The five students who initiated the "dragnet" (sleepwet) referendum

U. S. President Barack Obama attends the opening session of the Nuclear Summit in The Hague, the Netherlands, on Monday, March 24, 2014.

In the wake of the Snowden leaks, which revealed the pervasiveness of the NSA's surveillance techniques, it seems no one, including journalists, is safe

By being part of First Look Media since the beginning, Lee has had a chance to shape its security practices from day one, teaching journalists the best digital security practices

Overview of the safeguards for untargeted cable access (in Dutch)Stage 2 is only mentioned where it prepares for stage 3 (source: Dutch government

Edward Snowden talks during a simulcast conversation during the SXSW Interactive Festival on Monday, March 10, 2014, in Austin, Texas.

A large file from the commission documents is about the reaction on the revelation of PRISM. In August 2013, members of the Bundestag asked so many questions about this NSA program, that one BND employee complained that it was unreasonable to expect that his agency could provide all the answers.
At that time, many details about PRISM weren't clear yet and statements from the US government and from internet companies seemed to contradict eachother. Among the documents that BND forwarded to the parliamentary commission was also one report from July 2013, which summarizes what was known about PRISM at that time.
This report was made by civil servants from unit ÖS I 3 of the Public Safety division of the German Interior Ministry (BMI). After summarizing what was known from the press reports, the report also describes a second tool that is named PRISM - based upon an earlier article on this weblog:

Julian Paul Assange

Julian Paul Assange (/əˈsɑːnʒ/; né Hawkins; 3 July 1971) is an Australian journalist[disputed – discuss] and computer programmer who founded WikiLeaks in 2006. WikiLeaks came to international attention in 2010 when it published a series of leaks provided by Chelsea Manning. These leaks included the Collateral Murder video (April 2010), the Afghanistan war logs (July 2010), the Iraq war logs (October 2010), and CableGate (November 2010). After the 2010 leaks, the United States government launched a criminal investigation into WikiLeaks and asked allied nations for assistance.
In November 2010, Sweden issued an international arrest warrant for Assange  after questioning him months earlier about allegations of sexual assault. Assange denied the allegations, and said that they were just a pretext for him to be extradited from Sweden to the United States because of his role in publishing secret American documents. Assange surrendered to UK police on 7 December 2010 but was released on bail within 10 days. Having been unsuccessful in his challenge to the extradition proceedings, he breached his £340,000 bail  in June 2012 to seek asylum from Ecuador. In August 2012, Assange was granted asylum by Ecuador due to fears of political persecution and possible extradition to the United States. He remained in the Embassy of Ecuador in London for almost seven years.  Swedish prosecutors later suspended their investigation and applied to revoke the European arrest warrant in May 2017. 
During the 2016 U.S. Democratic Party presidential primaries, WikiLeaks hosted emails sent or received by candidate Hillary Clinton from her private email server when she was Secretary of State.  The U.S. Intelligence Community, as well as a Special Counsel investigation, concluded that the Russian government carried out a hacking campaign as part of broader efforts of interference in the 2016 United States elections. In 2018, twelve Russian intelligence officers, mostly affiliated with the GRU, were indicted on criminal charges by Special Counsel Robert Mueller; the indictment charges the Russians with carrying out the computer hacking and working with WikiLeaks and other organisations to spread the stolen documents.  Assange consistently denied any connection to or co-operation with Russia in relation to the leaks, and accused the Clinton campaign of stoking "a neo-McCarthy hysteria". 
On 11 April 2019, Assange's asylum was withdrawn following a series of disputes with the Ecuadorian authorities. The police were invited into the embassy, and he was arrested.  Later that day he was found guilty of breaching the Bail Act and on 1 May 2019 he was sentenced to 50 weeks in prison in the United Kingdom.  On the same day, the United States government unsealed an indictment against Assange for alleged computer intrusion, related to the leaks provided by Chelsea Manning. On 23 May 2019, the United States government further charged Assange with violating the Espionage Act of 1917. Executive editors from top newspapers including The Washington Post and The New York Times criticized the government's decision to charge Assange under the Espionage Act.  As a result of the revocation of his asylum, and at the request of his alleged rape victim's lawyer, Swedish prosecutors reopened their investigation in May 2019.  Assange is incarcerated in HM Prison Belmarsh. 

Leaked documents that were not attributed to Snowden
June 22, 2018)  

Since June 2013, numerous top secret documents from the American signals intelligence agency NSA and its British counterpart GCHQ have been disclosed. The overwhelming majority of them came from the former NSA contractor Edward Snowden.

The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence. The NSA is responsible for global monitoring, collection, and processing of information and data for foreign and domestic intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence(SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems. The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine. 
Originating as a unit to decipher coded communications in World War II, it was officially formed as the NSA by President Harry S. Truman in 1952. Since then, it has become the largest of the U.S. intelligence organizations in terms of personnel and budget.  The NSA currently conducts worldwide mass data collection and has been known to physically bug electronic systems as one method to this end.  The NSA has also been alleged to have been behind such attack software as Stuxnet, which severely damaged Iran's nuclear program.  The NSA, alongside the Central Intelligence Agency (CIA), maintains a physical presence in many countries across the globe; the CIA/NSA joint Special Collection Service (a highly classified intelligence team) inserts eavesdropping devices in high value targets (such as Presidential palaces or embassies). SCS collection tactics allegedly encompass "close surveillance, burglary, wiretapping, [and] breaking and entering". 
Unlike the CIA and the Defense Intelligence Agency (DIA), both of which specialize primarily in foreign human espionage, the NSA does not publicly conduct human-source intelligence gathering. The NSA is entrusted with providing assistance to, and the coordination of, SIGINT elements for other government organizations – which are prevented by law from engaging in such activities on their own. As part of these responsibilities, the agency has a co-located organization called the Central Security Service (CSS), which facilitates cooperation between the NSA and other U.S. defense cryptanalysis components. To further ensure streamlined communication between the signals intelligence community divisions, the NSA Director simultaneously serves as the Commander of the United States Cyber Command and as Chief of the Central Security Service.
The NSA's actions have been a matter of political controversy on several occasions, including its spying on anti-Vietnam-war leaders and the agency's participation in economic espionage. In 2013, the NSA had many of its secret surveillance programs revealed to the public by Edward Snowden, a former NSA contractor. According to the leaked documents, the NSA intercepts and stores the communications of over a billion people worldwide, including United States citizens. The documents also revealed the NSA tracks hundreds of millions of people's movements using cellphones metadata. Internationally, research has pointed to the NSA's ability to surveil the domestic Internet traffic of foreign countries through "boomerang routing". 

The Government Communications Headquarters (GCHQ) is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance to the government and armed forces of the United Kingdom.  Based in "The Doughnut" in the suburbs of Cheltenham, GCHQ is the responsibility of the country's Secretary of State for Foreign and Commonwealth Affairs, but it is not a part of the Foreign Office and its director ranks as a Permanent Secretary.
GCHQ was originally established after the First World War as the Government Code and Cypher School (GC&CS) and was known under that name until 1946. During the Second World War it was located at Bletchley Park, where it was responsible for breaking of the German Enigma codes. There are two main components of the GCHQ, the Composite Signals Organisation (CSO), which is responsible for gathering information, and the National Cyber Security Centre (NCSC), which is responsible for securing the UK's own communications. The Joint Technical Language Service (JTLS) is a small department and cross-government resource responsible for mainly technical language support and translation and interpreting services across government departments. It is co-located with GCHQ for administrative purposes.
In 2013, GCHQ received considerable media attention when the former National Security Agency contractor Edward Snowden revealed that the agency was in the process of collecting all online and telephone data in the UK via the Tempora programme.  Snowden's revelations began a spate of ongoing disclosures of global surveillance. The Guardian newspaper was then forced to destroy all incriminating files given to them by Snowden because of the threats of lawsuits from the UK Government.

But what many people probably didn't notice, is that some of these documents (some being very compromising and embarrassing for NSA) were not provided by Snowden, but by other leakers. 
Often, the press reports didn't mention that very clear, and it was only by not attributing such documents to Snowden, that it became clear they apparently came from someone else.
So far, the following classified documents have been disclosed without having been attributed to Snowden:
- Chancellor Merkel tasking record
- TAO's ANT product catalog

- NCTC watchlisting guidance
- NCTC terrorist watchlist report

- XKEYSCORE rules: New Zealand
- Ramstein AFB supporting drone operations
- NSA tasking & reporting: France
- NSA tasking & reporting: Germany
- NSA tasking & reporting: Brazil
- NSA tasking & reporting: Japan
- Chinese cyber espionage against the US
- XKEYSCORE agreement between NSA, BND and BfV
- The Drone Papers
- Cellphone surveillance catalogue

- US military documents: Iraq and Afghanistan
- NSA tasking & reporting: EU, Italy, UN
- TAO hacking tools (The Shadow Brokers)
- FBI & CBP border intelligence gathering
- TAO IP addresses and domain names

- TAO Windows files
- CIA hacking tools (Vault 7)
- TAO Solaris exploits
- TAO Windows exploits + SWIFT files
- CIA specific hacking projects (Vault 7)
- NSA report about Russian hacking
- CIA source code (Vault 8)

- Some thoughts on the form of the documents
- Some thoughts on the motives behind the leaks
- Conclusion

Document collections
The most user-friendly collection of all the leaked documents can be found on the website IC Off The Record (which started as a parody on IC On The Record, the official US government website on which declassified documents are published).
Other websites that collect leaked documents related to the Five Eyes agencies, so from Snowden as well as from other sources, are FVEY Docs and Cryptome. The Snowden-documents are also available and searchable through the Snowden Surveillance Archive.

Domestic US leaks
Here, only leaks related to foreign signals intelligence and related military topics will be listed. Not included are therefore documents about American domestic operations, like for example:
- Several revelations about the DEA
- The FBI's Domestic Investigations and Operations Guide (DIOG) and related documents (Update: in March 2018, Minneapolis FBI agent Terry James Albury was charged with leaking these documents to The Intercept) 

Original documents

Also not included are stories based upon leaks of information without original documents being published, like for example about NSA's interception efforts against Israel or the intercepted communications of the Russian oligarch Yevgeniy Prigozhin.

          - Documents not attributed to Snowden -         

Chancellor Merkel tasking record

On October 23, 2013, the German magazine Der Spiegel revealed that the NSA may have eavesdropped on the cell phone of chancellor Merkel. This was based upon "the excerpt from an NSA database about Merkel's cell phone", which the magazine received.* A journalist from Der Spiegel made a transcription of the database record, and later on, a copy of this transcription was printed in some German newspapers.
Glenn Greenwald confirmed that this information didn't came from the Snowden archive, and also Bruce Schneier was convinced that this came from a second source.

- Kanzler-Handy im US-Visier? Merkel beschwert sich bei Obama
- NSA-Überwachung: Merkels Handy steht seit 2002 auf US-Abhörliste

- Transcript of an NSA database record

Date of the document: ?

> See also: Update on tapping German chancellor Merkel's phone

TAO's ANT product catalog

On December 29, 2013, the German magazine Der Spiegel published a 50-page catalog from the ANT-unit of NSA's hacking division TAO. It contains a wide range of sophisticated hacking and eavesdropping techniques. The next day, Jacob Appelbaum discussed them during his presentation at the CCC in Berlin.
According to Bruce Schneier this catalog came from the second source, who also leaked the Merkel tasking record and the XKEYSCORE rules.

- Shopping for Spy Gear: Catalog Advertises NSA Toolbox

- ANT Product Catalog (SECRET/COMINT)

Date of the document: 2008?


On July 3, 2014, the German regional television magazine Reporter disclosed the transcripts of a set of rules used by the NSA's XKEYSCORE system to automatically execute frequently used search terms, including correlating different identities of a certain target.
According to Bruce Schneier, these rules could be leaked by the second source, which also provided the Merkel tasking record and the TAO catalog.

- NSA targets the privacy-conscious

- Transcript of XKeyscore Rules (classification not included)

NCTC watchlisting guidance

On July 23, 2014, the website The Intercept published a manual from the US National CounterTerrorism Center (NCTC) with rules and indications used for putting people in terrorist databases and no-fly lists.
The Intercept says this document was provided by a "source within the intelligence community".

- The Secret Government Rulebook for Labeling You as a Terrorist

- March 2013 Watchlisting Guidance (UNCLASSIFIED/FOUO)

Date of the document: March 2013

NCTC terrorist watchlist report

On August 5, 2014, The Intercept published a report from the US National CounterTerrorism Center (NCTC) about terrorist watchlists and databases.
Just like the previous document, this was also obtained from a "source within the intelligence community". Bruce Schneier says this report is from August 2013, which is well after Snowden had fled the US, and therefore he assumes it was leaked by a third source.

- Watch Commander - Barack Obama’s Secret Terrorist-Tracking System, by the Numbers

- Directorate of Terrorist Identities (DTI) Strategic Accomplishments 2013(SECRET/NOFORN)

Date of the document: August 2013

XKEYSCORE rules: New Zealand

On March 14 and March 22, 2015, The New Zealand Herald published transcripts of two sets of XKEYSCORE fingerprints that define targets of the New Zealand signals intelligence agency GCSB. They were not attributed to Snowden, although in the weeks before, New Zealand media published several other documents that did come from the Snowden cache.

- Revealed: The names NZ targeted using NSA's XKeyscore system
- How spy agency homed in on Groser's rivals

- Fingerprint about the WTO (TOP SECRET/COMINT)
- Fingerprint about the Solomon Islands (TOP SECRET/COMINT)

Date of the documents: January 6 & May 6, 2013

> See also: New Zealand and XKEYSCORE: not much evidence for mass surveillance

Ramstein AFB supporting drone operations

On April 17, 2015, The Intercept and Der Spiegel published a series of slides showing the infrastructure which is used for operating drones, for which the US base in Ramstein, Germany, acts as a relay station.
In the Citizen Four we see Glenn Greenwald visiting Snowden in Moscow, telling him there's a new source which revealed the role of Ramstein AFB in the drone program.

- Germany is the Tell-Tale Heart of America's Drone War
- Bündnisse: Der Krieg via Ramstein

- Architecture of U.S. Drone Operations (TOP SECRET/REL)

Date of the document: July 2012

NSA tasking & reporting: France

On June 23, 2015, Wikileaks, in collaboration with the French paper Libération, the German newspaper Süddeutsche Zeitung and the Italian paper l'Espresso, published the transcript of entries from an NSA tasking database, as well as intelligence reports about high-level French targets.

- Espionnage Élysée
- Nsa, intercettati i presidenti francesi Francois Hollande e Nicolas Sarkozy

- Top French NSA Targets (no classification available)
- Top French NSA Intercepts (up to TOP SECRET/COMINT-GAMMA)
- Economic Spy Order (SECRET/REL)

Timeframe of the documents: 2004 - July 31, 2012

> See also: Wikileaks published some of the most secret NSA reports so far

NSA tasking & reporting: Germany

On July 1, 2015, Wikileaks, in collaboration with Libération and Mediapart, Süddeutsche Zeitung and l'Espresso, published the transcript of entries from an NSA tasking database, as well as intelligence reports about high-level German targets.

- NSA Helped CIA Outmanoeuvre Europe on Torture
- I dubbi di Angela Merkel sulla Grecia spiati dalla Nsa americana

- Top German NSA Targets (no classification available)
- Top German NSA Intercepts (up to TOP SECRET/COMINT-GAMMA)

Timeframe of the documents: 2005 - August 2011

NSA tasking & reporting: Brazil

On July 4, 2015, Wikileaks published the transcript of entries from an NSA tasking database about high-level Brazilian targets. Unlike similar disclosures about France, Germany and Japan, no intelligence reports about Brazil were disclosed.

- Bugging Brazil

- Top Brazilian NSA Targets (no classification available)

NSA tasking & reporting: Japan

On July 31, 2015, Wikileaks, in collaboration with Süddeutsche Zeitung, l'Espresso, The Saturday Paper from Australia and the Japanese newspaper Asahi Shimbun, published the transcript of entries from an NSA tasking database, as well as intelligence reports about high-level Japanese targets.

- Target Tokyo
- Wikileaks: 'Nsa spiava il governo giapponese. Sotto controllo anche Mitsubishi'

- Top Japanese NSA Targets (no classification available)
- Top Japanese NSA Intercepts (TOP SECRET/COMINT)

Timeframe of the documents: 2007 - 2009

Chinese cyber espionage against the US

On July 30 and August 10, 2015, NBC News published two slides about Chinese cyber espionage against over 600 US companies and government agencies, including access to the e-mail of top government officials since at least 2010.
This leak stands out because the slides are in digital form, and they support a story that shows the neccessity of NSA - which seems to point to an authorized leak.

- Exclusive: Secret NSA Map Shows China Cyber Attacks on U.S. Targets
- China Read Emails of Top U.S. Officials

- China: Cyber Exploitation and Attack Units (SECRET)
- U.S. Victims of Chinese Cyber Espionage (SECRET)

Date of the document: February 2014

XKEYSCORE agreement between NSA, BND and BfV

On August 26, 2015, the German newspaper Die Zeit published the transcript of the Terms of Reference (ToR) about the use of NSA's XKEYSCORE system by the German security service BfV.
Being a transcript and being about XKEYSCORE, this could be from the same source as the XKEYSCORE rules, but it's also possible it came from a source within a German government agency.

- A Dubious Deal with the NSA

- XKeyscore - the document (SECRET/COMINT)

Date of the document: April 2013

The Drone Papers

On October 15, 2015, The Intercept published a series of documents with details about drone operations by the US military between 2011 and 2013.
In the Citizen Four we see Glenn Greenwald visiting Snowden in Moscow, telling him there's a new source which revealed the role of Ramstein AFB in the drone program, including the chain of command diagram which is part of this batch of documents.

- The Assassination Complex 
- The Kill Chain

- Small Footprint Operations 2/13 (SECRET/NOFORN)
- Small Footprint Operations 5/13 (SECRET/NOFORN)
- Operation Haymaker (SECRET/NOFORN)
- Geolocation Watchlist (TOP SECRET/COMINT)

Timeframe of the documents: 2011 - May 2013

> See also: U.S. Intelligence Support to Find, Fix, Finish Operations

Cellphone surveillance catalogue

On December 17, 2015, The Intercept published a range of pages from a classified catalogue containing cellphone surveillance equipment, including IMSI-catchers like Stingrays and DRT boxes.
Just like the NCTC reports, The Intercept obtained this document from a "source within the intelligence community".

- Stingrays - A Secret Catalogue of Government Gear for Spying on Your Cellphone

- Government Cellphone Surveillance Catalogue (SECRET/NOFORN)

Date of the document: after 2012

> See also: DRTBOX and the DRT surveillance systems

US military documents: Iraq and Afghanistan

On February 14, 2016, the website Cryptome published a batch of word and some pdf-documents containing various US military manuals and policy papers regarding operations and activities in Iraq and Afghanistan.

- Document Dump 16-0214, Batch 0001 (classified up to SECRET)

Timeframe of the documents: 

NSA tasking & reporting: EU, Italy, UN

On February 23, 2016, Wikileaks published the transcript of entries from an NSA tasking database, as well as intelligence reports about high-level targets from the European Union, Italy and the United Nations, including German chancellor Merkel and Israeli prime minister Netanyahu.

- NSA Targets World Leaders for US Geopolitical Interests
- WikiLeaks reveals the NSA spied on Berlusconi and his closest advisors

- EU Targets - EU Intercepts (TOP SECRET/COMINT)
- Italy Targets - Italy Intercepts (TOP SECRET/COMINT)
- UN Targets - UN Intercepts (up to TOP SECRET/COMINT-GAMMA)

Timeframe of the documents: 2006 - 2011

TAO hacking tools (The Shadow Brokers)

On August 15, 2016, someone or a group called The Shadow Brokers published a large set of computer code attributed to the Equation Group, which is considered part of the NSA's TAO division. Many of these hacking tools affected hardware firewalls, from companies such as Cisco and Juniper.

- Everything you need to know about the NSA hack (but were afraid to Google)

- NSA malware files (.zip-file via Cryptome)

Timeframe of the documents: until October 18, 2013

> See also: Is the Shadow Brokers leak the latest in a series?

FBI & CBP border intelligence gathering

On October 6, 2016, the website The Intercept published a set of documents and copies of presentation slides about how the FBI cooperates with US Customs and Border Protection (CBP) to gather intelligence from border controls.
These documents were provided by an "intelligence community source familiar with the process who is concerned about the FBI’s treatment of Muslim communities".

- The FBI’S Secret Methods for Recruiting Informants at the Border

- 14 documents, including presentation slides (Unclassified, SECRET and SECRET/NOFORN)

Timeframe of the documents: 2002 - December 2012

TAO IP addresses and domain names

On October 31, 2016, the Shadow Brokers published new files containing some more hacking tools and a list of 352 IP addresses and 306 domain names the Equation Group, considered part of NSA's TAO division, may have used for their operations.

- NSA Hackers The Shadow Brokers Dump More Files

- Trick or Treat (.zip-file via

Timeframe of the documents: 

TAO Windows files

On January 12, 2017, the Shadow Brokers published a final message accompanied by 61 Windows-formatted binary files, including executables, dynamic link libraries, and device drivers, which are also considered to have been tools from the NSA's TAO hacking division.

- NSA-leaking Shadow Brokers lob Molotov cocktail before exiting world stage

Timeframe of the documents: 

CIA hacking tools (Vault 7)

On March 7, 2017, Wikileaks published 8761 documents and files, including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation, used to penetrate smartphones, smart televisions and computer systems. These files allegedly came from an high-security network inside the CIA's Center for Cyber Intelligence (CCI).

- Vault 7: CIA Hacking Tools Revealed

- Vault 7: Directory (up to SECRET/NOFORN)

Timeframe of the documents: 2013 - 2016

TAO Solaris exploits

On April 8, 2017, the Shadow Brokers were back and released the password for an encrypted data set released when they announced their file auction. The data set includes a range of exploits, including for the Unix operating system Solaris.

- They're Back: The Shadow Brokers Release More Alleged Exploits

- EQGRP Auction File

Timeframe of the documents: 2004 - ?
TAO Windows exploits + SWIFT files

On April 14, 2017, the Shadow Brokers published an archive containing a series of Windows exploits and documents about NSA's infiltration of the banking network SWIFT, for the first time including several Top Secret NSA powerpoint presentations, similar to those leaked by Snowden.

- Shadow Brokers Dump Alleged Windows Exploits and NSA Presentations on Targeting Banks
- The New Shadow Brokers Leak Connects the NSA to the Stuxnet Cyber Weapon Used on Iran

- EQGRP Lost in Translation (up to TOP SECRET/SI/NOFORN)

Timeframe of the documents: until October 17, 2013

CIA specific hacking projects (Vault 7)

Since March 23, 2017, Wikileaks publishes internal user guides and similar files and documents related to individual CIA hacking tools every week. Until September 7, 2017 these include: Dark Matter, Marble Framework, Grasshopper, Hive, Weeping Angle, Scribbles, Archimedes, AfterMidnight, Assassin, Athena, Pandemic, Cherry Blossom, Brutal Kangaroo, Elsa, OutlawCountry, BothanSpy, Highrise, Imperial, Dumbo, CouchPotato, ExpressLane, Angelfire, and Protego.

- Vault 7: Releases per project
- Vault 7: Projects (up to SECRET/NOFORN/STRAP 2)
Timeframe of the documents: November 19, 2004 - March 1, 2016

NSA report about Russian hacking
On June 5, 2017, The Intercept published an NSA report about a months-long Russian cyber operation against parts of the US election and voting infrastructure.
Only an hour af this publication, the US government announced that they will charge Reality Leigh Winner, who worked as a contractor linguist for NSA, for leaking this report.

- Top-Secret NSA report details Russian hacking effort days before 2016 election

- NSA Report on Russia Spearphishing (TOP SECRET//SI//ORCON/REL/FISA)

Date of the document: May 5, 2017

On September 6, 2017, the Shadow Brokers came with a message on about their "subscription service" for alleged TAO hacking tools. As an example, the manual for the UNITEDRAKE "remote collection system for Windows targets" was released in full.
- The Shadowbrokers - September 2017 announcement reveals UNITEDRAKE (and many other NSA code names)
- UNITEDRAKE Manual (pdf)
Date of the document: ?

