ECHELON : Interception Capabilities 2000

61. The same article alleged that a leading US Internet and
telecommunications company had contracted with NSA to
develop software to capture Internet data of interest, and
that deals had been struck with the leading manufacturers
Microsoft, Lotus, and Netscape to alter their products for
foreign use. The latter allegation has proven correct (see
technical annexe). Providing such features would make little
sense unless NSA had also arranged general access to
Internet traffic. Although NSA will not confirm or deny such
allegations, a 1997 court case in Britain involving alleged
"computer hacking" produced evidence of NSA surveillance of
the Internet. Witnesses from the US Air Force component of
NSA acknowledged using packet sniffers and specialised
programmes to track attempts to enter US military computers.
The case collapsed after the witnesses refused to provide
evidence about the systems they had used.(39)

Covert collection of high capacity signals

62. Where access to signals of interest is not possible by
other means, Comint agencies have constructed special
purpose interception equipment to install in embassies or
other diplomatic premises, or even to carry by hand to
locations of special interest. Extensive descriptions of
operations of this kind have been published by Mike Frost, a
former official of CSE, the Canadian Sigint agency.(40)
Although city centre embassy premises are often ideally
situated to intercept a wide range of communications,
ranging from official carphone services to high capacity
microwave links, processing and passing on such information
may be difficult. Such collection operations are also highly
sensitive for diplomatic reasons. Equipment for covert
collection is therefore specialised, selective and
miniaturised.

63. A joint NSA/CIA "Special Collection Service"
manufactures equipment and trains personnel for covert
collection activities One major device is a suitcase-sized
computer processing system. ORATORY. ORATORY is in effect a
miniaturised version of the Dictionary computers described
in the next section, capable of selecting non-verbal
communications of interest from a wide range of inputs,
according to pre-programmed selection criteria. One major
NSA supplier ("The IDEAS Operation") now offers
micro-miniature digital receivers which can simultaneously
process Sigint data from 8 independent channels. This radio
receiver is the size of a credit card. It fits in a standard
laptop computer. IDEAS claim, reasonably, that their tiny
card "performs functions that would have taken a rack full
of equipment not long ago".

New satellite networks

64. New network operators have constructed mobile phone
systems providing unbroken global coverage using satellites
in low or medium level earth orbits. These systems are
sometimes called satellite personal communications systems
(SPCS). Because each satellite covers only a small area and
moves fast, large numbers of satellites are needed to
provide continuous global coverage. The satellites can relay
signals directly between themselves or to ground stations.
The first such system to be completed, Iridium, uses 66
satellites and started operations in 1998. Iridium appears
to have created particular difficulties for communications
intelligence agencies, since the signals down from the
Iridium and similar networks can only be received in a small
area, which may be anywhere on the earth's surface. Ê

3. ECHELON and Comint production


65. The ECHELON system became well known following
publication of the previous STOA report. Since then, new
evidence shows that ECHELON has existed since the 1970s, and
was greatly enlarged between 1975 and 1995. Like ILC
interception, ECHELON has developed from earlier methods.
This section includes new information and documentary
evidence about ECHELON and satellite interception.

The "Watch List"

66. After the public revelation of the SHAMROCK interception
programme, NSA Director Lt General Lew Allen described how
NSA used "'watch lists" as an aid to watch for foreign
activity of reportable intelligence interest".(41) "We have
been providing details ... of any messages contained in the
foreign communications we intercept that bear on named
individuals or organisations. These compilations of names
are commonly referred to as 'Watch Lists'", he said.(42)
Until the 1970s, Watch List processing was manual. Analysts
examined intercepted ILC communications, reporting,
"gisting" or analysing those which appeared to cover names
or topics on the Watch List.

New information about ECHELON sites and systems

67. It now appears that the system identified as ECHELON has
been in existence for more than 20 years. The need for such
a system was foreseen in the late 1960s, when NSA and GCHQ
planned ILC satellite interception stations at Mowenstow and
Yakima. It was expected that the quantity of messages
intercepted from the new satellites would be too great for
individual examination. According to former NSA staff, the
first ECHELON computers automated Comint processing at these
sites.(43)

68. NSA and CIA then discovered that Sigint collection from
space was more effective than had been anticipated,
resulting in accumulations of recordings that outstripped
the available supply of linguists and analysts. Documents
show that when the SILKWORTH processing systems was
installed at Menwith Hill for the new satellites, it was
supported by ECHELON 2 and other databanks (see
illustration).

69. By the mid 1980s, communications intercepted at these
major stations were heavily sifted, with a wide variety of
specifications available for non-verbal traffic. Extensive
further automation was planned in the mid 1980s as NSA
Project P-415. Implementation of this project completed the
automation of the previous Watch List activity. From 1987
onwards, staff from international Comint agencies travelled
to the US to attended training courses for the new computer
systems.

70. Project P-415/ECHELON made heavy use of NSA and GCHQ's
global Internet-like communication network to enable remote
intelligence customers to task computers at each collection
site, and receive the results automatically. The key
component of the system are local "Dictionary" computers,
which store an extensive database on specified targets,
including names, topics of interest, addresses, telephone
numbers and other selection criteria. Incoming messages are
compared to these criteria; if a match is found, the raw
intelligence is forwarded automatically. Dictionary
computers are tasked with many thousands of different
collection requirements, described as "numbers" (four digit
codes).

71. Tasking and receiving intelligence from the Dictionaries
involves processes familiar to anyone who has used the
Internet. Dictionary sorting and selection can be compared
to using search engines, which select web pages containing
key words or terms and specifying relationships. The
forwarding function of the Dictionary computers may be
compared to e-mail. When requested, the system will provide
lists of communications matching each criterion for review,
analysis, "gisting" or forwarding. An important point about
the new system is that before ECHELON, different countries
and different stations knew what was being intercepted and
to whom it was sent. Now, all but a fraction of the messages
selected by Dictionary computers at remote sites are
forwarded to NSA or other customers without being read
locally.

Westminster, London - Dictionary computer

72. In 1991, a British television programme reported on the
operations of the Dictionary computer at GCHQ's Westminster,
London office. The system "secretly intercepts every single
telex which passes into, out of or through London; thousands
of diplomatic, business and personal messages every day.
These are fed into a programme known as `Dictionary'. It
picks out keywords from the mass of Sigint, and hunts out
hundreds of individuals and corporations".(44) The programme
pointed out that the Dictionary computers, although
controlled and tasked by GCHQ, were operated by security
vetted staff employed by British Telecom (BT), Britain's
dominant telecommunications operator.(45) The presence of
Dictionary computers has also been confirmed at Kojarena,
Australia; and at GCHQ Cheltenham, England.(46)

Sugar Grove, Virginia - COMSAT interception at ECHELON site

73. US government documents confirm that the satellite
receiving station at Sugar Grove, West Virginia is an
ECHELON site, and that collects intelligence from COMSATs.
The station is about 250 miles south-west of Washington, in
a remote area of the Shenandoah Mountains. It is operated by
the US Naval Security Group and the US Air Force
Intelligence Agency.

74. An upgraded system called TIMBERLINE II, was installed
at Sugar Grove in the summer of 1990. At the same time,
according to official US documents, an "ECHELON training
department" was established.(47) With training complete, the
task of the station in 1991 became "to maintain and operate
an ECHELON site".(48)

75. The US Air Force has publicly identified the
intelligence activity at Sugar Grove: its "mission is to
direct satellite communications equipment [in support of]
consumers of COMSAT information ... This is achieved by
providing a trained cadre of collection system operators,
analysts and managers".(49) In 1990, satellite photographs
showed that there were 4 satellite antennae at Sugar Grove.
By November 1998, ground inspection revealed that this had
expanded to a group of 9.

