Five Eyes of Surveillance
By By Tom Chothia
Senior Lecturer in Computer Security, University of Birmingham
If you have sent an e-mail, made a telephone call or looked at a website based abroad in the past few days, chances are that it has been recorded in a database run by the “five eyes” of international intelligence services.
During the Cold War, one of the primary tasks of the US National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ) was to track Russian troop movements. To achieve this they built up a massive global monitoring network.
Following the 9/11 terrorist attacks, the agencies were given a very large budget and the almost impossible task of finding and tracking terrorists. Much of what they do is important work that keeps us safe.
However, classified information leaked by Edward Snowden has revealed a much more worrying trend – of the intelligence services trying to collect as much personal data about their citizens as possible with seemingly little regard to how it is used. Perceiving one of the chief threats to come from within, it seems that the intelligence services have now turned their massive surveillance apparatus on us.
While most of the Snowden leaks documented projects led by the NSA and GCHQ, many of these projects have been carried out jointly with the Australian Signals Directorate, the Communications Security Establishment Canada, and New Zealand’s Government Communications Security Bureau. This group, referred to as the “Five Eyes”, dates back to the Second World War, and close cooperation on intelligence matters continues to this day.
The NSA offered this partnership its huge budget and technical capabilities, while the other partners primarily offer the NSA a worldwide network of listening stations. The intricate nature of this relationship is illustrated by the protective classification “FVEY” marked on many of the documents leaked by Snowden. This indicates top-secret information that is to be shared only between these countries.
More intriguingly, some documents were marked “NOFORN” (short for “no foreigners”), indicating that even other members of the Five Eyes should not be given access. No doubt the intelligence services of the excluded countries were as keen to see these documents as anyone else.
One type of project revealed by the Snowden leaks involved targeted surveillance methods that could be aimed at particular individuals or websites. The range of techniques was impressive, including purpose-built malware, keyloggers and hardware-snooping devise. It seems that if the NSA wants access to your computer, they probably already have it.
These kinds of technologies have been used against cyber crime gangs by the FBI and against the Iranian nuclear program via the Stuxnet worm. These operations are often highly effective and lead to prosecutions. However, they require a particular target to be identified and the time and effort of individual analysts.
A second type of project that the Snowden documents revealed, and which civil liberties activists are much more concerned about, involves the mass surveillance of whole populations. Undersea cables carry much of the international Internet traffic, and seven of the largest cables enter the UK at Bude in Cornwall, England. Bude also happens to be the location of a GCHQ listening station. This is no coincidence; GCHQ is tapping these undersea cables and hundreds of others as part of its Tempora program.
Other members of the Five Eyes similarly collect Internet traffic at key points, often with the collusion of internet service providers. For example, AT&T’s San Francisco internet routing centre, which carries internet traffic from across the world, listed Room 641A as the “Study Group 3 Secure Room”. AT&T employees were instructed never to enter this room. An AT&T whistleblower, Mark Klein, later revealed that this room was run by the NSA, which used it to make a copy of all of the traffic passing through. Former NSA officer William Binney estimates that the NSA has 10–20 such rooms in internet and telephone companies across the US.
While many security experts claim to be unsurprised by the existence of such surveillance, few would ever have suspected the scale of these operations. The amounts of data collected are astronomical and can only be carried out by organisations as well-funded and technically advanced as the NSA and GCHQ. GCHQ stores all traffic that goes into or out of the UK for 3 days and the metadata (the sources and destinations of e-mails, messages, chats, phone calls and websites viewed) for 30 days, requiring at least 500 million gigabytes of storage. A leaked set of slides from the NSA says that they collected 97 billion such pieces of data from around the world in March 2013 alone.
Telephone calls are similarly monitored. Again, the scale of this collection is massive, with some reports suggesting that the NSA has access to at least 5 years of telephone records. If you have sent an e-mail, made a telephone call or looked at a website based abroad in the past few days, chances are that it has been recorded in a database run by the intelligence services, and their analysts can look it up.
Much of the data sent over the internet is encrypted, such as mail sent between Google Gmail accounts. The NSA wants this information too. The NSA’s PRISM project fast-tracks the process of requesting data about a specific person from companies such as Yahoo, Google, Facebook, Skype and Apple. Using PRISM the NSA can get any and all information these companies have about particular individuals.
However, it seems that fast, easy access to individual accounts wasn’t enough. As part of their MUSCULAR project, the NSA tapped the internal connections between Google’s and Yahoo’s own data centres. As these cables were not part of the public internet, Google and Yahoo did not encrypt information sent across them, so tapping these internal cables gave the NSA direct access to the unencrypted data. According to the Washington Post, two engineers with close ties to Google exploded in profanity when they learned of this program. Google now encrypts all this information internally as well as externally.
All of this information goes into databases run by the intelligence services, such as the NSA’s new data storage center in Utah. This centre is estimated to have billions of gigabytes of storage, enough to store a few weeks’ worth of the entire world’s internet traffic, or the summary metadata of the communications made by everyone on the planet for years.
