Nearly 67 years ago, the United States, Great Britain, Canada, Australia and New Zealand came together under a multilateral agreement that was considered so sensitive that the prime minister of Australia didn’t know about its existence until 1973. The public wouldn’t be allowed to read the text of the treaty — which Time magazine once called one of the Cold War’s most important documents — until 2010.
The United Kingdom – United States Agreement — which formalized the sharing of global signal intelligence and divided the world into surveillance zones — was created as a hedge against Soviet aggression and is a fundamental component of the British-American “special relationship.”
However, with the Cold War gone, the consistent global monitoring of “the Five Eyes” has shifted from being seen as mindful stewardship to intrusive eavesdropping — particularly, in light of revelations of illegal efforts toward wide-scale domestic and global electronic surveillance conducted by “Five Eyes” members.
According to documents leaked by former Booz Allen Hamilton employee and National Security Agency whistleblower Edward Snowden, as published by NBC News, the British government has the capability to tap into the transoceanic cables — which form the backbone for the international communications network — and in real time, monitor the social media sites without the knowledge or consent of the sites’ owners.
In a pilot monitoring program called “Squeaky Dolphin,” the Government Communications Headquarters — the British equivalent to the NSA — indicated that it is able to collect the addresses from YouTube videos, FaceBook “likes” and Blogspot/Blogger visits, as well as user information — for analysis near the time of acquisition. This suggests that the British have either physically tapped into the cables or have secured the assistance of a third-party to intercept the international data flow.
“Governments have no business knowing which YouTube videos everyone in the world is watching,” said Chris Soghoian, chief technologist for the American Civil Liberties Union. “It’s one thing to spy on a particular person who has done something to warrant a government investigation but governments have no business monitoring the Facebook likes or YouTube views of hundreds of millions of people.”
The right to know
In 2013, the Guardian reported that the Snowden documents revealed that GCHQ had the ability to place intercept probes onto transatlantic cables as they entered British territory. The documentation indicated that the major telecoms — including BT, Verizon and Vodafone — were involved.
“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links,” said a Google representative. YouTube is a Google service. “We do not provide any government, including the U.K. government, with access to our systems. These allegations underscore the urgent need for reform of government surveillance practices.”
Google had actively pushed back against British legislation that would have required Google to store its metadata and other user information in Great Britain for access by the U.K. government. The notion that the government would work to obtain the data despite the defeat of the law surprised and baffled Google.
This comes in the wake of the September revelation that the U.S. has been tapping into Brazil’s transoceanic and Internet communications as the Brazilian cable connects to a network node in Miami. This recent revelation also comes immediately following further Snowden revelations that the NSA and GCHQ have been developing ways to exploit security flaws in popular smartphone apps — such as “Angry Birds” — to reveal and transmit private information into government databases.
The spy in your pocket
As users typically grant apps access to a wide range of personal data — such as age, gender, weight, height, sexual orientation, marital status, address, income, buying habits and sexual preferences — and as the app is typically capable of inquiring on the phone’s data — such as phone model, serial number, screen size, call history and current location — a protocol that can tap into all of this data can be undeniably invasive.
For example, in a leaked NSA Powerpoint slide, the viewer is asked if, in a “perfect scenario,” a target uploads a photo to a social media site using a mobile device. The following slide reveals that the NSA could get a “possible image,” email selector, buddy list, phone information and “a host of other social working data as well as location.” While the Snowden documents do not suggest that the NSA and the GCHQ have this capability yet, they are actively pursuing it.
Being able to actively tap a network and receive all of the data leaking app information from it is considerably less resource-intensive than individually hacking individual smartphones. As cell phones — particularly “disposable” or prepaid cell phones — are heavily used in the planning and execution of terrorist activities, the intelligence community feels justified in pursuing this technology. According to the Guardian, the NSA has spent more than $1 billion toward its smartphone targeting development.
This is a continuation of already disclosed attempts by the NSA and the GCHQ to hack smartphones. One GCHQ report from 2010 reveals that the organization regularly sweep for cookie data — metadata saved to individual browsers by websites in order to save favorites or previously-entered information — in volumes that are straining the capabilities to store it all. Der Spiegel has revealed that both the NSA and GCHQ have a suite of tools and spyware ready to deploy against any smartphone.
For example, among the GCHQ’s tools, a tool codenamed “Nosey Smurf” can remotely activate a smartphone’s microphone, covertly recording any conversation. “Tracker Smurf” turns on the phone’s geolocator and transmits the reading. “Dreamy Smurf” can turn a phone on from sleep mode or from deactivation. “Paranoid Smurf” keeps the GCHQ’s tools undetectable from spyware detectors.
Defending the undefendable
These revelations have made the White House’s attempt to “smooth coat” criticism of the controversial surveillance — which includes a federal court calling the NDSA program “likely unconstitutional” and a White House ethics committee calling it illegal and out of compliance with the USA Patriot Act — nearly impossible. Facebook, Google and Rovio — the maker of “Angry Birds” — have indicated that they know nothing about NSA’s and the GCHQ’s attempts to hack their products and have shown anger and frustration toward the respective governments.
President Barack Obama has recently announced reforms to the way the NSA handles telephony metadata, including the storage and management of such data by a third party. However, the president announced no changes to the government’s approach to online data surveillance — which constitutes the majority of the Five Eyes’ spying. However, a small concession was achieved on Monday when the Obama administration consented to allowing tech companies to disclose — to the nearest thousand and on a time-delayed basis — the number of National Security Letters and Foreign Intelligence Surveillance Act orders they are served. In addition, the companies can also publish the number of law enforcement requests they receive in groups of 250.
“We’re pleased the Department of Justice has agreed that we and other providers can disclose this information,” the coalition of Facebook, Google, Microsoft, Yahoo and Linkedin said before adding: “While this is a very positive step, we’ll continue to encourage Congress to take additional steps to address all of the reforms we believe are needed.”
The concession stops a lawsuit filed on behalf of the companies to allow public disclosure of requests for user information. While the Obama administration feels that this “compromise” satisfies the call for transparency — which is to be highlighted in Tuesday’s State of the Union address — most feel that this is a shallow attempt to change the topic and that more must be done.
“Asking the public and policymakers to try to judge the appropriateness of the government’s surveillance practices based on a single, combined, rounded number is like asking a doctor to diagnose a patient’s shadow: only the grossest and most obvious problem, if even that, will be ever be evident,” said Kevin Bankston, policy director of the foundation’s Open Technology Institute.
Despite all of this, there is little to suggest — despite the bad press, the denouncement of the illegality of the practice and the high cost — that the Five Eyes, which also includes Denmark, France, the Netherlands, Norway, Germany, Belgium, Italy, Spain and Sweden under the auspices of SIGINT Seniors Europe, will stop its surveillance. Despite a recent analysis from the New America Foundation that found that of the 227 individuals charged with an act of terrorism in the U.S. since 9/11, 17 were caught and convicted with NSA intelligence, both the NSA and the GCHQ feel that their surveillance is needed for national security and both feel that it is being applied judicially and in respect of the innocent.
“Any implication that NSA’s foreign intelligence collection is focused on the social media communications of everyday Americans is not true,” said a statement released by the NSA. “We collect only those communications that we are authorized by law to collect for valid foreign intelligence and counterintelligence purposes – regardless of the technical means used by the targets. Because some data of U.S. persons may at times be incidentally collected in NSA’s lawful foreign intelligence mission, privacy protections for U.S. persons exist across the entire process concerning the use, handling, retention, and dissemination of data.”