgki_rOI-9iw7ZyzmMXKIEwB5OD3Q4d38NFWxbdja0hGKus0deJLK9xFF7laxq_xY_sZwWlddxz8-jp8/s800/FE-Sandagergard.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" data-original-height="464" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPJz2Jla9q6Obf6wNfN2BsSxAXWm3sK6oynmSOoD-hKpVBVvIucIgFNtU6iz0Vgki_rOI-9iw7ZyzmMXKIEwB5OD3Q4d38NFWxbdja0hGKus0deJLK9xFF7laxq_xY_sZwWlddxz8-jp8/s800/FE-Sandagergard.jpg" width="550"/></a></div>
<div align="center">
<font size="2">
The Sandagergård complex of the FE on the island of Amager,<br>
where a data center was built specifically to <a href="https://www.dr.dk/nyheder/indland/hemmelige-rapporter-usa-spionerede-mod-danske-ministerier-og-forsvarsindustri" target="_blank">store</a> data<br>
from the joint NSA-FE cable tapping operation.<br>
<font color="gray">(Click to enlarge)</font><br>
</font>
</div>
<br>
<br>
According to DR News, the FE tried to <a href="https://www.dr.dk/nyheder/indland/ny-afsloering-fe-masseindsamler-oplysninger-om-danskere-gennem-avanceret-spionsystem" target="_blank">develop</a> a number of filters to ensure that data from Danish citizens and companies is sorted out and not available for searches. Former defense minister Frederiksen <a href="http://www.weekendavisen.dk/2020-37/samfund/landsskadeligt" target="_blank">confirmed</a> the existence of such filters, but also admitted that there can be no 100% guarantee that no Danish information will pass through.<br>
<br>
Berlingske had also <a href="https://www.berlingske.dk/samfund/et-pengeskab-paa-kastellet-har-i-aartier-gemt-paa-et-dybt-fortroligt" target="_blank">identified</a> the whistleblower as a young IT specialist of the FE, who in 2013 became increasingly concerned, after which then head of the FE Thomas Ahrenkiel ordered an internal investigation, which found no signs of abuse by the NSA. The IT specialist, however, was not satisfied with this result and informed the intelligence oversight board somewhere in 2018 and provided them with new information in November 2019.<br>
<br>
<div align="right">
> Read more: <a href="https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html">
Danish military intelligence uses XKEYSCORE to tap<br>
cables in cooperation with the NSA</a><br>
</div>
<a name="nsa"></a>
<br>
<br>
<font size="+1"><b>The NSA tried to spy on Danish and other European targets</b></font><br>
<br>
On November 15, 2020, the Danish broadcaster DR <a href="https://www.dr.dk/nyheder/indland/hemmelige-rapporter-usa-spionerede-mod-danske-ministerier-og-forsvarsindustri" target="_blank">published</a> a story about two internal assessments from the FE, one from 2012 and another one from 2015 (or 2014?), which contain an analysis of the phone numbers and e-mail addresses (also known as selectors) which the NSA sent to the FE for collecting information from the cable tap.<br>
<blockquote>
- According to the analysis from 2012, the NSA submitted selectors for Danish targets, including the ministry of Foreign Affairs and the ministry of Finance, as well as the Danish defense company <a href="https://en.wikipedia.org/wiki/Terma_A/S" target="_blank">Terma</a>.<br>
<br>
- The 2015 analysis of selectors showed that the NSA also used the cable tapping cooperation to spy on targets in European countries like Sweden, Norway, the Netherlands, Germany and France, according to DR News.<br>
</blockquote>
On May 30, 2021, joint reporting by <a href="https://www.dr.dk/nyheder/indland/forsvarets-efterretningstjeneste-lod-usa-spionere-mod-angela-merkel-franske-norske" target="_blank">DR</a>, <a href="https://www.svt.se/nyheter/inrikes/usa-har-spionerat-pa-svenska-politiker-med-hjalp-av-danmark">SVT</a>, <a href="https://www.nrk.no/urix/sterke-reaksjoner-fra-flere-land-etter-medieoppslag-om-politiker-overvaking-via-danske-fiberkabler-1.15513355" target="_blank">NRK</a>, <a href="https://www.sueddeutsche.de/politik/regierung-macron-und-merkel-abhoeren-von-verbuendeten-inakzeptabel-dpa.urn-newsml-dpa-com-20090101-210531-99-805833" target="_blank">Süddeutsche Zeitung</a>, <a href="https://www.tagesschau.de/investigativ/ndr-wdr/nsa-bespitzelung-politiker-101.html" target="_blank">NDR</a>, WDR and <a href="https://www.lemonde.fr/pixels/article/2021/05/31/espionnage-par-la-nsa-depuis-le-danemark-des-faits-potentiels-et-graves-selon-paris_6082181_4408996.html" target="_blank">Le Monde</a> revealed that the internal investigation which FE boss Ahrenkiel initiated in 2014 was codenamed <a href="https://en.wikipedia.org/wiki/Operation_Dunhammer" target="_blank">Operation Dunhammer</a> and concluded in May 2015 that the NSA had provided telephone selectors for Norwegian, Swedish, German, Dutch and French politicians and officials, including former German chancellor Angela Merkel and then foreign minister Frank-Walter Steinmeier.<br>
<br>
<div align="right">
> Read more: <a href="https://www.electrospaces.net/2020/11/via-cable-in-denmark-nsa-tried-to-spy.html">
The NSA tried to spy on Danish and other European<br>
targets via cable tapping in Denmark</a><br>
</div>
<br>
This outcome is actually not very surprising, because from the German <a href="https://en.wikipedia.org/wiki/German_Parliamentary_Committee_investigation_of_the_NSA_spying_scandal" target="_blank">parliamentary investigation</a> (2014-2017) into the cooperation between the NSA and the BND it also became clear that, among hundreds of thousands of identifiers for legitimate targets, the NSA had provided the BND with thousands of selectors related to European and even German targets, which in 2015 resulted in the "Selector Affair".<br>
<br>
<div align="right">
> Read more: <a href="https://www.electrospaces.net/2015/11/new-details-about-selectors-nsa.html">New details about the selectors NSA provided to BND</a><br>
</div>
<br>
<a name="conclusions"></a>
<br>
<br>
<font size="+1"><b>The FE Commission finds no wrongdoing</b></font><br>
<br>
On December 13, 2021, the independent FE Commission finally presented its report about the accusations against the FE. Surprisingly, the commission <a href="https://politiken.dk/indland/art8526650/Kommission-afviser-alle-anklager-mod-spiontjeneste-og-hjemsendte-chefer" target="_blank">found</a> no evidence of wrongdoing by the FE and also found no basis to hold the former and current head of the FE, Ahrenkiel and Findsen, accountable.<br>
<br>
The report from the FE Commission is classified, but its conclusion have been published on the commission's <a href="https://feuk.dk/" target="_blank">website</a>. Because they are only available in Danish, I made a preliminary translation using Google Translate with some manual corrections, which can be found <a href="https://www.documentcloud.org/documents/21200708-fe-commission-conclusions-2021" target="_blank"><b>here</b></a>.<br>
<br>
Focusing on the most important accusations, the commission found no evidence that the FE provided incorrect information to the subsequent defense ministers nor to the Intelligence Oversight Board. The commission also found no basis for assuming that the FE has generally obtained and passed on information about Danish citizens in violation of the law.<br>
<br>
Given everything that emerged from the various revelations by Danish media this conclusion came as a surprise, but it can probably be explained by the fact that spying on other European governments is not prohibited by Danish law, how embarrassing it may be when it becomes public. <br>
<br>
And if the FE has a similar filter system as used by the German BND, then the Danish selectors which the NSA provided to the FE would have been blocked before they were entered into the actual collection system (see diagram below). This means no Danish data were selected and so there was also no violation of the law.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGAEStUL5TQEK7KnqaSyr3mAQEqVFFSOnPAFKPzF5qwA6_d8w7EkoSdEwSlI5cjRO9f_2iVWqXCVnLwckgdO6lDqC_uWPVf9G4l8sVppra60o99GeFkm2Tdh7EjKpLRT3gUjYPzpl_6JI/s800/filter+systems.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" data-original-height="430" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGAEStUL5TQEK7KnqaSyr3mAQEqVFFSOnPAFKPzF5qwA6_d8w7EkoSdEwSlI5cjRO9f_2iVWqXCVnLwckgdO6lDqC_uWPVf9G4l8sVppra60o99GeFkm2Tdh7EjKpLRT3gUjYPzpl_6JI/s800/filter+systems.jpg" width="550"/></a></div>
<br>
<br>
It's unclear whether the commission found any minor deficiencies at the FE. As we have seen during the German parliamentary investigation, employees of the BND's signals intelligence units often had little feeling with political sensitivities, while government officials didn't know about the complexities and limitations of the collection systems. Similar issues may have been the case at the FE.<br>
<br>
<a name="snowden"></a>
<br>
<br>
<font size="+1"><b>Similarities to the Snowden case</b></font><br>
<br>
Most recently, Edward Snowden also commented on the Danish intelligence crisis in an <a href="https://politiken.dk/indland/art8582262/Det-der-foreg%C3%A5r-i-Danmark-lige-nu-er-en-demokratisk-skandale?shareToken=2862z9AAokaw" target="_blank">interview</a> with the newspaper Politiken from January 22, 2022. In the interview, however, Snowden acted as if the cooperation between the NSA and the FE is a mass surveillance program that "violates the rights of hundreds of thousands, if not millions, of people every single day" while it's actually about selectors for individual and generally legitimate targets.<br>
<br>
Snowden also seems convinced that "Danish communication will be intercepted in these programs. No country possesses the capabilities to filter out all the information of its citizens", but according to previous press reports, the controversial selectors were telephone numbers and those are quite easy to filter, because they include a <a href="https://en.wikipedia.org/wiki/List_of_country_calling_codes" target="_blank">country code</a>. For internet communications this is much more difficult.<br>
<br>
In the interview, Snowden <a href="https://politiken.dk/indland/art8582262/Det-der-foreg%C3%A5r-i-Danmark-lige-nu-er-en-demokratisk-skandale?shareToken=2862z9AAokaw" target="_blank">said</a>, again with maximum exaggeration, that he is impressed by the young IT specialist at the FE who started the current crisis: "it is hard not to be inspired by this person's courage and ability to do so. The person has investigated the investigators and caught them in breaking the law and the rights of everyone in Denmark and the whole world."<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgbSXCGNHClgtnr2Boq2UwZjlKlua7NARzW77W6OPAy2b4Vo2WFl6AuG2rikdFV8wMyxOxRA5ledzSsBbcpxyPIGk_WQvUL7ivXiS8smPIRFfzvftU67W0MFMSg0G5YVqlrELRD2xqUR63-VOd7Hf8vW_8n0S4rdYAHBzhME4fv5Dz9oAtGlevXlraa=s800" style="display: block; text-align: center; "><img alt="" border="0" width="500" data-original-height="499" data-original-width="800" src="https://blogger.googleusercontent.com/img/a/AVvXsEgbSXCGNHClgtnr2Boq2UwZjlKlua7NARzW77W6OPAy2b4Vo2WFl6AuG2rikdFV8wMyxOxRA5ledzSsBbcpxyPIGk_WQvUL7ivXiS8smPIRFfzvftU67W0MFMSg0G5YVqlrELRD2xqUR63-VOd7Hf8vW_8n0S4rdYAHBzhME4fv5Dz9oAtGlevXlraa=s800"/></a></div>
<div align="center">
<font size="2">
Edward Snowden during the interview with the<br>
Danish newspaper Politiken, January 22, 2022<br>
</font>
</div>
<br>
<br>
Unlike Snowden, the FE's IT specialist didn't go straight to the press when he became concerned about certain things at his work place, but initially followed the proper channels and addressed his concerns to the FE management. However, an internal investigation found no abuse of the cable tapping operation by the NSA.<br>
<br>
Then the IT specialist acted very similar to Snowden: because he was not satisfied with this result he secretly started to <a href="http://www.berlingske.dk/samfund/et-pengeskab-paa-kastellet-har-i-aartier-gemt-paa-et-dybt-fortroligt" target="_blank">gather</a> internal information on his own: he "smuggled a recorder into his workplace, arranged meetings with colleagues and bosses for several months and recorded them in secret". In November 2019 he provided this to the intelligence oversight board, which also started an investigation.<br>
<br>
Then defense minister Claus Hjort Frederiksen (now 74 and liberal conservative) tried to keep this behind closed doors in order not to endanger the longstanding cooperation with the NSA - which is the common way governments handle such intelligence issues.<br>
<br>
<br>
What made the Danish case different is that his successor Trine Bramsen (40 and social democrat) followed the concerns of the oversight board and suspended FE chief Findsen. At that moment it seemed the IT specialist was right and that things were wrong at the FE.<br>
<br>
But Frederiksen and maybe Findsen and other FE officials fought back by telling the press about the joint cable tapping operation in an apparent attempt to convince the public of the importance of the cooperation with the NSA.<br>
<br>
Several months later it was revealed that the NSA had tried to spy on European and even on some Danish targets - highly classified information that may have been leaked by insiders hat shared the concerns of the IT specialist.<br>
<br>
This fight through press leaks seriously threathened Denmark's intelligence position and therefore the government apparently saw only one option left, that of unprecedented tough measures against leakers, even when they defended the cooperation with the NSA.<br>
<br>
<a name="conclusion"></a>
<br>
<br>
<font size="+2">Conclusion</font><br>
<br>
Ultimately, the whole issue in Denmark boils down to the same positions we saw earlier in other countries that were affected by the Snowden revelations:<br>
<blockquote>
- People close to the intelligence agencies claim that their interception operations are strictly within the law, particularly by using filter systems to protect the communications of their own citizens.<br>
<br>
- Outsiders usually think that bulk cable tapping is wrong anyway and that spying on governments and companies of friendly countries is also wrong, even when that's not prohibited by law.<br>
</blockquote>
<br>
Despite being seen as a former insider, Snowden represents the outsider position by <a href="https://politiken.dk/indland/art8582262/Det-der-foreg%C3%A5r-i-Danmark-lige-nu-er-en-demokratisk-skandale?shareToken=2862z9AAokaw" target="_blank">claiming</a> that cable tapping automatically means bulk collection and mass surveillance. In reality, bulk collection is usually limited to metadata, which are not used to monitor as many people as possible, but to find targets that were not yet known. Selectors for individual targets are then used to pick their communications from the cable just as targeted as a traditional wiretap.<br>
<br>
It's likely that the NSA also acquired metadata from the cable tap in Copenhagen, but the Danish press reports didn't provide further information on this. During the similar operation Eikonal in Germany, the BND <a href="https://www.electrospaces.net/2015/05/new-details-about-joint-nsa-bnd.html#nsaua">made sure</a> the NSA only got 'technical metadata' and no 'personal metadata' like phone numbers and e-mail addresses (see diagram below). <br>
<br>
All this shows once more that in order to make a good judgment about signals intelligence operations it's often necessary to look at even the smallest details of the technical systems that are involved.<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyuubtEIRjmdBFWg6Df9oKvs7XBlrBLdTT8DomiISGW-MMwPEJAlvCfQndosX8ETh2_UV63nfKK9RxmaMpPmsbh5eW2SnQcd1mcw3EWfY8freu2j8lqWczaIJuiHfRyReTZaEiQHx3UZo/s1600/bnd-eikonal2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyuubtEIRjmdBFWg6Df9oKvs7XBlrBLdTT8DomiISGW-MMwPEJAlvCfQndosX8ETh2_UV63nfKK9RxmaMpPmsbh5eW2SnQcd1mcw3EWfY8freu2j8lqWczaIJuiHfRyReTZaEiQHx3UZo/s1600/bnd-eikonal2.jpg" title="Dataflow under the joint NSA-BND operation Eikonal" width="500"></a><br>
<font size="2">
Overview of the joint NSA-BND operation Eikonal (2004-2008)<br>
<font color="gray">(Click to enlarge)</font><br>
</font></div>
<br>
<br>
<div class="blockquote">
<b>UPDATE:</b><br>
<br>
On November 1, 2023, the Danish prosecution service <a href="https://apnews.com/article/denmark-leaking-classified-information-defense-spy-c9894f15c761e80577d4b0218f018971" target="_blank">dropped</a> its cases against the head of the FE Lars Findsen (59), former defense minister Claus Hjort Frederiksen (76) and a former employee of the police security service PET.<br>
<br>
After the Danish Supreme Court had ruled that both cases should take place in public and sessions were only to be closed off whenever sensitive information was presented, the public prosecutor said that this would lead to the disclosure of highly classified information and was therfore not in the interest of national security.<br>
<br>
In a reaction, the head of the PET Finn Borch Andersen <a href="https://pet.dk/pet/nyhedsliste/droppede-straffesager-viser-behov-for-ny-lovgivning/2023/11/01" target="_blank">noted</a> that this is an unsustainable legal situation because it prevents the prosecution of cases in which state secrets are part of the evidence. He therefore called for new legislation for cases that include classified information.<br>
</div>
<br>
<br>
<br>
<b>Links and sources</b><br>
<font size="2">
<br>
- The Guardian: <a href="https://www.theguardian.com/world/2023/oct/02/scandinavian-spy-drama-the-intelligence-chief-who-came-under-state-surveillance" target="_blank">Scandinavian spy drama: the intelligence chief who came under state surveillance</a> (Oct. 2, 2023)<br>
- Politiken: <a href="https://politiken.dk/indland/art8582262/Det-der-foreg%C3%A5r-i-Danmark-lige-nu-er-en-demokratisk-skandale?shareToken=2862z9AAokaw" target="_blank">Edward Snowden: Det, der foregår i Danmark lige nu, er en demokratisk skandale</a> (Jan. 22, 2022)<br>
- Peter Kofod: <a href="https://medium.com/@peterkofod/findsengate-1%C2%BD-anbefaling-forbehold-429d49c59224" target="_blank">FindsenGate 1½ | Anbefaling & forbehold</a> (Jan. 21, 2022)<br>
- DR: <a href="https://www.dr.dk/nyheder/indland/claus-hjort-ville-beskytte-spionsamarbejde-forsoegte-bremse-kulegravning-af" target="_blank">Claus Hjort ville beskytte spionsamarbejde: Forsøgte at bremse kulegravning af Forsvarets Efterretningstjeneste</a> (Jan. 21, 2022)<br>
- Politiken: <a href="https://politiken.dk/indland/art8575303/Claus-Hjort-afsl%C3%B8rede-meget-d%C3%A5rligt-bevarede-statshemmeligheder" target="_blank">Eksperter: Claus Hjort afslørede meget dårligt bevarede statshemmeligheder</a> (Jan. 19, 2022)<br>
- De Volkskrant: <a href="https://www.volkskrant.nl/columns-opinie/staat-de-veiligheid-en-geloofwaardigheid-van-denemarken-op-het-spel-nu-de-inlichtingenchef-in-de-cel-zit~b23ddedc/" target="_blank">Staat de veiligheid en geloofwaardigheid van Denemarken op het spel nu de inlichtingenchef in de cel zit?</a> (Jan. 18, 2021)<br>
- BBC: <a href="https://www.bbc.com/news/world-europe-59992534" target="_blank">Danish spy scandal: Ex-minister accused of state secrets leak</a> (Jan. 15, 2022)<br>
- Intel News: <a href="https://intelnews.org/2022/01/12/01-3136/" target="_blank">Ex-director of Danish spy agency charged with treason in ‘unprecedented’ case</a> (Jan. 12, 2022)<br>
- DR: <a href="https://www.dr.dk/nyheder/indland/hemmelig-pet-taskforce-aflyttede-spionchef-lars-findsen-i-maanedsvis-afsloere-laek" target="_blank">Hemmelig PET-taskforce aflyttede spionchef Lars Findsen i månedsvis for at afsløre læk til medierne</a> (Jan. 10, 2022)<br>
- DW: <a href="https://www.dw.com/en/danish-spy-chief-detained-over-highly-sensitive-leak/a-60379168" target="_blank">Danish spy chief detained over 'highly sensitive' leak</a> (Jan. 10, 2022)<br>
- Politiken: <a href="https://politiken.dk/indland/art8526650/Kommission-afviser-alle-anklager-mod-spiontjeneste-og-hjemsendte-chefer" target="_blank">Kommission afviser alle anklager mod spiontjeneste og hjemsendte chefer</a> (Dec. 13, 2021)<br>
- DR: <a href="https://www.dr.dk/nyheder/indland/forsvarets-efterretningstjeneste-lod-usa-spionere-mod-angela-merkel-franske-norske" target="_blank">Forsvarets Efterretningstjeneste lod USA spionere mod Angela Merkel, franske, norske og svenske toppolitikere gennem danske internetkabler</a> (May 31, 2021 - including timeline)<br>
</font>
<br>P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com0tag:blogger.com,1999:blog-4559002410879446409.post-45752441550164556322021-12-21T11:52:00.027+01:002023-01-29T07:13:40.664+01:00From the Hotline to the first video call between presidents Biden and Putin<div align="right"><font size="2" color="gray">(Updated: March 19, 2022)</font></div>
<br>
Among the most special telecommunication links are those between the presidents of the United States and Russia. The first and most famous one is the Hotline from 1963, but contrary to popular belief it never had red telephone sets, because it started as a teletype link that evolved into a secure e-mail system.<br>
<br>
Only in 1990, a separate secure telephone line was established between the Kremlin and the White House, which was integrated into a digital computer network in 2008. This also enables video calls, a capability that was first used by US president Biden and Russian president Putin only two weeks ago, on December 7, 2021.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjIGLiQuk3dvzZmPlptVznUuyvwVtOaDuWWAfPyzXdrY7DqA06mnP19gru1A_CSGeWzxpPVqiEyd3GHKY-1KI3JYyJPl0kEuVSWyzvcX6TroIWfdjS5JKB9fXf_3sAr4C6vzZN189k4bZ5w8i0rcCBox-Iq148bkc42GQcjKZaXa-QUH28bB5aBw0HJ=s800" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/a/AVvXsEjIGLiQuk3dvzZmPlptVznUuyvwVtOaDuWWAfPyzXdrY7DqA06mnP19gru1A_CSGeWzxpPVqiEyd3GHKY-1KI3JYyJPl0kEuVSWyzvcX6TroIWfdjS5JKB9fXf_3sAr4C6vzZN189k4bZ5w8i0rcCBox-Iq148bkc42GQcjKZaXa-QUH28bB5aBw0HJ=s800"/></a></div>
<div align="center">
<font size="2">
US president Biden talking to Russian president Putin from<br>
the White House Situation Room, December 7, 2021.<br>
<font color="gray">(photo: White House - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<font size="+2"><b>The Biden-Putin video call</b></font><br>
<br>
The Russian news agency TASS <a href="https://tass.com/politics/1372099" target="_blank">reported</a> that "the video conference was organized via a secure video conference line, designed for communication between world leaders, and used for the first time today" - a memorable moment, but hardly any other news outlet mentioned it.<br>
<br>
Maybe that's because the American and the Russian president had already participated in several multilateral video conferences, like for example the <a href="https://en.wikipedia.org/wiki/2020_G20_Riyadh_summit" target="_blank">G20 summit in Riyadh</a> in November 2020, and therefore this first bilateral video call seemed not that special anymore.<br>
<br>
US president Joe Biden attended the virtual meeting from the large conference room in the White House Situation Room, which is in the basement of the West Wing of the White House. Also <a href="https://abcnews.go.com/Politics/biden-confront-putin-ukraine-high-stakes-meeting/story?id=81591057" target="_blank">present</a> were national security adviser Jake Sullivan, secretary of State Antony Blinken and Eric Green, a senior advisor on Russia.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEii_OUyimtCRi-PwYNUP0z86NmLlslRsLAQOj7gjxR9CyH8xjGDYFYtKuiVH9vTYruwGDd3uG7yBeIouXZeV7dwSrNmLPUvKKSkRTOEZXrFBkedzk_vPWBfwD7ziWYwCwVGRYVEv5P9H8clFo7h9qZZvCAf0kXOQhqcpun7WouQtRnoMoMKd2HZa0Bj=s900" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="597" data-original-width="900" src="https://blogger.googleusercontent.com/img/a/AVvXsEii_OUyimtCRi-PwYNUP0z86NmLlslRsLAQOj7gjxR9CyH8xjGDYFYtKuiVH9vTYruwGDd3uG7yBeIouXZeV7dwSrNmLPUvKKSkRTOEZXrFBkedzk_vPWBfwD7ziWYwCwVGRYVEv5P9H8clFo7h9qZZvCAf0kXOQhqcpun7WouQtRnoMoMKd2HZa0Bj=s900"/></a></div>
<div align="center">
<font size="2">
Russian president Putin talking to US president Biden at<br>
his Bocharov Ruchei residence, December 7, 2021.<br>
<font color="gray">(photo: Kremlin via EPA - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
Russian president Vladimir Putin conducted the video call from a conference room in <a href="https://en.wikipedia.org/wiki/Bocharov_Ruchey" target="_blank">Bocharov Ruchei</a>, which is the summer residence of the Russian president in the Black Sea resort of Sochi. In the photos and video released by the Kremlin no aides or other officials were visible.<br>
<br>
An interesting little detail is that the security camera in the corner of the room seems to be covered in black plastic, likely to prevent the ordinary security personnel from watching and/or listening to the video call with president Biden:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiKj3JblPSvpFfV5BaClx5Zv2eNMit8Rc3DJkES0065mjWnS3qnPLnByhOz3ZuzdFMt7w-ZTJK5gUJHt7sJYe-bjGw8ABDqk5dGyi110dvHXu_YejR6YcALN-6pZj2qVMVqg0HRnYIADH84MIoMjXdYPB9-q7nidPFxpvmnChAhPV-xKqhdlnrrXXJn=s400" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="350" data-original-height="303" data-original-width="400" src="https://blogger.googleusercontent.com/img/a/AVvXsEiKj3JblPSvpFfV5BaClx5Zv2eNMit8Rc3DJkES0065mjWnS3qnPLnByhOz3ZuzdFMt7w-ZTJK5gUJHt7sJYe-bjGw8ABDqk5dGyi110dvHXu_YejR6YcALN-6pZj2qVMVqg0HRnYIADH84MIoMjXdYPB9-q7nidPFxpvmnChAhPV-xKqhdlnrrXXJn=s600"/></a></div>
<br>
<br>
Another detail is that president Putin seems to have a white button in front of him, probably similar to the <a href="https://www.electrospaces.net/2021/01/the-phones-in-president-bidens-oval.html#button">call button in the White House</a> which the American president can use to summon assistance. Under Trump this became known as the "Diet Coke Button".<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgEITb6wFPfZBC8aceAYm_z5eTRBDEVty3A4KZXI9R43Nr85nNyJJjgKCOr4x52ulurvRJg0Pk90uRUgDKQasHivC_A-ceHiUhnL8AUvr3ltBONgbbA6Ch77CrKZ-CWNidKtFBZmebQVURblWUfjEzuWJMdapF33lF2NeYOORXnF8hZKBVcM6VZw5U5=s400" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="400" data-original-height="278" data-original-width="400" src="https://blogger.googleusercontent.com/img/a/AVvXsEgEITb6wFPfZBC8aceAYm_z5eTRBDEVty3A4KZXI9R43Nr85nNyJJjgKCOr4x52ulurvRJg0Pk90uRUgDKQasHivC_A-ceHiUhnL8AUvr3ltBONgbbA6Ch77CrKZ-CWNidKtFBZmebQVURblWUfjEzuWJMdapF33lF2NeYOORXnF8hZKBVcM6VZw5U5=s600"/></a></div>
<div align="center">
<font size="2">
Close-up of the white button in front of president Putin,<br>
next to an ivory <a href="http://telta-perm.ru/production/apparat-telefonnyj-prestizh-tsb/" target="_blank">Prestige-CB</a> phone made by Telta<br>
<font color="gray">(photo: Mikhail Metzel, Sputnik, Kremlin Pool Photo via AP)</font><br>
</font>
</div>
<br>
<br>
<br>
<b>Start and duration of the video call</b><br>
<br>
A brief snippet broadcast by Russia state television shows that the two leaders <a href="https://www.sandiegouniontribune.com/news/nation-world/story/2021-12-06/biden-to-warn-putin-of-economic-pain-if-he-invades-ukraine" target="_blank">offered</a> friendly greetings to each other: "I welcome you, Mr. President," Putin said, but US president Biden seemed to <a href="https://www.independent.co.uk/tv/news/biden-waves-to-putin-after-forgetting-to-turn-on-mic-during-high-stakes-video-call-vfa2d27a5" target="_blank">fumble</a> with his microphone, awkwardly waving to his Russian counterpart during the silence.<br>
<br>
After a few seconds, Biden <a href="https://www.independent.co.uk/tv/news/biden-waves-to-putin-after-forgetting-to-turn-on-mic-during-high-stakes-video-call-vfa2d27a5" target="_blank">leaned</a> forward and pressed a button on the control panel of the video teleconference (VTC) system. This apparently turned his microphone on: "There you go" he said, suddenly audible, chuckling and waving to Putin.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEimdeK3dwD8FXwMXG9kfLCsn5doJ28nie2NvgHvnx02EF8yMusfHOk76mNG2OPX-EJeUWuP4EWcr1Mg0QjXWVuCXhshqvQj_dpEGCx2rp07ajxVKNZpLE1n3slhmonpwJnEeYsTvgtHTsxmX8lp-RKD0CdWRR28PCpd1OgVQghNZpWoAfb426Vnn-7b=s800" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="452" data-original-width="800" src="https://blogger.googleusercontent.com/img/a/AVvXsEimdeK3dwD8FXwMXG9kfLCsn5doJ28nie2NvgHvnx02EF8yMusfHOk76mNG2OPX-EJeUWuP4EWcr1Mg0QjXWVuCXhshqvQj_dpEGCx2rp07ajxVKNZpLE1n3slhmonpwJnEeYsTvgtHTsxmX8lp-RKD0CdWRR28PCpd1OgVQghNZpWoAfb426Vnn-7b=s800"/></a></div>
<div align="center">
<font size="2">
The AMX control panel of the videoconferencing<br> system in the White House Situation Room<br>
</font>
</div>
<br>
<br>
After president Biden expressed his hope for an in-person meeting with the Russian leader in the future, further talks proceeded in private. Biden and Putin spoke to each other for just over two hours, according to the White House from 10:07 a.m. to 12:08 p.m. Eastern Time, or 18:08 to 20:10 Moscow Time.<br>
<br>
Putin's foreign affairs adviser Yuri Ushakov <a href="https://www.sandiegouniontribune.com/news/nation-world/story/2021-12-06/biden-to-warn-putin-of-economic-pain-if-he-invades-ukraine" target="_blank">described</a> the presidents' video conference as "candid and businesslike," adding that they also exchanged occasional jokes. Biden's national security adviser said the meeting was "useful", the discussion "direct and straightforward" and "There was no finger wagging."<br>
<br>
After the video call with Putin, president Biden <a href="https://www.governo.it/en/articolo/ukraine-pm-draghi-s-call-president-biden-president-macron-chancellor-merkel-and-prime" target="_blank">had</a> a telephone (conference?) call with France's president Emmanuel Macron, German chancellor Angela Merkel, the British prime minister Boris Johnson and Italian prime minister Mario Draghi to brief them about the conversation with the Russian president.<br>
<br>
<blockquote>
<b> Updates:</b><br>
<br>
On December 30, 2021, US president Biden and Russian president Putin had their <a href="https://www.theguardian.com/us-news/2021/dec/30/biden-putin-call-russia-us-ukraine-tensions" target="_blank">second conversation</a> within a month. This time it was a 50-minute telephone call, which was requested by Putin and was about the ongoing crisis around Ukraine.<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjKVpKD11uwlWm61d2_kq5W7nigHncT2PqbFSZ_WqJBXGW1VShC5aSZ57JVNQuk7vNjaXz4Ci_3eWDTTJ2_I5JoWzgOcUazNJhVHsRQDwdmqKm1TJEv7S006yd-oJb4jvw1YzY4-GvA5zB1HG9O6Tkkjp6JKv3zalRFqfTbLCbw5ppu2LJrecPmVTIE=s1240" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="744" data-original-width="1240" src="https://blogger.googleusercontent.com/img/a/AVvXsEjKVpKD11uwlWm61d2_kq5W7nigHncT2PqbFSZ_WqJBXGW1VShC5aSZ57JVNQuk7vNjaXz4Ci_3eWDTTJ2_I5JoWzgOcUazNJhVHsRQDwdmqKm1TJEv7S006yd-oJb4jvw1YzY4-GvA5zB1HG9O6Tkkjp6JKv3zalRFqfTbLCbw5ppu2LJrecPmVTIE=s600"/></a></div>
<div align="center">
<font size="2">
President Biden speaks on the phone to president Putin<br>
from his home near Wilmington, Delaware on December 30, 2021<br>
<font color="gray">(photo: AFP/Getty Images - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
On February 12, 2022, Biden and Putin had a phone call of just over an hour again about a possible Russian invasion of Ukraine. This time, the American president conducted the call from the conference room in <a href="https://en.wikipedia.org/wiki/Camp_David" target="_blank">Camp David</a>, the presidential country retreat near Thurmont in Maryland:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhVatMFlXottrRRUFcQMWAxu9XBdCqh2BJABlmz2xbXv-eqdAlf7f-G2S-RgcKM66pw9zW7exSV6IT_ukCR5vpP3ZjveEe93EhfEDqgFM9NRNFbRD6ZIy_bpuZMwbzS0opsOb3wCwq4fwn_5uW0kamloxjqfAM_IdkEhANyiF2Ti2EmxkPKP4Fnv4o9=s900" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="599" data-original-width="900" src="https://blogger.googleusercontent.com/img/a/AVvXsEhVatMFlXottrRRUFcQMWAxu9XBdCqh2BJABlmz2xbXv-eqdAlf7f-G2S-RgcKM66pw9zW7exSV6IT_ukCR5vpP3ZjveEe93EhfEDqgFM9NRNFbRD6ZIy_bpuZMwbzS0opsOb3wCwq4fwn_5uW0kamloxjqfAM_IdkEhANyiF2Ti2EmxkPKP4Fnv4o9=s900"/></a></div>
<div align="center">
<font size="2">
President Biden having a call with president Putin, February 12, 2022<br>
<font color="gray">(photo: White House/Reuters - click to enlarge)</font><br>
</font>
</div>
</blockquote>
<br>
<br>
<a name="hotline"></a>
<a name="dcl"></a>
<br>
<font size="+2"><b>US-Russian communication links</b></font><br>
<br>
It should be noted that neither the video call, nor the telephone conversations between the presidents of Russia and the United States are conducted through the famous Hotline between Washington and Moscow. This Hotline, which is officially called the Direct Communications Link (DCL), was established to prevent nuclear war and is formally based upon a <a href="https://2009-2017.state.gov/t/isn/4785.htm" target="_blank">memorandum</a> between the United States and the Soviet Union from June 20, 1963.<br>
<br>
In popular culture the Washington-Moscow Hotline is often called the Red Phone, and therefore many people think it has red telephone sets, but this is false: the Hotline was never a phone line. It was set up as a teletype connection, which in 1988 was upgraded to inlcude facsimile (fax) units. Since 2008 the Hotline is a highly secure computer link over which messages are exchanged by e-mail.<br>
<br>
<div align="right">
> Read more: <a href="https://www.electrospaces.net/2012/10/the-washington-moscow-hot-line.html">The Washington-Moscow Hotline</a><br>
</div>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJJX-1uo6TKCMotc0GEAaBgQFlKmQoYvHue0gPwGTWqK4Vy9zMEqPgWrkOpU8Z79WSYkmZVC_QmuFZG73cGlkJ85z5A_KqL6uOjIkaHwWSLTiJh4qTUGddY6X98yvMQ6FXmIZ2xdj2l3A/s1600/hotline-pentagon2013.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJJX-1uo6TKCMotc0GEAaBgQFlKmQoYvHue0gPwGTWqK4Vy9zMEqPgWrkOpU8Z79WSYkmZVC_QmuFZG73cGlkJ85z5A_KqL6uOjIkaHwWSLTiJh4qTUGddY6X98yvMQ6FXmIZ2xdj2l3A/s1600/hotline-pentagon2013.jpg" title="The Washington-Moscow Hotline terminal room at the Pentagon, 2013" width="500"></a><br>
<font size="2">
The Washington-Moscow Hotline terminal room at the Pentagon in 2013<br>
<font color="gray">(photo: www.army.mil - click to enlarge)</font><br>
</font></div>
<br>
<br>
The American president did use a red telephone though, although not for foreign, but for domestic communications. Quick and easy contact between the president and military commanders is of course just as important as contact with the Kremlin, and this was achieved through a secure military telephone network, called the <a href="http://en.wikipedia.org/wiki/Defense_Red_Switch_Network" target="_blank">Defense Red Switch Network</a> (DRSN).<br>
<br>
<div align="right">
> Read more: <a href="https://www.electrospaces.net/2013/08/the-red-phone-that-was-not-on-hotline.html">The red phone that was NOT on the Hotline</a><br>
</div>
<a name="dvl"></a>
<br>
<br>
<font size="+1"><b>The Direct Voice Link (1990)</b></font><br>
<br>
While president Reagan used to write <a href="https://nsarchive.gwu.edu/document/22549-document-02-reagan-letter-gorbachev-march-11" target="_blank">letters</a> to his Soviet counterparts, his successor George H.W. Bush had his first phone call with general secretary Mikhail Gorbachev already on January 23, 1989, three days after his inauguration. This established the <a href="https://unredacted.com/2018/12/19/new-digital-national-security-archive-document-collection-spotlights-soviet-u-s-relations-at-cold-wars-end/" target="_blank">practice</a> of direct calls to the Soviet leadership, which were to prove very productive.<a href="https://books.google.nl/books?id=kP7BDgAAQBAJ&pg=PA492&lpg=PA492&dq=george+bush+gorbachev+%22first+phone%22+call&source=bl&ots=yMg2KDvZqk&sig=ACfU3U30_yuw_667PV2cRLBvBQTrcRb4TA&hl=nl&sa=X&ved=2ahUKEwi54dTv5-70AhUSuKQKHSLfBvAQ6AF6BAgLEAM#v=onepage&q&f=false" target="_blank" title="Svetlana Savranskaya and Thomas Blanton: The Last Superpower Summits, 2017, p. 492">*</a><br>
<br>
Therefore, the United States and the Soviet Union signed an agreement on June 2, 1990 to set up a "Direct, Secure Telephone Link between Washington and Moscow". This agreement was updated by the memorandum of understanding between the United States and the Russian Federation from October 15, 1999.<br>
<br>
The official name of this telepone line is Direct Voice Link (DVL) and it connects the White House with the office of the Russian president, initially via the same satellite link as the Hotline. But while the Hotline is designated for top level crisis communications, the Direct Voice Link can be used for routine matters and the calls are usually scheduled in advance, so interpreters can be present.<a nohref title="Paul E. Richardson, The hot line is a Hollywood myth, in: Russian Life, September issue 2009"><font color="#f1c232">*</font></a><br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhyDIW9mc0eis--wpvPIjjDRUGdBqFo_muDq-fxkGg0AUQ2VOXxv9qfJJMxPgKXv40oolrec19tih6DR9_Pn44Px8sqini-vCwuegPCBYuym1_boa2Wbvn1Kz1d8qj4diMhD9OVSpfotiCNKcjQLW4DLW4SkMhgxAuc_WhCuUiVtU_E57p8Sw17nomz=s980" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="552" data-original-width="980" src="https://blogger.googleusercontent.com/img/a/AVvXsEhyDIW9mc0eis--wpvPIjjDRUGdBqFo_muDq-fxkGg0AUQ2VOXxv9qfJJMxPgKXv40oolrec19tih6DR9_Pn44Px8sqini-vCwuegPCBYuym1_boa2Wbvn1Kz1d8qj4diMhD9OVSpfotiCNKcjQLW4DLW4SkMhgxAuc_WhCuUiVtU_E57p8Sw17nomz=s980"/></a></div>
