Shooting The Messenger by Nick Hussain

Shoothing The Messenger Everything you shouldn’t know about Edward Snowden and The ‘Five Eyes’ Alliance

CONTENTS

FIVE EYES Introduction

The Facts

History

Weapons

Metadata

Legislative Protection

EDWARD SNOWDEN Introduction

Recent Events

Greenwald Interview

Exile

Reaction

Forecast

Defense

Espionage

he “Five Eyes”, often abbreviated as “FVEY”, refer to an anglophonic alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. These countries are bound by the multilateral UKUSA Agreement - a treaty for joint cooperation in signals intelligence. The origins of the FVEY can be traced back to World

War II, when the Atlantic Charter was issued by the Allies to lay out their goals for a post-war world. During the course of the Cold War, the ECHELON surveillance system was initially developed by the FVEY to monitor the communications of the former Soviet Union and the Eastern Bloc, although it was later used to monitor billions of private

communications worldwide operating under the anti-terrorism remit. In the late 1990s, the existence of ECHELON was disclosed to the public, triggering a major debate in the European Parliament and, to a smaller extent, the United States Congress. As part of efforts to win

Alliance

the ongoing War on Terror since 2001, the FVEY further expanded their surveillance capabilities, with much emphasis placed on monitoring the World Wide Web. The former NSA contractor Edward Snowden described the Five Eyes as a “supra-national intelligence organisation that doesn’t answer to the laws of its own countries”.

Documents leaked by Snowden in 2013 revealed that the FVEY have been intentionally spying on one another’s citizens and sharing the collected information with each other in order to circumvent restrictive domestic regulations on spying.

the general consensus among experts in the intelligence community holds that no amount of global outrage will affect the Five Eyes relationship, which, to this day, remains the most powerful espionage alliance in world history.

Despite the impact of Snowden’s disclosures,

As processed intelligence is gathered from multiple sources of varying origins, the intelligence shared is not restricted to signals intelligence (SIGNT) and often involves defence intelligence as well as human intelligence (HUMINT). The following table provides an overview of most of the FVEY agencies involved in such forms of data sharing.

Canada (CDIS) Chief of Defence Intelligence (CSEC) Communications Security Establishment Canada (CSIS) Canadian Security Intelligence Service

United States (CIA) Central Intelligence Agency (DIA) Defense Intelligence Agency (FBI) Federal Bureau of Investigation (NSA) National Security Agency

HUMINT Defence Intelligence Security intelligence SIGNT

Defence Intelligence SIGNT HUMINT

United Kingdom (DI) Defence Intelligence (GCHQ) Government Communications Headquarters (MI5) The Security Service (MI6) Secret Intelligence Service

Defence Intelligence SIGNT Security intelligence HUMINT

Australia (ASIS) Australian Secret Intelligence Service (ASD) Australian Signals Directorate (DIO) Defence Intelligence Organisation

HUMINT SIGNT Defence Intelligence

New Zealand (DDIS) Directorate of Defence Intelligence and Security (GCSB) Government Communications Security Bureau (NZSIS) New Zealand Security Intelligence Service

Defence Intelligence SIGNT HUMINT

THE FACTS Consider this a guide to the secret surveillance alliance that has infiltrated every aspect of the modern global communications system.

Despite rumours of a â&#x20AC;&#x153;no-spy pactâ&#x20AC;?, there is no prohibition on intelligence-gathering by Five Eyes States on the citizens or residents of other Five Eyes States, although there is a general understanding that citizens will not be directly targeted and where communications are incidentally intercepted there will be an effort to minimize the use and analysis of such communications by the intercepting State.

Under the agreement interception, collection, acquisition, analysis, and decryption is conducted by each of the State parties in their respective parts of the globe, and all intelligence information is shared by default.

Beginning in 1946, an alliance of five English-speaking countries (the US, the UK, Australia, Canada and New Zealand) developed a series of bilateral agreements over more than a decade that became known as the UKUSA agreement, establishing the Five Eyes alliance for the purpose of sharing intelligence, primarily signals intelligence (SIGINT).

While almost 70 years old, the arrangement is so secretive that the Australian prime minister reportedly wasnâ&#x20AC;&#x2122;t informed of its existence until 1973 and no government officially acknowledged the arrangement by name until 1999.

Together the Five Eyes are collaborated and developed specific technical programmes of collection and analysis. Some examples include:

ECHELON: a system that collects and processes information derived from intercepting civil satellite communications

THINTHREAD: an analysis tool that creates graphs showing relationships and patters that can tell analysis which targets they should look at and which calls they should listen to.

TEMPORA: a programme that collects intelligence via undersea fibre optic cable taps.

XKEYSCORE: an analytic framework that indexes email addresses, file names, IP addresses, cookies, phone numbers and metadata, and enables a single search to query a three-day rolling buffer of all unfiltered data stored at 150 global sites.

The agreement is wide in scope and establishes jointly-run operations centres where operatives from multiple intelligence agencies of the Five Eyes States work alongside each other.

Tasks are divided between SIGINT agencies, ensuring that the Five Eyes alliance is far more than a set of principles of collaboration. The level of cooperation under the agreement is so complete that the national product is often indistinguishable. 9

1940

The agreement originated from a ten-page British–U.S. Communication Intelligence Agreement, also known as BRUSA, that connected the signal intercept networks of the U.K. Government Communications Headquarters (GCHQ) and the U.S. National Security Agency (NSA) at the beginning of the Cold War. The document was signed on 5 March 1946 by Colonel Patrick Marr-Johnson for the U.K.’s London Signals Intelligence Board and Lieutenant General Hoyt Vandenberg for the U.S. State–Army– Navy Communication Intelligence Board. Although the original agreement states that the exchange would not be “prejudicial to national interests”, the United States often blocked information sharing from Commonwealth countries. The full text of the agreement was released to the public on 25 June 2010.

1960

In the aftermath of the 1973 Murphy raids on the headquarters of the Australian Security Intelligence Organisation (ASIO), the existence of the UKUSA Agreement was revealed to Australia’s Prime Minister Gough Whitlam. After learning about the agreement, Whitlam discovered that Pine Gap, a secret surveillance station in Southwest Australia, had been operated by the U.S. Central Intelligence Agency (CIA). At the height of the 1975 Australian constitutional crisis, the use and control of Pine Gap by the CIA was strongly opposed by Whitlam, who fired the chief of the ASIO, before being dismissed as Prime Minister.

1980

The existence of several intelligence agencies of the Five Eyes was not revealed until the following years:

1970s: In Canada, an investigative television report revealed the existence of the Communications Security Establishment Canada (CSEC). 1975: In the United States, the Church Committee of the Senate revealed the existence of the National Security Agency (NSA).

1976: In Britain, an investigative article in Time Out magazine revealed the existence of the Government Communications Headquarters (GCHQ).

1977: In Australia, the Hope Commission revealed the existence of Australian Secret Intelligence Service (ASIS) and the Defence Signals Directorate (DSD).

1980: In New Zealand, the existence of the Government Communications Security Bureau (GCSB) was officially disclosed on a “limited basis”. In 1999, the Australian government acknowledged that it “does co-operate with counterpart signals intelligence organisations overseas under the UKUSA relationship.” The existence of the UKUSA Agreement, however, was not publicly revealed until

2005. The contents of the agreement were officially disclosed to the public on 25 June 2010. Four days later, the agreement was described by Time magazine as one of the “most important documents in the history of the Cold War.”

2000

1950

HISTORY This timeline details the history of this secret alliance as well as the events that led it to be questioned.

1970

Under the agreement, the GCHQ and the NSA shared intelligence on the Soviet Union, the People’s Republic of China, and several eastern European countries (known as Exotics). The network was expanded in the 1960s into the Echelon collection and analysis network. In 1948, the treaty was extended to include Canada, followed by Norway (1952), Denmark (1954), West Germany (1955), Australia (1956), and New Zealand (1956). These countries participated as “third parties”. In 1955, the agreement was updated with Canada, Australia, and New Zealand regarded as “UKUSA-collaborating Commonwealth countries”.

1990

In July 2013, as part of the Edward Snowden revelations, it emerged that the NSA is paying GCHQ for its services, with at least £100 million of payments made between 2010 and 2013. On 11 September 2013, The Guardian released a leaked document provided by Edward Snowden which reveals a similar agreement between the NSA and Israel’s Unit 8200. According to The Sydney Morning Herald, Australia operates clandestine surveillance facilities at its embassies “without the knowledge of most Australian diplomats”. These facilities are part of an international espionage program known as STATEROOM.

2010

â&#x20AC;&#x153;In a time of deceit telling the truth is a revolutionary act.â&#x20AC;? - George Orwell 1984

WEAPONS

Consider this a guide to the secret surveillance alliance that has infiltrated every aspect of the modern global communications system.

ECHELON

ECHELON, originally a code-name, is now used in global media and in popular culture to describe a signals intelligence (SIGINT) collection and analysis network operated on behalf of the five signatory states to the UKUSA Security Agreement (Australia, Canada, New Zealand, the United Kingdom, and the United States, referred to by a number of abbreviations, including AUSCANNZUKUS and Five Eyes). It has also been described as the only software system which controls the download and dissemination of the intercept of commercial satellite trunk communications. It was created in the early 1960s to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War, and was formally established in the year of 1971. By the end of the 20th century, the system referred to as “ECHELON” had evolved beyond its military/diplomatic origins, to also become “... a global system for the interception of private and commercial communications.” The system has been reported in a number of public sources. One of the earliest reports to describe the program, code-named “ECHELON”, was Duncan Campbell’s 1988 article, “Somebody’s

listening”, published in the New Statesman. The program’s capabilities and political implications were investigated by a committee of the European Parliament during 2000 and 2001 with a report published in 2001, and by author James Bamford in his books on the National Security Agency of the United States. The European Parliament stated in its report that the term ECHELON is used in a number of contexts, but that the evidence presented indicates that it was the name for a signals intelligence collection system. The report concludes that, on the basis of information presented, ECHELON was capable of interception and content inspection of telephone calls, fax, e-mail and other data traffic globally through the interception of communication bearers including satellite transmission, public switched telephone networks (which once carried most Internet traffic) and microwave links. Bamford describes the system as the software controlling the collection and distribution of civilian telecommunications traffic conveyed using communication satellites, with the collection being undertaken by ground stations located in the footprint of the downlink leg.

PRISM

PRISM is a clandestine mass electronic surveillance data mining program launched in 2007 by the National Security Agency (NSA), with participation from an unknown date by the British equivalent agency, GCHQ. PRISM is a government code name for a data-collection effort known officially by the SIGAD US-984XN. The Prism program collects stored Internet communications based on demands made to Internet companies such as Google Inc. and Apple Inc. under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms. The NSA can use these Prism requests to target communications that were encrypted when they traveled across the Internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier, and to get data that is easier to handle, among other things. PRISM began in 2007 in the wake of the passage of the Protect America Act under the Bush Administration. The program is operated under the supervision of the U.S. Foreign Intelligence Surveillance Court (FISA Court, or FISC) pursuant to the Foreign Intelligence Surveillance Act (FISA). Its existence was leaked six years later by NSA contractor Edward Snowden, who warned that the

extent of mass data collection was far greater than the public knew and included what he characterized as “dangerous” and “criminal” activities. Documents indicate that PRISM is “the number one source of raw intelligence used for NSA analytic reports”, and it accounts for 91% of the NSA’s Internet traffic acquired under FISA section 702 authority.”The leaked information came to light one day after the revelation that the FISA Court had been ordering a subsidiary of telecommunications company Verizon Communications to turn over to the NSA logs tracking all of its customers’ telephone calls on an ongoing daily basis. U.S. government officials have disputed some aspects of the Guardian and Washington Post stories and have defended the program by asserting it cannot be used on domestic targets without a warrant, that it has helped to prevent acts of terrorism, and that it receives independent oversight from the federal government’s executive, judicial and legislative branches. On June 19, 2013, U.S. President Barack Obama, during a visit to Germany, stated that the NSA’s data gathering practices constitute “a circumscribed, narrow system directed at us being able to protect our people.”

