98-14-01-2en Surveillance

 

DEVELOPMENT OF SURVEILLANCE TECHNOLOGY AND RISK OF ABUSE  OF ECONOMIC INFORMATION

Vol 2/5

The state of the art in communications Intelligence (COMINT) of automated processing for intelligence purposes of intercepted broadband multi-language leased or common carrier systems, and its applicability to COMINT targetting and selection, including speech recognition

Working document for the STOA Panel

Luxembourg,October 1999

PE 168.184/Vol 2/5 

 

Cataloguing data: data:

Title:

Part 2/5:The state of the art in communications

Intelligence (COMINT) of automated processing for intelligence purposes of intercepted broadband ultilanguage leased or common carrier systems, and its applicability to COMINT targetting and selection, including speech recognition Workplan Ref.:

EP/IV/B/STOA/98/1401

Publisher:

European Parliament Directorate General for Research Directorate A The STOA Programme

Author:

Duncan Campbell - IPTV Ltd.- Edinburgh

Editor:

Mr Dick HOLDSWORTH, Head of STOA Unit

Date:

October 1999

PE number:

PE 168. 184 Vol 2/5

This document is a working working Document for the 'STOA 'STOA Panel'. It is not an official publication of STOA. This document does not necessarily represent the views of the European Parliament

 

Interception Capabilities 2000

Report to the Director General for Research of the European Parliament (Scientific and Technical Options Assessment programme office) on the development of surveillance technology and risk of abuse of 

 

ec econ onom omic ic informatio information. n. This study conside considers rs the state of the art in Communica Communications tions intelligence intelli gence (Comint) (Comint ) of automated processing for intelligence purposes of intercepted broadband multi-language leased or  common carrier systems, and its applicability to Comint targeting and selection, including speech recognition.

Interception Capabilities 2000 Contents S UMMARY  .............................................................................................................................................................................................. 1.  ORGANISATIONS

  A

AND METHODS   ...................................................................................................................................................

1

W HAT IS COMMUNICATIONS INTELLIGENCE? .................................................................................................................................. UKUSA UKU SA al alli lian ance ce .......................................................................................................................................................................... Other Oth er Com Comint int org organ anisa isatio tions ns ...... ............ ............ ............. ............. ............ ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ........ HOW INTELLIGENCE WORKS   .............................................................................................................................................................  Planni  Pla nning ng ........ ........... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...

1 1 1 1 2

 Acce ss and collect  Access co llection ion ........ ........... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ..... .. 2  Processing  Proces sing ....... .......... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ..... 2  Producti  Prod ucti on and d disse issemina mination tion ... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ... 3 2.  INTERCEPTING

INTERNATIONAL COMMUNICATIONS   ..................................................................................................................

3

I NTERNATIONAL LEASED CARRIER (ILC)  COMMUNICATIO COMMUNICATIONS NS   ..........................................................................................................  High frequenc fre quencyy radio ... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... .....  Microwave  Micro wave radio ra dio rel ay ... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ..... Subs Su bsea ea ca cabl bles es ..............................................................................................................................................................................

3 4 4 4

Com munica Commun icatio tions ns satell sat ellite itess ...... ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............ ............. ........... .... Commun Com munica icatio tions ns tec hnique hni que s ...... ............ ............ ............. ............. ............ ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ........ ILC ILC COMMUNICATIONS COLLECTION   ................................................................................................................................................  Access ...... ......... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ..... Op Opera eratio tion n SHAMR SH AMROCK OCK .............................................................................................................................................................

4 4 4 4 4

 High freque fr equency ncy rad radio io inte intercept rcept ion ... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ..... .. Sp Space ace int erc ercep eptio tion n of inte i nte r-c ity netw n etwor orks ks ...... ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ......... ... Si Sigi gint nt sa sate tell llit ites es ........................................................................................................................................................................... COMSAT COM SAT ILC colle co llect ction ion ............................................................................................................................................................

5 5 6  7 

Su Subma bmarin rinee cable cab le int erc ept ion ............ .................. ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............ ............. ........... .... 8  Inter cepting cepti ng the Interne Int ernett ... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ..... .. 9 Cov ert coll c ollec ectio tion n of high hi gh capa c apacit cityy signal sig nal s ...... ............. ............. ............ ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ........... ..... 10  New satell sa tell ite n netwo etworks rks ... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ..... .. 11 3.  ECHELON AND COMINT

PRODUCTION   ......................................................................................................................................

11

THE "W ATCH LIST" ........................................................................................................................................................................ 11  NEW INFORMATION ABOUT ECHELON SITES AND SYSTEMS   ....................................................................................................... 11 Westmin Wes tminster ster,, L Lond ondon on – Dicti D ictiona onary ry com comput puter er ...... ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ........ .. 12 Sugar Grove, Virginia – COMSAT interception at ECHELON site ................................................................................. 12 Sabana Saba na S Seca, eca, Puert Puerto o Rico Ric o and an d Leit rim, C Canad anada a–C COMSAT OMSAT intercept inter ception ion sites s ites ... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ... 13 Waihopai, New Zealand – Intelsat interception at ECHELON site ................................................................................. 13 ILC ILC PROCESSING TECHNIQUES   ........................................................................................................................................................ 13 4.  COMINT AND LAW ENFORCEMENT   .............................................................................................................................................

13

MISREPRESENTATION OF LAW ENFORCEMENT INTERCEPTION REQUIREMENTS   ........................................................................... 14  Law enforceme enfo rcement nt comm communica unications tions interce in terce ption – p policy olicy develo d evelopmen pmentt in Europe Europ e ... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ..... .. 1 5

 

5.  COMINT

AND ECONOMIC INTELLIGENCE   ...................................................................................................................................

15

TASKING

ECONOMIC INTELLIGENCE   ................................................................................................................................................

15

DISSEMINATING ECONOMIC INTELLIGENCE   .................................................................................................................................... THE USE OF COMINT ECONOMIC INTELLIGENCE PRODUCT   .............................................................................................................  Panavia  Pana via Eur Europea opean n Fight er Aircraft Airc raft co consor nsortium tium and an d Saud Saudii Arabi Arabia a ... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ... Thomso Tho mson n CSF and Bra Brazil zil ............ ................... ............. ............ ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ .......... ....  Airbus  Airb us Indu Industri striee and Saudi Sa udi Arabia Ara bia ... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ..... ..

16 16 16  17  17 

 Int ernatio  Intern ational nal ttrad radee neg negoti otiatio ations ns ... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ..... .. 17  Targe Ta rge ti ting ng ho host st na nati tion onss ............ .................. ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............ ............. ............. ............ ........ .. 17  6.  COMINT CAPABILITIES AFTER 20 00 ..........................................................................................................................................

18

DEVELOPMENTS IN TECHNOLOGY   ................................................................................................................................................... 18 POLICY ISSUES FOR THE EUROPEAN PARLIAMENT   ..........................................................................................................................

P

TECHNICAL ANNEXE   .............................................................................................................................................................................

  I

BROADBAND (HIGH CAPACITY MULTI-CHANNEL)  COMMUNICATIO COMMUNICATIONS NS   ...............................................................................................   I COMMUNICATIONS INTELLIGENCE EQUIPMENT AND METHODS   .........................................................................................................   I Wid eband Wideba nd eextr xtr act ion and sig signal nal analys ana lys is ...... ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ .......... .... i  Filtering,  Filter ing, data da ta proce processing ssing,, and facsi facsimile mile ana analysis lysis ... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ..... ii Trafficc analysis, Traffi analy sis, keywo keyword rd recog recognitio nition, n, text retrieva, retri eva, and topic analysis anal ysis ... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ..... .. iv Spe ech recogn Speech rec ogniti ition on system sys temss ...... ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ........ vi Contin Con tinuo uous us sp speec eec h recog re cogni nitio tion n ............ ................... ............. ............ ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ............ ............ ............ ............ ............. ............. ........ v Spea ker identifi Speaker iden tificati cation on and othe otherr voice v oice mess message age sele ctio ction n techn t echnique ique s ... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ...... ...... ...... ...... ...... ...... ...... ...... ...... ....... ....... ...... ..... .. vi "W ORKFACTOR REDUCTION";  THE SUBVERSION OF CRYPTOGRAPHIC SYSTEM SYSTEMS S   .......................................................................   VII GLOSSARY

AND DEFINITIONS   ..........................................................................................................................................................   VIII

FOOTNOTES   ..........................................................................................................................................................................................

  X

 

Duncan Campbell IPTV Ltd Edinburgh, Scotland April, 1999 mailto wcom.net  t  mailto:i:i ptv@c wcom.ne

Co ve r : 30 metre antennae at the Composite Signals Signals Organisation Organisation Station, Morwenst Morwenstow, ow, England, in inttercepting communications from Atlantic Ocean and Indian Ocean regional satellites. (D Campbell)

 

Summary 1.

Communicati ications ons intel intellige ligence nce (Comint) involving the covert interception of foreign communications has

been practised by almost every advanced nation since international telecommunications became available. Comint is a large-scale industrial activity providing consumers with intelligence on diplomatic, economic an d s c i e n tific developments. The capabil capabilities ities of and constraints on Comint activity may usefully usefully be considered in the framework of the "intelligence cycle" (section 1). 2.

Globally, about 15-20 billion Euro is expended expended a annually nnually on Comint Comint and related related activiti activities. es. The largest largest component of this expenditure is incurred by the major English-speaking nations of the UKUSA alliance. 1 This report describes how Comint organisations have for more than 80 years made arrangements to obtain acce access ss to mu much ch of the world's international in ternational communications c ommunications.. These include the th e unauthorised unauthor ised interception intercep tion of commercial satellites, of long distance communications from space, of undersea cables using su bm ar in es, and of the Internet. In excess of 120 currently in simultaneous operation collecting intelligence (section 2).

3.

The high ghlly auto utomated ated UKUSA system ffor or processing process ing Comint, oft often en known as ECHELON, EC HELON, has been bee n widely 2 discus scusse sed d within thin Eur Europe ope following a 1997 STOA report. That report summarised information informa tion from the only 3 two primary sources then available on ECHELON. This report provides original new documentary and other evidence about the ECHELON system and its involvement in the interception of communication sate satellllites ites (sec (sectitio on n 3). A technical techni cal anne annexe xe give a supp supplementary, lementary, detailed description of Comint processing processin g methods.

4.

Comint information information derived from the interceptio interception n of internation international al communications communications has long been routinely routinely used to obtain sensitive data concerning individuals, governments, trade and international organisations. This report sets out the organisational and reporting frameworks within which economically sensitive in fo rm at ion is collected and disseminated, disseminated, summarising summarising examples w where here European commercial commercial organisations have been the subject of surveillance (section 4).

5.

This report identif identifies ies a previousl previously y unknown unknown inter international national organisa organisation tion - “ILETS” “ILETS” - which which has, without parliamentary or public discussion or awareness, put in place contentious plans to require manufacturers and operators of new communications systems to build in monitoring capacity for use by national security or law enforcement organisations (section 5).

6.

Comint Comint organisations now perceive that the technical technical difficulties difficulties of collecting communications are increasing, and that future production may be costlier and more limited than at present. The perception of such difficulties may provide a useful basis for policy options aimed at protective measures concerning economic information and effective encryption (section 6).

7.

Key ffiindings concerning the state of the art in Comint include : •

•

•

•

Comprehensive systems exist to access, intercept and process every important modern form of  communications, with few exceptions (section 2, technical annexe); Contrary to reports in Contrary in the press, effective "word " word spotting" search systems automatically to select telephone telephone calls of intelligence interest are not yet available, despite 30 years of research. However, speaker recognition rec ognition systems – in effect, "voiceprints" – have been developed and are deployed to recognise the speech of targeted individuals making international telephone calls; Recent diplomatic initiatives by the United States Recent States government seeking seeking European agr agreement eement to the "key escrow" system of cryptography masked intelligence collection requirements, and formed part of a long-term program which has undermined and continues to undermine the communications privacy of non-US nationals, including European governments, companies and citizens; There is wide-ranging evidence indicating that major governments are routinely utilising communications intelligence to provide commercial advantage to companies and trade.

 

IC 2000 Report

1.

1. Organisations and methods What is communications intelligence? 1. Communic Communicatio ations ns intellige intelligence nce (Comint) (Comint) is defi defined ned by NSA, the largest largest agen agency cy conducting conducting such operati operations ons as "technical and intelligence information derived from foreign communications by other than their intended recipient". 4 Comint is a major component of Sigint (signals intelligence), which also includes includes the collection of non-communications signals, such as radar emissions. 5 Although this report report deals with agencies and systems whose overall task may be Sigint, it is concerned only with Comint. 2.

Comint has shadowed the development of extensive high capacity new civi civill telecommunications telecommunications systems, and has in consequence become a large-scale industrial industrial activit activity y employing many skilled skilled workers and utilising exceptionally high degrees of automation.

3.

The The targets of Comint Comint operations are varied. The m most ost ttraditional raditional Comint targets are military military messages and diplomatic communications between national capitals and missions abroad. Since the 1960s, following following the growth of world trade, the collection of economic intelligence and information about scientific and technical development develo pments s has been an increasingly important aspect of Comint. More recent targets include narcotics trafficking, money laundering, terrorism and organised crime.

4.

Whenever access to international communic communications ations channels is obtained for one purpose, access to every other  type ty of communications carried onNSA same meitschannels is automatic, subject onlyComint to the collected tasking ofpe agencies. Thus, for example, Nthe SA sa and Br British itish counterpart GCHQ, used Comint collect edrequirements primarily for  for  other purposes to provide data about domestic political opposition figures in the United States between 1967 and 1975.

UKUSA alliance 5. The The United States Sigint Sigint System (USSS) (USSS) consists of the Nati National onal Securi Security ty Agency Agency (NSA), (NSA), milit military ary support support units collectively called the Central Security Service, and parts of the CIA and other organisations. Following wartime collaboration, in 1947 the UK and the US made a secret agreement to continue to conduct collaborative glob obal al Comint activities. Three other English-speaking En glish-speaking nations, Canada, Cana da, Australia and a nd New Zealand joined the UKUS UK USA A agreement agreemen t as "Second Parties". The UKUSA agreement was not acknowledged acknowledge d publicly until March 1999, when the Australian government confirmed that its Sigint organisation, Defence Signals Directorate (DSD) "does co-operate with counterpart signals intelligence organisations overseas under the UKUSA relationship". 6 The UKUSA agreement shares facilities, facilities, tasks and product between participating governments. 6.

Although Although UKUSA UKUSA Comint Comint agency staffs staffs and budgets budgets have have shrunk fo followi llowing ng the end of tthe he cold war, war, they have have re af fi rm ed their requi requirements rements for access to all the world's co communications. mmunications. Addressing NSA staff staff on his departure in 1992, then NSA director Admiral William Studeman described how "the demands for increased global obal acce access ss are are growing". The "business "busin ess area" of "global "glo bal a acces ccess" s" was, he said, one of "two, hopefully ho pefully strong, stro ng, 7 legs upon which which NSA must stand" stand" in the next century.

Other Comint organisations 7.

Besides UKUSA, UKUSA, there there at least 30 other nations operating major Comint organisations. organisations. The largest is the 8 Russ ussian F FAPSI, APSI, with 54,000 54,000 employees. China maintains a substantial Sigint system, two stations of which are directed at Russia and operate in collaboration with the United States. States. Most Middle Eastern Eastern and Asian nations have invested substantially in Sigint, in particular Israel, India and Pakistan.

How intelligence works 8.

In the post post cold cold war era, Comint intercep interception tion has been constrained con strained by recognisable reco gnisable industrial indu strial features, features , including th e re quirement to match budgets and capabilities to customer requirements. The multi-step multi-step process by means of which communications intelligence is sought, collected, processed and passed on is similar for all countries, and is often described as the "intelligence cycle". The steps of the intelligence cycle correspond to distinc distinctt organisati organisational onal and technical features features of Comint Comint production. Thus, for example, example, the administration administration of NSA's largest large st field station iin n the world, wo rld, at Menwith Hill in England and responsible for operating over 250

 

IC 2000 Report

2.

classified projects, is divided into three directorates: OP, Operations and Plans; CP CP,, Collection Processing; and EP, Exploitation and Production.

Planning 9. Pl an ning first first involves involves determ determinin ining g customer customer requir requirement ements. s. Customer Customers s include include the major major minis ministrie tries s of the the sponsoring government – notably those concerned with defence, foreign affairs, security, trade and home affairs. The overall management of Comint involves involves the identification of requirements for data as well as translating transla ting requirements into potentially achievable tasks, prioritising, arranging analysis and reporting, and monitoring the quality of Comint product. 10. Once Once targ target ets s have been se selected, lected, spe specific cific existin existing g or new collection c capabilitie apabilities s may be tasked, based on the type of information required, the susceptibility of the targeted activity to collection, and the likely effectiveness of collection.

