July 20, 2014

New phones aboard Air Force One

(Updated: July 24, 2014)

The location that best represents Top Level Telecommunications in every sense of the word is probably Air Force One, the aircraft that carries the president of the United States.

As unbelievable as it sounds, the telephone sets used aboard this plane dated back to the 1980s and so they were finally replaced by new ones in August 2012. Here we will take a look at this new telephone equipment, which is now used by president Obama when he travels by air.

The new phones

In a range of pictures showing president Barack Obama using a telephone aboard Air Force One, we can see that the new phones consist of a handset in a customized cradle. In the conference room they have a rubber foot so they can be placed on the table without sliding away:

President Obama using one of the new phones aboard Air Force One
(Photo: AP - October 24, 2012)

The phone sets to be used by the president in his office room and the conference room have a brown/goldish color that matches the wood and the leather chairs. All other handsets that have been installed throughout the plane are in standard gray:

President Obama talks with Chief of Staff Jack Lew, former President Bill Clinton,
Justin Cooper, David Axelrod, and Senior Advisor David Plouffe. November 4, 2012.
In the back we see two new phones in gray on a wall mounted cradle.
(White House Photo by Pete Souza - Click to enlarge)

President Obama and Press Secretary Jay Carney disembark from Air Force One.
Left of the door we see a wall mounted version of new phone in gray.
(White House Photo by Pete Souza - June 17, 2014)

The Airborne Executive Phone

These new phones aboard Air Force One can be recognized as the Airborne Executive Phone (AEP) made by L-3 Communications. This is a military contractor that, among many other things, also manufactures the STE, the secure desktop telephone that is most widely used by US military and government.

The Airborne Executive Phone is able to make both secure and non-secure calls from a single handset. It also provides Multiple Independent Levels of Security (MILS) for digital voice and internet data access. This should provide end users with the experience of "reliable connectivity, interoperability and security they would have in an executive office environment".

Global Secure Information Management Systems

The Airborne Executive Phone is part of L-3 Communication's Global Secure Information Management Systems (GSIMS). This is an IP-based system for secure airborne communications and has a modular, scalable, and redundant design.

GSIMS integrates existing analog and digital radio and interphone systems with its own IP-based architecture, this in order to provide reliable connectivity, secure video conferencing and controlled wireless connections. The system is effectively controlled from an operator workstation.

L-3 Communications advertises (pdf) the GSIMS system as the most advanced secure communication system for VIP and Head of States aircraft:

More details about the Global Secure Information Management Systems (GSIMS) can be found in the fact sheet (pdf).

Development and installation

The installation of new phones aboard Air Force One was part of a larger, 81 million dollar contract that was awarded to L-3 Communications in 2009. This contract included the installation of Airborne Information Management Systems (AIMS) hardware and software. It modernized the on-board communication systems and replaced outdated analog systems, providing fixed bandwidth switching and integrated secure/non-secure video teleconferencing. Also included was the installation of seamless passenger information interfaces throughout the VC-25 aircraft that serve as Air Force One.

It seems that the Airborne Executive Phone (AEP) was originally developed by Telecore Inc., as can be read in the resume of someone who made a video presentation of this device (he did the same for the Senior Leadership Airborne Information Management System of L-3 Communications). Telecore is the company that manufactures the IST-2 telephone for the Defense Red Switch Network (DRSN), which is also a single device that can be used for both secure and non-secure calls. Probably Telecore sold the AEP to L-3 Communications.

Secure and non-secure calls

As we can see in the L-3 Communications advertisement, secure calls are indicated by a red background in the display and non-secure calls by a green one. This corresponds with two lights on the back of the handset: a green light which is on when the call is non-secure, and a red light that will indicate when it's a secure call over a highly encrypted line.

President Obama talks with NASA's Curiosity Mars rover team aboard Air Force One,
August 13, 2012. We see the green light on, as this is an unencrypted call.
(White House Photo by Pete Souza - Click to see the full version)

President Barack Obama talks on the phone aboard Air Force One, April 10, 2014.
Here we see the red light on, and interestingly, the White House didn't
release to whom Obama was talking on this occasion.
(White House Photo by Pete Souza - Click to see the full version)

Air Force Two

The new Airborne Executive Phones are also installed in the smaller Boeing C-32, a modified Boeing 757, which gets the air traffic call sign Air Force Two when it is carrying the vice-president of the United States. Sometimes this plane is also used by the president, and then serves as Air Force One, like for example for a trip on July 17, 2014 to the Port of Wilmington in Delaware:

President Obama talks on the phone with president Petro Poroshenko of Ukraine
about the Malaysia Airlines plane crash in eastern Ukraine, July 17, 2014.
Here we see the new phone in gray, and as Obama's finger is covering
the red light, and the green light is off, it seems a secure call.
(White House Photo by Pete Souza - Click to enlarge)

The old phones aboard Air Force One

Initially, Air Force One had sets of two telephone handsets installed all over the plane. These consisted of a cradle and an old-fashioned, so-called G-style handset, one in white and one in beige. The white handset was for non-secure calls and the beige one for phonecalls over a secure line. These phones were introduced on the previous plane that served as Air Force One, during the presidency of Ronald Reagan(!).

President Obama takes questions from seven reporters from the black press aboard
Air Force One on their way to the NAACP convention in New York. July 2009.
In this picture we see the phones that were previously used.
(White House Photo)

After the new Executive Voice over Secure IP (VoSIP) telephone network was installed in 2007-2008, which connects the White House with some of the most senior policy makers, the Cisco 7975G Unified IP Phone used for this network was also placed in Air Force One, where the big device was somewhat out of place:

Close-up of the white and the beige handsets and the Cisco 7975 IP phone
in the conference room of Air Force One, March 2009.
(Photo: Stephen Crowley/The New York Times)

Now, all these three different phones have been replaced by a single Airborne Executive Phone, which connects to both ordinary and highly secure telephone networks.

- Gizmodo: The Phones on Air Force One Look Like Iron Man Accessories
- Tinker AFB: Maintenance in chief: Looking after Air Force One
- History of the Presidential Telephones of the United States

- More comments in the Hacker News thread

July 12, 2014

Document shows that it was not NSA, but FBI that monitored 5 Americans

Three days ago, on July 9, 2014, Glenn Greenwald published an article which he earlier announced as being the grand finale of the Snowden-revelations. It would demonstrate that NSA is also spying on ordinary American citizens, something that would clearly be illegal.