<div align="center">
<font size="2">
President Obama using his telephone for secure calls in the Oval<br>
Office to talk to Russian president Putin, March 1, 2014.<br>
<font color="gray">(White House photo by Pete Souza - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<b>A Russian integration proposal</b><br>
<br>
From the declassified <a href="https://irp.fas.org/offdocs/prd/prd-51.pdf" target="_blank">Presidential Review Directive/NSC 51</a> by president Clinton's national security advisor Anthony Lake from February 28, 1995, we learn that:
<br>
<blockquote>
"The Russian government has recently tabled a proposal to upgrade existing government-to-government communications links between Washington and Moscow by installing a secure digital network with voice, data and teleconferencing capabilities. Significantly, the Russian proposal would integrate the existing Direct Communications Link, the secure Direct Voice Link, and the Nuclear Risk Reduction Center communications network in a manner that would permit intergovernmental communications between the U.S. and Russian presidents as well as other government officials; it would also provide the capability to convene conference communications involving Washington, Moscow and "third parties," e.g., other capitals of the Newly Independent States."<br>
</blockquote>
<br>
In reaction to this proposal, the senior director for Defense Policy of the US <a href="https://en.wikipedia.org/wiki/United_States_National_Security_Council" target="_blank">National Security Council</a> set up an interagency working group, to "reexamine the purpose, function and overall architecture of direct communications networks between Washington and Moscow."<br>
<br>
I haven't found the conclusions of this working group, but given the fact that the different communication systems continued to exist, indicates that at the time the US did not agree to the Russian proposal.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2016/12/the-cybersecurity-link-used-by-obama.html">Obama used a cybersecurity link for the first time to warn Russia</a><br>
</div>
<a name="scs2008"></a>
<br>
<br>
<b>The Direct Secure Communications System (2008)</b><br>
<br>
Eventually, the Russians partly got what they wanted, because on October 30, 2008, an <a href="https://2009-2017.state.gov/documents/organization/120562.pdf" target="_blank">agreement</a> was signed on the establishment of a "direct secure communications system between the United States of America and the Russian Federation".<br>
<br>
This agreement supersedes and terminates the earlier agreements and memoranda of understanding about both the Hotline (from 1963, 1971, 1984 and 1988) and the Direct Voice Link (from 1990 and 1999).<br>
<br>
The new system consists of "networked equipment and communications circuits and [is] intended for secure emergency and non-emergency communications
between the highest leadership of the two countries." To make the system suitably reliable, the "communications circuits shall follow geographically diverse paths" and both countries agreed to equally share the cost of leasing communication circuits that run outside their territory.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEj2YgxGJvhbmIp7c30TSvrZovDn_VUDnKf2UsCIA30OUJX6pQyLnuXj6zlgIn8T2reTegRSE3ZV8rsAnU0_IeENJldA64B65FOzXhsr6XHuloklhcY9bZfgRLd8CPvEoJ07yPzg8MONcID9QnyzoYSOFWSt-WBud8fqtDWofkunsOplXC5FrKNn0h9f=s833" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="565" data-original-width="833" src="https://blogger.googleusercontent.com/img/a/AVvXsEj2YgxGJvhbmIp7c30TSvrZovDn_VUDnKf2UsCIA30OUJX6pQyLnuXj6zlgIn8T2reTegRSE3ZV8rsAnU0_IeENJldA64B65FOzXhsr6XHuloklhcY9bZfgRLd8CPvEoJ07yPzg8MONcID9QnyzoYSOFWSt-WBud8fqtDWofkunsOplXC5FrKNn0h9f=s833"/></a></div>
<br>
<br>
According to the agreement it was up to the <a href="https://en.wikipedia.org/wiki/Defense_Information_Systems_Agency" target="_blank">Defense Information Systems Agency</a> (DISA) on the American side and the <a href="https://en.wikipedia.org/wiki/Federal_Protective_Service_%28Russia%29" target="_blank">Federal Protective Service</a> (FSO) on the Russian side to "determine the configuration and technical parameters of the communications circuits, as well as the specific types of encryption devices and equipment to be used."<br>
<br>
It was also agreed that "the secure communications system shall be reequipped and updated every five years" while it may also be used to transfer classified information, but only up to the level Secret, as the agreement only mentions the classification markings Secret (Russian: Совершенно секретно) and Confidential (Секретно).<br>
<br>
<br>
Since the new system became operational, probably in the course of 2009, there's one secure network between Washington and Moscow which is used for the e-mail capability of the old Hotline as well as for the direct telephone line between both presidents. <br>
<br>
Since 2013 the network is also <a href="https://obamawhitehouse.archives.gov/the-press-office/2013/06/17/fact-sheet-us-russian-cooperation-information-and-communications-technol" target="_blank">used</a> for "a direct secure voice communications line between the U.S. Cybersecurity Coordinator and the Russian Deputy Secretary of the Security Council, should there be a need to directly manage a crisis situation arising from an ICT security incident." <br>
<br>
And likewise the video call between Biden and Putin must also have been conducted through the Direct Secure Communications System, although it's not clear why it took so long before this capability was first used.<br>
<a name="hosnetwork"></a>
<br>
<br>
<font size="+1"><b>The Head-of-State Network</b></font><br>
<br>
The new secure communications network between Washington and Moscow has probably been integrated in the Head-of-State (HoS) network which the president of the United States uses to communicate with foreign leaders.<br>
<br>
According to the <a href="https://www.dacis.com/budget/budget_pdf/FY11/PROC/D/DISA_16_21.pdf" target="_blank">2009 budget</a> of the White House Communications Agency (WHCA), which is part of DISA, this Head-of-State network was <a href="https://www.govexec.com/defense/2008/02/defense-agency-submits-blast-proof-budget-request-for-white-house-communications/26292/" target="_blank">upgraded</a> to an IP network and expanded with "new suites and additional network capacity", a project that was finally <a href="https://comptroller.defense.gov/Portals/45/Documents/defbudget/fy2015/budget_justification/pdfs/02_Procurement/PROCUREMENT_MasterJustificationBook_Defense_Information_Systems_Agency_PB_2015_1.pdf" target="_blank">completed</a> in the fiscal year 2013.<br>
<br>
There's very little information about the Head-of-State network, but we can assume that it includes at least the countries that previously had a bilateral top-level hotline with the White House: Russia, the United Kingdom, Germany, India and probably China. Other allied countries are likely also included.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2012/11/bilateral-hotlines-worldwide.html">Bilateral hotlines worldwide</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzv_fP8EhvbGvStoL50xIZ_0KD4mxxt0h3bzjgP4L_vGhbXVl6RjUeq6ILLFbONABw_FQQnYkIkfS06MSbxmgubreY68mw5MMNpwOym173pVvotJbvpF94Mc1Pk9WGsKG47dTkbzdQ9sg/s1600/whitehouse-headofstateroom.jpg" width="500"><br>
<font size="2">
A small room within the White House Situation Room where the president<br>
"can make a head-of-state phonecall from the Situation Room itself"<br>
<font color="gray">(screenshot from a White House video)</font><br>
</font><br>
</div>
<a name="phonecalls"></a>
<br>
<br>
<b>Head-of-State phone calls</b><br>
<br>
Presidential phone calls to other heads of state are usually prepared by the senior duty officer (SDO) of the White House Situation Room who negotiates date and time with the designated contact in the foreign capital and arranges an interpreter from the <a href="https://www.state.gov/bureaus-offices/under-secretary-for-management/bureau-of-administration/office-of-language-services/" target="_blank">Language Service</a> of the State Department.<a nohref title="Michael K. Bohn, Nerve Center. Inside the White House Situation Room, p. 78-79">*</a> Subject-matter experts from the National Security Council (NSC) may also listen in to the call.<br>
<br>
These phone calls are not recorded, but duty officers in the Situation Room take verbatim notes which are put together in a <a href="https://en.wikipedia.org/wiki/Memorandum_of_conversation" target="_blank">Memorandum of Conversation</a> (MemCon). An example is <a href="https://nsarchive.gwu.edu/document/27273-document-10-memorandum-telephone-conversation-gorbachev-bush-december-25-1991-last" target="_blank">this one</a> of the famous last phone call between presidents George H.W. Bush and Mikhail Gorbachev on December 25, 1991. Nowadays these MemCons are stored on <a href="https://www.nytimes.com/2019/10/01/us/politics/white-house-classified-computer-system.html" target="_blank">TNet</a>, the internal computer network for the NSC staff.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2012/01/inside-white-house-situation-room-sit.html">Inside the White House Situation Room</a><br>
</div>
<br>
When the Situation Room has no dedicated link to a particular foreign leader, then the call would be set up through the so-called Signal switchboard, which is staffed by military personnel from the <a href="https://en.wikipedia.org/wiki/White_House_Communications_Agency" target="_blank">White House Communications Agency</a>.<a nohref title="Michael K. Bohn, Nerve Center. Inside the White House Situation Room, p. 72">*</a><br>
<br>
The Signal switchboard is also used for all other secure phone calls and thus we see that the <a href="https://www.electrospaces.net/2021/03/the-telephone-contacts-of-president.html">IST2-telephone used by presidents George W. Bush and Barack Obama</a> had separate buttons not only for the Situation Room, but also for the Head-of-State conference calls, the Signal switchboard and its operator for secure calls:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEih4trbdFvOLMECCEati3JnpIFtEwLUIzBYnH_H6_gEQn4J_ukCrBs_q9oRDuVUVApKdm_8ffOmmoCbi55fhHY90Yf8_sEDYMwY9XXAy763O8IIdoiV2fuE-msMbdF1kfsAMcwviLM2XHHgdJLaQmlr3Z7dDbs7J6nz5p7B47upMqKtQw4-aE7XYaiI=s400" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="350" data-original-height="235" data-original-width="400" src="https://blogger.googleusercontent.com/img/a/AVvXsEih4trbdFvOLMECCEati3JnpIFtEwLUIzBYnH_H6_gEQn4J_ukCrBs_q9oRDuVUVApKdm_8ffOmmoCbi55fhHY90Yf8_sEDYMwY9XXAy763O8IIdoiV2fuE-msMbdF1kfsAMcwviLM2XHHgdJLaQmlr3Z7dDbs7J6nz5p7B47upMqKtQw4-aE7XYaiI=s400"/></a></div>
<br>
<a name="encryption"></a>
<br>
<br>
<font size="+2"><b>Securing the networks</b></font><br>
<br>
For obvious reasons there's no information about how the Head-of-State network and the Secure Communications System between the US and Russia are secured. For its own classified IP networks, the US military uses advanced network encryptors, like the <a href="https://gdmissionsystems.com/encryption/taclane-network-encryption" target="_blank">TACLANE series</a> made by General Dynamics. These devices are certified by the NSA as <a href="https://en.wikipedia.org/wiki/NSA_product_types" target="_blank">Type 1 product</a> that use classified <a href="https://en.wikipedia.org/wiki/NSA_Suite_A_Cryptography" target="_blank">Suite A algorithms</a> to encrypt communications data up to the highest classification level (Top Secret/SCI).<br>
<br>
For such an encryption system, however, both parties have to use the same equipment, or at least the same algorithms and that's a problem when it comes to bilateral communications: one country will of course <a href="https://money.cnn.com/2014/05/22/technology/security/nsa-obama-blackberry/index.html" target="_blank">never provide</a> it's best encryption systems to another country. One solution is to use less secret methods, like the <a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard" target="_blank">Advanced Encryption Standard</a> (AES), which is considered one of the best publicly available encryption algorithms.<br>
<br>
Responsible not only for <a href="https://money.cnn.com/2014/05/22/technology/security/nsa-obama-blackberry/index.html" target="_blank">securing</a> the Direct Voice Link (DVL), but also for Obama's BlackBerry, was <a href="https://www.rsaconference.com/experts/richard_george" target="_blank">Richard "Dickie" George</a>, who served as technical director of the NSA's Information Assurance Directorate (IAD) from 2003 until his retirement in 2011.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2013/04/how-obamas-blackberry-got-secured.html">How Obama's BlackBerry got secured</a><br>
</div>
<br>
<b>One-time pad</b><br>
<br>
When head-of-state communications should be as secure as possible, then they could use a <a href="https://en.wikipedia.org/wiki/One-time_pad" target="_blank">one-time pad</a> (OTP), which is unbreakable if implemented correctly. Instead of an algorithm, the OTP method uses a completely random key that is as long as the message that has to be encrypted.<br>
<br>
In this way both the original <a href="https://2009-2017.state.gov/t/isn/4786.htm" target="_blank">Hotline</a> and the communication links of the <a href="https://web.archive.org/web/20171003170359/http://dosfan.lib.uic.edu/acda/treaties/nrrc1.htm" target="_blank">Nuclear Risk Reduction Center</a> (NRRC) were secured: "The information security devices shall consist of microprocessors that will combine the digital message output with buffered random data read from standard 5 1/4 inch floppy disks" which each party provided to the other through its embassy.<br>
<br>
<br>
<b>Russian equipment?</b><br>
<br>
In August 2018, several Russian state media came with a somewhat confusing story <a href="https://sputniknews.com/20180823/us-hotline-russian-tech-1067406757.html" target="_blank">saying</a> that "a sophisticated scrambler developed by <a href="https://www.ao-avtomatika.ru/en/" target="_blank">Concern Avtomatika</a> was tested by US specialists and recommended for use in the direct telephone link connecting Washington with Moscow."<br>
<br>
Avtomatika and its predecessors have been manufacturing cryptographic equipment for secure top-level telecommunications already <a href="https://www.ao-avtomatika.ru/en/about/istoriya/" target="_blank">since 1930</a>. In 2014 Avtomatika became part of the state-owned defense conglomerate <a href="https://en.wikipedia.org/wiki/Rostec" target="_blank">Rostec</a>.<br>
<br>
<br>
<br>
<b>Links and sources</b><br>
<font size="2">
<br>
- ABC News: <a href="https://abcnews.go.com/Politics/biden-confront-putin-ukraine-high-stakes-meeting/story?id=81591057" target="_blank">Biden confronts Putin over Ukraine in high-stakes meeting</a> (Dec. 8, 2021)<br>
- TASS: <a href="https://tass.com/politics/1372099" target="_blank">Putin-Biden video conference over</a> (Dec. 7, 2021)<br>
- The New York Times: <a href="https://www.nytimes.com/live/2021/12/07/world/biden-putin#the-white-house-relies-on-a-secret-system-for-calls-with-world-leaders" target="_blank">The White House relies on a secret system for calls with world leaders.</a> (Dec. 7, 2021)<br>
- Bloomberg: <a href="https://www.bloomberg.com/news/articles/2021-10-01/outdated-white-house-situation-room-is-getting-a-needed-overhaul" target="_blank">Outdated White House Situation Room Getting Needed Overhaul</a> (Oct. 21, 2021)<br>
- Syracuse.com: <a href="https://www.syracuse.com/opinion/2019/09/i-listened-to-dozens-of-presidential-phone-calls-heres-why-its-done-commentary.html" target="_blank">I listened to dozens of presidential phone calls. Here’s why it’s done</a> (Sept. 25, 2019)<br>
- National Security Archive: <a href="https://nsarchive.gwu.edu/briefing-book/russia-programs/2017-01-23/last-superpower-summits" target="_blank">The Last Superpower Summits</a> (Jan. 23, 2017)<br>
- CNN Business: <a href="https://money.cnn.com/2014/05/22/technology/security/nsa-obama-blackberry/index.html" target="_blank">'I made Obama's BlackBerry'</a> (May 22, 2014)<br>
- Michael K. Bohn: <i>Nerve Center. Inside the White House Situation Room</i>, Brassey's Inc, 2003, p. 67-101.<br>
</font>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com0tag:blogger.com,1999:blog-4559002410879446409.post-91105515477251073612021-12-04T21:42:00.018+01:002022-10-22T06:27:20.498+02:00About Intellipedia and other intelligence wikis from the Snowden trove<br>
<br>
For years, the NSA and other US intelligence agencies have their own internal versions of the collaboration tools that most of us are using day-to-day. Documents from some of these tools have been published as part of the Snowden revelations, which allows a closer look.<br>
<br>
It turns out that besides the US Intelligence Community's <a href="#intellipedia"><b>Intellipedia</b></a>, which was already publicly known, the Snowden trove also contains entries from the NSA's <a href="#wikiinfo"><b>WikiInfo</b></a> and the British <a href="#gcwiki"><b>GCWiki</b></a>, systems that were hitherto unknown.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZXsD_FtgjEW2eJxgiECLbZ4PcDsDcM-nR6iE9CxFIHBfWMKfsWAQoVHIFm_mH9_to4p-rq_dnt3K-y-cr3rBA9Yj37JzgCHrcM1tKcg9VuXqfgT1eo5SAFROsbWzWQPm8lpceM4m2sbY/s800/intel+wikis+header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZXsD_FtgjEW2eJxgiECLbZ4PcDsDcM-nR6iE9CxFIHBfWMKfsWAQoVHIFm_mH9_to4p-rq_dnt3K-y-cr3rBA9Yj37JzgCHrcM1tKcg9VuXqfgT1eo5SAFROsbWzWQPm8lpceM4m2sbY/s800/intel+wikis+header.jpg"/></a></div>
<br>
<br>
<a name="intellipedia"></a>
<br>
<font size="+3">Intellipedia</font><br>
<br>
The oldest and best known internal collaboration tool used by the US Intelligence Community is <a href="https://en.wikipedia.org/wiki/Intellipedia" target="_blank">Intellipedia</a>, which is similar to the public Wikipedia and uses the same software called <a href="https://en.wikipedia.org/wiki/MediaWiki" target="_blank">MediaWiki</a>.<br>
<br>
Intellipedia <a href="https://web.archive.org/web/20090211135406/https://www.cia.gov/news-information/featured-story-archive/2008-featured-story-archive/intellipedia-marks-second-anniversary.html" target="_blank">started</a> as a pilot project at the CIA in 2005 and was formally announced in April 2006. Later it was brought under the Intelligence Community Enterprise Services (ICES) of the Office of the Director of National Intelligence (ODNI). <br>
<br>
A big difference with the public Wikipedia is that Intellipedia has three different versions, according to the main classification levels (with the number of users by the end of 2012):<br>
<blockquote>
- <b>Unclassified</b>, on the <a href="https://www.electrospaces.net/2015/03/us-military-and-intelligence-computer.html#dniu">DNI-U</a> network, with some 75.000 users<br>
<br>
- <b>Secret</b>, on the <a href="https://www.electrospaces.net/2015/03/us-military-and-intelligence-computer.html#siprnet">SIPRNet</a> network, with some 147.000 users, mostly from the Defense Department and the State Department<br>
<br>
- <b>Top Secret/SCI</b>, on the <a href="https://www.electrospaces.net/2015/03/us-military-and-intelligence-computer.html#jwics">JWICS</a> network, with some 188.000 users, mostly from the intelligence agencies<br>
</blockquote>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/03/us-military-and-intelligence-computer.html">US military and intelligence computer networks</a><br>
</div>
<br>
Each of these Intellipedia versions can be used by both civilian and military employees with appropriate clearances from the 17 agencies of the US Intelligence Community as well as from the US military and other federal government departments.<br>
<br>
In 2006, the NSA <a href="https://theintercept.com/snowden-sidtoday/5987446-intellipedia-it-s-for-analysts/" target="_blank">had</a> only about 20 registered Intellipedia users, the smallest number of any of the big intelligence agencies. At the time, the CIA had the most registered users: more than 200.<br>
<br>
An example of the address format of a TopSecret/SCI Intellipedia page is: http://intellipedia.intelink.ic.gov/wiki/Anna_Politkovskaya<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCwBGz7346Nr1NCpVHQM3XvnRIM_Khi7W1X6TTnilBshQLjWaKu_C80dSPFGBZlV8PuPUti80PhD7ZDiUb90-wQBzEVndzvrVaebe-b-PpI1KCmaB3Xdcj8-s98mljBreW_xx9oNgxtcg/s1600/Intellipedia2008.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCwBGz7346Nr1NCpVHQM3XvnRIM_Khi7W1X6TTnilBshQLjWaKu_C80dSPFGBZlV8PuPUti80PhD7ZDiUb90-wQBzEVndzvrVaebe-b-PpI1KCmaB3Xdcj8-s98mljBreW_xx9oNgxtcg/s1600/Intellipedia2008.png" title="Page of the Unclassified version of Intellipedia" width="500"></a><br>
<font size="2">
An article from the Unclassified version of Intellipedia<br>
This one from the CIA's AIN network<br>
<font color="gray">(Click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<b>Intellipedia entries from the Snowden revelations</b><br>
<br>
Probably a bit surprising is that among the numerous Snowden documents there are only five Intellipedia entries. A close look shows that they were published in two forms:<br>
<br>
1. Three of the Intellipedia entries are in pdf-format or a pdf-image (or a combination thereof) and in full color, in this case much yellow, which is the color code for information classified as Top Secret/Sensitive Compartmented Information (TS/SCI).<br>
<br>
These three entries are <a href="https://s3.documentcloud.org/documents/3247784/Anna-Politkovskaya-Intellipedia-Redacted.pdf" target="_blank">this one</a> about Anna Politkovskaya, <a href="https://s3.documentcloud.org/documents/5691424/Intellipedia-Air-Gapped-Network-Threats.pdf" target="_blank">this one</a> about Air-Gapped Network Threats and <a href="https://s3.documentcloud.org/documents/5691425/Intellipedia-BIOS-Threats.pdf" target="_blank">this one</a> about BIOS threats.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYv19VFmj4y0tzOxjNt2Qpd0vtIdJd-KDAhyu-F0eZk5V8z5TW8pCQUyL2a04OhMdJpYncaSGQN8q30I4PBhEoYUdYUxXf-P3PIPghjURTK_MUv-SR8KdZMnW4Hw1PsOrUvF9kIfJh9z8/s1443/intellipedia-politkovskaya.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="741" data-original-width="1443" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYv19VFmj4y0tzOxjNt2Qpd0vtIdJd-KDAhyu-F0eZk5V8z5TW8pCQUyL2a04OhMdJpYncaSGQN8q30I4PBhEoYUdYUxXf-P3PIPghjURTK_MUv-SR8KdZMnW4Hw1PsOrUvF9kIfJh9z8/s1443/intellipedia-politkovskaya.JPG"/></a></div>
<div align="center">
<font size="2">
Intellipedia entry about Anna Politkovskaya<br>
</font>
</div>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ4Houu5R5CbPYqHRPdISRBcrWb8x-VCDryrcj0puHUCCjIy4GKPdZC32hr9T5eLLH8sDz0hRbkWLSqcd3oA5IH6RsXhaZxJ9WQyv3ggfFu1GZNVqMFLFxutMmPTu8o0o1EMT0DWhCRZ0/s374/intellipedia-biosthreats-user.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="320" data-original-height="291" data-original-width="374" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ4Houu5R5CbPYqHRPdISRBcrWb8x-VCDryrcj0puHUCCjIy4GKPdZC32hr9T5eLLH8sDz0hRbkWLSqcd3oA5IH6RsXhaZxJ9WQyv3ggfFu1GZNVqMFLFxutMmPTu8o0o1EMT0DWhCRZ0/s374/intellipedia-biosthreats-user.JPG"/></a></div>
<div align="center">
<font size="2">
Snowden's username redacted on Intellipedia? (<a href="https://s3.documentcloud.org/documents/5691425/Intellipedia-BIOS-Threats.pdf" target="_blank">source</a>)<br>
</font>
</div>
<br>
<br>
2. Two Intellipedia entries from the Snowden cache don't have color, images and formatting and seem to be a scan or a photo of a printed document, like <a href="https://s3.amazonaws.com/s3.documentcloud.org/documents/2165140/manhunting-redacted.pdf" target="_blank">this entry</a> titled "Manhunting Timeline 2008", which was <a href="https://theintercept.com/2015/07/15/israeli-special-forces-assassinated-senior-syrian-official/" target="_blank">released</a> by The Intercept in July 2015.<br>
<br>
The <a href="https://drive.google.com/file/d/19wv1eHV1lyqm6CyshhhVQecVk2FMZ1Nc/view" target="_blank">other entry</a> was published last October by the American journalist Spencer Ackerman and is titled "Targeted Killing: Policy, Legal and Ethical Controversy". This document not only has a very similar form as the "Manhunting Timeline 2008" but is also about the same topic.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2021/11/edward-snowden-and-targeted-drone.html">Edward Snowden and the targeted drone killing campaign</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGdV_oRwekUL4mnoyX_ZyOsmmrxx2XnIc9SZMpdRUVt0-CCGQ3zgl-PnRuosvlXoDXWFyyY8BrayTww15WH1llIxYoEjIGg-lHLdYAtBYIDZLHtT9BK_9pXXJXfVVXZY5U459ijONhijE/s1089/intellipedia-manhunting+timeline.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="553" data-original-width="1089" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGdV_oRwekUL4mnoyX_ZyOsmmrxx2XnIc9SZMpdRUVt0-CCGQ3zgl-PnRuosvlXoDXWFyyY8BrayTww15WH1llIxYoEjIGg-lHLdYAtBYIDZLHtT9BK_9pXXJXfVVXZY5U459ijONhijE/s1089/intellipedia-manhunting+timeline.JPG"/></a></div>
<div align="center">
<font size="2">
Intellipedia entry titled Manhunting Timeline 2008<br>
</font>
</div>
<br>
<br>
<a name="intelink"></a>
<br>
<font size="+2">Intelink</font><br>
<br>
Intellipedia is part of the <a href="https://en.wikipedia.org/wiki/Intelink" target="_blank">Intelink</a> network, which was set up in 1994 and also has three versions: for Unclassified, Secret and Top Secret/SCI information. Besides Intellipedia, Intelink also provides a range of other collaboration tools for members of the US Intelligence Community (IC), like:<br>
<blockquote>
- Intelink Search<br>
- Inteldocs (shared files)<br>
- IntelShare (the IC's SharePoint)<br>
- Intelink Blogs <br>
- eChirp (IC version of Twitter)<br>
- Jabber (instant messaging)<br>
</blockquote>
<br>
A more official version of Intellipedia, called <a href="https://www.youtube.com/watch?v=9ft3BBBg99s" target="_blank">Living Intelligence</a>, was created for collaboratively writing official intelligence reports, but this <a href="https://www.wired.com/2017/03/intellipedia-wikipedia-spies-much/" target="_blank">failed</a> because each agency stuck to its own process for writing such reports or "products for their customers".<br>
<br>
More succesful is <a href="https://en.wikipedia.org/wiki/A-Space" target="_blank">A-Space</a> (or Analytic Space), which is also a common collaborative workspace for analysts of the US Intelligence Community, but unlike the Intelink tools, A-Space can also be used for information classified as GAMMA or HCS. A-Space went live on the JWICS network in 2008 and is managed by the DIA. In July 2013, A-Space was <a href="https://www.businessofgovernment.org/sites/default/files/New%20Tools%20for%20Collaboration.pdf" target="_blank" title="See pdf-page 23">widened</a> to i-Space (Integrated Space) so access is no longer restricted to analysts.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX69O0t9k9KSEOndEuLL0aLzUg-5ymFEz-d4WfEK-_8XOri84KWqu83qUBEYBo8FnxVVKiScrGCpJiDWv-5CWTMWxQpRA_8lb49li_3aMtdCu0IimA8DitTrBncZPHwFHow6EfZatn6E4/s778/intelink+tools+menu.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="523" data-original-width="778" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX69O0t9k9KSEOndEuLL0aLzUg-5ymFEz-d4WfEK-_8XOri84KWqu83qUBEYBo8FnxVVKiScrGCpJiDWv-5CWTMWxQpRA_8lb49li_3aMtdCu0IimA8DitTrBncZPHwFHow6EfZatn6E4/s778/intelink+tools+menu.JPG"/></a></div>
<div align="center">
<font size="2">
Intelink homepage with icons of the various collaboration tools (<a href="https://www.youtube.com/watch?v=9ft3BBBg99s" target="_blank">source</a>)<br>
</font>
</div>
<br>
<br>
Under the huge modernization project called <a href="https://www.c4isrnet.com/show-reporter/dodiis/2017/08/28/ic-ite-is-about-changing-the-way-the-intelligence-community-does-business/" target="_blank">Intelligence Community IT Enterprise</a> (IC ITE or "Eye Sight") the NSA will provide an Apps Mall with collaboration tools that can be used as part of the Desktop Environment (DTE) for all intelligence users.<br>
<br>
All the Intelink collaboration tools on the JWICS network are marked NOFORN, which means their content may not be shared with foreign nationals. Therefore, NSA employees apparently <a href="https://www.businessofgovernment.org/sites/default/files/New%20Tools%20for%20Collaboration.pdf" target="_blank" title="See pdf-page 27">prefer</a> their own tools on NSANet which do allow sharing with the other agencies of the <a href="https://www.electrospaces.net/2014/09/nsas-foreign-partnerships.html#2ndparty">Five Eyes</a> partnership.<br>
<br>
<br>
<a name="wikiinfo"></a>
<br>
<font size="+3">WikiInfo</font><br>
<br>
The name of one such NSA tool was already found in a very interesting <a href="https://www.businessofgovernment.org/sites/default/files/New%20Tools%20for%20Collaboration.pdf" target="_blank" title="See pdf-page 20">report</a> from 2016 about how the US Intelligence Community uses internal collaboration tools: WikiInfo. This very unimaginative name refers to the NSA's internal wiki, parts of which were published during the Snowden leaks.<br>
<br>
WikiInfo runs on <a href="https://www.electrospaces.net/2015/03/us-military-and-intelligence-computer.html#nsanet">NSANet</a>, the network that connects all the Five Eyes signals intelligence agencies, and has a maximum classification level of TOP SECRET//SI-GAMMA/TALENT KEYHOLE//ORCON/PROPIN/RELIDO/REL TO USA, FVEY.<br>
<br>
This really long marking says that information on NSANet may include highly sensitive communication intercepts (GAMMA) and intelligence from spy planes and satellites (TALENT KEYHOLE), including material that is closely controlled by the originator (ORCON) or contains proprietary information (PROPIN).<br>
<br>
For even more sensitive information that should not be shared with the Five Eyes partners there's a separate platform called WikiInfo-NF (No Foreign nationals).<br>
<br>
<br>
<b>WikiInfo entries from the Snowden revelations</b><br>
<br>
The Snowden trove provided only 12 WikiInfo entries, which is not much, but still twice the number of Intellipedia pages. Most of them just contain the text of the article, like <a href="https://www.eff.org/files/2015/02/03/20150117-spiegel-quantumshooter_implant_to_remote-control_computers_from_unknown_third_parties.pdf" target="_blank">this one</a> about QUANTUM shooters, but <a href="https://s3.documentcloud.org/documents/1019062/discovery-sigint-targeting-scenarios-and.pdf" target="_blank">this one</a> shows the full WikiInfo interface, apparently made with a <a href="https://www.cnet.com/tech/services-and-software/how-to-take-a-screenshot-of-a-whole-web-page-in-chrome/" target="_blank">full page screen capture</a> tool:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFVRF_gszHlqQN_N7Rc6OmPrPhDtuzGTjfbWzWNBXC4BymILiHMFRnhWa3F6ZShZnRnqhlhnI8oWSILVFmZkGb1ISO8q3RTvAMHP2AjJ0xQplZG-DwXXxACk6JQH2tIzDMwAxD7De3XoQ/s1325/wikiinfo-discovery+sigint.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="589" data-original-width="1618" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFVRF_gszHlqQN_N7Rc6OmPrPhDtuzGTjfbWzWNBXC4BymILiHMFRnhWa3F6ZShZnRnqhlhnI8oWSILVFmZkGb1ISO8q3RTvAMHP2AjJ0xQplZG-DwXXxACk6JQH2tIzDMwAxD7De3XoQ/s1325/wikiinfo-discovery+sigint.JPG"/></a></div>
<div align="center">
<font size="2">
The <a href="https://s3.documentcloud.org/documents/1019062/discovery-sigint-targeting-scenarios-and.pdf" target="_blank">WikiInfo interface</a> with an entry about SIGINT targeting scenarios<br>
Note that "Edward snowden" doesn't seem to match the redacted username<br>
</font>
</div>
<br>
<br>
WikiInfo is only one of the NSA's own series of internal collaboration tools. Others are Tapioca, JournalNSA, SpySpace, Giggleloop, RoundTable and Pidgin. Tapioca was <a href="https://www.businessofgovernment.org/sites/default/files/New%20Tools%20for%20Collaboration.pdf" target="_blank" title="See pdf-page 22">described</a> as the "impressive NSA system for social networking and collaboration" and combines multiple functionalities. In 2016, Tapioca also got a version on Intelink, making it available for other US intelligence users.<br>
<br>
<br>
<a name="gcwiki"></a>
<br>
<font size="+3">GCWiki</font><br>
<br>
Most wiki entries that have been published during the Snowden revelations, some 23, are actually not from an American system, but from the internal wiki that is used by the NSA's British counterpart <a href="https://en.wikipedia.org/wiki/GCHQ" target="_blank">GCHQ</a>. This platform is called GCWiki and has a maximum classification level of TOP SECRET STRAP1 COMINT.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2013/12/the-british-classification-marking-strap.html">The British classification marking STRAP</a><br>
</div>
<br>
An example of the address format for GCWiki pages is: https://wiki.gchq/index.php/TWO_FACE<br>
<br>
<br>
<b>GCWiki entries from the Snowden revelations</b><br>
<br>
Among the GCWiki entries published as part of the Snowden revelations there are no examples of how the GCWiki interface looks like. All entries are like <a href="https://s3.documentcloud.org/documents/4059449/PHANTOM-PARROT.pdf" target="_blank">this article</a> about the PHANTOM PARROT program, which was published by The Intercept in September 2017:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjY0ZVvULc5eX723gTHcKtiilRctEnhtRC_IoZBIOW0p7g9fp2B-Jyk4t0ZRrk6UWV2nuhHpcl8ULTqbVx0SB6unopvSrZDzYe3DRx_bOwkDacNi1QZIORSEUoefzzxvvUBZmej3H_zR38/s1087/gcwiki-phantomparrot.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="630" data-original-width="1087" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjY0ZVvULc5eX723gTHcKtiilRctEnhtRC_IoZBIOW0p7g9fp2B-Jyk4t0ZRrk6UWV2nuhHpcl8ULTqbVx0SB6unopvSrZDzYe3DRx_bOwkDacNi1QZIORSEUoefzzxvvUBZmej3H_zR38/s1087/gcwiki-phantomparrot.JPG"/></a></div>
<div align="center">
<font size="2">
GCWiki entry about the PHANTOM PARROT program<br>
</font>
</div>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTUL0AtgOCpf-4x75lb476cQJoGgjSN143tFIUqcmEhaVBEp2ZEGwCUfx8Kwt6lI2PtncpUcGfuVUyDGsjSJcFeH9RWXyVbaUWULeU3FLx5zHD2YuxsniqDgAbiGO-_TZOLDUT5i3j8Q4/s357/gcwiki-snowden.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="320" data-original-height="222" data-original-width="357" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTUL0AtgOCpf-4x75lb476cQJoGgjSN143tFIUqcmEhaVBEp2ZEGwCUfx8Kwt6lI2PtncpUcGfuVUyDGsjSJcFeH9RWXyVbaUWULeU3FLx5zHD2YuxsniqDgAbiGO-_TZOLDUT5i3j8Q4/s320/gcwiki-snowden.JPG"/></a></div>
<div align="center">
<font size="2">
Snowden's username on GCWiki (<a href="https://s3.documentcloud.org/documents/2083025/jtac-attack-methodology-team.pdf" target="_blank">source</a>)<br>
</font>
</div>
<br>
<br>
Besides GCHQ, the other Five Eyes signals intelligence agencies, the Canadien CSEC (now CSE), the Australian DSD (now ASD) and GCSB from New Zealand, also have their own internal wikis, but from these platforms no entries have been published.<br>
<br>
<br>
<a name="snowden"></a>
<br>
<font size="+2">What's in the Snowden cache?</font><br>
<br>
Regarding the content of these intelligence wikis, probably most of it is about people, places and events that are of interest for intelligence analysts. But as we can see from the pages that have been published since June 2013, these internal wikis are also used to share more technical information about collection programs and hacking tools.<br>
<br>
It's not clear whether Snowden picked out those topics or journalists did so, or in other words: whether or not Snowden also downloaded the complete content of Intellipedia, WikiInfo and GCWiki, like he did with the NSA's internal newsletter <a href="https://theintercept.com/snowden-sidtoday/" target="_blank">SIDtoday</a>. If so, that would have amassed a huge number of files, as in January 2014, the Top Secret/SCI version of Intellipedia alone contained some 113.000 pages.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2019/04/the-snowden-files-where-are-they-and.html">The Snowden files: where are they and where should they end up?</a><br>
</div>
<br>
<br>
A final thing to consider is how the Intelligence Community's internal collaboration tools relate to Snowden's exfiltration efforts. As we have seen here, the NSA and the US Intelligence Community both have a whole series of tools, ranging from instant messengers to file sharing systems and almost anything in between.<br>
