September 29, 2014

NSA's Strategic Mission List



One of the most important documents that has been disclosed as part of the Snowden-leaks is also one of the least-known: the Strategic Mission List from January 2007, which provides a detailed list of the goals and priorities for the National Security Agency (NSA).

This Strategic Mission List was published by The New York Times on November 2, 2013, as one of three original NSA documents that accompanied a long report about the how NSA spies on both enemies and allies.




About the publication

On the website of The New York Times (NYT), the Strategic Mission List was published as a series of images in png-format, which made it impossible to copy or search the text. It was also difficult to print the document in a readable way. For reasons unknown, NYT is the only media-outlet that published Snowden-documents in this not very user-friendly way.

Hence I asked The New York Times whether they could provide the Strategic Mission List in the standard pdf-format, but the paper didn't reply. I also asked the author of the report, Scott Shane, but he answered that he had no access to the document anymore.

Eventually I used an Optical Character Recognition (OCR) tool to convert the images from the NYT website into a text document, conducted the necessary corrections by hand and then converted the result into the pdf-document, that is now published here and on the Cryptome website.


The Strategic Mission List

Edward Snowden and Glenn Greenwald claim that NSA has just one single goal: collect all digital communications from all over the world: "Collect it All". But this is not mentioned in the Strategic Mission List, which instead lists a range of far more specific goals, many of which are of a military nature, which is also something that lacks in the media-coverage of the Snowden-leaks.

The document describes the priorities and risks for the United States SIGINT System (USSS) for a period of 12 to 18 months and is reviewed, and where necessary updated bi-annually. The topics are derived from a number of other strategic planning documents, including the National Intelligence Priorities Framework (NIPF), which sets the priorities for the US Intelligence Community as a whole.

Note that according to the classification marking, the Strategic Mission List is only authorized for release to the US, the UK, Canada and Australia, which leaves New Zealand excluded.


Structure

The Strategic Mission List is divided into two parts. The first part includes 16 Topical Missions, which represent missions discerned to be areas of highest priority for the USSS, where SIGINT can make key contributions. The second part includes 6 Enduring Targets, which are countries that need to be treated holistically because of their strategic importance.

For both of these sections, the Strategic Mission List includes Focus Areas, the most critical important targets which are a "must do", as well as Accepted Risks, which are significant targets for which SIGINT should not be relied upon as a primary source.


Enduring Targets

The 6 countries that are listed in the Strategic Mission List as being Enduring Targets for NSA and the tactical SIGINT collecting components of the US Armed Forces are:
- China
- North-Korea
- Iraq
- Iran
- Russia
- Venezuela



Map showing the 6 nations that are Enduring Targets, as well
as countries that are 2nd and 3rd Party partners of NSA
(click to enlarge)


Topical Missions

Besides the 6 countries listed as Enduring Targets, the Strategic Mission List also includes the following 16 Topical Missions:

- Winning the Global War on Terrorism
- Protecting the U.S. Homeland
- Combating Proliferation of Weapons of Mass Destruction
- Protecting U.S. Military Forces Deployed Overseas
- Providing Warning of Impending State Instability
- Providing Warning of a Strategic Nuclear Missile Attack
- Monitoring Regional Tensions that Could Escalate
- Preventing an Attack on U.S. Critical Information Systems
- Early Detection of Critical Foreign Military Developments
- Preventing Technological Surprise
- Ensuring Diplomatic Advantage for the U.S.
- Ensuring a Steady and Reliable Energy Supply for the U.S.
- Countering Foreign Intelligence Threats
- Countering Narcotics and Transnational Criminal Networks
- Mapping Foreign Military and Civil Communications Infrastructure

We see that many of these topics are of a military nature and that also the more civilian areas of interest are quite common goals for a large (signal) intelligence agency. Although communications of ordinary civilians are accidently caught up in NSA's collection efforts, they are clearly not of interest let alone given priority.



September 15, 2014

About STELLARWIND and other mysterious classification markings

(Updated: September 15, 2014)

Last week, on September 6, the US Justice Department released a declassified version of a 2004 memorandum about the STELLARWIND program.

The memorandum (pdf) is about the legality of STELLARWIND, which was a program under which NSA was authorized to collect content and metadata without the warrants that were needed previously.

Here we will not discuss the STELLARWIND program itself, but take a close look at the STELLARWIND classification marking, which causes some confusion. Also we learn about the existance of mysterious compartments that point to some highly sensitive but yet undisclosed interception programs.




Classification marking of the 2004 DoJ memorandum about STELLARWIND


The redacted markings

The first thing we see is that two portions of the classification marking have been blacked out:


1. The redacted space beween two double slashes

This is very strange, because according to the official classification manuals, there cannot be something between two double slashes in that position (see the chart below). The classification level (in this case: Top Secret) has to be followed by the Sensitive Compartmented Information (SCI) control system (here: COMINT).

But as the US classification system is very complex, there are often minor mistakes in such classification lines. If we assume there was a mistake made here too, then the first term that has been blacked out could be another SCI compartment, which had to be followed by just a single slash (for example HCS for HUMINT Control System would fit the redacted space, although that marking itself isn't classified).

If there was no mistake, however, and the double slash is actually correct, then it would be a complete new category which isn't in the (public) classification manuals. This reminds of the UMBRA marking, which also appeared unexpectedly between double slashes in a classification line.



Overview of the categories and formatting for the US classification and control markings
From the Intelligence Community Classification Manual 6.0 from December 2013
(click to enlarge)



2. The redacted space directly after STELLARWIND

The second redaction starts right after the last letter of "STELLARWIND", thereby carefully hiding the category of the redacted marking, which is determined by how it is separated from the previous term. This could be by a slash, a double slash, a hyphen or a space, each indicating a different level.

