Home /

Observatories /

The Snowden Revelations

The Snowden Revelations

EU-UK-GCHQ-USA-NSA: Data surveillance (June 2013 - ongoing)

European Parliament: LIBE Committee Inquiry on Electronic Mass Surveillance of EU Citizens

Final: Report on the US NSA surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ fundamental rights and on transatlantic cooperation in Justice and Home Affairs(pdf): Rapporteur: Claude Moraes MEP. And see: European Parliament: LIBE Committee Inquiry: Electronic Mass Surveillance of EU Citizens: Proceedings, Outcome and Background documents: (140 pages, pdf)

See: EPIC - NSA Telephone Records Surveillance (Electronic Privacy Information Centre, USA, link), ACLU: Surveillance & Privacy (link), International Principles on the Application of Human Rights to Communications Surveillance, Stopwatching us (USA, link), Privacy not Prism (link), UK: DON’T SPY ON US launch (link)

Sources: Guardian: NSA Files (link) and NSA documents - Guardian (link), BBC News: US spy leaks: How intelligence is gathered (link) Wikipedi: Special Collection Service (Link), Al Jazeera (Timeline, link), Fibre optic: Submarine Cable Map (link) and Chart: Worldwide SIGINT/Defense Cryptologic Platform (jpg)

December 2016

Portugal to extradite CIA agent over Milan imam abduction (The Local.it, link):

" Portugal plans to extradite to Italy a former CIA agent convicted over the 2003 abduction of a radical Egyptian imam, a case that highlighted the controversial US secret rendition programme. Sabrina de Sousa, arrested at Lisbon airport in October 2015 under a European warrant, said Friday that the extradition procedure was due to start "after January 3rd".

De Sousa and 23 others were convicted in absentia by an Italian court in 2009 over the kidnapping of Abu Omar from a Milan street in an operation allegedly led jointly by the CIA and the Italian intelligence services."

NSA-GCHQ: American and British Spy Agencies Targeted In-Flight Mobile Phone Use (The Intercept, link):

"the emergence of a new field of espionage that had not yet been explored: the interception of data from phone calls made on board civil aircraft. In a separate internal document from a year earlier, the NSA reported that 50,000 people had already used their mobile phones in flight as of December 2008, a figure that rose to 100,000 by February 2009. The NSA attributed the increase to “more planes equipped with in-flight GSM capability, less fear that a plane will crash due to making/receiving a call, not as expensive as people thought.” The sky seemed to belong to the agency."

See: Five Eyes: In-flight GSM (pdf)

October 2016

Private Eyes: The Little-Known Company That Enables Worldwide Mass Surveillance (The Intercept, link):

"It was a powerful piece of technology created for an important customer. The Medusa system, named after the mythical Greek monster with snakes instead of hair, had one main purpose: to vacuum up vast quantities of internet data at an astonishing speed.

The technology was designed by Endace, a little-known New Zealand company. And the important customer was the British electronic eavesdropping agency, Government Communications Headquarters, or GCHQ.

Dozens of internal documents and emails from Endace, obtained by The Intercept and reported in cooperation with Television New Zealand, reveal the firm’s key role helping governments across the world harvest vast amounts of information on people’s private emails, online chats, social media conversations, and internet browsing histories.

The leaked files, which were provided by a source through SecureDrop.."

Europe’s Top Human Rights Court Will Consider Legality of Surveillance Exposed by Edward Snowden (The Intercept, link):

"Human rights groups have launched a major new legal challenge over mass surveillance programs revealed by the National Security Agency whistleblower Edward Snowden.

Ten organizations – including Privacy International, the American Civil Liberties Union, and Amnesty International – are taking up the landmark case against the U.K. government in the European Court of Human Rights (pictured above). In a 115-page complaint released on Thursday, the groups allege that “blanket and indiscriminate” surveillance operations carried out by British spy agencies in collaboration with their U.S. counterparts violate privacy and freedom of expression rights."

See: Full-text of NGOs case to ECHR (pdf)

September 2016

USA-UK: Inside Menwith Hill: The NSA’s British Base at the Heart of U.S. Targeted Killing (The Intercept, link):

"For years, journalists and researchers have speculated about what really goes on inside Menwith Hill, while human rights groups and some politicians have campaigned for more transparency about its activities. Yet the British government has steadfastly refused to comment, citing a longstanding policy not to discuss matters related to national security.

Now, however, top-secret documents obtained by The Intercept offer an unprecedented glimpse behind Menwith Hill’s razor wire fence. The files reveal for the first time how the NSA has used the British base to aid “a significant number of capture-kill operations” across the Middle East and North Africa, fueled by powerful eavesdropping technology that can harvest data from more than 300 million emails and phone calls a day.....

The disclosures about Menwith Hill raise new questions about the extent of British complicity in U.S. drone strikes and other so-called targeted killing missions, which may in some cases have violated international laws or constituted war crimes. Successive U.K. governments have publicly stated that all activities at the base are carried out with the “full knowledge and consent” of British officials."

March 2016

EU-USA: EPIC Intervenes in Privacy Case before European Court of Human Rights (link)

Today EPIC filed a brief in a case before the European Court of Human Rights. The case involves a challenge brought by 10 human rights organizations arguing that surveillance by British and U.S. intelligence organizations violated their fundamental rights. In its brief, EPIC explained that the NSA's "technological capacities" enable "wide scale surveillance" and that U.S. statutes do not restrict surveillance of non-U.S. persons abroad. "The NSA collects personal data from around the world and transfer that data without adequate legal protections." EPIC routinely files amicus briefs in federal and state cases that raise novel privacy issues. This is EPIC's first brief for the Court of Human Rights in Strasbourg. [emphasis added]

EU-USA: While President Obama signs the Judicial Redress act, are the European Commission and the Parliament sharing the same Umbrella? (EASFJ, link):

"The European Commission is dealing with challenges on another EU-U.S. data sharing deal: the Parliament legal service and MEPs argued that the so-called Umbrella Agreement, which will be brought into being with the signature of the Judicial Redress Act, does not comply with EU law."

February 2016

EU-USA: DATA PROTECTION: Germany has no access to Privacy Shield documents - so presumably no EU Member State has either?: Council of the European Union: Renewed Framework for Transatlantic Transfers of Personal Data / EU-US Privacy Shield - Request by the German delegation for information from the Commission on the state of play (Doc no: 6031-16, pdf):

"In the view of the German delegation, the upcoming weeks should be used for a close dialogue between the Member States, the Commission, the Article 29 Working Party and the US Government in order to achieve a legal framework that meets the conditions set out by the European Court of Justice.

Therefore, Germany wishes to invite the Commission to report on the details of the agreement with the US side and to provide the relevant documents to the Council. This will enable the Member States to assess the outcomes of the agreement and to enter into a close dialogue with all parties involved".[emphasis added]

EU-USA Data protection: EPIC: 'Judicial Redress Act' Provides Little Redress

"The Judicial Redress Act of 2015, which amends the Privacy Act of 1974, has been passed by Congress and moved on to the President for signature. The Act fails to extend Privacy Act protections to non-US citizens, and as adopted coerces EU countries to transfer data to the US.."

How your innocent smartphone passes on almost your entire life to the secret service (Bits of Freedom, link):

"Intelligence services collect metadata on the communication of all citizens. Politicians would have us believe that this data doesn’t say all that much. A reader of De Correspondent put this to the test and demonstrated otherwise: metadata reveals a lot more about your life than you think."

UK: Investigatory Powers Tribunal Rules GCHQ Hacking Lawful (Privacy International, link): "The Investigatory Powers Tribunal (“IPT”) today held that GCHQ hacking of computers, mobile devices and networks is lawful, wherever it occurs around the world. We are disappointed that the IPT has not upheld our complaint and we will be challenging its findings.

Our complaint is the first UK legal challenge to state-sponsored hacking, an exceptionally intrusive form of surveillance. We contended that GCHQ hacking operations were incompatible with democratic principles and human rights standards. We further argued that GCHQ, which until these proceedings was hacking in secret, had no clear authority under UK law to deploy these capabilities."

See also: Tribunal rules computer hacking by GCHQ is not illegal (BBC News, link)

USA: Judicial Redress Act 2015 (link): "The Senate Feb. 9 passes an amended version of the Judicial Redress Act which is a prerequisite for an umbrella U.S.-EU law enforcement agreement. Next Step: The amended bill must be reconciled with the pre-amendment version approved by the House in October 2015."

January 2016

UK: Joint Select Committee: Draft Investigatory Powers Bill: Report (pdf):

"Investigatory Powers: on the right track but significant changes needed.

In its report, published today, the Committee supports the intention behind the draft Bill, which is to bring together the numerous provisions in statute governing intrusive powers which already exist into one clear piece of legislation. But the Committee finds that important clarity is lacking in a number of areas."

Oral evidence (link) and Written Evidence (link)

EU: Ombudsman's finding of maladminiration by European Commission in failing to release documents concerning GCHQ: Decision in case 2004/2013/PMC on the European Commission's handling of an access to documents request relating to the surveillance of the internet by UK intelligence services (link):

"The Ombudsman is not persuaded that the Commission has adequately justified its decision to refuse public access to the remaining undisclosed documents. As it has neither disclosed these documents nor provided adequate reasons for refusing public access to them, it is clear that the Commission has rejected the Ombudsman's recommendation in relation to these documents. Furthermore, the Ombudsman notes that the Commission appears not to have taken any action as regards its investigation since 2013. The Ombudsman finds, therefore, that the Commission's actions in this case amount to maladministration and, in fact, to serious maladministration given the importance of the particular issue for EU citizens."

GERMANY-NSA: Germany restarts joint intelligence surveillance with US (DW, link): "Germany's BND intelligence agency is once again working with its US counterpart on Middle East surveillance. Collaboration had been suspended after it was revealed the US was spying on European officials and firms."

