Snowden, who leaked a trove of documents about NSA mass surveillance programs in 2013, was granted asylum in Russia in August that year. His residency permit was due to expire this year, but on Wednesday, Snowden’s lawyer, Anatoly Kucherena, said in a statement that the permit has now been extended to 2020. Kucherena added that in 2018 Snowden will qualify to apply for Russian citizenship.

On Tuesday, President Barack Obama commuted the prison sentence of another high-profile leaker, Chelsea Manning, who passed hundreds of thousands of U.S. State Department diplomatic cables and other documents to WikiLeaks. But Snowden does not appear to be next on Obama’s clemency list.

A petition with more than a million signatures has urged Obama to pardon the NSA whistleblower. But White House press secretary Josh Earnest said on Tuesday that “Mr. Snowden has not filed paperwork to seek clemency from this administration.” And Obama himself stated last year regarding Snowden that he “can’t pardon somebody who hasn’t gone before a court and presented themselves.”

With Donald Trump soon to be in the White House, a degree of uncertainty has surrounded Snowden’s future in Russia. Trump is intent on resetting relations with the country, and in 2013 he tweeted that “if I were President, Snowden would already have been returned to the U.S.” Earlier this month, the CIA’s former acting director Michael Morell wrote a piece encouraging Russian president Vladimir Putin to return Snowden to the U.S. as a “perfect inauguration gift” to Trump.

Having just renewed Snowden’s residency permit, Russia looks unlikely to oblige.

Moreover, Russia’s foreign ministry spokesperson Maria Zkharova has outright dismissed Morell’s idea, which she said represented “an ideology of betrayal” in a post on Facebook. “You spoke, Mr. Morell, and now it’s clear to everybody that in your office, it’s normal to bring gifts in the form of people, and to hand over those who seek defense,” Zkharova wrote.

33-year-old Snowden – whose trove of documents The Intercept has extensively reported on – appears to have a relatively settled life in Russia, where he shares a home with his American partner Linday Mills. However, he did not originally intend to wind up in the country. Before his leaks were first published by The Guardian and the Washington Post in 2013, Snowden had fled the U.S. for Hong Kong. Following the initial disclosures – and amid a frenzied manhunt for him in Hong Kong – Snowden boarded a flight to Moscow en route to Cuba. But the State Department revoked his passport before he could reach Latin America, stranding him at Moscow’s Sheremetyevo Airport, where he lived for about 40 days before Russia granted him asylum.

Snowden has said that he would be willing to return to the U.S. to face a fair trial, but does not believe that he would receive one because he is charged under the Espionage Act and he would therefore not be allowed to make a public interest defense for his actions. “I’d volunteer for prison, as long as it served the right purpose,” Snowden told Wired magazine in 2014. “But we can’t allow the law to become a political weapon or agree to scare people away from standing up for their rights, no matter how good the deal. I’m not going to be part of that.”

The post Russia Allows Edward Snowden to Remain Through 2020 appeared first on The Intercept.

In a judgment handed down in Luxembourg on Wednesday, the European Court of Justice declared that the “general and indiscriminate retention” of data about people’s communications and locations was inconsistent with privacy rights. The court stated that the “highly invasive” bulk storage of private data “exceeds the limits of what is strictly necessary and cannot be considered to be justified, within a democratic society.”

Camilla Graham Wood, legal officer with the London-based group Privacy International, hailed the ruling as a victory for civil liberties advocates. “Today’s judgment is a major blow against mass surveillance and an important day for privacy,” she said. “It makes clear that blanket and indiscriminate retention of our digital histories — who we interact with, when and how and where – can be a very intrusive form of surveillance that needs strict safeguards against abuse and mission creep.”

The European court’s panel of 15 judges acknowledged in their ruling that “modern investigative techniques” were necessary to combat organized crime and terrorism, but said that this cannot justify “the general and indiscriminate retention of all traffic and location data.” Instead, the judges stated, it is acceptable for governments to engage in the “targeted retention” of data in cases involving serious crime, permitting that persons affected by any surveillance are notified after investigations are completed, and that access to the data is overseen by a judicial authority or an independent administrative authority.

The case was originally brought in December 2014 by two British members of parliament, who challenged the legality of the U.K. government’s Data Retention and Investigatory Powers Act, which forced telecommunications companies to store records on their customers’ communication for 12 months. That law has since been replaced by the Investigatory Powers Act, which was recently approved by the British parliament and is expected soon to come into force.

Though the U.K. voted to leave the European Union earlier this year, Wednesday’s decision remains — at least in the short term — highly significant, and will prove to be a severe headache for British government officials. The ruling will now be forwarded to the U.K.’s Court of Appeal, where judges there will consider how to apply it in the context of national law. It may result in the government being forced to make changes to controversial sections of the Investigatory Powers Act, which enable police and spy agencies to access vast amounts of data on people’s internet browsing, instant messages, emails, phone calls, and social media conversations.

“This is the first serious post-referendum test for our government’s commitment to protecting human rights and the rule of law,” said Martha Spurrier, director of U.K. human rights group Liberty. “The U.K. may have voted to leave the EU — but we didn’t vote to abandon our rights and freedoms.” She added: “Today’s judgment upholds the rights of ordinary British people not to have their personal lives spied on without good reason or an independent warrant. The government must now make urgent changes to the Investigatory Powers Act to comply with this.”

A spokesperson for the British government’s Home Office said in a statement: “We are disappointed with the judgment from the European court of justice and will be considering its potential implications. The government will be putting forward robust arguments to the court of appeal about the strength of our existing regime for communications data retention and access.”

Top photo: The European Court of Justice.

The post In Major Privacy Victory, Top EU Court Rules Against Mass Surveillance appeared first on The Intercept.

On Tuesday, the French newspaper began publishing the revelations, which include a wide range of previously undisclosed details about British covert activities across the world. The reports were produced in partnership with The Intercept and are based on documents provided by the National Security Agency whistleblower Edward Snowden.

The series of stories focuses largely on the controversial work of the U.K.’s electronic surveillance agency Government Communications Headquarters, or GCHQ. According to Le Monde, in March 2009, the British agency spied on Pascal Lamy, then the head of the World Trade Organization and member of the French socialist party. Between 2008 and 2009, it also targeted Octave Klaba, the founder of the French company OVH, one of Europe’s largest internet hosting companies; Emmanuel Glimet, a French trade and economy official; phone lines at the French ministry of foreign affairs; and several multinational French corporations, including the energy company Areva, oil giant Total, and the defense conglomerate Thalès.

Beyond France, the disclosures highlight the U.K.’s extensive spying operations across Africa. In 20 countries across the continent, GCHQ monitored current and former heads of state, prime ministers, diplomats, military and intelligence chiefs, as well as leading figures in the business and finance industry, Le Monde reports. Among those who were subject to the surveillance, which involved intercepting communications as they were being beamed between satellites, was a close British ally — Kenyan President Mwai Kibaki and his strategic advisers. Other targets included Nigeria’s President Umaru Yar’Adua and his private secretary; Ghana’s President John Kufuor; Sierra Leone’s leader Ernest Koroma; and the presidential palace in Luanda, Angola. Prominent business figures were also monitored, such as Nigerian billionaire Tony Elumelu, regarded as one of Africa’s richest and most influential men, and Chris Kirubi, a wealthy Kenyan businessman and radio-station owner who was described by Forbes in 2011 as the country’s “most flamboyant tycoon.”

But not all of the people on the surveillance lists were high-flying corporate and political elites. Le Monde reports that GCHQ spied on the employees of two major telecommunications companies — the South African firm MTN and Kuwait-based Zain. The agency focused in particular on “roaming managers” working for the companies in at least 15 African countries, including Gabon, Ivory Coast, Tunisia, Congo, and Mali. Roaming managers who work for cellphone companies organize partnerships between different carriers across the world, ensuring that when you travel overseas on vacation or a business trip you can use your phone to connect to a local network and make calls and receive messages.

Often, roaming managers handle sensitive technical documents about how different networks function — and this is what places them on the radar of both GCHQ and its close U.S. counterpart, the NSA. Such documents are of high value to the agencies, as they contain information that they can use to hack into networks and eavesdrop on communications. As The Intercept has previously reported, the NSA systematically monitors telco company employees’ emails with the explicit purpose of collecting roaming documents, which it describes as “necessary for targeting and exploitation.” In other words, roaming managers are not spied on because they are suspected of wrongdoing or because they are of political or economic interest; rather, they are merely viewed as a means to an end.

GCHQ declined to answer any questions from Le Monde, citing a long-standing policy not to comment on intelligence matters. A spokesperson for the agency claimed in a statement that its activities are all “authorised, necessary and proportionate” and “entirely compatible with the European Convention on Human Rights.” The NSA said its activities complied with U.S. law and policy and declined to comment further.

Top photo: GCHQ Bude is a satellite ground station and eavesdropping center located on the North Cornwall coast, U.K.

The post Extensive British Spying Throughout Africa Revealed in Le Monde appeared first on The Intercept.

Last week, the U.K.’s Parliament approved the Investigatory Powers Bill, dubbed the “Snoopers’ Charter” by critics. The law, which is expected to come into force before the end of the year, was introduced in November 2015 after the fallout from revelations by National Security Agency whistleblower Edward Snowden about extensive British mass surveillance. The Investigatory Powers Bill essentially retroactively legalizes the electronic spying programs exposed in the Snowden documents — and also expands some of the government’s surveillance powers.

Perhaps the most controversial aspect of the new law is that it will give the British government the authority to serve internet service providers with a “data retention notice,” forcing them to record and store for up to 12 months logs showing websites visited by all of their customers. Law enforcement agencies will then be able to obtain access to this data without any court order or warrant. In addition, the new powers will hand police and tax investigators the ability to, with the approval of a government minister, hack into targeted phones and computers. The law will also permit intelligence agencies to sift through “bulk personal datasets” that contain millions of records about people’s phone calls, travel habits, internet activity, and financial transactions; and it will make it legal for British spies to carry out “foreign-focused” large-scale hacks of computers or phones in order to identify potential “targets of interest.”

“Every citizen will have their internet activity — the apps they use, the communications they send, and to who — logged for 12 months,” says Eric King, a privacy expert and former director of Don’t Spy On Us, a coalition of leading British human rights groups that campaigns against mass surveillance. “There is no other democracy in the world, possibly no other country in the world, doing this.”

“There is no other democracy in the world, possibly no other country in the world, doing this.”

King argues that the new law will cause a chilling effect, resulting in fewer people feeling comfortable communicating freely with one another. He cites a Pew survey published in March 2015 that found that 30 percent of American adults had altered their phone or internet habits due to concerns about government surveillance. “It’s going to change how people communicate and express their thoughts,” King says. “For a society that’s supposed to be progressive, that encourages open debate and dialogue, it’s awful.”

Other civil liberties advocates are concerned that the new law will be viewed by governments across the world as a green light to launch similar sweeping surveillance regimes. “The passing of the IP Bill will have an impact that goes beyond the U.K.’s shores,” says Jim Killock, executive director of the London-based Open Rights Group. “It is likely that other countries, including authoritarian regimes with poor human rights records, will use this law to justify their own intrusive surveillance powers.”

Despite the broad scope of the Investigatory Powers Bill, it generated little public debate in the U.K., and did not receive a great deal of coverage in the mainstream press. One reason for this was undoubtedly the U.K.’s shock vote in June to leave European Union — known as Brexit — which has dominated news and discussion in recent months. But there was another major factor for the swift passage of the law in the face of little backlash. The Labour Party, the U.K.’s leading opposition political party, had pledged to fight back against “unwarranted snooping,” but ended up supporting the government and voting in favor of the new surveillance law. “Blame has to be fixed on the Labour Party,” says Killock. “They asked for far too little and weren’t prepared to strongly challenge many of the central tenets of the bill.”

In an effort to placate some of its critics, the government has agreed to strengthen oversight of the surveillance. The Investigatory Powers Bill introduces for the first time a “judicial commissioner” — likely a former senior judge — who will have the authority to review spying warrants authorized by a government minister. It also bolsters provisions relating to how police and spy agencies can target journalists in a bid to identify their confidential sources. New safeguards will mean the authorities will have to seek approval from the judicial commissioner before obtaining a journalist’s phone or email records; previously they could obtain this data without any independent scrutiny.

The U.K.’s National Union of Journalists, however, believes that the law does not go far enough in protecting press freedom. The union is particularly alarmed that any potential surveillance of media organizations will be kept completely secret, meaning they will not be afforded the chance to challenge or appeal any decisions relating to them or their sources. “The bill is an attack on democracy and on the public’s right to know and it enables unjustified, secret, state interference in the press,” the union blasted in a statement last week, adding that “the lack of protection for sources has an impact on journalists working in war zones or those investigating organized crime or state misconduct.”

Other issues relating to how the law will be applied remain unclear. It contains a provision, for instance, allowing the government to serve a company with a “technical capability notice,” which can include “obligations relating to the removal by a relevant operator of electronic protection applied by or on behalf of that operator to any communications or data.” Earlier this year, technology giants Apple, Facebook, Google, Microsoft, Twitter, and Yahoo criticized this power, expressing concerns that it could be used by the government to force companies to weaken or circumvent encryption technology used to protect the privacy of communications and data.

In practice, if the law is used to undermine encryption, it may never come to light. The government included a section in the law that criminalizes “unauthorized disclosures” of any information related to its surveillance orders, which could potentially deter any whistleblowers or leakers from coming forward. The punishment for breaches is a prison sentence of up to 12 months, a fine, or both.

Though the Investigatory Powers Bill will soon to come into force, it is likely to face several lawsuits. There are at least three ongoing cases that could result in changes to some of its provisions. One of these cases is a major challenge in the European Court of Human Rights, which could potentially rule the government’s mass collection and retention of data to be illegal. (Judgments from the European Court of Human Rights remain binding in the U.K., despite its vote to leave the European Union.)

Either way, some are not willing to leave it up to the courts to determine how much of their data the government can vacuum up. One recently established British nonprofit company, calling itself Brass Horn Communications, says it is planning to build a new internet provider that is based on Tor — a tool used to browse the internet anonymously — in an effort to help people protect themselves from the spying. “We should be able to research an embarrassing medical condition, or ask questions on Google, without having to worry about it being stored on a permanent internet record somewhere,” says a spokesperson for the company. “The government has decided that everyone is a suspect, but you can’t treat an entire society as criminal.”

The post U.K. Parliament Approves Unprecedented New Hacking and Surveillance Powers appeared first on The Intercept.

On Wednesday, we reported that top-secret documents indicate there is an NSA spy hub inside the massive, windowless skyscraper at 33 Thomas Street, used by AT&T to route communications across the world. The 550-foot tower contains equipment that covertly monitors phone calls, faxes, and internet data, according to the documents. But with the exception of employees who have worked at the building, few people have ever been allowed inside the iconic brutalist structure, which was built to withstand a nuclear attack amid the Cold War.

Stanley Greenberg, a 60-year-old artist based in Brooklyn, shared a series of photographs he took in September 1992 while visiting 33 Thomas Street. Back then, before the 9/11 attacks, security was not as tight. At the time, Greenberg was carrying out research for a book, “Invisible New York,” and AT&T granted him access. The photographs never made it into the book, but Greenberg revisited his photo archive this week and sent the pictures to The Intercept after reading the revelations about the building’s apparent role as an NSA site, code-named TITANPOINTE.

One of Greenberg’s photos (featured at the top of this article) clearly shows some of AT&T’s “4ESS switch” equipment used to send phone calls across networks. The NSA’s documents describe the TITANPOINTE facility as containing a “RIMROCK access,” which is what the agency calls the 4ESS switches that it taps into. By 2004, at least one of these was an “international gateway” used to route foreign calls to and from the U.S., a former AT&T engineer has said.

Another photograph taken by Greenberg (below) shows a room full of large batteries, which were likely used as a back-up energy source for the building in the event of a power failure. Original planning documents for 33 Thomas Street state that it would have enough emergency power to last two weeks, enabling it to become a “self-contained city” in the event of a catastrophe.

Mark Klein, a former AT&T technician, worked at 33 Thomas Street between 1981 and 1990. During The Intercept’s initial research into the building, he shared a series a photographs that he took inside in 1988, which show his office space, a row of large black back-up batteries, and some of the primitive computer technology — including large disk drives the size of washing machines — used by AT&T at the time.

“During night shifts you’d be alone,” Klein said of his time in the skyscraper. “You’d walk around in dimly lit rows of equipment and only switch on fluorescent lights in the area you were working.”

The ground floor, Klein added, had a large cafeteria that was fitted with gleaming stainless steel equipment, but it was never open for business. “You’d go down there to empty tables and bring the sandwich you brought from home.”

Klein later moved to California, where he continued his work for AT&T. In 2006, he alleged in a sworn court declaration that the company had maintained a secure room in one of its San Francisco offices, which he stated had been equipped with NSA technology to spy on phone and internet traffic. Klein told The Intercept that he didn’t know of any NSA presence at 33 Thomas Street, but it did not surprise him to discover its apparent role as the TITANPOINTE surveillance site.

