NSA, GCHQ, Declare Civil War on Their Own People

The Guardian, NYT, and ProPublica have the first of the co-reported stories we’ve been promised, reporting that after the government failed to get Congress to require back doors into encrypted communication, it just went ahead and took it.

I’ll come back to these stories, but for the moment, want to just point to the various names it has given this effort, from ProPublica.

The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of American Civil War battles. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century.

Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”

Only a small cadre of trusted contractors were allowed to join Bullrun. It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources.

Manassas, Bullrun, and Edgehill.

All civil war battles.

Even rhetorically, our governments have declared civil war on us and our privacy.

Update: In related news, Obama’s Insider-Independent Non-Tech Tech Review Committee is seeking public comment on the dragnet.

Go let Cass Sunstein know what you think of this.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

37 replies
  1. joanneleon says:

    Jesus! In some ways these code names for systems are the most telling part of the story. And the weird thing is, they’re not as classified as you would think, given the number of people (contractors?) who use them and brag about them on Linked In. I guess some of the names are more classified than others.

    Manassas, Bullrun, and Edgehill.

    All civil war battles

  2. joanneleon says:

    When looking for Hagel and Kerry voting records yesterday, I came across this article from 2004. I missed some of this, or did not know enough detail about it in the 90’s during a period when I was busy with babies and toddlers and career from dawn til midnight.

    And in what now seems like a bizarre parallel universe, it was John Kerry who was on the side of the FBI, the National Security Agency, and the DOJ. Ashcroft’s predecessor at the Justice Department, Janet Reno, wanted to force companies to create a “clipper chip” for the government—a chip that could “unlock” the encryption codes individuals use to keep their messages private. When that wouldn’t fly in Congress, the DOJ pushed for a “key escrow” system in which a third-party agency would have a “backdoor” key to read encrypted messages.

    In the meantime, the Clinton administration classified virtually all encryption devices as “munitions” that were banned from export, putting American business at a disadvantage. In 1997 Senate Commerce Committee Chairman John McCain pushed the Secure Public Networks Act through his committee. This bill would have codified the administration’s export ban and started a key escrow system. One of his original co-sponsors was his fellow Vietnam vet and good friend from across the aisle, John Kerry.

    Proponents such as McCain and Kerry claimed that law enforcement could not get the key from any third-party agency without a court order. Critics responded that there were loopholes in the law, that it opened the door to abuses, and that it punished a technology rather than wrongdoers who used that technology. Some opponents argued that the idea was equivalent to giving the government an electronic key to everyone’s home. “To date, we have heard a great deal about the needs of law enforcement and not enough about the privacy needs of the rest of us,” said then-Sen. Ashcroft in a 1997 speech to the Computer and Communications Industry Association. “While we need to revise our laws to reflect the digital age, one thing that does not need revision is the Fourth Amendment… Now, more than ever, we must protect citizens’ privacy from the excesses of an arrogant, overly powerful government.”
    http://reason.com/archives/2004/07/26/john-kerrys-monstrous-record-o

  3. TarheelDem says:

    Manassas was the Confederate name for the battle the Union called Bull Run. Interesting how they did the succession of systems.

  4. JTIDAHO says:

    Actually, Bull Run and Manassas refer to the same battle. US Civil War battles often had two different names, the Union one and the Confederate one. The Confederates named battles after the nearest town, the Union after some natural feature (Bull Run/Manassas, Antietam/Sharpsburg, etc), and like Edgehill, Bull Run/Manassas was the first battle of the US Civil War. Its obvious now – we are the enemy.

  5. der says:

    During this same time the NSA and Brits are slipping in through the back door there’s that End Game memo Larry Summers is supposed to have written that has Greg Palast reporting:

    – “The Memo confirmed every conspiracy freak’s fantasy: that in the late 1990s, the top US Treasury officials secretly conspired with a small cabal of banker big-shots to rip apart financial regulation across the planet. When you see 26.3% unemployment in Spain, desperation and hunger in Greece, riots in Indonesia and Detroit in bankruptcy, go back to this End Game memo, the genesis of the blood and tears.”
    http://www.gregpalast.com/larry-summers-and-the-secret-end-game-memo/

    That popping sound is Tea Partiers heads exploding over “proof” of One World Government.