Access and collection 11. 11. The first essen essential tial of Comi Comint nt is access to the desired communications medium so that communications may be inte intercepted rcepted.. Historica Historically, lly, where long-range radio communications communicatio ns were used, this task was simple. Some important modern communications communications systems are not "Comint friendly" and may require unusual, expensive or  intrusive methods to gain access. The physical means of communication is usually independent of the type of information informati on carried. For example, inter-city microwave radio-relay systems, internat international ional satellite links and fibre fibr e optic submarine cables will all usually carry mixed traffic of television, telephone, fax, data links, private voice, video and data. 12. Coll Collec ecti tion on follows interception , but is a distinct activity in that many types of signals may be intercepted but

will receive no further processing save perhaps technical searches to verify that communications patterns remain unchanged. For example, a satellite interception station station tasked to study a newly launched communications satellite will set up an antenna to intercept all that the satellite satellite sends to the ground. Once a surve survey y has established which parts of the satellite's signals carry, say, television or communications of no interest, these signals will not progress further within the system. 13. Collection includes both acquiring acquiring information by interception and passing information of interest downstream downstream for processing and production . Because of the high in information formation rates rates used in many modern networks, networks, and the complexity of the signals within them, it is now common for high speed recorders or "snapshot" memories t emporarily to hold large quantities quantities of data while while processing takes takes place. Modern collection collection activities use secure, rapid communications to pass data via global network networks s to human analysts analysts who may be a continent continent

 

IC 2000 Report

3.

away. Selecting messages for collection collection and processing is in most cases automated, involving large on-line databanks holding information about targets of interest.

Processing 14. 14. Pr Proc oces essin sing g  is the conversion of collected information into a form suitable for analysis or the production of 

i n t elligence, either aut automaticall omatically y or under human supervision. supervision. Incoming communications communications are normally normally converted conve rted into standard formats identifying their technical characteristics, together with message (or signal) related information (such as the telephone numbers of the parties to a telephone conversation). 15. At an early stage, if it is not inherent in the selection of the message or conversation, each intercepted signal or channel will be described in standard "case notation". Case notation first first identifies identifies the countries whose whose communications have been intercepted, usually by two letters. A third letter designates designates the general class of  communications: C for commercial carrier intercepts, D for diplomatic messages, P for police channels, etc.  A fourth letter designates the type of communications system (such as S for multi-channel). Numbers then designate particular links or networks. Thus for example, during during the 1980s 1980s NSA intercepte intercepted d and processed processed traffic traffi c designated as "FRD" (French diplomatic) from Chicksands, England, England, while the British Comint agency GCHQ deciphered "ITD" (Italian diplomatic) messages at its Cheltenham headquarters. 9 16. Processing may also involve involve translation translation or "gisting" (repl (replacing acing a verbatim verbatim text with with the sense or main points points of a communication). Translation Translation and gisting can to some degree be automated.

Production and dissemination 17. Comi Comint nt production  involves analysis, evaluation, translation and interpretation of raw data into finished intelligence. intelligen ce. The final step of the intelligence intelligence cycle is dissemination, meaning the passing of reports to the intelligence consumers. Such reports can consist of raw (but decrypted and/or translated) messages, gists, comm commentary, entary, or extensive analyses. analyse s. The quality and relevance of the disseminated reports lead in turn to the re-specification of intelligence collection priorities, thereby completing the intelligence cycle. 18. The The nature of dissemination is highly signific significant ant to questions of how Comint Comint is exploited exploited to obtain economic advantage. Comint activities activitie s everywhere everywher e are highly classified c lassified because, be cause, it is argued, arg ued, knowledge knowle dge of the success su ccess of interception would be likely to lead targets to change their communications methods to defeat future interception. Within the UKUSA system, the dissemination of Comint Comint reports is limited to individuals holding 10 high gh--level vel secu ecurity "S "SCI" CI" cle clearanc arances. es. Further, because beca use only cleared cl eared officials offici als can see Comint Co mint reports, reports , only they c an s e t requirements and thus control tasking. tasking. Officials of commercial commercial companies companies normally normally neither neither have have clearance nor routine access to Comint, and may therefore only benefit from commercially relevant Comint information to the extent that senior, cleared government official officials s permit. The ways in which this takes place is described in Section 5, below. 19. Disse issemi mination nation is further restricted within the UKUSA organisation by national and internationa internationall rules generally stipulating that the Sigint agencies of each nation may not normally collect or (if inadvertently collected) record or disseminate information about citizens citizens of, or companies regi registered stered in, any other UKU UKUSA SA nation. Citizens and companies are collectively known kno wn as "legal persons". The opposite procedure is followed if the person concerned has been targeted by their national Comint organisati organisation. on. 20. Fo r e x am p le , Hager has describ described ed 11 how New Zealand officials officials were instructed instructed to remove the names of  identifiable UKUSA citizens or companies from their reports, inserting instead words such as "a Canadian citiz citize en" or "a US company". British Comint staff have described describe d following similar procedure procedures s in respect of US citizens following the introduction introduction of legislation to to limit NSA's NSA's domestic intelligence activiti activities es in 1978. 12The The  Aust  Au stralian ralian governme government nt says that "DSD and its counterparts counterparts operate internal procedu procedures res to satisfy themselves themselves that their national interests and policies are respected by the others … the Rules [on Sigint and Australian persons] prohibit the dissemination of information relating to Australian persons gained accidentally during the course of routine collection of foreign communications; or the reporting or recording of the names of Australian pe rs on s me ntioned in in foreign foreign communicat communications" ions".. 13 The corollary corollary is also true; true; UKUSA nations place no restrictions on intelligence gathering affecting either citizens or companies of any non-UKUSA nation, including member states of the European Union (except the UK).

 

IC 2000 Report

4.

2. Intercepting international communications International Leased Carrier (ILC) communications 21. It is a matter of rec record ord that foreign foreign communica communications tions to and from, from, or passing through through the United United Kingdom and 14 th e Un it ed St ates ates have been inter intercept cepted ed for for mor more e than than 80 ye years. ars. Then and and since, since, most most intern internatio ational nal communications communi cations links have been operated by international carriers, who are usually individual national PTTs or private private companies. In either case, capacity on the communication communication system is leased to indivi individual dual national or international telecommunications telecommunications undertakings. For this reason, Comint or organisations ganisations use the term ILC (International Leased Carrier) to describe such collection.

High frequency radio 22. S ave for for direct landline landline connections betw between een geographical geographically ly contiguous nations, nations, high frequency frequency (HF) radio system were the most common means of international telecommunications prior to 1960, and were in use for  ILC, ILC, diplom lomati atic and milita military ry purpos purposes. es. An importa important nt characteristic chara cteristic of HF radio signals s ignals is that t hat they are a re reflected reflec ted from the ionosphere and from the earth's surface, providing ranges of thousands of miles. This enables both reception and interception.

Microwave radio relay 23. Microwave radio was introduced introduce d in the 1950s to provide provid e high capacity inte inter-city r-city communications communic ations for telephony, teleph ony, telegraphy and, later, television. Microwave radio relay communications utilise low power transmitters and parab arabo olic dish antenna antennae e placed on towers in high positions p ositions such as on hilltops h illtops or tall buildings. building s. The antennae antenna e are are usua usualllly 1-3m in diameter. Because of the th e curvature of the earth, relay stations are generally g enerally required every 30-50km. Subsea cables 24. Su b marine telephone cables cables provided tthe he first maj major or reliable high capacity international international communications communications syst systems. ems. Early systems were limited limited to a few hundred simultaneous simultaneous telephone channels. The most modern opti optical cal fibre bre systems c carry arry up to 5 Gbps (Giga (Gigabits bits per second) sec ond) of digital dig ital information. information . This is broadly broa dly equivalent equivale nt to about 60,000 simultaneous telephone channels.

Communications Communicatio ns satellites 25. Microw crowave ave radio signals are not reflected from the ionosphere and pass directly into space. This property has been exploited both to provide global communications and, conversely, to intercept such communicati communications ons in space spac e and on land. The largest constellation of communications communications satellites (COMSA (COMSATs) Ts) is operated by the In te rn at ional Telecommunications Satellite organisation (Intelsat), (Intelsat), an international international treaty organisation. To provide permanent communications communica tions from point to point p oint or fo forr broadcas br oadcasting ting purposes, purpose s, communica c ommunications tions satellites satellite s are placed into so-called "geostationary" orbits such that, to the earth-based observer, they appear to maintain the same position in the sky. 26. The The first geostationary Int Intelsat elsat satellites satellites were orbited orbited in 1967. Satellite technology developed developed rapidly. rapidly. The fourth generation of Intelsat satellites, introduced in 1971, provided capacity for 4,000 simulataneous telephone channels and were capable of handling all forms of communications simultaneously –telephone, telex, telegraph, teleg raph, television, data and facsimi facsimile. le. In 1999, Intelsat operated 19 satellites of its 5 thto 8th generations. The latest generation can handle the equivalent to 90,000 simultaneous calls.

Communications techniques 27. Pr io r t o 1970, most communications communications systems (however carried) utilised analogue or continuous wave wave tech techni niques ques.. Since 1990, almost all communications have bee been n digital, and are providing ever higher capacity.   The The highest capacity systems in general use for the Internet, called STM-1 or OC-3, operates at a data rate of 155Mbs. (Million bits per second; a rate of 155 Mbps is equivalent to sending 3 million words every second, roughly the text of one thousand books a minute.) For example, links at this capacity are used to provide backbone Internet connections connections between Europe and the United States. Further details of communications communications techniques are given in the technical annexe.

 

IC 2000 Report

5.

ILC communications collection Access 28. 28. Co Comi mi nt collection collection cannot ttake ake place unless unless the collecting collecting agency agency obtains access access to the communicat communications ions chan channe nels ls they wish to examine. Information abou aboutt the means used to gain access are, like data about codebreaking methods, the most highly protected information information within within any Comint organisation. organisation. Access is gained both with and without the complicity or co-operation of network operators.

Operation SHAMROCK 29. From 1945 onwards onwards in the the United States the NSA and predecessor agencies systemat systematically ically obtained cable tr af fi c from fr om the off offices ices of the major major cable cable companies. companies. T This his activity activity was codenamed codenamed SHAMROC SHAMROCK. K. These acti activi vitties ies remained unknown for 30 years, until en enquiries quiries were prompted by the Watergate affair. On 8 August 1975, NSA Director Lt General Lew Allen admitted to the Pike Committee of the US House of Representatives that : "NSA systematically intercepts international communications, both voice and cable”.

High frequency radio interception antenna (AN/FLR9)

DOJOCC sign at NSA Station, Chicksands.

30. He als so o ad adm mitte itted d that "messages "me ssages to and from American citiz citizens ens hav have e been picked up u p in the course of o f gathering gatherin g for foreig gn n int intelligence". US legislators considered consi dered that such operations opera tions might have been unconstitution unc onstitutional. al. During 1976, a Department of Justice team investigated possible criminal offences by NSA. Part of their report was released in 1980. It described how intelligence on US citizens: "was obtained incidentally in the course of NSA's interception of aural and non-aural (e.g., telex) in t ernatio ernational nal communicati communications ons and the receipt of GCHQ-acquired GCHQ-acquired15 telex and ILC (International  Leased Carrier) Carrier) cab cable le traff traffic ic (SHAMROCK) (SHAMROCK)" (emphasis (emphasis iin n original). original).

High frequency radio interception 31. High frequency radio signals are relative relatively ly easy to intercept, intercept, requiring only only a suitable area of land in, in, ideally, a "q ui et " radio environment. environment. From From 1945 until the early early 1980s, both NSA and GC GCHQ HQ operated operated HF radio 16 interception systems tasked to collect European ILC communications in Scotland. 32. The most ost adv advanced type of HF monitoring system deployed deplo yed during this period for f or Comint purposes purpo ses was a large la rge circul rcula arr antenna array known as AN/FLR-9. AN/FLR-9 antennae are more than 400 metres in diameter. They can simultaneously intercept and determine the bearing bearing of signals from as many directions directions and on as many freq freque uenc ncie ies s as may be desired. In 1964, 1964 , AN/FLR-9 receiving re ceiving systems s ystems were wer e installed at San Vito dei Normanni, Italy; Chicksands, England, and Karamursel, Turkey. 33. In August 1966, NSA NSA transferred ILC collection activities from from its Scottish site at Kirknewton, to Menwit Menwith h Hill in Engl ngland. Ten years later, this activity was again transferred, to Chicksands. Although the primary function site"NDC" was to(Non-US interceptDiplomatic Soviet and Communications). Warsaw Pact air force communications, it was alsowas tasked tofo the c o llChicksands e c t I LC and Prominent among such tasks th the e collection of FRD traffic traffic (i.e., (i.e., French diplomatic communications). communications). Although most personnel at Chicksands Chicksands were members of the US Air Force, diplomatic and ILC interception was handle handled d by civilian NSA employees 17 in a uni unitt calle called d DO DODJO DJOCC. CC.

 

IC 2000 Report

6.

34. During During the 1970s, British Comint Comint units on Cy Cyprus prus were tasked to collect collect HF communi communications cations of allied NATO nations, includi including ng Greece and Turkey. The interception took place at a British army unit at Ayios Ayios Nikolaos, 18 ea st er n Cy Cyprus. prus. In tthe he Un United ited States States in 1975, investigat investigations ions by a US Congressional Committee revealed that NSA was collecting diplomatic messages sent to and from Washington from an army Comint site at Vint Hi ll Fa rms, Virginia. The targets of this station included the Unite United d 19 Kingdom.

Space interception of inter-city networks 35. 35. Lo ng di stance stance microwa microwave ve radio radio relay links links may may require require dozens dozens of  i n t ermediate stations to receive receive and re-transmit communications. Each subsequent receiving station picks up only a tiny fraction of the original tr an s mitted signal; the re remainder mainder passes passes over the horizon horizon and on into into space, where satellites can collect it. These principles w were ere exploited exploited during the 1960s to provide Comint collection from space. The nature of  microwave "spillage" means that the best position for such satellites is not above the chosen target, but up to 80 degrees of longitude away. 36. 36. The fir st US Com Comint int satellit satellite, e, CANYON, CANYON, was was launched launched In August 19 1968, 68, followed soon by a second. The satellites satellite s were controlled controlled from a ground station stati on at Bad Ba d Aibling, Germany. Ge rmany. In order to provide permanent coverage of selected targets, CANYON satellites were placed close to geostationary orbi orbits ts.. However, th the e orbits were not exact, c causing ausing th the e satellites to change po si tion and obtain obtain more more data on groun ground d ta target rgets. s. 20 Seven Seven CAN CANYO YON N satellites were launched between 1968 and 1977. links extended for thousands of miles, much of it over Siberia, where pe perm rmaf afro rost st restrict restricted ed the reliable relia ble use of undergro und erground und cables. cab les. Geographic Geogr aphical al circumstances thus favoured NSA by making Soviet internal communications communicat ions links highly accessible. accessible. The satellites perf performed ormed better  than expected, so the project was extended. 38. The succ succes ess s of CANYON led to the design desig n and deployment of a new ne w class of Comi Comint nt satelli tellites, tes, CHAL CHALET. ET. The ground gro und sta station tion chosen cho sen for the CHALET CHA LET series was wa s Menwith Hill, England. Under NSA project P-285, US companies were contracted to install and assist in operating the satellite control system and downlinks (RUNWAY) and ground processing system (SILKWORTH). (SILKWOR TH). The first two CHALET satellites were launched in June 1978 and October 1979. After the name of the first satellite appeared in the US press, they were renamed VORTEX. In 1982, NSA obtained approval approv al for expanded requirements" and were given and facilities to operate"new fourmission VORTEX satellites simultan s imultaneously eously. . Afunds new 5,000m2 operations centre centre (STEEPLEBUSH) (STEEPLEBUSH) was was constructed to house processing equipment. When the name VORTEX was published in 1987, the satellites were renamed MERCURY. 21 39. The ex panded mission given to to Menw Menwith ith Hill Hill after 1985 included included M E RCURY RCURY collection from the Middle East. The station received received an award for support to US naval operations in the Persian Gulf from 1987 to 1988. In 1991, a further aw award ard was given given for support support of the Iraqi war  22 op erations, er ations, Deser Desertt Storm Storm and Deser Desertt Shi Shield. eld. Menwith Menwith Hill is is now the the major US site for Comint collection against its maj major or ally, Israel. Its staff  incl includes udes linguists inguists trained in He Hebrew, brew, Arabic Ara bic and a nd Farsi Far si as well as European languages. Menwith Hill has recently been expanded to include ground links for a new network of Sigint satellites launched in 1994 and 1995 (RUTLEY). The name of the new class of satellites remains unknown.

 

Inter-city microwave radio relay  tower “spills” its signals into space (below)

IC 2000 Report

7.

Sigint satellites 40. The CIA developed a second se cond class clas s of Sigint satellite with complementa complementary ry capabilities capabi lities over the t he period from 1967 to 1985. 1985 . Initially known kno wn as RHYOLITE and later AQUACADE, these satellites were operated from a remote gr ou nd st a t ion in central Australia, Pine G Gap. ap. Using a large parabolic antenna which which unfolded unfolded in space, space, RHYOLITE RH YOLITE intercepted lower frequency signals in the VHF and UHF bands. Larger, most recent satellites of  this type have been named MAGNUM and then ORION. Their targets include telemetry, VHF radio, cellular  mobile phones, paging signals, and mobile data links. 41. A thir third d class ass of satellite, known first f irst as JUMPSEAT JUM PSEAT and latterly latt erly as TRUMPET, TRUMPE T, operates operate s in highly high ly elliptical elliptica l nearpo pola larr orbi orbitts s en enabling abling them th em to "hover" "hover " for long per period iod over high hig h northern northe rn latitudes. latitud es. They enable ena ble the United Unite d States to collect signals from transmitters in high northern latitudes poorly covered by MERCURY or ORION, and also to intercept signals sent to Russian communications satellites in the same orbits. 42. Althou though gh prec preciise details of US space-bas space-based ed Sigint satellites satelli tes launched after 1990 remain re main obscure, obscure , it is apparent apparen t from observation of the relevant ground centres that collection systems have expanded rather than contracted. The main stations are at Buckley Field, Denver, Colorado; Pine Gap, Australia; Menwith Hill, England; and Bad  A  Aiibling, Germ ermany. ny. The satellites and their processing facilities are exceptionally costl costly y (of the order of $1 billion US each). In 1998, the US National Reconnaissance Office (NRO) announced plans to combine the three sepa separa rate te cla asse sses s of Sigint s satellites atellites into a an n Integrated In tegrated Overhead Sigint Architecture Arch itecture (IOSA) in order to " improve Sigint performanc performance e and avoid costs by consolidating systems, utilising … new satellite and data processing 23 technologies". 43. It follows that, within constraints imposed by budgetary limitation and tasking priorities, the United States can if it chooses direct space collection systems to intercept mobile communications signals and microwave cityto-city traffic anywhere on the planet. The geographical and processing difficulties of collecting messages simult simultaneously aneously from all parts of the globe suggest strongly that the tasking of these satellites will be directed towards the highest priority national national and military targets. Thus, although European comm communications unications passing on inter-city microwave routes can be collected, it is likely that they are normally ignored. But it is very highly probable that communications to or from Europe and which pass through the microwave communications networks of Middle Eastern states are collected and processed.