The report is titled "Meet the Muslim-American Leaders the FBI and NSA Have Been Spying On" and it tells the story of Faisal Gill, Asim Ghafoor, Hooshang Amirahmadi, Agha Saeed and Nihad Awad whose e-mail addresses were found in an NSA file from the Snowden-trove. Although the article confusingly mentions both FBI and NSA, many people and media got the impression that this was the long-awaited major NSA abuse scandal.

But as we will show here, the document that was published contains no evidence of any involvement of the NSA in this particular case. Everything indicates that it was actually an FBI operation, so it seems not justified to have NSA mentioned in the article.

The FISA spreadsheet

Greenwald's report is all about a spreadsheet titled "FISA recap" - which refers to the Foreign Intelligence Surveillance Act (FISA) from 1978. This law allows electronic surveillance of Americans who are suspected of espionage or terrorism.

The spreadsheet contains 7485 e-mail addresses that were apparently monitored under FISA authority between 2002 and 2008. Unfortunately the article doesn't say whether the addresses are all from American e-mail providers or that some of them are foreign.

We do know that 202 (or 3%) of these e-mail addresses belong to a "US person", 1782 (or 24%) to a "Non-US person" and of 5501 (or 73%) addresses the nationality of the user is unknown:

Part of a spreadsheat titled "FISA recap" showing e-mail addresses monitored
between 2002 and 2008. The table seems to be ordered by expiration date
(click to enlarge)

In this sample, there are 8 e-mail addresses where the nationality is marked as "US Person" and except for one, these are all under responsibility of FBI. Of the 12 marked "Non-US Person", 4 are under responsibility of the CIA, 7 under the NSA and 1 has no responsible agency.

FBI Case Notations

Each entry in the list has a unique Case Notation starting with XX.SQF followed by six numbers. Greenwald states that such a case notation starting with XX.SQF is "assigned to all “FISA accounts” as a unique identifier" and points to a slide titled "FISA dataflow" as evidence for that:

Slide showing "FISA dataflow". It's unclear why the Case Notation format
has been partially redacted, and PALMCARTE is also not explained.
NAC presumably stands for NSA's Network Analysis Center.
(date unknown)

But in a little known NSA document (pdf) from 2006, which was published on March 11, 2014 by The New York Times, we see that XX.SQF is actually the prefix for FBI FISA data. It also says that US-984J is a SIGINT Activity Designator (SIGAD) which denotes FBI collection.

Data collected by NSA under FISA authority is identified by the SIGAD US-984*, in which the asterisk is a placeholder for additional suffixes (other than a J), like for example in US-984XN, which is the SIGAD for NSA's famous PRISM program.

So, the prefix XX.SQF isn't used for "all FISA accounts" as Greenwald wants us to believe, but just for those from the FBI. The 2006 document doesn't say what prefix is used for NSA data, but from the PRISM-presentation we know that communications collected by NSA through PRISM are identified by the trigraph SQC.

Analogue to the way the PRISM case notations are composed, a case notation from the spreadsheet, like for example XX.SQF055191 for the e-mail address of Asim Ghafoor breaks down into the following parts:
XX - This may stand for Internet Service Providers
. (dot) - Indicating multiple types of content
SQF - Fixed trigraph denoting FBI FISA collection
05 - Year the Case Notation was established: 2005
5191 - Serial number of the targeted address

The FBI as Responsible Agency

A second role of the FBI becomes clear when we look at the spreadsheet column for the "Responsible Agency". According to Greenwald's article, this column shows the federal agency that requested the monitoring of a particular e-mail address. In the sample shown above we see that this can either be FBI, NSA or CIA.

Most striking is that for the e-mail addresses of all five Muslim-American leaders, the FBI is the responsible agency that requested their surveillance. This was also recognized in Greenwald's story, and it's of course exactly how it should be, as it's officially up to the FBI to investigate American citizens and residents:

Excerpts of the FISA spreadsheet showing the entries for five Muslim-American leaders
The asterisk behind some of the mail addreses seems to
indicate that collection has been terminated
(compilation by IC Off the record - click to enlarge)

As we can see, these entries for the five Americans contain nothing that points to any kind of involvement of the NSA. Instead, both the case notation and the responsible agency indicate that it were FBI operations.

Greenwald and his co-author Murtaza Hussain were asked on Twitter whether there might be some additional evidence for the involvement of the NSA, but they haven't responded to this question.

The only relationship this list has to the NSA, is that it was among the Snowden-documents, but that can also be easily explained by the fact that for many other entries the NSA is the responsible agency. The list was most likely sent to all three agencies as a recap of which addresses were monitored on their behalf.

Given these considerations, it seems that the spreadsheet actually shows a large number of e-mail addresses that have been monitored by the FBI, and therefore their case notation starts with XX.SQF. This monitoring apparently took place partly for the FBI's own investigations and partly on behalf of NSA and CIA, to whom the FBI would have passed the communications from the e-mail addresses they requested.

According to a Foreign Policy article, the NSA is the most frequent requester of data from the FBI's interception unit DITU, for which there's a direct fiber-optic cable between Quantico and the NSA headquarters at Fort Meade.

Someone's suggestion that the case notation reflects the agency that requested the surveillance seems not plausible, because in that case there would have been a different prefix for FBI, NSA and CIA, but here the communications they requested all have the same XX.SQF-prefix.

How the FBI intercepts messages

All the cases on the list started before the FISA Amendments Act of 2008 was enacted, so it was done under the authority of the original Foreign Intelligence Surveillance Act (FISA) of 1978, which requires an individual order of the FISA Court (FISC) for every American that is considered a target. According to a top FBI lawyer, the application for every single US person consists of a 35 to 150 page packet that has to demonstrate the necessary probable cause.

After the FISC granted a warrant, the FBI probably went to the target's Internet Service Provider (ISP) in order to collect his communications. Each ISP is legally obliged to have Lawful Intercept (LI) equipment installed on their networks, in order to "perform electronic surveillance on an individual target as authorized by a judicial or administrative order", in this case the FISA Court warrant.

The equipment filters internet data packets based upon identifiers like e-mail and IP addresses, which means all kinds of communications that contain a particular e-mail address will be pulled out and forwarded to the FBI's Data Intercept Technology Unit (DITU). This method would also explain why in all case notations from the spreadsheet we see a dot, indicating that the collection resulted in multiple types of content.