“I always assumed and gathered information back then that there were numerous other offices like the one in San Francisco,” he said. “I was only aware of the ones on the West Coast, from talking to people. But logically I assumed there had to be some in places like New York or Chicago, the major telecom centers.”

If you have any photos or information from inside 33 Thomas Street, you can contact the authors by email (addresses below) or through SecureDrop.

The post Look Inside the Windowless New York Skyscraper Linked to the NSA appeared first on The Intercept.

But the building’s primary purpose would not be to protect humans from toxic radiation amid nuclear war. Rather, the fortified skyscraper would safeguard powerful computers, cables, and switchboards. It would house one of the most important telecommunications hubs in the United States — the world’s largest center for processing long-distance phone calls, operated by the New York Telephone Company, a subsidiary of AT&T.

The building was designed by the architectural firm John Carl Warnecke & Associates, whose grand vision was to create a communication nerve center like a “20th century fortress, with spears and arrows replaced by protons and neutrons laying quiet siege to an army of machines within.”

Construction began in 1969, and by 1974, the skyscraper was completed. Today, it can be found in the heart of lower Manhattan at 33 Thomas Street, a vast gray tower of concrete and granite that soars 550 feet into the New York skyline. The brutalist structure, still used by AT&T and, according to the New York Department of Finance, owned by the company, is like no other in the vicinity. Unlike the many neighboring residential and office buildings, it is impossible to get a glimpse inside 33 Thomas Street. True to the designers’ original plans, there are no windows and the building is not illuminated. At night it becomes a giant shadow, blending into the darkness, its large square vents emitting a distinct, dull hum that is frequently drowned out by the sound of passing traffic and wailing sirens.

For many New Yorkers, 33 Thomas Street — known as the “Long Lines Building” — has been a source of mystery for years. It has been labeled one of the city’s weirdest and most iconic skyscrapers, but little information has ever been published about its purpose.

It is not uncommon to keep the public in the dark about a site containing vital telecommunications equipment. But 33 Thomas Street is different: An investigation by The Intercept indicates that the skyscraper is more than a mere nerve center for long-distance phone calls. It also appears to be one of the most important National Security Agency surveillance sites on U.S. soil — a covert monitoring hub that is used to tap into phone calls, faxes, and internet data.

Early model of the entrance of 33 Thomas Street as designed by John Carl Warnecke & Associates.

Still from “Project X”

Inside 33 Thomas Street there is a major international “gateway switch,” according to a former AT&T engineer, which routes phone calls between the United States and countries across the world. A series of top-secret NSA memos suggest that the agency has tapped into these calls from a secure facility within the AT&T building. The Manhattan skyscraper appears to be a core location used for a controversial NSA surveillance program that has targeted the communications of the United Nations, the International Monetary Fund, the World Bank, and at least 38 countries, including close U.S. allies such as Germany, Japan, and France.

It has long been known that AT&T has cooperated with the NSA on surveillance, but few details have emerged about the role of specific facilities in carrying out the top-secret programs. The Snowden documents provide new information about how NSA equipment has been integrated as part of AT&T’s network in New York City, revealing in unprecedented detail the methods and technology the agency uses to vacuum up communications from the company’s systems.

“This is yet more proof that our communications service providers have become, whether willingly or unwillingly, an arm of the surveillance state,” said Elizabeth Goitein, co-director of the liberty and national security program at the Brennan Center for Justice. “The NSA is presumably operating under authorities that enable it to target foreigners, but the fact that it is so deeply embedded in our domestic communications infrastructure should tip people off that the effects of this kind of surveillance cannot be neatly limited to non-Americans.”

The NSA declined to comment for this story.

The FBI occupies the entire 23rd floor of 26 Federal Plaza, seen here behind 33 Thomas Street.

Still from “Project X”

The code name TITANPOINTE features dozens of times in the NSA documents, often in classified reports about surveillance operations. The agency uses code names to conceal information it deems especially sensitive — for instance, the names of companies it cooperates with or specific locations where electronic spying is carried out. Such details are usually considered “exceptionally controlled information,” a category beyond top secret and thus outside the scope of most of the documents that Snowden was able to obtain.

Secret NSA travel guides, dated April 2011 and February 2013, however, reveal information about TITANPOINTE that helps establish its connection to 33 Thomas Street. The 2011 guide, written to assist NSA employees visiting various facilities, discloses that TITANPOINTE is in New York City. The 2013 guide states that a “partner” called LITHIUM, which is NSA’s code name for AT&T, supervises visits to the site.

The 33 Thomas Street building is located almost next door to the FBI’s New York field office — about a block away — at Federal Plaza. The 2011 NSA travel guide instructs employees traveling to TITANPOINTE to head to the FBI’s New York field office. It adds that trips to the site should be coordinated with AT&T (referenced as “LITHIUM”) and the FBI, including an FBI “site watch officer.”

Intercom at 33 Thomas Street.

Still from “Project X”

Upon arrival at TITANPOINTE, the 2011 travel guide says, agency employees should ring the buzzer, sign in, and wait for a person to come and meet them. The Intercept visited 33 Thomas Street and found a buzzer outside its entrance and a sign-in sheet on a desk in the building’s lobby, which is manned by a guard 24 hours a day. There are also parking bays in front of the skyscraper designated “AWM,” a traffic code for federal agencies.

A 1994 New York Times article reported that 33 Thomas Street was part of AT&T’s “giant Worldwide Intelligent Network, which is responsible for directing an average of 175 million phone calls a day.” Thomas Saunders, a former AT&T engineer, told The Intercept that inside the building there were at least three “4ESS switches” used to route calls across phone networks. “Of the first two, one handled domestic long-distance traffic and the other was an international gateway,” said Saunders, who retired from his role at the company in 2004. The NSA’s documents describe TITANPOINTE as containing “foreign gateway switches” and they state that it has a “RIMROCK access.” RIMROCK is an NSA code name for 4ESS switches.

The NSA’s documents also reveal that one of TITANPOINTE’s functions is to conduct surveillance as part of a program called SKIDROWE, which focuses on intercepting satellite communications. That is a particularly striking detail, because on the roof of 33 Thomas Street there are a number of satellite dishes. Federal Communications Commission records confirm that 33 Thomas Street is the only location in New York City where AT&T has an FCC license for satellite earth stations.

Design plan for the tower mechanical equipment floor at 33 Thomas Street.

The man behind the design of 33 Thomas Street, John Carl Warnecke, was one of the most prominent architects in the U.S. between the 1960s and 1980s.

Warnecke’s high-profile projects included producing designs for the U.S. Naval Academy in Maryland, the Hart Senate Office Building in Washington, D.C., and the Hawaii State Capitol. In 1962, President John F. Kennedy’s administration commissioned Warnecke to preserve and restructure buildings at Lafayette Square, across from the White House. And following Kennedy’s assassination, Warnecke was asked to design the president’s eternal flame and gravesite at Arlington National Cemetery. He also helped construct a new embassy complex in Washington for the Soviet Union, in which the Soviets claimed they found eavesdropping equipment embedded in the walls.

But it was not only governments that trusted Warnecke — who died in 2010, aged 91 — with major construction projects. He cultivated a close relationship with telecommunications companies, too, possibly helped by family ties to the industry. Warnecke’s father-in-law had been a director at Pacific Bell, a California-based AT&T subsidiary. In the 1960s, Warnecke was asked to design a telephone exchange building for Pacific Bell in Oakland. He would subsequently receive a series of other major commissions from AT&T: Aside from the 33 Thomas Street building, he also designed a telephone exchange in Williamsburg, Brooklyn, and an AT&T facility in Bedminster, New Jersey.

Some of Warnecke’s original architectural drawings for 33 Thomas Street are labeled “Project X.” It was alternatively referred to as the Broadway Building. His plans describe the structure as “a skyscraper to be inhabited by machines” and say that it was “designed to house long lines telephone equipment and to protect it and its operating personnel in the event of atomic attack.” (At the time the building was commissioned and built, amid the Cold War, there were genuine fears in the U.S. about the prospect of a Soviet nuclear assault.)

Sketch of the plaza at 33 Thomas Street.

After it was built, the unusual style of 33 Thomas Street attracted a lot of attention. Its dark, somewhat dystopian appearance contrasted dramatically with other buildings in lower Manhattan. Yet it proved popular, particularly among architecture buffs.

In a 1982 piece in the New York Times, architecture critic Paul Goldberger praised 33 Thomas Street as “one of the neighborhood’s few pieces of good modern architecture,” adding that it “blends into its surroundings more gracefully than does any other skyscraper in this area.”

“Other telephone company buildings from that era, designed solely for equipment, all look like horrible boxes,” Goldberger told The Intercept. “This one has an allure of its own to it. … There’s something about that shape. You see it and you don’t see it at the same time.”

Satellite dishes on top of 33 Thomas Street. At TITANPOINTE, a program called SKIDROWE intercepts satellite communications.

Photo: Henrik Moltke

In 1975, just a year after Warnecke’s 33 Thomas Street building was completed, the NSA became embroiled in one of the biggest scandals in the U.S. intelligence community’s history. Following revelations about domestic surveillance operations targeting anti-Vietnam War activists, a congressional select committee began investigating the alleged abuses.

The inquiry, led by Democratic Sen. Frank Church, published its findings in April 1976. It concluded that U.S. intelligence agencies had “invaded individual privacy and violated the rights of lawful assembly and political expression.” Surveillance programs operated by the NSA through this period, it was later revealed, had targeted “domestic terrorist and foreign radical” suspects, including a host of eminent Americans, such as the civil rights leaders Martin Luther King and Whitney Young, the boxer Muhammad Ali, Washington Post columnist Art Buchwald, and New York Times journalist Tom Wicker.

The Church Committee recommended that new and tighter controls be placed on intelligence gathering. And in 1978, Congress approved the Foreign Intelligence Surveillance Act, requiring the executive branch to request warrants for spying operations from a newly formed court.

Diagrams showing NSA-controlled equipment inside TITANPOINTE.

Document: NSA

BLARNEY leverages “commercial partnerships” in order to “gain access and exploit foreign intelligence obtained from global networks,” the document states. It carries out “full take” surveillance — a term that refers to the bulk collection of both content and metadata — under six different categories: counterproliferation, counterterrorism, diplomatic, economic, military, and political.

As of July 2010, the NSA had obtained at least 40 court orders for spying under the BLARNEY program, allowing the agency to monitor communications related to multiple countries, companies, and international organizations. Among the approved targets were the International Monetary Fund, the World Bank, the Bank of Japan, the European Union, the United Nations, and at least 38 different countries, including U.S. allies such as Italy, Japan, Brazil, France, Germany, Greece, Mexico, and Cyprus.

The program was the NSA’s leading source of data collection under the Foreign Intelligence Surveillance Act, an April 2013 document disclosed, and information gleaned from the communications it intercepted was a top contributor to the president’s daily briefing.

Notably, TITANPOINTE has played a central role in BLARNEY’s operations. NSA documents dated between 2012 and 2013 list the TITANPOINTE surveillance facility among three of BLARNEY’s “core sites” and describe it as “BLARNEY’S site in NYC.” Equipment hosted at TITANPOINTE has been used to monitor international long-distance phone calls, faxes, voice calls routed over the internet (known as Voice-Over-IP), video conferencing, and other internet traffic.

In one case that may have involved 33 Thomas Street, NSA engineers with the BLARNEY program worked to eavesdrop on data from a connection serving the United Nations mission in New York. This spying resulted in “collection against the email address of the U.N. General leading the monitoring mission in Syria,” an April 2012 memo said.

Mogens Lykketoft, former president of the U.N.’s general assembly, criticized the surveillance. “Such spying activities are totally unacceptable breaches of trust in international cooperation,” he told The Intercept.

Logo for the NSA’s satellite communications exploitation program SKIDROWE.

NSA

At the TITANPOINTE site, the NSA equipment is stored inside a secure room, known as a “Sensitive Compartmented Information Facility.” Top-secret diagrams dated April 2012 show that within the secure space there is “NSA controlled” equipment linked to the routers of its “access partner,” referring to AT&T. Intercepted internet data was collected from the “backbone,” then processed at TITANPOINTE, before being passed to NSA for storage. Phone calls that were intercepted were collected from TITANPOINTE’s “foreign gateway switches” before being routed through the partner’s “call processor.” They were then forwarded to NSA’s headquarters in Maryland through an interface shared with the partner.

Much of the surveillance carried out at TITANPOINTE seems to involve monitoring calls and other communications as they are being sent across AT&T’s international phone and data cables. But the site has other capabilities at its disposal. The NSA’s documents indicate that it is also equipped with powerful satellite antenna — likely the ones located on the roof of 33 Thomas Street — which monitor information transmitted through the air.

The SKIDROWE spying program focuses on covertly vacuuming up internet data — known as “digital network intelligence” — as it is passing between foreign satellites. The harvested data is then made accessible through XKEYSCORE, a Google-like mass surveillance system that the NSA’s employees use to search through huge quantities of information about people’s emails, chats, Skype calls, passwords, and internet browsing histories.

Fletcher Cook, an AT&T spokesperson, told The Intercept that the company does not “allow any government agency to connect directly to or otherwise control our network to obtain our customers’ information. Rather, we simply respond to government requests for information pursuant to court orders or other mandatory process and, in rare cases, on a legal and voluntary basis when a person’s life is in danger and time is of the essence, like in a kidnapping situation.”

Cook added that NSA representatives “do not have access to any secure room or space within our owned portion of the 33 Thomas Street building.” When pressed on whether any room within 33 Thomas Street contains equipment used for the purposes of NSA surveillance, an AT&T spokesperson pointed to a 1983 deed and declaration filed with New York City indicating that Verizon’s predecessor company maintained ownership of three floors and a basement floor in the building. The New York City Department of Finance said the predecessor company has an easement for the space and pays utility taxes, but insisted that AT&T owns the whole building. The AT&T spokesperson declined to comment further.

The NSA’s documents do not state that it can “connect directly to” or “otherwise control” AT&T’s networks, but they do make clear that the agency has placed its own equipment inside TITANPOINTE to tap into phone calls and internet data. It may be the case that the secure room where the equipment is installed is overseen by AT&T’s own engineers or technicians who have a security clearance. One NSA document dated from March 2013 suggests such a relationship, noting that the “corporate sites” the agency collects data from “are often controlled by the partner, who filters the communications before sending to NSA.”

As in 1983, AT&T may not be completely alone at 33 Thomas Street. Earlier this year, a technician working at the building — who did not want to be named because he was not authorized to speak to the media — told The Intercept that a handful of Verizon employees were still based inside. However, the NSA’s documents do not suggest that Verizon is implicated in the surveillance at the TITANPOINTE facility, and instead only point to AT&T’s involvement. Verizon declined to comment for this story.

The entrance to 33 Thomas Street.

Still from “Project X”

AT&T is far from the only company that has a relationship with the NSA. The agency has established what it calls “strategic partnerships” with more than 80 corporations. But some companies are more cooperative than others.

Historically, AT&T has always maintained close ties with the government. A good example of this came in June 1976, when a congressional subcommittee served AT&T with a subpoena demanding that it hand over information about its alleged role in unlawful FBI wiretapping of phone calls. President Gerald Ford personally intervened to block the subpoena, stating that AT&T “was and is an agent of the United States acting under contract with the Executive Branch.” Ford said the company was in a “unique position” with respect to telephone and other communication lines in the U.S., and therefore it had been “necessary for the Executive Branch to rely on its services to assist in acquiring certain information necessary to the national defense and foreign policy.” The details sought by the committee could not be shared, Ford asserted, because they could expose “extremely sensitive foreign intelligence and counterintelligence information.”

In more recent decades, as the New York Times and ProPublica reported last year, AT&T has allowed the NSA to access billions of emails, exhibiting what the agency called its “extreme willingness to help.” These revelations were foreshadowed in 2006 by allegations made by Mark Klein, a former AT&T technician. Klein stated that the company had maintained a “secure room” in one of its San Francisco offices, which was fitted with communications monitoring equipment apparently used by the NSA to tap into phone and internet traffic. Klein’s claims formed the basis of a lawsuit brought by the Electronic Frontier Foundation on behalf of AT&T customers (Jewel v. NSA), which remains ongoing today.

Mark Klein at 33 Thomas Street in 1988. Klein worked as an AT&T employee at that location for 10 years.

Photo courtesy of Mark Klein

According to the Snowden documents, AT&T has installed surveillance equipment in at least 59 U.S. sites. And on any given day, NSA employees may be working at the company’s facilities. Classified memos dated from April 2013 describe one- to four-day deployments of NSA technical staff to TITANPOINTE and other buildings. Most AT&T personnel at these locations, however, are unlikely to have knowledge of the agency’s presence. NSA staff are encouraged to wear clothes that make them “blend in to the environment.” Even the car hire company the agency uses for its trips to AT&T facilities is kept in the dark. “Some personnel are aware of the FBI link,” states the agency’s travel guidance, “but [they] have no knowledge of NSA’s involvement.”