Comint satellites in geostarionary orbits, such as VORTEX, intercept terrestial microwave microwave “spillage”.

44. No ot he r nation ((including including the former former Soviet Soviet Union Union)) has dep deployed loyed satellites satellites comparable comparable to CANYON, CANYON, RHYOLITE, or their successors. Both Britain (project ZIRCON) ZIRCON) and France (project ZEN ZENON) ON) have attempted to do so, s o, but neither persevered. After 1988 the British government purchased capacity on the US VORTEX (now MERCURY) MERCURY) constellation constellation to use for unilateral unilateral national purposes. purposes. 24 A senior UK UK Liaison Officer Officer and staff  staff  from GCHQ work at Menwith Hill NSA station and assist in tasking and operating the satellites.

COMSAT ILC collection

 

IC 2000 Report

8.

45. Sy Syst stem emat atic ic collection of COMSAT ILC communications began in 1971. Two ground stations were built for this pu rp os e. The first at Morwenst Morwenstow, ow, Cornwal Cornwall, l, England had two 30-metre antennae. One intercept intercepte ed communications from the Atlantic Ocean Intelsat; the other the Indian Ocean Intelsat. Intelsat. The second second Intelsat Intelsat interception site was at Yakima, Washington in the northwestern United States. NSA's "Yakima Research Station" intercepted communications passing through the Pacific Ocean Intelsat satellite. 46. ILC interception capability capability against western-run communications communications satellites remai remained ned at this level until the late 1970s, when a second US site at at Sugar Grove, West West Virginia was was added to the network. By 1980, its three three satellite antenna had been reassigned to the US Naval Security Group and were used for COMSAT interception. Large-scale expansion of the ILC satellite interception system took place between 1985 and 1995, in co nj un ction with the enlargem enlargement ent of the ECHELON ECHELON processing system (section (section 3). New stations stations were were constructed in the United States (Sabana Seca, Puerto Rico), Canada (Leitrim, Ontario), Australia (Kojarena, Western We stern Australia) and New Zealand (Waihopai, South Island). Capacity at Yakima, Morwenstow and Sugar  Grove was expanded, and continues to expand. Ba Base sed d on on a sim simpl ple cou count nt of tthe he number of antennae currently installed at each COMSAT interception in terception or satellite SI SIGINT GINT station, it appears that indicates that the UKUSA nations are between them currently operating at leas leastt 120 satellite based collection systems.   The approximate number of antennae in each category are : - Tasked on western commerc commercial ial communicatio communications ns satellit satellites es (ILC)

40

- Controllin Controlling g space based signal signals s intell intelligence igence satelli satellites tes

30

- Currently or formerly tasked on Soviet communications satellites

50 25

Systems in the the third category category may have been reallocated reallocated to IILC LC tasks since the end of the cold cold war. 47. Other nations increasingly collect Comint from satell satellites. ites. Russia's FAPSI operates large ground collection sites at Lourdes, Cuba and at Cam Ranh Bay, Vietnam. 26 Germany's BND and France's France's DGSE are alleg alleged ed to collaborate in the operation of a COMSAT collection site at Kourou, Guyana, targeted on "American and South  Am e ri c a n satellite communications". DGSE is also said to have COMSAT collection sites at Domme (Dordogne, France), France), in New Caledonia, and in the United Arab Emirat Emirates. es. 27 The Swiss intelligence intelligence service service has 28 recently announced a plan for two COMSAT COMSAT interception stations.

 

IC 2000 Report

Satellite ground terminal at Etam, West Virginia, connecting Europe and the US via Intelsat IV

9.

GCHQ constructed an identical “shadow” station in 1972 to intercept Intelsat messages for UKUSA

Submarine cable interception 48. Submarine Submarine cables now play a dominant role in international international telecommunicati telecommunications, ons, since – in contrast to the lim imitited ed band bandwi wid dth th available for space sys systems tems – optical me media dia offer seemin seemingly gly unlimited capacity. ca pacity. Save where cables terminate in countries where telecommunications operators provide Comint access (such as the UK and the US), submarine cables appear intrinsically secure because of the nature of the ocean environment. 49. In October 1971, this security was shown not to exist. A US submari submarine, ne, Halibut, visited visited the Sea of Okhotsk off the eastern USSR and recorded communications passing on a military cable to the Khamchatka Peninsula. Halibut was equipped with a deep diving chamber, fully iin n view on the submarine's stern. The chamber was described by the US Navy as a "deep submergence rescue vehicle". The truth was that the "rescue vehicle" was was weld welded ed immo immova vabl bly to the s submar ubmarine. ine. Once submerg su bmerged, ed, deep-se de ep-sea a divers diver s exited exite d the submarin su bmarine e and wrapped wra pped t a p ping coils around the cable. Having proven the principle, USS Halibut returned in 1972 and laid a high capacity recording pod to the cable. The technique involved no physical damage and was unlikely to have 29 bee been n rea readil dily y detect detectabl able. e.next 50. The Okhotsk cable tapping operation continued for ten years, involving routine trips by three different specially equipped equip ped submarines to collect old pods and lay new ones; sometimes, sometimes, more than one pod at a time. New targ target ets s were were ad added ded in 1979. That summer, su mmer, a ne newly wly converted conv erted submar s ubmarine ine called call ed USS Parche Parc he travelled trav elled from fr om San Fr Fran anci cisco sco unde underr the the North Pole to tthe he Barents Bar ents Sea, Se a, and laid l aid a ne new w cable cabl e tap near ne ar Murmansk Mur mansk.. Its crew cr ew received rece ived a presidential presidential citation for for their achievement. achievement. The Okhotsk ca cable ble tap ended in 1982, after after its location location was compromised by a former NSA employee who sold information about the tap, codenamed IVY BELLS, to the Soviet Union. One of the IVY BELLS pods po ds is now on displa display y in the Moscow museum mu seum of the former forme r KGB. The cable tap in the Barents Sea continued in operation, undetected, until tapping stopped in 1992. 51. Duri uring 1985 1985,, cable-tapping able-tapping operations were extended exten ded into the Mediterranean, Mediter ranean, to intercept cables c ables linking link ing Europe 30 t o We s t A Aff ri ca. After the cold war ended, the USS Parche was refitted with an extended section to accommodate larger cable tapping equipment and pods. Cable taps could be laid by remote control, using dro drones. es. USS Parche continu continues es in operatio operation n to the present day, but the pr precise ecise targets targe ts of its missions remain unknown. The Clinton Clinton administration evidently places high value on its achievements, Every year from 1994 t o 19 97 , the s subma ubmarine rine crew crew has has been highl highly y commende commended. d. 31 Likely targets targets may include include the Middle Middle East, East, Mediterranean, eastern ea stern Asia, and a nd South America. Ameri ca. The United States is is the only naval power known to have deployed deep-sea technology for this purpose.

 

IC 2000 Report

10.

52. Miniaturised inductive inductive taps recorder recorders s have have also also been been used used to intercept intercept underground underground cables. 32 Optical fibre cables, cabl es, however, do not leak radio frequency signals and cannot be tapped using inductive loops. NSA and other Comint agencies have spent a great deal of money on research into tapping optical fibres, reportedly with little success. But long distance optical optical fibre cables are not invulner invulnerable. able. The key means means of access is by tampering with optoelectronic "repeaters" "repeater s" which boost signal levels over long distances. It follows that any submarine cable system using submerged optoelectronic repeaters cannot be considered secure from

USS Halibut with disguised chamber for diving 

Cable tapping pod laid by US submarine off Khamchatka

interception and communications intelligence activity.

Intercepting the Internet 53. The dramatic growth in the size and significance significa nce of the Internet and of related forms of digital digit al communications has has be been en argued by some to pose a challenge for Comint agencies. agen cies. This does not appear correct. During the 1980s, NSA and its UKUSA partners operated a larger international international communications communications network than than the then 33 Internet Inte rnet but based on the same technology. According to its British British partner "all GCHQ systems are linked together on the largest LAN [Local Area Network] in Europe, which is connected to other sites around the world via one of the largest WANs [Wide Area Networks] in the world … its main networking protocol is Internet Proto otocol col (IP) IP).34 This globa globall network, developed develope d as project proj ect EMBROIDERY, includes inc ludes PATHWAY, the t he NSA's main mai n computer communications communications network. It provides fast, secure global communication communications s for ECHELON and other  systems. 54. 54. S in c e t h e early early 199 1990s, 0s, fast fast and sophistic sophisticated ated Co Comint mint sy system stems s have been develo developed ped to collect collect,, filter filter and analyse of fast digital communications communications used the Internet. In ternet.many Because most of the in world's worl d's Internet capacity the lies forms within the United States or connects to the by United States, communications "cyberspace" will pass through intermediate inte rmediate site sites s within the United State States. s. Communications Communica tions from Europe to and an d from Asia, Oceania, Africa or South America normally travel via the United States. 55. Ro Rout utes es take taken n by Inte Internet "packets" "pa ckets" depend on the origin and an d destination desti nation of o f the data, da ta, the systems through which they they en ente terr and leaves the th e Internet, and a myriad of other o ther factors including inc luding time of day. da y. Thus, routers within the western United States are at their most idle at the time when central European traffic is reaching peak usage. It is thus possible (and reasonable) for messages travelling a short distance in a busy European network to trave ravell inst nstead, for example, via v ia Internet exchanges in California. It follows that a large proportion prop ortion of international communications on the Internet will by the nature of the system pass through the United States and thus be readily accessible to NSA. 56 .S ta nd ar d Internet messages are composed of packets called "datagrams" . Datagrams include numbers representing represen ting both their origin and their destination, called "IP addresses". The addresses are unique to each computer connected to the Internet. They are inherently easy to identify identify as to country and site of origin and dest destin inat atio ion. n. Ha Hand ndlilin ng, g, so sorting rting a and nd routing ro uting millions of su such ch packets pa ckets each second is fundamental fun damental to the operation operatio n of major Internet centres. centres. The same process facilitates facilitates extraction of traffi traffic c for Comint purposes. 57. Internet traffic can be accessed either either from international c communications ommunications links entering entering the United States, or  wh en i t rreaches eaches major Internet exchanges. Both methods have advantages. advantages. Access to communications communications syst system ems s is likely to be remain clandestine - whereas access to Internet exchanges might be more detectable

 

IC 2000 Report

11.

but provides easier a access ccess to mo more re data and a nd simpler sorting s orting methods. meth ods. Although the th e quantities quantitie s of data involved are immense, NSA is normally legally restricted to looking only at communications that start or finish iin na fore foreiign coun countr try. y. Unles Unless s spe special cial warr warrants ants are a re issued, issu ed, all other data should s hould normally be thrown thr own away awa y by machine before it can be examined or recorded. 58. Much Much other Internet traffic (whether foreign to the US or not) is of trivial intelligence interest or can be handled in other ways. For example, messages sent to "Usenet" discussi discussion on groups amounts to about 15 Gigabytes (GB) of data per p er day; the rough equivalent of 10,000 books. All this data is broadcast to anyone wanting (or  willing) willi ng) to have it. Like other Internet Internet users, intelligence intelligence agencies have open sour source ce access to this data and stor store e an and d anal analyse yse it. it. In the UK, UK , the Defence Def ence E Evalu valuation ation a and nd Res Researc earch h Agen Agency cy maintain main tains s a 1 Terabyte Terab yte databa da tabase se containing the previous previous 90 days of Usenet messages. 35 A similar service, called "Deja News", is available to users of the World Wide Web We b (WWW). Messages for Usenet are readily readily distinguishable. distinguishable. It is pointless to collect them clandestinely. 59. Similar considerations affect the World Wide Web, most of which is openly accessible. Web sites are examined continuously by "search "search engines" which generate catalogues of their their contents. "Alta Vista" and "Hot "Hotbo bott" are are prom promin inent ent public pu blic si sites tes of this kind. ki nd. NSA similarly simi larly employ e mploys s computer comp uter "bots" " bots" (robots) (robo ts) to collec c ollectt data of i nterest. For example, a New York web site known as JYA.COM JYA.COM (http://www.jya.com/cryptome (http://www.jya.com/cryptome)) offers extensive public information on Sigint, Comint and cryptography. The site is frequently updated. Records of  access to the site show that every morning it is visited by a "bot" from NSA's National Computer Security Centre, which which looks for for new files files and makes makes copies of any that it finds. 36 60. It follows ows that that foreign Internet traffi traffic c of communications communica tions intelligence intellig ence interest inter est – consisting consist ing of e-mail, file transfers, "virtual private networks" operated over the internet, and some other messages - will form at best a few per cent of the traffic on most US Internet excha exchanges nges or backbone bac kbone links. links . According to a former employee, employ ee, NSA had by 37

1995 995 installed “sniffer” software to collect such traffic at nine major Internet exchange points (IXPs). The first two such sites identified, FIX East and FIX West, are operated by b y US government agencies. agenc ies. They are closely linked to nearby commercial locations, MAE East and MAE West (see table). Three other sites listed were Network Access Points originally developed by the US National Science Foundation to provide the US Internet with its initial "backbone".

Internet site

Location

Operator

Designation

FIX East

College Park, Maryland

U S g ove r nm e nt

Federal Information Exchange

FIX West

Mountain View, California

U S g ove r nm e nt

Federal Information Exchange

MAE East

W a s h i n g t o n , DC

MCI

Metropolitan Area Ethernet

New York NAP

P e nns a uk en , N ew J er s e y

Sprintlink

Ne t w o r k A c c e s s P o i n t

SWAB

W a s h i n g t o n , DC

PSInet / Bell Atlantic

SMDS Washington Area Bypass

Chicago NAP

Ch i c a g o , I l l i n o i s

Ameritech / Bellcorp

Ne t w o r k A c c e s s P o i n t

San Francisco NAP

S a n Fr a n c i s c o , C a l i f o r n i a

Pa c i f i c Be l l

Ne t w o r k A c c e s s P o i n t

MAE West

S a n J o s e , Ca l i f o r n i a

MCI

Metropolitan Area Ethernet

CIX

S a n t a Cl a r a Ca l i f o r n i a

CIX

Commercial Internet Exchange

Table 1 NSA Internet Comint access at IXP sites (1995)

38 

61. The sam same arti articl cle alleged that a leading US Internet Interne t and telecommun telecommunications ications company had contracted co ntracted with NSA to develop software to capture Internet data of interest, and that deals had been struck with the leading manufacturers Microsoft, Microsoft , Lotus, and Netscape to alter their products for foreign use. The latter allegation has proven correct (see technica technicall annexe). Providing such features featu res would make little sense unless NSA had also arranged general access to Internet traffic. Although NSA will not confirm or deny such allegations, a 1997 court case in Britain involving alleged "computer hacking" produced evidence of NSA surveillance of the Internet. Witnesses from the US Air Force component of NSA acknowledged using packet sniffers and specialised prog progra ramm mmes es to track attempts to enter e nter US milit military ary computers. comp uters. The case collapse c ollapsed d after the th e witnesses witness es refused refuse d 39 to provide provide ev eviden idence ce about about the systems systems they they had us used. ed.

Covert collection of high capacity signals 62. Wher Where e acce access ss to signals o off interest is not no t possible by other o ther means, means , Comint agencies agenc ies have constructe co nstructed d special purpose interception equipment to install in embassies or other diplomatic premises, or even to carry by hand to loca locations tions of special interest. intere st. Extensive desc descriptions riptions of operations opera tions of this kind have been published publis hed by Mike

 

IC 2000 Report

12.

Frost rost,, a form former er official of CSE, the Canadian Sigint agenc agency. y. 40 Although city c ity centre embassy e mbassy premises p remises are ar e often ideally situated to intercept int ercept a wide ran range ge of communications, ranging from official carphone services to high c a p a c i t y m icrowave links, processing and passing on such information may be difficult. Such collection op er ations are also highly highly sensitive for diplomatic diplomatic reasons. Equipment for for covert collection collection is therefore specialised, selective and miniaturised. 63. A joi joint NS NSA A/CIA /CIA "Special Collection Service" Servic e" manufact manufactures ures equipme equipment nt and trains train s personnel personn el for covert collection activities activit ies One major device is a suitcase-sized computer processing system. ORATORY. ORATORY. ORATORY ORATORY is iin n effect a miniaturised miniaturised version of the Dictionary computers described in the next section, capable of selecting non-verbal communications of interest from a wide range of inputs, according to pre-programmed selection criteria. One major NSA supplier (“The IDEAS Operation”) now offers micro-miniature digital receivers which which can can sim mult ultan aneo eously usly process Sigint d data ata from 8 independe independent nt channels. channe ls. This radio receiver is the size of o f a credit card. card. It fits in a standard laptop computer. IDEAS claim, rreasonably, easonably, that their tiny card "performs "performs functions that would have taken a rack full of equipment not long ago".

