November 5, 2014

The phones of the Dutch Prime Minister

(Updated: November 7, 2014)

With last year's news of NSA eavesdropping on the mobile phone of German chancellor Angela Merkel in mind, Dutch online media assumed it was big news that the Dutch prime minister Mark Rutte has a phone that cannot be intercepted.

As was the case with chancellor Merkel, most people do not seem aware of the fact that political leaders usually have two kind of phones: an ordinary one that is easy to intercept and a secure one, that is very difficult to tap.

That prime minister Rutte has a secure phone was said by the director for Cyber Security in a radio-interview last week. Afterwards this was seen a slip of the tongue, because the government has the policy to never say anything about the security methods they use.

But from pictures and other sources we can still get a fairly good idea of which phones, both secure and non-secure, are used by the Dutch prime minister. As we will show here, he currently has three landline and two mobile phones at his disposal, only one being a highly secure one.

Dutch prime minister Mark Rutte working at his desk, May 29, 2012
At his right hand are three desktop phones and in front of him an iPhone 4
(photo: Prime Minister @ Flickr - Click for the full picture)

Since 1982, the office of the Dutch prime minister is on the second floor of a small tower that is part of the parliament buildings and which dates back to the 14th century. In Dutch this office is called Het Torentje.

From the left to the right we see the following telephones on the desk of the prime minister:
1. Ericsson DBC212 (black)
2. Sectra Tiger XS Office (silver)
3. Unidentified office phone (gray)

First we will discuss the two phones without encryption capability and then the secure phone:

1. The Ericsson DBC212

This is a common office telephone which has been part of the internal private branch exchange (PBX) network of the Department of General Affairs for over a decade. Other pictures from rooms in the same building also show the same and similar models of this telephone series, which was made by Ericsson, a Swedish company that manufactured many home and office phones used in The Netherlands. The prime minister can use this phone for every phone call he wants to make that doesn't require encryption.

3. The gray office phone

The make and type of this phone couldn't be identified yet, but it seems to be a common office telephone too. However, this phone is most likely connected to the Emergency Communications Provision (Dutch: NoodCommunicatieVoorziening or NCV).

This is an IP-based network which is completely separated from the public telephone network. Communications over this network are not encrypted, but the switches are in secure locations and connect redundantly.

The purpose of the NCV-network is to enable communications between government agencies and emergency services when during a disaster or a crisis situation (parts of) the regular communication networks collapse. This network replaced the former National Emergency Network (Nationaal Noodnet) as of January 1, 2012 (see below).

Close-up of the phones on the desk of the prime minister in 2013
(picture: Google Street View - Click for the full picture)

2. The Sectra Tiger XS Office

The silver-colored telephone which sits in between the two other ones is a Tiger XS Office (XO). This device is capable of highly secured phone calls and can therefore be used by the prime minister for conversations about things that are classified up to the level of Secret.

The Tiger XS Office is manufactured since 2005 by the communications division of the Swedish company Sectra AB, which was founded in 1978 by some cryptology researchers from Linköping University. Sectra, which is an acronym of Secure Transmission, also has a division in the Netherlands: Sectra Communications BV.

Tiger is the brand name for their high-end secure voice products, but with everyone assuming that this refers to the exotic animal, it's also Swedish for "keep silent" (see for example: En Svensk Tiger).

Tiger XS

Although the Tiger XS Office looks like a futuristic desktop phone, it actually consists of a small encryption device which is docked into a desktop cradle with a keypad and handset. The encryption device, the Tiger XS, was originally developed for securing mobile phone communications and has special protections against tampering and so-called TEMPEST attacks.

The Sectra Tiger XS docked into the office unit
(Photo: Sectra - Click to enlarge)

The desktop unit has no encryption capabilities, but with the Tiger XS inserted, it can encrypt landline phone calls and fax transmissions, so it turns into a secure desktop telephone. The Tiger XS enables secure communications on GSM, UMTS, ISDN and the Iridium, Inmarsat and Thuraya satellite networks. When inserted into the office unit, it also works on the standard Public Switched Telephone Network (PSTN).


On its own, the Tiger XS device can be used to secure certain types of cell phones. For this, the Tiger XS is connected in between a headset (consisting of an earpiece and a microphone) and a mobile phone, to which it connects via Bluetooth. A secure connection is set up by putting a personal SIM-sized access card into the Tiger XS, entering a PIN code and selecting the person to connect to from the phonebook.

What is said into the microphone of the headset is encrypted by the Tiger XS and then this encrypted voice data go to an ordinary mobile phone through the Bluetooth connection. The phone then sends it over the cell phone network to the receiving end, where another Tiger XS decrypts the data and makes it audible again.

The Tiger XS with personal
access card and headset


At first sight it seems to be a very flexible solution: connecting a separate encryption device to common cell phones. But in reality the Tiger XS can only connect to older mobile phones which suppport the original Circuit Switched Data (CSD) channel and a Bluetooth version that is fully tested and compatible with the way the Tiger XS has to use it. Because of this, the Tiger XS is rarely used for mobile phones anymore, but mostly in combination with the desktop unit.

To restore the intended mobility, Sectra introduced the Tiger 7401 as a replacement for the Tiger XS. The Tiger 7401 is a custom made mobile telephone with TEMPEST verified design that is capable of encrypting phone calls by itself. In 2014, this new device was ordered to replace the Tiger XS for high-level officials of the Dutch Ministery of Defense.