CIA source code (Vault 8)
Since November 9, 2017, Wikileaks publishes the source code and development logs for CIA hacking tools, including those described in the Vault 7 series. These include: Hive

- Vault 8

- Vault 8 (up to SECRET/NOFORN)

Timeframe of the documents: August 2013 - October 2015

It is difficult to tell exactly from how many different leakers these documents come. The journalists involved will of course do everything to hide their source's identity, including creating distraction and confusion, but also creating the impression that many other leakers followed the example of Edward Snowden.

Some thoughts on the form of the documents
Content-wise the documents from the alleged other sources are not very different from the ones from Snowden. But what seems to distinguish them most, is their form, which is either digital, a transcript or scanned from paper.

Almost all documents that were attributed to Snowden came in their original digital form (with some very few exceptions that were scanned from paper). This makes it remarkable that only two documents from the other sources are in a similar digital form.
The first one is the famous TAO Product Catalog with hacking and eavesdropping techniques, which also given its content comes closest to the Snowden documents. Despite that, this catalog was never attributed to him.

The other leak in digital form are the two slides about Chinese cyber espionage, but these probably come from a source in support of the US government.


A number of other leaks didn't provide documents in their original form, but only transcripts thereof. This is the case for the following revelations:
- Chancellor Merkel tasking record
- XKEYSCORE rules: New Zealand
- XKEYSCORE agreement between NSA, BND and BfV

The lists from an NSA tasking database with targets for France, Germany, Brazil and Japan are also transcripts, but for the intelligence reports, which Wikileaks published simultaneously, we have at least one example that is in its original format. All other ones came as transcripts.

Scanned from paper

All other documents that didn't came from Snowden look like they were printed out (some were even recognized as being double-sided) and scanned again. This is the case for:

- NCTC watchlisting guidance
- NCTC terrorist watchlist report
- Ramstein AFB supporting drone operations
- The Drone Papers
- Cellphone surveillance catalogue
- FBI & CBP border intelligence gathering

This doesn't automatically mean they are all from the same source, as two of them are from the civilian NCTC and the other three are clearly from a military context.
We don't know when or where these documents were printed out: maybe it was done by the leaker, for whom it could have been easier to exfiltrate them as hard copy, than on a detectable thumb drive.
It's also possible that they were printed out by the press contact in order to make them look different from the Snowden documents. But on the other hand, publishing them in digital form would have made it more difficult to prove they were not from the Snowden cache.

Some thoughts on the motives behind the leaks
We can also take a look at the motives that could have been behind these leaks. Interestingly, these seem to correspond quite well with the different forms the documents have.

A second source
The disclosures of the transcriptions of the XKEYSCORE rules and the tasking database lists are quite far from being in the public interest. They are about legitimate targets of foreign intelligence and publishing them seems solely meant to discredit the NSA and/or damage US foreign relationships.

The same applies to the TAO Product Catalog, which contains devices and methods that are only used against "hard targets" that cannot be reached by other means, so this is not about spying on ordinary citizens, but does compromise valid US intelligence operations.

At first sight, one would assume that these documents were from the Snowden cache, but published by people like Appelbaum and an organization like Wikileaks, who have a more radical approach than Snowden himself, and maybe therefore could have pretended they came from another source.
However, both Greenwald and security expert Bruce Schneier said these documents were really provided by another leaker. Because a number of them were published by German media, Schneier guesses it might be "either an NSA employee or contractor working in Germany, or someone from German intelligence who has access to NSA documents".
If that's the case, then it's not only remarkable that there's a second source from within or close to NSA, but also that this source is apparently fine with leaking documents that show no abuses, but only seriously harm US interests - which is either treason, or the work of a hostile intelligence agency. Snowden at least acted from his concern about increasing mass surveillance on innocent civilians.

So far, the last publication that can be attributed to the Second Source were the NSA tasking & reporting files in February 2016. Then in August of that year, someone or a group who called themselves The Shadow Brokers, started a series of leaks, mainly of TAO hacking tools. They are published without an intermediary like media outlets or Wikileaks (although already in August 2016, Wikileaks claimed to have its own copy of the Shadow Brokers files, but never released them).
The Shadow Brokers leaks undermine NSA operations in a similar way as those of the Second Source, so it's vey well possible that the same person is behind both series of leaks. Also interesting is that the latest timestamp found in the Shadow Brokers files is October 18, 2013, which is around the same time the first leak from the Second Source came out.

A third source
The documents that are scanned from paper are a somewhat different story. These are about issues that concern a wider range of people. For some of them, The Intercept even gives the reason why the source leaked them: for the cellphone surveillance catalogue it was because of a concern about militarization of domestic law enforcement.

For the drone papers, the source is cited saying: "This outrageous explosion of watchlisting [...] assigning them death sentences without notice, on a worldwide battlefield". Given that he mentions watchlists, it seems very well possible that this source actually also leaked the two NCTC reports about terrorist databases and watchlists.
Combining this with the fact that both the NCTC reports and the cellphone surveillance catalog were from a source "within the intelligence community" seems to confirm that all the documents that came as scanned from paper are from the same leaker - maybe someone from a military intelligence agency like the DIA.
Also from an "intelligence community source" are several FBI & CBP documents about intelligence gathering at US border controls - something that is also closely related to watchlisting.

Given these thoughts on the form of the leaked documents and the possible motives behind these leaks, it seems that they can be attributed to at least three other sources, beside Snowden:

Source nr. 1 (Edward J. Snowden)
- Thousands of documents about NSA and the 5 Eyes

Source nr. 2 (NSA insider and/or hostile intelligence?)
- Chancellor Merkel tasking record
- TAO's ANT product catalog
- XKEYSCORE rules: New Zealand
- NSA tasking & reporting: France, Germany, Brazil, Japan
- XKEYSCORE agreement between NSA, BND and BfV
- NSA tasking & reporting: EU, Italy, UN

Source nr. 3 (someone from US military intelligence?)
- NCTC watchlisting guidance
- NCTC terrorist watchlist report
- Ramstein AFB supporting drone operations
- The Drone Papers
- Cellphone surveillance catalogue
- FBI & CBP border intelligence gathering

Source nr. 4 (on behalf of the US government?)
- Chinese cyber espionage

Source nr. 5 (low-level military person)
- US military documents: Iraq and Afghanistan

Source nr. 6 ("The Shadow Brokers")
- TAO hacking tools
- TAO IP addresses and domain names
- TAO Windows files
- TAO Solaris exploits
- TAO Windows exploits + SWIFT files

Source nr. 7 (Joshua A. Schulte)
- CIA hacking tools (Vault 7)
- CIA specific hacking projects (Vault 7)
- CIA source code (Vault 8)

Source nr. 8 (Reality L. Winner)
- NSA report about Russian hacking

On October 6, 2016, The New York Times reported that on August 27, 2016, the FBI arrested 51-year old Harold T. Martin III, who worked at NSA as a contractor for Booz Allen Hamilton. He was described as a hoarder and on February 8, 2017 he was only indicted on charges of stealing and retaining the largest heist of classified information in US history: from the 1990s until 2016, he took documents from US Cyber Command, CIA, National Reconnaissance Office (NRO) and NSA. Martin was not accused of passing information to foreigners, nor of being the source for the Shadow Brokers publications.
> See also: With NSA contractor Martin arrested, other leakers may still be at large

On November 19, 2016, it was reported by the Washington Post that there had been yet another, previously undisclosed breach of cybertools, which was discovered in the summer of 2015. This was also carried out by a TAO employee, who had also been arrested, but his case was not made public. An official said that it is not believed that this individual shared the material with another country.
In October 2017, the Wall Street Journal and the Washington Post revealed that this anonymous TAO employee had taken hacking tools home to work on it on his private laptop, which ran Kaspersky antivirus software. This program detected the hacking files after which Russian hackers targeted his laptop. The TAO employee was removed from his job in 2015, but was not thought to have taken the files to provide them to a foreign spy agency.

From the court documents, we learn that this TAO employee is 67-year old Nghia H. Pho from Ellicott City, Maryland, who was born in Vietnam and naturalized as a US citizen. From 2006 to 2016, he worked as a software developer at NSA's TAO division, and from 2010 till March 2015, he took classified documents home, both digital and hard copy.
On April 20, 2017, CBS News reported that CIA and FBI started a joint investigation into the leak of the CIA hacking tools that were published by Wikileaks under the name "Vault 7". Investigators are apparently looking for an insider, either a CIA employee or contractor, who had physical access to the material.

An updated overview of the Shadow Brokers story was published by the New York Times on November 12, 2017, saying that investigators were worried that one or more leakers may still be inside NSA and also that the small number of specialists who have worked both at TAO and at the CIA came in for particular attention, out of concern that a single leaker might be responsible for both the Shadow Brokers and the files published by Wikileaks as part of their Vault7 and Vault8 series (although the CIA files are more recent).
In May 2018 it was reported that in March 2017, two months after Wikileaks started publishing its Vault7 series, the FBI arrested Joshua Adam Schulte. From May 2010 until November 2016 he worked at the Directorate of Science & Technology (DS&T) of the CIA's National Clandestine Service (NCS), developing Windows and Linux tools to support clandestine operations. On June 18, 2018, Schulte was charged for stealing the hacking files and providing them to Wikileaks.
So, besides the various sources who stole classified material that was leaked to the public, there are at least the following leaks from which (so far, and as far as we know) no documents have been published:

Leak nr. 9 (Harold T. Martin III)
- Classified documents from multiple agencies

Leak nr. 10 (via Kaspersky AV from Nghia H. Pho's computer)
- TAO documents and hacking tools

Links and Sources
- Politico: Exclusive: How a Russian firm helped catch an alleged NSA data thief (2019)
- The New York Times: Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core (2017)
- The NSA Officially has a Rogue Contractor Problem (2017)
- Who is Publishing NSA and CIA Secrets, and Why? (2017)
- Trove of Stolen NSA Data Is ‘Devastating’ Loss for Intelligence Community (2017)
- Weaponized Wikileaks: Nick Reads Wikileaks So You Don't Have To (2015)
- The US Intelligence Community has a Third Leaker (2014)

More comments on Hacker News
Geplaatst door P/K op 23:58 

Labels: Snowden

Brian Charles said...
The Prophetic Judgment of the NSA-CSS
This is a message from Almighty God given to the evil people working in the NSA. This prophecy was given through a prophet named Brian Charles

For it is a fearful thing to fall into the hands of the Living God, you evil workers remember. For I am against you, says the LORD, and you will be defeated forever, says the Great I AM! For I have seen your works of evil around the world, and I am not pleased says the LORD, and I will punish you forever, except you repent, for the gathering of worldwide data collections of My people, as well as the worldlings. I have seen what you have done with My data, using it for your own personal aggrandizement in a politically correct expediency, to build your own data farm to use for later purposes, and for your own evil purposes to destroy My people—both here and abroad. I have seen what you have done in secret places with My data, covering over your evil works with a cloak of classification powers, so that no one can see the full extent of your evil intentions. Did not My servant Snowden reveal before the whole world of your evil machinations with digital data? Therefore I will collapse your bases, destroy your data farm, and destroy the tower of evil you call Fort Meade. For it has reached the high heavens, and I am displeased with it. Your computer monitors I will destroy in a second, your satellites in orbit will I plunge into reentry, and all your evil plans will I abolish in a moment. For I AM A Jealous God, protective of My people, whom you have waged war against with your data collection agency, and your sinister plans for evil. For I will put all your myriad employees and military personnel, and all officers of evil into deepest Hell, except they repent of their evil plans and deeds. For I see the worldwide persecution you are feverishly planning against My people, which will only serve to put yourselves into Hell, the Satanists that you are. For you have even waged war against the Man of War, the LORD God Whom I AM, and you will surely suffer a bitter and ignominious defeat, except you repent and come out of that evil system. For the LORD God Almighty, the God of Israel, the protector of My people, whom you have waged war against, has spoken, Amen!
Psalm 94
Amos 5

December 31, 2015 at 10:00 PM Anonymous said...


MEGA Directory of USA Spies- Names, Addresses, Phone Numbers,_Addresses,_Phone_Numbers.pdf

Spies Contact Info folder

January 4, 2016 at 6:21 PM Brian Charles said...
Something BIG is going on with the Elite, for they have been stealing TRILLION$ of dollars from the Federal Government for the construction of Deep Underground Military Bases (DUMBs).

April 17, 2016 at 11:30 PM Anonymous said...
Eyeballing Snowden Info Folders 1-3!u1NiRCgZ!oZJ7ujAU4RG6hKczsN8org

April 29, 2016 at 10:08 PM Anonymous said...
Looks like everything is kinda attributed to Snowden. The guy really made a name for himself. After him, everyone wants to become a cool spy and use some spyware on his friends and family.

October 18, 2016 at 10:19 AM Leak Launch said...
Don't be a Wikiwuss and leak your files!!!

February 17, 2017 at 1:38 AM

Shortly after the existance of PRISM was revealed early June 2013, much was unclear, so I did some open source research and found that the US military uses a program named PRISM, which in this case is an acronym for "Planning tool for Resource Integration, Synchronization and Management".
Shortly afterwards, in July 2013, German press published an NSA letter saying that there are actually three different programs with the name PRISM: one that collects data from the big internet companies, one that is used as a military tasking and planning tool, and finally one that is used for internal data sharing in NSA's Information Assurance Directorate (IAD).

On July 29, 2013, the German magazine Der Spiegel published a chart from the NSA tool BOUNDLESSINFORMANT. The chart was related to Germany and it was thought that it showed that NSA had intercepted over 550 million pieces of communications traffic.
But within just a few days, BND contacted Der Spiegel, saying that they collected those data, and shared them with NSA. The SIGADs US-987LA and US-987LB designated collection at the BND satellite station in Bad Aibling and interception of phone calls in Afghanistan, respectively. This was confirmed by NSA and published by Der Spiegel on August 5, 2013.
A document published by Wikileaks explains that in Afghanistan, BND had a satellite interception facility (for downlinks to complement the uplinks intercepted at Bad Aibling) and also intercepted point-to-point microwave links (generally used for (mobile) telephony backbones).

Internal BND order form for several IBM servers to be used for XKEYSCORE and PBDB (source: Wikileaks, pdf-page 72)

AMS-IX internet Exchange co-location at the National Institute for Subatomic Physics (Nikhef)
Will the Dutch services select cables at this kind of locations for bulk collection? (photo: Martin Alberts/Stadsarchief Amsterdam 

Profile on Melina Knauss Trump

Melina Knauss Trump
Age 46 (Born April 26, 1970)

Contact Information
(917) 715-4347
(918) (973) 783-3506
(212) 475-4110


Also known as:
Melina Trump
Melina Knauss-trump

Societa Trump
Barron Trump

Shelley Wade
Honorary Chairwoman
Michel Leroy
New York Cool
The Trump Organization
Board Meber
The Drama League
David Cook Source Gallery
Beauty Interviews
Melania Trump

University of Denver degree

Has lived at:
721 5th Ave, New York, NY
502 Park Ave, New York, NY
8 Lackaw anna PLZ, Montclair, NJ

Overview of the untargeted/bulk collection with the 3 stages of approval as proposed by the new Dutch Intelligence and Security Services Act.

Edward Snowden - “Permanent Record” & Life as an Exiled NSA Whistleblower | The Daily Show
The Daily Show with Trevor Noah
Edward Snowden discusses how his book “Permanent Record” sheds light on the evolving intelligence industry. Subscribe to The Daily Show: 

The Snowden files: where are they and where should they end up?
May 30, 2019 

Last month, The Intercept shut down access to the Snowden documents both for internal and external research. But where are these files in the first place, and what should be their future destination? During a podcast interview last Monday, Snowden himself also commented on this issue.
- The Intercept - Copies of the Snowden files -
- The future of the files -

The Intercept
The Intercept is a website that was launched in February 2014 by Glenn Greenwald, Laura Poitras and Jeremy Scahill. It was the first digital magazine of First Look Media(FLM), a hybrid for-profit and non-profit media organization set up in October 2013 by eBay-founder Pierre Omidyar.
(Greenwald already came up with the idea for a dedicated website in June 2013 in case that The Guardian would not publish his first Snowden story)
The short-term mission of The Intercept was to "provide a platform and an editorial structure in which to aggressively report on the disclosures provided to us by our source, NSA whistleblower Edward Snowden."
For the long term, The Intercept wants to provide "aggressive and independent adversarial journalism across a wide range of issues, from secrecy, criminal and civil justice abuses and civil liberties violations to media conduct, societal inequality and all forms of financial and political corruption."

External research
For its short-term mission, The Intercept had a special team of several researchers to maintain and examine the Snowden files in a secure way. Initially, documents were only published alongside the articles written by Glenn Greenwald, Jeremy Scahill, Ryan Gallagher and other reporters.
In May 2016, The Intercept also began publishing NSA documents in bulk, starting with all editions of SIDtoday, the internal newsletter of the NSA's Signals Intelligence division, which are available from 2003 to 2012. So far, a total of 1861 editions have been published in seven batches. It's not clear whether this series will be completed.

Update: On May 29, 2019, The Intercept published an eighth and final batch consisting of 287 SIDtoday articles from late 2006, bringing the total to 2148 editions of this newsletter.
Also in may 2016, it was decided to "invite outside journalists, including from foreign media outlets, to work with us to explore the full Snowden archive", to begin with journalists from the French newspaper Le Monde:
"Le Monde worked directly, during several days, in collaboration with The Intercept, on the Edward Snowden archive given to Glenn Greenwald and Laura Poitras: tens of thousands of documents exfiltrated by the former agent from the NSA servers, and safely stored by The Intercept."
As a result of this collaboration, Le Monde published a series of six articles in December 2016, mainly about GCHQ spying operations against Israel and in Africa. It seems there have been no similar collaborations with other foreign journalists.

The decision
With its first mission apparently accomplished, The Intercept will now move forward with its long-term mission: "For five years, the company expended substantional resources to continue to report on the Snowden archive, but The Intercept has now decided to focus on other priorities" - according to First Look Media CEO Michael Bloom.
How this decision was made can be learnt from a reconstruction made by Barrett Brown, which includes a timeline written by Laura Poitras:
On Tuesday March 12, on a phone call with Glenn [Greenwald] and the CFO, I am told that Glenn and Betsy [Reed, editor-in-chief of The Intercept] had decided to shut down the archive because it was no longer of value to The Intercept. This is the first time I am heard about the decision. On the call, Glenn says we should not make this decision public because it would look bad for him and The Intercept. I objected to the decision. I am confident the decision to shut the archive was made to pave to fire/eliminate the research team

The next day, March 13, Poitras sent an e-mail to Michael Bloom saying she was "sickened" and in a memo she called on the board to review the decision: "This decision and the way it was handled would be a disservice to our source, the risks we’ve all taken, and most importantly, to the public for whom Edward Snowden blew the whistle."
This e-mail was leaked to the news website The Daily Beast, which reported about it the same day. This was likely the way how Edward Snowden heard of it, as in the Motherboard podcast interview from April 22 he said that he learnt about The Intercept's decision from the news.
On March 14, Snowden was called by Laura Poitras: "He had not been informed by Glenn or Betsy about their decision to shut down the archive. I apologize to him."

The reason
Given that firing The Intercept's research team saves only 1.5% of First Look Media's non-profit budget, some people suspected that there may be other reasons for shutting down the Snowden archive. Pierre Omidyar, for example, could have preferred to keep his good relations with the US government.
Michael Bloom however says that the remaining documents aren't interesing enough anymore, and points to the fact that other major media outlets "ceased reporting on it years ago. Many decided that the resources required to continue to work on the archive were not justified by the journalistic value the remaining documents provide, as those documents have aged."
In 2013, The Guardian, The Washington Post and Der Spiegel each had between 10 and 30 reports based upon the NSA files, but that number declined to just a few in 2015 and since 2016 it was basically only The Intercept that continued with new reports, but these were mainly background stories without significant revelations.

Copies of the Snowden file

The actual number of documents that Snowden took away from the NSA is still unclear and disputed. According to the 2016 report from the US House Intelligence Committee, he removed more than 1.5 million documents from two classified networks: NSANet and JWICS.
(Strangely enough, the House Intelligence report says that JWICS stands for "Joint Warfighter Information Computer System" while the actual name of the network is Joint Worldwide Intelligence Communications System)

Glenn Greenwald said that the number of 1.5 million was "pure fabrication" and probably he could agree with former NSA director Keith Alexander who in November 2013 estimated that Snowden had exposed only between 50,000 and 200,000 documents.

Full copies of the files
As far as we know, complete sets of these documents are in the hands of:
- Glenn Greenwald (received from Snowden in Hong Kong)
- Laura Poitras (received from Snowden in Hong Kong)

Greenwald and Poitras agreed that no one other than they would ever have access to the full set of documents. And to "keep media organizations on a leash" they would only provide them with files and information on a story-by-story basis.
Four other people also received copies of the full archive, because on May 10, 2013, so more than a week before he left Hawaii, Snowden had sent backup copies of the NSA files in postal packages to four individuals:
- Jessica Bruder in New York, who had her package hidden by Dale Maharidge in North California
- Trevor Timm of the Freedom of the Press Foundation (of which Snowden became board member in 2014 and president in 2016)
- One person who wants to remain private
- One unknown person

The existence of these packages, which was only revealed in May 2017, confirms the story from late June 2013 about a "doomsday cache" which Glenn Greenwald said was Snowden's Plan B.

According to Greenwald, the people holding the backup files "cannot access them yet because they are highly encrypted and they do not have the passwords." But "if anything happens at all to Edward Snowden, he told me he has arranged for them to get access to the full archives."

During a television interview shortly afterwards, Greenwald said that backup copies might also be somewhere out on the internet, but given Snowden's fear of putting sensitive things online that may have been a slip of the tongue, or deliberately deceiving.
There are also people who have not been in possession of any documents, but who were temporarily granted full access to the whole cache, like James Bamford, The Intercept's research team and some others.

Glenn Greenwald working with the Snowden files outside his house in Rio de Janeiro
(screenshot from a television report by Fantastico)

Partial copies of the files
Besides the complete sets of Snowden files, there are several parties that keep, or have kept partial copies:
- The Guardian (received from Snowden by Ewan MacAskill)
- ProPublica (received from The Guardian)
- The New York Times (received from The Guardian)
- The Washington Post (received from Snowden by Barton Gellman)
- Der Spiegel (received from Laura Poitras)*

Being under threat from the British government, The Guardian rescued their set of documents by providing copies to The New York Times and the investigative journalism platform ProPublica, where they would be better protected under the First Amendment of the US constitution.

The Guardian's own set was eventually physically destroyed in front of GCHQ technicians on July 20, 2013:

Video showing the destruction of the laptop containing The Guardian's Snowden files

The German magazine Der Spiegel published a total of 89 documents from their share of the Snowden trove, including ones that were not disclosed as part of earlier reporting. A first set of 53 documents was released on June 18, 2014 and a second set of another 36 documents on January 17, 2015.
Besides the news outlets with their own partial copies, Greenwald and The Intercept also shared selected documents from the Snowden cache with teams of journalists of more than two dozen media outlets in as many different countries.
> It should be noticed that a range of highly classified NSA documents have been published which came from other sources than Edward Snowden; see: Leaked documents that were not attributed to Snowden.

Protection of the files
In order to protect the Snowden files, only brand new laptops with no connection to the internet are used to search, sort and read them. It's not clear whether the files themselves are also stored on these laptop computers, or only on removable storage devices, like a thumb drive or an SD card.
In a 2013 Brazilian television report, Glenn Greenwald was seen using some thumb drives and a standard SD card while working with the Snowden documents.
In another television report we could even see the screen of Greenwald's laptop with several of the BOUNDLESSINFORMANT documents being opened in a TrueCrypt window. TrueCrypt was a software application used to fully or partially encrypt hard drives and removables drives using the AES, Serpent and Twofish ciphers.
Data on the external hard drive that Greenwald's partner David Miranda was carrying when he was detained at Heathrow Airport in August 2013 was reportedly also encrypted with TrueCrypt.

Glenn Greenwald working with the Snowden files outside his house in Rio de Janeiro
(screenshot from a television report by Fantastico)

The future of the files
What can or should happen with the Snowden files? Wikileaks, Cryptome and many others demanded that all the documents should be released to the public. But Snowden did not want an indiscriminate dump like how Manning's files were eventually published on Wikileaks. Instead, he insisted on responsible disclosures by independent journalists.
Accordingly, Glenn Greenwald stressed that the NSA files should "be released in conjunction with careful reporting that puts the documents in context and makes them digestible to the public, and that the welfare and reputations of innocent people be safeguarded."
The reality has actually been somewhat different: in many cases, press reports lacked a proper context, were sensationalist or even misleading because of misinterpretations. And while protecting the reputations of individuals, that of the NSA seemed "fair game".