Sabana Seca, Puerto Rico and Leitrim, Canada - COMSAT
interception sites

76. Further information published by the US Air Force
identifies the US Naval Security Group Station at Sabana
Seca, Puerto Rico as a COMSAT interception site. Its mission
is "to become the premier satellite communications
processing and analysis field station".(50)

77. Canadian Defence Forces have published details about
staff functions at the Leitrim field station of the Canadian
Sigint agency CSE. The station, near Ottawa, Ontario has
four satellite terminals, erected since 1984. The staff
roster includes seven Communications Satellite Analysts,
Supervisors and Instructors.(51)

78. In a publicly available resume, a former Communication
Satellite Analyst employed at Leitrim describes his job as
having required expertise in the "operation and analysis of
numerous Comsat computer systems and associated subsystems
... [utilising] computer assisted analysis systems ... [and]
a broad range of sophisticated electronic equipment to
intercept and study foreign communications and electronic
transmissions.(52) Financial reports from CSE also indicate
that in 1995/96, the agency planned payments of $7 million
to ECHELON and $6 million to Cray (computers). There were no
further details about ECHELON.(53)

Waihopai, New Zealand - Intelsat interception at ECHELON
site

79. New Zealand's Sigint agency GCSB operates two satellite
interception terminals at Waihopai, tasked on Intelsat
satellites covering the Pacific Ocean. Extensive details
have already been published about the station's Dictionary
computers and its role in the ECHELON network.(54) After the
book was published, a New Zealand TV station obtained images
of the inside of the station operations centre. The pictures
were obtained clandestinely by filming through partially
curtained windows at night. The TV reporter was able to film
close-ups of technical manuals held in the control centre.
These were Intelsat technical manuals, providing
confirmation that the station targeted these satellites
Strikingly, the station was seen to be virtually empty,
operating fully automatically. One guard was inside, but was
unaware he was being filmed.(55)

ILC processing techniques

80. The technical annexe describes the main systems used to
extract and process communications intelligence. The
detailed explanations given about processing methods are not
essential to understanding the core of this report, but are
provided so that readers knowledgeable about
telecommunications may fully evaluate the state of the art.

81. Fax messages and computer data (from modems) are given
priority in processing because of the ease with which they
are understood and analysed. The main method of filtering
and analysing non-verbal traffic, the Dictionary computers,
utilise traditional information retrieval techniques,
including keywords. Fast special purpose chips enable vast
quantities of data to be processed in this way. The newest
technique is "topic spotting". The processing of telephone
calls is mainly limited to identifying call-related
information, and traffic analysis. Effective voice
"wordspotting" systems do not exist are not in use, despite
reports to the contrary. But "voiceprint" type speaker
identification systems have been in use since at least 1995.
The use of strong cryptography is slowly impinging on Comint
agencies' capabilities. This difficulty for Comint agencies
has been offset by covert and overt activities which have
subverted the effectiveness of cryptographic systems
supplied from and/or used in Europe.

82. The conclusions drawn in the annexe are that Comint
equipment currently available has the capability, as tasked,
to intercept, process and analyse every modern type of high
capacity communications system to which access is obtained,
including the highest levels of the Internet. There are few
gaps in coverage. The scale, capacity and speed of some
systems is difficult fully to comprehend. Special purpose
systems have been built to process pager messages, cellular
mobile radio and new satellites.


Comint and Law Enforcement


83. In 1990 and 1991, the US government became concerned
that the marketing of a secure telephone system by AT&T
could curtail Comint activity. AT&T was persuaded to
withdraw its product. In its place the US government offered
NSA "Clipper" chips for incorporation in secure phones. The
chips would be manufactured by NSA, which would alsorecord
built-in keys and pass this information to other government
agencies for storage and, if required, retrieval. This
proposal proved extremely unpopular, and was abandoned. In
its place, the US government proposed that non government
agencies should be required to keep copies of every user's
keys, a system called "key escrow" and, later, "key
recovery". Viewed in retrospect, the actual purpose of these
proposals was to provide NSA with a single (or very few)
point(s) of access to keys, enabling them to continue to
access private and commercial communications.

Misrepresentation of law enforcement interception
requirements

84. Between 1993 to 1998, the United States conducted
sustained diplomatic activity seeking to persuade EU nations
and the OECD to adopt their "key recovery" system.
Throughout this period, the US government insisted that the
purpose of the initiative was to assist law enforcement
agencies. Documents obtained for this study suggest that
these claims wilfully misrepresented the true intention of
US policy. Documents obtained under the US Freedom of
Information Act indicate that policymaking was led
exclusively by NSA officials, sometimes to the complete
exclusion of police or judicial officials. For example, when
the specially appointed US "Ambassador for Cryptography",
David Aaron, visited Britain on 25 November 1996, he was
accompanied and briefed by NSA's most senior representative
in Britain, Dr James J Hearn, formerly Deputy Director of
NSA. Mr Aaron had did not meet or consult FBI officials
attached to his Embassy. His meeting with British Cabinet
officials included NSA's representative and staff from
Britain's GCHQ, but police officers or justice officials
from both nations were excluded.

85. Since 1993, unknown to European parliamentary bodies and
their electors, law enforcement officials from many EU
countries and most of the UKUSA nations have been meeting
annually in a separate forum to discuss their requirements
for intercepting communications. These officials met under
the auspices of a hitherto unknown organisation, ILETS
(International Law Enforcement Telecommunications Seminar).
ILETS was initiated and founded by the FBI. Table 2 lists
ILETS meetings held between 1993 and 1997.

86. At their 1993 and 1994 meetings, ILETS participants
specified law enforcement user requirements for
communications interception. These appear in a 1974 ILETS
document called "IUR 1.0". This document was based on an
earlier FBI report on "Law Enforcement Requirements for the
Surveillance of Electronic Communications", first issued in
July 1992 and revised in June 1994. The IUR requirement
differed little in substance from the FBI's requirements but
was enlarged, containing ten requirements rather than nine.
IUR did not specify any law enforcement need for "key
escrow" or "key recovery". Cryptography was mentioned solely
in the context of network security arrangements.

87. Between 1993 and 1997 police representatives from ILETS
were not involved in the NSA-led policy making process for
"key recovery", nor did ILETS advance any such proposal,
even as late as 1997. Despite this, during the same period
the US government repeatedly presented its policy as being
motivated by the stated needs of law enforcement agencies.
At their 1997 meeting in Dublin, ILETS did not alter the
IUR. It was not until 1998 that a revised IUR was prepared
containing requirements in respect of cryptography. It
follows from this that the US government misled EU and OECD
states about the true intention of its policy.

88. This US deception was, however, clear to the senior
Commission official responsible for information security. In
September 1996, David Herson, head of the EU Senior
Officers' Group on Information Security, stated his
assessment of the US "key recovery" project :

"'Law Enforcement' is a protective shield for all the other
governmental activities ... We're talking about foreign
intelligence, that's what all this is about. There is no
question [that] 'law enforcement' is a smoke screen".(56)

89. It should be noted that technically, legally and
organisationally, law enforcement requirements for
communications interception differ fundamentally from
communications intelligence. Law enforcement agencies (LEAs)
will normally wish to intercept a specific line or group of
lines, and must normally justify their requests to a
judicial or administrative authority before proceeding. In
contract, Comint agencies conduct broad international
communications "trawling" activities, and operate under
general warrants. Such operations do not require or even
suppose that the parties they intercept are criminals. Such
distinctions are vital to civil liberty, but risk being
eroded it the boundaries between law enforcement and
communications intelligence interception becomes blurred in
future.