<br>
In his 2016 book <i>Permanent Record</i>, Snowden writes about what he calls "readboards", a kind of digital bulletin boards where each NSA site posted news and updates (p. 220). This sounds a bit like the "shared bookmarking" function which is available on Intelink, according to this diagram:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjTvzM2GESb9BkoiSLDcd9rkwcl4AoKUlLK4CyeTqMHXxAX3jqxDzXyPRMVVWUkFQiLsVtLM-ZiJy7HpLpXnztZ35DP1UNyQDLZbu4SNL_-8FHKz7L_T3PRVDupk_AOBlhtn_B2-Q3TEc/s904/IC+collaboration+tools.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="759" data-original-width="904" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjTvzM2GESb9BkoiSLDcd9rkwcl4AoKUlLK4CyeTqMHXxAX3jqxDzXyPRMVVWUkFQiLsVtLM-ZiJy7HpLpXnztZ35DP1UNyQDLZbu4SNL_-8FHKz7L_T3PRVDupk_AOBlhtn_B2-Q3TEc/s904/IC+collaboration+tools.JPG"/></a></div>
<div align="center">
<font size="2">
Collaborative tools used by the US Intelligence Community in 2016<br>
(click to enlarge - <a href="https://www.businessofgovernment.org/sites/default/files/New%20Tools%20for%20Collaboration.pdf" target="_blank">source</a>)<br>
</font>
</div>
<br>
<br>
Snowden said that he started hoarding documents from all these readboards and then shared this personal collection with his colleagues, as a justification, or "the perfect cover", for collecting material from more and more sources.<br>
<br>
This system, which Snowden called Heartbeat, also pulled in the full documents so NSA Hawaii would still have access to them in case they would be disconnected from NSA headquarters. And, according to Permanent Record: "Nearly all of the documents that I later disclosed to journalists came to me through Heartbeat" (p. 221-222).<br>
<br>
Heartbeat isn't mentioned in the diagram above, which makes sense because if the system existed like Snowden described it was probably only used at NSA Hawaii and not throughout the NSA as a whole - and most likely completely abolished after he left the agency. <br>
<br>
<br>
<br>
<b>Links and sources</b><br>
<font size="2">
- SpyTalk: <a href="https://www.spytalk.co/p/classified-us-intelligence-chat-rooms" target="_blank">Classified US Intelligence Chat Rooms a 'Dumpster Fire' of Hate Speech, Says Ex-NSA Contractor</a> (2022)<br>
- The Atlantic: <a href="https://www.theatlantic.com/technology/archive/2017/03/the-governments-secret-wiki-for-intelligence/518508/?google_editors_picks=true" target="_blank">The Government’s Secret Wiki for Intelligence</a> (2017)<br>
- Wired: <a href="https://www.wired.com/2017/03/intellipedia-wikipedia-spies-much/" target="_blank">The Wikipedia for Spies—And Where It Goes From Here</a> (2017)<br>
- Center for Strategic and International Studies: <a href="https://www.businessofgovernment.org/sites/default/files/New%20Tools%20for%20Collaboration.pdf" target="_blank">New Tools for Collaboration. The Experience of the U.S. Intelligence Community</a> (2016)<br>
</font>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com0tag:blogger.com,1999:blog-4559002410879446409.post-43465068277214438202021-11-03T19:53:00.024+01:002021-12-05T05:14:36.670+01:00Edward Snowden and the targeted drone killing campaign<br>
<br>
Two weeks ago, on October 22, a new document from the <a href="https://www.electrospaces.net/2019/04/the-snowden-files-where-are-they-and.html">Snowden files</a> was published for the first time in over two years. It's an entry from <a href="https://en.wikipedia.org/wiki/Intellipedia" target="_blank">Intellipedia</a> about the American drone killing campaign that was released by journalist and writer <a href="https://en.wikipedia.org/wiki/Spencer_Ackerman" target="_blank">Spencer Ackerman</a>.<br>
<br>
While the <a href="#ackerman"><b>content</b></a> of the document is hardly significant, it's form is remarkably <a href="#similar"><b>similar</b></a> to an Intellipedia entry that was published in 2015, which leads us to <a href="#snowden"><b>Snowden's interest</b></a> in the drone killings and The Drone Papers that <a href="#hale"><b>Daniel Hale</b></a> leaked to The Intercept.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-BACjGmMKHOhklHBWxydmOoxvrgrSK2jq4Vnbw5cZifiPz9BMDFrU1B1EnhmeTCRCg3i31DZ89_i24IEK5o2WpWBq67UPEw7WvLFshufGeG7GTlKzZkEvTEMcEteMn30mHu17YeIUIAU/s800/snowden+drones+header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-BACjGmMKHOhklHBWxydmOoxvrgrSK2jq4Vnbw5cZifiPz9BMDFrU1B1EnhmeTCRCg3i31DZ89_i24IEK5o2WpWBq67UPEw7WvLFshufGeG7GTlKzZkEvTEMcEteMn30mHu17YeIUIAU/s800/snowden+drones+header.jpg"/></a></div>
<br>
<br>
<a name="ackerman"></a>
<br>
<font size="+2"><b>Ackerman's publication</b></font><br>
<br>
Except for five <a href="https://www.electrospaces.net/2020/06/nsa-documents-and-cover-names-from-book.html">new partial documents</a> published in Barton Gellman's book Dark Mirror in May 2020, the last release of files from the Snowden trove was in May 2019, when The Intercept and the Norwegian broadcaster NRK published a <a href="https://nsa.gov1.info/dni/2019/index.html#mexico" target="_blank">range of documents</a> about NSA's <a href="https://www.electrospaces.net/2019/09/from-9-eyes-to-14-eyes-afghanistan.html#rtrg">Real Time Regional Gateway</a> (RT-RG) collection system. Two months earlier, the publisher of The Intercept had already decided to <a href="https://www.thedailybeast.com/the-intercept-shuts-down-access-to-snowden-trove/" target="_blank">shut down</a> the Snowden archive.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2019/04/the-snowden-files-where-are-they-and.html">The Snowden files: where are they and where should they end up?</a><br>
</div>
<br>
The new document comes from the cache of Snowden documents that is kept by the American documentary filmmaker <a href="https://en.wikipedia.org/wiki/Laura_Poitras" target="_blank">Laura Poitras</a>, who now lives in Berlin. According to Ackerman, Poitras was preparing for her exhibition <a href="https://www.praxisfilms.org/exhibitions/parallel-construction" target="_blank"><i>Parallel Construction</i></a> that marked the 20th anniversary of 9/11, when she "came across the Intellipedia entry and realized no one had ever published it" and then gave him a copy of it. <br>
<br>
Ackerman <a href="https://foreverwars.substack.com/p/intellipedia" target="_blank">published</a> the document on Substack, an online platform for journalistic articles and newsletters, where he has an account called <a href="https://foreverwars.substack.com/" target="_blank">Forever Wars</a> to "chronicle, investigate and interrogate the continuities, departures and permutations of the War on Terror". There he <a href="https://foreverwars.substack.com/p/us-intelligence-wiki-targeted-killing" target="_blank">discusses</a> the Intellipedia entry in an article titled "On U.S. Intelligence’s Wiki, Anxiety About Legal Challenges To Drone Strikes".<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3sPigW0XvOm-pRVXsuotfbhs9COCMdFxVuds-W1GN2Sk4lXHSlhbJ2XDWmOraoVwIMkOgUogbzX7eHpmfxs2yOiWxYPctT15dMSn3rwQkE2CNDwmdQIzeWGzow6tDN2LKgpW_Uyx5KLs/s800/intellipedia-targeted+killing.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3sPigW0XvOm-pRVXsuotfbhs9COCMdFxVuds-W1GN2Sk4lXHSlhbJ2XDWmOraoVwIMkOgUogbzX7eHpmfxs2yOiWxYPctT15dMSn3rwQkE2CNDwmdQIzeWGzow6tDN2LKgpW_Uyx5KLs/s800/intellipedia-targeted+killing.JPG"/></a></div>
<div align="center">
<font size="2">
The Intellipedia entry (<a href="https://drive.google.com/file/d/19wv1eHV1lyqm6CyshhhVQecVk2FMZ1Nc/view" target="_blank">full document</a>) published by Spencer Ackerman<br>
</font>
</div>
<br>
<br>
The Intellipedia entry provides a summary of policies and opinions about the issue of targeted (drone) killings, mostly based upon public news reports and therefore almost all the content is unclassified. What Ackerman thinks is newsworthy is "the document's occasionally alarmist depiction of legal and political challenges to the strikes" and that it shows a "paranoid" feeling among US intelligence analysts.<br>
<br>
Apparently this is only based on the following sections in the Intellipedia entry, which actually hardly support Ackerman's interpretation:<br>
<br>
- "<i>Those opposing targeted killing are increasing their organization and activities. If timing is more than coincidental, activists may coordinate their opposition efforts.</i>"<br>
<br>
- "<i>The effort may indicate a concerted effort by human rights organizations, activist international lawyers and opposition forces to undermine the use of remotely piloted vehicles, targeted killing, preemption and other direct action as elements of Uniited States policy.</i>"<br>
<br>
Ackerman also argues that the way the Intellipedia entry places "legal and political challenges to drone strikes on a continuum with warfare is of a piece with how U.S. intelligence can also view journalism on a continuum with espionage" - which refers to the prosecution of Julian Assange, who by his supporters is seen as an innocent journalist, while he actually <a href="https://www.emptywheel.net/2021/10/01/wikileaks-intent-of-publishing-and-not-publishing-cias-hacking-tools-was-to-wreck-the-organization/" target="_blank">engaged</a> in acts of espionage and conspiracy against the United States.<br>
<br>
<br>
<a name="similar"></a>
<br>
<font size="+2"><b>A similar Intellipedia entry</b></font><br>
<br>
More interesting than the content, is the form of the newly disclosed document, because it turns out that it's very similar to another <a href="https://www.documentcloud.org/documents/2165140-manhunting-redacted" target="_blank">Intellipedia entry</a> which is titled "Manhunting Timeline 2008" and was published by The Intercept in July 2015, along with a <a href="https://theintercept.com/2015/07/15/israeli-special-forces-assassinated-senior-syrian-official/" target="_blank">report</a> about Israeli assassination operations:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGdV_oRwekUL4mnoyX_ZyOsmmrxx2XnIc9SZMpdRUVt0-CCGQ3zgl-PnRuosvlXoDXWFyyY8BrayTww15WH1llIxYoEjIGg-lHLdYAtBYIDZLHtT9BK_9pXXJXfVVXZY5U459ijONhijE/s1089/intellipedia-manhunting+timeline.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="553" data-original-width="1089" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGdV_oRwekUL4mnoyX_ZyOsmmrxx2XnIc9SZMpdRUVt0-CCGQ3zgl-PnRuosvlXoDXWFyyY8BrayTww15WH1llIxYoEjIGg-lHLdYAtBYIDZLHtT9BK_9pXXJXfVVXZY5U459ijONhijE/s1089/intellipedia-manhunting+timeline.JPG"/></a></div>
<div align="center">
<font size="2">
Intellipedia entry (<a href="https://s3.amazonaws.com/s3.documentcloud.org/documents/2165140/manhunting-redacted.pdf" target="_blank">full document</a>) published by The Intercept in 2015<br>
</font>
</div>
<br>
<br>
This earlier Intellipedia entry is less blurry and has some additional details compared to the one published by Ackerman. First, it has all the navigation menus, including the one that's usually in the upper right corner of the browser window and includes the user name, something The Intercept forgot to redact in this case:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTPS81WoUmiptn0hD7LUD9OPH9-LtTPXFSh1qhhEpo7WFxIggf5ivyTZv2e0bW08M1cyMqIkMoDTiQe0DhEbC1HSVARICSSRY3t0TZqVK8mnNDilgYGYA5rPu-MPo7Lo6jjyuOKCRCCxE/s413/intellipedia-manhunting+timeline-snowden.JPG" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="350" data-original-height="259" data-original-width="413" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTPS81WoUmiptn0hD7LUD9OPH9-LtTPXFSh1qhhEpo7WFxIggf5ivyTZv2e0bW08M1cyMqIkMoDTiQe0DhEbC1HSVARICSSRY3t0TZqVK8mnNDilgYGYA5rPu-MPo7Lo6jjyuOKCRCCxE/s413/intellipedia-manhunting+timeline-snowden.JPG"/></a></div>
<br>
<br>
Another interesting detail is a message that appeared on top of the article to announce Intellipedia users that they should expect maintenance of the Intelink Instant Messenger (IIM) service on January 3, 2013.<br>
<br>
This indicates that this document was viewed, stored and/or downloaded shortly before that date - a period when Snowden was a SharePoint systems administrator in the Office of Information Sharing at the NSA's <a href="https://www.electrospaces.net/2019/06/the-nsas-regional-cryptologic-centers.html#hawaii">regional Cryptologic Center</a> in Hawaii.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2021/12/about-intellipedia-and-other-us.html">About Intellipedia and other intelligence wikis from the Snowden trove</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaRPNShRaRT9Wu9muHUjhufZ_lcjELnjQn3QUXb3LkycuHvyMyJ5wW3LlDdoCQbrQb74AJnq2Ye7vAquMcMA656sfkUbKA7hi-Y_L-quW4-PKneBmk1wiyWMaKro0mrZAxzLgYxJv5Wh8/s1087/intellipedia-manhunting+timeline-message.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="457" data-original-width="1087" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaRPNShRaRT9Wu9muHUjhufZ_lcjELnjQn3QUXb3LkycuHvyMyJ5wW3LlDdoCQbrQb74AJnq2Ye7vAquMcMA656sfkUbKA7hi-Y_L-quW4-PKneBmk1wiyWMaKro0mrZAxzLgYxJv5Wh8/s1087/intellipedia-manhunting+timeline-message.JPG"/></a></div>
<div align="center">
<font size="2">
Some details of the Intellipedia entry titled Manhunting Timeline 2008<br>
(click to enlarge)<br>
</font>
</div>
<br>
<br>
Even more interesting are the markings at the very top and bottom of each page, which appear when an article is printed or saved through the "Printable version" option in the wiki interface: at the bottom of each page there's the URL (redacted, but remarkably long) and the page number, while at the top of the page there's the date and the title of the article, in this case "Manhunting Timeline 2008 - Intellipedia".<br>
<br>
The date on this document is "6/2/2015" or June 2, 2015, which is more than two years after Snowden left the NSA, but just a month before The Intercept published it. Because one of the URLs has not been completely redacted, we see that when the file was printed, it was not on an internal US government network, but on a local computer drive:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzJ64mZsXlL6uy0eUzRIb4O3Cu79hoaXYXn2WBtCbDePTLRoVkXyvKImawZ7c-l-H4FJPIR1MTZYdBtTZF2JSFzPpkTZkNinZzDtzaqx6wSIOXc5ywYAvMcWAj0xCpMIN6kLBbehjuaOY/s887/intellipedia-manhunting+timeline-detail.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="277" data-original-width="887" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzJ64mZsXlL6uy0eUzRIb4O3Cu79hoaXYXn2WBtCbDePTLRoVkXyvKImawZ7c-l-H4FJPIR1MTZYdBtTZF2JSFzPpkTZkNinZzDtzaqx6wSIOXc5ywYAvMcWAj0xCpMIN6kLBbehjuaOY/s887/intellipedia-manhunting+timeline-detail.JPG"/></a></div>
<br>
<br>
This indicates that Snowden provided the entry in a digital form and that The Intercept read and printed it using a locally installed <a href="https://en.wikipedia.org/wiki/Wiki_software" target="_blank">Wiki engine</a>. For publication the print was scanned to turn it into a digital file again, which now included the printing marks. Was this to make the Intellipedia entry look like <a href="#hale">other drone documents</a> provided by Daniel Hale?<br>
<br>
<br>
On the Intellipedia entry published by Ackerman we see a similar page title ("Targeted Killing: Policy, Legal and Ethical Controversy - Intellipedia") but no date and also no URL and page number, but maybe that's because the bottom parts of the pages have been cut off ("some excisions for caution that do not affect the document’s narrative" according to Ackerman):<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlbPpuqqoNELh-uBrD0NFwENgfw2hIWslXatddIZNI9jpVp9icY0HOEAlnoUX1O4G8yBEnT5TVdJI-_tt5ZTqugw0xcqhVkTbbdHf2Bta8C5LNspJAZFFNnT62rzgHuWuAhZ-mpSi0jBQ/s1245/intellipedia-targeted+killing-detail.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="391" data-original-width="1245" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlbPpuqqoNELh-uBrD0NFwENgfw2hIWslXatddIZNI9jpVp9icY0HOEAlnoUX1O4G8yBEnT5TVdJI-_tt5ZTqugw0xcqhVkTbbdHf2Bta8C5LNspJAZFFNnT62rzgHuWuAhZ-mpSi0jBQ/s1245/intellipedia-targeted+killing-detail.JPG"/></a></div>
<br>
<br>
Therefore, it's not clear when this document was printed, but given the fact that it's also a sub-topic of Intellipedia's main article about <a href="https://en.wikipedia.org/wiki/Manhunt_%28military%29" target="_blank">Manhunting</a>, we can assume that Snowden provided it in digital form, just like the Manhunting Timeline 2008. So was the new document also printed to look like the earlier ones, or was it just a safer way to hand it over to Ackerman?<br>
<br>
Documents in a printed form immediately remind of the series of classified documents that were leaked by <a href="https://www.electrospaces.net/2015/12/leaked-documents-that-were-not.html" target="_blank">other sources than Edward Snowden</a>. Most, but not all of them were eventually traced back to former NSA and NGA contractor <a href="https://en.wikipedia.org/wiki/Daniel_Hale" target="_blank">Daniel Hale</a>, who was arrested in May 2019. It turned out that in 2014 he printed a range of classified documents which were subsequently published by The Intercept.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2019/05/daniel-hale-arrested-for-being-source.html">Daniel Hale arrested for being the source of The Drone Papers</a><br>
</div>
<br>
<br>
<a name="snowden"></a>
<br>
<font size="+2"><b>Snowden and the drone killings</b></font><br>
<br>
Daniel Hale's aim was to provide information about the drone strikes in order to end these lethal operations and it seems that Snowden was interested in this issue too, besides his main goal of fighting mass surveillance by the US government.<br>
<br>
Already in October 2013, The Washington Post <a href="https://www.washingtonpost.com/world/national-security/documents-reveal-nsas-extensive-involvement-in-targeted-killing-program/2013/10/16/29775278-3674-11e3-8a0e-4e2cf80831fc_story.html" target="_blank">reported</a> about a file which was "part of a collection of records in the Snowden trove that make clear that the drone campaign — often depicted as the CIA's exclusive domain — relies heavily on the NSA's ability to vacuum up enormous quantities of e-mail, phone calls and other fragments of signals intelligence, or SIGINT."<br>
<br>
This sounds like Snowden had made a folder with various documents about drone killings, similar to the folders he had <a href="https://www.electrospaces.net/2016/05/german-journalists-about-working-with.html#documents">created</a> about other topics that had his special interest, like operations of the NSA divisions TAO (hacking) and SSO (cable tapping). Journalist Barton Gellman confirms that the encrypted archive with some 50.000 documents he and Laura Poitras received in May 2013 was "neatly organized in folders".<a nohref title="See: Barton Gellman, Dark Mirror, p. 22-27">*</a><br>
<br>
<br>
<b>Revelations about targeted drone killings</b><br>
<br>
Despite this apparently special collection of records, there have been only very few revelations about the NSA's involvement in targeted drone killings:<br>
<br>
- The first one was on October 16, 2013, by The Washington Post, titled <a href="https://www.washingtonpost.com/world/national-security/documents-reveal-nsas-extensive-involvement-in-targeted-killing-program/2013/10/16/29775278-3674-11e3-8a0e-4e2cf80831fc_story.html" target="_blank"><i>Documents reveal NSA’s extensive involvement in targeted killing program</i></a>, but this piece only refers to documents instead of publishing them.<br>
<br>
- On February 10, 2014, The Intercept came with an article called <a href="https://theintercept.com/2014/02/10/the-nsas-secret-role/" target="_blank"><i>The NSA’s Secret Role in the U.S. Assassination Program</i></a>, which is based on accounts by "a former drone operator for the military's Joint Special Operations Command (JSOC) who also worked with the NSA" (Daniel Hale?) with some additional snippets from the Snowden trove.<br>
<br>
- On July 15, 2015, The Intercept published the Intellipedia entry with the Manhunt Timeline 2008 as part of a report titled <a href="https://firstlook.org/theintercept/2015/07/15/israeli-special-forces-assassinated-senior-syrian-official/" target="_blank"><i>Israeli Special Forces Assassinated Senior Syrian Official</i></a>.<br>
<br>
That's not much, although Snowden's selection of drone-related documents may also have included files about NSA programs in support of the drone killings, like systems for <a href="https://theintercept.com/document/2015/05/08/skynet-courier/" target="_blank">tracing</a> potential targets by geolocating their mobile phones, or the role of <a href="https://theintercept.com/2016/09/06/nsa-menwith-hill-targeted-killing-surveillance/" target="_blank">Menwith Hill Station</a> in the United Kingdom, for example.<br>
<br>
<br>
<b>The drone killings as a trigger for Snowden?</b><br>
<br>
According to Glenn Greenwald's book <i>No Place to Hide</i> from May 2014, Snowden was already confronted with drone operations during his job at the NSA's Pacific Technical Center (PTC) at Yokota Air Base, near Tokyo in Japan, where he worked as a <a href="https://www.electrospaces.net/2019/12/review-of-snowdens-book-permanent.html#japan">systems administrator</a> from August 2009 to September 2010:<br>
<br>
"The stuff I saw really began to disturb me", Snowden said, and: "I could watch drones in real time as they surveilled the people they might kill. You could watch entire villages and see what everyone was doing. I watched NSA tracking people's Internet activities as they typed. I became aware of just how invasive US surveillance capabilities had become" (p. 43).<br>
<br>
According to Greenwald, Snowden then began to feel an increasingly urgent obligation to leak what he was seeing, which makes it remarkable that this experience isn't mentioned in his own book, <i>Permanent Record</i>, which was published in September 2019.<br>
<br>
In this book, Snowden only presents the press reports about the drone killing of <a href="https://en.wikipedia.org/wiki/Anwar_al-Awlaki" target="_blank">Anwar al-Aulaqi</a> as an example of how the US government itself is also leaking classified information when it serves its own interest (p. 237-238).<br>
<br>
And instead of the drone campaign, <i>Permanent Record</i> comes up with two other "<a href="https://www.electrospaces.net/2019/12/review-of-snowdens-book-permanent.html#atomic">atomic moments</a>" which Snowden experienced while he was in Japan: learning about the domestic mass surveillance of the Chinese government and the STELLARWIND report about president Bush' warrantless wiretapping program.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2020/03/edward-snowden-and-stellarwind-report.html">Edward Snowden and the STELLARWIND report</a><br>
</div>
<br>
Later, however, Snowden <a href="https://youtu.be/efs3QRr8LWw?t=4805" target="_blank">said</a> that he discovered the STELLARWIND report only much later, somewhere in 2012, when he was working at the NSA in Hawaii. It was actually several times that Snowden changed the narrative about what the decisive moment for his actions was (another one was the <a href="https://en.wikipedia.org/wiki/James_Clapper#Testimony_to_Congress_on_NSA_surveillance,_2013" target="_blank">Clapper testimony</a>), but when there's indeed a separate folder with drone killing documents that would confirm a special interest in this topic. <br>
<br>
<br>
<a name="hale"></a>
<br>
<font size="+2"><b>Daniel Hale's leaks</b></font><br>
<br>
Daniel Hale had a similar experience as Snowden in Japan, but only in March 2012, a few days after he arrived in Afghanistan to work as a intelligence analyst at Bagram Airfield. There he <a href="https://storage.courtlistener.com/recap/gov.uscourts.vaed.405902/gov.uscourts.vaed.405902.240.1_2.pdf" target="_blank">witnessed</a> how a group of men were killed by a drone strike, just because one of them carried a targeted cell phone. Since then he had increasing moral objections against these operations.<br>
<br>
In April 2013, Hale attended a presentation of Jeremy Scahill's book <a href="https://www.goodreads.com/book/show/15814204-dirty-wars" target="_blank"><i>Dirty Wars: The World Is a Battlefield</i></a> about the drone killings program under president Obama. As of June they contacted eachother by phone and by e-mail and in September Scahill asked Hale to set up a Jabber account for encrypted chat conversations.<br>
<br>
On October 16, 2013, The Washington Post <a href="https://www.washingtonpost.com/world/national-security/documents-reveal-nsas-extensive-involvement-in-targeted-killing-program/2013/10/16/29775278-3674-11e3-8a0e-4e2cf80831fc_story.html" target="_blank">published</a> its piece about how documents provided by Snowden revealed the NSA's involvement in the targeted killing program. This article may have provided additional inspiration to Hale, because in December 2013 he accepted a new job at the <a href="https://en.wikipedia.org/wiki/National_Geospatial-Intelligence_Agency" target="_blank">National Geospatial-Intelligence Agency</a> (NGA). <br>
<br>
Although he felt uneasy, Hale <a href="https://storage.courtlistener.com/recap/gov.uscourts.vaed.405902/gov.uscourts.vaed.405902.240.1_2.pdf" target="_blank">said</a> he took the job because "the money I could make was by far more than I had ever made before" - but maybe it was also an opportunity to get access to classified military information again, similar to Snowden who <a href="https://www.electrospaces.net/2019/12/review-of-snowdens-book-permanent.html#analyst">took his job at Booz Allen</a> to get access to additional documents.<br>
<br>
Between February and August 2014, Hale printed 23 mostly classified documents, 17 of which he provided to Jeremy Scahill, who then worked for Greenwald's new online news outlet <a href="https://en.wikipedia.org/wiki/The_Intercept" target="_blank">The Intercept</a>. Somewhere in the same period Greenwald traveled to Moscow and informed Snowden about a new source with important information about the drone program, which was shown in Laura Poitras' film <a href="https://youtu.be/EDhB-A23IUk?t=6360" target="_blank">Citizenfour</a> from October 2014:<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZFmFs9hVhRzTvGM-NM2wznarHohXfuDpWzuDXt4HmGt-TUirNx3_pMDVR3bTR62f3004_AAZj2ZLfoCI8dAFrM5vdhYQnJSbEgfwMB66a9245e_5nIYlvTPpPDoeSnLIm99ZmTEle0WY/s1600/citizienfour-greenwald-snowden.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZFmFs9hVhRzTvGM-NM2wznarHohXfuDpWzuDXt4HmGt-TUirNx3_pMDVR3bTR62f3004_AAZj2ZLfoCI8dAFrM5vdhYQnJSbEgfwMB66a9245e_5nIYlvTPpPDoeSnLIm99ZmTEle0WY/s1600/citizienfour-greenwald-snowden.jpg" width="500" /></a><br>
<font size="2">
Glenn Greenwald informing Edward Snowden about The Intercept's new source<br>
<font color="gray">(still from the documentary film Citizenfour)</font>
</font></div>
<br>
<br>
In the Summer of 2014, The Intercept had already published two of Hale's documents about NCTC watchlisting, but it took until April 17, 2015 for The Intercept and Der Spiegel to publish a Top Secret <a href="https://theintercept.com/document/2015/04/17/architecture-u-s-drone-operations/" target="_blank">diagram</a> about the drone operations and on October 15, 2015, The Intercept finally released four classified documents along with eight articles as "<a href="https://theintercept.com/drone-papers/" target="_blank">The Drone Papers</a>".<br>
<br>
<br>
<br>
<font size="+2"><b>Conclusion</b></font><br>
<br>
For Snowden, who <a href="https://twitter.com/Snowden/status/654742697958215680" target="_blank">called</a> it "the most important national security story of the year", The Drone Papers must have been a triumph because finally someone had followed in his footsteps and leaked details about the drone program which he was apparently also concerned about for years.<br>
<br>
However, it was also a bitter defeat, because just three days after Daniel Hale had printed out his last document, the FBI had already tracked him down and raided his home (he was arrested in May 2019 and eventually sentenced to 45 months in prison). Is this why there's nothing about Hale, nor about the NSA's involvement in drone killing operations in Snowden's book <i>Permanent Record</i>?<br>
<br>
Another question is why Laura Poitras thought Spencer Ackerman should publish a rather uninteresting Intellipedia entry. Was there really nothing more interesting about this topic among the Snowden files? Or was it a signal that, unlike The Intercept, she is still willing to publish things from the Snowden archive?<br>
<br>
<br>
<br>
<b>Links and sources</b><br>
<font size="2">
- Forever Wars: <a href="https://foreverwars.substack.com/p/us-intelligence-wiki-targeted-killing" target="_blank">On U.S. Intelligence’s Wiki, Anxiety About Legal Challenges To Drone Strikes</a> (2021)<br>
- CNN: <a href="https://money.cnn.com/2015/10/15/media/intercept-drone-wars/" target="_blank">A 'second Snowden' leaks to the Intercept about 'drone wars'</a> (2015)<br>
- Zone d'Intérêt: <a href="http://zonedinteret.blogspot.com/2015/10/us-intelligence-support-to-find-fix.html" target="_blank">U.S. Intelligence Support to Find, Fix, Finish Operations</a> (2015)<br>
- The Washington Post: <a href="https://www.washingtonpost.com/world/national-security/documents-reveal-nsas-extensive-involvement-in-targeted-killing-program/2013/10/16/29775278-3674-11e3-8a0e-4e2cf80831fc_story.html" target="_blank">Documents reveal NSA’s extensive involvement in targeted killing program</a> (2013)<br>
</font>
<br>P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com4tag:blogger.com,1999:blog-4559002410879446409.post-46290950001727703702021-05-18T22:01:00.018+02:002021-11-04T04:50:07.850+01:00What the NSA provides to its foreign partners, and vice versa<div align="right"><font size="2" color="gray">(Updated: November 3, 2021)</font></div>
<br>
The cooperation between (signals) intelligence agencies of different countries is strictly <a href="https://en.wikipedia.org/wiki/Quid_pro_quo" target="_blank">quid pro quo</a>, which means what you get is equivalent to what you give. This is perfectly illustrated by a small series of documents from the Snowden trove, which summarize what the NSA provides to its foreign partners, along what they provide to the NSA.<br>
<br>
Three of these documents are about the NSA's Second Party partners (better known as the Five Eyes): <a href="#canada">Canada</a>, <a href="#australia">Australia</a> and <a href="#newzealand">New Zealand</a>, and six about Third Party partners: <a href="#germany">Germany</a>, <a href="#israel">Israel</a>, <a href="#norway">Norway</a>, <a href="#saudi">Saudi Arabia</a>, <a href="#sweden">Sweden</a> and <a href="#turkey">Turkey</a>. Another NSA document provides <a href="#characteristics">some characteristics</a> of these relationships.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsUy_3ZO8mpt2JlwrIy6_9r4Q-hnDn8uoLdByFDPGHMNxWKpQpXSYqmvjVXJJ054RU2p46eQ0Vumo_07rmuf5DQO19KqWAJQN0tLPMfJl2BZqStn2Y53hZRv6fNJrlkN2wYFHC_8x58fk/s800/infopapers-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsUy_3ZO8mpt2JlwrIy6_9r4Q-hnDn8uoLdByFDPGHMNxWKpQpXSYqmvjVXJJ054RU2p46eQ0Vumo_07rmuf5DQO19KqWAJQN0tLPMfJl2BZqStn2Y53hZRv6fNJrlkN2wYFHC_8x58fk/s800/infopapers-header.jpg"/></a></div>
<br>
<br>
<br>
The documents about the various NSA partners are information papers prepared by the Country Desk Officer (CDO) for the particular country at the NSA's Foreign Affairs Directorate (FAD). All but one date from April 2013, which is just a month before Snowden left the agency. It's not known whether there are also papers about other NSA partners among the Snowden files.<br>
<br>
The information papers describe the relationship between the NSA and the foreign partner in a standardized way: they all start with an introduction, mention some "Key Issues", followed by "What NSA Provides to Partner" and "What Partner Provides to NSA". The papers end with "Success Stories" and "Problems/Challenges with the Partner".<br>
<br>
<font size="2">For readability, the portion markings with the classification level for each paragraph have been removed and some abbreviations are written in full.</font><br>
<br>
<br>
<br>
<div align="center">
<table width="88%"><tr><td bgcolor="gray"><font color="white"><div align="center">
<font size="+2">Second Party partners</font><br>
</div></font></td></tr></table>
</div>
<br>
<blockquote>
The <a href="https://www.electrospaces.net/2014/09/nsas-foreign-partnerships.html#2ndparty">Second Party partners</a> of the NSA are the signals intelligence agencies of the United Kingdom, Canada, Australia and New Zealand. These five countries are also known as the Five Eyes. Their SIGINT systems are highly <a href="http://electrospaces.blogspot.com/2016/11/data-sharing-systems-used-within-five.html" target="_blank">integrated</a> and the partners are not supposed to spy on each other.<br>
</blockquote>
<a name="canada"></a>
<br>
<br>
<font size="+3">Canada</font><br>
<br>
<b>Information paper:</b> <a href="http://s3.documentcloud.org/documents/1691676/odni3april2013-canada-v1-0.pdf" target="_blank">NSA Intelligence Relationship with Canada's CSEC</a>, April 3, 2013<br>
<font size="2">
<br>
(Published by <a href="https://www.cbc.ca/news/politics/snowden-document-shows-canada-set-up-spy-posts-for-nsa-1.2456886" target="_blank">CBC</a> on December 9, 2013)<br>
</font>
<br>
<br>
<b>What NSA provides to the Partner:</b><br>
<br>
SIGINT: NSA and CSEC cooperate in targeting approximately 20 high-priority countries [two lines redacted]. NSA shares technological developments, cryptologic capabilities, software and resources for state-of-the-art collection, processing and analytic effots, and IA capabilities. The intelligence exchange with CSEC covers worldwide national and transnational targets. No Consolidated Cryptologic Program (CCP) money is allocated to CSEC, but NSA at times pays R&D and technology costs on shared projects with CSEC.<br>
<br>
[two paragraphs redacted]<br>
<br>
<br>
<b>What the Partner provides to NSA:</b><br>
<br>
CSEC offers resources for advanced collection, processing and analyss, and has opened covert sites at the request of NSA. CSEC shares with NSA their unique geographic access to areas unavailable to the U.S. [redacted], and provides cryptologic products, cryptanalysis, technology, and software. CSEC has increased its investment in R&D projects of mutual interest. [several lines redacted].<br>
<br>
[at least two paragraphs redacted]<br>
<br>
<br>
<hr width="70%">
<a name="australia"></a>
<br>
<br>
<font size="+3">Australia</font><br>
<br>
<b>Information paper:</b> <a href="https://s3.documentcloud.org/documents/3935529/NSA-Intelligence-Relationship-with-Australia.pdf" target="_blank">NSA Intelligence Relationship with Australia</a>, April 2013<br>
<br>
<font size="2">
(Published by <a href="https://theintercept.com/2017/08/19/nsa-spy-hub-cia-pine-gap-australia/" target="_blank">The Intercept</a> and <a href="https://www.abc.net.au/news/2017-08-20/leaked-documents-reveal-pine-gaps-crucial-role-in-us-drone-war/8815472" target="_blank">ABC</a> on August 18, 2017)<br>
</font>
<br>
<br>
<b>What NSA provides to the Partner:</b><br>
<br>
NSA provides cryptologic products/services to the Government of Australia through DSD, on virtually all subjects, particularly those related to the Pacific Rim. NSA shares technology, cryptanalytic capabilities, and resources for state-of-the-art collection, processing and analytic efforts. NSA will continue to work closely with Australia to meet its commitments as the U.S reallocates efforts toward Asia and the Pacific.<br>
<br>
<br>
<b>What the Partner provides to NSA:</b><br>
<br>
NSA and DSD have agreed to specific divisions of effort, with the Australians solely responsible for reporting on multiple targets in the Pacific area, including Indonesia, Malaysia, and Singapore, based on their unique language capabilities and geographic accesses. In addition, DSD has primary reporting responsibility [redacted] regardless of geographic region. DSD provides access to commercial and foreign/domestic satellites from sites in Geraldton and Darwin, High Frequency (HF) collection and Direction Finding (DF) from three sites; and, manning of the operations floor at Joint Defense Facility at Pine Gap (RAINFALL), a site which plays a significant role in supporting both intelligence activities and military operations. In addition, DSD provides NSA with access to terrorism-related communications collected inside Australia.<br>
<br>
<br>
<hr width="70%">
<a name="newzealand"></a>
<br>
<br>
<font size="+3">New Zealand</font><br>
<br>
<b>Information paper:</b> <a href="https://s3.amazonaws.com/s3.documentcloud.org/documents/1683920/nzodnipaperapr13-v1-0-pdf-redacted.pdf" target="_blank">NSA Intelligence Relationship with New Zealand</a>, April 2013<br>
<br>
<font size="2">