First Look Media's CEO Michael Bloom hoped "that Glenn and Laura are able to find a new partner - such as an academic institution or research facility - that will continue to report on and publish the documents in the archive consistent with the public interest" and Greenwald tweeted that he was already looking for "the right partner [...] that has the funds to robustly publish."
But money seems not the problem: if there's one place with enough money than it's First Look Media, which was funded by eBay billionaire Omidyar with some 87 million US Dollar between 2013 and 2017 (of which Greenwald earned more than 1.6 million USD from 2014 to 2017).
In the Motherboard interview, Snowden said that "what remains in the archive is stuff that requires much more substantial effort" which would be better for a book. He said that The Intercept wasn't meant for that and that it was up to academic institutions, but they didn't dare because they depend on grants from the federal government.
Snowden also argued that handing over the files to a foreign academic institute was also not an option because then the US government would come up with the accusation of providing classified information to foreigners.

But when it's so hard to find a well-funded institution for further research and responsible publications and the final option of deleting all the files comes closer, it's also not unthinkable that someone will try to "rescue" the archive by putting everything online. After all, there have been other disclosures that were not in accordance with Snowden's intentions.

Links and sources
- Justice Integrity Project: Snowden archives at great risk — As alarming as Assange's arrest
- Barrett Brown: Why The Intercept Really Closed the Snowden Archive
- Tim Shorrock: Why Did Omidyar Shut Down The Intercept’s Snowden Archive? - Part 2 - Part 3
- Bruce Schneier: First Look Media Shutting Down Access to Snowden NSA Archives
- Columbia Journalism Review: The Intercept, a billionaire-funded public charity, cuts back
- The Daily Beast: The Intercept Shuts Down Access to Snowden Trove
- The Intercept: The Intercept is Broadening Access to the Snowden Archive. Here's why

White House
In the Oval Office, the old Cisco 7975 for the classified network had already been replaced by a Cisco IP Phone from the new 8800-series by September 2017. However, this phone has no additional security functions (like a fiber optic connection or on-hook disconnection of the handset) nor the yellow bezel. 
> See: Trump's "beautiful" Oval Office phones and what was changed on them
The Cisco 7975 IP phones for secure calls were introduced in 2007 as part of a general upgrade of the White House communications systems under president George W. Bush. Meanwhile this type of Cisco telephones is about 15 years old, so the replacement may not come as a surprise.
It seems that with the modified Cisco IP Phone 8841 all the old phone sets for secure and non-secure calls, used both inside and outside the White House, have now been replaced by new devices from Cisco's 8800-series.  

Profile of Stephen Kevin Bannon
White House Strategist Stephen Bannon Dox

Stephen Kevin Bannon
Age: 62 (Born Nov 27, 1953)

Contact Information
(310) 276-3555
(310) 545-7508
(804) 321-1479
(310) 292-2458 Mobile

Also Known As:
Stephen OBannon
Stephen KK Bannon
Christopher Bannon ( Age: 59)
Maureen Bannon (Age:28)
Doris Bannon (Age:94)
Mary Bannon (Age:68)
Cathleen Jordan (Age: 60)
Margaret Bannon (Age: 29)
Fenner Stachwell (Age: 80)

Harvard Business School, MBA with Honors

1. 18 Palmetto Road, #18, Pinehurst, NC 28374
2. 8383 Wilshire BLVD #1000, Beverly Hills, CA 90211
3. 386 Lookout Drive, Laguna beach, CA 92651
Tel: (310) 276-3555
4. 11099 Ophir Drive, #204, Los  Angeles, CA, 90024
5. 15 Broad Street, #2410, New York, NY, 1005
6. 2800 Olympic BLVD, # 2nd, Santa Monica, CA, 90404
7. 1373 MacKenzie CT, Clarksville, TN 37042
8. 740, 11th Street, Manhattan Beach, CA 90266
9. 424 34th Street, Manhattan beach, CA 90266
10. Tel: (310) 545-7508
11. 1712 The Strand, Manhattan Beach, CA, 90266
12. 3617 Noble Avenue, Richmond, VA 23222
Tel: (804) 321-1479
13, 4539 Oriington Road, Corona Del Mar, CA, 92625
Tel: (310 276-3555
14. 2810 The Strand, Manhattan Beach, CA 90266
15. 789 Gaviota Drive, #2, Laguna Beach, CA 92651
16,. 107 Winnet PL, Santa Monica, CA 90402
17. 8463 Wilshire BLVD, Beverly Hills, CA 90212
Tel: (310) 29202458
18. 4735 S Durango DR, #STE 105, Las Vagas, NV 89147

Income: $80,758 - Former CIA employee Edward Snowden has come forward as the whistleblower behind the explosive revelations about the National Security Agency and the U.S. surveillance state. Three weeks ago the 29-year-old left his job inside the NSA's office in Hawaii where he worked for the private intelligence firm Booz Allen Hamilton. Today he is in Hong Kong--not sure if he will ever see his home again. In a video interview with the Guardian of London, Snowden says he exposed top secret NSA surveillance programs to alert Americans of expansive government spying on innocents. "Even if you're not doing anything wrong, you're being watched and recorded," Snowden says. "And the storage capability of these systems increases every year, consistently, by orders of magnitude, to where it's getting to the point you don't have to have done anything wrong, you simply have to eventually fall under suspicion from somebody, even by a wrong call, and then they can use this system to go back in time and scrutinize every decision you've ever made, every friend you've ever discussed something with, and attack you on that basis, to sort of derive suspicion from an innocent life and paint anyone in the context of a wrongdoer... The public needs to decide whether these programs and policies are right or wrong." Watch Democracy Now!'s ongoing coverage of the NSA leak at

BND classifications
Documents from BND are classified according to the official German classification system, which has four levels, corresponding to those used in many other countries:
color code: blue or black; equivalent: RESTRICTED
color code: blue or black; equivalent: CONFIDENTIAL
- GEHEIM (Geh. / Stufe I)
color code: red; equivalent: SECRET
- STRENG GEHEIM (Str. Geh. / Stufe II)
color code: red; equivalent: TOP SECRET
Besides these common classification levels, it was suspected that there would be at least one higher or more restrictive category to protect highly sensitive information. This has now been confirmed by various letters from the Wikileaks trove, which mention the following two classification markings:
color code: ?; equivalent: TOP SECRET/SCI
The use of these markings is apparently a secret itself, because also members of the parliamentary commission puzzled about their exact meaning and usage. It seems though that these categories are rather similar to the US Classification System, which was explained here earlier.
The German marking ANRECHT apparently means that certain information is classified Secret or Top Secret, but that within that particular level, it's only meant for those people who have a need-to-know (German: Anrecht), apparently especially when it comes to signals intelligence. In the United States this is realized through a range of different dissemination markings. 
The marking SCHUTZWORT is also meant to restrict access, but in this case, the originator of a particular document determines a codeword (German: Schutzwort) which he provides only to those people who are allowed access to that document. This is similar to the system of Sensitive Compartmented Information (SCI) used in the US, where meanwhile several formerly secret codewords have been declassified.
A security manual from the German armed forces from 1988 also mentions special classification categories, like for example SCHUTZWORT and KRYPTO, the latter apparently for classified cryptographic information.
> See also: BND Codewords & Abbreviations

Micah Lee works at his computer while one of his cats, Malcolm, stands at his feet.

Obama to Propose Overhaul of NSA's Bulk Phone-Record Collection: Report

U. S. President Barack Obama attends the opening session of the Nuclear Summit in The Hague, the Netherlands, on Monday, March 24, 2014.
The Obama administration is set to release a legislative proposal that would revamp the National Security Agency's bulk collection of U.S. telephone data, according to a new report.
Under the new plan, the U.S. government would no longer "systematically collect and store records of calling data," and could only obtain records linked to phone numbers that are tied to legitimate terrorism threats, according to The New York Times. But first, these threats would have to vetted by a judge, and presented to the Foreign Intelligence Surveillance Court before the government could obtain orders to secure individual information.

SEE ALSO: This Is How the NSA Is Trying to Win Over the Media

What's more, calling data would be kept by the phone companies, which would not be required to keep the data for longer than they typically would, The Times reported, citing senior administration officials. The Federal Communications Commission requires telecommunications companies to keep phone records for 18 months, according to The Baltimore Sun. Currently, the NSA keeps phone data for five years, The Times said.
In January, U.S. President Barack Obama announced a series of significant reforms to the NSA's surveillance tactics, including the controversial telephone metadata program, which stems from Section 215 of the Patriot Act (the act authorizes the U.S. government to order businesses to turn over records during a terrorism investigation). Obama said he didn't want the agency to hold the database of phone metadata as it was doing at the time.
The president instructed the Department of Justice and intelligence officials to come up with a plan by March 28, which is when the current court order authorizing the NSA's phone-record program expires, according to The Times. Under the proposal, the Obama administration wants to renew the program in its current state for three more months, senior administration officials said.
Most recently, documents leaked by former NSA contractor Edward Snowden revealed that the agency has been hacking into the networks of Chinese tech company Huawei, and spying on its top executives.


​Joint Executive for SIGINT Interoperability (JESI)
In 1998, the agencies of the Five Eyes group established the Joint Executive for SIGINT Interoperability (JESI, pronouncesd as "jessy"). In the newsletter from August 25, 2003, JESI is described as a "multi-national executive body responsible for ensuring continued interaction and interoperability among the five SIGINT partners".
JESI doesn't have its own staff, it's just a collaboration platform.
Officials from the Five Eyes agencies also meet at an annual JESI conference. In July 2003 this meeting was held in the Australian capital Canberra and was focused on the mission objectives of the partner agencies and how they relate to the 5-EYES SIGINT Partnership Business Vision, which was published earlier that year. They addressed the following topics:
- Mission collaboration and knowledge sharing
- Enabling SIGINT operations through information assurance
- Exchange of finished intelligence
- Maintaining business continuity

For a more efficient cooperation among the Five Eyes partners, the following systems were created, most of them initiated by JESI in 2002-2003, as described in the SIDtoday newsletter from August 25, 2003:

In March, approximately one year after connecting with Snowden, Greenwald, Poitras and Gellman won the Polk Awards and the Pulitzer Prize. They shared the honors with other Guardian and Washington Post reporters

Just like with the sudden introduction of the TIB commissioner, this 3-stage authorisation scheme seems primarily aimed at comforting the public opinion. The government presents them as safeguards against abuses, but they actually make things unnecessarily complicated with a substantial risk that they will end up to be counterproductive.
These extra safeguards were introduced partly because the government couldn’t very well explain why the new bulk collection of cable communications is actually that necessary. The standard example used by the interior minister is about access to cables from the Netherlands to Syria, but communications related to known targets can already be covered by targeted interception, while for example Facebook and Whatsapp messages actually go through cables from the US.

Supposed purposes
On April 20, 2016, public broadcaster NOS revealed a confidential document that apparently addressed internet providers and contains some more specific examples for the proposed bulk cable access. For example when people from a fictitious city of 400.000 inhabitants communicate with a certain chat service, this should be interceptable. Also internet traffic for a maximum of 200 people has to be 'searched', but it isn’t clear whether that applies to the example of the city, or whether this is a total.
Another example from the document is about public wifi hotspots. Communications of people accessing certain hotspots and/or using these to visit certain foreign websites must also be interceptable. The document also speaks about telephone traffic between a Dutch city and a foreign country as well as about the internet traffic between someone in a Dutch city and in a foreign country in which for example bittorrent is used. All this must be interceptable.
There are no rules for "minimizing" (anonymising) the results of this kind of collection, likely because both secret services have both a domestic and a foreign intelligence task, so they are not prohibited from using domestic data, like agencies in other countries.

Antennas of the HF radio intercept station in Eibergen, operated by JSCU (photo: Peter Zandee/De Gelderlander

Edward Snowden Full Interview on Trump, Petraeus, & Having 'No Regrets' 1,785,457 views•6 Dec 2016

Another diagram shows the difference between XKEYSCORE and traditional collection processing systems: in the traditional set-up, it seems that first, IP packets from a data stream were reassembled (sessionized) and then went through a filter to select only those of interest (the green one), which were forwarded for further analysis. XKEYSCORE could do all that at once:

Journalist Glenn Greenwald, left, listens as Laura Poitras speaks during a press conference following

the Polk Awards luncheon on April 11, 2014, in New York.

The Guardian's NSA Whistleblower Reveals Himself: Edward Snowden

The source for British newspaper The Guardian's recent groundbreaking reports on the National Security Agency's surveillance practices unexpected revealed himself Sunday as Edward Snowden, a 29-year-old Booz Allen Hamilton employee who's been working at the NSA for four years.
According to The Guardian, Snowden copied the last set of documents he intended to leak three weeks ago at his Hawaii office. He then requested a two-week leave of absence, told his girlfriend he had to leave and flew to Hong Kong, "because he believed that it was one of the few places in the world that both could and would resist the dictates of the US government."

SEE ALSO: PRISM Not as Evil as Once Thought

Snowden, who previously worked at the Central Intelligence Agency after being discharged from the U.S. Army, has now been holed up in a Hong Kong hotel for three weeks. He's seemingly at peace with the consequences his actions could bring though intensely nervous about being spied on.
"I understand that I will be made to suffer for my actions," he wrote in a note published by the newspaper. "I will be satisfied if the federation of secret law, unequal pardon and irresistible executive powers that rule the world that I love are revealed even for an instant."
Despite that, Snowden has "many" members of his family who work for the United States government.
"The only thing I fear is the harmful effects on my family, who I won't be able to help any more. That's what keeps me up at night," he wrote.
Snowden's motivation for leaking the documents and information are rooted in a desire to check what he considers government's abuses of power.
"The government has granted itself power it is not entitled to. There is no public oversight. The result is people like myself have the latitude to go further than they are allowed to," he wrote.
Several lawmakers have already called for the source of the NSA documents to be prosecuted. Snowden's situation will likely draw comparisons with that against Wikileaks source Bradley Manning, though Snowden, as a civilian, will not face a military tribunal.
The Guardian also published a video interview with Snowden. The paper was under increasing pressure this weekend to be more transparent about its internal processes after doubts were cast on its original reporting about the NSA's surveillance programs. Snowden's choice to reveal himself immediately turned heads:

Mathew Ingram✔@mathewi

holy crap -- the Guardian's source has revealed himself publicly: MT @ggreenwald: MEET OUR SOURCE, in his own words: 7:33 PM - Jun 9, 2013

Sam Stein✔@samstein
WOAH. The NSA whistelblower unmasks himself. …
7:31 PM - Jun 9, 2013

Matt Ford✔@fordm: Whoa. The Guardian's NSA source Edward Snowden just went public:
7:32 PM - Jun 9, 2013

Edward Snowden, NSA files source: 'If they want to get you, in time they will'
Source for the Guardian's NSA files on why he carried out the biggest intelligence leak in a generation – and what happens next
Are you surprised Snowden chose to reveal himself so quickly?

Share your thoughts in the comments.


Verizon had received a secret court order to hand over data to the National Security Agency along with two other major American wireless providers, AT&T and Sprint

A more detailed BND organization chart was among the Snowden documents and was published earlier by Der Spiegel.
Internal designators
The BND's divisions, branches and units are designated by codes that consist of letters, written in capitals. In the current situation the main divisions have a two-letter designator which is more or less an abbreviation of their full name. The SIGINT division is for example TA, which stands for Technische Aufklärung.
From the e-mails published by Wikileaks we learn that lower units are designated by adding additional letters or words to the division designator. It seems that these addtional letters can be the first letter of a full name, a more or less random letter, or A for the first unit, B for the second unit, etc.
For example, "PLSA-HH-Recht-SI" is the first branch (A) of PLS, which is the BND president's staff. The term "Recht" indicates that this is apparently a unit for legal issues. A simpler designator is "GLAAY", which is a unit of the division GL (Gesamtlage)
By combining several documents related to XKEYSCORE, the following list of designators for BND's field stations could be reconstructed:
- 3D10: Schöningen or Rheinhausen (satellite interception)
- 3D20: Schöningen or Rheinhausen (satellite interception)
- 3D30: Bad Aibling (satellite interception)
- 3D40: Gablingen (HF radio interception)*
Similar designators are used for BND liaison offices:
- 2D01: London (with contacts to 7 British partner agencies, denoted as GBR01, GBR02, GBRMD, GBRND, GBRSD, GBRPS, and GBRTF)
- 2D02: Paris
- 2D03: Brussels/NATO
- 2D30: Washington
- 2D33: Canberra

Some divisions
The organization charts for BND's structure since 2009 shows that there are four divisions for analysis and production, which is where analysts prepare intelligence reports:
- Two divisions are for topical missions: TE for international terrorism and organized crime, and TW for proliferation of weapon systems and ABC weapons. 
- The other two divisions, LA and LB, are responsible for a geographical area. From their logos in the signature block in internal e-mails we learn that LB is responsible for Africa, the Middle East and Afghanistan, while LA has the rest of the world:

Internal BND e-mail about the use of XKEYSCORE at BND's satellite stations (source: Wikileaks, pdf-page 248)

Edward Snowden's Leaks

InfoWorkSpace, here being used during the Joint Expeditionary Force Experiment (JEFX) 2006
(photo: CHIPS Magazine)

The Dutch satellite intercept station near Burum, operated by JSCU

Towards a new law
Currently, the two Dutch security and intelligence services are still governed by the Intelligence and Security Services Act from 2002 (Dutch: Wet op de inlichtingen- en veiligheidsdiensten, or Wiv). In February 2013, an evaluation commission for this law was installed, led by Stan Dessens.
In its report from December of that year, the commission recommended that the intelligence services would be allowed to also conduct bulk collection on cable-bound communications. But given increased public scrutiny since the Snowden revelations earlier that year, the commission also urged for stronger oversight and more transparency.
It then took until July 2015 before the government published its proposal for a new law. This was followed by an internet consultation, in which anyone could submit an opinion about the proposal through a government website. This resulted in over 1100 reactions, 500 of them public and most of them very critical (it should be noted though that (the highly critical) digital rights organization Bits of Freedom provided an online tool for easily submitting standardized reactions).

A revised proposal
Given this amount of critique, including from major telecommunication providers and internet companies, the government reconsidered its proposal. On April 15, 2016 the draft was discussed in the council of ministers. The new text wasn’t released, but the government announced that some changes had been made:
- A new independent review commission (Toetsingscommissie Inzet Bevoegdheden, or TIB) that has to approve all requests for both the new bulk cable access and the existing targeted interceptions. This commission will be different from the existing independent oversight commission CTIVD and will actually consist of just 1 member and two substitutes, who have to be judges with at least 6 years of experience. 
- When AIVD or MIVD want to intercept the communications between lawyers and their clients or between journalists and their sources, there has to be prior approval by the district court of The Hague. This extra protection is required by the rulings of the European Court for Human Rights. 
- The government will pay for the costs of the untargeted cable tapping, which are estimated at 15 million in 2017, 25 million in 2018 and 35 million in 2019. The initial plan was to let the telecommunication companies pay for the necessary equipment on their networks, something they strongly opposed. The government plans to get one access location ready for bulk interception each year, so the agencies can gradually get used to this new method. In 2020, there will be four access locations, which will be chosen according to specific information needs and in consultation with the telecoms.
On April 29, the newspaper De Volkskrant disclosed the full text of the revised proposal, including the over 400-page explanatory memorandum (Memorie van Toelichting, or MvT). Here it was read that the government had replaced the original "untargeted interception" (ongerichte interceptie) by a horrible new term meaning something like "interception according to research assignment" (onderzoeksopdrachtgerichte interceptie) - clearly meant to sound more focused and limited, in order to counter the popular image of an indiscriminate dragnet.

Critique by the Council of State
This revised proposal was sent to the Council of State, which must be consulted before a law is submitted to parliament. Instead of a legal review of the full proposal, the Council only addressed a few topics. The controversial bulk cable access is considered necessary enough to be in accordance with the European Convention on Human Rights (ECRM), provided that there’s strong and independent oversight. 
However, the Council expressed serious doubts about the effectiveness of newly proposed TIB commissioner, which lacks the expertise and capacity of the existing CTIVD commission. The proposed approval by the TIB could therefore end up like a "rubber stamp". It would be better to give the CTIVD commission the right of non-binding prior approval and the Council advises the government to change the draft in this way, before sending it to parliament.
Another point of critique is that data collected in bulk may be kept for 3 years, which the Concil thinks is too long and has to be shortened significantly. The Council was also especially concerned about the analysis of "big data" and wants to see a more general vision on how big data analysis affects the work of the secret services, like to what extent there’s a shift from collecting data to analysing already existing data sets.

Final proposal
After receiving the Council of State’s consultation from September 21, some changeswere made, with the most important one being that the TIB is extended from one commissioner to a commission of three, with 2 judges, one member with for example technical expertise, and its own secretariat - thereby ignoring the main point of the Council of State’s recommendation.
The final proposal was discussed by the Dutch cabinet on October 28 and subsequently submitted to parliament. In December, the responsible parliamentary commission consulted the oversight committee, secret service officials and outside experts. The Second Chamber of parliament is expected to vote on the new law in the first week of February, which is just before the Dutch general elections on March 15, 2017.

Edward Snowden stated ..."I understand that I will be made to suffer for my actions,"

NSA Secretly Collecting Millions of Verizon Subscribers' Records: Report

Verizon has been providing the National Security Agency with millions of subscribers' telephone records following a secret court order, according to a report.

The order, a copy of which was obtained by The Guardian, requires Verizon to give the NSA the phone numbers, duration, time, routing information and other details for any calls made within the United States or between the United States and other countries. It does not require Verizon to provide a record of actual conversations.
Verizon is specifically prohibited by the order from discussing it publicly. A Verizon spokesperson declined to comment when asked about the order by The Guardian. The National Security Agency, the White House and the Department of Justice also chose not to comment to the newspaper.

SEE ALSO: Google: Police Requests for User Data Up 70% Since 2009

The NSA was granted the authority to collect three months' worth of Verizon subscribers' data beginning April 25 and ending July 19 by the secret Foreign Intelligence Surveillance Court. The FISC traditionally grants or rejects requests for surveillance warrants against suspected foreign agents under the Foreign Intelligence Surveillance Act.

As The Guardian's Glenn Greenwald points out, the Verizon order is unusual in that it gives the NSA the authority to collect Americans' phone records en masse. FISA orders have traditionally been more focused on specific individuals or small groups suspected of terrorism, or other actions threatening the United States' national security.
It's unclear how deep this particular rabbit hole goes: This leaked Verizon document may be the sole FISA order of its breadth and magnitude, or it may be the first publicly seen evidence of a larger government-data-gathering regime potentially involving numerous telecommunications providers. There's no evidence yet, however, that the NSA is collecting data from other providers.
The NSA's Verizon order is the first known instance of the Obama administration monitoring American citizens' communications in bulk. Former president George W. Bush secretly authorized a widespread NSA telephone, Internet and email-monitoring program less than a month after the 9/11 attacks; that program was exposed in 2006.
The Guardian's report, which will run on the newspaper's front page Thursday, is sure to ignite a fresh wave of heated debate over the United States government's decision to monitor citizens who are not suspected of any crime under the banner of national security.

Should the NSA be able to collect citizens' cellphone records based on a secret court order? Share your thoughts in the comments.

Federated metadata queries: GLOBALREACH
Besides direct access to the metadata contained in MAINWAY, analysts from the Five Eyes partners can also use the GLOBALREACH system. In documents that were published earlier, this system is described as a "federated query service via accounts and access verified by PKI certificates" which probably runs on NSANet.

As a federated service, GLOBALREACH can be used to query multiple metadata databases with one single login. A 2005 document says that for example CIA would provide metadata "from non-SIGINT sources for inclusion in the dataset searched by GLOBALREACH" and it's likely that it can also search the foreign metadata from MAINWAY.

A pilot for a similar federated query tool codenamed ICREACH for the US Intelligence Community (IC) was started in 2007. After NSA "persuaded other US IC agencies to make almost 100 bn previously NOFORN records shareable with the 5-eyes via GLOBAL REACH", agreements were reached with the Second Party agencies, whereafter they started to provide ICREACH with telephony metadata, making them accessible to over 1000 analysts across 23 US intelligence agencies.

After establishing ICREACH, these analysts got access to more communication modes (including landline, mobile, satellite and VoiP call records), the types of metadata increased from 5 fields to 33 fields and the total volume rose from 50 billion to over 850 billion records - ca. 126 billion of which from Second Party partners. 1-2 billion records were said to be added daily, so by now, ICREACH may provide access to over 5 trillion metadata records.

