Group items tagged

The operation was conducted with the involvement of the White House intelligence coordinator and the FBI. One document states that the threat posed by Huawei is "unique". The agency also stated in a document that "the intelligence community structures are not suited for handling issues that combine economic, counterintelligence, military influence and telecommunications infrastructure from one entity."

Editor's note: A longer version of this story will appear in German in the issue of SPIEGEL to be published on Monday.

This is classic lawyerly understatement. My hunch is that if you were to visit the legal departments of many internet companies today you would find people changing their underpants at regular intervals. For the big names of the search and social media worlds this is a nightmare scenario. For those of us who take a more detached view of their activities, however, it is an encouraging development. For one thing, it provides yet another confirmation of the sterling service that Snowden has rendered to civil society. His revelations have prompted a wide-ranging reassessment of where our dependence on networking technology has taken us and stimulated some long-overdue thinking about how we might reassert some measure of democratic control over that technology. Snowden has forced us into having conversations that we needed to have. Although his revelations are primarily about government surveillance, they also indirectly highlight the symbiotic relationship between the US National Security Agency and Britain’s GCHQ on the one hand and the giant internet companies on the other. For, in the end, both the intelligence agencies and the tech companies are in the same business, namely surveillance.

And both groups, oddly enough, provide the same kind of justification for what they do: that their surveillance is both necessary (for national security in the case of governments, for economic viability in the case of the companies) and conducted within the law. We need to test both justifications and the great thing about the European court of justice judgment is that it starts us off on that conversation.

U.S. officials have maintained that they do not steal secrets to give an advantage to U.S. companies, but in China, Lewis said, the line between military and business prowess is unclear.Unit 61398 has hundreds of active spies and is just one of dozens of such bodies in China, said Jen Weedon, an analyst at Mandiant, now owned by global network security company FireEye Inc. She said the group is not among the most sophisticated.

Washington announced the charges as new claims emerged last week about the scope of overseas spying by the United States. Documents leaked by Snowden showed the agency intercepted and modified equipment made by Cisco Systems Inc that was headed overseas.Cisco responded by asking Obama to curtail U.S. surveillance programs, underscoring the vulnerability of multinationals to a whipsaw of competing government interests.

Skeptics said U.S. authorities would not be able to arrest those indicted because Beijing would not hand them over. Still, the move would prevent the individuals from traveling to the United States or other countries that have an extradition agreement with the United States.

In an indictment filed in the Western District of Pennsylvania, prosecutors said the officers hacked into computers starting in 2006, often by infecting machines with tainted "spear phishing" emails to employees that purport to be from colleagues.Prosecutors alleged that one hacker, for example, stole cost and pricing information in 2012 from an Oregon-based solar panel production unit of SolarWorld. The company was losing market share at the time to Chinese competitors who were systematically pricing exports below production costs, according to the indictment.Another officer is accused of stealing technical and design specifications about pipes for nuclear plants from Westinghouse Electric as the company was negotiating with a Chinese company to build four power plants in China, prosecutors said.

“It’s clear the global community of Internet users doesn’t like to be caught up in the American surveillance dragnet,” Senator Ron Wyden said last month. At the same event, Google chairman Eric Schmidt agreed with him. “What occurred was a loss of trust between America and other countries,” he said, according to the Los Angeles Times. “It's making it very difficult for American firms to do business.” But never mind the world. Americans don’t trust American social networks. More than half of the poll’s respondents said that social networks were “not at all secure. Only 40 percent of Americans believe email or texting is at least “somewhat” secure. Indeed, Americans trusted most of all communication technologies where some protections has been enshrined into the law (though the report didn’t ask about snail mail). That is: Talking on the telephone, whether on a landline or cell phone, is the only kind of communication that a majority of adults believe to be “very secure” or “somewhat secure.”