Some people suggested that the government went to Yahoo and Google to get the messages from the Gmail.com and Yahoo.com e-mail domains (and retorically asked whether these companies did fight the order), but that is unlikely. For the assistance of these kind of web service providers, NSA set up the PRISM program, wich started in the fall of 2007, so only shortly before the surveillance cases mentioned in the spreadsheet expired. Yahoo joined PRISM in March 2008 and Google in January 2009.

The NSA has similar filtering equipment installed at switches of major internet backbone cables (for the so-called Upstream collection), but these are specifically used for foreign or international communications. One would expect that data collected this way, has a case notation with an NSA trigraph, but Washington Post journalist Barton Gellman writes that Upstream collection from network switches also has case notations that begin with XX.SQF, because this kind of collection is "managed by the bureau and shared with NSA". This seems to be a mistake because it is generally considered proven that Upstream interception is done by the NSA (for example: the Upstream slides don't mention the FBI, and a PRISM slide says NSA has a direct relationship with Upstream-providers).

There's a lot we don't know

In trying to clarify what the spreadsheet tells us, I assumed for the sake of readability that the FBI actually intercepted, processed and stored messages from these five Muslim-American leaders. But in his article, Glenn Greenwald suggests that even that is not known for sure:

"Given that the government’s justifications for subjecting [these five] U.S. citizens to surveillance remain classified, it is impossible to know why their emails were monitored, or the extent of the surveillance. It is also unclear under what legal authority it was conducted, whether the men were formally targeted under FISA warrants, and what, if anything, authorities found that permitted them to continue spying on the men for prolonged periods of time."

What he says is that we actually know hardly anything, except for the fact that the e-mail addresses of the men were found on the "FISA recap" list. Although the Muslim-leaders seem innocent of spying or acts related to terrorism, there's still the possibility that the FBI had good reasons to monitor them, but we just have no information about that.

In an ABC News report, anonymous former and current US government officials said that the five men could be guilty or innocent or even cooperating with the government (for example by having agreed with monitoring their communications in order to collect evidence against suspects).

According to these officials, Snowden or Greenwald may well have misunderstood the spreadsheet and made wrong interpretations. ABC further noticed that the document was also curiously absent of the regular classification markings, but that is probably because the list isn't in a .doc or a .pdf document, but in its original .xls spreadsheet file format.


Just like many other documents from the Snowden-leaks that were misrepresented, the original file disclosed in this latest Greenwald piece contains no evidence that NSA had anything to do with the monitoring of the five Muslim-American leaders. In fact, everything points to the FBI, but apart from that we know too little about these cases to say whether the Bureau acted illegally or out of paranoia. However that may be, we can't blame that on the NSA.

Links and Sources
- TheWeek.com: What you need to know about the latest NSA revelations
- Salon.com: First Amendment’s racial tumult: Why Greenwald’s latest revelation matters
- ABCNews.com: Feds Spied on Prominent Muslim-Americans, Report Claims
- ForeignPolicy.com: Meet the Spies Doing the NSA's Dirty Work

July 8, 2014

NSA still uses the UMBRA compartment for highly sensitive intercepts

(Updated: July 17, 2014)

Three days ago, on July 5, 2014, The Washington Post published some of the most important stories from the Snowden-leaks so far. It revealed that Snowden did had access to the content of data collected under FISA and FAA authority - a fact that had been kept secret until now. I'll come back on that main story later.

Here we will take a look at a remarkable detail from two slides that were also disclosed in the Post's article. The classification marking of these slides contains the codeword UMBRA, which was generally considered to be abolished in 1999, but now seems to be still in use. After going through several options, my conclusion is that UMBRA is most likely the codename of a so-called unpublished SCI control system.

"Target Package" prepared by the National Security Agency
prior to the capture of Abu Hamza in January 2011
(click to enlarge)

These slides are from a 2011 powerpoint presentation which details the plan to capture al-Qaeda facilitator Muhammad Tahir Shahzad and which pinpoints his location and his activities based upon intercepts from his various e-mail accounts. He was captured in Abbottabad the day after this presentation was finalized.

In the 2012 NRO Review and Redaction Guide (pdf) the existance of the UMBRA codeword is approved for public release, just like its paragraph portion marking TSC (for Top Secret Codeword). But as this manual also lists many revoked codewords, it is not conclusive about wether UMBRA is still used. One thing that is interesting though, is that the TSC portion marking would fit some of the redacted spaces in the newly disclosed slide:

Some possible options for the portion markings

Top Secret Codeword

UMBRA was one of three codewords that were used to protect sensitive intercepts of Communication Intelligence (COMINT). These codewords represented three levels of sensitivity:
- UMBRA for the most sensitive material (Category III)
- SPOKE for less sensitive material (Category II)
- MORAY for the least sensitive material (Category I)

These kind of codewords were used since the end of the 1950s World War II and together they were commonly called "Top Secret Codeword" (TSC), which was often seen as a level "above Top Secret", although it was actually more like a "vertical" division of the Top Secret-level. The codewords UMBRA, SPOKE and MORAY can be seen on many highly secret documents, a number of which have been declassified, like for example this statement from 1980 for a court case about NSA's information about UFOs:

(click for the full document as pdf-file)

According to instructions like these, the use of the codewords UMBRA, SPOKE and MORAY was terminated as of May 1999. From then on, the kind of information they were used for, had now to be protected by the general COMINT control system, or by specific compartments thereof for more sensitive information.
Since World War II, the NSA and her predecessors used codewords for protecting highly sensitive COMINT information and they were generally replaced by a new one every one or more years. The Top Secret codeword TRINE was compromised when the North Koreans captured the NSA spy ship USS Pueblo in 1968. TRINE was then replaced by UMBRA.


Very interesting is that not only UMBRA, but also the codeword SPOKE seems to be still in use. One document from the Snowden-leaks, which was published by Der Spiegel on December 20, 2013, is marked SECRET STRAP1 SPOKE. STRAP is the codeword that GCHQ uses to protect sensitive information, with STRAP1 denoting the least sensitive category:

Given the rather old-fashioned logo-type of the letters SD, it's not quite clear whether the document, or at least the header might predate 1999, although the content is clearly from more recent years. Der Spiegel said that it's an "analysis of the communication paths between Belgium and Africa prepared in January 2009".

Possible options

NSA using codewords that were generally considered abolished, reminds of a similar case in which the NOCON marking appeared in a document from the Snowden-trove. The general use of that marking was terminated in 1995, but NSA kept using it as an internal marking. As such it isn't listed in the official Classification Manuals, which are declassified regularly.