This article is the product of a joint reporting project between The Intercept and Field of Vision. “Project X,” a Field of Vision documentary directed by Henrik Moltke and Laura Poitras, will screen at IFC Center starting November 18.
———

Documents published with this story:

• BLARNEY site book
• FAIRVIEW site book
• FAIRVIEW dataflow charts April 2012
• Special Source Operations corporate overview
• BLARNEY report April 2013
• BLARNEY program overview
• SKIDROWE program

The post The NSA’s Spy Hub in New York, Hidden in Plain Sight appeared first on The Intercept.

The technology was designed by Endace, a little-known New Zealand company. And the important customer was the British electronic eavesdropping agency, Government Communications Headquarters, or GCHQ.

Dozens of internal documents and emails from Endace, obtained by The Intercept and reported in cooperation with Television New Zealand, reveal the firm’s key role helping governments across the world harvest vast amounts of information on people’s private emails, online chats, social media conversations, and internet browsing histories.

The leaked files, which were provided by a source through SecureDrop, show that Endace listed a Moroccan security agency implicated in torture as one of its customers. They also indicate that the company sold its surveillance gear to more than half a dozen other government agencies, including in the United States, Israel, Denmark, Australia, Canada, Spain, and India.

Some of Endace’s largest sales in recent years, however, were to the United Kingdom’s GCHQ, which purchased a variety of “data acquisition” systems and “probes” that it used to covertly monitor internet traffic.

Documents from the National Security Agency whistleblower Edward Snowden, previously disclosed by The Intercept, have shown how GCHQ dramatically expanded its online surveillance between 2009 and 2012. The newly obtained Endace documents add to those revelations, shining light for the first time on the vital role played by the private sector in enabling the spying.

Stuart Wilson, Endace’s CEO, declined to answer questions for this story. Wilson said in a statement that Endace’s technology “generates significant export revenue for New Zealand and builds important technical capability for our country.” He added: “Our commercial technology is used by customers worldwide … who rely on network recording to protect their critical infrastructure and data from cybercriminals, terrorists, and state-sponsored cybersecurity threats.”

Former Endace Director Ian Graham, right, meets New Zealand Prime Minister John Key in 2010.

Photo: NZNationalParty/Flickr

Endace says it manufactures technology that allows its clients to “monitor, intercept and capture 100% of traffic on networks.” The Auckland-based company’s motto is “power to see all” and its logo is an eye.

The company’s origins can be traced back to Waikato University in Hamilton, New Zealand. There, in 1994, a team of professors and researchers began developing network monitoring technology using university resources. A central aim of the project was to find ways to measure different kinds of data on the internet, which was at that time only just beginning to take off. Within a few years, the academics’ efforts proved successful; they had managed to invent pioneering network monitoring tools. By 2001, the group behind the research started commercializing the technology — and Endace was formed.

Today, Endace presents itself publicly as focused on providing technology that helps companies and governments keep their networks secure. But in the past decade, it has quietly entered into a burgeoning global spy industry that is worth in excess of an estimated $5 billion annually.

In 2007, Endace representatives promoted their technology at a huge surveillance technology trade show in Dubai that was attended by dozens of government agencies from across the world. Endace’s advertising brochures from the show, which described the company’s products and promoted the need for greater state surveillance, were published by WikiLeaks in 2013.

One Endace brochure explained how the company’s technology could help clients “monitor all network traffic inexpensively.” It noted that telecommunications networks carry many types of information: Skype calls, videos, emails, and instant message chats. “These networks provide rich intelligence for law enforcement,” the brochure stated, “IF they can be accessed securely and with high precision.”

Workers lay undersea cables near Hiddensee Island, Germany.

Photo: Ullstein Bild/Getty Images

The United Kingdom’s geographic location — situated between North America, mainland Europe, and the Middle East — made it a good market for Endace.

Many major international undersea data cables cross British territory, and according to top-secret documents from Snowden, as much as 25 percent of all the world’s internet traffic flows through the U.K. The country’s spies have worked to exploit this, with GCHQ tapping into as many of the cables as it can, sifting through huge volumes of emails, instant messages, social media interactions, and web browsing records as they are being transmitted across the internet.

As of 2009, GCHQ’s surveillance of undersea cables was well underway. The agency was measuring the amount of traffic it monitored in tens of gigabits per second (10Gs) — the equivalent in data of about 1 million average-sized emails every minute. The electronic eavesdropping agency was tapping into 87 different 10Gs capacity cables and funneling the collected data into its processing systems for analysis.

By March 2011, GCHQ’s aim was to tap into 415 of the 10Gs cables, and its longer-term goal was to “grow our internet access to 800 10Gs.” The agency wanted to build what it described as the largest covert surveillance apparatus in the world. And in an effort to fulfill that plan, it turned to Endace’s technology.

Leaked documents and emails from Endace, obtained by The Intercept, lay out a series of deals the company made with GCHQ to help it broaden its mass surveillance capabilities. A confidential February 2010 Endace statement of work for GCHQ, for instance, outlined a £245,000 ($299,500) deal to upgrade “monitoring solutions” for the British agency that were designed to intercept large amounts of internet traffic and send it into “memory holes” — repositories used to store the data.

The agency wanted to build the largest covert surveillance apparatus in the world.

Between November 2010 and March 2011, GCHQ purchased more technology from Endace, including specialized surveillance technology built for “FGA only,” a code name the company often uses in its internal documents to refer to GCHQ; it stands for “friendly government agency.”

A November 2010 company document said that “FGA” had an order of 20 systems scheduled for delivery in March 2011. Each system was equipped with two “data acquisition” cards capable of intercepting 20Gs of internet traffic. The total capacity of the order would enable GCHQ to monitor a massive amount of data — the equivalent of being able to download 3,750 high-definition movies every minute, or 2.5 billion average-sized emails an hour.

Endace added in the document that “a potential for 300-500 systems over the next two to three years is being discussed” and noted that it was soon anticipating another order of “30-40 additional systems.” Indeed, the following month a new $167,940 purchase order for 27 more systems arrived, and the items were swiftly dispatched for delivery to GCHQ’s headquarters in Cheltenham, England.

The records of the Endace sales are confirmed by internal GCHQ documents, provided by Snowden, which describe the company’s data capture devices being used as part of mass surveillance programs. GCHQ documents from 2010 and 2011 repeatedly mention the Endace products while discussing the capture of “internet-derived” data to extract information about people’s usage of services such as Gmail, Hotmail, WhatsApp, and Facebook.

GCHQ declined to comment for this story.

An Endace diagram depicts a custom data capture system built for GCHQ.

Photo: Endance

Throughout the summer of 2011, at Endace’s offices in Auckland, New Zealand, the orders from GCHQ were continuing to flow in. Meanwhile, the company’s engineers were busy turning their sights to new technology that could vastly increase surveillance capability. Endace was developing a powerful new product for GCHQ called Medusa: interception equipment that could capture internet traffic at up to 100 gigabits per second.

Medusa was first logged in Endace’s sales systems in September 2011. Endace staff produced weekly status reports about their progress and updated GCHQ at biweekly review meetings. By November 18, 2011, the first version of Medusa arrived at GCHQ. “FGA are very pleased with the prototypes we delivered last week,” Endace noted.

Apparently after testing the Medusa prototype, GCHQ requested some refinements. One feature the agency wanted was called “Separate MAC insertion by IP type.” This suggests the British agency may have sought the ability to target individuals by searching internet traffic for the built-in hardware address of their computers, routers, or phones.

Notably, the Medusa status reports reveal that Endace was using taxpayers’ money to develop the new equipment for GCHQ. They state that the Medusa system was being built for “FGA” with funding from the Foundation of Research Science and Technology, the body that handed out New Zealand government research grants.

In 2010, Endace received two grants totaling $11.1 million. A public announcement for the first grant — issued in July 2010 — said the funding was for “50% of the cost of a series of substantial product developments over the next two years,” but did not say what the products were nor who they were for.

A New Zealand government spokesperson told The Intercept that he could not immediately give a “definitive” answer on whether the funding body had known Endace would use the grants to develop surveillance technology for GCHQ, but said it was “highly unlikely Endace would have provided that information, as they were under no obligation to do so.”

Endace has never publicly disclosed any of its work with GCHQ, likely because it is subject to strict confidentiality agreements. In one contract obtained by The Intercept, GCHQ states that Endace staff are bound to the U.K.’s Official Secrets Act, a sweeping law that can be used to prosecute and imprison people who disclose classified information. GCHQ warned Endace that it must not “make any press announcements or publicize the contract or any part thereof in any way.”

The back of two satellite antennae at GCHQ’s surveillance base in Bude, England.

Photo: Education Images/UIG/Getty Images

Endace’s leaked client lists show three main categories of customers: governments, telecommunications companies, and finance companies.

The government clients appear to be mostly intelligence agencies. A 2008 Endace customer list included: GCHQ; the Canadian and Australian defense departments (where their electronic spy agencies are located); a U.S. government contractor called Rep-Tron Systems Group, located in Baltimore, Maryland; and Morocco’s domestic surveillance agency, the DGST.

Other Endace customer lists contained in the leaked trove include the U.S. Army and the U.S. Navy’s Space and Naval Warfare Systems Command, called SPAWAR; the Israeli Ministry of Defense (home of its Unit 8200 electronic spy agency); the government of India, the Spanish Ministry of Defense; and Denmark’s Defense Intelligence Service.

Endace’s apparent dealings with the Moroccan agency, the DGST, are particularly controversial. Moroccan authorities have been persistently accused over more than five decades of committing a range of severe human rights abuses.

In Morocco, digital surveillance is intimately linked with repression of peaceful dissent.

Amnesty International, in a 2015 report, specifically singled out the DGST agency as a key perpetrator of recent abuses, accusing it of detaining people incommunicado and using brutal torture methods that included beatings, electric shocks, sexual violence, simulated drowning, drugging, mock executions, and food and sleep deprivation.

Sirine Rached, Amnesty’s North Africa researcher, told The Intercept that sales of surveillance technology to Morocco raised major concerns.

“In Morocco, digital surveillance is intimately linked with repression of peaceful dissent — people who are peacefully protesting or criticizing the authorities face intimidation, arrest, unfair trials, and sometimes imprisonment,” said Rached. “We fear that the more that these surveillance tools are sold [to Moroccan agencies], the more we will see human rights abuses, especially in relation to freedom of expression and information.”

Endace declined to comment on its dealings with Morocco. Stuart Wilson, Endace’s CEO, claimed in a statement that he had to keep details about the company’s customers confidential in order to help them “battle cyberthreats and breaches.”

An Endace “data acquisition and generation” card, used to monitor networks.

Photo: Endace

Alongside its government clients, Endace has many major corporate customers.

Endace’s sales lists include finance industry giants such as Morgan Stanley, Reuters, and Bank of America. Endace’s website says it provides financial companies with its monitoring technology to help “high-frequency traders to monitor, measure, and analyze critical network environments.”

In addition, Endace sells its equipment to some of the world’s largest telecommunications companies, among them AT&T, AOL, Verizon, Sprint, Cogent Communications, Telstra, Belgacom, Swisscom, Deutsche Telekom, Telena Italy, Vastech South Africa, and France Telecom.

Some of these companies may use the Endace equipment for checking the security of their networks. But a key strand of Endace’s business involves providing technology for telecommunications firms that enables law enforcement and intelligence agencies to intercept the messages and data of phone and internet users.

A company product strategy document from 2010 said that Endace had “seen early success” providing a Lawful Intercept product to the major U.S. telco and internet company Sprint Corporation.

All telcos and internet companies in the U.S., Europe, New Zealand, and a number of other countries are required by law to have “intercept capable” equipment on their networks. When police or spy agencies want private data about a customer (with or without a warrant, depending on the country), it can be extracted easily.

When installed on a network, Endace’s surveillance equipment can be used to perform targeted monitoring of individual people, but it can also be used to enable dragnet spying.

In one of the leaked Endace documents obtained by The Intercept — under a section titled “customer user stories” — the company describes a situation in which a government agency has obtained “the encryption keys for a well-known program.” An Endace surveillance “probe,” the document suggests, could help the government agency “unencrypt all packets sent by this program on a large network in the last 24 hours.”

Once the data has been decrypted, the agency will be able to “look for the text string ‘Domino’s Pizza,’” Endace joked, “as they have information suggesting this is the favorite pizza of international terrorists.”

———
Documents published with this article:

• GCHQ Endace contract terms March 2011
• Endace-GCHQ statement of work
• GCHQ purchase order Dec 2010
• Endace purchased support list
• Strategic account list
• Customer purchase list 2010
• Customer list
• Customer list 2
• Upgrade account list
• Medusa weekly status report
• Medusa sprint 2 requirements
• GCHQ ‘important order’
• Endace financial report Sept 2012
• Sprint Endace lawful intercept
• Kraken overview
• GCHQ probe order
• Spanish MoD custom
• Capture cards for FGA only
• GCHQ and Canada DND engineering change

The post The Little-Known Company That Enables Worldwide Mass Surveillance appeared first on The Intercept.

Between 1998 and 2005, electronic surveillance agency Government Communications Headquarters and domestic spy agency MI5 began secretly harvesting “bulk personal datasets” containing millions of records about people’s phone calls, travel habits, internet activity, and financial transactions.

On Monday, the Investigatory Powers Tribunal, a special court that handles complaints related to British spy agencies, found that access to the datasets had not been subject to sufficient supervision through a 17-year period between 1998 and November 2015. The tribunal said that due to “failings in the system of oversight” the surveillance regime had violated Article 8 of the European Convention on Human Rights, which protects the right to privacy.

The case was brought in June 2015 by the London-based human rights group Privacy International, which challenged the legality of the surveillance after the British government publicly admitted using an obscure provision of the 1984 Telecommunications Act to harvest the data.

“Today’s judgment is a long overdue indictment of U.K. surveillance agencies riding roughshod over our democracy and secretly spying on a massive scale,” said Millie Graham Wood, legal officer at Privacy International. “It is unacceptable that it is only through litigation by a charity that we have learnt the extent of these powers and how they are used. The public and Parliament deserve an explanation as to why everyone’s data was collected for over a decade without oversight in place and confirmation that unlawfully obtained personal data will be destroyed.”

While the tribunal found that the mass collection of data lacked adequate oversight, it did not rule that the surveillance itself was illegal. The judgment found in favor of the government on that front, stating that the use of the Telecommunications Act to harvest the bulk datasets was lawful.

A spokesperson for the U.K. government said in a statement: “The powers available to the security and intelligence agencies play a vital role in protecting the U.K. and its citizens. We are therefore pleased the tribunal has confirmed the current lawfulness of the existing bulk communications data and bulk personal dataset regimes.”

According to documents that were released earlier this year, the bulk datasets can cover a wide variety of information, potentially revealing details such as people’s political opinions, religious beliefs, union affiliation, physical or mental health status, sexual preferences, biometric data, and spending habits. They may also contain data revealing legally privileged information and journalists’ confidential sources. And the spy agencies have acknowledged that “medical data may appear” in some of the data troves, too, though they claim they do not explicitly harvest people’s medical records.

It is often argued by government officials that mass collection of data is not on its face a violation of privacy, and that privacy is not breached until individual communications are looked at or analyzed by humans.

Notably, the tribunal’s ruling on Monday disagreed with that notion, stating that the privacy protections contained in the European Convention on Human Rights are “engaged by the transfer and storage of communications data even if it is not accessed.” This principle may turn out to be important in a separate case that remains ongoing in the European Court of Human Rights, which is expected to look more closely at the legality of the U.K.’s mass surveillance programs.

Top photo: GCHQ headquarters in Cheltenham, England.

The post U.K.’s Mass Surveillance Databases Were Unlawful for 17 Years, Court Rules appeared first on The Intercept.

Ten organizations — including Privacy International, the American Civil Liberties Union, and Amnesty International — are taking up the landmark case against the U.K. government in the European Court of Human Rights (pictured above). In a 115-page complaint released on Thursday, the groups allege that “blanket and indiscriminate” surveillance operations carried out by British spy agencies in collaboration with their U.S. counterparts violate privacy and freedom of expression rights.

The case represents the first time Europe’s top human rights court has been asked to consider the legality of surveillance exposed in the Snowden documents. Its judgments are legally binding and could potentially have ramifications for how surveillance is conducted by U.K. agencies.

“Through bulk surveillance programs, the U.S. and U.K. governments intercept the private communications and data of millions of people around the world,” said Ashley Gorski, staff attorney at the ACLU National Security Project. “Not only is bulk surveillance unlawful, but it has a deeply chilling and corrosive effect on political discourse and our personal communications. We are hopeful that the European Court of Human Rights will recognize that this mass surveillance violates fundamental rights to privacy and freedom of speech, and that the court’s ruling will help put an end to these practices on a global scale.”

An appendix to the complaint names more than a dozen surveillance programs that it says violate rights and do not have adequate safeguards against abuse. Among them are programs operated by the British surveillance agency Government Communications Headquarters — such as KARMA POLICE — which were exposed by The Intercept last year. KARMA POLICE was designed to allow the U.K. agency to build “a web browsing profile for every visible user on the internet.” The appendix also focuses on NSA-operated programs that have been shared with British spies, such as XKEYSCORE, a tool that can be used to sift through masses of emails, online chats, and virtually every other kind of internet data.