Table 2 ILETS meetings, 1993-1997

Law enforcement communications interception - policy
development in Europe

90. Following the second ILETS meeting in Bonn in 1994, IUR
1.0 was presented to the Council of Ministers and was passed
without a single word being altered on 17January 1995.(57)
During 1995, several non EU members of the ILETS group wrote
to the Council to endorse the (unpublished) Council
resolution. The resolution was not published in the Official
Journal for nearly two years, on 4 November 1996.

91. Following the third ILETS meeting in Canberra in 1995,
the Australian government was asked to present the IUR to
International Telecommunications Union (ITU). Noting that
"law enforcement and national security agencies of a
significant number of ITU member states have agreed on a
generic set of requirements for legal interception", the
Australian government asked the ITU to advise its standards
bodies to incorporate the IUR requirements into future
telecommunications systems on the basis that the "costs of
[providing] legal interception capability and associated
disruptions can be lessened by providing for that capability
at the design stage".(58)

92. It appears that ILETS met again in 1998 and revised and
extended its terms to cover the Internet and Satellite
Personal Communications Systems such as Iridium. The new IUR
also specified "additional security requirements for network
operators and service providers", extensive new requirements
for personal information about subscribers, and provisions
to deal with cryptography.

93. On 3 September 1998, the revised IUR was presented to
the Police Co-operation Working Group as ENFOPOL 98. The
Austrian Presidency proposed that, as in 1994, the new IUR
be adopted verbatim as a Council Resolution on interception
"in respect of new technology".(59) The group did not agree.
After repeated redrafting, a fresh paper has been prepared
by the German Presidency, for the eventual consideration of
Council Home and Justice ministers.(60)


5. Comint and economic intelligence


94. During the 1998 EP debate on "Transatlantic
relations/ECHELON system" Commissioner Bangeman observed on
behalf of the Commission that "If this system were to exist,
it would be an intolerable attack against individual
liberties, competition and the security of the states".(61)
The existence of ECHELON was described in section 3, above.
This section describes the organisational and reporting
frameworks within which economically sensitive information
collected by ECHELON and related systems is disseminated,
summarising examples where European organisations have been
the subject of surveillance.

Tasking economic intelligence

95. US officials acknowledge that NSA collects economic
information, whether intentionally or otherwise. Former
military intelligence attacht Colonel Dan Smith worked at
the US Embassy, London until 1993. He regularly received
Comint product from Menwith Hill. In 1998, he told the BBC
that at Menwith Hill:

"In terms of scooping up communications, inevitably since
their take is broadband, there will be conversations or
communications which are intercepted which have nothing to
do with the military, and probably within those there will
be some information about commercial dealings"

"Anything would be possible technically. Technically they
can scoop all this information up, sort through it and find
out what it is that might be asked for . . . But there is
not policy to do this specifically in response to a
particular company's interest(62)

96. In general, this statement is not incorrect. But it
overlooks fundamental distinctions between tasking and
dissemination, and between commercial and economic
intelligence. There is no evidence that companies in any of
the UKUSA countries are able to task Comint collection to
suit their private purposes. They do not have to. Each UKUSA
country authorises national level intelligence assessment
organisations and relevant individual ministries to task and
receive economic intelligence from Comint. Such information
may be collected for myriad purposes, such as: estimation of
future essential commodity prices; determining other
nation's private positions in trade negotiations; monitoring
international trading in arms; tracking sensitive
technology; or evaluating the political stability and/or
economic strength of a target country. Any of these targets
and many others may produce intelligence of direct
commercial relevance. The decision as to whether it should
be disseminated or exploited is taken not by Comint agencies
but by national government organisation(s).

Disseminating economic intelligence

97. In 1970, according to its former Executive Director, the
US Foreign Intelligence Advisory Board recommended that
"henceforth economic intelligence be considered a function
of the national security, enjoying a priority equivalent to
diplomatic, military, technological intelligence".(63) On 5
May 1977, a meeting between NSA, CIA and the Department of
Commerce authorised the creation of secret new department,
the "Office of Intelligence Liaison". Its task was to handle
"foreign intelligence" of interest to the Department of
Commerce. Its standing orders show that it was authorised to
receive and handle SCI intelligence - Comint and Sigint from
NSA. The creation of this office THUS provided a formal
mechanism whereby NSA data could be used to support
commercial and economic interests. After this system was
highlighted in a British TV programme in 1993, its name was
changed to the "Office of Executive Support".(64) Also in
1993, President Clinton extended US intelligence support to
commercial organisations by creating a new National Economic
Council, paralleling the National Security Council.

98. The nature of this intelligence support has been widely
reported. "Former intelligence officials and other experts
say tips based on spying ... regularly flow from the
Commerce Department to U.S. companies to help them win
contracts overseas.(65) The Office of Executive Support
provides classified weekly briefings to security officials.
One US newspaper obtained reports from the Commerce
Department demonstrating intelligence support to US
companies:

One such document consists of minutes from an August 1994
Commerce Department meeting [intended] to identify major
contracts open for bid in Indonesia in order to help U.S.
companies win the work. A CIA employee ... spoke at the
meeting; five of the 16 people on the routine distribution
list for the minutes were from the CIA.

99. In the United Kingdom, GCHQ is specifically required by
law (and as and when tasked by the British government) to
intercept foreign communications "in the interests of the
economic well-being of the United Kingdom ...in relation to
the actions or intentions of persons outside the British
Islands". Commercial interception is tasked and analysed by
GCHQ's K Division. Commercial and economic targets can be
specified by the government's Overseas Economic Intelligence
Committee, the Economic Staff of the Joint Intelligence
Committee, the Treasury, or the Bank of England.(66)
According to a former senior JIC official, the Comint take
routinely includes "company plans, telexes, faxes, and
transcribed phone calls. Many were calls between Europe and
the South[ern Hemisphere]".(67)

100. In Australia, commercially relevant Comint is passed by
DSD to the Office of National Assessments, who consider
whether, and if so where, to disseminate it. Staff there may
pass information to Australian companies if they believe
that an overseas nation has or seeks an unfair trade
advantage. Targets of such activity have included
Thomson-CSF, and trade negotiations with Japanese purchasers
of coal and iron ore. Similar systems operate in the other
UKUSA nations, Canada and New Zealand.

The use of Comint economic intelligence product

Panavia European Fighter Aircraft consortium and Saudi
Arabia

101. In 1993, former National Security Council official
Howard Teicher described in a programme about Menwith Hill
how the European Panavia company was specifically targeted
over sales to the Middle East. "I recall that the words
'Tornado' or 'Panavia' - information related to the specific
aircraft - would have been priority targets that we would
have wanted information about".(68)

Thomson CSF and Brazil

102. In 1994, NSA intercepted phone calls between
Thomson-CSF and Brazil concerning SIVAM, a $1.3 billion
surveillance system for the Amazon rain forest. The company
was alleged to have bribed members of the Brazilian
government selection panel. The contract was awarded to the
US Raytheon Corporation - who announced afterwards that "the
Department of Commerce worked very hard in support of U.S.
industry on this project".(69) Raytheon also provide
maintenance and engineering services to NSA's ECHELON
satellite interception station at Sugar Grove.