According to the study, 70 percent of Americans are “at least somewhat concerned” with the government secretly obtaining information they post to social networking sites. Eighty percent of respondents agreed that “Americans should be concerned” with government surveillance of telephones and the web. They are also uncomfortable with how private corporations use their data: Ninety-one percent of Americans believe that “consumers have lost control over how personal information is collected and used by companies,” according to the study. Eighty percent of Americans who use social networks “say they are concerned about third parties like advertisers or businesses accessing the data they share on these sites.” And even though they’re squeamish about the government’s use of data, they want it to regulate tech companies and data brokers more strictly: 64 percent wanted the government to do more to regulate private data collection. Since June 2013, American politicians and corporate leaders have fretted over how much the leaks would cost U.S. businesses abroad.

(That may seem a bit incongruous, because making a telephone call is one area where you can be almost sure you are being surveilled: The government has requisitioned mass call records from phone companies since 2001. But Americans appear, when discussing security, to differentiate between the contents of the call and data about it.) Last month, Ramsey Homsany, the general counsel of Dropbox, said that one big thing could take down the California tech scene. “We have built this incredible economic engine in this region of the country,” said Homsany in the Los Angeles Times, “and [mistrust] is the one thing that starts to rot it from the inside out.” According to this poll, the mistrust has already begun corroding—and is already, in fact, well advanced. We’ve always assumed that the great hurt to American business will come globally—that citizens of other nations will stop using tech companies’s services. But the new Pew data shows that Americans suspect American businesses just as much. And while, unlike citizens of other nations, they may not have other places to turn, they may stop putting sensitive or delicate information online.

There have been a number of other highly publicised tax evasion and avoidance cases recently. For instance, many cases in the US involved branches or even key individuals working in branches of well-known Swiss and Israeli banks in the US, including UBS, Credit Swiss or Bank Leumi, or alternatively branches of American banks in Switzerland. But these tended to involve private firms. The Swiss government professed to have had no knowledge of such activities. Indeed, Swiss law prohibited Swiss banks, whether domestic or international, from providing any information on their clients to the Swiss state. This is a scandal with a difference. The leaked PricewaterhouseCoopers books imply there has been systemic collusion between companies from all over the world and the Luxembourg authorities in flagrant contravention of EU rules. The documents suggest that preferential tax treatments were guaranteed to these companies prior to their incorporation in Luxembourg.

This is the first case of suspected collusion between a government and a foreign firm in tax avoidance matters that I am aware of. In that sense, the current scandal places Luxembourg on par with Greece whose officials allegedly provided misleading data on Greek national debt to the Commission. More embarrassingly, all this took place during the time when the current president of the European Commission, Jean-Claude Juncker, served as the prime minister of Luxembourg from 1995-2013. It is difficult to imagine that the prime minister of such a small state was unaware such deals were taking place. There is a difference between the court of law and the court of public opinion. But we know from recent cases that the EU Commission has tended to follow the court of public opinion with criminal investigations of its own, as was the case of Amazon. It is likely that the Commission will now investigate these leaks and may impose fines on Luxembourg. I doubt Juncker can ride this one out.

Regardless of these individual defenses of encryption, the Intercept explained why these statements may be irrelevant: “Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.”

Rogers statements, of course, are not a full-fledged endorsement of privacy, nor can the NSA be expected to make it a priority. Even so, his new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said Thursday. “So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”

General Jay Garner also confirmed the plan to grab the oil. Indeed, Secretary of Defense Donald Rumsfeld fired Garner, when the General, who had lived in Iraq, complained the neo-con grab would set off a civil war. It did. Nevertheless, Rumsfeld replaced Garner with a new American viceroy, Paul Bremer, a partner in Henry Kissinger's firm, to complete the corporate takeover of Iraq's assets – "especially the oil".

But that was not to be. While Bremer oversaw the wall-to-wall transfer of Iraqi industries to foreign corporations, he was stopped cold at the edge of the oil fields. How? I knew there was only one man who could swat away the entire neo-con army: James Baker, former Secretary of State, Bush family consiglieri and most important, counsel to Exxon-Mobil Corporation and the House of Saud.