New satellite networks 64. Ne New w network operators have constructed constructed mobi mobile le phone systems providing providing unbroken unbroken global coverage coverage using s a te ll it es in low or medium level earth orbits. These systems are sometimes called satellite personal communications systems syste ms (SPCS). Because each satellite sate llite covers only a small area and moves fast, large nu numb mber ers s of sate satellllite ites are need needed ed to provide provi de cont continuo inuous us global glob al coverage. cover age. The satellite sate llites s can relay si signal gnals s directly direct ly bet between themsel themselves ves or to ground stations. The first such system to be completed, Iridium Iridium,, uses 66 satellites an d s t arted operation operations s in 1998. Iridium appears to have creat created ed particular particular difficulti difficulties es for communicat communications ions intelligence agencies, since the signals down from the Iridium and similar networks can only be received in a small area, which may be anywhere on the earth's surface.

3. ECHELON and Comint production 65. The ECHELO LON N system system became well known k nown following pub publication lication of the previous STOA report. Since then, new ne w evidence shows that ECHELON has existed since the 1970s, and was greatly enlarged between 1975 and 19 95 . L i k e ILC interception, interception, ECHELO ECHELON N has developed from earlier methods. This section includes new information and documentary evidence about ECHELON and satellite interception.

The "Watch List" 66. After the public revelation of the SHAMROCK SHAMROCK interception interception programme, programme, NSA Director Director Lt General Lew Allen described41 how NSA used "'watch lists" as an aid to watch for foreign activity of reportable intelligence interest". "We have been providing providing detail details s … of any messa messages ges contained in in the foreign communicat communications ions we inte interc rcep eptt that that bear on named individuals individu als or organisations. These compilations of names are commonly referred t o a s ‘Watch Lists’", he said. 42 Until the 19 1970s, 70s, Watch List processing processing was was manual. manual. Analysts Analysts examined examined intercepted ILC communications, reporting, reporting, "gisting" or analysing those which appeared to cover names or  topics on the Watch List.

New information about ECHELON sites and systems 67. It now appe appear ars s that hat the sys system tem iden identified tified as ECHELON has been in existence existe nce for more than th an 20 years. The need nee d for such a system was foreseen fore seen in the late la te 1960s, whe when n NSA and GCHQ planned ILC satellite interception stat statio ions ns at Mowenstow and Yakima. Yakim a. It was expected that the quantity qua ntity of messages inte intercepted rcepted from the new satellites satell ites would be too great for individual examination. According to former NSA staff, the first ECHELON computers comput ers autom automated ated Comint Comint proc processing essing a att these si sites. tes. 43 68. NSA NSA and CIA then discovered that Sigint collection from space was more effective than had been anticipated, resulting in accumulations of recordings that outstripped the available supply of linguists and analysts. Documents show that when the SILKWORTH processing processing systems was installed installed at Menwith Hill for the new satellites, it was supported by ECHELON 2 and other databanks (see illustration).

 

IC 2000 Report

13.

69. By the mid 1980s, communications intercepted at these major stations were heavily sifted, with a wide variety of specifications available for non-verbal traffic. Extensive further automation was planned in the mid 1980s as NSA NS A Proje roject ct P-41 P-415. 5. Implement mplementation ation of this th is p project roject completed the automation automatio n of o f the previous Watch List activity. From 1987 onwards, staff from international Comint agencies travelled to the US to attended training courses for the new computer systems. 70. Proj roject P-415/ECHELON made heavy use of NSA and GCHQ's global Internet-like communication network to enable remote intelligence customers to task computers at each collection site, and receive the results automatically. The key component of the system are local "Dictionary" computers, which store an extensive database on specified targets, including names, topics of interest, addresses, telephone numbers and other 

List of intelligence databanks operating  at Menwith Hill in 1979 included the second generation of ECHELON

ECHELON satellite interception site at Sugar Grove, West  Virgina, showing 6 antenna targeted on European and Atlantic  regional communications satellites (November 1998)

sele select ctio ion n criteria. Incoming messages me ssages are compared to these t hese criteria; criteria ; if a match is found, the raw intelligence is forwarded automatically. Dictionary computers are tasked with many thousands of different collection requirements, described as "numbers" (four digit codes). 71. Tasking and receiving intelligence intelligence from the Dictionaries Dictionaries invo involves lves processes processes familiar familiar to anyone who has used used the Internet. Dictionary sorting and selection can be compared to using search engines, which select web pages containing con taining key wo words rds or terms and specifying relationships. The forwarding function of the Dictionary computers may be compared to e-mail. When requested, the system system will provide lists of communications matc ma tchi hing ng each criterion for review, analysis analysis,, "gisting" or forwarding. An important point about the new system is that before ECHELON, different countries and different stations knew what was being intercepted intercep ted and to whom it was sent. Now, all but a fraction of the messages selected by Dictionary computers at remote sites are forwarded to NSA or other customers without being read locally.

Westminster, London – Dictionary computer  72. In 19 91 , a Briti British sh television television program programme me reported on on the operati operations ons of the Dictionary Dictionary computer computer at GCHQ's GCHQ's Westminster, London London office. The system "secretl "secretly y intercepts every single telex which which passes into, out of or  through throug h London; thousands of diplom diplomatic, atic, business and per personal sonal messages every day. day. These are fed into a programme progra mme known as `Dictionary'. `Dictionary'. It picks out keywords from the mass of Sigint, and hunts out hundreds of  individuals and corporations".44 The programme pointed out that the Dictionary computer computers, s, although controlled an d ta s ked by GCHQ, were oper operated ated by security vetted staff staff employed by British British Telecom (BT), (BT), Britain's 45 dominant domin ant telecommunicat telecommunications ions operator. The The presence of of Dictionary Dictionary computers computers has also been confirmed at 46

Kojarena, Australia; Australia; and at GCHQ GCHQ Cheltenham, Cheltenham, England.

Sugar Grove, Virginia – COMSAT interception at ECHELON site

 

IC 2000 Report

14.

73. US government documents confirm that the satellite satellite receiving station station at Sugar Grove, West Virginia Virginia is an ECHELON ECHE LON site, and that collects intelligence from COMSATs. The station is about 250 miles south-west of  Washington, Washingt on, in a remote area of the Shenandoah Mountains. It is operated by the US Naval Security Group and the US Air Force Intelligence Agency. 74. An upgr pgraded ded system called TIMBERLINE II, was installed at Sugar Gro Grove ve in the summer of 1990. 19 90. At the same time, me, accor according ding to official US documents, an "ECHELON training training department" was established. 47 With training complete, the task of the station in 1991 became "to maintain and operate an ECHELON site “. 48 75. The US Air Force has publicly identified the intelligence activity at Sugar Grove: its “mission is to direct sa tellite communicatio communications ns equipment [in support support of] consumers of COMSAT info information rmation  ... This is achi ac hi ev ed by prov providin iding g a trained cadre cadre of collecti collection on system system operators operators,, analysts analysts and managers” managers”.. 49 In 1990, 1990, sate satellllitite e photographs showed that there were 4 satellite antennae at Sugar Grove. By November 1998, ground inspection revealed that this had expanded to a group of 9.

Sabana Seca, Puerto Rico and Leitrim, Canada – COMSAT interception sites 76. Further Further information published by the US Air Force Force identifies tthe he US Naval Security Security Group Station Station at Sabana Se c a, Puerto Rico as a COMSAT COMSAT intercept interception ion site. Its mission mission is "to become the premier satellite communications communicatio ns processing and analysis fiel field d stat statio ion". n".50 77. Canadian Defence Forces h have ave p published ublished details about staff functions fu nctions at the Leitrim field station sta tion of o f the Canadian Sigint agency CSE. The station, near Ottawa, Ottawa, Ontario has four sate satellite llite terminals, terminals, erected erected since 1984. 1984. The 51 staff roster includes seven Communications Satellite Analysts, Supervisors and Instructors. 78. In a publicly available resume, a former Communication Communication Satelli Satellite te Analyst employed employed at Leitrim describes his  job as having required expertise expertise in the "operation and analysis of numerous Comsat computer systems and associated subsystems … [utilising] computer assisted analysis systems … [and] a broad range of sophisticated electronic equipment to intercept and study foreign communications communica tions and electronic 52 transmissions. Financial report reports s from CSE CSE also indicate that in 1995/96, the the agency planned payments payments of 

$7 million to ECHELON and $6 million to Cray (computers). There were no further details about ECHELON.

53

Waihopai, New Zealand – Intelsat interception at ECHELON site 79. 79. New Zea land's la nd's Sigint agency GCSB GCSB operat operates es two satellite satellite inter interceptio ception n terminals terminals at Waihopai, tasked tasked on on Inte Intels lsat at sate satellllites ites cove covering ring the Pacif Pacific ic Ocean. Extensive Exten sive details det ails have alr already eady been bee n published publish ed about the station' sta tion's s 54 Dictionary Diction ary computers and its role in the ECHELON ECHELON network. network. After the book was published published,, a New New Zealand Zealand TV s t a t i o n obtained obtained image images s of the the inside inside of the stat station ion operations operations centre. centre. The pictures pictures were were obtained obtained cla ande ndest stin inel ely by filming through thro ugh partiall pa rtially y curta curtained ined win windows dows at ni night. ght. The TV reporter repo rter was able ab le to film close-u clo se-ups ps of te c h n ical manual manuals s held in the control centre. These were Intelsat technical manuals, providing confirmation confirmat ion that the station targeted these satellites Strikingly, the station was seen to be virtually empty, 55

operating fully automatically. One guard was inside, but was unaware he was being filmed.

ILC processing techniques 80. The technical annexe describes the main systems used to extract and process proc ess communications intelligence. The detailed explanations given about processing methods are not essential to understanding the core of this report, but are provided so that readers knowledgeable about telecommunications may fully evaluate the state of the art. 81. Fax messages and computer data (from modems) are given priority in processing processing because of the ease ease with which whic h they are understood and analysed. The main method of filtering and analysing non-verbal traffic, the Dictionary computers, utilise traditional information retrieval techniques, including keywords. Fast special purpose chips enable vast quantities of data to be processed in this way. The newest technique is "topic spotting". spott ing". The processing of telephone calls is mainly limited to identifying call-related information, and traffic analysis.. Effective voice "wordspotting" analysis "wordspotting" systems do not exist are not in use, use, despite reports to the contrary. But "voiceprint" type speaker speaker identification identification systems have been in use since at least 1995. The use of strong cryp crypto togr grap aphy hy is slowly impinging o on n Comint agencies' agencies ' capabilities. capab ilities. This difficulty diffic ulty for Comint agencies ag encies has h as been bee n offset by covert and overt activities which have subverted the effectiveness of cryptographic systems supplied from and/or used in Europe.

 

IC 2000 Report

15.

82. The conclusions drawn in the annexe are that Comint Comint equipment currently available available has the capability, as tasked, to intercept, process and analyse every modern type of high capacity communications system to which access acc ess is obtained, obtaine d, includi including ng the highest high est levels of the Internet. There are few gaps in coverage. The scale, capa capaci city ty an and d spee speed d of so some me systems syste ms is difficult dif ficult fully ful ly to comprehen co mprehend. d. Special purpose p urpose systems have been b een built bui lt to process pager messages, cellular mobile radio and new satellites.

4. Comint and Law Enforcement 83. In 1990 990 and 1991, the US gove government rnment became con concerned cerned that the marketing ma rketing of a secure telephone system syste m by  AT &T could curtail Comint activity. AT&T was persuaded to withdraw its product. In its place the US government offered NSA "Clipper" chips for incorporation in secure phones. The chips would be manufactured man ufactured by NSA, which would also record built-in keys and pass this information to other government agencies for  stor storag age e an and, d, if required, retri retrieval. eval. This proposal propos al proved extrem extremely ely unpopular, unpopu lar, and was abandoned. abandon ed. In its place, the US government proposed that non government agencies should be required to keep copies of every user's keys, key s, a system called "key escrow" escro w" and, later, "key recovery". recovery". Viewed in retrospect, retrospect, the actual actual purpose of  these proposal proposals s was to provide NSA with a single (or very few) poi point(s) nt(s) of access to keys, enabli enabling ng them to continue to access private and commercial communications.

Misrepresentation of law enforcement interception requirements 84. Between 1993 1993 to 1998, the United United States conducted sustained diplomatic activity seeking to persuade EU na ti on s an d the OECD tto o adopt their "k "key ey recovery" system. system. Throughout Throughout this period, period, the US government government insisted that the purpose of the initiative was to assist law enforcement agencies. Documents obtained for this study suggest that these claims wilfully misrepresented the true intention of US policy. Documents obtained under the US Freedom of Information Act indicate that policymaking was led exclusively by NSA officials, some sometitim mes es to the complete exclusion excl usion of police or judicia judiciall officials. For example, when the specially spe cially appointed appoin ted US "Ambassador for Cryptography", David Aaron, visited Britain on 25 November 1996, he was accompanied and briefed by NSA's most senior representative in Britain, Dr James J Hearn, formerly Deputy Director of NSA. Mr Aaron aron had did not meet me et or consult consu lt FBI officials attached att ached to his Emb Embassy. assy. His meeting with wit h British Cabinet Cabin et offi offici cial als included ncluded NSA's represe representative ntative and staff from Britain's GCHQ, but police polic e officers or justice officials from fro m both nations were excluded. 85. Since nce 1993 1993,, unkn unknown to European Euro pean parliamentary parliame ntary bodies and their electors, law enforcement officials off icials from many EU countries and most of the UKUSA nations have been meeting annually in a separate forum to discuss their  requirements for intercepting communications. communication s. These officials met under the auspices of a hitherto unknown organisation, ILETS (International Law Enforcement Telecommunications Seminar). ILETS was initiated and founded by the FBI. Table 2 lists ILETS meetings held between 1993 and 1997. 86. A t their 1993 and 1994 1994 meetings meetings,, ILETS par participant ticipants s specified specified law enforcement enforcement user requirements requirements for  for  comm communications unications interception. These appear appea r in a 1974 ILETS document called "IUR 1.0". This document was ba se d o n an earlier FB FBII report on "Law Enf Enforcemen orcementt Requirements Requirements for the Surveill Surveillance ance of Electronic Electronic Communicatio Commun ications", ns", first issued in July 1992 and revised in June 1994. The IUR requirement differed little in substance from the FBI's requirements but was enlarged, containing ten requirements rather than nine. IUR did not sp spec ecif ify y any any law enforcement enforceme nt need for "key escrow" escr ow" or "key recovery" recov ery"..   Cryptography was mentioned solely in the context of network security arrangements. 87. Between 1993 and 1997 police representatives representatives from ILETS were were not involved in the NSA-led NSA-led policy polic y making process proce ss for "key recovery", nor did ILETS advance any such proposal, even as late as 1997. Despite this, during the same period the US government repeatedly presented its policy as being motivated by the stated needs of law enforcement agencies. At their 1997 meeting in Dublin, ILETS did not alter the IUR. It was not until 1998 that a revised IUR was prepared containing requirements in respect of cryptography. It follows from this that the US government misled EU and OECD states about the true intention of its policy. 88. This US deception was, was, however, clear to the senior Commission Commission offic official ial responsible for information information security. security. In September 1996, David Herson, head of the EU Senior Officers' Group on Information Security, state stated d his assessment of the US "key recovery" project :

 

IC 2000 Report

16.

"'Law Enforcement' is a protective shield for all the other governmental activities … We're talking about  foreign intelligence, that's what all this is about. There is no question [that] 'law enforcement' is a smoke screen" .56

89. It s hould be noted that technically, technically, llegally egally and organisationally, organisationally, law enforcement requirements for  comm commun unic icat atio ions ns inte interception rception diff differ er fundamenta fundam entally lly from commun communicati ications ons intelligen intel ligence. ce. Law enforceme enfor cement nt agencies agenc ies (LEAs) will normally witsh to intercept a specific line or group of lines, and must normally justify their requests to a judicial or administrative authority before proceeding. In contract, Comint agencies conduct broad inter nterna natitional onal communications "trawling" activities, a ctivities, an and d operate opera te under general warrants. wa rrants. Such operations oper ations do not require or even supp suppose ose that the parties par ties they intercept inte rcept are criminals. crimin als. Such distinctions distinc tions are vital vita l to civil liberty, but risk being eroded it the boundaries between law enforcement and communications intelligence interception becomes blurred in future.

