Inside Menwith Hill

The narrow roads are quiet and winding, surrounded by rolling green fields and few visible signs of life beyond the occasional herd of sheep. But on the horizon, massive white golf ball-like domes protrude from the earth, protected behind a perimeter fence that is topped with piercing razor wire. Here, in the heart of the tranquil English countryside, is the National Security Agency’s largest overseas spying base.

Once known only by the code name Field Station 8613, the secret base — now called Menwith Hill Station — is located about nine miles west of the small town of Harrogate in North Yorkshire. Originally used to monitor Soviet communications through the Cold War, its focus has since dramatically shifted, and today it is a vital part of the NSA’s sprawling global surveillance network.

For years, journalists and researchers have speculated about what really goes on inside Menwith Hill, while human rights groups and some politicians have campaigned for more transparency about its activities. Yet the British government has steadfastly refused to comment, citing a longstanding policy not to discuss matters related to national security.

Now, however, top-secret documents obtained by The Intercept offer an unprecedented glimpse behind Menwith Hill’s razor wire fence. The files reveal for the first time how the NSA has used the British base to aid “a significant number of capture-kill operations” across the Middle East and North Africa, fueled by powerful eavesdropping technology that can harvest data from more than 300 million emails and phone calls a day.

Over the past decade, the documents show, the NSA has pioneered groundbreaking new spying programs at Menwith Hill to pinpoint the locations of suspected terrorists accessing the internet in remote parts of the world. The programs — with names such as GHOSTHUNTER and GHOSTWOLF — have provided support for conventional British and American military operations in Iraq and Afghanistan. But they have also aided covert missions in countries where the U.S. has not declared war. NSA employees at Menwith Hill have collaborated on a project to help “eliminate” terrorism targets in Yemen, for example, where the U.S. has waged a controversial drone bombing campaign that has resulted in dozens of civilian deaths.

The disclosures about Menwith Hill raise new questions about the extent of British complicity in U.S. drone strikes and other so-called targeted killing missions, which may in some cases have violated international laws or constituted war crimes. Successive U.K. governments have publicly stated that all activities at the base are carried out with the “full knowledge and consent” of British officials.

The revelations are “yet another example of the unacceptable level of secrecy that surrounds U.K. involvement in the U.S. ‘targeted killing’ program,” Kat Craig, legal director of London-based human rights group Reprieve, told The Intercept.

“It is now imperative that the prime minister comes clean about U.K. involvement in targeted killing,” Craig said, “to ensure that British personnel and resources are not implicated in illegal and immoral activities.”

The Surveillance Engine

The National Security Agency is secretly providing data to nearly two dozen U.S. government agencies with a “Google-like” search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats, according to classified documents obtained by The Intercept.

The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies. Planning documents for ICREACH, as the search engine is called, cite the Federal Bureau of Investigation and the Drug Enforcement Administration as key participants.

ICREACH contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing. Details about its existence are contained in the archive of materials provided to The Intercept by NSA whistleblower Edward Snowden.

Earlier revelations sourced to the Snowden documents have exposed a multitude of NSA programs for collecting large volumes of communications. The NSA has acknowledged that it shares some of its collected data with domestic agencies like the FBI, but details about the method and scope of its sharing have remained shrouded in secrecy.

ICREACH has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work, according to a 2010 memo. A planning document from 2007 lists the DEA, FBI, Central Intelligence Agency, and the Defense Intelligence Agency as core members. Information shared through ICREACH can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs.

The creation of ICREACH represented a landmark moment in the history of classified U.S. government surveillance, according to the NSA documents.

“The ICREACH team delivered the first-ever wholesale sharing of communications metadata within the U.S. Intelligence Community,” noted a top-secret memo dated December 2007. “This team began over two years ago with a basic concept compelled by the IC’s increasing need for communications metadata and NSA’s ability to collect, process and store vast amounts of communications metadata related to worldwide intelligence targets.”