The complaint argues that the scale of the surveillance “is unprecedented in terms of (a) the number of individuals whose communications are potentially affected; (b) the quantity of communications content and related communications data that is actually initially intercepted, extracted, filtered, stored, analysed and/or disseminated by the U.K. intelligence agencies.” It adds that the “the operation of sophisticated covert surveillance powers without adequate safeguards is ipso facto disproportionate.”

A spokesperson for the U.K. government’s Home Office declined to comment on the specifics of the case, but said in a statement: “Our security and intelligence agencies operate under some of the tightest controls in the world and the government is clear the U.K.’s investigatory powers legislation is fully compliant with ECHR requirements.”

Update: October 3, 2016
This article has been updated to include a response from the U.K. government.

Sign up for The Intercept Newsletter here.

The post Europe’s Top Human Rights Court Will Consider Legality of Surveillance Exposed by Edward Snowden appeared first on The Intercept.

Once known only by the code name Field Station 8613, the secret base — now called Menwith Hill Station — is located about nine miles west of the small town of Harrogate in North Yorkshire. Originally used to monitor Soviet communications through the Cold War, its focus has since dramatically shifted, and today it is a vital part of the NSA’s sprawling global surveillance network.

For years, journalists and researchers have speculated about what really goes on inside Menwith Hill, while human rights groups and some politicians have campaigned for more transparency about its activities. Yet the British government has steadfastly refused to comment, citing a longstanding policy not to discuss matters related to national security.

Now, however, top-secret documents obtained by The Intercept offer an unprecedented glimpse behind Menwith Hill’s razor wire fence. The files reveal for the first time how the NSA has used the British base to aid “a significant number of capture-kill operations” across the Middle East and North Africa, fueled by powerful eavesdropping technology that can harvest data from more than 300 million emails and phone calls a day.

Over the past decade, the documents show, the NSA has pioneered groundbreaking new spying programs at Menwith Hill to pinpoint the locations of suspected terrorists accessing the internet in remote parts of the world. The programs — with names such as GHOSTHUNTER and GHOSTWOLF — have provided support for conventional British and American military operations in Iraq and Afghanistan. But they have also aided covert missions in countries where the U.S. has not declared war. NSA employees at Menwith Hill have collaborated on a project to help “eliminate” terrorism targets in Yemen, for example, where the U.S. has waged a controversial drone bombing campaign that has resulted in dozens of civilian deaths.

The disclosures about Menwith Hill raise new questions about the extent of British complicity in U.S. drone strikes and other so-called targeted killing missions, which may in some cases have violated international laws or constituted war crimes. Successive U.K. governments have publicly stated that all activities at the base are carried out with the “full knowledge and consent” of British officials.

The revelations are “yet another example of the unacceptable level of secrecy that surrounds U.K. involvement in the U.S. ‘targeted killing’ program,” Kat Craig, legal director of London-based human rights group Reprieve, told The Intercept.

“It is now imperative that the prime minister comes clean about U.K. involvement in targeted killing,” Craig said, “to ensure that British personnel and resources are not implicated in illegal and immoral activities.”

The British government’s Ministry of Defence, which handles media inquires related to Menwith Hill, declined to comment for this story.

The NSA referred a request for comment to the Director of National Intelligence’s office.

Richard Kolko, a spokesperson for the DNI, said in a statement: “The men and women serving the intelligence community safeguard U.S. national security by collecting information, conducting analysis, and providing intelligence for informed decision making under a strict set of laws, policies and guidelines. This mission protects our nation and others around the world.”

Menwith Hill on March 11, 2014.

Photo: Trevor Paglen

Most visible from the outside are a cluster of about 30 of the giant white domes. But the site also houses a self-contained community, accessible only to those with security clearance. Among operations buildings in which analysts listen in on monitored conversations, there is a bowling alley, a small pool hall, a bar, a fast food restaurant, and a general store.

Most of the world’s international phone calls, internet traffic, emails, and other communications are sent over a network of undersea cables that connect countries like giant arteries. At spy outposts across the world, the NSA and its partners tap into these cables to monitor the data flowing through them. But Menwith Hill is focused on a different kind of surveillance: eavesdropping on communications as they are being transmitted through the air.

According to top-secret documents obtained by The Intercept from NSA whistleblower Edward Snowden, Menwith Hill has two main spying capabilities. The first is called FORNSAT, which uses powerful antennae contained within the golf ball-like domes to eavesdrop on communications as they are being beamed between foreign satellites. The second is called OVERHEAD, which uses U.S. government satellites orbiting above targeted countries to locate and monitor wireless communications on the ground below — such as cellphone calls and even WiFi traffic.

A spy satellite launched in 2009 and operated from Menwith Hill. Its role was to intercept communications flowing across “commercial satellite uplinks,” according to NSA documents.

But the prediction proved to be wrong. And millions of phone calls are still beamed between satellites today, alongside troves of internet data, which the NSA has readily exploited at Menwith Hill.

“The commercial satellite communication business is alive and well and bursting at the seams with increasingly sophisticated bulk DNI (Digital Network Intelligence) traffic that is largely unencrypted,” the NSA reported in a 2006 document. “This data source alone provides more data for Menwith Hill analysts to sift through than our entire enterprise had to deal with in the not-so-distant past.”

The U.S. and U.K. governments have actively misled the public for years through a “cover story.”

As of 2009, Menwith Hill’s foreign satellite surveillance mission, code-named MOONPENNY, was monitoring 163 different satellite data links. The intercepted communications were funneled into a variety of different repositories storing phone calls, text messages, emails, internet browsing histories, and other data.

It is not clear precisely how many communications Menwith Hill is capable of tapping into at any one time, but the NSA’s documents indicate the number is extremely large. In a single 12-hour period in May 2011, for instance, its surveillance systems logged more than 335 million metadata records, which reveal information such as the sender and recipient of an email, or the phone numbers someone called and at what time.

To keep information about Menwith Hill’s surveillance role secret, the U.S. and U.K. governments have actively misled the public for years through a “cover story” portraying the base as a facility used to provide “rapid radio relay and conduct communications research.” A classified U.S. document, dated from 2005, cautioned spy agency employees against revealing the truth. “It is important to know the established cover story for MHS [Menwith Hill Station] and to protect the fact that MHS is an intelligence collection facility,” the document stated. “Any reference to satellites being operated or any connection to intelligence gathering is strictly prohibited.”

Menwith Hill Station on March 11, 2014.

Photo: Trevor Paglen

The outpost was built in the 1950s as part of a deal made by the British and American governments to house U.S. personnel and surveillance equipment. In its early days, Menwith Hill’s technology was much more primitive. According to Kenneth Bird, who worked at the base in the 1960s during the Cold War, it was focused then on monitoring high frequency radio signals in Eastern Europe. Intercepted conversations were recorded on Ampex tape recorders, Bird noted in his published 1997 account, with some transcribed by analysts in real-time using typewriters.

The modern Menwith Hill is a very different place. Now, not only are its spying systems capable of vacuuming up far more communications, but they also have a far broader geographic reach. In addition, the targets of the surveillance have drastically changed, as have the purposes for which the eavesdropping is carried out.

The documents obtained by The Intercept reveal that spy satellites operated at Menwith Hill today can target communications in China and Latin America, and also provide “continuous coverage of the majority of the Eurasian landmass,” where they intercept “tactical military, scientific, political, and economic communications signals.” But perhaps the most significant role the base has played in recent years has been in the Middle East and North Africa.

Especially in remote parts of the world where there are no fiber-optic cable links, it is common for internet connections and phone calls to be routed over satellite. Consequently, Menwith Hill became a vital asset in the U.S. government’s counterterrorism campaign after the 9/11 attacks. Since then, the base has been used extensively to tap into communications in otherwise hard-to-reach areas where Islamic extremist groups such as al Qaeda and al Shabaab have been known to operate — for example, in the Afghanistan-Pakistan border region, Somalia, and Yemen.

An aerial image captured by a U.S. satellite in support of a covert GHOSTHUNTER operation.

The NSA’s documents describe GHOSTHUNTER as a means “to locate targets when they log onto the internet.” It was first developed in 2006 as “the only capability of its kind” and it enabled “a significant number of capture-kill operations” against alleged terrorists. Only a few specific examples are given, but those cases give a remarkable insight into the extraordinary power of the technology.

In 2007, for instance, analysts at Menwith Hill used GHOSTHUNTER to help track down a suspected al Qaeda “facilitator” in Lebanon who was described as “highly actionable,” meaning he had been deemed a legitimate target to kill or capture. The location of the target — who was known by several names, including Abu Sumayah — was traced to within a few hundred meters based on intercepts of his communications. Then a spy satellite took an aerial photograph of the neighborhood in Sidon, south Lebanon, in which he was believed to be living, mapping out the surrounding streets and houses. A top-secret document detailing the surveillance indicates that the information was to be passed to a secretive special operations unit known as Task Force 11-9, which would have been equipped to conduct a covert raid to kill or capture Sumayah. The outcome of the operation, however, is unclear, as it is not revealed in the document.

In another case in 2007, GHOSTHUNTER was used to identify an alleged al Qaeda “weapons procurer” in Iraq named Abu Sayf. The NSA’s surveillance systems spotted Sayf logging into Yahoo email or messenger accounts at an internet cafe near a mosque in Anah, a town on the Euphrates River that is about 200 miles northwest of Baghdad. Analysts at Menwith Hill used GHOSTHUNTER to track down his location and spy satellites operated from the British base captured aerial images. This information was passed to U.S. military commanders based in Fallujah to be included as part of a “targeting plan.”

A few days later, a special operations unit named Task Force-16 stormed two properties, where they detained Sayf, his father, two brothers, and five associates.

By 2008, the apparent popularity of GHOSTHUNTER within the intelligence community meant that it was rolled out at other surveillance bases where NSA has a presence, including in Ayios Nikolaos, Cyprus, and Misawa, Japan. The expansion of the capability to the other bases meant that it now had “near-global coverage.” But Menwith Hill remained its most important surveillance site. “[Menwith Hill] still supplies about 99% of the FORNSAT data used in GHOSTHUNTER geolocations,” noted a January 2008 document about the program.

A 2009 document added that GHOSTHUNTER’s focus was at that time “on geolocation of internet cafés in the Middle East/North Africa region in support of U.S. military operations” and said that it had to date “successfully geolocated over 5,000 VSAT terminals in Iraq, Afghanistan, Syria, Lebanon, and Iran.” VSAT, or Very Small Aperture Terminal, is a satellite system commonly used by internet cafés and foreign governments in the Middle East to send and receive communications and data. GHOSTHUNTER could also home in on VSATs in Pakistan, Somalia, Algeria, the Philippines, Mali, Kenya, and Sudan, the documents indicate.

Menwith Hill’s unique ability to track down satellite devices across the world at times placed it on the front line of conflicts thousands of miles away. In Afghanistan, for instance, analysts at the base used the VSAT surveillance to help track down suspected members of the Taliban, which led to “approximately 30 enemy killed” during one series of attacks that were mentioned in a top-secret July 2011 report. In early 2012, Menwith Hill’s analysts were again called upon to track down a VSAT: this time, to assist British special forces in Afghanistan’s Helmand Province. The terminal was swiftly located, and within an hour an MQ-9 Reaper drone was dispatched to the area, presumably to launch an airstrike.

But the lethal use of the surveillance data does not appear to have been restricted to conventional war zones such as Afghanistan or Iraq. The NSA developed similar methods at Menwith Hill to track down terror suspects in Yemen, where the U.S. has waged a covert drone war against militants associated with al Qaeda in the Northern Peninsula.

In early 2010, the agency revealed in an internal report that it had launched a new technique at the British base to identify many targets “at almost 40 different geolocated internet cafés” in Yemen’s Shabwah province and in the country’s capital, Sanaa. The technique, the document revealed, was linked to a broader classified initiative called GHOSTWOLF, described as a project to “capture or eliminate key nodes in terrorist networks” by focusing primarily on “providing actionable geolocation intelligence derived from [surveillance] to customers and their operational components.”

The description of GHOSTWOLF ties Menwith Hill to lethal operations in Yemen, providing the first documentary evidence that directly implicates the U.K. in covert actions in the country.

Menwith Hill, March 13, 2013.

Photo: Trevor Paglen

Menwith Hill’s previously undisclosed role aiding the so-called targeted killing of terror suspects highlights the extent of the British government’s apparent complicity in controversial U.S. attacks — and raises questions about the legality of the secret operations carried out from the base.

There are some 2,200 personnel at Menwith Hill, the majority of whom are Americans. Alongside NSA employees within the complex, the U.S. National Reconnaissance Office also has a major presence at the site, running its own “ground station” from which it controls a number of spy satellites.

But the British government has publicly asserted as recently as 2014 that operations at the base “have always been, and continue to be” carried out with its “knowledge and consent.” Moreover, roughly 600 of the personnel at the facility are from U.K. agencies, including employees of the NSA’s British counterpart Government Communications Headquarters, or GCHQ.

For several years, British human rights campaigners and lawmakers have been pressuring the government to provide information about whether it has had any role aiding U.S. targeted killing operations, yet they have been met with silence. In particular, there has been an attempt to establish whether the U.K. has aided U.S. drone bombings outside of declared war zones — in countries including Yemen, Pakistan, and Somalia — which have resulted in the deaths of hundreds of civilians and are in some cases considered by United Nations officials to possibly constitute war crimes and violations of international law.

Though the Snowden documents analyzed by The Intercept state that Menwith Hill has aided “a significant number” of “capture-kill” operations, they do not reveal specific details about all of the incidents that resulted in fatalities. What is clear, however, is that the base has targeted countries such as Yemen, Pakistan, and Somalia as part of location-tracking programs like GHOSTHUNTER and GHOSTWOLF — which were created to help pinpoint individuals so they could be captured or killed — suggesting it has played a part in drone strikes in these countries.

“An individual involved in passing that information is likely to be an accessory to murder.”

Craig, the legal director at Reprieve, reviewed the Menwith Hill documents — and said that they indicated British complicity in covert U.S. drone attacks. “For years, Reprieve and others have sought clarification from the British government about the role of U.K. bases in the U.S. covert drone program, which has killed large numbers of civilians in countries where we are not at war,” she told The Intercept. “We were palmed off with platitudes and reassured that any U.S. activities on or involving British bases were fully compliant with domestic and international legal provisions. It now appears that this was far from the truth.”

Jemima Stratford QC, a leading British human rights lawyer, told The Intercept that there were “serious questions to be asked and serious arguments to be made” about the legality of the lethal operations aided from Menwith Hill. The operations, Stratford said, could have violated the European Convention on Human Rights, an international treaty that the U.K. still remains bound to despite its recent vote to leave the European Union. Article 2 of the Convention protects the “right to life” and states that “no one shall be deprived of his life intentionally” except when it is ordered by a court as a punishment for a crime.

Stratford has previously warned that if British officials have facilitated covert U.S. drone strikes outside of declared war zones, they could even be implicated in murder. In 2014, she advised members of the U.K. Parliament that because the U.S. is not at war with countries such as Yemen or Pakistan, in the context of English and international law, the individuals who are targeted by drones in these countries are not “combatants” and their killers are not entitled to “combatant immunity.”

“If the U.K. government knows that it is transferring data that may be used for drone strikes against non-combatants … that transfer is probably unlawful,” Stratford told the members of Parliament. “An individual involved in passing that information is likely to be an accessory to murder.”

GCHQ refused to answer questions for this story, citing a “long standing policy that we do not comment on intelligence matters.” A spokesperson for the agency issued a generic statement asserting that “all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight.” The spokesperson insisted that “U.K.’s interception regime is entirely compatible with the European Convention on Human Rights.”

A Gate at Menwith Hill Station prohibiting entrance on March 12, 2014.

Photo: Trevor Paglen

In February 2014, the U.S. Department of Defense announced after a review that it was planning to reduce personnel at Menwith Hill by 2016, with about 500 service members and civilians set to be removed from the site. A U.S. Air Force spokesperson told the military newspaper Stars and Stripes that the decision was based on technological advances, which he declined to discuss, though he mentioned improvements in “server capacity to the hardware that we’re using; we’re doing more with less.”

The documents provided by Snowden shine light on some of the specific technological changes. Most notably, they show that there has been significant investment in introducing new and more sophisticated mass surveillance systems at Menwith Hill in recent years. A crucial moment came in 2008, when then-NSA Director Keith Alexander introduced a radical shift in policy. Visiting Menwith Hill in June that year, Alexander set a challenge for employees at the base. “Why can’t we collect all the signals, all the time?” he said, according to NSA documents. “Sounds like a good summer homework project for Menwith.”

As a result, a new “collection posture” was introduced at the base, the aim being to “collect it all, process it all, exploit it all.” In other words, it would vacuum up as many communications within its reach as technologically possible.

Between 2009 and 2012, Menwith Hill spent more than $40 million on a massive new 95,000-square-foot operations building — nearly twice the size of an average American football field. A large chunk of this space — 10,000 square feet — was set aside for a data center that boasted the ability to store huge troves of intercepted communications. During the renovations, the NSA shipped in new computer systems and laid 182 miles of cables, enough to stretch from New York City to the outskirts of Boston. The agency also had a 200-seat-capacity auditorium constructed to host classified operations meetings and other events.

