Snowden’s Spiegel Files, Working Thread

I’ve decided the best way to digest the collection of documents released by Spiegel this week is to do a working thread. You can find links to the individual files here, or a very big PDF of all files here.

NSA, BND, BfV sharing

Note they describe using XKeyscore for “behavior detection techniques.” Even in physical space, it’s not clear current science supports the validity of such behavior detection. But this involves using someone’s online behavior to translate “behavior” into suspicion.

In the list of topics they share on, there’s Der Spiegel has redacted the place in “Europeans traveling to [redacted] to fight.” That’s presumably Syria (though could be Somalia). It’d be interesting to see the lead time on this international sharing and the time it shows up in news articles.

Note the reference to using XKeyscore for (German) domestic warranted content.

In October 2011, SSG partnered with SUSLAG and BND to conduct a demonstration of XKEYSCORE to the BfV using BfV domestic warranted collection. The BND XKEYSCORE system successfully processed DSL wiretap collection belonging to a German domestic CT target.

I’ve long wondered whether they can use XKS for US domestic content. This would seem to suggest they can. It sort of makes you wonder whether they’d give XKS to telecoms under USA Freedumber?

Comprehensive internal summary of history

Note the other documents describe the partnership primarily in terms of CT, but this document makes it clear it also includes transnational crime and counternarcotics, Afghan support, and one redacted topic.

Note cyber is something that is later described as something NSA is pushing (in January 2013) to get BND to partner on. This document describes IAD as leading discussions at this point (January 2013); but described a follow-up meeting with NTOC and FAD that same month.

Note Germany’s role in translating Igbo, left unredacted. This, and a number of other redacted references, seems to suggest the Germans play a key role in our collection and analysis of intelligence from Nigeria. Note, that might support the notion that one of the redacted sharing purposes is energy-related.

Germany appears to play a key role in our GSM collection. Note they also play a key role in VoIP, which may be why they were so interested in accessing Skype. Germany has already changed its privacy law to help us, but NSA isn’t satisfied. I’m reminded of US Ambassador to Germany Philip Murphy’s bitching about Germans not understanding the need to share information in the Internet era.

Beginnings of ESC

In 2012, Boundless Informant was going to soon roll out a “if you like this you’ll like this” query suggestion mode.

Boundless Informant data does not include FISA or ECI (telecom partner) collection. So Boundless Informant is missing a lot.

Muscular, where NSA steals from Google overseas (as well as Terrestrial RF) do not send their data back to NSA-W. I wonder if there are legal reasons for that.

The explanation for showing metadata rather than content is not included. I wonder why?

Agenda: Konen to NSA

Remember that AFRICOM was based in Europe before it moved. While this was before that time, EUROCOM had much of the continent at that point. So we should assume a lot of the NSA cooperation focuses on that.

Keith Alexander had been in charge of INSCOM during the years before this relationship was set up.

ESC becomes ESOC

This lists additional missions including Nigerian Energy Security (which would explain the focus on Igbo). I’m guessing that one of the redacted topics elsewhere is energy.

This also added Morocco, Algeria, Tunisia, and Libya as targets. I wonder if this location retained that role up to and through the Arab Spring?

NSA apparently used ESOC to track the 2006 Israeli assault on Lebanon.

I wonder whether the Pan Sahel movement missed a lot of the development of AQIM in the region?

Report on XKeyscore training

“Before the training, I was just happy to use it and not go to jail.” [Um, hello.]

PRISM Reporting

The redacted topics are, per William Arkin, S2A: South Asia, S2B: China and Korea, S2H: Russia

I’ll come back to what these data show later.

Tech Surveillance in Europe Africa

The Analytics for Identity Intelligence talks about metadata for geolocation, content for confirmation. Interesting relationship if you’re not supposed to get content to ID, as with US metadata.

Surveillance of African countries by JSA

This explains why US is willing to partner with Germany on Africa: They’re advanced enough the US can share technology with them without giving them freebies. So they can pick up the Africa slack while the US is distracted in Afghanistan and Iraq.

JSA restrictions

This describes how, because JSA is not permitted to target EU countries or economic spying, the Germans presented a list of 31 companies that could not be targeted.

Processing differences

This is a May 2006 discussion of the difference in processing between BND and NSA. The former does more human analysis to pick what’s important; the latter does more automatic processing at the packet level. The whole point of this is that NSA will pressure/impress BND to alter their approach, at least at the Joint effort.

