Pacific Connection(英語)

Echelon, Eavesdropping and Encryption

In 1946, the United States and four other English-speaking countries entered into a pact known as the UKUSA Communications Intelligence Agreement. World War II had ended, the Cold War had begun, and the pact represented a change of tactics---away from bombs and bullets and toward intelligence gathering. It was the period chronicled by novelist John LeCarre and his overweight, worn-down spy, George Smiley. But it was also a period in which the de-encryption technologies that broke the code of the German Enigma cipher machines would reach new levels of sophistication. This work, known as signal intelligence, or "Sigint," doesn't have the glamour of a spy novel, but its impact, especially on civilians, is potentially much greater.

At its formation, UKUSA linked five intelligence agencies: the United States' National Security Agency (NSA), the United Kingdom's Government Communications Headquarters, Canada's Communications Security Establishment, Australia's Defense Signals Directorate, and New Zealand's Government Communications Security Bureau. Since then, a broader alliance has grown around this core group, including Japan, Germany, Norway, South Korea and Turkey.

"Over the years, the UKUSA partnership would develop into a unique supernational body, complete with its own laws, oaths, and language, all hidden from public view," writes James Bamford, in his book Body of Secrets: Anatomy of the Ultra-Secret National Security Agency, one of the most recent and complete accounts of the America's most secret intelligence agency. "As a sovereign nation has a body of laws, so UKUSA has a body of secrets."

Signal gathering has come to mean the interception of satellite signals. Spy satellites are launched, they intercept the transmissions of other satellites, and beam them to earth. Listening posts around the world plow through the raw data, with analysts producing reports on behalf of intelligence officers, who, in effect, are the customers. According to Bamford, the UKUSA partnership has grown significantly since its inception. A computer network hosted at NSA headquarters in Fort Meade, Maryland links some 50 member-operated systems, with an application, "developed to turn the partners' worldwide Sigint operation into a unified whole. Agencies would be able to submit targets to one another's listening posts and, likewise, everyone would be allowed to share in the take---to dip their electronic labels into the vast cauldron of intercepts and select what they liked. The software package that established this was code named Echelon."

Among insiders, Echelon may still refer to that distribution package. But for the observers following the cookie crumbs of Sigint activity, the name has taken on a broader meaning: referring to the entire hardware/software network, or even more broadly, to the entire enterprise of intercepting international electronic civilian communications.

Signs of Echelon's existence

Does Echelon really exist? While the National Security Agency does have a web page, it is, not surprisingly, secretive about its activities. The first mention was a 1988 report called Somebody's Listening, in the British publication New Statemen, by investigative journalist Duncan Campbell. He described the Echelon system of the time at Menwith Hill, near Yorkshire, England, as operating on more than a dozen Digital Equipment Corp. VAX computers. A more extensive report on Echelon was found in the 1996 book Secret Power: New Zealand's Role in the International Spy Network by Nicky Hager. Then in 2000, a government body reported on Echelon's existence. The European Parliament issued a report "On the Existence of a Global System for the Interception of Private and Commercial Communications." It is the most comprehensive public document on Echelon and its ramifications.

The report names 20 listening posts---locations where transmissions are intercepted from telecommunications satellites. These include Yakima, Washington and Sugar Grove, West Virginia; Menwith Hill and Morwenstow in England, and Misawa Air Base on the northern tip of Honshu. Other stations are in Puerto Rico, New Zealand, Hong Kong, Canada, and Germany. The signals these stations intercept are voice traffic, e-mail and other data transmissions sent via satellites between continents. Bamford writes that a single Intelsat 707 satellite launched into geostationary orbit above west Africa can monitor transmissions throughout Europe, Africa and Asia. Data is intercepted in the Cornwall region of England, with the channels considered to have the most value "posted" onto Echelon for broader consumption.