(Published by <a href="https://www.nzherald.co.nz/nz/uk-foreign-secretary-philip-hammond-says-its-time-to-move-on-from-snowden/X6YZ34WU6DYXN4R6JAS2E76RYY/" target="_blank">NZ Herald</a> on March 11, 2015)<br>
</font>
<br>
<br>
<b>What NSA provides to the Partner:</b><br>
<br>
NSA provides raw traffic, processing, and reporting on targets of mutual interest, in addition to technical advice and equipment loans.<br>
<br>
<br>
<b>What the Partner provides to NSA:</b><br>
<br>
GCSB provides collection on China, Japanese/North Korean/Vietnamese/South American diplomatic communications, South Pacific Island
nations, Pakistan, India, Iran, and Antarctica; as well as, French police and nuclear testing activities in New Caledonia [two lines redacted].<br>
<br>
<br>
<br>
<br>
<div align="center">
<table width="88%"><tr><td bgcolor="gray"><font color="white"><div align="center">
<font size="+2">Third Party partners</font><br>
</div></font></td></tr></table>
</div>
<br>
<blockquote>
The <a href="https://www.electrospaces.net/2014/09/nsas-foreign-partnerships.html#3rdparty">Third Party partners</a> of the NSA are the signals intelligence agencies of some 33 countries. Cooperation is based on formal, bilateral agreements, but the actual scope of the relationship varies from country to country and from time to time. Unlike the Second Party partners, Third Party partners do spy on each other.<br>
</blockquote>
<a name="germany"></a>
<br>
<br>
<font size="+3">Germany</font><br>
<br>
<b>Information paper:</b> <a href="https://www.eff.org/files/2014/06/23/history_and_current_state_of_cooperation_between_the_nsa_and_bnd.pdf" target="_blank">NSA Intelligence Relationship with Germany</a>, January 17, 2013<br>
<br>
<font size="2">
(Published by <a href="https://www.spiegel.de/international/the-germany-file-of-edward-snowden-documents-available-for-download-a-975917.html" target="_blank">Der Spiegel</a> on June 18, 2014)<br>
</font>
<br>
<br>
<b>What NSA provides to the Partner:</b><br>
<br>
NSA has provided a significant amount of hardware and software at <a href="https://en.wikipedia.org/wiki/Federal_Intelligence_Service" target="_blank">BND</a> expense, as well as associated analytic expertise to help the BND independently maintain its FORNSAT [Foreign Satellite collection] capability. NSA also exchanges intelligence reporting on both military and non-military targets.<br>
<br>
<br>
<b>What the Partner provides to NSA:</b><br>
<br>
NSA is provided access to FORNSAT communications supporting counter-narcotics (CN), counter-terrorism (CT), [redacted], and Weapons of Mass Destruction (WMD) missions and is an important source of information on drug trafficking and force protection in Afghanistan. The BND provides Igbo language support by
translating NSA collection of a high-value, time-sensitive [redacted] target. NSA is seeking the proper approvals to accept BND language support in [one line redacted]. In addition to the day-to-day collection, the Germans have offered NSA unique accesses in high interest target areas.<br>
<br>
<br>
<hr width="70%">
<a name="israel"></a>
<br>
<br>
<font size="+3">Israel</font><br>
<br>
<b>Information paper:</b> <a href="https://assets.documentcloud.org/documents/1240002/nsa-intelligence-relationship-with-israel-april.pdf" target="_blank">NSA Intelligence Relationship with Israel</a>, April 19, 2013<br>
<br>
<font size="2">
(Published by <a href="https://theintercept.com/2014/08/04/cash-weapons-surveillance/" target="_blank">The Intercept</a> on August 4, 2014)<br>
</font>
<br>
<br>
<b>What NSA provides to the Partner:</b><br>
<br>
The Israeli side enjoys the benefits of expanded geographic access to world-class NSA cryptanalytic and SIGINT engineering expertise, and also gains controlled access to advanced U.S. technology and equipment via accomodation buys and foreign military sales.<br>
<br>
<br>
<b>What the Partner provides to NSA:</b><br>
<br>
Benefits to the U.S. include expanded geographic access to high priority SIGINT targets, access to world-class Israeli cryptanalytic and SIGINT engineering expertise, and access to a large pool of highly qualified analysts.<br>
<br>
<br>
<hr width="70%">
<a name="norway"></a>
<br>
<br>
<font size="+3">Norway</font><br>
<br>
<b>Information paper:</b> <a href="https://theintercept.com/document/2018/03/01/nsa-intelligence-relationship-with-norway-april-2013/" target="_blank">NSA Intelligence Relationship with Norway</a>, April 17, 2013<br>
<br>
<font size="2">
(Published by <a href="https://www.dagbladet.no/nyheter/norways-secret-surveillance-of-russian-politics-for-the-nsa/61923431" target="_blank">Dagbladet</a> on December 17, 2013)<br>
</font>
<br>
<br>
<b>What NSA provides to the Partner:</b><br>
<br>
- Daily TS//SI-level counter-terrorism (CT) reports shared multilaterally;<br>
- Frequent exchanges of technical data and analytic expertise on CT targets, [one line redacted] and other threats to Norway's national security; <br>
- Daily force protection support in Afghanistan and technical expertise to support target development of Afghan insurgent targets;<br>
- Regular reporting on counter-proliferation (CP) topics [redacted]<br>
- Ad-hoc reporting and analytic expertise on [redacted]<br>
- Exchanges of reporting, tech data and analytic expertise on [redacted]<br>
- Tech data and expertise on cryptanalytic topics of mutual interest; and<br>
- FORNSAT communications metadata<br>
<br>
<br>
<b>What the Partner provides to NSA:</b><br>
<br>
- SIGINT analysis as well as geolocational and communications metadata specific to Afghan targets of mutual interest (this analysis also supports Norwegian Special Operations Forces (when deployed);<br>
- All-source analysis specific to Afghan targets of mutual interest. The analysis is based on operations conducted jointly between Norway and local and/or coalition authorities;<br>
- Potential to leverage NIS [Norwegian Intelligence Service] FORNSAT capabilities to augment NSA collection against high priority CP SIGINT targets;<br>
- Potential to leverage NIS unique access to SIGINT on high priority CT targets; [redacted]<br>
- SIGINT reports on Russian civil targets of mutual targets, particularly Russian energy policy;<br>
- FORNSAT communications metadata; and <br>
- [one line redacted]<br>
<br>
<br>
<hr width="70%">
<a name="saudi"></a>
<br>
<br>
<font size="+3">Saudi Arabia</font><br>
<br>
<b>Information paper:</b> <a href="https://assets.documentcloud.org/documents/1236112/saudi-arabia-information-paper.pdf" target="_blank">NSA Intelligence Relationship with Saudi Arabia</a>, April 8, 2013<br>
<br>
<font size="2">
(Published by <a href="https://theintercept.com/2014/07/25/nsas-new-partner-spying-saudi-arabias-brutal-state-police/" target="_blank">The Intercept</a> on July 25, 2014)<br>
</font>
<br>
<br>
<b>What NSA provides to the Partner:</b><br>
<br>
NSA/CSS provides technical advice on SIGINT topics such as data exploitation and target development to TAD [Technical Affairs Directorate of the Ministry of Interior] as well as a sensitive source collection capability.<Br>
<br>
NSA/CSS provides a sensitive decryption service to the Ministry of Interior against terrorist targets of mutual interest.<br>
<br>
<br>
<b>What the Partner provides to NSA:</b><br>
<br>
NSA leverages MOD RRD [Ministry of Defense Radio Reconnaissance Department] access to remote geography in the Arabian Gulf but provides no finished SIGINT reporting to NSA/CSS, however; they have provided unencrypted collection against the <a href="https://en.wikipedia.org/wiki/Quds_Force" target="_blank">IRGC QODS</a> Maritime Force targets of mutual interest from their collection system [redacted].<br>
<br>
TAD provides sensitive access to unique collection containing <a href="https://en.wikipedia.org/wiki/Al-Qaeda_in_the_Arabian_Peninsula" target="_blank">AQAP</a> terrorist targets of mutual interest.<br>
<br>
<br>
<hr width="70%">
<a name="sweden"></a>
<br>
<br>
<font size="+3">Sweden</font><br>
<br>
<b>Information paper:</b> <a href="https://assets.documentcloud.org/documents/889126/nsa-intelligence-relationship-with-sweden.pdf" target="_blank">NSA Intelligence Relationship with Sweden</a>, April 18, 2013<br>
<br>
<font size="2">
(Published by <a href="https://www.svt.se/nyheter/inrikes/fra-spionerar-pa-ryssland-at-usa" target="_blank">SVT Nyheter</a> on December 5, 2013)<br>
</font>
<br>
<br>
<b>What NSA provides to the Partner:</b><br>
<br>
- Technical support, collection, processing equipment and training<br>
- NSA accepts selectors from <a href="https://en.wikipedia.org/wiki/National_Defence_Radio_Establishment" target="_blank">FRA</a> and tasks them to approved NSA collection sites<br>
- [one line redacted]<br>
- [one line redacted]<br>
- Accomodation purchases of equipment<br>
- Membership in multinational forums<br>
<br>
<br>
<b>What the Partner provides to NSA:</b><br>
<br>
- Unique intelligence on Russia, the Baltic, Middle East, and counter-terrorism (CT)<br>
- Outstanding and unique input of ELINT signals<br>
- Access for special collection initiatives<br>
- Collaboration on cryptanalytic issues<br>
<br>
<br>
<hr width="70%">
<a name="turkey"></a>
<br>
<br>
<font size="+3">Turkey</font><br>
<br>
<b>Information paper:</b> <a href="https://assets.documentcloud.org/documents/1282653/nsa-tr-606.pdf" target="_blank">NSA Intelligence Relationship with Turkey</a>, April 15, 2013<br>
<br>
<font size="2">
(Published by <a href="https://www.spiegel.de/international/world/documents-show-nsa-and-gchq-spied-on-partner-turkey-a-989011.html" target="_blank">Der Spiegel</a> on August 31, 2014)<br>
</font>
<br>
<br>
<b>What NSA provides to the Partner:</b><br>
<br>
- NSA provides equipment, technology, training, and U.S. SIGINT requirements and reporting to the Turkish partner to better assist NSA in fulfilling U.S. intelligence requirements. <br>
<br>
- In terms of equipment and technology NSA provides both collection and cryptographic equipment. A Cryptographic Modernization program is under way with both partners [<a href="https://en.wikipedia.org/wiki/National_Intelligence_Organization_%28Turkey%29" target="_blank">MIT</a> and SIB] to upgrade encryption on all shared and some non-shared communications links. A High Frequency Direction Finding (HFDF) collection site is [two line redacted] NSA also provides decryption of DHKP/C internet traffic the Turks collect. <br>
<br>
- U.S. SIGINT requirements and reporting cover military and paramilitary targets in [redacted] and the KGK [Kurdistan Workers' Party]. This reporting is a mixture of near-real time and product "Tear Line" reports and analysis. <br>
<br>
- NSA provides daily interaction and actionable intelligence on foreign fighter Sunni extremists, against both Turkish and non-Turkish individuals. NSA provides regional Tactical [redacted] reporting in two hour increments.<br>
<br>
<br>
<b>What the Partner provides to NSA:</b><br>
<br>
- The partner provides near real time reporting on military air, naval, ground, and paramilitary targets in Russia, [redacted] Georgia, Ukraine, and on KGK targets, as well as daily summary reporting of Black Sea and CIS Naval and Air activity and [redacted]<br>
<br>
[one paragraph redacted]<br>
<br>
- NSA enjoys joint operational access to the HFDF site in [redacted] which, in turn, functions as a node on NSA's world-wide CROSSHAIR HFDF geolocation service. The U.S. and 2nd Parties receive approximately 400,000 fixes yearly utilizing Lines-of-Bearing from the [redacted] site while the Turks receive approximately 5000 fixes yearly from its regional usage of CROSSHAIR, an 80 to 1 ratio in FVEY's favor. <br>
<br>
- NSA receives Turkish transcripts of KGK voice collection. Cooperation on the KGK target by the U.S. Intelligence Community in Ankara has increased across the board since the May 2007 DNI Memorandum encouraged all to do so. <br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE8oi_rCm4CTx2z3aTW3e8RAeAfquA6QZ8_LZOhVrL94T98CqoY5kQUb3aSJmxhbKydoWQyo_gh-hnP8da-XkiOXjDEEoP0m0amLGcGOEec1ocKHan5U-XuHcnzkS_H5fy0F-ZkkoZ9rk/s896/infopapers-turkey.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="516" data-original-width="896" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE8oi_rCm4CTx2z3aTW3e8RAeAfquA6QZ8_LZOhVrL94T98CqoY5kQUb3aSJmxhbKydoWQyo_gh-hnP8da-XkiOXjDEEoP0m0amLGcGOEec1ocKHan5U-XuHcnzkS_H5fy0F-ZkkoZ9rk/s896/infopapers-turkey.jpg"/></a></div>
<div align="center">
<font size="2">
Section from the information paper about the NSA's relationship with Turkey<br>
</font>
</div>
<br>
<hr width="70%">
<a name="characteristics"></a>
<br>
<br>
<font size="+2">Some characteristics</font><br>
<br>
According to the <i>quid pro quo</i>-principle, we see that for each of these foreign partners, the things that NSA provides to the partner roughly equal what the partner provides to the NSA - at least according to the length of the sections in the information papers. The actual content of what each party provides is often very different, as was described in an <a href="https://cryptome.org/2014/03/nsa-third-parties.pdf" target="_blank">internal interview</a> from 2009 about the nature of the NSA's Third Party relationships:<br>
<br>
"Generally speaking, our Third Party partners want access to our technology, as well as our regional/global reach. In exchange for providing unique accesses, regional analytical expertise, foreign language capabilities and/or I&W [Indications & Warning] support, we provide them with technical solutions (e.g., hardware, software) and/or access to related technology." The partners usually "know their regional hoods better than we do and they exponentially add to our foreign language capability."<br>
<br>
When the information papers speak about providing data about "targets of mutual interest", the interview explains: "We must keep in mind that our partners are attempting to satisfy their own national intelligence requirements; with the exception of the assistance we provide during crises, we can only move our SIGINT relationships forward, when U.S. requirements intersect with theirs." This also depends on how long and deep such a relationship is:<br>
<br>
"Many of our relationships have, indeed, spanned several decades, allowing us to establish higher degrees of trust with and reliance on one another. This, in turn, has led to greater levels of cooperation, where, for instance, NSA might be willing to share advanced techniques with a proven and reliable partner, in return for that partner's willingness to do something politically risky. Trust requires years to build up but can be lost in a very short period of time."<br>
<br>
And finally, the interview also explains:
"For a variety of reasons, our intelligence relationships are rarely disrupted by foreign political pertubations, international or domestic. First, we are helping our partner address critical intelligence shortfalls, just as they are assisting us. Second, in many of our foreign partners' capitals, few senior officials outside of their defense-intelligence apparatuses are witting to an SIGINT connection to the U.S./NSA."<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2014/09/nsas-foreign-partnerships.html" target="_blank">NSA's Foreign Partnerships</a><br>
</div>
<br>
<br>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com2tag:blogger.com,1999:blog-4559002410879446409.post-60768383719527674342021-04-07T17:23:00.058+02:002023-04-10T00:50:20.359+02:00The communications systems at the US Central Command headquarters<div align="right"><font size="2" color="gray">(Updated: April 11, 2021)</font></div>
<br>
Previously, this weblog provided a close look at the <a href="https://www.electrospaces.net/2021/01/the-phones-in-president-bidens-oval.html">phones used by US president Biden</a>. This time we turn to another end of the line and look at the communications equipment which is used at the <a href="#headquarters"><b>headquarters of the US Central Command</b></a> in Tampa, Florida.<br>
<br>
A recent 60 Minutes television report provides an unprecedented look inside the Central Command's operations center, where we see the general <a href="#military"><b>military communications equipment</b></a>, followed by some more special <a href="#commander"><b>devices used by the commander</b></a>, who also has access to the virtual <a href="#dte"><b>Desktop Environment</b></a> for the US intelligence agencies.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMBv6rxDKZPtkU0rJNrTMB8ptqDhcInKTPQlrfj3skMkJnjc9h4GV8OZzShLCepuha5N76ltwQxjgQ38j1rRCf8xuzEXYxMAM7mkObHHqcYrQ14fRLzaCNqI6BQ1NN9idExIIDXhiVydU/s900/central+command+header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="473" data-original-width="900" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMBv6rxDKZPtkU0rJNrTMB8ptqDhcInKTPQlrfj3skMkJnjc9h4GV8OZzShLCepuha5N76ltwQxjgQ38j1rRCf8xuzEXYxMAM7mkObHHqcYrQ14fRLzaCNqI6BQ1NN9idExIIDXhiVydU/s900/central+command+header.jpg"/></a></div>
<div align="center">
<font size="2">
Large operations center in the Central Command headquarters, January 2021<br>
(still from 60 Minutes - click to enlarge)<br>
</font>
</div>
<br>
<br>
<br>
The <a href="https://en.wikipedia.org/wiki/60_Minutes" target="_blank">60 Minutes</a> television report shows never-before-seen video footage of the Iranian ballistic missile attack from January 7, 2020 on the <a href="https://en.wikipedia.org/wiki/Al_Asad_Airbase" target="_blank">Al Asad Airbase</a> in Iraq, where 2000 US troops were stationed. The attack was a retaliation for the American <a href="https://en.wikipedia.org/wiki/Assassination_of_Qasem_Soleimani" target="_blank">drone strike</a> from January 3, which killed the Iranian general <a href="https://en.wikipedia.org/wiki/Qasem_Soleimani" target="_blank">Qasem Soleimani</a>, commander of the Quds Force.<br>
<br>
The report also includes an interview with general <a href="https://en.wikipedia.org/wiki/Kenneth_F._McKenzie_Jr." target="_blank">Frank McKenzie</a>, combatant commander of the US Central Command, who leads the US armed forces in the Middle East. McKenzie followed the Iranian missile attack on the Al Asad Airbas at his headquarters, from where he had ordered the killing of general Soleimani six days earlier.<br>
<br>
<br>
<div align="center">
<iframe width="550" height="300" src="https://www.youtube.com/embed/lGP7hZQuTL0" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
</div>
<br>
<a name="headquarters"></a>
<br>
<br>
<font size="+2">The Central Command headquarters</font><br>
<br>
The <a href="https://en.wikipedia.org/wiki/United_States_Central_Command" target="_blank">United States Central Command</a> (USCENTCOM) was established in 1983 and is one of the eleven unified combatant commands of the US Armed Forces. Its Area of Responsibility (AOR) includes the Middle East, Egypt, Central Asia and parts of South Asia. <br>
<br>
CENTCOM's main headquarters is not in its area of operations, but at <a href="https://en.wikipedia.org/wiki/MacDill_Air_Force_Base" target="_blank">MacDill Air Force Base</a> in Tampa, Florida, where a new 282,200-square-foot headquarters building was <a href="https://www.burnsmcd.com/projects/us-central-command-headquarters" target="_blank">completed</a> in 2012.<br>
<br>
The new building includes specialized mission critical spaces like the Command Joint Operations Center, Joint Planning Cell and Operational Planning Element, Network Operations Center and the Command Secure Communications Operations Center. <br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA2ydxWkuGmBqStbazYFSKSI31R87HqZFYYRSyhMArdjCwj-3Rtm6-C2IwAbcghMIXRFhmuOsD4Z-TW56KHZloOc04zHmYqgF6k3-_DdeCfLFNmZcS4ODwF_TaBKdyn1K6Q1Yi7wTjsu4/s950/central+command+hq.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="545" data-original-width="950" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA2ydxWkuGmBqStbazYFSKSI31R87HqZFYYRSyhMArdjCwj-3Rtm6-C2IwAbcghMIXRFhmuOsD4Z-TW56KHZloOc04zHmYqgF6k3-_DdeCfLFNmZcS4ODwF_TaBKdyn1K6Q1Yi7wTjsu4/s950/central+command+hq.jpg"/></a></div>
<div align="center">
<font size="2">
The headquarters of the US Central Command at MacDill Air Force Base<br>
(photo: Burns & McDonnell - click to enlarge)<br>
</font>
</div>
<br>
<br>
The new headquarters building includes more than 109,000 square feet of <a href="https://en.wikipedia.org/wiki/Sensitive_compartmented_information_facility" target="_blank">Sensitive Compartmented Information Facility</a> (SCIF) and space constructed according to <a href="https://en.wikipedia.org/wiki/Sound_transmission_class" target="_blank">sound transmission class</a> (STC) 45 and 50 to support secured operations.<br>
<br>
Relevant antiterrorism standards, including progressive collapse mitigation by means of tie forces, were also incorporated in the new headquarters. All concrete contains ground granulated blast furnace slag and fly ash for <a href="https://www.usgbc.org/help/what-leed" target="_blank">LEED</a> compliance.<br>
<br>
On the website of the construction company there's an earlier photo of the interior of the building showing standard workstations equipped with two computer screens, an Avocent SwitchView <a href="https://en.wikipedia.org/wiki/KVM_switch" target="_blank">KVM switch</a>, a smartcard reader, the ubiquitous HP keyboard, a mouse and two telephone sets: a <a href="http://www.avayabcm.com/M3903.php" target="_blank">Nortel Meridian 3903</a> and a <a href="https://www.cisco.com/c/en/us/products/collaboration-endpoints/unified-ip-phone-7975g/index.html" target="_blank">Cisco 7975 IP Phone</a>, one for secure and one for non-secure calls:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnPPwEq3W_C1eDh4r6hH82gPja5pF1r5etltPNOZDKqwjxPRA5yE4Ak2pA2Ytlm-agh501iUMMJgkN9xFJYHEzxLxOR4gdLEOWDbqXPTCP3LomQ3UF7vV4XMkemMHlBnoSDQ7OKdw6Ml0/s950/central+commant+workplaces.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="545" data-original-width="950" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnPPwEq3W_C1eDh4r6hH82gPja5pF1r5etltPNOZDKqwjxPRA5yE4Ak2pA2Ytlm-agh501iUMMJgkN9xFJYHEzxLxOR4gdLEOWDbqXPTCP3LomQ3UF7vV4XMkemMHlBnoSDQ7OKdw6Ml0/s950/central+commant+workplaces.jpg"/></a></div>
<div align="center">
<font size="2">
Interior of the Central Command headquarters at MacDill Air Force Base<br>
(photo: Burns & McDonnell - click to enlarge)<br>
</font>
</div>
<a name="military"></a>
<br>
<br>
<font size="+2">Military communications equipment</font><br>
<br>
The communications equipment that is currently used at the Central Command headquarters can be seen in the 60 Minutes television report, which shows shots from inside a large and a small operations room.<br>
<br>
In the large operations room we see big video screens along the walls and several rows of workstations, each with two sets of communications equipment, one set for access to classified telephone and computer networks and another set for unclassified networks.<br>
<br>
According to the color codes of the <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html">US classification system</a> the telephones and the smartcard readers have the green label for Unclassified systems and the red label for Secret systems.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGpNG5Dmq5sTHqLsFVy_VAY_NieGfQ_9hdK1ICXEkG7oH71hrJU70wheBEn1ipL45TgdRhp1RCm9LMPDgXnGKaE327UcpXZB4O0uLr-1WRPpo5I1lXsV-W3Pjf3Q4ZV-f1sAx4HUXS9is/s1276/central+command+2021+j.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="718" data-original-width="1276" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGpNG5Dmq5sTHqLsFVy_VAY_NieGfQ_9hdK1ICXEkG7oH71hrJU70wheBEn1ipL45TgdRhp1RCm9LMPDgXnGKaE327UcpXZB4O0uLr-1WRPpo5I1lXsV-W3Pjf3Q4ZV-f1sAx4HUXS9is/s1276/central+command+2021+j.jpg"/></a></div>
<div align="center">
<font size="2">
Large operations center in the Central Command headquarters, January 2021<br>
(still from 60 Minutes - click to enlarge)<br>
</font>
</div>
<br>
<br>
<b>Computer systems</b><br>
<br>
Some of the computer screens show a bright red lock screen with the text "This information system is accredited to process - SECRET - For authorized purposes only", which means that they are part of <a href="https://en.wikipedia.org/wiki/SIPRNet" target="_blank">SIPRNet</a>, the main classified secure network of the US military for tactical and operational information. The military's unclassified non-secure computer network is known as <a href="https://en.wikipedia.org/wiki/NIPRNet" target="_blank">NIPRNet</a>.<br>
<br>
Identifying authorized users for NIPRNet is done through the <a href="https://en.wikipedia.org/wiki/Common_Access_Card" target="_blank">Common Access Card</a>, which is the standard identification for active US defense personnel. Access to SIPRNET requires the <a href="https://www.dote.osd.mil/Portals/97/pub/reports/FY2013/dod/2013pki.pdf?ver=2019-08-22-111255-487" target="_blank">SIPRNet token</a>, which is also a smartcard, but without visible identification information.<br>
<br>
<br>
<b>Coalition networks</b><br>
<br>
Besides NIPRNet and SIPRNet, the Central Command also has separate computer networks for collaboration with foreign partners. For the members of bilateral and multinational coalitions, the United States provides a network architecture called <a href="https://en.wikipedia.org/wiki/CENTRIXS" target="_blank">Combined Enterprise Regional Information eXchange System</a> (CENTRIXS), which operates at the classification level Secret/Releasable to [country identifier].<br>
<br>
The first CENTRIXS networks were <a href="https://apps.dtic.mil/dtic/tr/fulltext/u2/a466528.pdf" target="_blank">established</a> as of late 2001 by the US Central Command in order to support coalition operations under <a href="https://en.wikipedia.org/wiki/Operation_Enduring_Freedom" target="_blank">Operation Enduring Freedom</a> (OEF). This resulted in CENTRIXS-ISAF for operations in Afghanistan and CENTRIXS-GCTF for the Global Counter Terrorism Forces. Meanwhile, both systems have been integrated in the CENTCOM Partner Network (CPN).<br>
<br>
<div align="right">
> See also <a href="http://electrospaces.blogspot.com/2015/03/us-military-and-intelligence-computer.html">US military and intelligence computer networks</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-5gBXWRMvidP5z8uqen-RAz10kQtyaHsTWa5dJ0He7gWKEEIJnXZvWROB6TiiJ27rEv79eGufngf1cBlZpv2fhsaWGii8Pcptz93mFDDnsnEuqJSf3JXvNa65s2LgqG-a2w5x8vOvyjI/s797/isaf+networks.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="549" data-original-width="797" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-5gBXWRMvidP5z8uqen-RAz10kQtyaHsTWa5dJ0He7gWKEEIJnXZvWROB6TiiJ27rEv79eGufngf1cBlZpv2fhsaWGii8Pcptz93mFDDnsnEuqJSf3JXvNa65s2LgqG-a2w5x8vOvyjI/s797/isaf+networks.JPG"/></a></div>
<div align="center">
<font size="2">
The various networks in CENTCOM's area of responsibility<br>
(<a href="https://www.slideserve.com/finnea/centrixs-isaf-phase-1-overview" target="_blank">source</a> - click to enlarge)<br>
</font>
</div>
<br>
<br>
A CENTRIXS network consists of servers and thin clients and provides users with at least the following computer applications, giving them the same basic capabilities as users of classified US systems:<br>
<blockquote>
- <a href="https://en.wikipedia.org/wiki/Microsoft_Office" target="_blank">Microsoft Office</a><br>
- <a href="https://www.northropgrumman.com/what-we-do/land/command-and-control-personal-computer-c2pc/" target="_blank">Command and Control Personal Computer</a> (C2PC)<br>
- <a href="https://defense-update.com/20060406_gccs-i3.html" target="_blank">Integrated Imagery and Intelligence</a> (I3)<br>
</blockquote>
<br>
These applications allow <a href="https://apps.dtic.mil/dtic/tr/fulltext/u2/a466528.pdf" target="_blank">access</a> to the releasable Near-Real Time (NRT) order of battle from the MIDB database (to be <a href="https://www.c4isrnet.com/show-reporter/dodiis/2018/08/15/the-department-of-defense-is-going-to-mars-just-not-that-one/" target="_blank">replaced</a> by MARS) and imagery databases and to display the data on a map background. They can also access various browser-based products, send e-mails with attachments and conduct collaboration sessions.<br>
<br>
For US military users, these applications are part of the <a href="https://www.globalsecurity.org/intell/library/reports/2001/compendium/gccs.htm" target="_blank">Global Command and Control System</a> (GCCS), which encompasses a suite of over 200 client-server tools and applications for fusing data from multiple sensors and intelligence sources to produce a graphical representation of the battlespace.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaoqt1mMHuCXAcDRq_A4wXkd5T_f_WXcWayTEtPNE0YqvAoxX-1gZG4URvQz5pQMVsT5tmNfUNvtFVRralKBF9Ma2Iy5IZr3xfZQU_glPbhPyJ7M54RPDQGphboWEiMY6m5yHSyL-hBYo/s1000/c2pc-interface.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="693" data-original-width="1000" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaoqt1mMHuCXAcDRq_A4wXkd5T_f_WXcWayTEtPNE0YqvAoxX-1gZG4URvQz5pQMVsT5tmNfUNvtFVRralKBF9Ma2Iy5IZr3xfZQU_glPbhPyJ7M54RPDQGphboWEiMY6m5yHSyL-hBYo/s1000/c2pc-interface.jpg"/></a></div>
<div align="center">
<font size="2">
Interface of the Command and Control Personal Computer (C2PC) application<br>
(<a href="https://www.northropgrumman.com/wp-content/uploads/Command-and-Control-Personal-Computer-C2PC.pdf" target="_blank">source</a> - click to enlarge)<br>
</font>
</div>
<br>
<br>
<b>Telephone systems</b><br>
<br>
In the large operations center at CENTCOM's headquarters there are also a range of Cisco IP phones, some being the older <a href="https://www.cisco.com/c/en/us/products/collaboration-endpoints/unified-ip-phone-7975g/index.html" target="_blank">7975</a>, others the current <a href="https://www.cisco.com/c/en/us/products/collaboration-endpoints/ip-phone-8841/index.html" target="_blank">8841</a>. The Cisco 8841 IP phones look like the ones that are commercially available, but are actually modified versions from the small telecommunications security company <a href="https://cissecure.com/" target="_blank">CIS Secure Computing Inc.</a><br>
<br>
These modified phones are approved for use in <a href="https://www.adamosecurity.com/whats-the-difference-between-scif-and-sapf/" target="_blank">SCIF and SAPF</a> environments and <a href="https://cissecure.com/product/cisco-8841-tsg-approved-fiber-enabled-ip-phone/" target="_blank">offer</a> additional on-hook security features which can be engaged for the 'hold' and 'mute' functions while in a call. Speakerphone functionality isn't disabled, but is protected with the on-hook security of the positive disconnect electronics.<br>
<br>
Several workstations even have a third telephone set: a <a href="https://www.cisco.com/c/en/us/products/collaboration-endpoints/ip-phone-8845/index.html" target="_blank">Cisco IP Phone 8845</a>, which has a video camera on top for video calls. According to their display background, these phones appear to be for the video conferencing service of the <a href="#dte">Desktop Environment</a> (DTE, see below) which runs on the Top Secret/SCI intelligence sharing network <a href="https://en.wikipedia.org/wiki/Joint_Worldwide_Intelligence_Communications_System" target="_blank">JWICS</a>.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnFMdYX-47OhyFI2RjFHx-wfIkXOEPZYQH8JXtO3H7fFBmKozHqUqSU2wqZnRF0OvFcDBgssB6zLaAoqnDcPcfEJYFA0s64qXQ6FBx-Wmu1DAWdxas3RJb-kMzLBk6wcsG0N3rNtRcE4s/s1274/central+command+2021+g.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="716" data-original-width="1274" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnFMdYX-47OhyFI2RjFHx-wfIkXOEPZYQH8JXtO3H7fFBmKozHqUqSU2wqZnRF0OvFcDBgssB6zLaAoqnDcPcfEJYFA0s64qXQ6FBx-Wmu1DAWdxas3RJb-kMzLBk6wcsG0N3rNtRcE4s/s1274/central+command+2021+g.jpg"/></a></div>
<div align="center">
<font size="2">
Operations center in the Central Command headquarters, January 2021<br>
(still from 60 Minutes - click to enlarge)<br>
</font>
</div>
<br>
<a name="commander"></a>
<br>
<br>
<font size="+2">The commander's communications equipment</font><br>
<br>
The 60 Minutes television report followed general McKenzie into a small room off his main operations center in the Central Command headquarters. There we see similar equipment as in the large room, like computers connected to SIPRNet, in this case for senior staff officers, like the:<br>
<blockquote>
- Director of Operations (J3)<br>
- Commander's Action Group (CAG)<br>
- <a href="https://en.wikipedia.org/wiki/Senior_enlisted_advisor" target="_blank">Command Senior Enlisted Leader</a> (CSEL)<br>
- <a href="https://law.jrank.org/pages/7864/Judge-Advocate.html" target="_blank">Staff Judge Advocate</a> (SJA)<br>
</blockquote>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmNEBfxDTc4uvzdj_s3OYwhZbgnCoZndy3maaZ-mlpZb1RAFFkj2H58LPjvdcOlDPbdMF3YAv1G-xPrpzp7MZDN4pvBAErAVAvLK0HXTqJjmfS09bX2HRPoTKs8RHVaZL6SqTakTCS4eQ/s1273/central+command+2021+c.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="714" data-original-width="1273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmNEBfxDTc4uvzdj_s3OYwhZbgnCoZndy3maaZ-mlpZb1RAFFkj2H58LPjvdcOlDPbdMF3YAv1G-xPrpzp7MZDN4pvBAErAVAvLK0HXTqJjmfS09bX2HRPoTKs8RHVaZL6SqTakTCS4eQ/s1273/central+command+2021+c.jpg"/></a></div>
<div align="center">
<font size="2">
General McKenzie entering a small operations room, January 2021<br>
(still from 60 Minutes - click to enlarge)<br>
</font>
</div>
<br>
<br>
In this small room, commander McKenzie has additional communications equipment that seems not available for the personnel in the large operations center. When he is being interviewed at his place at the table (see the televison still below), we see from left to right:<br>
<br>
<blockquote>
- A <a href="https://www.cisco.com/c/en/us/products/collaboration-endpoints/dx70/index.html" target="_blank">Cisco DX 70</a> video screen with video camera, probably for the Secure Video Teleconferencing System (SVTS) which is part of the Crisis Management System (CMS) and allows top-level video meetings. <br>
<br>
- A <a href="https://www.cisco.com/c/en/us/products/collaboration-endpoints/ip-phone-8841/index.html" target="_blank">Cisco IP Phone 8841</a> with a distinctive yellow bezel for the highly secure Executive Voice over Secure IP-network which is also part of the Crisis Management System (CMS) and connects the President, the National Security Council, Cabinet members, the Joint Chiefs of Staff, various intelligence agency watch centers, headquarters, and <a href="https://en.wikipedia.org/wiki/United_States_federal_government_continuity_of_operations" target="_blank">Continuity of Operations</a> (COOP) sites.<br>
<br>
- A <a href="https://web.archive.org/web/20230409220541/https://www.telecore.com/txp" target="_blank">Touchscreen Executive Phone</a> (TXP) with two additional 50-button <a href="https://web.archive.org/web/20230409215926/https://www.telecore.com/tle" target="_blank">Touchscreen Line Expansion</a> units (TLE), manufactured by the small telecommunications security company <a href="http://www.telecore.com" target="_blank">Telecore, Inc.</a>, which also made the <a href="https://www.electrospaces.net/2021/03/the-telephone-contacts-of-president.html">Integrated Services Telephone</a> (IST-2) that was on the Oval Office desk of presidents Bush and Obama. These devices are specifically designed for the <a href="https://en.wikipedia.org/wiki/Defense_Red_Switch_Network" target="_blank">Defense Red Switch Network</a> (DRSN), which offers full command and control and conferencing capabilities for military commanders up to the level of Top Secret/SCI.<br>
<br>
- A <a href="https://www.cisco.com/c/en/us/products/collaboration-endpoints/ip-phone-8865/index.html" target="_blank">Cisco IP Phone 8865</a> with video camera and a <a href="https://www.cisco.com/c/en/us/support/collaboration-endpoints/ip-phone-8800-series-key-expansion-module/model.html" target="_blank">Key Expansion Module</a>. The phone has labels for Top Secret (orange) and Top Secret/SCI (yellow) and appears to be for the video conferencing service of the <a href="#dte">Desktop Environment</a> (DTE, see below) which runs on <a href="https://en.wikipedia.org/wiki/Joint_Worldwide_Intelligence_Communications_System" target="_blank">JWICS</a>, the main network for intelligence sharing within the US military and the US intelligence community.<br>
<br>
- A <a href="https://www.cisco.com/c/en/us/products/collaboration-endpoints/ip-phone-8851/index.html" target="_blank">Cisco IP Phone 8851</a> with a <a href="https://www.cisco.com/c/en/us/support/collaboration-endpoints/ip-phone-8800-series-key-expansion-module/model.html" target="_blank">Key Expansion Module</a> and a label for the classification level Secret (red), which means it runs on SIPRNet and is therefore Voice over Secure IP (VoSIP).<br>