The encryption algorithms used by the Sectra Tiger XS are secret, so we don't know whether public standard algorithms like AES and ECDH are used, or ones that are especially designed for the Dutch government, or a combination thereof. The algorithms and the encryption keys are created by the National Communications Security Bureau (Dutch: Nationaal Bureau voor Verbindingsbeveiliging or NBV), which is part of the General Intelligence and Security Service AIVD.

This bureau has approved the Tiger XS for communications up to and including the level Secret (in Dutch marked as Stg. Geheim) in 2007. In the Netherlands, there's no phone that is approved for communications at the level Top Secret (Stg. Zeer Geheim), so these matters cannot be discussed over phones that use public networks. This is different from the US, where there are secure telephones approved for Top Secret and even above.

Encrypted communications are only possible if both parties have the same key: the sender to encrypt the message and the receiver to decrypt it. This means that all people to which the prime minister needs a secure line, also have to have a Tiger XS. That's why we can see this device also on the desk of for example the Dutch foreign minister:

The desk of the Dutch foreign minister in 2013. Between the computer
and a Cisco 7965 IP phone we see the Sectra Tiger XS Office.
(photo: Ministerie van Buitenlandse Zaken - Click for the full picture)


Besides encrypting phone calls and text messages, the Tiger XS also provides user authentication, so one can be sure to talk to the right person. For the actual implementation of these features there are centrally managed user groups.

This remote management, which includes supplying up-to-date phonebooks and encryption keys for the Tiger XS devices is provided by Fox-IT, a Dutch cybersecurity company founded in 1999. Since Dutch state secrets are involved, it is considered essential that this remote management is in the hands of a trusted Dutch partner.

The partnership between Fox-IT for the management and Sectra as the supplier of the hardware was established in 2007 by the VECOM (Veilige Communicatie or Secure Communications) contract. Under this contract all Dutch cabinet members and high-level officials of their departments are provided with secure phones.


The Tiger XS has also been installed at all government departments in order to provide secure fax transmissions, for example to distribute the necessary documents for the weekly Council of Ministers meeting. Dutch embassies and military units deployed overseas probably also use the Tiger XS for securing satellite communications. For this, Sectra also made a manpack communications set which uses the Tiger XS.

The fact that the Tiger XS uses highly sensitive technology and secret encryption methods, also means that it is not possible to use this device to make secure phone calls to for example foreign heads of state. That's the reason why, as we can see in the picture below, prime minister Rutte used his standard non-secure phone when he was called by US president Obama in 2010:

Prime minister Mark Rutte talks with president Obama
In front of him is probably his Blackberry
(photo: RVD, November 2, 2010)

The mobile phones of prime minister Rutte

Besides the three landline telephones, current prime minister Mark Rutte also uses an iPhone 4 and a Blackberry. He is seen with these devices on several photos and Rutte also confirmed that he uses a Blackberry when he publicly admitted that it accidently fell into a toilet in January 2011.

The iPhone is probably his private phone, because the Blackberry is the device used by Rutte's own Department of General Affairs, as well as by other departments, including those of Foreign Affairs and Social Affairs. Blackberrys are preferred by many companies and governments because they provide standard end-to-end encryption for chat and e-mail messages through the Blackberry Enterprise Server (BES).

Prime minister Rutte showing his iPhone during
a school visit in Heerhugowaard, September 3, 2014

Blackberrys do not encrypt voice, but the Dutch computer security company Compumatica has developed a solution called CompuMobile, which consists of a MicroSD card that can be inserted into a Blackberry and then encrypts phone calls and text messages by using the AES 256 and ECDH algorithms. CompuMobile has been approved for communications at the lowest Dutch classification level (Departementaal Vertrouwelijk) in 2012, but whether government departments actually use it, is not known.

Without this security measure, phone calls from both the iPhone and the Blackberry of prime minister Rutte can rather easily be intercepted by foreign intelligence agencies, just like NSA apparently did with the non-secure cell phone of his German counterpart.

The prime minister's phones in 2006

The telephones that are currently installed in the office of prime minister Mark Rutte can be compared with those from his predecessor, prime minister Jan Peter Balkenende. From his office we have this picture, which gives a great view on the communication devices on his desk:

Former prime minister Jan Peter Balkenende (left) being interviewed
by Willem Breedveld (right) in his Torentje office, May 2006.
(photo: Werry Crone/Trouw - Click for the full picture)

In this picture we see from the left to the right the following three phones, all of them provided by KPN, the former state owned landline operator of the Netherlands:
1. Ericsson DBC212 (black)
2. Siemens Vox 415 (gray)
3. Ericsson Vox 120 (white)

1. The Ericsson DBC212

This is the same telephone which is still in use today, as we could see in the pictures above. It's a common office telephone made by the Swedish company Ericsson and which is part of the internal private branch exchange (PBX) network of the Department of General Affairs.

2. The Siemens Vox 415

The dark gray Vox 415 was an ordinary telephone from a series that was manufactured by Siemens for both home and office use. For private customers this model was sold by KPN under the name Bari 10.

This phone has no security features whatsoever, but as it is in the same place where later the Sectra Tiger XS Office sits, it seems very likely the Vox 415 was also used for secure communications.

For that, it was probably connected to a separate encryption device, maybe one that was compatible with the PNVX, the secure phone which was manufactured by Philips and used by the Dutch government since the late 1980s.