Airbus Industrie and Saudi Arabia

103. According to a well-informed 1995 press report :"from a
commercial communications satellite, NSA lifted all the
faxes and phone calls between the European consortium
Airbus, the Saudi national airline and the Saudi government.
The agency found that Airbus agents were offering bribes to
a Saudi official. It passed the information to U.S.
officials pressing the bid of Boeing Co and McDonnell
Douglas Corp., which triumphed last year in the $6 billion
competition." (70)

International trade negotiations

104. Many other accounts have been published by reputable
journalists and some firsthand witnesses citing frequent
occasions on which the US government has utlitised Comint
for national commercial purposes. These include targeting
data about the emission standards of Japanese vehicles;(71)
1995 trade negotiations the import of Japanese luxury
cars;(72) French participation in the GATT trade
negotiations in 1993; the Asian-Pacific Economic Conference
(APEC), 1997.

Targeting host nations

105. The issue of whether the United States utilises
communications intelligence facilities such as Menwith Hilll
or Bad Aibling to attack host nations' communications also
arises. The available evidence suggests that such conduct
may normally be avoided. According to former National
Security Council official Howard Teicher, the US government
would not direct NSA to spy on a host governments such as
Britain:

" [But] I would never say never in this business because, at
the end of the day, national interests are national
interests ... sometimes our interests diverge. So never say
never - especially in this business".


6. Comint capabilities after 2000


Developments in technology

106. Since the mid-1990s, communications intelligence
agencies have faced substantial difficulties in maintaining
global access to communications systems. These difficulties
will increase during and after 2000. The major reason is the
shift in telecommunications to high capacity optical fibre
networks. Physical access to cables is required for
interception. Unless a fibre network lies within or passes
through a collaborating state, effective interception is
practical only by tampering with optoelectronic repeaters
(when installed). This limitation is likely to place many
foreign land-based high capacity optical fibre networks
beyond reach. The physical size of equipment needed to
process traffic, together with power, communications and
recording systems, makes clandestine activity impractical
and risky.

107. Even where access is readily available (such as to
COMSATs), the proliferation of new systems will limit
collection activities, partly because budgetary constraint
will restrict new deployments, and partly because some
systems (for example, Iridium) cannot be accessed by
presently available systems.

108. In the past 15 years the substantial technological lead
in computers and information technology once enjoyed by
Comint organisations has all but disappeared. Their
principal computer systems are bought "off the shelf" and
are the equal of or even inferior to those used by first
rank industrial and academic organisations. They differ only
in being "TEMPEST shielded", preventing them emitting radio
signals which could be used to analyse Sigint activity.

109. Communications intelligence organisations recognise
that the long war against civil and commercial cryptography
has been lost. A thriving academic and industrial community
is skilled in cryptography and cryptology. The Internet and
the global marketplace have created a free flow in
information, systems and software. NSA has failed in its
mission to perpetuate access by pretending that that "key
escrow" and like systems were intended to support law
enforcement (as opposed to Comint) requirements.

110. Future trends in Comint are likely to include limits on
investment in Comint collection from space; greater use of
human agents to plant collection devices or obtain codes
than inthe past; and an intensified effort to attack foreign
computer systems, using the Internet and other means (in
particular, to gain access to protected files or
communications before they are encrypted).

111. Attempts to restrict cryptography have nevertheless
delayed the large-scale introduction of effective
cryptographic security systems. The reduced cost of
computational power has also enabled Comint agencies to
deploy fast and sophisticated processing and sorting tools.

112. Recent remarks to CIA veterans by the head of staff of
the US House of Representatives Permanent Select Committee
on Intelligence, ex CIA officer John Millis illustrate how
NSA views the same issues:

"Signals intelligence is in a crisis. ... Over the last
fifty years ... In the past, technology has been the friend
of NSA, but in the last four or five years technology has
moved from being the friend to being the enemy of Sigint.

The media of telecommunications is no longer
Sigint-friendly. It used to be. When you were doing RF
signals, anybody within range of that RF signal could
receive it just as clearly as the intended recipient. We
moved from that to microwaves, and people figured out a
great way to harness that as well. Well, we're moving to
media that are very difficult to get to.

Encryption is here and it's going to grow very rapidly. That
is bad news for Sigint ... It is going to take a huge amount
of money invested in new technologies to get access and to
be able to break out the information that we still need to
get from Sigint".

Policy issues for the European Parliament

1. The 1998 Parliamentary resolution on "Transatlantic
relations/ECHELON system"(73) called for "protective
measures concerning economic information and effective
encryption". Providing such measures may be facilitated by
developing an in-depth understanding of present and future
Comint capabilities.

2. At the technical level, protective measures may best be
focused on defeating hostile Comint activity by denying
access or, where this is impractical or impossible,
preventing processing of message content and associated
traffic information by general use of cryptography.

3. As the SOGIS group within the Commission has
recognised,(74) the contrasting interests of states is a
complex issue. Larger states have made substantial
investments in Comint capabilities. One member state is
active in the UKUSA alliance, whilst others are either
"third parties" to UKUSA or have made bilateral arrangements
with NSA. Some of these arrangements were a legacy of the
cold war; others are enduring. These issues create internal
and international conflicts of interest. Technical solutions
are not obvious. It should be possible to define a shared
interest in implementing measures to defeat future external
Comint activities directed against European states, their
citizens and commercial activities.

4. A second area of apparent conflict concerns states'
desires to provide communications interception for
legitimate law enforcement purposes. The technical and legal
processes involved in providing interception for law
enforcement purpose differ fundamentally from those used in
communications intelligence. Partly because of the lack of
parliamentary and public awareness of Comint activities,
this distinction is often glossed over, particularly by
states that invest heavily in Comint. Any failure to
distinguish between legitimate law enforcement interception
requirements and interception for clandestine intelligence
purposes raises grave issues for civil liberties. A clear
boundary between law enforcement and "national security"
interception activity is essential to the protection of
human rights and fundamental freedoms.

5. At the present time, Internet browsers and other
software used in almost every personal computer in Europe is
deliberately disabled such that "secure" communications they
send can, if collected, be read without difficulty by NSA.
US manufacturers are compelled to make these arrangements
under US export rules. A level playing field is important.
Consideration could be given to a countermeasure whereby, if
systems with disabled cryptographic systems are sold outside
the United States, they should be required to conform to an
"open standard" such that third parties and other nations
may provide additional applications which restore the level
of security to at least enjoyed by domestic US customers.

6. The work of ILETS has proceeded for 6 years without the
involvement of parliaments, and in the absence of
consultation with the industrial organisations whose vital
interests their work affects. It is regrettable that, prior
to the publication of this report, public information has
not been available in states about the scope of the
policy-making processes, inside and outside the EU, which
have led to the formulation of existing and new law
enforcement "user requirements". As a matter of urgency, the
current policy-making process should be made open to public
and parliamentary discussion in member states and in the EP,
so that a proper balance may be struck between the security
and privacy rights of citizens and commercial enterprises,
the financial and technical interests of communications
network operators and service providers, and the need to
support law enforcement activities intended to suppress
serious crime and terrorism. Ê Technical annexe

Broadband (high capacity multi-channel) communications

1. From 1950 until the early 1980s, high capacity
multi-channel analogue communications systems were usually
engineered using separate communications channels carried at
different frequencies The combined signal, which could
include 2,000 or more speech channels, was a "multiplex".
The resulting "frequency division multiplex" (FDM) signal
was then carried on a much higher frequency, such as by a
microwave radio signal.

2. Digital communications have almost universally taken over
from analogue methods. The basic system of digital
multi-channel communications is time division multiplexing
(TDM). In a TDM telephony system, the individual
conversational channels are first digitised. Information
concerning each channel is then transmitted sequentially
rather than simultaneously, with each link occupying
successive time "slots".

