21 November 2015

NSA continues spying on e-mail

New York Times is starting to get the idea:

When the National Security Agency’s bulk collection of records about Americans’ emails came to light in 2013, the government conceded the program’s existence but said it had shut down the effort in December 2011 for “operational and resource reasons.”

While that particular secret program stopped, newly disclosed documents show that the N.S.A. had found a way to create a functional equivalent. […]

The report explained that there were two other legal ways to get such data. One was the collection of bulk data that had been gathered in other countries, where the N.S.A.’s activities are largely not subject to regulation by the Foreign Intelligence Surveillance Act and oversight by the intelligence court. Because of the way the Internet operates, domestic data is often found on fiber optic cables abroad.

I’ve been posting about this for decades, but once again, here’s how it works:

  • The US is part of the UKUSA Agreement, also called Five Eyes.
  • Because the NSA isn’t allowed to spy directly on US citizens, the UK’s GCHQ does it for them.
  • When the NSA wants to scan your e-mail, phone calls and other personal communications, they send the keywords to GCHQ, and GCHQ sends back the search results.
  • Similarly, the NSA spies on UK citizens, so GCHQ can pretend it doesn’t.

The network used for this is called ECHELON, and was officially reported on by the EU Parliament in 2001. It has been confirmed in Snowden-leaked NSA newsletters.

The main place where US citizens’ data is processed is likely GCHQ Menwith Hill.

Of course, the NSA only needs to do this when they’re not allowed to spy directly on US citizens. In 2002 the Bush administration let them off the leash, so from then until 2011 they were spying directly.

© mathew 2017