3. The Ericsson Vox 120

The Vox 120 was the business version of a telephone developed by Ericsson around 1986 and that was sold for home use under the name Twintoon. Attached to the back is a separate speaker unit so a third person can listen in to a conversation.

In the bottom left corner the phone has a black label with its extension number for the National Emergency Network (Dutch: Nationaal Noodnet or NN). This was a separate network which enabled government agencies to communicate with emergency services when the public telephone network collapsed.

The National Emergency Network was established in 1991 and was operated by KPN. It had some 5500 connections for 2500 end users, like the departments of the national government, city halls, hospitals, and local police and firefighter headquarters. As of January 2012, it was replaced by the IP-based Emergency Communications Provision NCV (see above).

Links and sources
- Background article in Dutch: De wereld van staatsgeheim geheim (2007)
- Academic paper about Secure Text Communication for the Tiger XS (pdf) (2006)
- The first version: Tiger XS Mobile security terminal (2005)

October 15, 2014

The German operation Eikonal as part of NSA's RAMPART-A program

(Updated: October 22, 2014)

Just over a week ago, the regional German paper Süddeutsche Zeitung and the regional broadcasters NDR and WDR came with a story saying that between 2004 and 2008, the German foreign intelligence service BND had tapped into the Frankfurt internet exchange DE-CIX and shared the intercepted data with the NSA. As not all communications of German citizens could be filtered out, this is considered a violation of the constitution.

Here we will give a summary of what is currently known about this BND operation and we will combine this with information from earlier reports. This will show that it was most likely part of the RAMPART-A program of the NSA, which includes similar interception efforts by foreign partner agencies. Finally, we will look at where exactly the BND interception might have taken place.

On October 20, the Danish paper Information has confirmed that the German BND operation Eikonal was indeed part of the RAMPART-A program: a document from NSA's SSO division lists an operation codenamed "EIKANOL" as part of RAMPART-A and says it was decommissioned in June 2008. Unfortunately the original document wasn't published.

The German operation Eikonal

The codename for the BND operation was Eikonal, which is a scientific German word, derived from Greek, meaning likeness, icon or image. Details about it were found in BND documents marked Streng Geheim (Top Secret), which were handed over to a committee of the German parliament that investigates NSA spying activities (NSA Untersuchungsausschuss). It's not clear whether journalists were able to read these documents themselves, or were just told about their contents.

The operation was set up in 2003 as a cooperation between BND and NSA, whith the BND providing access to the Frankfurt internet exchange DE-CIX, and NSA providing sophisticated interception equipment, which the Germans didn't had but were eager to use. Interception of telephone traffic started in 2004, internet data were captured since 2005. Reportedly, NSA was especially interested in communications from Russia.

For this, NSA provided BND with lists of 'selectors' like phone numbers and e-mail addresses. According to the testimony of an BND employee at a committee hearing last month, his co-workers pulled these selectors from an American server 2, 3 or 4 times a day and entered them into the system that does the actual interception.

The article in Süddeutsche Zeitung says that from DE-CIX, the data first went to BND headquarters in Pullach, and then to the Mangfall barracks in Bad Aibling, where BND and NSA analysts secretly worked together as the Joint SIGINT Activity (JSA, terminated in 2012). From there, there was a secure line back to NSA headquarters.

Operations center room in the former BND headquarters in Pullach
(click to enlarge)

To prevent communications of German citizens being passed on to NSA, BND installed a special program (codenamed DAFIS) to filter these out. But according to the documents, this filter didn't work properly from the beginning. An initial test in 2003 showed the BND that 5% of the data of German citizens could not be filtered out.

A review of operation Eikonal reported that a "complete and accurate" separation between German and foreign telecommunications was impossible. Also BND wasn't able to fully check this because of a lack of technical expertise.

The documents also suggest that the intelligence oversight committees of the Bundestag were not properly informed. The BND noticed at some point that the NSA searched for information about the European defence contractor EADS (now Airbus Group), the Eurocopter and French government agencies. Together with doubts about the legality of the Eikonal operation, this resulted in ending the cooperation with NSA in 2008.

Reportedly, NSA wasn't happy with that and sent its deputy director John Inglis to Berlin in order to demand some kind of "compensation": if not Frankfurt, then BND should offer access to another European fiber-optic cable. Süddeutsche Zeitung says that at that time, BND got access to a cable of "global importance", where NSA did not have access to. NSA then became a "silent partner" receiving data from this new BND interception effort.

Meanwhile, two members of the German parliamentary investigation committee, who are cleared for the BND documents about Eikonal, said that the aforementioned press reports were not always correct. According to one member, it actually wasn't BND, but NSA that ended the cooperation, apparently because the Germans were so heavily filtering the data, that the outcome wasn't of much interest for NSA anymore.


The RAMPART-A program of NSA

Those who have followed the Snowden-leaks, may have recognized that operation Eikonal is identical to cable tapping operations which are conducted under the RAMPART-A program of NSA. According to some of the Snowden-documents, this is an umbrella program under which NSA cooperates with 3rd Party countries, who "provide access to cables and host U.S. equipment".

The slide below clearly shows that such a partner country taps an international cable at an access point (A) somewhere in that country and then forwards the data to a processing center (B). Equipment provided by the NSA processes the data and analysts from the host country can then analyse the intercepted data (C) before they are forwarded to an NSA site in the US (D):

Details about NSA's RAMPART-A program were published by the Danish newspaper Information in collaboration with Greenwald's website The Intercept on June 19, 2014. The program reportedly involved five countries, and cooperation two others was being tested. In total, all RAMPART-A interception facilities gave access to 3 terabits of data every second.