05/06/2010

12/06/2010

19/06/2010

26/06/2010

03/07/2010

Microsoft Yahoo Google

100

200

300

400

This is the first time that data giving a sample of the number of intelligence records being generated per company has been published. It shows that over the period shown, June to July 2010, data from Yahoo generated by far the most NSA intelligence reports, followed by Microsoft, and then Google. All three companies are fighting through the courts to be allowed to release more detailed figures for the numbers of data requests they handle from US intelligence agencies.

OPTIC NERVE

Optic Nerve is a mass surveillance program run by the British signals intelligence agency Government Communications Headquarters (GCHQ), with help from the US National Security Agency (NSA), that surreptitiously collects private webcam still images from users while they are using a Yahoo! Webcam application, presumably Yahoo! Messenger. As an example of the scale, in one 6-month period, the program is reported to have collected images from 1.8 million Yahoo! user accounts globally. The program was first reported on in the media in February 2014, from documents leaked by the former National Security Agency contractor Edward Snowden, but dates back to a prototype started in 2008, and was still active in at least 2012. The leaked documents describe the users under survellience as “unselected”, meaning that data was collected indiscriminately in bulk from users regardless of whether they were an intelligence target or not. The vast majority of affected users would have been completely innocent of any crime or suspicion of a crime. Optic Nerve as described in the documents collected one still image every 5 minutes per user, attempting to

comply with human rights legislation. The images were collected in a searchable database, and used for experiments in facial recognition, to monitor known targets, and to discover new targets. The choice of Yahoo! for surveillance was taken because “Yahoo webcam is known to be used by GCHQ targets”. Unlike the US NSA, the UK GCHQ is not required by law to minimize the collection from domestic citizens, so UK citizens could have been targeted on the same level as non-UK citizens. The story was broken by The Guardian in February 2014, and is based on leaked documents dating to between 2008 and 2012. Yahoo! expressed outrage at the programme when approached by The Guardian, and subsequently called it “a whole new level of violation of our users’ privacy.” A GCHQ spokesperson stated “It is a long-standing policy that we do not comment on intelligence matters”. Though there were some limits to which photos security analysts were allowed to see, with bulk searches limited to metadata, security analysts were allowed to see “webcam images associated with similar Yahoo identifiers to your known target”.

“If you want a picture of the future, imagine a boot stamping on a human face—for ever.” - George Orwell 1984

METADATA

Metadata is data that describes other data. Meta is a prefix that in most information technology usages means â&#x20AC;&#x153;an underlying definition or description.â&#x20AC;?

Examples include the date and time you called somebody or the location from which you last accessed your email. The data collected generally does not contain personal or content-specific details, but rather transactional information about the user, the device and activities taking place. In some cases you can limit the information that is collected – by turning off location services on your cell phone for instance – but many times you cannot. Below gives examples of platform specific metadata.

> Activity including pages you visit and when > User data and possibly user login details with auto-fill features > IP address, internet service provider, device > Hardware details, operating system > Cookies and cached data from websites

> > > > > >

> > > > > > > > > > > >

Sender’s name, email and IP address Recipient’s name and email address Server transfer information Date, time and timezone Unique identifier of email and related emails Content type and encoding Mail client login records with IP address Mail client header formats Priority and categories Subject of email Status of the email Read receipt request

Phone number of every caller Unique serial numbers of phones involved Time of call Duration of call Location of each participant Telephone calling card numbers > > > > > > > > > >

Name, location, language, profile bio information and url When you created your account Your username and unique identifier Tweet’s location, date, time and timezone Tweet’s unique ID and ID of tweet replied to Contributor IDs Follower, following and favorite count Verification status Application sending the tweet

LEGISLATIVE PROTECTION

The Snowden disclosures have led many on Capitol Hill and beyond to conclude that the political and legal mechanisms necessary to hold the NSA accountable in functioning democracy are no longer fit for purpose. The Foreign Intelligence Surveillance Act of 1978 (Fisa) was intended to curtail the NSA’s ability to use its capabilities against Americans. It was passed as part of a backlash against one of the biggest controversies of that era: the unlawful surveillance by the intelligence agencies of US political activists, trade union leaders and civil rights leaders. Fisa codified in law for the first time that the NSA was about foreign intelligence. If there was a suspicion about a spy or some agent of a foreign power operating in the US, the NSA and the FBI could apply for a warrant in a new surveillance court, the Fisa court.

But since then, according to Wyden, the way the laws work in practice by the intelligence agencies has become shrouded in secrecy. The 2008 Fisa Amendments Act, renewed in 2012, allows for the collection of communications without a warrant, where at least one end of the communications is a non-US person. The NSA legal basis — disputed — for bulk collection of Americans’ phone data comes under a different law, section 215 of the 2001 Patriot Act. The Bush administration, in secret after 9/11, turned loose the NSA to collect bulk email records domestically. The NSA interpreted section 215 of the Patriot Act as allowing them to collect phone metadata in the US.

Legal authorities the NSA relies on to justify there excessive surveillance eﬀorts.

“There are serious constitutional concerns about the FISA amendments act” - Amie Stepanovich

Foreign Intelligence Surveillance Act (Fisa) of 1978

Fisa Amendments Act of 2008: Section 702

Fisa provides the foundation for foreign intelligence surveillance. The Act establishes procedures for the collection of this intelligence, and a secret court to oversee those activities. Fisa has been amended since to allow for increased warrantless surveillance.

Amends Fisa and requires the establishment of procedures for targeting non-US persons overseas. The government may not intentionally target a US person but the NSA has revealed that it does unintentionally collect American communications

Executive Order 12333

Fisa Amendments Act of 2008: Sections 703, 704

Signed in 1981 by President Reagan, and most recently amended by President Bush in 2004, this order broadly authorizes the collection of all information for the purpose of “national defense” not prohibited by other applicable laws.

Amends FISA and establishes procedures for targeting US persons overseas. In these cases, surveillance of a US person can be authorized without a warrant because the US person is outside the country.

National Security Letter Patriot Act of 2001: Sections 214, 216 Amends FISA allowing the collection of certain wire or electronic communication metadata to communications relevant to a terrorist or espionage investigation instead of communications likely to be those of a terrorist or spy.

National security letters are administrative subpoenas that allow the FBI to compel the recipient to divulge subscriber and billing information relevant to a national security investigation. These letters require no judicial review and the recipient is prohibited from revealing the contents or existence of the letter.

Patriot Act of 2001: Section 215

Fisa court Order

Amends FISA, allowing the government to order the collection of “tangible things” that aid in an terrorism or espionage investigation. These “things” don’t need to pertain directly to a target but instead only be relevant to an investigation.

These orders are issued to compel entities to furnish information the government has requested. The court operates in secrecy and is not subject to public oversight.

E D W A R D SNOWDEN

Edward Joseph Snowden (born June 21, 1983) is an American computer specialist, former employee of the Central Intelligence Agency (CIA) and former contractor for the National Security Agency (NSA). He came to international attention when he disclosed thousands of classified documents to several media outlets. The leaked documents revealed operational details of global surveillance programs run by the NSA and the other Five Eyes governments of the United Kingdom, Australia, Canada, and New Zealand, with the cooperation of a number of businesses and European governments. The release of classified material was called the most significant leak in US history by Pentagon Papers leaker Daniel Ellsberg. A series of exposés beginning June 5, 2013 revealed Internet surveillance programs such as PRISM, MUSCULAR, XKeyscore and Tempora, as well as the bulk collection of US and European telephone metadata. The reports were based on documents Snowden leaked to The Guardian and The Washington Post while employed by NSA contractor Booz Allen Hamilton. On May 20, 2013, Snowden flew from Hawaii to Hong Kong, where he later met with journalists Glenn Greenwald and Laura Poitras and shared numerous documents. On June 21 the U.S. Justice Department charged Snowden with espionage and his passport was revoked by the State Department the next day. Snowden

flew from Hong Kong and landed at Moscow’s Sheremetyevo International Airport on June 23, reportedly for a one-night layover en route to Ecuador. Why Snowden did not board an onward flight is unclear and he remained in Russia. On August 1 the Russian government granted him a one-year temporary asylum. A subject of controversy, Snowden has been variously called a hero, a whistleblower, a dissident, a traitor, and a patriot. Snowden’s “sole motive” for leaking the documents was, in his words, “to inform the public as to that which is done in their name and that which is done against them.” The disclosures have fueled debates over mass surveillance, government secrecy, and the balance between national security and information privacy. Two court rulings since the initial leaks have split on the constitutionality of the NSA’s bulk collection of telephone metadata. Snowden is considered a fugitive by American authorities who in June 2013 charged him with espionage and theft of government property. In early 2014, some media outlets and politicians called for leniency in the form of clemency, amnesty or pardon, while others called for him to be imprisoned or killed. He lives in an undisclosed location in Russia. Snowden currently serves as Rector of the University of Glasgow, a three-year post, and serves on the Freedom of the Press Foundation board of directors.

“I can’t in good conscience allow the U.S. government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they’re secretly building” - Edward Snowden

2013

June

that Snowden took his position at Booz Allen Hamilton so he could gather information on the NSA’s global surveillance programs.

US spies on Hong Kong and Chinese citizens

Guardian announces leak of classiﬁed NSA documents

Boundless Informant emerges from secrecy

British daily newspaper The Guardian reveals the leak of classified National Security Agency (NSA) documents, beginning with an order from the Foreign Intelligence Surveillance Court (FISC) requiring Verizon to hand over metadata from millions of Americans’ phone calls to the Federal Bureau of Investigation (FBI) and the NSA.

PowerPoint slides published by The Guardian reveal the existence of Boundless Informant, an NSA tool that provides “near real-time” statistics on the agency’s spying capabilities and is broken down by country. Among the information the slides reveal is that the NSA collected almost 3 billion pieces of intelligence on U.S. citizens in February 2013 alone.

The South China Morning Post also publishes information revealed by Edward Snowden that shows the NSA hacked civilian computer networks in both Hong Kong and mainland China. Nine days later, the paper publishes a series of articles detailing the hacks - which include major Internet backbones at Tsinghua University in Beijing and the Chinese University of Hong Kong, as well as text messages from ordinary Chinese citizens.

PRISM exposed to American public The Guardian release PowerPoint slides they claim show the NSA has direct access via the PRISM program to the servers of some of the biggest U.S. tech companies, including Apple, Google and Microsoft. The Guardian later reveals how large tech companies have worked closely with the NSA to help them circumvent encryption and other privacy controls, and how the agency pays for many of these companies’ compliance costs.