    Though for me in the real world I keep in the back of my mind Chris Hedges warning that the government knows what’s coming with climate catastrophe. So this is just another bit of evidence of their paranoid need to know what 7 billion human beings are doing or could do so they can, I guess, warn the rich and privileged to raise the bridge and stop feeding the crocs? To be the last to starve must have some esoteric meaning that escapes me.

  6. Arbusto says:

    Why are you discussing NSA, GCHQ and inconsequential things like spying, privacy and the law when Obama needs us debating a lose lose situation in Syria he and his so desperately want.

  7. jo6pac says:

    Snowden doesn’t know the secret handshake but is still able to get into the files, amazing who does computer security for them Daffy Duck?

    der is The Memo a fun read or what, a Cypress haircut coming to Amerika soon.

  8. harpie says:

    @joanneleon:
    I also just found out about Clipper Chip today when I read the ProPublica piece on this new information.

    […] By introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open. Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, or P.G.P., designed by a programmer named Phil Zimmermann. The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key.

    That proposal met a broad backlash from an unlikely coalition that included political opposites like Senator John Ashcroft, the Missouri Republican, and Senator John Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson, Silicon Valley executives and the American Civil Liberties Union. All argued that the Clipper would kill not only the Fourth Amendment, but also America’s global edge in technology. […]

    Since it mentioned the ACLU being involved in that, I looked for something, there.

    Big Brother in the Wires: Wiretapping in the Digital Age; ACLU; 3/1/98 [Includes Timeline]

    A struggle over cryptography policy is now taking place in the higher echelons of government, science and industry. Its outcome will have far reaching and possibly irrevocable consequences for every Americans’ right to privacy. Yet the public has been kept largely in the dark. No one has asked the American people if they want Big Brother permanently hardwired into the country’s communications infrastructure, and that is what will happen if the Clinton Administration has its way. […]

  9. Snoopdido says:

    In World War II the Brits (and the Poles) with their Enigma cipher machines decrypted German communications and the US with their Purple or Magic cipher machines decrypted Japanese communications.

    Did the US and the Brits then form the arguably suspect belief that they would have lost WW II without these decryption successes?

    And has that now formed the basis for today’s belief by the NSA and GCHQ that they will have LOST if they don’t break all encryption?

  10. Surfer says:

    “Even rhetorically, our governments have declared civil war on us and our privacy.”

    It’s called hiding in plain sight; can’t say they didn’t let us know. Isn’t there an ancient tradition that contracts require public notice?

  11. Saul Tannenbaum says:

    These revelations are sort of an anti-climax to me. It seemed to be a subtext to everything that’s preceded this in the Snowden revelations. If the NSA was deep inside everything they said they were in, then they had to have byapssed/cracked/stolen-the-keys-for/judicial-ordered-the-keys-for large amounts of encryption.

    What’s really stunning is that Snowden had access to this stuff. Read the article and you see a passage about how this was a program that had no need to know, that it was a very carefully held secret. Heads should roll.

  12. Citizen92 says:

    Thoughts.

    1/So if they already have the keys, why did they have to shut Lavabit down?

    2/Back during the “debate” in the 90’s over whether the government could have the encryption keys (http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/cr033098.htm), former FBI Director Louis Freeh was a proponent. And he kept at it after leaving the FBI (http://news.cnet.com/Former-FBI-chief-takes-on-encryption/2100-1028_3-961969.html). Is that significant?

  13. earlofhuntingdon says:

    Nice observation. The staff that think up these code names are usually very keyed in to what their superiors have in mind, but may publicly deny. To paraphrase one of Helen Mirren’s characters, knowing what one’s masters want even before they do is part of being not just a good bureaucrat, but the best. Secret Service wags can be equally prescient about their protectees’ defining characteristics when they assign them code names.

  14. earlofhuntingdon says:

    @cymack: And you have to assume these military types would know their War Between the States history, especially as many of them are from the South.

  15. grayslady says:

    @Saul Tannenbaum: Yes, isn’t it divine that Snowden outfoxed all of them? I suspected from the first time I listened to Snowden on video that he was one of these Aaron Swartz computer whiz-kid types. They barely finish high school and never finish college because they’re bored out of their minds. At the time, I was furious with the arrogance of my used-to-be-decent Senator, Dick Durbin, publicly trying to humiliate Snowden by saying that he hadn’t even attended college. Unfortunately, it’s people like Durbin, who aren’t the brightest bulbs in the chandelier, who feel some desperate need to try and make themselves look superior for having attained advanced degrees–even if attained from mediocre schools. If the NSA weren’t such a criminal organization, it could have had people like Snowden protecting its programs instead of exposing its bureaucratic corruption.