Now it seems that the same could have happened to the codewords UMBRA, SPOKE and maybe also to MORAY, but there's a difference: NOCON is a dissemination marking, a category which is less strictly controlled than a compartment, like UMBRA.

As the classification line of the newly disclosed slides seems not fully correct (there has to be a single, instead of a double slash between ORCON and REL USA, FVEY), which makes that there are a few options for what UMBRA could actually represent.

One option is that the double slash between COMINT and UMBRA is correct. In that case UMBRA wouldn't be a Sensitive Compartmented Information (SCI) label for intelligence information - which it actually looks like most - but a codeword from another category, like for example a Special Access Program (SAP) or Foreign Government Information (FGI) (Marc Ambinder favors this option).

Another option is that there should have been just a single slash between both terms. That would mean UMBRA is a normal SCI control system, in this case one that is apparently kept secret, as it was never mentioned anywhere since 1999.

The latter option seems very well possible, because the most recent Intelligence Community Classification Manual (pdf) acknowledges the existance of "registered but unpublished SCI control systems" which "must remain unpublished due to sensitivity and restrictive access controls".

It seems less likely that UMBRA is the undisclosed compartment of the COMINT (SI) control system, which is listed in the most recent Intelligence Community Classification Manuals, because in that case the marking would have read TOP SECRET//COMINT-UMBRA//etc.


Given this sensitivity, one wonders why in the orange classification bars of the slides UMBRA hasn't been blacked out. The overall classification line in the first slide and also most of the portion markings were fully redacted, although the latter can hardly contain something that is more sensitive than the UMBRA abbreviation.

Another question is whether Edward Snowden had authorized access to the UMBRA compartment, or that he was able to just grab these slides otherwise. The Washington Post suggests that he did had access to the Exceptionally Controlled Information (ECI) compartment RAGTIME, which is similar to UMBRA, but for content collected under FISA authority (UMBRA is probably for content collected under EO 12333).


For those who are somehow familiar with the US classification system, it must be quite surprising to see a codeword that has been considered dead for 15 years popping up from the Snowden-leaks. The most likely explanation is that after UMBRA (and SPOKE too) was publicly abolished in 1999, NSA kept using it in secret as a compartment for very sensitive communication intercepts, but now as an unpublished SCI control system - letting outsiders think that UMBRA was something from the past!

Links and Sources
- Lux ex Umbra: UMBRA history
- TheWeek.com: The return of an intelligence code word with a storied history
- A work of art from the series "Secret Codewords of the NSA": UMBRA
- William M. Arkin, Code Names, Deciphering U.S. Military Plans, Programs, and Operations in the 9/11 World, Steerforth Press, 2005.

July 3, 2014

The National Security Agency in 2002

During the past year, a number of slides from a 2002 NSA presentation titled "National Security Agency: Overview Briefing" were disclosed as part of the Snowden-leaks.

This presentation as a whole would have been a great comprehensive overview of the structure and the mission of NSA at the start of this millennium, but until now only six slides were made public, widely scattered over a period of almost a year and media from 3 continents, almost as to prevent people getting to see the whole picture.

All slides from this presentation can be recognized by their rather overloaded blue background, combining the seals of NSA and CSS, a globe, numerous ones and zeros representing digital communications, and a fancy photoshopped lens flare. In a number of slides, the font type of the classification marking looks different, which could indicate that the presentation was altered and/or re-used several times.

This slide was published by Brasilian media in July 2013. A somewhat distorted version (pdf) was published by Der Spiegel on June 18, 2014. It shows a world map with all the locations where there's a satellite intercept station, which is used for the collection of foreign satellite (FORNSAT) communications.

Nine stations are operated by NSA, including two as part of an SCS unit (see below), and seven stations operated by 2nd Party partners, in this case Great Britain, Australia and New Zealand:
US Sites:
- TIMBERLINE, Sugar Grove (US)
- CORALINE, Sabena Seca (Puerto Rico)
- SCS, Brasilia (Brazil)
- MOONPENNY, Harrogate (Great Britain)
- GARLICK, Bad Aibling (Germany)
- LADYLOVE, Misawa (Japan)
- LEMONWOOD, Thailand
- SCS, New Delhi (India)
  2nd Party Sites:
- CARBOY, Bude (Great Britain)
- SOUNDER, Ayios Nikolaos (Cyprus)
- SNICK, Oman
- SCAPEL, Nairobi (Kenya)
- STELLAR, Geraldton (Australia)
- SHOAL BAY, Darwin (Australia)
- IRONSAND, ? (New Zealand)

All these satellite intercept stations were interconnected, and it was this network that became publicly known as ECHELON. Revelations about this eavesdropping system in the late 1990s led to public and political outrage and subsequent investigations very similar to what happened since the start of the Snowden-leaks.

Until the new millennium, international communications travelled via satellite links, which made ECHELON one of NSA's most important collection systems. But since then, international traffic has shifted almost entirely to fiber-optic cables, making this the agency's current number one source.

We have no slide about NSA's cable tapping capabilities in 2002, but from other sources we know that there were at least three programs operational outside the US:
- RAMPART-M for access to undersea cables
- RAMPART-T for land-based cables, in cooperation with CIA
- RAMPART-A for cable access in cooperation with 3rd Party partner agencies

This slide was published by the Italian paper L'Espresso on December 6, 2013. It once again shows a world map, this time with the names of over 80 cities where there's a joint NSA-CIA Special Collection Service (SCS) unit. These units operate covertly from inside a US embassy or consulate to get access to targets that are difficult to reach otherwise. The names of cities in countries that are hostile to the US are redacted by the paper.

There are also four "Survey Sites" and seven "Future Survey Sites", but at present it is not clear what that means. Finally, there are two Technical Support sites: PSA in Bangkok, Thailand, and RESC (Regional Exploitation Support Center?) at the US Air Force base in Croughton, UK. The headquarters of the Special Collection Service (SCS) itself is in Beltsville, Maryland.

This slide was published by Der Spiegel on June 18, 2014. It shows a world map with the locations where there's a Cryptologic Support Group (CSG). These CSGs are part of the signals intelligence and cryptologic branches of the five US Armed Services (Army, Navy, Air Force, Marines, Coast Guard), which together form the Central Security Service (CSS) - the tactical part of NSA.