Year    Venue

Non-EU participants

EU participants

1993 1993

Qu Quan anti tico co,, Virginia, USA

Au Aust stra rali lia, a, Ca Cana nada da,, Hong Hong Kong Kong,, Norway United States

Denm Denmar ark, k, Fran France ce,, Ge Germ rman any, y, Neth Nether erla land nds, s, Spai Spain, n, Swed Sweden en,, United Kingdom

1994 199 4

Bon Bonn, n, Ger German many y

Au Austr strali alia, a, Can Canad ada, a, Hon Hong g Kong, Kong,  Norway, United States State s

Aus Austri tria, a, Belgiu Belgium, m, Denmar Denmark, k, Fin Finlan land, d, Fra France nce,, Ger German many, y, Greece, Ireland, Ireland, Lux Luxembourg, embourg, Ne Netherlands, therlands, Portugal, Spain, Sweden, United Kingdom

1995 1995

Canb Canber erra ra,, Au Aust stra rali liaa

Au Aust stra rali lia, a, Ca Cana nada da,, Hong Hong Kong Kong,, New Zea Zealan land, d, Nor Norway way,, Uni United ted States

Be Belg lgiu ium, m, Fran France ce,, Germ German any, y, Gr Gree eece ce,, Ir Irel elan and, d, It Ital aly, y, Neth Nether erla land nds, s, Spai Spain, n, Swed Sweden en,, Un Unit ited ed Ki King ngdo dom m

1997 199 7

Dub Dublin lin,, Irela Ireland nd

Au Austr strali alia, a, Can Canad ada, a, Hon Hong g Kong, Kong,  New Zealand, Norway, Norwa y, United States

Aus Austri tria, a, Belgiu Belgium, m, Denmar Denmark, k, Fin Finlan land, d, Fra France nce,, Ger German many, y, Ireland, Italy Italy,, Luxembourg, Neth Netherlands, erlands, Portu Portugal, Spain, Sweden, United Kingdom

Table 2 ILETS meetings, 1993-1997 

Law enforcement communications interception – policy development in Europe 90. Following Following the second ILETS meeting meeting in Bonn in 1994, IUR 1.0 was presented presented to the Council of Min Ministers isters and was passed passed without a single word being altered on 17January 1995. 57 During 1995, several non EU members of the ILETS group wrote to the Council to endorse the (unpublished) Council resolution. The resolution was not published in the Official Journal for nearly two years, on 4 November 1996. 91. Following Following the third ILETS meeting meeting in Canberr Canberra a in 1995, the Australia Australian n government was asked to present present the IUR t o International International Telecommunicat Telecommunications ions Union ((ITU). ITU). Noting that that "law enforcement enforcement and national national security security agencies of a significant number of ITU member states have agreed on a generic set of requirements for legal interception interc eption", ", th the e Australian government asked the ITU to advise its standards bodies to incorporate the IUR requirements into future telecommunications systems on the basis that the "costs of [providing] legal interception capability and associated disruptions can be lessened by providing for that capability at the design stage".58 92. It appears that ILETS met again in 1998 and revised and extend extended ed its terms to cover the Internet and Satellite P ersonal Communications Communications Systems such as Iridium. The new IUR IUR also specified specified "additional security requirements for network operators and service providers", extensive new requirements for personal information about subscribers, and provisions to deal with cryptography. 93. On 3 Sep epttembe emberr 1998, the revised IUR was p presented resented to the Police Co-operation Working W orking Group as ENFOPOL 98. 98 . Th e Au s trian Presid Presidency ency pro proposed posed that, that, as in 1994, 1994, the new IUR IUR be adopted adopted verbatim verbatim as a Council Council 59

Resol esolutio ution n on intercep nterception tion "in respe respect ct of new technology". techno logy". The group did not agree. After repeated redrafting, a fresh paper has been prepared by the German Presidency, for the eventual consideration of Council Home and Justice Justice minist ministers. ers.60

 

IC 2000 Report

17.

5. Comint and economic intelligence 94. Duri uring the the 1998 EP debate debat e on "Transatlantic "Transa tlantic relations/ECHELON relatio ns/ECHELON syste system" m" Commissioner Commissione r Bangeman observed o bserved on be ha lf o f the Commission Commission that "If this system were to exist, it would be an intolerable attack against individu indi vidual al liberties, competition and the security of the states". 61 The exi existence stence of ECHELON ECHELON was described described in section 3, above. This section describes the organisational and reporting frameworks within which economically sensitive information collected by ECHELON and related systems is disseminated, summarising examples where European organisations have been the subject of surveillance.

Tasking economic intelligence 95. US officials acknowledge that NSA collects economic information, whether intentionally intentionally or otherwise. Former  military intelligence intelligence attaché Colonel Dan Smith worked at the US Embassy, London until 1993. He regularly received Comint product from Menwith Hill. In 1998, he told the BBC that at Menwith Hill: "In terms of scooping up communications, inevitably since their take is broadband, there will be co conv nver ersa sattio ions ns or communications which are intercepted which ha have ve noth nothing ing to do with the military, and probably within those there will be some information about commercial dealings"  "A "An nything would be possible technically. Technically they can scoop all this information up, sort  through throu gh it and find out what what it is that might be asked for . . . But there is not policy to do this specifically in response to a particular company's interest 62 

96. In general, this statement is not incorrect. But it overlooks fundamental distinctionS between tasking and dissemination, and between commercial and economic intelligence. intelligence. There is no evidence that companies companies in any any of the the UK UKU USA countries are able to task Comint collection colle ction to suit their private purposes. p urposes. They do not have to . E a c h UKUSA country authorises national level intelligence intelligence assessment assessment organisations and relevant indi ndividual ual minis stries tries to task and receive re ceive e economic conomic intelligence intelligen ce from Comint. Such information in formation may be collected collecte d for myriad purposes, such as: estimation of future essential commodity prices; determining other nation's private private positions in trade negotiations; monitoring international trading in arms; tracking sensitive technology; or eval valuat uating the political sta stability bility a and/or nd/or economic economi c stren strength gth o off a ta target rget country. c ountry. Any of these targets and many ma ny ot he rs may produce int intelligence elligence of direct direct commercial commercial relevance. The decision as to whether itit should be disseminated or exploited is taken not by Comint agencies but by national government organisation(s).

Disseminating economic intelligence 97. In 1970, according to its former Executive Director, the US Foreign Intelligence Advisory Board recommended that "henceforth economic intelligence be considered a function of the national security, enjoying a priority priority equivalent to diplomatic, military, technolo technological gical intelligence". 63 On 5 May 1977, a meeting meeting bet between ween NSA, NSA, CIA and the Department of Commerce authorised the creation of secret new department, the "Office of Intelligence Liai aison" son".. Its task was to handle "foreign "fo reign intelligen intelligence" ce" of interest to the Department of Commerce Commerce.. Its standing orders show that it was author authorised ised to receive and handle h andle SCI intelligence – Co Comint mint and Sigint from NSA. The creation of this office THUS provided a formal mechanism whereby NSA data could be used to support comm commer erci cial al and econ economic omic interests. interes ts. After this system syste m was highlighted highlight ed in a British TV programme in 1993, 199 3, its 64 na me was changed to the "Office of Executive Support". Also in 1993, President President Clinton extended US intelligence support to commercial organisations by creating a new National Economic Council, paralleling the National Security Council. 98. The nature of this intelligence support has been widely reported.  " Former Former intelligence officials and other experts say tips based on spying … regularly regularly flow from from the Commerce Department Department to U.S. companies to help them 65 wi n c ontracts overseas. The O Office ffice of Executive Executive Support provides classified classified weekly weekly briefings briefings to security off icials. One US newspaper newspaper obtained obtained reports from tthe he Commerce Department Department demonstrat demonstrating ing intelligence intelligence support to US companies: One such document consists of minutes from an August 1994 Commerce Department meeting  [intended] [inten ded] to identify major cont contracts racts open for bid in Indonesia in in order to help U.S. companies win the work. A CIA employee … spoke at the meeting; five five of the 16 people on the routine distribution list for the minutes were from the CIA.

 

IC 2000 Report

18.

99. 99. In th e Un it ed King Kingdom, dom, GCHQ GCHQ is specifi specificall cally y requi required red by law ((and and as and when when tasked tasked by the Britis British h government) to intercept foreign communications "in the interests of the economic well-being of the United Ki ng d om …in relation relation to the actions or intentions of persons outside the British Islands". Commercial inte interc rcep eptitio on n is tasked tasked and an analysed alysed by GCHQ's K Division. Division . Commercial and economic ec onomic targets can be b e specified spe cified by the government's Overseas Economic Intelligence Committee, the Economic Staff of the Joint Intelligence Committee, Committ ee, the Treasury, Treasury, or the Bank of England. England. 66 According to a for former mer senior JIC official, official, the Comint Comint take routinely includes "company plans, telexes, faxes, and transcribed phone calls. Many were calls between Europe and the South[ern Hemisphere]". Hemisphere]". 67 100.. In Australia, commercially relevant Comi 100 Comint nt is passed by DSD to the Office Office of National Assesments, who con consider der whet hether her, and if so w where, here, to disseminate disseminat e it. Staff the there re may pass information in formation to Australian Austr alian companies co mpanies if they believe that an overseas nation has or seeks an unfair trade advantage. Targets of such activity have incl inclu uded ded Th Thom omso sonn-CS CSF, F, and tr trade ade ne negoti gotiatio ations ns with Japan J apanese ese purcha pu rchasers sers of o f coal and an d iron ore. or e. Similar Simil ar systems sys tems operate in the other UKUSA nations, Canada and New Zealand.

The use of Comint economic intelligence product Panavia European Fighter Aircraft consortium and Saudi Arabia 101.. In 1993, former 101 former National National Security Security Council official official How Howard ard Teicher described described in a programme programme about Menwith Menwith Hill how how the European Panavia comp company any was specifically targeted tar geted over sales to the Middle Middl e East. "I recall that the words 'T 'Tornado' ornado' or 'Panavia' 'Panavia' - information related to the specific aircraft - would have been priority targets that we we would have wanted wanted informa information tion about". about".68

Thomson CSF and Brazil 102.. In 1994, NSA intercepted 102 intercepted phone calls between between Thomson-C Thomson-CSF SF and Brazil concerning concerning SIVAM, SIVAM, a $1.3 billion billion surveillance system for the Amazon rain forest. The company was alleged to have bribed members of the Brazilian government selection panel. The contract was awarded to the US Raytheon Corporation - who announced afterwards that "the Department of Commerce worked very hard in support of U.S. industry on this pr oj ec t" . 69 Raytheo Raytheon n also prov provide ide mainten maintenance ance and enginee engineerin ring g services services to NSA's NSA's ECHELO ECHELON N satellit satellite e interception station at Sugar Grove.

Airbus Industrie and Saudi Arabia 103.. Accor 103 ccordi din ng g to a well-informed 1995 press report :"from a commercial communications communications satellite, NSA lifted all the faxes and phone calls between the European consortium Airbus, the Saudi national airline and the Saudi gove go vern rnme ment nt . The agency agency found found that that Airbus Airbus agents agents were were off offering ering bribes to a Saudi official. official. It passed passed the the infor nform mati ation to U.S. officials pressing pres sing the bid b id of Boeing Co and McDo McDonnell nnell Douglas Dougla s Corp., which triumphed last la st 70 year in the $6 billion competition."

 International trade negotiations 104. 104. Ma ny other accounts accounts have been been published published by by reputa reputable ble journal journalists ists an and d some firsthan firsthand d witnesses witnesses citing citing freq freque uent nt occa occasi sio ons ns on which the US governme government nt has utlitised Comint for national commercial purposes. These incl inclu ude de targeting argeting data about the emiss emission ion standards of Japan Japanese ese vehicles; 71 1995 trade negotiations the import of Ja Japa pane nes s e luxury cars; 72 French French par partici ticipati pation on in the GATT GATT trade trade negotiat negotiations ions in 1993; 1993; the the Asian-Pa Asian-Pacif cific ic Economic Conference (APEC), 1997.

Targeting host nations 105.. The issue of whether the United States utilises communications intelligence facil 105 facilities ities such as Menwith Hilll or Bad Aibling to attack host nations' communica co mmunications tions also arise arises. s. The available availab le evidence suggests su ggests that tha t such conduct conduct may normally be avoided. According to former National Security Council official Howard Teicher, the US government would not direct NSA to spy on a host governments such as Britain: " [But] I would never say never in this business because, at the end of the day, national interests are are national interes interests ts … sometimes our interests diverg diverge. e. So never say never - especially in this business".

 

IC 2000 Report

19.

6. Comint capabilities after 2000 Developments in technology 106.. Since 106 nce the the mid-1990s, communications intelligence agencies have faced substantial difficulties difficulties in maintaining global access to communications communications systems. These difficulties difficulties will increase during and after 2000. The major  reason is the shift in telecommunications to high capacity optical fibre networks. Physical access to cables is requ requir ired ed for interception interception.. Unless a fibre network lies lie s within or passes throu through gh a collaborating state, s tate, effective interception is practical only by tampering with with optoelectronic repeaters (when installed) installed).. This limi limitation tation is likely kely to place many foreign land-based high capacity optical fibre networks networks beyond reach. The physical size of equipment equipment needed to process traffic, together with power, communications and recording systems, makes clandestine activity impractical and risky. 107.. Even 107 Even where access is readily avai available lable (such as to COMSATs), COMSATs), the proliferation of new systems will limit collection activities, partly because budgetary constraint will restrict new deployments, and partly because some systems (for example, Iridium) cannot be accessed by presently available systems. 108. In the the past ast 15 year years s the subs substantial tantial technologic tec hnological al lead in computers co mputers and an d information informati on technology techno logy once enjoyed by Comint organisations has all but disappeared. Their principal computer systems are bought "off the shelf" and are the equal of or even inferior to those used by first rank industrial and academic organisations. They differ only in bei being "TEMPEST shielded", shielded" , p preventin reventing g them th em emitting radio signals which could be used to analyse Sigint activity. 109. 109. Co mm unicatio unications ns inte intellig lligence ence organisa organisation tions s recognise recognise that the long war war agains againstt civil and commerc commercial ial c r y ptograp ptography hy has been lost. A thriving academic and industrial industrial community is skilled in cryptography and c r y ptology. The Inter Internet net and the global global marketplace marketplace have creat created ed a free flow in informati information, on, systems and and software. softw are. NSA has failed in its mission to perpetuate access by pretending that that "key escrow" and like systems were intended to support law enforcement (as opposed to Comint) requiremen requirements. ts. 110.. Future trends in Comint are likely to include limits on investm 110 investment ent in Comint collection from space; space; greater  use of human agents to plant collection devic devices es or obtain codes than in the past; and an in intensified tensified effor effortt to attack foreign computer systems, using the Internet and other means (in particular, to gain access to protected files or communications before they are encrypted). 111. 111. At te mp t s to restrict restrict cr crypto yptograph graphy y have never neverthel theless ess delayed delayed the large-s large-scale cale in introd troducti uction on of effectiv effective cryptographic security systems. The reduced cost of computational power has also enabled Comint agencies to deploy fast and sophisticated processing and sorting tools.

 

IC 2000 Report

20.

112.. Recent remarks 112 remarks to CIA veterans veterans by the head of staff of th the e US House of Representativ Representatives es Permanent Permanent Select Committee on Intelligence, ex CIA officer John Millis illustrate how NSA views the same issues: "S "Sig igna nals ls intellige intelligence nce is in a crisis. … Over the last fifty years year s ... In the past, technology techn ology has been bee n the friend of NSA, but in the last four or five five years technology has move moved d from being the frie friend nd to being  the enemy of Sigint. The med ediia of telecommun telecommunications ications is no longer longe r Sigint-friendly. Sigint-friendly . It used to be. When you were doing doin g RF  signals, anybody within range of that RF signal could receive it just as clearly as the intended recipient. We moved moved from that to microwaves, and people figured figu red out a great way to harn harness ess that as well. Well, we're moving to media that are very difficult to get to. Encr Encryp ypti tio on n is here and it's go going ing to grow very rapidly. rapid ly. That is bad news for Sigint … It is going to tak take e a huge amount of money invested in new technologies to get access and to be able to break out the information that we still need to get from Sigint".

 

IC 2000 Report

POLICY ISSUES 

Policy issues for the European Parliament 1.

The 1998 1998 Par Parliliame amenta ntary ry resol resoluti ution on on "Tran "Transat satlan lanti tic c rel relati ations ons/EC /ECHEL HELON ON syste system" m" 73 called called for for "prot "protect ectiv ive e measures concern concerning ing economic information and effective encryption ". Comint Providing such measures may be facilitated by developing an in-depth understanding of presentencryption". and future capabilities.

2.

A t t he tech technica nicall leve level, l, protect protective ive measu measures res may best be ffocused ocused on defeat defeating ing hostile hostile Comint Comint activity activity by denying access or, where this is impractical or impossible, preventing processing of message content and associated traffic traffic information by general use of cryptography.

3.

As the SOGI SOGIS S group group withi within n the the Commi Commissi ssion on h has as rreco ecogni gnised sed,, 74 the contrast contrasting ing int interes erests ts of of states states is a complex complex issue. Larger states have made substantial invest investments ments in Comint Comint capabilities. One member state state is active in the UKUSA alliance, whilst others are either "third parties" to UKUSA or have made bilateral arrangements with NSA. Some of these arrangements were a legacy of the cold war; others are enduring. These issues create internal internal and internation international al conflicts of iinterest. nterest. Technical solutions solutions are not obvious. It should be possible to define a shared interest in implementing measures to defeat future external Comint activities directed against European states, their citizens and commercial activities.

 

4.