3. Standards for digital communications evolved separately
within Europe and North America. In the United States, the
then dominant public network carrier (the Bell system, run
by AT&T) established digital data standards. The basic
building block, a T-1 link, carries the equivalent of 24
telephone channels at a rate of 1.544 Mbps. Higher capacity
systems operate at greater data transmission rates Thus, the
highest transmission rate, T-5, carries the equivalent of
8,000 speech channels at a data rate of 560 Mbps.

4. Europe adopted a different framework for digital
communications, based on standards originally agreed by the
CEPT. The basic European standard digital link, E-1, carries
30 telephone channels at a data rate of 2 Mbps. Most
European telecommunications systems are based on E-1 links
or (as in North America), multiples thereof. The distinction
is significant because most Comint processing equipment
manufactured in the United States is designed to handle
intercepted communications working to the European forms of
digital communications.

5. Recent digital systems utilise synchronised signals
carried by very high capacity optical fibres. Synchronising
signals enables single channels to be easily extracted from
high capacity links. The new system is known in the US as
the synchronous optical network (SONET), although three
equivalent definitions and labels are in use.(75)

Communications intelligence equipment

6. Dozens of US defence contractors, many located in Silicon
Valley (California) or in the Maryland "Beltway" area near
Washington, manufacture sophisticated Sigint equipment for
NSA. Major US corporations, such as Lockheed Martin, Space
Systems/Loral, TRW, Raytheon and Bendix are also contracted
by NSA to operate major Sigint collection sites. A full
report on their products and services is beyond the scope of
this study. The state of the art in contemporary
communications intelligence may usefully be demonstrated,
however, by examining some of the Comint processing products
of two specialist NSA niche suppliers: Applied Signal
Technology Inc (AST), of Sunnyvale, California, and The
IDEAS Operation of Columbia, Maryland (part of Science
Applications International Corporation (SAIC)).(76)

7. Both companies include senior ex-NSA staff as directors.
When not explicitly stated, their products can be identified
as intended for Sigint by virtue of being "TEMPEST
screened". AST states generally that its "equipment is used
for signal reconnaissance of foreign telecommunications by
the United States government". One leading cryptographer has
aptly and and engagingly described AST as a "one-stop
ECHELON shop".

Wideband extraction and signal analysis

8. Wideband (or broadband) signals are normally intercepted
from satellites or tapped cables in the form of multiplex
microwave or high frequency signals. The first step in
processing such signals for Comint purposes is "wideband
extraction". An extensive range of Sigint equipment is
manufactured for this purpose, enabling newly intercepted
systems to be surveyed and analysed. These include
transponder survey equipment which identify and classify
satellite downlinks, demodulators, decoders, demultiplexers,
microwave radio link analysers, link survey units, carrier
analysis systems, and many other forms of hardware and
software.

9. A newly intercepted communications satellite or data link
can be analysed using the AST Model 196 "Transponder
characterisation system". Once its basic communications
structure has been analysed, the Model 195 "Wideband
snapshot analyser", also known as SNAPPER, can record sample
data from even the highest capacity systems, sufficient to
analyse communications in minute detail. By the start of
1999, operating in conjunction with the Model 990 "Flexible
Data Acquisition Unit", this systems was able to record,
playback and analyse at data rates up to 2.488 Gbps (SONET
OC-48). This is 16 times faster than the largest backbone
links in general use on the Internet; larger than the
telephony capacity of any current communications satellite;
and equivalent to 40,000 simultaneous telephone calls. It
can be fitted with 48 Gbyte of memory (500-1000 times larger
than found in an average personal computer), enabling
relatively lengthy recordings of high-speed data links. The
2.5 Gbps capacity of a single SNAPPER unit exceeds the
current daily maximum data rate found on a typical large
Internet exchange.(77)

10. Both AST and IDEAS offer a wide range of recorders,
demultiplexers, scanners and processors, mostly designed to
process European type (CEPT) E-1, E-3 (etc) signals at data
rates of up to 160 Mbps. Signals may be recorded to banks of
high-speed tape recorders, or into high capacity "RAID"(78)
hard disk networks. Intercepted optical signals can be
examined with the AST Model 257E "SONET analyser".

11. Once communications links have been analysed and broken
down to their constituent parts, the next stage of Comint
collection involves multi-channel processors which extract
and filter messages and signals from the desired channels.
There are three broad categories of interest: "voice grade
channels", normally carrying telephony; fax communications;
and analogue data modems. A wide selection of multi-channel
Comint processors are available. Almost all of them separate
voice, fax and data messages into distinct "streams" for
downstream processing and analysis.

12. The AST Model 120 multi-channel processor - used by NSA
in different configurations known as STARQUAKE, COBRA and
COPPERHEAD - can handle 1,000 simultaneous voice channels
and automatically extract fax, data and voice traffic. Model
128, larger still, can process 16 European E-3 channels (a
data rate of 500 Mbps) and extract 480 channels of interest.
The 1999 giant of AST's range, the Model 132 "Voice Channel
Demultiplexer", can scan up to 56,700 communications
channels, extracting more than 3,000 voice channels of
interest. AST also provides Sigint equipment to intercept
low capacity VSAT(79) satellite services used by smaller
businesses and domestic users. These systems can be
intercepted by the AST Model 285 SCPS processor, which
identifies and extracts up to 48 channels of interest,
distinguished between voice, fax and data.

13. According to US government publications, an early
Wideband Extraction system was installed at NSA's Vint Hill
Farms field station in 1970, about the time that systematic
COMSAT interception collection began. That station is now
closed. US publications identify the NSA/CSS Regional Sigint
Operations Centre at San Antonio, Texas, as a site currently
providing a multi-channel Wideband Extraction service.

Filtering, data processing, and facsimile analysis

14. Once communications channels have been identified and
signals of interest extracted, they are analysed further by
sophisticated workstations using special purpose software.
AST's ELVIRA Signals Analysis Workstation is typical of this
type of Sigint equipment. This system, which can be used on
a laptop computer in covert locations, surveys incoming
channels and extracts standard Comint data, including
technical specifications (STRUM) and information about call
destinations (SRI, or signal related information). Selected
communications are relayed to distant locations using NSA
standard "Collected Signals Data Format" (CSDF).(80)

15. High-speed data systems can also be passed to AST's
TRAILMAPPER software system, which works at a data rate of
up to 2.5 Gbps. It can interpret and analyse every type of
telecommunications system, including European, American and
optical standards. TRAILMAPPER appears to have been designed
with a view to analysing ATM (asynchronous transfer mode)
communications. ATM is a modern, high-capacity digital
communications system. It is better suited than standard
Internet connections to carrying multimedia traffic and to
providing business with private networks (VPN, LAN or WAN).
TRAILMAPPER will identify and characterise such business
networks.

16. In the next stage downstream, intercepted signals are
processed according to whether they are voice, fax or data.
AST's "Data Workstation" is designed to categorise all
aspects of data communications, including systems for
handling e-mail or sending files on the Internet.(81)
Although the very latest modem systems (other than ISDN) are
not included in its advertised specification, it is clear
from published research that AST has developed the
technology to intercept and process the latest data
communications systems used by individuals and business to
access the Internet.(82) The Data Workstation can stored and
automatically process 10,000 different recorded signals.