The disclosed documents list 13 RAMPART-A sites, nine of which were active in 2013. The three largest are codenamed SPINNERET, MOONLIGHTPATH and AZUREPHOENIX, which by the number of records are NSA's second, third and fifth most productive cable tapping programs - which shows the importance of these 3rd Party relationships for NSA.

Eikonal (which most likely had a different NSA codename seems to be misspelled EIKANOL in the NSA document seen by Information) isn't included in these documents as they date from at least two years after this operation was ended.

The exact locations of these access points are protected under the Exceptionally Controlled Information (ECI) compartment REDHARVEST (RDV), to which Snowden seems to have had no access. Therefore we don't know which countries are participating in the RAMPART-A program, although some of the documents contain leads pointing to Denmark and Germany.

These foreign partnerships operate on the condition that the host country will not use the NSA’s technology to collect any data on US citizens. The NSA agrees that it will not use the access it has been granted to collect data on the host countries’ citizens, but one NSA presentation slide (marked NOFORN: Not for Foreign Nationals) notes that "there ARE exceptions" to this rule:

According to a 2010 briefing, intelligence collected via RAMPART-A yielded over 9000 intelligence reports the previous year, out of which half was based solely on intelligence intercepted through RAMPART-A.

More about RAMPART-A

What the reports on both websites didn't mention is that RAMPART-A is apparently focussed on collecting information about Russia, the Middle East and North Africa. This comes from Der NSA Komplex, a book about the Snowden-revelations written by two journalists from Der Spiegel. Unfortunately this book, which is much more informative than the one by Glenn Greenwald, is only available in German.

Besides 3rd Party partners giving access to cables in their own country, there's also a construction in which such a partner agency cooperates with yet another country that secretly provides access to data traffic, which is also shared with NSA. In recent years, BND and NSA conducted about half a dozen of such operations, three of which are mentioned in Der NSA Komplex:

- Tiamat (access to high-level international targets under risky circumstances. This operation had ended before 2013)*

- Hermos (in the Spring of 2012, BND got access to communication cables in a crisis zone country, but this operation had to be terminated by the end of the year when the situation almost went out of control)*

- Wharpdrive (this operation was still active in 2013, but in the Spring of that year, employees of the private company that operates the communication cables, accidently discovered the clandestine BND/NSA equipment, but the operation was rescued by providing a plausible cover story)*


Where did the tapping took place?

The best kept secret is the actual location where the BND tapping point was. Süddeutsche Zeitung reports that in the original documents the name of the provider is blacked out, but that according to insiders, it must have been Deutsche Telekom that assisted BND. The paper even says both parties signed an agreement in which the provider earned a payment of 6.000,- euros a month in return for the access.

This seems to correspond with a report broadcasted by the German television magazine Frontal 21 in July last year, saying that BND had access to the Frankfurt internet exchange through its own cable since 2009. According to an insider, this cable access was under the cover of a major German telecom provider, and it was speculated this was Deutsche Telekom.

But as some people noticed, Deutsche Telekom was not connected to DE-CIX when operation Eikonal took place. In 2008, the actual routers and switches of DE-CIX were situated in 10 data centers from InterXion, TeleCity, Equinix, Level 3, ITENOS and e-shelter. Since 2008, the distributed DE-CIX switches are interconnected through the priva|nex private fiber-optic network from euNetworks.

Diagram of the Frankfurt internet exchange point DE-CIX

Maybe before 2008 the DE-CIX switches were connected by fiber cables from Deutsche Telekom, but if not, there seems to be no way this company could have provided the BND access to the Frankfurt internet exchange. If the 6000,- euro contract really involved Deutsche Telekom, then maybe for the rent of a private cable from the tapping point to a BND site.

In response to earlier media reports, the DE-CIX management put out a press release on June 26, 2014 saying: We exclude that any foreign or domestic secret service had access to our internet exchange and the connected fiber-optic networks during the period of 2004 - 2007". It was added that DE-CIX itself doesn't operate any data centers, nor stores or processes data on its own.

This statement only speaks about the past, so it doesn't contradict the fact that the BND was recently authorized to intercept the communications from 25 internet service providers (ISPs), with their cables being tapped at the DE-CIX internet exchange, as was reported by Der Spiegel on October 6, 2013. A letter containing this authorisation was sent to the Association of the German Internet Industry, which is the owner of the company that operates the Frankfurt internet exchange.

Among these 25 providers there are foreign companies from Russia, Central Asia, the Middle East and North Africa, but also 6 German providers: 1&1, Freenet, Strato AG, QSC, Lambdanet and Plusserver, who almost exclusively handle domestic traffic.

However, Strato AG said they would never agree with such a wiretapping order and 1&1 declared they never received a letter from BND and suggests that if there's any interception this may take place in cooperation with DE-CIX Management GmbH, the organisation that operates the Frankfurt internet exchange.

This would mean that currently BND isn't tapping the whole internet exchange, but only the cables from selected providers, which is of course much more efficient. Tapping the whole exchange would probably also exceed BND's technical capabilities, as nowadays DE-CIX connects some 550 ISPs from more than 55 countries (including North Korea), including broadband providers, content delivery networks, web hosters, and incumbent operators.