American cyber-attack list uncovered The Guardian publishes Presidential

Policy Directive 20. Among other things, the directive orders government officials to draw up a list of potential targets for cyber-attacks by the U.S. government.

Whistle-blower reveals identity to world media The source of the NSA leaks - 29-year-old former Booz Allen Hamilton employee and NSA contractor Edward Snowden - reveals his identity. Snowden met Guardian reporters at a hotel room in Hong Kong.

Snowden explains his motives and philosophy Edward Snowden gives an exclusive interview to the South China Morning Post about the NSA, his family and his reasons for traveling to Hong Kong before going public. It includes the bombshell

America and Britain monitor foreign diplomats A series of articles in The Guardian reveals that the U.S. and the U.K. spied on foreign leaders and diplomats at the 2009 G20 summit. They also bugged the South African foreign ministry and planned to spy on envoys to the 2009 Commonwealth Summit. The motive was apparently to gain trade advantage over developing nations.

thematically similar The New York Times reveals that in 2008 the internet company Skype started a secret program to make Skype calls accessible to intelligence agencies and law enforcement. As the Times notes, documents leaked by Snowden confirm that Skype then joined the PRISM program in February 2009.

Inside look at surveillance court In a post on his blog at The Guardian, Glenn Greenwald quotes leaked documents he claims show how the Foreign Intelligence Surveillance Court’s procedures fail to provide transparency and accountability to U.S. intelligence agencies.

NSA domestic spying rules revealed The Guardian publishes three Foreign Intelligence Surveillance Court documents outlining the NSA’s procedures for minimizing its collection of domestic communications. Among the most controversial revelations in the files is that the NSA can store domestic communications if they contain: foreign intelligence information; evidence of a crime; threats of serious harm to life or property.

Headquarters (GCHQ). The revelations include a program called Tempura, which is similar to the NSA’s Upstream (later revealed in July). Tempura taps into large fiber optic cables that carry massive amounts of Internet and telephone traffic.

Snowden ﬂies from Hong Kong to Moscow

Project Chess shows Skype surveillance In an article not directly related to the NSA documents leaked by Edward Snowden - but

One such progam, Shell Trumpet, had collected 1 trillion metadata records as of December 2012. Another, Transient Thurible, passes online metadata collected by Britain’s GCHQ into the NSA’s systems.

The U.S. revokes Edward Snowden’s passport and issues a request for his extradition. Later in the day, Snowden leaves Hong Kong for Moscow - reportedly en route to Latin America - using travel documents issued by the Ecuadorian embassy in London. Snowden is accompanied by WikiLeaks section editor Sarah Harrison. The following day, WikiLeaks’ founder, Julian Assange, tells reporters the organization paid for Snowden’s stay in Hong Kong and his flight to Russia.

US can track ‘1 billion’ daily mobile calls

On arrival, Snowden finds himself unable to leave the transit area of Moscow’s Sheremetyevo International Airport. Ecuadorian president Rafael Correa tells reporters Snowden had been issued Ecuadorian travel documents without his government’s approval, and Snowden begins seeking asylum elsewhere.

19 21 27 th

are revealed by The Guardian to collect vast quantities of online metadata.

UK’s Tempura taps ﬁbre optic cables

NSA harvests online user metadata

Several Guardian articles document mass surveillance by Britain’s Government Communications

Programs such as Evil Olive, run by the NSA’s Special Source Operations (SSO) department,

Via Skype from his home in Brazil, Guardian journalist Glenn Greenwald delivers the keynote lecture of the Socialism 2013 conference in Chicago. Greenwald says an as-yet-unpublished document leaked by Edward Snowden discusses how “a brand new technology allows the National Security Agency to direct, re-direct, into its own depositories 1 billion cell phone calls every single day.”

America snoops EU, UN and embassies Laura Poitras, the documentary filmmaker who flew to Hong Kong with Glenn Greenwald to meet Edward Snowden, has been reporting on the NSA leaks. In an article in German daily Der Spiegel, she details America’s electronic surveillance and bugging of European Union offices in New York, Washington D.C. and Brussels. The next day, The Guardian reports that America also performed surveillance on the embassies of France,

NSA keeps tabs on ordinary Germans

July

Documentary filmmaker Laura Poitras co-writes an article in the German daily Der Spiegel which reveals that the NSA spies on 500 million data connections in Germany every month. The article also reports how the NSA is only prohibited from “spying attacks” on the “Five Eyes” partners: the U.S., Canada, U.K., Australia and New Zealand.

France also feeds ‘Big Brother’ French daily newspaper Le Monde reveals that France’s DirectorateGeneral for External Security has been intercepting and storing most of the telephone and Internet communications within France for years.

Brazil’s citizens face prying ‘Fairview’ An article in the Brazilian daily O Globo co-authored by Guardian journalist

Glenn Greenwald reveals how the NSA has been using the “Fairview” program to gain access to the Internet and telephone data of foreign citizens - including Brazilians - through foreign telecoms’ partnerships with American telecoms.

Australia aids in covert data collection Another article cowritten by Glenn Greenwald in O Globo gives previously unpublished details about the NSA’s XKeyscore data collection network. Later, The Sydney Morning Herald picks up on maps published along with the O Globo article that reveal how monitoring stations in Australia and New Zealand contribute to XKeyscore.

NSA listens to Latin American calls Glenn Greenwald cowrites another article in O Globo revealing NSA surveillance on citizens of many Latin American countries: Mexico, Venezuela, Colombia, Ecuador, Argentina, Panama, Costa Rica, Nicaragua, Honduras, Paraguay, Chile, Peru and El Salvador. While many of the topics of surveillance are security-related - arms sales in Venezuela and guerillas in Peru - the agency also sought information on oil, energy and trade. The same day, O Globo explicitly reveals the presence of NSA and CIA stations in four Latin American capitals: Bogotá, Colombia; Caracas, Venezuela; Mexico City, Mexico; and Panama City, Panama.

Upstream gathers US Net traffic The Washington Post picks up on the existence of an NSA program called Upstream that collects information from the fiber optic cables that carry most Internet and phone traffic. The coverage is based on a PRISM slide previously published in The Guardian.

(Bundesnachrichtendienst, or BND) and Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz, or BfV) contribute to the NSA’s XKeyscore data collection network. According to one NSA document quoted by Der Spiegel, “The BND has been working to influence the German government to relax interpretation of the privacy laws to provide greater opportunities of intelligence sharing.”

26 12

network of 500 servers scattered across the globe that collect “nearly everything a user does on the Internet” and store it in databases searchable by name, email, IP address, region and language.

Snowden meets with Russian rights groups Edward Snowden meets with Russian human rights organizations and activists at Sheremetyevo International Airport in Moscow, where he is still confined to the transit area after almost three weeks. He asks for “assistance in requesting guarantees of safe passage from the relevant nations in securing ... travel to Latin America.”

US fugitive argues his case In a series of interviews released while he is in Moscow, Edward Snowden defends his actions and explains the complicated NSA documents he continues to release to the international media.

NSA ‘in bed’ with the Germans Der Spiegel reveals that Germany’s Federal Intelligence Service

US not to seek death penalty for Snowden

The U.S. will not seek capital punishment for former NSA contractor Edward Snowden, Attorney General Eric Holder tells the Russian government. In a letter dated July 23, Holder says the criminal charges Snowden faces do not carry the death penalty and that the U.S. would not seek such a sentence even if Snowden were charged with additional crimes that would qualify for capital punishment. Holder also says his letter followed news reports that Snowden had filed papers seeking temporary asylum in Russia on grounds that, if he were returned to the U.S., he would be tortured and face the death penalty.

America helps fund British spy agency The Guardian reveals that the NSA paid GCHQ the equivalent of at least $155 million between 2010 and 2013. Documents reviewed by The Guardian reportedly show that the NSA invested in GCHQ in part because British law allows for surveillance that American law does not. For its part, GCHQ insisted on “an appropriate level of contribution ... from the NSA perspective” in setting its priorities and ensuring continued funding.

2 31

Secret servers store internet info PowerPoint slides published by The Guardian give intimate details of XKeyscore, an NSA program alluded to in several other news reports. They reveal a

access to their fiber optic cable networks, which carry massive amounts of Internet and telephone traffic. GCHQ reportedly pays for many of the companies’ compliance costs.

US uses spying for diplomacy

August

Italy, Greece, Japan, Mexico, South Korea, India and Turkey. A subsequent report by Poitras and others gives previously unpublished details about the NSA’s surveillance of the E.U., U.N. and International Atomic Energy Agency.

Telecoms share user data with GCHQ The German daily Süddeutsche Zeitung reveals that seven telecom companies BT, Vodafone, Verizon Business and four smaller companies provide GCHQ with direct, unimpeded

Two articles in the weekly Brazilian newsmagazine Época reveal further details about the NSA’s surveillance of foreign diplomats. They report that the agency provided surveillance intended to give U.S. diplomats the upper hand in negotiations at the U.N. over sanctions against Iran and at the 2009 Summit of the Americas.

Lavabit and Silent Circle close down Encrypted webmail services Lavabit and Silent Circle shut down, citing pressure from the U.S. government to reveal user data. The timing of the shutdowns is more than coincidental, especially given Lavabit’s most famous user: Edward Snowden. Mike Janke, one of the company’s founders, tells the Washington Post he estimates Silent Circle’s customer base had grown by some 400 percent over the summer after reports surfaced about PRISM.

Warrantless wiretapping permitted by law change Part of a secret NSA glossary published by The Guardian reveals a change to data

G L E N N GREENWALD, E D W A R D S N O W D E N INTERVIEW

One of the things people are going to be most interested in, in trying to understand what, who you are and what you are thinking is there came some point in time when you crossed this line of thinking about being a whistleblower to making the choice to actually become a whistleblower. Walk people through that decision making process.

When you’re in positions of privileged access like a systems administrator for the sort of intelligence community agencies, you’re exposed to a lot more information on a broader scale then the average employee and because of that you see things that may be disturbing but over the course of a normal person’s career you’d only see one or two of these instances. When you see everything you see them on a more frequent basis and you recognize that some of these things are actually abuses. And when you talk to people about them in a place like this where this is the normal state of business people tend not to take them very seriously and move on from them."

In an interview with The Guardian, Senator Ron Wyden (D-Ore.) explains, “Once Americans’ communications are collected, a gap in the law ... allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans.”

NSA breaks own surveillance rules The Washington Post publishes two documents that reveal how the NSA violated U.S. laws and its own internal regulations 2,776 times between March 2011 and March 2012. Most of these violations were accidents or technical errors, but others were less benign. A followup report by the Wall Street Journal - which appears not to have been based on leaks from Edward Snowden - reveals incidents of NSA employees spying on love interests outside the U.S. The program is called LOVEINT in agency parlance.

over three years by Americans not connected to terrorism. This latest revelation comes amid growing criticism from members of Congress and privacy rights groups about the far-reaching U.S. intelligence apparatus.

Brits run spy station in Middle East The Independent reveals the existence of a GCHQ station in the Middle East that collects information from undersea fiber optic cables carrying massive amounts of telephone and Internet traffic. The article attributes these reports to documents leaked by Edward Snowden. It claims that The Guardian reached a secret agreement with GCHQ to restrict its publication of Snowden’s leaks. Guardian journalist Glenn Greenwald later publishes a response. Greenwald quotes Snowden reportedly saying he has “never spoken with, worked with, or provided any journalistic materials to The Independent.” Greenwald denies The Independent’s claims of a secret deal between The Guardian and GCHQ. He also questions whether the British government leaked documents to The Independent to make it appear as if Snowden was intentionally harming national security.