The Misawa post was established in 1948 and is jointly operated by Japan and the U.S. "The site houses around 14 satellite antennae, some of which have a diameter of roughly 20 m (estimate)," says the European Parliament report. "Officially, Misawa acts as a 'cryptology operation centre'." Targets for the Misawa post, according to Bamford, include Iran, China and North Korea. He describes the facility as looking like a "soccer field for giants. Fourteen large radomes, like mammoth soccer balls, sit on a stretch of green. Nearby is an elephant cage antenna, over 100 feet tall and nearly a quarter-mile wide." Collected signals are sent into a windowless building known as the Misawa Cryptological Operations Center that houses both civilians working for the NSA and 1800 military specialists.

To make this intelligence available to analysts, Echelon designers have borrowed heavily from the Web, and NSA gets credit for adapting a sensible civilian invention rather than trying to re-invent it. Bamford tells of one analyst for a US federal agency, who described how the "Intelink" system works from the user's perspective. Each morning, the analyst would click to his NSA website from a computer that was isolated from the public Internet, and look at the categories for which he had set key words. These intercepts were arranged by subject line, much as you might see incoming mail. When he clicked on a subject line, he could read an analyst-written report based on the raw intercepts collected at the listening posts. The process resembles that of following a company or news story on, say Yahoo!'s financial service by setting up key phrases.

"Connected through a system of highly secure and encrypted cable networks, Intelink allows NSA's techno spies and analysts to surf through secret home pages and databases," writes Bamford. "Within seconds they can download everything from the latest intercepts on Chinese submarine activity off the Paracel Cap and Spratley Islands to satellite imagery and video footage of Pakistani tank movement near Kashmir." Customers like the system because it allows them to search interactively, rather than waiting for reports to be delivered by the NSA's van, known as the "pizza truck."

Counter-terrorism vs. privacy intrusion

By definition, a surveillance system monitoring international communications is going to retrieve private correspondence from ordinary citizens, as well as business-to-business correspondence: most of it legal, routine, and mundane. This fishing expedition has still hauled in some big catches---like tracking Osama bin Laden through the use of his satellite phone. But it has also made seemingly private communications open to interception. Anyone sending e-mail abroad has got to at least consider the possibility that an agent sitting in some cubicle is intercepting the message, evaluating it, and perhaps even misunderstanding its intent.

Bamford argues that the danger of Echelon and the network behind it is not, as some have said, theft of corporate trade secrets. Rather it is the fundamental right of human privacy. The ability of agencies to store information is essentially unlimited, and this information can be stored for longer than a person's lifetime. The problem is that while the highest of high technology collects this information, ultimately it is fallible human beings who must interpret it and, being fallible, even the most skilled analysts sometimes get it wrong. "As permanent as India ink," Bamford writes, "a black mark may remain associated with a person forever. He will never be told how he was placed on a customs blacklist, who put him there, why he lost a contract---or worse."

Bamford illustrates the potential risk to innocent people by citing an intercepted exchange between the government of Iran and a French company called Microturbo, which produces, among other things, high precision turbojet engines. Iran wanted the engines to develop its own version of the Cruise missile, and communication between the two parties indicated a deal worth more that $1.4 million. But was the deal for "generators" as the intercepted faxes indicated? Or were they turbojets disguised as generators? Perhaps caught in the middle was the Microturbo salesman, whose name was propagated throughout the intelligence community. Had the he been a citizen of one of the UKUSA partners, his name would have been deleted from the report. But France is not a member and so his name was sent to law enforcement agencies throughout the world. And then what? If the salesman tried to enter the U.S. or Britain, says Bamford, he might "have been refused without explanation. Maybe he could have even been arrested....As government surveillance technology becomes even more pervasive the risks to individual rights grow proportionately."

It's easy---too easy---to get paranoid about this kind of thing. In the concluding scene of Frances Ford Copola's film The Conversation, Gene Hackman's character, a surveillance expert named Harry Caul searches for a hidden microphone in his apartment and winds up trashing the place without ever finding it. Caul's problem is that he knows too much, and the rest of us are susceptible to the same disease.