A se co nd area area of appar apparent ent conf conflilict ct co conce ncerns rns stat states' es' desi desires res to to provid provide e commun communica icati tions ons inte interce rcepti ption on for  for  legitimate law enforcement purposes. The technical and legal processes involved in providing interception for  law enfo nforcem cement purpose purp ose diffe differr fundame fundamentally ntally fro from m those used in communications communica tions intelligence int elligence.. Partly because be cause of the lack of parliamentary and public awareness of Comint ac activities, tivities, thi this s distinction is often often glossed over, pa rticula rticularly rly by states that that invest heavil heavily y in Comint. Comint. Any failure failure to distinguish distinguish between legitimate law law enforcement interception requirements and interception for clandestine intelligence purposes raises grave issues for civil liberties. A clear boundary b oundary between la law w enforce enforcement ment and "national "nation al security" securit y" interception interce ption activity ac tivity is essential to the protection of human rights and fundamental freedoms. freedoms.

5.

At the present esent time, time, Internet Internet brow browsers sers and other other softwa software re used in almost almost every every personal personal compute computerr in Europ Europe e is deliberately disabled such that "secure" communications they send can, if collected, be read without difficulty by NSA. US manufacturers are compelled to make these arrangements under US export rules. A level playi aying fiel eld is importan important. t. Consideration could be given to a countermeasure count ermeasure whereby, if systems with disabled cryptographic systems are sold outside the United States, they should be required to conform conform to to an "open standard" such that third parties and other nations may provide additional applications which restore the level of security to at least enjoyed by domestic US customers.

6.

The work of of ILE ILETS TS has has proceede proceeded d for 6 years years witho without ut the iinvo nvolve lvemen mentt of par parlia liament ments, s, and in in the absence absence of  of  cons consul ultati tatio on n with the industrial indus trial organisations organi sations who whose se vital intere interests sts their work affects. It is regrettable regretta ble that, prior  prio r  t o the publication of this report, public infor information mation has not been available in states about the scope of th the e policy-making processes, inside and outside the EU, which have led to the formulation of existing and new law enf enforcem cement "user requ requirement irements". s". As a matter of urgency, the current curren t policy-maki policy-making ng process should sho uld be made open to public and parliamentary discussion discussion in member states and in the EP, so that a proper balance may be struck between the security and privacy rights of citizens and commercial enterprises, the financial financial and technical interests of communications network operators and service providers, and the need to support law enforcement activities intended to suppress serious crime and terrorism.

IC 2000

Technical annexe on telecommunications interception

(i )

Technical annexe Broadband (high capacity multi-channel) communications 1.

2.

From 1950 until the early 1980s, high capacity multi-channel analogue communications systems were usually engineered using separate communications channels carried at different frequencies The combined signal, wh ic h could include include 2,000 or more more speech channels, channels, was a "multiplex". "multiplex". The resulting resulting "frequency division division multiplex" (FDM) signal was then carried on a much higher frequency, such as by a microwave radio signal. Digi gital tal comm commun unic ica ations have almost universally taken over from analogue methods. The basic system of digital multltimu i-channel channel communications commun ications is time division multiplexing multiplexi ng (TDM). In a TDM telephony system, the individual c on versat versational ional channels are first first digitised. digitised. Information concerning each channel is then then transmitted transmitted sequentially rather than simultaneously, with each link occupying successive time "slots".

3. St an da rds for digital digital commun communicat ications ions evolv evolved ed separat separately ely withi within n Europe Europe and North North Ameri America. ca. In the Unit Unite ed States, the then dominant public network carrier (the Bell system, run by AT&T) established digital data standards. standa rds. The basic buildi building ng block, a T-1 link, carrie carries s the equivalent of 24 telephone telephone channels at a rate of  1. 54 4 M bps. Higher capacity systems operate at greater dat data a transmission transmission rates Thus, Thus, the the highest transmission rate, T-5, carries the equivalent of 8,000 speech channels at a data rate of 560 Mbps. 4.

Europe adopted a different fframework ramework for di digital gital communications communications,, based on standards originally originally agreed by the CEPT EPT. The basic European Eur opean standard stan dard digital link, lin k, E-1, carries 30 3 0 telephone channels at a t a data rate of 2 Mbps. Most Mo st Eu Euro rope pean an telecom ecommunicati munications ons systems are based on E-1 links li nks or (as ( as in i n North No rth America), Am erica), multiples thereof. The The distinction is significant because most Comint processing equipment manufactured in the United States is designed to handle intercepted communications communications working to the European forms of digital communications.

5.

Recen ecentt digital systems utilise synchronised signals carried by very high capacity optical fibres. Synchronising signal nals enables single channels to be easily extracted from high capacity links. The new system is known in the US as the synchronous optical network (SONET), although three equivalent definitions and labels are in use. 75

Communications intelligence equipment 6.

Dozens of US defence ence contractors, contracto rs, many locat located ed in Silicon Valley (California) (Ca lifornia) or in the Maryland Ma ryland "Beltway" "Be ltway" area near Washington, manufacture sophisticated Sigint equipment for NSA. Major US corporations, such as Lockheed Martin, Space Systems/Loral, TRW, Raytheon and Bendix are also contracted by NSA to operate major Sigint collection sites. A full report on their products and services is beyond the scope scope of this this study. The state of the art in contemporary communications intelligence may usefully be demonstrated, however, by examining some of the Comint processing products of two specialist NSA niche suppliers: Applied Signal Technology Inc (AST), of Sunnyvale, California, and IDEAS Operation of Columbia, Maryland (part of  76 Science Applications Applicat ions Internatio International nal Corporatio Corporation n (SAIC)). (SA IC)).The

7. Both companies companies include include senior ex-NS ex-NSA A staff staff as director directors. s. When not explicitly explicitly stated, their products products can be id en tified as iintended ntended for Sigint Sigint by virtue of being "TEMPEST "TEMPEST screened". AST states states generally that its its "equipment is used for signal reconnaissance of foreign telecommunications by the United States government". One leading cryptographer has aptly and and engagingly described AST as a "one-stop ECHELON shop".

Wideband extraction and signal analysis 8. Wi de ba nd (or broadband) broadband) signals signals ar are e norm normally ally inter intercepte cepted d from satel satellite lites s or tapped tapped cables cables in the the form of  multltiplex mu iplex microwave or high frequency signals. The first step in processing such signals for Comint purposes is "wideband extraction". An extensive range of Sigint equipment is manufactured for this purpose, enabling newl newly intercepted syst systems ems to be surveyed and analysed. These include transponder transpo nder survey equipmen equipmentt which identify and classify satellite downlinks, demodulators, decoders, demultiplexers, microwave radio link analysers, link survey units, carrier analysis systems, and many other forms of hardware and software. 9. A ne wl y in te rc epted communicat communications ions satellite satellite or data data link can be analys analysed ed using using the AST Model 196 "Transponde "Tran sponderr characterisation system". Once its basic communications structure has been analysed, the Model 195 "Wideband snapshot analyser", also known as SNAPPER, can record sample data from even the highest capacity systems, sufficient to analyse communications in minute detail. By the start of 1999, operating in conjunction with the Model 990 "Flexible Data Acquisition Unit", this systems was able to record,

 

IC 2000

Technical annexe on telecommunications interception

(i i)

playba ayback ck an and d analyse at d data ata rates up to 2.488 Gbp Gbps s (SONET OC-48). This is 16 times faster fas ter than the largest larg est back backbo bone ne lin nks ks in general general use on the Internet; larger than the telephony capacity of any a ny current communications communication s sate satellllite; te; and and eq equivalent uivalent tto o 40,000 simultaneous telephone calls. It can be fitted with 48 4 8 Gbyte of o f memory (500( 5001000 times larger than found in an average personal computer), enabling relatively lengthy recordings of highspee peed data data links. The 2.5 Gbps capacity cap acity of a single singl e SNAPPER unit exceeds excee ds the curre current nt daily maximum maxi mum data 77 rate rate found on a typi typical cal large large Intern Internet et exchange exchange.. 10. Both AST and IDEAS IDEAS offer a wide range of recorders, recorders, demultiplexers, demultiplexers, scanners scanners and processors, mostly mostly designed to process European type (CEPT) E-1, E-3 (et (etc) c) signals at dat data a rates of up to 160 Mbps. Signals may be recorded to banks of high-speed high-speed tape tape recorders recorders,, or into high high capacity capacity "RAID" "RAID" 78 hard disk networks. Intercepted optical signals can be examined with the AST Model 257E "SONET analyser". 11. Once communications links have been analysed and broken dow down n to their their constituent constituent parts, the next stage of Comint collection involves multi-channel processors which extract and filter messages and signals from the d es ir ed channels channels.. There are three three broad categories categories of interest: interest: "voice grade grade channels", normally normally carrying carrying t elephony; fax communications; communications; and anal analogue ogue data modems. A wide selection selection of multi-channel multi-channel Comint Comint processors are available. Almost all of them separate voice, fax and data messages into distinct "streams" for downstream processing and analysis. 12. The AST Model 120 multi-channel processor pr ocessor – use used d by NSA in different configurations configurat ions known kn own as STARQUAKE, COBRA COB RA and COPPERHEAD COPPERHEAD - can handle 1,000 simultaneous voice channels and automatically extract fax, data ata and voice traffic. Model 128 128,, larger still, can process 16 Europ European ean E-3 channels (a data rate of 500 Mbps) Mbps ) an d e x tr a c t 4 8 0 chann channels els of of in interest. terest. The 1999 giant giant of AST's AST's range, range, the Model Model 132 "Voice "Voice Channel Demultiplexer", can scan up to 56,700 communications channels, extracting more than 3,000 voice channels of interest. interest. AST also provides provides Sigint equipment equipment to intercept low capacity VSAT 79 satellite services used by by smaller businesses and domestic users. These systems can be intercepted by the AST Model 285 285 SCPS SCPS processor, which identifies and extracts up to 48 channels of interest, distinguished distinguished between between voice, fax and data. 13. According to US government publications, an early Wideband Extracti Extraction on system was installed at NSA's Vint Hill Farms field station in 1970, about the time that systematic systematic COMSAT COMSAT interceptio interceptio collection began. That s t a t i o n i s now closed. US publications identify the NSA/CSS NSA/CSS Regional Sigint Operations Centre at San San  Antonio, Texas, as a site currently providing providing a multi-channel Wideband Ext Extraction raction service.

Filtering, data processing, and facsimile analysis 14. Once Once comm commun uniicati cations ons chann channels els have been identified ide ntified and signals of interest extracted, ex tracted, they are analysed analyse d further  by sophisticated sophisticated workstations using special purpose software. AST's ELVIRA Signals Analysis Workstation is typical of this type of Sigint equ equipment. ipment. This system, which can be used on on a laptop computer computer in covert locations, surveys incoming chan channels nels and extracts standard Comint data, including technical specifications (ST STR RUM) and info inforrmati mation on about abou t call dest destinat inations ions (SRI, (SR I, or signal signa l related relate d informatio inform ation). n). Selected Sele cted commun co mmunicat ications ions 80 are relayed to to distant llocations ocations using NSA standard "Collected Signals Signals Data Format" Format" (CSDF). (CSDF). 15. High-speed High-speed data systems can also be b e passed to AST's T TRAILMAPPER RAILMAPPER software system, which works at a data rate of up to 2.5 Gbps. It can interpret and analyse every type of telecommunications system, including European, American and optical standards. standa rds. TRAILMAPPER appears to have been designed with a view to an al ysing ATM (asynchronous transfer mode) communications. ATM is a modern, high-capacity digita digitall communications system. It is better suited than standard Internet connections to carrying multimedia multimedia traffic an d t o providing business w with ith privat private e networks ((VPN, VPN, LA LAN N or WAN). WAN). TRAILMAPPER TRAILMAPPER will identify identify and characterise such business networks. 16. In the next stage downstream, downstream, intercepted si signals gnals are processed accord according ing to whether they are voi voice, ce, fax or  da ta . AST's "Data Workstation" is designed to categorise all aspects of data communications, including systems systems ffor or handling e-mail e-mail or sen sending ding files files on the Internet. Internet. 81 Although the very latest modem systems (other  than ISDN) are not included in its advertised specification, it is clear from published research that AST has developed the technology to intercept and process the latest data communications systems used by individuals and business to access the Internet. 82 The Data Workstation can stored and automatically process 10,000 different recorded signals. 17. Fa x messages are processed processed by AST's Fax Image Image Workstation. Workstation. This is described as a "user friendly, friendly, inte interacti ractive ve standard analysis tool rapid examinatio examination images stored on disk. Although not mentioned ment ioned character  in AST's literature, fax for pre-processing for n Dictionary computers involves automatic "optical

 

IC 2000

Technical annexe on telecommunications interception

( ii i )

recognition" (OCR) software. This turns the typescript into computer compu ter readable (and processable) text. The ef fe ct ivenes iveness s of these systems makes fax-derived Comint an important collection collection subsystem. It has one drawback. drawback. OCR computer systems systems that can reliably recognise handwriting do not exist. No one knows how to design such a system. It follows that, perversely, perversely, hand-written fax messages may be a secure form of  communication that can evade Dictionary surveillance criteria, provided always that the associated "signal related information" (calling and receiving fax numbers) have not been recognised as being of interest and directed to a Fax Image Workstation. 18. 18. A S T also also make a "Pager Identificat Identification ion and Message Extracti Extraction" on" system which automat automaticall ically y collects and processes data from commercial paging systems. IDEAS offer a Video Teleconferencing Teleconfere ncing Processor that can simultaneo aneous usly ly vie ew w or record two simultaneo simu ltaneous us tele teleconfer conferencing encing sessions. sessio ns. Sigint systems s ystems to intercept inter cept cellular  c ellular  mobile phone p hone networks ne tworks such as GSM are a re not advertised by AST or IDEAS, IDEAS, but are available available from other US cont contra ract ctor ors. s. Th The e specifications and an d ready read y availa availability bility of such systems indicate how industrialised indu strialised and pervasive p ervasive Co Comint mint has became. It has moved far from the era when (albeit erroneously), it was publicly associated only with monitoring diplomatic or military messages.

NSA “Trailmapper” software showing automatic detection of private networks inside intercepted high capacity STM-1 carrier

 

IC 2000

Technical annexe on telecommunications interception

(iv)

The “Data Workstation” software system analyses up to 10,000 recorded messages, identifying Internet  traffic, e-mail messages and attachments

Traffic analysis, keyword recognition, text retrieval, and topic analysis 19. Traffi ffic anal analysis is a method of ob obtaining taining intelligence inte lligence from signal related rela ted information, informatio n, such as a s the number numb er dialled on a telephone call, or the Calling Line Identification Data (CLID) which identifies the person making the call. Traffic analysis can be used where message content is not available, for example when encryption is used. By anal analysin ysing g call calliing ng patte patterns, rns, networks netwo rks of personal pers onal associations asso ciations may m ay be analysed ana lysed and studied. This is a principal prin cipal method of examining voice communications. 20. Whenever Whenever machine readable communications communications are available available,, keyword recognition recognition is fundamental to Dictionary c om p u ters, and to the ECHELON system. The Dictionary function is straightforward. Its basic mode of  op er at ion is akin tto o web search e engines. ngines. The differences differences are of substance and of scale. Dictionaries Dictionaries implement the tasking of their host station against the entire mass of collected communications, and automate the distribution of selected raw product. 21. Advanced systems have been developed to perform very high speed sorting of large volumes of intercepted in fo rm at io n. In the lat late e 1980s, the manufacturer manufacturers s of the RHYOLITE RHYOLITE Sigint satellites, satellites, TRW, designed designed and manu ma nuffact actured a Fast Da Data ta Finder (FDF) microchip for NSA. The FDF chip was declassified dec lassified in 1972 and made av avai ailabl lable for for commerc mmercial ial use by a spin-off spin -off compan co mpany, y, Paracel. Parac el. Since then th en Paracel Parac el has sold sol d over 150 informa in formation tion filtering ltering systems, many of them to the US government. Paracel describes its current FDF technology as the "fastest, most accurate adaptive filtering system in the world":  A single TextFinder application application may involve trillions trillions of bytes of textual archive and thousands of  online users, or gigabytes of live data stream per day that are filtered against tens of thousands of complex interest profiles … the TextFinder chip implements the most comprehensive characterstring comparison functions of any text retrieval system in the world.

Devices like this are ideal for use in ECHELON and the Dictionary system. 22. A lower capacity system, the PRP-9800 Pattern Recognition Processor, is manufactured by IDEAS. IDEAS. This is a computer card which can be fitted to a standard PC. It can analyse data streams at up to 34 Mbps (the European E-3 standard), matching every single bit to more than 1000 pre-selected patterns.

