Privacy Law and Policy Reporter
This is the second of four articles surveying worldwide developments in surveillance (the first was in 7(3) PLPR 49), extracted from David Banisar, Privacy and Human Rights 2000, EPIC/PI 2000, the annual survey of privacy and surveillance practices. The full report is available online at <http://www.privacyinternational.org/survey/> and from the EPIC Bookstore at <http://www.epic.org/bookstore/>. Articles in following issues will deal with video and workplace surveillance — General Editor.
In the past several years, there has been considerable attention given to mass surveillance by intelligence agencies of international and national communications. Investigations have been opened and hearings held in parliaments around the world about the ‘Echelon’ system co-ordinated by the United States.
Immediately following the Second World War, in 1947, the governments of the United States, the United Kingdom, Canada, Australia and New Zealand signed a National Security pact known as the ‘Quadripartite’ or ‘United Kingdom-United States’ (UKUSA) Agreement. Its intention was to seal an intelligence bond in which a common national security objective was created. Under the terms of the agreement, the five nations carved up the earth into five spheres of influence, and each country was assigned particular signals intelligence (SIGINT) targets.
The UKUSA Agreement standardised terminology, code words, intercept handling procedures, arrangements for co-operation, sharing of information, Sensitive Compartmented Information (SCI) clearances and access to facilities. One important component of the agreement was the exchange of data and personnel.
The strongest alliance within the UKUSA relationship is the one between the US National Security Agency (NSA), and Britain’s Government Communi-cations Headquarters (GCHQ). The NSA operates under a 1952 presidential mandate, National Security Council Intelligence Directive (NSCID) Number 6, to eavesdrop on the world’s communications networks for intelligence and military purposes. In doing so, it has built a vast spying operation that can reach into the telecommunications systems of every country on earth. Its operations are so secret that this activity, outside the US, occurs without any legislative or judicial oversight. The most important facility in the alliance is Menwith Hill, an Air Force base in the north of England. With over two dozen radomes and a vast computer operations facility, the base has the capacity to eavesdrop on vast chunks of the communications spectrum. With the creation of Intelsat and digital telecommunications, Menwith Hill and other stations developed the capability to eavesdrop on an extensive scale on fax, telex and voice messages.
The current debate over NSA activities has erupted because of two recent European Parliament (EP) studies that confirm the existence in Britain of a network of signals intelligence bases operated by the NSA. The publication in 1997 of the first EP report, ‘An Appraisal of the Technologies of Political Control’,stated that the NSA had established an integrated communications surveillance capability in Europe.
It also described a communications intelligence sharing subsystem known as ‘Echelon’, which is said to be capable of scanning particular communications to detect information of interest. The Echelon subsystem also catalogues intelligence for sharing with various consumers in the UKUSA countries based on clearance and need-to-know. According to informed sources that served within the National Security Council, the Echelon subsystem was greatly expanded in the 1980s to include new functions in order to keep pace with technological advances in telecomm-unications and data networking.
What is more important about Echelon is what the subsystem is not. First, Echelon is not a worldwide communications surveillance system. The system by which the US conducts communications intelligence gathering is known as the United States Signals Intelligence System (USSS). The collection of intelligence that involves ‘US persons’ (US citizens, legal residents, and foreign residents visiting the US) is governed by United States Signals Intelligence Directive 18 (USSID 18), which is titled ‘Limitations and Procedures in Signals Intelligence Operations of the USSS’. The Australian Defense Signals Directorate operates under a similar regulation known as the ‘Rules on SIGINT and Australian Persons’. Other directives cover other aspects of signals intelligence gathering by the five SIGINT agencies individually and jointly.
In a 1999 report the Oversight Commissioner for the Canadian Communications Security Establishment (CSE), Claude Bisson, stated that his ‘review and analysis indicates that CSE is not using its technology to target Canadian communications ... in keeping with the policy of the government, CSE goes to considerable effort to avoid collecting Canadian communications’. Bisson cited regulations that govern the collection of intelligence on Canadians: ‘CSE has policies and practices to address the safeguarding and proper handling of inadvertently collected Canadian communications in accordance with the laws of Canada, including the Privacy Act, the Criminal Code, and the Canadian Charter of Rights and Freedoms’. Following New Zealand parliamentary protests over the SIGINT base at Waihopai near Blenheim on the South Island, Prime Minister Helen Clark also referred to the intelligence relationship between New Zealand’s SIGINT agency, the Government Communications Security Bureau (GCSB), and the NSA. She stated that the GCSB is aware of all communications intelligence sent to NSA from the Waihopai satellite communications intercept facility and that the station does not intercept economic intelligence.
Second, contrary to media reports, no intelligence official has ever confirmed that Echelon is the name of NSA’s worldwide SIGINT system. For example, the Director of Australia’s Defense Signals Directorate, Martin Brady, in a letter sent to the Australian Nine Network’s Sunday program, stated, ‘DSD does co-operate with counterpart signals intelligence organizations overseas under the UKUSA relationship.’ This was widely reported as a confirmation of Echelon’s role as a stand-alone international surveillance system. In fact, Echelon is one system of hundreds of similarly named cover term systems that make up the USSS. In his 1999 Report, CSE Commissioner Bisson also referred to the UKUSA system. He stated, ‘CSE is both a collector of foreign communications intercepts and a recipient of communications intercepts collected by Second Parties’, which he went on to identify by name: Australia, New Zealand, United Kingdom and the United States.