EU-USA: Time to get serious about Europe’s sabotage of US terror intelligence programs (Washington Post, link): "The intelligence tools that protect us from terrorism are under attack, and from an unlikely quarter. Europe, which depends on America’s intelligence reach to fend off terrorists, has embarked on a path that will sabotage some of our most important intelligence capabilities. This crisis has been a long time brewing, and up to now, the US has responded with a patchwork of stopgap half-solutions."

GCHQ-NSA: NSA Helped British Spies Find Security Holes In Juniper Firewalls (The Intercep, link):

"A TOP-SECRET document dated February 2011 reveals that British spy agency GCHQ, with the knowledge and apparent cooperation of the NSA, acquired the capability to covertly exploit security vulnerabilities in 13 different models of firewalls made by Juniper Networks, a leading provider of networking and Internet security gear."

December 2015

The Secret Surveillance Catalogue (The Intercept, link):

"Concerned about the militarization of law enforcement, a source within the intelligence community has provided The Intercept with a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. Some of the devices are already in use by federal law enforcement and local police forces domestically, and civil liberties advocates believe others will eventually find their way into use inside the U.S. This product catalogue provides rare insight into the current spy capabilities of local law enforcement and offers a preview of the future of mass surveillance of mobile communications."

SNOWDEN: USA: FBI extradition letter to Denmark, Norway,Sweden and Finland (June 2013, pdf)

November 2015

Germany: Governments and NGOs: Germany Spied on Friends and Vatican (Spiegel Online, link):

"Efforts to spy on friends and allies by Germany's foreign intelligence agency, the BND, were more extensive than previously reported. SPIEGEL has learned the agency monitored European and American government ministries and the Vatican....

Since October's revelations, it has emerged that the BND spied on the United States Department of the Interior and the interior ministries of EU member states including Poland, Austria, Denmark and Croatia. The search terms used by the BND in its espionage also included communications lines belonging to US diplomatic outposts in Brussels and the United Nations in New York. The list even included the US State Department's hotline for travel warnings.

The German intelligence service's interest wasn't restricted to state institutions either: It also spied on non-governmental organizations like Care International, Oxfam and the International Committee of the Red Cross in Geneva"

UK: Independent Reviewer of Terrorism Legisaltion: The big reveal 7.11.15, link to site):

As sharp-eyed commentators have noted, the launch of the Investigatory Powers Bill was accompanied by a significant avowal: the use by intelligence agencies (but not the police) of a bulk collection power (relating to communications data but not to content or internet connection records) under s94 of the Telecommunications Act 1984, the details of which had never been made public.

A number of people have asked whether I was made aware of this power during my Investigatory Powers Review.

The answer is that I was informed promptly and in some detail about the exercise of this power at the outset of my Review. Until this week, that knowledge was extremely restricted and neither I nor the Intelligence and Security Committee of Parliament (ISC), which also knew about it, was authorised to reveal it."

See: How and why MI5 kept phone data spy programme secret (BBC News, link)

EDWARD SNOWDEN: Interview: Five hours with Edward Snowden (pdf): "Suddenly he opens the door. DN’s Lena Sundström and Lotta Härdelin had a unique meeting with the whistleblower who has fans all over the world but risks lifetime imprisonment in the home country he once tried to save..."

UK: Reasons to be fearful about surveillance (Guardian, link): "The debate over the draft bill in the coming months will set the balance between security and privacy in this country. Here’s how"



UK: Only 'tiny handful' of ministers knew of mass surveillance, Clegg reveals (Guardian, link): "Former deputy PM says he was astonished to learn how few cabinet members were aware of scale of UK spies’ reach into lives of British citizens.... The government finally admitted on Wednesday that the mass surveillance of British citizens began in 2001 after 9/11 and was stepped up in 2005, using powers under national security directions largely hidden in the 1984 Telecommunications Act."

and: The surveillance bill is flawed but at last we have oversight (Guardian, link): "In government I was shocked by the scale of MI5’s secret database. Its powers are at least now in the open... That the existence of this previously top secret database was finally revealed in parliament by the home secretary on Wednesday, as part of a comprehensive new investigatory powers bill covering many other previously secret intelligence capabilities""

See Statement in the House of Commons by the Home Secretary on 4 November 2015 (pdf):

"The Bill will make explicit provision for all of the powers available to the security and intelligence agencies to acquire data in bulk. That will include not only bulk interception provided under the Regulation of Investigatory Powers Act 2000 and which is vital to the work of GCHQ, but the acquisition of bulk communications data, both relating to the UK and overseas.



That is not a new power. It will replace the power under Section 94 of the Telecommunications Act 1984, under which successive Governments have approved the security and intelligence agencies’ access to such communications data from communication service providers."

See: A Quick Overview of the Draft Investigatory Powers Bill (SCL, link)

UK government claims DIP Bill on data retention is outside scope of EU law Why they're wrong (by analogy): Does the UK’s new data retention bill violate the EU Charter of Fundamental Rights? (EU Law Analysis, link)



UK: MI5 'secretly collected phone data' for decade (BBC, link):

"the programme, which sources said was used to track terrorists and save lives, was "so secret that few even in MI5 knew about it, let alone the public".

The government's independent reviewer of terrorism legislation, David Anderson QC, told the BBC the legislation used to authorise the collection was "so vague that anything could be done under it". He added: "It wasn't illegal in the sense that it was outside the law, it was just that the law was so broad and the information was so slight that nobody knew it was happening".

The surveillance bill is as big a threat to state security as to individual liberty (Guardian, link) and UK unveils plan to spy on Internet use, raising privacy fears euractiv, link): ""What the British are attempting to do, and what the French have already done post Charlie Hebdo, would never have seen the light of day in the American political system," Michael Hayden, former director of the U.S. National Security Agency and Central Intelligence Agency, told Reuters." also: UK cyber-spy law takes Snowden's revelations of mass surveillance – and sets them in stone (The Register, link) And see: Interception, Authorisation and Redress in the Draft Investigatory Powers Bill (UK Human Rights Blog, link)

UK: NEW SURVEILLANCE BILL: Draft Investigatory Powers Bill (299 pages, pdf) and Home Secretary: Statement (link)

Interception of communications and equipment interference: draft codes of practice (link) including Equipment interference: draft code of practice - showing the limits to the protection of journalistic confidential information.

These documents (26) are related to the draft Investigatory Powers Bill (link) including Factsheet – Targeted Interception (pdf) "Only nine agencies can apply for an interception warrant. These include the Security and Intelligence Agencies, five Law Enforcement Agencies and the armed forces... ." and "the Bill will include a requirement for the Prime Minister to be consulted before the Secretary of State can decide to issue a warrant to intercept an MP’s communications"

and "Remote access": Factsheet – Targeted Equipment Interference (pdf): "Equipment interference (EI), sometimes referred to as computer network exploitation, is the power to obtain a variety of data from equipment. This includes traditional computers or computer-like devices such as tablets, smart phones, cables, wires and static storage devices. EI can be carried out either remotely or by physically interacting with equipment." snd "More sophisticated EI operations may involve remotely installing a piece of software on to a device. The software could be delivered in a number of ways and then be used to obtain the necessary intelligence."

HM government transparency report on the use of disruptive and investigatory powers (link)

Counter-Terrorism website with links to all documents (link)

And see: Report of the Investigatory Powers Review (pdf, June 2015, link) and Annexes (pdf link)

Also: Here Are The Spying Powers UK Authorities Will Have If Theresa May’s New Law Passes (Buzzfeeed, link): "Police, armed forces, and intelligence agencies now explicitly have powers to hack and modify computer systems, both individually and “in bulk”" and:Snowden surveillance revelations drive UK and US policy in opposite directions.(Guardian, link): "Draft bill would enhance British government’s surveillance powers as US works to limit NSA data collection following whistleblower’s call for debate"

October 2015

European Parliament: Follow-up to the European Parliament resolution of 12 March 2014 on the electronic mass surveillance of EU citizens (Text adopted, pdf) and Mass surveillance: EU citizens' rights still in danger, says Parliament (Press release, pdf):

"Too little has been done to safeguard citizens' fundamental rights following revelations of electronic mass surveillance, say MEPs in a resolution voted on Thursday. They urge the EU Commission to ensure that all data transfers to the US are subject to an "effective level of protection" and ask EU member states to grant protection to Edward Snowden, as a "human rights defender". Parliament also raises concerns about surveillance laws in several EU countries.



This resolution, approved by 342 votes to 274, with 29 abstention"

EU-NSA SURVEILLANCE: European Parliament: Follow-up to the European Parliament resolution of 12 March 2014 on the electronic mass surveillance of EU citizens (pdf)

and see: Europe Is Spying on You (nytimes.com, link): article on the threats of surveillance law just published by the Council of Europe Commissioner for Human Rights, Nils Muiznieks, in the New York Times: "When Edward Snowden disclosed details of America’s huge surveillance program two years ago, many in Europe thought that the response would be increased transparency and stronger oversight of security services. European countries, however, are moving in the opposite direction. Instead of more public scrutiny, we are getting more snooping."

EU-USA "UMBRELLA" AGREEMENT: Study: Fundamental Rights European Experts Group (FREE): prepared by Douwe Korff

- NOTE on the EU-US Umbrella Data Protection Agreement (pdf)

"We believe the following aspects of the Umbrella Agreement violate, or are likely to lead to violations of, the Treaties and the EU Charter of Fundamental Rights:

The Umbrella Agreement appears to allow the “sharing” of data sent by EU law enforcement agencies to US law enforcement agencies with US national security agencies (including the FBI and the US NSA) for use in the latter’s mass surveillance and data mining operations; as well as the “onward transfer” of such data to “third parties”, including national security agencies of yet other (“third”) countries, which the Agreement says may not be subjected to “generic data protection conditions

The Agreement should therefore, in our view, cannot be approved by the European Parliament in its present form”

- ANNEX: ARTICLE-BY-ARTICLE ANALYSIS of the EU-US Umbrella Data Protection Agreement: [TEXT OF THE AGREEMENT IN BOLD; COMMENTS ARE IN ORDINARY TYPE] (pdf)

- Data flow: Chart 1 (pdf) and Data flow Chart 2 (pdf)

- Letter from Commissioner: announcing "deal" (pdf)

- EU-USA Umbrella Agreement: Full-text (pdf)

EU: European Parliament: Mass surveillance: EU citizens' rights still in danger, MEPs say (pdf):

"Too little has been done to ensure that citizens' rights are protected following revelations of electronic mass surveillance, say civil liberties MEPs in a resolution passed on Tuesday. They urge the Commission to come up immediately with alternatives to Safe Harbour, following the ruling by the European Court of Justice. They are also concerned about the surveillance laws in several EU countries."