In this case, the most likely option is that "STELLARWIND" is followed by a hyphen, which indicates the next term is another compartment under the COMINT control system, equal to STELLARWIND.

Classification manuals say there are undisclosed COMINT compartments which have identifiers consisting of three alphabetical characters. This would fit the redacted space as it would read like: "COMINT-STELLARWIND-ABC".

This undisclosed compartment probably also figured in some other declassified documents, where it sometimes seems to be accompanied by a sub-compartment which is identified by three numeric characters, like for example in this and this declaration where the marking could read like "COMINT-ABC 678":



Classified declaration of NSA director Alexander, April 20, 2007.


Looking at what was redacted in portions of both documents which were marked with this mysterious compartment, it seems that it's about at least two highly sensitive intelligence sources and methods. For example, pages 31-32 of this declaration (pdf) suggest that this might be obtaining metadata from specific telecom companies and search them for members or agents of particular target groups.



Classified declaration of Director of National Intelligence John Negroponte, May 12, 2006
TSP = Terrorist Surveillance Program; HCS = HUMINT Control System
Note that TSP and HCS are also between double slashes
(click to open the full document in pdf)


Markings with the mysterious undisclosed COMINT compartments weren't found on any of the Snowden-documents, but only on those that were declassified by the government, so it seems that Snowden had no access to information protected by these particular compartments.

The marking TSP (for Terrorist Surveillance Program), which is in some of the examples shown above, was used instead of STELLARWIND in briefing materials and documents intended for external audiences, such as Congress and the courts.



The STELLARWIND marking

So far, we looked at the two parts of the classification marking that were blacked out. But now we also have to look at the STELLARWIND marking itself, which wasn't redacted, but still causes confusion.

The classification marking of the 2004 memorandum of the Justice Department says "COMINT-STELLAR WIND" and according to the official formatting rules, this means that STELLARWIND would be part of the COMINT control system.

Note that the same memorandum had already been declassified upon a FOIA request by the ACLU in 2011, but in that version (pdf) the codeword STELLARWIND was still blacked out from the whole document. Both documents are compared here.



Classification marking of the 2004 DoJ memorandum about STELLARWIND


As COMINT is a control system for communications intercepts or Signals Intelligence, this seems to make sense. But what is confusing, is that the internal 2009 NSA classification guide (pdf) for the STELLARWIND program, which was disclosed by Edward Snowden, says something different.

Initially this guide calls STELLARWIND a "special compartment", but from the marking rules it becomes clear that it is treated as an SCI control system. Accordingly, the prescribed abbreviated marking reads: "TOP SECRET // STLW / SI // ORCON / NOFORN". In this way we can see STELLARWIND in the classification line of the following document:



Classification marking of a 2013 classified declaration (pdf) of DNI James Clapper
which was declassified on May 6, 2014
(click to enlarge)


In this document and also in a similar declaration (pdf) from 2013, the reason for the STELLARWIND classification is explained as follows:
"This declaration also contains information related to or derived from the STELLARWIND program, a controlled access signals intelligence program under presidential authorization in response to the attacks of September 11, 2001. In this declaration, information pertaining to the STELLARWIND program is denoted with the special marking "STLW" and requires more restrictive handling."


STELLARWIND is also being treated as a control system in the 2009 draft report about this program written by the NSA Inspector General, although its classification line is also somewhat sloppy: there are double slashes between STLW and COMINT (should just be a single one), and only a single one between COMINT and ORCON (where there should have been double slashes as both are from different categories):



Classification marking of the 2009 report about
STELLARWIND by the NSA Inspector General
(click to read the full document)


Throughout this document, the portion markings are also not always consistent. Most of them are "TS//SI//STLW//NF", but one or two times "TS//SI-STLW//NF". But as this report is a draft, it's possible that these things have been corrected in the final version, which hasn't been disclosed or declassified yet.

The 2009 Inspector General report about STELLARWIND was one of the first documents from the Snowden-leaks to be published, and it still is one of the most informative and detailed pieces about the development of NSA's interception efforts since 9/11.


Conclusion

In the end, it doesn't make much difference whether STELLARWIND is a control system on its own, or a sub-system of COMINT, but it is remarkable that for such an important program, the people involved apparently also weren't clear about it's exact status and how to put it in the right place of a classification line.

More important though is that the declassified documents show that besides the STELLARWIND program, there's at least one COMINT-compartment with at least one sub-compartment that protect similar or related NSA collection efforts which are considered even more sensitive, but about which we can only speculate.



September 4, 2014

NSA's Foreign Partnerships



For fulfilling its task of gathering foreign signals intelligence, the National Security Agency (NSA) is cooperating with partner agencies from over 35 countries all over the world.

These relationships are based upon secret bilateral agreements, but there are also some select groups in which intelligence information is shared on a multilateral basis, like the SIGINT Seniors Europe (SSEUR), the SIGINT Seniors Pacific (SSPAC) and the Afghanistan SIGINT Coalition (AFSC).

Until recently, very little was known about these foreign relationships, but the Snowden-leaks have revealed the names of all the countries that are cooperating with NSA. This made it possible to create the following graphic, which also shows various multilateral intelligence exchange groups, which will be discussed here too.