</blockquote>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjq3DSc2Z7wIOrY-X9StaZhyphenhyphenNsNSZrldyDBscBRBHpzdmo9J2LD9OR_N5b1wpMX7w_3cI2BtUxqfiuGKze0QPOKxrTXaSU_VfCfOPw-npJB7WaWzSH04KJaXhDUroEmR1sVlFbrRarjAVM/s1272/central+command+2021+e.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="716" data-original-width="1272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjq3DSc2Z7wIOrY-X9StaZhyphenhyphenNsNSZrldyDBscBRBHpzdmo9J2LD9OR_N5b1wpMX7w_3cI2BtUxqfiuGKze0QPOKxrTXaSU_VfCfOPw-npJB7WaWzSH04KJaXhDUroEmR1sVlFbrRarjAVM/s1272/central+command+2021+e.jpg"/></a></div>
<div align="center">
<font size="2">
General McKenzie's communications equipment in the small operations room<br>
(still from 60 Minutes - click to enlarge)<br>
</font>
</div>
<br>
<br>
According to the 60 Minutes report, it was in this small room where during the missile attack on the Al Asad Airbase, commander McKenzie "could talk directly to the only two people above him in the chain of command" - the Secretary of Defense and the President. To illustrate this, the speed dial buttons on the commander's Touchscreen Executive Phone were shown.<br>
<br>
Normally such buttons are blurred out, but here we can clearly see that McKenzie has direct lines to the White House, the Secretary of Defense (SecDef), his house (SecDef Home) and his <a href="https://www.disa.mil/Careers/SecDef-Comms-Support" target="_blank">communications center</a> (SecDef Cables), as well as to the <a href="https://en.wikipedia.org/wiki/National_Military_Command_Center" target="_blank">National Military Command Center</a> (NMCC) and the Chairman of the Joint Chiefs of Staff (CJCS XO), among others:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh__NgpxXIRRSmYbyvuJvzWNjZSfuYVaER2fBeT5ORvNd6Wt-goNWX6RJUmdO7FJ0bZSi6J-EKAcVEu9JFIh7_u0spu8XZi_s58WjymTnHBrYFuwEO1h7t7RxZa0wg7laIgu9QyZ4mD3nk/s1276/central+command+2021+d.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="718" data-original-width="1276" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh__NgpxXIRRSmYbyvuJvzWNjZSfuYVaER2fBeT5ORvNd6Wt-goNWX6RJUmdO7FJ0bZSi6J-EKAcVEu9JFIh7_u0spu8XZi_s58WjymTnHBrYFuwEO1h7t7RxZa0wg7laIgu9QyZ4mD3nk/s1276/central+command+2021+d.jpg"/></a></div>
<div align="center">
<font size="2">
The speed dial buttons on general McKenzie's Touchscreen Executive Phone<br>
(still from 60 Minutes - click to enlarge)<br>
</font>
</div>
<br>
<br>
<br>
<b>The commander's computers</b><br>
<br>
The same telephones as in the small room appear on McKenzie's place in the large operations room, but here he also has two computer screens connected to a <a href="https://www.vertiv.com/en-us/products-catalog/monitoring-control-and-management/secure-kvm/vertiv-cybex-secure-multiviewer-kvm-switch/" target="_blank">Vertiv Cybex Secure MultiViewer</a> KVM switch which allows access to networks of different classifications levels on a single screen.<br>
<br>
Apparently the commander was logged in on one of the classified computer networks, as we can see the desktop background with several application icons - quite remarkable because usually during photo ops or television recordings only unclassified images should be visible.<br>
<br>
At the top of the desktop background is a yellow bar which means it's <a href="https://en.wikipedia.org/wiki/Joint_Worldwide_Intelligence_Communications_System" target="_blank">JWICS</a>, the intelligence sharing network for the US military and the US Intelligence Community at the classification level <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html#sci">Top Secret/SCI</a>. Unlike NIPRNet and SIPRNet, access to JWICS doesn't require a smartcard, but a software certificate: military users have to identify themselves with a <a href="https://fas.org/irp/doddir/navy/opnavinst/5239_3a.pdf" target="_blank">DoD PKI certificate</a>, others need an <a href="https://apps.dtic.mil/sti/pdfs/ADA460253.pdf" target="_blank">IC PKI certificate</a>.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZKLqtqog3vXQedQH3VFLpJQOqMzs4OAOIhg3ESwTqUgydo7FL-cmUN5ZevvWE2gspZdd8srInCJlxVhXvFpt2WvkB5yp3HYM615EossZ-zYbp8rIQkG7d0oWBmb4Lmhc33RM2esbkO6U/s1275/central+command+2021+i.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="715" data-original-width="1275" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZKLqtqog3vXQedQH3VFLpJQOqMzs4OAOIhg3ESwTqUgydo7FL-cmUN5ZevvWE2gspZdd8srInCJlxVhXvFpt2WvkB5yp3HYM615EossZ-zYbp8rIQkG7d0oWBmb4Lmhc33RM2esbkO6U/s1275/central+command+2021+i.jpg"/></a></div>
<div align="center">
<font size="2">
General McKenzie's workstation in the large operations center<br>
(still from 60 Minutes - click to enlarge)<br>
</font>
</div>
<br>
<a name="dte"></a>
<br>
<br>
<font size="+2">The IC Desktop Environment</font><br>
<br>
The desktop background on the commander's computer is deep blue and has the term "DESKTOP ENVIRONMENT (DTE)" with an image of the earth covered by a stylized network. In the bottom left corner we see the seals of the <a href="https://en.wikipedia.org/wiki/Defense_Intelligence_Agency" target="_blank">Defense Intelligence Agency</a> (DIA) and the <a href="https://en.wikipedia.org/wiki/National_Geospatial-Intelligence_Agency" target="_blank">National Geospatial-Intelligence Agency</a> (NGA) and some text.<br>
<br>
This "Intelligence Community Desktop Environment" (IC DTE) was <a href="https://www.baesystems.com/en-us/article/bae-systems-to-modernize-defense-intelligence-agency-workstations" target="_blank">conceived</a> in 2012 as a single, identical platform for the US Intelligence Community. As such it's the heart of a huge modernization project called <a href="https://www.c4isrnet.com/show-reporter/dodiis/2017/08/28/ic-ite-is-about-changing-the-way-the-intelligence-community-does-business/" target="_blank">Intelligence Community IT Enterprise</a> (IC ITE), under which data will be stored and processed at the <a href="https://www.nextgov.com/it-modernization/2014/07/daring-deal/100872/" target="_blank">Commercial Cloud Services</a> (C2S) managed by the CIA and the <a href="https://www.nextgov.com/emerging-tech/2018/06/nsa-systematically-moving-all-its-data-cloud/149179/" target="_blank">IC GovCloud</a> managed by the NSA.<br>
<br>
The implementation of the DTE was managed by the Joint Program Management Office (JPMO) led by DIA and NGA, while the software system was <a href="https://www.baesystems.com/en-us/article/bae-systems-to-modernize-defense-intelligence-agency-workstations" target="_blank">built</a> by BAE Systems under a $300 million contract for five years. This had to result in the Next Generation Desktop Environment (NGDE), which has to <a href="http://www.deepdiveintel.com/features/page/11/" target="_blank">bring</a> virtual desktops at different classification levels to one physical computer.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnUX-K8n8KOROZfylN-2wM6JUFYkj__zCfc71m0nRMy8ozYwmGS60ITCrHCbSDN2jASx1lbnh_gdPUMqpmzsJiwt3PVpQr5EWt5DoG2fV3OLYQAsnKqeLE-TqQcrOTYgB2onzoWM5T0oc/s950/central+commands+desktops.JPG" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="450" data-original-height="646" data-original-width="950" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnUX-K8n8KOROZfylN-2wM6JUFYkj__zCfc71m0nRMy8ozYwmGS60ITCrHCbSDN2jASx1lbnh_gdPUMqpmzsJiwt3PVpQr5EWt5DoG2fV3OLYQAsnKqeLE-TqQcrOTYgB2onzoWM5T0oc/s950/central+commands+desktops.JPG"/></a></div>
<div align="center">
<font size="2">
Multiple computers for networks at different classification levels, ca. 2008.<br>
(<a href="https://apps.dtic.mil/dtic/tr/fulltext/u2/a497344.pdf" target="_blank">source</a> - click to enlarge)<br>
</font>
</div>
<br>
<br>
With the Desktop Environment (DTE) analysts at DIA, NGA and other US intelligence agencies can <a href="https://defensesystems.com/articles/2012/02/28/chief-view-grant-schneider-dia.aspx" target="_blank">go anywhere</a> within these organizations, sit down at any Top Secret workstation, log in, authenticate, and get access to their e-mail, home directories, shared files, etc., which were previously stored on <a href="https://en.wikipedia.org/wiki/Rich_client" target="_blank">thick client</a> computers at each workstation.<br>
<br>
Besides a virtual desktop, the DTE also <a href="https://defensesystems.com/articles/2014/08/22/intelligence-community-ic-ite-cloud-computing.aspx" target="_blank">comes</a> with a common suite of desktop applications (developed via the Ozone Widget Framework) and access to common services, including <a href="https://en.wikipedia.org/wiki/Unified_communications_as_a_service" target="_blank">Unified Communications as a Service</a>. Among the first applications were standard e-mail, collaboration tools and video conferencing capabilities. The NSA is responsible for an Apps Mall that incorporates apps stores of the various agencies.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2021/12/about-intellipedia-and-other-us.html">About Intellipedia and other intelligence wikis from the Snowden trove</a><br>
</div>
<br>
The common collaboration tool for the DTE <a href="https://defensesystems.com/articles/2014/08/22/intelligence-community-ic-ite-cloud-computing.aspx" target="_blank">provides</a> a single interface for secure voicemail integration with e-mail, peer-to-peer file sharing, a screen capture tool and Outlook calendar integration. When additional users transition into the common operating environment, this tool could serve as a single interface for community-wide collaboration. In 2014, there were already some 4.000 DTE users at DIA and NGA.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzTRKK1JpwMJeFZNlkGy7_8scaUbnj_MxfV8HH7wA5jTJndFC2sI_6wGViaLs3XznyP4VtvfSNZL3lHQA1cp4u0LQH76Pg-Dza7ce3vGPbF-fHJ06l7UVrXooInvP4lx2vmjWDe0BTvA8/s590/central+command+2021+dte.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="364" data-original-width="590" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzTRKK1JpwMJeFZNlkGy7_8scaUbnj_MxfV8HH7wA5jTJndFC2sI_6wGViaLs3XznyP4VtvfSNZL3lHQA1cp4u0LQH76Pg-Dza7ce3vGPbF-fHJ06l7UVrXooInvP4lx2vmjWDe0BTvA8/s590/central+command+2021+dte.jpg"/></a></div>
<br>
<br>
However, in 2018, John Sherman, chief information officer of the Intelligence Community, <a href="https://www.c4isrnet.com/show-reporter/dodiis/2018/08/14/the-second-generation-ic-ite-is-here/" target="_blank">said</a> they had come to the realization that it no longer made sense to deliver a standard capability to every agency and user given the differing architectures, security requirements and mission needs.<br>
<br>
In order to reach the outcomes for which the DTE was initially created, the Collaboration Reference Architecture (CRA) was <a href="https://www.c4isrnet.com/show-reporter/dodiis/2018/08/14/the-second-generation-ic-ite-is-here/" target="_blank">created</a>. Agencies can now build applications which fit their own needs as long as they comply with the standards set by the CRA in order to ensure compatibility throughout the different systems.<br>
<br>
<br>
Finally, the DTE is also a step <a href="https://defensesystems.com/articles/2012/02/28/chief-view-grant-schneider-dia.aspx" target="_blank">towards</a> an environment where security and tagging of data will be done at the data level, as opposed to the network level. Traditionally, access to information was based on which network you were on: DIA data were only accessible on the DIA's network, etc.<br>
<br>
The idea is that there will be a common Intelligence Community network for which the Identification, Authentication and Authorization (IAA) project of the IC ITE provides access to data and information based on the different credentials of each individual user, so on who you are, what role you have and what accesses are available to you.<br>
<br>
<br>
<br>
<b>Links and sources</b><br>
<font size="2">
<br>
- Yahoo! News: <a href="https://news.yahoo.com/conspiracy-is-hard-inside-the-trump-administrations-secret-plan-to-kill-qassem-soleimani-090058817.html" target="_blank">'Conspiracy is hard': Inside the Trump administration's secret plan to kill Qassem Soleimani</a> (2021)<br>
- American News: <a href="https://americanewstoday.club/2021/03/01/biden-allows-60-minutes-to-release-military-imagery-secrets-that-saved-us-lives/" target="_blank">Biden Allows “60 Minutes” to Release Military Imagery Secrets that Saved US Lives</a> (2021)<br>
- DIA: <a href="https://www.dia.mil/News/Articles/Article-View/Article/1602623/striking-a-balance-between-compatibility-and-flexibility-in-the-intelligence-co/" target="_blank">Striking a balance between compatibility and flexibility in the intelligence community</a> (2018)<br>
- Joint Publication: <a href="https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp2_01_20170705v2.pdf" target="_blank">Joint and National Intelligence Support to Military Operations</a> (2017)<br>
- CSIS: <a href="http://www.businessofgovernment.org/sites/default/files/New%20Tools%20for%20Collaboration.pdf" target="_blank">New Tools for Collaboration, The Experience of the U.S. Intelligence Community</a> (2016)<br>
- Raytheon: <a href="https://www.raytheon.com/sites/default/files/capabilities/rtnwcm/groups/cyber/documents/content/rtn_266011.pdf" target="_blank">When Secure KVM Isn’t Enough</a> (2015)<br>
- Defense Systems: <a href="https://defensesystems.com/Articles/2014/08/22/Intelligence-Community-IC-ITE-cloud-computing.aspx?Page=1" target="_blank">How cloud is changing the spy game</a> (2014)<br>
- Deep Dive Intelligence: <a href="http://www.deepdiveintel.com/features/page/11/" target="_blank">Interview: Mike Mestrovich – Full Transcript</a> (2012)<br>
- Burns & McDonnell: <a href="https://www.burnsmcd.com/projects/joint-intelligence-center-central-command" target="_blank">Joint Intelligence Center, Central Command</a> (2009)<br>
- AFCEA Signal: <a href="https://www.afcea.org/content/desktop-system-streamlines-analysis-work" target="_blank">Desktop System Streamlines Analysis Work</a> (2004)<br>
- MITRE Corporation: <a href="https://apps.dtic.mil/sti/pdfs/ADA460253.pdf" target="_blank">Intelligence Community
Public Key Infrastructure
(IC PKI)</a> (2002)<br>
</font>
<br>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com0tag:blogger.com,1999:blog-4559002410879446409.post-8263950190512251022021-03-03T23:35:00.040+01:002023-06-24T02:37:41.686+02:00The telephone contacts of president George W. Bush<br>
<br>
Always wanted to know who are on the contact list of the President of the United States? In the George W. Bush Presidential Library one can see the telephone from the president's desk in the Oval Office with a clear view of all the speed dial buttons from the final years of the Bush presidency. <br>
<br>
Here I will tell a bit more about this special telephone set, followed by a list and a short discussion of all the contacts behind the over 40 speed dial buttons. Finally, the phone used by president Bush is compared with the one from the first years of Barack Obama.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiePKA7XbvICBrKZeHzHoXWmHgrSPsBIoFKRdJ_EbC5mJ26TP4tqY1i_66ka17A9g8_bgqi16lS1tM56cw-EGoo-ee2udMI1F_-btgBKKU9jhuW4MUXWyO91JEnbWuq-IaxpXKKJ7jzLKM/s1200/ist2-bush-large.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="983" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiePKA7XbvICBrKZeHzHoXWmHgrSPsBIoFKRdJ_EbC5mJ26TP4tqY1i_66ka17A9g8_bgqi16lS1tM56cw-EGoo-ee2udMI1F_-btgBKKU9jhuW4MUXWyO91JEnbWuq-IaxpXKKJ7jzLKM/s1200/ist2-bush-large.jpg"/></a></div>
<div align="center">
<font size="2">
The IST-2 phone at the president's desk in the George W. Bush Presidential Library<br>
<font color="gray">(photo: Ron Plante - click to enlarge)</font>
</font>
</div>
<br>
<br>
<br>
<font size="+2">The George W. Bush Presidential Library</font><br>
<br>
Like all US presidents since Herbert Hoover, president <a href="https://en.wikipedia.org/wiki/George_W._Bush" target="_blank">George W. Bush</a> also established a <a href="https://en.wikipedia.org/wiki/Presidential_library" target="_blank">presidential library</a> which holds the papers, records, collections and other historical materials from his presidency. Several presidents have been buried on the grounds of their library, which will also happen after the death of George Bush and his wife Laura.<br>
<br>
The <a href="https://georgewbushlibrary.smu.edu/" target="_blank">George W. Bush Presidential Library and Museum</a> was opened in April 2013 and is located on the campus of the Southern Methodist University (SMU) near Dallas, Texas. Like other presidential libraries, it includes an exact replica of the Oval Office in the White House. This allows visitors a close look at the paintings and the furniture and they may also sit behind a reproduction of the <a href="https://en.wikipedia.org/wiki/Resolute_desk" target="_blank">Resolute desk</a> for a photograph.<br>
<br>
Some visitors of the replicated Oval Office took a <a href="https://imgur.com/gallery/M2Xpfsj" target="_blank">photo</a> of the telephone on former president Bush' desk, probably not only because it's a quite impressive device, but also because it has all the names of the president's contacts on its many speed dial buttons.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOrL1gYPt0EFMpCI60vDvB3BNjemzVkCl1HxMo2TtxcxrjGD3JYpb6eN-TdNJAf_5EHcJXs46LVIlPFgG4M8ErbVQsFJobrYzW1zRQkcUXoSNBNN2d2XLj1PyA_n0JjbKmnombikW0hhc/s747/bushlibrary-visitor2.jpg" style="display: block; text-align: center; " target="_blank" ><img alt="" border="0" width="500" data-original-height="560" data-original-width="747" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiOrL1gYPt0EFMpCI60vDvB3BNjemzVkCl1HxMo2TtxcxrjGD3JYpb6eN-TdNJAf_5EHcJXs46LVIlPFgG4M8ErbVQsFJobrYzW1zRQkcUXoSNBNN2d2XLj1PyA_n0JjbKmnombikW0hhc/s747/bushlibrary-visitor2.jpg"/></a></div>
<div align="center">
<font size="2">
A visitor tries the phone in the replica of the Oval Office<br>
in the George W. Bush Presidential Library<br>
<font color="gray">(photo: instagram/t.ryanmartinez - click to enlarge)</font>
</font>
</div>
<br>
<br>
<br>
<font size="+2">The IST-2 telephone</font><br>
<br>
What most visitors of the Bush Presidential Center won't know is that the phone is an <a href="https://web.archive.org/web/20121219005454/http://www.telecore.com/ist2.php" target="_blank">Integrated Services Telephone version 2</a> (IST-2), which is a so-called "red phone". Unlike the popular image, such a red phone isn't used for the <a href="http://electrospaces.blogspot.com/2012/10/the-washington-moscow-hot-line.html">Hotline between Washington and Moscow</a>, but for secure communications with military command centers through the <a href="https://en.wikipedia.org/wiki/Defense_Red_Switch_Network" target="_blank">Defense Red Switch Network</a> (DRSN).<br>
<br>
For this network there are large telephone consoles which can be used for both secure and non-secure calls. However, the encryption of classified calls isn't done by the phone, but by a separate network encryptor. The IST-2 was designed by defense contractor <a href="https://en.wikipedia.org/wiki/Raytheon_Company" target="_blank">Raytheon</a> and subsequently manufactured by <a href="http://www.telecore.com/" target="_blank">Telecore Inc.</a>, a small company from Richardson, Texas, that took over the production of these telecommunication devices somewhere around 2003.<br>
<br>
As part of a military telephone network, the IST-2 also has the distinctive 4 red buttons for the four levels of a system called <a href="https://en.wikipedia.org/wiki/Autovon#Multilevel_precedence_and_preemption" target="_blank">Multilevel Precedence and Preemption</a> (MLPP). This allows to make phone calls that get precedence over ones with a lower priority, with "Flash Override" to allow the President, the Secretary of Defense and the Joint Chiefs of Staff to preempt any other traffic in the network.<br>
<br>
<br>
<br>
<font size="+2">The speed dial buttons on Bush' Oval Office telephone</font><br>
<br>
The IST-2 telephone on president Bush' desk in the Oval Office had 50 line buttons, with labels for the following contacts, grouped according to the colors of the labels:<br>
<br>
<br>
<div class="blockquote">
<font size="2">
• BOLTEN - <a href="https://en.wikipedia.org/wiki/Joshua_Bolten" target="_blank">Joshua B. Bolten</a>, White House Chief of Staff from 2006 to 2009.<br>
• FIELDING - <a href="https://en.wikipedia.org/wiki/Fred_F._Fielding" target="_blank">Fred F. Fielding</a>, White House Counsel from 2007 to 2009.<br>
• GILLESPIE - <a href="https://en.wikipedia.org/wiki/Ed_Gillespie" target="_blank">Ed Gillespie</a>, Counselor to the President from 2007 to 2009.<br>
• HADLEY - <a href="https://en.wikipedia.org/wiki/Stephen_Hadley" target="_blank">Stephen J. Hadley</a>, National Security Advisor from 2005 to 2009.<br>
• GOTTESMAN - <a href="https://en.wikipedia.org/wiki/Blake_Gottesman" target="_blank">Blake L. Gottesman</a>, Deputy Chief of Staff from 2008 to 2009.<br>
• JACKSON - <a href="https://en.wikipedia.org/wiki/Barry_Steven_Jackson" target="_blank">Barry S. Jackson</a>, Senior Advisor to the President from 2007 to 2009.<br>
• JEFFREY - <a href="https://georgewbush-whitehouse.archives.gov/nsc/jjeffrey-bio.html" target="_blank">James F. Jeffrey</a>, Assistant to the President and Deputy National Security Advisor from 2007 to 2009.<br>
• KAPLAN - <a href="https://en.wikipedia.org/wiki/Joel_Kaplan" target="_blank">Joel Kaplan</a>, Deputy Chief of Staff from 2006 to 2009.<br>
• LUTE - <a href="https://en.wikipedia.org/wiki/Douglas_Lute" target="_blank">Douglas E. Lute</a>, Assistant to the President and Deputy National Security Advisor for Iraq and Afghanistan from 2007 to 2013.<br>
• MEYER - <a href="https://www.ahip.org/speaker/daniel-p-meyer/" target="_blank">Daniel P. Meyer</a>, Assistant to the President for Legislative Affairs from 2007 to 2009.<br>
• PERINO - <a href="https://en.wikipedia.org/wiki/Dana_Perino" target="_blank">Dana M. Perino</a>, White House Press Secretary, 2007 to 2009.<br>
• THIESSEN - <a href="https://en.wikipedia.org/wiki/Marc_Thiessen" target="_blank">Marc A. Thiessen</a>, Director of Speechwritng from 2008 to 2009.<br>
• TUBB - <a href="https://en.wikipedia.org/wiki/Richard_Tubb" target="_blank">Richard J. Tubb</a>, Physician to the President from 2002 to 2009.<br>
• WAINSTEIN - <a href="https://en.wikipedia.org/wiki/Kenneth_L._Wainstein" target="_blank">Kenneth L. Wainstein</a>, Homeland Security Advisor from 2008 to 2009.<br>
• YANES - <a href="https://georgewbush-whitehouse.archives.gov/news/releases/2006/05/20060531-2.html" target="_blank">Raul F. Yanes</a>, Assistant to the President and Staff Secretary from 2006 to 2009.<br>
<BR>
• VICE PRESIDENT - <a href="https://en.wikipedia.org/wiki/Dick_Cheney" target="_blank">Dick Cheney</a>, Vice President of the United States from 2001 to 2009.<br>
• Secretary Of STATE - <a href="https://en.wikipedia.org/wiki/Condoleezza_Rice" target="_blank">Condoleezza Rice</a>, Secretary of State from 2005 to 2009.<br>
• Secretary Of DEFENSE - <a href="https://en.wikipedia.org/wiki/Robert_Gates" target="_blank">Robert M. Gates</a>, Secretary of Defense from 2006 to 2011.<br>
• DNI - <a href="https://en.wikipedia.org/wiki/Mike_McConnell_%28U.S._Naval_officer%29" target="_blank">Mike McConnell</a>, Director of National Intelligence from 2007 to 2009.<br>
• Director CIA - <a href="https://en.wikipedia.org/wiki/Michael_Hayden_%28general%29" target="_blank">Michael V. Hayden</a>, Director of the CIA from 2006 to 2009.<br>
<BR>
• VP HOME - The house of Vice President Cheney, the Naval Observatory in Washington.<br>
• BOLTEN HOME - The house of Chief of Staff Joshua Bolten.<br>
• HADLEY HOME - The house of National Security Advisor Stephen Hadley.<br>
• RICE HOME - The house of Secretary of State Condoleezza Rice.<br>
• GILLESPIE HOME - The house of Counselor Ed Gillespie.<br>
<BR>
• Situation Room - The Situation Room in the basement of the West Wing.<br>
• HOS Conference - Head of State Conference call.<br>
• SIGNAL OPERATOR - Operator at the Signal Switchboard for non-secure calls.<br>
• Secure OPERATOR - Operator at the Signal Switchboard for secure calls.<br>
• White House OPERATOR - Operator at the White House switchboard for unclassified calls.<br>
<br>
• MRS BUSH - <a href="https://en.wikipedia.org/wiki/Laura_Bush" target="_blank">Laura Bush</a>, wife of the president.<br>
• 41 - <a href="https://en.wikipedia.org/wiki/George_H._W._Bush" target="_blank">George H. W. Bush</a>, 41st president of the United States and father of the president.<br>
• JWB - <a href="https://en.wikipedia.org/wiki/Jenna_Bush_Hager" target="_blank">Jenna W. Bush</a>, daughter of the president.<br>
• BPB - <a href="https://en.wikipedia.org/wiki/Barbara_Bush_%28born_1981%29" target="_blank">Barbara P. Bush</a>, daughter of the president.<br>
• CRAWFORD - The <a href="https://en.wikipedia.org/wiki/Prairie_Chapel_Ranch" target="_blank">Prairie Chapel Ranch</a> of president Bush near Crawford, Texas.<br>
• Secretary EVANS - <a href="https://en.wikipedia.org/wiki/Donald_Evans" target="_blank">Donald L. Evans</a>, Secretary of Commerce from 2001-2005.<br>
<br>
• ROBERT - ?<br>
• JARED - Jared Weinstein, special assistant and personal aide from 2006 to 2009.<br>
• SAM - ? <br>
• KAREN - (Karen Hughes?) <br>
• ASHLEY - (Ashley Kavanaugh?)<br>
• USHERS - <a href="https://en.wikipedia.org/wiki/Stephen_W._Rochon" target="_blank">Stephen W. Rochon</a>, Chief Usher of the White House from 2007 to 2011.<br>
<br>
• LINE 1 - Outgoing or incoming phone line<br>
• LINE 2 - Outgoing or incoming phone line<br>
• LINE 3 - Outgoing or incoming phone line<br>
</font>
</div>
<br>
<br>
<br>
<font size="+2">President Bush' primary contacts</font><br>
<br>
The names on these speed dial buttons give us some insights into the people president Bush was in contact with. In the first place, represented by the first two rows of buttons, this were West Wing staff members, like the Chief of Staff, his deputies, seniors advisors and assistants. In the third row we see the press secretary and the president's speechwriter as well as the Physician to the President.<br>
<br>
The buttons of the fourth row show that president Bush had direct lines only to the Secretary of State and the Secretary of Defense. The same group includes buttons for the Director of National Intelligence (DNI) and the director of the Central Intelligence Agency (CIA), despite the fact that in 2005, the newly created DNI <a href="https://abcnews.go.com/Politics/wireStory/biden-chooses-veteran-diplomat-burns-cia-director-75173251" target="_blank">replaced</a> the director of the CIA as a Cabinet member.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlrBIzEQbjOpVv_NM8Uq3QsvhicFXD0xN6sCnA9PScemTqMfCWQkUOfRQ35NNYPxQShKh_YoidQGpnhPRM56omO9tDxwGoZkGdBwxRehFu6nScSzMuSlf_pWyL8csUPGksR29XpcUNovk/s515/bush-ist2-2008.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="357" data-original-width="515" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlrBIzEQbjOpVv_NM8Uq3QsvhicFXD0xN6sCnA9PScemTqMfCWQkUOfRQ35NNYPxQShKh_YoidQGpnhPRM56omO9tDxwGoZkGdBwxRehFu6nScSzMuSlf_pWyL8csUPGksR29XpcUNovk/s515/bush-ist2-2008.jpg"/></a></div>
<div align="center">
<font size="2">
George W. Bush using the IST-2 telephone for calling the<br>
British prime minister Gordon Brown, October 7, 2008<br>
<font color="gray">(White House photo by Eric Draper - click to enlarge)</font>
</font>
</div>
<br>
<br>
The next five speed dial buttons show which people president Bush could call directly even when they were at home: Vice President Cheney, Chief of Staff Bolten, National Security Advisor Hadley, Secretary of State Condoleezza Rice and Counselor Ed Gillespie.<br>
<br>
After these first five rows, there's one row in which the buttons are blank - apparently there were no more people who president Bush needed to call directly (unlike Obama, who used all 50 buttons - see below).<br>
<br>
The lower half of the speed dial buttons were used for mixed sets of contacts:<br>
<br>
Five buttons positioned in an L-shape connected the President to the various communication centers of the White House: first the famous <a href="http://electrospaces.blogspot.com/2012/01/inside-white-house-situation-room-sit.html">Situation Room</a> in the basement of the West Wing, which is not only a conference room, but also includes a watch center that is operational 24/7.<br>
<br>
Another button was labeled "HOS Conference" which means it was used to conduct phone calls to foreign Heads Of State (HOS). These are <a href="https://www.syracuse.com/opinion/2019/09/i-listened-to-dozens-of-presidential-phone-calls-heres-why-its-done-commentary.html" target="_blank">conference calls</a> because translators, advisers and staffers from the <a href="https://en.wikipedia.org/wiki/United_States_National_Security_Council" target="_blank">National Security Council</a> (NSC) listen in to translate and take notes of the content of such conversations.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQ9OI7kfLdfLARus3kyOZ0wxcT-JSFh6ihzWLEqvwUsb7YrJ6mxikoXCu-xx_AKN2jn42HASKd3-AQYyO4KRrNcywt8CVIlcOft_3V21uQqdhdJiH7sCe0_cYHXthYb6Nu44Bz_j9XQng/s825/ist2-obama-aides.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="550" data-original-width="825" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQ9OI7kfLdfLARus3kyOZ0wxcT-JSFh6ihzWLEqvwUsb7YrJ6mxikoXCu-xx_AKN2jn42HASKd3-AQYyO4KRrNcywt8CVIlcOft_3V21uQqdhdJiH7sCe0_cYHXthYb6Nu44Bz_j9XQng/s825/ist2-obama-aides.jpg"/></a></div>
<div align="center">
<font size="2">
Aides listening in to a phone call by president Obama, March 29, 2009.<br>
<font color="gray">(White House photo by Pete Souza - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
The next three speed dial buttons are for switchboard operators, who can connect the President to anyone who cannot be reached through one of the direct line buttons on the Oval Office phone:<br>
<br>
<div class="blockquote">
First there's the so-called <b>Signal switchboard</b> operated by military personnel of the <a href="https://en.wikipedia.org/wiki/White_House_Communications_Agency" target="_blank">White House Communications Agency</a> (WHCA). The phone buttons show that this switchboard has an operator for non-secure calls and one for secure communications.<br>
<br>
A third button is for the operator of the <b>White House Switchboard</b>, which <a href="https://www.nytimes.com/1983/03/14/us/whitehouse-a-switchboard-that-is-justly-fabled.html" target="_blank">manages</a> the internal telephone system of the White House which is used for internal and external unclassified phone calls.<br>
</div>
<br>
Another group of buttons is for family members of president Bush: his wife Laura, his father ("41"), and his daughters Jenna and Barbara, as well as Bush' ranch in Crawford, Texas. Interesting is the button for Donald L. Evans who seems to be included here not because of his job as Secretary of Commerce from 2001-2005, but because of his longtime friendship with Bush.<br>
<br>
This brings us to the final group of buttons, with labels that only mention first names, probably of Bush' more personal advisors. One of them was Jared Weinstein, his special assistant and personal aide, but it's less clear who the other four (Robert, Sam, Karen, Ashley) were. When readers of this blog post think they can identify them, please leave a comment.<br>
<br>
A final speed dial button is for the ushers of the White House, led by the Chief Usher, who is the general manager of the building and <a href="https://www.whitehousehistory.org/questions/who-is-the-chief-usher" target="_blank">oversees</a> the butlers, maids, housekeepers, chefs, cooks, doormen, and many others.<br>
<br>
<br>
<br>
<font size="+2">The IST-2 telephone under Obama</font><br>
<br>
In January 2009, the office of President of the United States was taken over by <a href="https://en.wikipedia.org/wiki/Barack_Obama" target="_blank">Barack Obama</a>. On his desk in the Oval Office he found an IST-2 telephone like the one used by his predecessor, but now of course with labels for all the new staff members, cabinet secretaries and other people who Obama liked to call. <br>
<br>
<br>
<div align="center">
<img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnDHaMVS11uQdJ42d4UahymRTuW3hXLhZUW3IKtR1eRJJN4RlM1Unf941g8jBp12q1d0PMNCcDERnuwxr2Ws-EWMvxQYWErk0GAQ5WC6PCmvoQCjluzUwKXwb3hPculIc-HI016u-yEkQ/s1600/ist2-ovaloffice.jpg" width="500" title="An IST-2 telephone on Obama's desk, March 29, 2009"><br>
<font size="2">The IST-2 telephone on Obama's desk, March 29, 2009<br>
<font color="gray">(White House photo by Pete Souza)</font>
</font>
</div>
<br>
<br>
Another difference with the IST-2 used by president Bush was that the speed dial buttons on Obama's phone had a different color scheme: while under Bush there was a different color for each type of contacts, under Obama the buttons were only yellow or green. The arrangement, however, was roughly the same, as can be recognized by the three line buttons, which were pink under Bush and white under Obama.<br>
<br>
Comparing the other buttons indicate that the colors on Obama's IST-2 represent the <a href="https://www.electrospaces.net/2013/09/the-us-classification-system.html#classification">classification level</a>: green for Unclassified and yellow for Top Secret/SCI. This is confirmed by the three buttons above the white line buttons: Signal Operator: green; Secure Operator: yellow; White House Operator: green. It shows that most of the president's contacts could be reached via a secure line, likely not much different than under Bush.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijaT_esiyEWmOsAVyBlJmUCl2aKKTsgNmJ8MVxfbi7s7ETa2F68TjlpiXBtyzb0RqvbVqwpBsGqEYxFeW14WIFfAeQsATucXqmVFuofN2TGeNhtd43mvZnG9CBaa-66p6BKcn7Vagp9YU/s1000/ist2-obama-turned.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="802" data-original-width="1000" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijaT_esiyEWmOsAVyBlJmUCl2aKKTsgNmJ8MVxfbi7s7ETa2F68TjlpiXBtyzb0RqvbVqwpBsGqEYxFeW14WIFfAeQsATucXqmVFuofN2TGeNhtd43mvZnG9CBaa-66p6BKcn7Vagp9YU/s1000/ist2-obama-turned.jpg"/></a></div>
<div align="center">
<font size="2">
The IST-2 phone on Obama's desk, March 24, 2009 - photo rotated for comparison<br>
<font color="gray">(photo: Brooks Kraft LLC/Corbis via Getty Images - click to enlarge)</font>
</font>
</div>
<br>
<br>
Although it was certainly useful to have just one telephone for both secure and non-secure calls, the IST-2 was probably found a bit too military looking for Obama. Maybe the speed dial buttons also attracted a bit too much attention, so a custom cover plate was made in order to prevent visitors from seeing who the president's primary phone contacts were:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjugVR9xoactvK9b21JoZfkgi4ZOaq0xHMdVtGhVKuvPQTW5DBaKIgHXyfPV83w41slBDjC_SM7sHVHtzyA2l0eYU8lLnq21uR1Gv11FUogR9nD_zL6BMArazzMjTdLW8hlMSe-E8oNAyo/s800/obama-ist2-cover.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="450" data-original-height="460" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjugVR9xoactvK9b21JoZfkgi4ZOaq0xHMdVtGhVKuvPQTW5DBaKIgHXyfPV83w41slBDjC_SM7sHVHtzyA2l0eYU8lLnq21uR1Gv11FUogR9nD_zL6BMArazzMjTdLW8hlMSe-E8oNAyo/s800/obama-ist2-cover.jpg"/></a></div>
<div align="center">
<font size="2">
Obama's IST-2 telephone with cover plate, August 31, 2010.<br>
<font color="gray">(photo: J. Scott Applewhite/AP - click to enlarge)</font>
</font>
</div>
<br>
<br>
In the Spring of 2011, the IST-2 on Obama's desk was eventually replaced by two more common, commercially available phone sets: a black Avaya/Lucent 8520T that had been part of the internal White House telephone network already since 1996, and a <a href="http://www.cisco.com/en/US/products/ps8538/index.html" target="_blank">Cisco 7975G Unified IP Phone</a> for the new Executive Voice over Secure IP-network which is used for Top Secret phone calls.<br>
<br>
<div align="right">
> See: <a href="https://www.electrospaces.net/2017/01/the-presidential-communications.html">The presidential communications equipment under Barack Obama</a><br>
</div>
<br>
<br>
<br>
<b>Links and sources</b><br>
<font size="2">
- Weblog: <a href="https://whcacannonball.blogspot.com/" target="_blank">About The White House Communications Agency from 1965 to 1974... and Beyond</a><br>
- Jerry Proc: <a href="http://www.jproc.ca/crypto/hotline_phones.html" target="_blank">Hotline Telephones - Making Sense of the Colours and their Use</a> (2018)<br>
- Cryptome: <a href="https://cryptome.org/2012-info/obama-phones/0015.htm" target="_blank">Obama Phones</a> (2012)<br>
</font>
<br>P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com1tag:blogger.com,1999:blog-4559002410879446409.post-4099537666143072382021-01-26T21:27:00.041+01:002024-01-05T01:47:10.433+01:00The phones in president Biden's Oval Office<div align="right"><font size="2" color="gray">(Updated: January 5, 2024)</font></div>