“How can Menwith carry out operations of which there is absolutely no accountability to the public?”

Some of the extensive expansion work was visible from the road outside the secure complex, which triggered protests from a local activist group called the Campaign for the Accountability of American Bases. Since the early 1990s, the group has closely monitored activities at Menwith Hill. And for the last 16 years, its members have held a small demonstration every Tuesday outside the base’s main entrance, greeting NSA employees with flags and colorful homemade banners bearing slogans critical of U.S. foreign policy and drone strikes.

Fabian Hamilton, a member of Parliament based in the nearby city of Leeds, has become a supporter of the campaign’s work, occasionally attending events organized by the group and advocating for more transparency at Menwith Hill. Hamilton, who represents the Labour Party, has doggedly attempted to find out basic information about the base, asking the government at least 40 parliamentary questions since 2010 about its activities. He has sought clarification on a variety of issues, such as how many U.S. personnel are stationed at the site, whether it is involved in conducting drone strikes, and whether members of a British parliamentary oversight committee have been given full access to review its operations. But his efforts have been repeatedly stonewalled, with British government officials refusing to provide any details on the grounds of national security.

Hamilton told The Intercept that he found the secrecy shrouding Menwith Hill to be “offensive.” The revelations about the role it has played in U.S. killing and capture operations, he said, showed there needed to be a full review of its operations. “Any nation-state that uses military means to attack any target, whether it is a terrorist, whether it is legitimate or not, has to be accountable to its electorate for what it does,” Hamilton said. “That’s the basis of our Parliament, it’s the basis of our whole democratic system. How can we say that Menwith can carry out operations of which there is absolutely no accountability to the public? I don’t buy this idea that you say the word ‘security’ and nobody can know anything. We need to know what is being done in our name.”
———

Documents published with this article:

• Elegant Chaos: collect it all, exploit it all
• Elegant Chaos: collect it all, exploit it all (plus notes)
• Ghosthunter: only capability of its kind
• Menwith satellite classification guide
• UK special forces Reaper drone (Jan-Feb-2012)
• Afghanistan 30 enemy killed (Jan-Feb 2012)
• Project Sandstorm wifi geolocation (Jan 2011)
• Yemen backhaul comms collected (Jan 2011)
• New ops building at Menwith completed, fit up begins
• New technique geolocates targets active at Yemeni cafes
• Work is progressing on Menwith Hill Station’s new operations building
• Ghosthunter and the geolocating of internet cafes
• Traffic series: is your collection surveyed or sustained
• APPARITION becomes a reality new corporate VSAT geolocation capability sees its first deployment
• Ghosthunter goes global
• Menwith continues successful counterterrorism survey along Af-Pak border
• SIGINT target package leads to USMC capture of al Qaeda weapons procurer
• Too much of a good thing?
• Menwith initiatives maximizing our access
• GSM tower mapping made easier and more accurate with new tool
• Ghosthunter future capabilities (2008)
• New tool combines multi agency databases for complete target snapshot
• GSM tower geolocation
• Menwith collection assets
• Menwith databases as of Aug 2008
• Ghosthunter tasking process
• Apparition/Ghosthunter tasking info

The post The NSA’s British Base at the Heart of U.S. Targeted Killing appeared first on The Intercept.

The extraordinary covert operation, revealed Sunday by Television New Zealand in collaboration with The Intercept, was launched in 2012 after New Zealand authorities believed they had identified a group planning to violently overthrow Fiji’s military regime.

As part of the spy mission, the NSA used its powerful global surveillance apparatus to intercept the emails and Facebook chats of people associated with a Fijian “thumbs up for democracy” campaign. The agency then passed the messages to its New Zealand counterpart, Government Communications Security Bureau, or GCSB.

One of the main targets was Fullman, a New Zealand citizen, whose communications were monitored by the NSA after New Zealand authorities, citing secret evidence, accused him of planning an “an act of terrorism” overseas.

But it turned out that the claims were baseless — Fullman, then 47, was not involved in any violent plot. He was a long-time public servant and peaceful pro-democracy activist who, like the New Zealand and Australian governments at that time, was opposed to Fiji’s authoritarian military ruler Frank Bainimarama.

Details about the surveillance are contained in documents obtained by The Intercept from NSA whistleblower Edward Snowden. More than 190 pages of top-secret NSA logs of intercepted communications dated between May and August 2012 show that the agency used the controversial internet surveillance system PRISM to eavesdrop on Fullman and other Fiji pro-democracy advocates’ Gmail and Facebook messages. Fullman is the first person in the world to be publicly identified as a confirmed PRISM target.

At the time of the spying, New Zealand’s surveillance agency was not permitted to monitor New Zealand citizens. Despite this, it worked with the NSA to eavesdrop on Fullman’s communications, which suggests he is one of 88 unnamed New Zealanders who were spied on between 2003 and 2012 in operations that may have been illegal, as revealed in an explosive 2013 New Zealand government report.

In response to questions for this story, the NSA declined to address the Fullman case directly. A spokesperson for the agency, Michael Halbig, said in a statement to The Intercept that it “works with a number of partners in meeting its foreign-intelligence mission goals, and those operations comply with U.S. law and with the applicable laws under which those partners operate.”

Antony Byers, a spokesperson for New Zealand’s intelligence agencies, said he would not comment “on matters that may or may not be operational.” The country’s spy agencies “operate within the law,” Byers said, adding: “We do not ask partners to do things that would circumvent the law, and New Zealand gets significant value from our international relationships.”

A Fijian military soldier stands guard on Parliament grounds.

Photo: Phil Walter/Getty Images

Unexpected Twist

Fullman was born in Fiji in 1965 and emigrated to New Zealand when he was about 21. He became naturalized as a New Zealand citizen and spent most of his working life in the country, including more than 20 years in various roles at the government’s tax department, where he was based out of offices first in Auckland and later in the capital city of Wellington.

In his spare time, Fullman worked as an amateur boxing judge and referee and helped out once a month at a Wellington soup kitchen run by a Christian charity. Between 2001 and 2003, he attended graduate school, earning two masters degrees: one in public management, the other in information systems. And in 2009, he decided to return to Fiji after he was offered a job as chief executive of the Fiji Water Authority.

The move back to Fiji, however, led to a dramatic and unexpected twist in the course of his life — partly due to an old childhood friend.

Fullman (left) and Mara having dinner in Fiji, December 2005.

Photo: Tony Fullman

“Weekends we would go fishing or go up to his mother’s farm, help out on the farm,” Fullman recalled in an interview with The Intercept. “We spent a lot of time together. He was like a brother to me.”

When Fullman left Fiji for New Zealand in his early 20s, he kept in contact with Mara through phone and email. And by the time Fullman returned to Fiji in 2009 to take the water authority job, Mara had become a powerful military officer, serving as the Fijian army’s chief of staff.

But the political situation in Fiji was now highly unstable, and Mara was at the center of some of the tensions. The country had experienced three military coups between 1987 and 2006 that were rooted in ethnic and religious divisions. Following the latest coup in 2006, which had brought authoritarian ruler Bainimarama to power, the military government and police were accused of systematically cracking down on freedom of speech and arresting critics and human rights defenders.

Mara was dissatisfied with the leadership and, in May 2011, he became embroiled in a high-profile dispute with the Bainimarama regime. He was accused of plotting to overthrow the government and charged with uttering a seditious comment. He was hauled before a court, where he was threatened with imprisonment for allegedly uttering the words, “This government is fuck all.”

Mara was freed on bail while the case against him remained ongoing. But he was concerned about the prospect of ultimately receiving a lengthy jail term. He decided to take a drastic course of action — and fled Fiji, escaping on a boat to nearby Tonga.

Following Mara’s dramatic getaway, Fullman was questioned by the Fijian military. It had found records of phone calls between him and Mara dated from shortly before Mara had left. Facing potential punishment over allegations that he helped Mara escape, Fullman decided that he too would have to promptly leave Fiji.

The NSA surveillance file shows a photo of Fullman that he uploaded to Facebook.

Source: NSA

NSA Spying

By 2012, Fullman had moved to Sydney, Australia, where he was living with his sister and her family. Alongside Mara and other former Fiji residents, he was working with a group called the Fiji Movement for Freedom and Democracy, which was campaigning against the Bainimarama regime.

In early July 2012, Fullman and Mara traveled to New Zealand, where they held meetings with some of the group’s supporters in Auckland. The meetings appear to have attracted the attention of New Zealand’s spies — and culminated in an extraordinary sequence of events: Fullman’s home was raided, his passport revoked, and both he and Mara were put under top-secret NSA surveillance.

Ratu Tevita Mara pictured in a video made for the pro-democracy campaign.

Source: Youtube

At the time, the New Zealand government had been keeping close tabs on the political situation in Fiji, which consists of some 333 small islands located about a three-hour flight north of Auckland. Fiji has historically maintained strong trading and tourism links with New Zealand, but the relationship had soured in the aftermath of the 2006 military coup. The New Zealand government expressed its opposition to the Bainimarama regime’s takeover, placing sanctions on Fiji and calling for the restoration of democracy. By mid-2012, however, relations between the countries were beginning to thaw. New Zealand government officials were openly discussing the possibility of ending the sanctions, in part because they may have been concerned that Fiji seemed to be moving closer to forming an allegiance with China and other Asian nations.

At 7am on July 17, 2012, about a week after Fullman had returned to Australia from the trip to New Zealand, a team of more than a dozen Australian security agents and two Australian federal police detectives arrived at his sister’s home in Sydney looking for weapons and other evidence of the suspected plot.

They seized computers, phones and documents from the premises and confiscated Fullman’s passport on behalf of the New Zealand authorities. Teams of New Zealand Security Intelligence Service officers and police simultaneously raided Fullman’s former apartment in the Wellington suburb of Karori and the homes of at least three other Fiji Freedom and Democracy movement supporters in Auckland, seizing their computers and other property.

The same day that the raids took place, New Zealand Minister of Internal Affairs Chris Tremain signed a notice canceling Fullman’s passport. The notice said the minister had canceled the passport based on secret details provided by the Security Intelligence Service: “The majority of [the] information is classified but in summary I have good reason to believe that … you are involved in planning violent action intended to force a change of Government in a foreign state; and you intend to engage in, or facilitate, an act of terrorism overseas.”

Fullman was baffled by the allegations, which he denied, and sought legal advice to challenge them. At the same time, unknown to him, he had also entered onto the radar of the world’s most powerful surveillance agency: the NSA.

Between early July and early August 2012, New Zealand spies appear to have requested American assistance to obtain the emails and Facebook communications of Fullman and Mara, including from a “democfiji” email address used by Fullman to organize events for the campaign group, whose slogan was “thumbs up for democracy.”

The NSA’s documents contain a “priority list” that names the two men as “Fiji targets” alongside their Gmail addresses and an account number identifying Fullman’s Facebook page. The documents indicate that the NSA began intercepting messages associated with Mara’s accounts on about the July 9, 2012 and on August 3 started spying on Fullman’s messages. The agency also obtained historic messages from the two men dating back to the beginning of May 2012.

A slide from a leaked NSA document about PRISM, published by the Washington Post in 2013.

Source: Washington Post/NSA

To conduct the electronic eavesdropping, the NSA turned to one of its most controversial surveillance programs: PRISM. The agency uses PRISM to secretly obtain communications that are processed by major technology companies like Google, Apple, Microsoft, and Yahoo, as the Washington Post and The Guardian first reported in 2013.

Almost all of the more than 190 pages of intercepted Gmail and Facebook messages from Fullman and Mara is headed “US-984XN,” the code for surveillance that is carried out under PRISM. The pages reveal that the legal justifications NSA cited for the surveillance were selected inconsistently. Most of Fullman’s emails and Facebook messages were obtained as “foreign government” targets, while others such as his bank statements and Facebook photographs were collected under the category of “counter-terrorism.”

The classification markings on some of the files — “REL TO USA/NZ” — make clear that the intercepted communications were to be released to New Zealand spies. In one of the files showing Fullman’s intercepted emails and Facebook chats, the NSA explicitly noted that the intercepted material had been forwarded to its New Zealand intelligence counterpart, the GCSB. (New Zealand is a member of the Five Eyes, a surveillance alliance that also includes electronic eavesdropping agencies from the United States, the United Kingdom, Canada, and Australia.)

The NSA collected Fullman’s bank records. (Reproduced here with Fullman’s consent.)

Source: NSA

The NSA surveillance, however, produced no evidence of a plot. The intercepted messages contained personal information and typical Facebook chit chat. The NSA collected Fullman’s bank statements, which were attached to his emails and showed his visits to a coffee shop, a pharmacy, and purchases at a shoe store. There was correspondence about Fullman working to establish a tourism venture on an island in Tonga, emails about a birthday party, many communications about the Fijian pro-democracy group’s blog posts, and details about alleged abuses committed by Fijian military officials. There were discussions about an unwell mother and a young relative with a confidential health problem. A top-secret intelligence document even reproduced a photograph of Fullman’s silver Mitsubishi station wagon alongside details of its precise location. But there was not a single hint of any plans for violence or other clandestine activity.

It would soon become clear that there was no evidence to support the New Zealand authorities’ suspicions. And gradually, their case would fall apart.

On 16 April, 2013, the internal affairs minister, Tremain, wrote again to Fullman. Contrary to the earlier notice he had issued, Tremain now said that “based on advice” provided by the Security Intelligence Service, there were “no longer national security concerns” about Fullman. The cancellation of his passport was lifted “without requiring an application for a replacement, or payment of a fee.” The change of position followed Fullman initiating legal action against the New Zealand government in the Wellington High Court two months earlier.

The NSA intercepted Fullman’s discussions about an unwell mother and a young relative with a confidential health problem.

Another of the pro-democracy members whose home was raided during the operation was former Fiji sports minister and then-grocery store owner Rajesh Singh. After his home was searched by police and security agents, Singh complained to New Zealand’s inspector general of intelligence and security, Andrew McGechan, who questioned the officers involved and reviewed the investigation. His report said the Security Intelligence Service had applied for a domestic intelligence warrant “against a number of individuals” because of “suspicions of a plan to inflict violence.”

But McGechan identified neither unlawful behavior by Singh nor evidence of the supposed terrorist plot. His May 2014 report said: “There is nothing in the issue of the Warrant itself or in the questions and answers that followed … which comes even near to approaching proof of criminal activity or participation in terrorism.” He noted that “no police activity has resulted, or charges been laid.”

The Intercept asked Fullman if he or Mara had ever heard of — or been involved in — discussions about overthrowing or assassinating Bainimarama. Far from denying it, he said that sort of talk happened frequently within Fijian pro-democracy circles. However, he said it was just angry ranting, when the alcohol was flowing, something completely different from real plans.

“People would say things like, ‘Please can we just hire the Americans to send one drone to Fiji to get rid of those bastards’, or ‘Let me go back to Fiji and I’ll just get a knife and stab him!’” Fullman said. “It’s venting. It’s our way of maintaining sanity — we just sit and bitch about everything. We don’t want violence. We want something where there’s control, a planned approach. More to the effect where it’s the people who protest and say, ‘Enough is enough. This is wrong. We want to go back to the old constitution and have elections.’”

The New Zealand security agency may not have recognized the difference between eavesdropped venting and an actual plot, prematurely launching its raids and broad secret surveillance operation without any clear evidence.

Four days after the raids on Fullman and his fellow campaigners, New Zealand foreign minister Murray McCully traveled to Fiji for trade talks. Fullman believes that the timing was no coincidence — and that the raids targeting the pro-democracy group were used by the New Zealand government as a bargaining chip to curry favor with the Bainimarama regime. “The minister can go to Fiji and say, ‘look we saved you, let’s be friends again, let’s start talking about how we can help each other again’,” Fullman says. “It was part of the frame up.”

No charges were ever brought against any of the Fiji campaigners, yet the ramifications of the case are still felt. Fullman says he gets pulled out of airline queues for security searches every time he travels, and he has had trouble finding work since news reports following the raids in 2012 linked him to a Fiji assassination plan. He told The Intercept that he was never notified that his private communications had been monitored by New Zealand with the help of American counterparts at the NSA — possibly illegally — nor did he ever receive an apology or compensation for his treatment.

As he recalls the saga, there is no anger in Fullman’s voice, only disappointment. Since the affair, he has not felt like returning to live in New Zealand and plans to stay in Australia for the foreseeable future. “To be betrayed by your own country, it’s really hard,” he says, letting out a sigh. “It puts a sour taste in your mouth.”

Documents published with this story:

• Tony Fullman NSA files

The post In Bungled Spying Operation, NSA Targeted Pro-Democracy Campaigner appeared first on The Intercept.

On Tuesday, cabinet secretary for justice Michael Matheson was grilled in the country’s parliament about the so-called Scottish Recording Centre and its previously undisclosed involvement in covert surveillance operations.

As The Intercept revealed last week, the Recording Centre is one of several domestic organizations within the United Kingdom involved in a top-secret program named MILKWHITE, which has provided law enforcement agencies with access to “bulk” internet data intercepted by the British eavesdropping agency Government Communications Headquarters, or GCHQ. Prior to the disclosure, few in Scotland knew the Recording Centre even existed — much less that it has been tapping into GCHQ’s troves of data.

