-
- 1. Organisations and methods
-
- What is communications intelligence? UK-USA alliance
Other Comint organisations How intelligence works Planning Access and collection
Processing Production and dissemination
-
- 2. Intercepting international communications
-
- International Leased Carrier (ILC) communications High
frequency radio Microwave radio relay Subsea cables Communications satellites
Communications techniques ILC communications collection Access Operation
SHAMROCK High frequency radio interception Space interception of inter-city
networks Sigint satellites COMSAT ILC collection Submarine cable interception
Intercepting the Internet Covert collection of high capacity signals New
satellite networks
-
- 3. ECHELON and Comint production
-
- The "Watch List" New information about ECHELON
sites and systems Westminster, London : Dictionary computer Sugar Grove,
Virginia : COMSAT interception at ECHELON site Sabana Seca, Puerto Rico
and Leitrim, Canada : COMSAT interception sites Waihopai, New Zealand :
Intelsat interception at ECHELON site ILC processing techniques
-
- 4. Comint and Law Enforcement
-
- Misrepresentation of law enforcement interception requirements
Law enforcement communications interception - policy development in Europe
-
- 5. Comint and economic intelligence
-
- Tasking economic intelligence Disseminating economic
intelligence The use of Comint economic intelligence product Panavia European
Fighter Aircraft consortium and Saudi Arabia Thomson CSF and Brazil Airbus
Industrie and Saudi Arabia International trade negotiations Targeting host
nations
-
- 6. Comint capabilities after 2000
-
- Developments in technology Policy issues for the European
Parliament Technical annexe Broadband (high capacity multi-channel) communications
Communications intelligence equipment Wideband extraction and signal analysis
Filtering, data processing, and facsimile analysis Traffic analysis, keyword
recognition, text retrieval, and topic analysis Speech recognition systems
Continuous speech recognition Speaker identification and other voice message
selection techniques "Workfactor reduction"; the subversion of
cryptographic systems
-
- Glossary and definitions Footnotes Summary
-
- 1. Communications intelligence (Comint) involving the
covert interception of foreign communications has been practised by almost
every advanced nationsince international telecommunications became available.
Comint is a large-scale industrial activity providing consumers with intelligence
on diplomatic, economic and scientific developments. The capabilities of
and constraints on Comint activity may usefully be considered in the framework
of the "intelligence cycle" (section 1).
-
- 2. Globally, about 15-20 billion Euro is expended annually
on Comint and related activities. The largest component of this expenditure
is incurred by the major English-speaking nations of the UKUSA alliance.(1)
This report describes how Comint organisations have for more than 80 years
made arrangements to obtain access to much of the world's international
communications. These include the unauthorised interception of commercial
satellites, of long distance communications from space, of undersea cables
using submarines, and of the Internet. In excess of 120 satellite systems
are currently in simultaneous operation collecting intelligence (section
2).
-
- 3. The highly automated UKUSA system for processing Comint,
often known as ECHELON, has been widely discussed within Europe following
a 1997 STOA report.(2) That report summarised information from the only
two primary sources then available on ECHELON.(3) This report provides
original new documentary and other evidence about the ECHELON system and
its involvement in the interception of communication satellites (section
3). A technical annexe give a supplementary, detailed description of Comint
processing methods.
-
- 4. Comint information derived from the interception of
international communications has long been routinely used to obtain sensitive
data concerning individuals, governments, trade and international organisations.
This report sets out the organisational and reporting frameworks within
which economically sensitive information is collected and disseminated,
summarising examples where European commercial organisations have been
the subject of surveillance (section 4).
-
- 5. This report identifies a previously unknown international
organisation - "ILETS" - which has, without parliamentary or
public discussi on or awareness, put in place contentious plans to require
manufacturers and operators of new communications systems to build in monitoring
capacity for use by national security or law enforcement organisations
(section 5).
-
- 6. Comint organisations now perceive that the technical
difficulties of collecting communications are increasing, and that future
production may be costlier and more limited than at present. The perception
of such difficulties may provide a useful basis for policy options aimed
at protective measures concerning economic information and effective encryption
(section 6).
-
- 7. Key findings concerning the state of the art in Comint
include :
-
- Comprehensive systems exist to access, intercept and
process every important modern form of communications, with few exceptions
(section 2, technical annexe); Contrary to reports in the press, effective
"word spotting" search systems automatically to select telephone
calls of intelligence interest are not yet available, despite 30 years
of research. However, speaker recognition systems - in effect, "voiceprints"
- have been developed and are deployed to recognise the speech of targeted
individuals making international telephone calls;
-
- Recent diplomatic initiatives by the United States government
seeking European agreement to the "key escrow" system of cryptography
masked intelligence collection requirements, and formed part of a long-term
program which has undermined and continues to undermine the communications
privacy of non-US nationals, including European governments, companies
and citizens; There is wide-ranging evidence indicating that major governments
are routinely utilising communications intelligence to provide commercialadvantage
to companies and trade.
-
- 1. Organisations and methods
-
- What is communications intelligence?
-
- 1. Communications intelligence (Comint) is defined by
NSA, the largest agency conducting such operations as "technical and
intelligence information derived from foreign communications by other than
their intended recipient". (4)Comint is a major component of Sigint
(signals intelligence), which also includes the collection of non-communications
signals, such as radar emissions.(5) Although this report deals with agencies
and systems whose overall task may be Sigint, it is concerned only with
Comint. 2. Comint has shadowed the development of extensive high capacity
new civil telecommunications systems, and has in consequence become a large-scale
industrial activity employing many skilled workers and utilising exceptionally
high degrees of automation.