17. Fax messages are processed by AST's Fax Image
Workstation. This is described as a "user friendly,
interactive analysis tool for rapid examination images
stored on disk. Although not mentioned in AST's literature,
standard fax pre-processing for Dictionary computers
involves automatic "optical character recognition" (OCR)
software. This turns the typescript into computer readable
(and processable) text. The effectiveness of these systems
makes fax-derived Comint an important collection subsystem.
It has one drawback. OCR computer systems that can reliably
recognise handwriting do not exist. No one knows how to
design such a system. It follows that, perversely,
hand-written fax messages may be a secure form of
communication that can evade Dictionary surveillance
criteria, provided always that the associated "signal
related information" (calling and receiving fax numbers)
have not been recognised as being of interest and directed
to a Fax Image Workstation.

18. AST also make a "Pager Identification and Message
Extraction" system which automatically collects and
processes data from commercial paging systems. IDEAS offer a
Video Teleconferencing Processor that can simultaneously
view or record two simultaneous teleconferencing sessions.
Sigint systems to intercept cellular mobile phone networks
such as GSM are not advertised by AST or IDEAS, but are
available from other US contractors. The specifications and
ready availability of such systems indicate how
industrialised and pervasive Comint has became. It has moved
far from the era when (albeit erroneously), it was publicly
associated only with monitoring diplomatic or military
messages. Ê Traffic analysis, keyword recognition, text
retrieval, and topic analysis

19. Traffic analysis is a method of obtaining intelligence
from signal related information, such as the number dialled
on a telephone call, or the Calling Line Identification Data
(CLID) which identifies the person making the call. Traffic
analysis can be used where message content is not available,
for example when encryption is used. By analysing calling
patterns, networks of personal associations may be analysed
and studied. This is a principal method of examining voice
communications.

20. Whenever machine readable communications are available,
keyword recognition is fundamental to Dictionary computers,
and to the ECHELON system. The Dictionary function is
straightforward. Its basic mode of operation is akin to web
search engines. The differences are of substance and of
scale. Dictionaries implement the tasking of their host
station against the entire mass of collected communications,
and automate the distribution of selected raw product.

21. Advanced systems have been developed to perform very
high speed sorting of large volumes of intercepted
information. In the late 1980s, the manufacturers of the
RHYOLITE Sigint satellites, TRW, designed and manufactured a
Fast Data Finder (FDF) microchip for NSA. The FDF chip was
declassified in 1972 and made available for commercial use
by a spin-off company, Paracel. Since then Paracel has sold
over 150 information filtering systems, many of them to the
US government. Paracel describes its current FDF technology
as the "fastest, most accurate adaptive filtering system in
the world":

A single TextFinder application may involve trillions of
bytes of textual archive and thousands of online users, or
gigabytes of live data stream per day that are filtered
against tens of thousands of complex interest profiles ...
the TextFinder chip implements the most comprehensive
character-string comparison functions of any text retrieval
system in the world.

Devices like this are ideal for use in ECHELON and the
Dictionary system.

22. A lower capacity system, the PRP-9800 Pattern
Recognition Processor, is manufactured by IDEAS. This is a
computer card which can be fitted to a standard PC. It can
analyse data streams at up to 34 Mbps (the European E-3
standard), matching every single bit to more than 1000
pre-selected patterns.

23. Powerful though Dictionary methods and keyword search
engines may be, however, they and their giant associated
intelligence databases may soon seem archaic. Topic analysis
is a more powerful and intuitive technique, and one that NSA
is developing and promoting with confidence. Topic analysis
enables Comint customers to ask their computers to "find me
documents about subject X". X might be "Shakespeare in love"
or "Arms to Iran".

24. In a standard US test used to evaluate topic analysis
systems,(83) one task the analysis program is given is to
find information about "Airbus subsidies". The traditional
approach involves supplying the computer with the key terms,
other relevant data, and synonyms. In this example, the
designations A-300 or A-320 might be synonymous with
"Airbus". The disadvantage of this approach is that it may
find irrelevant intelligence (for example, reports about
export subsidies to goods flown on an Airbus) and miss
relevant material (for example a financial analysis of a
company in the consortium which does not mention the Airbus
product by name). Topic analysis overcomes this and is
better matched to human intelligence.

25. The main detectable thrust of NSA research on topic
analysis centres on a method called N-gram analysis.
Developed inside NSA's Research group - responsible for
Sigint automation - N-gram analysis is a fast, general
method of sorting and retrieving machine-readable text
according to language and/or topic. The N-gram system is
claimed to work independently of the language used or the
topic studied. NSA patented the method in 1995.(84)

26. To use N-gram analysis, the operator ignores keywords
and defines the enquiry by providing the system with
selected written documents concerning the topic of interest.
The system determines what the topic is from the seed group
of documents, and then calculates the probability that other
documents cover the same topic. In 1994, NSA made its N-gram
system available for commercial exploitation. NSA's research
group claimed that it could be used on "very large data sets
(millions of documents)", could be quickly implemented on
any computer system and that it could operate effectively
"in text containing a great many errors (typically 10-15% of
all characters)".

27. According to former NSA Director William Studeman,
"information management will be the single most important
problem for the (US) Intelligence Community" in the
future.(85) Explaining this point in 1992, he described the
type of filtering involved in systems like ECHELON:

One [unidentified] intelligence collection system alone can
generate a million inputs per half hour; filters throw away
all but 6500 inputs; only 1,000 inputs meet forwarding
criteria; 10 inputs are normally selected by analysts and
only one report Is produced. These are routine statistics
for a number of intelligence collection and analysis systems
which collect technical intelligence.

The "Data Workstation" Comint software system analyses up to
10,000 recorded messages, identifying Internet traffic,
e-mail messages and attachments

Speech recognition systems

28. For more than 40 years, NSA, ARPA, GCHQ and the British
government Joint Speech Research Unit have conducted and
sponsored research into speech recognition. Many press
reports (and the previous STOA report) have suggested that
such research has provided systems which can automatically
select telephone communications of intelligence interest
based on the use of particular "key words" by a speaker. If
available, such systems would enable vastly more extensive
Comint information to be gathered from telephone
conversations than is available from other methods of
analysis. The contention that telephone word-spotting
systems are readily available appears to by supported by the
recent availability of a string of low-cost software
products resulting from this research. These products permit
PC users to dictate to their computers instead of entering
data through the keyboard. (86)

29. The problem is that for Comint applications, unlike
personal computer dictation products, speech recognition
systems have to operate in a multi-speaker, multi-language
environment where numerous previously never heard speakers
may each feature physiological differences, dialect
variations, and speech traits. Commercial PC systems usually
require one or more hours of training in order reliably to
recognise a single speaker. Even then, such systems may
mistranscribe 10% or more of the words spoken.

30. In PC dictation applications, the speaker can correct
mistranscriptions and continually retrain the recognition
system, making a moderate error rate acceptable. For use in
Comint, where the interception system has no prior knowledge
of what has been said (or even the language in use), and has
to operate in the poorer signal environment of a telephone
speech channel, such error rates are unachievable. Worse
still, even moderate error rates can make a keyword
recognition system worthless by generating both false
positive outputs (words wrongly identified as keywords) and
false negative outputs (missing genuine keywords).

31. This study has found no evidence that voice keyword
recognition systems are currently operationally deployed,
nor that they are yet sufficiently accurate to be worth
using for intelligence purposes.