Cryptologic Support Groups provide advice and assistance on SIGINT reporting and dissemination and are located at all major US military command headquarters, both inside and outside the United States. The locations of Cryptologic Support Groups in 2002 were:
- STRATCOM: United States Strategic Command, Omaha
- TRANSCOM: United States Transportation Command, Belleville
- USSPACECOM: United States Space Command, Colorado Springs
- JSOC: Joint Special Operations Command, Spring Lake
- State Department, Washington
- NMJIC: National Military Joint Intelligence Center, Washington
- CIA: Central Intelligence Agency, Langley
- ONI: Office of Naval Intelligence, Suitland
- San Francisco
- FORSCOM: United States Army Forces Command, Fort Bragg
- JFCOM: United States Joint Forces Command, Norfolk
- SOCOM: United States Special Operations Command, MacDill AFB
- CENTCOM: United States Central Command, MacDill AFB
- Key West (Naval Air Station)
- SOUTHCOM: United States Southern Command, Doral
- EUCOM: European Command, Molesworth
- NAVEUR: United States Naval Forces Europe, London
- USAREUR: United States Army Europe. Wiesbaden
- USAFE: United States Air Forces in Europe, Ramstein
- EUCOM: European Command, Stuttgart
- USFK: United States Forces Korea, Seoul
- Japan
- Hawaii (United States Pacific Command)

This large number of CSG locations is one of the things that reflects the importance of NSA's military mission, which is almost completely ignored in the Snowden-reportings (the slide was published rather unnoticed as part of a batch of 53 NSA-documents)

This slide was published in Greenwald's book No Place To Hide on May 13, 2014. It shows what NSA saw as current threats in 2002, with an overlay that seems to have been added later and which lists a range of communication techniques. Greenwald says this slide shows that NSA also counts these technologies, including the Internet, as threats to the US, proving that the US government sees this global network and other types of communications technology as threats that undermine American power.*

This interpretation is rather far-fetched because in that case, pagers and fax machines would also be a threat to the US. It's obvious the list shows the means by which individuals and organisations that threaten the US can communicate - which of course is important to know for a signals intelligence agency like NSA.

The actual threats listed in the slide are:
- Hackers
- Insiders
- Traditional Foreign Intelligence
- Foreign [...]
- Terrorists
- Criminal elements
- Developing nations

This slide was published in Greenwald's book No Place To Hide on May 13, 2014. It says that NSA has alliances with over 80 major global corporations supporting both missions (i.e. Signals Intelligence and Information Assurance) and presents the names of a number of big American telecommuncations and internet companies, along with pictures of some old-fashioned communication devices.

Greenwald's book says that in the original presentation, this slide follows some unpublished ones that are about "Defense (Protect U.S. Telecommunications and Computer Systems Against Exploitation)" and "Offense (Intercept and Exploit Foreign Signals)".*

This slide was also published in Greenwald's book on May 13, 2014. It shows the three main categories of "customers" of NSA, which are government and military organizations that can request and receive intelligence reports. Besides other major US intelligence agencies, we see that NSA works for civilian policy makers as well as for military commanders, from the Joint Chiefs of Staff (JCS) and the Commanders-in-Chief (CINCs) down to tactical commanders.

Greenwald uses this slide to point to the Departments of Agriculture, Justice, Treasury and Commerce, the mentioning of which he sees as proof for an economic motive of NSA's spying operations.* Although almost all countries (try to) spy in order to get information that can be usefull for their national economic interests, Greenwald is doing as if this kind of intelligence is somehow off limits, and thereby discrediting NSA.

> See also: NSA's global interception network in 2012

Links and Sources
- National Security Agency: Transition 2001 (pdf)

June 24, 2014

Snowden-documents show no evidence for global mass surveillance

(Updated: July 15, 2014)

Earlier this month, it was the one year anniversary of the Snowden-leaks, by far the biggest disclosure ever of highly secret documents from the US National Security Agency (NSA). Edward Snowden and Glenn Greenwald are using these documents to show how eager NSA is to collect every bit of communication that travels around the world.

But by taking a close and careful look at the original slides and reports which have been published so far it comes out that they contain no hard evidence for a massive abuse of power or violation of the law, not even for the alleged mass surveillance of innocent people all over the world.

Headquarters of the National Security Agency at Fort George G. Meade
(screenshot from PBS Frontline - United States of Secrets)

No Place To Hide

Edward Snowden and Glenn Greenwald claim that NSA wants to collect, store, monitor and analyse the electronic communications of innocent citizens all over the world, which would be an unprecedented abuse of power and a violation of the American constitution. This is how the story is told over and over in numerous media reports worldwide, and also in Greenwald's book 'No Place To Hide', which was published in over twenty countries on May 13, 2014.

After a year of countless revelations, people might have expected that this book would provide a detailed and comprehensive explanation of all those confusing NSA programs, tools, and operations. But although it contains a range of new documents, these go without any proper explanation. Greenwald just uses them for picking a phrase or a number which he thinks supports his own narrative.


Both Snowden and Greenwald are acting from points of view that are based on Libertarianism, a political ideology which encompasses minimizing the influence of government and maximizing the freedom and liberties of individual citizens. They argue that state surveillance is a big evil, not at least because when people are knowing that they are being watched and followed, most of them will going to behave compliant to the existing powers all by themselves.

But for that, people first have to know that they are being monitored, and NSA actually did everything to keep the extent of its spying operations secret from the public. Only after the documents taken by Edward Snowden were published, people actually learned about how massive that spying is - through the eyes of Snowden and Greenwald.

NSA's military tasks

The Snowden-leaks of the past year learned us a lot about NSA, but there are also some important aspects that were ignored. One is the fact that NSA is a military signals intelligence agency: it falls under the US Deparment of Defense (DoD), is led by a high-ranking military officer and plays an important role in supporting the US armed forces.

For that, NSA is not only intercepting communications that are of strategic or tactical importance, but also collecting and analysing many other types of electromagnetic radiation, like from radar, which is called ELINT. All five US Armed Services have dedicated signals intelligence and cryptologic units, which together form the Central Security Service (CSS), the tactical part of NSA:

Neither Snowden, nor Greenwald, nor the vast majority of the media reports even came close to mentioning the true extent of NSA's military job. One indication that can be put together from the numbers from the BOUNDLESSINFORMANT tool is that 54% of the data that NSA collects globally comes from countries in the Middle East plus India.

Because also no NSA activities related to US military operations, like for example in Afghanistan, have been revealed, most people will now think that NSA is only spying on civilians. One of the very few exceptions was the Dutch newspaper NRC Handelsblad, which revealed how the Dutch military intelligence service MIVD cooperated with American troops in Afghanistan and helped mapping a network of Somali pirates.