-
- 3. The targets of Comint operations are varied. The most
traditional Comint targets are military messages and diplomatic communications
betw een national capitals and missions abroad. Since the 1960s, following
the growth of world trade, the collection of economic intelligence and
information about scientific and technical developments has been an increasingly
important aspect of Comint. More recent targets include narcotics trafficking,
money laundering, terrorism and organised crime.
-
- 4. Whenever access to international communications channels
is obtained for one purpose, access to every other type of communications
carried on the same channels is automatic, subject only to the tasking
requirements of agencies. Thus, for example, NSA and its British counterpart
GCHQ, used Comint collected primarily for other purposes to provide data
about domestic political opposition figures in the United States between
1967 and 1975.
-
- UK-USA alliance
-
- 5. The United States Sigint System (USSS) consists of
the National Security Agency (NSA), military support units collectively
called the Central Security Service, and parts of the CIA and other organisations.
Following wartime collaboration, in 1947 the UK and the US made a secret
agreement to continue to conduct collaborative global Comint activities.
Three other English-speaking nations, Canada, Australia and New Zealand
joined the UKUSA agreement as "Second Parties". The UKUSA agreement
was not acknowledged publicly until March 1999, when the Australian government
confirmed that its Sigint organisation, Defence Signals Directorate (DSD)
"does co-operate with counterpart signals intelligence organisations
overseas under the UKUSA relationship".(6) The UKUSA agreement shares
facilities, tasks and product between participating governments.
-
- 6. Although UKUSA Comint agency staffs and budgets have
shrunk following the end of the cold war, they have reaffirmed their requirements
for access to all the world's communications. Addressing NSA staff on his
departure in 1992, then NSA director Admiral William Studeman described
how "the demands for increased global access are growing". The
"business area" of "global access" was, he said, one
of "two, hopefully strong, legs upon which NSA must stand" in
the next century.(7)
-
- Other Comint organisations
-
- 7. Besides UKUSA, there at least 30 other nations operating
major Comint organisations. The largest is the Russian FAPSI, with 54,000
employees.(8) China maintains a substantial Sigint system, two stations
of which are directed at Russia and operate in collaboration with the United
States. Most Middle Eastern and Asian nations have invested substantially
in Sigint, in particular Israel, India and Pakistan.
-
- How intelligence works
-
- 8. In the post cold war era, Comint interception has
been constrained by recognisable industrial features, including the requirement
to match budgets and capabilities to customer requirements. The multi-step
process by means of which communications intelligence is sought, collected,
processed and passed on is similar for all countries, and is often described
as the "intelligence cycle". The steps of the intelligence cycle
correspond to distinct organisational and technical features of Comint
production. Thus, for example, the administration of NSA's largest field
station in the world, at Menwith Hill in England and responsible for operating
over 250 classified projects, is divided into three directorates: OP, Operations
and Plans; CP, Collection Processing; and EP, Exploitation and Production.
-
- Planning
-
- 9. Planning first involves determining customer requirements.
Customers include the major ministries of the sponsoring government - notably
those concerned with defence, foreign affairs, security, trade and home
affairs. The overall management of Comint involves the identification of
requirements for data as well as translating requirements into potentially
achievable tasks, prioritising, arranging analysis and reporting, and monitoring
the quality of Comint product. 10. Once targets have been selected, specific
existing or new collection capabilities may be tasked, based on the type
of information required, the susceptibility of the targeted activity to
collection, and the likely effectiveness of collection.
-
- Access and collection
-
- 11. The first essential of Comint is access to the desired
communications medium so that communications may be intercepted. Historically,
where long-range radio communications were used, this task was simple.
Some important modern communications systems are not "Comint friendly"
and may require unusual, expensive or intrusive methods to gain access.
The physical means of communication is usually independent of the type
of information carried. For example, inter-city microwave radio-relay systems,
international satellite links and fibre optic submarine cables will all
usually carry mixed traffic of television, telephone, fax, data links,
private voice, video and data.
-
- 12. Collection follows interception, but is a distinct
activity in that many types of signals may be intercepted but will receive
no further processing save perhaps technical searches to verify that communications
patterns remain unchanged. For example, a satellite interception station
tasked to study a newly launched communications satellite will set up an
antenna to intercept all that the satellite sends to the ground. Once a
survey has established which parts of the satellite's signals carry, say,
television or communications of no interest, these signals will not progress
further within the system.
-
- 13. Collection includes both acquiring information by
interception and passing information of interest downstream for processing
and production. Because of the high information rates used in many modern
networks, and the complexity of the signals within them, it is now common
for high speed recorders or "snapshot" memories temporarily to
hold large quantities of data while processing takes place. Modern collection
activities use secure, rapid communications to pass data via global networks
to human analysts who may be a continent away. Selecting messages for collection
and processing is in most cases automated, involving large on-line databanks
holding information about targets of interest.
