Looking Back One Year After The Edward Snowden Disclosures - An International Perspective
"The US government had built a system that has as its goal the complete elimination of electronic privacy worldwide” Glenn Greenwald, No Place To Hide: Edward Snowden, the NSA, and the U.S. Surveillance State
June 5th marks the first anniversary of the beginning of the Edward Snowden revelations–a landmark event in global awareness of the worldwide spying machine. It has been a year where the world has learned specific details of how the NSA and its four closest allies in the Five Eyes partnership (United Kingdom, Canada, Australia, and New Zealand) have been spying on much of the world's digital communications. What have we learned?
The foreign intelligence agencies of these nations have constructed a web of interoperability at the technical and operational levels that spans the entire globe. We have learned the extent of the cooperation and intelligence sharing amongst these countries, and have witnessed how material gathered under one country's surveillance regime is readily shared with the others. The strategic location of the Five Eyes countries enables them to surveil much of the world’s Internet traffic as it transits through their hubs and is stored in their various territories. Moreover, they have partnered with over 80 major global corporations to leverage their spying capabilities. The scope and reach of their cooperation and intelligence sharing has shocked the world, including many who were previously unaware of the privacy threats that EFF has been covering since 2005.
In a document disclosed this year, the NSA defined their “collection posture” as, “Sniff, know, collect, process, exploit, partner it all.” This last year, we have learned that the NSA has strayed far from its legitimate goal of protecting national security. In fact, we have seen the NSA participate in economic espionage, diplomatic spying and suspicionless surveillance of entire populations. Even worse, the NSA has also surreptitiously weakened the products and standards that Internet users use to protect themselves against online spying.
In his new book about working with Snowden, No Place To Hide, journalist Glenn Greenwald lays out some alarming facts that have been revealed in the year of leaks:
- In a 30 day period beginning on March 2013, the NSA collected almost 3 billion telephone calls and emails that had passed directly through US telecom networks. As Greenwald explained, that "exceeds the collection of each of the systems from Russia, Mexico, and virtually all countries in Europe, and roughly equal to the collection of data from China.”
- In a 30 day period, a single NSA unit had collected data on more than 97 billion emails and 124 billion phone calls from around the world.
- In a single 30 day period, the NSA has collected 500 million pieces of data from Germany, 2.3 billion from Brazil, and 13.5 billion from India.
- The NSA has collected 70 million pieces of metadata in cooperation with France, 60 million with Spain, 47 million with Italy, 1.8 million with the Netherlands, 33 million with Norway, and 23 million with Denmark.
In addition, the Snowden report has brought to light additional details of the long-known three-tiered hierarchy of NSA partnerships with foreign governments. As reported by Greenwald's book:
TIER 1: Five Eyes is an agreement between the US and United Kingdom, Canada, Australia, and New Zealand to collaborate on global spying while voluntarily restricting their own spying on one another unless specifically requested to do so by a partner country's own officials (See here and here).
TIER 2: Countries that the NSA works with for specific surveillance projects while also spying heavily on them. For example, these include mostly European countries (Austria, Belgium, Czech Republic, Denmark, Germany, Greece, Hungary, Iceland, Italy, Luxembourg, Netherlands, Norway, Poland, Portugal, Spain, Sweden, Switzerland, Turkey). Some Asian countries (Japan, South Korea). No Latin American countries were on that list (See here and here).
TIER 3: Countries on which the United States routinely spies but with whom it virtually never cooperates such as Venezuela, China, Iran, Venezuela and Syria. But the third tier also includes countries ranging from generally friendly to neutral countries such as: Brazil, Mexico, Argentina, Indonesia, South Africa, Kenya.
Finally, we now know of the following covert NSA operations:
EGOTISTICAL GIRAFFE: The NSA used known exploits in Firefox to target old versions of the Tor browser, an anonymity tool enabling Internet users to browse the net anonymously.
MUSCULAR: Launched in 2009, MUSCULAR infiltrates links between global data centers of technology companies such as Google and Yahoo not on US soil. These two companies have responded to MUSCULAR by encrypting these exchanges.
XKEYSCORE: The software interface through which NSA analysts search vast databases collected under various other operations. XKEYSCORE analyzes emails, online chats and the browsing histories of millions of individuals anywhere in the world. The XKEYSCORE data has been shared with other secret services including Australia's Defence Signals Directorate and New Zealand's Government Communications Security Bureau.
BULLRUN: Not in and of itself a surveillance program, BULLRUN is an operation by which the NSA undermines the security tools relied upon by users, targets, and non-targets. BULLRUN represents an apparently unprecedented effort to sabotage security tools in general use.
DISHFIRE: The Dishfire operation is the worldwide mass collection of text messages and other phone records, including location data, contact retrievals, credit card details, missed call alerts, roaming alerts (which indicate border crossings), electronic business cards, credit card payment notifications, travel itinerary alerts, meeting information, etc. Communications from US phones have been allegedly minimized, although not necessarily purged, from this database. The messages and associated data from non-US-persons were retained and analyzed.
CO-TRAVELER: Under this operation, the US collects location information from global cell towers, Wi-Fi, and GPS hubs. This information is collected and analyzed over time, in part in order to determine a target’s traveling companions.
OLYMPIA: Canada’s program to spy on the Brazilian Ministry of Mines and Energy.
BLARNEY: A program to leverage unique key corporate partnerships to gain access to high-capacity international fiber optic cables, switches and routers throughout the world. Countries targeted by Blarney include: Brazil, France, Germany, Greece, Israel, Italy, Japan, Mexico, South Korea, and Venezuela as well as the European Union and the United Nations.
and much more ....
While the Snowden revelations have proved invaluable in confirming the details of global, cross-border spying by the NSA (and its four primary allies), the governments of the affected billions of Internet and telephone users have been slow to fight back. In some cases, America's allies might be holding back because of their own tangled complicity in this shared network – or else, like Russia and China, they have their own pervasive surveillance networks and arrangements to protect.
But now that a year has passed it’s clear that we need to update both our global technical infrastructure and local laws, consistent with long-standing international human rights standards, in order to regain any reasonable degree of privacy. Specifically, we must end mass surveillance. Politicians in every country need to stand up to the NSA's incursions on their territory; the United States needs to reform its laws to recognize the privacy rights of innocent foreigners, and the international community needs to set clear standards which makes any state conducting mass surveillance a pariah.
Clarification: We have edited this post to make it clear that much of what we've learned in the past year has been the specifics of how the NSA and its partners spy on ordinary people around the world. Our original post implied that we learned about that spying for the first time in the wake of the Snowden disclosures. Indeed, we have known for many years about the NSA and its partners' efforts to surveil the globe.
Recent DeepLinks Posts
Feb 24, 2017
Feb 24, 2017
Feb 24, 2017
Feb 24, 2017
Feb 24, 2017
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Eyes, Ears & Nodes Podcast
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games