In some ways, Lee was destined to work on the Snowden leaks. At Boston University in 2005, he was involved in environmental and anti-Iraq War activism

Snowden: Democracy Under Surveillance

The champions in cable tapping are NSA and GCHQ, but there we already see a shift towards cyber defense and hacking operations, things that got much less attention in the Dutch public opinion and (probably therefore) also not in the new law. 
Cyber security monitoring
The proposed bulk cable access is not only meant for intercepting communications, but also for cyber security purposes. The strange thing is that this isn’t explicitly mentioned in the new law itself, but only, and even rather short, in the explanatory memorandum. It is said that the new articles 48 and 49 make it possible for AIVD and MIVD to scan cable-bound network traffic for malware signatures and other anomalies which may pose a threat for national security.
This cyber security monitoring may only take place after prior approval by the minister, who will specify on which particular part of the cable infrastructure and for which goal the network monitoring or network detection may take place. Where bulk cable access for intercepting and analysing communications will only be conducted on sets of data that are stored offline, the cyber security task can also take place online: traffic will then be analysed in real-time by for example a DPI (Deep Packet Inspection) system. 
The explanatory memorandum mentions real-time online monitoring only for cyber security purposes. Later on, it is said that bulk collection for the purpose of intercepting communications is less intrusive than a traditional targeted interception, because the latter results in an online and real-time collection of all the target’s communications, while the bulk collection only provides the limited set of data that has been stored offline. This distinction isn’t explicitly mentioned in the proposed law itself, so it’s unclear whether real-time monitoring and filtering systems are also allowed for interception purposes.

The British-U.S. Communication Intelligence Agreement from 5th March, 1946 (the full text as pdf - click to enlarge)

Declassified and approved for release by NSA on 04-08-2010 pursuant to E.O. 12958, as amended ST56834 >was marked Top Secret till 04-08-2010

Page One Index:

Outline of Bristish -U.S. Communication Intellidgence Agreement

1. Parties to the Agreement

The following agreement is made between the Sate-Army-Navy Communication Inteligdence Board (STANCIB) (representing the U.S. State Navy, and War Departments and all other U. S. Communication Intelligence authorites which may function) and the London Signal Intelligence (SIGINT) Board (representing the Foreigh Office, Admiralty, War Office, Air Ministry, and all other Britisg Empire Communication Intelligence authorities which may function).

2. Scope of the Agreement

The agreement governs the relations of the above-mentioned parties in Communication Intelligdence matters only. However, the exchange of such collateral material as is applicable for technical purposes and is not prejudicial to national interests will be effected between the Communication Intelligence Agencies in both countries. 

Throughout this agreement Communication Intelligence is understood to comprice all processes involved in the collection, production, and dissemination of information derived from the communications of other nations.

For the purposes puepoaws of this agreement British Empire is understood to mean all British territory other than the Dominions.

3. Extent of the Agreement

4. Extent of the Agreement - Methods and Techniques

5. Third Parties of the Agreement

6. The Dominions

7. Channels between U.S. and British Empire Agencies

8. Dissemination and Security

9. Dissemination and Security - Commercial

10. Previous Agreements

11. Amendment and Termination of Agreement

12. Activation and Implementation of Agreement

Meet the Man Hired to Make Sure the Snowden Docs Aren't Hacked

This piece is part of Mashable Spotlight, which presents in-depth looks at the people, concepts and issues shaping our digital world.

Micah Lee is the digital bodyguard who protects Glenn Greenwald, Laura Poitras and other reporters working on the Snowden documents.

In March, approximately one year after connecting with Snowden, Greenwald, Poitras and Gellman won the Polk Awards and the Pulitzer Prize.

"Glenn isn't a security person and he's not a huge computer nerd,"

“Lee spent hours reading and analyzing a dozen documents containing once carefully guarded secrets.”

“"Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."

“The Obama administration "is the greatest enemy of press freedom that we have encountered in at least a generation,"

"It's vital that [other] news organizations hire technical experts and security experts to help to protect their reporters."

"It's not just this theoretical prospect that maybe the government is trying to read my emails or listens to my phone calls," Greenwald says. "I know for certain that they are doing that."

“Most other media organizations aren't protecting their sources nearly as scrupulously, and may not be for years to come…”

In early January, Micah Lee worried journalist Glenn Greenwald's computer would get hacked, perhaps by the NSA, perhaps by foreign spies.
Greenwald was a target, and he was vulnerable. He was among the first to receive tens of thousands of top secret NSA documents from former contractor Edward Snowden, a scoop that eventually helped win the most recent Pulitzer prize.
Though Greenwald took precautions to handle the NSA documents securely, his computer could still be hacked.
"Glenn isn't a security person and he's not a huge computer nerd," Lee tells Mashable. "He is basically a normal computer user, and overall, normal computer users are vulnerable."

Lee, 28, is the technologist hired in November to make sure Greenwald and fellow First Look Media employees use state-of-the-art security measures when handling the NSA documents, or when exchanging emails and online chats with sensitive information. First Look was born in October 2013, after eBay founder Pierre Omydiar pledged to bankroll a new media website led by Greenwald, with documentary journalists Laura Poitras and Jeremy Scahill.
Essentially, Lee is First Look's digital bodyguard, or as Greenwald puts it, "the mastermind" behind its security operations.
Lee’s position is rare in the media world. But in the age of secret-spilling and the government clampdown on reporters' sources, news organizations are aiming to strengthen their digital savvy with hires like him.
"Every news organization should have a Micah Lee on their staff," Trevor Timm, executive director and cofounder of Freedom of the Press Foundation, tells Mashable.

Timm believes the Snowden leaks have underscored digital security as a press freedom issue: If you’re a journalist, especially reporting on government and national security, you can’t do journalism and not worry about cybersecurity.
"News organizations can no longer afford to ignore that they have to protect their journalists, their sources and even their readers," Timm says.
Once hired, Lee needed to travel to Brazil immediately. First Look has an office in New York City, but Greenwald works from his house located in the outskirts of Rio de Janeiro.
Unfortunately, the consulate in San Francisco near where Lee lives didn't have an open spot for a visa appointment. It would be at least two months before he'd be able to leave for Brazil.
Undeterred, Lee created a smart (and legal) hack — a script that constantly scraped the consulate's visa calendar to check for cancellations. If it found any, it would text Lee, giving him the opportunity to hop online and book.
In less than 48 hours, he scored an appointment and flew to Rio within days.

"That's what he does. He's brilliant at finding solutions for any kind of computer programming challenge," Greenwald tells Mashable. It's exactly the kind of industrious initiative Greenwald needed.
When he got to Rio, Lee spent one entire day strengthening Greenwald’s computer, which at that point used Windows 8. Lee was worried spy agencies could break in, so he replaced the operating system with Linux, installed a firewall, disk encryption and miscellaneous software to make it more secure.
The next day, Lee had a chance to do something he'd been dreaming of: peek at the treasure trove of NSA top secret documents Snowden had handed to Greenwald in Hong Kong.
Since the beginning, Greenwald had stored the files in a computer completely disconnected from the Internet, also known as "air-gapped" in hacker lingo. He let Lee put his hands on that computer and pore through the documents. Ironically, Lee used software initially designed for cops and private investigators to sift through the mountain of seized documents.
Sitting inside Greenwald’s house, famously full of dogs, Lee spent hours reading and analyzing a dozen documents containing once carefully guarded secrets.

"I wasn't actually surprised. I was more like, 'Wow, here's evidence of this thing happening. This is crazy,'" he remembers. "At this point I kind of assume that all of this stuff is happening, but it's exciting to find evidence about it."

During his two days in Rio, Lee wore two hats: the digital bodyguard who secures computers against hackers and spies, and the technologist who helps reporters understand the complex NSA documents in their possession. In addition to Greenwald, he also worked with Poitras, the documentary filmmaker who has published a series of stories based on the Snowden documents as part of both The Guardian's and The Washington Post's Pulitzer-winning coverage.

For Greenwald, Lee's skills, as well as his political background (Lee is a longtime activist) make him the perfect guy for the job.
"There's a lot of really smart hackers and programmers and computer experts," Greenwald tells Mashable. "But what distinguishes him is that he has a really sophisticated political framework where the right values drive his computer work."
J.P. Barlow, founder of the Electronic Frontier Foundation, where Lee used to work, agrees. There are two Lees, the activist and the hacker, he says. One couldn’t exist without the other.
"He acquired his technical skills in the service of his activism," Barlow tells Mashable.
In some ways, Lee was destined to work on the Snowden leaks. At Boston University in 2005, he was involved in environmental and anti-Iraq War activism. His college experience didn't last long, though. After just one year he dropped out to pursue advocacy full-time.
"I had better things to do with my time than go to college, because I wanted to try and stop the war. And it didn't work," Lee says.
During that time, he worked as a freelance web designer, despite no formal computer education. He started teaching himself the computer programming language C++ when he was around 14 or 15 years old, in order to make video games. (Alas, none of those games are available anymore.)

Then in 2011, Lee was hired by the Electronic Frontier Foundation, the digital rights organization. "My dream job," Lee says.
As an EFF technologist, teaching security and crypto to novices was second nature for him. He was one of the people behind an initiative in which technologists taught digital security to their fellow employees over lunchtime pizza. And as CTO of the Freedom of the Press Foundation, he helped organize "cryptoparties" to teach encryption tools to journalists and activists.
Lee became a go-to source for reporters looking for computer security and encryption answers. After the first NSA leaks were published in June 2013, many reporters, not only those working on the Snowden leak, knew they'd need to protect their own communications. Lacking technical knowledge, they turned to Lee for help.

He recalls, for example, that he helped reporters at NBC get started using encryption. It was only when NBC News published a series of stories based on the Snowden documents, with the contribution of Glenn Greenwald, that Lee realized why they needed his guidance.

In early July 2013, he wrote what some consider one of the best introductory texts about crypto, a 29-page white paper called "Encryption Works." Its title was inspired by an early interview with Snowden — a Q&A on The Guardian's site. The whistleblower said, "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."
Those words had a profound effect on Lee.
"That gave me a lot of hope, actually, because I wasn't sure if encryption worked," Lee says laughing, his eyes brightening behind a pair of glasses. He is lanky in jeans and a t-shirt, behind a laptop with stickers.
He’s a true hacker, but one who happens to explain extremely complicated concepts in a way that’s easy to understand.
He was one of the first people Greenwald and Poitras, both on the Freedom of the Press Foundation board, named for their "dream team," Greenwald says — a group that would eventually create The Intercept, First Look Media's first digital magazine that would later be instrumental in breaking new NSA stories.
"He was top of my list," Poitras tells Mashable.

In the wake of the Snowden leaks, which revealed the pervasiveness of the NSA's surveillance techniques, it seems no one, including journalists, is safe. And it's not just the NSA; other branches of the U.S. government have pressured journalists to reveal their sources and have aggressively investigated information leaks.
"Concern has grown in the news industry over the government’s surveillance of journalists," New York Times lawyer David McCraw wrote in a recent court filing.
The Obama administration "is the greatest enemy of press freedom that we have encountered in at least a generation,"said journalist James Risen at a recent event in New York, called Sources and Secrets.
The Department of Justice has for years demanded Risen to reveal his source inside the government. The Bush administration first, and the Obama administration later, have been issuing subpoenas to force Risen to reveal the source of a chapter of his 2006 book, The State of War, in which the reporter reveals a secret Clinton-era CIA operation to sabotage Iran’s nuclear program.

Last year, the DOJ secretly obtained the phone records of the Associated Press. The DOJ has never said why it sought those records, but at the time AP reported the U.S. government had opened an investigation to find out the source of information in an AP story about a CIA operation in Yemen.

These investigations, according to some, create a chilling effect on both sources and reporters, a climate of fear in which journalists have a hard time doing their jobs.
"I think we have a real problem. Most people are deterred by those leaks prosecutions. They’re scared to death," said New York Times national security reporter Scott Shane.
"The ability of the press to report freely on its government is a cornerstone of American democracy. That ability is, by any reasonable assessment, under siege," wrote the Timespublic editor Margaret Sullivan in a column last year.

For these reasons, some believe media organizations should follow First Look's example and hire people like Lee.

As both The Intercept's digital bodyguard and geek-in-chief, Lee has a unique role in the media business: He puts systems in place to receive sensitive documents from sources, making sure the potential whistleblowers are protected and anonymous; he secures journalists' communications; and he even helps write about the documents themselves. (Most of his work hasn’t been published yet, but he has contributed to some articles.)

"Reporting in the 21st century is dangerous. Reporting on government surveillance is dangerous, for the journalist, for the source," Chris Soghoian, the principal technologist at the American Civil Liberties Union, tells Mashable. He says what First Look is doing is unique. 
"It's vital that [other] news organizations hire technical experts and security experts to help to protect their reporters."
Publications like The Wall Street Journal have reporters who are able to take care of their security needs themselves, but there’s no organizational culture that promotes digital security, he says.
The only other property with a similar approach is The Washington Post, which hired star privacy and security researcher Ashkan Soltani to work on the NSA leaks hand-in-hand with reporter Barton Gellman, the other early recipient of the Snowden treasure trove of documents, along with Greenwald and Poitras. Soltani's byline has graced many NSA scoops, while he's helped other reporters with their own technical stories.

In communicating with reporters over the years, Soghoian insists he's seen "everything" in terms of security horror stories. Last summer, he discovered that a "leading national security reporter" did most of his reporting from his desk phone, even after the AP phone records case. Soghoian urged that reporter to use email encryption and pre-paid phones.

A spokesperson for The New York Times told Mashable that the paper has staff "in a position to advise reporters on security issues," but declined to elaborate more. A Washington Postspokesperson revealed that the newspaper is installing SecureDrop, the WikiLeaks-style leaking software first developed by the late coder Aaron Swartz, and that reporters receive training in "encryption technology for email and saving files, as well as on procedures for staying as secure as possible while traveling." (The spokesperson didn’t respond to a follow-up question on whether all journalists receive this kind of training.)

By being part of First Look Media since the beginning, Lee has had a chance to shape its security practices from day one, teaching journalists the best digital security practices, and helping establish a robust infrastructure for secure communications with sources.

First, Lee taught every journalist how to use encrypted, secure communications like the email encryption software PGP, and OTR, software that allows for secure chat conversations and is considered by most security experts one of the safest ways to communicate online nowadays. Every employee of First Look can now receive encrypted emails and chat messages. Lee also taught everyone how to use SecureDrop.
And unlike most of the major news websites around the world, which outsource to Google or Microsoft, First Look controls its own email and chat servers. This gives Lee and the rest of the company control and prevents the U.S. government from going to a third party and subpoenaing First Look's email records without the company's knowledge.
It happened last year when the DOJ obtained Fox News reporter James Rosen's emails in an attempt to identify his sources.

Once such practices were in place at First Look, encryption became routine. Lee says practically every email within the company has been encrypted "since the beginning." Lee himself scrambles the content of more than half of all his emails. And among themselves, First Look employees chat using mostly OTR.
Lee also set up the website so it would be fully encrypted using HTTPS (the "s" stands for secure). With HTTPS enabled, the connection between a user and the website he or she is visiting gets scrambled, meaning a passive attacker — say a government agency or a hacker at your local Starbucks — can't see what happens once the user goes to the encrypted site.

This might seem trivial, but spy agencies like the NSA or its British sister GCHQ take advantage of unprotected websites to monitor Internet user activity, trying to identify potential targets. Any information traveling over unencrypted websites could be captured and later accessed by tools like the NSA's Xkeyscore, Lee explains.
"Since there's this huge database full of plaintext stuff going over the Internet, analysts just have to be creative about what they search for to get any of it," Lee says.

If The Intercept wasn't encrypted, for example, a spy agency could see which stories someone reads, or which journalists someone, like Snowden, watches.
Imagine you are a would-be whistleblower reading a story by Glenn Greenwald. You decide to get in touch with him to leak some documents. On an insecure, unencrypted website, a spy agency can probably trace the connection back to your initial, seemingly innocuous web-surfing activity, and identify you.

At The Intercept, Lee is working to make sure nobody leaves any traces. Making websites encrypted, Lee says, "is the very bare minimum basic of making it not really easy for sources to get compromised."

All these practices aim to protect journalists' and sources' communications, but handling the Snowden documents, and making sure no one who has them gets hacked, is also key. Unfortunately, that's not as easy as installing an antivirus or a firewall.

When exchanging documents, journalists at The Intercept use a complicated series of precautions. First of all, Lee says, documents are never stored on Internet-connected computers; they live in separate computers disconnected from the web. To add an extra layer of precaution when logging in to air-gapped computers, journalists must use secure operating system Tails.
So, imagine two employees at First Look Media (we'll call them Alice and Bob) need to send each other Snowden documents. Alice goes to her air-gapped computer, picks the documents, encrypts them and then burns them onto a CD. (It has to be a CD, Lee says, because thumb drives are more vulnerable to malware.) Then Alice takes her CD to her Internet-connected computer, logs in and sends an encrypted email to Bob.

If you're keeping score, the documents are now protected by two layers of encryption, "just in case," Lee says, laughing.
Then Bob receives the email, decrypts it and burns the file on a CD. He moves it to his own air-gapped computer where he can finally remove the last layer of encryption and read the original documents.

To prevent hackers from compromising these air-gapped computers, Lee really doesn't want to leave any stone unturned. That's why First Look has started removing wireless and audio cards from air-gapped computers and laptops, to protect against malware that can theoretically travel through airwaves. Security researchers have recently suggested it might be possible to develop malware that, instead of spreading through the Internet or via thumb drives, could travel between two nearby computers over airwaves, effectively making air-gapped computers vulnerable to hackers.
If this all sounds a little paranoid, Lee is the first to acknowledge it.

"The threat model is paranoid," Lee tells Mashable, only half-joking. But it's not just the NSA they're worried about. (After all, the spy agency already has the documents.) Other spies, however, would love to get their hands on the intel.
"Any type of adversary could be out to get the Snowden documents. But specifically large spy agencies. And I actually think that the NSA and GCHQ aren't as much as a threat compared to other international ones," Lee says. Apart from the NSA, Russia and China are the real concerns.
"It's not just this theoretical prospect that maybe the government is trying to read my emails or listens to my phone calls," Greenwald says. "I know for certain that they are doing that."
"I don't think that the threat model is paranoid at all," Poitras says, not wanting to underestimate their enemies. "We have to be careful in terms of digital security."
"All of the reporters who are working on these stories have a gigantic target painted on their backs," says Soghoian.
Every precaution, in other words, is essential, and makes it "much safer for us to operate as adversarial journalists," says Lee.
Every lock on the door is necessary, and they should all be bolted. What's more, every door should be under the control of First Look itself.

In March, approximately one year after connecting with Snowden, Greenwald, Poitras and Gellman won the Polk Awards and the Pulitzer Prize. They shared the honors with other Guardian and Washington Post reporters.
But Greenwald almost missed the opportunity of his career all together. Initially, he ignored Snowden, at the time a mysterious, anonymous source. The whistleblower had insisted Greenwald install encryption before revealing more about the leak. Snowden even created a 12-minute video tutorial to convince his chosen reporter the intel was worth the extra steps.
Typically, sources never take all these precautions — or reserve such patience. Snowden was a rare case in which the source knew more about digital security than the journalists he dealt with.

Greenwald isn't willing to risk another close call. He hired Lee for First Look with a strategic goal in mind: Establish unprecedented security practices that make the young news organization attractive for the next secret-spiller, the next Snowden, whoever he or she may be.
Most other media organizations aren't protecting their sources nearly as scrupulously, and may not be for years to come.
Perhaps the next Snowden is already out there, sending an encrypted email or using SecureDrop to leak the next big treasure trove of secret documents. Which publication will he target?


Sweden Supreme Court Affirms Assange Detention
13 May 2015

The Supreme Court affirms the decision of the Court of Appeals for pre-trial detention of Julian Assange
The Supreme Court has affirmed the decision of the Court of Appeals that the order for pre-trial detention of Julian Assange in his absence shall still stand
According to the Supreme Court there is a strong interest in a continued criminal investigation. The court has taken into consideration that Julian Assange has been subject to detention and restrictions in Great Britain in connection with the European arrest warrant. However, the fact that he has taken residence in an embassy after the British court proceedings has not been taken into account. Since a long time has passed since the original order for detention the investigatory authorities must explore alternative possibilities to move the investigation forward. The Supreme Court notes that attempts have been initiated to conduct an interrogation of Julian Assange in London. The Supreme Court concludes that at present there is no reason to reverse the order for pre-trial detention. One of the judges is dissenting and finds that the order on pre-trial detention should be reversed.

Daniel Hale arrested for being the source of The Drone Papers-
May 17, 2019

Since the start of the Snowden revelations in June 2013, there have been more than 25 publications based upon classified documents provided by other leakers than former NSA contractor Edward Snowden.
Now, former intelligence analyst Daniel E. Hale has been identified as the source of six of these non-Snowden leaks. He was arrested on May 9 and charged with providing classified documents to the website The Intercept.
The case is highly remarkable, first because the FBI already found out Hale's identity almost five years ago and did not even arrest him when The Intercept published The Drone Papers in October 2015. Secondly, Hale did just as little to stay out of the picture: he featured in a documentary around the time the FBI raided his home.  

Data sharing systems used within the Five Eyes partnershi
 Five Eyes data sharing systems
November 21, 2016
Updated: July 25, 2017
Data sharing systems used within the Five Eyes partnership

From the Snowden revelations, the general public learned about the Five Eyes partnership between the signals intelligence agencies of the United States, the United Kingdom, Canada, Australia and New Zealand, but details about this cooperation remained shrouded in secrecy.
Now, a batch of internal newsletters of the NSA's Signals Intelligence Directorate (SID), published last August by the website The Intercept, provides new information about various systems for sharing information, metadata, content and reports among the Five Eyes partners.
- From BRUSA to Five Eyes
- Joint Executive for SIGINT Interoperability (JESI)
- Secure communications: IWS
- Interoperable access control: PKI
- Sharing metadata: MAINWAY
- Federated metadata queries: GLOBALREACH
- Sharing content: TICKETWINDOW
- Sharing end reports: CATAPULT
- SIDtoday newsletters

From BRUSA to Five Eyes
The Five Eyes community grew out of the cooperation between Britain and the United States during World War II. On March 5, 1946 both countries signed the BRUSA (now known as UKUSA) Agreement on communications intelligence cooperation. This is not only about collecting signals intelligence, but also about security measures, like the use of codewords to restrict access to highly sensitive sources and reports.*
In June 1948 the UKUSA Agreement was established, which Canada, Australia and New Zealand signed on along with the UK as "Second Parties". A separate agreement between Canada and the USA (CANUSA) was signed in November 1949, followed by one with Australia in September 1953.* 

Finally, in May 1954, the BRUSA Agreement was renamed UKUSA, which became also the name for the complex network created by these often overlapping agreements, appendices and memoranda of understanding.* Australia acted on behalf of New Zealand until the latter became a full member in 1955 or 1977.
The (signals) intelligence agencies that have less close bilateral relationships with NSA are called Third Party partners. Currently, there are over 30 Third Party partners, see: NSA's Foreign Partnerships

When the term Five Eyes (for classification purposes abbreviated as FVEY) came in use is not clear, but the SIDtoday newsletter from August 5, 2003 confirms that "Five Eyes" is derived "from the "US/UK/CAN/AUS/NZ EYES ONLY" caveat that limits the distribution of SIGINT reports to the listed Second Party countries."
The initial network of bilateral relationships between the five partner countries was eventually transformed into a "group partnership" in 1993 - as was revealed in a newsletter from August 25, 2003. It's not explained what this means, but it's sounds like a shift to a more multilateral framework for cooperation among eachother.

Screenshot from a Brazilian television report, showing some of the Snowden files
opened in a TrueCrypt window on the laptop of Glenn Greenwald.
(screenshot by koenrh - click to enlarge)

The 1.8 billion US dollar headquarters building for the ca. 16,000 employees of
the National Geospatial-Intelligence Agency in Fort Belvoir, Virginia (photo: Marc Barnes/U.S. Army Corps of Engineers) 

IBM servers
The Wikileaks files also contain an internal BND order form from February 25, 2014, used for ordering six servers for field station 3D20: two IBM X3650 M4 and four IBM X3550 M4 servers, with a total cost of 58.000,- euros. A separate text explains that these servers were needed for both PDBD and XKEYSCORE:
- PDBD was the new centralized BND tasking database, which would replace the proprietary tasking databases used at the various field stations.
- XKEYSCORE is described as a system that decodes packet-switched telecommunicatiosn traffic like e-mail, messenger, chat, geolocation information, etc. and is used for analysing telecommuncations traffic. At BND the system was needed because it became increasingly difficult to extract relevant information from the ever growing amount of data. The servers were needed to move XKEYSCORE from test to operational status.