-
- Processing
-
- 14. Processing is the conversion of collected information
into a form suitable for analysis or the production of intelligence, either
automatically or under human supervision. Incoming communications are normally
converted into standard formats identifying their technical characteristics,
together with message (or signal) related information (such as the telephone
numbers of the parties to a telephone conversation). 15. At an early stage,
if it is not inherent in the selection of the message or conversation,
each intercepted signal or channel will be described in standard "case
notation". Case notation first identifies the countries whose communications
have been intercepted, usually by two letters. A third letter designates
the general class of communications: C for commercial carrier intercepts,
D for diplomatic messages, P for police channels, etc. A fourth letter
designates the type of communications system (such as S for multi-channel).
Numbers then designate particular links or networks. Thus for example,
during the 1980s NSA intercepted and processed traffic designated as "FRD"
(French diplomatic) from Chicksands, England, while the British Comint
agency GCHQ deciphered "ITD" (Italian diplomatic) messages at
its Cheltenham headquarters. (9)
-
- 16. Processing may also involve translation or "gisting"
(replacing a verbatim text with the sense or main points of a communication).
Translation and gisting can to some degree be automated.
-
- Production and dissemination
-
- 17. Comint production involves analysis, evaluation,
translation and interpretation of raw data into finished intelligence.
The final step of the intelligence cycle is dissemination, meaning the
passing of reports to the intelligence consumers. Such reports can consist
of raw (but decrypted and/or translated) messages, gists, commentary, or
extensive analyses. The quality and relevance of the disseminated reports
lead in turn to the re-specification of intelligence collection priorities,
thereby completing the intelligence cycle.
-
- 18. The nature of dissemination is highly significant
to questions of how Comint is exploited to obtain economic advantage. Comint
activities everywhere are highly classified because, it is argued, knowledge
of the success of interception would be likely to lead targets to change
their communications methods to defeat future interception. Within the
UKUSA system, the dissemination of Comint reports is limited to individuals
holding high-level security "SCI" clearances.(10) Further, because
only cleared officials can see Comint reports, only they can set requirements
and thus control tasking. Officials of commercial companies normally neither
have clearance nor routine access to Comint, and may therefore only benefit
from commercially relevant Comint information to the extent that senior,
cleared government officials permit. The ways in which this takes place
is described in Section 5, below.
-
- 19. Dissemination is further restricted within the UKUSA
organisation by national and international rules generally stipulating
that the Sigint agencies of each nation may not normally collect or (if
inadvertently collected) record or disseminate information about citizens
of, or companies registered in, any other UKUSA nation. Citizens and companies
are collectively known as "legal persons". The opposite procedure
is followed if the person concerned has been targeted by their national
Comint organisation.
-
- 20. For example, Hager has described (11) how New Zealand
officials were instructed to remove the names of identifiable UKUSA citizens
or companies from their reports, inserting instead words such as "a
Canadian citizen" or "a US company". British Comint staff
have described following similar procedures in respect of US citizens following
the introduction of legislation to limit NSA's domestic intelligence activities
in 1978.(12) The Australian government says that "DSD and its counterparts
operate internal procedures to satisfy themselves that their national interests
and policies are respected by the others ... the Rules [on Sigint and Australian
persons] prohibit the dissemination of information relating to Australian
persons gained accidentally during the course of routine collection of
foreign communications; or the reporting or recording of the names of Australian
persons mentioned in foreign communications".(13) The corollary is
also true; UKUSA nations place no restrictions on intelligence gathering
affecting either citizens or companies of any non-UKUSA nation, including
member states of the European Union (except the UK).
-
- 2. Intercepting international communications
-
- International Leased Carrier (ILC) communications
-
- 21. It is a matter of record that foreign communications
to and from, or passing through the United Kingdom and the United States
have been intercepted for more than 80 years.(14) Then and since, most
international communications links have been operated by international
carriers, who are usually individual national PTTs or private companies.
In either case,capacity on the communication system is leased to individual
national or international telecommunications undertakings. For this reason,
Comint organisations use the term ILC (International Leased Carrier) to
describe such collection. High frequency radio 22. Save for direct landline
connections between geographically contiguous nations, high frequency (HF)
radio system were the most com mon means of international telecommunications
prior to 1960, and were in use for ILC, diplomatic and military purposes.
An important characteristic of HF radio signals is that they are reflected
from the ionosphere and from the earth's surface, providing ranges of thousands
of miles. This enables both reception and interception.
-
- Microwave radio relay
-
- 23. Microwave radio was introduced in the 1950s to provide
high capacity inter-city communications for telephony, telegraphy and,
later, television. Microwave radio relay communications utilise low power
transmitters and parabolic dish antennae placed on towers in high positions
such as on hilltops or tall buildings. The antennae are usually 1-3m in
diameter. Because of the curvature of the earth, relay stations are generally
required every 30-50km.
-
- Subsea cables
-
- 24. Submarine telephone cables provided the first major
reliable high capacity international communications systems. Early systems
were limited to a few hundred simultaneous telephone channels. The most
modern optical fibre systems carry up to 5 Gbps (Gigabits per second) of
digital information. This is broadly equivalent to about 60,000 simultaneous
telephone channels.
-
- Communications satellites
-
- 25. Microwave radio signals are not reflected from the
ionosphere and pass directly into space. This property has been exploited
both to provide global communications and, conversely, to intercept such
communications in space and on land. The largest constellation of communications
satellites (COMSATs) is operated by the International Telecommunications
Satellite organisation (Intelsat), an international treaty organisation.