There was no way in hell that Baker's clients, from Exxon to Abdullah, were going to let a gaggle of neo-con freaks smash up Iraq's oil industry, break OPEC production quotas, flood the market with six million bbd of Iraqi oil and thereby knock the price of oil back down to $13 a barrel where it was in 1998.

Big Oil could not allow Iraq's oil fields to be privatised and taken from state control. That would make it impossible to keep Iraq within OPEC (an avowed goal of the neo-cons) as the state could no longer limit production in accordance with the cartel's quota system. The US oil industry was using its full political mojo to prevent their being handed ownership of Iraq's oil fields. That's right: The oil companies didn't want to own the oil fields – and they sure as hell didn't want the oil. Just the opposite. They wanted to make sure there would be a limit on the amount of oil that would come out of Iraq. Saddam wasn't trying to stop the flow of oil – he was trying to sell more. The price of oil had been boosted 300 percent by sanctions and an embargo cutting Iraq's sales to two million barrels a day from four. With Saddam gone, the only way to keep the damn oil in the ground was to leave it locked up inside the busted state oil company which would remain under OPEC (i.e. Saudi) quotas. The James Baker Institute quickly and secretly started in on drafting the 323-page plan for the State Department. With authority granted from the top (i.e. Dick Cheney), ex-Shell Oil USA CEO Phil Carroll was rushed to Baghdad in May 2003 to take charge of Iraq's oil. He told Bremer, "There will be no privatisation of oil – END OF STATEMENT." Carroll then passed off control of Iraq's oil to Bob McKee of Halliburton, Cheney's old oil-services company, who implemented the Baker "enhance OPEC" option anchored in state ownership.

This week, VICE readers can download, for free, Greg Palast's investigation of the war in Iraq in the BBC film, Bush Family Fortunes, at www.GregPalast.com – as well as the illustrated poster of "The Secret History of War over Oil in Iraq" from Palast's international bestseller, Armed Madhouse, also at www.GregPalast.com

Some oil could be released, mainly to China, through limited, but lucrative, "production sharing agreements". And that's how George Bush won the war in Iraq. The invasion was not about "blood for oil", but something far more sinister: blood for no oil. War to keep supply tight and send prices skyward. Oil men, whether James Baker or George Bush or Dick Cheney, are not in the business of producing oil. They are in the business of producing profits. And they've succeeded. Iraq, capable of producing six to 12 million barrels of oil a day, still exports well under its old OPEC quota of three million barrels. The result: As we mark the tenth anniversary of the invasion this month, we also mark the fifth year of crude at $100 a barrel. As George Bush could proudly say to James Baker: Mission Accomplished!

"Nobody is listening to your telephone calls," Obama assured the nation after two days of reports that many found unsettling. What the government is doing, he said, is digesting phone numbers and the durations of calls, seeking links that might "identify potential leads with respect to folks who might engage in terrorism." If there's a hit, he said, "if the intelligence community then actually wants to listen to a phone call, they've got to go back to a federal judge, just like they would in a criminal investigation."

Obama said U.S. intelligence officials are looking at phone numbers and lengths of calls - not at people's names - and not listening in.

We didn’t expect ExxonMobil to admit that it had been at fault. It is one of the largest companies in the world—indeed, if its revenues are compared to the gross domestic products of nations, it has one of the world’s larger economies, bigger than Austria’s, for example, or Thailand’s8—and it has a reputation for unusual determination in promoting its self-interest.9 One way or another, we expected it to fight back—most likely, we thought, by proxy, through its surrogates in the right-wing press and in Congress.Sure enough, various bloggers have been calling for “the Rockefellers”10 to be prosecuted by the government for “conspiracy” against Exxon under the Racketeer Influenced and Corrupt Organizations (RICO) Act.11 (Such lines of attack are being tested and refined, and we expect they will soon be repeated in journals with broader readership.) And in May, Texas Republican Lamar Smith, the chair of the House Committee on Science, Space, and Technology, sent a letter to the RFF and seven other NGOs (including the RBF, 350.org, Greenpeace, and the Union of Concerned Scientists),12 as well as all seventeen AGs who said they might investigate ExxonMobil. He accused us of engaging in “a coordinated effort to deprive companies, nonprofit organizations, and scientists of their First Amendment rights and ability to fund and conduct scientific research free from intimidation and threats of prosecution,” and demanded that we turn over to him all private correspondence between any of the recipients of his letter relating to any potential climate change investigation. When we all refused, twice, to surrender any such correspondence, Smith subpoenaed Schneiderman, Healey, and all eight NGOs for the same documents.We will answer Smith’s accusations against us presently. In order to explain ourselves, however, we first have to explain what Exxon knew about climate change, and when—and what, despite that knowledge, Exxon did: the morally reprehensible conduct that prompted our actions in the first place.