In recent days, several Scottish media outlets have picked up the issue, increasing pressure on the government. Questioned about the revelations on Tuesday, Matheson told the Scottish parliament that the government “takes the protection of our citizens’ civil liberties extremely seriously and we are clear that investigatory powers should only be used when it is necessary and proportionate to do so. But we must always balance those fundamental civil liberties with the need to ensure our law enforcement bodies have effective powers to investigate and deal with serious organized crime.”

He declined to comment on any relationship with GCHQ and stated that police must obtain a warrant signed off by a government minister to intercept communications. However, documents about the MILKWHITE program show that it stores metadata about emails, instant messenger chats, and social media activity, meaning it contains information that could reveal the sender and recipient of an email or message, but not the written content. And police agencies in the U.K. do not require a warrant to access this kind of information. They only require a warrant when they want to monitor the content of a communication — for instance, the audio of a call or the body of an email.

Matheson’s response, perhaps unsurprisingly, did not satisfy opposition politicians. John Finnie, a member of the Scottish parliament representing the Green party, said in a statement: “The Cabinet Secretary today attempted to give the impression that all policing activities in Scotland are proportional and that interceptions are independently approved but as we know that is not always the case. There is clearly a culture of bulk collection of data that needs [to be] reined in. I will continue to challenge such over-reaching activities.”

The revelation about the Recording Centre, the first from the Snowden archive to implicate Scotland’s authorities, has put the ruling Scottish National Party in an awkward spot.

Just last week, the party’s leadership took a strong stand against the U.K. government’s push to obtain more surveillance powers through the controversial Investigatory Powers Bill, dubbed the “Snoopers’ Charter” by critics. Joanna Cherry, the Scottish National Party’s spokesperson on justice and home affairs, had raised concerns about the proposed new powers for “bulk” surveillance, which she blasted as “extremely intrusive.”

However, the Snowden documents about MILKWHITE indicate that Scotland’s police forces — through the Recording Centre — have been accessing bulk data for years, presumably with sanction from top Scottish government ministers.

Alistair Carmichael, a Liberal Democrat member of parliament, was quick to point out this inconsistency — and has pledged to take up the issues surrounding the Recording Centre and the MILKWHITE program with the British government’s Home Office in an attempt to obtain more information.

“In the House of Commons last week, [former Scottish first minister] Alex Salmond voted with the Liberal Democrats against Tory moves that would see our internet histories recorded and made available to the intelligence services,” Carmichael said. “Now it seems that a centre established when he was First Minister was at the heart of the mass surveillance of our personal information.”

If it turns out that the Scottish government claims it was not in fact aware of the MILKWHITE program, Carmichael said, it would raise “big questions over the role of the U.K. intelligence services.” And if it were aware and yet “did nothing to raise the alarm, then we need to be told why they were happy for Scots to be left in the dark,” he added.

Scottish police and GCHQ have declined to answer questions about MILKWHITE, citing policy not to comment on “intelligence matters.” The Home Office has also refused to comment, claiming that it never discusses anything derived from leaked documents.

Sign up for The Intercept Newsletter here.

The post Snowden Disclosure Prompts Backlash in Scotland appeared first on The Intercept.

The concern was sent to top British government officials in an explosive classified document, which outlined methods being developed by the United Kingdom’s domestic intelligence agency to covertly monitor internet communications.

The Security Service, also known as MI5, had become the “principal collector and exploiter” of digital communications within the U.K., the eight-page report noted, but the agency’s surveillance capabilities had “grown significantly over the last few years.”

MI5 “can currently collect (whether itself or through partners …) significantly more than it is able to exploit fully,” the report warned. “This creates a real risk of ‘intelligence failure’ i.e. from the Service being unable to access potentially life-saving intelligence from data that it has already collected.”

A draft copy of the report, obtained by The Intercept from National Security Agency whistleblower Edward Snowden, is marked with the classification “U.K. Secret” and dated February 12, 2010. It was prepared by British spy agency officials to brief the government’s Cabinet Office and Treasury Department about the U.K.’s surveillance capabilities.

Notably, three years after the report was authored, two Islamic extremists killed and attempted to decapitate a British soldier, Lee Rigby, on a London street. An investigation into the incident found that the two perpetrators were well-known to MI5, but the agency had missed significant warning signs about the men, including records of phone calls one of them had made to an al Qaeda-affiliated radical in Yemen, and an online message in which the same individual had discussed in graphic detail his intention to murder a soldier.

The new revelations raise questions about whether problems sifting through the troves of data collected by British spies may have been a factor in the failure to prevent the Rigby killing. But they are also of broader relevance to an ongoing debate in the U.K. about surveillance. In recent months, the British government has been trying to pass a new law, the Investigatory Powers Bill, which would grant MI5 and other agencies access to more data.

Silkie Carlo, a policy officer at the London-based human rights group Liberty, told The Intercept that the details contained in the secret report highlighted the need for a comprehensive independent review of the proposed new surveillance powers.

“Intelligence whistleblowers have warned that the agencies are drowning in data — and now we have it confirmed from the heart of the U.K. government,” Carlo said. “If our agencies have risked missing ‘life-saving intelligence’ by collecting ‘significantly’ more data than they can analyze, how can they justify casting the net yet wider in the toxic Investigatory Powers Bill?”

The British government’s Home Office, which handles media requests related to MI5, declined to comment for this story.

“Lack of staff and tools”

The leaked report outlines efforts by British agencies to conduct both “large-scale” and “small-scale” eavesdropping of domestic communications within the U.K. It focuses primarily on an MI5 program called DIGINT, or digital intelligence, which was aimed at transforming the agency’s ability to covertly monitor internet communications.

DIGINT was established for counterterrorism purposes, and “more generally for wider national security purposes,” the report said. The program was described as being focused on “the activities of key investigative targets, and on those exploitation activities that will drive greatest investigative benefits with respect to U.K. domestic threats.”

The amount of data being collected, however, proved difficult for MI5 to handle. In March 2010, in another secret report, concerns were reiterated about the agency’s difficulties processing the material it was harvesting. “There is an imbalance between collection and exploitation capabilities, resulting in a failure to make effective use of some of the intelligence collected today,” the report noted. “With the exception of the highest priority investigations, a lack of staff and tools means that investigators are presented with raw and unfiltered DIGINT data. Frequently, this material is not fully assessed because of the significant time required to review it.”

97 percent of the calls, messages, and data the program had collected were found to have been “not viewed” by the authorities.

The problem was not unique to MI5.

Many of the agency’s larger-scale surveillance operations were being conducted in coordination with the National Technical Assistance Centre, a unit of the electronic eavesdropping agency Government Communications Headquarters, better known as GCHQ.

The Centre plays a vital but little-known role. One of its main functions is to act as a kind of intermediary, managing the highly sensitive data-sharing relationships that exist among British telecommunications companies and law enforcement and spy agencies.

Perhaps the most important program the Centre helps deliver is code-named PRESTON, which covertly intercepts phone calls, text messages, and internet data sent or received by people or organizations in the U.K. who have been named as surveillance targets on warrants signed off by a government minister.

A top-secret 2009 study found that, in one six-month period, the PRESTON program had intercepted more than 5 million communications. Remarkably, 97 percent of the calls, messages, and data it had collected were found to have been “not viewed” by the authorities.

The authors of the study were alarmed because PRESTON was supposedly focused on known suspects, and yet most of the communications it was monitoring appeared to be getting ignored — meaning crucial intelligence could have been missed.

“Only a small proportion of the Preston Traffic is viewed,” they noted. “This is of concern as the collection is all warranted.”

Chart: A top-secret study outlines PRESTON data collection by month.

“Politically contentious”

For most of the last decade, successive British governments have attempted to obtain more surveillance powers, but their efforts have met with public opposition and ultimately failed. The present government’s effort to push through a sweeping surveillance law — the Investigatory Powers Bill — is currently being considered by the Parliament.

Documents provided by Snowden show that the U.K.’s intelligence and security agencies have wanted to obtain new powers to store domestic data about internet communications to address the “growing range of services available to internet users.” This reflects the position that has been adopted publicly in recent years by the government, which has argued that expanded internet surveillance is necessary to keep up with changes in technology.

However, the Snowden documents also reveal a more candid internal assessment of the need for bolstered spy laws and shine light on major aspects of the U.K.’s existing surveillance apparatus that government and security officials have not publicly acknowledged in their pursuit of the new powers.

In one document dated from 2012, GCHQ stated that it was “not dependent” on a new surveillance law coming into force, presumably due to the extensive capabilities already at its disposal. GCHQ added that new powers were of greater importance to the U.K.’s law enforcement agencies, which were facing “a significant decline” in ability to intercept communications due to people increasingly using internet services — as opposed to conventional landlines and cellphones — to talk or exchange messages.

But passing a new surveillance law would be a “politically contentious [and] technically complex” process, GCHQ said in the document. In the meantime, therefore, it devised something of a workaround by creating a secret stop-gap surveillance solution for law enforcement officials.

As part of a program named MILKWHITE, GCHQ made some of its huge troves of metadata about people’s online activities accessible to MI5, London’s Metropolitan Police, the tax agency Her Majesty’s Revenue and Customs, the Serious Organized Crime Agency (now merged into the National Crime Agency), the Police Service of Northern Ireland, and an obscure Scotland-based surveillance unit called the Scottish Recording Centre.

Metadata reveals information about communications — such as the sender and recipient of an email, or the phone numbers someone called and at what time — but not the written content of the message or the audio of the call. GCHQ’s definition of metadata is broad and also encompasses location data that can be used to track people’s movements, login passwords, and website browsing histories, as The Intercept has previously revealed.

The MILKWHITE program was developed as early as September 2009, and it seems to have been operational under both the Labour and the Conservative-Liberal Democrat governments of that period. One of its purposes was to allow law enforcement agencies and MI5 to sift through the troves of metadata to discover internet “selectors” for their surveillance targets — meaning unique identifiers, such as a username or IP address, that can be used to home in on and monitor a person’s online activities.

“It now appears it has been ‘business as usual’ for the tax man to access mass internet data for years.”

GCHQ focuses primarily on intercepting foreign communications that are “external” to the U.K. But in the process of doing so — by tapping into international cables that carry phone calls and internet traffic between countries — the agency vacuums up large quantities of data on British calls, emails, and web browsing habits, too. It is this British data — some of which appears to have been made accessible through MILKWHITE — that would be of most interest to MI5, police, and tax officers, as it is their role to conduct “internal” investigations within the U.K.

A GCHQ document dated from late 2010 indicated that MILKWHITE was storing data about people’s usage of smartphone chat apps like WhatsApp and Viber, instant messenger services such as Jabber, and social networking websites, including Facebook, MySpace, and LinkedIn. Access to the data was provided to law enforcement through an “internet data unit” hosted by the Serious Organized Crime Agency and it was accessible to tax investigators through what one GCHQ document described as established “business as usual” channels.

By March 2011, GCHQ noted that there was “increasing customer demand” for the service offered by MILKWHITE and the agency planned to grow its capacity, seeking £20.8 million ($30.6 million) to update the program’s “advanced analytics” capabilities and to maintain its “bulk” storage of metadata records. “Bulk” is a term GCHQ uses to refer to large troves of data that are not focused on individual targets; rather, they include millions and in some cases billions of records about ordinary people’s communications and internet activity.

Carlo, the policy analyst with Liberty, said the revelations about MILKWHITE suggested members of Parliament had been misled about how so-called bulk data is handled. “While MPs have been told that bulk powers have been used only by the intelligence community, it now appears it has been ‘business as usual’ for the tax man to access mass internet data for years,” she said. “This vindicates the warnings of security experts and the call by opposition parties for an urgent, independent review of bulk powers. The compromise review recently announced is a poor substitute and without the time and technical expertise, will struggle to address this issue of national importance.”

GCHQ declined to answer questions for this story. A spokesperson for the agency said in a statement: “It is long-standing policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position. In addition, the U.K.’s interception regime is entirely compatible with the European Convention on Human Rights.”

Documents published with this article:

• Digint Narrative
• Milkwhite
• Preston Business Processes
• Communications Capabilities Development Programme
• NTAC Overview
• Preston Architecture
• Digint Imbalance
• Mobile Apps Checkpoint Meeting Archives
• Preston Study

Related: 

• Inside NSA, Officials Privately Criticize “Collect It All” Surveillance

Sign up for The Intercept Newsletter here.

The post Facing Data Deluge, Secret U.K. Spying Report Warned of Intelligence Failure appeared first on The Intercept.

Thirty-one-year-old Lauri Love has been accused by U.S. authorities of hacking into U.S. government networks between 2012 and 2013, including those of the Department of Defense, the Environmental Protection Agency, the Department of Energy, and NASA.

In October 2013, the U.K.’s equivalent of the FBI, the National Crime Agency, raided Love’s home and seized his computers and hard drives. But some of the devices contained encrypted data, meaning the agency could not access it.

Initially the British authorities served Love with an order under Section 49 of the U.K’s controversial Regulation of Investigatory Powers Act, which demanded that he hand over his passwords to open encrypted files stored on the devices. He declined to comply, and the National Crime Agency did not push the issue; Love was not charged with an offense under any British laws.

However, when Love recently launched a civil case seeking the return of his computers and storage devices, the agency renewed its encryption demand, and attempted to turn the civil proceedings around on him by using them as new means to get a judge to order Love to disclose his passwords and encryption keys. Investigators refused to return Love’s computers and hard drives on the basis that they claimed the devices could contain data that he did not have legitimate “ownership” of – for instance, hacked files. The authorities stated that if Love wanted to get his devices back, he would have to first turn over his passwords and show what was contained on them.

As The Intercept previously reported, civil liberties campaigners were alarmed by this development, because it seemed to be an effort to bypass the normal procedure under the Regulation of Investigatory Powers Act, which includes safeguards against abuse. The campaigners feared that, if successful, the case would set a new precedent that could have had implications for journalists, activists, and others who need to guard confidential information, potentially making it easier in the future for British police and security agencies to gain access to, or to seize and retain, encrypted material.

On Tuesday, at Westminster Magistrates’ Court in London, judge Nina Tempia ruled in Love’s favor. Tempia said that she was “not persuaded” by the National Crime Agency’s argument that Love should be compelled to disclose his passwords and encryption keys to prove his ownership of the data. She also took a swipe at the agency’s attempt to “circumvent” the Regulation of Investigatory Powers Act, which she described as the “specific legislation that has been passed in order to deal with the disclosure sought.”

Karen Todner, Love’s attorney, welcomed the decision. “The case raised important issues of principle in relation to the right to respect for private life and right to enjoyment of property and the use of the Court’s case management powers,” Todner said in a statement. A ruling in the authorities’ favor, she added, “would have set a worrying precedent for future investigations of this nature and the protection of these important human rights.”

A spokeswoman for the National Crime Agency declined to comment, citing an ongoing investigation and judicial proceedings.

It has not yet been determined whether Love will be able to get his seized devices back. The next hearing in his civil case has been set for July. Moreover, the U.S. Justice Department is actively seeking Love’s extradition on hacking charges.

Love, who has been diagnosed with Asperger’s syndrome, argues that he would not get a fair trial in the U.S., where his legal team says he could face a sentence of up to 99 years in prison. He has vowed to fight the extradition and says, whatever happens, he won’t give up his encryption keys. “There will be no decryption,” he declared Tuesday, standing outside the courtroom following the judgment.

“If they’d ruled in the other way it would have been very concerning for anyone who has to store sensitive information, especially people with obligations to clients, people under their care in terms of their confidentiality,” he said.

Love, who turned up late for the hearing wearing a black suit jacket, white shirt and sneakers, was pleased with the outcome. “It’s a victory,” he said, “it’s an avoidance of a disaster.”

Sign up for The Intercept Newsletter here.

The post British Hacker Wins Court Battle Over Encryption Keys appeared first on The Intercept.

The London-based group Privacy International obtained the previously confidential files as part of an ongoing legal case challenging the scope of British spies’ covert collection of huge troves of private data.

Millie Graham Wood, legal officer at Privacy International, said in a statement Wednesday that the documents show “the staggering extent to which the intelligence agencies hoover up our data. This can be anything from your private medical records, your correspondence with your doctor or lawyer, even what petitions you have signed, your financial data, and commercial activities.”

She added: “The agencies themselves admit that the majority of data collected relates to individuals who are not a threat to national security or suspected of a crime. This highly sensitive information about us is vulnerable to attack from hackers, foreign governments, and criminals.”

The documents, published online Wednesday, primarily relate to the opaque rules regulating British spy agencies’ use of so-called bulk personal data sets, which are obtained without any judicial authorization and contain “personal data about a wide range of individuals, the majority of whom are not of direct intelligence interest,” according to the agencies’ own definition of them.

The data sets could cover a wide variety of information, the documents suggest, potentially revealing details deemed particularly “sensitive,” such as people’s political opinions, religious beliefs, union affiliation, physical or mental health status, sexual preferences, biometric data, and financial records. They may also contain data revealing legally privileged information, journalists’ confidential sources, and “details about individuals who are dead,” one document says.

