United States

The Snowden leaks revealed a massive surveillance program including interception of email and other Internet communications and phone call tapping. Some of it appears illegal, while other documents show the US spying on friendly nations during various international summits, and on its citizens. The programs are enabled by two US laws, the Patriot Act and the FISA Amendments Act (FAA), and a side dish called Executive Order 12.333. Although the Foreign Intelligence Surveillance Court oversees such surveillance activities, it operates in secrecy through one-sided procedures that favour the US government.

The NSA SIGINT Strategy 2012-2016 of the National Security Agency (NSA) covers all of the comsec and crypto initiatives to covertly exploit people, cryptographers, anonymisers, informants, planted spies, security firms, networks, governments, and nations.

The primary way the NSA eavesdrops on Internet communications is in the network. That's where their capabilities best scale. They have invested in enormous programs to automatically collect and analyse network traffic.

The slide shows five types of data collection, called “Classes of Accesses” corresponding to the organisational channels through which NSA gathers it's intelligence:

  • 3rd PARTY/LIAISON - Intelligence sharing with foreign agencies.
  • REGIONAL - SCS units, a joint venture between NSA and CIA.
  • CNE - NSA's Tailored Access Operations (TAO) division.
  • LARGE CABLE - NSA's Special Source Operations (SSO) division.
  • FORNSAT - NSA's Global Access Operations (GAO) division.

Besides the collection capabilities shown in this map, NSA also collects data through spy planes and satellites (called Overhead Collection) and a range of tactical collection systems used to support military operations.

  • PRISM is part of the overall NSA surveillance effort - a program authorised in the united states under the FISA Amendments Act (FAA), now located in Section 702 of the FISA, that allows the NSA to collect communications of specifically identified foreign targets.
  • FAIRVIEW seems to be the main umbrella program of upstream collection, incorporating many different operations, such as BLARNEY, STORMBREW, and OAKSTAR (yet another umbrella for eight different programs used for collection outside the US), that intercept massive amounts of international Internet traffic by various means, and involves the collection of communications — both their metadata and their content — as they pass through undersea fiber-optic cables in:
    • Cooperation with telecommunication companies
    • Cooperation with foreign intelligence agencies
    • Unilateral cable tapping operations
  • The five biggest collection programs of the Special Source Operations division are DANCINGOASIS, SPINNERET, MOONLIGHTPATH, INCENSER (tapping internet cables) and AZUREPHOENIX. The largest cable tapping program appears to be DANCINGOASIS (DGO). DANCINGOASIS could be another umbrella program encompassing various smaller sub-programs.
  • Upstream collection also includes data from MUSCULAR in a joint operation with the GCHQ. Internet data collected by Upstream programs can be processed and searched though the XKEYSCORE indexing and analysing system. BOUNDLESS INFORMANT tracks the international intelligence gathering techniques of the NSA.
  • XKEYSCORE is reported to receive unfiltered internet communication sessions ('full-take') from WEALTHYCLUSTER2. The session data is stored for a short period of time: content is buffered for 3 to 5 days (sometimes shorter or sometimes longer, depending on the amount of traffic), and metadata for up to 30 days. In other words, XKEYSCORE creates a rolling buffer that is continually being rewritten. This buffering enables analysts to perform federated queries using so-called “soft selectors”, like keywords, against the body texts of e-mail and chat messages, digital documents, and spreadsheets in English, Arabic and Chinese. XKEYSCORE also allows analysts to look for the usage of encryption, the use of a VPN or the TOR network, and a number of other things that could lead to a target. Analysts can create so-called 'fingerprints', rules that contain search terms (especially all the correlated identities of a certain target) that are automatically executed by the system. Some examples of XKeyscore fingerprints were disclosed by German regional television on July 3, 2014, who presented them as excerpts of source code.
  • The epochal batch of leaks on the hacking unit of Tailored Access Operations (TAO) and ANT division catalog used is typical COMINT and intended for use in targeted surveillance scenarios.