Nations with 2nd and 3rd Party status and those who are
members of the SIGINT Seniors Europe (SSEUR) and NATO
(click to enlarge)



2nd Party Partners

The closest cooperation is between NSA and the signals intelligence agencies of the United Kingdom, Canada, Australia and New Zealand. Formally this is based upon bilateral agreements, the first being the UKUSA-Agreement from 1946, but soon the group got a multilateral character, which means partners can exchange information among the other members too (as far as there's a "need to know")

The five partners under the UKUSA-agreement, commonly called the Five Eyes, agreed that they would follow common procedures for operations and reporting, and also use the same target identification systems, equipment, methods and source designations. They would not only share end reports and analyses, but also most of the raw data they collect.

As a kind of gentlemen's agreement it is supposed that the Five Eyes countries are not spying on each other, although some of the documents from the Snowden-leaks show that at least NSA secretly keeps that option open.



Since

1946
1946
1949
1952
1952
 
Five Eyes
(FVEY)

United States
United Kingdom
Canada
Australia
New Zealand
 
Four Eyes
(ACGU)

United States
United Kingdom
Canada
Australia

 
Three Eyes
(TEYE)

United States
United Kingdom

Australia



Despite the very close and longstanding relationship between the Five Eyes partners, two sub-groups have been formed for specific military operations in which not all five partners participate. These sub-groups are designated Four Eyes (abbreviation for classification purposes: ACGU) and Three Eyes (TEYE).

> More about The 5, 4 and 3 Eyes
Representatives

For maintaining these extensive relationships, NSA has representatives in each Second Party country. These are called Special US Liaison Officer (SUSLO), followed by the name of the nation's capital. So for example the NSA representative in Britain is the Special US Liaison Officer, London (SUSLOL) and the one in Canada the Special US Liaison Officer, Ottawa (SUSLOO).

Likewise, the other Five Eyes countries have a representative at the NSA headquarters. These are called Special UK Liaison Officer (SUKLO), Special Canada Liaison Officer (SCALO), Special Australia Liaison Officer (SAUSLO), and Special New Zealand Liaison Officer (SNZLO).




Slide from an NSA presentation titled 'Foreign Partner Review' from
fiscal year 2013, showing the 2nd and 3rd Party partners
and some coalition and multilateral exchange groups.
Published in No Place To Hide, May 13, 2014.



3rd Party Partners

One step below the 2nd Party partnerships, there's cooperation between NSA and agencies from countries who are called 3rd Party partners. This is based upon formal agreements, but the actual scope of the relationship can vary from country to country and from time to time.

For the US, this kind of cooperation is useful because foreign agencies can have better access to high-priority targets because of their geographic location, or they could have a specific expertise on certain areas, or just simply because they have a better knowledge of the local situation and language.

The foreign partner agencies are mostly interested in American technology, money and access to the worldwide interception capabilities of NSA and its Five Eyes partners. This makes these 3rd Party partnerships especially attractive for smaller countries, for whom it means a sometimes substantial increase of their otherwise limited capabilities.

One big difference with the countries from the 2nd Party category is that 3rd Party partners do spy upon each other, and many of the Snowden-documents have shown this. From these documents we also learned that in 2013, there were 33 countries with 3rd Party status:



since






1954



1962










2005?
1954







1954




1949

 
CNO
(19 countries)


Austria
Belgium

Czech Republic
Denmark



Germany
Greece
Hungary
Iceland


Italy
Japan

Luxemburg

Netherlands
Norway

Poland



South Korea
Spain
Sweden
Switzerland



Turkey

 
3rd Parties
(33 countries)

Algeria
Austria
Belgium
Croatia
Czech Republic
Denmark
Ethiopia
Finland
France
Germany
Greece
Hungary

India
Israel
Italy
Japan
Jordan

Macedonia
Netherlands
Norway
Pakistan
Poland
Romania
Saudi Arabia
Singapore
South Korea
Spain
Sweden

Taiwan
Thailand
Tunisia
Turkey
UAE
 
SSEUR
(14-Eyes)



Belgium


Denmark


France
Germany





Italy




Netherlands
Norway






Spain
Sweden






 
SSPAC
(10-Eyes)

















Japan









Singapore
South Korea




Thailand






The countries in the column under "CNO" are from a list which is in an undated NSA document about collaboration regarding Computer Network Operations (CNO). The document was first published on October 30, 2013 by the Spanish paper El Mundo and classifies cooperation on four different levels, which was also explained by The Guardian.

The first level is called "Tier A - Comprehensive Cooperation", which comprises Britain, Australia, Canada and New Zealand. A second group, called "Tier B - Focused Cooperation" includes the 19 mostly European countries listed above. A third group of "Limited cooperation" consists of countries such as France, Israel, India and Pakistan, and finally a fourth group is about "Exceptional Cooperation" with countries that the US considers to be hostile to its interests.

In May 2014, the list with the "Tier A" and "Tier B" countries was also published in Greenwald's book No Place To Hide, where he ignores the fact that the document was about CNO cooperation and simply assumes that the "Tier B" countries are the same as those with 3rd Party status.*



Map showing the 2nd Party and 3rd Party partners of NSA
(click to enlarge)


Representatives

The representatives of NSA in major Third Party countries are called Special US Liaison Advisor (SUSLA), followed by the name of the country. So for example the NSA representative in Germany is the Special US Liaison Advisor, Germany (SUSLAG).

The office staff of such an advisor is called the Special US Liaison Activity (also abbreviated as SUSLA), and for example the SUSLA Germany had 18 personnel (12 civilians and 6 contractors) in 2012, a number which was to be reduced to 6 in 2013.*

It is not clear whether the various Third Party agencies also have a representative at NSA headquarters and if so, what their title is. At NSA these relationships are managed by the Foreign Affairs Directorate (FAD), which has a Country Desk Officer (CDO) for every country or region that matters.