In reality, numerous telecoms companies were doing much more than that, as disclosed in a secret document prepared in 2009 by a joint working group of GCHQ, MI5 and MI6.Their report contended that allowing intercepts as evidence could damage relationships with "Communications Service Providers" (CSPs).In an extended excerpt of "the classified version" of a review prepared for the Privy Council, a formal body of advisers made up of current and former cabinet ministers, the document sets out the real nature of the relationship between telecoms firms and the UK government."Under RIPA [the Regulation of Investigatory Powers Act 2000], CSPs in the UK may be required to provide, at public expense, an adequate interception capability on their networks," it states. "In practice all significant providers do provide such a capability. But in many cases their assistance – while in conformity with the law – goes well beyond what it requires."

GCHQ's internet surveillance programme is the subject of a challenge in the European court of human rights, mounted by three privacy advocacy groups. The Open Rights Group, English PEN and Big Brother Watch argue the "unchecked surveillance" of Tempora is a challenge to the right to privacy, as set out in the European convention on human rights.That the Tempora programme appears to rely at least in part on voluntary co-operation of telecoms firms could become a major factor in that ongoing case. The revelation could also reignite the long-running debate over allowing intercept evidence in court.GCHQ's submission goes on to set out why its relationships with telecoms companies go further than what can be legally compelled under current law. It says that in the internet era, companies wishing to avoid being legally mandated to assist UK intelligence agencies would often be able to do so "at little cost or risk to their operations" by moving "some or all" of their communications services overseas.

As a result, "it has been necessary to enter into agreements with both UK-based and offshore providers for them to afford the UK agencies access, with appropriate legal authorisation, to the communications they carry outside the UK".The submission to ministers does not set out which overseas firms have entered into voluntary relationships with the UK, or even in which countries they operate, though documents detailing the Tempora programme made it clear the UK's interception capabilities relied on taps located both on UK soil and overseas.There is no indication as to whether the governments of the countries in which deals with companies have been struck would be aware of the GCHQ cable taps.

Evidence that telecoms firms and GCHQ are engaging in mass interception overseas could stoke an ongoing diplomatic row over surveillance ignited this week after the German chancellor, Angela Merkel, accused the NSA of monitoring her phone calls, and the subsequent revelation that the agency monitored communications of at least 35 other world leaders.On Friday, Merkel and the French president, François Hollande, agreed to spearhead efforts to make the NSA sign a new code of conduct on how it carried out intelligence operations within the European Union, after EU leaders warned that the international fight against terrorism was being jeopardised by the perception that mass US surveillance was out of control.Fear of diplomatic repercussions were one of the prime reasons given for GCHQ's insistence that its relationships with telecoms firms must be kept private .

Telecoms companies "feared damage to their brands internationally, if the extent of their co-operation with HMG [Her Majesty's government] became apparent", the GCHQ document warned. It added that if intercepts became admissible as evidence in UK courts "many CSPs asserted that they would withdraw their voluntary support".The report stressed that while companies are going beyond what they are required to do under UK law, they are not being asked to violate it.Shami Chakrabarti, Director of Liberty and Anthony Romero Executive Director of the American Civil Liberties Union issued a joint statement stating:"The Guardian's publication of information from Edward Snowden has uncovered a breach of trust by the US and UK Governments on the grandest scale. The newspaper's principled and selective revelations demonstrate our rulers' contempt for personal rights, freedoms and the rule of law.