 

IC 2000

Technical annexe on telecommunications interception

(v)

23. Po we rf ul th o ugh Dictionary Dictionary methods and keyword keyword search search engines engines may may be, however, they and their giant associated intelligence databases may soon seem archaic. Topic analysis is a more powerful and intuitive technique, and one that NSA is developing and promoting with confidence. Topic analysis enables Comint cust custom omers ers to ask their computers to "find me documents about subject X". X might be "Shakespeare in love" or "Arms to Iran". 24. In a standard US test used to evaluate topic analysis systems, 83 one task the analysis program is given is to find information about "Airbus subsidies". The traditional approach involves supplying the computer with the key terms, other relevant data, and synonyms. In this example, the designations designations A-300 A-300 or A-320 might might be synonymous synony mous with "Airbus". The disadvantage disadvantag e of this approach is that it may find irrelevant intelligence (for  example, reports about export subsidies to goods flown on an Airbus) and miss relevant material (for example a financial analysis of a company in the consortium which does not mention the Airbus product by name). name). Topic analysis overcomes this and is better matched to human intelligence. 25. The The main detectable thrust of NSA research on topic analysis centres on a method method called N-gram analysis. Developed inside NSA's Research group - responsible for Sigint automation - N-gram analysis is a fast, general meth me thod od of sort sortin ing g and retr retrievin ieving g machine-re machin e-readab adable le text according acco rding to languag lan guage e and/or and/o r topic. The N-gram N-gra m system is claimed to work independently independently of the language language used or the topic studied. studied. NSA patented tthe he method in in 84 1995. 26. To use N-gram analysis, the operator ignores keywords and defines the enquiry by providing the system with sele select cted ed wr writitte ten documents docume nts concerning conce rning the th e topic of interest. in terest. The system syste m determines determin es what the th e topic is from fr om the seed group of documents, and then calculates the probability that other documents cover the same topic. In 1994, NSA made its N-gram system available for commercia commerciall exploitation. NSA's research group claimed that it could be used on "very large data sets (millions of documents)", could be quickly implemented on any computer system and that it could operate effectively "in text containing a great many errors (typically 10-15% of all characters)". characters)". 27. Ac c o r d ing to former NSA NSA Director Director Wi William lliam Studeman, "information management will will be the single single most 85 i m portant portant problem for the (US) (US) Intelligence Intelligence Co Communit mmunity" y" in the future. future. Explaining this point po int in 1992, h he e described the type of filtering involved in systems like ECHELON: One [unidentified] intelligence collection system alone can generate a million inputs per half hour ; filters throw away all but 6500 inputs; only 1,000 inputs meet forwarding criteria; 10 inputs are normally selected by analysts and only one report Is produced. These are routine routine statistics statistics for  a number of intelligence collection and analysis systems which collect technical intelligence.

Speech recognition systems 28. For more than 40 years, NSA, ARPA, GCHQ and the British British governme government nt Joint Joint Speech Speech Research Research Unit have c on ducted and sponsore sponsored d research iinto nto speech recognitio recognition. n. Many press reports reports (and the the previous previous STOA report) have have suggested that such research has provided systems which can automatically select tele telephone phone communications communications of intelligence interestmore basedextensive on the use of particular "key words" a speaker. available, such systems would enable vastly Comint information to be by gathered fromIf telephone conversations than is available from other methods of analysis. The contention that telephone word-spotting systems are readily available appears to by supported by the recent availability of a string of low-cost software products resulting from this research. These products permit PC users to dictate to their computers computers instead 86 of entering data through the keyboard. 29. The problem is that for Comint Comint applications, unl unlike ike personal computer dictat dictation ion products, speech recognition recognition systems have to operate in a multi-speaker, multi-language environment where numerous previously never heard speakers may each feature physiological physiological differences, dialect variations, and speech traits. Commercial PC PC syste sy stems ms usually require one or more hours of training in order reliably to recognise a single speaker. Even then, such systems may mistranscribe 10% or more of the words spoken. 30. In PC dictation applications, the speaker can correct mistranscriptions and continually retrain the recognition recognition system, making a moderate error rate rate acceptable. For use in Comint, where th the e interception system has no prior knowledge of what has been said (or even the language in use), and has to operate in the poorer poo rer signal en envi vironm ronmen entt of a telephone epho ne speech spe ech ch channe annel,l, such error e rror rates rat es are unach u nachievab ievable. le. Worse still, s till, even ev en moderate mode rate error  er ror  ra te s can make a keyword recogni recognition tion system worthless worthless by generating bot both h false positive ou outputs tputs (words wrongly identified as keywords) and false negative outputs (missing genuine keywords). 31. This stud study y ha has s found no evidence evide nce that voice keyword key word recognition systems s ystems are currently operationally deployed, de ployed, nor that they are yet sufficiently accurate to be worth using for intelligence purposes.

 

IC 2000

Technical annexe on telecommunications interception

(vi )

Continuous speech recognition 32. The fundamental technique in in many speech recognition applications is a statistical method called Hidden Markov kov Model odelling (HMM). HMM systems have been be en developed deve loped at many centres cen tres and are claimed academically to offer "good word spotting performance … using very little or no acoustic speech training". 87 The team which reported this result tested its system using data from the US Department of Defense "Switchboard Data", containing recordings of thousand of different US telephone conversations. On a limited test the probabilities of correctly detectin d etecting g the occurrences occu rrences of o f 22 keywords ranged from 45-68% on settings which allowed for 10 f a l s e positive p ositive results per keyword per hour. Thus if 1000 genuine keywords appeared during an hour's conversation, there would be at least 300 missed key words, plus 220 false alarms. 33. At about the same time, (February 1990), the the Canadia Canadian n Sigin Sigintt organis organisation ation CSE CSE awarded awarded a Montreal-bas Montreal-based ed computer research consultancy the first of a series of contracts contracts to develop a Comint wordspotti wordspotting ng system. 88 The goal of the project was to build a word-spotter that worked well even for noisy calls. Three years later, CRIM repor ported that hat "our experience has taught us that, regardless of the environmental environmen tal conditions, wordspotting re rema main ins s a difficult proble problem". m". The key proble problem, m, which is familiar familia r to human liste listeners, ners, is that a single s ingle word heard he ard on its own can easily be misinterpreted, whereas in continuous speech the meaning may be deduced from surr surrou ound ndin ing g word words. s. CRIM conclud co ncluded ed in 1993 19 93 that tha t "it is probable pro bable that the th e most effect e ffective ive way of o f building build ing a reliabl re liable e wordspotter is to build a large vocabulary continuous speech recognition (CSR) system". 34. Co Cont ntiinuou nuous s speech recognition software working in real time needs a powerful fast, processor. proc essor. Because of the lack of training and the complex signal environment found in intercept intercepted ed telephone calls, it is likely that even faster processors and better software than used in modern PCs would yield poorer results than are now provided by well-trained commercial systems. Significantly, an underlying underlying problem problem is that voice voice keyword keyword recogniti recognition on i s , as with m machine-readable achine-readable messages, an imperfect imperfect means means to the more more useful intelligence intelligence goal - topic spotting.

35. In 1993, having failed to build build a workable word wordspotter, spotter, CR CRIM IM suggesting suggesting "bypassing" the problem problem and attempting attemp ting instead to develop a voice topic spotter. CRIM reported that "preliminary experiments reported at a recent meeting of American defense contractors … indicate that this may in fact be an excellent approach t o tthe he pr ob le m". They offered to produce an "operational topic spotting" system by 1995. They did not succ succeed. eed. Four years later, tthey hey were still exper experimenting imenting on how to built built a voice topic spotter spotter.. 89 They received received a further research contract. One method CRIM proposed was NSA's N-gram technique.

Speaker identification and other voice message selection techniques 36. In 1993, CRIM also undert undertook ook to sup supply ply CSE with an operational operationa l speaker identification module by March 1995. 1995 . Nothing Nothin g more was said about this pr project, oject, suggesti suggesting ng that the target may have been met met.. In the same year, acco according rding to NSA documents, the IDEAS company supplied a "Voice Activity Detector and Analyser", Model TE464 6437 3755-1, 1, to NSA's offices office s inside GCHQ Cheltenha Chelt enham. m. The unit formed forme d the centre of a 14-position 14-posi tion comp computer  uter  driven voice monitoring system. This too may have been an early speaker identification system. 37. In 1995, reports suggested thatbo NSA speaker identification identification been to help theg drug drug cart carte elwidely leader quoted Pablo Escobar. The reports bore re strong resemblance res emblance to ahad novel by used Tom Clancy, Cla ncy,capture suggesting suggestin th a t the story may have owed more to Hollywood than high tech. In 1997, the Canadian CRE awarded a contract to another researcher to develop "new retrieval algorithms for speech characteristics used for speaker  identification", suggesting this method was not by then a fully mature technology. technology. According to to Sigint staff  familiar famili ar with the current use of Dictionary, it can be programmed to search to identify particula particularr speakers on teleph ephone one channels. But speaker iden identification tification is still not a particularly parti cularly reliablr or eff effective ective Comint tech technique. nique. 90 38. In the abse absenc nce e of effective wordspotting or speaker speak er identification identific ation tech techniques, niques, NSA has sought so ught alternative alter native means mea ns of auto automa matitica cally analysi analysing ng telepho telephone ne communi communications cations.. Accordin According g NSA's classific classification ation guide, guid e, other techniques techn iques examined include Speech detection – detecting the presence or absence of speech activity; Speaker  discrimination – techniques to distinguish between the speech of two or more speakers; and Readability estimation – techniques to determine the quality of speech signals. System descriptions must be classified "secret" if NSA "determines that they represent major advances over techniques known in the research comm commun unit ity" y"..91

 

 

IC 2000

Technical annexe on telecommunications interception

(vii)

"Workfactor reduction"; the subversion of cryptographic systems 39. From the 1940s to date, NSA has undermined undermined the effect effectiveness iveness of cryptographic sy systems stems made or used in Europ urope. e. Th The e mo mos st important target targe t of NSA activity act ivity was a prominent Swiss manufacturing manufactur ing company, c ompany, Crypto AG. Crypto AG established a strong position as a supplier of code and cypher systems after the second world war. Many governments would not trust products offered for sale by major powers. In contrast, Swiss companies in this sector benefited from Switzerland's neutrality and image of integrity. 40. NSA arranged to rig encryption encryption systems sold by Crypto Crypto AG, enabling UKUSA UKUSA agencies to read the coded diplom omatic atic and military traffic of more than 130 countries. NSA's covert intervention was arranged through the company's owner and founder Boris Hagelin, and involved periodic visits to Switzerland by US "consultants" working for NSA. One was Nora L MacKabee, a career NSA employee. A US newspaper obtained copies of  confidential Crypto AG documents recording Ms Mackebee's attendance at discussion meetings in 1975 to design a new Crypto AG machine". 92 41. The purpose of NSA's interventions interv entions were we re to ensure ens ure that while its coding co ding systems syst ems should shoul d appear secure to t o other  cryp crypto tolo logi gist sts, s, it was not secure. secu re. Each time a mach machine ine was used, used , its users would select se lect a long numerical nume rical key, key , changed periodically. Naturally users wished to selected their own keys, unknown to NSA. If Crypto AG's machines were to appear strong to outside testers, then its coding system should work, and actually be strong. NSA’s solution to this apparent condundrum was to design the machine so that it broadcast the key it was was usin using g to lis steners. teners. To prevent other o ther listeners recognising what wha t was happening, happe ning, the key too had also to be sent in code co de - a different code, known only to NSA. Thus, every time NSA or GCHQ intercepted a message sent using these machines, they would first read their own coded part of the message, called the "hilfsinformationen" (help information field) and extract the key the target was using. They could then read the message itself as fast or even faster than the intended recipient 93 42. being The same am e tec echn ique ue was re-used re-us in 1995, 1 995, whe NSA bec became ame con concerned cerned and about cryptogra c ryptographic security se curityagreed systems sy stems built ihniq into nto Internet anded E-mail software softwhen waren by Microsoft, Netscape Lotus. Thephic companies to adapt their software to reduce the level of security provided to users outside ou tside the United States. In the case of  Lotus Notes, which includes a secure e-mail system, the built-in cryptographic system uses a 64 bit encryption key. This provide provides s a medium level level of security, which might might at present onl only y be broken by NSA NSA in months or  years. 43. Lotus built in an NSA "help information" trapdoor to its Notes system, as the Swedish government discovered to its embarrassment in 1997. By then, the system was in daily use for confidential mail by Swedish MPs, 15,0 15,000 00 tax tax a age genc ncy ys sta taff and a nd 400,000 to 500,000 5 00,000 citizens. Lotus Notes incorporates a "workfactor reduction field" (W RF ) in t o a ll e-mails -mails sent by non US users users of of the system. system. Like its its predecesso predecessorr the Crypto AG "help "help information field" this device reduces NSA's difficulty in reading European and other e-mail from an almost intractable problem to a few seconds work. The WRF broadcasts broadcasts 24 of the 64 bits of the key used used for each communication. communication. The WRF is encoded, using a "public key" system which which can only be read by N NSA. SA. Lotus, a subsidiary of IBM, IBM, admits this. The company told Svenska Dagbladet : "The difference between the American Notes version and the export version lies in degrees of  encryption. encryp tion. We deliver deliver 64 bit keys to all customers, but 24 bits of those in the version that we deliver outside of the United States are deposited with the American government". 94

44. Similar arrangements are built into all export ver versions sions of the the web "browsers" "browsers" manufactured manufactured by Microsoft Microsoft and Ne Nets tsca cape pe.. Eac Each h uses a standard 1 128 28 bit key. In the export version, ver sion, this key is not reduced red uced in length. length . Instead, 88 b it s o f the key are broadcast with with each message; 40 bits remain remain secret. It follows follows that almost every every computer in Europe has, as a built-in standar standard d feature, an NSA workfactor workfactor reduction system system to enable NSA (alone) to break the user's code and read secure messages. 45. The The use of powerful powerful and effective encryption system systems s will increasingl increasingly y restrict the ability ability of Comint agencies to process collected intelligence. intelligence. "Moore's law" asserts that that the cost of computational computational power halves every 18 months. This affect affects s both the agencies and their their targets. Cheap PCs can now efficiently efficiently perform complex mathematical calculations need for effective cryptography. cryptography. In the absence of new discoveries discoveries in physics or  mathematics Moore's law favours codemakers, not codebreakers.

 

IC 2000

Technical annexe on telecommunications interception

(v iii)

Glossary and definitions  ATM  AT M B ND CCIT CC ITT T CEPT CLID Co mi n t COMSAT CRIM

(C (Civi ivil/c l/comm ommer ercia cial) l) c comm ommun unica icatio tions ns s sate atelli llite; te; for milit militar ary y co comm mmuni unicat cation ions s us usag age, e, tthe he p phra hraseo seolog logy y is commonly reversed, i.e., SATCOM. C e n t re d de e Re Recherche IIn nformatique d de e Mo Montreal

CSDF C SE C SS DAR DA RPA DGSE DG SE

Co l l e c t e d S i g n a l s D a t a F o r m a t ; a t e r m u s e d o n l y i n S i g i n t Communications Se Security Es Establishment, tth he Si Sigint ag agency of of Ca Canada Central S Se ecurity Se Service; tth he mi military c co omponent o off N NS SA Defe Defens nse eA Adv dvan ance ced d Res Resea earc rch h Pro Proje ject cts s Age Agenc ncy y ((Un Unit ited ed Stat States es De Depa part rtme ment nt of De Defe fens nse) e) Di Dire rect ctor orat ate e Ge Gene nera rall de Se Secu curi rite te Ex Exte teri rier ere, e, th the e fore foreig ign n inte intell llig igen ence ce agen agency cy of Fr Fran ance ce.. It Its s func functi tion ons s include Sigint

DSD DODJOC DODJ OCC C E1, E3 (etc)

F DF FD FDM M FISA FIS A

Defence Signals Directorate, the Sigint agency of the Commonwealth of Australia Depa Depart rtme ment nt o off Defe Defens nse e Join Jointt Op Oper erat atio ions ns Ce Cent ntre re Ch Chic icks ksan ands ds Standard for digital or TDM communications systems defined by the CEPT, and primarily used within Europe and outside North America EU de desig signa natio tion n ffor or do docum cument ents sc con oncer cerned ned wit with h llaw aw enforc enforcem ement ent ma matte tters/ rs/pol police ice Federalnoe Agenstvo Pravitelstvennoi Svyazi i Informatsii, the Federal Agency for Government Communications Communicatio ns and Information of Russia. Its functions include Sigint Feder ederal al Bur Bureau eau of of IIn nve vest stig igat atio ion; n; the nati nation onal al la law w enf enfor orce ceme ment nt and and cou count nter er-i -int ntel elli lige gen nce agen agency cy of the the United States Fast Data Finder   Frequency Division Multiplex; a form of multi-channel communications based on analogue signals Foreign Intelli Intelligence gence Surveillance Surveill ance Act (United States)

FISINT Gbps GCHQ GC HQ

For orei eign gn In Inst strrum umen enta tati tion on Sign Signal als s In Inte tell llig igen ence ce,, tthe he thir third db bra ranc nch ho off S Sig igin intt Gi g ab it s pe r s ec on d Gove Govern rnme ment nt Comm Commun unic icat atio ions ns Head Headqu quar arte ters rs;; tthe he Sigi Sigint nt agen agency cy of the the U Uni nite ted dK Kin ingd gdom om

GHz Gisting HDLC

GigaHertz Within Sigint, the analytical task of replacing a verbatim text with the sense or main points of a communication Hi g h - l e v e l Da t a L i n k Co n t r o l

HF HMM ILETS ILET S I n t el sa t IOSA

High Frequency; frequencies from 3MHz to 30MHz H idde n M ar kov M odel li ng, a t echn ique w id ely used i n sp eech r e cogni t i on sy st em s . International Law Enforcement Telecommunications Telecommunicati ons Seminar  Inte r nati onal T Te e lec om m uni cat i ons S Sa at ell it e Interim Overhead Sigint Architecture

Iridium

Satellite Personal Communications System involving 66 satellites in low earth orbit, providing global communications from mobile telephones Integrated Services Data Network Internet Service Provider  

ENFOP NFOPOL OL FAPSI FAP SI FBI

IS D N ISP ITU IUR

 