  16. lefty665 says:

    @Snoopdido: @13 The Germans had better generals, better equipment and generally better soldiers. So yeah, there’s a pretty damn good argument that we’d have lost that war if we had not been reading their mail.

    The Germans could not believe that we were bright enough to break Enigma. They especially did not know about the Bombe, and other tools that automated the process.

    We copied their radio traffic, re-encrypted it in our systems, transmitted it to the D.C. area where it was decrypted, re-encrypted and re-transmitted to the war zone. Often our commanders had plain text before the Germans had decrypted it for themselves.

    The proof is in the Bulge, late in the war when the Germans were on the ropes. The took their traffic off radio and put it on land lines we could not intercept. They damn close to broke out and broke us when we did not know their order of battle and plans.

    Almost Eisenhower’s first stop when he came to D.C. after Normandy was to Arlington Hall where the Army Enigma decryption was done. His message was that they could not have succeeded without that cryptanalysis.

    NSA, GCHQ et al have a solid historical basis for valuing the ability to decrypt communications. Whether that means there should be no domestic privacy today is a different question. Many of the same people who helped bring us victory in WWII also believed that if NSA’s tools were turned inward they enabled tyranny. Current management apparently does not see that as a problem.

  17. Snoopdido says:

    @lefty665: It was important to me to include the word “arguably” in my comment because it could indeed be argued that the US and the Brits might have lost without their decryption of German and Japanese communications.

    I accept that you have made a reasonable case for that view. Personally, I’m in the other camp. Stalin and the Soviet Union was eventually going to crush the Germans because the Germans had run out of steam (and gas). The US was, of course, of some importance to the war in Europe, but it was dwarfed by the Soviet’s effort.

    Germany may have had better generals, soldiers and initially equipment, but they had an idiot for a leader who continually and constantly overruled his generals. Attacking the Soviet Union instead of taking Britain was only one of that idiot’s memorable strategic blunders.

    As for the Japanese, in my view they were fighting way above their class in taking on the US. They based their strategy on a short term quick strike success to get a deal from the US. They knew full well that if they didn’t get that deal, the overwhelming industrial superiority of the US would crush them in time.

    But as I said, the point about the value of the decryption of German and Japanese communications could be seriously argued.

  18. lefty665 says:

    @Saul Tannenbaum: “Heads should roll.” Don’t you think some have?

    Tough question isn’t it? Somebody’s got to keep it all running, and that requires access by really bright folks. If you’ve done a good job recruiting, some of them are going to be bright enough to figure out how to see what’s out there, and curious.

    I believe you remarked in another post that there were likely some folks at NSA who had been warning about sys adm access. Maybe they’re in the driver’s seat now.

  19. lefty665 says:

    @Snoopdido: What I’m doing is repeating what that generation of folks told me. They were there and they were convinced, but that is hearsay to you.

    Some of their other opinions were that we were for the most part ineptly led, with second rate equipment, and poorly trained soldiers. They were convinced that the difference between victory and defeat often was knowing what forces the other guys had and what they planned to do with them. There’s a good argument that at least for the leadership and maybe training not much has changed.

    I certainly agree with your take on Hitler, and Gen. Yamamoto shared many of your views. It is worth noting that decrypts enabled taking his skills out of the battle and shortened the war in the Pacific.

    Your conclusion does not not parse. Would we have had no Iron Curtain in eastern Europe, but the USSR all the way to the Atlantic? Would it have taken a dozen atomic bombs to defeat Japan? Would the Germans have had time to develop their own atomic weapons?

    Decrypts unquestionably made a profound tactical difference throughout the war, That was in the end strategic by shortening the duration by years. As Churchill remarked, it was the “Wizard War”.

    Domestic surveillance today enables tyranny, every bit as much as it did decades ago when those long dead NSAers voiced their fears about having their tools turned inward. They swore that would never happen on their watch, and for the most part it did not.

  20. Saul Tannenbaum says:

    @lefty665: I mean that Keith Alexander should be fired.

    Assume, for a minute, that I’m one of those people who think this stuff was all legal and proper, and that Snowden’s leaks were aiding and abetting the enemy.