Multilateral groups

Although the Third Party relationships are strictly bilateral, some of these countries have also worked very close with each other for a long time. This has been formalized into a few multilateral groups in which intelligence is exchanged not only between one particular country and the US, but also among all other participants. Besides NATO, the following three SIGINT sharing groups are known:


- SIGINT Seniors Europe (SSEUR)
This group consists of the Five Eyes and nine European countries: France, Germany, Spain, Italy, Belgium, the Netherlands, Denmark, Norway and Sweden. Except for Sweden, all are NATO members. After the number of countries, the SSEUR are also called 14-Eyes. The "Seniors" refers to the heads of the participating military or signals intelligence agencies, who in this group coordinate the exchange of military intelligence according to the needs of each member.
There's also a SIGINT Seniors Europe Counter Terrorism (SISECT) coalition* and in 2013, NSA encouraged GCHQ to host the permanent facility for the joint SSEUR collaboration center.*

> More about the SIGINT Seniors Europe

- SIGINT Seniors Pacific (SSPAC)
There's a similar group for multilateral exchange of military intelligence among some 3rd party nations from the East Asia/Pacific Rim region. Besides the members of the Five Eyes, the SIGINT Seniors Pacific include Singapore, South Korea and most likely Japan and Thailand. Probably one other country is participating too, making this group also being identified as the 10-Eyes.

> More about the The 6, 8 and 10 Eyes

- Afghanistan SIGINT Coalition (AFSC)
According to an NSA paper from 2013, this group consists of the same 14 countries as the SSEUR and is aimed at sharing Afghanistan-related intelligence reports and metadata among its participants. At the time of the paper, each AFSC-member was responsible for covering a specific area of interest, maybe corresponding to the region in Afghanistan where they had troops deployed.

Snowden and Greenwald agreed not to publish about NSA's involvement in Afghanistan, but the German book about the Snowden-leaks, Der NSA Komplex, reveals that the 14 AFSC-members cooperated closely in decrypting and analysing mobile communications and have a dedicated data center codenamed CENTER ICE for exchanging this kind of intelligence.*

This makes it likely that much of the metadata that various European countries shared with the US, mistakenly presented by Glenn Greenwald as NSA spying on European citizens, was collected as part of this Afghanistan SIGINT Coalition.



Links and Sources
- NSA document about Foreign Relations Mission Titles
- About Canada and the Five Eyes Intelligence Community (pdf)
- Duncan Campbell, Echelon and its role in COMINT

August 27, 2014

Another "red phone" for the Israeli prime minister

(Updated: September 9, 2014)

In an earlier posting on this weblog we took a look at the phones used by the Israeli prime minister Benjamin Netanyahu, which included an eye-catching red one. In some more recent pictures we can see that this red phone has apparently been replaced by an interesting looking white telephone.


Although this device itself is white, it has a rarely seen but very distinctive feature: a red curly cord for the handset and also a red cable for the phone line. The buttons are also surrounded by some kind of red overlay:



Israel Prime Minister Benjamin Netanyahu, right, meets with Defense Minister
Moshe Ya’alon and Chief of Staff Benny Gantz, July 26, 2014 in Tel Aviv.
(Photo: Handout/Getty - Click to enlarge)


The dark gray phone at the left is a more common Nortel M3904 executive phone - a model which is also used at the NSA headquaters and at the office of the British prime minister. Nortel was a big Canadian telephone equipment manufacturer, but was dissolved in 2009.


The white telephone with the red cord also appears on a side table in the seating corner of Netanyahu's office, where before there was only a black phone. The latter is a more common Telrad Executive Phone 79-100-0000 from the Israeli telecom equipment manufacturer Telrad. This phone is also in the office of the Israeli defense minister and therefore it seems to be part of the (non-secure) internal phone system of both ministries.



Esther Pollard meets with Prime Minister Benjamin Netanyahu, December 23, 2013.
We clearly see the "new" white phone next to the existing black one.
(photo: Netanyahu's Facebook-page - Click to enlarge)



US Secretary of State John Kerry and Israeli Prime Minister Benjamin Netanyahu
settle into their seats in Netanyahu’s office, January 2, 2014.
(Photo: US Department of State - Click to enlarge)


From the picture above we can make a close-up of the white telephone, which looks a bit different than the one in the first picture. It has no red overlay around the buttons, but instead a red lining around the display and red stripes on the back of the handset. Unfortunately the red letters above the display aren't readable:




The red markings and the red cords indicate that this phone is used like what in the US is called a "red phone". That's a telephone which is connected to a highly secured network for communicating with top level policymakers and military commanders. This doesn't necessarily mean that such a phone itself has to be capable of encrypting the voice data, that can also be done by an encryption device at the internal (secure) phone switch.

As the white telephone in Netanyahu's office is a rather large device, it could be possible that it can do the necessary encryption, although secure phones from other countries (like the STE used in the US) are often even bigger, so we cannot decide upon that.

Israel has its own manifacturer of secure communications equipment: the defense contractor Elbit Systems, which was formerly part of the Tadiran conglomerate. There are no pictures available of phones mabe by Tadiran or Elbit, so we cannot say whether the white telephone in the office of Netanyahu was made by this company.


The white telephone isn't actually very new, it is already in this picture from October 2011. Together with the black one from Telrad, the white phone is also on a side table next to another desk of Netanyahu, as we can see for example in this screenshot:



Prime Minister Netanyahu in one of his offices, October 9, 2013.
(photo: YouTube screen capture)


With the white phone not being completely new, it seems that it has been placed on Netanyahu's desk and in the seating corner on purpose: to show that the prime minister is always in charge and in contact with the military. Because of security reasons, it's rather unusual to see secure telephones with their classification markings in highly visible places like these ceremonial offices where guests are received and the press is allowed in.