September 2015

A Death in Athens: Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?: (Intercept, link)

"The day before his death, Costas’ boss at Vodafone had ordered that a newly discovered code — a powerful and sophisticated bug — be deactivated and removed from its systems. The wiretap, placed by persons unknown, targeted more than 100 top officials, including then Prime Minister Kostas Karamanlis and his wife, Natassa; the mayor of Athens; members of the Ministerial Cabinet; as well as journalists, capturing not only the country’s highest secrets, but also its most intimate conversations. The question was, who did it?

according to a highly classified NSA document provided by Snowden and previously published by The Intercept, covertly recruiting employees in foreign telecom companies has long been one of the NSA’s deepest secrets."

No “Facebook Bureau of Investigations” as Terror-Reporting Provision Dies in Senate (The Intercept, link): "A provision that would have forced tech companies like Twitter and Facebook to report every inkling of “terrorist activity” on their services to law enforcement was removed from the 2016 Intelligence Authorization Bill on Monday."

FAIRVIEW: Collecting foreign intelligence inside the US (Techdirt, link):"On August 15, The New York Times and Pro Publica published a story in which the big US telecommunications company AT&T was identified as a key partner of the NSA.Interesting details about this cooperation and the cable tapping were already in the 2008 book The Shadow Factory by James Bamford, but with the new story, also a number of clarifying documents from the Snowden-trove were disclosed.

Among them are some powerpoint presentations that contain the slides which had been shown on Brazilian televion two years ago. They were first discussed on this weblog in January 2014. Here we will combine these new and old documents to provide a detailed picture of this important collection program, that was previously misunderstood on various occasions."

August 2015

USA: Court: We Can’t Rule on NSA Bulk Data Collection Because We Don’t Know Whose Data Was Collected (The Intercept, link)

GERMANY-NSA: A Dubious Deal with the NSA (Zeit Online, link): "Internal documents show that Germany's domestic intelligence agency, the BfV, received the coveted software program XKeyscore from the NSA – and promised data from Germany in return." and XKeyscore - the document: Document pertaining to the agreement between the NSA and Germany’s domestic intelligence agency BfV (link)

NSA-JAPAN: Obama Expresses Regret to Japan's Abe for Spying Charges (New York Times, link): "Japanese officials faced questioning from the media and in parliament after WikiLeaks posted online what appeared to be five U.S. National Security Agency reports on Japanese positions on international trade and climate change. They date from 2007 to 2009. WikiLeaks also posted what it says was an NSA list of 35 Japanese targets for telephone intercepts."

See: "WikiLeaks published "Target Tokyo" 35 Top Secret NSA targets in Japan including the Japanese cabinet and Japanese companies such as Mitsubishi, together with intercepts relating to US-Japan relations, trade negotiations and sensitive climate change strategy"

USA: NSA Spying Relies on AT&T’s ‘Extreme Willingness to Help’ (.propublica.org, link): "The National Security Agency’s ability to capture Internet traffic on United States soil has been based on an extraordinary, decadeslong partnership with a single company: AT&T."

GCHQ and Me - My Life Unmasking British Eavesdroppers (Intercept, link)

July 2015



UK: SURVEILLANCE: High court rules data retention and surveillance legislation unlawful - Victory for Tory MP David Davis and Labour’s Tom Watson, who said there were insufficient privacy safeguards, as judges find Dripa inconsistent with EU law (Guardian, link):

"The high court has found that emergency surveillance legislation introduced by the coalition government last year is unlawful. A judicial challenge by the Labour MP Tom Watson and the Conservative MP David Davis has overturned the Data Retention and Investigatory Powers Act (Dripa) 2014. The judges ruled that data retention powers in the legislation were inconsistent with EU laws. The government has been ordered to pass new legislation that must come into effect by the end of next March..... they argued, were there adequate safeguards against communications data leaving the European Union." and: Davis and Watson DRIPA challenge: Government surveillance law is unlawful, High Court rules (Liberty, link)

See Judgments by HIGH COURT OF JUSTICE: DRIPA Davis (pdf) and DRIPA Davis-Watson Order (pdf)

Also: Statewatch: Analysis: Mass surveillance of communications in the EU: - CJEU judgment and DRIPA 2014/RIPA 2000 in the UK (pdf)

News: Letter to Guardian: Inquiry needed into GCHQ’s spying on us (link): "One measure of a free society is how it treats its NGOs and campaign organisations. The recent revelation (Rights groups targeted by GCHQ spies, 23 June) that Amnesty International has been snooped on by the UK security services is the death of the canary in the coalmine."

US govt now says 21.5 million people exposed by OPM hack – here's what you need to know - Security clearance dossiers on millions of citizens stolen (The Register, link)

NETHERLANDS: Na tip WikiLeaks: privacycommissie opent onderzoek naar Hacking Team (link) [After tip WikiLeaks: Privacy Commission opens investigation into Hacking Team - The Belgian privacy commission has opened an investigation into the Italian software company Hacking Team. That company would be in possession of devices that Belgian data interception.]

SURVEILLANCE: Interesting historical review: Editorial - Before and After Snowden (pdf):

"In retrospect, it seems somewhat premature to have issued a call on Surveillance and Security Intelligence after Snowden.

At the time of writing, despite his enforced exile in Russia, former National Security Agency (NSA) contractor and whistleblower, Edward Snowden, seems almost ubiquitous as a participant in debates on transnational surveillance, even appearing virtually on one occasion in a Canadian High School (Bradshaw 2015). And, as with all such impromptu historical periodizations, there is always also a case to be made to say that Snowden’s revelations didn’t change as much as we thought it might, or at least, rested on a legacy of former events or long-standing processes.

In the case of surveillance and security intelligence, the latter is certainly true. The former remains open as revelations and discussion resulting from both the documents taken by Snowden continue in the broader context of the changed climate of transparency resulting from his revelations and other major initiatives like Wikileaks."

And see: Surveillance & Society (link)

UK.gov spied on human rights warriors at Amnesty International - Snooping could cost lives, group claims (The Register, link):

"The British government has admitted that its spook agency GCHQ spied on Amnesty International, according to campaigners at the human rights group.

Amnesty said on Wednesday that it had received an email from the Investigatory Powers Tribunal (IPT) – the organization responsible for policing the UK's surveillance of its own citizens – revealing that the government intercepted, accessed and stored its communications for an unspecified period of time"

And see: UK was illegally spying on Amnesty International, 'mistakenly' forgot to tell human rights group (Independent, link): "The UK government was illegally spying on civil rights group Amnesty International — and neglected to tell it the surveillance was going on, after a mistake.".

GERMANY-NSA: WikiLeaks: US spied on Angela Merkel's ministers too, says German newspaper - The NSA did not just tap German chancellor Angela Merkel’s phone but also listened in on finance, economy, agriculture and other ministers (Guardian, link):

"The United States did not just tap chancellor Angela Merkel’s phone but also eavesdropped on several of her ministers, the German daily Sueddeutsche Zeitung has reported, citing documents from WikiLeaks."

and see: Wikileaks (link) and also: Wikileaks: 'Massive' NSA spying on top German officials (DW, link): "Wikileaks says its latest release of documents shows the wide reach of economic espionage conducted by the NSA in Germany. Documents released by the whistleblowers suggest an intense interest in the Greek debt crisis."

USA-NSA: XKEYSCORE: NSA’s Google for the World’s Private Communications (The Intercept, link): !The Intercept is publishing 48 top-secret and other classified documents about XKEYSCORE dated up to 2013, which shed new light on the breadth, depth and functionality of this critical spy system — one of the largest releases yet of documents provided by NSA whistleblower Edward Snowden."

FRANCE-NSA: WikiLeaks continues "Espionnage Élysée", our ongoing publication of a collection of TOP SECRET documents from United States surveillance operations against France (link):

"publication comprises seven top secret documents detailing how the US has had a decade- long policy of economic espionage against France, including the interception of all French corporate contracts and negotiations valued at more than $200 million. The documents demonstrate that the US National Security Agency, far from being a rogue organisation, is carrying out an economic espionage policy created by the US Director of National Intelligence. The documents detail the intelligence process, from the tasking of the NSA with collection of desired economic information to the production of developed intelligence reports, which are sent to "Supported Elements" of the US government, including the US Department of Commerce, the US Trade Represenative, the US Treasury and the Central Intelligence Agency."

June 2015

Reports: Russia, China have files leaked by Snowden (CNN video interveiw with the Sunday Times, link) Worth watching.

GCHQ-JTRIG: Spies Hacked Computers Thanks to Sweeping Secret Warrants, Aggressively Stretching U.K. Law (Intercept, link) and Controversial GCHQ Unit Engaged in Domestic Law Enforcement, Online Propaganda, Psychology Research (Intercept, link) also: Popular Security Software Came Under Relentless NSA and GCHQ Attacks (Intercept, link)

Key documents: TOP SECRET: Behavioural Science Support for JTRIG’s (Joint Threat Research and Intelligence Group’s) Effects and Online HUMINT Operations (42 pages, pdf) and Key section from document: interference by JTRIG/GCHQ) (1 page, pdf) including: "discredit", "delay", "disrupt", "promote distrust" and "deter" and "take over control of online websites (to deny, disrupt, discredit or delay)" and GCHQ Stakeholders (pdf)

UK: Court says GCHQ spied on human rights NGOs, acted unlawfully (PI, link):

"Monday, June 22, 2015: The Investigatory Powers Tribunal (IPT) today revealed that the UK Government Communications Headquarters (GCHQ) spied on two international human rights organisations, failed to follow ITS own secret procedures and acted unlawfully.