US ‘illegally’ gathers thousands of emails

The National Security Agency declassifies three secret court opinions showing how in one of its surveillance programs it scooped up as many as 56,000 emails - annually

Billions budgeted for 16 intel agencies

New documents published by the Washington Post reveal details about the NSA’s

2013 “black budget” - a top-secret $52.6 billion proposal submitted to the House and Senate intelligence committees. The documents include information about the NSA’s intelligence - or lack thereof - on Russia, China and North Korea. According to the Post, “Analysts know virtually nothing about the intentions of North Korean leader Kim Jong-Un.” Also included are new details about the electronic surveillance that went into the hunt for Osama bin Laden - including high-resolution satellite images of his compound in Abbottabad, Pakistan; bugs on his couriers’ cell phones; and an electronic surveillance drone.

NSA pays millions to telecoms for access Adding details to earlier reports in The Guardian, The Washington Post reveals that the NSA spends hundreds of millions of dollars each year paying private companies for access to large fiber optic communications backbones - part of the agency’s Corporate Partner Access Project.

Targets of US cyber-attacks revealed The Washington Post reveals previously unpublished details of the US’s cyber attackoperations, showing that intelligence agencies launched 231 cyber-attacks in 2011 - primarily against government targets in Russia, China, Iran and North Korea.

Spy agencies hunt for insider threats In more revelations from the NSA’s “black budget,” The Washington Post discloses details of the NSA’s hunt for insider threats. According to the Post, the agency is re-investigating 4,000 of its staff and is implementing a sophisticated electronic monitoring system.

NSA spies on Al Jazeera Der Spiegel reports that the NSA spied on the Al Jazeera Media Network. The German daily says the intelligence agency hacked into the Doha-based news organization’s internal communications network, an accomplishment that was considered impressive. One document leaked by Edward Snowden, dated March 23, 2006, says that the NSA’s Network Analysis Center accessed communication from “interesting targets” by hacking into Al Jazeera. This leak demonstrates an even wider scope of international surveillance.

US distrust of Pakistan An article in the Washington Post reveals that U.S. intelligence agencies focus as intensely on U.S. ally Pakistan as they do on adversaries like Iran and North Korea.

Society for Worldwide Interbank Financial Telecommunication (SWIFT). According to Fantástico, this new report contradicts earlier claims by the NSA that it does not engage in corporate espionage.

Al-Qaeda working to defeat US drones

The article also shows U.S. intelligence has long been aware of systematic extrajudicial killings by Pakistan’s security forces, carried out with the knowledge of top officials against suspected terrorists, fighterss and even human rights activists.

The Washington Post publishes details of Al Qaeda’s plans to disrupt, jam or shoot down U.S. drones in the Middle East and North Africa—a new revelations from the NSA’s “black budget.”

According to the Post, U.S. officials sought to keep these abuses hidden.

NSA spied on Brazilian and Mexican presidents In a story for the Brazilian weekly TV newsmagazine Fantástico, Guardian journalist Glenn Greenwald reveals that the NSA spied on Brazilian president Dilma Rousseff and Mexican president Peña Nieto (then a candidate). The agency pulled the leader’s communications from its massive, full-take databases using the Mainway, Association and Dishfire programs.

September

minimization rules that could allow the NSA to view American citizens’ data without a warrant under section 702 of the 2008 FISA Amendment Act.

NSA spies on Google and Petrobras Fantástico shows that the NSA used a “manin-the-middle” attack to spy on private computer networks belonging to Google, the Brazilian oil company Petrobras, the French Ministry of Foreign Affairs and the

NSA subverts online encryption A collaboration among The Guardian, The New York Times and ProPublica reveals that the NSA has cracked methods of encryption used by millions of people ever day for secure email, e-commerce, financial transactions and more. According to these reports, the NSA maintains a database of common decryption keys - some possibly stolen from private companies. Also revealed: The NSA collaborates with the tech industry to implant security back doors into consumer products; the U.S. works to weaken international encryption standards.

NSA can spy on smartphone data Der Spiegel reveals the NSA has the ability to

NSA shares data with Israel The Guardian publishes an information-sharing agreement between the NSA and the Israeli SIGINT National Unit (ISNU). Under it, the NSA shares information with Israel that includes U.S. citizens’ data and metadata. The agreement requires Israel to handle American citizens’ data according to U.S. law; however, that requirement is not legally binding.

Financial networks monitored by NSA Der Spiegel reveals that a special branch of the NSA called Follow the Money performs bulk data collection on international networks belonging to Visa, Mastercard, the Society for Worldwide Interbank Financial Telecommunication (SWIFT) and other financial institutions. The NSA’s surveillance of SWIFT, in particular, violates a 2010 agreement with the European Union.

GCHQ hacked Belgian telecom A new article in Der Spiegel shows that GCHQ used malware

targeted at company employees to compromise networks belonging to the Belgian telecom company Belgacom. According to the report, one of the agency’s goals was to gain access to a major data hub that would allow it to intercept smart phone data using man-in-the-middle attacks, as Der Spiegel previously reported. A later follow-up article describes how GCHQ hacked into the company by using fake LinkedIn pages to implant spying software on engineers’ computers. This allowed the agency to hack into the company’s GRX routers and perform man-in-themiddle attacks on mobile users. GCHQ reportedly also has access to the massive amounts of mobile user data collected by “international mobile billing clearinghouses” like Comfone, Syniverse and Mach. The German The German version of the follow-up article also reveals that GCHQ used the same technics to spy on officials at the Organization of the Petroleum Exporting Countries (OPEC)

US monitors Indian diplomats and leaders Glenn Greenwald and Shobhan Saxena collaborate on a series of articles for Indian daily The Hindu detailing the NSA’s surveillance of the Indian government. The agency reportedly used its surveillance capabilities to gain information on India’s nuclear and space programs, as well as its internal politics. They also monitored computers and telephones at India’s U.S. embassy and U.N.

mission. One article mentions that the NSA spied on other unnamed Asian, African and Latin American countries to gather information concerning World Trade Organization negotiations.

American citizens tracked in 60s and 70s Using recently declassified documents and archival materials, Foreign Policy reveals that an NSA program called Minaret monitored the overseas communications of anti-war activists, civil rights leaders and even two sitting U.S. senators between 1967 and 1973. Targets included Martin Luther King Jr., Muhammad Ali, Jane Fonda, Stokely Carmichael, Sen. Frank Church (D-Idaho) and Sen. Howard Baker (R-Tenn.). The New York Times’s Washington bureau chief, Tom Wicker, and Washington Post columnist Art Buchwald were also targeted.

Drone strike opponents are ‘threats’ In a blog post about the detention of Yemeni anti-drone activist Baraa Shiban at London’s Gatwick Airport under the U.K.’s 2000 Terrorism Act, Glenn Greenwald reveals internal NSA documents that list opponents of U.S. drone policies among other “threats” and “adversaries.” One paragraph quoted by Greenwald calls anti-drone activists “propagandists.” Another document reportedly lists lawsuits by civil-liberties groups alongside terrorist counter-attacks.

Love interests followed by NSA In response to a request from Sen. Charles Grassley (R-Iowa), the NSA’s Office of the Inspector General releases details of the 12 “substantiated instances” of “intentional and willful” misuse of NSA surveillance authority since January 2003. Most involved so-called “love intelligence” LOVEINT, in agency parlance - where agents spied on current or former love interests. The incidents were discovered through agency audits and selfreports.

NSA creating maps of Americans’ social contacts The New York Times reports that the NSA uses Americans’ data — including phone and email metadata, as well as information from social media and financial transactions — to create maps of targets’ social connections. According to an agency spokesperson, this data is only used when there is “a foreign intelligence justification.”

Metadata storage revealed A new report from The Guardian shows that the NSA uses its massive databases to store metadata - including web searches, email activity and browsing histories on millions of web users for up to a year - whether or not those individuals are agency targets. Much of this data is taken

from the agency and its partners’ taps on the large fiber optic cables that carry the world’s internet and telephone data.

October

tap into data - including emails, contacts, notes and physical location - from all the major smart phones on the market. According to Der Spiegel’s reporting, smart phone surveillance is narrowly targeted.

TOR network attacked by NSA A series of articles at The Guardian reveal the NSA and GCHQ’s attempts to compromise the TOR network - a web browser that allows users to conceal their identities. The Guardian reports that intelligence agencies used a vulnerability in an older version of Mozilla’s Firefox web browser to implant surveillance software on some TOR users’ computers when they visited specific websites.

Canada spied on Brazil’s Ministry of Mines and Energy A segment on Fantástico reveals that Canada’s main signals intelligence agency, Communications Security Establishment Canada (CSEC), spied on telephone and computer networks belonging to Brazil’s Ministry of Mines and Energy - presumably to gain a competitive advantage for Canadian mining and energy

companies. CSEC shared details of the operation at a June 2012 meeting of intelligence officials from the so-called “Five Eyes” - Canada, the United States, Britain, Australia, and New Zealand.

NSA collects online contact lists en masse The Washington Post publishes documents revealing that the NSA collects over 250 million email inbox views and contact lists a year from online services like Yahoo, Gmail and Facebook. The agency is not technically capable of automatically sifting out Americans’ data, and since this program uses collection points outside the U.S., it is not legally required to do so. However, an NSA spokesperson told the Post it is required to “minimize the acquisition, use and dissemination” of Americans’ data.

Drone strikes draw on NSA data An article in The Washington Post reveals that closely-targeted NSA surveillance plays a pivotal role in the U.S. targeted killing program. In particular, the post focused on an October 2012 drone strike on alQaeda operative Hassan Ghul, in which NSA data was key.

NSA spies on Mexican president Der Spiegel reveals that the NSA infiltrated former Mexican

Why should people care about surveillance?

Because even if you’re not doing anything wrong you’re being watched and recorded. And the storage capability of these systems increases every year consistently by orders of magnitude to where it’s getting to the point where you don’t have to have done anything wrong. You simply have to eventually fall under suspicion from somebody even by a wrong call. And then they can use this system to go back in time and scrutinize every decision you’ve ever made, every friend you’ve ever discussed something with. And attack you on that basis to sort to derive suspicion from an innocent life and paint anyone in the context of a wrongdoer.

US monitoring French citizens, companies and diplomats A series of documents published by the French daily Le Monde discloses massive NSA surveillance on French citizens, companies and diplomats. The agency reportedly collected over 70.3 million phone records from French citizens over a single thirty-day period. They also performed bulk monitoring of Internet traffic from two of France’s largest telecom companies - Wanadoo and Alcatel. Perhaps the biggest revelation, however, is that the NSA monitored computers and telephones at France’s embassy in Washington, D.C. and its U.N. office in New York - especially during negotiations over new U.N. sanctions against Iran.

Americans ‘spied’ on German Chancellor German Chancellor Angela Merkel calls to complain to President Barack Obama after learning that U.S. intelligence may have monitored her mobile phone, saying that would be “a serious breach of

trust” if confirmed. Merkel demanded an immediate clarification from Obama.