Full use of current NSA DNI processing systems and analysis methodologies at JSA will be key to influencing the BND to alter their strategic DNI processing approach.

Note, however, that the NSA approach involves more minimization based privacy, whereas the Germans use some kind of filter for privacy (I wonder if it’s like ThinThread?). And they’re forcing German to that approach.

Nymrod for matching name transcriptions

Russian names are not a priority–Arabic and Chinese are. And it’s based off commercial software.

Nymrod presentation

Note the discussion of co-representation at 2

SUSLAG classification guide

Cover name for CSC is FIFTYEXCLAIM


Note that Muscular is one of the British collections that goes to Stage 2 XKS, which is intended for very high volumes. That’s the collection that steals from Google and Yahoo.

SID visits Germany

Note the reference to “leveraging language resources in UT,” written well before the Data Center was started.




5 replies
  1. P/K says:

    I have analysed the three new PRISM slides in my earlier article which explains all the PRISM slides published so far. The new slides are 7, 20 and 21: What is known about NSA’s PRISM program

    Especially interesting are the two new documents about TEMPORA, which explain the system quite well: it’s not the overarching cable tapping program as was reported earlier, but a filtering and indexing system just like Xkeyscore (it actually seems to include Xkeyscore among some other components).

  2. Permission Granted says:

    “Note the reference to “leveraging language resources in UT,” written well before the Data Center was started.”
    BYU? LDS Missionary school employees? Returned Missionaries?

    MAN i wished I’d paid my tithing!

  3. Evangelista says:

    You wonder whether they “can” use XKS [XKeyscore] for domestic (in the United States) spying. “They”, who are a range of agencies operating in the Unied States, some government sponsored, including the NSA, who does everything they do within the United States “incidentally”, you know, not really on purpose, but accidentally-on-purpose, and some sometimes euphemized “domestic intelligence organizations” private-enterrprise interest groups, DO use XKeyscore in the United States. They do use it on purpose, whatever the status of whatever they gather and decipher (since it produces a single solid data-stream). There is kind of no way to install Xkeyscore in a computer not on purpose, since it takes an installation action. Through a targeted computer changing hands, though, through sale or theft or theft-and-sale, a particular XKeyscore stream gathering might be gathered actually accidentally.

    I do not think “law” has ever been more than incidental to NSA and its sub-rosa, hence sub-legal spook-realm partners. Or was ever before hearings made “legal” a pain in the arse instead of only a kind fo fun virtual dodge-ball game. For example, if someone, for any reason, including to look for dirt on an irritant, wanted to review, say, Yahoo! emails of a domestic U.S. target, the “work-around” would be to transfer the target’s email off-shore. How? Simply drop the ‘m’ from “” to make it “”. Who looks? Who notices? Who cares when they do notice: “Oh, well, that’s yahoo; I mean, like does it make a difference?” Most of the functions of cyber-spook world depend on taking advantage of people’s trusts in the servant-services they entrust themselves to. It is for this the activities break down trust, and it is break down of trust that brings civility to an end, which brings social breakdown and upheaval.

  4. emptywheel says:

    Yeah. Missionaries. When I lived there the best translation services in the country were there, for the same reason. That’s purportedly one reason the data center is there–the linguistic skills.

  5. Evangelista says:

    A note on your note wondering if “even in physical space…current science supports the validity of [“behavior detection techniques.”]”: Yes, it does. It always has. “Current science” is a moving constant that “validates” current prejudice. As is seen in the current “global warming” debate, money, prestige, exposure (fame), jockeying for position, employment, etc. buys “science”. You might recall the tobacco debate of a few years ago. Thinking further back, you might recall hearing of phrenology. It was supported by current science, as was “scientific identification” by “criminal appearance”, presently dismissed as nonsense in academic discussion, it is still credited in practice. In legal settings we see current science founded behavior detection technique being used when jurors are exposed to gruesome and grotesque visual evidences to convince them to detect murderous behavior subjectively, recognizing an accused guilty for being (alleged) able to “do such horrible stuff”. Also where accusations of guilt are allowed to be sustained by assertions an accused “did not behave like someone who [was shocked, distraught, in mourning, etc]”. Current science sustained behovior is also seen when judges sentence, or increase sentence severity for accused persons maintaining innocence, refuse to plead or admit guilt, or to “show no remorse”, or “real remorse”. Most prejudice is justified using “current science” authority.

Comments are closed.