To provide permanent communications from point to point or for broadcasting
purposes, communications satellites are placed into so-called "geostationary"
orbits such that, to the earth-based observer, they appear to maintain
the same position in the sky. 26. The first geostationary Intelsat satellites
were orbited in 1967. Satellite technology developed rapidly. The fourth
generation of Intelsat satellites, introduced in 1971, provided capacity
for 4,000 simulataneous telephone channels and were capable of handling
all forms of communications simultaneously -telephone, telex, telegraph,
television, data and facsimile. In 1999, Intelsat operated 19 satellites
of its 5th to 8th generations. The latest generation can handle the equivalent
to 90,000 simultaneous calls.
-
- Communications techniques
-
- 27. Prior to 1970, most communications systems (however
carried) utilised analogue or continuous wave techniques. Since 1990, almost
all communications have been digital, and are providing ever higher capacity.
The highest capacity systems in general use for the Internet, called STM-1
or OC-3, operates at a data rate of 155Mbs. (Million bits per second; a
rate of 155 Mbps is equivalent to sending 3 million words every second,
roughly the text of one thousand books a minute.) For example, links at
this capacity are used to provide backbone Internet connections between
Europe and the United States. Further details of communications techniques
are given in the technical annexe. ILC communications collection Access
-
- 28. Comint collection cannot take place unless the collecting
agency obtains access to the communications channels they wish to examine.
Information about the means used to gain access are, like data about code-breaking
methods, the most highly protected information within any Comint organisation.
Access is gained both with and without the complicity or co-operation of
network operators.
-
- Operation SHAMROCK
-
- 29. From 1945 onwards in the United States the NSA and
predecessor agencies systematically obtained cable traffic from the offices
of the major cable companies. This activity was codenamed SHAMROCK. These
activities remained unknown for 30 years, until enquiries were prompted
by the Watergate affair. On 8 August 1975, NSA Director Lt General Lew
Allen admitted to the Pike Committee of the US House of Representatives
that : "NSA systematically intercepts international communications,
both voice and cable".
-
- 30. He also admitted that "messages to and from
American citizens have been picked up in the course of gathering foreign
intelligence". US legislators considered that such operations might
have been unconstitutional. During 1976, a Department of Justice team investigated
possible criminal offences by NSA. Part of their report was released in
1980. It described how intelligence on US citizens:
-
- "was obtained incidentally in the course of NSA's
interception of aural and non-aural (e.g., telex) international communications
and the receipt of GCHQ-acquired telex and ILC (International Leased Carrier)
cable traffic (SHAMROCK)" (emphasis in original).(15)
-
- High frequency radio interception antenna (AN/FLR9) DODJOCC
sign at NSA station, Chicksands
-
- High frequency radio interception
-
- 31. High frequency radio signals are relatively easy
to intercept, requiring only a suitable area of land in, ideally, a "quiet"
radio environment. From 1945 until the early 1980s, both NSA and GCHQ operated
HF radio interception systems tasked to collect European ILC communications
in Scotland.(16) 32. The most advanced type of HF monitoring system deployed
during this period for Comint purposes was a large circular antenna array
known as AN/FLR-9. AN/FLR-9 antennae are more than 400 metres in diameter.
They can simultaneously intercept and determine the bearing of signals
from as many directions and on as many frequencies as may be desired. In
1964, AN/FLR-9 receiving systems were installed at San Vito dei Normanni,
Italy; Chicksands, England, and Karamursel, Turkey.
-
- 33. In August 1966, NSA transferred ILC collection activities
from its Scottish site at Kirknewton, to Menwith Hill in England. Ten years
later, this activity was again transferred, to Chicksands. Although the
primary function of the Chicksands site was to intercept Soviet and Warsaw
Pact air force communications, it was also tasked to collect ILC and "NDC"
(Non-US Diplomatic Communications). Prominent among such tasks was the
collection of FRD traffic (i.e., French diplomatic communications). Although
most personnel at Chicksands were members of the US Air Force, diplomatic
and ILC interception was handled by civilian NSA employees in a unit called
DODJOCC.(17)
-
- 34. During the 1970s, British Comint units on Cyprus
were tasked to collect HF communications of allied NATO nations, including
Greece and Turkey. The interception took place at a British army unit at
Ayios Nikolaos, eastern Cyprus.(18) In the United States in 1975, investigations
by a US Congressional Committee revealed that NSA was collecting diplomatic
messages sent to and from Washington from an army Comint site at Vint Hill
Farms, Virginia. The targets of this station included the United Kingdom.(19)
-
- Space interception of inter-city networks
-
- 35. Long distance microwave radio relay links may require
dozens of intermediate stations to receive and re-transmit communications.
Each subsequent receiving station picks up only a tiny fraction of the
original transmitted signal; the remainder passes over the horizon and
on into space, where satellites can collect it. These principles were exploited
during the 1960s to provide Comint collection from space. The nature of
microwave "spillage" means that the best position for such satellites
is not above the chosen target, but up to 80 degrees of longitude away.
36. The first US Comint satellite, CANYON, was launched In August 1968,
followed soon by a second. The satellites were controlled from a ground
station at Bad Aibling, Germany. In order to provide permanent coverage
of selected targets, CANYON satellites were placed close to geostationary
orbits. However, the orbits were not exact, causing the satellites to change
position and obtain more data on ground targets.(20) Seven CANYON satellites
were launched between 1968 and 1977.