Meanwhile, the newly elected government assured that under the new law, there will be no indiscriminate and mass data collection ("dragnet") and also postponed the entry into force of the law until May 1, 2018 (it actually appeared to be rather difficult to find capable candidates for the new TIB commission).
In the two months before the referendum, an increasing number of debates and lectures took place, in which the pros and cons of the new Intelligence and Security Services act were discussed. Eventually such meetings were held almost daily and all round the country - a remarkable interest for such a complicated subject. Also flyers and several booklets with information about the new law were distributed:

The referendum on March 21, 2018 resulted in 49,5% against and 46,5% in favor of the new law, with a remarkable high number of blank votes: 4%. As the referendum was non-binding, it is now up to the Dutch government to decide in what way they will address the outcome of the vote.

Links and sources
- Dutch National Security Reform Under Review: Sufficient Checks and Balances in the Intelligence and Security Services Act 2017? (Mar. 2018)
- Bangmakerij en onjuiste feiten in strijd voor referendum (Oct. 2017)
- Nederlands Dagblad: Een nieuwe, achterhaalde wet (Febr. 2017)
- Bits of Freedom: Moties en amendementen bij de nieuwe Wiv (Febr. 2017)
- Tweede Kamer: Hoorzitting/rondetafelgesprek inzake de nieuwe Wiv (Dec. 2016)
- BoF protest website: (Dec. 2016)
- De geheime dienst is een gemakkelijke zondebok (Nov. 2016)
- Tweede Kamer: Wetsvoorstel 34588 (Oct. 2016)
- 'Onschuldige burgers hebben niet zoveel te vrezen' (Apr. 2016)
- Kabinet houdt vast aan massaal aftappen internetverkeer (Apr. 2016)
- Bart Jacobs: Select while you collect - Over de voorgestelde interceptiebevoegdheden voor inlichtingen- en veiligheidsdiensten (Jan. 2016)
- [Dutch] Lijstje van reacties van organisaties op de Wiv-consultatie (Sept. 2015)
- Bart Jacobs: Vluchtig en Stelselmatig. Een bespreking van interceptie door inlichtingen- en veiligheidsdiensten(Febr. 2015)

The headquarters of the General Intelligence and Security Service AIVD in Zoetermeer, not far from The Hague

An e-mail published by Wikileaks shows that meanwhile, M.J. from unit 3D3D of the Bad Aibling station was comparing the numbers from the BOUNDLESSINFORMANT chart with those from his logfiles and Nagios Checks. In the e-mail, from August 12, 2013 to his boss R.U., he concluded that at the beginning of the month there was a relatively clear similarity with the chart from Der Spiegel:

Judge Rules NSA Phone Data Collection Likely Unconstitutional
BY FRAN BERKMAN  dec  2013

Leon ordered the NSA to stop collecting the phone records of the case's two plaintiffs
A federal judge has ruled that the U.S. National Security Agency's bulk data collection program likely does not comply with the U.S. Constitution's Fourth Amendment, which prohibits unreasonable searches and seizures.
U.S. District Judge Richard Leon, who released the decision on Monday, wrote that "in view of the significant national security interests at stake," he would not require the decision's widespread enforcement until the government has had a chance to appeal.

SEE ALSO: Will Obama Rein in NSA Surveillance Powers?

"This case is yet the latest chapter in the Judiciary's continuing challenge to balance the national security interests of the United States with the individual liberties of our citizens," Leon wrote.
"The Government, in its understandable zeal to protect our homeland, has crafted a counterterrorism program with respect to telephone metadata that strikes the balance based in large part on a thirty-four year old Supreme Court precedent, the relevance of which has been eclipsed by technological advances and a cell phone-centric lifestyle heretofore inconceivable."

The debate over balancing security and privacy ramped up significantly this summer after former intelligence contractor Edward Snowden leaked a trove of secret documents revealing the vast scope of the NSA's surveillance capabilities..
With the decision, Leon ordered the NSA to stop collecting the phone records of the case's two plaintiffs, public interest lawyer Larry Klayman and Charles Strange, the father of a Navy SEAL who was killed in Afghanistan. Otherwise, the agency can continue with business as usual until the U.S. government has a chance to mount and appeal.
"I hearby give the Government fair notice that should my ruling be upheld, this order will go into effect forthwith," Leon wrote. "Accordingly, I fully expect that during the appellate process, which will consume at least the next sig months, the Government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld."

UPDATE: 4:00 p.m. ET: Journalist Glenn Greenwald, the former Guardian reporter who brought Edward Snowden's leaked documents to light, provided a statement to the New York Times on the decision from Snowden himself. It reads:

“I acted on my belief that the NSA's mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts. Today, a secret program authorized by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”


This is a rather unexpected use of XKEYSCORE, because for NSA and GCHQ the strength of the system lies in its capability to reassemble internet packets, filter them and allow analysts to search buffered content. It is still not fully clear whether BND uses XKEYSCORE also in this way. 
In November 2014, W.K. from BND's SIGINT division testified that XKEYSCORE was used for decoding and demodulating IP traffic. Decoding for making things readable happens both online and on stored data, while (demodulating for) selecting the proper satellite links only happens on online data streams.
At Schöningen and Rheinhausen XKEYSCORE was only used for the latter purposes, in the pre-analysis stage. This also came forward from some testimonies before the investigation commission. For example E.B., head of the Schöningen station, said that XKEYSCORE was only used for looking at a few days of satellite traffic to determine which communication links where in it.
An earlier presentation about satellite interception at Menwith Hill Station in the UK shows that NSA and GCHQ have other systems, like DARKQUEST, for surveying satellite links, after which XKEYSCORE is used for processing and analysing the data.
Another file that was sent to the parliamentary commission contains two diagrams about how BND uses the XKEYSCORE system:
In the first diagram we see that what comes in through the satellite antenna first goes to an actual collection system (Erfassungssystem) which has some kind of database attached that says which satellite links have to be selected (Streckenauswahl). The result then goes to XKEYSCORE, which is fed by a database with rules (Regeln), which apparently determine which data to select and forward for further analysis (Weiterverarbeitung):

Regarding the source of this leak, IT experts of the German parliament said that they found no indications of a hack. Der Spiegel suggests that the source might be a member of the parliamentary commission for foreign affairs or for the affairs of the European Union, because one document published by Wikileaks (meanwhile removed) was only available to members of those two commissions.

On December 11, 2016, German press reported that according to a high-level security officer, there's a high plausibility that the commission documents published by Wikileaks were stolen during a large hacking attackon the German parliament's internal network late 2014/early 2015.
This attack was discovered in May 2015 and showed patterns similar to APT28 a.k.a. Operation Pawn Storm, the Sofacy Group, or Fancy Bear - a hacker collective which is probably sponsored by the Russian government. The timeframe of this hacking attack could explain why Wikileaks has no commission documents dated after January 2015.
It seems also possible that the secret documents about the joint NSA-BND operation Eikonal, which were published last year by the Austrian member of parliament Peter Pilz, came from this cyber attack on the German parliament servers.
Wikileaks hasn't redacted anything. Almost everything that is redacted is in blue, which is apparently the way BND is redacting its documents. Therefore, the files still contain all the internal organizational designators as well as the e-mail aliasses or addresses of many German government units and employees.

First Look has started removing wireless and audio cards from air-gapped computers and laptops,

to protect against malware that can theoretically travel through airwaves.

Wikileaks publishes classified documents from inside German NSA inquiry commission
December 8, 2016 
On December 1, Wikileaks published 90 gigabytes of classified documents from the German parliamentary commission that investigates NSA spying and the cooperation between NSA and the German foreign intelligence service BND. The documents include 125 files from BND, 33 from the security service BfV and 72 from the information security agency BSI. 
It should be noted though that all documents are from the lowest classification level and lots of them are just formal letters, copies of press reports and duplications within e-mail threads. Nonetheless, the files also provide interesting new details, for example about the German classification system, BND's internal structure, the way they handled the Snowden-revelations and the use of XKEYSCORE.
- BND classifications - BND organization - XKEYSCORE - 
- PRISM - BOUNDLESSINFORMANT - Cooperation in Afghanistan -
These topics will be updated or topics will be added when new information is found in the documents published by Wikileaks
Some background information was provided in an article from the newspaper Die Zeit, which says that only documents with the lowest classification level (VS NfD or RESTRICTED) are scanned and made available to the investigation commission on a government server. They are also available at the federal Chancellery. 
Documents with a higher classification level are not digitalized and have to be read in a secure room (German: Geheimschutzstelle) in the parliament building. Most of the documents classified Top Secret can only be viewed at the Chancellery or the new Berlin headquarters of BND.

Bulk cable access
The most important and most controversial new feature of the proposed intelligence law is the bulk collection of cable-bound communications. In the proposed law, the regulations for bulk collection will be made "technology independent", so they apply to both wireless communications (SHF satellite and HF radio) and fiber-optic cable traffic (internet and telephony). For this, the new law introduces a framework of 3 stages:

1. Acquisition (article 48):
Selecting specific cables and satellite channels from specific internet providers and satellites. Then conduct filtering to let through or block certain types of traffic (peer-to-peer, music and movie streams, etc.) and/or traffic from/to particular countries of interest. The remaining data may be stored for up to 3 years.
It should be noted that this means that both metadata and content are simply stored, like put in a big box, where at NSA and GCHQ content is only buffered for several days using the XKEYSCORE system, which prevents unnecessary storage of content that is not of interest.

2. Preparation (article 49): 
a. Search the communication links to determine the type of traffic and the persons or organisations it belongs to. The law mentions this as part of stage 2, suggesting that it follows upon stage 1, but actually this activity supports and therefore goes parallel to the selection of the right cables and channels during stage 1. 
 b. Look for new, or verify already known selectors related to known targets, and look for new targets related to selectors already known - this is actually a kind of contact-chaining like in stage 3, but here not for the sake of analysis, but to see whether the stored bulk actually contains data or new selectors that match already approved selectors of known targets.
(This stage 2 is very artificially composed and the whole process would be much clearer and simpler when section a. would be incorporated in stage 1 and section b. in stage 3)

3. Processing (article 50):
 a. Conduct metadata analysis using the metadata from the stored bulk sets of data. These can be used for contact-chaining or other kinds of analysis in which the collected metadata can also be correlated with other datasets.
 b. Selecting the content of communications by picking them out of the stored bulk data sets when there's a match with approved selectors, like phone numbers, e-mail address or keywords (highly specific ones, like names of chemical substances or parts of weapon systems). 
This means that when it comes to content, even data from the untargeted cable collection can only be accessed in the same way as traditional targeted interception: using specific selectors.
For each of these stages AIVD and MIVD need a prior authorisation from their respective minister, which is valid for up to 12 months (3 months for the content selection of stage 3). Each authorisation will then have to be approved by the TIB commission. 
The government already expects that authorisations for stage 1 and 2 will often be combined. As these stages are part of a continuous process, the Council of State also noticed that it seems not very realistic to make such clear distinctions and acquire separate authorisations. This means that in practice, authorisations will likely be combined for all 3 stages, thereby largely mitigating the goal of the system. 

A slide from an NSA top secret document on X-Keyscore, leaked by Edward Snowden and first published by The Guardian.

Office of First Look Media (FLM) in New York City (photo:

The Guardia Newspaper published some of Edward Snowdens Leaked Files 

Contact with Scahill
Already in April 2013, almost two months before the start of the Snowden revelations, Hale used his unclassified work computer at the NSA to search for information on Jeremy Scahill, who then worked for Amy Goodman's news program Democracy Now!. In October 2013, Scahill would join Glenn Greenwald and Laura Poitras to establish the investigative website The Intercept.
On April 29, Hale attended a presentation of Scahill's book "Dirty Wars: The World Is a Battlefield" about the drone killings program under president Obama. The next day, Hale used his Top Secret NSA computer to search for classified information about people and issues about which Scahill wrote, according to the indictment.
Investigators had been able to retrieve Hale's text messages and found one which he sent to a close friend in May 2013, which read: " [Scahill] wants me to tell my story about working with drones at the opening screening of his documentary about the war and the use of drones."
On June 8, Hale was again present at a book presentation, where he was seen and recorded on video (see below) sitting right next to Scahill. In the next months they contacted eachother by phone and by e-mail.
Although Hale had already used his classified work computer for searching about related topics, there are no indications that he was already planning to steal and leak classified documents, at least before September 2013, when Scahill asked him to set up a Jabber account for encrypted chat conversations. 

Book presentation at Busboys & Poets in Washington, DC on June 8, 2013,
with Jeremy Scahill (center) and Daniel Hale (right)

Printing classified documents
According to the indictment, Daniel Hale used his classified work computer at the National Geospatial-Intelligence Agency (NGA) to print classified documents for the first time on February 28, 2014 and he continued to do so until August 5, 2014.
In total, he printed 36 documents, including four duplicates. Nine documents were related to his work at NGA, but 23 did not. Hale provided at least 17 of these 23 documents to Scahill and/or The Intercept, which published them in whole or in part between July 2014 and December 2016: 

Glenn Greenwald informing Edward Snowden about The Intercept's new source (still from the documentary film Citizenfour)

Third party hacking
Another important new feature in the new law is about network and computer hacking. Already under the current law from 2002, both secret services are allowed to hack into digital systems and networks, but only those being used by a particular target (Dutch police isn’t allowed to hack, but another new law is expected to change that soon). Additional to this, the proposal will also allow AIVD and MIVD (or JSCU on their behalf) to hack computer systems used by third parties, whenever that is necessary to get access to a target’s computer. 
Obviously, so-called hard targets can secure their systems in a way that it is hardly possible to break in, or they can avoid online systems as much as possible, so the only option will be to get access through third parties near or in contact with such a target. But still this extension of powers is remarkable because this is one of the most controversial methods that came to light in recent years. GCHQ for example hacked the network of the Belgian telecom company Belgacom as a means to get access to still unknown targets.

Despite third party hacking is probably just as controversial as the bulk cable tapping, the government didn’t introduce separate authorisations for the various steps in the hacking process, like they did for untargeted interception. This means that hacking operations, no matter how intrusive or extensive, require only a single authorisation set (minister + TIB commission).
However, each authorisation by the minister has to make sure that the use not only of hacking methods, but also of all other special intelligence methods is in accordance with these three basic rules:
- Necessity: a method must be necessary to fulfill the intelligence or counter-intelligence mission.
- Proportionality: the consequences of a method have to be in proportion to its goal.
- Subsidiarity: a method may only be used when the goal cannot be achieved through a less intrusive method.

Contributions to this article were made by Zone d'Intérêt, a French weblog about intelligence & defence, on which this article was also published as part of an ongoing series about new laws on intelligence and security services.
On December 30, 2016, members of parliament submitted hundreds of questions about the draft Intelligence and Security Services Act, but no substantial changes were proposed. In its answers from January 18, 2017, the government stuck to its initial position. The only change worth mentioning is that when during untargeted interception data are considered not of interest, they have to be deleted immediately - the word "immediately" wasn't in the original text.
However, the government's answers also provided some clarity, as it was said that the untargeted cable access doesn't mean that the secret services will get access to a complete fiber-optic cable (through cable-splitting), but that instead the telecoms will likely only copy specific and selected channels (through port mirroring) and provide these to the government for further processing, which is a more targeted and flexible way.
Given that members of parliament were mainly focused at the untargeted interception, or "dragnet" as many call it, there was less attention for the new hacking capabilities and nothing was clarified about how the services will use the new cable access for cyber security purposes.
On february 8, the Second Chamber of the Dutch parliament discussed the proposal during a 9-hour debate in which several parties proposed over 40 amendments to the new law, but again the government wasn't willing to change anything. The vote was on February 14, 2017 and the law passedwith a fairly large majority. Finally, the Dutch senate approved the new Intelligence and Security Services Act on July 11, 2017.

The new law was scheduled to come into force on January 1, 2018, but then a group of five students started a petition for organizing a referendum about the Wiv. The petition was eventually supported by some 384.000 people - enough for a consultative referendum that will be held on March 21, 2018. 

Glenn Greenwald working with the Snowden files outside his house in Rio de Janeiro
(screenshot from a television report by Fantastico)

In this Jan. 17, 2014, photo, President Barack Obama Talks about National Security Agency surveillance at the Justice Department in Washington.Security Agency surveillance at the Justice Department in Washington

Interesting is that just before the scene in the Moscow hotel room, Citizenfour shows Jeremy Scahill talking to Bill Binney, former technical director of the NSA's World Geopolitical and Military Analysis Reporting Group, about how to handle confidential sources.
Binney gives the advice that the best way to talk to such sources is like Bob Woodward and Deep Throat did: meet physically in the basement of a parking garage.
We can assume that Daniel Hale met in a similar way with Scahill to hand over the documents he had printed out at the NGA. It's not clear though whether the conversation with Binney was recorded before or after these meetings, so at least Binney's advice was also meant for any future leakers.


For the relation between Hale and The Intercept the advice had come too late, and both must have known that, so apperently both were too eager to go along with publishing the files. 
For The Intercept, the drone program seems to present the most clear and direct link between the NSA and actual illegal killings - despite the fact that these operations were actually run by the CIA, before Obama tried to transfer them to a military command.
Also, one of the slides leaked by Hale says that drone strikes will only occur when the presence of the target is based upon two forms of intelligence and all parties involved, being the local Task Force, the Geographic Combatant Command, the US Ambassador, the CIA Station Chief and the government of the host nation, have to concur or no strike occurs.
For Daniel Hale it may have become a moral mission to inform the public about the secret details behind the drone program and maybe this was also his way of making up his own involvement in the program during his time in Afghanistan.

Hale will appear before a judge on May 17. Under the Espionage Act of 1917, which doesn't distinguish between providing information to enemies or to the press, he can be sentenced to up to a maximum of 50 years imprisonment. 
At least he has one of the best (and expensive) defense attorneys: Abbe Lowell, who recently represented Trump's son-in-law Jared Kushner(!), and who apparently doesHale's case pro bono.

Links and sources
Intercepted Podcast: The Espionage Axe: Donald Trump and the War Agianst a Free Press
- Emptywheel: On the Curious Timing of Daniel Everette Hale’s Arrest
- Mint Press News: Another Whistleblower Bites the Dust as The Intercept Adds a Third Notch to Its Burn Belt
- The Washington Post: Former intelligence analyst charged with leaking drone details to news outlet
- Lawfare Blog: German Courts Weigh Legal Responsibility for U.S. Drone Strikes
- Zone d'Intérêt: U.S. Intelligence Support to Find, Fix, Finish Operations
- The Drone Papers: Acronyms, abbreviations, and initialisms

In an earlier posting on this weblog, I listed 28 revelations at various media platforms, accompanied by one or more leaked documents that were not attributed to Edward Snowden.
Trying to identify their source, I assumed that a then unknown "source nr. 3" was responsible for the documents that were scanned from paper and with a more or less military content:
Source nr. 3 (someone from US military intelligence?)
- NCTC watchlisting guidance
- NCTC terrorist watchlist report
- Ramstein AFB supporting drone operations
- The Drone Papers
- Cellphone surveillance catalogue
- FBI & CBP border intelligence gathering

Comparing the dates of these six publications with those in the table from the indictment leads to the following conclusions:
- Daniel Hale provided the documents for the first five revelations I attributed to Source nr. 3: from the "NCTC watchlisting guidance", which was published by The Intercept on July 23, 2014, to the "Cellphone surveillance catalogue" from December 17, 2015.
- The 14 original documents about "FBI & CBP border intelligence gathering", which I assumed could also have been provided by source nr. 3, are actually not among those that Hale printed out. Therefore, those files have to be leaked by someone else, probably an FBI or CBP employee.
- The indictment lists four unclassified documents (O, P, Q and R) and says these were published in December 2016, but so far no one seemed aware of a similar intelligence or national security revelation in that month.

Clapper's blog

Looking for articles that Jeremy Scahill published in December 2016 led me to a short story about James Clapper's blog called Intercept. It's indeed based upon four unclassified documents, which are again scanned from paper: a screenshot of a blog post from May 29, 2013, handwritten letters to and from Clapper and a few comments on that blog post.
This blog post is just a curiosity compared to the other documents, so it seems the only reason that Hale printed this out, is that the main comment, posted under the nickname "Wormy", is his own. The comment warns against increasing restrictions on civil liberties, with arguments based upon the US Constitution and the Bill of Rights - it reminds of how Snowden usually argues.

BND organization chart, situation since 2009

NSA Also Mining Data From Sprint, AT&T, Credit Card Companies

Yesterday's revelation that Verizon had received a secret court order to hand over data to the National Security Agency was just the beginning. Two other major American wireless providers, AT&T and Sprint, have also been receiving similar orders, as have credit card companies.
Sources familiar with the NSA's practices confirmed this latest round of revelations to the Wall Street Journal late on Thursday.

The report came just a couple of hours after the Guardian and the Washington Post dropped their bombshell: using a secret program called PRISM, Internet giants incluing Facebook, Google, or Microsoft allegedly let the NSA and the FBI tap into their user's communications — perhaps in real time.
This confirms what privacy experts had been warning of after the first revelation of the court order received by Verizon: that it was a standard, ongoing, recurring practice with other companies. The Journal's sources confirmed that the orders are similar in scope to the Verizon one — they give the NSA access to the metadata of every phone call every American makes.
The NSA also gets access to customer's purchase information from credit card companies, although no specific details of this particular data collection practice have been divulged so far.
Meanwhile, the White House defended the wide-ranging surveillance program. Deputy press secretary Josh Earnest called it "a critical tool in protecting the nation from terror threats."

SEE ALSO: Through a PRISM, Darkly: Our $20 Million Nightmare

Democratic senators backed the program and tried to give reassurances to the American public. "Everyone should just calm down and understand this isn't anything that is brand new,'" said Sen. Harry Reid (D.-Nev.).
After claiming that the NSA surveillance program is about "protecting America," Senate Intelligence Chairman Dianne Feinstein (D., Calif.) added that the program is legal and is under constant Congressional oversight; it needs to be renewed every three months.
Meanwhile James Clapper, the Director of National Intelligence, issued an online statement. Intelligence agencies have to work within the constraints of the law "to collect, analyze and understand information related to potential threats to our national security," he said.

Clapper went on to decry the leak of top secret documents and sensitive information like the court order revealed by the Guardian.
"The unauthorized disclosure of a top secret U.S. court document threatens potentially long-lasting and irreversible harm to our ability to identify and respond to the many threats facing our nation," he said.
The DNI director said the program does not allow the NSA to collect content; "just metadata." But as the Guardian's James Ball pointed out, metadata can be just as revealing — and can identify you as clearly — as content.
The broad scope of the order was necessary, Clapper said, because "more narrow collection would limit our ability to screen for and identify terrorism-related communications."

Meanwhile, the Internet giants that allegedly allowed the NSA to tap into their user's communications denied any direct involvement in the PRISM program.

Michael Richard Pompeo Profile of CIA Employee Michael Richard Pompeo

Michael Richard Pompeo
Gae: 52 (Born Dec 30, 1963
(316) 733-6896
691- 1610
(202) 434-5914
(703) 536-3726
(316) 612-0337
Known as: Mike Pompeo

Susab Pompeo (spouse)
Dorothy Pompeo (Age: 87)
Mark Pompeo (Age:51)
Wayne Pompeo (Age: 85)
Nichlocas Pompeo (Age: 26)
Michelle Lindfora (Age: 54)
Leslie Cain (Age: 52)

Education: Harvard Law School, Law Degree
United States Military Academy at West Point

A perspective on the new Dutch intelligence law
December 16, 2016  

Since the Snowden-revelations, several countries adopted new laws governing their (signals) intelligence agencies, but instead of restricting the collection capabilities, they rather expand them. Previously we examined the new laws that have recently been implemented in France. This time we will take a look at the Netherlands, where a new law for its two secret services is now being discussed by the parliament. 
The situation in the Netherlands is different in at least two major aspects from many other countries. First, there is no institutional separation between domestic security and foreign intelligence as the two secret services combine both tasks. Second, the current law restricts bulk or untargeted collection to wireless communications only, so cable access is only allowed for targeted and individualized interception.