The targeted NGOs are the South African Legal Resources Centre (LRC) and the Egyptian Initiative for Personal Rights (EIPR). Both are leading civil liberties organisations and co-claimants alongside Privacy International in a legal challenge brought against GCHQ in the wake of the Edward Snowden revelations."

See: Full-text of IPT ruling (pdf)

Intelligence, security and privacy: A Note by the Director (Ditchley Park, link):

See: Snowden leak: governments' hostile reaction fuelled public's distrust of spies - Leading figures in British and international intelligence and security community agree agencies need more transparency (Guardian, link)

Also: Five Reasons the MI6 Story is a Lie (Craig Murray, link): "The Sunday Times has a story claiming that Snowden’s revelations have caused danger to MI6 and disrupted their operations. Here are five reasons it is a lie."

Timing of claims that British spies were withdrawn over Edward Snowden documents is 'extremely convenient', say campaigners (Independent, link) and The Sunday Times’ Snowden Story is Journalism at its Worst - and Filled with Falsehoods (The Intercept, link)

USA-NSA: Germany drops inquiry into claims NSA tapped Angela Merkel's phone - Prosecutors say they can find no actionable evidence to support claims German chancellor’s mobile phone was tapped by US National Security Agency (Guardian, link)

May 2015

UK-USA: America curbs state snooping, Britain gives the green light - As the US Congress passes a Freedom Act, the grip of the UK’s securocrats on ministers is clearer than ever (Guardian, link):

"The US Congress passed a Freedom Act this week, partially curbing its power to harvest bulk data on the lives of America’s citizens.... Meanwhile Britain’s government moves relentlessly in the opposite direction. It wants to revive the “snooper’s charter” bill, which failed in the last parliament. Among other things, this would give police and secret services more surveillance powers and, David Cameron hopes, ban server encryption that could impede surveillance."

EU: European Parliament: JOINT INTA/LIBE PUBLIC HEARING: Trade agreements and data flows: Safeguarding the EU data protection standards (pdf) and Agenda (pdf)

EU-USA: European Parliament Study: The US legal system on data protection in the field of law enforcement. Safeguards, rights and remedies

for EU citizens (pdf) Key findings include:

"With the exception of FISA electronic surveillance orders, the data protection guarantees afforded to non-US persons are minimal. The stated intent of PPD-28 [Presidential Policy Directive 28] is to provide for stronger personal data protection for non-US persons, but it is difficult to come to any conclusions at this point in time on what effect it will have...

As David Kris puts it, PPD-28 could either be a “new paradigm of transparency, privacy, and internationalism in US intelligence” or a “collection of fairly modest changes, largely cosmetic in nature, that were designed to placate critics in the United States and abroad.....

..... Another question raised by this overview is the lack of legal limits in US law on the sharing of personal data between intelligence and law enforcement officials..... the law confers broad authority to transfer personal data collected through intelligence methods to law enforcement agencies, regardless of the type of criminal offense that is suspected.... Unlike EU law, US law does not contain a general prohibition on transfers of personal data to jurisdictions without

adequate data protection guarantees....

there are at least two important mechanisms that can be used in the bilateral agreements under negotiation to improve the rights of EU citizens.... The first is carefully drafted purpose, use, and sharing provisions that limit personal data processing to certain types of crimes...The second type of guarantee is oversight and redress mechanisms for EU citizens that can operate in conjunction with those currently in place under US law....

Although internal oversight bodies like Inspectors General and agency privacy offices lack the independence of European DPAs, they are tasked with enforcing civil liberties and have the capacity to administer ombudsman-like complaints systems for those who allege that their privacy rights have been violated. Ensuring that such an ombudsman process exists in all significant law enforcement agencies, expressly acknowledging a right to participate for EU citizens, and allowing European DPAs to intervene on the behalf of EU citizens would improve significantly legal oversight of privacy rights." [emphasis added]

See also: Executive Summary (EASFJ, link)

USA-NSA: US Freedom Act passed but surveillance of "foreigners" continues:

"It leaves untouched formerly secret programs the NSA says are authorized under section 702 of the FISA Amendments Act, and that while ostensibly targeted at foreigners nonetheless collect vast amounts of American communications. It won’t in any way limit the agency’s mass surveillance of non-American communications." (The Intercept, link) [emphasis, added]

See also: Previous coverage: The Intercept, link): "Congress is doing nothing to limit NSA programs ostensibly targeted at foreigners that nonetheless collect vast amounts of American communications, nor to limit the agency’s mass surveillance of non-American communications. The limited reforms in the new bill affect only the one program explicitly aimed at Americans." [emphasis added]

See: US Freedom Act 2015 (pdf)

Congress passes NSA surveillance reform in vindication for Snowden - Bulk collection of Americans’ phone records to end as US Senate passes USA Freedom Act (Guardian, link): "The US Senate on Tuesday passed a bill to end the bulk collection of millions of Americans’ phone records, ushering in the country’s most significant surveillance reform since 1978 two years after NSA whistleblower Edward Snowden’s revelations... The American Civil Liberties Union praised the passage of the USA Freedom Act as “a milestone” but pointed out that there were many more “intrusive and overbroad” surveillance powers yet untouched."

Congress turns away from post-9/11 law, retooling U.S. surveillance powers (Washington Post, link): "Congress on Tuesday rejected some of the sweeping intelligence-gathering powers it granted national security officials after the 9/11 terrorist attacks, with the Senate voting to end the government’s bulk collection of private telephone records and to reform other surveillance policies. The bill, known as the USA Freedom Act, passed on a 67-to-32 vote, against the will of Senate Republican leaders who wished to preserve existing spy programs." and Questions and answers about newly approved USA Freedom Act (Washington Post, link)

UK-USA: Secret report urges treaty forcing US web firms' cooperation in data sharing - Exclusive: UK privacy campaigners say international treaty could provide legal alternative to government’s ‘snooper’s charter’ proposals (Guardian, link)

"A top secret report to the British prime minister has recommended that a new international treaty be negotiated to force the cooperation of the big US internet companies in sharing customers’ personal data, the Guardian has learned."

This is a recognition that new powers under Data Retention and Investigatory Powers Act (DRIPA 2014) to serve warrants (under Extra-territoriality in Part 1 of RIPA) on CSPs outside the UK is unworkable, especially in the USA.

LONDON: SNOWDEN MEETING: Stand Up for Truth: Whistleblowers speaking tour London: Monday, 1 June 2015 from 18:30 to 21:00 at Birkbeck (University of London) Main building, Room B35 (entrance on Torrington Square) London WC1E 7HX Speakers: Eileen Chubb, Daniel Ellsberg, Thomas Drake, Jesselyn Radack, Coleen Rowley, Norman Solomon & Justin Schlosberg

UK: Legal experts call for greater scrutiny of surveillance laws - Government must not repeat mistakes of previous administrations, but instead must have ‘an open and transparent assessment and critique of UK surveillance powers,’ academics say (Guardian, link): "An alliance of prominent academics have signed a letter to the government warning against any expansions of state surveillance without the full involvement of parliament and the public. The letter’s 38 signatories, led by LSE law professor Andrew Murray and University of East Anglia lecturer in IT law Paul Bernal, call on the new government “to ensure that any changes in the law, and especially any expansions of power, are fully and transparently vetted by parliament, and open to consultation from the public and all relevant stakeholders”."

and see: Open letter to UK MPs: Ensuring democratic scrutiny of UK surveillance law changes (EU Law Analysis, link)

Edward Snowden: NSA reform in the US is only the beginning - In an exclusive interview from Moscow, Snowden cautions that more needs to be done to curb NSA surveillance two years after his disclosures(Guardian, link)

GERMANY-NSA: Germany silent on report that leak has made US review spying cooperation - Bild reported intelligence director James Clapper had ordered review - Secret documents allegedly leaked to media from parliamentary committee (Observer, ink):

"The German government declined on Saturday to comment on a report that US intelligence agencies were reviewing their cooperation with German counterparts and had dropped joint projects due to concerns secret information was being leaked by lawmakers.

The Bild newspaper reported on Saturday that the US director of national intelligence, James Clapper, had ordered the review because secret documents related to the BND’s cooperation with the US were being leaked to media from a German parliamentary committee." and see:

German parliament inquiry 'more dangerous' than Snowden (DW, link): "There are reports US intelligence director James Clapper wants to put future cooperation with Germany's BND under review. The agency is facing scrutiny following revelations it helped the NSA spy on European targets."

USA: NSA bulk phone records collection to end despite USA Freedom Act failure - Administration has not applied to secret court for 90-day extension - USA Freedom Act fails in early hours after long Senate session (Guardian, link)

"“We did not file an application for reauthorization,” an administration official confirmed to the Guardian on Saturday. The administration decision ensures that beginning at 5pm ET on 1 June, for the first time since October 2001 the NSA will no longer collect en masse Americans’ phone records....

A chaotic early morning on Saturday in the Senate ended with the procedural defeat of the USA Freedom Act, which would have banned the NSA bulk collection program while renewing an expiring Patriot Act provision allowing FBI access to business records and a vast amount of US communications metadata."

Apple and Google Just Attended a Confidential Spy Summit in a Remote English Mansion (The Intercept, link): "At an 18th-century mansion in England’s countryside last week, current and former spy chiefs from seven countries faced off with representatives from tech giants Apple and Google to discuss government surveillance in the aftermath of Edward Snowden’s leaks. The three-day conference, which took place behind closed doors and under strict rules about confidentiality, was aimed at debating the line between privacy and security." See: Ditchley Foundation: Conference Note (pdf)

USA: NSA bulk phone records collection to end despite USA Freedom Act failure - Administration has not applied to secret court for 90-day extension - USA Freedom Act fails in early hours after long Senate session (Guardian, link)

"“We did not file an application for reauthorization,” an administration official confirmed to the Guardian on Saturday. The administration decision ensures that beginning at 5pm ET on 1 June, for the first time since October 2001 the NSA will no longer collect en masse Americans’ phone records....