The search tool was designed to be the largest system for internally sharing secret surveillance records in the United States, capable of handling two to five billion new records every day, including more than 30 different kinds of metadata on emails, phone calls, faxes, internet chats, and text messages, as well as location information collected from cellphones. Metadata reveals information about a communication—such as the “to” and “from” parts of an email, and the time and date it was sent, or the phone numbers someone called and when they called—but not the content of the message or audio of the call.

ICREACH does not appear to have a direct relationship to the large NSA database, previously reported by The Guardian, that stores information on millions of ordinary Americans’ phone calls under Section 215 of the Patriot Act. Unlike the 215 database, which is accessible to a small number of NSA employees and can be searched only in terrorism-related investigations, ICREACH grants access to a vast pool of data that can be mined by analysts from across the intelligence community for “foreign intelligence”—a vague term that is far broader than counterterrorism.

Data available through ICREACH appears to be primarily derived from surveillance of foreigners’ communications, and planning documents show that it draws on a variety of different sources of data maintained by the NSA. Though one 2010 internal paper clearly calls it “the ICREACH database,” a U.S. official familiar with the system disputed that, telling The Intercept that while “it enables the sharing of certain foreign intelligence metadata,” ICREACH is “not a repository [and] does not store events or records.” Instead, it appears to provide analysts with the ability to perform a one-stop search of information from a wide variety of separate databases.

In a statement to The Intercept, the Office of the Director of National Intelligence confirmed that the system shares data that is swept up by programs authorized under Executive Order 12333, a controversial Reagan-era presidential directive that underpins several NSA bulk surveillance operations that monitor communications overseas. The 12333 surveillance takes place with no court oversight and has received minimal Congressional scrutiny because it is targeted at foreign, not domestic, communication networks. But the broad scale of 12333 surveillance means that some Americans’ communications get caught in the dragnet as they transit international cables or satellites—and documents contained in the Snowden archive indicate that ICREACH taps into some of that data.

Legal experts told The Intercept they were shocked to learn about the scale of the ICREACH system and are concerned that law enforcement authorities might use it for domestic investigations that are not related to terrorism.

“To me, this is extremely troublesome,” said Elizabeth Goitein, co-director of the Liberty and National Security Program at the New York University School of Law’s Brennan Center for Justice. “The myth that metadata is just a bunch of numbers and is not as revealing as actual communications content was exploded long ago—this is a trove of incredibly sensitive information.” Brian Owsley, a federal magistrate judge between 2005 and 2013, said he was alarmed that traditional law enforcement agencies such as the FBI and the DEA were among those with access to the NSA’s surveillance troves. “This is not something that I think the government should be doing,” said Owsley, an assistant professor of law at Indiana Tech Law School. “Perhaps if information is useful in a specific case, they can get judicial authority to provide it to another agency. But there shouldn’t be this buddy-buddy system back-and-forth.”

Jeffrey Anchukaitis, an ODNI spokesman, declined to comment on a series of questions from The Intercept about the size and scope of ICREACH, but said that sharing information had become “a pillar of the post-9/11 intelligence community” as part of an effort to prevent valuable intelligence from being “stove-piped in any single office or agency.”

Using ICREACH to query the surveillance data, “analysts can develop vital intelligence leads without requiring access to raw intelligence collected by other IC [Intelligence Community] agencies,” Anchukaitis said. “In the case of NSA, access to raw signals intelligence is strictly limited to those with the training and authority to handle it appropriately. The highest priority of the intelligence community is to work within the constraints of law to collect, analyze and understand information related to potential threats to our national security.”

Mass Interception

Every day, billions of emails and phone calls flow through communications networks in countries across the world. Now, one American company has built technology capable of spying on them all — and business is booming.

Verint, a leading manufacturer of surveillance technologies, is headquartered in Melville, New York, in a small cluster of nondescript buildings that also includes the office of a multinational cosmetics supplier and some electronics companies.

Among Verint’s products are unremarkable security cameras and systems that enable call center managers to monitor their workers. But it also sells some of the world’s most sophisticated eavesdropping equipment, creating a line of spy tools designed to help governments and intelligence agencies snoop on communications across an entire country.