One example of where the military aspect seems to have been withheld deliberately, was the revelation by The Guardian and the New York Times of the 9-Eyes and the 14-Eyes, groups in which a number of European countries closely cooperate with NSA. Later it became clear that both groups are for exchanging data and intelligence for military purposes.
On July 9, 2014, Glenn Greenwald indicated on Reddit, that it was part of the agreement with Snowden not to publish anything about Afghanistan and other military operations. This probably also led to the next misrepresentation:

NSA spying in Europe?

And then there was the case of BOUNDLESSINFORMANT, the tool used by NSA for counting and visualizing its worldwide data collection activities. Initially, Glenn Greenwald reported in various European newspapers that charts from this tool show that tens of millions of phone calls of citizens from Germany, Spain, France, Norway and Italy were intercepted by NSA.

But then, military intelligence services from various European countries declared that this interpretation was wrong and that the charts actually show metadata that were not collected by NSA, but by them. These statements are supported by the fact that the related BOUNDLESSINFORMANT charts show the DRTBox technique, which is primarily used in tactical military environments.

The metadata were derived from foreign communications in crisis zones and collected in support of military operations abroad. Subsequently these data were shared with partner agencies, most likely through the SIGDASYS system of the SIGINT Seniors Europe (SSEUR or 14-Eyes) group, which made them also available for NSA.

In the end, the disclosures about various European countries did not proof massive spying by NSA, but rather show how close European agencies are cooperating with the Americans in the field of military intelligence.

Chart from the BOUNDLESSINFORMANT tool that was released by Der Spiegel on June 18, 2014
It shows that SIGADs related to European countries are actually part of 3rd Party collection
(click to enlarge)

NSA's goals

One thing that Snowden en Greenwald are repeating over and over is that NSA wants to have all digital communications from all over the world: "Collect it All". But the evidence they present is very thin and not very convincing. According to Greenwald's book, that alleged goal is from a memo about the satellite intercept station Misawa in Japan and from a few slides about the Menwith Hill satellite station in the UK:

About the Foreign Satellite Collection (FORNSAT)
at Menwith Hill Station (MHS) in the UK

NSA Director Keith Alexander talking about FORNSAT
during a 16 June 2008 visit to MHS

Since international telecommunications shifted to undersea fiber-optic cables after the year 2000, satellite links nowadays carry only a small share. It could be possible to collect all of that, but that aim can't be applied to the entire collection effort of NSA, which is so much larger. Furthermore, if "Collect it All" really was NSA's ultimate goal, then it certainly would have been in more high-level policy documents for the entire organization - which have not been presented so far.

Strategic Mission List

The real and far more specific goals for NSA can actually be found in the 2007 Strategic Mission List (pdf). This document was revealed by The New York Times in November 2013, but got hardly any attention.

Besides the strategically important countries China, North-Korea, Iraq, Iran, Russia and Venezuela, which are enduring targets, the document also lists 16 topical missions. The most important ones are: winning the war against terror; protecting the US homeland; supporting military operations; preventing the proliferation of weapons of mass destruction by countries like China, India, Iran and Pakistan.

Some of the non-military goals for NSA are: anticipating state instability; monitoring regional tensions; countering drug trafficking; gathering economic, political and diplomatic information; ensuring a steady and reliable energy supply for the US. All these are goals that are quite common for a large (signal) intelligence agency.

Economic espionage

The US government insists that it's intelligence agencies are not spying on foreign companies for the benefit of individual American corporations: economic intelligence is only used to support policies, lawmaking and negotiations that benefit the US economy as a whole. Greenwald doesn't make that distinction, so every reference in NSA documents to economic goals is interpreted in the worst possible way.

He also tried to proof economic espionage by publishing a slide that shows the names of companies like Petrobras, Gazprom and Aeroflot. But the slide clearly says "Many targets use private networks", which indicates that NSA is focussing at specific targets, more than at the companies themselves:

Just like in many other publications based upon the Snowden-documents, conclusions are drawn from a very selective reading of a single slide, out of its context and with parts of the content redacted. Such can not be sufficient evidence for the far-reaching claims and accusations that Greenwald and Snowden are making.


For getting certainty about whether NSA conducted the unwanted economic espionage, or about the results from its eavesdropping operations are in general, we should see the end-product intelligence reports that NSA analysts write after having analysed the collected data. But apparently access to these reports is more strictly controlled, or else Snowden would have taken them too.

This indicates that NSA actually has internal access control systems that do work. Which contradicts the alleged uncontrolled access that analysts have to virtually anyone's communications - according to Snowden, who also hasn't provided any documents that proof that claim, for example by showing deficiencies of NSA's user authentication system CASPORT.

At first sight it looks very impressive that almost all documents he leaked are stamped TOP SECRET//COMINT, but inside NSA information at that classification level is actually available to virtually everyone. Really sensitive secrets are in compartments like those for Exceptionally Controlled Information (ECI) of which often not even the codeword is known.
On July 5, 2014, The Washington Post revealed that Snowden actually did had access to reports containing full internet messages that were intercepted under FISA/FAA authority and that he was able to exfiltrate some 160.000 of them. The article suggests that he was able to do this because he had authorized access to at least the RAGTIME compartment.

Some other ECI-codewords that have been disclosed are REDHARVEST (RDV) and WHIPGENIE (WPG), and also details about the scope of the STELLARWIND (STLW) control system came out.

Hacking operations

Misleading are also the press reports about NSA hacking into smartphones and computers, whether through the telephone networks, the internet or by bridging the "air gap". Without mentioning for what kind of targets these methods are used, and by using general terms like "internet users" instead of "targets", people get the idea that it can effect everyone.

This is illustrated by the story that NSA has facilities where they intercept shippings of commercial computer hardware in order to covertly install spying implants. A scary idea if NSA would do that randomly with hundreds of thousands of shipments, but as we can see in this internal report, the method is used to "Crack Some of SIGINT's Hardest Targets" - in which case it seems legitimate and proportionate:

Damaging disclosures

It may not have been that lives of American officials or specific operations have been endangered, but there's no doubt that disclosing these methods damaged NSA's ability to get access to communications which are otherwise impossible to intercept. Both friends and enemies will now check every new computer shipment and all of their sensitive existing computer and telephone systems in order to remove every piece that resembles those shown in the media.