Jeffrey Richelson, a researcher at the National Security Archives at George Washington University, says that there are chinks in the surveillance armor---a curse if you believe that signal intelligence is the key defending against terrorists acts, a blessing if you fear the loss of privacy in everyday life. Perhaps the biggest challenge is in trying to separate the useful intelligence from the growing deluge of conversations around the globe. The enormous volume of signals in the age of communications means that not every signal transported by satellite can be intercepted, let alone stored and analyzed. The limits are even more pronounced for voice traffic than for text, where voice recognition technology has lagged behind. Richelson also believes that the NSA has not stayed on the leading edge of technology. Encryption technology, available for free over the Internet, has outpaced the number crunching ability of de-encryption software and processing speed. The move to fiber optics has introduced a medium much harder to tap than satellite transmission.

Whether you believe these impediments to intelligence are a good development or a bad one depends in part on how secure you feel, versus your concern for privacy. Before the events of September 11, Americans as a whole fretted about the 21st century equivalent of George Orwell's Big Brother.. But after the World Trade Center towers fell, some accused the intelligence community of a gross negligence in failing to uncover the scheme, hatched, it seemed, right under their noses.

Last year, President George W. Bush signed into law the "Patriot Act*," a far-reaching law that, among other things, broadened the government's ability to conduct surveillance. (*In the U.S., naming things has become a political tactic. The "estate tax" is known as the "death tax," anti-abortion is known as "pro-life," and "an act to deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and for other purposes" is known as the "USA Patriot Act." It's tough to oppose patriotism.) "This law is based on the faulty assumption that safety must come at the expense of civil liberties," said Laura W. Murphy, Director of the American Civil Liberties Union's Washington National Office, in a written statement. "The USA Patriot Act gives law enforcement agencies nationwide extraordinary new powers unchecked by meaningful judicial review." The ACLU said the act would reduce the role of judges in ensuring wiretaps are conducted properly and "permit use of intelligence investigative authority to by-pass normal criminal procedures that protect privacy."

Opposition from the ACLU is to be expected. But the issue of security versus privacy has scrambled political alliances. A spokesman for the conservative Heritage Foundation told me the group's view on the issue is hardly in full favor of domestic security. The U.S. Constitution's First Amendment, which guarantees freedom of speech still matters, he said.

Meanwhile, Alan Dershowitz, Harvard criminal law professor, defense attorney, and noted civil liberties proponent, has endorsed a national identification card---which others consider the penultimate invasion of privacy, just short of a video camera in the bathroom. The proposal was first made by Oracle billionaire Larry Ellison, whose database management system would stand to benefit. Dershowitz argues that it is better to scrape away a bit privacy of all Americans, rather than hatcheting the rights of a few targeted groups, most notably, Arab-Americans.

In light of the September 11 events, some wondered whether encryption programs were too powerful, and too available, for society's good. But Philip R. Zimmerman, who created the freeware encryption program, Pretty Good Privacy (PGP), has no regrets. Zimmerman published PGP as freeware in 1991. After the software was propagated around the world, the US launched a three year criminal investigation alleging that Zimmerman had violated US export restriction for cryptographic software. In 1996, the government dropped its case and Zimmerman productized the technology, founding PGP Inc. Network Associates acquired PGP in 1997, Zimmerman later departed, and last October the company said it would eliminate its PGP Security Division. The basic PGP program is still available for free at

After September 11th, one might imagine Zimmerman having second thoughts about the technology he created. After all, couldn't the terrorists have planned their deeds using encrypted email, thereby flying under the radar of UKUSA and its far-flung listening posts? Even if encrypted email did not contribute to the planning of this incident, couldn't terrorists planning a future act employ the technology still? Doesn't the very existence of PGP mean that the Pandora's Box is open---that whatever PGP's potential is for good, it is now indelibly a force for evil as well? That question was raised in a Washington Post story last September, which reported the U.S. government was investigating whether PGP or another encryption technology was in fact used in the planning of the September 11th attack.

But Zimmerman has written that, despite increased pressures to create a back door for government inspection, he has no regrets about developing PGP as a tough-to-crack standard. "In these emotional times we in the crypto community find ourselves having to defend our technology from well intentioned but misguided efforts by politicians to impose new regulations on the use of strong cryptography," he wrote in a piece on his own website, "I do not want to give ammunition to those efforts by appearing to cave in on my principles. I think the [Washington Post] article correctly showed that I am not an ideologue when faced with a tragedy of this magnitude. Did I reexamine my principles in the wake of this tragedy? Of course I did. But the outcome of this re-examination was the same as it was during the years of public debate, that strong cryptography does more good for a democratic society than harm, even if it can be used by terrorists. Read my lips: I have no regrets about developing PGP."