-
- 37. CANYON's target was the Soviet Union. Major Soviet
communications links extended for thousands of miles, much of it over Siberia,
where permafrost restricted the reliable use of underground cables. Geographical
circumstances thus favoured NSA by making Soviet internal communications
links highly accessible. The satellites performed better than expected,
so the project was extended.
-
- 38. The success of CANYON led to the design and deployment
of a new class of Comint satellites, CHALET. The ground station chosen
for the CHALET series was Menwith Hill, England. Under NSA project P-285,
US companies were contracted to install and assist in operating the satellite
control system and downlinks (RUNWAY) and ground processing system (SILKWORTH).
The first two CHALET satellites were launched in June 1978 and October
1979. After the name of the first satellite appeared in the US press, they
were renamed VORTEX. In 1982, NSA obtained approval for expanded "new
mission requirements" and were given funds and facilities to operate
four VORTEXsatellites simultaneously. A new 5,000m2 operations centre (STEEPLEBUSH)
was constructed to house processing equipment. When the name VORTEX was
published in 1987, the satellites were renamed MERCURY.(21)
-
- 39. The expanded mission given to Menwith Hill after
1985 included MERCURY collection from the Middle East. The station received
an award for support to US naval operations in the Persian Gulf from 1987
to 1988. In 1991, a fur ther award was given for support of the Iraqi war
operations, Desert Storm and Desert Shield.(22) Menwith Hill is now the
major US site for Comint collection against its major ally, Israel. Its
staff includes linguists trained in Hebrew, Arabic and Farsi as well as
European languages. Menwith Hill has recently been expanded to include
ground links for a new network of Sigint satellites launched in 1994 and
1995 (RUTLEY). The name of the new class of satellites remains unknown.
-
- Sigint satellites
-
- 40. The CIA developed a second class of Sigint satellite
with complementary capabilities over the period from 1967 to 1985. Initially
known as RHYOLITE and later AQUACADE, these satellites were operated from
a remote ground station in central Australia, Pine Gap. Using a large parabolic
antenna which unfolded in space, RHYOLITE intercepted lower frequency signals
in the VHF and UHF bands. Larger, most recent satellites of this type have
been named MAGNUM and then ORION. Their targets include telemetry, VHF
radio, cellular mobile phones, paging signals, and mobile data links.
-
- 41. A third class of satellite, known first as JUMPSEAT
and latterly as TRUMPET, operates in highly elliptical near-polar orbits
enabling them to "hover" for long period over high northern latitudes.
They enable the United States to collect signals from transmitters in high
northern latitudes poorly covered by MERCURY or ORION, and also to intercept
signals sent to Russian communications satellites in the same orbits.
-
- Comint satellites in geostationary orbits, such as VORTEX,
intercept terrestial microwave spillage Inter-city microwave radio relay
tower pills" signals into space
-
- 42. Although precise details of US space-based Sigint
satellites launched after 1990 remain obscure, it is apparent from observation
of the relevant ground centres that collection systems have expanded rather
than contracted. The main stations are at Buckley Field, Denver, Colorado;
Pine Gap, Australia; Menwith Hill, England; and Bad Aibling, Germany. The
satellites and their processing facilities are exceptionally costly (of
the order of $1 billion US each). In 1998, the US National Reconnaissance
Office (NRO) announced plans to combine the three separate classes of Sigint
satellites into an Integrated Overhead Sigint Architecture (IOSA) in order
to " improve Sigint performance and avoid costs by consolidating systems,
utilising ... new satellite and data processing technologies". (23)
-
- 43. It follows that, within constraints imposed by budgetary
limitation and tasking priorities, the United States can if it chooses
direct space collection systems to intercept mobile communications signals
and microwave city-to-city traffic anywhere on the planet. The geographical
and processing difficulties of collecting messages simultaneously from
all parts of the globe suggest strongly that the tasking of these satellites
will be directed towards the highest priority national and military targets.
Thus, although European communications passing on inter-city microwave
routes can be collected, it is likely that they are normally ignored. But
it is very highly probable that communications to or from Europe and which
pass through the microwave communications networks of Middle Eastern states
are collected and processed.
-
- 44. No other nation (including the former Soviet Union)
has deployed satellites comparable to CANYON, RHYOLITE, or their successors.
Both Britain (project ZIRCON) and France (project ZENON) have attempted
to do so, but neither persevered. After 1988 the British government purchased
capacity on the US VORTEX (now MERCURY) constellation to use for unilateral
national purposes.(24) A senior UK Liaison Officer and staff from GCHQ
work at Menwith Hill NSA station and assist in tasking and operating the
satellites.
-
- COMSAT ILC collection
-
- 45. Systematic collection of COMSAT ILC communications
began in 1971. Two ground stations were built for this purpose. The first
at Morwenstow, Cornwall, England had two 30-metre antennae. One intercepted
communications from the Atlantic Ocean Intelsat; the other the Indian Ocean
Intelsat. The second Intelsat interception site was at Yakima, Washington
in the northwestern United States. NSA's "Yakima Research Station"
intercepted communications passing through the Pacific Ocean Intelsat satellite.