Snowden said he doesn't want to harm the US and also not to constrain bilateral relations with other countries. But as the opposite has happened, it seems that some journalists to whom he gave his documents are not always publishing them according to his intentions.

For example, the German magazine Der Spiegel revealed details about the computer spying implants and the eavesdropping on chancellor Merkel, while Greenwald did the same regarding the presidents of Mexico and Brasil, which put their relationship with the US under severe pressure.

Similar were disclosures about the NSA eavesdropping on the communications of the UN, the European Union, a number of foreign embassies, international conferences and some large private companies. It was embarrasing for the US having these activities exposed, although it's nothing more or less than the core business of every foreign intelligence agency.

GCHQ operations

Looking at the legal framework and official tasks also helps to better understand the disclosures about the British signals intelligence service GCHQ. From various documents, it seems this agency is especially eager and agressive, like for example in collecting webcam images and planning "disruption" operations against hackers associated with Anonymous.

These activities would fit the broader mandate and the less legal restrictions which the British service has compared to the NSA. For example, GCHQ is allowed to operate domestically and assist the security service MI5 as well as law enforcement, where activities of NSA are strictly limited to foreign intelligence.

GCHQ also wants to be a major player in the field of foreign intelligence. As such it has access to 200 fiber-optic cables, and is able to intercept 46 cables of 10 gigabits per second at a time. This makes that 21 petabytes of data flow past these systems every day.

To filter and search this traffic, there's a system codenamed TEMPORA, which incorporates NSA's XKEYSCORE machines and is thereby able to preserve all content for 3 days and all metadata for 30 days in a rolling buffer. TEMPORA is concentrated at three GCHQ processing centers and is therefore 10 times larger than the next biggest XKEYSCORE site:

Explanation of the TEMPORA system used by GCHQ

NSA collection worldwide

One of the major accusations of Snowden and Greenwald is that NSA is indiscriminately gathering and storing electronic communications from all over the world. From quite a number of leaked internal documents we now have a lot more information about NSA's global interception capabilities.

They tell nothing about the tactical systems for military purposes, but we learned a lot about various ways to tap into general telecommunication channels like satellite links and fiber-optic cables, both submarine and landbased. NSA's access to them can be unilateral or in cooperation with 2nd Party partners (the WINDSTOP program) and 3rd party agencies (the RAMPART-A program).

Some numbers

From the BOUNDLESSINFORMANT tool and some other charts we know that NSA collects billions of data a day. That sounds like a huge number, but remarkably enough there was not one press report that provided numbers on the telecommunication traffic in general for comparison.

The NSA itself issued a statement (pdf) in August 2013 saying that about 30 petabytes a day pass their collection systems, which filter out and store about 7,3 terabyte. Cisco estimates that in 2013 there was some 181 petabyte of consumer web, email, and data traffic a day, which means that roughly 16% passes through NSA systems, which eventually store 0,00004% of it.


At 150 sites where NSA intercepts cables, satellites and other communication channels, the agency has installed the XKEYSCORE (XKS) system, which is able to store a "full take" of the communications that flows past, but only 3 to 5 days of content and 30 days of metadata. At some sites, the amount of data exceeds 20 terabyte a day, which can only be stored for 24 hours:

With this temporary buffer, XKEYSCORE provides NSA analysts with the opportunity to search these data for "soft selectors" like keywords and for other target related characteristics like the use of encryption, virtual private networks, the TOR network or a different language. This enables analysts to use data that otherwise would have been dropped by the front-end collection systems, this in order to find internet activities that are conducted anonymously and therefore cannot be found by just looking for a target's e-mail address.

Before XKEYSCORE was installed, there were only the more traditional systems that automatically filter out content that comes with so-called "strong selectors" like e-mail and IP addresses. This is less than 5% of the internet communications that passes NSA's front-end filters.

Both the traditional filters and the XKEYSCORE system are picking out a relatively small number of communications in a targeted and focussed way. Traffic that is not of interest is only stored for a few days and then automatically disappears as it's overridden by new data. So, although these NSA systems "see" a huge amount of data, there's certainly no "Store it All".

Entire countries

XKEYSCORE is only used for searching and analysing internet communications, but a similar function for telephone calls is available under the MYSTIC program, which was revealed on Greenwald's website The Intercept on May 19, 2014. Under MYSTIC, NSA has access to the entire mobile phone traffic of five or six countries.

But also in this case, the storage of communication data is limited to thirty days and from the networks of three countries (Mexico, Kenya and the Philippines) this only applies to metadata. Content of phone calls is only stored from two countries: from the Bahama's in order to test this system, and it's probably Afghanistan where it eventually went live.

For these countries NSA's collection effort comes close to a mass surveillance, but strangely enough, the SOMALGET program that comprises the content collection, only accounts for less than 2% of NSA's cable tapping programs, which could indicate the program is used in a very focussed way.

Bulk collection of metadata

Probably even more misleading and exaggerated are what most Snowden-stories say about the collection of metadata, which is the information needed for the technical and administrative handling of communications. This matter is important, first because NSA collects far more metadata than content, probably up to several trillion records a month.

Chart showing the volumes and limits of NSA metadata collection
(the domestic metadata collection seems to be excluded)

Secondly, the collection of metadata is even more controversial than storing contents. Not only Snowden and Greenwald, but also most civil liberties organizations say that "bulk collection" equals "mass surveillance", because analysing metadata is more intrusive and thus a bigger violation of privacy than looking at the content of phone calls or e-mail messages.

That might be correct in theory and in potential, but in reality the collection of huge amounts of data doesn't automatically mean that equal numbers of individuals are being actively tracked and traced. From the documents that have been disclosed by Snowden and from those that have been declassified by the US Director of National Intelligence (DNI), we learn that NSA uses metadata in two ways:

1. To discover new suspects through a method called "contact chaining". Starting with say the phone number of a known foreign bad guy, a specialized tool presents the numbers with he was in contact with, which by cross-referencing can point to conspirators that were previously unknown.
In 2012, NSA used 288 phone numbers as a "seed" for starting such a query in its domestic phone record database and this resulted in a total of twelve "tips" to the FBI that called for further investigation. In 2013 the number of selectors had raised to 423. This domestic collection is legally authorized under section 215 of the Patriot Act and is additionally regulated by the FISA Court, so under the existing legal framework this is not illegal spying on Americans.

2. Only for people who are identified as legitimate foreign intelligence targets, the metadata of their phone numbers are pulled from the databases to be used for creating a full "pattern-of-life" analysis. There's no evidence that NSA is randomly querying the metadata they collected for some kind of profiling without any specific lead.