Verint sells what it calls “monitoring centers” that “enable the interception, monitoring, and analysis of target and mass communications over virtually any network.” These systems are designed to be integrated within a country’s communications infrastructure and, according to Verint’s website, are currently used in more than 75 nations.

The technology Verint designs doesn’t just target specific criminal groups or terrorists. It can be tailored to intercept the phone calls and emails of millions of everyday citizens and store them on vast databases for later analysis.

Verint boasts in its marketing materials that its “Vantage” monitoring center enables “nationwide mass interception” and “efficiently collects, analyzes, and exposes threats from billions of communications.” And if that’s not enough to satisfy spy agencies’ thirst for intelligence, Verint has more to offer. The company says it can also help governments automatically identify people from the sound of their voice using speech identification software, intercept the cellular and satellite mobile phone communications of “mass populations over a wide area” using a covert portable device, and provide data-mining tools to build detailed profiles about criminals and other “negative influencers” in real time.

The National Security Agency in the United States has reportedly purchased Verint snooping equipment, as have authorities in Mexico. However, the use of such technology in the US is a legally contentious issue. Mass monitoring of solely domestic calls and emails would be prohibited under the Fourth Amendment, which protects against unwarranted searches and seizures. But a controversial clause in a 2008 amendment to the Foreign Intelligence and Surveillance Act means mining communications as they pass between the United States and countries of interest like Pakistan and Yemen can be deemed technically permissible.

(Other countries have few regulations in this area, if any at all. Libyan dictator Muammar Gaddafi was able to get his hands on French mass surveillance gear in 2006, which was subsequently used domestically to indiscriminately track dissidents and other regime opponents.)

With revenues of more than an estimated $840 million in 2012 according to public accounts, Verint has at least 16 offices in countries including Japan, China, Russia, Israel, Australia, Canada, Germany, France, the United Kingdom, and the Philippines.

The company’s accounts reveal that its communications intelligence solutions have generated a significant proportion of revenue and have been selling better than ever in recent years. Between 2006 and 2011, for instance, Verint’s annual communications intelligence sales rocketed by almost 70 percent from $108 million to $182 million. And 2012 looks to be another good year, with a projected increase of about 13 percent looking likely based on the figures published for the first three quarters. Most of the company’s communications surveillance sales in 2012 were made in the Americas (53 percent). EMEA (Europe, the Middle East, and Africa) comprise approximately a 27 percent of its sales, and APAC (Asia-Pacific region) a further 20 percent.

I contacted Verint to seek more information about its advanced eavesdropping tools. In particular, I wanted to know whether it follows the U.S. government’s "Know Your Customer" guidelines, which are designed to help businesses avoid selling goods to countries or customers where they might have an “inappropriate end-use.” But Verint declined to answer a series of detailed questions for this story and turned down an interview request. A public relations representative acting on behalf of the company told me that “due to the sensitive nature of these solutions, they [Verint] tend not to seek deeper coverage of this area of the business.”

Governments across the world are using Verint’s technology to sift through masses of intercepted communications — that much is certain. The rest, at least for now, remains a tight-lipped secret.

The Inslaw case: Dirtier than Watergate

It was described as dirtier than Watergate, and involved US government dealings with Iraq, Libya, Korea and even the late British publishing tycoon Robert Maxwell. The story is deep, dark and complex; a web of strange dealings and dubious characters, it implicates wealthy arms dealers, Israeli intelligence services, the Soviet KGB, MI5 and the CIA. But unlike Watergate, this scandal, from a particularly dark chapter in American history, has appeared in no Hollywood film and is yet to reach a satisfying conclusion.

It began in the late 1970s, when the Washington-based software developer Inslaw pioneered people-tracking technology, designed to be used by prosecutors to monitor case records. Known as the Prosecutor's Management Information System (PROMIS), the software was developed under grants from the US department of justice. The US government, as it helped fund the creation of PROMIS, had been licensed to use the software on condition that it did not modify, distribute or create derivative versions of it. The government, however, did not stick to this agreement.