Continuous speech recognition

32. The fundamental technique in many speech recognition
applications is a statistical method called Hidden Markov
Modelling (HMM). HMM systems have been developed at many
centres and are claimed academically to offer "good word
spotting performance ... using very little or no acoustic
speech training".(87) The team which reported this result
tested its system using data from the US Department of
Defense "Switchboard Data", containing recordings of
thousand of different US telephone conversations. On a
limited test the probabilities of correctly detecting the
occurrences of 22 keywords ranged from 45-68% on settings
which allowed for 10 false positive results per keyword per
hour. Thus if 1000 genuine keywords appeared during an
hour's conversation, there would be at least 300 missed key
words, plus 220 false alarms.

33. At about the same time, (February 1990), the Canadian
Sigint organisation CSE awarded a Montreal-based computer
research consultancy the first of a series of contracts to
develop a Comint wordspotting system.(88) The goal of the
project was to build a word-spotter that worked well even
for noisy calls. Three years later, CRIM reported that "our
experience has taught us that, regardless of the
environmental conditions, wordspotting remains a difficult
problem". The key problem, which is familiar to human
listeners, is that a single word heard on its own can easily
be misinterpreted, whereas in continuous speech the meaning
may be deduced from surrounding words. CRIM concluded in
1993 that "it is probable that the most effective way of
building a reliable wordspotter is to build a large
vocabulary continuous speech recognition (CSR) system".

34. Continuous speech recognition software working in real
time needs a powerful fast, processor. Because of the lack
of training and the complex signal environment found in
intercepted telephone calls, it is likely that even faster
processors and better software than used in modern PCs would
yield poorer results than are now provided by well-trained
commercial systems. Significantly, an underlying problem is
that voice keyword recognition is, as with machine-readable
messages, an imperfect means to the more useful intelligence
goal - topic spotting.

35. In 1993, having failed to build a workable wordspotter,
CRIM suggesting "bypassing" the problem and attempting
instead to develop a voice topic spotter. CRIM reported that
"preliminary experiments reported at a recent meeting of
American defense contractors ... indicate that this may in
fact be an excellent approach to the problem". They offered
to produce an "operational topic spotting" system by 1995.
They did not succeed. Four years later, they were still
experimenting on how to built a voice topic spotter.(89)
They received a further research contract. One method CRIM
proposed was NSA's N-gram technique.

Speaker identification and other voice message selection
techniques

36. In 1993, CRIM also undertook to supply CSE with an
operational speaker identification module by March 1995.
Nothing more was said about this project, suggesting that
the target may have been met. In the same year, according to
NSA documents, the IDEAS company supplied a "Voice Activity
Detector and Analyser", Model TE464375-1, to NSA's offices
inside GCHQ Cheltenham. The unit formed the centre of a
14-position computer driven voice monitoring system. This
too may have been an early speaker identification system.

37. In 1995, widely quoted reports suggested that NSA
speaker identification had been used to help capture the
drug cartel leader Pablo Escobar. The reports bore strong
resemblance to a novel by Tom Clancy, suggesting that the
story may have owed more to Hollywood than high tech. In
1997, the Canadian CRE awarded a contract to another
researcher to develop "new retrieval algorithms for speech
characteristics used for speaker identification", suggesting
this method was not by then a fully mature technology.
According to Sigint staff familiar with the current use of
Dictionary, it can be programmed to search to identify
particular speakers on telephone channels. But speaker
identification is still not a particularly reliablr or
effective Comint technique.(90)

38. In the absence of effective wordspotting or speaker
identification techniques, NSA has sought alternative means
of automatically analysing telephone communications.
According NSA's classification guide, other techniques
examined include Speech detection - detecting the presence
or absence of speech activity; Speaker discrimination -
techniques to distinguish between the speech of two or more
speakers; and Readability estimation - techniques to
determine the quality of speech signals. System descriptions
must be classified "secret" if NSA "determines that they
represent major advances over techniques known in the
research community".(91)

"Workfactor reduction"; the subversion of cryptographic
systems

39. From the 1940s to date, NSA has undermined the
effectiveness of cryptographic systems made or used in
Europe. The most important target of NSA activity was a
prominent Swiss manufacturing company, Crypto AG. Crypto AG
established a strong position as a supplier of code and
cypher systems after the second world war. Many governments
would not trust products offered for sale by major powers.
In contrast, Swiss companies in this sector benefited from
Switzerland's neutrality and image of integrity.

40. NSA arranged to rig encryption systems sold by Crypto
AG, enabling UKUSA agencies to read the coded diplomatic and
military traffic of more than 130 countries. NSA's covert
intervention was arranged through the company's owner and
founder Boris Hagelin, and involved periodic visits to
Switzerland by US "consultants" working for NSA. One was
Nora L MacKabee, a career NSA employee. A US newspaper
obtained copies of confidential Crypto AG documents
recording Ms Mackebee's attendance at discussion meetings in
1975 to design a new Crypto AG machine".(92)

41. The purpose of NSA's interventions were to ensure that
while its coding systems should appear secure to other
cryptologists, it was not secure. Each time a machine was
used, its users would select a long numerical key, changed
periodically. Naturally users wished to selected their own
keys, unknown to NSA. If Crypto AG's machines were to appear
strong to outside testers, then its coding system should
work, and actually be strong. NSA's solution to this
apparent condundrum was to design the machine so that it
broadcast the key it was using to listeners. To prevent
other listeners recognising what was happening, the key too
had also to be sent in code - a different code, known only
to NSA. Thus, every time NSA or GCHQ intercepted a message
sent using these machines, they would first read their own
coded part of the message, called the "hilfsinformationen"
(help information field) and extract the key the target was
using. They could then read the message itself as fast or
even faster than the intended recipient(93)

42. The same technique was re-used in 1995, when NSA became
concerned about cryptographic security systems being built
into Internet and E-mail software by Microsoft, Netscape and
Lotus. The companies agreed to adapt their software to
reduce the level of security provided to users outside the
United States. In the case of Lotus Notes, which includes a
secure e-mail system, the built-in cryptographic system uses
a 64 bit encryption key. This provides a medium level of
security, which might at present only be broken by NSA in
months or years.

43. Lotus built in an NSA "help information" trapdoor to its
Notes system, as the Swedish government discovered to its
embarrassment in 1997. By then, the system was in daily use
for confidential mail by Swedish MPs, 15,000 tax agency
staff and 400,000 to 500,000 citizens. Lotus Notes
incorporates a "workfactor reduction field" (WRF) into all
e-mails sent by non US users of the system. Like its
predecessor the Crypto AG "help information field" this
device reduces NSA's difficulty in reading European and
other e-mail from an almost intractable problem to a few
seconds work. The WRF broadcasts 24 of the 64 bits of the
key used for each communication. The WRF is encoded, using a
"public key" system which can only be read by NSA. Lotus, a
subsidiary of IBM, admits this. The company told Svenska
Dagbladet:

"The difference between the American Notes version and the
export version lies in degrees of encryption. We deliver 64
bit keys to all customers, but 24 bits of those in the
version that we deliver outside of the United States are
deposited with the American government".(94)

44. Similar arrangements are built into all export versions
of the web "browsers" manufactured by Microsoft and
Netscape. Each uses a standard 128 bit key. In the export
version, this key is not reduced in length. Instead, 88 bits
of the key are broadcast with each message; 40 bits remain
secret. It follows that almost every computer in Europe has,
as a built-in standard feature, an NSA workfactor reduction
system to enable NSA (alone) to break the user's code and
read secure messages.

45. The use of powerful and effective encryption systems
will increasingly restrict the ability of Comint agencies to
process collected intelligence. "Moore's law" asserts that
the cost of computational power halves every 18 months. This
affects both the agencies and their targets. Cheap PCs can
now efficiently perform complex mathematical calculations
need for effective cryptography. In the absence of new
discoveries in physics or mathematics Moore's law favours
codemakers, not codebreakers.