The Hemisphere Project is coordinated from the Los Angeles Clearinghouse and is funded by the US Office of National Drug Control Policy (ONDCP) and Drug Enforcement Administration (DEA). Hemisphere provides electronic call detail records (CDRs) in response to federal, state, and local administrative/grand jury subpoenas. In effect, it is mass surveillance conducted by US telephone company AT&T in collaboration with the DEA (AT&T supplying DEA officials with metadata from a database of telephone calls dating back to 1987).

The Central Intelligence Agency (CIA) is responsible for overseeing the majority of HUMINT operations, although the military (DoD) is often involved in HUMINT as well. Both parties make use of two main tactics, gathering intelligence through interrogations and through conversations with key persons who have access to valuable information. The National Clandestine Service (NCS) is the branch of the CIA responsible for the collection of HUMINT. HUMINT sources of information include diplomats, military attaches, prisoners of war, and espionage.

Plausible deniability began under Central Intelligence Agency (CIA) director Allen Dulles. The CIA black ops division undertakes dangerous and usually what would be considered illegal missions that are not officially sanctioned by the US administration so that the administration, which usually benefits from such missions, can safely disavow any knowledge of them in the event of their publically uncovered success or failure. The administration is in the position of plausible deniability towards the CIA's actions.

Pine Gap near Alice Springs (Australia), a satellite tracking station, is partly run by the CIA, presumably as part of XKEYSCORE.

The CIA’s New Black Bag Is Digital, 2013: Over the past decade specially-trained CIA clandestine operators have mounted over one hundred extremely sensitive black bag jobs designed to penetrate foreign government and military communications and computer systems, as well as the computer systems of some of the world’s largest foreign multinational corporations. Spyware software has been secretly planted in computer servers; secure telephone lines have been bugged; fiber optic cables, data switching centres and telephone exchanges have been tapped; and computer backup tapes and disks have been stolen or surreptitiously copied in these operations.

In other words, the CIA has become instrumental in setting up the shadowy surveillance dragnet that has now been thrown into public view. Sources within the U.S. intelligence community confirm that since 9/11, CIA clandestine operations have given the NSA access to a number of new and critically important targets around the world, especially in China and elsewhere in East Asia, as well as the Middle East, the Near East, and South Asia.

The Federal Bureau of Investigation (FBI) has its own capacity to monitor phone, email, chats, etc., in addition to whatever NSA shares with them, and seems to be doing quite well obtaining what it needs by collecting all the data everywhere via subpoenas, though there are abundant reasons to worry about control functions in FBI’s bulky databases. PRISM, an NSA program, is apparently coordinated through the FBI.

Executive Order 12333 - 1.13 allows the FBI to provide the NSA with “technical assistance” in the United States, i.e. to collect metadata about American citizens by collaborating with “foreign intelligence” and law enforcement services. By using telecom companies the US government can circumvent controls and accountability that don't apply to companies. All major telecom companies have worked closely and secretly with government spying since their inceptions.

The Data Intercept Technology Unit (DITU) has been described as NSA's Alter Ego in the FBI. It carries out its own signals intelligence operations and is trying to collect huge amounts of email and internet data from U.S. companies — an operation that the NSA once conducted, was reprimanded for, and says it abandoned.

The Digital Collection System Network (DCSNet) is a suite of software that collects, sifts and stores phone numbers, phone calls and text messages. The system directly connects FBI wiretapping outposts around the US to a far-reaching private communications network. DCSNet includes at least three collection components, each running on Windows-based computers:

  • DCS-3000 (alias Red Hook) handling pen-registers and trap-and-traces, a type of surveillance that collects signaling information – primarily the numbers dialed from a telephone – but no communications content. (Pen registers record outgoing calls; trap-and-traces record incoming calls.)
  • DCS-6000 (alias Digital Storm) captures and collects the content of phone calls and text messages for full wiretap orders.
  • DCS-5000 is used for targeted surveillance wiretaps (targeting spies or terrorists).