46. ILC interception capability against western-run communications satellites
remained at this level until the late 1970s, when a second US site at Sugar
Grove, West Virginia was added to the network. By 1980, its three satellite
antenna had been reassigned to the US Naval Security Group and were used
for COMSAT interception. Large-scale expansion of the ILC satellite interception
system took place between 1985 and 1995, in conjunction with the enlargement
of the ECHELON processing system (section 3). New stations were constructed
in the United States (Sabana Seca, Puerto Rico), Canada (Leitrim, Ontario),
Australia (Kojarena, Western Australia) and New Zealand (Waihopai, South
Island). Capacity at Yakima, Morwenstow and Sugar Grove was expanded, and
continues to expand.
-
- Based on a simple count of the number of antennae currently
installed at each COMSAT interception or satellite SIGINT station, it appears
that the UKUSA nations are between them currently operating at least 120
satellite based collection systems. The approximate number of antennae
in each category are:
-
- - Tasked on western commercial communications satellites
(ILC) 40 - Controlling space based signals intelligence satellites 30 -
Currently or formerly tasked on Soviet communications satellites 50
-
- Systems in the third category may have been reallocated
to ILC tasks since the end of the cold war.(25)
-
- 47. Other nations increasingly collect Comint from satellites.
Russia's FAPSI operates large ground collection sites at Lourdes, Cuba
and at Cam Ranh Bay, Vietnam.(26) Germany's BND and France's DGSE are alleged
to collaborate in the operation of a COMSAT collection site at Kourou,
Guyana, targeted on "American and South American satellite communications".
DGSE is also said to have COMSAT collection sites at Domme (Dordogne, France),
in New Caledonia, and in the United Arab Emirates.(27) The Swiss intelligence
service has recently announced a plan for two COMSAT interception stations.(28)
-
- Satellite ground terminal at Etam, West Virginia connecting
Europe and the US via Intelsat IV GCHQ constructed an identical "shadow"
station in 1972 to intercept Intelsat messages for UKUSA
-
- Submarine cable interception
-
- 48. Submarine cables now play a dominant role in international
telecommunications, since - in contrast to the limited bandwidth available
for space systems - optical media offer seemingly unlimited capacity. Save
where cables terminate in countries where telecommunications operators
provide Comint access (such as the UK and the US), submarine cables appear
intrinsically secure because of the nature of the ocean environment. 49.
In October 1971, this security was shown not to exist. A US submarine,
Halibut, visited the Sea of Okhotsk off the eastern USSR and recorded communications
passing on a military cable to the Khamchatka Peninsula.
-
- Halibut was equipped with a deep diving chamber, fully
in view on the submarine's stern. The chamber was described by the US Navy
as a "deep submergence rescue vehicle". The truth was that the
"rescue vehicle" was welded immovably to the submarine. Once
submerged, deep-sea divers exited the submarine and wrapped tapping coils
around the cable. Having proven the principle, USS Halibut returned in
1972 and laid a high capacity recording pod next to the cable. The technique
involved no physical damage and was unlikely to have been readily detectable.(29)
-
- 50. The Okhotsk cable tapping operation continued for
ten years, involving routine trips by three different specially equipped
submarines to collect old pods and lay new ones; sometimes, more than one
pod at a time. New targets were added in 1979. That summer, a newly converted
submarine called USS Parche travelled from San Francisco under the North
Pole to the Barents Sea, and laid a new cable tap near Murmansk. Its crew
received a presidential citation for their achievement. The Okhotsk cable
tap ended in 1982, after its location was compromised by a former NSA employee
who sold information about the tap, codenamed IVY BELLS, to the Soviet
Union. One of the IVY BELLS pods is now on display in the Moscow museum
of the former KGB. The cable tap in the Barents Sea continued in operation,
undetected, until tapping stopped in 1992.
-
- 51. During 1985, cable-tapping operations were extended
into the Mediterranean, to intercept cables linking Europe to West Africa.
(30) After the cold war ended, the USS Parche was refitted with an extended
section to accommodate larger cable tapping equipment and pods. Cable taps
could be laid by remote control, using drones. USS Parche continues in
operation to the present day, but the precise targets of its missions remain
unknown. The Clinton administration evidently places high value on its
achievements, Every year from 1994 to 1997, the submarine crew has been
highly commended.(31) Likely targets may include the Middle East, Mediterranean,
eastern Asia, and South America. The United States is the only naval power
known to have deployed deep-sea technology for this purpose.
-
- 52. Miniaturised inductive taps recorders have also been
used to intercept underground cables.(32) Optical fibre cables, however,
do not leak radio frequency signals and cannot be tapped using inductive
loops. NSA and other Comint agencies have spent a great deal of money on
research into tapping optical fibres, reportedly with little success. But
long distance optical fibre cables are not invulnerable. The key means
of access is by tampering with optoelectronic "repeaters" which
boost signal levels over long distances. It follows that any submarine
cable system using submerged optoelectronic repeaters cannot be considered
secure from interception and communications intelligence activity.