The documents include internal guidance codes for spies who have access to the surveillance systems. One memo, dated June 2014, warns employees of MI6, the U.K.’s equivalent of the CIA, against performing a “self-search” for data on themselves, offering a bizarre example that serves to illustrate the scope of what some of the repositories contain.

“An example of an inappropriate ‘self search’ would be to use the database to remind yourself where you have traveled so you can update your records,” the memo says. “This is not a proportionate use of the system, as you could find this information by another means (i.e. check the stamps in your passport or keep a running record of your travel) that would avoid collateral intrusion into other people’s data.”

Another document warns MI6’s employees that they must not trawl the surveillance databases “for information about other members of staff, neighbors, friends, acquaintances, family members and public figures.” That is, it adds, “unless it is necessary to do so as part of your official duties.” The agency says that it has monitoring systems in place to catch any abuses, but it is unclear whether the checks that are in place are sufficient. One 2010 policy paper from MI6 states there is “no external oversight” of it or its partners’ “bulk data operations,” though the paper adds that this was subject to review.

Elsewhere in the documents, eavesdropping agency Government Communications Headquarters (GCHQ) and domestic intelligence agency MI5 admit that they have obtained the bulk data sets on several occasions dating back more than a decade — GCHQ beginning in 1998, and MI5 in 2005 — under Section 94 of the 1984 Telecommunications Act. The agencies argue that the data has thwarted terror plots and is needed “to identify subjects of interest, or unknown individuals who surface in the course of investigations; to establish links between individuals and groups, or otherwise improve understanding of a target’s behavior and connections; to validate intelligence obtained through other sources; or to ensure the security of operations or staff.”

Last year, The Intercept exposed how GCHQ has in recent years attempted to create what it described as the world’s largest surveillance system, covertly harvesting in excess of 50 billion records every day about people’s emails, phone calls, and web browsing habits. In one program code-named KARMA POLICE, the agency said it was seeking to obtain “a web browsing profile for every visible user on the internet.”

Top photo: Inside GCHQ headquarters in Cheltenham, England.

The post Documents Reveal Secretive U.K. Surveillance Policies appeared first on The Intercept.

England-based Lauri Love (pictured above) was arrested in October 2013 by the U.K.’s equivalent of the FBI, the National Crime Agency, over allegations that he hacked a range of U.S. government systems between 2012 and 2013, including those of the Department of Defense, the Environmental Protection Agency, the Department of Energy, and NASA.

The U.S. Justice Department is seeking the extradition of Love, claiming that he and a group of conspirators breached “thousands of networks” in total and caused millions of dollars in damages. But Love has been fighting the extradition attempt in British courts, insisting that he should be tried for the alleged offenses within the U.K. The 31-year-old, who has been diagnosed with Asperger’s syndrome, has argued that he would not get a fair trial in the U.S., where his legal team says he could face a sentence of up to 99 years in jail.

The issues raised by Love’s case, however, are not limited to hacking. In recent weeks, his case has taken on a new dimension — opening up another potential battleground in the ongoing international debate about encrypted data and the power governments should have to access it.

Following Love’s arrest in 2013, the National Crime Agency, or NCA, seized computers and hard drives in his possession. He was then served with an order under Section 49 of the U.K’s controversial Regulation of Investigatory Powers Act, which demanded that he hand over his passwords to open encrypted files stored on the devices. Love refused, and when the NCA did not push the issue any further, it appeared that the agency had given up on its attempt to make him comply.

Subsequently, Love sued the NCA in an attempt to have his seized computers and hard drives returned. But that effort has now culminated in the NCA doubling down and renewing its demand that he turn over his encryption keys. According to a court document dated March 2, 2016, the agency is asking that Love “provide the encryption key or password” for data encrypted using TrueCrypt software that was found on his Samsung laptop, two hard drives, and a memory card.

Naomi Colvin, a campaigner for transparency advocacy group the Courage Foundation, told The Intercept that she believed the case could have “huge implications for journalists, activists, and others who need to guard confidential information” — potentially setting a precedent that could make it easier in the future for British police and security agencies to gain access to, or to seize and retain, encrypted material.

Colvin said that the Courage Foundation, which is raising funds for Love’s legal defense, is backing him because “his case fits in to a pattern of political prosecutions of hacktivists and other truthtellers.” She added: “From our work with some of our other beneficiaries — particularly Jeremy Hammond and Barrett Brown — we’re very familiar with the prosecutorial overreach, inflated damage figures, absurd sentencing, and discriminatory prison treatment, including frequent spells in solitary confinement, that is common in these kinds of cases.”

The encryption key demand is set to be the focus of an April 12 court hearing, at which a judge is expected to rule on whether Love should be ordered to turn over his passwords. But regardless of the hearing’s outcome, Love has no intention of turning over his encryption keys.

“I don’t have any alternative but to refuse to comply,” he told The Intercept. “The NCA are trying to establish a precedent so that an executive body — i.e., the police — can take away your computers and if they are unable to comprehend certain portions of data held on them, then you lose the right to retain them. It’s a presumption of guilt for random data.”

Notably, in the lead-up to the April 12 hearing, the NCA has appeared keen to keep public discussion of the case out of the media, perhaps in light of a recent high-profile controversy on the other side of the Atlantic over FBI demands that Apple Inc. help thwart the encryption on an iPhone.

Court documents show that the agency requested — and a judge approved — that witness statements and skeleton arguments should not be disclosed “to the press, the public, or any third party save with the leave of the court until after the final hearing, and then only in relation to such matters as are referred to in open court or as permitted or directed by the court.”

Karen Todner, Love’s attorney, told The Intercept that the NCA’s apparent desire to minimize publicity was quite unusual. “In other cases that I’ve dealt with — not necessarily about extradition, but computer hacking cases — they’ve put out press statements and been quite proactive in the press,” she said.

Todner noted that Love’s case has similarities to that of Gary McKinnon, a Scottish man who successfully fought extradition to the U.S. over allegations that he hacked NASA and U.S. military computers. Like Love, McKinnon had also been diagnosed with Asperger’s syndrome. After a 10-year campaign and lengthy legal battle, McKinnon’s extradition was ultimately blocked by the British government over health concerns.

“I think that they [the NCA] are possibly nervous because of the McKinnon case, because certainly the press that McKinnon received was helpful to his case. It courted public opinion and certainly Lauri’s case would probably also court public opinion.”

The NCA declined to comment for this story.

The post British Authorities Demand Encryption Keys in Case With “Huge Implications” appeared first on The Intercept.

The government’s draft Investigatory Powers Bill — the so-called snoopers’ charter — was published in November last year. If passed into law in its current form, it would mandate a data retention regime unprecedented in any Western democracy, forcing internet companies to store records showing every website visited by every person in the U.K. for a period of 12 months. The bill also codifies powers that would allow British security agencies to conduct large-scale hacks of computer networks, and it will also hand spies the power to secretly monitor journalists and their sources, as The Intercept has previously reported.

During Tuesday’s debate in Parliament, the government’s home secretary, Theresa May (pictured above), defended the proposed law, stating that it was “world-leading legislation” necessary to combat terrorism threats. However, Labour, Liberal Democrat, and Scottish National Party representatives criticized the bill and vowed not to support it unless it is rewritten in several areas.

“The truth is we are some way from finding a consensus in the form that this legislation should take,” said Labour’s Andy Burnham. “We’ve recognized the country needs a new law, but I’ve also said that the government’s bill is not yet worthy of support. There are significant weaknesses in this bill.”

Following the debate, there was set to be a vote to pass the bill to the next stage of parliamentary scrutiny. The Labour and Scottish National parties both said they would abstain, while the Liberal Democrats announced they would vote against the bill, calling the proposed legislation “awful.” However, the governing Conservative party, which has a narrow majority of members in the Parliament, will almost certainly obtain enough votes to move the bill forward.

The months ahead will see the continuation of a heated debate around the government’s proposals, which have faced severe criticism in recent weeks. On Tuesday, 200 legal experts signed a letter in The Guardian asserting that the Investigatory Powers Bill “fails to meet international standards for surveillance powers” and “may be illegal.”

Earlier in March, the U.N.’s special rapporteur on the right to privacy criticized the draft law as “disproportionate,” and said that it would “undermine the spirit of the very right to privacy.”

Meanwhile, three separate British parliamentary reports have raised concerns about the scope of the broad surveillance plans. In February, one of the committees that scrutinized the plans made 86 detailed recommendations for improvements and said that the government had “a significant amount of further work to do before Parliament can be confident that the provisions have been fully thought through.”

Update: March 15, 2016, 15:30 ET
As expected, members of Parliament have voted in favor of the surveillance bill. It was approved by 281 votes to 15 and will now move to the next stage of parliamentary scrutiny — known as the “committee stage” — during which the legislation will be debated in detail and various amendments proposed.

The post U.K. Parliament Debates “Snoopers’ Charter” appeared first on The Intercept.

Miranda (pictured above) was detained and interrogated for nine hours at Heathrow Airport in August 2013 while he was assisting Greenwald’s reporting on documents about government mass surveillance leaked by National Security Agency whistleblower Edward Snowden.

Last year, the High Court in London dismissed a legal challenge brought by Miranda over the case on the grounds that it reasonably regarded his actions as “terrorism” as defined by the law. However, that decision was partially overturned Tuesday by the Court of Appeal in a ruling that will be viewed as a major victory for press freedom campaigners.

The ruling finds that the police followed the law when detaining Miranda under a controversial section of the Terrorism Act, Schedule 7. However, crucially, it asserts that the statute itself “is not subject to adequate safeguards against its arbitrary exercise” and is “incompatible” with Article 10 of the European Convention on Human Rights, which provides the right to “receive and impart information and ideas without interference by public authority and regardless of frontiers.”

The Court of Appeal’s most senior judge, Lord Dyson MR, stated in the ruling that he accepted there were already some “constraints on the exercise of the power,” but he believed that these “do not afford effective protection of journalists’ Article 10 rights.” He added:

The central concern is that disclosure of journalistic material (whether or not it involves the identification of a journalist’s source) undermines the confidentiality that is inherent in such material and which is necessary to avoid the chilling effect of disclosure and to protect Article 10 rights. If journalists and their sources can have no expectation of confidentiality, they may decide against providing information on sensitive matters of public interest. That is why the confidentiality of such information is so important.

Miranda’s appeal was supported by a press freedom litigation fund established by First Look Media, The Intercept’s parent company. It was also supported by the rights groups Liberty, Article 19, English PEN, and the Media Defense Initiative. The latter three organizations argued in a joint submission to the court that the treatment of Miranda “raised very serious concerns about the adequacy of the safeguards available in the United Kingdom for those undertaking, or assisting in, journalist work in the public interest, or their sources.”

Miranda, a Brazilian national, was detained in London at the height of the international fallout from the Snowden revelations, which featured major disclosures about British mass surveillance programs. At the time of his August 2013 detention, Miranda was transporting a batch of the Snowden documents from one reporter to another — from Laura Poitras in Berlin to Greenwald in Rio de Janeiro. Poitras had been working on stories sourced from the Snowden material with the New York Times and Der Spiegel, while Greenwald was reporting for The Guardian, which had paid for Miranda’s trip. (Greenwald, who was then a columnist for the London-based newspaper, left in October 2013 to co-found The Intercept with Poitras.)

Shortly after Miranda was detained, British authorities claimed that encrypted material seized from him included 58,000 “highly classified” British documents derived from the Snowden leaks, 75 of which they said they had “reconstructed” and been able to decrypt and view. The seizure of the documents led to the London police counterterrorism division launching a criminal investigation that focused in part on journalists who had handled the files. The probe, which was designated the code name “Operation Curable,” remained ongoing as recently as November of last year, The Intercept has previously reported.

To justify their seizure of the documents, British authorities had argued that publication of the Snowden files was itself a terrorist act. A memo circulated by security services prior to Miranda’s detention asserted that “the disclosure [of the Snowden documents], or threat of disclosure, is designed to influence a government and is made for the purpose of promoting a political or ideological cause. This therefore falls within the definition of terrorism.” This position was seemingly accepted by the High Court in February 2014, which ruled in favor of the government in a ruling staunchly criticized by press freedom groups such as Reporters without Borders. It also appeared to concern the U.K. government’s independent reviewer of terrorism laws, David Anderson, who warned in a July 2014 report that the High Court ruling had set a precedent that could mean in some cases that the “writing of a book, an article or a blog may therefore amount to terrorism.”

The appeals court’s judgment, however, appears to overturn this aspect of the High Court’s earlier ruling, significantly reining in its conflation of journalism with terrorism. It makes clear that under the European Convention on Human Rights, journalists are entitled to legal protections and should not be subjected to arbitrary stops and searches under counterterrorism laws. The law used to detain Miranda will now have to be changed so that journalists are better protected in the future.

Kate Goold, a lawyer for the London firm Bindmans who represented Miranda in the case, said that Tuesday’s ruling “emphasizes the importance of interpreting terrorism with its ordinary natural meaning to ensure that legitimate public interest journalism is not stifled through the use of draconian powers.”

“The notion of a journalist becoming an ‘accidental terrorist’ has been wholeheartedly rejected,” Goold said. “We welcome this court’s principled and decisive ruling that Schedule 7 needs to come in line with other legislation to ensure that the seizure of journalistic material is protected by judicial safeguards.”

Responding to the news Tuesday, Miranda tweeted that he was “Thrilled with the court ruling!” He added: “My purpose was to show U.K.’s terrorism law violates press freedoms. And journalism isn’t ‘terrorism.’ We won!”

The British government could attempt to launch a challenge against the Court of Appeal’s ruling with the U.K.’s Supreme Court. However, it was not immediately clear whether it intends to pursue the case further.

A spokesperson for the government’s Home Office insisted in a statement Tuesday that the appeals court’s ruling regarding Miranda’s detention “supports the action taken by police to protect national security.”

The spokesperson added: “We also note the court’s decision that Schedule 7 [of the Terrorism Act], as in force at the time of this incident, did not provide sufficient protection against the examination of journalistic material.

“The government is constantly working to ensure our counterterrorism powers are both effective and fair. That is why in 2015 we changed the Code of Practice for examining officers to instruct them not to examine journalistic material at all. This goes above and beyond the court’s recommendations in this case.”

Update: January 19, 9:45 a.m.
This post has been updated to include comment from the U.K. government. 

The post U.K. Court, in David Miranda Case, Rules Terrorism Act Violates Fundamental Rights of Free Press appeared first on The Intercept.

The six-page document, titled “Assessment of Intelligence Opportunity – Juniper,” raises questions about whether the intelligence agencies were responsible for or culpable in the creation of security holes disclosed by Juniper last week. While it does not establish a certain link between GCHQ, NSA, and the Juniper hacks, it does make clear that, like the unidentified parties behind those hacks, the agencies found ways to penetrate the “NetScreen” line of security products, which help companies create online firewalls and virtual private networks, or VPNs. It further indicates that, also like the hackers, GCHQ’s capabilities clustered around an operating system called “ScreenOS,” which powers only a subset of products sold by Juniper, including the NetScreen line. Juniper’s other products, which include high-volume Internet routers, run a different operating system called JUNOS.

The possibility of links between the security holes and the intelligence agencies is particularly important given an ongoing debate in the U.S. and the U.K. over whether governments should have backdoors allowing access to encrypted data. Cryptographers and security researchers have raised the possibility that one of the newly discovered Juniper vulnerabilities stemmed from an encryption backdoor engineered by the NSA and co-opted by someone else. Meanwhile, U.S. officials are reviewing how the Juniper hacks could affect their own networks, putting them in the awkward position of scrambling to shore up their own encryption even as they criticize the growing use of encryption by others.

The headquarters of Juniper Networks in Sunnyvale, Calif., on Jan. 1, 2014.

Photo: Kris Tripplaar/Sipa USA/AP

“The threat comes from Juniper’s investment and emphasis on being a security leader,” the document says. “If the SIGINT community falls behind, it might take years to regain a Juniper firewall or router access capability if Juniper continues to rapidly increase their security.”

The document, provided by NSA whistleblower Edward Snowden, shines light on the agencies’ secret efforts to ensure they could monitor information as it flowed through Juniper’s products, which are used by Internet providers, banks, universities, and government agencies. It notes that while Juniper trails its competitors, it is a “technology leader” with gear “at the core of the Internet in many countries,” including several deemed to be high priority from a spying perspective: Pakistan, Yemen, and China.

“Juniper technology sharing with NSA improved dramatically to exploit several target networks”

Asked about the document, GCHQ issued a boilerplate response asserting that the agency does not comment on intelligence matters and complies with “a strict legal and policy framework.” The NSA could not immediately respond Tuesday. Juniper sent a written statement saying the company “operates with the highest of ethical standards, and is committed to maintaining the integrity, security, and quality of our products. As we’ve stated previously … it is against established Juniper policy to intentionally include ‘backdoors’ that would potentially compromise our products or put our customers at risk. Moreover, it is Juniper policy not to work with others to introduce vulnerabilities into our products.”