<br>
On January 20, <a href="https://en.wikipedia.org/wiki/Joe_Biden" target="_blank">Joseph R. Biden Jr.</a> was inaugurated as the 46th president of the United States. As such he has access to the presidential communications system, including secure and non-secure telephone lines.<br>
<br>
Here, I will discuss a small and unnoticed change in the <a href="#phones"><b>telephones</b></a> on the desk of the new president, as well as what happened to the <a href="#button"><b>call device</b></a> that became known as Trump's "Diet Coke Button".<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCV4Rz1fbjZENUE1B4ywUH40V65b7Z8XKuFp8X4o7qdQcdVgoJUi5xJdfV2_hGwBRllsOpeFLe_RWAa9pLss9Ih4jky95W_zn12WI2ho5Cw34ugCKFKQVXPBICKmVa3Uddqu7G1y-EbaI/s1200/biden-phones-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="563" data-original-width="1200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCV4Rz1fbjZENUE1B4ywUH40V65b7Z8XKuFp8X4o7qdQcdVgoJUi5xJdfV2_hGwBRllsOpeFLe_RWAa9pLss9Ih4jky95W_zn12WI2ho5Cw34ugCKFKQVXPBICKmVa3Uddqu7G1y-EbaI/s1200/biden-phones-header.jpg"/></a></div>
<div align="center">
<font size="2">
President Joe Biden in the Oval Office, January 20, 2021.<br>
<font color="gray">(click to enlarge)</font><br>
</font>
</div>
<br>
<a name="phones"></a>
<br>
<br>
<font size="+2">The telephones on Biden's desk</font><br>
<br>
Already on his first day as president, Biden went to the <a href="http://www.whitehousemuseum.org/west-wing/oval-office.htm" target="_blank">Oval Office</a> of the White House to sign a range of executive orders.<br>
<br>
By then, this famous room had already been <a href="https://edition.cnn.com/2021/01/20/politics/inside-joe-biden-oval-office/index.html" target="_blank">redecorated</a> with new paintings, busts and photographs, while Trump's beige rug had been replaced by the deep blue one from Bill Clinton's Oval Office. The <a href="https://en.wikipedia.org/wiki/Flags_of_the_United_States_Armed_Forces" target="_blank">flags of the five branches</a> of the US Armed Forces have also been removed.<br>
<br>
A close look at the photos shows that there was also a small change in the telephone equipment. On Biden's presidential desk there are now two identical phone sets, which can be identified as the high-end <a href="https://www.cisco.com/c/en/us/products/collaboration-endpoints/ip-phone-8851/index.html" target="_blank">Cisco IP 8851 Phone</a>:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicw4skWo358VkKL4hPFRWXjmWcVrZlEg0pdxgVOliRZTlDOVquaS0A__NBVGkjzXHCQeZSLFjb1M0b3VDCBthQ2MHkd7EAnpsfuFTzZj8RKhp8wD3ob5l-BK7CJISf9uepEcf9mQwTHYE/s600/biden-ovaloffice-phones.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="389" data-original-width="600" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicw4skWo358VkKL4hPFRWXjmWcVrZlEg0pdxgVOliRZTlDOVquaS0A__NBVGkjzXHCQeZSLFjb1M0b3VDCBthQ2MHkd7EAnpsfuFTzZj8RKhp8wD3ob5l-BK7CJISf9uepEcf9mQwTHYE/s600/biden-ovaloffice-phones.jpg"/></a></div>
<br>
<br>
Both phones are not the standard commercially available model, however, as they have been modified by a small communications security company called <a href="http://www.advprograms.com/" target="_blank">Advanced Programs, Inc.</a> (API). This can be recognized by the dark gray metal box at the back side of the phone's color display and an additional red button on the front panel of the phone:<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-BHDmDUiyDBGMWUnInjs98nfxUnHB1AQoMwGoeKxXpl96en9NNOPKuv4hPDUAmqYWvWNu_SoyqG_r53STUiSmGTPBfCFxBb0I1wqKZ0QTPwX_6C2WjDu1QcLm7wcf1lDFVeLnQ1-EHKc/s320/api-cisco8841-button.jpg" width="150" /></div>
<br>
The purpose of these modifications is to provide on-hook security for the handset and the speakerphone and probably also for <a href="https://en.wikipedia.org/wiki/Tempest_(codename)" target="_blank">TEMPEST</a> protection - to make sure that the phone cannot, either accidentally or deliberately, pick up and transmit audio when the handset is on-hook. <br>
<br>
<br>
Comparing the two phones on Biden's desk with the ones used by president Trump, we see that under Trump only one of the Cisco 8851 IP phones had the aforementioned modifications. The other phone was the standard model:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIAKDVAPWPQyie8D3TzedY5xSdRcnXmGmxsE6T5Ur5X2pRU38lyttf3VojX0_eHQepo9D31WDtiYgImqzUI519GrDRyH_H0SLK_YIs1dIbS6EVqfrKP_WRIdz19dZZzMeLByy23iwBbRM/s1024/trump-ovaloffice-20201203.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="683" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIAKDVAPWPQyie8D3TzedY5xSdRcnXmGmxsE6T5Ur5X2pRU38lyttf3VojX0_eHQepo9D31WDtiYgImqzUI519GrDRyH_H0SLK_YIs1dIbS6EVqfrKP_WRIdz19dZZzMeLByy23iwBbRM/s1024/trump-ovaloffice-20201203.jpg"/></a></div>
<div align="center">
<font size="2">
Former president Donald Trump in the Oval Office, December 3, 2020.<br>
<font color="gray">(photo: Doug Mills/The New York Times - click to enlarge)</font><br>
</font>
</div>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2017/02/trumps-beautiful-oval-office-phones-and.html">Trump's "beautiful" Oval Office phones and what was changed on them</a><br>
</div>
<br>
<br>
<b>Unclassified phone calls</b><br>
<br>
The modified Cisco 8851 IP phone was placed on the president's desk by the end of 2016, replacing an old Avaya/Lucent 8520T of the internal White House telephone network which is used for all kinds of unclassified phone calls.<br>
<br>
This telephone connects to the regular <a href="https://library.whitehousehistory.org/fotoweb/archives/5025-Premium-Images/Main%20Index/White%20House%20Staff/1128611.tif.info" target="_blank">White House switchboard</a> in the basement of the <a href="https://en.wikipedia.org/wiki/Eisenhower_Executive_Office_Building" target="_blank">Eisenhower Executive Office Building</a>, where operators can set up calls to whoever the president wants to speak with.<br>
<br>
<br>
<b>Classified phone calls</b><br>
<br>
The standard, unmodified Cisco 8851 IP phone on Trump's desk was for the highly secure Executive Voice over Secure IP-network which is part of the Crisis Management System (CMS) and connects the President, the National Security Council, Cabinet members, the Joint Chiefs of Staff, various intelligence agency headquarters and watch centers, as well as <a href="https://en.wikipedia.org/wiki/United_States_federal_government_continuity_of_operations" target="_blank">Continuity of Operations</a> (COOP) sites.<br>
<br>
This telephone replaced an old Cisco 7975 IP phone in September 2017 and connects to the so-called Signal switchboard of the <a href="https://en.wikipedia.org/wiki/White_House_Communications_Agency" target="_blank">White House Communications Agency</a> (WHCA). The WHCA is a joint military unit that provides the president with secure and non-secure communications in Washington as well as during presidential travels. The Signal board also connects to the <a href="https://www.electrospaces.net/2012/01/inside-white-house-situation-room-sit.html">White House Situation Room</a>.<br>
<br>
<br>
Despite being used for classified conversations, the Cisco 8851 IP phone for secure calls wasn't equipped with the additional security features like the non-secure telephone - probably because secure calls travel over a separate, encrypted network, which mitigates the risk that adversaries can abuse the phone's microphones for eavesdropping.<br>
<br>
But now, under president Biden, the phone for secure calls also has the modifications for on-hook security. Maybe this was considered safer, or maybe it's just to make both phone sets look the same, so outsiders cannot see whether the president is making a classified or an unclassified phone call based upon which telephone he is using.<br>
<br>
<br>
Usually, the phones for the secure top-level telephone network can be recognized by a bright yellow faceplate, as can be seen at the <a href="https://www.electrospaces.net/2017/11/trumps-communications-equipment-outside.html">modified Cisco IP phone</a> that is used when the president is outside the White House, for example.<br>
<br>
Yellow is the color code for the highest classification category: <a href="http://electrospaces.blogspot.com/2013/09/the-us-classification-system.html#sci" target="_blank">Top Secret/SCI</a>, but in the Oval Office this would probably stand out too much, so here this phone just has the presidential seal in the bottom left corner of the black display section:<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVs0ujw-g2DgZ2aHaB-DdyspkHJW_VNrdAmKoPBMuWJEoc6ud03zf-PzDwNhgopJJKQkz8UqjtUIt35VQqeYf9THrItNSvO59V-ch1IHGhqjNmb_ke74T91PXNDkxizcFcA4TUyqVFuro/s792/cisco8851-securephone.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="450" data-original-height="519" data-original-width="792" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVs0ujw-g2DgZ2aHaB-DdyspkHJW_VNrdAmKoPBMuWJEoc6ud03zf-PzDwNhgopJJKQkz8UqjtUIt35VQqeYf9THrItNSvO59V-ch1IHGhqjNmb_ke74T91PXNDkxizcFcA4TUyqVFuro/s792/cisco8851-securephone.jpg"/></a></div>
<div align="center">
<font size="2">
Close-up of the presidential seal on a Cisco 8851 IP phone<br>
</font>
</div>
<br>
<br>
<blockquote>
<b>Update #1:</b><br>
<br>
Around the first of February 2021, there was another small change in the phone on Biden's desk in the Oval Office: as can be seen in the picture below, the Cisco IP phone on the left, which is used for unclassified conversations, now has an <a href="https://www.cisco.com/c/nl_nl/support/collaboration-endpoints/ip-phone-8851-8861-key-expansion-module/model.html" target="_blank">Key Expansion Module</a> attached to it, which provides 14 additional programmable direct line buttons.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZOwZv7P1TTltNzvYBoRJIcKOJSUt1s24btwoFgBnRnF3gqfYuwduaUkmg4GKvxF4lzW_9x_O3t99k1rgPA6IRK7k38wTj94UUDo3jQe_3zCIN3lUNfBkgnCgdty-MJlKGv0YgQ84VP_Y/s1100/biden-ovaloffice20210202.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="618" data-original-width="1100" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZOwZv7P1TTltNzvYBoRJIcKOJSUt1s24btwoFgBnRnF3gqfYuwduaUkmg4GKvxF4lzW_9x_O3t99k1rgPA6IRK7k38wTj94UUDo3jQe_3zCIN3lUNfBkgnCgdty-MJlKGv0YgQ84VP_Y/s1100/biden-ovaloffice20210202.jpg"/></a></div>
<div align="center">
<font size="2">
President Biden's desk in the Oval Office. One of the Cisco 8851 IP phones<br>
having an additional Key Expansion Module, February 2, 2021<br>
<font color="gray">(photo: AFP via Getty Images - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
Under Obama, the old Cisco 7975 IP Phone for secure calls had a similar expansion module, but under president Trump that module was removed. Apparently he saw no need for having the extra direct line buttons, probably because he could always make calls via the White House switchboard operator, but it also symbolized that there was only a very small group of people he was in contact with.<br>
<br>
<br>
<b>Update #2:</b><br>
<br>
On February 18, 2021, the White House <a href="https://twitter.com/POTUS/status/1362536116197470210" target="_blank">released</a> a photo in which we see president Biden in the <a href="http://www.whitehousemuseum.org/west-wing/presidents-outer-office.htm" target="_blank">office</a> of his secretary, just outside the Oval Office. On the desk in front of him are the same modified Cisco 8851 IP phone sets as on his own desk, although here, <i>both</i> have an additional Key Expansion Module.<br>
<br>
In the Oval Office, the phones have brown network cables to blend in with the furniture, but in the secretary's office the cables are color-coded: green for the Unclassified network and yellow for the Top Secret/SCI telephone network:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSFoDMJ2SnsSKFuIPoShUFGlFPZisw-ZNxfUw5EnTsn1X815T7gaxearFZDADzufmC3d9VKCtqK9WFfd2eNrtt5_NCTq-cQpegbs1gbiDg-EE_KHi_FjFcRCzPm4yEHOTCfmdPGLUZs08/s1024/biden-secretary.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="681" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSFoDMJ2SnsSKFuIPoShUFGlFPZisw-ZNxfUw5EnTsn1X815T7gaxearFZDADzufmC3d9VKCtqK9WFfd2eNrtt5_NCTq-cQpegbs1gbiDg-EE_KHi_FjFcRCzPm4yEHOTCfmdPGLUZs08/s1024/biden-secretary.jpg"/></a></div>
<div align="center">
<font size="2">
President Biden watches the landing of NASA's Perseverance vehicle on Mars<br>
<font color="gray">(White House photo, February 18, 2021 - click to enlarge</font>)<br>
</font>
</div>
<br>
<br>
<b>Update #3:</b><br>
<br>
On December 22, 2023, <a href="https://en.wikipedia.org/wiki/Architectural_Digest" target="_blank">Architectural Digest</a> released a video in which president Biden gives a tour of the Oval Office and the less known adjacent private study and the president's dining room. In the video we see the Cisco IP phones for secure and non-secure calls on the president's desk in the Oval Office, as well as in the private study. In the dining room, there's only a phone for regular calls:<br>
<br>
<br>
<div align="center">
<iframe width="500" height="300" src="https://www.youtube.com/embed/Jzqu48uup54?si=8Jqs5TdR_GmISyq2" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe><br>
<font size="2">
(The square white device seen at 3:00 is a speed controller for a Bachmann train set)<br>
</font>
</div>
<br>
</blockquote>
<br>
<a name="button"></a>
<br>
<br>
<font size="+2">The president's call button</font><br>
<br>
While the small change in phones wasn't noticed, there was quite some media attention for something that appeared <a href="https://see.news/biden-removes-trumps-diet-coke-button-from-oval-office/" target="_blank">missing</a> on the desk of president Biden: the wooden box with the presidential seal and a red push-button, which became known as Trump's "Diet Coke Button".<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_0TLg4p-oCZQ4rhu9nBPsPZNFyFp4GW_3tr-2E1uu7G9EQECsHRiENQD497SY9jzUcwT6z6x1NNbVuT0EJqmMEob_m08I8E-yOdprNAbm8oYxLpmrSU_bVq7T5PLOi_EZdJ8dBfxFtNo/s750/ovaloffice-button.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="375" data-original-width="750" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_0TLg4p-oCZQ4rhu9nBPsPZNFyFp4GW_3tr-2E1uu7G9EQECsHRiENQD497SY9jzUcwT6z6x1NNbVuT0EJqmMEob_m08I8E-yOdprNAbm8oYxLpmrSU_bVq7T5PLOi_EZdJ8dBfxFtNo/s600/ovaloffice-button.jpg"/></a></div>
<br>
<br>
The removal of this box was just temporarily though, because meanwhile it has been placed back on the president's desk, as can be seen in this photo from January 25:<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPHUr9-T8U2zzY3bSm2DlrIOOrC8k_03YTCqlHo_3GC1DLTdx-iiGwPlLe0002Kil13cg6PXr7xt1uoluwyXmE-Cd8lbPYURBwIsd_rXO0oDd0j71HFIdh-2QYAHpCTSrHkIBFvt98BpA/s1000/biden-ovaloffice20210125.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="525" data-original-width="1000" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPHUr9-T8U2zzY3bSm2DlrIOOrC8k_03YTCqlHo_3GC1DLTdx-iiGwPlLe0002Kil13cg6PXr7xt1uoluwyXmE-Cd8lbPYURBwIsd_rXO0oDd0j71HFIdh-2QYAHpCTSrHkIBFvt98BpA/s1000/biden-ovaloffice20210125.jpg"/></a></div>
<div align="center">
<font size="2">
President Joe Biden at his desk in the Oval Office, January 25, 2021<br>
<font color="gray">(click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<b>Trump's "Diet Coke Button"</b><br>
<br>
There are a lot of stories about how president Trump used the button. Former White House communications aide Cliff Sims, for example, wrote in his 2019 book <a href="https://en.wikipedia.org/wiki/Team_of_Vipers" target="_blank"><i>Team of Vipers</i></a> that Trump would prank visitors by hitting the button and suggesting it was related to the country’s nuclear weapons arsenal.<br>
<br>
"Out of nowhere, he'd suddenly press the button," Sims wrote. "Not sure what to do, guests would look at one another with raised eyebrows" he added. "Moments later, a steward would enter the room carrying a glass filled with Diet Coke on a silver platter, and Trump would burst out laughing."<br>
<br>
On Twitter, Times Radio political commentator Newton Dunn <a href="https://twitter.com/tnewtondunn/status/1352284365854806017" target="_blank">recalled</a> a similar situation: "When Tim Shipman and I interviewed Donald Trump in 2019, we became fascinated by what the little red button did. Eventually Trump pressed it, and a butler swiftly brought in a Diet Coke on a silver platter."<br>
<br>
<blockquote>
<b>Update:</b><br>
On October 13, 2022, The Washington Post <a href="https://www.washingtonpost.com/national-security/2022/10/13/walt-nauta-maralago-trump-documents/" target="_blank">identified</a> the butler as Walt Nauta, 39, who served in the Navy and worked his way up from being a cook in the White House mess to become one of Trump's valets, spending some of his workday in a small passageway that connects the Oval Office to the small private dining room. From there, he had access to a small refrigerator stocked with Diet Cokes, which he brought to the Oval Office when Trump pressed the call button on his desk.<br>
</blockquote>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmykbhOb3e6aNVwLMC8Xn_9DCaOCIeso9jG6cizzm0KTnKaK8yl34HLwb-bAW9bd_MFpdYES_HRcrBkCoSftzi8LZkVcSY0uYC_w0huEvk5f8IF-ItKikGgBYbSRFkk0m-Z8_bbq8fPNU/s640/trump-ovaloffice-coke.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="426" data-original-width="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmykbhOb3e6aNVwLMC8Xn_9DCaOCIeso9jG6cizzm0KTnKaK8yl34HLwb-bAW9bd_MFpdYES_HRcrBkCoSftzi8LZkVcSY0uYC_w0huEvk5f8IF-ItKikGgBYbSRFkk0m-Z8_bbq8fPNU/s640/trump-ovaloffice-coke.jpg"/></a></div>
<div align="center">
<font size="2">
Trump's glass of Diet Coke in front of the Cisco 8851 IP phone for secure calls<br>
<font color="gray">(photo: Jonathan Ernst/Reuters - click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<b>Earlier usage of the call button</b><br>
<br>
The box with the <a href="https://en.wikipedia.org/wiki/Presidential_call_button" target="_blank">call button</a> is in the Oval Office already since the presidency of Bill Clinton and it's not only on the president's desk, but also on a side table in the seating area and in the small presidential <a href="http://www.whitehousemuseum.org/west-wing/presidents-dining-room.htm" target="_blank">dining room</a> nearby the Oval Office. <br>
<br>
The button has nothing to do with nuclear command and control, but can be used by the president to summon assistance. According to earlier sources, it was meant to alert the <a href="https://en.wikipedia.org/wiki/United_States_Secret_Service" target="_blank">Secret Service</a>, while others say that pushing the button makes an <a href="https://en.wikipedia.org/wiki/List_of_body_men" target="_blank">aide</a> come in for whatever the president may need.<br>
<br>
In his autobiography <i>Finding My Virginity</i> from 2017, billionaire Richard Branson <a href="https://people.com/politics/barack-obama-oval-office-red-button-richard-branson/" target="_blank">recalled</a> what president Obama once said during a lunch in the Oval Office: "As we stood up to leave I noticed the red buttons on his desk. Obama saw me looking at them," Branson wrote. "He said, 'They used to be there for emergencies, but now I use them for ordering tea for my guests.' "<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2017/01/the-presidential-communications.html">The presidential communications equipment under Barack Obama</a><br>
</div>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGUiMefQuoaUICotMe-Y_r9w-zQ2Cb3PahJgDf8zvZmJWoGb9hZrOAsE9H2ew6G-rXx9tregyO30cdDCd2sn3JrUnczjgb2V5blRhR9WBJa4QLScT1Ha5M5E90rt0atz_AVjisCats_to/s1000/bush-button-diningroom.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="653" data-original-width="1000" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGUiMefQuoaUICotMe-Y_r9w-zQ2Cb3PahJgDf8zvZmJWoGb9hZrOAsE9H2ew6G-rXx9tregyO30cdDCd2sn3JrUnczjgb2V5blRhR9WBJa4QLScT1Ha5M5E90rt0atz_AVjisCats_to/s1000/bush-button-diningroom.jpg"/></a></div>
<div align="center">
<font size="2">
President George W. Bush in the small dining room near the Oval Office<br>
On the table is the wooden box with the call button<br>
<font color="gray">(click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<br>
<b>Links & sources</b><br>
<font size="2">
<br>
- Homepage of the <a href="https://www.whitehousecommsagency.mil/" target="_blank">White House Communications Agency</a><br>
- Politico: <a href="https://www.politico.com/news/2021/02/09/biden-can-access-trump-putin-calls-468100" target="_blank">Trump hid his calls with Putin. Now, Biden has access to them.</a> (2021)<br>
- Secrecy News: <a href="https://fas.org/blogs/secrecy/2021/01/biden-nsd/" target="_blank">Biden Issues National Security Directive 1</a> (2021)<br>
- Reuters.com: <a href="https://www.reuters.com/article/us-usa-trump-diplomacy-idUSKBN1WN0H2" target="_blank">Phone calls with Trump: more risky venture than diplomatic boon</a> (2019)<br>
- People.com: <a href="https://people.com/politics/barack-obama-oval-office-red-button-richard-branson/" target="_blank">Richard Branson Reveals the Real Purpose for Barack Obama's Oval Office Red Button</a> (2017)<br>
- The Week: <a href="https://theweek.com/articles/496043/who-answers-white-house-phone-anyway" target="_blank">Who answers the White House phone, anyway?</a> (2010)<br>
- The New York Times: <a href="https://www.nytimes.com/1983/03/14/us/whitehouse-a-switchboard-that-is-justly-fabled.html" target="_blank">Whitehouse; A Switchboard That is Justly Fabled</a> (1983)<br>
</font>
<br>
<br>P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com5tag:blogger.com,1999:blog-4559002410879446409.post-57848853274440806622020-12-30T10:01:00.038+01:002021-01-23T09:25:15.955+01:00The report of a Swiss investigation into the case of Crypto AG<br>
<br>
Last month, the Swiss parliamentary intelligence oversight committee published a report about its investigation into the case of <a href="https://en.wikipedia.org/wiki/Crypto_AG" target="_blank">Crypto AG</a>, the former Swiss manufacturer of encryption systems that was secretly owned by the CIA and the German BND.<br>
<br>
The committee found that the Swiss foreign intelligence service knew about this covert ownership since 1993 and used its knowledge to decrypt foreign communications, but failed to inform the responsible minister about the case.<br>
<br>
Here I will provide a translation of the <a href="#summary"><b>summary of this report</b></a> as well as some interesting <a href="#details"><b>additional details</b></a> from the rest of the committee's report about Crypto AG in relation to the Swiss government.</a> <br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaSNOQ47vfT8QL7PYN5jLOyLHBH-ZEfThIK-Cx421lBDAukeII38ssfRzW_r1TFN523IjJeHotB9H4jrTawv0AviV5lgaKLWlWgbBqKuuXwvcsjEEzqfi0nY3MmrogWR3vrkiYufv-jdY/s800/schweiz-cryptoreport-header.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="375" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaSNOQ47vfT8QL7PYN5jLOyLHBH-ZEfThIK-Cx421lBDAukeII38ssfRzW_r1TFN523IjJeHotB9H4jrTawv0AviV5lgaKLWlWgbBqKuuXwvcsjEEzqfi0nY3MmrogWR3vrkiYufv-jdY/s800/schweiz-cryptoreport-header.jpg"/></a></div>
<br>
<a name="summary"></a>
<br>
<br>
<font size="+2">Summary of the Crypto AG report</font><br>
<br>
The Swiss parliamentary <a href="https://www.parlament.ch/en/organe/delegations/control-delegation" target="_blank">audit committee</a> for national security and the intelligence services (German: <i>Geschäftsprüfungsdelegation</i> or GPDel) started its investigation on February 13, 2020 and <a href="https://www.parlament.ch/press-releases/Pages/mm-gpdel-2020-11-10.aspx?lang=1031" target="_blank">published</a> its 64-page report about the Crypto AG case on November 10, in a <a href="https://www.parlament.ch/centers/documents/fr/bericht-gpdel-2020-11-10-f.pdf" target="_blank">French (pdf)</a> and a <a href="https://www.parlament.ch/centers/documents/_layouts/15/DocIdRedir.aspx?ID=DOCID-1-10177" target="_blank">German (pdf)</a> version.<br>
<br>
Below is a translation of the summary of this report, made from the German version by using Google Translate with the necessary manual corrections. I added some links and additional details in square brackets, as well as subheadings in bold italics for easier navigation of the text.<br>
<br>
<br>
<hr width="90%">
<br>
<blockquote>
<font size="+2"><b>The case of Crypto AG</b></font><br>
<b>Report of the audit committee of the Federal Assembly</b><br>
<br>
from November 2, 2020<br>
<br>
<hr width="80%">
<br>
<font size="+1"><b>The essentials in brief</b></font><br>
<br>
<br>
Since the Fall of 1993, the Strategic Intelligence Service (German: <i>Strategischer Nachrichtendienst</i> or SND) managed to get reliable information about Crypto AG. It learned that the company was owned by foreign intelligence agencies and exported "weak" devices, the encryption of which could be broken with a realistic effort.<br>
<br>
In order to be able to break the encryption of such devices itself, the SND began to gather technical information about their encryption methods and customer lists. Later, when the SND had become a civilian office, it managed to get enduring access to this knowledge with the consent of the American intelligence agencies.<br>
<br>
<br>
<b><i>Legal situation</i></b><br>
<br>
From a legal point of view, the parliamentary audit committee (GPDel) therefore sees it as an intelligence cooperation, like in the past it was provided in the military law and today in the Intelligence Service Act (<a href="https://www.admin.ch/opc/de/classified-compilation/20120872/index.html" target="_blank"><i>Nachrichtendienstgesetz</i></a> or NDG). From the fact that the SND and the American agencies acted by mutual agreement, it follows that the Swiss authorities share responsibility for the activities of Crypto AG.<br>
<br>
It was legally allowed that the SND and a foreign intelligence agency used a company in Switzerland to gather information about foreign countries. Given the big political implications of this cooperation, however, the GPDel considers it wrong that except for the current head of the <a href="https://en.wikipedia.org/wiki/Federal_Department_of_Defence,_Civil_Protection_and_Sport" target="_blank">Federal Department of Defence, Civil Protection and Sport</a> (VBS) none of her predecessors were informed about this operation.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqcvYeVw2Qicm51ro7XbDwbj7khdZxJuWJyUL6LEwEIoIAy4pU_pMa_XZiR4jUHhs6yEBBLEwcrw_2Rb1oDkEN03We-gb8tAULPI3go1_dipJ6CuzCB7WldV3qUApDQ-aAJ50o58zD2I8/s941/schweiz-defensedept.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="666" data-original-width="941" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqcvYeVw2Qicm51ro7XbDwbj7khdZxJuWJyUL6LEwEIoIAy4pU_pMa_XZiR4jUHhs6yEBBLEwcrw_2Rb1oDkEN03We-gb8tAULPI3go1_dipJ6CuzCB7WldV3qUApDQ-aAJ50o58zD2I8/s941/schweiz-defensedept.jpg"/></a></div>
<div align="center">
<font size="2">
The east wing of the Federal Palace (<i>Bundeshaus</i>) in Bern, Switzerland,<br>
home of the Federal Department of Defence, Civil Protection and Sport (VBS)<br>
(photo: Mike Lehmann/Wikimedia Commons - click to enlarge)<br>
</font>
</div>
<br>
<br>
<b><i>Police investigation </i></b><br>
<br>
In addition, the SND's findings on Crypto AG during the <a href="https://www.cryptomuseum.com/people/buehler/hans.htm" target="_blank">Bühler affair</a>, which was investigated by the <a href="https://en.wikipedia.org/wiki/Federal_Office_of_Police" target="_blank">federal police</a> (<i>Bundespolizei</i> or BuPo) in 1994 and 1995, should not have been withheld from the political leadership. The head of the federal military department (EMD) at the time did not learn the truth about Crypo AG via other ways either, as he explained to the GPDel.<br>
<br>
The GPDel also did not found any evidence that the government unduly influenced the investigations by the BuPo. Rather, the head of the <a href="https://en.wikipedia.org/wiki/Federal_Department_of_Justice_and_Police" target="_blank">Federal Department of Justice and Police</a> (EJPD) made an effort to clarify the ownership of the company. Ultimately, however, the BuPo had to stop its investigations without being able to answer this question. <br>
<br>
In 1994, the GPDel was informed repeatedly about the ongoing investigations of the BuPo. Just like the military and political superiors of the SND, the GPDel did not learn anything from the foreign intelligence service related to Crypto AG. The company was never subject of the information provided by the Defense Department (VBS) when the overall supervisor specifically dealt with the topic of cryptology in 2007 and 2009. <br>
<br>
<br>
<b><i>Storage and destruction of documents related to Crypto AG</i></b><br>
<br>
Especially valuable for the inspection of the GPDel were the operational files of the SND and the BuPo, which the federal intelligence service (<i>Nachrichtendienst des Bundes</i> or NDB) stored in a converted <i>K-Anlage</i> [<i>Kriegsanlage</i>, a well-hidden former <a href="https://www.nzz.ch/schweiz/operation-rubikon-das-steckt-in-den-geheimen-crypto-akten-aus-dem-kommandobunker-ld.1584366" target="_blank">command bunker</a> of the Swiss army near Bern]. Their archiving in accordance with the applicable regulations is still pending. Due to the archiving practice of the intelligence services, however, there is no guarantee that all important documents are still available. <br>
<br>
The destruction of such records was in part allowed by law and regulations, but in some cases it contradicted them. Between 2011 and 2014, the NDB destroyed documents from their correspondence with foreign partner services, instead of storing them internally as prescribed. Its inspection showed the GPDel that the destruction of files by the intelligence service is not an effective method for source protection. Rather, there is a risk that former sources can be compromised when authorities don't have the proper information. <br>
<br>
<br>
<b><i>Foreign espionage under the guise of a Swiss company</i></b><br>
<br>
Companies and organizations that operate on Swiss soil benefit from Switzerland's image as a neutral state. Accordingly, foreign intelligence services may have an interest to operate under the guise of a Swiss company to the detriment of other countries.<br>
<br>
Under certain circumstances, such a company can be guilty of the criminal offense of
forbidden intelligence service against foreign states. However, such an operation
is permissible under applicable law when a foreign agency uses such a company together with the NDB to collect information about foreign countries (cf. Art. 34 Para. 2 NDG).<br>
<br>
In the view of the GPDel, planning such an operation should include a political assessment of the possible consequences for Switzerland, as well as for any affected employees of the company. The <a href="https://en.wikipedia.org/wiki/Federal_Council_%28Switzerland%29" target="_blank">Federal Council</a> (<i>Bundesrat</i>) should therefore clarify in principle how much room for maneuver it wants to grant the Defense Department (VBS) in this regard.<br>
<br>
<br>
<b><i>Not enough attention for the supply of secure encryption devices</i></b><br>
<br>
The case of Crypto AG shows that companies under the influence of foreign intelligence services can produce devices with “weak” encryption methods. However, the GPDel assumes that Crypto AG has never supplied the “weak” encryption equipment to the Swiss authorities. Important in this case was that the Swiss authorities were able to inspect the security of the purchased devices or even influence their design. However, this is only possible with suppliers who develop and manufacture their devices in Switzerland.<br>
<br>
For security reasons, it is not responsible for the federal government to purchase encryption solutions from foreign suppliers. Right from the start, the Federal Council did not pay the necessary attention to the role that domestic suppliers play in ensuring the availability of secure encryption technology for the Swiss authorities. As the responsible department, the Defense Department (VBS) didn't analyze the risks for a reliable supply in time and informed the Federal Council about this matter.<br>
<br>
<br>
<b><i>Access to Crypto AG at the management of the intelligence services</i></b><br>
<br>
The information access to the Crypto AG was a well-kept secret at the management level of the SND. But when the Federal Intelligence and Security Service (NDB) was created [in 2010], this knowledge remained hidden for its first director. When confronted with this a few years later, he refused to take his responsibility.<br>
<br>
It was only in the summer of 2019 that the current director commissioned a position paper for this case, although he was not informed by his predecessor and it was still before the NDB learned from the research of the media about Crypto AG. However, he did not use this informational advantage to uncover the relations between Crypto AG, the NDB's predecessors and the American intelligence agencies. Instead of clarifying the legal situation and recognizing the political implications, the NDB downplayed the relevance of the Crypto AG case for the current organisation. <br>
<br>
The Defense Department (VBS), which already informed the Federal Council and the GPDel in November 2019, did not succeed in identifying the need for political action. The interdepartmental working group, which the VBS also set up, was not able to support the political leadership because of the reluctance of the NDB to provide information for the looming intelligence affair. <br>
<br>
In its application for the Federal Council meeting on December 20, 2019, the Defense Department asserted that the level of information was insufficient for a substantive discussion about the case of Crypto AG. After finding the files in the <i>K-Anlage</i>, about which the Defense Department had informed the Federal Council, this finding was no longer valid.<br>
<br>
Since the NDB had not evaluated the extensive files before the Federal Council meeting, the Council decided to establish an external committee of experts to clarify the apparently purely historical questions. With this, the Federal Council gave the strategic leadership for dealing with the Crypto AG case of the hand from the start. <br>
<br>
<br>
<b><i>Ending the parallel investigation by judge Oberholzer</i></b><br>
<br>
When the GPDel opened its inspection on February 13, 2020, former federal judge [Niklaus] Oberholzer had been active as an external expert on behalf of the Federal Council for a month, but without having access to the files from the <i>K-Anlage</i>. After the GPDel had requested all relevant files from the NDB, it recognized that the Crypto AG case went beyond pure history and was of current importance. This proved the approach of the defense department, to examine the historical and current aspects of the case separately, as not very effective.<br>
<br>
Given the various parallel investigations, the GPDel considered it necessary to discuss the unresolved coordination issues with the head of the Defense Department before the work was continued. However, when the Defense Department expanded the scope of the Oberholzer investigation before to the meeting agreed with the GPDel, the GPDel revoked its authorization to the Federal Council to commission Mr Oberholzer on February 21, 2020. As an investigative officer for the GPDel, he then reported on the intelligence-related aspects of the Crypto AG case in a secret report for the GPDel.<br>
<br>
On February 25, 2020, the GPDel discussed its revocation of the authorization with the head of the Defense Department. The subsequent written exchange with the Federal Council led to a meeting with the federal president and the head of the Defense Department on May 25, 2020, where the GPDel provided information about the most important facts about the role of the intelligence services in the case of Crypto AG. In a classified letter this information was also brought to the attention of the Federal Council.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBCdw44S87cm2bWULNK4CFJ7INt6QHw9T7zDEomhHi8x95dgxi3wqUyDUluIzN1_Rj5WqW8qetC6OLuN5cr6JEtx-d2Zbcmr_-dy57W_xYEzmHu3sqmTpX5vbRDD7y5a8x9FHiJ8-Ykys/s1335/crypto+ag+steinhausen.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="751" data-original-width="1335" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBCdw44S87cm2bWULNK4CFJ7INt6QHw9T7zDEomhHi8x95dgxi3wqUyDUluIzN1_Rj5WqW8qetC6OLuN5cr6JEtx-d2Zbcmr_-dy57W_xYEzmHu3sqmTpX5vbRDD7y5a8x9FHiJ8-Ykys/s1335/crypto+ag+steinhausen.jpg"/></a></div>
<div align="center">
<font size="2">
Former headquarters of Crypto AG in Steinhausen, Switzerland<br>
(photo: Keystone - click to enlarge)<br>
</font>
</div>
<br>
<br>