Zimmerman argues that the debate of the 1990s it was "society's collective decision" that the right to private communication through an encryption system unencumbered with government back doors was more important than the concerns of national security. "Under the present emotional pressure, if we make a rash decision to reverse such a careful decision, it will only lead to terrible mistakes that will not only hurt our democracy, but will also increase the vulnerability of our national information infrastructure."

Indeed, the European Parliament report, far from decrying encryption, endorsed it as a means of preventing another perceived danger of Echelon: industrial spying by one nation on another. It pointing out that "an unencrypted e-mail is nothing other than a letter without an envelope. The encryption of e-mails is secure and relatively straightforward and user-friendly systems, such as PGP/GnuPG, are already available, even free of charge, to private individuals on the Internet. Unfortunately, they are not yet sufficiently widely distributed. The public authorities should set a good example and themselves employ encryption as a standard practice in order to demystify the process." The report admonished businesses of all sizes to acquaint themselves of the risk and act accordingly. Presumably, the authors have not changed their minds since September 11th.

Few hard facts

But while the Patriot Act, wiretapping, encryption and the Carnivore e-mail interception program (now known as DCS1000) are all more or less in the public eye, available for dissection, Echelon remains more elusive, because the people who know the most won't confirm its existence "I'm suspicious and concerned about government activity in this area," says Lee Tien, senior staff attorney for the Electronic Frontier Foundation (EEF). "The problem is that we don't have hard facts. Foreign countries believe they are being targeted, but the fact remains, it's hard to pin things down. While the interests of Americans goes beyond domestic concerns, the legalities regarding surveillance are not that clear." Tien says that the problem, in theory, with Echelon is that it creates a gap in the law where nobody's responsible---a situation "in which country A and country B cannot legally spy on their own citizens, but can spy on each others. So they do that and then exchange the data."

Like the ACLU, the EEF has opposed the more visible Patriot Act, arguing that the government needs to make better use of the powers it already has. "Prior to September 11th, the government had tremendous power to conduct surveillances of all types-and we don't think they made a case that they needed more," Tien says. "The case can be made that you use the power you already have more effectively rather than relaxing judicial restraints. Our position is not that the government should not stop surveillance, but that the power comes with tremendous risks. And we have to be mindful of building in accountability and checks."

Tien makes the case that so-called stepped up security is not necessarily better security. Checked baggage is now being linked with passengers, and carry-ons are checked in random searches. But that means that grandmothers-who don't exactly fit the profile-are frisked while others who more closely fit the profile of a terrorist aren't scrutinized because there name wasn't called. And as Americans are finding out, security can be a messy business. At the San Francisco Airport, a man whose shoes triggered an explosive alert wandered off---either on purpose or inadvertently. Either way, officials evacuated the terminal and air traffic was delayed nationwide. Security personnel were blamed for not following procedures when they handed back the shoes.

The airport shoe incident was widely reported, and passengers at airports around the world know first-hand at least some of the security measures being taken on their behalf. They may not always encounter the machine gun toting guards I saw in India near the Pakistan border, but the random searches, metal detecting wands, and residue sniffing dogs make this anything but an undercover effort. In that respect, Echelon is different. Despite the European Parliament report and journalist descriptions, Echelon is still too covert to be a part of the public debate. It's hard to protest something you can't fully confirm.

So if you want to play it safe, assume that any international correspondence you send by fax or e-mail, as well as any international call, has an agent listening in. Use encryption software if you like, or at least use judicious language and hope that your words are not taken out of context. But don't loose sleep over it. Given the torrent of global communications and the shift toward fiber optic cable, Echelon's actual intrusion private communications is undoubtedly more perceived than real. As for any intelligence agent who may have intercepted this article as it made its way by e-mail to Japan: I hope you enjoyed it.