Under the Ronald Reagan administration's covert intelligence initiative known as "'Follow the Money", the US National Security Agency (NSA) misappropriated PROMIS for sale to banks in 1982. The version of PROMIS sold by the NSA had been "espionage-enabled" through a back door in the programme, allowing the agency to covertly conduct real-time electronic surveillance of the flow of money to suspected terrorists and other perceived threats to US national interests.

A letter from the US department of justice in 1985, later obtained by Inslaw, documented more plans for the covert sale and distribution of the espionage-enabled version of PROMIS, this time to governments in the Middle East (which would surreptitiously allow the US to spy on foreign intelligence agencies). The letter outlined how sales of the software were to be facilitated by the late Saudi billionaire Khalid bin Mahfouz and the arms dealers Adnan Khashoggi and Manucher Ghorbanifar. PROMIS should be delivered without "paperwork, customs, or delay", it stated, and all of the transactions paid for through a Swiss bank account.

In the years that followed, friends of then attorney general Edwin Meese, including a Reagan associate, Dr Earl Brian of the government consultancy firm Hadron, Inc, were reportedly allowed to sell and distribute pirated versions of PROMIS domestically and overseas. As a House judiciary committee report found in 1992, these individuals were apparently permitted to do so "for their personal financial gain and in support of the intelligence and foreign policy objectives of the United States".

Brian, who was later jailed for four years on an unrelated fraud charge in 1998, has since denied any association with the Inslaw case. According to the former arms broker and CIA "contract operative" Richard Babayan, however, he was instrumental in selling PROMIS to the governments of Iraq, Libya and Korea. When Brian was unable to market PROMIS further, it is claimed that, with the help of Rafi Eitan, a high-ranking Israeli intelligence officer, the British publisher Robert Maxwell was recruited to assist.

In a sworn affidavit, the investigative author Gordon Thomas recounts how Eitan told him Maxwell alone sold over $500m worth of espionage-enabled versions of PROMIS – including licences to the UK, Australia, South Korea, Canada and the Soviet KGB. The British counter-intelligence agency MI5, according to Eitan (who himself was an adviser to the UK secret service MI6), used PROMIS to track members of the Irish Republican Army (IRA), as well as Irish republican political leaders including Gerry Adams.

Inslaw alleges the US government, by selling PROMIS to other governments around the world, engaged in what equates to "multibillion-dollar theft". This claim was supported by two separate courts in 1988, which ruled that it "took, converted, stole" PROMIS from Inslaw "through trickery, fraud and deceit". Three years later, however, a court of appeal overturned both rulings on a "jurisdictional technicality" after pressure from the federal justice department.

Now more than two decades since he pioneered PROMIS, the Inslaw president Bill Hamilton today believes the story illustrates an enduring, fundamental problem at the heart of the US justice system. "[It] chronicles the continued inability of the US government to enforce federal criminal laws in cases involving national security issues, or even to render ordinary civil justice," he says. "National security appears to suspend the checks and balances built into the system of government in the United States, to the detriment of the citizens."

Some, including the US government, have tried to dismiss the Inslaw saga as conspiracy. But a message relayed to Bill Hamilton and his wife from the former chief investigator of the Senate judiciary committee, Ronald LeGrand, seems to confirm that the strange PROMIS affair – which remains unresolved – is much more than just a case of chronic paranoia.

"What Mr and Mrs Hamilton think happened, did happen," LeGrand wrote, conveying information he had received from a trusted government source. "The Inslaw case is a lot dirtier for the Department of Justice than Watergate was, in both breadth and depth. The Department of Justice has been compromised in the Inslaw case at every level."