If that's the case, then the actual interception could take place at DE-CIX systems, maybe at the core fiber network or the core switch. This means, BND only needs the cooperation of the DE-CIX management and the indivual providers can honestly deny that their cables are being intercepted.

According to Der Spiegel, the BND copies the data stream and then searches it using keywords related to terrorism and weapon proliferation. A BND spokesman assured the Wall Street Journal in October last year that purely domestic German traffic is neither gathered nor stored.

Simplified structure of the Internet, showing how Tier 1, Tier 2 and Tier 3 providers
transit data traffic in a hierarchial way and how Tier 2 providers exchange
traffic directly through peering at an Internet eXchange Point (IXP)
(diagram: Wikimedia Commons - click to enlarge)

In august last year, a spokesman from the DE-CIX management said that he couldn't rule out that some providers connected to the exchange would allow interception on their equipment when ordered so by their national governments.

This points to for example Level 3, a US company that has a data center which houses some DE-CIX routers. But if Level 3 would have provided access to DE-CIX, then there was no need for NSA to cooperate with BND. Also, on August 1, 2013, Level 3 gave out a press release saying that the company had not given any foreign government access to its networks in Germany in order to conduct surveillance.


Although we have no positive confirmation that Eikonal was part of the RAMPART-A program, this German operation perfectly fits the way in which foreign parters of NSA get access to important internet cables and switches and share the results with their American counterparts. In this case, NSA apparently cooperated with BND in order to get access to communications from Russia and probably also from the Middle East and North Africa that traveled through Germany.

The best kept secret is how and where such interception takes place, and we have seen that tapping the Frankfurt internet exchange DE-CIX is far more complex than it seems. This makes it difficult to pinpoint the taps, but by combining earlier press reports with the structure of the DE-CIX exchange, it seems unlikely that Deutsche Telekom was involved.

Because of the confusion about the role of Deutsche Telekom in operation Eikonal, the parliamentary investigation committee has decided to also investigate whether this company assisted BND in tapping the Frankfurt internet exchange or not. As an alternative option it's suggested that Deutsche Telekom might have just given access to its own Frankfurt backbone switch, instead of to DE-CIX - this would better fit NSA's description of what is intercepted under RAMPART-A: "International Gateway Switches; End-Point GSM Switches; Leased Internet Circuits; Internet Backbone Routers".

Links and Sources
- Codewort Eikonal - der Albtraum der Bundesregierung (2014)
- Spying Together: Germany's Deep Cooperation with the NSA (2013)
- NSA-Abhörskandal PRISM: Internet-Austauschknoten als Abhörziele (2013)
- BND lässt sich Abhören von Verbindungen deutscher Provider genehmigen (2013)
- NSA presentation: RAMPART-A Project Overview (pdf) (2010)
- About the structure of the internet: Die Bosse der Fasern (2005)

- More comments on Hacker News

September 29, 2014

NSA's Strategic Mission List

One of the most important documents that has been disclosed as part of the Snowden-leaks is also one of the least-known: the Strategic Mission List from January 2007, which provides a detailed list of the goals and priorities for the National Security Agency (NSA).

This Strategic Mission List was published by The New York Times on November 2, 2013, as one of three original NSA documents that accompanied a long report about the how NSA spies on both enemies and allies.

About the publication

On the website of The New York Times (NYT), the Strategic Mission List was published as a series of images in png-format, which made it impossible to copy or search the text. It was also difficult to print the document in a readable way. For reasons unknown, NYT is the only media-outlet that published Snowden-documents in this not very user-friendly way.

Hence I asked The New York Times whether they could provide the Strategic Mission List in the standard pdf-format, but the paper didn't reply. I also asked the author of the report, Scott Shane, but he answered that he had no access to the document anymore.

Eventually I used an Optical Character Recognition (OCR) tool to convert the images from the NYT website into a text document, conducted the necessary corrections by hand and then converted the result into the pdf-document, that is now published here and on the Cryptome website.

The Strategic Mission List

Edward Snowden and Glenn Greenwald claim that NSA has just one single goal: collect all digital communications from all over the world: "Collect it All". But this is not mentioned in the Strategic Mission List, which instead lists a range of far more specific goals, many of which are of a military nature, which is also something that lacks in the media-coverage of the Snowden-leaks.

The document describes the priorities and risks for the United States SIGINT System (USSS) for a period of 12 to 18 months and is reviewed, and where necessary updated bi-annually. The topics are derived from a number of other strategic planning documents, including the National Intelligence Priorities Framework (NIPF), which sets the priorities for the US Intelligence Community as a whole.

Note that according to the classification marking, the Strategic Mission List is only authorized for release to the US, the UK, Canada and Australia, which leaves New Zealand excluded.


The Strategic Mission List is divided into two parts. The first part includes 16 Topical Missions, which represent missions discerned to be areas of highest priority for the USSS, where SIGINT can make key contributions. The second part includes 6 Enduring Targets, which are countries that need to be treated holistically because of their strategic importance.

For both of these sections, the Strategic Mission List includes Focus Areas, the most critical important targets which are a "must do", as well as Accepted Risks, which are significant targets for which SIGINT should not be relied upon as a primary source.

