Web of Intrigue

Charles Stross (Computer Shopper May 2001)

Head monitor
The Echelon network has base stations in a dozen countries, including the UK installations at Menwith Hill, North Yorkshire. One component is a network of satellite stations that target telecommunication satellites used for switching telephone calls: traffic carried by intelsat’s network is monitored by Echelon ground stations. In addition to the Intelsat carriers, Echelon monitors other communications satellites, radio broadcasts and undersea cables. They are also believed to monitor point-to-point microwave transmissions (used by telcos for high-bandwidth relays). More recently, Echelon is believed to monitor all email and other internet-based communications.

Conference call
Echelon isn’t designed for eavesdropping on particular individuals. Rather, Echelon trawls through every message it consumes, looking for items of interest. Text is indexed and automatically searched in real time for keywords on a list maintained by monitoring staff: an estimated two million messages per hour are searched. It is said that Echelon was intended to provide keyword searching of voice calls using speech recognition, but that this proved extremely difficult to implement. The Echelon Dictionary computers, which carry out the keyword searches, are networked via a system codenamed Platform. This was developed in the early 1990s by the NSA, GCHQ and other collaborating organisations in UKUSA. Digests of the search results are made available to participating agencies on a daily basis.

One point of note is that Echelon has access-control mechanisms built in so that participating intelligence organisations can obtain reports only on areas for which they have been cleared. Another point is that absolutely everything is searched. Rather than tapping only the communications of suspects, Echelon reads everything.

News of Echelon broke in the late 1990s. It acquired notoriety with a report to the European Parliament that accused the US government in particular of using Echelon to spy on European companies and passing on intelligence to their American competitors. This might sound like a worthy protest, except that the EU has for some time been pursuing a similar course, steered by the FBI. In July1992, the FBI initiated talks with several allies in the form of the International Law Enforcement Telecommurncations Seminar (ILETS) including the UK, Germany, France, the Netherlands, Austria, Belgium, Portugal and Spain, along with other non-EU countries. The goal of ILETS was to agree joint policy in a document called ‘International Requirements for Interception’; sub-goals included getting standards bodies like the International Telecommunication Union (ITU) and International Standards Organisation (ISO)to build tapping facilities into new systems and getting governments to agree on monitoring across international boundaries (enabling agencies to intercept communications in other countries). The ILETS ‘International User Requirements’ document (known as IUR 1.0) was put before EU ministers, identified as an ENFOPOL document- a standard EU category for law enforcement and police matters.

This was updated in 1998 and a revised IUR standard., referred to as ENFOPOL 98, was put forward. This document added explicit standards for surveillance and monitoring of mobile phones, sateffite communications and others. When the story was leaked to the press the proposal was gutted by the German EU presidency which considered the monitoring proposals to be far too Draconian.

Over six years, the FBI managed to steer EU policy on communications interception without any political supervision. The goal was to maximise the snooping capability of law enforcement agencies without public discussion, legal advice or parliamentary scrutiny.

Moreover, Hong Kong was a member of ILETS: the surveillance infrastructure was thus being opened to the People’s Republic of China to use against overseas dissidents as well as its own people.

This is all part of an overall trend by police organisations to extend their powers of surveillance. For example, in January 1995 the Police Cooperation Working Group (an EU-wide body) received a report from the UK delegation saying that the next generation of satellite phone systems would be able to "tag each individual subscriber in view of a possibly necessary surveillance activity". Because the development of these systems was being carried out by large corporations rather than state-run telcos, it was seen as necessary to find ways of getting those corporations to cooperate in incorporating surveillance capabilities.

The mass surveillance regime brought in by the NSA and FBI didn’t run totally smoothly. While Echelon and other surveillance systems (such as Carnivore and the proposed NCIS system required under the Regulation of Investigatory Powers Act) can operate efficiently against unencrypted communications, encrypted messages stick in their throat. Since 1990 the use of strong encryption has mushroomed. For this we have to thank the cypherpunks.


ISPy for the FBI

The fourth and most serious threat is from your own ISP. Under the terms of new legislation, it might be snooping on you on behalf of the police — in the UK, the police in the form of the National Technical Assistance Centre, which is there to spy on you. The NTAC will be operated by the National Criminal Intelligence Service (NCIS)on behalf of the Home Office. Its job will entail running a Carnivore-like system for scanning all email traffic passing through certain ISPs and forwarding the results of search warrants to the police forces that requested them. A ‘black box’ will be placed in the target ISP’s data centres, which will snoop on traffic running over its network backbone. The design of the black box hasn’t been finalised, but we can get an idea of its capabilities by looking at the FBI’s Carnivore system (recently renamed ‘DCS 1000’ because it sounds less scary).

Carnivore was developed by the FBI during 1999 and 2000. The system consists of a powerful server running Windows 2000 and some custom software. It sits on the ISP’s network backbone and promiscuously acquires all packets heading in or out of its SMTP mail servers. It can communicate with an ISP’s Radius server to acquire the IP address temporarily allocated to a user who has just logged in. It can then log either who they’re communicating with or the entire contents of their communications. It’s not clear how the FBI would harvest data from a Carnivore server, but presumably it would access it via an encrypted session (using something like SSH). Carnivore servers are clearly going to be primary targets for ambitious hackers (want to read everybody else’s email? You know where to go!) and it’s unclear whether they harvest information much more widely than a narrow pen register or wiretap warrant would allow.

There are several ways around a Carnivore-type system but all of them are annoyingly tricky to set up. One option is to take up a mail account with a foreign company that can support encrypted connections: for example, by tunnelling the Pop-3 protocol over SSH you can wrap your email downloads in a shroud of encryption. However, this sort of thing doesn’t prevent any mail you send to correspondents with accounts in a monitored country being snooped on. It’s also inconvenient to use. If you want true anonymous communications, your best bet is an unregistered pay-as-you-go mobile phone, purchased for cash at a car boot sale. This technology has really got the police worked up, and with good reason — it can be tapped easily, but first they have to figure out which phone you’re using.