<b><i>Suspension of the export licenses for Crypto AG's successors</i></b><br>
<br>
After the meeting of the Federal Council on December 20, 2019, the <a href="https://en.wikipedia.org/wiki/Federal_Department_of_Economic_Affairs,_Education_and_Research" target="_blank">Federal Department of Economic Affairs, Education and Research</a> (WBF) decided to suspend the general export licenses for the successor companies of Crypto AG [Crypto International AG and TCG Legacy AG]. The goal was apparently to avoid unfavorable media coverage for the WBF.<br>
<br>
From the point of view of the GPDel, however, the suspension of these licenses was neither materially nor legally justified, just like the way the State Secretariat for Economic Affairs (SECO) delayed matters related to those companies. Individual export applications could still be submitted though.<br>
<br>
There were also no legal arguments against their issuance, as the export control group rightly recognized on March 4, 2020. However, due to the position of the <a href="https://en.wikipedia.org/wiki/Federal_Department_of_Foreign_Affairs" target="_blank">Federal Department of Foreign Affairs</a> (EDA), it was decided in May 2020 to submit all applications to the Federal Council for decision.<br>
<br>
<br>
<b><i>Filing a criminal complaint against Crypto AG</i></b><br>
<br>
On February 25, 2020, the SECO, with the support of the WBF, filed a criminal complaint at the federal prosecutor's office. Because of the first media coverage, the SECO suspected that by exporting "weaker" encryption technology before 2018, Crypto AG had violated individual declaration obligations from the export control law (<a href="https://de.wikipedia.org/wiki/G%C3%BCterkontrollgesetz" target="_blank"><i>Güterkontrollrecht</i></a>).<br>
<br>
Without further scrutiny, the WBF took over the argument of the SECO according to which there was a legal obligation to file a complaint. However, in an opinion at the request of the SECO, the federal prosecutor had advised against filing a criminal complaint; the SECO did not discussed the matter with other federal agencies.<br>
<br>
From the point of view of the GPDel, the criminal complaint was based on an insufficient assessment of the facts and an inadequate legal reasoning. Since the complaint was apparently made for political reasons, it should have been submitted by the Department of Economic Affairs (WBF) instead of by the SECO.<br>
<br>
<br>
<b><i>Authorization to prosecute Crypto AG</i></b><br>
<br>
On March 13, 2020, the federal prosecutor asked the Justice and Police Department (EJPD) for the authorization to prosecute the violations of the export control law as reported by he SECO. Three months later, the EJPD submitted the prosecutor's application for decision to the Federal Council. Before that, the EJPD had a discussion about it with the GPDel on May 25, 2020.<br>
<br>
The WBF for its part, requested the Federal Council on June 10, 2020 to approve all pending export applications, this although it had supported SECO's criminal complaint. After the Federal Council had postponed the issue by a week, the WBF requested to suspend the decision until the prosecutor's investigation had been finished. The Federal Council followed this proposal on June 19, 2020 and on the same day it granted the authorization to the federal prosecutor.<br>
<br>
<br>
<b><i>Violation of good faith and of the separation of powers</i></b><br>
<br>
The GPDel recognizes the coherence between the decisions of the Federal Council regarding the authorization application by the federal prosecutor and the individual export applications from the successor companies of Crypto AG. With their indefinite postponement, however, the Federal Council may have violated the principle of good faith, because in principle every Swiss company can expect an authorization of its exports, unless there are legal arguments against it.<br>
<br>
The export control law was also not a suitable means of approaching the Crypto AG case, while the criminal complaint was obviously an attempt to get rid of political responsibility by letting the justice system tackle the Crypto AG case. With this, the Federal Council ultimately linked the criminal case with the ongoing investigation of the GPDel, which was problematic given the separation of powers.<br>
<br>
</blockquote>
<hr width="90%">
<a name="fis"></a>
<br>
<br>
<font size="+1"><b>The Swiss foreign intelligence service</b></font><br>
<br>
Initially, the Swiss <a href="https://deacademic.com/dic.nsf/dewiki/1337342#Strategischer_Nachrichtendienst_.28SND.29" target="_blank">foreign intelligence service</a> (German: <i>Strategischer Nachrichtendienst</i> or SND) was part of the <i>Untergruppe Nachrichtendienst</i> (UG ND), which reported to the general staff of the Swiss army. In 2001, it was removed from the military hierarchy and turned into a civilian office, but still under the responsibility of the head of the Defense Department.<br>
<br>
On January 1, 2010, the SND was merged with the domestic security service (<i>Dienst für Analyse und Prävention</i> or DAP) into the current federal intelligence and security service (<i>Nachrichtendienst des Bundes</i> or NDB), which is also responsible for signals intelligence. <br>
<br>
Known divisions of the NDB are:<br>
<blockquote>
- NDBA for <i>Auswertung</i> (Analysis)<br>
- NDBB for <i>Beschaffung</i> (Acquisition)<br>
- NDBB-A for <i>Beschaffung Ausland</i> (Foreign Acquisition)<br>
- NDBB-I for <i>Beschaffung Inland</i> (Domestic Acquisition)<br>
- NDBS for <i>Steuerung und Lage</i> (Coordination)<br>
- NDBU for <i>Unterstützung</i> (Support)<br>
</blockquote>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpm8S7xdrEAFv2Re0REhPQVgm4Od14pto7KbbrbCZhOblNFGH12nYylYzeWFpyAd8sET5byLu_gWbUlMXX-rYaq2j38X-p-D7qKeYQrahdh3-3tpurFDKjXJzEDF9zeqGIDCeMXPq9fjg/s900/schweiz-ndb.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="599" data-original-width="900" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpm8S7xdrEAFv2Re0REhPQVgm4Od14pto7KbbrbCZhOblNFGH12nYylYzeWFpyAd8sET5byLu_gWbUlMXX-rYaq2j38X-p-D7qKeYQrahdh3-3tpurFDKjXJzEDF9zeqGIDCeMXPq9fjg/s900/schweiz-ndb.jpg"/></a></div>
<div align="center">
<font size="2">
Headquarters of the <i>Nachrichtendienst des Bundes</i> (NDB) in Bern, Switzerland<br>
(photo: Samuel Schalch - click to enlarge)<br>
</font>
</div>
<br>
<a name="details"></a>
<br>
<br>
<font size="+2">More details from the Crypto AG report</font><br>
<br>
Besides the general conclusions as translated above, the GPDel report about the Crypto AG case also contains some more detailed information that is worth to be translated:<br>
<br>
<br>
<b>The MIVERVA report</b><br>
<br>
The NDB provided the parliamentary audit committee (GPDel) with a copy of the internal CIA report about Crypto AG. This report is titled "MINERVA - A History" and describes how since the 1950s, US intelligence agencies cooperated with the Swedish owner of Crypto AG and was taken over by CIA and BND in 1970. The report includes the withdrawel of the Germans from the operation in 1993 and ends in 1995. The MINERVA report was written after the year 2000 with input from representatives of the BND.<br>
<br>
It seems that around 2005, the Germans were provided a copy of the report and prepared additional assessments. This version of the American report, together with German documents, came in the hands of the press, which in February 2020 published about certain sections of the report. The full MINERVA report of almost 100 pages has not yet been released.<br>
<br>
The GPDel analyzed the MINERVA report and additional information from the NDB confirmed the authenticity of the document. Regarding the situation in Switzerland, the report is not always accurate and contains small mistakes. Apparently the American authors were not very familiar with Switzerland and its government. (p. 9-10)<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/p/cia-codewords-and-abbreviations.html#crypto">Codewords related to Crypto AG</a><br>
</div>
<br>
<br>
<b>Acquiring and using information about weakened algorithms</b><br>
<br>
Since the autumn of 1993, the SND got informed about the fact that Crypto AG was owned by American and German intelligence services and that the company built encryption devices with weaker algorithms. The SND aimed at breaking the encryption of these weakened devices themselves and gathered technical information about the encryption methods of the exported Crypto AG devices. This knowledge could also be used to identify weak encryption methods used in devices bought by Swiss customers. (p. 20)<br>
<br>
This search for information about the weak algorithms continued after the SND became a civilian office in 2001 and was only successful because American intelligence agreed that Switzerland got the necessary information but only as far as necessary. (p. 20)<br>
<br>
<blockquote>
It should be noted that the Swiss intelligence service was not a member of the secretive <a href="https://www.electrospaces.net/2020/05/maximator-and-other-european-sigint.html">Maximator</a> alliance, in which the signals intelligence agencies of Denmark, Sweden, Germany, the Netherlands and France cooperated since 1976. Part of this cooperation was breaking the codes of diplomatic communications, for which the alliance members exchanged the algorithms used in the deliberately weakened encryption devices made by Crypto AG.<br>
</blockquote>
<br>
In order to actually use its knowledge about the weakened encryption methods for national security interests, the SND also had to gain access to encrypted communications. Interception of radio communications was conducted by a unit of the Swiss army (<i>Führungsunterstützungsbasis der Armee</i> or FUB).<br>
<br>
After modernizing systems to intercept short wave (high frequency) radio communications, Switzerland started to set up a system to intercept satellite links, which is codenamed <a href="https://en.wikipedia.org/wiki/Onyx_%28interception_system%29" target="_blank">Onyx</a> and became fully operational in 2006. The decryption capabilities were integrated in the interception process managed by the SND. (p. 20)<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAUJy_JA-3wtw_5o9OstRfzvzB-4p4zoRB9i_7kn-hYccWoGDlcFxG5x_V4R8v-5OtLWkmCbQwPUwp-Y3caagozTwKlxOREKfzAqZ4YFG0JWeXigrqhfnUo8P8fGbhSKAgbVvOxlDOq_Y/s1280/schweiz-onyx.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="960" data-original-width="1280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAUJy_JA-3wtw_5o9OstRfzvzB-4p4zoRB9i_7kn-hYccWoGDlcFxG5x_V4R8v-5OtLWkmCbQwPUwp-Y3caagozTwKlxOREKfzAqZ4YFG0JWeXigrqhfnUo8P8fGbhSKAgbVvOxlDOq_Y/s1280/schweiz-onyx.jpg"/></a></div>
<div align="center">
<font size="2">
The Onyx satellite intercept station in Leuk, Switzerland<br>
(photo: Martin Steiger/Wikimedia Commons - click to enlarge)<br>
</font>
</div>
<br>
<br>
<b>Knowledge about Crypto AG at the SND and the NDB</b><br>
<br>
At the SND the information about Crypto AG was a closely held secret. Only the head of the SND (Fred Schreier) and his successors (Hans Wegmüller and Paul Zinniker) and no more than two other employees of the SND knew about it. The director of the newly created NDB, Markus Seiler, was (orally) informed about the existence of weak Crypto AG devices when he assumed office in 2010. (p. 21)<br>
<br>
Only during his last year in office, 2017, Seiler was also informed about what made his organization able to decrypt the weak algorithms, but he declined to accept a note about further options. Vice-director Paul Zinniker supported him in not taking further actions. The former heads of the Swiss Defense Department (VBS) were not informed about the fact that Crypto AG was under control of American intelligence and that Swiss intelligence was using its knowledge about the weak algorithms. (p. 21)<br>
<br>
In the spring of 2019, the current director of the NDB, <a href="https://de.wikipedia.org/wiki/Jean-Philippe_Gaudin" target="_blank">Jean-Philippe Gaudin</a>, got basically the same information about Crypto AG as his predecessor two years earlier. But this time, Gaudin requested a detailed presentation and demanded a written position paper. On August 19, 2019, Gaudin also informed the head of the Defense Department (p. 21)<br>
<br>
Mid-October 2019, the NDB was provided with a copy of the MINERVA report and its director was informed about its contents. As of the end of October there was an increase in the communications between the NDB, the American and other foreign intelligence services, also in order to anticipate the media coverage about the MINERVA report. (p. 22)<br>
<br>
<br>
<b>Awareness about weaknesses in encryption devices</b><br>
<br>
In 2007, the GPDel was briefed about how the SND's decryption capabilities are integrated in the process of intercepting foreign communications. A fact sheet showed that many manufacturers of encryption devices built in weaknesses for some of their customers. Behind this practice were the intelligence agencies of the United States and some of its allies. However, other states with the proper capabilities, like Switzerland, could also benefit from this. (p. 23)<br>
<br>
According to the GPDel, the knowledge about the weakened Crypto AG devices provided useful intelligence for Switzerland as it could be used to decrypt the communications from foreign targets and exchange information with foreign intelligence services, which also strengthed the position of Switzerland. However, it should also be noticed that encryption methods and access to relevant communications are changing continously and know-how can rapidly loose its value. (p. 27)<br>
<br>
The GPDel found that it was possible to identify weaknesses in various types of encryption devices used by Swiss institutions and to repair the deficiencies. This shows how important it is to have good insights on domestic manufacturers and influence the quality of their products. (p. 27) The GPDel was assured that all inspections made clear that Crypto AG never provided weak encryption devices to Swiss government agencies - unlike another company. (p. 31)<br>
<br>
<br>
<b>A second Swiss company selling weakened encryption devices</b><br>
<br>
From hand-written notes from the head of the Defense Department, the GPDel learned that the security of encryption devices used by federal agencies had regularly been a talking point between the director of the SND and the head of the Defense Department. Somewhere between 2002 and 2008 it became clear that a Swiss manufacturer (not being Crypto AG) had sold unsecure equipment to the federal government and two large corporations. After learning about this, the Defense Department took measures to close the hole. (p. 28)<br>
<br>
<blockquote>
In November 2020, the Swiss broadcaster SRF <a href="https://www.swissinfo.ch/eng/latest-news/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432" target="_blank">revealed</a> that this other Swiss company was <a href="https://www.cryptomuseum.com/manuf/omnisec/index.htm" target="_blank">Omnisec AG</a>, which was founded in 1987 and dissolved in 2018. According to SRF, Omnisec had sold less secure encryption devices from their 500-series to Swiss federal agencies and even to the secret services SND and DAP. These weakened devices were also sold to at least two private companies, including the UBS bank - around the time when the US pressed Swiss banks to lift their banking secrecy.<br>
</blockquote>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-UAwOn175fH6VOB3bbzSDXzi2Ykigd5Nnjj41ZAomCyjRN5K2VuQAt-98UqwPGuVl-3rHSBlgX2v5S1Yfr65UtwBXDvke5AjvgOpPyaFo4MN9lD30sIJuJvsghkNS8aCVW3Aa5fdr5I4/s800/schweiz-omnisec.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" data-original-height="529" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-UAwOn175fH6VOB3bbzSDXzi2Ykigd5Nnjj41ZAomCyjRN5K2VuQAt-98UqwPGuVl-3rHSBlgX2v5S1Yfr65UtwBXDvke5AjvgOpPyaFo4MN9lD30sIJuJvsghkNS8aCVW3Aa5fdr5I4/s800/schweiz-omnisec.jpg"/></a></div>
<div align="center">
<font size="2">
Former headquarters of Omnisec AG in Dällikon, Switzerland<br>
(photo: ZVG - click to enlarge)<br>
</font>
</div>
<br>
<br>
<br>
<b>Links & sources</b><br>
<font size="2">
<br>
- Swissinfo.ch: <a href="https://www.swissinfo.ch/eng/latest-news/second-swiss-firm-allegedly-sold-encrypted-spying-devices/46186432" target="_blank">Second Swiss firm allegedly sold encrypted spying devices</a> (Nov. 26, 2020)<br>
- Woz.ch: <a href="https://www.woz.ch/-b126" target="_blank">Professor Maurer und die NSA</a> (Nov. 26, 2020)<br>
- SRF.ch: <a href="https://www.srf.ch/play/tv/rundschau/video/geheimdienstaffaere-corona-im-milieu-boni-trotz-pandemie" target="_blank">Geheimdienstaffäre, Corona im Milieu, Boni trotz Pandemie</a> (Nov. 25, 2020)<br>
- Res Strehle, <i>Operation Crypto. Die Schweiz im Dienst von CIA und BND</i>, Echtzeit Verlag, Juli 2020.<br>
- CryptoMuseum.com: <a href="https://www.cryptomuseum.com/intel/cia/rubicon.htm" target="_blank">Operation RUBICON - The secret purchase of Crypto AG by BND and CIA</a><br>
</font>
<br>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com2tag:blogger.com,1999:blog-4559002410879446409.post-80659973895476688112020-11-30T12:33:00.056+01:002021-12-11T05:56:21.001+01:00The NSA tried to spy on Danish and other European targets via cable tapping in Denmark<div align="right"><font size="2" color="gray">(Updated: July 6, 2021)</font></div>
<br>
According to <a href="#denmark"><b>new revelations</b></a> by the Danish broadcaster DR, the NSA tried to use its collaboration with the Danish military intelligence service <a href="https://en.wikipedia.org/wiki/Danish_Defence_Intelligence_Service" target="_blank">FE</a> to spy on targets in some other European countries and even on targets in Denmark itself.<br>
<br>
Here, the new information about Denmark is <a href="#germany"><b>compared with Germany</b></a>, where similar accusations were raised in 2015 when it came out the the NSA provided the <a href="https://en.wikipedia.org/wiki/Federal_Intelligence_Service" target="_blank">BND</a> with thousands of selectors related to German and European targets.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguSsjOxRaCA3qqsZeaL6Kbj1XE1VmdzlsEWqPdU-cyrcZVRYrn_sOrlUv5rbOvVM7C2GoyCvCb5SyiPjRUlJM7It8WZDpWTErirMTICidNd2RqPpkxCodaJzPb3zAtQ63x2ytcCEoYxHY/s800/fe-nsa+europe+header.jpg" style="display: block; padding: 1em 0; text-align: center; " target="_blank"><img alt="" border="0" width="600" data-original-height="375" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguSsjOxRaCA3qqsZeaL6Kbj1XE1VmdzlsEWqPdU-cyrcZVRYrn_sOrlUv5rbOvVM7C2GoyCvCb5SyiPjRUlJM7It8WZDpWTErirMTICidNd2RqPpkxCodaJzPb3zAtQ63x2ytcCEoYxHY/s800/fe-nsa+europe+header.jpg"/></a></div>
<a name="denmark"></a>
<br>
<br>
<font size="+2">New revelations from Denmark</font><br>
<br>
The latest details about the cooperation between the NSA and the FE were <a href="https://www.dr.dk/nyheder/indland/hemmelige-rapporter-usa-spionerede-mod-danske-ministerier-og-forsvarsindustri" target="_blank">published</a> by the Danish broadcaster DR on November 15. This information comes from several independent sources with insight into internal reports from the FE.<br>
<br>
In these reports, the FE management was warned about possible illegalities in the cable tapping operation that the Danish military intelligence service FE conducted in cooperation with the NSA.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html">Danish military intelligence uses XKEYSCORE<br>to tap cables in cooperation with the NSA</a><br>
</div>
<br>
An IT specialist from the FE, who blew the whistle on these issues and informed the Danish intelligence oversight board in November 2019, prepared or was involved in preparing at least two of these internal reports, according to DR News.<br>
<br>
These two reports, one from 2012 and another one from 2015, contain an analysis of the phone numbers and e-mail addresses (also known as selectors) that the NSA sent to the FE in order to collect information from the cable tap.<br>
<br>
<br>
<font size="+1"><b>Spying on Danish targets (2012)</b></font><br>
<br>
According to DR News, the analysis of the selectors from 2012 <a href="https://www.dr.dk/nyheder/indland/hemmelige-rapporter-usa-spionerede-mod-danske-ministerier-og-forsvarsindustri" target="_blank">revealed</a> that the NSA used or had used the cooperation with the FE to spy on Danish targets, including the Ministry of Foreign Affairs and the Ministry of Finance, as well as the defense company <a href="https://en.wikipedia.org/wiki/Terma_A/S" target="_blank">Terma</a>. This was discovered by an FE employee, who informed his bosses.<br>
<br>
Sources of DR News said that the NSA entered keywords into the <a href="https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html#xkeyscore">XKEYSCORE</a> system that show they searched for e-mail addresses and phone numbers belonging to specific employees at Terma.<br>
<br>
It's suspected that the Americans wanted information about Denmark's purchase of new fighter jets to replace the F-16. The Danish government eventually choose the American F-35 <a href="https://en.wikipedia.org/wiki/Joint_Strike_Fighter_program" target="_blank">Joint Strike Fighter</a>, for which Terma supplies components.<br>
<br>
<br><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEEnFXi-oxZKeBn7mTO6V7jkqmjSSEfyznZZvY7de-1eZr8nDOVJlnmzT_ilNut9oqR0AlYi6E1rkhqqhJSGsLWIzyVRqwBaa9XTbhWUukuwLAFM5-MRrvZUPaRxmcsWyJiZFT90VhijA/s2000/terma-grenaa.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="1333" data-original-width="2000" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEEnFXi-oxZKeBn7mTO6V7jkqmjSSEfyznZZvY7de-1eZr8nDOVJlnmzT_ilNut9oqR0AlYi6E1rkhqqhJSGsLWIzyVRqwBaa9XTbhWUukuwLAFM5-MRrvZUPaRxmcsWyJiZFT90VhijA/s2000/terma-grenaa.jpg"/></a></div>
<div align="center">
<font size="2">
The factory of Terma Aerostructures in Grenaa where parts<br>
for the F-35 fighter jets are produced (photo: Terma)<br>
</font>
</div>
<br>
<br>
The revelation that the NSA was trying to spy on Danish targets is quite explosive, not only because it violates the agreement between the US and Denmark, which <a href="https://www.berlingske.dk/samfund/et-pengeskab-paa-kastellet-har-i-aartier-gemt-paa-et-dybt-fortroligt" target="_blank">says</a> that "the USA does not use the system against Danish citizens and companies", but also because it would be illegal for the FE to allow foreign espionage against Danish targets.<br>
<br>
<br>
<b>Protective filter system</b><br>
<br>
Precisely to prevent that, the FE had installed a filter system to ensure that data from Danish citizens and companies is sorted out and not made searchable by XKEYSCORE, as DR News had <a href="https://www.dr.dk/nyheder/indland/ny-afsloering-fe-masseindsamler-oplysninger-om-danskere-gennem-avanceret-spionsystem" target="_blank">reported</a> on September 24.<br>
<br>
A source of the Danish newspaper Berlingske <a href="https://www.berlingske.dk/samfund/et-pengeskab-paa-kastellet-har-i-aartier-gemt-paa-et-dybt-fortroligt" target="_blank">explained</a> that during the joint cable tapping operation, the NSA provided the FE with a series of selectors related to targets of their interest. These selectors were reviewed by the FE to make sure that they were not related to Danes and then entered into the system that filters the traffic from the backbone cable.<br>
<br>
According to Berlingske, the searches on behalf of the NSA resulted in quite large data streams which were then, this time without further control by the FE, passed on to the Americans.<br>
<br>
These press reports seem not really in accordance with each other though:<br>
<br>
- The latest DR News report suggests that the NSA entered its selectors directly into <a href="https://www.electrospaces.net/2020/10/danish-military-intelligence-uses.html#xkeyscore">XKEYSCORE</a> (which is also able to perform the actual "front-end filtering") without mentioning the filter to protect Danes.<br>
<br>
- The earlier press reports, however, say that the protective filter system either sorts out Danish data before they can be searched, or that it blocks selectors related to Danish targets before they become active in the actual collection system.<br>
<br>
This is of some importance, because if the protective filter worked as described and intented, the NSA's selectors for Danish targets would not have resulted in actual intercepts - or just a very few, given that these kind of filters have no 100% accuracy.<br>
<br>
As the NSA knew about this protective filter system, they may have simply relied on the FE to block anything that would not be in accordance with the Memorandum of Agreement, even though that seems not the way it should have been. <br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPJz2Jla9q6Obf6wNfN2BsSxAXWm3sK6oynmSOoD-hKpVBVvIucIgFNtU6iz0Vgki_rOI-9iw7ZyzmMXKIEwB5OD3Q4d38NFWxbdja0hGKus0deJLK9xFF7laxq_xY_sZwWlddxz8-jp8/s800/FE-Sandagergard.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="464" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPJz2Jla9q6Obf6wNfN2BsSxAXWm3sK6oynmSOoD-hKpVBVvIucIgFNtU6iz0Vgki_rOI-9iw7ZyzmMXKIEwB5OD3Q4d38NFWxbdja0hGKus0deJLK9xFF7laxq_xY_sZwWlddxz8-jp8/s800/FE-Sandagergard.jpg"/></a></div>
<div align="center">
<font size="2">
The Sandagergård complex of the FE on the island of Amager,<br>
where a data center was built specifically to <a href="https://www.dr.dk/nyheder/indland/hemmelige-rapporter-usa-spionerede-mod-danske-ministerier-og-forsvarsindustri" target="_blank">store</a> data<br>
from the joint NSA-FE cable tapping operation.<br>
<font color="gray">(Click to enlarge)</font><br>
</font>
</div>
<br>
<br>
<font size="+1"><b>Spying on European targets (2015)</b></font><br>
<br>
In 2015, another internal FE analysis of selectors <a href="https://www.dr.dk/nyheder/indland/hemmelige-rapporter-usa-spionerede-mod-danske-ministerier-og-forsvarsindustri" target="_blank">showed</a> that the NSA at that time used the cable tapping system to spy on targets in some other European countries, including Denmark's closest neighbours: Sweden, Norway, the Netherlands, Germany and France, according to DR News. <br>
<br>
Sources told the Danish broadcaster that the NSA apparently also searched for information about the pan-European <a href="https://en.wikipedia.org/wiki/Eurofighter_Typhoon" target="_blank">Eurofighter</a> and the Swedish fighter plane <a href="https://en.wikipedia.org/wiki/Saab_JAS_39_Gripen" target="_blank">Saab Gripen</a>. Both were in the race to become Denmark's new fighter aircraft, which was decided around the time that this spying happened.<br>
<br>
Unlike the first report, the second one was prepared some two years after the start of the Snowden revelations and in the same year as the German "Selector Affair" (see below). Both events may have been an incentive for the FE to investigate whether the NSA was also using their collaboration to spy on other European countries.<br>
<br>
We can assume that the FE has no filter system to prevent collection against other European countries, which means the NSA selectors related to European targets had likely been active in the collection system and may have resulted in an unknown number of intercepted communications.<br>
<br>
Spying on foreign governments is usually considered fair game and this was probably also not prohibited by the agreement between the NSA and the FE. Nonetheless would it be an embarrassment for Denmark when it would turn out that the NSA used its partnership with the FE for spying on other European countries.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGAEStUL5TQEK7KnqaSyr3mAQEqVFFSOnPAFKPzF5qwA6_d8w7EkoSdEwSlI5cjRO9f_2iVWqXCVnLwckgdO6lDqC_uWPVf9G4l8sVppra60o99GeFkm2Tdh7EjKpLRT3gUjYPzpl_6JI/s800/filter+systems.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="550" data-original-height="430" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGAEStUL5TQEK7KnqaSyr3mAQEqVFFSOnPAFKPzF5qwA6_d8w7EkoSdEwSlI5cjRO9f_2iVWqXCVnLwckgdO6lDqC_uWPVf9G4l8sVppra60o99GeFkm2Tdh7EjKpLRT3gUjYPzpl_6JI/s800/filter+systems.jpg"/></a></div>
<br>
<br>
<blockquote>
<b>UPDATE:</b><br>
<br>
More details about the foreign targets were publiced on May 30, 2021 through joint reporting by the Danish broadcaster <a href="https://www.dr.dk/nyheder/indland/forsvarets-efterretningstjeneste-lod-usa-spionere-mod-angela-merkel-franske-norske" target="_blank">DR</a>, SVT, NRK, Süddeutsche Zeitung, NDR, WDR and Le Monde. Multiple sources confirmed that in 2014, the FE started a secret internal investigation codenamed <a href="https://en.wikipedia.org/wiki/Operation_Dunhammer" target="_blank">Operation Dunhammer</a>. The results were handed over to the FE's management in 2015 and eventually led to the <a href="https://www.electrospaces.net/2020/08/head-of-danish-military-intelligence.html">FE scandal</a> of 2020.<br>
<br>
According to the Dunhammer report, the NSA provided the FE with selectors for Norwegian, Swedish, German and French politicians and officials and subsequently obtained their communications, like telephone conversations, chat messages and text messages (as far as these traveled through the cables that were intercepted by the FE).<br>
<br>
Among the German politicians were chancellor Angela Merkel, then foreign minister Frank-Walter Steinmeier and then opposition leader Peer Steinbrück. According to <a href="https://www.spiegel.de/ausland/daenemark-half-offenbar-der-nsa-beim-bespitzeln-von-eu-politikern-a-8d77d428-cb7b-4414-b9f4-952e56706e88" target="_blank">Der Spiegel</a>, politicians from The Netherlands were also intercepted. Apparently, the Dunhammer report did not led to an end of the cooperation with the NSA.<br>
</blockquote>
<a name="germany"></a>
<br>
<br>
<font size="+2">Comparison with Germany</font><br>
<br>
The new information about the cooperation between the NSA and the Danish FE can be compared with the things we know about a similar cooperation between the NSA and the German foreign intelligence service BND, which included at least two joint operations:<br>
<br>
- <a href="https://www.electrospaces.net/2015/05/new-details-about-joint-nsa-bnd.html"><b>Eikonal</b></a>: tapping cables of Deutsche Telekom in Frankfurt (2004-2008)<br>
- <b>Bad Aibling</b>: satellite interception at the Bad Aibling Station (2004-2013)<br>
<br>
For the cooperation at Bad Aibling, the NSA <a href="http://www.sueddeutsche.de/politik/geheimdienst-affaere-bnd-half-nsa-beim-ausspaehen-von-frankreich-und-eu-kommission-1.2458574" target="_blank">provided</a> the BND with a total of roughly 690.000 phone numbers and 7,8 million internet identifiers, which is an average of about 165 phone numbers and 1900 internet identifiers each day (the actual number of targets is significantly lower because each e-mail address can have some 8 different permutations).<br>
<br>
In 2015 this resulted in the "Selector Affair", when it came out that among the identifiers for numerous legitimate targets, the NSA had also sent thousands of selectors related to European and even German targets, which was in clear violation of the Memorandum of Agreement (MoA) with the BND.<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxJqLVNgcxRkyS8bR5VODNhpC9BaP62NokRO55pgvt7sk7dtnooBq7UDQHlGvgKmttAfJZfTB07Hug9XbFCbqdFov4HPLvZsiLCwT8kja8i3CD6DP-xcecKHxD0o9lkyZA9zbbfKJhE1E/s1600/bnd-badaibling2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxJqLVNgcxRkyS8bR5VODNhpC9BaP62NokRO55pgvt7sk7dtnooBq7UDQHlGvgKmttAfJZfTB07Hug9XbFCbqdFov4HPLvZsiLCwT8kja8i3CD6DP-xcecKHxD0o9lkyZA9zbbfKJhE1E/s1600/bnd-badaibling2.jpg" title="The BND satellite intercept station at Bad Aibling, Germany" width="550"></a><br>
<font size="2">
The BND satellite intercept station at Bad Aibling, Germany<br>
<font color="gray">(Photo: AFP/Getty Images - Click to enlarge)</font><br>
</font></div>
<br>
<br>
<font size="+1"><b>Spying on European targets</b></font><br>
<br>
Just like in Denmark, the Germans had found out that the NSA tried to spy on targets in other European countries. After severe political pressure, the German government agreed to let an independent investigator, Dr. Kurt Graulich, look at the suspicious selectors. In October 2015 he published his extensive, <a href="https://www.bundestag.de/resource/blob/393598/b5d50731152a09ae36b42be50f283898/mat_a_sv-11-2-data.pdf" target="_blank">250-page report</a> about the issue.<br>
<br>
Regarding the main list of almost 40.000 NSA selectors that the BND had rejected between 2005 and 2015, the investigator found that 62% belonged to government agencies of EU member states, 19% to Germans outside Europe, 7% to EU institutions, 6% to Germans, 4% to foreigners abroad, 1% to Germans in Europe and 1% to German embassies.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/11/new-details-about-selectors-nsa.html">New details about the selectors NSA provided to BND</a><br>
</div>
<br>
Spying on foreign governments and foreign defense companies does not violate German law, but investigator Graulich still considered it a clear violation of the Memorandom of Agreement, which allowed collection against European targets only for a very few specific topics.<br>
<br>
Later in 2015 it was <a href="http://www.dw.com/en/germany-spies-among-friends-controversy-grows-over-espionage-activities/a-18844401" target="_blank">reported</a> that the BND itself was also spying on for example the French foreign minister and the interior departments of EU member states like Poland, Austria, Denmark and Croatia, as well as on the FBI, the Voice of America and international organizations like the ICC, the WHO and UNICEF.<br>
<br>
So just like it was the case at the BND, the FE might not have cared very much about the NSA selectors related to European targets, and just like the Germans, the Danes probably also spied on governments and certain companies from other EU countries themselves.<br>
<br>
<div align="right">
> See also: <a href="https://www.electrospaces.net/2015/05/german-bnd-didnt-care-much-about.html">German BND didn't care much about foreign NSA selectors</a><br>
</div>
<br>
<br>
<font size="+1"><b>Spying on German targets</b></font><br>
<br>
In 2015, the Germans had discovered that the NSA had apparently also tried to spy on German targets during their cooperation with the BND.<br>
<br>
The examination of the NSA selectors by Dr. Graulich revealed that several hundred were related to German targets, mostly German companies, both inside and outside Germany. Selectors related to the German government were not found, which is an interesting difference to Denmark.<br>
<br>
The reasons why the NSA was interested in these German companies could not been clarified by Dr. Graulich, mainly because the BND had no access to the NSA's motivations for each selector.<br>
<br>
Just like in Denmark, it seems that the NSA sent their collaboration partner simply all the selectors they were interested in, with apparently little or no effort to pick out those that could be controversial.<br>
<br>
Here too, the NSA seems to have relied on the foreign partner to block the selectors that would violate national law and the collaboration agreement. But even then this seems not very smart, because it would potentially allow the partner to see what targets the NSA was interested in.<br>
<br>
<br>
<b>The DAFIS filter system</b><br>
<br>
Just like the FE, the BND also has a filter system to prevent that German data are passed on to the Americans. From the German parliamentary investigation we know a lot more about this BND system, which is called DAFIS (for <i>DAtenFIlterSystem</i>) and checks not only the selectors that come in, but also the collection results that go out:<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOKV3OPbqEFB1j1odJS-qQqhBX0mv8wAbyyoJb7EzLOgQcdwzH1mwfn0_HwZK2mJ8ASvP2On9X3nfvKksxIQ81RiVOxd0GZE6HFRPbpGnz0xUkOKo9urkfOVPDPNugcviwGyXJX81Vah4/s1600/bnd-dafis-2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOKV3OPbqEFB1j1odJS-qQqhBX0mv8wAbyyoJb7EzLOgQcdwzH1mwfn0_HwZK2mJ8ASvP2On9X3nfvKksxIQ81RiVOxd0GZE6HFRPbpGnz0xUkOKo9urkfOVPDPNugcviwGyXJX81Vah4/s1600/bnd-dafis-2.jpg" title="Overview of the dataflow for the NSA-BND cooperation at Bad Aibling" width="550"></a><br>
<font size="2">
Overview of the dataflow for the NSA-BND cooperation at Bad Aibling<br>
<font color="gray">(Click to enlarge)</font><br>
</font></div>
<br>
<br>
As can be seen in the diagram, all the selectors which the NSA wanted to be used for collecting (in this case) foreign satellite traffic first had to pass the DAFIS system, which checked them in an automated process of 3 stages:<br>
<blockquote>
<b>Stage 1</b>: A negative filter which blocks e-mail addresses ending with .de and phone numbers starting with 0049, but most likely also ranges of IP addresses assigned to Germany.<br>