"Across the globe, these disclosures continue to raise fundamental questions about the lack of effective legal protection against the interception of all our communications."Yet in Britain, that conversation is in danger of being lost beneath self-serving spin and scaremongering, with journalists who dare to question the secret state accused of aiding the enemy."A balance must of course be struck between security and transparency, but that cannot be achieved whilst the intelligence services and their political masters seek to avoid any scrutiny of, or debate about, their actions."The Guardian's decision to expose the extent to which our privacy is being violated should be applauded and not condemned."

The foreign exchange investigation, which centers on accusations that traders colluded to fix the price of major currencies, will test the Justice Department’s strategy for securing guilty pleas on Wall Street.

In the case of UBS, the bank will lose its nonprosecution agreement over interest rate manipulation, the people briefed on the matter said, a consequence of its misconduct in the foreign exchange case. It is unclear why that penalty will fall on UBS, but not on other banks suspected of manipulating both interest rates and currency prices.

the bank is expected to avoid pleading guilty in the foreign exchange case, the people said, though it will probably pay a fine. While UBS was unlikely to plead guilty to antitrust violations because it was the first to cooperate in the foreign exchange investigation, the bank was facing the possibility of pleading guilty to fraud charges related to the currency manipulation. The exact punishment is not yet final, the people added.The Justice Department negotiations coincide with the banks’ separate efforts to persuade the S.E.C. to issue waivers from automatic bans that occur when a company pleads guilty. If the waivers are not granted, a decision that the Justice Department does not control, the banks could face significant consequences.For example, some banks may be seeking waivers to a ban on overseeing mutual funds, one of the people said. They are also requesting waivers to ensure they do not lose their special status as “well-known seasoned issuers,” which allows them to fast-track securities offerings. For some of the banks, there is also a concern that they will lose their “safe harbor” status for making forward-looking statements in securities documents.

In turn, the S.E.C. asked the Justice Department to hold off on announcing the currency cases until the banks’ requests had been reviewed, one of the people said. As of Wednesday, it seemed probable that a majority of the S.E.C.’s commissioners would approve most of the waivers, which can be granted for a cause like the public good. Still, the agency’s two Democratic commissioners — Kara M. Stein and Luis A. Aguilar, who have denounced the S.E.C.’s use of waivers — might be more likely to balk.

Corporate prosecutions are a delicate matter, peppered with political and legal land mines. Senator Elizabeth Warren, Democrat of Massachusetts, and other liberal politicians have criticized prosecutors for treating Wall Street with kid gloves. Banks and their lawyers, however, complain about huge penalties and guilty pleas. Continue reading the main story Recent Comments AvangionQ 14 hours ago These are the sorts of crimes that take down nations, jail sentences should be mandatory. Lance Haley 14 hours ago I find this whole legal exercise not only irrational, but insulting. I am a criminal defense attorney. Punishing the shareholders and the... loomypop 14 hours ago There is much more than Irony in the reality of how America treats criminal action and punishment when the entire determination and outcome... See All Comments And lingering in the background is the case of Arthur Andersen, an accounting giant that imploded after being convicted in 2002 of criminal charges related to its work for Enron. After the firm’s collapse, and the later reversal of its conviction, prosecutors began to shift from indictments and guilty pleas to deferred-prosecution agreements. And in 2008, the Justice Department updated guidelines for prosecuting corporations, which have long included a requirement that prosecutors weigh collateral consequences like harm to shareholders and innocent employees.

“The collateral consequences consideration is designed to address the risk that a particular criminal charge might inflict disproportionate harm to shareholders, pension holders and employees who are not even alleged to be culpable or to have profited potentially from wrongdoing,” said Mark Filip, the Justice Department official who wrote the 2008 memo. “Arthur Andersen was ultimately never convicted of anything, but the mere act of indicting it destroyed one of the cornerstones of the Midwest’s economy.”

“Prisoner telephone rates in New Jersey are some of the highest in the country,” Caley said. “Global Tel Link charges prisoners and their families $4.95 for a 15-minute phone call, which is about two and a half times the national average for local inmate calling services.”