This article appeared originally at: http://www.newstatesman.com/blogs/the-staggers/2011/04/promis-government-inslaw

'It was about the potential slaughter of citizens'

Katharine Gun was 29 years old when the government tried to prosecute her for breaching the Official Secrets Act. It was early 2003, and both Britain and America were on the road to war with Iraq. Amid since-discredited claims that Iraq was allegedly producing biological weapons, the British prime minister, Tony Blair, and the US president, George W Bush, met at the White House. That same day, 31 January 2003, an email passed across Gun's desk at her office in Cheltenham, where she worked as a translator for the British Government Communications Headquarters (GCHQ), the intelligence agency.

The email shocked her. From the US National Security Agency (NSA), it detailed US plans to illegally bug the offices of six UN member states in the lead-up to the Iraq war. Its intention was clear – it asked for British help in the ploy, to give US policymakers "the edge" in swaying opinion in favour of the war. This was a direct attempt to undermine democratic process, Gun felt, and she had to do something about it.

Eight years on and now a mother, she recalls her thoughts that day. "I was particularly concerned about the reason behind the bugging, because it was in order to facilitate an invasion in Iraq," she says. "It was about the potential slaughter of citizens and the disruption and destruction of a country which was already practically on its knees. I felt that the public really needed to know about that."

She printed off a copy and stewed on it for a while, before passing it on to a friend with ties to journalists. Not long later, the story appeared on the front page of the Observer, two weeks before the Iraq invasion. Gun knew she was in for trouble when she saw the headline one quiet Sunday at her local shop. It read: "Revealed: US dirty tricks to win vote on Iraq war".

A full-blown government investigation ensued, and it wasn't long before Gun cracked under pressure and admitted to the leak. She was promptly arrested and charged with breaching the Official Secrets Act. But after several high-profile court visits, the charges were dropped when the prosecution declined to give evidence.

Yet even after clearing her name and moving far away from the GCHQ heartland in Cheltenham, Gun found it hard to leave her past behind as she took up new career in teaching. "It was quite difficult at first to let go of that name tag that was applied to me," she says, "and it did take quite a while – maybe two years – before I got back into my own skin."

Would she do it again if faced with the same choice today? "That is a difficult question," she replies. "Before I had a child my answer was always, 'Yes, I would do it again,' but when you have a family and a child to think about, then it does put a slightly different twist on the whole issue . . . You've got to weigh up your decisions."

Now a full-time mother, Gun remains vocal in her support for the principles behind whistleblowing. In December, she signed a statement in support of WikiLeaks along with the Pentagon Papers leaker Daniel Ellsberg and other prominent former whistleblowers.

She also expresses her alarm at the treatment of Bradley Manning, the 23-year-old US soldier accused of leaking thousands of classified documents to WikiLeaks. Manning has been held in solitary confinement for more than 300 days, in conditions Amnesty International has described as "inhumane" and "repressive".

"It's atrocious that in a so-called democracy a soldier serving in the US army is facing that sort of treatment, which, I believe, is against any proper legal jurisdiction," says Gun. "It just goes to show the state of America – how fearful they are of losing their grip on absolute power in the global world."

The sheer volume of documents Manning is alleged to have leaked – over 700,000 – would have been inconceivable back in 2003, the year Gun released her solitary email to the world.

Since then, technology has allowed for leaking on an industrial scale, like never before. At the same time governments have evolved new ways of spying on each other. Last November, it was revealed – in a diplomatic cable released by WikiLeaks, no less – that the US had plotted secretly to illegally obtain biometric data (including iris scans, fingerprints and DNA) as well as credit-card information from the UN leadership.

The revelation caused a sensation, but for Gun it was a familiar story that hardly came as a surprise.

"That's just the way of the world," she says. "The whole Big Brother vision of the world is looming large . . . Until people open their eyes and realise what it means to start relinquishing these things, it'll be too late."

This article originally appeared at: http://www.newstatesman.com/blogs/the-staggers/2011/04/iraq-war-gun-british-2003

To read about more by me on prominent modern-day whistleblowers, click here and here. To read my report on a recent debate in London about whistleblowing featuring WikiLeaks' Julian Assange, click here (part I) and here (part II).