NSA listened to 35 world leaders’ phone calls New documents published by the Guardian show that the NSA monitored the phone calls of 35 world leaders in 2006 after an official in another branch of the U.S. government handed their numbers over to the agency.

GCHQ spied on Italian citizens, companies and officials Italian weekly magazine L’Espresso reveals that GCHQ spied on Italian citizens, companies and government officials. The surveillance allegedly included bulk collection from three fiber optic backbones in Italy that carry massive amounts of telephone and Internet data. One document quoted by L’Espresso says “the economic well-being of England” is one of the motives behind the surveillance. Another suggests that Italian intelligence officials knew about the data collection.

NSA spied on Spanish leaders, citizens The Spanish dailies El País and El Mundo reveal mass NSA surveillance on Spanish leaders and citizens. One document shown to El Mundo explains that the agency collected 60 million Spanish telephone calls over just 30 days in late 2012 and early 2013. Such mass surveillance is reportedly illegal under Spanish law.

GCHQ fears public debate A new report from The Guardian reveals that GCHQ attempted to keep its surveillance tactics out of the public eye less out of fears over security than out of fears that it would spark a public debate and legal challenges. In particular, the agency feared its practices could be challenged under Britain’s Human Rights Act. Documents show the agency also feared public knowledge of how telecom companies give it far more access to their data than is required by law. GCHQ reportedly worked with other government agencies to line up former officials who could press its views in the media.

Spies work in 80 US embassies A new report in Der Spiegel shows that the NSA has surveillance teams stationed at 80 U.S. embassies around the world, including 19 in Europe. According to the report, the spies pose as diplomats. The article also detailed sophisticated Internet and telephone monitoring equipment concealed at the embassies. The Italian weekly Panorama later published new details on the program.

Google, Yahoo and Microsoft targeted by NSA Major new documents published by the Washington Post reveal that the NSA has hacked into the connections between data centers owned by Google and Yahoo. While data passing between a user and company data centers is encrypted,

data passing among data centers is not. Hacking these links gives the agency direct, unencrypted access to almost all user data stored “in the cloud”— including email, web searches, photographs and documents. Because the NSA carries this surveillance out outside the United States, it falls outside the jurisdiction of many laws meant to protect the privacy of American citizens. Almost a month later, the Post reveals data centers owned by Microsoft may also have been targeted by the same NSA program.

US monitored the Vatican Without citing a source, Panorama reports that the NSA spied on the Vatican - including on the 2013 papal conclave that elected Pope Francis and Ernst von Freyberg’s appointment as president of the board of superintendence at the troubled Vatican Bank.

9/11 used as ‘sound bite’ Lists of NSA talking points obtained by Al Jazeera through the Freedom of Information Act advise officials to invoke the September 11, 2011, terrorist attacks - and the threat of similar attacks in the future - to justify the agency’s controversial surveillance programs. They also urge officials to emphasize that the NSA’s programs are “lawful” and that “our allies have benefited … just as we have.”

Spies also stationed in Australian embassies Documents leaked to the Sydney Morning

Herald by Edward Snowden reveal that Australia’s Defence Signals Directorate has electronic surveillance teams stationed in Australian embassies around Asia and the Pacific. One former Australian intelligence official said the monitoring focused on “political, diplomatic and economic intelligence.” Australian signals intelligence officials work closely and share data with the United States, Canada, Great Britain and New Zealand - the so-called “Five Eyes.”

November

president Felipe Calderón’s email account, alongside accounts belonging to his cabinet ministers and other branches of the Mexican government. While many of the agency’s reported interests focused on national security concerns like the war on drugs, others focused on issues like internal Mexican politics and trade negotiations.

NSA relies on corporate partners The Guardian publishes documents that show the NSA’s close reliance on cooperation from tech and telecom companies. One of the documents puts the agency’s goal bluntly: “Leverage unique key corporate partnerships to gain access to highcapacity international fiber-optic cables, switches and/or routers throughout the world.”

GCHQ is European surveillance hub The Guardian reveals how GCHQ works closely with intelligence agencies in Germany, France, Spain and

Sweden to develop their mass surveillance capabilities. In some instances, GCHQ reportedly helps other European intelligence agencies weaken or change legal restrictions. In others, it lobbies the NSA to share more data with its Continental counterparts.

NSA strategic missions revealed A major article in the Washington Post discloses details of the NSA’s core philosophy - to collect all the data it legally can, no matter how significant. The article details the agency’s surveillance of U.N. Secretary General Ban Ki-moon and obscure German politicians. A separate document published with the article lists the agency’s strategic missions. Alongside concerns like terrorism and nuclear proliferation, it lists: securing the U.S. diplomatic advantage - even over allies like Japan and Germany; reliable access to fossil fuels; and maintaining the U.S. economic advantage over Brazil and Japan.

Australia spied on climate conference The Guardian reveals details of a large spying operation on the 2007 U.N. Climate Change Conference in Bali, carried out jointly by the NSA and Australia’s Defence Signals Directorate (DSD). The intelligence agencies were reportedly trying to gain information on Indonesian officials’ communications infrastructure “should collection be required in the event of an emergency,” as one leaked document put it.

No clemency for Snowden At a meeting in Russia with German politician Hans-Christian Ströebele to discuss the possibility of testifying about NSA surveillance before the German parliament, Edward Snowden releases an open letter to the German government. Part of the letter says, “Though the outcome of my efforts has been demonstrably positive, my government ... seeks to criminalize political speech with felony charges that provide no defense. However, speaking the truth is not a crime. I am confident ... the government of the United States will abandon this harmful behavior.”

Snowden accused of using others’ passwords According to unnamed U.S. government sources, former NSA contractor Edward Snowden gained access to thousands of pages of classified documents by asking 20 to 25 of his coworkers for their usernames and passwords, saying they were necessary for him to do his job. Journalist Glenn Greenwald, who broke the NSA leaks and is one of the few people in close contact with Snowden, has cast doubt on this allegation.

OPEC under surveillance Der Spiegel publishes new details about its previous report that the NSA spied on the Organization of the

Petroleum Exporting Countries (OPEC). The agency reportedly infiltrated computers belonging to several top OPEC officials using its narrowly targeted “Quantum Insert” method. The information it gathered then went to the CIA, the State Department and the Department of Energy.

Britain spies on hotel reservations Der Spiegel reveals the existence of a GCHQ program called “Royal Concierge” that monitors the booking systems of 350 highend hotels around the world. Whenever one of the systems sends a booking confirmation to a diplomatic email address, Royal Concierge notifies agency analysts who then mark the hotel for possible further surveillance - whether by electronic bugs or human spies.

Australia spied on Indonesian president Following on the heels of previous revelations about Australia’s electronic espionage against Indonesia, the Guardian reveals that Australia’s Defence Signals Directorate (DSD) spied on the cell phones of top Indonesian officials - including President Susilo Bambang Yudhoyono, First Lady Kristiani Herawati and several cabinet ministers. The information leads to a crisis in relations.

NSA admits violations Over 1,000 pages of

documents declassified by the NSA reveal how two agency programs - discontinued bulk collections of Americans’ email metadata and ongoing bulk collection of Americans’ cell phone metadata systematically violated privacy laws and policies. According to the agency, its violations were due to poor management, lack of involvement by compliance officials and lack of internal verification procedures but not by bad faith. The document release is part of an ongoing declassification effort by the Obama administration, sparked by Edward Snowden’s leaks.

US spied on Norwegian citizens Norwegian daily Dagbladet discloses that the NSA acquired data on 33 million Norwegian cell phone calls in one 30-day period. This report follows on the heels of similar revelations in India, Germany, Spain, Italy, Brazil and throughout Latin America. Norwegian Intelligence Service (NIS) chief Lieutenant-General Kjell Grandhagen later claims the documents published by Dagbladet show communications collected by NIS in Afghanistan on behalf of the NSA, not communications in Norway. Dagbladet then publishes new documents alongside detailed analysis to refute this claim.

US, UK maintain secret spying agreement The Guardian reveals a 2007 NSA memo that allows the agency

to store and use personal data on U.K. citizens - including email addresses, phone numbers and I.P. addresses - that it incidentally collects in its massive surveillance operations. A separate memo outlines classified NSA protocols for unilaterally spying on citizens of its four closest allies, despite a tacit agreement not to do so without the ally’s knowledge and permission.

Monitoring power: ‘Anyone, anytime, anywhere’ A major new article in the New York Times lays out the NSA’s desire for greater legal power and technological dominance. According to an internal agency document from 2012, the NSA wants to expand its already broad legal authority. It also plans to “influence the global commercial encryption market” through partnerships with tech firms and its own spies within private tech companies. Its end goal, according to the document, is accessing data from “anyone, anytime, anywhere” it needs.

NSA infected 50,000 computer networks Dutch media outlet NRC reveals that the NSA has infected over 50,000 computer networks worldwide with malicious spying software, in a technique known as Computer Network Exploitation (CNE). The software can reportedly be controlled remotely and turned off and on at will. An NSA slide published

with the article shows the agency’s access to computer networks and high-speed fiber optic cables worldwide, including several within the United States.

en Veiligheidsdienst, or AIVD) uses the sophisticated Computer Network Exploitation (CNE) technique to gather data on web forum users en masse. AIVD discussed this technology at a meeting with the NSA in February 2013.

US spied on notable Muslims’ porn habits The Huffington Post reveals that the NSA considered publicly discrediting six Muslim figures — one of whom is a “US person” — it felt were “radicalizing” other Muslims. The agency reportedly pondered taking this step after it gained embarrassing information about the individuals by spying on their online porn habits and personal finances. The documents reportedly do not accuse any of the people of being directly involved with terrorist plots.

NSA spied on G20 in Toronto The Canadian Broadcasting Corporation reveals a massive NSA surveillance operation aimed at foreign diplomats during the 2010 G8 and G20 summits in Toronto. According to leaked documents, the agency worked closely with Communications Security Establishment Canada (CSEC).

December

Australian plan to share citizens’ data The Guardian reveals a draft document from a 2008 meeting of intelligence officials from the so-called Five Eyes - the U.S., the U.K., Canada, Australia and New Zealand. In it, Australian intelligence officials offer to share bulk metadata they collected without first acting to remove data on Australian citizens “as long as there is no intent to target an Australian national.” Meanwhile, Canada declined a similar request, citing the privacy of its citizens.

30 4 th

Netherlands spies on ordinary citizens The Dutch NRC newspaper reveals that the Netherlands’ General Intelligence and Security Service (Algemene Inlichtingen

NSA collects foreign cell phone location data A major new article in the Washington Post reveals that the NSA collects bulk cell

What are some of the positions that you held previously within the intelligence community?

Iâ&#x20AC;&#x2122;ve been a systems engineer, systems administrator, senior adviser for the Central Intelligence Agency, solutions consultant, and a telecommunications informations system officer.

US spying on Italian citizens, leaders and diplomats L’Esresso discloses widespread NSA surveillance against Italy. According to the newspaper, the agency maintains two stations to monitor Italian leaders - one at the U.S. embassy in Rome and one in Milan, Italy’s financial capital. The agency also monitors computer hard drives and electronic communications at Italy’s U.S. embassy in Washington, D.C. However, NSA espionage is not limited to Italy’s elite - the agency gathered bulk metadata on almost 46 million Italian telephone calls in just a single 30day period.