In 1999, a second EP report, Interception Capabilities 2000, set out the technical specifications of the interception system. The report describes the merger of Echelon and the International Law Enforcement Telecommunications Seminar (ILETS). In time, two vast systems — one designed for national security and one for law enforcement — will merge, and in the process will compromise national control over surveillance activities.
Of particular interest to the EP were allegations that the NSA was beefing up its commercial espionage activities. Although the NSA and other US intelligence officials deny that the US SIGINT System is used for commercial espionage, they do admit that intercepted intelligence that indicates bribery and other unfair trade practices is brought to the attention of senior US policymakers, and, in some cases, is briefed in a sanitized form to the US companies threatened by the unfair trade practices.
However, the US SIGINT base at Bad Aibling in the Bavarian Alps of Germany may have a more expanded mission than countering bribery and unfair trade deals. According to intelligence expert Erich Schmidt-Eenboom, the Bad Aibling base, while not actually committing economic espionage (confirmed by a German parliamentary delegation that visited the base in June 2000), does conduct financial intelligence gathering. Schmidt-Eenboom said, ‘the antannae and satellites in Bad Aibling are now directed at Switzerland and Liechtenstein where there is more to be uncovered about secret bank accounts and money laundering.’ These reports of financial network snooping by NSA and its allies, along with similar reports that the NSA illegally penetrated bank computers and networks in Switzerland, Liechtenstein, Cyprus, Russia, Greece and South Africa looking for accounts of Serb President Slobodon Milosevic and his family and associates in order to loot them indicates that NSA’s protestations that it does not conduct economic espionage are both misleading and inaccurate.
Parliamentarians in Germany, Norway, France, Italy, Denmark, Finland, the Netherlands and Sweden subsequently raised concerns. A plenary session of the EP took the unprecedented step of openly debating the activities of the NSA. In a Consensus Resolution of all major parties, the Parliament signaled its concern by calling for more openness and accountability of this once hidden activity. However, in April 2000, the Parliament agreed to appoint a Temporary Committee to look into the so-called Echelon system. The Greens and other small leftist and right-wing parties claimed that instead of establishing a full Committee of Inquiry, the large parties — Conservatives, Socialists, and Liberals — were attempting to weaken the investigation of Echelon by only appointing a Temporary Committee which, under EP rules, lacks the subpoena power of a Committee of Inquiry.
In June 1999, the US House of Representatives Permanent Select Committee on Intelligence ordered the NSA to hand over documents relating to Echelon. The NSA, for the first time in the Committee’s history, refused to do so, claiming attorney/client privilege. In May 1999, Representative Bob Barr, worried by the potential breach of constitutional privacy rights, introduced an amendment to the Fiscal 2000 Intelligence Authorization Act requiring the Director of Central Intelligence, the director of NSA and the Attorney General to submit a report outlining the legal standards being employed within project Echelon to safeguard the privacy of American citizens.
Reacting to pressure from House Permanent Select Committee on Intelligence Chairman Port Goss, the NSA turned over the documents Congress previously requested. Following a lawsuit brought under the Freedom of Information Act, NSA provided redacted copies of these documents to EPIC. Among other things, they indicate that the level of authority for NSA to provide SIGINT reports to other agencies of the federal government has been delegated to lower levels within NSA. They also indicate special NSA rules for handling intercepted communications of or about First Lady Hillary Rodham Clinton and former President Jimmy Carter.
These recent events have left observers contemplating two profound conclusions. First, as long as the UKUSA SIGINT partners police and govern their own operations outside of actual effective parliamentary and judicial oversight, there is good reason to believe that SIGINT can be turned against individuals and groups exercising civil and political rights. There is ample evidence that the activities of Greenpeace, Christian Aid, Amnesty International, the International Committee to Ban Landmines, the Tibetan government-in-exile and the International Committee of the Red Cross have been targeted by UKUSA agencies. Second, there is an increasing blurring between the activities of intelligence agencies and law enforcement. The creation of a seamless international intelligence and law enforcement surveillance system has resulted in the potential for a huge international network that may, in practice, negate current rules and regulations prohibiting domestic communications surveillance by national intelligence agencies.
The law enforcement efforts to demand greater powers for surveillance have also resulted in a greater interest in tools that prevent eavesdropping. These tools are generally written by users concerned about their privacy in the US and Europe.
Encryption has become the most important tool for protection against surveillance. A message is scrambled so that only the intended recipient will be able to unscramble, and subsequently read, its contents. Pretty Good Privacy (PGP) is the best known encryption program and has hundreds of thousands of users, including human rights groups. An open source program called GNU Privacy Guard is being developed as a free replacement that will allow anyone to view the full source of the system to ensure that it does not allow for secret surveillance.
‘Anonymous remailers’ strip identifying information from emails and can stop traffic analysis. They have also generated opposition from police and intelligence services. In Finland, a popular anonymous remailer had to be shut down due to legal challenges that forced the operator to reveal the name of one of the users.
More advanced tools that merge the functions of anonymous remailers and encryption have also been developed. The Mixmaster anonymous remailer used encryption links between anonymous remailers to hide the identity of the original sender by sending the message randomly through a series of remailers before delivering it to the final destination. Freedom.net provides a fully encrypted link between the user and secure servers run by the company to prevent wiretapping and encrypted headers so that users can receive email without even the company knowing who is using the system.
Users should be aware that not all tools are effective as protecting privacy. Some are poorly designed, while others may be designed to facilitate law enforcement access.
David Banisar, Privacy International.