-
- USS halibut with disguised chamber for diving Cable tapping
pod laid by US submarine off Khamchatka
-
- Intercepting the Internet
-
- 53. The dramatic growth in the size and significance
of the Internet and of related forms of digital communications has been
argued by some to pose a challenge for Comint agencies. This does not appear
correct. During the 1980s, NSA and its UKUSA partners operated a larger
international communications network than the then Internet but based on
the same technology.(33) According to its British partner "all GCHQ
systems are linked together on the largest LAN [Local Area Network] in
Europe, which is connected to other sites around the world via one of the
largest WANs [Wide Area Networks] in the world ... its main networking
protocol is Internet Protocol (IP).(34) This global network, developed
as project EMBROIDERY, includes PATHWAY, the NSA's main computer communications
network. It provides fast, secure global communications for ECHELON and
other systems. 54. Since the early 1990s, fast and sophisticated Comint
systems have been developed to collect, filter and analyse the forms of
fast digital communications used by the Internet. Because most of the world's
Internet capacity lies within the United States or connects to the United
States, many communications in "cyberspace" will pass through
intermediate sites within the United States. Communications from Europe
to and from Asia, Oceania, Africa or South America normally travel via
the United States. 55. Routes taken by Internet "packets" depend
on the origin and destination of the data, the systems through which they
enter and leaves the Internet, and a myriad of other factors including
time of day. Thus, routers within the western United States are at their
most idle at the time when central European traffic is reaching peak usage.
It is thus possible (and reasonable) for messages travelling a short distance
in a busy European network to travel instead, for example, via Internet
exchanges in California. It follows that a large proportion of international
communications on the Internet will by the nature of the system pass through
the United States and thus be readily accessible to NSA.
-
- 56.Standard Internet messages are composed of packets
called "datagrams" . Datagrams include numbers representing both
their origin and their destination, called "IP addresses". The
addresses are unique to each computer connected to the Internet. They are
inherently easy to identify as to country and site of origin and destination.
Handling, sorting and routing millions of such packets each second is fundamental
to the operation of major Internet centres. The same process facilitates
extraction of traffic for Comint purposes.
-
- 57. Internet traffic can be accessed either from international
communications links entering the United States, or when it reaches major
Internet exchanges. Both methods have advantages. Access to communications
systems is likely to be remain clandestine - whereas access to Internet
exchanges might be more detectable but provides easier access to more data
and simpler sorting methods. Although the quantities of data involved are
immense, NSA is normally legally restricted to looking only at communications
that start or finish in a foreign country. Unless special warrants are
issued, all other data should normally be thrown away by machine before
it can be examined or recorded.
-
- 58. Much other Internet traffic (whether foreign to the
US or not) is of trivial intelligence interest or can be handled in other
ways. For example, messages sent to "Usenet" discussion groups
amounts to about 15 Gigabytes (GB) of data per day; the rough equivalent
of 10,000 books. All this data is broadcast to anyone wanting (or willing)
to have it. Like other Internet users, intelligence agencies have open
source access to this data and store and analyse it. In the UK, the Defence
Evaluation and Research Agency maintains a 1 Terabyte database containing
the previous 90 days of Usenet messages.(35) A similar service, called
"Deja News", is available to users of the World Wide Web (WWW).
Messages for Usenet are readily distinguishable. It is pointless to collect
them clandestinely.
-
- 59. Similar considerations affect the World Wide Web,
most of which is openly accessible. Web sites are examined continuously
by "search engines" which generate catalogues of their contents.
"Alta Vista" and "Hotbot" are prominent public sites
of this kind. NSA similarly employs computer "bots" (robots)
to collect data of interest. For example, a New York web site known as
JYA.COM (http://www.jya.com/crypto.htm) offers extensive public information
on Sigint, Comint and cryptography. The site is frequently updated. Records
of access to the site show that every morning it is visited by a "bot"
from NSA's National Computer Security Centre, which looks for new files
and makes copies of any that it finds.(36)
-
- 60. It follows that foreign Internet traffic of communications
intelligence interest - consisting of e-mail, file transfers, "virtual
private networks" operated over the internet, and some other messages
- will form at best a few per cent of the traffic on most US Internet exchanges
or backbone links. According to a former employee, NSA had by 1995 installed
"sniffer" software to collect such traffic at nine major Internet
exchange points (IXPs).(37) The first two such sites identified, FIX East
and FIX West, are operated by US government agencies. They are closely
linked to nearby commercial locations, MAE East and MAE West (see table).
Three other sites listed were Network Access Points originally developed
by the US National Science Foundation to provide the US Internet with its
initial "backbone".
-
- Internet site Location Operator Designation
-
- FIX East College Park, Maryland US government Federal
Information Exchange FIX West Mountain View, California US government Federal
Information Exchange MAE East Washington, DC MCI Metropolitan Area Ethernet
New York NAP Pennsauken, New Jersey Sprintlink Network Access Point SWAB
Washington, DC PSInet / Bell Atlantic SMDS Washington Area Bypass Chicago
NAP Chicago, Illinois Ameritech / Bellcorp Network Access Point San Francisco
NAP San Francisco, California Pacific Bell Network Access Point MAE West
San Jose, California MCI Metropolitan Area Ethernet CIX Santa Clara California
CIX Commercial Internet Exchange
-
- Table 1 NSA Internet Comint access at IXP sites (1995)
(38)
-
- 61. The same article alleged that a leading US Internet
and telecommunications company had contracted with NSA to develop software
to capture Internet data of interest, and that deals had been struck with
the leading manufacturers Microsoft, Lotus, and Netscape to alter their
products for foreign use. The latter allegation has proven correct (see
technical annexe). Providing such features would make little sense unless
NSA had also arranged general access to Internet traffic. Although NSA
will not confirm or deny such allegations, a 1997 court case in Britain
involving alleged "computer hacking" produced evidence of NSA
surveillance of the Internet. Witnesses from the US Air Force component
of NSA acknowledged using packet sniffers and specialised programmes to
track attempts to enter US military computers. The case collapsed after
the witnesses refused to provide evidence about the systems they had used.(39)
-
- Covert collection of high capacity signals
-
- 62. Where access to signals of interest is not possible
by other means, Comint agencies have constructed special purpose interception
equipment to install in embassies or other diplomatic premises, or even
to carry by hand to locations of special interest. Extensive descriptions
of operations of this kind have been published by Mike Frost, a former
official of CSE, the Canadian Sigint agency.(40) Although city centre embassy
premises are often ideally situated to intercept a wide range of communications,
ranging from official carphone services to high capacity microwave links,
processing and passing on such information may be difficult. Such collection
operations are also highly sensitive for diplomatic reasons. Equipment
for covert collection is therefore specialised, selective and miniaturised.