Sweden aiding American surveillance A series of reports by Swedish television network SVT reveals broad collaboration between the NSA and Sweden’s National Defence Radio Establishment (Försvarets radioanstalt, or FRA). Among the revelations are that FRA spied on Russian leaders, Russian energy companies and Baltic

NSA playing online games A major collaboration among the Guardian, the New York Times and ProPublica reveals that the NSA, the Pentagon, the FBI and GCHQ have been monitoring online games played by millions of people worldwide. The agencies infiltrated games like World of Warcraft, XBox Live and Second Life using bulk data collection and human spies posing as ordinary players. The Pentagon reportedly even developed a smartphone game that gave it access to players’ personal data. While the agencies were motivated by fears that terrorists would use gaming platforms to communicate, the documents contain no evidence that was ever the case.

NSA and Canada working handin-hand CBC reveals extremely close cooperation between the NSA and the Computer Security Establishment Canada (CSEC). According to documents leaked by Edward Snowden, CSEC even opened up remote spying stations on behalf of the NSA, presumably in Canadian embassies and consulates abroad.

Corporate cookie tracking used by NSA The Washington Post reveals that both the NSA and GCHQ use browser cookies - small bits of identifying information stored on users’ browsers for tracking purposes by websites like Google - to infiltrate targeted computers. According to the Post, the agencies also perform bulk collection of the location data that many cell phone apps use to give users geographically targeted advertisements.

NSA cracked cell phone encryption An internal NSA document leaked by Edward Snowden to the Washington Post reveals the agency has the capability to decrypt the most common cellphone encryption cipher - A5/1, which is part of the 2G cellphone standard - even without an encryption key. Experts have long known that A5/1 is vulnerable to attacks.

a top European Union official; the Israeli prime minister and minister of defense; two French telecom and defense companies; and several African heads of state and NGO heads.

NSA’s hacking capabilities revealed Der Spiegel reveals details of the NSA’s Tailored Access Operations (TAO) unit, which attacks systems and networks belonging to specific targets using custom hardware and software. TAO’s past targets have included Mexican government officials and Belgian and French telecom companies. The next day, Der Spiegel publishes new documents suggesting, among other things, that TAO has software which gives it complete access to targets’ Apple iPhones.

2014

states on behalf on the NSA; that the NSA, GCHQ and FRA have a secret data-sharing agreement; the FRA gives the NSA access to data from fiber optic cables it has tapped; that FRA foresaw the 2008 Russia-Georgia War while the NSA did not; that the FRA assists the NSA in hacking computer systems, in apparent violation of Swedish law; and that the FRA has access to the NSA’s XKeyscore surveillance sysytem.

January

phone location data on ordinary people around the world. The agency reportedly siphons five billion cell phone location records a day into its massive database. With this data, sophisticated computer algorithms can even tell if two people are walking together through a crowded city. While the agency does not “target” U.S. citizens’ cell phone location data, it does collect some “incidentally” and does not consider it protected under the Fourth Amendment.

Spying on enemies, allies and NGOs A major new disclosure published jointly by the New York Times, The Guardian and Der Spiegel reveals details of GCHQ’s satellite monitoring operations. A long list of targets reportedly includes German government agencies and embassies; several U.N. missions; the U.N. Children’s Fund (UNICEF); the World Health Organization;

Quantum computer in NSA’s sights The Washington Post reveals the NSA is diligently working to develop a so-called “quantum computer” that could theoretically break the strongest forms of encryption in use today. However, the agency is reportedly neck-and-neck with researchers in the E.U.

and Switzerland - and years away from its goal.

How the NSA hacks oﬄine computers Washington Post reveals how the NSA gains access to computer systems around the world by implanting them with malware and custom hardware - including hardware that allows the agency to remotely access computers that are not connected to an outside network. According to the article, the U.S. has two data centers in China just for placing malware on targeted Chinese computer systems.

US collects foreign SMS data en masse A joint investigation between The Guardian and Channel 4 reveals the NSA’s bulk collection of foreign text messages, including messages between people who have not committed a crime and are not suspected of ties to terrorism. The agency reportedly stores the data - which includes both metadata and content - for years in its DISHFIRE database, where it can be searched by a number of criteria. Americans’ data is excluded.

smartphone apps like Angry Birds en masse. Apps “leak” the data - which can include anything from a user’s physical location to their sexual orientation - to companies that then use it to build sophisticated user profiles for targeted advertising. One classified British intelligence document went so far as to say that “anyone using Google Maps on a smartphone is working in support of a GCHQ system.” It is unclear to what extent the agencies collect Americans’ data under this program.

GCHQ monitoring Facebook, Youtube The first breaking report on the Snowden leaks from NBC reveals a 2013 GCHQ trial program called Squeaky Dolphin that is able to display trend information on YouTube video views, Facebook “likes” and blog visits for specific geographic areas, almost in real time. An agency document claims the program cannot identify specific users. However, another internal GCHQ document viewed by NBC reportedly shows that the agency used data it siphoned from Twitter in 2010 to target specific users with propaganda.

29 27

Agencies spy on mobile apps A major new collaboration among The Guardian, the New York Times and ProPublica reveals NSA and GCHQ are collecting data from

NSA spied on climate negotiations A collaboration between the Huffington Post and Danish daily Informatíon reveals that the NSA spied on negotiators during the 2009 U.N. Climate

by infiltrating chat rooms and launching Distributed Denial of Service (DDOS) attacks on chat servers. However, author Gabriel Coleman told NBC, “At the time of those events, there were thousands of supporters and probably a dozen or two individuals who were breaking the law.”

30 5 th

Canada tracks airline passengers

February

CBC reveals that Communications Security Establishment Canada (CSEC) ran a two-month pilot program in which it tracked the electronic devices of people who had logged onto free airport wifi for up to two weeks afterward. The program tested a surveillance system developed jointly by CSEC and the NSA that the agencies have since implemented, according to CBC.

JTRIG hacked the hacktivists Another report on GCHQ broadcast by NBC reveals that a special unit called the Joint Threat Research Intelligence Group (JTRIG) targeted “hacktivist” groups like Anonymous, LulzSec and the Syrian Electronic Army

NSA spied on Gerhard Schröder In a follow up to a report by Der Spiegel last October that the NSA may have spied on German chancellor Andrea Merkel, the German newspaper Süddeutsche Zeitung reports that the agency likely monitored former German chancellor Gerhard Schröder during the buildup to the U.S.-led invasion of Iraq. Schröder led European opposition to that war.

GCHQ uses ‘dirty tricks’ The third installment of NBC’s series on GCHQ reveals that the Joint Threat Research Intelligence Group (JTRIG) uses “dirty tricks” like jamming cell phones, spreading propaganda online and even honey traps against its adversaries - a category that reportedly includes everyone from hardened terrorists to teenage members of Anonymous, and even domestic criminals.

Drones attack based on rough NSA data Glenn Greenwald,

Jeremy Scahill and Laura Poitras launch a new outlet, The Intercept, focused on covering the Snowden leaks. Its first story reveals how the U.S. program of “targeted killings” by drones largely relies on the NSA’s analysis of cell phone metadata and geolocation rather than human intelligence. According to former drone operators interviewed by The Intercept, this practice makes the strikes much less precise and also endangers civilians.

Australia aids in economic espionage The New York Times reveals the Australian Signals Directorate which shares facilities, personnel and data with the NSA - swept up data from an American law firm as it was monitoring a trade dispute between the U.S. and Indonesia. One internal NSA document quoted by the Times says the ASD ended up “providing highly useful intelligence for interested U.S. customers.” According to the report, the NSA regularly provides other government agencies with intelligence related to trade negotiations.

WikiLeaks targeted The Intercept publishes details of NSA and GCHQ surveillance of WikiLeaks and other “hacktivist” groups. The agencies reportedly monitored traffic to WikiLeaks’ website and considered classifying WikiLeaks and Pirate Bay as “malicious foreign actors.” That designation would have allowed the

NSA to monitor any communications to or from the groups, even those involving U.S. citizens. Another document viewed by The Intercept reportedly shows how the U.S. government asked its allies to prosecute WikiLeaks founder Julian Assange.

GCHQ manipulates online discourse After a series of four articles at NBC on the tactics used by GCHQ’s Joint Threat Research Intelligence Group (JTRIG), Glenn Greenwald publishes a document at The Intercept revealing the existence of GCHQ’s Human Science Operations Cell (HSOC). This unit uses theories drawn from social psychology and sociology to disrupt online groups.

Spying on Yahoo video chat The Guardian reveals that GCHQ collects images and metadata from millions of Yahoo video chat users around the world, most of whom are not suspected of any wrongdoing. The database, called “Optic Nerve,” reportedly includes data from U.S. and U.K. citizens, and has incorporated facial recognition technology in order to identify targets.

March

Change Conference in Copenhagen, Denmark, in order to strengthen the U.S. bargaining position. Another leaked document from 2007 mentions that the NSA had “alerted policymakers to anticipate specific foreign pressure” on the U.S. to reduce its carbon emissions.

Dutch help NSA spy on Somalia

Political leaders left in the dark

NRC discloses details of how NSA intelligence helped the Dutch navy capture a Pakistani ship that had been hijacked by pirates off the Somali coast. According to the report, the Netherlands regularly shares data from Afghanistan and Somalia with the NSA - though some worry it is being used to carry out drone strikes, alongside more conventional antipirate and anti-terror activities.

Glenn Greenwald publishes excerpts from a leaked NSA document at The Intercept which show that many foreign heads of state and other political leaders are unaware of their countries’ cooperation with the agency, allowing these intelligence partnerships to remain untouched by changes in political leadership.

Secret court rulings The New York Times reveals secret legal rulings from the Foreign Intelligence Surveillance Court (FISC) that, among other things, allow the NSA, CIA and FBI to share unminimized personal information belonging to U.S. citizens.

NSA engages in industrial-scale ‘exploitation’ A new article at The Intercept shows that the NSA has built the capacity to implant millions of computers around the world with malware that gives it access to users’ most sensitive data. The automated system uses tactics like phishing emails and fake versions of popular webpages like Facebook to infect computers in what one agency document called “industrial-scale exploitation.”

NSA recording phone calls abroad A major new story in the Washington Post reveals that the NSA collects the contents and metadata from every phone call in specific target countries and stores them for 30 days at a time - including calls from U.S. citizens who live, visit or phone others abroad. At the request of U.S. officials, the Post declined to name the countries targeted by the program.

Hunting network administrators The NSA targets foreign systems administrators in order to gain access to the networks they manage. Agency employees have reportedly discussed building a database of foreign “sys admins” for use when they need to compromise a computer network. The overwhelming majority of these contacts are targeted because of their work, and not because of suspected criminal activity.