<br>
<b>Stage 2</b>: A positive filter consisting of a list of foreign phone numbers and e-mail addresses used by German citizens, for example businessmen, journalists, but also jihadis when they are inside Germany.<br>
<br>
<b>Stage 3</b>: A filter to sort out selectors that collide with "German interests", which mainly applies to European military contractors in which Germany participates (like <a href="https://en.wikipedia.org/wiki/Airbus" target="_blank">EADS</a> and <a href="https://en.wikipedia.org/wiki/Airbus_Helicopters" target="_blank">Eurocopter</a>, both part of Airbus now)<br>
</blockquote>
<br>
Selectors that were "approved" by the DAFIS system were entered into the tasking databases (<i>Steuerungsdatenbanken</i>) that fed the actual collection system. Communications that matched these selectors were picked out and were also sent through the DAFIS system for another check whether they might contain German data.<br>
<br>
Only data that passed this double check were eventually transferred to the NSA. The selectors that were rejected by DAFIS were marked as "disapproved" in order to prevent that they were submitted again later on. The NSA knew and accepted that some of its selectors were blocked by the BND, according to the Graulich report.<a nohref title="Graulich report, p. 190.">*</a><br>
<br>
Most of the NSA selectors related to German targets had been blocked by the DAFIS filter. A smaller number of them had been active in the collection system for some period of time, but it is not known whether this resulted in the actual collection of communications (<i>Erfassungen</i>).<br>
<br>
<br>
<br>
<font size="+2">A European bazaar?</font><br>
<br>
The way how the NSA tried to spy on European targets through their collaboration with the BND and the FE reminds of what Edward Snowden said in his <a href="https://freesnowden.is/wp-content/uploads/2014/03/vjhvekoen1ww.pdf" target="_blank">written testimony</a> for the European Parliament from March 2014:<br>
<br>
<blockquote>
<i>"The result is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn't search it for Danes, and Germany may give the NSA access to another on the condition that it doesn't search for Germans.<br>
Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements.<br>
Ultimately, each EU national government's spy services are independently hawking domestic accesses to the NSA, GCHQ, FRA, and the like without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole."</i>
</blockquote>
<br>
This sounds like an accurate description, except that these joint operations with the NSA are not about "mass surveillance against ordinary citizens", as in both Germany and Denmark the NSA only provided selectors for specific targets like government agencies and companies in the defence industry, for example.<br>
<br>
Nonetheless, spying on such targets in the partner country violates national law and the agreements between the NSA and their European counterparts, but for both the FE and the BND that didn't seem a very big concern, at least until the Snowden revelations.<br>
<br>
One reason may lie in the fact that in general, these so-called <a href="https://www.electrospaces.net/2014/09/nsas-foreign-partnerships.html#3rdparty">Third Party</a> relations with the NSA do not include a "no-spy" condition, so both parties are free spy on each other, despite their otherwise close cooperation.<br>
<br>
That may have kept the Danish and German intelligence agencies vigilant and let them install filter systems to make sure that no data from their country would be passed on to the Americans.<br>
<br>
And the NSA, for their part, apparently assumed that their counterparts would do enough to protect their own data so they didn't put much effort in sorting out the selectors to be used in these kind of joint operations.<br>
<br>
<br>
<br>
<b>Links & sources</b><br>
<font size="2">
<br>
- Willy Van Damme: <a href="https://willyvandamme.wordpress.com/2020/11/23/de-f35-pleegde-de-deense-militaire-veiligheidsdienst-landverraad/" target="_blank">De F35 – Pleegde de Deense militaire veiligheidsdienst landverraad?</a> (Nov. 23, 2020)<br>
- DR News: <a href="https://www.dr.dk/nyheder/indland/hemmelige-rapporter-usa-spionerede-mod-danske-ministerier-og-forsvarsindustri" target="_blank">Hemmelige rapporter: USA spionerede mod danske ministerier og forsvarsindustri</a> (Nov. 15, 2020)<br>
- DR News: <a href="https://www.dr.dk/nyheder/indland/ny-afsloering-fe-masseindsamler-oplysninger-om-danskere-gennem-avanceret-spionsystem" target="_blank">Ny afsløring: FE masseindsamler oplysninger om danskere gennem avanceret spionsystem</a> (Sept. 24, 2020)<br>
- Berlingske: <a href="https://www.berlingske.dk/samfund/et-pengeskab-paa-kastellet-har-i-aartier-gemt-paa-et-dybt-fortroligt" target="_blank">Et pengeskab på Kastellet har i årtier gemt på et dybt fortroligt dokument. Nu er hemmeligheden brudt</a> (Sept. 13, 2020)<br>
- The Register: <a href="https://www.theregister.com/2020/08/25/denmark_domestic_spying/" target="_blank">The Viking Snowden: Denmark spy chief 'relieved of duty' after whistleblower reveals illegal snooping on citizens</a> (August 25, 2020)<br>
- The Graulich report: <a href="https://www.bundestag.de/resource/blob/393598/b5d50731152a09ae36b42be50f283898/mat_a_sv-11-2-data.pdf" target="_blank">Nachrichtendienstliche Fernmeldeaufklärung mit Selektoren in einer transnationalen Kooperation</a> (Oct. 23, 2015)<br>
- Der Spiegel: <a href="https://www.spiegel.de/ausland/daenemark-half-offenbar-der-nsa-beim-bespitzeln-von-eu-politikern-a-8d77d428-cb7b-4414-b9f4-952e56706e88" target="_blank">Dänemark half offenbar der NSA beim Bespitzeln von EU-Politikern</a><br>
- Le Monde: <a href="https://www.lemonde.fr/pixels/article/2021/05/30/comment-des-dirigeants-europeens-ont-ete-espionnes-par-la-nsa-depuis-le-danemark_6082102_4408996.html#xtor=AL-32280270-[default]-[android" target="_blank">Comment des dirigeants européens, dont Angela Merkel, ont été espionnés par la NSA depuis le Danemark</a><br>
- SZ: <a href="https://www.sueddeutsche.de/politik/nsa-usa-merkel-steinbrueck-snowden-1.5308219?reduced=true" target="_blank">NSA hört über Dänemark mit</a> (May 30, 2021)<br>
- DR: <a href="https://www.dr.dk/nyheder/indland/forsvarets-efterretningstjeneste-lod-usa-spionere-mod-angela-merkel-franske-norske" target="_blank">Forsvarets Efterretningstjeneste lod USA spionere mod Angela Merkel, franske, norske og svenske toppolitikere gennem danske internetkabler</a><br>
</font>
<br>
<br>
P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com4tag:blogger.com,1999:blog-4559002410879446409.post-70804784533433391842020-10-28T11:01:00.028+01:002020-11-03T03:01:53.204+01:00Danish military intelligence uses XKEYSCORE to tap cables in cooperation with the NSA<br>
Last August, it came out that a whistleblower accused the Danish military and signals intelligence service (<a href="https://en.wikipedia.org/wiki/Danish_Defence_Intelligence_Service" target="_blank"><i>Forsvarets Efterretningstjeneste</i></a> or FE) of unlawful activities and deliberately misleading the intelligence oversight board. <br>
<br>
Meanwhile, the Danish press was able to paint a surprisingly comprehensive and detailed picture of how the FE cooperated with the NSA in <a href="#cabletapping"><b>cable tapping</b></a> on Danish soil.<br>
<br>
It was further revealed that the Americans provided Denmark with a sophisticated <a href="#spysystem"><b>new spy system</b></a> which includes the NSA's data processing system <a href="#xkeyscore"><b>XKEYSCORE</b></a>.<br>
<br>
A Danish paper also disclosed that the accusation of <a href="#unlawful"><b>unlawful collection</b></a> came from a young FE employee who reminds of Edward Snowden. A newly established investigation commission now has to clarify whether he was driven by fears or by facts.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2uZX55W3wRv-fDJVZhq7Tjn24uDTkrAfnZSXs8qEQBjMdQG49TEm2nV75nZRbcppBwaalYch3C1kd6GMKKTaUlmr7UvMyD3Sv8Mo_DmFR2OLJCESHl4ITBENbbDO_5TgB_-9chSAmHyA/s800/fe-xks-header.jpg" style="display: block; text-align: center; "><img alt="" border="0" width="600" data-original-height="420" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2uZX55W3wRv-fDJVZhq7Tjn24uDTkrAfnZSXs8qEQBjMdQG49TEm2nV75nZRbcppBwaalYch3C1kd6GMKKTaUlmr7UvMyD3Sv8Mo_DmFR2OLJCESHl4ITBENbbDO_5TgB_-9chSAmHyA/s800/fe-xks-header.jpg"/></a></div>
<div align="center">
<font size="2">
The Sandagergård complex of the FE on the island of Amager, where a new<br>
data center was built for its deployment of the XKEYSCORE system<br>
</font>
</div>
<br>
<a name="cabletapping"></a>
<br>
<br>
<font size="+2">Cable tapping</font><br>
<br>
In an extensive piece from September 13, the renowned Danish newspaper <a href="https://www.berlingske.dk/samfund/et-pengeskab-paa-kastellet-har-i-aartier-gemt-paa-et-dybt-fortroligt" target="_blank"><i>Berlingske</i></a> (founded in 1749) describes how the FE, in cooperation with the NSA, started to tap an international telecommunications cable in order to gather foreign intelligence.<br>
<br>
In the mid-1990s, the NSA had found out that somewhere under Copenhagen there was a backbone cable containing phone calls, e-mails and text messages from and to countries like China and Russia, which was of great interest for the Americans.<br>
<br>
Tapping that cable, however, was almost impossible without the help of the Danes, so the NSA asked the FE for access to the cable, but this request was denied, according to Berlingske.<br>
<br>
<br>
<b>Agreement with the United States</b><br>
<br>
The US government did not give up, and in a letter sent directly to the Danish prime minister Poul Nyrup Rasmussen, US president Clinton asked his Danish colleague to reconsider the decision. And Nyrup, who was a sworn supporter of a close relationship with the US, said yes. <br>
<br>
The cooperation was laid down in a document, which, according to Berlingske, all Danish defense ministers had to sign "so that any new minister could see that his predecessor - and his predecessors before his predecessors - with their signatures had been part of this small, exclusive circle of people who knew one of the kingdom's biggest secrets."<br>
<br>
The code name for this cooperation is not known, but it's most likely part of the NSA's umbrella program <a href="https://www.electrospaces.net/2014/10/the-german-operation-eikonal-as-part-of.html#rampart-a">RAMPART-A</a>. Under this program, which started in 1992, foreign partners <a href="https://s3.amazonaws.com/s3.documentcloud.org/documents/1200864/tssinframpartaoverview-v1-0-redacted-information.pdf" target="_blank">provide</a> access to high-capacity international fiber-optic cables, while the US provides the equipment for transport, processing and analysis:<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuHn57FKBiJya3ibIFx6Aq0CadYIZmAI0mDnB2bHBG-MFlAg-MKLME6Z2klVtHacs1sToK7Pas6SAGX-X-OgqEq4Wesm7U-E-LJ7X4cxIv_BV6G7KYMPeTF2qFb69i8jdvE_W8xHetycs/s1600/rampart-a-2010-diagram.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuHn57FKBiJya3ibIFx6Aq0CadYIZmAI0mDnB2bHBG-MFlAg-MKLME6Z2klVtHacs1sToK7Pas6SAGX-X-OgqEq4Wesm7U-E-LJ7X4cxIv_BV6G7KYMPeTF2qFb69i8jdvE_W8xHetycs/s1600/rampart-a-2010-diagram.jpg" title="Slide from an NSA presentation about the RAMPART-A program" width="450"></a></div>
<div align="center">
<font size="2">
Slide from an NSA <a href="https://s3.amazonaws.com/s3.documentcloud.org/documents/1200864/tssinframpartaoverview-v1-0-redacted-information.pdf" target="_blank">presentation about RAMPART-A</a> from October 2010<br>
</font>
</div>
<br>
<br>
<b>Agreement with a cable operator</b><br>
<br>
To make sure that tapping the cable was as legal as possible, the government asked approval of the private Danish company that operated the cable. The company agreed, but only when it was approved at the highest level, and so the agreement was signed by prime minister Rasmussen, minister of defense Hækkerup and head of department Troldborg. <br>
<br>
Because the cable contained international telecommunications it was considered to fall within the FE's foreign intelligence mandate. The agreement was prepared in only one copy, which was shown to the company and then locked in a safe at the FE's headquarters at the <a href="https://web.archive.org/web/20200811152740/https://fe-ddis.dk/om-os/Organisation/lokaliteter-i-dk/Pages/Kastellet.aspx" target="_blank">Kastellet</a> fortress in Copenhagen, according to Berlingske.<br>
<br>
This Danish agreement is very similar to the <a href="http://download.krone.at/pdf/VertragWZschwarz.pdf" target="_blank">Transit Agreement</a> between the German foreign intelligence service BND and Deutsche Telekom, in which the latter agreed to provide access to international transit cables at its switching center in Frankfurt am Main. The BND then tapped these cables with help from the NSA under <a href="https://www.electrospaces.net/2015/05/new-details-about-joint-nsa-bnd.html">operation Eikonal</a> (2004-2008).<br>
<br>
<br>
<b>Processing at Sandagergård</b><br>
<br>
Berlingske reported that the communications data that were extracted from the backbone cable in Copenhagen were sent from the Danish company's technical hub to the <a href="https://web.archive.org/web/20200811153920/https://fe-ddis.dk/om-os/Organisation/lokaliteter-i-dk/Pages/Sandagergaard.aspx" target="_blank">Sandagergård complex</a> of the FE on the island of <a href="https://en.wikipedia.org/wiki/Amager" target="_blank">Amager</a>. The US had paid for a cable between the two locations.<br>
<br>
At Sandagergård, the "NSA made sure to install the technology that made it possible to enter keywords and translate the huge amount of information, so-called raw data from the cable tapping, into "readable" information."<br>
<br>
The filter system was not only fed by keywords from the FE, but the NSA also provided "the FE with a series of keywords that are relevant to the United States. The FE then reviews them - and checks that there are basically no Danes among them - and then enters the keywords" according to sources cited by Berlingske.<br>
<br>
Besides this filtering with keywords and selectors, the FE and the NSA will also have used the metadata for <a href="https://edwardsnowden.com/docs/doc/B17-TDB-Knowledge-Sharing.pdf" target="_blank">contact-chaining</a>, which means reconstructing which phone numbers and e-mail addresses had been in contact with each other, in order to create social network graphs - something the sources apparently didn't want to disclose to Berlingske.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDpVNc5ZW0uUKEsLqbAkkgapeVqlQJ0Sgv7XZ7cALJRspE_OGaz8OK4OxztRmXlZLxL5VzBpsD9tHhYILM8hyphenhyphenPvMB2qTHFr33MSzoKFWJSr9YSxMraj5TJ9CwwxhuvJI1WvzOFF5MI130/s1351/dk-cables.JPG" style="display: block; text-align: center; "><img alt="" border="0" width="550" data-original-height="830" data-original-width="1351" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDpVNc5ZW0uUKEsLqbAkkgapeVqlQJ0Sgv7XZ7cALJRspE_OGaz8OK4OxztRmXlZLxL5VzBpsD9tHhYILM8hyphenhyphenPvMB2qTHFr33MSzoKFWJSr9YSxMraj5TJ9CwwxhuvJI1WvzOFF5MI130/s1351/dk-cables.JPG"/></a></div>
<div align="center">
<font size="2">
Map of the current backbone cables around the Danish capital Copenhagen<br>
and the Sandagergård complex of the FE on the island of Amager<br>
(source: <a href="https://live.infrapedia.com/app" target="_blank">Infrapedia</a> - click to enlarge)<br>
</font>
</div>
<br>
<br>
<b>Trusted partners</b><br>
<br>
Part of the agreement between the US and Denmark was that "the USA does not use the system against Danish citizens and companies. And the other way around". Similar words can be found in an <a href="https://www.documentcloud.org/documents/1200860-odd-s3-overviewnov2011-v1-0-redacted-information.html" target="_blank">NSA presentation</a> from 2011: "No US collection by Partner and No Host Country collection by US" - although this is followed by "there ARE exceptions!"<br>
<br>
The latter remark may have inspired Edward Snowden to accuse the NSA of abusing these cooperations with foreign partner agencies to spy on European citizens, but as a source told Berlingske: <br>
<br>
"I can not at all imagine in my imagination that the NSA would betray that trust. I consider it completely and utterly unlikely. If the NSA had a desire to obtain information about Danish citizens or companies, the United States would simply turn to [the domestic security service] PET, which would then provide the necessary legal basis."<br>
<br>
The source also said that "the NSA wanted to jump and run for Denmark. The agency did everything Denmark asked for, without discussion. The NSA continuously helped Denmark - because of this cable access. [...] Denmark was a very, very close and valued partner."<br>
<br>
This close and successful cooperation was apparently one of the reasons for the visit of president Bill Clinton to Denmark in July 1997, according to Berlingske.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiXxpknwUjW2AgvXrI5WB1ucqAMoHO3NTDD7qRgx2Mp4aDmCG3kjwW_Pml7Jh3WZqDB1N0Wze1UhslKv3c4AfBxTRGQGiCzQ4JKfEEL2gKtRpkFE9RUkPY-QdyZk0Vk9hmTA7WjyaToSU/s0/clinton-rasmussen.jpg" style="display: block; text-align: center; "><img alt="" border="0" width="550" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiXxpknwUjW2AgvXrI5WB1ucqAMoHO3NTDD7qRgx2Mp4aDmCG3kjwW_Pml7Jh3WZqDB1N0Wze1UhslKv3c4AfBxTRGQGiCzQ4JKfEEL2gKtRpkFE9RUkPY-QdyZk0Vk9hmTA7WjyaToSU/s0/clinton-rasmussen.jpg"/></a></div>
<div align="center">
<font size="2">
Danish prime minister Poul Nyrup Rasmussen and US president Bill Clinton<br>
during his visit to Denmark in July 1997 (photo: Linda Kastrup)<br>
</font>
</div>
<a name="spysystem"></a>
<br>
<br>
<font size="+2">A new spy system</font><br>
<br>
In the wake of the FE scandal even more recent developments have been revealed: a <a href="https://www.dr.dk/nyheder/indland/ny-afsloering-fe-masseindsamler-oplysninger-om-danskere-gennem-avanceret-spionsystem" target="_blank">report</a> by the Danish broadcaster DR from September 24, 2020 provides interesting details about how the Americans provided Denmark with a sophisticated new "spy system".<br>
<br>
After the FE got a new head of procurement in 2008, NSA employees frequently traveled to Denmark for quite some time to build the necessary hardware and install the required software for the new system, which DR News describes as extremely advanced. It also has a special internal code name, which the broadcaster decided not to publish. It's also this new system through which the alleged illegal collection of Danish data took place.<br>
<br>
According to DR News, the NSA technicians were also involved in the construction of a new data center at the FE's <a href="https://web.archive.org/web/20200811153920/https://fe-ddis.dk/om-os/Organisation/lokaliteter-i-dk/Pages/Sandagergaard.aspx" target="_blank">Sandagergård complex</a> on Amager that was specifically built to house the new spy system, which was taken into use somewhere between 2012 and 2014. The cooperation between the FE and the NSA on this specific system was based upon a Memorandum of Understanding (MoU) signed by then FE chief <a href="https://da.wikipedia.org/wiki/Thomas_Ahrenkiel" target="_blank">Thomas Ahrenkiel</a>.<br>
<br>
<br>
<b>Filter systems</b><br>
<br>
The DR News <a href="https://www.dr.dk/nyheder/indland/ny-afsloering-fe-masseindsamler-oplysninger-om-danskere-gennem-avanceret-spionsystem" target="_blank">report</a> also goes into more detail about the interception process. It says that first, the intelligence service identifies a data stream that may be interesting, after which they "mirror" the light that passes through the particular fiber-optic cables. In this way, they copy both metadata and content, like text messages, chat conversations, phone calls and e-mails, and send them to the FE's data center at Sandagergård.<br>
<br>
According to DR News, the FE tried to develop a number of filters to ensure that data from Danish citizens and companies is sorted out and not made searchable by the new spy system. The former Danish minister of defense Claus Hjort Frederiksen recently <a href="http://www.weekendavisen.dk/2020-37/samfund/landsskadeligt" target="_blank">said</a> that there was indeed an attempt to develop such filters, but at the same time he admitted that there can be no guarantee that no Danish information will pass through.<br>
<br>
<a name="xkeyscore"></a>
<br>
<br>
<font size="+2">XKEYSCORE</font><br>
<br>
DR News also reported that the heart of the new spy system is formed by <a href="https://en.wikipedia.org/wiki/XKeyscore" target="_blank">XKEYSCORE</a>, which was developed by the NSA and the existence of which was first <a href="https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data" target="_blank">revealed</a> by The Guardian in June 2013.<br>
<br>
The NSA's British counterpart GCHQ incorporated XKEYSCORE in its own system for processing bulk internet data codenamed <a href="https://en.wikipedia.org/wiki/Tempora" target="_blank">TEMPORA</a> and it can be assumed that the other <a href="https://www.electrospaces.net/2014/09/nsas-foreign-partnerships.html#2ndparty">Second Party</a> partners (also known as the Five Eyes) also use this system, whether or not under a different codename.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1lZ-4vR2hrgA2foGUHoTtx8Eu-8AvWbKETtH-tY440rydL8DaYiZ7n-N9eG2gt0aDBSIzjsBQiBu2_JtZcatEd-kNLlcH4HlBtgk6DZ2sxEj4Ob_zZFtFQWuj1kzriHu6HS3admENoqk/s0/xks+intro.JPG" style="display: block; padding: 1em 0; text-align: center; " target="_blank"><img alt="" border="0" width="500" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1lZ-4vR2hrgA2foGUHoTtx8Eu-8AvWbKETtH-tY440rydL8DaYiZ7n-N9eG2gt0aDBSIzjsBQiBu2_JtZcatEd-kNLlcH4HlBtgk6DZ2sxEj4Ob_zZFtFQWuj1kzriHu6HS3admENoqk/s0/xks+intro.JPG"/></a></div>
<br>
<br>
From the Snowden documents we know that the NSA also provided XKEYSCORE to some of its <a href="https://www.electrospaces.net/2014/09/nsas-foreign-partnerships.html#3rdparty">Third Party</a> partners: the German <a href="https://www.electrospaces.net/2016/09/secret-report-reveals-german-bnd-also.html">foreign intelligence service BND</a> and domestic security service BfV, the Swedish signals intelligence service FRA and the Japanese Directorate for SIGINT. It is new though that the Danish military intelligence service FE uses the system too.<br>
<br>
Some press reports seem to suggest that these partner agencies "gain access to XKEYSCORE" as if it would allow them to connect to a huge global mass surveillance system. The latter may be the case for the NSA's Second Party partners, but the Third Party partners are using XKEYSCORE only to process and analyze data from their own tapping points and are not able to access data from Five Eyes collection platforms.<br>
<br>
Likewise, NSA analysts using XKEYSCORE don't have direct access to, in this case, Danish collection systems, only to data that the Danes agreed to share with the US as "3rd party collection".<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOQp5v65aGaXLN-TMYj4XqS_REGPtHg28izukRbTiB0kIoghJBiEBgX-BpILb8PnySH6is7ug_YYf701wPF1qfpTQiiVe-rpSFaJ-o6rEdI_Dfp2qMUK7gWbDtaxjRPgoLzdHvNJ-wl6Y/s0/xks-access.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOQp5v65aGaXLN-TMYj4XqS_REGPtHg28izukRbTiB0kIoghJBiEBgX-BpILb8PnySH6is7ug_YYf701wPF1qfpTQiiVe-rpSFaJ-o6rEdI_Dfp2qMUK7gWbDtaxjRPgoLzdHvNJ-wl6Y/s0/xks-access.jpg"/></a></div>
<div align="center">
<font size="2">
Slide from an NSA <a href="https://www.documentcloud.org/documents/2157058-xks-cipher-detection-and-you.html#document/p1" target="_blank">presentation about XKEYSCORE</a> from August 2008<br>
</font>
</div>
<br>
<br>
<b>How XKEYSCORE works</b><br>
<br>
Glenn Greenwald <a href="https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data" target="_blank">presented</a> XKEYSCORE as the NSA's "widest-reaching" tool to collect "nearly everything a user does on the internet". This is misleading, because it's more about quality than about quantity: the system actually <a href="http://www.spiegel.de/media/media-34077.pdf" target="_blank">helps</a> analysts to "downsize their gigantic shrimping nets [of traditional collection methods] to tiny goldfish-sized nets and merely dip them into the oceans of data, working smarter and scooping out exactly what they want".<br>
<br>
The NSA has XKEYSCORE installed at some 150 data collection sites all over the world. There, it creates a rolling buffer of 3 to 5 days of content and around 30 days of metadata, which can be remotely searched by analysts. They can use traditional selectors like phone numbers and e-mail addresses to pick out data of interest, but that's the old way and how other agencies perform bulk collection.<br>
<br>
Filtering phone numbers and e-mail addresses became less useful because targets know that this happens and shifted to anonymous ways to communicate over the internet. The novelty of XKEYSCORE is that it <a href="http://www.theguardian.com/world/interactive/2013/jul/31/nsa-xkeyscore-program-full-presentation" target="_blank">enables</a> analysts to find exactly those anonymous communications. For that purpose it reassembles IP packets into their original format ("sessionizing"), like Word documents, spreadsheets, chat messages, etc.<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7_vfmQhaGp9fO9oGtOPxr7m6nXDSXG4q5Jx-ENHt5HLJ5qeC5KqGq1buBcrdycN8BaAafBU3NqVYqPF4DHMnchIn_1v4TbRnNSFck2IkqGwdMJHROj6zl1voNvZtcL8WjgnmdVsJEtwg/s1600/xkeyscore-deepdive.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7_vfmQhaGp9fO9oGtOPxr7m6nXDSXG4q5Jx-ENHt5HLJ5qeC5KqGq1buBcrdycN8BaAafBU3NqVYqPF4DHMnchIn_1v4TbRnNSFck2IkqGwdMJHROj6zl1voNvZtcL8WjgnmdVsJEtwg/s1600/xkeyscore-deepdive.jpg" width="500" /></a><br>
<font size="2">
Diagram showing the dataflow for the <a href="https://theintercept.com/document/2015/07/01/deepdive-readme/" target="_blank">DeepDive</a> version of XKEYSCORE<br>
</font>
</div>
<br>
<br>
Once restored, these files can be searched for characteristics that are related to certain targets or target groups, like use of encryption, the use of the TOR network, the use of a different language than where someone is located, and many combinations thereof. In this way, analysts can discover new targets and then start monitoring them more closely.<br>
<br>
XKEYSCORE was also mentioned in a classified <a href="https://wikileaks.org/bnd-inquiry/docs/BND/MAT%20A%20BND-1-13b.pdf" target="_blank" title="See pdf-pages 84 and 85">file</a> from the German BND, which contains a diagram that shows the difference between XKEYSCORE and traditional collection systems: in the traditional set-up, IP packets from a data stream were reassembled and then went through a filter to select only those of interest, which were forwarded for further analysis. XKEYSCORE could do all that at once:<br>
<br>
<br>
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXRDp2siVd4rV5twj0Ys-dfp20zg_4Prt_uBut30v20SPM9dJcZzPcdQSgJ637Y7Ye1q6wBXrBKU6enwrbxUrbBr6NQneVFo11KbRv22RUL6kiovbxnfAsZJS-8IqolSs8XsvhoJaYd6A/s1600/nsaua-bnd-xks-diagram1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXRDp2siVd4rV5twj0Ys-dfp20zg_4Prt_uBut30v20SPM9dJcZzPcdQSgJ637Y7Ye1q6wBXrBKU6enwrbxUrbBr6NQneVFo11KbRv22RUL6kiovbxnfAsZJS-8IqolSs8XsvhoJaYd6A/s1600/nsaua-bnd-xks-diagram1.jpg" title="How the XKEYSCORE system is used by BND" width="500"></a></div><br>
<br>
<a name="unlawful"></a>
<br>
<br>
<font size="+2">Unlawful collection?</font><br>
<br>
Now that the various disclosures by the Danish press provided quite some insight into the FE's cable tapping activities, how about the abuses it's accused of? <br>
<br>
According to DR News, it was the newly installed spy system through which the alleged illegal collection of Danish data took place. In the first place we can assume that the filters were not able to block all the communications related to Danish citizens, residents or companies, but this is of a technical nature and not intentional.<br>
<br>
Another option is that the FE itself, or the NSA fed the system with selectors (like phone numbers and e-mail addresses) that would result in the collection of Danish data. The NSA would not have been allowed to do that under the agreement with the Danes, while for the FE this would be against the law.<br>
<br>
According to a source cited in the aforementioned Berlingske newspaper <a href="https://www.berlingske.dk/samfund/et-pengeskab-paa-kastellet-har-i-aartier-gemt-paa-et-dybt-fortroligt" target="_blank">article</a>, there was one case in which "the NSA sent a request to search for a company in a country in Asia, but when the FE checked the selector, it discovered that the company was Danish-owned, whereupon the request was rejected".<br>
<br>
This shows that, just like it was the case in Germany, the NSA's interest was quite "broad", but that the FE did its best to protect Danish subjects and blocked such requests where possible.<br>
<br>
A third option is that the illegal collection took place through the additional data search capabilities of the XKEYSCORE system, which is imaginable because here the search criteria are applied to characteristics of the content of the communications, instead of the people who are involved.<br>
<br>
According to Berlingske, the whistleblower who informed the intelligence oversight board "feared that the management of the Defense Intelligence Service was doing US business by leaving its special system with technical vulnerabilities that allowed the National Security Agency to abuse it."<br>
<br>
<a name="whistleblower"></a>
<br>
<b>The whistleblower</b><br>
<br>
Berlingske was also able to identify the whistleblower as a younger employee of the FE, working as an IT specialist - a striking similarity to Edward Snowden. The paper says that in 2013 he became increasingly concerned, but it's not clear whether this may have been caused by the Snowden revelations, which started in June of that year and included reports about XKEYSCORE, the system that had just been installed at the FE.<br>
<br>
As the IT specialist insisted on his criticism, then head of the FE Thomas Ahrenkiel decided - without informing the Americans - to set up a technical working group to go through the system looking for vulnerabilities or signs of abuse by NSA. As reported by Berlingske, the IT specialist himself, with the aim of reassuring him, also participated in the working group, which in 2014 concluded that there were no signs of illegal intrusion.<br>
<br>
For the FE the case was closed, but, as reported by Berlingske, the IT specialist was not satisfied and "he made a drastic decision and smuggled a recorder into his workplace, arranged meetings with colleagues and bosses for several months and recorded them in secret" - again a kind of persistance very similar to <a href="https://www.electrospaces.net/2019/12/review-of-snowdens-book-permanent.html">how Snowden operated</a>. But unlike Snowden, the Danish whistleblower did not contact the press, but eventually informed the intelligence oversight board.<br>
<br>
<br>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCterRZMylIaMxf89h1jN7vGkYznu1Ex0qhy0Lk08IDk0JezMD4F8955BUMn16vK5-5jw5ZuA-tuMN8NsBAqJI0fkR42und9bPNsn9Jepehm2AObgTQkaWDDOx_HEA_Zz5jPJHYedSR8E/s0/dk-defense-ministers.jpg" style="display: block; text-align: center; " target="_blank"><img alt="" border="0" width="500" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCterRZMylIaMxf89h1jN7vGkYznu1Ex0qhy0Lk08IDk0JezMD4F8955BUMn16vK5-5jw5ZuA-tuMN8NsBAqJI0fkR42und9bPNsn9Jepehm2AObgTQkaWDDOx_HEA_Zz5jPJHYedSR8E/s0/dk-defense-ministers.jpg"/></a></div>
<div align="center">
<font size="2">
Danish defense minister Trine Bramsen (left) and her predecessor<br>
Claus Hjort Frederiksen (photo: Linda Kastrup/Scanpix)<br>
</font>
</div>
<br>
<br>
<b>Investigations</b><br>
<br>
Berlingske reported that the recordings provided "hours of covert footage with employees of the service, some of which [...] have expressed themselves in a way that confirms the suspicion that the FE may have acted illegally and not intervened adequately to prevent data on Danes from being disclosed." In November 2019 they were handed over to the intelligence oversight board, which in December informed defense minister Trine Bramsen.<br>
<br>
Unlike her predecessor, Bramsen apparently took these kind of accusations very seriously and urged the oversight board to conduct an investigation, which on August 24, 2020 resulted in the <a href="https://www.electrospaces.net/2020/08/head-of-danish-military-intelligence.html">sudden suspension of the head of the FE</a> and a few other officials (meanwhile they have <a href="https://www.dr.dk/nyheder/indland/spionageskandalen-fem-hjemsendte-medarbejdere-faar-lov-til-arbejde-igen" target="_blank">returned</a> again, but in other positions). <br>
<br>
On October 5, the Danish government <a href="https://www.ft.dk/samling/20191/almdel/fou/bilag/125/2256092/index.htm" target="_blank">decided</a> to submit a bill to establish a special commission that has to carry out an independent and impartial investigation into the accusations against the FE, which has to present a report within a year.<br>
<br>
<a name="conclusion"></a>
<br>
<br>
<font size="+2">Conclusion</font><br>
<br>
In 2013, a young IT specialist at the FE became worried that this intelligence service could have illegally spied on Danish citizens. This was not only in accordance with Snowden's (unsubstantiated) narrative, but also a fear that had <a href="https://www.berlingske.dk/samfund/et-pengeskab-paa-kastellet-har-i-aartier-gemt-paa-et-dybt-fortroligt" target="_blank">lived</a> in Denmark since its domestic security service PET had been <a href="https://da.wikipedia.org/wiki/Politiets_Efterretningstjeneste#PET_kommission" target="_blank">accused</a> of monitoring ordinary Danes in 1998.<br>
<br>
Meanwhile it has turned out that Snowden was <a href="https://www.electrospaces.net/2020/03/edward-snowden-and-stellarwind-report.html#conclusion">driven more by fears</a> than by facts - could that also have been the case with the FE whistleblower? Based on what has been published so far, he apparently tried to find evidence even after an internal investigation concluded that the NSA wasn't abusing the FE's collection system.<br>
<br>
In recent years, the NSA and the German BND have also been accused of massive illegal domestic spying. Thorough investigations have shown that was not the case, although their employees were sometimes careless and it was technically not always possible to do what was legally required. <br>
<br>
Was this also the situation at the Danish military intelligence service? The recently established investigation commission will show.<br>
<br>
<br>
<br>
<b>Links & sources</b><br>
<font size="2">
<br>
- Comments at <a href="https://news.ycombinator.com/item?id=24960994" target="_blank">Hacker News</a><br>
- Berlingske: <a href="https://www.berlingske.dk/samfund/saerlig-undersoegelseskommission-skal-kulegrave-fe-sagen" target="_blank">Særlig undersøgelseskommission skal kulegrave FE-sagen</a> (Oct. 5, 2020)<br>
- Politiken: <a href="https://politiken.dk/indland/art7942774/Debat-om-kabelaflytning-gav-t%C3%A5rer-i-Sverige-og-folkeafstemning-i-Holland?shareToken=SbAeJsAAT4vg" target="_blank">Debat om kabelaflytning gav tårer i Sverige og folkeafstemning i Holland</a> (Oct. 1, 2020)<br>
- DR News: <a href="https://www.dr.dk/nyheder/indland/ny-afsloering-fe-masseindsamler-oplysninger-om-danskere-gennem-avanceret-spionsystem" target="_blank">Ny afsløring: FE masseindsamler oplysninger om danskere gennem avanceret spionsystem</a> (Sept. 24, 2020)<br>
- Berlingske: <a href="https://www.berlingske.dk/samfund/et-pengeskab-paa-kastellet-har-i-aartier-gemt-paa-et-dybt-fortroligt" target="_blank">Et pengeskab på Kastellet har i årtier gemt på et dybt fortroligt dokument. Nu er hemmeligheden brudt</a> (Sept. 13, 2020)<br>
- The Local: <a href="https://www.thelocal.dk/20200828/danish-intelligence-scandal-related-data-sharing-with-us-agency-according-to-media" target="_blank">Danish intelligence scandal related data sharing with US agency, according to media</a> (August 28, 2020)<br>
- The Register: <a href="https://www.theregister.com/2020/08/25/denmark_domestic_spying/" target="_blank">The Viking Snowden: Denmark spy chief 'relieved of duty' after whistleblower reveals illegal snooping on citizens</a> (August 25, 2020)<br>
- BBC: <a href="https://www.bbc.com/news/world-europe-53889612" target="_blank">Danish military intelligence head Lars Findsen suspended</a> (August 24, 2020)<br>
</font>
<br>
<br>P/Khttp://www.blogger.com/profile/12681178058475882593noreply@blogger.com18