See Also
- Secret services - Oversight bodies - Towards a new law -
- Bulk cable access - Cyber security - Third party hacking - 
Secret services
In the Netherlands, there are two secret services, which were both created during a major reorganisation in 2002:
- General Intelligence and Security Service (Dutch: Algemene Inlichtingen- en Veiligheidsdienst, or AIVD), which falls under the Interior Ministry and is mainly responsible for domestic security issues, but also has a small branch that gathers intelligence information from and about foreign countries. In 2015, AIVD had over 1300 employees and a budget of 213 million euros.
- Military Intelligence and Security Service (Dutch: Militaire Inlichtingen- en Veiligheidsdienst, or MIVD), which falls under the Defence Ministry and is mainly responsible for military intelligence related to peacekeeping missions and military operations overseas. They also have to provide security for the armed forces. In 2015, MIVD had over 800 employees and a budget of approximately 85 million euros.

The Netherlands has no separate signals intelligence agency, but in 2014, the Joint Sigint Cyber Unit (JSCU) was created as a joint venture of AIVD and MIVD. The JSCU integrates the collection of signals intelligence and cyber defense operations on behalf of both agencies. The unit is located in the AIVD headquarters building in Zoetermeer and has a workforce of some 350 people.
The head of JSCU is also the point-of-contact for foreign signals intelligence agencies, like NSA and GCHQ. The JSCU operates two listening stations: a relatively large satellite intercept station near the northern village of Burum, and a very capable High Frequency (HF) radio listening post in Eibergen near the German border.
The fact that the Dutch secret services combine both domestic security and foreign intelligence tasks, also means that there’s just one legal framework for both, and that authorisations are not only required for domestic operations, but also for foreign ones. Therefore, the Dutch services don’t have to separate foreign and domestic communications, which proved to be such a painful job for NSA and the German BND.

Sharing content: TICKETWINDOW
An older collaboration system for the Five Eyes partners is described in a SIDtoday newsletter from November 7, 2003: TICKETWINDOW. This system was established in 1999 by the NSA's Data Acquisition division to enable reciprocal data sharing with Second Party parters - without revealing sensitive sources and collection methods, which often restricted data sharing. Within TICKETWINDOW, NSA shares most data, but the other partners also contribute from their own collection.
In 2003, TICKETWINDOW was regarded a success story: new sources from the partner countries helped NSA to be more productive, while for the Australian DSD, more than 40% of their product reporting was from TICKETWINDOW collection, particularly from NSA collection. Both the British GCHQ and the Canadian CSE had doubled their output of TICKETWINDOW reports in 2002. Maybe this system is somehow related to the mysterious SIGADs starting with DS, which seem to denote collection by Second Party countries.

A similar data sharing system for the SIGINT Seniors Europe (SSEUR) group of Third Party partners is the Signals Intelligence Data System (SIGDASYS).

Sharing end reports: CATAPULT

Finally, there's also a system for sharing intelligence reports among the Five Eyes partners. According to a newsletter from May 8, 2003, NSA and the Canadian CSE set up a prototype portal to exchange SIGINT products between NSA and its Second Party partners under the codename CATAPULT.
The CATAPULT portal "contains all 2nd party viewable product shared with CSE to include multimedia reporting, CRITICOMM released product, and SIGINT on Demand (SOD) items", all of which is accessible from NSANetthrough a browser interface. CATAPULT is based on CSE's SLINGSHOT system, which delivers SIGINT reports to Canadian "customers" like policy and decision makers. 
CATAPULT was brought under the JOURNEYMAN umbrella program for modernizing the way SIGINT analysts can write and disseminate their reports. As CATAPULT started as a prototype, it may have been replaced by a system that includes all Five Eyes partners.

Besides the systems described above, JESI also initiated the creation of several protected websites to allow employees of the Second Party agencies to securely share data within specific communities of interest.

In April 2013, the PARTNERMALL Program (PMP) was used for collaboration with 2nd and 3rd party partners, but it was planned to be replaced by the Global Collaboration Environment (GCE), which was described as the next generation, expanding the existing single collaboration environment of the PMP into a bilateral and multilateral model. There were also plans for "the UK hosting a permanent facility where analysts from partner nations could be co-located."

As close as the cooperation between these agencies may have become, the sharing mechanisms are still meant to support each member's foreign intelligence needs. The Five Eyes are not a body of its own with its own goals or targets, like for example a rather ridiculous target list on Wikipedia suggests.

Also, the data sharing system TICKETWINDOW isn't the successor of ECHELON, as Wayne Madsen wrote on the website Intrepid Report. ECHELON was (and under the name FORNSAT still is) a worldwide network of satellite intercept stations to provide in the information needs of each of the Second Party countries.

SIDtoday newsletters
In May 2016, The Intercept started publishing large batches of documents from the Snowden archive, to begin with the SIDtoday newsletters from 2003, all the way to the most recent available ones from 2012. A second batch came in August 2016 and a third batch of 251 newsletters in April 2017. So far, a total number of 942 SIDtoday newsletters have been published, from March 2003 to October 2005. 
These newsletters are an interesting source for historical research as they add or confirm many details about NSA. Although some of them are about operations that could be controversial, taking away full nine years of SIDtoday newsletters isn't proportionate and forms an example of where Snowden wasn't very selective.

Links and sources

- Five Eyes and the Perils of an Asymmetric Alliance
- The Intercept: All published editions of SIDtoday
- Lux ex Umbra: Releases of Canadian identities to Five Eyes partners
- About Canada and the Five Eyes Intelligence Community (pdf)
- Martin Ruder: Hunters and Gatherers: The Intelligence Coalition Against Islamic Terrorism
- NSA: UKUSA Agreement Release 1940-1956

Geplaatst door P/K op 22:32 

Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

Labels: NSA Partnerships

Blah Blah Blah said...
Here's a pic you might be interested in. It shows a phone and multiple other electronic devices in the Oval Office.

November 30, 2016 at 7:25 PM
P/K said...
Thank you, that's a nice picture, I will probably use it soon!
December 1, 2016 at 3:53 AM

Alessandro Argentini said...
This picture has been edited.... one foot of Obama disappeared...
December 1, 2016 at 10:59 PM

Snowden: Any Cell Phone Can Be Hacked | NBC News - 378,642 views•10 Jun 2014

Dutch capabilities
During an interview with Dutch television in January 2015, Edward Snowden said that "the US intelligence services don't value the Dutch for their capabilities, they value them for their accesses, they value them for their geography, they value them for the fact that they have cables and satellites... a sort of vantage point that enables them to spy on their neighbours and others in the region in a unique way." 
This doesn't show much familiarity with the issue, as the Dutch services have no "cables" yet and "satellites" are mainly intercepted for their foreign traffic. In reality, what makes Dutch intelligence interesting for NSA isn't spying on their neighbours, but their spying overseas: data they collect during military missions in Afghanistan and Mali, during navy missions around the Horn of Africa, by the quiet Dutch submarines, and HF radio traffic from the Middle East intercepted at the Eibergen listening post.

Some numbers

In 2009, the Dutch government provided the number of targeted interceptions conducted by the secret services: 1078 by AIVD and just 53 by MIVD. This number doesn’t seem very high (especially taking in account that targets often use multiple phone numbers) - but in the same year, French intelligence services were allowed to tap 5029 phone lines, although it’s not clear whether these number count in the same way.
Dutch government refuses to publish such numbers for more recent years, saying that that would give to much insight in the modus operandi of the agencies. A strange argument, because such numbers say nothing about the targets and also because countries like the US and Germany regularly publish even much more detailed numbers. Like the police, the secret services also request metadata (verkeersgegevens or printgegevens) from the telecoms, but for this there are no numbers available.

Secret services vs. police force
In 2014, Dutch police conducted over 25.000 phone and internet taps, which is way more often than in other countries (it seems that Snowden had this in mind when he erroneously said that the Dutch secret services are the “surveillance kings of Europe”). The reason for this is that Dutch police rarely conducts undercover, observation and bugging operations, which are considered much more controversial and intrusive than phone taps. 
Originally, targeted interception by the police was only allowed for crimes that could be sentenced with 4 years or more imprisonment and only for phone numbers used by the suspect himself, but with a new law on special criminal investigation methods from the year 2000, these restrictions were abolished.* Unlike in France, Dutch secret services do not work on or support police investigations under the authority of a judge.

Classified documents provided to the investigation commission (still from the ARD documentary Schattenwelt BND)

It should be noted that BND didn't count the numbers of metadata they provided to NSA, they did so only for content, so the numbers from M.J.'s chart may not be fully accurate. Even more puzzling is a table that was also with the e-mail from M.J. and contains the daily numbers for the metadata during this period:

Secure communications
A letter from BND from July 2013 says that BND's wide-area networks (WANs) which are classified Secret (Geheim) are secured by SINA encryption devices certified by the BSI. Communications between foreign and domestic BND facilities are transmitted through MPLS (Multiprotocol Label Switching) networks.
The letter also says that BND-unit SICD for eavesdropping techniques domestically checks only whether BND facilites may have been bugged, but found nothing over the past several years. Outside Germany, the embassies and consulates of the German foreign ministry were checked in regular turns.
According to Wikileaks, one of the more interesting documents from their release is one that allegedly proofs that "a BND employee will be tasked to use and write software for XKeyscore." However, the German tech website Golem says that this seems to be based on a text section that only refers to BND employee A.S. who helped install XKEYSCORE at the Berlin headquarters of the domestic security service BfV, which uses this system only for analysing terrorism-related data sets.
More interesting are several other documents about XKEYSCORE. For example In a list of answers prepared for the meeting of the parliamentary oversight commission on November 6, 2013 it is said that XKEYSCORE is used since 2007 in Bad Aibling and that this system is being tested since February 2013 at the satellite intercept stations Schöningen and Rheinhausen. It was planned to use XKEYSCORE on a regular basis at the latter two locations too.
According to another document, BND uses XKEYSCORE for the following purposes:
- Check whether satellite links with internet traffic (only foreign-to-foreign and especially crisis regions, so no links to or from Germany or cables inside Germany) could contain data relevant for BND's mission
- Search for new relevant targets
- Make communications traffic from already known and selected targets readable to transfer them to analysts for preparing reports
XKEYSCORE processes data streams in real time, but for analysis purposes it can also buffer both metadata and content for a certain time, which depends on the available storage space of the buffer. Because XKEYSCORE is used for regular processing purposes, BND deemed it not necessary to inform the federal chancellery or the parliamentary oversight commission (PKGr) about this system specifically.
An internal BND e-mail from November 5, 2013, explains that at Schöningen and Rheinhausen, XKEYSCORE is used for intercepting foreign satellite communications. The specific purpose for the system is determining which satellite links are most useful and subsequently checking whether the traffic contains the communications of people the BND is looking for (so-called survey):

The headquarters of the Military Intelligence and Security Service MIVD at the compound of the Frederik Barracks in The Hague

Critics Slam 'Watered-Down' Surveillance Bill That Congress Just Passed
BY BRIAN RIES   MAY 22, 2014

"Where there is vagueness in a law, you can count on the administration to exploit it," Johnson said.

In this Jan. 17, 2014, photo, President Barack Obama Talks about National Security Agency surveillance at the Justice Department in Washington.Security Agency surveillance at the Justice Department in Washington.
A surveillance bill aiming to end the National Security Agency’s bulk collection of Americans' phone records passed the House on Thursday, despite privacy advocates calling it “weak,” “watered-down" and "dangerously broad."

SEE ALSO: This Is How the NSA Is Trying to Win Over the Media

Known as the USA Freedom Act, the bill follows President Barack Obama's January call on Congress to end the NSA's bulk collection of U.S. citizens' phone call information.

The bill, which passed the House 303-121, requires that American phone companies keep records of calls made on their networks for 18 months and let the NSA search their contents for ties to terrorism investigations.

However, the bill provides no protection for foreigners — and the provisions to protect Americans have been “extensively watered down,” according to a report from Amnesty International.

Happening Now: House vote on #NSA Phone Records Collection - LIVE on C-SPAN  
3:50 PM - May 22, 2014

As a result, many of its initial supporters pulled their support.
“We supported the original USA Freedom act, even though it didn’t do much for non-US persons,” Zeke Johnson, director of Amnesty International's Security & Human Rights Program told Mashable after Thursday's vote.

Gov. Gary Johnson✔@GovGaryJohnson
Good news: House passes USA Freedom Act. Bad news: Gutted it before doing so. Much work to do in the Senate. #NSA @ACLU @EFF #tlot #privacy
4:39 PM - May 22, 2014

He described the original version as “a good step to end bulk collection.” However, in its current version, it's not even clear that this bill does that at all, Johnson said. He added that Congress left a lot of "wiggle room" in the bill — something he said is a real problem.

"Where there is vagueness in a law, you can count on the administration to exploit it," Johnson said.

However, Laura W. Murphy, director of the ACLU Washington Legislative Office, took a more positive view of the bill.
"While far from perfect, this bill is an unambiguous statement of congressional intent to rein in the out-of-control NSA," she said in a statement. "While we share the concerns of many — including members of both parties who rightly believe the bill does not go far enough — without it we would be left with no reform at all, or worse, a House Intelligence Committee bill that would have cemented bulk collection of Americans’ communications into law."
The Electronic Frontier Foundation simply called it "a weak attempt at NSA reform."

BREAKING: USA FREEDOM Act passes the House. It's a weak attempt at NSA reform. We're working for a stronger version in the Senate.
4:18 PM - May 22, 2014

“The ban on bulk collection was deliberately watered down to be ambiguous and exploitable,” said Center for Democracy and Technology Senior Counsel Harley Geiger. “We withdrew support for USA FREEDOM when the bill morphed into a codification of large-scale, untargeted collection of data about Americans with no connection to a crime or terrorism.”
And Cynthia Wong, senior Internet researcher at Human Rights Watch, said, “This so-called reform bill won’t restore the trust of Internet users in the US and around the world. Until Congress passes real reform, U.S. credibility and leadership on Internet freedom will continue to fade.”

Silicon Valley weighs in
Some of America's largest tech companies, including Facebook, Google, Microsoft, AOL, Dropbox, Twitter, Yahoo and LinkedIn, all warned that the bill created an “unacceptable loophole that could enable the bulk collection of internet users' data," the Guardian reported.

Congress reacts
Representative Justin Amash (R-MI 3rd), an original cosponsor of the Freedom Act, pulled his support this week and voted "no" on Thursday. In a Facebook post that was published just before it passed, Amash said "the revised bill that makes its way to the House floor this morning doesn't look much like the Freedom Act."
This morning's bill maintains and codifies a large-scale, unconstitutional domestic spying program. It claims to end "bulk collection" of Americans' data only in a very technical sense: The bill prohibits the government from, for example, ordering a telephone company to turn over all its call records every day.
But the bill was so weakened in behind-the-scenes negotiations over the last week that the government still can order—without probable cause—a telephone company to turn over all call records for "area code 616" or for "phone calls made east of the Mississippi." The bill green-lights the government's massive data collection activities that sweep up Americans' records in violation of the Fourth Amendment.
As the bill heads to the Senate, Amash's spokesman Will Adams said the congressman is encouraged by recent statements from Senate Judiciary Committee chairman Sen. Patrick Leahy (D-Vt.) that show he wants to see additional privacy protections in the Senate's version of the bill. He said the congressman will continue to work with his allies in the Senate.

After the bill passed on Thursday, Leahy's office issued a statement saying the senator supported the House of Representatives "for taking an important step towards reforming our nation’s surveillance authorities," but was "disappointed" that the Freedom Act doesn't include some of the reforms contained in its original version.
"I will continue to push for these important reforms when the Senate Judiciary Committee considers the USA FREEDOM Act next month," he said.


​Secure communications: IWS
A collaboration tool called InfoWorkSpace (IWS) was created to exchange information between NSA, the US military and partner countries during Operation Enduring Freedom in Afghanistan.
IWS is a software tool that provides chat communications as well as audio and video conferencing, file sharing, virtual whiteboards, and shared desktop views through desktop computers connected to a secure network.*As within the Five Eyes it's about signals intelligence, IWS most likely ran, and maybe still runs on NSANet.
According to a SIDtoday newsletter from September 10, 2003 IWS was already used by over 4000 NSA and their Second Party counterparts at the working levels. They collaborated on topics like Operation Enduring Freedom, international terrorism, real-time collection coordination, SIGINT development and multi-intelligence tasking.
This succesful use of IWS led JESI decide that the system should also be used at leadership-level. As of 2003, the SIGINT directors of the Five Eyes partners would use IWS to enhance their collaboration on subjects ranging from current intelligence objectives to future collection planning. They would get access to one of the IWS servers managed by NSA, codenamed VOTEDOOR.

Glenn Greenwald working with the Snowden files outside his house in Rio de Janeiro
(screenshot from a television report by Fantastico)

BOUNDLESSINFORMANT screenshot showing metadata related to Germany as being published by Der Spiegel on July 29, 2013

In another newsletter from December 19, 2003, it is said that not long before, the SIGINT directors of NSA, the Canadian CSE, the Australian DSD and New Zealand's GCSB held their first virtual meeting using the InfoWorkSpace tool. However, their counterpart at "GCHQ was unable to attend due to a computer failure."
According to the newsletter, this first meeting lasted over an hour and was mainly about "efforts against terrorism, especially ways to extend cooperation across the SIGINT community, and to include the HUMINT [Human Intelligence] community". A next virtual meeting using IWS was scheduled for the middle of January 2004.
The tech website Motherboard found the following video presentation of the InfoWorkSpace (IWS) tool, which was developed by ezenia!, a small company from Salem, New Hampshire:

Interoperable access control: PKI

In order to give Second Party employees access to joint collaboration systems, JESI pushed the partner agencies to deploy interoparable Public Key Infrastructure (PKI). The NSA's PKI is a comprehensive encryption system to protect classified information against:
- Unauthorized disclosure and modification through digital signing
- Unauthorized access through access controls and authorization services
- False user idenfications

An SIDtoday newsletter from July 8, 2003 explains that the new PKI system would replace the ICARUS e-mail encryption system by October 2003. A valid PKI certificate was also needed to use applications like Peoplesoft and CONCERTO. The latter is NSA's internal personnel system, which has separate parts for human resource and security clearance information.
The new PKI certificates were first issued to NSA employees who were US citizens and held a blue, green, or gold badge. Later, PKI certificates would also be issued to employees of Second Party agencies and to non-US citizens. This PKI system seems to be a software solution without two-factor authentication with a token like the CAC-smartcard of the US military.

Sharing metadata: MAINWAY
Since 2006 it was thought that MAINWAY was a repository just for telephone metadata, but based upon recently leaked and declassified documents, it was explained on this weblog that MAINWAY also contains internet metadata as well as the domestic phone records NSA previously collected under the authority of Section 215 of the USA PATRIOT Act.

Rather unexpected, the SIDtoday newsletter from August 25, 2003 now also reveals that "MAINWAY, a system that uses phone call contact chaining to identify targets of interest, was provided to each of our partners. The partners now supply additional contact information to the database to enhance the joint ability to identify targets".
So MAINWAY is not only fed with the domestic US telephone records and the foreign telephone and internet metadata collected by NSA, but also with foreign metadata provided by GCHQ, CSE, DSD and GCSB. According to the quid pro quo rule for intelligence cooperation, all Five Eyes partners can apparently also query the MAINWAY database for their national security interests.
However, Second Party analysts have no access to the domestic US phone records, but so far there are no documents that mention this explicitly (recently published dataflow diagrams show that MAINWAY has separate BRF [BR FISA or Section 215 records] partitions though).

A GCHQ presentation from 2010, which was published earlier, shows the user interface of the IMMINGLE tool with check boxes for direct access to various metadata repositories, including MAINWAY II:

A federal judge has ruled that the U.S. National Security Agency's bulk data collection program likely

does not comply with the U.S. Constitution's Fourth Amendment, 

Internal BND e-mail from the EAD branch for the relationships with western countries & cooperation partners, and the EADD unit

for relationships with North America & Oceania

Intelligence career
Daniel Everette Hale was born in 1987, is now 31 years old and living in Nashville, Tennessee. Despite his ideological disagreements with the military, he joined the US Air Force in July 2009 out of desperation because he was homeless. At the Air Force, he became a language analyst and was assigned to work at the National Security Agency(NSA) from December 2011 to May 2013. 
From March to August 2012, Hale was deployed as an intelligence analyst in support of a task force of the Joint Special Operations Command (JSOC) at Bagram Airfield in Afghanistan, where he was mainly responsible for identifying and tracking targets for the drone program. He left the Air Force in July 2013. From December 2013 to August 2014, he worked for the defense contractor Leidos(formerly SAIC), for which he was assigned to the National Geospatial-Intelligence Agency (NGA), which derives intelligence from geographical data and aerial and satellite imagery. There, Daniel Hale worked as a political geography analyst, for which he held a Top Secret/SCI clearance, just like for his previous job. 

Raided by the FBI
On August 8, 2014, right after Daniel Hale's assignment at the NGA had ended, the FBI raided his home. This was just three days after he had printed out his last document at the NGA and some two weeks after The Intercept published its first article based upon his material, which means the FBI identified and found him rather quickly. 
At his home, FBI agents found a thumb drive with the TOR software and the TAILS operating system, both used for anonymous internet communications. Also found was the unclassified (and unpublished) document T on his computer and one page of document A, which was classified Secret and published in October 2015, on a thumb drive.
Why Hale brought these files in digital form to his home, after having already printed the documents at his work place at the NGA, is not clear, but it was careless and unnecessarily risky.
It is not known how exactly Hale was traced, but a tweet from his lawyer, Jesselyn Radack seems to suggest that The Intercept failed at their source protection. That would be their third time, because NSA linguist Reality Winner and former FBI agent Terry Albury had already been arrested due to The Intercept's sloppyness.
But Daniel Hale was bad at operational security (OPSEC) too and did little to stay out of the picture: already in November 2013 he began speaking out publicly against the government's drone program at the "Ground the Drones" summit organized by Code Pink, where he apologized for his own participation in the program.
In January 2014, Hale also spoke at a rally outside the White House against the Guantanamo Bay prison camp. Again very similar to Snowden, who organized a Crypto Party while he was working for the NSA in Hawaii.
The big difference is that Hale just took a handful of selected documents that he thought were in the public interest, while Snowden (and Manning) acted just like the NSA: "collect before you select."

Featuring in National Bird
And just like Edward Snowden was being recorded on camera when his leaks came out in Laura Poitras' film Citizenfour, Daniel Hale was being interviewed for the drone whistleblower documentary National Bird around the time the FBI raided his home.
In National Bird it's mentioned that Hale was being investigated under the Espionage Act, allegedly because he was seen as a source for information about the drone program. The Intercept had already begun publishing the files he stole at the NGA, but of course Hale did not admit that on camera. 
He just pretended that he didn't knew the reason for the investigation: it might had to do with the fact that he had worked for intelligence agencies and that he was politically active, which could have made the government suspicious.
Right after the release of National Bird in February 2016, at least some people must have noticed that Daniel Hale would make a perfect fit for being the source of The Drone Papers, but it seems they all kept quiet.
The full version of the 2016 documentary National Bird with German voice-over

Featuring in Citizenfour
Almost two years before Hale himself could be seen in National Bird, the information he leaked already appeared in Laura Poitras' film Citizenfour, which was released in October 2014. It shows Glenn Greenwald visiting Snowden in Moscow, telling him about a new source and writing the most sensitive details on sheets of paper. 
When the camera zoomed in on the notes, it could be seen that the new source provided information about the chain of command for the drone strikes, the fact that their signals are relayed through Ramstein AFB in Germany (which would cause "a huge controversy") and that some 1.2 million people are in one way or another on a government watch list.
When Snowden expressed his concerns about the safety of the source, Greenwald reassured that they were "very careful in handling the source." Maybe they tried during the time Hale was handing over the documents, but given their prior non-secure contacts and Hale's public appearances, it was already too late for a sufficient source protection.

Micah Lee is the digital bodyguard who protects Glenn Greenwald, Laura Poitras and other reporters working on the Snowden documents.