A chaotic early morning on Saturday in the Senate ended with the procedural defeat of the USA Freedom Act, which would have banned the NSA bulk collection program while renewing an expiring Patriot Act provision allowing FBI access to business records and a vast amount of US communications metadata."

NSA Planned to Hijack Google App Store to Hack Smartphones (Intercept, link): "The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals.

The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia."

See: Document from Five Eyes (4MB, pdf)

Big Brother is watching EU - As the US moves towards privacy reform, Europe enacts sweeping new spying powers (Politico, link):

"A strange — and strangely unnoticed — trend is emerging in the evolving global response to massive 2013 leaks about US surveillance activities. While our European cousins talk privacy reform, the United States is actually moving ahead with it, albeit more slowly than many would like. As the American side of the Atlantic inches toward self-restraint, many European governments are seeking sweeping new spying powers. Europe is at risk of falling behind the US in privacy reform."

NSA: USA Freedom Act Passes House, Codifying Bulk Collection For First Time, Critics Say (The Intercept, link):

"After only one hour of floor debate, and no allowed amendments, the House of Representatives today passed legislation that seeks to address the NSA’s controversial surveillance of American communications. However, opponents believe it may give brand new authorization to the U.S. government to conduct domestic dragnets. The USA Freedom Act was approved in a 338-88 vote... The measure now goes to the Senate where its future is uncertain. Majority Leader Mitch McConnell has declined to schedule the bill for consideration, and is instead pushing for a clean reauthorization of expiring Patriot Act provisions that includes no surveillance reforms."

It does not limit the government’s authority to collect information overseas, including data on telephone and email records - in short NSA can carry on spying on the rest of the world.

German government denies deceit in NSA scandal (euractiv, link):

"Chancellor Merkel’s spokesman Steffen Seibert rejected accusations of a govenment cover-up in the mushrooming NSA scandal. Seibert said on Monday (11 May) that he reported on the issue that to the best of his judgement, appropriately presenting his level of knowledge at that time. His statement comes in response to accusations that Washington never offered Germany a No-Spy-Agreement, in contrast to government statements that suggested otherwise at the time. "

and see: BND spying affair divides German coalition (euractiv, link)

USA: NSA mass phone surveillance revealed by Edward Snowden ruled illegal (The Guardian, link): "The US court of appeals has ruled that the bulk collection of telephone metadata is unlawful, in a landmark decision that clears the way for a full legal challenge against the National Security Agency."

See the full judgment: ACLU v. Clapper (pdf)

GERMANY: NSA: BND spying affair divides German coalition (euractiv, link): "Angela Merkel defended cooperation between Germany’s intelligence service, the BND, and its US counterpart, the NSA, amid fresh accusations of illegal spying operations. EurActiv Germany reports. After sharp criticism from Social Democratic Party (SPD) leader Sigmar Gabriel, Germany’s ruling coalition parties are facing off in the spy debate."

See also: Austria files criminal complaint over alleged NSA snooping (Washington Post, link): "Austria is asking for a legal investigation of allegations that the German intelligence service helped the U.S. National Security Agency eavesdrop on the country’s political leaders. Interior Minister Johanna Mikl-Leitner said Tuesday her ministry has filed a criminal complaint against unnamed persons or entities on suspicion of “secret ntelligence activities to the detriment of Austria.” "

GERMANY-NSA: BND scandal: Bundestag committee issues ultimatum (euractiv, link):

"The Bundestag's NSA investigation committee has demanded lists of search terms Germany's intelligence service, the BND, allegedly spied on for Washington."

And see: Merkel defends BND amid NSA spy scandal (euronews, link): "intelligence agencies must be able to work in secret to ensure the public’s safety. The German government will do everything it can to ensure that intelligence agencies are able to carry out their duties. In the face of international terrorism threats, they can only do this in cooperation with other intelligence agencies — and that includes first and foremost the NSA.”

USA- NSA: The Computers are Listening - How the NSA Converts Spoken Words Into Searchable Text (The Intercept, link):

"Top-secret documents from the archive of former NSA contractor Edward Snowden show the National Security Agency can now automatically recognize the content within phone calls by creating rough transcripts and phonetic representations that can be easily searched and stored."

See documents: Media Mining - the future is now (pdf) and UK: Security Service and speech technology (STRAP 1, pdf)

April 2015

USA-NSA: SURVEILLANCE: Declassified Report Shows Doubts About Value of N.S.A.’s Warrantless Spying (New York Times, link):

"The secrecy surrounding the National Security Agency’s post-9/11 warrantless surveillance and bulk data collection program hampered its effectiveness, and many members of the intelligence community later struggled to identify any specific terrorist attacks it thwarted, a newly declassified document shows.

The document is a lengthy report on a once secret N.S.A. program code-named Stellarwind. The report was a joint project in 2009 by inspectors general for five intelligence and law enforcement agencies, and it was withheld from the public at the time, although a short, unclassified version was made public. The government released a redacted version of the full report to The New York Times on Friday evening in response to a Freedom of Information Act lawsuit."

See 751 page document (Cryptome, link)

A Bill’s Surveillance Limits (New York Times, link): "Bipartisan legislation passed by the House Judiciary Committee would reauthorize mass surveillance programs revealed by the former National Security Agency contractor Edward J. Snowden, but impose new limits on them. Although it does not limit the government’s authority to collect information overseas, including data on telephone and email records" [emphasis added] See: US Freedom Act 2015 (pdf)

Germany spied on France and the EU Commission: Report (euobserver, link):

"German Chancellor Angela Merkel’s government has been embarrassed by reports that the country's intelligence service was spying on France and the European Commission for the US National security agency (NSA).

According to the Sueddeutsche Zeitung newspaper on Thursday (30 April), the BND, the German intelligence service, listened in on officials from the French presidency and foreign affairs ministry, as well as the EU Commission.... "The core of the issue is the political espionage of our European neighbours and of the EU institutions," a German official is quoted as saying by the Sueddeutsche Zeitung."

UK: GCHQ conducted illegal surveillance, investigatory powers tribunal rules - Eavesdropping agency must destroy documents containing legally privileged communications relating to Libyan rendition victim Sami al-Saadi (Guardian, link):

"The ruling marks the first time in its 15-year history that the investigatory powers tribunal has upheld a specific complaint against the intelligence services, lawyers have said. It is also the first time the tribunal has ordered a security service to give up surveillance material.

The IPT says GCHQ must destroy two documents which are legally privileged communications belonging to a former opponent of the Gaddafi regime, Sami al-Saadi, who was sent back to Libya in 2004 in a joint MI6-CIA “rendition” operation with his wife and four children under 12."

USA: NSA allowed to continue spying on the rest of the world: Nearly Two Years After Snowden, Congress Poised to Do Something — Just Not Much (The Intercept, link):

"Congress is doing nothing to limit NSA programs ostensibly targeted at foreigners that nonetheless collect vast amounts of American communications, nor to limit the agency’s mass surveillance of non-American communications. The limited reforms in the new bill affect only the one program explicitly aimed at Americans." [emphasis added]

See: US Freedom Act 2015 (pdf) and see: GCHQ is authorised to spy on the world but the UK Interception of Communications Commissioner says this is OK as it is lawful (Statewatch Analysis)

Germany-NSA: Spying Close to Home: German Intelligence Under Fire for NSA Cooperation (Der Spiegel , link): "US intelligence spent years spying on European targets from a secretive base. Now, it seems that German intelligence was aware of the espionage -- and did nothing to stop it."

European Parliament to debate the German secret service (Bundesnachrichtendienst, or BND) on Wednesday.

GERMANY-NSA: NEW OUTCRY OVER SURVEILLANCE SCANDAL: For years, the German intelligence service (BND) shared its own collected data of telephone calls and internet traffic with the NSA, as Der Spiegel reports. However, not only data about criminal or terrorist activities was shared with the NSA headquarters in Fort Meade but also information on European companies and defense firms. German MPs speak of "very serious allegations" or even "treason"; the Chancellor's office names "technical and organizatorial deficits" at the German intelligence service. BND chair Gerhard Schindler is under fierce criticism. (Spiegel Online, link)

CoE: Parliamentary Assembly: Mass surveillance is counter-productive and ‘endangers human rights’ (link):

"Approving a draft resolution based on a report by Pieter Omtzigt (Netherlands, EPP/CD), the Assembly said: “Mass surveillance does not appear to have contributed to the prevention of terrorist attacks, contrary to earlier assertions made by senior intelligence officials. Instead, resources that might prevent attacks are diverted to mass surveillance, leaving potentially dangerous persons free to act.”

See: Resolution (pdf) Adopted Recommendations (pdf)

EU: ACCOUNTABILITY of SIGNAL INTELLIGENCE AGENCIES: CoE: Venice Commission: Update of the 2007 Report on the democratic oversight of the Security Services and Report on the democratic oversight of Signals Intelligence Agencies (pdf): Adopted by the Venice Commission at its 102nd Plenary Session (Venice, 20-21 March 2015).

And see Venice Commission: 2007 Report (pdf)

USA: DEA Global Surveillance Dragnet Exposed; Access to Data Likely Continues (The Intercept, link): "Secret mass surveillance conducted by the Drug Enforcement Administration is falling under renewed scrutiny after fresh revelations about the broad scope of the agency’s electronic spying... The DEA’s data dragnet was apparently shut down by attorney general Eric Holder in September 2013. But on Wednesday, following USA Today‘s report, Human Rights Watch launched a lawsuit against the DEA over its bulk collection of phone records and is seeking a retrospective declaration that the surveillance was unlawful.

And see: U.S. secretly tracked billions of calls for decades (USA Today, link)

USA: Exclusive: TSA ‘Behavior Detection’ Program Targeting Undocumented Immigrants, Not Terrorists (The Intercept, link):

"A controversial Transportation Security Administration program that uses “behavior indicators” to identify potential terrorists is instead primarily targeting undocumented immigrants, according to a document obtained by The Intercept and interviews with current and former government officials.