    At this point, you have public, incontrovertable proof that the NSA was managed in a way that put serious secrets at risk. Not classification to hide contracting fiascos, things that were so closely held that there was no “need to know”. And some contractor walked off with them.

    In what world isn’t the right response to fire the head of the NSA for negligently aiding and abetting the enemy?

    It makes me want to look for a way to become Harvard staff for a day to go to this and ask impolite questions: http://belfercenter.hks.harvard.edu/events/6097/talk_with_general_michael_hayden.html

  21. C says:

    A proponent of govenrment spying once said to me:

    If we don’t do it the enemy will.

    By which logic all rules must be broken by them “for our own good” even rules designed to keep them in check. By that logic of course we should also just kill everyone before they kill us. Comforting to know that our government is run by a generation of people that believe that shit.

  22. lefty665 says:

    @Saul Tannenbaum: “In what world isn’t the right response to fire the head of the NSA for negligently aiding and abetting the enemy?”

    Apparently ours, but yes you are right, it is the only rational action. It happened on his watch. He’s been there far too long anyway. Past time to go.

    You would have a good time:) How hard did they have to photoshop that pic of Hayden to suppress the jowls? Makes him look more like Poindexter.

  23. Snoopdido says:

    In case you missed it, the Guardian released 2 documents related to their latest report on back doors into and breaking encrypted communication. The documents are:

    1. NSA: classification guide for cryptanalysis – http://www.theguardian.com/world/interactive/2013/sep/05/nsa-classification-guide-cryptanalysis

    2. Project Bullrun – classification guide to the NSA’s decryption program – http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide

    In reading them, there are a couple of unexplained acronyms. As far as I can tell, these are their definitions:

    ECI – Extremely Compartmentalized Information
    PIQ – I don’t know but one of Google terms that comes back is Platform In Question
    CES – Cryptanalysis and Exploitation Services
    CAO – Classification Advisory Officer
    Chief S31 – Chief of Cryptologic Exploitation Services

  24. Saul Tannenbaum says:

    @Snoopdido: If these documents are the source of the NY Times article, the irony is that is metadata.

    It’s a description not of the programs themselves or the technologies or of the “sources and methods” but a guide to the classification of the various layers of facts involved.

    But since its metadata, surely the NSA can’t be complaining, because it’s not as if we’re reading about the details, just how the details we don’t know about are classified. Right?

  25. orionATL says:

    @Stephen:

    thanks for posting these together. i had read the “betrayal of internet” piece, but missed the “remain secure” piece.

    this latter is extremely informative and very specfic, more so in some important ways than the pieces by the guardian’s reporters.

    i encourage all to read thru schneir’s “remain secure” article.

    the nsa is not all-powerful. it cannot break all encryption, and in fact depends as much on human moral weakness leading to co-optation and co-operation, e.g., from microsoft, than from computing power or mathematical insight.

  26. Joanne says:

    I’m late to this party, but has the security of electronic voting machines crossed anyone’s mind? Of course, the importance having of vote presupposes that there is a real choice to be made between candidates.

  27. Stephen says:

    There is an Australian Financial Review article relating to the subject-matter of this thread which ends with a quote from Dan Kaminsky which is worth repeating:

    http://www.afr.com/p/technology/internet_experts_want_security_revamp_aHMy2hm1xHd1qoW80DrJgP

    The article is titled “Internet experts want security revamp after NSA revelations” and ends with the article noting that “overnments around the world, including democracies, are asserting more authority over the Internet, in some cases forbidding the use of virtual private networks.”

    It then gives us this Kaminsky quote: “[I]f the nation states decide security isn’t something we’re allowed to have, then we’re in trouble…. If security is outlawed, only outlaws will have security.”

  28. Rustam says:

    @Joanne: While I am not an expert, it seems they are not secure. The use of voting machines in elections in Germany was effectively banned by the German Federal Constitutional Court after the Chaos Computer Club proved that they are susceptible to manipulation, see here. There is no reason to believe that voting machines elsewhere are more secure.

  29. Rustam says:

    Oh, the page I linked to above doesn’t actually talk about how the voting machines were proved susceptible to manipulation. See here. You can find the report given by the CCC to the German Federal Constitutional Court here. Unfortunately both pages are in German.

Comments are closed.