Enduring Targets

The 6 countries that are listed in the Strategic Mission List as being Enduring Targets for NSA and the tactical SIGINT collecting components of the US Armed Forces are:
- China
- North-Korea
- Iraq
- Iran
- Russia
- Venezuela

Map showing the 6 nations that are Enduring Targets, as well
as countries that are 2nd and 3rd Party partners of NSA
(click to enlarge)

Topical Missions

Besides the 6 countries listed as Enduring Targets, the Strategic Mission List also includes the following 16 Topical Missions:

- Winning the Global War on Terrorism
- Protecting the U.S. Homeland
- Combating Proliferation of Weapons of Mass Destruction
- Protecting U.S. Military Forces Deployed Overseas
- Providing Warning of Impending State Instability
- Providing Warning of a Strategic Nuclear Missile Attack
- Monitoring Regional Tensions that Could Escalate
- Preventing an Attack on U.S. Critical Information Systems
- Early Detection of Critical Foreign Military Developments
- Preventing Technological Surprise
- Ensuring Diplomatic Advantage for the U.S.
- Ensuring a Steady and Reliable Energy Supply for the U.S.
- Countering Foreign Intelligence Threats
- Countering Narcotics and Transnational Criminal Networks
- Mapping Foreign Military and Civil Communications Infrastructure

We see that many of these topics are of a military nature and that also the more civilian areas of interest are quite common goals for a large (signal) intelligence agency. Although communications of ordinary civilians are accidently caught up in NSA's collection efforts, they are clearly not of interest let alone given priority.

September 15, 2014

About STELLARWIND and other mysterious classification markings

(Updated: September 15, 2014)

Last week, on September 6, the US Justice Department released a declassified version of a 2004 memorandum about the STELLARWIND program.

The memorandum (pdf) is about the legality of STELLARWIND, which was a program under which NSA was authorized to collect content and metadata without the warrants that were needed previously.

Here we will not discuss the STELLARWIND program itself, but take a close look at the STELLARWIND classification marking, which causes some confusion. Also we learn about the existance of mysterious compartments that point to some highly sensitive but yet undisclosed interception programs.

Classification marking of the 2004 DoJ memorandum about STELLARWIND

The redacted markings

The first thing we see is that two portions of the classification marking have been blacked out:

1. The redacted space beween two double slashes

This is very strange, because according to the official classification manuals, there cannot be something between two double slashes in that position (see the chart below). The classification level (in this case: Top Secret) has to be followed by the Sensitive Compartmented Information (SCI) control system (here: COMINT).

But as the US classification system is very complex, there are often minor mistakes in such classification lines. If we assume there was a mistake made here too, then the first term that has been blacked out could be another SCI compartment, which had to be followed by just a single slash (for example HCS for HUMINT Control System would fit the redacted space, although that marking itself isn't classified).

If there was no mistake, however, and the double slash is actually correct, then it would be a complete new category which isn't in the (public) classification manuals. This reminds of the UMBRA marking, which also appeared unexpectedly between double slashes in a classification line.

Overview of the categories and formatting for the US classification and control markings
From the Intelligence Community Classification Manual 6.0 from December 2013
(click to enlarge)

2. The redacted space directly after STELLARWIND

The second redaction starts right after the last letter of "STELLARWIND", thereby carefully hiding the category of the redacted marking, which is determined by how it is separated from the previous term. This could be by a slash, a double slash, a hyphen or a space, each indicating a different level.

In this case, the most likely option is that "STELLARWIND" is followed by a hyphen, which indicates the next term is another compartment under the COMINT control system, equal to STELLARWIND.

Classification manuals say there are undisclosed COMINT compartments which have identifiers consisting of three alphabetical characters. This would fit the redacted space as it would read like: "COMINT-STELLARWIND-ABC".

This undisclosed compartment probably also figured in some other declassified documents, where it sometimes seems to be accompanied by a sub-compartment which is identified by three numeric characters, like for example in this and this declaration where the marking could read like "COMINT-ABC 678":

Classified declaration of NSA director Alexander, April 20, 2007.

Looking at what was redacted in portions of both documents which were marked with this mysterious compartment, it seems that it's about at least two highly sensitive intelligence sources and methods. For example, pages 31-32 of this declaration (pdf) suggest that this might be obtaining metadata from specific telecom companies and search them for members or agents of particular target groups.

Classified declaration of Director of National Intelligence John Negroponte, May 12, 2006
TSP = Terrorist Surveillance Program; HCS = HUMINT Control System
Note that TSP and HCS are also between double slashes
(click to open the full document in pdf)

Markings with the mysterious undisclosed COMINT compartments weren't found on any of the Snowden-documents, but only on those that were declassified by the government, so it seems that Snowden had no access to information protected by these particular compartments.

The marking TSP (for Terrorist Surveillance Program), which is in some of the examples shown above, was used instead of STELLARWIND in briefing materials and documents intended for external audiences, such as Congress and the courts.


So far, we looked at the two parts of the classification marking that were blacked out. But now we also have to look at the STELLARWIND marking itself, which wasn't redacted, but still causes confusion.

The classification marking of the 2004 memorandum of the Justice Department says "COMINT-STELLAR WIND" and according to the official formatting rules, this means that STELLARWIND would be part of the COMINT control system.

Note that the same memorandum had already been declassified upon a FOIA request by the ACLU in 2011, but in that version (pdf) the codeword STELLARWIND was still blacked out from the whole document. Both documents are compared here.

Classification marking of the 2004 DoJ memorandum about STELLARWIND

As COMINT is a control system for communications intercepts or Signals Intelligence, this seems to make sense. But what is confusing, is that the internal 2009 NSA classification guide (pdf) for the STELLARWIND program, which was disclosed by Edward Snowden, says something different.