The $900 million program, Screening of Passengers by Observation Techniques, or SPOT, employs behavior detection officers trained to identify passengers who exhibit behaviors that TSA believes could be linked to would-be terrorists. But in one five-week period at a major international airport in the United States in 2007, the year the program started, only about 4 percent of the passengers who were referred to secondary screening or law enforcement by behavior detection officers were arrested, and nearly 90 percent of those arrests were for being in the country illegally, according to a TSA document obtained by The Intercept.

Nothing in the SPOT records suggests that any of those arrested were associated with terrorist activity."

See: Document (pdf) and Examples of SPOT targets (png)

Exclusive: TSA’s Secret Behavior Checklist to Spot Terrorists (The Intercept, link):

"Fidgeting, whistling, sweaty palms. Add one point each. Arrogance, a cold penetrating stare, and rigid posture, two points. These are just a few of the suspicious signs that the Transportation Security Administration directs its officers to look out for — and score — in airport travelers, according to a confidential TSA document obtained exclusively by The Intercept.

The checklist is part of TSA’s controversial program to identify potential terrorists based on behaviors that it thinks indicate stress or deception — known as the Screening of Passengers by Observation Techniques, or SPOT."

See TSA document (pdf)

Doctors of the World: how we discovered GCHQ was spying on us (Open DEmocracy, link)

March 2015

USA: REMOTE ACCESS TO COMPUTERS: Advisory Committee Approves Rules to Expand Police Hacking Authority (EPIC, link):

"a ccording to a news report, a committee of the Federal Judicial Conference voted on Monday to approve changes to Rule 41 of the Federal Rules of Criminal Procedure. Under the revised rule, judges could issue "remote access" warrants authorizing law enforcement to search computers remotely, even when the target is outside the jurisdiction of the court."

See also: FBI’s Plan to Expand Hacking Power Advances Despite Privacy Fears - Google had warned that the rule change represents a “monumental” constitutional concern. (National journal, link) and UK: Code of Practice: "Equipment Interference" to give the intelligence and security agencies direct access to computers to by-pass encryption and to use "remote access" to "obtain information.. in pursuit of intelligence requirements" or to "remove or modify software" (Statewatch)

AP Exclusive: NSA weighed ending phone program before leak (Washington Post, link):

"The National Security Agency considered abandoning its secret program to collect and store American calling records in the months before leaker Edward Snowden revealed the practice, current and former intelligence officials say, because some officials believed the costs outweighed the meager counterterrorism benefits.

After the leak and the collective surprise around the world, NSA leaders strongly defended the phone records program to Congress and the public, but without disclosing the internal debate."

Netanyahu’s Spying Denials Contradicted by Secret NSA Documents (The Intercept, link):

"Israeli Prime Minister Benjamin Netanyahu yesterday vehemently denied a Wall Street Journal report, leaked by the Obama White House, that Israel spied on U.S. negotiations with Iran and then fed the intelligence to Congressional Republicans. His office’s denial was categorical and absolute, extending beyond this specific story to U.S.-targeted spying generally, claiming: “The state of Israel does not conduct espionage against the United States or Israel’s other allies.”

Israel’s claim is not only incredible on its face. It is also squarely contradicted by top-secret NSA documents, which state that Israel targets the U.S. government for invasive electronic surveillance, and does so more aggressively and threateningly than almost any other country in the world. Indeed, so concerted and aggressive are Israeli efforts against the U.S."

See: Excerpt from 2008 NSA document “Which Foreign Intelligence Service Is the Biggest Threat to the US?" (link)

EU-USA: DATA PROTECTION "UMBRELLA" AGREEMENT: European Parliament Press release: Civil liberties MEPs make case for data protection during Washington visit (pdf):

"A delegation from the civil liberties committee visited Washington DC last week to find out the latest information on issues such as data protection and legislation on surveillance activities from their American counterparts. The MEPs also provided updates on the EU's data protection reform and on counter-terrorism initiatives, including the passenger name records (PNR) proposal"

See also:Close your Facebook account if you do not want to be spied on: EU-US data pact skewered in court hearing (euobserver, link) Extraordinary statement by Commission lawyer in Court of European Justice (CJEU):

"A lawyer for the European Commission told an EU judge on Tuesday (24 March) he should close his Facebook page if he wants to stop the US snooping on him, in what amounts to an admission that Safe Harbour, an EU-US data protection pact, doesn’t work.

“You might consider closing your Facebook account, if you have one,” European Commission attorney Bernhard Schima told attorney-general Yves Bot at the European Court of Justice in Luxembourg."

UK: National Union of Journalists (NUJ) and the Centre for Investigative Journalism (CIJ) have today submitted to the Home Office a damning critique of the proposed Code of Practice which would allow remote access to any computer anywhere in the world: Submission:: NUJ and CIJ joint response to the interception of communications and equipment interference: draft codes of practice (pdf)

"The NUJ and CIJ are concerned about the implications for press freedom if the UK intelligence and security agencies are permitted to access journalist's computers remotely and break encryption codes (both inside and outside the UK)..

The adoption of the new surveillance powers in the draft codes enables the authorities to access computers remotely. The NUJ and CIJ believe these powers should be the subject of primary legislation and should not be introduced via secondary legislation in a code of practice under the Regulation of Investigatory Powers Act 2000 (RIPA) which itself is not limited to terrorism and serious crime but covers all crimes....

Accessing computers or other devises allows the intelligence services to obtain vast amounts of information. It would mean the authorities would have control over targeted devices and access to any information stored including encrypted data and communications. This information could include documents, emails, diaries, contacts, photographs, internet messaging chat logs, and the location records on mobile equipment. It would also mean having powers to access anything typed into a device, including login details/passwords, internet browsing histories, other materials and communications. Draft documents and deleted files could also be accessed. In addition, the microphone, webcam and GPS-based locator technology could be turned on and items stored could be altered or deleted."

See proposed: Equipment Interference Code of Practice (pdf) and also: New Code of Practice: "Equipment Interference" to give the intelligence and security agencies direct access to computers to by-pass encryption and to use "remote access" to "obtain information.. in pursuit of intelligence requirements" or to "remove or modify software" Statewatch) and: GCHQ is authorised to “spy on the world” but the UK Interception of Communications Commissioner says this is OK as it is “lawful” (Statewatch Analysis, May 2014)

UK: SNOWDEN: Surveillance of Guardian journalists: UK Police Deem Snowden Leak Investigation a State Secret (The Intercept, link):

"British police claim a criminal investigation they launched into journalists who have reported on leaked documents from Edward Snowden has to be kept a secret due to a “possibility of increased threat of terrorist activity.....

the Met, says everything about the investigation’s existence is a secret and too dangerous to disclose. In response to a Freedom of Information Act request from this reporter, the force has repeatedly refused to release any information about the status of the investigation, how many officers are working on it, or how much taxpayer money has been spent on it. The Met wrote in its response:

"to confirm or deny whether we hold any information concerning any current or previous investigations into the alleged actions of Edward Snowden could potentially be misused proving detrimental to national security.""

See Full-text of the Met's refusal to respond to FOI request (pdf)

UK: GCHQ: UK government claims power for broad, suspicionless hacking of computers and phones (PI, link)

"The British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime....Buried deep within the document, Government lawyers claim that while the intelligence services require authorisation to hack into the computer and mobile phones of “intelligence targets”, GCHQ is equally permitted to break into computers anywhere in the world even if they are not connected to a crime or a threat to national security."

See:GCHQ Tribunal document: Investigatory Powers Tribunal - Government's Open Response: News Article - 18 Mar 2015 (link)

This evidence confirms: New Code of Practice: "Equipment Interference" to give the intelligence and security agencies direct access to computers to by-pass encryption and to use "remote access" to "obtain information.. in pursuit of intelligence requirements" or to "remove or modify software" Statewatch) and: GCHQ is authorised to “spy on the world” but the UK Interception of Communications Commissioner says this is OK as it is “lawful” (Statewatch Analysis, May 2014)



WHISTLEBLOWERS: Council of Europe: Parliamentary Assembly: Calls for Snowden to return home and be allowed a public interest defence:

"The Assembly calls on... the United States of America to allow Mr. Snowden to return without fear of criminal prosecution under conditions that would not allow him to raise the public interest defence.".

"Council of Europe member states and the EU should enact whistleblower protection laws also covering employees of national security or intelligence services and of private firms working in this field, the Parliamentary Assembly of the Council of Europe (PACE) Committee on Legal Affairs and Human Rights concluded today...

he Committee also stressed the need to grant asylum, if possible under national law, to whistleblowers threatened by retaliation in their home countries provided their disclosures qualify for protection under the principles advocated by the Assembly."

See Report adopted: Improving the Protection of Whistleblowers (pdf) and Call for protection of whistleblowers in national security-related fields (link):

And see: US Threatened Germany Over Snowden, Vice Chancellor Says (The Intercept, link): "German Vice Chancellor Sigmar Gabriel said this week in Homburg that the U.S. government threatened to cease sharing intelligence with Germany if Berlin offered asylum to NSA whistleblower Edward Snowden or otherwise arranged for him to travel to that country. “They told us they would stop notifying us of plots and other intelligence matters,” Gabriel said".

New Zealand Used NSA System to Target Officials, Anti-Corruption Campaigner (The intercept, link): "New Zealand’s eavesdropping agency used an Internet mass surveillance system to target government officials and an anti-corruption campaigner on a neighboring Pacific island, according to a top-secret document... the Internet spy system XKEYSCORE to intercept documents authored by the closest aides and confidants of the prime minister on the tiny Solomon Islands. The agency also entered keywords into the system so that it would intercept documents containing references to the Solomons’ leading anti-corruption activist, who is known for publishing government leaks on his website.... None of the individuals named on the list appear to have any association with terrorism."

And see: Revealed: The names NZ targeted using NSA's XKeyscore system (New Zealand Herald, link) and Document (pdf)

UK: GCHQ/MI5/MI6: Parliamentary report recommends new law for security agencies - but will that stop the surveillance state?