-
- 63. A joint NSA/CIA "Special Collection Service"
manufactures equipment and trains personnel for covert collection activities
One major device is a suitcase-sized computer processing system. ORATORY.
ORATORY is in effect a miniaturised version of the Dictionary computers
described in the next section, capable of selecting non-verbal communications
of interest from a wide range of inputs, according to pre-programmed selection
criteria. One major NSA supplier ("The IDEAS Operation") now
offers micro-miniature digital receivers which can simultaneously process
Sigint data from 8 independent channels. This radio receiver is the size
of a credit card. It fits in a standard laptop computer. IDEAS claim, reasonably,
that their tiny card "performs functions that would have taken a rack
full of equipment not long ago".
-
- New satellite networks
-
- 64. New network operators have constructed mobile phone
systems providing unbroken global coverage using satellites in low or medium
level earth orbits. These systems are sometimes called satellite personal
communications systems (SPCS). Because each satellite covers only a small
area and moves fast, large numbers of satellites are needed to provide
continuous global coverage. The satellites can relay signals directly between
themselves or to ground stations. The first such system to be completed,
Iridium, uses 66 satellites and started operations in 1998. Iridium appears
to have created particular difficulties for communications intelligence
agencies, since the signals down from the Iridium and similar networks
can only be received in a small area, which may be anywhere on the earth's
surface.
-
- 3. ECHELON and Comint production
-
- 65. The ECHELON system became well known following publication
of the previous STOA report. Since then, new evidence shows that ECHELON
has existed since the 1970s, and was greatly enlarged between 1975 and
1995. Like ILC interception, ECHELON has developed from earlier methods.
This section includes new information and documentary evidence about ECHELON
and satellite interception.
-
- The "Watch List"
-
- 66. After the public revelation of the SHAMROCK interception
programme, NSA Director Lt General Lew Allen described how NSA used "'watch
lists" as an aid to watch for foreign activity of reportable intelligence
interest".(41) "We have been providing details ... of any messages
contained in the foreign communications we intercept that bear on named
individuals or organisations. These compilations of names are commonly
referred to as 'Watch Lists'", he said.(42) Until the 1970s, Watch
List processing was manual. Analysts examined intercepted ILC communications,
reporting, "gisting" or analysing those which appeared to cover
names or topics on the Watch List.
-
- New information about ECHELON sites and systems
-
- 67. It now appears that the system identified as ECHELON
has been in existence for more than 20 years. The need for such a system
was foreseen in the late 1960s, when NSA and GCHQ planned ILC satellite
interception stations at Mowenstow and Yakima. It was expected that the
quantity of messages intercepted from the new satellites would be too great
for individual examination. According to former NSA staff, the first ECHELON
computers automated Comint processing at these sites.(43)
-
- 68. NSA and CIA then discovered that Sigint collection
from space was more effective than had been anticipated, resulting in accumulations
of recordings that outstripped the available supply of linguists and analysts.
Documents show that when the SILKWORTH processing systems was installed
at Menwith Hill for the new satellites, it was supported by ECHELON 2 and
other databanks (see illustration).
-
- 69. By the mid 1980s, communications intercepted at these
major stations were heavily sifted, with a wide variety of specifications
available for non-verbal traffic. Extensive further automation was planned
in the mid 1980s as NSA Project P-415. Implementation of this project completed
the automation of the previous Watch List activity. From 1987 onwards,
staff from international Comint agencies travelled to the US to attended
training courses for the new computer systems.
-
- 70. Project P-415/ECHELON made heavy use of NSA and GCHQ's
global Internet-like communication network to enable remote intelligence
customers to task computers at each collection site, and receive the results
automatically. The key component of the system are local "Dictionary"
computers, which store an extensive database on specified targets, including
names, topics of interest, addresses, telephone numbers and other selection
criteria. Incoming messages are compared to these criteria; if a match
is found, the raw intelligence is forwarded automatically. Dictionary computers
are tasked with many thousands of different collection requirements, described
as "numbers" (four digit codes).
-
- 71. Tasking and receiving intelligence from the Dictionaries
involves processes familiar to anyone who has used the Internet. Dictionary
sorting and selection can be compared to using search engines, which select
web pages containing key words or terms and specifying relationships. The
forwarding function of the Dictionary computers may be compared to e-mail.
When requested, the system will provide lists of communications matching
each criterion for review, analysis, "gisting" or forwarding.
An important point about the new system is that before ECHELON, different
countries and different stations knew what was being intercepted and to
whom it was sent. Now, all but a fraction of the messages selected by Dictionary
computers at remote sites are forwarded to NSA or other customers without
being read locally.
|