Reprinted from eff.org
June 5th marks the first anniversary of the beginning of the Edward Snowden revelations--a landmark event in global awareness of the worldwide spying machine. It has been a year where the world has learned that the NSA and its four closest allies in the Five Eyes partnership (United Kingdom, Canada, Australia, and New Zealand) have been spying on much of the world's digital communications. What have we learned?
The foreign intelligence agencies of these nations have constructed a web of interoperability at the technical and operational levels that spans the entire globe. We have learned the extent of the cooperation and intelligence sharing amongst these countries, and have witnessed how material gathered under one country's surveillance regime is readily shared with the others. The strategic location of the Five Eyes countries enables them to surveil most of the world's Internet traffic as it transits through their hubs and is stored in their various territories. Moreover, they have partnered with over 80 major global corporations to leverage their spying capabilities. The scope and reach of their cooperation and intelligence sharing has shocked the world, including many who were previously unaware of the privacy threats that EFF has been covering since 2005.
In a leaked internal document, the NSA defined their "posture" as, "Sniff, know, collect, process, exploit, partner it all." This last year, we have learned that the NSA has strayed far from its legitimate goal of protecting national security. In fact, we have seen the NSA participate in economic espionage, diplomatic spying and suspicionless surveillance of entire populations. Even worse, the NSA has also surreptitiously weakened the products and standards that Internet users use to protect themselves against online spying.
In his new book about working with Snowden, No Place To Hide, journalist Glenn Greenwald lays out some alarming facts that have been revealed in the year of leaks:
- In a 30 day period, the NSA collected almost 3 billion telephone calls and emails that had passed directly through US telecom networks. As Greenwald explained, that exceeds the collection of each of the systems from "Russia, Mexico, and virtually all countries in Europe, and roughly equal to the collection of data from China."
- In a 30 day period, a single NSA unit had collected data on more than 97 billion emails and 124 billion phone calls from around the world.
- In a single 30 day period, the NSA has collected 500 million pieces of data from Germany, 2.3 billion from Brazil, and 13.5 billion from India.
- The NSA has collected 70 million pieces of metadata in cooperation with France, 60 million with Spain, 47 million with Italy, 1.8 million with the Netherlands, 33 million with Norway, and 23 million with Denmark.
In addition, the Snowden report has brought to light a three-tiered hierarchy of NSA partnerships with foreign governments. As reported by Greenwald's book:
TIER 1: Five Eyes is an agreement between the US and United Kingdom, Canada, Australia, and New Zealand to collaborate on global spying while voluntarily restricting their own spying on one another unless specifically requested to do so by a partner country's own officials.
TIER 2: Countries that the NSA works with for specific surveillance projects while also spying heavily on them. These include mostly European countries, some Asian countries, and no Latin American ones.
TIER 3: Countries on which the United States routinely spies but with whom it virtually never cooperates: Brazil, Mexico, Argentina, Indonesia, South Africa, Kenya are some democratic countries that are on the list.
Finally, we now know of the following covert NSA operations:
EGOTISTICAL GIRAFFE: The NSA has targeted the Tor browser, an anonymity tool enabling Internet users to browse the net anonymously.
MUSCULAR: Launched in 2009, MUSCULAR infiltrates links between global data centers of technology companies such as Google and Yahoo not on US soil. These two companies have responded to MUSCULAR by encrypting these exchanges.
XKEYSCORE: The software interface through which NSA analysts search vast databases collected under various other operations. XKEYSCORE analyzes emails, online chats and the browsing histories of millions of individuals anywhere in the world. The XKEYSCORE data has been shared with other secret services including Australia's Defence Signals Directorate and New Zealand's Government Communications Security Bureau.
BULLRUN: Not in and of itself a surveillance program, BULLRUN is an operation by which the NSA undermines the security tools relied upon by users, targets, and non-targets. BULLRUN represents an apparently unprecedented effort to attack security tools in general use.
DISHFIRE: The Dishfire operation is the worldwide mass collection of text messages and other phone records, including location data, contact retrievals, credit card details, missed call alerts, roaming alerts (which indicate border crossings), electronic business cards, credit card payment notifications, travel itinerary alerts, meeting information, etc. Communications from US phones have been allegedly minimized, although not necessarily purged, from this database. The messages and associated data from non-US-persons were retained and analyzed.