Edward Snowden at Web3 Summit 2019

Profile on Donald J Trump

Donald J Trump
Age 70 (Born June 14, 1946)

Contact Information
(212) 715-7222
(561) 936-3406
(212) 758-4774
(212) 813-0408
(212) 832-2000
(212) 715-7200
(212) 688-7267
(561) 835-9470



Also Known As: Trump Gold Donald, Don Trump

 J Donald
Taj Trump
Tower Trump
Plaza Trump
Vanessa Haydon ( age: 38)
Societa Trump
Ivanka Trump ( Age:35)
Palace Trump
Eric Trump (Age:32)

Chairman and President: The Trump Organization
President: Saudi Arabian Airlines
President: Trump Tower Cafe Corp
President: Trump Place Condominium Sales
Chb: Park Trump Condo
President:  The Trump Corporation
Member: 401 North Wabash Venture LLC
1. 725 5th Avenue #BSMT, New York, NY, 10022
2. 2265 Aragon Street, Sebring, FL, 33872
3. 124 Woodbridge Road, Plam Beach, Fl, 33480
4. 1094 S Ocean BLVD, #BL S, Palm Beach, Fl, 33480
5, 425 E 58th Street, #12B, New York, NY, 10022
6. 220 Riverside BLVD #BL 11L, New York, NY, 10069
7. 111 5th Ave, New York, NY, 10003
8. 6500 Okeechobee BLVD #BL
9. West Palm Beach, FL, 33411
10. 2686 Martin Ave, Bellmore, NY, 11710
11. 1234 Mockingburd LN, West Palm Beach, FL, 33415
Tel: (561) 936-3406
12. 28 Bay 40 Street, Brooklyn, NY, 11214

The German parliamentary investigation commission just before a hearing

Oversight bodies
The Netherlands there is a quite thorough oversight for the intelligence and security services. This is conducted by the independent commission CTIVD and the parliamentary commission CIVD:
The main oversight body is the Review Committee for the Intelligence and Security Services (Commissie van Toezicht op de Inlichtingen- en Veiligheidsdiensten, or CTIVD), which consists of three independent members, appointed by royal decree, who are supported by a secretariat of 10 people. The strength of this commission is that it has the right to access all documents and computers systems and speak to all employees: commission members can actually walk in, pull open drawers and log into the networks of both AIVD and MIVD.
The CTIVD publishes an annual report, but also conducts investigations on specific matters, like targeted interception in general or specific cases based upon press revelations. This results in a steady flow of reports, most of them public, which provide a detailed insight into the work of the Dutch services, of course without revealing specific methods or other sensitive details. 

Parliamentary oversight
The other oversight body is the Committee for the Intelligence and Security Services (Commissie voor de Inlichtingen- en Veiligheidsdiensten, or CIVD), comprising the leaders of all political parties represented in the Second Chamber of the Dutch parliament. In this commission, which meets about 10 times a year in utmost secrecy, the party leaders are briefed by the responsible ministers and the heads of both secret services.
Within the context of the CIVD, the party leaders have the right to read classified documents, but when they make notes, even those notes are considered classified and may not leave the secure room. They can also ask, through the minister, to question employees of the secret services, but they have no powers to force them, nor to hear them under oath.

Oversight weaknesses
According to scholars and historians, the CIVD commission isn’t really fit to conduct thorough oversight. The party leaders are involved with way too many other political issues, and therefore they not always attend the commission meetings. A leak from this commission in February 2014 also made clear that the government can apparently rather easily report about things in such a way that the party leaders miss the actual importance of it.
Independent experts proposed that the commission should at least be extended with specialized members of parliament so intelligence issues receive full attention and better understanding, but this proposal was rejected by the party leaders. They seem not really interested in the work of AIVD and MIVD, which is especially worrying given the very secretive way the Dutch government deals with intelligence issues.

​​Internal markings
From the commission files we also learn that BND uses te following internal markings. When disseminated outside BND, such information was meant to be classified GEHEIM.
- Meldedienstliche Verschlusssache - amtlich geheimgehalten
- Ausgewertete Verschlusssache - amtlich geheimgehalten
- Operative Verschlusssache - amtlich geheimgehalten
- FmA Auswertesache - amtlich geheimgehalten

BND organization
The files published by Wikileaks also contain a set of charts showing the organizational structure of BND between the year 2000 and 2014. There are some changes in the agency's divisions, with a reorganization in 2009, as can be seen in the following charts:

BND organization chart, situation until 2009

The telephone set that president Trump used for his conference call can be recognized as a Cisco IP Phone 8841, but with some distinctive modifications.

Top Secret
The first one is that is has a bright yellow bezel around the high-resolution color display, while standard phones have a black or a silver one. As yellow is the color code for information classified Top Secret/Sensitive Comparmented Information (TS/SCI), the bezel shows that this phone can be used for calls at the highest level. 
This phone is part of the Executive Voice over Secure IP-network, which connects the US president with all major decision makers, like the secretaries of State, Defense and Homeland Security as well as the Director of National Intelligence. The phones themselves have no encryption capability - they are connected to a central network encryptor, probably from General Dynamics' TACLANE familiy.

Fiber network
The second modification is that the device can be directly connected to a local fiber optic network, instead of the usual connection to a copper cable telephone system through an RJ-14 plug. Because signals traveling over copper cables cause electromagnetic emanations ("TEMPEST"), they are easier to intercept than when there's a fiber optic network.
The new phone was modified by CIS Secure Computing, Inc., which is a small company that provides additional security functions for commercial-of-the-shelf communications equipment. On its website it advertises the Cisco 8841 Fiber Enabled VoIP Phone and in the photo below the company's logo can be recognized on the back side of the device:

It's not known when exactly this new telephone was installed, but it must have been somewhere after Trump's first Thanksgiving address last year. Then we still saw the old phone for highly secure calls. This was a common Cisco 7975 Unified IP phone, which was also modified by CIS Secure Computing, providing it with TEMPEST protection and two 1 Gigabit SC Fiber ports.
> See: Trump's communications equipment outside the White House

Summary of a second PRISM program as described on this weblog (source: Wikileaks, pdf-page 104 )

Eavesdropping authorities of Dutch police and secret services. Situation until new laws will probably be passed in 2017.

The strange thing here is that on the right side, the table has daily numbers broken down for several processing systems - strange because the chart from Der Spiegel only provided aggregated numbers, and because three codenames weren't seen in the published BOUNDLESSINFORMANT charts: POPTOP, CRON and SNOWHAZE. Did NSA provide these more detailed numbers so BND could compare them?
In a letter from August 13, 2013, BND president Schindler asks NSA director Alexander to confirm that the metadata collected through 987LA and US-987LB came solely from BND. This would help to make the public debate more rational.

During a hearing of the German parliamentary investigation commission on January 19, 2017, former BND president Schindler said that the BOUNDLESSINFORMANT charts that Snowden took, were from training course material. This was said here for the first time and given the problems these charts caused for BND, it's possible that they asked NSA for more details after which this explanation came up.

Cooperation in Afghanistan
In answers to questions from parliament, BND wrote that in Afghanistan, NSA operates a collection network, in which 14 countries participate (the Afghanistan SIGINT Coalition, or AFSC). Partner agencies enter the data they collect into a database (similar or identical to SIGDASYS) managed by NSA and they can request from the database those data that are relevant for their mission task.
Between 2011 and 2013, BND requested and received 216.423 data sets from this syetem. For the Afghanistan "burden sharing", BND was working on some 5000 targets, which resulted in ca. 1 million data sets each day. These were shared with the AFSC group and therefore also with NSA and GCHQ. Most of this is about localisation.
Furthermore, NSA provided BND with several thousand selectors of targets to collect the related data from satellite links from or to Afghanistan and other crisis regions. BND does this through its satellite intercept station in Bad Aibling, which results in ca. 3 million data sets each month. After passing the G-10 filter (to block communications related to Germans), these data are provided to NSA.

Intelligence sharing
In 2012, BND's SIGINT division TA shared 580 intelligence reports (Meldungen) with US agencies, 184 with British services and 553 with multinational groups. A total of 879 reports contained personal data from intercepted communications. In the first half of 2013 there were 200 reports shared with the US, 55 with the UK and 220 with multinational groups. A total of 408 contained personal data.
In return, BND received 7976 reports and information packages about terrorism and the proliferation of weapons of mass destruction in 2012. This total number is made up of ca. 750 reports from NSA, 4538 from CIA, 519 from DIA and 2169 from the US Central Command (CENTCOM).

Cyber security
Some insights about the cooperation between BND and NSA on the field of cyber defense can be read in a report about the visit of NSA director Keith Alexander to Berlin, on June 6 and 7, 2013 (which were the second and third days of the Snowden revelations!).
When it came to cyber issues, Alexander compared the internet to a "fibre ring" operated by internet service providers (ISPs), with "pipes" leading to the networks of industry, finance and government. Any malware, whether for destroying things or stealing data, should be stopped in the "fibre ring" before it reaches the "pipes" - "you need to see it first".

A German government official said that Germany has good cyber specialists, but they work only in a defensive way. When it comes to offensive cyber attacks, Germany is inactive. Also, contacts to industry should be revived. The general opinion was that German industry should protect itself, but small and medium businesses are very naiv and without obligations, companies will not spend money for cyber defense.

The report says that for cyber issues, a small group of "trusted states" could be created, because international regulations like the Budapest Convention seem hardly effective. According to general Alexander, the US is building partnerships, but sharing information depends on trust, which is not always given.

General Alexander also told BND that NSA had 27 teams of 56 persons each, which support the US Combatant Commands and that additional 6000 new cyber specialists will follow. NSA also supports the US Cyber Command with a detachment of 407 cyber experts. According to Alexander, NSA identified about 50 Chinese "intrusion sets" and gained access to Chinese networks to find out who the victims were of these massive and global cyber attacks.

In an answer to questions by member of parliament Oppermann from July 23, 2013, BND says that they support domestic security service BfV and information security agency BSI in recognizing foreign cyber attacks, which is called "SIGINT Support to Cyber Defence" (SSCD). Only BND is able to build technical systems to detect cyber attacks in(!) foreign countries.
The answer also says that "within the SSCD-working group of a international SIGINT coalition, BND exchanges information about the international detection of cyber attacks" - this international SIGINT coalition is most likely the SIGINT Seniors Europe (SSEUR or 14-Eyes) group. And apparently it's this working group that that BND director Schindler referred to when he talked about international cybersecurity cooperation in May 2014.

Finally, a list of some of the most interesting files found so far (would have been useful when Wikileaks provided this kind of index though):
- MAT_A_BND-1-3a_2 (employees of US military and intelligence contractors in Germany)
- MAT_A_BND-1-5 (NSA's bulk metadata collection, PRISM and XKEYSCORE)
- MAT_A_BND-1-11c (pdf-page 315: options how NSA could have intercepted Merkel's cell phone)
- MAT_A_BND-1-11j (pdf-page 145 ff.: cyber security cooperation between NSA and BND; page 155: short history of Bad Aibling Station; page 280: NSA letter about 3 different PRISMs)
- MAT_A_BND-1-11k (letter of BND president Schindler to NSA director Alexander)
- MAT_A_BND-1-13a (pdf-page 61 and 88: initially, BND assumed that PRISM was about collecting metadata; page 99: since 2012, NSA sent BND ca. 450 reports about terrorist threats)
- MAT_A_BND-1-13b (pdf-page 84 and 85: XKEYSCORE diagrams; page 227: targeted interception requires a "sessionizer" similar to XKS; page 277: SSCD working group of the SSEUR)
- MAT_A_BND-1-13c (pdf-page 127: data sharing in Afghanistan)
- MAT_A_BND-1-13h (pdf-page 108 ff.: report about the VERAS metadata system)
- MAT_A_BND-1-2a (pdf-page 19 ff.: Various presentations from the Black Hat 2013 conference)
- MAT_A_BND-3a (very extensive index of topics used by BND)
- MAT_A_BND-3-1a (BND organization charts from 2000-2014)
- MAT_A_BND-8a (contacts with GCHQ, cooperation between BND and NSA, reports about the refugee interview unit, internal G10 manual)


The 10 Biggest Revelations From Edward Snowden's Leaks

One year ago, the Guardian published its first bombshell story based on leaked top-secret documents showing that the National Security Agency was spying on American citizens.
At the time, journalist Glenn Greenwald and the Guardian never mentioned that they had a treasure trove of other NSA documents, nor that they came from one person. Then three days later, the source surprisingly unmasked himself: His name was Edward Snowden.

SEE ALSO: Meet the Man Hired to Make Sure the Snowden Docs Aren't Hacked

When asked if more revelations were in the pipeline, Greenwald always used to respond that yes, many more were coming — and he wasn't kidding. Over the next year, explosive stories began to trickle out of those documents. Here are the top 10 revelations of the year.

1. Secret court orders allow NSA to sweep up Americans' phone records
The very first story revealed that Verizon had been providing the NSA with virtually all of its customers' phone records. It soon was revealed that it wasn't just Verizon, but virtually every other telephone company in America.
This revelation is still one of the most controversial ones. Privacy advocates have challenged the legality of the program in court, and one Judge deemed the program unconstitutional and "almost Orwellian," while another one ruled it legal.
The uproar caused by this first story has led President Barack Obama to endorse a reform to the program, and the House of Representatives to pass the first law that tries to change it.

The existence of PRISM was the second NSA bombshell, coming less than 24 hours after the first one. Initially, reports described PRISM as the NSA's program to directly access the servers of U.S tech giants like Google, Facebook, Microsoft and Apple, among others.
Its reality was slightly different.
PRISM, we soon learned, was less less evil than first thought. In reality, the NSA doesn't have direct access to the servers, but can request user data from the companies, which are compelled by law to comply.
PRISM was perhaps as controversial as the first NSA scoop, prompting technology companies to first deny any knowledge of it, then later fight for the right to be more transparent about government data requests. The companies ended up partially winning that fight, getting the government to ease some restrictions and allow for more transparency.

3. Britain's version of the NSA taps fiber optic cables around the world
The British spy agency, the Government Communications Headquarters (GCHQ), taps fiber optic cables all over the world to intercept data flowing through the global Internet, we learned. The GCHQ works closely with the NSA, sharing data and intelligence in a program that's codenamed Tempora.
Tempora is one of the key NSA/GCHQ programs, allowing the spy agencies to collect vasts troves of data, but for some reason, it has sometimes been overlooked. After a couple of months from the Tempora revelation, a German newspaper revealed the names of the companies that collaborate with the GCHQ in the Tempora program: Verizon Business, British Telecommunications, Vodafone Cable, Global Crossing, Level 3, Viatel and Interoute.

4. NSA spies on foreign countries and world leaders
U.S. President Barack Obama, right, and German Chancellor Angela Merkel are seated together at a G7 dinner in Brussels, on June 4. Their relationship has been tense since reports revealed that the NSA tapped Merkel's phone.
Over the months, countless stories based on Snowden documents have revealed that the NSA has spied on numerous world leaders and foreign governments.
The German newsweekly Der Spiegel revealed that the NSA targets at least 122 world leaders.
Other stories over the past years have named specific targets like German Chancellor Angela Merkel, Brazil's President Dilma Roussef, and Mexico's former President Felipe Calderon, the French Foreign Ministry, as well as leaders at the 2010 G8 and G20 summits in Toronto.

5. XKeyscore, the program that sees everything
XKeyscore is a tool the NSA uses to search "nearly everything a user does on the Internet" through data it intercepts across the world. In leaked documents, the NSA describes it as the "widest-reaching" system to search through Internet data.

6. NSA efforts to crack encryption and undermine Internet security
Encryption makes data flowing through the Internet unreadable to hackers and spies, making the NSA's surveillance programs less useful. What's the point of tapping fiber optic cables if the data flowing through them is unreadable? That's why the NSA has a developed a series of techniques and tricks to circumvent widely used web encryption technologies.
The NSA, however, isn't able to compromise the encryption algorithms underlying these technologies. Instead, it circumvents or undermines them, forcing companies to install backdoors, hacking into servers and computers, or promoting the use weaker algorithms.
In any case, technologists were alarmed.
"Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the Internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance. The NSA's efforts to secretly defeat encryption are recklessly shortsighted and will further erode not only the United States' reputation as a global champion of civil liberties and privacy but the economic competitiveness of its largest companies," Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU) said at the time.

7. NSA elite hacking team techniques revealed
The NSA has at its disposal an elite hacker team codenamed "Tailored Access Operations" (TAO) that hacks into computers worldwide, infects them with malware and does the dirty job when other surveillance tactics fail.
Der Spiegel, which detailed TAO's secrets, labelled it as "a squad of plumbers that can be called in when normal access to a target is blocked." But they can probably be best described as the NSA's black bag operations team.
TAO comes in for specific, targeted operations when the NSA can't find intelligence or needs more detailed information on a target through its bulk surveillance programs. Before Snowden, most of their operations and techniques were shrouded in secrecy, and their secrets make for one of the most fascinating revelations.

8. NSA cracks Google and Yahoo data center links
When bulk collection or PRISM fails, the NSA had other tricks up its sleeve: It could infiltrate links connecting Yahoo and Google data centers, behind the companies' backs.
This revelation was made famous mostly by a Power Point slide that included a celebratory smiley face.
This story truly enraged the tech companies, which reacted with much more fury than before. Google and Yahoo announced plans to strengthen and encrypt those links to avoid this kind of surveillance, and a Google security employee even said on his Google+ account what many others must have thought privately: "Fuck these guys."

9. NSA collects text messages
It's not just about Internet data though. The NSA, following its unofficial motto of "collecting it all," intercepts 200 million text messages every day worldwide through a program called Dishfire.
In leaked documents, the agency described the collected messages as a "goldmine to exploit" for all kinds of personal data.
Here is what the NSA automatically extract from text messages *every day*:
— James Ball (@jamesrbuk) January 16, 2014
Other documents also revealed that the NSA can "easily" crack cellphone encryption, allowing the agency to more easily decode and access the content of intercepted calls and text messages.

10. NSA intercepts all phone calls in two countries

The NSA intercepts and stores all phone calls made in the Bahamas and Afghanistan through a program called MYSTIC, which has its own snazzy logo.
The Bahamas was revealed by The Intercept, Greenwald's new website, while the second was revealed by WikiLeaks, which protested The Intercept's decision to withhold the second country's name.
The NSA also collects all phone calls' metadata in Mexico, Kenya and the Philippines.

Bonus: Edward Snowden's first in-person interview with an American news outlet
(H/T to the site Free Snowden, which has an extensive and detailed list of all the NSA revelations.)


NSA report about an intercepted conversation of French president Hollande. From an unknown source, published by Wikileaks in 2015

Wikipedia Exposed Media - WEM


Verizon has been providing the National Security Agency with millions of subscribers' telephone records following a secret court order, according to a report.

A new secure phone for outside the White House
November 28, 2018 

Last Thursday, Americans celebrated Thanksgiving and traditionally the president addressed members of the military services that are deployed abroad. For Donald Trump this was the second time during his presidency. 
The video footage and photos of that address also showed something that is one of the topics of this weblog: a new telephone used for top level telecommunications of the president of the United States:

The chart that seems to be prepared by BND employee M.J. to compare with the one from BOUNDLESSINFORMANT (note the different scale)

Micah Lee works with three laptops in his Berkeley, California, apartment.

Edward Snowden Bonanza Data Milk for 3 years and for 20 years

Binney, always the humorist, reminded me of a notorious statement made by Sam Visner, a senior NSA official, to a group of contractors a day after the 9/11 attacks: "We can milk this thing all the way to 2015." Here's Binney's email to me about the arguments from Young and Natsios: As Sam said, 'wecan milk this cow for 15 years,' It's just business."

NSA Snowden Releases Tally Update - *7,361 Pages November 18, 2016

18 November 2016. Add 59 pages to The Intercept. Tally now *7,361 pages of The Guardian first reported 58,000 7files; caveat: Janine Gibson, The Guardian NY, said on 30 January 2014 "much more than 58,000 files in first part, two more parts" (no numbers) (tally about ~11.5%). DoD claims 1,700,000 files (~.04% of that released). ACLU lists 525 pages released by the press. However, if as The Washington Post reported, a minimum of 250,000 pages are in the Snowden files, then less than 1% have been released. Note Greenwald claim on 13 September 2014 of having "hundreds of thousands" of documents.

7 September 2016. Add 102 pages to The Intercept.
19 August 2016. Add 6 pages to The Intercept.
19 August 2016. Add 6 pages to The Intercept.
12 August 2016. Add 367 pages to The Intercept.
7 June 2016. Add 123 pages to The Intercept.
16 May 2016. Add 252 pages to The Intercept.
16 May 2016. Kudos, at last: The Intercept is broadening access to the Snowden archive. Here’s why: by Glenn Greenwald

14 May 2016. Add 4 pages to The Intercept.
16 February 2016

10 February 2016. Add 99 pages to Boing Boing (released 2 February 2016). Tally now *6,318 pages of The Guardian first reported 58,000 files; caveat: Janine Gibson, The Guardian NY, said on 30 January 2014 "much more than 58,000 files in first part, two more parts" (no numbers) (tally about ~10.6%). DoD claims 1,700,000 files (~.04% of that released). ACLU lists 525 pages released by the press. However, if as The Washington Post reported, a minimum of 250,000 pages are in the Snowden files, then less than 1% have been released. Note Greenwald claim on 13 September 2014 of having "hundreds of thousands" of documents. At Snowden current rate it will take 20-620 years to free all documents.

6 February 2016. (±) False Tallies-the Prisoner’s Dilemma?
2 February 2016. Add 14 pages to The Intercept.
23 December 2015. Add 7 pages to The Intercept
20 November 2015. Add 5 pages to Telesurtv and The Intercept.
28 September 2015. Add 21 pages to The Intercept.
24 September 2015. Add 283 pages to The Intercept.
15 August 2015. Add 74 pages to New York Times-Propublica.
11 August 2015. Add 29 pages to The Intercept.
3 August 2015. Add 10 pages to The Intercept.
16 July 2015. Add 8 pages to The Intercept.
1 July 2015. Add 1,240 pages to The Intercept.
26 June 2015. Add 13 pages to The Intercept.
22 June 2015. Add 250 pages to The Intercept.
13 June 2015. Italian journalist provides correspondence with USG on Snowden documents:
2015-1504.pdf offsite Stefania Maurizi-NSA Snowden Correspondence June 13, 2015 2015-1503.pdf offsite Stefania Maurizi-DoJ Snowden Correspondence June 13, 2015 2015-1502.pdf offsite Stefania Maurizi-State Snowden Correspondence June 13, 2015
12 June 2015. Paul and FVEYDOCS tweet:
IC off the Record:
12 June 2015. Aeris tweets:
OCRized/indexed/full-text-searchable PDF.

12 June 2015. Christopher Parsons writes:

Saw your tweet re: sources for Snowden docs. I've compiled all the relevant Canadian documents, along with summary information of the documents'contents along with indexing information, here:

In the coming months I'm hoping to have equivalent summaries for Australia and New Zealand (and will then be moving on to do similar summary work for US- and UK-based documents).
12 June 2015. Snowden documents compilations (plus this one):

If all documents are free somewhere please send pointer to: cryptome[at]

12 June 2015. Add 4 pages to The Intercept.
4 June 2015. Add 91 pages to The New York Times.
28 May 2015. Add 23 pages to The Intercept.
22 May 2015. Add 26 pages to CBC (with The Intercept).
21 May 2015. Edward Snowden was quoted in Forbes on May 10, 2015:

"What I did was that I worked in partnership with the journalists who received the material. As a condition of receiving the material they agreed, prior to publication, to run these stories by the government. Not for the government to censor them, but for the government to be able to look at these and go “look, this isn’t going to get anybody killed, this isn’t going to put a human agent behind enemy lines at risk” or something like that. “This isn’t going to make Al Qaeda be able to bomb buildings.” And I think the value of this model has been proven to be quite effective."

This indicates all stories about document releases have been "run-by governments prior to publication." Cryptome has filed an FOIA request to NSA for records of these "run-bys."