EXILE

X X

X X X X

X X

X X X

“I am still working for the NSA right now... They’re the only ones who don’t realize it” - Edward Snowden

Snowden left the Moscow airport on August 1 after more than a month in the transit section. He had been granted temporary asylum in Russia for one year, an asylum that could be extended indefinitely on an annual basis. According to his lawyer, Snowden went to an undisclosed location kept secret for security reasons. In response to the asylum grant, White House spokesman Jay Carney said the U.S. administration was “extremely disappointed” by the Russian government’s decision and that the meeting scheduled for September between Barack Obama and Vladimir Putin was under reconsideration. Some U.S. legislators urged the president to take a tough stand against Russia, possibly including a U.S. boycott of the 2014 Winter Olympics in Sochi. On August 7, the White House announced that Obama had canceled the meeting previously planned with Putin in Moscow citing lack of progress on a series of issues that included Russia’s granting Snowden temporary asylum. Following cancellation of the bilateral talks, Putin’s foreign policy aide Yuri Ushakov said they were “disappointed” and that it was clear to him that the decision was due to the situation around Snowden, which they “had not created”; Ushakov alleged that the U.S. had been avoiding signing an extradition agreement and had “invariably” used its absence as a pretext for denying Russian extradition requests. In late July 2013, Lon Snowden said he believed his son would be better off staying in Russia, and didn’t believe he would receive a fair trial in the U.S. In mid-October, he visited his son in Moscow, later telling the press that he was pleased with Edward’s situation, and still believed Russia was the best choice for his asylum, saying he wouldn’t have to worry about people “rushing across the border to render him.” Snowden commented that his son found living in Russia “comfortable,” and Moscow “modern and sophisticated.” Snowden’s lawyer, Kucherena, announced on October 31 that his client had found a technical support job providing maintenance for Russia’s largest website.

NSA whistleblower Thomas Drake, who was also charged with espionage for leaking classified materials, said he believes Snowden would not be able to return to the U.S. in the “foreseeable future,” as he has “essentially been declared enemy of the State number 1, exhibit number 1.” According to Ströbele, Snowden was seeking asylum “in a ‘democratic’ country” such as Germany or France, and wanted to leave Russia at the end of his yearlong asylum. Snowden’s legal advisors Radack and Kucherena indicated that Snowden would remain in Russia, however, with Radack saying in January 2014 that Snowden “hopes that [his temporary asylum] will be renewed for another year or into a permanent asylum because he is safe there [in Russia] and he knows that.” In Russia “he is protected from a lot of people who would like to harm him,” Radack noted. On December 17, 2013 Snowden wrote an open letter to the people of Brazil offering to assist the Brazilian government in investigating allegations of U.S. spying, and added that he continued to seek, and would require, asylum. Snowden wrote, “Until a country grants permanent political asylum, the U.S. government will continue to interfere with my ability to speak...going so far as to force down the Presidential Plane of Evo Morales to prevent me from traveling to Latin America!” Brazil had been in an uproar since Snowden revealed that the U.S. was spying on Brazilian President Dilma Rousseff, her senior advisors, and Brazil’s national oil company, Petrobras. Brazilian President Dilma Rousseff and officials of the Brazilian foreign ministry said in response to the letter that they could not consider asylum for Snowden because they had not received any formal request for asylum from him. A representative of the foreign ministry said that a fax requesting asylum had been sent to the Brazilian embassy in Moscow in July but it had not been signed and could not be authenticated. David Miranda, the Brazilian partner of Glenn Greenwald, launched an internet petition urging the Brazilian

“People all over the world are coming to realize that the NSA’s surveillance programs put people in danger, hurt the U.S. and its economy, and limit our ability to speak and think and live and be creative, to have relationships and associate freely” - Edward Snowden

president to consider offering Snowden asylum. Some prominent Brazilian senators expressed support for giving asylum to Snowden, including Senator Ricardo Ferraco (president of the Senate Foreign Relations and Defense Committee), although some other politicians, mainly opponents of Rousseff’s government, said Brazil should not risk further harming relations between Brazil and the U.S. by offering Snowden asylum. In July, the Brazilian Senate’s Foreign Relations and Defense Committee had unanimously recommended granting asylum to Snowden. Snowden met with Barton Gellman of The Washington Post six months after the disclosure for an exclusive interview spanning 14 hours, his first since being granted temporary asylum. Snowden talked about his life in Russia as “an indoor cat,” reflected on his time as an NSA contractor, and discussed at length the revelations of global surveillance and their reverberations. Snowden said, “In terms of personal satisfaction, the mission’s already accomplished...I already won. As soon as the journalists were able to work, everything that I had been trying to do was validated.” He commented “I am not trying to bring down the NSA, I am working to improve the NSA...I am still working for the NSA right now. They are the only ones who don’t realize it.” On the accusation from former CIA and NSA director Michael Hayden that he had defected, Snowden stated, “If I defected at all, I defected from the government to the public.” Snowden’s Russian attorney, Anatoly Kucherena, announced in January 2014 that a media report coming from the U.S. had left his client in fear for his life. An interview with “intelligence operators,” including a Pentagon official, an Army intelligence officer, and NSA analysts, published on the condition of anonymity by BuzzFeed in midJanuary, detailed ways they said Snowden can be killed and expressed a strong desire by some to carry out such plans. Regarding the report, Kucherena said, “This is a real death threat and we are concerned about the fact it has prompted no reaction from anybody.” When asked about the BuzzFeed story, State Department spokeswoman Marie Harf said she had not read the article, but that death threats were “totally inappropriate”

and had “no place in our discussion of these issues.” Snowden wrote that the various threats on his life were “concerning,” primarily because “current, serving officials of our government are so comfortable in their authorities that they’re willing to tell reporters on the record that they think the due process protections of the 5th Amendment of our Constitution are outdated concepts. These are the same officials telling us to trust that they’ll honor the 4th and 1st Amendments. This should bother all of us. The fact that it’s also a direct threat to my life is something I am aware of, but I’m not going to be intimidated.” In his first television interview, which aired on Germany’s NDR January 26, 2014, the initial question posed to him was whether he had trouble sleeping at night due to the media reports. He said, “I’m still alive and I don’t lose sleep because I’ve done what I feel I needed to do. It was the right thing to do and I’m not going to be afraid.” Kucherena had also expressed his concern for Snowden’s safety the previous August. Andrei Soldatov told the Associated Press at that time that “American intelligence does not kidnap or assassinate people in Russia, that’s a fact. [Kucherena’s statements about Snowden’s safety are] just a pretext.” In late January 2014, US attorney general, Eric Holder in an interview with MSNBC indicated that the U.S. could allow Snowden to return from Russia under negotiated terms, saying he was prepared to engage in conversation with him, but that full clemency would be going too far. According to German politician Hans-Christian Ströbele, Snowden is seeking permanent asylum in a “democratic” country such as Germany or France. On March 12, 2014, the international advocacy group European Digital Rights (EDRi) reported that the European Parliament, in adopting a Data Protection Reform Package, rejected amendments that would have dropped charges against Snowden and granted him asylum or refugee status. Snowden’s legal adviser, Jesselyn Radack, said in January 2014 that Snowden would eventually like to return to the U.S. “if the conditions were right,” but that he knows he is safe in Russia for the present.

“In terms of personal satisfaction, the mission’s already accomplished... I already won”

- Edward Snowden

REACTION

Snowden’s release of NSA material was called “the most significant leak in U.S. history”

Officials Ellsberg said “Snowden’s disclosures are a true constitutional moment” enabling the press to hold the Executive branch of the U.S. federal government accountable, while the legislative and judiciary branch refused to do so. The “accountability” mechanisms of the U.S. government, he said, are “a one-sided secret court, which acts as a rubber stamp, and a Congressional ‘oversight’ committee, which has turned into the NSA’s public relations firm.” On January 14, 2014, Ellsberg posted to his Twitter page: “Edward Snowden has done more for our Constitution in terms of the Fourth and First Amendment than anyone else I know.”

United States President Barack Obama was initially dismissive of Snowden, saying in June 2013, “I’m not going to be scrambling jets to get a 29-year-old hacker.” In August, Obama rejected the suggestion that Snowden was a patriot and would later say that “the benefit of the debate he generated was not worth the damage done, because there was another way of doing it.” In January 2014, Obama mentioned Snowden in a speech covering proposed reforms to the NSA’s surveillance program and said that “our nation’s defense depends in

part on the fidelity of those entrusted with our nation’s secrets. If any individual who objects to government policy can take it into their own hands to publicly disclose classified information, then we will not be able to keep our people safe, or conduct foreign policy.” Obama also objected to the “sensational” way the leaks had been reported, saying the reporting often “shed more heat than light.” He went on to assert that the disclosures had revealed “methods to our adversaries that could impact our operations.” In March 2014, former U.S. president Jimmy Carter said that if he were still president today he would “certainly consider” giving Snowden a pardon were he to be found guilty and imprisoned for his leaks. Ron Paul began a petition urging the Obama Administration to grant Snowden clemency. February 14, 2014, Paul announced the petition and released a video on his website, saying, “Edward Snowden sacrificed his livelihood, citizenship, and freedom by exposing the disturbing scope of the NSA’s worldwide spying program. Thanks to one man’s courageous actions, Americans know about the truly egregious ways their government is spying on them.”

On February 14, 2014, Paul announced the petition and released a video on his website, saying, “Edward Snowden sacrificed his livelihood, citizenship, and freedom by exposing the disturbing scope of the NSA’s worldwide spying program. Thanks to one man’s courageous actions, Americans know about the truly egregious ways their government is spying on them.” Ex-CIA director James Woolsey said in December 2013 that if Snowden was convicted of treason, he should be hanged. According to Mike Rogers and ranking member Dutch Ruppersberger, a classified Pentagon report written by military intelligence officials contends that Edward Snowden’s leaks had put U.S. troops at risk and prompted terrorists to change their tactics, and that “most files copied” were related to current U.S. military operations.

SUPPORT

All Adults

Ex-CIA director James Woolsey said in December 2013 that if52% Snowden was convicted of treason, he 19% Fairly should be hanged.33% Strongly

OPPOSE 38%

35%a classified Pentagon report 25% Dutch Ruppersberger, written by military intelligence officials contends Republicanthat Edward56% Snowden’s leaks had put U.S. troops at risk and prompted 37% terrorists to change their tactics,20% and that “most files copied” were related to current Independent 48% U.S. military operations. 32% 16%

10% 19% Fairly

Democrat According 59% to Mike Rogers and ranking member

UNDECIDED

21% Strongly

35% 16%

20%

33%

11% 17%

16%

12%

40% 19%

21%

There is little disagreement on the matter across party lines. Majorities of Democrats (59 %), Republicans (56 %) and a plurality of independents (48 %) said Snowden should be charged.

Press

Peers

On January 1, 2014, the Editorial Board of The New York Times praised Snowden as a whistleblower and wrote in favor of granting him clemency or “at least a substantially reduced punishment,” arguing that while Snowden may have broken the law, he had “done his country a great service” by bringing the abuses of the NSA to light. “When someone reveals that government officials have routinely and deliberately broken the law,” they wrote, “that person should not face life in prison at the hands of the same government.” The Times further criticized James Clapper for lying to Congress about the NSA’s surveillance activities and cast doubt on the claim made by Snowden’s critics that he had damaged national security. The editorial concluded with a request to President Obama to discontinue the “vilification” of Snowden and to offer Snowden “an incentive to return home.” The article garnered an unusual amount of “heat” for an editorial, with responses from multiple media outlets. The editorial board of The Guardian called for a pardon in an article coincidentally published on the same day. The board asked President Obama to “use his executive powers to treat [Snowden] humanely and in a manner that would be a shining example about the value of whistleblowers and of free speech itself.”