Initially this guide calls STELLARWIND a "special compartment", but from the marking rules it becomes clear that it is treated as an SCI control system. Accordingly, the prescribed abbreviated marking reads: "TOP SECRET // STLW / SI // ORCON / NOFORN". In this way we can see STELLARWIND in the classification line of the following document:

Classification marking of a 2013 classified declaration (pdf) of DNI James Clapper
which was declassified on May 6, 2014
(click to enlarge)

In this document and also in a similar declaration (pdf) from 2013, the reason for the STELLARWIND classification is explained as follows:
"This declaration also contains information related to or derived from the STELLARWIND program, a controlled access signals intelligence program under presidential authorization in response to the attacks of September 11, 2001. In this declaration, information pertaining to the STELLARWIND program is denoted with the special marking "STLW" and requires more restrictive handling."

STELLARWIND is also being treated as a control system in the 2009 draft report about this program written by the NSA Inspector General, although its classification line is also somewhat sloppy: there are double slashes between STLW and COMINT (should just be a single one), and only a single one between COMINT and ORCON (where there should have been double slashes as both are from different categories):

Classification marking of the 2009 report about
STELLARWIND by the NSA Inspector General
(click to read the full document)

Throughout this document, the portion markings are also not always consistent. Most of them are "TS//SI//STLW//NF", but one or two times "TS//SI-STLW//NF". But as this report is a draft, it's possible that these things have been corrected in the final version, which hasn't been disclosed or declassified yet.

The 2009 Inspector General report about STELLARWIND was one of the first documents from the Snowden-leaks to be published, and it still is one of the most informative and detailed pieces about the development of NSA's interception efforts since 9/11.


In the end, it doesn't make much difference whether STELLARWIND is a control system on its own, or a sub-system of COMINT, but it is remarkable that for such an important program, the people involved apparently also weren't clear about it's exact status and how to put it in the right place of a classification line.

More important though is that the declassified documents show that besides the STELLARWIND program, there's at least one COMINT-compartment with at least one sub-compartment that protect similar or related NSA collection efforts which are considered even more sensitive, but about which we can only speculate.

September 4, 2014

NSA's Foreign Partnerships

(Updated: November 16, 2014)

For fulfilling its task of gathering foreign signals intelligence, the National Security Agency (NSA) is cooperating with partner agencies from over 35 countries all over the world.

These relationships are based upon secret bilateral agreements, but there are also some select groups in which intelligence information is shared on a multilateral basis, like the SIGINT Seniors Europe (SSEUR), the SIGINT Seniors Pacific (SSPAC) and the Afghanistan SIGINT Coalition (AFSC).

Until recently, very little was known about these foreign relationships, but the Snowden-leaks have revealed the names of all the countries that are cooperating with NSA. This made it possible to create the following graphic, which also shows various multilateral intelligence exchange groups, which will be discussed here too.

Nations with 2nd and 3rd Party status and those who are
members of the SIGINT Seniors Europe (SSEUR) and NATO
(click to enlarge)


2nd Party Partners

The closest cooperation is between NSA and the signals intelligence agencies of the United Kingdom, Canada, Australia and New Zealand. Formally this is based upon bilateral agreements, the first being the UKUSA-Agreement from 1946, but soon the group got a multilateral character, which means partners can exchange information among the other members too (as far as there's a "need to know")

The five partners under the UKUSA-agreement, commonly called the Five Eyes, agreed that they would follow common procedures for operations and reporting, and also use the same target identification systems, equipment, methods and source designations. They would not only share end reports and analyses, but also most of the raw data they collect.

As a kind of gentlemen's agreement it is supposed that the Five Eyes countries are not spying on each other, although some of the documents from the Snowden-leaks show that at least NSA secretly keeps that option open.


Five Eyes

United States
United Kingdom
New Zealand
Four Eyes

United States
United Kingdom

Three Eyes

United States
United Kingdom


Despite the very close and longstanding relationship between the Five Eyes partners, two sub-groups have been formed for specific military operations in which not all five partners participate. These sub-groups are designated Four Eyes (abbreviation for classification purposes: ACGU) and Three Eyes (TEYE).

> More about The 5, 4 and 3 Eyes

For maintaining these extensive relationships, NSA has representatives in each Second Party country. These are called Special US Liaison Officer (SUSLO), followed by the name of the nation's capital. So for example the NSA representative in Britain is the Special US Liaison Officer, London (SUSLOL) and the one in Canada the Special US Liaison Officer, Ottawa (SUSLOO).

Likewise, the other Five Eyes countries have a representative at the NSA headquarters. These are called Special UK Liaison Officer (SUKLO), Special Canada Liaison Officer (SCALO), Special Australia Liaison Officer (SAUSLO), and Special New Zealand Liaison Officer (SNZLO).

Slide from an NSA presentation titled 'Foreign Partner Review' from
fiscal year 2013, showing the 2nd and 3rd Party partners
and some coalition and multilateral exchange groups.
Published in No Place To Hide, May 13, 2014.


3rd Party Partners

One step below the 2nd Party partnerships, there's cooperation between NSA and (signals) intelligence agencies from countries who are called 3rd Party partners. This is based upon formal agreements, but the actual scope of the relationship can vary from country to country and from time to time. Details about the cooperation between two countries are laid down in Memorandums of Understanding (MoU).