UPDATE:
A reader of this weblog has recognized the white telephone as a Coral DKT-2320 made by the Israeli company Tadiran Telecom. Although this is a spin-off of the same Tadiran from which Elbit Systems emerged, this is a common office phone without security features. Therefore the red markings and the red cords from the one in Netanyahu's office most likely indicate that this phone is connected to a switch where the calls are encrypted in bulk.

August 5, 2014

What if Google was an intelligence agency?

(Updated: September 15, 2014)

This time we present an article written in cooperation with the French weblog about intelligence and defence Zone d'Intérêt in which we compare the data collection of Google to intelligence agencies like NSA:


Introduction

Since 1998, Google has grown to become an essential part of the web infrastructure and took an important place in the daily lives of millions. Google offers great products, from search engine to video hosting, blogs and productivity services. Each day, users provide Google, willingly and candidly, with many different kind of personal information, exclusive data and files. Google justifies this data collection for commercial purposes, the selling of targeted ads and the enhancement of its mostly free services.

These terabytes of user data and user generated content would be of tremendous value to any intelligence service. As former director of CIA and NSA Michael Hayden half-jokingly stated at Munk debates: "It covers your text messages, your web history, your searches, every search you’ve ever made! Guess what? That’s Google. That’s not NSA."

But really, how would a company like Google compare to an intelligence agency like the NSA? How would it be able to gain access to confidential information and go beyond OSINT (Open Source Intelligence)? Does Google even have the resources, data and technical capabilities to harvest all-sources intelligence like a major intelligence service would?

Google's unofficial motto is "Don't be evil", but what if Google started being evil and used all of its collected information as an intelligence agency would? What if intelligence professionals had access to Google's resources and data ? What would it mean for the users? And can this be prevented somehow? (it’s also rather ironic that many people now see NSA as a big evil organization, but Google collects even more)

This is the worst case scenario we'd like to explore:
What if Google was an intelligence agency?


Communications to intercept, private data to collect

As a major webmail (425 million active Gmail users in 2012 - source: Google I/O 2012) and instant messaging provider with Hangouts, Google has access to the daily communications of millions of individuals, corporations and organizations. This privileged access to telecommunications worldwide gives Google the opportunity to act as a major COMINT agency, not unlike NSA or GCHQ. Storing its users e-mails and broadcasting their instant messages with audio and video, Google is able to obtain a deep-reaching knowledge of their habits, intents and projects, either personal, professional or commercial. Enhanced with behavior analysis and targeted with collection selectors, theses communications, already stored on the company's servers could be used as a very powerful intelligence database.

NSA only stores data that have any foreign intelligence value, other data that might be useful are automatically deleted after 5 years, but how is that with Google? In the European Union, administrative authorities in charge of data protection, assembled in the Article 29 Working Party of the European Commission (or "G29"), have issued multiple warnings and penalties against Google regarding this issue. In January 2014, the french CNIL, an Art. 29 Working Party member, issued a 150 000€ monetary penalty to Google for failing to define retention periods applicable to the data which it processes. Data collected by Google isn't as strictly regulated and controlled as data collected by intelligence agencies, and it can stay on Google's servers until the company decides to delete it, at its own discretion.

And how about the risk if internal policy and privacy violations by Google personnel? Does Google has access control mechanism just as strict and tight as the compartimentalization and ‘need-to-know’ at NSA? They should have, as Google has far more information about ordinary people in its databases, which could be much more tempting to look at for employees than for example all the military and terrorism stuff that NSA collects. But Google also has to protect this information against foreign intelligence agencies.

Google also provides its users with phone services through its Android phone and tablet operating system, with 1 billion users worldwide in 2014 (source: Google I/O 2014). This could be used as an opportunity to monitor the calls - made or received - by its users, collect their metadata and even record their calls for intelligence purposes. This also goes for SMS and MMS send or received by its users, as android users send 20 billion text messages each day (source: Google I/O 2014). NSA’s database for SMS-messages DISHFIRE receives just around 200 million messages a day. Google is expanding the reach of its phone services, as calls to landline and mobile phones can be placed from Hangouts by any user of Gmail, Google+ and Chrome, even without using an Android device. With Fiber, Google is providing ISP services to three cities in the United States, with plans to expand. Google even wants to introduce internet access to remote areas in Africa via solar-powered balloons – which would also make it much easier for NSA, as many of these regions are also terrorist-related conflict zones where there’s often only mobile phone and radio traffic, which is more difficult to intercept than internet traffic, especially when the latter goes through a US company.

The expanding realm of its webmail and cloud services provides Google with a rare trove of otherwise private individual data and even confidential information from governments and companies. With Gmail, Google has access to sensitive information about individuals, such as their names, phone numbers, addresses or even social security numbers which may transit via e-mail. Logins and passwords from web services are often sent by e-mail, and so are activation and authentication codes. Many users want to take advantage of the free services offered by Gmail and automatically forward e-mails from other webmails or their company e-mail address to their Gmail address, creating a POP/SMTP link. Doing so, they increase the amount of e-mails and information accessible to Google. Private information about individuals, from health and financial issues to clues about their emotional state or relationship status can be found in e-mails. Everything from their buying habits, reading habits or subscriptions, to confidential information, can be extracted from e-mails using already available software, and then easily exploited by intelligence professionals.