The Intelligence and Security Committee's long-awaited report on the surveillance powers of the security agencies has recommended a new law "governing the intelligence and security Agencies." Privacy International has responded to the report by pointing out: "no amount of technical and legal jargon can obscure the fact that this is a parliamentary committee, in a democratic country, telling its citizens that they are living in a surveillance state and that all is well."

See: Report: Intelligence and Security Committee of Parliament: Privacy and Security: A modern and transparent legal framework (pdf) and and see: ISC report acknowleges failings but paves way for snooper's charter(Guardian, link)

Also: Report of the Interception of Communications Commissioner: 2014 (pdf

GCHQ-NSA SURVEILLANCE: European Parliament: Civil Liberties MEPs restart discussions on surveillance programmes and go to Washington in March (Press release, pdf): ""The Chair of the Civil Liberties, Justice and Home Affairs Committee and rapporteur on the US NSA and EU member states' surveillance programmes, Claude Moraes (S&D, UK), presented his working document on the follow-up of the inquiry on electronic mass surveillance of EU citizens on Tuesday 24 February."

See: Working document on on the Follow-up of the LIBE Inquiry on Electronic Mass Surveillance of EU Citizens (pdf) and Final: Report on the US NSA surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ fundamental rights and on transatlantic cooperation in Justice and Home Affairs (pdf): Rapporteur: Claude Moraes MEP

February 2015

NSA-GCHQ: The Great SIM Heist - How Spies Stole the Keys to the Encryption Castle (The Intercept, link)

"AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

"The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data."

The article notes that "the intelligence agencies accessed the email and Facebook accounts of engineers and other employees of major telecom corporations and SIM card manufacturers in an effort to secretly obtain information that could give them access to millions of encryption keys... In effect, GCHQ clandestinely cyberstalked Gemalto employees, scouring their emails in an effort to find people who may have had access to the company’s core networks and Ki-generating systems."

Documents (pdfs):

See also: Google opposes plan to let FBI hack any computer in the world (The Telegraph, link)

And: European Lawmakers Demand Answers on Phone Key Theft (The Intercept, link): "The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack was “obviously based on some illegal activities." “Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal."

UK-GCHQ:Thousands sign petition to discover if GCHQ spied on them - Privacy International campaign comes after tribunal rules that sharing between US and UK of intercepted communications was unlawful(Guardikan, link)

Sign up: Did GCHQ illegally spy on you? (link

GCHQ: UK-US surveillance regime was unlawful ‘for seven years’ - Regulations governing access to intercepted information obtained by NSA breached human rights laws, according to Investigatory Powers Tribunal (Guardian, link):

"The regime that governs the sharing between Britain and the US of electronic communications intercepted in bulk was unlawful until last year, a secretive UK tribunal has ruled.

The Investigatory Powers Tribunal (IPT) declared on Friday that regulations covering access by Britain’s GCHQ to emails and phone records intercepted by the US National Security Agency (NSA) breached human rights law.... The critical judgment marks the first time since the IPT was established in 2000 that it has upheld a complaint relating to any of the UK’s intelligence agencies. It said that the government’s regulations were illegal because the public were unaware of safeguards that were in place. Details of those safeguards were only revealed during the legal challenge at the IPT."

See: IPT Judgment (pdf) and IPT Order (pdf)

USA-NSA-FBI:SPYING ON THE REST OF THE WORLD: New rules on surveillance of "non-US persons": NSA: (U) USSID: Supplemental Procedures for the collection, processing, retention and dissemination of Signals Intelligence information and data containing personal information of Non-United States Persons (pdf) and the FBI (pdf) The NSA conducts surveillance and the CIA and FBI use the products.

Although the FBI does not conduct "signals intelligence activities" it does handle "signals intelligence information in.. finished intelligence products" and "The FBI will disseminate personal information of non-US persons collected pursuant to Section 702 of FISA" (Foreign Intelligence and Security Act). There are lots of very general caveats such as the information will only be used if: "the information is relevant to an intelligence requirement or an authorized law enforcement activity"

See also: White House New Data Spying Policy (Cryptome, link): "Statement by Assistant to the President for Homeland Security and Counterterrorism Lisa Monaco: Update on Implementation of Signals Intelligence Reform and Issuance of PPD-28."

Background: Statewatch analysis: GCHQ is authorised to “spy on the world” but the UK Interception of Communications Commissioner says this is OK as it is “lawful” (pdf)

January 2015

USA: Feds had a hand in PRISM, too (The Register, link) and see: Department of Justice report on FBI (2.5 MB, podf)

USA: Year After Reform Push, NSA Still Collects Bulk Domestic Data, Still Lacks Way to Assess Value (The Intercept, link): "The presidential advisory board on privacy that recommended a slew of domestic surveillance reforms in the wake of the Edward Snowden revelations reported today that many of its suggestions have been agreed to “in principle” by the Obama administration, but in practice, very little has changed. Most notably, the Privacy and Civil Liberties Oversight Board called attention to the obvious fact that one full year after it concluded that the government’s bulk collection of metadata on domestic telephone calls is illegal and unproductive, the program continues apace."

EU: Mass surveillance: Council of Europe: Parliamentary Assembly: Mass surveillance is counter-productive and ‘endangers human rights (Press release, link) and Report (pdf): It calls for

• "the collection of personal data without consent only following “a court order granted on the basis of reasonable suspicion”

• “credible, effective protection” for whistle-blowers exposing unlawful surveillance

• better judicial and parliamentary control of intelligence services

• an “intelligence codex” defining mutual obligations that secret services could opt into

• an inquiry into member states’ use of mass surveillance using powers under the European Convention on Human Rights"

See also: Mass surveillance is fundamental threat to human rights, says European report - Europe’s top rights body says scale of NSA spying is ‘stunning’ and suggests UK powers may be at odds with rights convention (Guardian, link)

USA: SURVEILLANCE: More Cowbells: new NSA leaks reveal extent of spying tactics (ROARMAG, link): "New leaks from the NSA archive, seen exclusively by ROAR, reveal that even the Internet’s most basic architecture - the DNS database - is compromised." and MoreCowBell Nouvelles révélations sur les pratiques de la NSAE (Le Monde fr, link)

And see: NSA documents (pdf)

Secret ‘BADASS’ Intelligence Program Spied on Smartphones (Intercept, link): "British and Canadian spy agencies accumulated sensitive data on smartphone users, including location, app preferences, and unique device identifiers, by piggybacking on ubiquitous software from advertising and analytics companies, according to a document obtained by NSA whistleblower Edward Snowden." See: BADASS Angry Birds document (link)

MALTA-USA: MEP questions Malta's use of US-supplied border security technology



"German MEP Cornelia Ernst has taken issue over Malta's use of the PISCES border control software, which was donated to the country by the American government in 2004, claiming that Malta's use of the software could constitute a security risk for other EU member states."

"TIP/PISCES is currently operational in the following countries: Afghanistan, Cambodia, Cote d'Ivoire, Djibouti, Ethiopia, Ghana, Iraq, Kenya, Kosovo, Macedonia, Malta, Nepal, Pakistan, Tanzania, Thailand, Yemen, and Zambia."

EU police agency Europol reportedly receives information from PISCES systems around the globe.

GCHQ intercepted emails of journalists from top international media (Guardian, link):

• Snowden files reveal emails of BBC, NY Times and more

• Agency includes investigative journalists on ‘threat’ list

• Editors call on Cameron to act against snooping on media

"GCHQ’s bulk surveillance of electronic communications has scooped up emails to and from journalists working for some of the US and UK’s largest media organisations, analysis of documents released by whistleblower Edward Snowden reveals.

Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency’s intranet as part of a test exercise by the signals intelligence agency."

PAGE Festival 2014: Surveillance,Snowden and the Emerging EU State (video link) Leeds Beckett University: Lecture by Tony Bunyan, Statewatch Director

FBI has its fingers deep in NSA surveillance pie, declassified report shows (The Register, link): "The FBI had, and most likely still has, a much closer involvement with the NSA’s mass surveillance programs than previously thought – with access to raw foreign intelligence and data on Americans gleaned from the PRISM program. The 231-page report, from the Department of Justice’s Inspector General, was obtained – albeit in a heavily redacted form – after a Freedom of Information request by The New York Times, a request made possible using key details leaked by whistleblower Edward Snowden."

See Document: FBI and Section 702 of FISA (284 pages, pdf))

December 2014

Schadcode auf Rechnern der EU-Kommission identifiziert -Spur in die USA und nach Großbritannien (De Speigel, link): "Malicious code on computers of the EU Commission identified -Track to the United States and Great Britain"

IRELAND: Surveillance by a Government-sponsored secret system (Irish Times, link): "Using the binding form of a statutory instrument, the Minister enacted the until-now-abandoned third part of the Criminal Justice (Mutual Assistance) Act 2008. This section governs the tapping by foreign governments of Irish phone calls and the interception of Irish emails. It also outlines how Ireland can request tapping in other countries for an Irish-based criminal investigation" and: State sanctions phone and email tapping - Companies that object to order could be brought before private ‘in camera’ court (IT, link): " Foreign law enforcement agencies will be allowed to tap Irish phone calls and intercept emails under a statutory instrument signed into law by Minister for Justice Frances Fitzgerald. Companies that object or refuse to comply with an intercept order could be brought before a private “in camera” court."

EU-USA-UK: Surveillance: Spying on all of us: UK-GCHQ, USA-NSA, 'Five Eyes' and the EU (link): Speech by Tony Bunyan, Statewatch Director, at the Annual Conference of the European Group on Deviancy and Social Control, September 2014:

This paper argues that data protection and privacy abuses by the USA-NSA and UK-GCHQ concerns the "gatherers" (the surveillance agencies) of personal data. What urgently needs to be investigated, studied and exposed are the "users" of mass data surveillance (CIA and FBI in the USA, MI5, MI6, Special Branch and law enforcement agencies (LEAs) and the "targets" of the "users" (who and why are people or groups targeted). Account also has to be taken of the "suppliers" to the "users" (multinational companies) - the "suppliers" are part of the security-industrial complex in the EU who develop and provide the technology for surveillance and enforcement.