For the US, this kind of cooperation is useful because foreign agencies can have better access to high-priority targets because of their geographic location, or they could have a specific expertise on certain areas, or just simply because they have a better knowledge of the local situation and language.

The foreign partner agencies are mostly interested in American technology, money and access to the worldwide interception capabilities of NSA and its Five Eyes partners. This makes these 3rd Party partnerships especially attractive for smaller countries, for whom it means a sometimes substantial increase of their otherwise limited capabilities.

One big difference with the countries from the 2nd Party category is that 3rd Party partners do spy upon each other, and many of the Snowden-documents have shown this. From these documents we also learned that in 2013, there were 33 countries with 3rd Party status:







(19 countries)


Czech Republic






South Korea


3rd Parties
(33 countries)

Czech Republic


Saudi Arabia
South Korea










South Korea


The countries in the column under "CNO" are from a list which is in an undated NSA document about collaboration regarding Computer Network Operations (CNO). The document was first published on October 30, 2013 by the Spanish paper El Mundo and classifies cooperation on four different levels, which was also explained by The Guardian.

The first level is called "Tier A - Comprehensive Cooperation", which comprises Britain, Australia, Canada and New Zealand. A second group, called "Tier B - Focused Cooperation" includes the 19 mostly European countries listed above. A third group of "Limited cooperation" consists of countries such as France, Israel, India and Pakistan, and finally a fourth group is about "Exceptional Cooperation" with countries that the US considers to be hostile to its interests.

In May 2014, the list with the "Tier A" and "Tier B" countries was also published in Greenwald's book No Place To Hide, where he ignores the fact that the document was about CNO cooperation and simply assumes that the "Tier B" countries are the same as those with 3rd Party status.*

Map showing the 2nd Party and 3rd Party partners of NSA
(click to enlarge)


The representatives of NSA in major Third Party countries are called Special US Liaison Advisor (SUSLA), followed by the name of the country. So for example the NSA representative in Germany is the Special US Liaison Advisor, Germany (SUSLAG).

The office staff of such an advisor is called the Special US Liaison Activity (also abbreviated as SUSLA), and for example the SUSLA Germany had 18 personnel (12 civilians and 6 contractors) in 2012, a number which was to be reduced to 6 in 2013.*

It is not clear whether the various Third Party agencies also have a representative at NSA headquarters and if so, what their title is. At NSA these relationships are managed by the Foreign Affairs Directorate (FAD), which has a Country Desk Officer (CDO) for every country or region that matters.

Multilateral groups

Although the Third Party relationships are strictly bilateral, some of these countries have also worked very close with each other for a long time. This has been formalized into a few multilateral groups in which intelligence is exchanged not only between one particular country and the US, but also among all other participants. Besides NATO, the following three SIGINT sharing groups are known:

- SIGINT Seniors Europe (SSEUR)
This group consists of the Five Eyes and nine European countries: France, Germany, Spain, Italy, Belgium, the Netherlands, Denmark, Norway and Sweden. Except for Sweden, all are NATO members. After the number of countries, the SSEUR are also called 14-Eyes.
The "Seniors" refers to the heads of the participating military or signals intelligence agencies, who in this group coordinate the exchange of military intelligence according to the needs of each member.
There's also a SIGINT Seniors Europe Counter Terrorism (SISECT) coalition* and in 2013, NSA encouraged GCHQ to host the permanent facility for the joint SSEUR collaboration center.*

> More about the SIGINT Seniors Europe

- SIGINT Seniors Pacific (SSPAC)
There's a similar group for multilateral exchange of military intelligence among some 3rd party nations from the East Asia/Pacific Rim region. Besides the members of the Five Eyes, the SIGINT Seniors Pacific include Singapore, South Korea and most likely Japan and Thailand. Probably one other country is participating too, making this group also being identified as the 10-Eyes.

> More about the The 6, 8 and 10 Eyes

- Afghanistan SIGINT Coalition (AFSC)
According to an NSA paper from 2013, this group consists of the same 14 countries as the SSEUR and is aimed at sharing Afghanistan-related intelligence reports and metadata among its participants. At the time of the paper, each AFSC-member was responsible for covering a specific area of interest, maybe corresponding to the region in Afghanistan where they had troops deployed.

Snowden and Greenwald agreed not to publish about NSA's involvement in Afghanistan, but the German book about the Snowden-leaks, Der NSA Komplex, reveals that the 14 AFSC-members cooperated closely in decrypting and analysing mobile communications and have a dedicated data center codenamed CENTER ICE for exchanging this kind of intelligence.*

This makes it likely that much of the metadata that various European countries shared with the US, mistakenly presented by Glenn Greenwald as NSA spying on European citizens, was collected as part of this Afghanistan SIGINT Coalition.

A new multilateral intelligence sharing group seems to be the SIGINT Support to Cyber Defense (SSCD) initiative, which consists of a number of countries that together establish an early-warning system to defend themselves against cyber attacks. Its existance was first mentioned on May 8, 2014 in a speech by the president of the German intelligence service BND, which is also cooperating in the SSCD.
The SSCD will use traditional SIGINT methods to inspect data packets for things like malicious code so these can be eliminated pro-actively. It's not known which countries are participating, except for Germany and, most likely, the Five Eyes.

Links and Sources
- NSA document about Foreign Relations Mission Titles
- About Canada and the Five Eyes Intelligence Community (pdf)
- Duncan Campbell, Echelon and its role in COMINT