Glossary and definitions

ATM Asynchronous Transfer
Mode; a high speed form of digital communications
increasingly used for on the Internet

BND Bundesachrichtendienst; the foreign intelligence
agency of the Federal Republic of Germany. Its functions
include Sigint

CCITT Consultative Committee for International Telephony
and Telegraphy; United Nations agency developing standards
and protocols for telecommunications; part of the ITU; also
known as ITU-T

CEPT Conference Europeene des Postes et des
Telecommunications

CLID Calling Line Identification Data

Comint Comint Communications Intelligence

COMSAT (Civil or commercial) communications satellite;
for military communications usage, the phraseology is
commonly reversed, i.e., SATCOM.

CRIM CRIM Centre de Recherche Informatique de Montreal

CSDF CSDF Collected Signals Data Format; a term used only
in Sigint

CSE CSE Communications Security Establishment, the Sigint
agency of Canada

CSS CSS Central Security Service; the military component
of NSA

DARPA DARPA Defense Advanced Research Projects Agency
(United States Department of Defense)

DGSE Directorate General de Securite Exteriere, the
foreign intelligence agency of France. Its functions include
Sigint

DSD DSD Defence Signals Directorate, the Sigint agency of
the Commonwealth of Australia

DODJOCC DODJOCC Department of Defense Joint Operations
Centre Chicksands

E1, E3 (etc) Standard for digital or TDM communications
systems defined by the CEPT, and primarily used within
Europe and outside North America

ENFOPOL EU designation for documents concerned with law
enforcement matters/police

FAPSI Federalnoe Agenstvo Pravitelstvennoi Svyazi i
Informatsii, the Federal Agency for Government
Communications and Information of Russia. Its functions
include Sigint

FBI FBI Federal Bureau of Investigation; the national law
enforcement and counter-intelligence agency of the United
States

FDF FDF Fast Data Finder

FDM FDM Frequency Division Multiplex; a form of
multi-channel communications based on analogue signals

FISA FISA Foreign Intelligence Surveillance Act (United
States)

FISINT FISINT Foreign Instrumentation Signals
Intelligence, the third branch of Sigint

Gbps Gigabits per second

GCHQ GCHQ Government Communications Headquarters; the
Sigint agency of the United Kingdom

GHz GigaHertz

Gisting Within Sigint, the analytical task of replacing a
verbatim text with the sense or main points of a
communication

HDLC HDLC High-level Data Link Control

HF HF High Frequency; frequencies from 3MHz to 30MHz

HMM HMM Hidden Markov Modelling, a technique widely used
in speech recognition systems.

ILETS ILETS International Law Enforcement
Telecommunications Seminar

Intelsat International Telecommunications Satellite

IOSA IOSA Interim Overhead Sigint Architecture

Iridium Satellite Personal Communications System
involving 66 satellites in low earth orbit, providing global
communications from mobile telephones

ISDN ISDN Integrated Services Data Network

ISP ISP Internet Service Provider

ITU ITU International Telecommunications Union

IUR IUR International User Requirements (for
communications interception); IUR 1.0 was prepared by ILETS
(qv) in 1994

IXP IXP Internet Exchange Point

LAN LAN Local Area Network

LES LEA Law Enforcement Agency (American usage)

Mbps Megabits per second

MHz MegaHertz

Microwave Radio signals with wavelengths of 10cm or
shorter; frequencies above 1GHz

Modem Modem Device for sending data to and from (e.g.) a
computer; a "modulator-demodulator)

MIME MIME Multipurpose Internet Message Extension; a
systems used for sending computer files, images, documents
and programs as "attachments" to an e-mail message

N-gram analysis A system for analysing textual documents;
in this context, a system for matching a large group of
documents to a smaller group embodying a topic of interest.
The method depends on counting the frequency with which
character groups of length N appear in each document; hence
N-gram

NSA NSA National Security Agency, the Sigint agency of
the United States

OCR Optical Character Recognition

PC Personal Computer

PCS Personal Communications Systems; the term includes
mobile telephone systems, paging systems and future wide
area radio data links for personal computers, etc

POP/ POP3 Post Office Program; a system used for
receiving and holding e-mail

PTT Posts Telegraph and Telephone (Administration or
Authority)

RAID Redundant Array of Inexpensive Disks

SCI Sensitive Compartmented Intelligence; used to limit
access to Comint information according to "compartments"

SCPC Single Channel Per Carrier; low capacity satellite
communications system

SMTP Standard Mail Transport Protocol

Sigint Signals Intelligence

SONET Synchronous Optical Network

SMDS Switched Multi-Megabit Data Service

SMO Support for Military Operations

SPCS Satellite Personal Communications Systems

SRI Signal Related Information; a term used only in
Sigint

STOA Science and Technology Assessments Office of the
European Parliament; the body commissioning this report

T1,T3 (etc) Digital or TDM communications systems
originally defined by the Bell telephone system in North
America, and primarily used there

TCP/IP Terminal Control Protocol/Internet Protocol

TDM Time Division Muliplex; a form of multi-channel
communications normally based on digital signals

Traffic analysis Within Sigint, a method of analysing and
obtaining intelligence from messages without reference to
their content; for example by studying the origin and
destination of messages with a view to eliciting the
relationship between sender and recipient, or groups thereof

UKUSA UK-USA agreement

VPN Virtual Private Network

VSAT Very Small Aperture Terminal; low capacity satellite
communications system serving home and business users

WAN Wide Area Network

WRF Workfactor Reduction Field

WWW World Wide Web

X.25, V.21, V.34, V.90, V.100 (etc) are CCITT
telecommunications standards

Notes

1. UKUSA refers to the 1947 United Kingdom - United States
agreement on Signals intelligence. The nations of the UKUSA
alliance are the United States (the "First Party"), United
Kingdom, Canada, Australia and New Zealand (the "Second
Parties").

2. "An appraisal of the Technologies of Political Control",
Steve Wright, Omega Foundation, European Parliament (STOA),
6 January 1998.

3. "They've got it taped", Duncan Campbell, New Statesman, 12
August 1988. "Secret Power : New Zealand's Role in the
International Spy Network", Nicky Hager, Craig Potton
Publishing, PO Box 555, Nelson, New Zealand, 1996.

4. National Security Council Intelligence Directive No 6,
National Security Council of the United States, 17 February
1972 (first issued in 1952).

5. SIGINT is currently defined as consisting of COMINT, ELINT
(electronic or non-communications intelligence and FISINT
(Foreign Instrumentation Signals Intelligence).

6. Statement by Martin Brady, Director of DSD, 16 March 1999.
To be broadcast on the Sunday Programme, Channel 9 TV
(Australia), May 1999.

7. "Farewell", despatch to all NSA staff, William Studeman, 8
April 1992. The two business areas to which Studeman
referred were "increased global access" and "SMO" (support
to military operations).

8. Federalnoe Agenstvo Pravitelstvennoi Svyazi i Informatsii,
the (Russian) Federal Agency for Government Communications
and Information. FAPSI's functions extend beyond Comint and
include providing government and commercial communications
systems.

9. Private communications from former NSA and GCHQ employees.

10. Sensitive Compartmented Intelligence.

11. See note 1.

12. Private communications from former GCHQ employees; the
US Act is the Foreign Intelligence Surveillance Act (FISA).

13. See note 6.

14. In 1919, US commercial cable companies attempted to
resist British government demands for access to all cables
sent overseas. Three cable companies testified to the US
Senate about these practices in December 1920. In the same
year, the British Govern