21 May 2015. Add 10 pages to The Intercept.

19 May 2015. Add 19 pages to The Intercept.
18 May 2015. Add 6 pages to The Intercept.
8 May 2015. Add 40 pages to The Intercept.
5 May 2015. Add 46 pages to The Intercept.
2 April 2015. Add 7 pages to The Intercept.
30 March 2015. Snowden documents archive by The Courage Foundation:

24 March 2015. Add 152 pages to CBC News.
14 March 2015. Add 2 pages to New Zealand Herald.
10 March 2015. Add 12 pages to The Intercept. Add 8 pages to New Zealand Herald.
8 March 2015. Add 35 pages to New Zealand Star Times.
6 March 2015. Add 4 pages to New Zealand Herald.
5 March 2015. Snowden Archive, searchable:
5 March 2015. Add 6 pages to New Zealand Herald.
19 February 2015. Add 32 pages to The Intercept.
10 February 2015. Add 2 pages to The Intercept.
5 February 2015. Add 3 pages to The Intercept.
4 February 2015. Add 5 pages to The Intercept.
30 January 2015. Compilation of Snowden documents:

[Repost] 4 April 2014. ACLU offers NSA documents search:


If more lists please send: cryptome[at]

28 January 2015. Add 21 pages to CBC News.
26 January 2015. Add Citizenfour Snowden Documentary High-Definition, with innumerable images, by Cryptome.
25 January 2015. Add Citizenfour Snowden Documentary by Cryptome, with innumerable images, some 87 extracted by Paul Dietrich in following entry.
22 January 2015. Add 87 pages to Paul Dietrich (via Citizenfour).
17 January 2015. Add 199 pages to Der Spiegel.
28 December 2014. Add 666 pages to Der Spiegel.
22 December 2014. Add 1 page to New York Times.
13 December 2014. Add 67 pages to The Intercept.
4 December 2014. Add 63 pages to The Intercept.
25 November 2014. Add 72 pages to Süddeutsche Zeitung.
6 November 2014. At current rate of release it will take 31 to 908 years for full disclosure.
10 October 2014. Add 69 pages to The Intercept.
17 September 2014. Add 2 pages to The Intercept.
14 September 2014. Add 68 pages to Der Spiegel.
13 September 2014. In video Glenn Greenwald claims to have "hundreds of thousands" of documents (at 9:06 min)

Audio excerpt:

5 September 2014. Add 32 pages to The Intercept.
31 August 2014. Add 34 pages to Der Spiegel.
25 August 2014. Add 55 pages to The Intercept.
16 August 2014. Add 26 pages to Heise.
12 August 2014. Add 6 pages to The Intercept.
5 August 2014. Add 12 pages to The Intercept.
4 August 2014. Add 23 pages to The Intercept.
25 July 2014. Add 4 pages to The Intercept.
14 July 2014. Add 8 pages to The Intercept.
14 July 2014. "I'm as mad as hell and I'm not going to take this anymore!"

Cryptome has sent a demand for accounting and public release specifics to holders of the Snowden documents: New York Times, Washington Post, The Guardian, Barton Gellman, Laura Poitrias, Glenn Greenwald, ACLU, EFF and John and Jane Does, US Citizens:

11 July 2014. See related essay, Open the Snowden Files, Krystian Woznicki, 11July 2014:


11 July 2014. @PaulMD notes this claim in the Washington Post, 11 July 2014:

We did not have an official NSA list of targets. We had to find them in the pile ourselves. Soltani, an independent researcher, did most of the heavy lifting on that. Because the information was not laid out in rows and columns, the way it might be in a spreadsheet, Soltani wrote computer code to extract what we were looking for from something like a quarter-million pages of unstructured text.

If a minimum of 250,000 pages are in the Snowden files, then less than 1% have been released.

9 July 2014. Add 8 pages to The Intercept.
9 July 2014. Add 1 page to Washington Post.
23 June 2014. Add 9 pages to Der Spiegel.
22 June 2014. Add 41 pages to Information-The Intercept.
Revised. This is included in entry above. 18 June 2014. Add 20 pages to The Intercept.

18 June 2014. Add 200 pages to Der Spiegel.
16 June 2014. Add 4 pages to Der Spiegel.
1 June 2014. Add 4 pages to New York Times.
23 May 2014. Cryptome placed online No Place to Hide, 310 pages, to compensate for failure to release Snowden documents: (27MB)

19 May 2014. The Intercept released 12 pages.
13 May 2014. Glenn Greenwald released 107 pages, some new, some previously published, some full pages, some page fragments.

5 May 2014. Related tally of redactions of Snowden releases:

30 April 2014. Add 19 pages to The Intercept.
30 April 2014. Add 2 pages to Dagbladet belatedly.
5 April 2014. Add 21 pags to The Intercept.
4 April 2014. ACLU offers NSA documents search:


If more lists please send: cryptome[at]

2 April 2014.
29 March 2014. Add 1 page to Der Spiegel.
22 March 2014. Add 3 pages to Der Spiegel.
22 March 2014. Add 2 pages to New York Times.
21 March 2014. Add 7 pages to Le Monde.
20 March 2014. Add 6 pages to The Intercept.
18 March 2014. Add 4 pages to Washington Post.
13 March 2014. Add 1 page to The Intercept.
12 March 2014. Add 35 pages to The Intercept.
12 March 2014. Add 62 pages to New York Times. Add 2 pages to NRC Handelsblad.
7 March 2014. Add 8 pages to The Intercept.
27 February 2014. Add 3 pages to Guardian.
25 February 2014. Add 11 pages to NBC News.
24 February 2014. Add 4 pages to The Intercept.
24 February 2014. Add *50 pages to The Intercept (7 pages are duplicates of GCHQ Psychology).
18 February 2014. Add *45 pages to The Intercept (37 pages are duplicates of release by NBC News).

Note: Between 10-17 February 2014, The Intercept disclosed fragments of Snowden pages and the New York Times referenced some but as far as known did not release them in full.

If available please send link.

10 February 2014. Add 1 page to NRC Handelsblad (via
7 February 2014. Add 15 pages NBC News.
5 February 2014. Add 14 pages NBC News.
31 January 2014. Add 27 pages to CBC News.

27 January 2014. Add 47 pages to NBC News.

27 January 2014. Add 18 pages to Anonymous via New York Times.

16 January 2014. Add 8 pages to The Guardian.

* 14 January 2014. Add 21 pages to (duplicate).

* 13 January 2014. Add 4 pages to (duplicate).

Related Snowden Document and Page Count Assessment:

* 5 January 2014. Add 16 pages to Der Spiegel (30 December 2013. No source given for NSA docs). Tally now *962 pages (~1.7%) of reported 58,000. NSA head claims 200,000 (~.50% of that released).

4 January 2014. The source was not identified for *133  pages published by Der Spiegel and Jacob Appelbaum in late December 2013. They are included here but have not been confirmed as provided by Edward Snowden. Thanks to post by Techdirt.

Glenn Greenwald tweeted:

Glenn Greenwald @ggreenwald, 8:05 AM - 29 Dec 13

@Cryptomeorg @ioerror I had no involvement in that Spiegel article, ask them - and they don't say those are Snowden docs.

Matt Blaze tweeted, 11:24 AM - 2 Jan 14

matt blaze @mattblaze

If there are other sources besides Snowden, I hope journalists getting docs are careful to authenticate them (& disclose uncertainty).

3 January 2014. Add 13 pages to Washington Post.

3 January 2014. See also EFF, ACLU and LeakSource accounts:

2 January 2014. Add 1 page to Washington Post published 10 July 2013.

* 31 December 2013. Add 16 pages to Der Spiegel.

* 30 December 2013. Add 50 pages of NSA ANT Catalog by Jacob Appelbaum (no source given for NSA docs).

* 30 December 2013. Add 21 pages from 30C3 video by Jacob Appelbaum (no source given for NSA docs).

* 30 December 2013. Add 42 pages (8 duplicates) to Der Spiegel (no source given for NSA docs).

* 29 December 2013. Add 4 pages to Der Spiegel (no source given for NSA docs).

24 December 2013. Add 2 pages to Washington Post.

23 December 2013

We've yet to see the full impact of former National Security Agency contractor Edward Snowden's unauthorized downloading of highly classified intelligence documents.

Among the roughly 1.7 million documents he walked away with -- the vast majority of which have not been made public -- are highly sensitive, specific intelligence reports, as well as current and historic requirements the White House has given the agency to guide its collection activities, according to a senior government official with knowledge of the situation.

The latter category involves about 2,000 unique taskings that can run to 20 pages each and give reasons for selective targeting to NSA collectors and analysts. These orders alone may run 31,500 pages.

13 December 2013. Add 26 pages to Trojkan (SVT). Tally now 797 pages (~1.4%) of reported 58,000. NSA head claims 200,000 (~.40% of that released). Australia press reports "up to 20,000 Aussie files."

Rate of release over 6 months, 132.8 pages per month, equals 436 months to release 58,000, or 36.3 years. Thus the period of release has decreased in the past month from 42 years.

12 December 2013. Belatedly add 27 pages to Guardian and 18 pages to Washington Post.

21 November 2013. See also EFF and ACLU accounts:

Timeline of releases:

[See tabulation below for full timeline.]

5 October 2013

26 Years to Release Snowden Docs by The Guardian

Out of reported 15,000 pages, The Guardian has published 192 pages in fourteen releases over four months, an average of 48 pages per month, or 1.28% of the total. At this rate it will take 26 years for full release.

Number Date Title Pages
The Guardian 276
27 February 2014 GCHQ Optic Nerve 3
21 16 January 2014 SMS Text Messages Exploit 8
20 9 December 2013 Spying on Games 2
18 18 November 2013 DSD-3G 6
19 1 November 2013 PRISM, SSO
SSO1 Slide
SSO2 Slide 13*
18 4 October 2013 Types of IAT Tor 9
17 4 October 2013 Egotistical Giraffe 20*
16 4 October 2013 Tor Stinks 23
15 11 September 2013 NSA-Israel Spy 5
14 5 September 2013 BULLRUN 6*
13 5 September 2013 SIGINT Enabling 3*
12 5 September 2013 NSA classification guide 3
11 31 July 2013 XKeyscore 32
10 27 June 2013 DoJ Memo on NSA 16
9 27 June 2013 Stellar Wind 51
8 21 June 2013 FISA Certification 25
7 20 June 2013 Minimization Exhibit A 9
6 20 June 2013 Minimization Exhibit B 9
5 16 June 2013 GCHQ G-20 Spying 4
4 8 June 2013 Boundless Informant FAQ 3
3 8 June 2013 Boundless Informant Slides 4
2 7 June 2013 PPD-20 18
1 5 June 2013 Verizon 4
Washington Post 297
9 July 2014 NSA Emails 1
18 March 2014 NSA SCALAWAG 2
18 March 2014 NSA MYSTIC 2
2 January 2014 Quantum Computer 2 10
2 January 2014 Quantum Computer 3
23 December 2013 NSA/CSS Mission 2
11 December 2013 Excessive Collection 9
11 December 2013 SCISSORS 2 7
11 December 2013 SCISSORS 1 4
11 December 2013 Yahoo-Google Exploit 6
11 December 2013 Cable Spying Types 7
11 December 2013 WINDSTOP 1
11 December 2013 Co-Traveler 24
11 December 2013 GSM Tracking 2
11 December 2013 SIGINT Successes 4
11 December 2013 GHOSTMACHINE 4
5 December 2013 Target Location 1
4 December 2013 FASCIA 2
4 December 2013 CHALKFUN 1
26 November 2013 Microsoft a Target? 4
4 November 2013 WINDSTOP, SSO, Yahoo-Google 14
30 October 2013 MUSCULAR-INCENSOR Google and Yahoo 4
14 October 2013 SSO Overview 4
14 October 2013 SSO Slides 7
14 October 2013 SSO Content Slides 9
4 October 2013 Tor 49
4 October 2013 EgotisticalGiraffe 20*
4 October 2013 GCHQ MULLENIZE 2
4 October 2013 Roger Dingledine 2
30 August 2013 Budget 17
10 July 2013 PRISM Slide 1
29 June 2013 PRISM 8
20 June 2013 Warrantless Surveillance 25*
7 June 2013 PPD-20 18*
6 June 2013 PRISM 1
Der Spiegel * 1,278
17 January 2015 NSA Prepares for Cyber Battle 199
28 December 2014 NSA Attacks on VPN, SSL, TLS, SSH, Tor 197MB 666
14 September 2014 GCHQ STELLAR 26
14 September 2014 NSA Treasure Map 38
14 September 2014 NSA Treasure Map New 4
31 August 2014 NSA GCHQ Spy Turkey 34
23 June 2014 NSA German SIGADs 9
18 June 2014 NSA German Spying-2 200
16 June 2014 NSA German Spying 4
29 March 2014 NSA Spy Chiefs of State 1
22 March 2014 NSA SHOTGIANT 2

31 December 2013 QFIRE * 16
30 December 2013 TAO Introduction * 16
30 Deceber 2013 QUANTUM Tasking (8 duplicates of QUANTUMTHEORY) 28*
30 December 2013 QUANTUMTHEORY 14
29 December 2013 TAO ANT COTTONMOUTH (images)
17 November 2013 ROYAL CONCIERGE (DE)


29 October 2013 NSA-CIA SCS 3
27 October 2013 NSA-CIA SCS 2
20 October 2013 Mexico President 1
20 September 2013 Belgacom 3
16 September 2013 SWIFT 3
9 September 2013 Smartphones 5
1 September 2013 French Foreign Ministry 0
31 August 2013 Al Jazeera 0
O Globo Fantastico ~87
7 October 2013 CSE Brazil Ministry 7
8 September 2013 Petrobas ~60
3 September 2013 Brazil and Mexico 20
New York Times 216
15 August 2015 NSA SSO Fairview Stormbrew Blarney (with Propublica) 74
4 June 2015
4 June 2015 NSA Expands Phone Spying at Borders
NSA Expands Phone Spying at Borders 2 90
22 December 2014 NSA Tracks Zarrar Shah 1
1 June 2014 NSA Identity Spying 4
22 March 2014 NSA Huawei SHOTGIANT 2
12 March 2014 NSA Stellarwind Classification
NSA FISA FAA Classification
AG Dissemination
NSA Cryptanalyist FISA Database
NSA Spying Timeline 37
9 December 2013 Spying on Games 82*
23 November 2013 SIGINT Strategy 2012-2016 5
3 November 2013 SIGINT Mission 2013

SIGINT Mission 2017

28 September 2013 Contact Chaining Social Networks 1
28 September 2013 SYANPSE 1
5 September 2013 BULLRUN 4*
5 September 2013 SIGINT Enabling 3*
ProPublica 163*
15 August 2015 NSA SSO Fairview Stormbrew Blarney (with NY Times) 74*
9 December 2013 Spying on Games 82*
5 September 2013 BULLRUN 4*
5 September 2103 SIGINT Enabling 3*
Le Monde 20
21 March 2014 CSE SNOWGLOBE 7
25 October 2013 NSA Hosts FR Spies 4
22 October 2013 Wanadoo-Alcatel 1
22 October 2013 Close Access Sigads 2
22 October 2013 Boundless Informant 2
22 October 2013 PRISM 11
Dagbladet 15
April 2014
December 2013 Norway Assistance 2
19 November 2013 BOUNDLESSINFORMANT 13
NRC Handelsblad 7
12 March 2014 NSA Aids Dutch Anti-Piracy 2
8 February 2014 MIVD BoundlessInformant
Cryptome mirror 1
30 November 2013 Dutch SIGINT 3
23 November 2013 SIGINT Cryptologic Platform 1
Huffington Post 3
27 November 2013 Muslim Porn Viewing 3
CBC 214
22 May 2015 US-UK-CA-AU-NZ Cellphone Spying 26*
24 March 2015 CSEC Cyber Threats 152
28 January 2015 CSE LEVITATION-FFU Project 21
30 January 2014 CSEC IP Profiling 27
10 December 2013 NSA-CSEC Partnership 1
10 December 2013 G8-G20 Spying 4*
2 December 2013 G8-G20 Spying 3
29 November 2013 G8-G20 Spying 1
The Globe and Mail 18
30 November 2013 CSEC Brazil Spying 18*
SVT (Swedish TV) 2
5 December 2013 Sweden Spied Russia for NSA 2
L'Espresso 3
6 December 2013 NSA Spies Italy 3
Trojkan (SVT) 29
11 December 2013 NSA Sweden FRA Relationship 1*
11 December 2013 NSA 5 Eyes Partners 1
11 December 2013 NSA Sweden FRA Agenda 8
11 December 2013 NSA Sweden FRA RU Baltic 1
11 December 2013 NSA GCHQ Sweden FRA COMINT 1
11 December 2013 NSA Sweden FRA  XKeyscore Plan 5
11 December 2013 NSA Sweden FRA XKeyscore Sources 1
11 December 2013 NSA Sweden FRA XKeyscore Tor et al 3
11 December 2013 NSA Sweden FRA XKeyscore Slide 1
11 December 2013 NSA Sweden FRA Quantum 1 1
11 December 2013 GCHQ Sweden FRA Quantum 1
11 December 2013 NSA Sweden FRA Quantum Accomplishments 2
9 December 2013 NSA and Sweden Pact 3*
Jacob Appelbaum * 71
30 December 2013 NSA Catalog * 50
30 December 2013 NSA Catalog Video Clips * 21 63*
19 June 2014 NSA Partners 41*
14 January 2014 SSO (duplicate) 7*
14 January 2014 PRISM (duplicate) 11*
13 January 2014 5-Eyes Spy G8-G20 (duplicate) 4*
New York Times 18
27 January 2014 NSA Smartphones Analysis 14
27 January 2014 GCHQ Mobile Theme 4
NBC News 87
25 February 2014 GCHQ Cyber Effects 11
7 February 2014 GCHQ Cyber Attack 15
5 February 2014 GCHQ Anonymous 14
27 January 2014 GCHQ Squeaky Dolphin 47
The Intercept 3,747*
18 November 2016 NSA Project X 59
7 September 2016 GCHQ Menwith Hill Drone Killing Operations 102
19 August 2016 NSA FOXACID SSO CNO PMR et al 130
19 August 2016 NSA FULLMAN 6
12 August 2016 NSA SID Today 256 files 367
7 June 2016 GCHQ Preston, Digint, Milkwhite, CCD, et al 123
16 May 2016 NSA SID Today 178 files 252
14 May 2016 NSA SIGINT to HUMINT 4
2 February 2016 UAV Programs 14
23 December 2015 NSA-GCHQ Juniper 7
17 November 2015 NSA SCS Venezuela 5
28 September 2015 NSA Rogue Olympics 21
24 September 2015 NSA-GCHQ 29 Documents 283
11 August NSA SIGINT Philosopher 29
3 August 2015 NSA ECHELON




16 July 2015 NSA Manhunting 8
1 July 2015 NSA XKeyscore and More 1,264
26 June 2015 NSA on NYT Warrantless Wiretap Story 13
22 June 2015 GCHQ 11 Filles 250
12 June 2015 NSA SID Hacker Interview 4
28 May 2015 NSA SID Today 23
22 May 2015 US-UK-CA-AU-NZ Cellphone Spying 26*
21 May 2015 NSA Medical Spying 10
19 May 2015 NSA SID NATO 19
18 May 2015 JTAC Attack Methodology 3
18 May 2015 NCTC Major Terrorism Figures 1
18 May 2015 Black Budget Bin Laden Raid 2
8 May 2015 NSA SKYNET 40
5 May 2015 NSA Black Budget SID RT10 WG Language 46
2 April 2015 NSA GCHQ JTRIG Argentina-Iran 7
10 March 2015 NSA Apple DPA Cryptanalysis 12
19 February 2015 GCHQ PCS Harvesting At Scale 32
10 February 2015 NSA Iran GCHQ 2
5 February 2015 DNI NATO Cyber Panel 3
4 February 2015 GCHQ Lovely Horse et al 5*
13 December 2014 GCHQ Belgacom Hack 67
4 December 2014 NSA AURORA GOLD et al 63
10 October 2014 10 NSA Releases
Computer Network Exploitation Declass
National Initiative Task Security 2
National Initiative Task Security 1
Exceptionally Controlled Info Compartments
Exceptionally Controlled Info Pawleys
Exceptionally Controlled Information
Sentry Eagle 2
Sentry Eagle 1
Tarex Classification Guide
Whipgenie Classification Guide 69
17 September 2014 NSA Visit by NZ Spy 2
5 September 2014 Masterspy Quadrennial Report 2009 32
25 August 2014 NSA ICREACH 55
12 August 2014 GCHQ Covert Mobile Phones Policy 6
5 August 2014 NCTC Terrorist Identifies 12
4 August 2014 US-NSA Pays Israel $500,000 2
4 August 2014 NSA-Israel Spying Pact 2013 3
4 August 2014 Israel-US Spying Pact 1999 16
25 July 2014 NSA Saudi Arabia 4
14 July 2014 NSA JTRIG Tools-Techniques 8
9 July 2014 NSA FISA Accounts 8
19 June 2014 NSA Partners 41*
19 May 2014 12 Various Pages 12
NSA Visit by GCHQ Lobban
PRISM with Olympics 14:6+8
4 April 2014 GCHQ Full Spectrum Cyber
NSA 5-Eyes SIGDEV Conference 19
20 March 2014 NSA Hunt Sysadmins 6
13 March 2014 NSA Third Party 1
12 March 2014 NSA Hammerchant

NSA UK on Mikey and Ibake
NSA Turbine and Turmoil
NSA Thousands of Implants
NSA More Than One Way
NSA GCHQ Quantumtheory
NSA Selector Types
NSA Quantum Insert
NSA Analysis of Converged Data
NSA Phishing and MTM Attacks
NSA Menwith Hill xKeyscore
NSA Industry Exploit
NSA 5 Eyes Hacking

7 March 2014 NSA Ask Zelda 8
24 February 2014 GCHQ Disruption 4
24 February 2014 GCHQ Online Deception
(7 pages duplicates of GCHQ Psychology) *50
18 February 2014 GCHQ Psychology

37 Duplicates of NBC News

18 February 2014 NSA-GCHQ Discovery 1
Glenn Greenwald
13 May 2014 A variety of documents 107
Cryptome 310
26 January 2015 Citizenfour Snowden Documentary High Definition (7-Zip MP4) (3.6GB) ~
25 January 2015 Citizenfour Snowden Documentary (7-Zipped MP4) (1.2GB) ~
23 May 2014 No Place to Hide (27MB) 310
Heise 26
16 August 2014 NSA GCHQ CSEC HACIENDA 26
Süddeutsche Zeitung 7
25 November 2014 Vodafone GCHQ Cables List and Slides 72
Paul Dietrich
@Paulmd199 87
22 January 2015 87 Citizenfour Screengrabs 87
New Zealand Herald 20
14 March 2015 GCSB Targets Solomons 2
10 March 2015 NSA-New Zealand Relationship 8
6 March 2015 GCSB XKeyscore 2 4
5 March 2015 GCSB XKeyscore 6
New Zealand Star Times 35
8 March 2015 GCSB XKeyscore 3 35
17 November 2015 NSA SCS Venezuela 5*
Boing Boing
2 February 2016 GCHQ Malware 99

Edward Snowden 

Edward Joseph Snowden (born June 21, 1983 in Elizabeth City, North Carolina, United States ) is a computer programmer who worked as a Central Intelligence Agency employee and as a subcontractor for the National Security Agency (NSA), Edward Joseph Snowden is well known as an American whistle-blower, who in 2013, collected, copied and leaked highly classified top-secret documents and information. regarding NSA domestic surveillance practices that he found disturbing and leaked them Partner: Lindsay Mills Residence: Moscow, Russia (asylum)
Documentary: Citizenfour Education: Anne Arundel Community College (2004–2005). Snowden's disclosuresrevealed numerous global surveillance programs, many run by the NSA and the Five Eyes Intelligence Alliance with the cooperation of telecommunication companies and European governments, and prompted a cultural discussion about national security and individual privacy.
In 2013, Snowden was hired by an NSA contractor, Booz Allen Hamilton, after previous employment with Dell and the CIA. Snowden says he gradually became disillusioned with the programs with which he was involved and that he tried to raise his ethical concerns through internal channels but was ignored. On May 20, 2013, Snowden flew to Hong Kong after leaving his job at an NSA facility in Hawaii, and in early June he revealed thousands of classified NSA documents to journalists Glenn Greenwald, Laura Poitras, and Ewen MacAskill. Snowden came to international attention after stories based on the material appeared in The Guardian and The Washington Post. Further disclosures were made by other publications including Der Spiegel and The New York Times. On June 21, 2013, the U.S. Department of Justice unsealed charges against Snowden of two counts of violating the Espionage Act of 1917and theft of government property,  following which the Department of State revoked his passport.  Two days later, he flew into Moscow's Sheremetyevo Airport, where Russian authorities noted that his U.S. passport had been cancelled, and he was restricted to the airport terminal for over one month. Russia later granted Snowden the right of asylum with an initial visa for residence for one year, and repeated extensions have permitted him to stay at least until 2020. In early 2016, he became the president of the Freedom of the Press Foundation, an organization that aims to protect journalists from hacking and government surveillance. As of 2017, he was living in an undisclosed location in Moscow. ​

Letter from the Chancellery which was classified STRENG GEHEIM-ANRECHT, which was marked as cancelled (UNGÜLTIG) after the attached
documents at that classification level were removed