Asyn synchr chron onou ous s Transf Transfer er Mode; a high hi gh speed spee d form of dig ital co communi mmunicatio cations ns inc increasi reasingly ngly us used ed for on the Internet B undesac hr icht end ienst ; t he f or eign i nt ell igence agency of t he F eder al R epubli c of   Germany. Its functions include Sigint Cons Consul ulta tati tive ve Co Comm mmit itte tee e ffor or In Inte tern rnat atio iona nall Tel Telep epho hony ny and and T Tel eleg egra raph phy; y; Un Unit ited ed Na Nati tion ons s age agenc ncy y developing standards and protocols for telecommunications; part of the ITU; also known as ITU-T Conference Europeene des Postes et des Telecommuni Telecommunications cations Calling Line Identification Data Communications IIn nt el l i g en c e

International Telecommunicati Telecommunications ons Union

IXP IXP

International (qv ) in 1994 User Requirements (for communications interception); IUR 1.0 was prepared by ILETS Internet Exchange Point

LAN LEA

Local Area Network Law Enforcement Agency (American usage)

IC 2000

Mbps MHz Mi Micr crow owav ave e Mode Mo dem m

Technical annexe on telecommunications interception

(ix)

M ega bi t s p er s eco nd MegaHertz Radio Radio sig signa nals ls with with wave wavelen length gths so off 1 10cm 0cm or short shorter; er; fr frequ equen encie cies s abov above e1 1GHz GHz Devi Device ce fo forr send sendin ing g dat data a to an and d fr from om (e.g (e.g.) .) a comp comput uter er;; a “m “mod odul ulat ator or-d -dem emod odul ulat ator or))

MIME MIME

Multipurpose Internet Message Extension; a systems used for sending computer files, images, documents and programs as "attachments" to an e-mail message N-gram analysis A system for analysing textual documents; in this context, a system for matching a large group of  documents to a smaller group embodying a topic of interest. The method depends on counting the frequency with which character groups of length N appear in each document; hence N-gram

N SA OCR PC PC S

National Security Agency, the Sigint agency of the United States Optical Character Recognition P e r s o n a l Co m p u t e r   Pe rrso son na all Co Com m mu mun iica catt iio on s Sys ystt em ems; t he he tte e rm rm in in c clu lud de s m ob ob ile ile t ele elep p ho hon e syst syste em s s,, pa pa gin ging g sys systt em ems and future wide area radio data links for personal computers, etc

POP (or POP POP3) 3) PTT RAID SCII SC SCP CPC C SMTP Sigint SONET SONE T

Post Office Office Program; Program; a sys system tem used for receiving receiving and h holding olding ee-mail mail Posts Telegraph and Telephone (Administration or Authority) Redundant Array of Inexpensive Disks Sen ensi siti tive ve Comp Compar artm tmen ente ted d In Inte tell llig igen ence ce;; us used ed to limi limitt acce access ss to Comi Comint nt info inform rmat atio ion n acco accord rdin ing g to "compartments" Si Sing ngle le Chan Channe nell Per Per Carr Carrie ier; r; lo low w ca capa paci city ty sa sate tell llit ite e co comm mmun unic icat atio ions ns sy syst stem em Standard Mail Transport Protocol Signals Intelligence Synchronous Optical Network

SMDS

Switched Multi-Megabit Data Service

SMO SPCS SRI STOA

Support for Military Operations S at e l li t e P er s on al C o m m un i ca t i on s S y st e m s Si g n a l R e l a t e d I n f o r m a t i o n ; a t e r m u s e d o n l y i n S i g i n t Scie Scienc nce ea and nd T Tec echn hnol olog ogy y As Asse sess ssme ment nts s Offi Office ce o off th the eE Eur urop opea ean nP Par arli liam amen ent; t; tthe he b bod ody y co comm mmis issi sion onin ing g this report

T1, T1, T T3 3 ((et etc) c)

Digital Digital or TDM TDM c comm ommunic unicatio ations ns syste systems ms origi originall nally y de defin fined ed b by y th the e Be Bellll telep telephon hone e sy system stem in N Nort orth h  Americ a, and primarily  America, prima rily used use d there Terminal C Co ontrol P Prrotocol/Internet P Prrotocol Time Division Muliplex; a form of multi-channel communications normally based on digital signals

TCP/IP TD TDM M Traffic analysis analysis

WAN WR F

WithinSigint, a method of analysing and obtaini obtaining ng intelligence from messages mess ages without reference to the ir  content; for example by studying the origin and destination of messages with a view to eliciting the relationship between sender and recipient, or groups thereof  UK-USA agreemen agreementt Virtual Private Network Very Small Aperture Terminal; low capacity satellite communications system serving home and business users Wide Area Network Workfactor Reduction Field

WWW

World Wide Web

UKUSA VPN VS VSAT AT

 X.25, V.21, V.34, V.34 , V.90, V.100 (etc) are CCITT tele telecommunica communications tions standard standards s

Il Illu lustrat strations ions : page 5; US Air Force; IPTV Ltd; page 6; Stephen King, Charles V Pick; IPTV Ltd; page 8; Jim Bamford, GCHQ; page 9; US Navy, KGB/Russian Security Service; page 12; D Campbell.

 

IC 2000

Technical annexe on telecommunications interception

(xi)

Notes 1.

 UKUSA refers to the 1947 United Kingdom – United States agreement on Signals intelligence. The nations of 

the UKUSA are the United States (the "First Party"), United Kingdom, Canada, Australia and New Zealand (thealliance "Second Parties"). "An appraisal of the Technologies of Political Control", Steve Wright, Omega Foundation, European Parliament (STOA), 6 January 1998. 3. "They've got it taped", Duncan Campbell, New Statesman, 12 August 1988. "Secret Power : New Zealand's Role in the International Spy Network", Nicky Hager, Craig Potton Publishing, PO Box 555, Nelson, New Zealand, 1996. 4 .  National Security Council Intelligence Directive No 6, National Security Council of the United States, 17 February 1972 (first issued in 1952). 5.  SIGINT is currently defined as consisting of COMINT, C OMINT, ELINT (electronic or non-communications intelligence and FISINT (Foreign Instrumentation Signals Intelligence). 6. Statement by Martin Brady, Director of DSD, 16 March 1999. Broadcast on the Sunday Programme, Channel 9 TV (Australia), 11 April 1999. 7. "Farewell", despatch to all NSA staff, William Studeman, 8 April 1992. The two business areas to which Studeman referred were "increased global access" and "SMO" (support to military operations). 8.  Federalnoe Agenstvo Pravitelstvennoi Svyazi i Informatsii , the (Russian) Federal Agency for Government Communications and Information. FAPSI's functions extend beyond Comint and include providing government

2.

and commercial communications systems. 9 .  Private communications from former NSA and GCHQ employees . 10.  Sensitive Compartmented Intelligence. 1 1 .  See note 1. 12.  Private communications from former GCHQ employees; the US Act is the Foreign Intelligence Surveillance Act (FISA). 1 3 .  See note 6. 14.  In 1919, US commercial cable companies attempted to resist British government government demands for access to all cables sent overseas. Three cable companies testified to the US Senate about these practices in December  1920. In the same year, the British Government introduced legislation (the Official Secrets Act, 1920, section 4) providing access to all or any specified class of communications. The same power was recodified in 1985, providing lawful access for Comint purposes to all "external communications", defines as any communications which are sent from or received outside the UK (Interception of Communication Act 1984, Section 3(2)). Similar  requirements on telecommunications telecommuni cations operators are made in the laws of the other UKUSA countries. See also "Operation SHAMROCK", (section 3). 15.  "The Puzzle Palace", James Bamford, Houghton Mifflin, Boston, 1982, p331. 16. 17. Personal

communications from former NSA and4 GCHQ employees.  "Dispatches : The Hill", transmitted by Channel Television (UK), 6 October 1993. 1993. DODJOCC stood for  Department of Defense Joint Operations Centre Chicksands. 18.  "The Justice Game", Geoffrey Robertson, Chapter 5, Chatto and Windus, London, 1998 19.  Fink report to the House Committee on Government Gov ernment Operations, 1975, quoted in "NSA spies on t he British government", New Statesman, 25 July 1980 2 0 .  " Amerikansk  Amerikanskiye iye sputniki radi radioelektronn oelektronnoy oy razvedki na Geosync Geosynchronnykh hronnykh orbitakh" orbit akh" ("America ("American n Geosynchronous SIGINT Satellites"), Major A Andronov, Zarubezhnoye Voyennoye Obozreniye, No.12, 1993, pps 37- 43. 21.  "Space collection", in The US Intelligence Community (fourth edition), Jeffrey Richelson, Westview, Boulder, Colorado, 1999, pages 185-191. 22. See note 18. 2 3 .  Richelson, op cit. 24.  "UK Eyes Alpha", Mark Urban, Faber and Faber, London, 1996, pps 56-65. 25.  Besides the stations mentioned, a major maj or ground station whose targets formerly incl included uded Soviet COMSATs is at Misawa, Japan. Smaller ground stations are located at Cheltenham, England; S Shoal hoal Bay, Australia. 26.  "Sword and Shield : The Soviet Intelligence and Security Apparatus", Jeffrey Richelson, Ballinger, Cambridge, Massachusetts, 1986. 27.  "Les Francais aussi ecountent leurs allies", Jean Guisnel, Le Point , 6 June 1998. 28.  Intelligence (Paris), 93 , 15 February 1999, p3.

 

IC 2000

Technical annexe on telecommunications interception

(xii)

29.

 "Blind mans Bluff : the untold story of American subma rine espionage", Sherry Sontag and Christopher Drew, Public Affairs, New York, 1998. 3 0 . Ibid. 31.  Ibid  32.

 A specimen of the IVY BELLS tapping equipment is held in the former KGB museum in Moscow. It was used on a cable running from Moscow to a nearby scientific and technical institution. 33. TCP/IP. TCP/IP stands for Te Terminal rminal Control Protocol/Internet Protocol/Internet Pr Protocol. otocol. IP is the basic network layer of the Internet. 34.  GCHQ website at http://www.gchq.gov.uk/technol.html 35.

 Personal communication from DERA. A Terabyte is one thousand Gigabytes, i.e., 1012 bytes.

3 6 .   Personal communication from John Young. 3 7 .  " Puzzle palace conducting internet surveillance", Wayne Madsen, Computer Fraud and Security Bulletin,

June 1995. 3 8 .   Ibid. 39. "More Naked Gun than Top Gun", Duncan Campbell, Guardian, 26 November 1997. 40.  "Spyworld", Mike Frost and Michel Gratton, Doubleday Canada, Toronto, 1994. 41.  The National Security Agency and Fourth Amendment Rights, Hearings before the Select Committee to Study Government Operations with Respect to Intelligence Activitities, US Senate, Washington, 1976. 4 2 .  Letter from, Lt Gen Lew Allen, Director of NSA to US Attorney General Elliot Richardson, 4 October 1973; contained in the previous document. 43. Private communication. 44.  World in Action, Granada TV. 45.  This arrangements appears to be an attempt to comply with legal restrictions in the Interceptio n of  Communications Act 1985, which prohibit GCHQ from handling messages except those identified in government "certificates" which "describe the intercepted intercepted material which should be examined". The Act specifies that "so much of the intercepted material as is not certified by the certificate is not [to be] read, looked at or  listened to by any person". It appears from this that, although all messages passing through the United Kingdom are intercepted and sent to GCHQ's Lo ndon office, the organisation considers t hat by having British Telecom staff operate the Dictionary computer, it is still under the control of the telecommunications telecommunicati ons network operator unless and until it is selected s elected by the Dictionary and passes pass es from BT to GCHQ. 46. Private communications. 47.  "Naval Security Group Detachment, Sugar Grove History for 1990", US Navy, 1 April 1991. 48.  Missions, functions and tasks of Naval Security Group Activity (NAVSECGRUACT) Sugar Grove, West Virginia", NAVSECGRU INSTRUCTION C5450.48A, 3 September 1991. 49. Report on tasks of Detachment 3 , 544 Air Intelligence Group, Air Int elligence elli gence A Agency gency A lmana lmanac  c , US Air Force, 1998-99. 50.  Ibid, Detachment 2, 544 Air Intelligence Group. 51.  Information obtained by Bill Robinson, Conrad Grebel College, Waterloo, Ontario. CDF and CFS documents were obtained under the Freedom of Information Act, or published on the World Wide Web. 52. Career resume of Patrick D Dugua y, published at: http://home.istar.ca/~pdduguay/resume.h http://home.istar.ca/~pdduguay/resume.htm. tm. 53.  CSE Financial Status Report, 1 March 1996, released under the Freedom of Information Information Act. Further details about "ECHELON" were not provided. It is therefore ambiguous as to whether the expenditure was intended for  the 54. ECHELON computer system, or for different functions (for example telecommunications or power services). "Secret Power", op cit. 55.  Twenty/Twenty , TV3 (New Zealand), October 1999. 56.  Interview with David Herson, Head of Senior Officers' Group on Information Security, EU, by staff of  Engineering Weekly (Denmark), 25 September 19 96. Published at http://www.i http://www.ing.dk/ar ng.dk/arkiv/her kiv/herson.htm son.htm 57.  Council Resolution on the Lawful Interception of Telecommunications, 17 January 1995, (96C_329/01) 58.  "International Harmonisation of Technical Requirements for Legal Interception of Telecommunications", Telecommuni cations", Resolution 1115, Tenth Plenary meeting of the ITU Council, Geneva, 27 June 1997. 59.  ENFOPOL 98, Draft Resolution of the Council on Telecommunications Interception in respect respec t of New Technology. Submitted by the Austrian P Presidency. residency. Brussels, 3 September September 1998. 60. ENFOPOL 19, 13 March 1999. 61.  European Parliament, 14 September 1998. 62.  "Uncle Sam's Eavesdroppers", Close Up North, BBC North, 3 December 1998; reported in "Star Wars strikes back", Guardian , 3 December 1998 63.  "Dispatches : The Hill", Channel 4 Television (UK), 6 October 1993 64.  Ibid. 65.  "Mixing business with spying; secret information is passed routinely to U.S.", Scott Shane, Baltimore Sun, 1 November 1996. 66.  "UK Eyes Alpha", op cit, p235. 67.  Private communication. 68.  See note 62.

 

IC 2000

Technical annexe on telecommunications interception

(xii i)

69.

 Raytheon Corp press rele ase: published at: http://www.r http://www.raytheon.com aytheon.com/sivam/contr /sivam/contract.html act.html 7 0 .  "America's Fortress of Spies", Scott Shane and Tom Bowman, Baltimore Bal timore Sun 3 December 1995. 71. “Company Spies”, Robert Dreyfuss, Mother Jones, May/June 1994. 72.  Financial Post , Canada, 28 February 1998. 73.  European Parliament, 16 September 1998. 74.  See note 56. 75.  Equivalent communications may be known know n as Synchronous Transport Module (STM) signals within the Synchronous Digital Hierarchy (ITU standard); Synchronous Transport Signals (STS) within the US SONET system; or as Optical Carrier signals (OC). 76. The 77.

information about these Sigint systems has been drawn from open sources (only).  In April 199, the peak data rate at MAE West was less than 1.9 Gbps. 78.  Redundant Arrays of Inexpensive Disks. 79.  Very Small Aperture Terminal; SCPC is Single Channel Per Carrier. 80.  "Collected Signals Data Format"; defined in US Signals Intelligence Directive D irective 126 and in NSA's CSDF manual. Two associated NSA publications providing further guidance guidanc e are the Voice Processing Systems Data Element Dictionary and the Facsimile Data Element Dictionary, Dicti onary, both issued in March 1997. 81.  The Data Workstation processes TCP/IP, PP, SMTP, POP3, MIME, HDLC, X.25, V.100, and modem protocols up to and including V.42 (see glossary). 82.  "Practical Blind Demodulators for high-order QAM signals", J R Treichler, M G Larimore and J C Harp, Proc  IEEE, 86 , 10, 1998, p1907. Mr Treichler is te technical chnical director of AS AST. T. The paper describes a system used to intercept multiple V.34 signals, extendable to the more recent protocols. 83.  The tasks were set in the second Text Retrieval conference(TREC) organised by the ARPA and the US National Institute of Science and Technology (NIST), Gaithersburg, Gaithersburg, Maryland. The 7th annual TREC conference took place in Maryland in 1999. 84.  "Method of retrieving documents that concern the same topic"; US Patent number 5418951, issued 23 May 1995; inventor, Marc Damashek; rights assigned to NSA. 85.  Address  Addres s to the Symposium Sympo sium on "N "Nationa ationa l Security Securit y and National Nati onal Com Competiti petitivenes veness s : Open Source So Solutio lutions" ns" by Vice Admiral William Studeman, Deputy Director of Central C entral Intelligence and former director of NSA, 1 December  1992, McLean, Virginia. 8 6 .  For example, IBM Via Voice, Dragon Naturally Speaking, Lemout and Hauspe Voice Xpress. 87.  "A Hidden Markov Model based keyword recognition system", R.C.Rose and D.B.Paul, Proceedings of the International Conference on Accoustics, Speech and Signal processing , April 1990. 88.  Centre de Recherche Informatique de Montreal. 89.  "Projet detection des Themes", CRIM, 1997; published at http://www.crim.ca/adi/projet2.html http://www.crim.ca/adi/projet2.html. 90.  Private communication. 91.   NSA/CSS Classification Guide, NSA, revised 1 April April 1983. 92.  "Rigging the game: Spy Sting", Tom Bowman, Scott Shane, Baltimore Sun, 10 December 1995. 93.  "Wer ist der Befugte Vierte?", Der Spiegel , 36 , 1996, pp. 206-7. 94.  "Secret Swedish E-Mail Can Be Read by the U.S.A", Fredrik Laurin, Calle Froste, Svenska Dagbladet , 18 November 1997.