Prison phone services are a $1.2-billion-a-year industry. Prisoners outside New Jersey are charged by Global Tel Link, which makes about $500 million a year, as much as $17 for a 15-minute phone call. A call of that duration outside a prison would cost about $2. If a customer deposits $25 into a Global Tel Link phone account, he or she must pay an additional service charge of $6.95. And Global Tel Link is only one of several large corporations that exploit prisoners and their families. JPay is a corporation that deals in privatized money transfers to prisoners. It controls money transfers for about 70 percent of the prison population. The company charges families that put money into prisoners’ accounts additional service fees of as much as 45 percent. JPay generates more than $50 million a year in revenue. The Keefer Group, which controls prison commissaries in more than 800 public and private prisons, and which often charges prisoners double what items cost outside prison walls, makes $41 million a year in profit.

Prisons, to swell corporate profits, force prisoners to pay for basic items including shoes. Prisoners in New Jersey pay $45 for a pair of basic Reebok shoes—almost twice the average monthly wage. If a prisoner needs an insulated undergarment or an extra blanket to ward off the cold at night he must buy it. Packages from home, once permitted, have been banned to force prisoners to buy grossly overpriced items at the commissary or company-run store. Some states have begun to charge prisoners rent. This gouging is burying many prisoners and their families in crippling debt, debt that prisoners carry when they are released from prison. The United States has 2.3 million people in prison, 25 percent of the world’s prison population, although we are only 5 percent of the world’s population. We have increased our prison population by about 700 percent since 1970. Corporations control about 18 percent of federal prisoners and 6.7 percent of all state prisoners. And corporate prisons account for nearly all newly built prisons. Nearly half of all immigrants detained by the federal government are shipped to corporate-run prisons. And slavery is legal in prisons under the 13th Amendment of the U.S. Constitution. It reads: “Neither slavery nor involuntary servitude, except as punishment for crime whereof the party shall have been duly convicted, shall exist within the United States.”

Vast sums are at stake. The for-profit prison industry is worth $70 billion. Corrections Corporation of America (CCA), the largest owner of for-profit prisons and immigration detention facilities in the country, had revenues of $1.7 billion in 2013 and profits of $300 million. CCA holds an average of 81,384 inmates in its facilities on any one day. Aramark Holdings Corp., a Philadelphia-based company that contracts through Aramark Correctional Services to provide food to 600 correctional institutions across the United States, was acquired in 2007 for $8.3 billion by investors that included Goldman Sachs. And, as in the wider society, while members of a tiny, oligarchic corporate elite each are paid tens or even hundreds of millions of dollars annually, the workers who generate these profits live in misery.  “It is an abomination that prisoners are paid 22 cents an hour, $1.20 cents a day,” Larry Hamm told the Newark meeting. “Every prisoner should get the minimum wage of New Jersey, $8.38 per hour.”

“I’ve never seen that fast a move in emerging markets,” Chambers said. His industry peers were seeing the same thing. “Most of my CEO counterparts can almost finish my sentences in terms of what’s occurring,” he said. He even mentioned IBM. It’s “an industry phenomenon.” The collapse in the emerging markets – “We believe that more than half the world’s GDP occurs there,” he said – was “very consistent across the board.” And that consistency is what he was fretting about. “We usually, unfortunately, see things a couple of quarters ahead of our peers. This time we were a little bit surprised.” In the top five emerging markets, the “softening” started in Q4, “when we said they went from 13% growth the quarter before to flat in Q4. The other 15 countries continued to grow in the low teens. This time, all of them came down, and so out of our top 10, it was pretty brutal on that.” The NSA’s reckless all-encompassing spying, and its hand-in-glove multi-billion-dollar collusion with US tech companies to accomplish it, is now wreaking havoc on these same tech companies. Revenues are getting crushed overseas. Emerging market governments and companies are looking at other options. Trust that has taken decades to build has evaporated. A study in early August estimated that the spying scandal would cost US tech companies $35 billion. Which might not even be enough for a down-payment: alone that 11% drop in Cisco’s stock today cost shareholders $16 billion. 