Contact lists from services like Gmail, Hangouts, Google+ and from operating systems like Android and Chrome OS would be a valuable source for intelligence analysts, as they allow to identify links between individuals and perform social network analysis. Contacts lists were used in many occasions by intelligence agencies leading investigations against terrorist cells or organized crime groups, but can also be used in social engineering schemes or commercial intelligence.

Corporate information is hosted by Google through most of its services, as Gmail is used by many entrepreneurs and employees, whether it is duly authorized by their company or not. Important information can be retrieved in e-mails, such as details of industrial projects, business offers and everyday company communications. Many companies use Gmail attachments to send and receive corporate documents or use Google Drive to store their information. Google Calendar can also provide a great window into the daily activities of a company, as a way to identify links between individuals, be alerted of forthcoming meetings,  receive status reports from ongoing projects, or deduce a precise timeline of employees work habits. Recently, Google announced that 58% of Fortune 500 companies have "gone Google" and so did 66% of "50 top Start-Ups" and 72 of the 100 best universities (Source: Google Enterprise).

Given all these data containing often highly sensitive and private information, it is remarkable that people, businesses and organisations are so willing to trust it into the hands of Google. One wonders why some people really don’t like it when government officials could have access to such kind of information, but apparently completely trust the Google personnel. Who guarantees that Google isn’t looking into confidential information of other businesses that can be of interest?

Google Search, the first service provided by Google since 1998, receives about 100 billion searches per month and is a great tool used every day by intelligence professionals. Google search crawlers scan the web for individual URLs, web pages and files, using the Google powerful servers. They are able to record, collect and cache any kind of text content, images, video and audio files, and most document formats such as Word and PDF. Google Search can be used to find unrestricted or insufficiently secured subdomains, files, folders and archives, from websites and networks. Using advanced operators, Google can be used to find misplaced confidential information and other vulnerabilities. If there’s one application that is able to read your deepest thoughts, fears and desires, like Edward Snowden said NSA is capable of, then it is Google Search.


Individuals to identify, targets to monitor

Google Search can also be exploited for advanced statistics, behavior analysis of users, identification of single users, and to locate them. Using cookies and connection data recorded by Google for every search, such as IP address, user agent and search terms, the user can be identified and located to a certain extent. Taking advantage of persistent cookies, IP adresses and forensic techniques, such as discourse analysis or syntax analysis, and sifting through recorded searches, online activity through Google services can then be narrowed down to a single organization, a set of users or even a single user.

Recording precisely the search terms from an identified user, company or organization can help an intelligence professional create new, more efficient selectors for intelligence collection and communication interception, based on the interest of users and unique searches. For example, many companies will use Google to find new business prospects, partners or suppliers. Journalists will do background checks on their sources using Google. Scholars and scientists will do their research using Google search, revealing precise information about what they are looking for and what they are working on.

Similar data is collected on many other websites which are not owned or related to Google, but which make use of Google Analytics, a Google-run service allowing webmasters to collect detailed information about their users, such as their IP addresses (collected by Google but not shown to webmasters), what search terms they used to reach their websites and which pages they browsed. While challenging sanctions from the European Art. 29 Working Party, Google refuted that an IP address constitutes personal data, even when associated with data from cookies, and should not be treated as such regarding privacy issues. Which once again shows the different views on privacy  in Europe and the US

But Google has access to much more precise data to identify users and monitor their online activities. Some services, such as Gmail, require users to be registered and to give accurate personal information, such as their real name, their birthdates, their country of residence or another e-mail address they own. Google is also pushing two-factor authentication, requiring that their users disclose an active phone number. While launching its Google+ service, which is now linked to other services such as Gmail and Youtube, Google discouraged the use of pseudonyms and required that all users registered using their real name, or risk account suspension. In October 2012, G29 issued a recommendation to Google that it must inform new users more clearly that they can sign-up to a Google account without providing their real name.

 When users use any Google service while logged in, or with Google cookies activated, or even from an IP address which was previously used while logged in, all of their online activity transiting on Google networks can be traced back to them. On many occasions, personal files and documents stored on Google Drive, or images stored on Google+ Images and Picasa could be traced by Google back to the real name of a registered user. E-mails, instant messages, personal documents, videos and pictures, all stored by Google, can be used to create a very complete and precise profile of a single individual. According to numbers published by Google during I/O 2014, Android users send "93 millions selfies" each day.

The Google image search algorithm is able to identify faces and places in pictures. The image search facial recognition feature is only activated to find pictures of celebrities, but Google+ Photos includes an opt-in service called "Find My Face" capable of automatically recognizing and tagging the user's face in photos uploaded by him or by his friends. Google implemented a "Face Unlock" feature in Android, allowing users to unlock their devices using their camera, showing that Google's recognition algorithms are precise enough to identify an individual, even with slight changes due to lighting conditions or face expression. In addition, Google recurring pop-ups incite Android users to activate a function which automatically uploads all new photographs taken with their device to Google+ Photos and Google Drive. EXIF data and geotags from each photo are collected too. As another option, Google image search has a "reverse image search" functionality which allows any user to upload an image from his computer and let Google's pattern recognition algorithm find similar images. In the help section of Google's image search, it is stated that "any images or URLs that you upload will be stored by Google".

Google's photos database would be an extraordinary tool to any intelligence professional trying to find someone, learn about its habits or identify people he is related to. Recently, intelligence agencies such as the American DIA (Defense Intelligence Agency) or the French DGSE have been acquiring commercial software to collect videos and photos posted online for intelligence purposes, which shows the interest of intelligence analysts for user generated content. In 2010, Google invested 100 million dollars in Recorded Future a company specializing in data mining, advanced statistics, internet traffic monitoring and defense intelligence. Recorded Future was also funded by In-Q-Tel, the technology investment firm of the CIA.