This information is searchable via the NSA’s X-Keyscore software. As well as searching by name or e-mail address, this database searches for a range of estimated attributes, such as nationality, location and web history. For instance, it would be possible to search this database to find everyone that lived in the United States, was believed to be of Pakistani origin and had viewed a particular location on Google Maps.
One internal NSA document leaked by Snowden claimed that X-Keyscore “played a role” in capturing 300 terrorists. While this cannot be substantiated, it is plausible.
Other uses have come to light: in a series of cases known as LOVEINT, NSA employees have looked up their former, current and potential sexual partners. We only know about these particular cases because the NSA officers involved confessed to their misuse of the system.
Stories about hackers stealing people’s webcam pictures have recently hit the headlines, but GCHQ has been at this since 2008. Their Optic Nerve project has been scanning the data they collect to look for Yahoo chat sessions, and captures a still image from each one. Documents leaked by Snowden indicate that analysts looked at a sample of the pictures collected and found that around 7% contained “undesirable nudity”. What they intended to do with the data is unclear.
The intelligence services are fully aware that the vast majority of the data collected and stored relates to innocent members of the public, and that, unlike their highly advanced targeted operations, these methods will only catch the most incompetent terrorists: the kind that do not encrypt their messages and do discuss their plans on Facebook. The NSA’s and GCHQ’s claims that they use their surveillance powers to almost exclusively target terrorists don’t stand up. The Snowden leaks have revealed many programs that target politicians and diplomats, ranging from the NSA’s efforts to listen in on the telephone conversations of “friendly” world leaders such as Germany’s Angela Merkel, to much more esoteric programs such as GCHQ’s Royal Concierge project. This project mines GCHQ’s mass internet traffic collection to find all hotel rooms booked in the UK by anyone from an e-mail address including “.gov.”, indicating a trip booked by an employee of a foreign government.
In April 2013 an NSA spokesperson said that “one of the biggest misconceptions about the NSA is that we are unlawfully listening in on, or reading emails of, U.S. citizens. This is simply not the case.” He was telling the truth: the NSA is listening in on and reading the emails of citizens on a massive scale but is doing so quite legally, as are GCHQ and the other members of the Five Eyes. Legally, the NSA and GCHQ can collect all the summary metadata about us they want, including who messages are from and who they are going to but not the content of the message. When applied to the internet, it also includes what websites we look at and our location at any particular time via our smartphone.
The NSA and GCHQ maintain that they have not broken the letter of the law, and that they do not carry out “mass surveillance”, but this is based on their claim that collecting data about someone does not count as surveillance, and that having a computer analyse this data also doesn’t count as surveillance. As far as they are concerned, it’s only surveillance if a human being reads your e-mails.
A more worrying set of NSA and GCHQ projects are attacking our ability to keep our data private and safe using strong cryptography. Well-designed, mathematically-proven cryptography is a cornerstone of the internet. It is what makes it possible to use a credit card online or securely log into a website. Without it we would not have Amazon or Facebook. In the 1980s and 1990s the US government fought a legal battle to try to keep strong cryptography out of the hands of the general public. Accustomed to cryptography performed on purpose-built machines built by military contractors (rather than software), the US government passed a law saying the export of such machines required an arms export licence.
When Phil Zimmerman wrote a package for e-mail encryption called PGP, the US government started a case against him for arms trafficking, leading to a series of legal and political battles known as “The Crypto Wars”. Activists printed a book of the source code to PGP, and challenged the US government to ban it. Other activists printed the core PGP encryption algorithm on
T-shirts and walked through Customs wearing them, challenging the Customs agents to arrest them as arms exporters. In the end, the government backed down and changed the law to reclassify cryptography as not an armament, and thus allowed people to use strong encryption. Today PGP is used by many businesses to protect their data as a matter of policy, and similar encryption algorithms can be used in every web browser.
Documents leaked by Snowden suggest that some parts of the NSA never really gave up fighting this crypto war. As part of a project known as BULLRUN, the NSA has worked with international standards bodies to try to introduce weaknesses into the encryption schemes we use. Once added to the standards, the weak encryption schemes have been implemented in a wide range of software. To help this process along the NSA paid one of the leading providers of encryption, the RSA Corporation, $10 million to make sure that it included the unsafe algorithm as quickly as possible.
Such deliberate flaws in cryptographic software give the NSA a backdoor to break the encryption we use to protect our privacy, and they may also give a backdoor to cyber criminals and other governments. Attacking standards that computer scientists rely on to develop secure systems potentially damages everyone’s security and undermines efforts that other parts of the NSA and GCHQ are taking to keep national infrastructure safe.
The good news is that the NSA and GCHQ seem to have been obeying the letter of the law. Thus if strong, unambiguous laws can be written that protect our privacy, we have every reason to believe that the intelligence services will obey them. On the other hand, if people accept that the intelligence services can collect and mine our personal data, there is little to stop other branches of government doing the same. If the government can access this information to stop terrorism, then why not other crimes like benefit fraud, illegal immigration, antisocial behaviour or political dissent?
Twenty years ago activists fought a series of legal and political battles that enabled us to have the cryptography needed to keep our data private and secure, making the internet we know today possible. If we want to continue to use the internet without mass surveillance of what we do, we may need to fight similar battles again.