It’s not a temporary issue. New revelations bubble to the surface all the time to complete the picture of a seamless, borderless, nearly perfect surveillance society. One dimension: the NSA and British GCHQ secretly break into the “clouds” of US companies to syphon off user data on a large scale. Illegal in the US. But the cloud is worldwide. Read..... NSA Secretly Breaks Into The Cloud Of US Tech Companies, Siphons Off Data, Fouls Up Revenues Overseas And here is my whole series on the spreading NSA spying scandal and its implications.

“Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming. “Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”

The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensure that the NSA isn’t blindsided by innovations that could evade its surveillance reach. The center’s logo is a picture of the Earth overshadowed by a large telescope; its motto is “Predict – Plan – Prevent.”

The NSA documents reveal that, as of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide—701 of an estimated 985—and was maintaining a list of 1,201 email “selectors” used to intercept internal company details from employees. (“Selector” is an agency term for a unique identifier like an email address or phone number.) From November 2011 to April 2012, between 363 and 1,354 selectors were “tasked” by the NSA for surveillance each month as part of AURORAGOLD, according to the documents. The secret operation appears to have been active since at least 2010.

By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices. The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.

The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.” Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.” The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.” The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.

One of the prime targets monitored under the AURORAGOLD program is the London-headquartered trade group, the GSM Association, or the GSMA, which represents the interests of more than 800 major cellphone, software, and internet companies from 220 countries. The GSMA’s members include U.S.-based companies such as Verizon, AT&T, Sprint, Microsoft, Facebook, Intel, Cisco, and Oracle, as well as large international firms including Sony, Nokia, Samsung, Ericsson, and Vodafone. The trade organization brings together its members for regular meetings at which new technologies and policies are discussed among various “working groups.” The Snowden files reveal that the NSA specifically targeted the GSMA’s working groups for surveillance.

Last year, the Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3. The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption. In 2009, the British surveillance agency Government Communications Headquarters conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a “crypt attack” to penetrate the A5/3 algorithm, secret memos reveal. By 2011, GCHQ was collaborating with the NSA on another operation, called WOLFRAMITE, to attack A5/3 encryption. (GCHQ declined to comment for this story, other than to say that it operates within legal parameters.)

The extensive attempts to attack cellphone encryption have been replicated across the Five Eyes surveillance alliance. Australia’s top spy agency, for instance, infiltrated an Indonesian cellphone company and stole nearly 1.8 million encryption keys used to protect communications, the New York Times reported in February.

The NSA’s documents show that it focuses on collecting details about virtually all technical standards used by cellphone operators, and the agency’s efforts to stay ahead of the technology curve occasionally yield significant results. In early 2010, for instance, its operatives had already found ways to penetrate a variant of the newest “fourth generation” smartphone-era technology for surveillance, years before it became widely adopted by millions of people in dozens of countries. The NSA says that its efforts are targeted at terrorists, weapons proliferators, and other foreign targets, not “ordinary people.” But the methods used by the agency and its partners to gain access to cellphone communications risk significant blowback. According to Mikko Hypponen, a security expert at Finland-based F-Secure, criminal hackers and foreign government adversaries could be among the inadvertent beneficiaries of any security vulnerabilities or encryption weaknesses inserted by the NSA into communication systems using data collected by the AURORAGOLD project.

Vines, the NSA spokeswoman, told The Intercept that the agency was committed to ensuring an “open, interoperable, and secure global internet.” “NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign-intelligence mission,” Vines said.

Documents published with this article: AURORAGOLD – Project Overview AURORAGOLD Working Group IR.21 – A Technology Warning Mechanism AURORAGOLD – Target Technology Trends Center support to WPMO NSA First-Ever Collect of High-Interest 4G Cellular Signal AURORAGOLD Working Aid WOLFRAMITE Encryption Attack OPULENT PUP Encryption Attack NSA/GCHQ/CSEC Network Tradecraft Advancement Team