Using data collected through Google Voice Search and Google Now, intelligence technicians could be able to build a large phonemes database to enhance word recognition algorithms, but also to implement voice recognition in order to identify single users based on their voice. For advanced target monitoring, the microphone from a computer, tablet or smartphone running Android or Chrome OS could be activated in order to eavesdrop on a target, using OS-level or App-level backdoors. Coupled with voice recognition, these techniques could be used to identify and locate targets.

In such a scenario, OS-level access could be used to implement backdoors for keylogging, password collection, communication intercepts, microphone or camera hijacking, or even GPS silent activation and monitoring. Access to Google's database would make network penetration easier, as Android devices record the WiFi passwords from secured access points they connect to and store them to the cloud.


Map any place, locate anyone

In 2004, Google acquired Keyhole, a company partly funded by the CIA and the NGA, which developed the technology behind Google Earth, a Google product which provides users with maps and commercial satellite imagery from around the world. Other Google mapping initiatives are Google Maps and Street View. Google Earth is used by many intelligence professionals, whether they work for government agencies or for private contractors, and is often listed as a common tool in intelligence sector job descriptions and resumes.

A useful feature of Google Maps and Google Earth is the ability for users to add tags, photos and points of interests (POI) over the maps and imagery provided by Google. This feature results in crow-sourced sets of maps, which are improved by the output of users who have good knowledge of the places they describe, whether they are travelers, dwellers or experts. This ground knowledge is obtained at no cost by Google and can result in very detailed descriptions, even from remote places. Google also benefits from the geotagged photographs from Panoramio, acquired by Google in 2007, and from POIs added by users participating in Google side-projects, such as Niantic Labs' Field Trip and Ingress applications. Google recently acquired the imaging company Skybox, taking advantage of its growing constellation of satellites.

Another way for Google to get intel from the ground and improve its worldwide mapping capabilities is Street View, by which Google collects 360° snapshots along roads and trails. With Street View, Google is able to get detailed and fresh information about buildings, installations and constructions. This collection effort even captures photos from remote places or restricted areas, such as military bases or intelligence facilities (examples: MI5 installation in the United Kingdom, DGSE station in France) Google has recently announced Project Tango, which is aimed at developing new sensors for mobile devices, in order to map their surroundings in 3D, such as the interior of buildings. Access to the photographs and geospatial information collected by Google through Google Maps, Street View, Google Earth and Panoramio, but also from search crawlers and user content uploaded to the cloud, would be of considerable interest to intelligence technicians. For instance, Letitia A. Long, director of the National Geospatial Intelligence Agency (NGA) recently stated that her agency was increasingly taking advantage of data collected through open sources and social networks. In these cases the possibilities of Google’s commercial tools seem to have already outpaced those used by government agencies.

Google is also making considerable effort in precisely locating its users. Users are often prompted to authorize their localization by Google services, from Google Search to Google Maps and Android. To achieve precise location of a user, Google is using all data available, from search queries which mention a place, to IP addresses and connection data, to GPS signal provided by the user's device.* Google also uses a patiently crafted database of Wi-Fi access points, hotspots and cell towers, which contains MAC addresses, BSSIDs and Cell IDs. This data is collected by Google Street View cars, contractors, but also when a user device allows localization privileges to a Google service or application. This worldwide crowd-sourced database is very detailed, precise and regularly updated. This data collection is often running in the background on users' devices and provide Google with the precise location of many of its users.

For intelligence purposes, geolocation data could be used to silently track a target or get information about their routines. Localization data is stored and logged by Google, and can be accessed by registered users in their Location History. Access to such information by intelligence technicians could be used for behavior analysis, remote surveillance, forensics and social network analysis. Combined with Google access to many Wi-Fi passwords, a precise map of MAC addresses worldwide would provide intelligence technicians and operators with an opportunity to conduct network penetration and communication intercepts. All this could be very valuable for agencies like NSA, as some of the Snowden-documents showed that they now have to put much effort in mapping such communication networks “from the outside”.


A proxy in intelligence collection?

Google collects user data for commercial purposes, mainly to sustain its business model based on online targeted ads, which accounted for 96% of Google's revenue in 2011. However, Google is sharing its worthy data with governments and their intelligence services, when complying with court orders or local laws. According to its Transparency Report, in 2013 Google complied to thousands of user data requests from governments of countries such as the United States, India, France, Germany, United Kingdom, Brazil or Italy. Google reports that it provides user data to "law enforcement agencies", but does not state exactly what kind of data is given. As example, Google cites IP addresses and personal information given by the users when they register, but it is not clear whether or not data provided to authorities is restricted to these elements. Given the large amount of data collected and stored by Google on every user, government agencies could receive a very detailed history of a user's communications and online activity, or even a copy of its hosted files.

In recent NSA and FBI intelligence collection programs, user data can be requested under a legal framework, such as FISA requests, which does not authorize Google to inform its users of the request. Moreover, clandestine intelligence efforts gave the NSA access to Google's data, without the need for legal requests.

In most democratic countries, intelligence services aren't allowed to intercept communications from their citizens nor to collect user data without  the authorization of a judge or commission. Many intelligence activities are meant to be constrained by the rule of law and monitored by congressional oversight to ensure that individual liberties are respected. However, commercial companies are not subject to the same restrictions and can collect a lot of their users data, as long as they duly inform them.

Such loophole can be purposely exploited by an intelligence agency, taking advantage of the ever-growing database from big companies such as Google, either by legally requesting the information collected from their users or by trying to access it covertly. In such occurrences, Google would act as a proxy in intelligence collection, unwillingly (?) putting its resources at the disposal of intelligence services. Citizens and businesses may not want to share as much private information and contents with an internet services company given the possibility that it may later be accessed by intelligence services, domestic or foreign.