Most of what we know about the domestic collection of US telephone metadata comes from declassified court orders, because Snowden hasn't revealed any internal NSA documents about this so-called Section 215 program. At least in this case, NSA seems to be able to "Store it All", even though there's no "Analyse it All".

Collection inside the US

Probably Snowden's biggest disclosure was the existance of the PRISM-program, through which NSA collects communications from major American internet companies like Facebook, Google, Microsoft and Apple. However, the initial claim that NSA had direct access to the servers of these companies proved to be misleading, and also PRISM is not used for spying on ordinary citizens, but for gathering information about a wide variety of foreign intelligence topics, like mentioned before.

Slide from the PRISM-presentation that shows NSA has no direct
relationship with communication providers - only through FBI

The disclosure that had the biggest impact on the American public was that large telecommunication providers like Verizon are handing over all their telephone records to NSA. Apparently Americans became only fully aware of this after being revealed by Snowden, as the collection of domestic telephony metadata was already revealed in 2006.

Upstream collection

Also in 2006 it was disclosed that NSA had installed intercept devices at switching stations of major fiber-optic cables inside the United States. This equipment is used to filter the phone and internet traffic, but because this was done inside the US, it looked like NSA was eavesdropping on Americans, something that is strictly prohibited.

Sensationalist headlines of many press reports following the Snowden-leaks also suggested that NSA was "listening on American phone calls" and "reading American e-mails". This however is only the case for people in the US who are known associates of terrorist groups or foreign governments.
On July 5, 2014, The Washington Post revealed that Snowden exfiltrated some 160.000 internet messages collected under FISA/FAA authority and that almost 90% of them were from persons, both American and foreign, who were not listed as a foreign intelligence target. A large number were correctly minimized and there's no evidence the overcollected messages were actually read or used, but they also weren't deleted.

The domestic cable tapping is part of NSA's Upstream collection program, which is primarily used for access to communications between foreigners or foreign targets and possible conspirators inside the US. Most surprising is probably how close the cooperation with American telecommunication companies is.

The codenames for these domestic programs are FAIRVIEW, BLARNEY and STORMBREW, and under OAKSTAR, American telecoms are providing cable intercept facilities abroad.

In filtering the traffic from these cables, it proved to be impossible for NSA to fully separate communications of approved foreign targets from those of uninvolved Americans. Up to 10.000 of the latter landed in NSA databases each year and the agency was repeatedly critized for this overcollection by the FISA Court.*

This shows that this oversight mechanism isn't the mere "rubber stamp" as Snowden and Greenwald continuously call it. The fact that the FISA Court decides behind closed doors is also not a scandalous exception, as the same applies to grand juries in ordinary crime cases.


Except for some other similar minor violations of internal rules and legal requirements, the documents published so far don't contain evidence of large scale abuse of power, mismanagement or deliberate illegal behaviour. Therefore, it seems that Edward Snowden can not be considered a whistleblower in the traditional and official sense of the word. Snowden himself said that he lacked whistleblower protection because he was just a contractor, but that's not true, as the 1998 Intelligence Community Whistleblower Protection Act (ICWPA) clearly includes contractors. Besides that, the official whistleblowing criteria won't apply to his case:

US Federal Government whistleblower
awareness poster

Of course, not everything that is legally allowed is always right, and many people don't agree with the actual scope of NSA's spying operations. Snowden additionally warns against the (future) misuse that can be made from this kind of systems in general, also in other countries worldwide. That's a legitimate cause, but a personal disagreement with current policies and practices alone doesn't constitute whistleblowing. It's rather a political and/or moral issue.


In the past year we really learned a lot about the methods and the collection programs of the NSA. But in the media, the facts that arise from the original documents have often been instrumentalized for the ideological fight between Snowden and Greenwald on one side and the NSA and the US government at the other side. Latter parties are being accused of trying to eliminate all forms of privacy, but in the documents that have been disclosed, there's no hard evidence that proofs that claim.

The documents show that NSA has a large, worldwide network of data collection systems, but these systems are not capable of collecting, let alone storing all the communications that occur all over the world. Instead, NSA tries to collect it's data as targeted and focussed as possible, in order to fulfill it's foreign intelligence tasks, many of which are of a military nature.

The NSA is trying to do this carefully and complient to the laws and the policies, although it is sometimes operating on the edge of what is legally and politically acceptable. Preventing those borders being crossed can only be done by taking a very close look at what NSA is actually doing. The documents leaked by Snowden give us some insight into that, but the myth of an agency that is able to know everything we are doing, saying, thinking and planning is just distracting.

(The conclusion about the legality of NSA's operations may have to be changed partially, as Glenn Greenwald has announced that he soon will publish details showing that NSA does eavesdrop on ordinary American citizens)

On July 9, 2014, Greenwald published his long-awaited story on his website The Intercept saying that between 2005 and 2008, NSA and FBI were monitoring five Muslim-Americans leaders. But in the original documents we once again see no evidence for the involvement of NSA, just for FBI, which is actually the responsible agency for domestic investigations. Whatever this means for what FBI is doing, it shows no illegal activities of NSA.

Links and Sources
- Blog.Erratasec.com: NSA: walk a mile in their shoes
- VillaMedia.nl: Greenwald-hype miskent de aard van spionage
- Director of National Intelligence: Statistical Transparancy Report
- Heise.de: Was war. Was wird.
- DailyKos.com: The 18 Biggest Myths of the Snowden Saga
- TheRegister.co.uk: NSA: Inside the FIVE-EYED VAMPIRE SQUID of the INTERNET
- LennartHuizing.nl: Snowden overdrijft?!? Zeg dat nog eens?
- DeCorrespondent.nl: De les na één jaar Snowden: de misstanden van de NSA zijn stelselmatig overdreven
- TheWeek.com: 13 more unanswered questions for Edward Snowden
- Newsweek.com: 16 Questions Edward Snowden Wasn't Asked
- ProspectMagazine.com: The errors of Edward Snowden and Glenn Greenwald
- ArsTechnica.com: NSA loves The Bahamas so much it records all its cellphone calls
- TheWeek.com: What Edward Snowden didn't disclose
- TheWeek.com: 10 things we've learned about the NSA over the past year
- Paul Canning: The left must challenge Greenwald
- DavidSimon.com: We are shocked, shocked...
- All the leaked documents: IC off the Record