Cybersecurity scholar Peter Singer divided the material disclosed by Snowden into three categories: “smart, useful espionage against enemies of the United States; legally questionable activities that involved US citizens through backdoors and fudging of policy/law; un-strategic (stupid) actions targeting American allies that has had huge blowback on US standing and US business.” It was postulated that these were differing ways people viewed Snowden, which could explain why he was so polarizing. Singer also spoke of a “double legacy” from the NSA revelations released by Snowden: “One, it’s hollowed out the American ability to operate effectively in ensuring the future of the internet itself, in the way we would hope it would be. That has huge long-term consequences. And the second is, it’s been and will be a hammer-blow to American technology companies. The cloud computing industry, for example, had a recent estimate that they’ll lose $36 billion worth of business because of this.”

In his article dated January 4, 2014, “Moves to Curb Spying Help Drive the Clemency Argument for Snowden,” Peter Baker of The New York Times laid out the polarization of opinions throughout the U.S. and the impetus toward clemency gained by the public reaction to the revelations of the surveillance. He notes that officials in the intelligence establishment “warn that letting Mr. Snowden off the hook would set a dangerous precedent” and contrasts that with the statement of attorney Bruce Fein about the protections afforded by the First Amendment, “It prohibits government from punishing communications that expose government lawlessness whether or not the illegality is classified” and saying further, “Calling government to account for breaking the law is a compelling civic duty of all citizens.” The author also noted that similar polarization has arisen in judicial review, citing judge Leon’s ruling that the surveillance program in question “was probably unconstitutional,” implying that laws passed to enable such programs could be struck down.

In February 2014, Intelligence Squared held an “Oxford style” debate titled “Snowden Was Justified” addressing the opposing, widely held views that Snowden was a “whistleblower,” and alternately, a “traitor.” Ex-CIA director R. James Woolsey and former federal prosecutor Andrew C. McCarthy argued against the motion, while ACLU lawyer representing Snowden, Ben Wizner, and Pentagon Papers leaker Daniel Ellsberg argued in favor. Prior to arguments, the audience was split on the matter at 29 percent. After the debate, 54 percent found that Snowden was justified and 35 percent were against.

Public

A majority believes he was wrong to disclose classified National Security Agency programs, and that such disclosures harmed national security. Americans see things differently. Sixty percent said they believe his disclosures harmed U.S. security, according to a November Washington Post-ABC News poll. And 55 percent said they think he did the “wrong thing” in leaking information to the media about the government’s surveillance efforts.

Do you think Edward Snowdenâ&#x20AC;&#x2122;s leaks have harmed U.S. Security?

YES

poll taken by The Washington Post

March 2014

49%

60%

July 2013

32%

37%

13%

UNDECIDED

FORECAST

The NSA has been “setting fire to the future of the internet, And you guys are the firefighters”

The NSA has been “setting fire to the future of the internet”, Edward Snowden told an audience at South by Southwest in Austin via videolink from Russia. “And the people in this room now, you guys are all the firefighters and we need you to fix this.” Snowden made the call to action as part of his first livestreamed interview, with the American Civil Liberties Union’s principal technologist Christopher Soghoian joining the debate onstage. Talking via multiple proxies, Snowden and Soghoian discussed the role and responsibility of big tech companies and independent startups in changing the way we prioritise security. ”The people in the room in Austin, they are the folks that can really fix things and force our rights through technical standards even when congress has not gotten to the point where it protects our rights in same manner,” said Snowden. “The NSA over the last decade has created an adversarial internet; a global free fire zone. And it is nothing we asked for and not what we wanted. We’ve seen the erosion of protections and the proactive seizure of communications. There’s a policy response that needs to occur, but also a technical one -- and it’s

the makers and thinkers that can really craft those solutions and make sure we’re safe.” Soghoian joined Snowden in urging developers to make things more secure, so that the NSA’s job is made that much harder. The problem right now is that it has been easy for the NSA to carry out bulk collections -- the hard part, and the part it seems to still be experimenting with, is how to analyse that data. We need to make the first bit as hard as possible by encouraging companies to make services secure out of the box. The debate echoed Snowden’s testimony delivered to the European Parliament inquiry into mass surveillance last week: “The good news is that there are solutions. The weakness of mass surveillance is that it can very easily be made much more expensive through changes in technical standards.” By implementing encryption standards such as SSL, services could force the NSA to go the route of hacking individual devices. It helps us prevent global passive surveillance at a network level, said Snowden, in favour of a more constitutional targeted surveillance adjudicated by the courts.

Soghoian commented that every example of a tech giant stepping up its use of encryption is entirely down to Snowden’s leaks. “Prism put names of billion dollar companies on the front page of newspapers -- they publicly distanced themselves, and began taking security seriously, with the likes of Microsoft and Facebook rushing to fix data protection.” “We wouldn’t have had this security -- his leaks have stopped hackers at Starbucks, identity thieves, common criminals. It really took, unfortunately, the most profound whistleblower in history to get us to a point where we are prioritising our security and we all have Snowden to thank for this. It shouldn’t have taken that; there should be privacy regulators forcing companies to do this.” As he pointed out, public officials have routinely named cybersecurity as the greatest threat facing America, yet there is no system in place to reprimand the government for not protecting its people over this. “Every individual person has to protect themselves.” The US government is making this even harder, the pair pointed out, by actually manufacturing vulnerabilities in everyday services the public relies on, in order to make its own surveillance easier. This is why the impetus is on small developers to build new business models based on security first -- so many of the well-established tech companies rely on an open data model where they profit off of your information and therefore want to retain easy access to it. “Whatsapp came out of nowhere,” said Soghoian. “I want the next Whatsapp to be using end-toend encryption. It’s actually more difficult for incumbents because their businesses are built around advertising supporting services -- if you’re looking for an angle here tell customers they can pay $5 a month for encryption, many consumers will want to pay for that.” “The fact is the tools that exist to enable secure end-to-end video conferencing are not very polished,” he continued, referencing the elephant in the room -- the fact the conversation about poor security was taking place on Google Hangout. “This reflects state of play with many services -- they are

easy to use, reliable and polished, or secure and impossible for the average person to use.” The most secure services are made by geeks, for geeks, and the general public continues to opt for services that come as easy bundles with their usual providers, he said. But consumers need to remember these free models do not necessarily have their best interest at heart -- it may be worth it to pay for a service and rest easy knowing you are secure. Snowden commented that some progress was being made by big companies, for instance Google making its SSL protection default. “They are focusing on new UIs and ways for us to interact with cryptographic tools, when it happens invisibly for users. We don’t want it to be opt in, it has to pass the Glenn Greenwald test,” he said, referencing the fact that the former Guardian journalist did not know how to use PGP encryption. “Any journalist that gets an email from someone saying ‘I have something the public wants to know about’ needs to be able to open it easily.” Turning to the government, Snowden pointed out that the US strategy of focussing on the offensive rather than defensive side of things has massively deteriorated public security and is hugely short sighted. “America has more to lose than anyone else -- when you’re the one country that has a vault that’s more full than anyone else’s, it doesn’t make sense to be attacking all day and even less sense when you are creating a backdoor anyone can walk into.” That offensive mentality, he said, is why the intelligence services failed to pick up on Russia’s tips about the pair that would go on to become the Boston bombers. “It didn’t dedicate a team to it because it spent all this time hacking into Google and Facebook. And what did we get out of it? Nothing. Two White House investigations confirmed that.” “I took an oath to support and defend the constitution and saw it was being abused on a massive scale -- the interpretation of the fourth amendment was changed in secret from ‘no unreasonable search and seizure’ to ‘any seizure is fine, just don’t search it’, and that’s something the public ought to know about it.”

DEFENSE

The primary way the NSA eavesdrops on internet communications is in the network. That’s where their capabilities best scale. They have invested in enormous programs to automatically collect and analyze network traffic. Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly. Leveraging its secret agreements with telecommunications companies – all the US and UK ones, and many other “partners” around the world – the NSA gets access to the communications trunks that move internet traffic. In cases where it doesn’t have that sort of friendly access, it does its best to surreptitiously monitor communications channels: tapping undersea cables, intercepting satellite communications, and so on. That’s an enormous amount of data, and the NSA has equivalently enormous capabilities to quickly sift through it all, looking for interesting traffic. “Interesting” can be defined in many ways: by the source, the destination, the content, the individuals involved, and so on. This data is funneled into the vast NSA system for future analysis. The NSA collects much more metadata about internet traffic: who is talking to whom, when, how much, and by what mode of communication. Metadata is a lot easier to store and analyze than content. It can be extremely personal to the individual, and is enormously valuable intelligence. Each individual problem – recovering electronic signals from fiber, keeping up with the terabyte

streams as they go by, filtering out the interesting stuff – has its own group dedicated to solving it. Its reach is global. The NSA also attacks network devices directly: routers, switches, firewalls, etc. Most of these devices have surveillance capabilities already built in; the trick is to surreptitiously turn them on. This is an especially fruitful avenue of attack; routers are updated less frequently, tend not to have security software installed on them, and are generally ignored as a vulnerability. The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO – Tailored Access Operations – group. TAO has a menu of exploits it can serve up against your computer – whether you’re running Windows, Mac OS, Linux, iOS, or something else – and a variety of tricks to get them on to your computer. Your anti-virus software won’t detect them, and you’d have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. The NSA deals with any encrypted data it encounters more by subverting the underlying cryptography than by leveraging any secret mathematical breakthroughs. First, there’s a lot of bad cryptography out there. If it finds an internet connection protected by MS-CHAP, for example, that’s easy to break and recover the key. It exploits poorly chosen user passwords, using the same dictionary attacks hackers use in the unclassified world.

The NSA has turned the fabric of the internet into a vast surveillance platform, but they are not magical. They’re limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.

Try to use public-domain encryption that has to be compatible with other implementations

Be suspicious of commercial encryption software, especially from large vendors

It’s harder for the NSA to backdoor TLS than BitLocker, because any vendor’s TLS has to be compatible with every other vendor’s TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it’s far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

Most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It’s prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.

Hide in the network Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it’s work for them. The less obvious you are, the safer you are.

TOR The TOR network is a protective layer that sits between the user and the internet. it provides an anonymous path between you and the sites you visit.

1. Your computer The TOR program runs on your machine. It encrypts all information and sends it into the TOR network.

2. Into the network

4. Decrypting the data

Encrypted information, still considered unbreakable is sent into the TOR network.

The exit node decrypts the untraceable information and sends it to its destination.

3. Untraceable

5. The internet

Your information travels through the TOR network taking random paths, making itâ&#x20AC;&#x2122;s origin and destination untraceable.

Websites see you as visiting from a random location, not identifiable.

PGP Pretty Good Privacy is a data encryption technology commonly used for encrypting files, especially emails.

1. Sending the document PGP depends on users having two keys: one public and one private. These two keys can only be used with one another.

2. Encrypting the document

4. Decrypting the document

The sender uses a random session key to encrypt the file. They sign the message with their private key, and encrypt the key using the reciever’s public key.

The reciever verifies the signature with the sender’s public key, and decrypts the key with their private key. They then decrypt the file using the key.

3. Encrypted ﬁle The file and the key are sent to the reciever. PGP, unlike TOR, does not anonymize the sender, but does provide strong encryption for the file.

5. Message delivered The reciever could then reciprocate the process using the sender’s public and private key.

Nick Husssain