Juniper’s prominence and ubiquity similarly helped draw attention to the more recent hacks against the company, which first came to light Thursday, when the California firm revealed it had discovered “unauthorized code” in ScreenOS enabling two major vulnerabilities. One, first present in an August 2012 release of ScreenOS, could allow access to encrypted data transmitted over VPNs. The other, first surfacing in a December 2014 ScreenOS release, allows an attacker to remotely administer a firewall, thus leading to “complete compromise of the affected device,” according to Juniper. The vulnerabilities remained in versions of ScreenOS released through at least October of this year.

It is the earlier vulnerability, potentially allowing eavesdropping on VPNs, that has generated vigorous online discussion among computer security experts. Some, like Johns Hopkins professor Matthew Green and security researcher Ralf-Philipp Weinmann, have said that an attacker appears to have subverted a backdoor shown, in previously disclosed documents from Snowden, to have originated with the NSA. Specifically, the attacker seems to have tampered with a 32-byte value used to seed the generation of random numbers, numbers that are in turn used in the process of encrypting data in ScreenOS. ScreenOS uses the value as a parameter to a standard system for random number generation known as Dual Elliptic Curve Deterministic Random Bit Generator. The default 32-byte value in this standard is believed to have been generated by the NSA. Juniper said, in the wake of the Snowden revelations about the standard, that it had replaced this 32-byte value with its own “self-generated basis points.” So the attacker would have replaced Juniper’s replacement of the NSA 32-byte value.

Matt Blaze, a cryptographic researcher and director of the Distributed Systems Lab at the University of Pennsylvania, said the document contains clues that indicate the 2011 capabilities against Juniper are not connected to the recently discovered vulnerabilities. The 2011 assessment notes that “some reverse engineering may be required depending on firmware revisions” affecting targeted NetScreen firewall models. Blaze said this points away from the sort of ScreenOS compromise behind the more recent Juniper vulnerabilities.

“With the [recently discovered] backdoor, a firmware revision would either have the backdoor or it wouldn’t, and if it was removed, they’d have to do a lot more than ‘some reverse engineering’ to recover the capability,” Blaze said. “My guess from reading this is that the capabilities discussed here involved exploiting bugs and maybe supply chain attacks, rather than this [recently discovered] backdoor.”

Blaze said the exploit capabilities in the 2011 document seem consistent with a program called “FEEDTROUGH,” first revealed in a 2007 document published alongside an article in German newsweekly Der Spiegel.

Even if it outlines capabilities unconnected to the recently discovered Juniper hacks, the 2011 GCHQ assessment makes clear that the author was interested in expanding the agencies’ capabilities against Juniper. “The vast majority of current Juniper exploits are against firewalls running the ScreenOS operating system,” the author wrote. “An effort to ensure exploitation capability” against Juniper’s primary operating system, JUNOS, “should bear fruit against a wide range of Juniper products.”

The document suggests that the intelligence agencies successfully used the security holes they identified in Juniper’s devices to repeatedly penetrate them for surveillance, stating that “Juniper technology sharing with NSA improved dramatically during [calendar year] 2010 to exploit several target networks where GCHQ had access primacy.”

The assessment also notes that, because Juniper is a U.S.-based company, there is both “opportunity and complication” in targeting its technology. “There is potential to leverage a corporate relationship should one exist with NSA,” it says, adding: “Any GCHQ efforts to exploit Juniper must begin with close coordination with NSA.”

It further states that GCHQ has a “current exploit capability” against 13 Juniper models, all of which run ScreenOS: NS5gt, N25, NS50, NS500, NS204, NS208, NS5200, NS5000, SSG5, SSG20, SSG140, ISG 1000, ISG 2000. It reveals that the agency was developing an additional surveillance capability to hack into high-capacity Juniper M320 routers, which were designed to be used by Internet service providers.

“The ability to exploit Juniper servers and firewalls,” the document says, “will pay many dividends over the years.”

The post NSA Helped British Spies Find Security Holes In Juniper Firewalls appeared first on The Intercept.

The case for expanded surveillance of communications, however, is complicated by an analysis of recent terrorist attacks. The Intercept has reviewed 10 high-profile jihadi attacks carried out in Western countries between 2013 and 2015 (see below), and in each case some or all of the perpetrators were already known to the authorities before they executed their plot. In other words, most of the terrorists involved were not ghost operatives who sprang from nowhere to commit their crimes; they were already viewed as a potential threat, yet were not subjected to sufficient scrutiny by authorities under existing counterterrorism powers. Some of those involved in last week’s Paris massacre, for instance, were already known to authorities; at least three of the men appear to have been flagged at different times as having been radicalized, but warning signs were ignored.

In the aftermath of a terrorist atrocity, government officials often seem to talk about surveillance as if it were some sort of panacea, a silver bullet. But what they always fail to explain is how, even with mass surveillance systems already in place in countries like France, the United States, and the United Kingdom, attacks still happen. In reality, it is only possible to watch some of the people some of the time, not all of the people all of the time. Even if you had every single person in the world under constant electronic surveillance, you would still need a human being to analyze the data and assess any threats in a timely fashion. And human resources are limited and fallible.

There is no doubt that we live in a dangerous world and that intelligence agencies and the police have a difficult job to do, particularly in the current geopolitical environment. They know about hundreds or thousands of individuals who sympathize with terrorist groups, any one of whom may be plotting an attack, yet they do not appear to have the means to monitor each of these people closely over sustained periods of time. If any lesson can be learned from studying the perpetrators of recent attacks, it is that there needs to be a greater investment in conducting targeted surveillance of known terror suspects and a move away from the constant knee-jerk expansion of dragnet surveillance, which has simply not proven itself to be effective, regardless of the debate about whether it is legal or ethical in the first place.

Map of 10 recent attacks carried out in Western countries by Islamic extremists.

freevectormaps.com

1. Paris attacks: November 13, 2015

Victims: 129 dead. 400+ wounded.
Named suspected perpetrators: Ismaël Omar Mostefaï (29; French), Samy Amimour (28; French), Ibrahim Abdeslam (31; French), Bilal Hadfi (20; French), Abdelhamid Abaaoud (27; Belgian), Salah Abdeslam (26; French).
Weapons: Assault rifles, hand grenades, suicide vests.

Known to authorities? At least three of the men involved in planning and carrying out the French attacks were known to European authorities and at least four were listed in a U.S. terrorism watchlist database. Ismaël Omar Mostefaï, who helped carry out the massacre at the Bataclan concert venue, had been flagged as a radicalization risk in 2010. French police reportedly ignored two warnings about Mostefaï before he carried out the attacks. Some of his friends claimed to have tried to alert French police about his radical views, but said they were told the authorities could do nothing. Samy Amimour, another of the men involved in the Bataclan massacre, had been previously charged with terrorist offenses “after an abortive attempt to travel to Yemen,” according to Paris prosecutors.

The alleged ringleader of the attacks, Abdelhamid Abaaoud, was also well-known to European police. In 2013, he booked a flight from Cologne to Turkey, which was flagged to German authorities because he was reportedly on an EU watchlist. But he was not detained and was able to board the flight. From Turkey, Abaaoud entered Syria, where he joined ISIS. Abaaoud later returned to Europe and was named as a wanted extremist in January following a gun battle in Belgium. In February, he featured prominently in ISIS propaganda magazine Dabiq boasting about how he had been able to evade police detection in Europe.

Others involved in the Paris attacks are also likely to have been on the radar of police and intelligence agencies due to their travels to Syria. Bilal Hadfi, for instance, was living in Belgium after having returned from Syria, where he is believed to have fought with Islamic State militants. Hadfi apparently attended the Instituut Anneessens-Funck college in Brussels; his former history professor recalled that, following the Charlie Hebdo massacre in January 2015, Hadfi defended the attacks. The professor reported him to management due to concerns about his radical views, but management “decided not to intervene, to avoid stigmatizing the young student.” In June, Hadfi reportedly posted on his Facebook page encouraging terrorist attacks: “Those dogs are attacking our civilians everywhere. Strike them in their community of pigs so they can’t feel safe again in their own dreams.” The family of Ibrahim Abdeslam, who detonated a suicide vest inside a cafe during the attacks, said he too had spent “a long time” in Syria before returning to Europe.

Rescue workers gather to treat victims in Paris’ 10th arrondissement, Friday, Nov. 13, 2015.

Photo: Jacques Brinon/AP

2. Thalys train attack, France: August 21, 2015

Victims: No deaths. Two wounded.
Alleged perpetrator: Ayoub El Khazzani (26; Moroccan).
Weapons: Pistol, assault rifle, box cutter, bottle of petrol.

Known to authorities? Khazzani was reportedly known to European authorities for his Islamic radicalism. While living in Spain, he had come to security agencies’ attention after he was observed defending jihadis and attending a radical mosque in Algeciras, Spain.

French police stand guard on the platform next to a Thalys train at the station in Arras, northern France, on Aug. 22, 2015, the day after an armed gunman was overpowered by passengers. 

Photo: Philippe Huguen/AFP/Getty Images

3. Curtis Culwell Center attack, Garland, Texas: May 3, 2015

Victims: One wounded.
Perpetrators: Elton Simpson (30; American) and Nadir Soofi (34; Pakistani-American).
Weapons: Assault rifles, handguns.

Known to authorities? Elton Simpson had reportedly been placed on the U.S. no-fly list and had been convicted of a terror-related offense in 2011 after being caught discussing traveling to Somalia to engage in violent jihad. Soofi, on the other hand, was reportedly “relatively unknown to federal investigators,” though he lived with Simpson. A third man, Abdul Malik Abdul Kareem, was allegedly responsible for supplying the guns and ammunition used in the attack. Kareem was investigated in 2012 after he was suspected of developing a plot to attack a Super Bowl game in Arizona with explosives.

An FBI evidence response team member investigates the crime scene after a shooting outside of the Curtis Culwell Center in Garland, Texas, May 4, 2015 .

Photo: Ben Torres/Getty Images

4. Shootings in Copenhagen, Denmark: February 14-15, 2015

Victims: Two dead. Five wounded.
Perpetrator: Omar Abdel Hamid El-Hussein (22; Danish-Jordanian-Palestinian).
Weapons: Assault rifle, pistols.

Known to authorities? Hussein was reportedly well-known to Danish security agencies. Prior to the Copenhagen shootings, he had been imprisoned for stabbing a teenager in the leg on a train. While he was in jail, prison officials filed a concern report to the Danish intelligence agency PET, warning that his behavior had changed and that he had become extremely religious. Two weeks after he was released from jail he went on the shooting rampage that left three dead and five wounded in different parts of Copenhagen. Shortly before the attacks, Hussein had apparently sworn allegiance to ISIS in a post on his Facebook page.

The body of a shooting suspect lies on the pavement as Danish forensic police officers examine the scene, Feb. 15, 2015, Copenhagen Denmark.

Photo: TV2 Norway/AP

5. Shootings in Paris (Charlie Hebdo and Jewish supermarket): January 7-9, 2015

Victims: 17 dead. 20 wounded.
Perpetrators: Chérif Kouachi (32; French), Saïd Kouachi (34; French), Amedy Coulibaly (32; French).
Weapons: Assault rifles, submachine guns, grenade launcher, pistols, shotgun.

Known to authorities? Chérif Kouachi was well-known to French security agencies as an Islamic extremist. In 2005 he was detained trying to board a plane for Syria and in 2008 he was jailed for three years for his role in sending militants to Iraq. Both Chérif and his brother Saïd were alleged to have been involved in a 2010 plot to free from prison Smaïn Ait Ali Belkacem, the French-Algerian extremist responsible for the 1995 Paris metro station bombing. The brothers were never prosecuted over the prison-break plot due to a lack of evidence. In 2011, Saïd traveled to Yemen and allegedly trained with al Qaeda. The U.S. reportedly provided France with intelligence in 2011 showing the brothers received terrorist training in Yemen and French authorities monitored them until the spring of 2014. Amedy Coulibaly was also well-known to the authorities. In 2013 he was sentenced to five years in prison for providing ammunition as part of the 2010 prison-break plot that the Kouachi brothers were also suspected of involvement in. However, Coulibaly reportedly only spent about three months in jail and was released in March 2014.

Screen grab of the attack on Charlie Hebdo magazine, Paris, France, Jan. 7, 2015.

Photo: Youtube

6. Cafe seige, Sydney, Australia: December 15-16, 2014

Victims: Two dead. Four wounded.
Perpetrator: Man Haron Monis (50; Iranian-Australian).
Weapon: Shotgun.

Known to authorities? Two months prior to taking 17 people hostage in a Sydney cafe, Monis wrote a letter to Australia’s attorney general seeking advice about the legality of communicating with ISIS. He was “well-known” to federal and state police, as well as the Australian Security Intelligence Organization, and had sent “hate letters” to families of Australian soldiers killed in overseas conflicts. Before carrying out his attacks, Monis apparently pledged allegiance on his website to Islamic State leader Abu Bakr al-Baghdadi. This was reported to Australian authorities, who reviewed Monis’ website and social media posts but (erroneously) concluded he was unlikely to carry out an act of violence.

A hostage runs toward tactical response police officers after escaping from a cafe under siege in the central business district of Sydney, Australia, Dec. 15, 2014.

Photo: Bob Griffith/AP

7. Canada attacks (Quebec car ramming and parliament shooting): October 20 and 22, 2014

Victims: Two dead. Four injured.
Perpetrators: Michael Zehaf-Bibeau (32; Canadian-Libyan) and Martin Couture-Rouleau (25; Canadian).
Weapons: Rifle, car. 

Known to authorities? Couture-Rouleau was known to Canadian authorities prior to an attack in which he rammed two Canadian soldiers, killing one and injuring another. He had reportedly been “considered some kind of threat by the Canadian government” and had posted a variety of pro-jihadi materials on his Facebook page. Police had been monitoring him over concerns that he had become radicalized and his passport had been seized to prevent him from traveling abroad to join militants. Zehaf-Bibeau, who shot dead a soldier at a war memorial near the Canadian parliament, was a habitual offender who had a criminal record for a number of offenses, including robbery and drug possession. Zehaf-Bibeau was reportedly “on the radar” of federal authorities in Canada and his email address had been previously found on the computer hard drive of someone charged with a “terrorist-related offense.”

Police, bystanders and soldiers aid a fallen soldier at the National War Memorial in Ottawa, Canada, the site of an apparent terrorist attack, Oct. 22, 2014.

Photo: Cuddington/Barcroft Media /Landov

8. Jewish Museum killings in Brussels: May 24, 2014

Victims: Four dead.
Perpetrator: Mehdi Nemmouche (29; French)
Weapons: Automatic rifle, handgun.

Known to authorities? Nemmouche had been incarcerated on five occasions in France for various crimes, including armed robbery. In 2013 he had traveled to Syria. When he returned to Europe he was reportedly placed under surveillance by French counterterrorism police, who suspected he had joined with Islamic extremist fighters while in Syria.

A forensic expert enters the Jewish Museum in Brussels, May 24, 2014.

Photo: Yves Logghe/AP

9. Beheading in Woolwich, London: May 22, 2013

Victims: One dead.
Perpetrators: Michael Adebolajo (28; British-Nigerian) and Michael Adebowale (22; British-Nigerian).
Weapons: Cleaver, knives, pistol.

Known to authorities? Both attackers were known to British authorities and were suspected of having been radicalized prior to their murder of soldier Lee Rigby in Woolwich, London. According to a U.K. parliamentary report published following the attack, Adebolajo was investigated under five separate police and security service operations. He was believed to have links to several extremist networks and was suspected of having tried to travel overseas to join a terrorist organization. Adebowale was investigated by British spies after he was identified as having viewed extremist material online. London counterterrorism police also received an uncorroborated tip that Adebowale was affiliated with al Qaeda. Investigators reviewed Adebowale’s cellphone records and apparently did not find anything of interest. But they did not check his landline call records, which if they had would have revealed that he had been in contact with an individual in Yemen linked to al Qaeda. Covert surveillance of both Adebolajo and Adebowale had ceased prior to their attack in London in May 2013, though Adebowale was still the subject of a terrorism-related investigation at the time.

A British police officer carries an evidence bag containing a knife near the scene where a soldier was murdered in Woolwich, Britain, May 23, 2013.

Photo: Facundo Arrizabalaga/EPA /Landov

10. Boston Marathon bombing: April 15, 2013

Victims: Five dead. 260+ wounded.
Perpetrators: Dzhokhar Tsarnaev (19; Kyrgyzstani-American) and Tamerlan Tsarnaev (26; Kyrgyzstani-American).
Weapons: Pressure-cooker bombs, semi-automatic pistol, improvised explosive devices.

Known to authorities? Dzhokhar’s older brother, Tamerlan, who orchestrated the attacks, was placed on two different U.S. government watchlists in late 2011. Russian security agency FSB tipped off the FBI and CIA in 2011 that Tamerlan “was a follower of radical Islam,” and he and his family were subsequently interviewed by American agents, according to the Associated Press. The CIA reportedly “cleared [Tamerlan] of any ties to violent extremism” two years before he and his younger brother carried out the bombing of the marathon.

Boston Marathon participants run toward the finish line as an explosion erupts at the race, Boston, Mass., April 15, 2013.

Photo: Dan Lampariello/Reuters /Landov

Sign up for The Intercept Newsletter here.

The post From Paris to Boston, Terrorists Were Already Known to Authorities appeared first on The Intercept.