It argues that our attention should be centred on what is happening in the EU, rather than on the USA - some reforms may happen there but there is as yet no impetus or attention to the ensure openness and accountability of national internal and external agencies and LEAs in EU Member States. What is required is a holistic approach which will take many years of diligent research by academics, journalists and civil society groups."

GCHQ-BELGIUM SURVEILLANCE: Operation Socialist: The Inside Story of How British Spies Hacked Belgium’s Largest Telco (The Intercept, link):

"The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear. Now, in partnership with Dutch and Belgian newspapers NRC Handelsblad and De Standaard, The Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation."

EU: THE LEGALITY of SURVEILLANCE by NATIONAL INTELLIGENCE & SECURITY AGENCIES: EU Article 29 Working Party on data protection: Working Document on surveillance of electronic communications for intelligence and national security purposes (52 pages, pdf):

"This Working Document contains the legal analysis behind the WP29 Opinion on surveillance of electronic communications for intelligence and national security purposes that was adopted on 10 April 2014. The focus of this Opinion lies with the follow up that is needed after the Snowden revelations. To this end, it contains several recommendations on how to restore respect for the fundamental rights of privacy and data protection by the intelligence and security services, and on how to improve supervision of these entities’ activities while maintaining national security....

none of these instruments contains a provision that would allow for massive, structural or unlimited data transfers. In as far as third country public authorities wish to obtain direct access to personal data under EU jurisdiction, they should make use of the formal means of cooperation, since no explicit possibilities are foreseen in the EU legislation to transfer personal data held by private sector data controllers to third country law enforcement authorities or security services."

UK: Surveillance law allows police to act in an unacceptable way, say MPs - Select committee chairman Keith Vaz says using Ripa to access journalist phone records must cease (Guardian, link):

"Britain’s surveillance laws, which have recently been used by the police to seize journalists’s phone records in the Plebgate and Huhne cases, are “not fit for purpose” and need urgent reform, a Commons inquiry has found. The Commons home affairs select committee says that the level of secrecy surrounding use of the Regulation of Investigatory Powers Act (Ripa) allows the police to “engage in acts which would be unacceptable in a democracy”.

The committee chairman, Keith Vaz, said the surveillance law was not fit for purpose: “Using Ripa to access telephone records of journalists is wrong and this practice must cease. The inevitable consequence is that this deters whistleblowers from coming forward.” In response Home Office ministers have said they will revise the Ripa rules on communications data requests involving sensitive professions such as journalists and lawyers, and they will launch a consultation on the move before Christmas.

The inquiry found the law enforcement agencies routinely fail to record the professions of those whose communications data records they access under Ripa."

See: Ful-text: Home Affairs Select Committee: Regulation of Investigatory Powers Act 2000 (pdf)

USA-UK:"FIVE EYES": SURVEILLANCE: ECHELON STUDY: European Parliament: The ECHELON Affair: The European Parliament and the Global Interception System (pdf):

"Fifteen years after the events, The Echelon Affair draws on the European Parliament’s archives to describe and analyse a worldwide scandal which had an impact on the history of Parliament and which today is echoed in the revelations of Edward Snowden and Julian Assange and in other cases of spying on a grand scale."

UK: GCHQ does not breach human rights, judges rule (BBC, News, link):

"The current system of UK intelligence collection does not currently breach the European Convention of Human Rights, a panel of judges has ruled. A case claiming various systems of interception by GCHQ constituted a breach had been brought by Amnesty, Privacy International and others.

It followed revelations by the former US intelligence analyst Edward Snowden about UK and US surveillance practices. But the judges said questions remained about GCHQ's previous activities. Some of the organisations who brought the case, including Amnesty UK and Privacy International, say they intend to appeal the decision to the European Court of Human Rights."

See Judgment: Full-text (pdf) and PI comments: Investigatory Powers Tribunal rules GCHQ mass surveillance programme TEMPORA is legal in principle (link)

USA-NSA: SURVEILLANCE: Operation Auroragold - How the NSA Hacks Cellphone Networks Worldwide (The Intercept, link):

"The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.,,, The operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible."

See document: AURORAGOLD overview (pdf)

Edward Snowden wins Swedish human rights award for NSA revelations - Whistleblower receives several standing ovations in Swedish parliament as he wins Right Livelihood award (Guardian, link): "Whistleblower Edward Snowden received several standing ovations in the Swedish parliament after being given the Right Livelihood award for his revelations of the scale of state surveillance. Snowden, who is in exile in Russia, addressed the parliament by video from Moscow. In a symbolic gesture, his family and supporters said no one picked up the award on his behalf in the hope that one day he might be free to travel to Sweden to receive it in person."

November 2014

INCENSER, or how NSA and GCHQ are tapping internet cables (link): Recently disclosed documents show that the NSA's fourth-largest cable tapping program, codenamed INCENSER, pulls its data from just one single source: a submarine fiber optic cable linking Asia with Europe. Until now, it was only known that INCENSER was a sub-program of WINDSTOP and that it collected some 14 billion pieces of internet data a month. The latest revelations now say that these data were collected with the help of the British company Cable & Wireless (codenamed GERONTIC, now part of Vodafone) at a location in Cornwall in the UK, codenamed NIGELLA. For the first time, this gives us a view on the whole interception chain, from the parent program all the way down to the physical interception facility. Here we will piece together what is known about these different stages and programs from recent and earlier publications."

GCHQ's 'jihad on tech firms' can only fail (Guardian, link): "Bullying the US tech firms could disrupt constructive ways to track terrorism - and force companies to channel requests through lengthy international legal processes."

EU: NSA-GCHQ: SURVEILLANCE: Secret Malware in European Union Attack Linked to U.S. and British Intelligence (Intercept, link):

"Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept."

SURVEILLANCE: VODAFONE & GCHQ: Spy cable revealed: how telecoms firm worked with GCHQ (Channel 4 News, link):

"One of the UK's largest communications firms had a leading role in creating the surveillance system exposed by Edward Snowden, it can be revealed. Cable and Wireless even went as far as providing traffic from a rival foreign communications company, handing information sent by millions of internet users worldwide over to spies.

The firm, which was bought by Vodafone in July 2012, was part of a programme called Mastering the Internet, under which British spies used private companies to help them gather and store swathes of internet traffic; a quarter of which passes through the UK. Top secret documents leaked by the whistleblower Edward Snowden and seen by Channel 4 News show that GCHQ developed what it called "partnerships" with private companies under codenames. Cable and Wireless was called Gerontic."

See also: USA-Vodaphone: Vodafone-Firma soll für Spähauftrag kassiert haben (sueddeutsche.de/digital, link) [New Snowden documents show how Vodafone aided spying mission] and Vodafone – der lange Arm des britischen Geheimdienstes? (Vodafone - the long arm of British intelligence?) see video.

And: Snowden-Leaks: How Vodafone-Subsidiary Cable & Wireless Aided GCHQ’s Spying Efforts (SZ International, link)

Berlin’s digital exiles: where tech activists go to escape the NSA - With its strict privacy laws, Germany is the refuge of choice for those hounded by the security services. Carole Cadwalladr visits Berlin to meet Laura Poitras, the director of Edward Snowden film Citizenfour, and a growing community of surveillance refuseniks (The Observer, link)

USA: Court hears arguments on constitutionality of NSA collection of phone records (Washington Post, link):

"A federal appeals court in the District of Columbia heard oral arguments Tuesday over the constitutionality of the National Security Agency’s mass collection of data about millions of Americans’ phone calls.

The three-judge panel wrestled with key questions, including at what point a person’s privacy rights become relevant — when the government gathers records known as metadata or when an analyst reviews the material. They pressed attorneys on whether a 1979 Supreme Court case about privacy rights in phone-call data applies to the NSA program.

REMOTE ACCESS-ENCRYPTION SURVEILLANCE: Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide (The Intercept, link):

"When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept. We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team...

The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers."

See: Document: The hacking suite for governmental interception (link)

UK: GCHQ chief accuses US tech giants of becoming terrorists' 'networks of choice' - New director of UK eavesdropping agency accuses US tech firms of becoming ‘networks of choice’ for terrorists (Guardian, link) and New GCHQ chief spouts fiery rhetoric but spying agenda is same as before - Robert Hannigan’s response to the terror threat is an all too familiar one: spies need ever greater access to information (link)

GERMANY: BND-Chef Schindler: Internationale Geheimdienstkooperation ausbauen (Heise Online, link): [The Director of the Federal Intelligence Service (BND), Gerhard Schindler, wants to expand international cooperation of intelligence]

In the framework of the NSA affair, critique were voiced in relation to German cooperation with the US agency. However, the German Intelligence Service wants to expand international cooperation and exchange of data between intelligence services around the world in order to combat current terrorist threats. "We need to work closer together", Schindler says in relation to current crisis and conflicts in the world.

"We need to protect German soldiers during missions abroad as well as to ensure domestic security", he adds. According to Schindler, the German Intelligence Service has currently contacts with 451 foreign intelligence services. The decision to seek cooperation with an intelligence service is based on the willingness of cooperation, reliability, efficiency and the expected value of cooperation. An expansiion in cooperation and exchange of data will certainly stir up further debates."

And see: German security law could lock out U.S. tech companies (The Hill, link): "U.S. tech companies are worried a German law under debate could bar them from doing business in that country if it is approved. The bill could require companies to turn over source code and proprietary data to the German government or to private critical infrastructure companies, The Wall Street Journal reported on Sunday. U.S. companies see the language as a way to exclude them from government contracts, given German fears over the National Surveillance Agency’s (NSA) ability to access U.S. companies’ data."

October 2014

UK: Edited spy policy papers released in Libyan rendition case - Lawyers representing two Libyan victims of rendition criticise edited way documents are to be released (Guardian, link):

"Edited versions of secret documents relating to the conditions under which lawyers’ or journalist