One major argument against the collection of data conducted by NSA (or other intelligence angencies) is that they can be used against the people when government is taken over by evil people. Western governments at least have checks and balances, but Google is just a commercial company, and what would happen when, say, some huge  Chinese company would take it over? Then our complete digital lives would be under control of people who care less about individual freedom and privacy. As probably no one (especially the US government) wants that to happen, Google will have to stay an American company one way or another – which makes it even more like a proxy for US intelligence.

In a recent case, Google tipped off the National Center for Missing and Exploited Children after scanning the emails of its users, looking for contents related to child pornography. It seems that Google was not asked by a law enforcement agency to monitor the communications of a single user under investigation, or even to scan emails for suspicious contents. Google acted on its own, scanning emails, maybe on a massive scale, to find suspicious activities. Even though going against child exploitation can be seen as a noble endeavor, it seems that Google may be running its own law enforcement operations, scanning its users' data for what it deems illicit. As Google gives little information about the company's operations, it is hard to know what kind of users' activities could be monitored by Google and proactively reported to authorities or others organizations. It is not clear if this proactive reporting only occurs in the United States, or if it may extend to other, less democratic countries.


Closing thoughts

From an intelligence standpoint, the sheer amount of data that Google collects about individuals and businesses is unrivaled. A single piece of information recorded by Google about a user could be considered innocuous, but the sum of all collected data which can be narrowed down to an individual or an organization gives an intimate picture of its thoughts, intent and activity.

The way Google systematically tries to gain access to new kind of data about its users, whether it's their e-mails, their work files, their personal pictures, their location, or confirmation of their real identity, is propelled by a commercial strategy and a so-called wish to "change the world", making their users' lives easier. However, this "know-it-all" approach facilitates data mining efforts from intelligence services which pursued programs such as "Total Information Awareness" and are conducting large-scale intercepts.*

Of course, this issue is not confined to Google but affects other companies such as Amazon, Apple or Facebook, as well as many other smaller companies. Still, Google owns a special place in the digital world of user data, as it concentrates a wide range of user information, operates phone and email services, develops operating systems and stores users files in the cloud. Google holds a big responsibility to ensure the security and privacy of its users data worldwide, but its ongoing efforts to do so can hardly be considered sufficient.

Google security practices are generally considered state of the art and the company recently announced support for end-to-end encryption in GMail, but the body of messages will remain unencrypted on Google's servers and accessible to the company's bots. In october 2013, Google became aware of a covert network penetration lead by the NSA, targeting communications links connecting the company's data centers, which were not encrypted.* The exact amount of user data which may have been collected by the NSA during the operation is still unclear.

- Google privacy policy is sometimes cloudy, and users trying to get informed about what data they release to Google, how this data will be used and how long it will be retained, have to sift through disclaimer pages scattered on Google's websites.

- As a major stakeholder in the worldwide web, Google has to bring more accountability and transparency about what is shared from its users. The user data that could potentially be provided to law enforcement agencies should be clearly and precisely marked as such. It should become clear to all users that some of their data, whether it's personal information, files, e-mails, messages, metadata from network traffic or phone calls, or even recorded communications may become available to intelligence services.

- Also, Google should clarify if this information can be provided only to the law enforcement agencies of the user's country of residence or also to United States government agencies, as Google is an American company with most of its servers and activities in the US.

- American web companies and cloud operators are facing growing critics about their vulnerability to US intelligence operations. Some in Europe advocates for sovereign "national clouds" restricting data retention and traffic between secured servers and users, forbidding access to the American government. During an hearing before the United States Senate in November 2013, Richard Salgado, Google's director for law enforcement and information security, stated that "in the wake of press reports about the so-called "PRISM" program", he was concerned by the trend of "data localization" that could result in the creation of a "splinternet" and the "effective Balkanization of the Internet". Data localization would also probably cost more to Google, and would place the company under the law of each country where the company processes user data. In many cases Google argued that it was established in the United States and therefore was not subjected to the law of European countries, as all data processing occurs in the USA. However in France, Google was imposed a (small) financial penalty as the administrative authority made clear that the company had to comply with the French Data Protection Act.

- Google cannot condone a systematic breach of confidentiality and privacy of its users. A call to reform US government surveillance laws cannot be considered enough. Google must implement proactive measures, reinforcing its network security, offer end-to-end encryption for all of its services, securely distribute users' files hosting in their countries of residence and better inform its users of privacy risks. These measures could be seen as costly, but are necessary to maintain the trust of Google's user base and main source of revenue.


Google has massive technical capabilities for user data retention, metadata collection, telecommunications monitoring, localization, mapping and imaging, all which could allow it to act as an intelligence agency. The main difference is that Google has a different goal (commercial) than an intelligence agency, but this also makes that Google gathers far more data than an intelligence agency is legally allowed to do.

How long is user data kept on Google's servers? What kind of user data is shared with law enforcement agencies or intelligence services around the world? How does Google prevent its employees to access their users personal data or location? How is the data you gave Google secured against hackers or from intelligence services malicious attacks?

Google don't really say, but you have to take their word for it.



Update:
On September 15, 2014, Wikileaks-founder Julian Assange told the Italian newspaper L'Espresso that he now wants to warn against Google: "They believe they are doing good, but they are now aligned with US foreign policy. This means that Google can intervene on behalf of US interests, for example, it can end up compromising the privacy of billions of people, it can use its advertising power for propaganda".